1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-09 00:00:04 +01:00
Commit graph

134 commits

Author SHA1 Message Date
Andy Green
0fda90c40a ws-server-threads-smp: modernize 2021-10-05 07:40:03 +01:00
Andy Green
4db2ff872b cose: keys and signing + validation
Support for COSE keys and signing / validation

 - lws_cose_key_t and import / export / generation apis for EC / RSA / SYMMETRIC

 - cose_sign1 ES256/384/512,RS256/384/512 sign + validate, passes RFC8152 WG tests sign1-tests
 - cose_sign  ES256/384/512,RS256/384/512 sign + validate, passes RFC8152 WG tests sign-tests
 - cose_mac0  HS256/HS256_64/384/512      sign + validate, passes RFC8152 WG tests hmac-examples
 - cose_mac   HS256/HS256_64/384/512             validate, passes RFC8152 WG tests hmac-examples

 - lws-crypto-cose-key commandline tool for key / key set dumping and
   creation
 - lws-crypro-cose-sign commandline tool for signing / validation

 - lws-api-test-cose - large number of test vectors and tests from RFC8152
2021-08-31 05:45:35 +01:00
Andy Green
dcaa0013b4 lecp: add CBOR stream parser LECP like JSON LEJP
This provides very memory-efficient CBOR stream parsing
and writing.

The parser  converts pieces of CBOR into callbacks that define
the structure and collate string and blobs into buffer chunks
for extensible and easy access.

It is fragementation-safe and does not need all the CBOR in
the same place at one time, chunks of CBOR are parsed and
discarded as provided.

It does not allocate and just needs a few hundred bytes of
stack for even huge CBOR objects.  Huge strings and blobs
are handled without needing memory to hold them atomically.

Includes ./minimal-examples/api-tests/api-test-lecp that
unit tests it against 82 official example CBORs and
26 additional test vectors from COSE (just checking the CBOR
parsing).

The writing apis allow printf style semantics with a variety
of CBOR-aware %-formats.  The apis write into a context that
manages output buffer usage, if the output buffer fills,
then the apis return with an AGAIN code that lets you issue
and reset the output buffer and repeat the api all to issue
more output.  The subsequent calls can occur much later or
from a different function context, so this is perfect for
WRITEABLE-mediated output from the network parts of lws.

See ./READMEs/README.cbor-lecp.md
2021-08-21 17:44:40 +01:00
Yichen Gu
b31c5d6ffe http: cookies: support cookie jar in and out 2021-08-21 17:44:40 +01:00
Andy Green
b67d192100 lws_map 2021-08-21 17:44:40 +01:00
Andy Green
243c21deac ss: add fault injections in creation
Add 9 fault injection cases in SS creation flow, and 5 of those
instantiate in the minimal examples ctests.  The other 4 relate
to static policy and server, I tested the server ones by hand.

These tests confirm the recent change to unpick create using
lws_ss_destroy.
2021-08-16 08:07:35 +01:00
Andy Green
31dc6f0410 docs: event loops intro 2021-08-09 17:31:16 +01:00
Andy Green
ee510154a0 fi: wsi: fault to fake peer hangup after a delay range
Example usage, client

$ valgrind ./bin/lws-minimal-secure-streams-stress-client -c 4 --budget 40

proxy

$ valgrind ./lws-minimal-secure-streams-proxy --fault-injection "ss=mintest/wsi/timedclose(20%),ss=mintest/wsi/timedclose_ms(0..100)"
2021-07-04 10:29:54 +01:00
Andy Green
36e7e8af78 fault injection: pseudorandom 64-bit range support
This adds an api allowing fault injection path implementations to get hold
of pseudo-random numbers between an externally-provided range.

You can set it using, eg, --fault-injection "f1(10%),f1_delay(123..456)"
while f1 shows how to decide whether to inject the fault and f1_delay
provides a pseudo-random number between the two values for the fault
implementation code to use.
2021-07-04 10:29:54 +01:00
Andy Green
8e76634ed3 logs: introduce log_cx 2021-07-01 05:20:53 +01:00
Andy Green
2f9bb7a30a tls: JIT Trust
Add support for dynamically determining the CAs needed to validate server
certificates.  This allows you to avoid instantiating > 120 X.509 trusted
CA certs and have them take up heap the whole time.

Works for both openssl and mbedtls.

See READMEs/README.jit-trust.md for the documentation

You likely want the next patch for http redirect enhancements as well.
2021-06-22 15:55:29 +01:00
Andy Green
b25079c4b4 lws_cache_ttl 2021-06-22 15:55:29 +01:00
Andy Green
ad3aa5339e TCP_FASTOPEN 2021-05-25 08:13:13 +01:00
Catalin Raceanu
cf867faa46 tls: client: session cache synthetic cb 2021-04-29 20:03:41 +01:00
Andy Green
1367c11e1e v4.2.0 release 2021-04-15 17:44:02 +01:00
Andy Green
24abd699f6 http: parser: straighten out %00 legality
https://github.com/warmcat/libwebsockets/issues/2262

This adds a README explaining what can be expected if your URLs contain
%00, and adds a safe helper for urlargs-by-name that is length-based.

Contains fix for extra NUL on some headers

https://github.com/warmcat/libwebsockets/issues/2267
2021-04-10 09:21:33 +01:00
Daniel Austin
b153305506 doxygen: add extra top level page pointers
https://github.com/warmcat/libwebsockets/issues/2263
2021-04-06 08:24:19 +01:00
Andy Green
51490ae6e6 Fault injection
add lws_xos: xoshiro256 PRNG
2021-04-05 10:55:04 +01:00
Andy Green
7451702722 tls-sessions: serialization 2021-04-04 05:45:53 +01:00
Andy Green
06509e287d lws_conmon: connection monitoring and stats generation
This provides a build option LWS_WITH_CONMON that lets user code recover
detailed connection stats on client connections with the LCCSCF_CONMON
flag.

In addition to latencies for dns, socket connection, tls and first protocol
response where possible, it also provides the user code an unfiltered list
of DNS responses that the client received, and the peer it actually
succeded to connect to.
2021-03-17 07:31:49 +00:00
Andy Green
3f4623bb36 lws_metrics
There are a few build options that are trying to keep and report
various statistics

 - DETAILED_LATENCY
 - SERVER_STATUS
 - WITH_STATS

remove all those and establish a generic rplacement, lws_metrics.

lws_metrics makes its stats available via an lws_system ops function
pointer that the user code can set.

Openmetrics export is supported, for, eg, prometheus scraping.
2021-03-08 21:47:28 +00:00
Andy Green
fecf496ef9 docs: more details on ctest buddies 2021-03-02 07:45:14 +00:00
Andy Green
3fe08ce5d8 fault injection 2021-02-20 13:54:35 +00:00
Andy Green
1f019f99f4 libressl: adapt type rules
Update libressl rules for options api type,
add some docs to build, use CHECK_SYMBOL_EXISTS since
CHECK_FUNCTION_EXISTS is fooled by the conditionals
in the headers
2021-02-17 11:39:15 +00:00
Andy Green
0ceba15d9c lws_lifecycle
This adds some new objects and helpers for keeping and logging
info on grouped allocations, a group is, eg, SS handles or client
wsis.

Allocated objects get a context-unique "tag" string intended to replace
%p / wsi pointers etc.  Pointers quickly become confusing when
allocations are freed and reused, the tag string won't repeat
until you produce 2^64 objects in a context.

In addition the tag string documents the object group, with prefixes
like "wsi-" or "vh-" and contain object-specific additional
information like the vhost name, address / port  or the role of the wsi.
At creation time the lws code can use a format string and args
to add whatever group-specific info makes sense, eg, a wsi bound
to a secure stream can also append the guid of the secure stream,
it's copied into the new object tag and so is still available
cleanly after the stream is destroyed if the wsi outlives it.
2021-01-04 05:26:50 +00:00
Andy Green
643a001ed8 roles: netlink
This creates a role for RFC3549 Netlink monitoring.

If the OS supports it (currently, linux) then each pt creates a wsi
with the netlink role and dumps the current routing table at pt init.
It then maintains a cache of the routing table in each pt.

Upon routing table changes an SMD message is issued as an event, and
Captive Portal Detection is triggered.

All of the pt's current connections are reassessed for routability under
the changed routing table, those that no longer have a valid route or
gateway are closed.
2020-10-19 16:35:03 +01:00
Andy Green
44e860642b docs: switch to use main 2020-10-19 16:35:03 +01:00
Andy Green
08c9395da5 update some wording 2020-09-30 06:42:13 +01:00
Andy Green
9f104efc25 docs: explain context and client lifecycle 2020-09-18 11:37:17 +01:00
Andy Green
63e9699bda v4.1.0 2020-09-04 13:42:57 +01:00
Andy Green
1d05f429dc lws_plugins 2020-08-31 16:51:37 +01:00
Andy Green
c6c7ab2b44 event libs: default to building as dynamically loaded plugins
Event lib support as it has been isn't scaling well, at the low level
libevent and libev headers have a namespace conflict so they can't
both be built into the same image, and at the distro level, binding
all the event libs to libwebsockets.so makes a bloaty situation for
packaging, lws will drag in all the event libs every time.

This patch implements the plan discussed here

https://github.com/warmcat/libwebsockets/issues/1980

and refactors the event lib support so they are built into isolated
plugins and bound at runtime according to what the application says
it wants to use.  The event lib plugins can be packaged individually
so that only the needed sets of support are installed (perhaps none
of them if the user code is OK with the default poll() loop).  And
dependent user code can mark the specific event loop plugin package
as required so pieces are added as needed.

The eventlib-foreign example is also refactored to build the selected
lib support isolated.

A readme is added detailing the changes and how to use them.

https://libwebsockets.org/git/libwebsockets/tree/READMEs/README.event-libs.md
2020-08-31 16:51:37 +01:00
Andy Green
d98101d1e3 plugins: generalize and provide public api
Move the common plugin scanning dir stuff to be based on lws_dir, which
already builds for windows.  Previously this was done via dirent for unix
and libuv for windows.

Reduce the dl plat stuff to just wrap instantiation and destruction of
dynlibs, establish common code in lib/misc/dir.c for plugin scanning
itself.

Migrate the libuv windows dl stuff to windows-plugins.c, so that he's
available even if later libuv loop support becomes and event lib plugin.

Remove the existing api exports scheme for plugins, just export a const struct
now which has a fixed header type but then whatever you want afterwards depending
on the class / purpose of the plugin.  Place a "class" string in the header so
there can be different kinds of plugins implying different types exported.

Make the plugin apis public and add support for filter by class string, and
per instantation / destruction callbacks so the subclassed header type can
do its thing for the plugin class.  The user provides a linked-list base
for his class of plugins, so he can manage them completely separately and
in user code / user export types.

Rip out some last hangers-on from generic sessions / tables.

This is all aimed at making the plugins support general enough so it can
provide event lib plugins later.
2020-08-31 16:51:37 +01:00
Andy Green
a424623dc6 docs: add README-debugging.md and provide example points for decrypted traffic handling
Some general debugging advice but also really clarify the official way of how to dump
what is going out and coming in directly from the tls tunnel, so you can see the
actual data unencrypted.
2020-07-30 16:23:59 +01:00
Andy Green
634a97ad79 lws_jwt_token_sanity 2020-07-15 16:18:00 +01:00
Andy Green
286cf4357a sul: multiple timer domains
Adapt the pt sul owner list to be an array, and define two different lists,
one that acts like before and is the default for existing users, and another
that has the ability to cooperate with systemwide suspend to restrict the
interval spent suspended so that it will wake in time for the earliest
thing on this wake-suspend sul list.

Clean the api a bit and add lws_sul_cancel() that only needs the sul as the
argument.

Add a flag for client creation info to indicate that this client connection
is important enough that, eg, validity checking it to detect silently dead
connections should go on the wake-suspend sul list.  That flag is exposed in
secure streams policy so it can be added to a streamtype with
"swake_validity": true

Deprecate out the old vhost timer stuff that predates sul.  Add a flag
LWS_WITH_DEPRECATED_THINGS in cmake so users can get it back temporarily
before it will be removed in a v4.2.

Adapt all remaining in-tree users of it to use explicit suls.
2020-06-02 08:37:10 +01:00
Andy Green
d5773c01be openssl-v3: deal with deprecated SSL_CTX_load_verify_locations
Add Sai for openssl-v3 and for boringssl
2020-06-02 08:37:10 +01:00
Andy Green
2d7be680de android: modernize toolchain file and add build README
Add builder to .sai.json for just lws + mbedtls on aarch64
2020-05-27 08:40:12 +01:00
Andy Green
9f1d019352 CTest: migrate and deprecate existing selftest scripts
Replace the bash selftest plumbing with CTest.

To use the selftests, build with -DLWS_WITH_MINIMAL_EXAMPLES=1
and `CTEST_OUTPUT_ON_FAILURE=1 make test` or just
`make test`.

To disable tests that require internet access, also give
-DLWS_CTEST_INTERNET_AVAILABLE=0

Remove travis and appveyor scripts on master.

Remove travis and appveyor decals on README.md.
2020-05-11 15:40:13 +01:00
Andy Green
90aa78f0a8 docs: add notes on cmake 2020-04-20 18:23:10 +01:00
Andy Green
d3308df40f windows: pthreads
Add support for external pthreads lib on windows and some docs about how to do.

It can build with LWS_WITH_THREADPOOL and LWS_WITH_MINIMAL_EXAMPLES including the
pthreads-dependent ones without warnings or errors on windows platform as well with this.

pthreads_t can be anything, including a struct - not a pointer-to-a-struct
but the struct itself.  These can't be cast to a void * for printing as they can
on linux, where the base type is a pointer.

Let's fix all the usage of those to determine their own thread index in terms
of the meaning to the program rather than as a tid.
2020-04-07 14:05:21 +01:00
Andy Green
a60cb84c9e captive portal
Implement Captive Portal detection support in lws, with the actual
detection happening in platform code hooked up by lws_system_ops_t.

Add an implementation using Secure Streams as well, if the policy
defines captive_portal_detect streamtype, a SS using that streamtype
is used to probe if it's behind a captive portal.
2020-03-11 12:44:01 +00:00
Andy Green
1289b0a0ef v4.0.0 2020-03-06 10:18:46 +00:00
Andy Green
d88d41090e cleaning: windows 2020-03-04 12:17:49 +00:00
Andy Green
d36cbd935d README-test-apps: fix crufty reference to test-server-v2.0.c 2020-03-04 11:00:04 +00:00
Andy Green
414516cad4 lws_system: sync README.md to recent additions 2020-02-04 14:16:18 +00:00
Andy Green
8b0dee426e README.coding: update libev section 2019-12-20 18:39:07 +00:00
Andy Green
277d0e5e4c license: fix up last mentions of lgpl outside of the source file license grant part 2019-12-02 11:19:30 +00:00
grdowns
b7a04a67d1 windows: Add vcpkg installation instructions 2019-10-17 09:19:57 +01:00
Andy Green
efc35fe1e1 async dns: recursion
Handle the situation that we are told to use a CNAME, but the CNAME is not resolved
by the remote server... adapt the query to resolve the CNAME and restart it, while
retaining the original query name for the cache entry generation.

"Recursion" doesn't mean function-calling-a-function type recursion, it remains
completely asynchronous on the event loop.
2019-10-13 11:55:59 +01:00