1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-09 00:00:04 +01:00
Commit graph

4328 commits

Author SHA1 Message Date
Andy Green
891f28b43e ss: proxy: fix conn deref on onward
Trying to use the opaque pointer in the handle to point to the conn isn't
going to work when we need it to point to the ss handle.

Move it to have its on place in the handle.
2021-04-21 10:02:00 +01:00
Andy Green
ff8912ba96 netlink: make failure to bind nonfatal 2021-04-20 16:05:01 +01:00
Andy Green
350284590c cmake: LWS_WITHOUT_EVENTFD 2021-04-20 14:58:23 +01:00
Andreas Weigel
02f0d759b5 cmake: also set LWS_BUILD_HASH to unknown if no git is found 2021-04-20 14:28:58 +01:00
Andy Green
8b1732a4e8 cmake: set unknown as LWS_BUILD_HASH if no git repo 2021-04-19 21:37:43 +01:00
Jin Wang
af1a79c3e5 client: make sure we get CCE if timeout on server reply
If facing a captive portal, we may seem to get a tcp level connection okay
but find that communication is silently dropped, leading to us timing out
in LRS_WAITING_SERVER_REPLY.

If so, we need to handle it as a connection fail in order to satisfy at
least Captive Portal detection.
2021-04-17 05:42:10 +01:00
Andy Green
1a6c2a634e client: tls: simplify validation fail reporting at CCE
We have access to a simplified report of the problem name for tls
validation inside the validation cb, let's bring it out and
use it for OpenSSL CCE reporting.
2021-04-15 19:10:54 +01:00
Andy Green
aa6b3f418e mbedtls: allow central trust store preload
Mbedtls does not have the same concept as openssl about preloading the
system trust store into every SSL_CTX.

This patch allows you to simulate the behaviour by passing in a context
creation-time filepath that all client SSL_CTX will be initialized from.
2021-04-15 19:10:54 +01:00
Andy Green
68d9f3a7f2 ss: wire up EVENT_WAIT_CANCELLED
Currently the lws_cancel_service() api only manifests itself at lws level.
This adds a state LWSSSCS_EVENT_WAIT_CANCELLED that is broadcast to all
SS in the event loop getting the cancel service api call, and allows
SS-level user code to pick up handling events from other threads.

There's a new example minimal-secure-streams-threads which shows the
pattern for other threads to communicate with and trigger the event in the
lws service thread.
2021-04-15 19:10:54 +01:00
Andy Green
5b6a89f79d ss: add test for OS trust store mdoe
It's already the case that leaving off the "tls_trust_store" member of the
streamtype definition in the policy causes the streamtype to validate its
tls connections via the OS trust store, usually a bundle OpenSSL has been
configured to load at init automagically, but also literally the OS trust
store in windows case.

Add tests to confirm that.
2021-04-15 19:10:54 +01:00
Andy Green
f35219d95d main: bump to v4.2.99 for development 2021-04-15 19:10:52 +01:00
Andy Green
1367c11e1e v4.2.0 release 2021-04-15 17:44:02 +01:00
kokke
2850de1afa drivers: spi: avoid leaking uninitialized bits
Before this commit, line 84 read 'u' before it had a value, on 1st for-loop iteration. See comment on line 84 below:

82		for (n = 0; n < 8; n++) {
83			ctx->gpio->set(ctx->clk, inv);
84			u = (u << 1) | !!ctx->gpio->read(ctx->miso); /* <-- u is used uninitialized here */
85			ctx->gpio->set(ctx->mosi, !!(u & 0x80));
86			ctx->gpio->set(ctx->clk, !inv);
87		}
2021-04-15 17:41:53 +01:00
Sergey
0a8f64ad5f cmake: enable user cmake to use FetchContent on lws
export include directories for target `websockets` and `websockets_shared`, see github #2272
2021-04-15 17:41:34 +01:00
Andy Green
4b52d7598c docs: lws_write: decruftify 2021-04-15 17:41:17 +01:00
Chunho Lee
0276f3e635 ss: mqtt: Avoid CONNECTING to DISCONNECTED transition
Check previous states with 'ss_dangling_connected'.
If it did not visit CONNECTED, transit to UNREACHABLE
instead of DISCONNECTED.
2021-04-15 17:34:01 +01:00
Chunho Lee
8c26063828 mqtt: log correct subscribe packet id 2021-04-15 17:33:50 +01:00
Per Bothner
018d443863 http: mimetypes: add mjs as builtin 2021-04-12 06:36:24 +01:00
syldrathecat
aa84d928d8 cmake: export include directory 2021-04-11 12:28:41 +01:00
Andy Green
24abd699f6 http: parser: straighten out %00 legality
https://github.com/warmcat/libwebsockets/issues/2262

This adds a README explaining what can be expected if your URLs contain
%00, and adds a safe helper for urlargs-by-name that is length-based.

Contains fix for extra NUL on some headers

https://github.com/warmcat/libwebsockets/issues/2267
2021-04-10 09:21:33 +01:00
Andy Green
354b29c747 http: redirect: dont try from h2 at the moment
h1->h1, h1->h2 are OK, but h2->anything needs more work.
Just fail it early at the moment.
2021-04-10 09:20:33 +01:00
Andy Green
b28b03eee1 smp: hold pt lock for lws_client_reset removing fds
https://github.com/warmcat/libwebsockets/issues/2268
2021-04-10 06:14:12 +01:00
Mykola Stryebkov
eeed0c07d0 smp: openssl: disallow trying to clean up mutexes twice 2021-04-08 13:02:57 +01:00
Andy Green
402e97a679 ss: metrics: http: just report at wsi close
Defer recording the ss metrics histogram until wsi close, so it has a
chance to collect all the tags that apply.

Defer dumping metrics until the FINALIZE phase of context destroy, so we
had a chance to get any metrics recorded.
2021-04-08 06:47:54 +01:00
Haopeng
2a7ded310f ss: metrics: add result tag reflecting ss txn disposition
For http ss, add a tag result=SS_ACK_REMOTE or SS_NACK_REMOTE
2021-04-08 06:37:35 +01:00
Andy Green
42dc817d8f ss: proxy: get rx flow control working
This fixes the proxy rx flow by adding an lws_dsh helper to hide the
off-by-one in the "kind" array (kind 0 is reserved for tracking the
unallocated dsh blocks).

For testing, it adds a --blob option on minimal-secure-streams[-client]
which uses a streamtype "bulkproxflow" from here

https://warmcat.com/policy/minimal-proxy-v4.2-v2.json

		"bulkproxflow": {
			"endpoint": "warmcat.com",
			"port": 443,
			"protocol": "h1",
			"http_method": "GET",
			"http_url": "blob.bin",
			"proxy_buflen": 32768,
			"proxy_buflen_rxflow_on_above": 24576,
			"proxy_buflen_rxflow_off_below": 8192,
			"tls": true,
			"retry": "default",
			"tls_trust_store": "le_via_dst"
		}

This downloads a 51MB blob of random data with the SHA256sum

ed5720c16830810e5829dfb9b66c96b2e24efc4f93aa5e38c7ff4150d31cfbbf

The minimal-secure-streams --blob example client delays the download by
50ms every 10KiB it sees to force rx flow usage at the proxy.

It downloads the whole thing and checks the SHA256 is as expected.

Logs about rxflow status are available at LLL_INFO log level.
2021-04-07 15:54:26 +01:00
Andy Green
fdc1e1e9a5 sspc: states for proxy failure 2021-04-07 14:48:52 +01:00
Andy Green
877fcc3e4d ss: policy: atoll needed for 32-bit machines
On 32-bit Linux compilers, long int == int == 32-bit.  So even atol() cannot
handle ints above 0x7fffffff and clips any it finds at that.

There's only one instance in policy-json.c, use atoll() cast to uint64_t
to allow values up to 64-bit INT_MAX even on 32-bit machines.
2021-04-07 09:52:04 +01:00
Daniel Austin
b153305506 doxygen: add extra top level page pointers
https://github.com/warmcat/libwebsockets/issues/2263
2021-04-06 08:24:19 +01:00
Andy Green
d7ce068543 ctest: ss: minimal-hugeurl: run correct test 2021-04-05 11:06:54 +01:00
Andy Green
37160c797e dsh: api-test: dont use lws_dsh_describe in Release 2021-04-05 10:55:04 +01:00
Andy Green
3ad0a3d223 ss: server: allow bind to existing vhost
If the larger application is defining vhosts using lejp-conf JSON, it's
often more convenient to describe the vhost for ss server binding to
that.

If the server policy endpoint (usually used to describe the server
interface bind) begins with '!', take the remainder of the endpoint
string as the name of a preexisting vhost to bind ss server to at
creation-time.
2021-04-05 10:55:04 +01:00
Mykola Stryebkov
0d06d4bad2 windows: work well with vcpkg pthreads 2021-04-05 10:55:04 +01:00
Mykola Stryebkov
3c334d4906 windows: pipe role does not use file handle any more 2021-04-05 10:55:04 +01:00
Andy Green
7f8e2edc3d windows: cancel pipe is in pts not context 2021-04-05 10:55:04 +01:00
Andy Green
7d8f742594 smp: more lock assertions 2021-04-05 10:55:04 +01:00
Andy Green
b582dd49fb client: add CONNECTING protocol cb 2021-04-05 10:55:04 +01:00
Andy Green
d291c02a23 ss: sspc: add conmon performance telemetry
This provides a way to get ahold of LWS_WITH_CONMON telemetry from Secure
Streams, it works the same with direct onward connections or via the proxy.

You can mark streamtypes with a "perf": true policy attribute... this
causes the onward connections on those streamtypes to collect information
about the connection performance, and the unsorted DNS results.

Streams with that policy attribute receive extra data in their rx callback,
with the LWSSS_FLAG_PERF_JSON flag set on it, containing JSON describing the
performance of the onward connection taken from CONMON data, in a JSON
representation.  Streams without the "perf" attribute set never receive
this extra rx.

The received JSON is based on the CONMON struct info and looks like

{"peer":"46.105.127.147","dns_us":596,"sockconn_us":31382,"tls_us":28180,"txn_resp_us:23015,"dns":["2001:41d0:2:ee93::1","46.105.127.147"]}

A new minimal example minimal-secure-streams-perf is added that collects
this data on an HTTP GET from warmcat.com, and is built with a -client
version as well if LWS_WITH_SECURE_STREAMS_PROXY_API is set, that operates
via the ss proxy and produces the same result at the client.
2021-04-05 10:55:04 +01:00
Andy Green
51490ae6e6 Fault injection
add lws_xos: xoshiro256 PRNG
2021-04-05 10:55:04 +01:00
Catalin
33f5bf2e2d tls sessions: openssl: ttl based internal expiry 2021-04-05 10:54:55 +01:00
Andy Green
9483df3b17 openssl: check for X509_VERIFY_PARAM_set1_host also using CHECK_SYMBOL_EXISTS 2021-04-04 17:20:07 +01:00
Andy Green
7451702722 tls-sessions: serialization 2021-04-04 05:45:53 +01:00
Andy Green
e2f1dd1c82 mbedtls: session cache and resume 2021-04-04 05:44:08 +01:00
Catalin
d5753b6298 tls: openssl-only: client-only: session caching 2021-04-04 05:34:11 +01:00
Andy Green
e4d381eadd metrics: increase type of us_schedule to uint64_t 2021-04-02 16:50:49 +01:00
Bram Peeters
3ff6a9d462 vhost: dont log null origin 2021-04-02 16:50:49 +01:00
Andy Green
e2f42387b7 route: assert if route table becomes full 2021-04-02 16:50:49 +01:00
Gary Christiansen
12f20503b4 mqtt: Fixes setting the length of the last will message
It was previously using the length of the topic for the message. It
would break if the topic and message were not the same length.
2021-04-02 16:44:35 +01:00
Jed Lu
69f2ad9ced ss: allow that request_tx may get told DESTROY_ME 2021-04-01 09:09:10 +01:00
Chunho Lee
ff76604006 ss: mqtt: Wrap ACK_REMOTE to ACK_REMOTE transition with LWS_ROLE_MQTT
Wrap ACK_REMOTE to ACK_REMOTE transition with
"#if defined(LWS_ROLE_MQTT) /.../ #endif".
2021-03-31 09:39:12 +01:00