If we complete a transaction but end up keeping the ah, we must force
a timeout on it. Otherwise a bad bot could keep the socket open and
exhaust the ah pool.
- if protocol set, allocate own user_space
If the child wsi wants the parent wsi user_space, it can use
lws_wsi_user(lws_get_parent(child_wsi))
- raw file close processing handles parent-child relationship
1) There's now a .fops pointer that can be set in the context creation info. If set, the array of
fops it points to (terminated by an entry with .open = NULL) is walked to find out the best vfs filesystem
path match (comparing the vfs path to fops.path_prefix) for which fops to use.
If none given (.fops is NULL in info) then behaviour is as before, fops are the platform-provided one only.
2) The built in fileserving now walks any array of fops looking for the best fops match automatically.
3) lws_plat_file_... apis are renamed to lws_vfs_file_...
My Browsers send as Subprotocols e.g. chat, superchat, mySubprotocol (with spaces after the ,). Libwebsockets now checked if ' mySubprotocol' was equal to 'mySubprotocol' which failed. With this fix the leading space is ignored and uses 'mySubprotocol' for comparision.
The `listen` call can fail with EADDRINUSE after bind() succeeds, for
example because another process called listen on that port in the
meantime, or under some circumstances with IPv6-mapped-IPv4. This was
causing EINVAL on accept, with an infinite loop in case of libuv.
A reproducible example was to run nc -l -p 5555 ( OpenBSD netcat (Debian
patchlevel 1)) before starting test-server
Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>
Special port setting to disable listening for a server using socket adoption.
This contrasts with CONTEXT_PORT_NO_LISTEN which does the same for a client.
In particular, server-side SSL is not disabled by CONTEXT_PORT_NO_LISTEN_SERVER
as it is by CONTEXT_PORT_NO_LISTEN.
1) This makes lwsws run a parent process with the original permissions.
But this process is only able to respond to SIGHUP, it doesn't do anything
else.
2) You can send this parent process a SIGHUP now to cause it to
- close listening sockets in existing lwsws processes
- mark those processes as to exit when the number of active connections
on the falls to zero
- spawn a fresh child process from scratch, using latest configuration
file content, latest plugins, etc. It can now reopen listening sockets
if it chooses to, or open different listen ports or whatever.
Notes:
1) lws_context_destroy() has been split into two pieces... the reason for
the split is the first part closes the per-vhost protocols, but since
they may have created libuv objects in the per-vhost protocol storage,
these cannot be freed until after the loop has been run.
That's the purpose of the second part of the context destruction,
lws_context_destroy2().
For compatibility, if you are not using libuv, the first part calls the
second part. However if you are using libuv, you must now call the
second part from your own main.c after the first part.
This should allow adding vhosts "late", ie, after the server is up and
running with its initial vhost(s). The necessary housekeeping is folded
into lws_create_vhost() itself so it should be transparent.
Notice though that at the point the server starts to do service after it
starts initially, if it was requested that the UID / GID change, that
is performed at that point and is not reversible.
So vhosts added "late" find themselves running under the unprivileged
UID / GID from the very start, whereas vhosts added "early" initially
run under the UID / GID the process started with. If protocols the
vhost uses want to, eg, open privileged files at init and then use
them unprivileged, that will fail if the vhost is added late because
the initial privs are already gone.
AG: also deal with lws_protocol_init() on late vhost init (does the
callbacks for per vh protocol creation), add comments
From linux ipv6(7) manual (section `Note`):
SOL_IP, SOL_IPV6, SOL_ICMPV6 and other SOL_* socket options are
nonportable variants of IPPROTO_*. See also ip(7).
Ref: http://man7.org/linux/man-pages/man7/ipv6.7.html
There are two kinds of reaason to call lws_header_table_reset(), one is we are reallocating
a destroyed ah to another wsi, and the other is we are moving to the next pipelined header set
still on the same wsi, and we need a "weaker" reset that only clears down the state related
to the header parsing, not everything about the ah context including the ah rx buffer.
This patch moves the ah rxbuffer rxpos and rxlen resetting out of lws_header_table_reset() and to
be the responsibility of the caller. Callers who are moving the ah to another wsi are
patched to deal with resetting rxpos and rxlen and lws_http_transaction_completed() who only
resets the ah when moving to the next pipelined headers, no longer wrongly clears the ah rxbuf.
https://github.com/warmcat/libwebsockets/issues/638
Thanks to Fabrice Gilot for reporting the problem that led to uncovering this.
Due to a misunderstanding of the return value of snprintf (it is not truncated according
to the max size passed in) in several places relying on snprintf to truncate the length
overflows are possible.
This patch wraps snprintf with a new lws_snprintf() which does truncate its length to allow
the buffer limiting scheme to work properly.
All users should update with these fixes.
RFC2616 only says that any HTTP/1.1 message containing an entity-body
SHOULD include a Content-Type header field defining the media type of
that body.
RFC2119 defines SHOULD as: This word mean that there may exist valid
reasons in particular circumstances to ignore a particular item, but
the full implications must be understood and carefully weighed before
choosing a different course.
AG: this isn't an oversight, it's paranoia about sending out /etc/passwd
or /etc/shadow accidentally.
I agree it should be allowed if people really want to override it. But
the default should remain like it is I think.
I adapted the patch to allow the extra mimetype "*": "" to be declared on
a mount, as a wildcard match that serves the file without a Content-Type.
