If the SSL connection failed before the headers came, we were not
dealing with deallocating the header malloc. This takes care of it.
Using CyaSSL, we are then valgrind-clean for ssl client and server.
With OpenSSL, there is 88 bytes lost at init that never changes or
gets recovered. AFAIK there's nothing to do about that.
OpenSSL also blows these during operation
==1059== Conditional jump or move depends on uninitialised value(s)
==1059== at 0x4A0B131: bcmp (mc_replace_strmem.c:935)
==1059== by 0x3014CDDBA8: ??? (in /usr/lib64/libcrypto.so.1.0.1c)
==1059== by 0x3015430852: tls1_enc (in /usr/lib64/libssl.so.1.0.1c)
==1059== by 0x3015428CEC: ssl3_read_bytes (in /usr/lib64/libssl.so.1.0.1c)
==1059== by 0x30154264C5: ??? (in /usr/lib64/libssl.so.1.0.1c)
==1059== by 0x4C3C596: lws_server_socket_service (server.c:153)
==1059== by 0x4C32C1E: libwebsocket_service_fd (libwebsockets.c:927)
==1059== by 0x4C33270: libwebsocket_service (libwebsockets.c:1225)
==1059== by 0x401C84: main (in /usr/bin/libwebsockets-test-server)
However googling around
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/60021http://www.openssl.org/support/faq.html#PROG13
(also the next FAQ down)
it seems OpenSSL have a relaxed attitude to this and it's expected.
It's interesting CyaSSL works fine but doesn't have that problem...
Signed-off-by: Andy Green <andy.green@linaro.org>
CyaSSL blows (symptomless?) uninitialized memory accesses in
valgrind when using SSL_get_version()... don't need to do it...
Signed-off-by: Andy Green <andy.green@linaro.org>
This brings the library sources into compliance with checkpatch
style except for three or four exceptions like WIN32 related stuff
and one long string constant I don't want to break into multiple
sprintf calls.
There should be no functional or compilability change from all
this (hopefully).
Signed-off-by: Andy Green <andy.green@linaro.org>
This big patch replaces the malloc / realloc per header
approach used until now with a single three-level struct
that gets malloc'd during the header union phase and freed
in one go when we transition to a different union phase.
It's more expensive in that we malloc a bit more than 4Kbytes,
but it's a lot cheaper in terms of malloc, frees, heap fragmentation,
no reallocs, nothing to configure. It also moves from arrays of
pointers (8 bytes on x86_64) to unsigned short offsets into the
data array, (2 bytes on all platforms).
The 3-level thing is all in one struct
- array indexed by the header enum, pointing to first "fragment" index
(ie, header type to fragment lookup, or 0 for none)
- array of fragments indexes, enough for 2 x the number of known headers
(fragment array... note that fragments can point to a "next"
fragment if the same header is spread across multiple entries)
- linear char array where the known header payload gets written
(fragments point into null-terminated strings stored in here,
only the known header content is stored)
http headers can legally be split over multiple headers of the same
name which should be concatenated. This scheme does not linearly
conatenate them but uses a linked list in the fragment structs to
link them. There are apis to get the total length and copy out a
linear, concatenated version to a buffer.
Signed-off-by: Andy Green <andy.green@linaro.org>
A new protocol member is defined that controls the size of rx
buffer allocation per connection. For compatibility 0 size
allocates 4096, but you should adapt your protocol definition
array in the user code to declare an appropriate value.
See the changelog for more detail.
The advantage is the rx frame buffer size is now tailored to
what is expected from the protocol, rather than being fixed
to a default of 4096. If your protocol only sends frames of
a dozen bytes this allows you to only allocate an rx frame
buffer of the same size.
For example the per-connection allocation (excluding headers)
for the test server fell from ~4500 to < 750 bytes with this.
Signed-off-by: Andy Green <andy.green@linaro.org>
This gets rid of the stack buffer while serving files, and the
PATH_MAX char array that used to hold the filepath in the wsi.
It holds an extra file descriptor open while serving the file,
however it attempts to stuff the socket with as much of the
file as it can take. For files of a few KB, that typically
completes (without blocking) in the call to
libwebsockets_serve_http_file() and then closes the file
descriptor before returning.
Signed-off-by: Andy Green <andy.green@linaro.org>
This reduces the size of struct libwebscocket from 4840 to 4552
on x86_64
There are also big benefits on malloc pool fragmentation and
allocation, the header allocations only exist between the first
peer communication and websocket connection establishment for
both server and client.
Signed-off-by: Andy Green <andy.green@linaro.org>
http://www.yassl.com/yaSSL/Products-cyassl.html
- Small Size: 20-100kB
- Runtime Memory: 1-36kB
- 20X smaller than OpenSSL
So far only tested on Linux.
Note that this requires a bugfix in cyassl, otherwise it will crash. Pull request has been made to the official repos, in the meantime the following repos can be used: git://github.com/JoakimSoderberg/cyassl.git
- Finalized CMake support (tested on windows only so far).
- Uses a generated lws_config.h that is included in
private-libwebsocket to pass defines, only used if CMAKE_BUILD is set.
- Support for SSL on Windows.
- Initial support for CyaSSL replacement of OpenSSL (This has been added
to my older CMake-fork but haven't been tested on this version yet).
- Fixed windows build (see below for details).
- Fixed at least the 32-bit Debug build for the existing Visual Studio
Project. (Not to keen fixing all the others when we have CMake support
anyway (which can generate much better project files)...)
- BUGFIXES:
- handshake.c
- used C99 definition of handshake_0405 function
- libwebsocket.c
- syslog not available on windows, put in ifdefs.
- Fixed previous known crash bug on Windows where WSAPoll in
Ws2_32.dll would not be present, causing the poll function pointer
being set to NULL.
- Uninitialized variable context->listen_service_extraseen would
result in stack overflow because of infinite recursion. Fixed by
initializing in libwebsocket_create_context
- SO_REUSADDR means something different on Windows compared to Unix.
- Setting a socket to nonblocking is done differently on Windows.
(This should probably broken out into a helper function instead)
- lwsl_emit_syslog -> lwsl_emit_stderr on Windows.
- private-libwebsocket.h
- PATH_MAX is not available on Windows, define as MAX_PATH
- Always define LWS_NO_DAEMONIZE on windows.
- Don't define lws_latency as inline that does nothing. inline is not
support by the Microsoft compiler, replaced with an empty define
instead. (It's __inline in MSVC)
- server.c
- Fixed nonblock call on windows
- test-ping.c
- Don't use C99 features (Microsoft compiler does not support it).
- Move non-win32 headers into ifdefs.
- Skip use of sighandler on Windows.
- test-server.c
- ifdef syslog parts on Windows.
Libwebsockets is fundamentally singlethreaded... the existence of the
fork and broadcast support, especially in the sample server is
giving the wrong idea about how to use it.
This replaces broadcast in the sample server with
libwebsocket_callback_on_writable_all_protocol(). The whole idea of
'broadcast' is removed.
All of the broadcast proxy stuff is removed: data must now be sent
from the callback only. Doing othherwise is not reliable since the
service loop may close the socket and free the wsi at any time,
invalidating a wsi pointer held by another thread (don't do that!)
Likewise the confirm_legit_wsi api added recently does not help the
other thread case, since if the wsi has been freed dereferencing the
wsi to study if it is legit or not will segfault in that case. So
this is removed too.
The overall effect is to push user code to only operate inside the
protocol callbacks or external poll loops, ie, single thread context.
Signed-off-by: Andy Green <andy.green@linaro.org>
Large chunks of struct libwebsocket members actually have a mutually
exclusive lifecycle, eg, once the http headers are finished they sit
there unused until the instance is destroyed.
This makes a big improvement in memory efficiency by making four
categories of member: always needed, needed for header processing,
needed for http processing, and needed for ws processing. The last
three are mutually exclusive and bound into a union inside the wsi.
Care needs taking now at "union transitions", although we zeroed down
the struct at init, the other union siblings have been writing the
same memory by the time later member siblings start to use it. So
it must be cleared down appropriately when we cross from one
mutually-exclusive use to another.
Signed-off-by: Andy Green <andy.green@linaro.org>
The whole thing about count_protocols + 1 broadcast sockets and
associated dummy wsis is a workaround for getting a broadcast from
a different process context, if we are running with --enable-no-fork
then we don't need any of it in.
Signed-off-by: Andy Green <andy.green@linaro.org>
The new --without-extensions config flag completely removes all code
and data related to extensions from the build throughout the library
when given.
Signed-off-by: Andy Green <andy.green@linaro.org>
Move server-only stuff into their own files and make building
that depend on not having --without-server on the configure
Make fragments in other places conditional as well
Remove client-related members from struct libwebscket when
building LWS_NO_CLIENT
Apps:
normal: build test server, client, fraggle, ping
--without-client: build test server
--without-server: build test client, ping
Signed-off-by: Andy Green <andy.green@linaro.org>
