2 * libwebsockets - small server side websockets and web server implementation
4 * Copyright (C) 2010 Andy Green <andy@warmcat.com>
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation:
9 * version 2.1 of the License.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
22 #include "private-libwebsockets.h"
24 #ifdef LWS_OPENSSL_SUPPORT
31 libwebsocket_read(struct libwebsocket *wsi, unsigned char * buf, size_t len);
34 /* document the generic callback (it's a fake prototype under this) */
36 * callback() - User server actions
37 * @wsi: Opaque websocket instance pointer
38 * @reason: The reason for the call
39 * @user: Pointer to per-session user data allocated by library
40 * @in: Pointer used for some callback reasons
41 * @len: Length set for some callback reasons
43 * This callback is the way the user controls what is served. All the
44 * protocol detail is hidden and handled by the library.
46 * For each connection / session there is user data allocated that is
47 * pointed to by "user". You set the size of this user data area when
48 * the library is initialized with libwebsocket_create_server.
50 * You get an opportunity to initialize user data when called back with
51 * LWS_CALLBACK_ESTABLISHED reason.
53 * LWS_CALLBACK_ESTABLISHED: after successful websocket handshake
55 * LWS_CALLBACK_CLOSED: when the websocket session ends
57 * LWS_CALLBACK_SEND: opportunity to send to client (you would use
58 * libwebsocket_write() taking care about the
59 * special buffer requirements
60 * LWS_CALLBACK_RECEIVE: data has appeared for the server, it can be
61 * found at *in and is len bytes long
63 * LWS_CALLBACK_HTTP: an http request has come from a client that is not
64 * asking to upgrade the connection to a websocket
65 * one. This is a chance to serve http content,
66 * for example, to send a script to the client
67 * which will then open the websockets connection.
68 * @in points to the URI path requested and
69 * libwebsockets_serve_http_file() makes it very
70 * simple to send back a file to the client.
72 extern int callback(struct libwebsocket * wsi,
73 enum libwebsocket_callback_reasons reason, void * user,
74 void *in, size_t len);
78 libwebsocket_close_and_free_session(struct libwebsocket *wsi)
82 wsi->state = WSI_STATE_DEAD_SOCKET;
84 if (wsi->protocol->callback && n == WSI_STATE_ESTABLISHED)
85 wsi->protocol->callback(wsi, LWS_CALLBACK_CLOSED, &wsi->user_space,
88 for (n = 0; n < WSI_TOKEN_COUNT; n++)
89 if (wsi->utf8_token[n].token)
90 free(wsi->utf8_token[n].token);
92 // fprintf(stderr, "closing fd=%d\n", wsi->sock);
94 #ifdef LWS_OPENSSL_SUPPORT
96 n = SSL_get_fd(wsi->ssl);
97 SSL_shutdown(wsi->ssl);
102 shutdown(wsi->sock, SHUT_RDWR);
104 #ifdef LWS_OPENSSL_SUPPORT
108 free(wsi->user_space);
114 * libwebsocket_create_server() - Create the listening websockets server
115 * @port: Port to listen on
116 * @protocols: Array of structures listing supported protocols and a protocol-
117 * specific callback for each one. The list is ended with an
118 * entry that has a NULL callback pointer.
119 * @ssl_cert_filepath: If libwebsockets was compiled to use ssl, and you want
120 * to listen using SSL, set to the filepath to fetch the
121 * server cert from, otherwise NULL for unencrypted
122 * @ssl_private_key_filepath: filepath to private key if wanting SSL mode,
124 * @gid: group id to change to after setting listen socket, or -1.
125 * @uid: user id to change to after setting listen socket, or -1.
127 * This function creates the listening socket and takes care
128 * of all initialization in one step.
130 * It does not return since it sits in a service loop and operates via the
131 * callbacks given in @protocol. User code should fork before calling
132 * libwebsocket_create_server() if it wants to do other things in
133 * parallel other than serve websockets.
135 * The protocol callback functions are called for a handful of events
136 * including http requests coming in, websocket connections becoming
137 * established, and data arriving; it's also called periodically to allow
138 * async transmission.
140 * HTTP requests are sent always to the FIRST protocol in @protocol, since
141 * at that time websocket protocol has not been negotiated. Other
142 * protocols after the first one never see any HTTP callack activity.
144 * The server created is a simple http server by default; part of the
145 * websocket standard is upgrading this http connection to a websocket one.
147 * This allows the same server to provide files like scripts and favicon /
148 * images or whatever over http and dynamic data over websockets all in
149 * one place; they're all handled in the user callback.
152 int libwebsocket_create_server(int port,
153 const struct libwebsocket_protocols *protocols,
154 const char * ssl_cert_filepath,
155 const char * ssl_private_key_filepath,
163 struct sockaddr_in serv_addr, cli_addr;
164 struct libwebsocket *wsi[MAX_CLIENTS + 1];
165 struct pollfd fds[MAX_CLIENTS + 1];
167 unsigned char buf[1024];
170 #ifdef LWS_OPENSSL_SUPPORT
171 const SSL_METHOD *method;
172 char ssl_err_buf[512];
174 use_ssl = ssl_cert_filepath != NULL && ssl_private_key_filepath != NULL;
176 fprintf(stderr, " Compiled with SSL support, using it\n");
178 fprintf(stderr, " Compiled with SSL support, not using it\n");
181 if (ssl_cert_filepath != NULL && ssl_private_key_filepath != NULL) {
182 fprintf(stderr, " Not compiled for OpenSSl support!\n");
185 fprintf(stderr, " Compiled without SSL support, serving unencrypted\n");
188 #ifdef LWS_OPENSSL_SUPPORT
192 OpenSSL_add_all_algorithms();
193 SSL_load_error_strings();
195 // Firefox insists on SSLv23 not SSLv3
196 // Konq disables SSLv2 by default now, SSLv23 works
198 method = SSLv23_server_method(); // create server instance
200 fprintf(stderr, "problem creating ssl method: %s\n",
201 ERR_error_string(ERR_get_error(), ssl_err_buf));
204 ssl_ctx = SSL_CTX_new(method); /* create context */
206 printf("problem creating ssl context: %s\n",
207 ERR_error_string(ERR_get_error(), ssl_err_buf));
210 /* set the local certificate from CertFile */
211 n = SSL_CTX_use_certificate_file(ssl_ctx,
212 ssl_cert_filepath, SSL_FILETYPE_PEM);
214 fprintf(stderr, "problem getting cert '%s': %s\n",
216 ERR_error_string(ERR_get_error(), ssl_err_buf));
219 /* set the private key from KeyFile */
220 if (SSL_CTX_use_PrivateKey_file(ssl_ctx,
221 ssl_private_key_filepath,
222 SSL_FILETYPE_PEM) != 1) {
223 fprintf(stderr, "ssl problem getting key '%s': %s\n",
224 ssl_private_key_filepath,
225 ERR_error_string(ERR_get_error(), ssl_err_buf));
228 /* verify private key */
229 if (!SSL_CTX_check_private_key(ssl_ctx)) {
230 fprintf(stderr, "Private SSL key doesn't match cert\n");
234 /* SSL is happy and has a cert it's content with */
238 sockfd = socket(AF_INET, SOCK_STREAM, 0);
240 fprintf(stderr, "ERROR opening socket");
244 /* allow us to restart even if old sockets in TIME_WAIT */
245 setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt));
247 bzero((char *) &serv_addr, sizeof(serv_addr));
248 serv_addr.sin_family = AF_INET;
249 serv_addr.sin_addr.s_addr = INADDR_ANY;
250 serv_addr.sin_port = htons(port);
251 n = bind(sockfd, (struct sockaddr *) &serv_addr, sizeof(serv_addr));
253 fprintf(stderr, "ERROR on binding to port %d (%d %d)\n", port, n,
258 /* drop any root privs for this thread */
262 fprintf(stderr, "setgid: %s\n", strerror(errno));
265 fprintf(stderr, "setuid: %s\n", strerror(errno));
268 * sit there listening for connects, accept and service connections
269 * in a poll loop, without any forking
273 fprintf(stderr, " Listening on port %d\n", port);
277 fds[0].events = POLLIN;
281 n = poll(fds, fds_count, 50);
282 if (n < 0 || fds[0].revents & (POLLERR | POLLHUP)) {
283 // fprintf(stderr, "Listen Socket dead\n");
286 if (n == 0) /* poll timeout */
289 if (fds[0].revents & POLLIN) {
291 /* listen socket got an unencrypted connection... */
293 clilen = sizeof(cli_addr);
295 (struct sockaddr *)&cli_addr,
298 fprintf(stderr, "ERROR on accept");
302 if (fds_count >= MAX_CLIENTS) {
303 fprintf(stderr, "too busy");
308 wsi[fds_count] = malloc(sizeof(struct libwebsocket));
313 #ifdef LWS_OPENSSL_SUPPORT
316 wsi[fds_count]->ssl = SSL_new(ssl_ctx);
317 if (wsi[fds_count]->ssl == NULL) {
318 fprintf(stderr, "SSL_new failed: %s\n",
319 ERR_error_string(SSL_get_error(
320 wsi[fds_count]->ssl, 0), NULL));
321 free(wsi[fds_count]);
325 SSL_set_fd(wsi[fds_count]->ssl, fd);
327 n = SSL_accept(wsi[fds_count]->ssl);
330 * browsers seem to probe with various
331 * ssl params which fail then retry
334 debug("SSL_accept failed skt %u: %s\n",
336 ERR_error_string(SSL_get_error(
337 wsi[fds_count]->ssl, n), NULL));
338 SSL_free(wsi[fds_count]->ssl);
339 free(wsi[fds_count]);
342 debug("accepted new SSL conn "
343 "port %u on fd=%d SSL ver %s\n",
344 ntohs(cli_addr.sin_port), fd,
345 SSL_get_version(wsi[fds_count]->ssl));
349 debug("accepted new conn port %u on fd=%d\n",
350 ntohs(cli_addr.sin_port), fd);
352 /* intialize the instance struct */
354 wsi[fds_count]->sock = fd;
355 wsi[fds_count]->state = WSI_STATE_HTTP;
356 wsi[fds_count]->name_buffer_pos = 0;
358 for (n = 0; n < WSI_TOKEN_COUNT; n++) {
359 wsi[fds_count]->utf8_token[n].token = NULL;
360 wsi[fds_count]->utf8_token[n].token_len = 0;
364 * these can only be set once the protocol is known
365 * we set an unestablished connection's protocol pointer
366 * to the start of the supported list, so it can look
367 * for matching ones during the handshake
369 wsi[fds_count]->protocol = protocols;
370 wsi[fds_count]->user_space = NULL;
373 * Default protocol is 76
374 * After 76, there's a header specified to inform which
375 * draft the client wants, when that's seen we modify
376 * the individual connection's spec revision accordingly
378 wsi[fds_count]->ietf_spec_revision = 76;
380 fds[fds_count].events = POLLIN;
381 fds[fds_count++].fd = fd;
384 /* check for activity on client sockets */
386 for (client = 1; client < fds_count; client++) {
388 /* handle session socket closed */
390 if (fds[client].revents & (POLLERR | POLLHUP)) {
392 fprintf(stderr, "Session Socket dead\n");
394 libwebsocket_close_and_free_session(
399 /* any incoming data ready? */
401 if (!(fds[client].revents & POLLIN))
404 #ifdef LWS_OPENSSL_SUPPORT
406 n = SSL_read(wsi[client]->ssl, buf, sizeof buf);
409 n = recv(fds[client].fd, buf, sizeof(buf), 0);
412 fprintf(stderr, "Socket read returned %d\n", n);
416 // fprintf(stderr, "POLLIN with 0 len waiting\n");
417 libwebsocket_close_and_free_session(
422 /* service incoming data */
424 if (libwebsocket_read(wsi[client], buf, n) >= 0)
428 * it closed and nuked wsi[client], so remove the
429 * socket handle and wsi from our service list
432 for (n = client; n < fds_count - 1; n++) {
441 for (client = 1; client < fds_count; client++) {
443 if (wsi[client]->state != WSI_STATE_ESTABLISHED)
446 wsi[client]->protocol->callback(wsi[client], LWS_CALLBACK_SEND,
447 &wsi[client]->user_space, NULL, 0);
454 /* listening socket */
456 for (client = 1; client < fds_count; client++)
457 libwebsocket_close_and_free_session(wsi[client]);
459 #ifdef LWS_OPENSSL_SUPPORT
460 SSL_CTX_free(ssl_ctx);