2 * libwebsockets - small server side websockets and web server implementation
4 * Copyright (C) 2010-2013 Andy Green <andy@warmcat.com>
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation:
9 * version 2.1 of the License.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
22 #include "private-libwebsockets.h"
24 unsigned char lextable[] = {
28 #define FAIL_CHAR 0x08
30 int lextable_decode(int pos, char c)
32 if (c >= 'A' && c <= 'Z')
36 if (lextable[pos] & (1 << 7)) { /* 1-byte, fail on mismatch */
37 if ((lextable[pos] & 0x7f) != c)
41 if (lextable[pos] == FAIL_CHAR)
46 if (lextable[pos] == FAIL_CHAR)
49 /* b7 = 0, end or 3-byte */
50 if (lextable[pos] < FAIL_CHAR) /* terminal marker */
53 if (lextable[pos] == c) /* goto */
54 return pos + (lextable[pos + 1]) +
55 (lextable[pos + 2] << 8);
62 int lws_allocate_header_table(struct lws *wsi)
64 struct lws_context *context = wsi->context;
67 lwsl_debug("%s: wsi %p: ah %p\n", __func__, (void *)wsi,
68 (void *)wsi->u.hdr.ah);
70 /* if we are already bound to one, just clear it down */
74 * server should have suppressed the accept of a new wsi before this
75 * became the case. If initiating multiple client connects, make sure
76 * the ah pool is big enough to cope, or be prepared to retry
78 if (context->ah_count_in_use == context->max_http_header_pool) {
79 lwsl_err("No free ah\n");
83 for (n = 0; n < context->max_http_header_pool; n++)
84 if (!context->ah_pool[n].in_use)
87 /* if the count of in use said something free... */
88 assert(n != context->max_http_header_pool);
90 wsi->u.hdr.ah = &context->ah_pool[n];
91 wsi->u.hdr.ah->in_use = 1;
93 context->ah_count_in_use++;
94 /* if we used up all the ah, defeat accepting new server connections */
95 if (context->ah_count_in_use == context->max_http_header_pool)
96 if (_lws_server_listen_accept_flow_control(context, 0))
99 lwsl_debug("%s: wsi %p: ah %p: count %d (on exit)\n",
100 __func__, (void *)wsi, (void *)wsi->u.hdr.ah,
101 context->ah_count_in_use);
104 /* init the ah to reflect no headers or data have appeared yet */
105 memset(wsi->u.hdr.ah->frag_index, 0, sizeof(wsi->u.hdr.ah->frag_index));
106 wsi->u.hdr.ah->nfrag = 0;
107 wsi->u.hdr.ah->pos = 0;
112 int lws_free_header_table(struct lws *wsi)
114 struct lws_context *context = wsi->context;
116 lwsl_debug("%s: wsi %p: ah %p (count = %d)\n", __func__, (void *)wsi,
117 (void *)wsi->u.hdr.ah, context->ah_count_in_use);
119 assert(wsi->u.hdr.ah);
123 /* if we think we're freeing one, there should be one to free */
124 assert(context->ah_count_in_use > 0);
126 assert(wsi->u.hdr.ah->in_use);
127 wsi->u.hdr.ah->in_use = 0;
129 /* if we just freed up one ah, allow new server connection */
130 if (context->ah_count_in_use == context->max_http_header_pool)
131 if (_lws_server_listen_accept_flow_control(context, 1))
134 context->ah_count_in_use--;
135 wsi->u.hdr.ah = NULL;
141 * lws_hdr_fragment_length: report length of a single fragment of a header
142 * The returned length does not include the space for a
145 * @wsi: websocket connection
146 * @h: which header index we are interested in
147 * @frag_idx: which fragment of @h we want to get the length of
151 lws_hdr_fragment_length(struct lws *wsi, enum lws_token_indexes h, int frag_idx)
155 n = wsi->u.hdr.ah->frag_index[h];
160 return wsi->u.hdr.ah->frags[n].len;
161 n = wsi->u.hdr.ah->frags[n].nfrag;
162 } while (frag_idx-- && n);
168 * lws_hdr_total_length: report length of all fragments of a header totalled up
169 * The returned length does not include the space for a
172 * @wsi: websocket connection
173 * @h: which header index we are interested in
176 LWS_VISIBLE int lws_hdr_total_length(struct lws *wsi, enum lws_token_indexes h)
181 n = wsi->u.hdr.ah->frag_index[h];
185 len += wsi->u.hdr.ah->frags[n].len;
186 n = wsi->u.hdr.ah->frags[n].nfrag;
193 * lws_hdr_copy_fragment: copy a single fragment of the given header to a buffer
194 * The buffer length @len must include space for an additional
195 * terminating '\0', or it will fail returning -1.
196 * If the requested fragment index is not present, it fails
199 * @wsi: websocket connection
200 * @dst: destination buffer
201 * @len: length of destination buffer
202 * @h: which header index we are interested in
203 * @frag_index: which fragment of @h we want to copy
206 LWS_VISIBLE int lws_hdr_copy_fragment(struct lws *wsi, char *dst, int len,
207 enum lws_token_indexes h, int frag_idx)
210 int f = wsi->u.hdr.ah->frag_index[h];
215 while (n < frag_idx) {
216 f = wsi->u.hdr.ah->frags[f].nfrag;
222 if (wsi->u.hdr.ah->frags[f].len >= len)
225 memcpy(dst, wsi->u.hdr.ah->data + wsi->u.hdr.ah->frags[f].offset,
226 wsi->u.hdr.ah->frags[f].len);
227 dst[wsi->u.hdr.ah->frags[f].len] = '\0';
229 return wsi->u.hdr.ah->frags[f].len;
233 * lws_hdr_copy: copy a single fragment of the given header to a buffer
234 * The buffer length @len must include space for an additional
235 * terminating '\0', or it will fail returning -1.
237 * @wsi: websocket connection
238 * @dst: destination buffer
239 * @len: length of destination buffer
240 * @h: which header index we are interested in
243 LWS_VISIBLE int lws_hdr_copy(struct lws *wsi, char *dst, int len,
244 enum lws_token_indexes h)
246 int toklen = lws_hdr_total_length(wsi, h);
252 n = wsi->u.hdr.ah->frag_index[h];
257 strcpy(dst, &wsi->u.hdr.ah->data[wsi->u.hdr.ah->frags[n].offset]);
258 dst += wsi->u.hdr.ah->frags[n].len;
259 n = wsi->u.hdr.ah->frags[n].nfrag;
265 char *lws_hdr_simple_ptr(struct lws *wsi, enum lws_token_indexes h)
269 n = wsi->u.hdr.ah->frag_index[h];
273 return wsi->u.hdr.ah->data + wsi->u.hdr.ah->frags[n].offset;
276 int lws_hdr_simple_create(struct lws *wsi, enum lws_token_indexes h,
279 wsi->u.hdr.ah->nfrag++;
280 if (wsi->u.hdr.ah->nfrag == ARRAY_SIZE(wsi->u.hdr.ah->frags)) {
281 lwsl_warn("More hdr frags than we can deal with, dropping\n");
285 wsi->u.hdr.ah->frag_index[h] = wsi->u.hdr.ah->nfrag;
287 wsi->u.hdr.ah->frags[wsi->u.hdr.ah->nfrag].offset = wsi->u.hdr.ah->pos;
288 wsi->u.hdr.ah->frags[wsi->u.hdr.ah->nfrag].len = 0;
289 wsi->u.hdr.ah->frags[wsi->u.hdr.ah->nfrag].nfrag = 0;
292 if (wsi->u.hdr.ah->pos == wsi->context->max_http_header_data) {
293 lwsl_err("Ran out of header data space\n");
296 wsi->u.hdr.ah->data[wsi->u.hdr.ah->pos++] = *s;
298 wsi->u.hdr.ah->frags[wsi->u.hdr.ah->nfrag].len++;
304 static signed char char_to_hex(const char c)
306 if (c >= '0' && c <= '9')
309 if (c >= 'a' && c <= 'f')
312 if (c >= 'A' && c <= 'F')
318 static int issue_char(struct lws *wsi, unsigned char c)
320 unsigned short frag_len;
322 if (wsi->u.hdr.ah->pos == wsi->context->max_http_header_data) {
323 lwsl_warn("excessive header content\n");
327 frag_len = wsi->u.hdr.ah->frags[wsi->u.hdr.ah->nfrag].len;
329 * If we haven't hit the token limit, just copy the character into
332 if (frag_len < wsi->u.hdr.current_token_limit) {
333 wsi->u.hdr.ah->data[wsi->u.hdr.ah->pos++] = c;
335 wsi->u.hdr.ah->frags[wsi->u.hdr.ah->nfrag].len++;
339 /* Insert a null character when we *hit* the limit: */
340 if (frag_len == wsi->u.hdr.current_token_limit) {
341 if (wsi->u.hdr.ah->pos == wsi->context->max_http_header_data) {
342 lwsl_warn("excessive header content 2\n");
345 wsi->u.hdr.ah->data[wsi->u.hdr.ah->pos++] = '\0';
346 lwsl_warn("header %i exceeds limit %d\n",
347 wsi->u.hdr.parser_state, wsi->u.hdr.current_token_limit);
353 int lws_parse(struct lws *wsi, unsigned char c)
355 static const unsigned char methods[] = {
358 WSI_TOKEN_OPTIONS_URI,
361 WSI_TOKEN_DELETE_URI,
363 struct allocated_headers *ah = wsi->u.hdr.ah;
364 struct lws_context *context = wsi->context;
365 unsigned int n, m, enc = 0;
367 switch (wsi->u.hdr.parser_state) {
370 lwsl_parser("WSI_TOK_(%d) '%c'\n", wsi->u.hdr.parser_state, c);
372 /* collect into malloc'd buffers */
373 /* optional initial space swallow */
374 if (!ah->frags[ah->frag_index[
375 wsi->u.hdr.parser_state]].len && c == ' ')
378 for (m = 0; m < ARRAY_SIZE(methods); m++)
379 if (wsi->u.hdr.parser_state == methods[m])
381 if (m == ARRAY_SIZE(methods))
382 /* it was not any of the methods */
385 /* special URI processing... end at space */
388 /* enforce starting with / */
389 if (!ah->frags[ah->nfrag].len)
390 if (issue_char(wsi, '/') < 0)
393 /* begin parsing HTTP version: */
394 if (issue_char(wsi, '\0') < 0)
396 wsi->u.hdr.parser_state = WSI_TOKEN_HTTP;
400 /* special URI processing... convert %xx */
402 switch (wsi->u.hdr.ues) {
405 wsi->u.hdr.ues = URIES_SEEN_PERCENT;
409 case URIES_SEEN_PERCENT:
410 if (char_to_hex(c) < 0) {
412 if (issue_char(wsi, '%') < 0)
414 wsi->u.hdr.ues = URIES_IDLE;
415 /* continue on to assess c */
418 wsi->u.hdr.esc_stash = c;
419 wsi->u.hdr.ues = URIES_SEEN_PERCENT_H1;
422 case URIES_SEEN_PERCENT_H1:
423 if (char_to_hex(c) < 0) {
425 issue_char(wsi, '%');
426 wsi->u.hdr.ues = URIES_IDLE;
427 /* regurgitate + assess */
428 if (lws_parse(wsi, wsi->u.hdr.esc_stash) < 0)
430 /* continue on to assess c */
433 c = (char_to_hex(wsi->u.hdr.esc_stash) << 4) |
436 wsi->u.hdr.ues = URIES_IDLE;
441 * special URI processing...
442 * convert /.. or /... or /../ etc to /
444 * convert // or /// etc to /
445 * leave /.dir or whatever alone
448 switch (wsi->u.hdr.ups) {
452 /* genuine delimiter */
453 if ((c == '&' || c == ';') && !enc) {
454 if (issue_char(wsi, c) < 0)
456 /* swallow the terminator */
457 ah->frags[ah->nfrag].len--;
458 /* link to next fragment */
459 ah->frags[ah->nfrag].nfrag = ah->nfrag + 1;
461 if (ah->nfrag >= ARRAY_SIZE(ah->frags))
463 /* start next fragment after the & */
464 wsi->u.hdr.post_literal_equal = 0;
465 ah->frags[ah->nfrag].offset = ah->pos;
466 ah->frags[ah->nfrag].len = 0;
467 ah->frags[ah->nfrag].nfrag = 0;
470 /* uriencoded = in the name part, disallow */
471 if (c == '=' && enc && !wsi->u.hdr.post_literal_equal)
474 /* after the real =, we don't care how many = */
475 if (c == '=' && !enc)
476 wsi->u.hdr.post_literal_equal = 1;
479 if (c == '+' && !enc)
481 /* issue the first / always */
482 if (c == '/' && !ah->frag_index[WSI_TOKEN_HTTP_URI_ARGS])
483 wsi->u.hdr.ups = URIPS_SEEN_SLASH;
485 case URIPS_SEEN_SLASH:
486 /* swallow subsequent slashes */
489 /* track and swallow the first . after / */
491 wsi->u.hdr.ups = URIPS_SEEN_SLASH_DOT;
494 wsi->u.hdr.ups = URIPS_IDLE;
496 case URIPS_SEEN_SLASH_DOT:
497 /* swallow second . */
500 * back up one dir level if possible
501 * safe against header fragmentation because
502 * the method URI can only be in 1 fragment
504 if (ah->frags[ah->nfrag].len > 2) {
506 ah->frags[ah->nfrag].len--;
509 ah->frags[ah->nfrag].len--;
510 } while (ah->frags[ah->nfrag].len > 1 &&
511 ah->data[ah->pos] != '/');
513 wsi->u.hdr.ups = URIPS_SEEN_SLASH_DOT_DOT;
516 /* change /./ to / */
518 wsi->u.hdr.ups = URIPS_SEEN_SLASH;
521 /* it was like /.dir ... regurgitate the . */
522 wsi->u.hdr.ups = URIPS_IDLE;
523 if (issue_char(wsi, '.') < 0)
527 case URIPS_SEEN_SLASH_DOT_DOT:
528 /* swallow prior .. chars and any subsequent . */
531 /* last issued was /, so another / == // */
534 /* last we issued was / so SEEN_SLASH */
535 wsi->u.hdr.ups = URIPS_SEEN_SLASH;
539 if (c == '?' && !enc &&
540 !ah->frag_index[WSI_TOKEN_HTTP_URI_ARGS]) { /* start of URI arguments */
541 /* seal off uri header */
542 if (issue_char(wsi, '\0') < 0)
545 /* move to using WSI_TOKEN_HTTP_URI_ARGS */
547 if (ah->nfrag >= ARRAY_SIZE(ah->frags))
549 ah->frags[ah->nfrag].offset = ah->pos;
550 ah->frags[ah->nfrag].len = 0;
551 ah->frags[ah->nfrag].nfrag = 0;
553 wsi->u.hdr.post_literal_equal = 0;
554 ah->frag_index[WSI_TOKEN_HTTP_URI_ARGS] = ah->nfrag;
555 wsi->u.hdr.ups = URIPS_IDLE;
562 if (wsi->u.hdr.parser_state != WSI_TOKEN_CHALLENGE &&
565 wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING_SAW_CR;
569 n = issue_char(wsi, c);
573 wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING;
576 /* per-protocol end of headers management */
578 if (wsi->u.hdr.parser_state == WSI_TOKEN_CHALLENGE)
579 goto set_parsing_complete;
582 /* collecting and checking a name part */
583 case WSI_TOKEN_NAME_PART:
584 lwsl_parser("WSI_TOKEN_NAME_PART '%c' (mode=%d)\n", c, wsi->mode);
586 wsi->u.hdr.lextable_pos =
587 lextable_decode(wsi->u.hdr.lextable_pos, c);
589 * Server needs to look out for unknown methods...
591 if (wsi->u.hdr.lextable_pos < 0 &&
592 wsi->mode == LWSCM_HTTP_SERVING) {
593 /* this is not a header we know about */
594 for (m = 0; m < ARRAY_SIZE(methods); m++)
595 if (ah->frag_index[methods[m]]) {
597 * already had the method, no idea what
598 * this crap from the client is, ignore
600 wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING;
604 * hm it's an unknown http method from a client in fact,
607 if (m == ARRAY_SIZE(methods)) {
608 lwsl_info("Unknown method - dropping\n");
614 * ...otherwise for a client, let him ignore unknown headers
615 * coming from the server
617 if (wsi->u.hdr.lextable_pos < 0) {
618 wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING;
622 if (lextable[wsi->u.hdr.lextable_pos] < FAIL_CHAR) {
625 n = ((unsigned int)lextable[wsi->u.hdr.lextable_pos] << 8) |
626 lextable[wsi->u.hdr.lextable_pos + 1];
628 lwsl_parser("known hdr %d\n", n);
629 for (m = 0; m < ARRAY_SIZE(methods); m++)
630 if (n == methods[m] &&
633 lwsl_warn("Duplicated method\n");
638 * WSORIGIN is protocol equiv to ORIGIN,
639 * JWebSocket likes to send it, map to ORIGIN
641 if (n == WSI_TOKEN_SWORIGIN)
642 n = WSI_TOKEN_ORIGIN;
644 wsi->u.hdr.parser_state = (enum lws_token_indexes)
645 (WSI_TOKEN_GET_URI + n);
647 if (context->token_limits)
648 wsi->u.hdr.current_token_limit =
649 context->token_limits->token_limit[
650 wsi->u.hdr.parser_state];
652 wsi->u.hdr.current_token_limit =
653 wsi->context->max_http_header_data;
655 if (wsi->u.hdr.parser_state == WSI_TOKEN_CHALLENGE)
656 goto set_parsing_complete;
665 if (ah->nfrag == ARRAY_SIZE(ah->frags)) {
666 lwsl_warn("More hdr frags than we can deal with\n");
670 ah->frags[ah->nfrag].offset = ah->pos;
671 ah->frags[ah->nfrag].len = 0;
672 ah->frags[ ah->nfrag].nfrag = 0;
674 n = ah->frag_index[wsi->u.hdr.parser_state];
675 if (!n) { /* first fragment */
676 ah->frag_index[wsi->u.hdr.parser_state] = ah->nfrag;
680 while (ah->frags[n].nfrag)
681 n = ah->frags[n].nfrag;
682 ah->frags[n].nfrag = ah->nfrag;
684 if (issue_char(wsi, ' ') < 0)
688 /* skipping arg part of a name we didn't recognize */
689 case WSI_TOKEN_SKIPPING:
690 lwsl_parser("WSI_TOKEN_SKIPPING '%c'\n", c);
693 wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING_SAW_CR;
696 case WSI_TOKEN_SKIPPING_SAW_CR:
697 lwsl_parser("WSI_TOKEN_SKIPPING_SAW_CR '%c'\n", c);
699 wsi->u.hdr.parser_state = WSI_TOKEN_NAME_PART;
700 wsi->u.hdr.lextable_pos = 0;
702 wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING;
704 /* we're done, ignore anything else */
706 case WSI_PARSING_COMPLETE:
707 lwsl_parser("WSI_PARSING_COMPLETE '%c'\n", c);
713 set_parsing_complete:
715 if (lws_hdr_total_length(wsi, WSI_TOKEN_UPGRADE)) {
716 if (lws_hdr_total_length(wsi, WSI_TOKEN_VERSION))
717 wsi->ietf_spec_revision =
718 atoi(lws_hdr_simple_ptr(wsi, WSI_TOKEN_VERSION));
720 lwsl_parser("v%02d hdrs completed\n", wsi->ietf_spec_revision);
722 wsi->u.hdr.parser_state = WSI_PARSING_COMPLETE;
723 wsi->hdr_parsing_completed = 1;
730 * lws_frame_is_binary: true if the current frame was sent in binary mode
732 * @wsi: the connection we are inquiring about
734 * This is intended to be called from the LWS_CALLBACK_RECEIVE callback if
735 * it's interested to see if the frame it's dealing with was sent in binary
739 LWS_VISIBLE int lws_frame_is_binary(struct lws *wsi)
741 return wsi->u.ws.frame_is_binary;
745 lws_rx_sm(struct lws *wsi, unsigned char c)
747 struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi];
748 struct lws_tokens eff_buf;
749 int ret = 0, n, rx_draining_ext = 0;
750 int callback_action = LWS_CALLBACK_RECEIVE;
751 if (wsi->socket_is_permanently_unusable)
754 switch (wsi->lws_rx_parse_state) {
756 if (wsi->u.ws.rx_draining_ext) {
757 struct lws **w = &pt->rx_draining_ext_list;
759 eff_buf.token = NULL;
760 eff_buf.token_len = 0;
761 wsi->u.ws.rx_draining_ext = 0;
762 /* remove us from context draining ext list */
765 *w = wsi->u.ws.rx_draining_ext_list;
768 w = &((*w)->u.ws.rx_draining_ext_list);
770 wsi->u.ws.rx_draining_ext_list = NULL;
772 lwsl_err("%s: doing draining flow\n", __func__);
774 goto drain_extension;
776 switch (wsi->ietf_spec_revision) {
779 * no prepended frame key any more
781 wsi->u.ws.all_zero_nonce = 1;
785 lwsl_warn("lws_rx_sm: unknown spec version %d\n",
786 wsi->ietf_spec_revision);
790 case LWS_RXPS_04_mask_1:
791 wsi->u.ws.mask[1] = c;
793 wsi->u.ws.all_zero_nonce = 0;
794 wsi->lws_rx_parse_state = LWS_RXPS_04_mask_2;
796 case LWS_RXPS_04_mask_2:
797 wsi->u.ws.mask[2] = c;
799 wsi->u.ws.all_zero_nonce = 0;
800 wsi->lws_rx_parse_state = LWS_RXPS_04_mask_3;
802 case LWS_RXPS_04_mask_3:
803 wsi->u.ws.mask[3] = c;
805 wsi->u.ws.all_zero_nonce = 0;
808 * start from the zero'th byte in the XOR key buffer since
809 * this is the start of a frame with a new key
812 wsi->u.ws.mask_idx = 0;
814 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_1;
818 * 04 logical framing from the spec (all this is masked when incoming
819 * and has to be unmasked)
821 * We ignore the possibility of extension data because we don't
822 * negotiate any extensions at the moment.
825 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
826 * +-+-+-+-+-------+-+-------------+-------------------------------+
827 * |F|R|R|R| opcode|R| Payload len | Extended payload length |
828 * |I|S|S|S| (4) |S| (7) | (16/63) |
829 * |N|V|V|V| |V| | (if payload len==126/127) |
831 * +-+-+-+-+-------+-+-------------+ - - - - - - - - - - - - - - - +
832 * | Extended payload length continued, if payload len == 127 |
833 * + - - - - - - - - - - - - - - - +-------------------------------+
834 * | | Extension data |
835 * +-------------------------------+ - - - - - - - - - - - - - - - +
837 * +---------------------------------------------------------------+
838 * : Application data :
839 * +---------------------------------------------------------------+
841 * We pass payload through to userland as soon as we get it, ignoring
842 * FIN. It's up to userland to buffer it up if it wants to see a
843 * whole unfragmented block of the original size (which may be up to
847 case LWS_RXPS_04_FRAME_HDR_1:
850 wsi->u.ws.opcode = c & 0xf;
851 wsi->u.ws.rsv = c & 0x70;
852 wsi->u.ws.final = !!((c >> 7) & 1);
854 switch (wsi->u.ws.opcode) {
855 case LWSWSOPC_TEXT_FRAME:
856 case LWSWSOPC_BINARY_FRAME:
857 wsi->u.ws.rsv_first_msg = (c & 0x70);
858 wsi->u.ws.frame_is_binary =
859 wsi->u.ws.opcode == LWSWSOPC_BINARY_FRAME;
871 lwsl_info("illegal opcode\n");
874 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN;
877 case LWS_RXPS_04_FRAME_HDR_LEN:
879 wsi->u.ws.this_frame_masked = !!(c & 0x80);
883 /* control frames are not allowed to have big lengths */
884 if (wsi->u.ws.opcode & 8)
885 goto illegal_ctl_length;
887 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN16_2;
890 /* control frames are not allowed to have big lengths */
891 if (wsi->u.ws.opcode & 8)
892 goto illegal_ctl_length;
894 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_8;
897 wsi->u.ws.rx_packet_length = c & 0x7f;
898 if (wsi->u.ws.this_frame_masked)
899 wsi->lws_rx_parse_state =
900 LWS_RXPS_07_COLLECT_FRAME_KEY_1;
902 if (wsi->u.ws.rx_packet_length)
903 wsi->lws_rx_parse_state =
904 LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED;
906 wsi->lws_rx_parse_state = LWS_RXPS_NEW;
913 case LWS_RXPS_04_FRAME_HDR_LEN16_2:
914 wsi->u.ws.rx_packet_length = c << 8;
915 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN16_1;
918 case LWS_RXPS_04_FRAME_HDR_LEN16_1:
919 wsi->u.ws.rx_packet_length |= c;
920 if (wsi->u.ws.this_frame_masked)
921 wsi->lws_rx_parse_state =
922 LWS_RXPS_07_COLLECT_FRAME_KEY_1;
924 wsi->lws_rx_parse_state =
925 LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED;
928 case LWS_RXPS_04_FRAME_HDR_LEN64_8:
930 lwsl_warn("b63 of length must be zero\n");
931 /* kill the connection */
935 wsi->u.ws.rx_packet_length = ((size_t)c) << 56;
937 wsi->u.ws.rx_packet_length = 0;
939 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_7;
942 case LWS_RXPS_04_FRAME_HDR_LEN64_7:
944 wsi->u.ws.rx_packet_length |= ((size_t)c) << 48;
946 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_6;
949 case LWS_RXPS_04_FRAME_HDR_LEN64_6:
951 wsi->u.ws.rx_packet_length |= ((size_t)c) << 40;
953 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_5;
956 case LWS_RXPS_04_FRAME_HDR_LEN64_5:
958 wsi->u.ws.rx_packet_length |= ((size_t)c) << 32;
960 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_4;
963 case LWS_RXPS_04_FRAME_HDR_LEN64_4:
964 wsi->u.ws.rx_packet_length |= ((size_t)c) << 24;
965 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_3;
968 case LWS_RXPS_04_FRAME_HDR_LEN64_3:
969 wsi->u.ws.rx_packet_length |= ((size_t)c) << 16;
970 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_2;
973 case LWS_RXPS_04_FRAME_HDR_LEN64_2:
974 wsi->u.ws.rx_packet_length |= ((size_t)c) << 8;
975 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_1;
978 case LWS_RXPS_04_FRAME_HDR_LEN64_1:
979 wsi->u.ws.rx_packet_length |= ((size_t)c);
980 if (wsi->u.ws.this_frame_masked)
981 wsi->lws_rx_parse_state =
982 LWS_RXPS_07_COLLECT_FRAME_KEY_1;
984 wsi->lws_rx_parse_state =
985 LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED;
988 case LWS_RXPS_07_COLLECT_FRAME_KEY_1:
989 wsi->u.ws.mask[0] = c;
991 wsi->u.ws.all_zero_nonce = 0;
992 wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_2;
995 case LWS_RXPS_07_COLLECT_FRAME_KEY_2:
996 wsi->u.ws.mask[1] = c;
998 wsi->u.ws.all_zero_nonce = 0;
999 wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_3;
1002 case LWS_RXPS_07_COLLECT_FRAME_KEY_3:
1003 wsi->u.ws.mask[2] = c;
1005 wsi->u.ws.all_zero_nonce = 0;
1006 wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_4;
1009 case LWS_RXPS_07_COLLECT_FRAME_KEY_4:
1010 wsi->u.ws.mask[3] = c;
1012 wsi->u.ws.all_zero_nonce = 0;
1013 wsi->lws_rx_parse_state =
1014 LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED;
1015 wsi->u.ws.mask_idx = 0;
1016 if (wsi->u.ws.rx_packet_length == 0) {
1017 wsi->lws_rx_parse_state = LWS_RXPS_NEW;
1023 case LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED:
1025 assert(wsi->u.ws.rx_ubuf);
1027 if (wsi->u.ws.rx_ubuf_head + LWS_PRE >=
1028 wsi->u.ws.rx_ubuf_alloc) {
1029 lwsl_err("Attempted overflow \n");
1032 if (wsi->u.ws.all_zero_nonce)
1033 wsi->u.ws.rx_ubuf[LWS_PRE +
1034 (wsi->u.ws.rx_ubuf_head++)] = c;
1036 wsi->u.ws.rx_ubuf[LWS_PRE +
1037 (wsi->u.ws.rx_ubuf_head++)] =
1039 (wsi->u.ws.mask_idx++) & 3];
1041 if (--wsi->u.ws.rx_packet_length == 0) {
1042 /* spill because we have the whole frame */
1043 wsi->lws_rx_parse_state = LWS_RXPS_NEW;
1048 * if there's no protocol max frame size given, we are
1049 * supposed to default to LWS_MAX_SOCKET_IO_BUF
1052 if (!wsi->protocol->rx_buffer_size &&
1053 wsi->u.ws.rx_ubuf_head !=
1054 LWS_MAX_SOCKET_IO_BUF)
1057 if (wsi->protocol->rx_buffer_size &&
1058 wsi->u.ws.rx_ubuf_head !=
1059 wsi->protocol->rx_buffer_size)
1062 /* spill because we filled our rx buffer */
1065 * is this frame a control packet we should take care of at this
1066 * layer? If so service it and hide it from the user callback
1069 lwsl_parser("spill on %s\n", wsi->protocol->name);
1071 switch (wsi->u.ws.opcode) {
1072 case LWSWSOPC_CLOSE:
1074 /* is this an acknowledgement of our close? */
1075 if (wsi->state == LWSS_AWAITING_CLOSE_ACK) {
1077 * fine he has told us he is closing too, let's
1080 lwsl_parser("seen client close ack\n");
1083 if (wsi->state == LWSS_RETURNED_CLOSE_ALREADY)
1084 /* if he sends us 2 CLOSE, kill him */
1087 if (user_callback_handle_rxflow(
1088 wsi->protocol->callback, wsi,
1089 LWS_CALLBACK_WS_PEER_INITIATED_CLOSE,
1091 &wsi->u.ws.rx_ubuf[LWS_PRE],
1092 wsi->u.ws.rx_ubuf_head))
1095 lwsl_parser("server sees client close packet\n");
1096 wsi->state = LWSS_RETURNED_CLOSE_ALREADY;
1097 /* deal with the close packet contents as a PONG */
1098 wsi->u.ws.payload_is_close = 1;
1099 goto process_as_ping;
1102 lwsl_info("received %d byte ping, sending pong\n",
1103 wsi->u.ws.rx_ubuf_head);
1105 if (wsi->u.ws.ping_pending_flag) {
1107 * there is already a pending ping payload
1108 * we should just log and drop
1110 lwsl_parser("DROP PING since one pending\n");
1114 /* control packets can only be < 128 bytes long */
1115 if (wsi->u.ws.rx_ubuf_head > 128 - 3) {
1116 lwsl_parser("DROP PING payload too large\n");
1120 /* stash the pong payload */
1121 memcpy(wsi->u.ws.ping_payload_buf + LWS_PRE,
1122 &wsi->u.ws.rx_ubuf[LWS_PRE],
1123 wsi->u.ws.rx_ubuf_head);
1125 wsi->u.ws.ping_payload_len = wsi->u.ws.rx_ubuf_head;
1126 wsi->u.ws.ping_pending_flag = 1;
1128 /* get it sent as soon as possible */
1129 lws_callback_on_writable(wsi);
1131 wsi->u.ws.rx_ubuf_head = 0;
1135 lwsl_info("received pong\n");
1136 lwsl_hexdump(&wsi->u.ws.rx_ubuf[LWS_PRE],
1137 wsi->u.ws.rx_ubuf_head);
1140 callback_action = LWS_CALLBACK_RECEIVE_PONG;
1143 case LWSWSOPC_TEXT_FRAME:
1144 case LWSWSOPC_BINARY_FRAME:
1145 case LWSWSOPC_CONTINUATION:
1149 lwsl_parser("passing opc %x up to exts\n",
1152 * It's something special we can't understand here.
1153 * Pass the payload up to the extension's parsing
1157 eff_buf.token = &wsi->u.ws.rx_ubuf[LWS_PRE];
1158 eff_buf.token_len = wsi->u.ws.rx_ubuf_head;
1160 if (lws_ext_cb_active(wsi, LWS_EXT_CB_EXTENDED_PAYLOAD_RX,
1161 &eff_buf, 0) <= 0) /* not handle or fail */
1162 lwsl_ext("ext opc opcode 0x%x unknown\n",
1165 wsi->u.ws.rx_ubuf_head = 0;
1170 * No it's real payload, pass it up to the user callback.
1171 * It's nicely buffered with the pre-padding taken care of
1172 * so it can be sent straight out again using lws_write
1175 eff_buf.token = &wsi->u.ws.rx_ubuf[LWS_PRE];
1176 eff_buf.token_len = wsi->u.ws.rx_ubuf_head;
1179 lwsl_ext("%s: passing %d to ext\n", __func__, eff_buf.token_len);
1181 if (wsi->state == LWSS_RETURNED_CLOSE_ALREADY ||
1182 wsi->state == LWSS_AWAITING_CLOSE_ACK)
1185 n = lws_ext_cb_active(wsi, LWS_EXT_CB_PAYLOAD_RX, &eff_buf, 0);
1188 * we may rely on this to get RX, just drop connection
1190 wsi->socket_is_permanently_unusable = 1;
1194 if (rx_draining_ext && eff_buf.token_len == 0)
1197 if (n && eff_buf.token_len) {
1198 /* extension had more... main loop will come back */
1199 wsi->u.ws.rx_draining_ext = 1;
1200 wsi->u.ws.rx_draining_ext_list = pt->rx_draining_ext_list;
1201 pt->rx_draining_ext_list = wsi;
1204 if (eff_buf.token_len > 0 ||
1205 callback_action == LWS_CALLBACK_RECEIVE_PONG) {
1206 eff_buf.token[eff_buf.token_len] = '\0';
1208 if (wsi->protocol->callback) {
1210 if (callback_action == LWS_CALLBACK_RECEIVE_PONG)
1211 lwsl_info("Doing pong callback\n");
1213 ret = user_callback_handle_rxflow(
1214 wsi->protocol->callback,
1216 (enum lws_callback_reasons)callback_action,
1222 lwsl_err("No callback on payload spill!\n");
1226 wsi->u.ws.rx_ubuf_head = 0;
1234 lwsl_warn("Control frame with xtended length is illegal\n");
1235 /* kill the connection */
1241 * lws_remaining_packet_payload() - Bytes to come before "overall"
1242 * rx packet is complete
1243 * @wsi: Websocket instance (available from user callback)
1245 * This function is intended to be called from the callback if the
1246 * user code is interested in "complete packets" from the client.
1247 * libwebsockets just passes through payload as it comes and issues a buffer
1248 * additionally when it hits a built-in limit. The LWS_CALLBACK_RECEIVE
1249 * callback handler can use this API to find out if the buffer it has just
1250 * been given is the last piece of a "complete packet" from the client --
1251 * when that is the case lws_remaining_packet_payload() will return
1254 * Many protocols won't care becuse their packets are always small.
1258 lws_remaining_packet_payload(struct lws *wsi)
1260 return wsi->u.ws.rx_packet_length;