From 8014b29d204a57a32bf4006b84af63d436227916 Mon Sep 17 00:00:00 2001 From: Andy Green Date: Sun, 30 Jan 2011 20:57:25 +0000 Subject: [PATCH] introduce-k-switch-defeat-masking.patch Signed-off-by: Andy Green --- lib/libwebsockets.c | 3 ++- lib/libwebsockets.h | 5 ++++- lib/parsers.c | 9 +++++++++ lib/private-libwebsockets.h | 1 + libwebsockets-api-doc.html | 3 ++- test-server/test-client.c | 2 +- test-server/test-ping.c | 17 ++++++++++++----- test-server/test-server.c | 9 +++++++-- 8 files changed, 38 insertions(+), 11 deletions(-) diff --git a/lib/libwebsockets.c b/lib/libwebsockets.c index 403a7f6..c88715e 100644 --- a/lib/libwebsockets.c +++ b/lib/libwebsockets.c @@ -635,7 +635,7 @@ libwebsocket_create_context(int port, struct libwebsocket_protocols *protocols, const char *ssl_cert_filepath, const char *ssl_private_key_filepath, - int gid, int uid) + int gid, int uid, unsigned int options) { int n; int sockfd = 0; @@ -662,6 +662,7 @@ libwebsocket_create_context(int port, this->listen_port = port; this->http_proxy_port = 0; this->http_proxy_address[0] = '\0'; + this->options = options; /* find canonical hostname */ diff --git a/lib/libwebsockets.h b/lib/libwebsockets.h index 5700a04..e579303 100644 --- a/lib/libwebsockets.h +++ b/lib/libwebsockets.h @@ -24,6 +24,8 @@ #define CONTEXT_PORT_NO_LISTEN 0 +#define LWS_SERVER_OPTION_DEFEAT_CLIENT_MASK 1 + enum libwebsocket_callback_reasons { LWS_CALLBACK_ESTABLISHED, LWS_CALLBACK_CLIENT_ESTABLISHED, @@ -174,7 +176,8 @@ extern struct libwebsocket_context * libwebsocket_create_context(int port, struct libwebsocket_protocols *protocols, const char *ssl_cert_filepath, - const char *ssl_private_key_filepath, int gid, int uid); + const char *ssl_private_key_filepath, int gid, int uid, + unsigned int options); extern void libwebsocket_context_destroy(struct libwebsocket_context *this); diff --git a/lib/parsers.c b/lib/parsers.c index a97e75a..b1c45a0 100644 --- a/lib/parsers.c +++ b/lib/parsers.c @@ -223,6 +223,10 @@ int libwebsocket_parse(struct libwebsocket *wsi, unsigned char c) static inline unsigned char xor_mask(struct libwebsocket *wsi, unsigned char c) { + if (wsi->protocol->owning_server->options & + LWS_SERVER_OPTION_DEFEAT_CLIENT_MASK) + return c; + c ^= wsi->masking_key_04[wsi->frame_mask_index++]; if (wsi->frame_mask_index == 20) wsi->frame_mask_index = 0; @@ -267,6 +271,10 @@ static int libwebsocket_rx_sm(struct libwebsocket *wsi, unsigned char c) case LWS_RXPS_04_MASK_NONCE_3: wsi->frame_masking_nonce_04[3] = c; + if (wsi->protocol->owning_server->options & + LWS_SERVER_OPTION_DEFEAT_CLIENT_MASK) + goto post_mask; + /* * we are able to compute the frame key now * it's a SHA1 of ( frame nonce we were just sent, concatenated @@ -296,6 +304,7 @@ static int libwebsocket_rx_sm(struct libwebsocket *wsi, unsigned char c) wsi->frame_mask_index = 0; +post_mask: wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_1; break; diff --git a/lib/private-libwebsockets.h b/lib/private-libwebsockets.h index 6a5df59..c2010f9 100644 --- a/lib/private-libwebsockets.h +++ b/lib/private-libwebsockets.h @@ -172,6 +172,7 @@ struct libwebsocket_context { char http_proxy_address[256]; char canonical_hostname[1024]; unsigned int http_proxy_port; + unsigned int options; #ifdef LWS_OPENSSL_SUPPORT int use_ssl; SSL_CTX *ssl_ctx; diff --git a/libwebsockets-api-doc.html b/libwebsockets-api-doc.html index f3ee10e..b98904f 100644 --- a/libwebsockets-api-doc.html +++ b/libwebsockets-api-doc.html @@ -137,7 +137,8 @@ has been created. const char * ssl_cert_filepath, const char * ssl_private_key_filepath, int gid, -int uid) +int uid, +unsigned int options)

Arguments

port diff --git a/test-server/test-client.c b/test-server/test-client.c index b503343..ada5a0e 100644 --- a/test-server/test-client.c +++ b/test-server/test-client.c @@ -203,7 +203,7 @@ int main(int argc, char **argv) */ context = libwebsocket_create_context(CONTEXT_PORT_NO_LISTEN, - protocols, NULL, NULL, -1, -1); + protocols, NULL, NULL, -1, -1, 0); if (context == NULL) { fprintf(stderr, "Creating libwebsocket context failed\n"); return 1; diff --git a/test-server/test-ping.c b/test-server/test-ping.c index b2a8684..e1cb0ad 100644 --- a/test-server/test-ping.c +++ b/test-server/test-ping.c @@ -56,6 +56,7 @@ static char *hname = "(unknown)"; static unsigned long started; static int screen_width = 80; static int use_mirror; +static unsigned int write_options; static unsigned long rtt_min = 100000000; static unsigned long rtt_max; @@ -232,11 +233,11 @@ callback_lws_mirror(struct libwebsocket *wsi, if (use_mirror) libwebsocket_write(wsi, &pingbuf[LWS_SEND_BUFFER_PRE_PADDING], - size, LWS_WRITE_BINARY); + size, write_options | LWS_WRITE_BINARY); else libwebsocket_write(wsi, &pingbuf[LWS_SEND_BUFFER_PRE_PADDING], - size, LWS_WRITE_PING); + size, write_options | LWS_WRITE_PING); if (flood && (psd->ping_index - psd->rx_count) < (screen_width - 1)) @@ -275,6 +276,7 @@ static struct option options[] = { { "flood", no_argument, NULL, 'f' }, { "mirror", no_argument, NULL, 'm' }, { "replicate", required_argument, NULL, 'r' }, + { "killmask", no_argument, NULL, 'k' }, { NULL, 0, 0, 0 } }; @@ -316,7 +318,7 @@ int main(int argc, char **argv) optind++; while (n >= 0) { - n = getopt_long(argc, argv, "r:hmfts:n:i:p:", options, NULL); + n = getopt_long(argc, argv, "kr:hmfts:n:i:p:", options, NULL); if (n < 0) continue; switch (n) { @@ -351,6 +353,10 @@ int main(int argc, char **argv) return 1; } break; + case 'k': + write_options = LWS_WRITE_CLIENT_IGNORE_XOR_MASK; + break; + case 'h': goto usage; } @@ -377,7 +383,7 @@ int main(int argc, char **argv) screen_width = w.ws_col; context = libwebsocket_create_context(CONTEXT_PORT_NO_LISTEN, - protocols, NULL, NULL, -1, -1); + protocols, NULL, NULL, -1, -1, 0); if (context == NULL) { fprintf(stderr, "Creating libwebsocket context failed\n"); return 1; @@ -454,7 +460,8 @@ int main(int argc, char **argv) if (!interrupted_time) { if ((l - oldus) > interval_us) { for (n = 0; n < clients; n++) - libwebsocket_callback_on_writable(wsi[n]); + libwebsocket_callback_on_writable( + wsi[n]); oldus = l; } } else diff --git a/test-server/test-server.c b/test-server/test-server.c index 4f4512f..4422d82 100644 --- a/test-server/test-server.c +++ b/test-server/test-server.c @@ -278,6 +278,7 @@ static struct option options[] = { { "help", no_argument, NULL, 'h' }, { "port", required_argument, NULL, 'p' }, { "ssl", no_argument, NULL, 's' }, + { "killmask", no_argument, NULL, 'k' }, { NULL, 0, 0, 0 } }; @@ -293,6 +294,7 @@ int main(int argc, char **argv) int port = 7681; int use_ssl = 0; struct libwebsocket_context *context; + int opts = 0; #ifdef LWS_NO_FORK unsigned int oldus = 0; #endif @@ -302,13 +304,16 @@ int main(int argc, char **argv) "licensed under LGPL2.1\n"); while (n >= 0) { - n = getopt_long(argc, argv, "hsp:", options, NULL); + n = getopt_long(argc, argv, "khsp:", options, NULL); if (n < 0) continue; switch (n) { case 's': use_ssl = 1; break; + case 'k': + opts = LWS_SERVER_OPTION_DEFEAT_CLIENT_MASK; + break; case 'p': port = atoi(optarg); break; @@ -323,7 +328,7 @@ int main(int argc, char **argv) cert_path = key_path = NULL; context = libwebsocket_create_context(port, protocols, cert_path, - key_path, -1, -1); + key_path, -1, -1, opts); if (context == NULL) { fprintf(stderr, "libwebsocket init failed\n"); return -1; -- 2.7.4