7 1) MINOR: d9n't send ext hdr if no exts to discuss
12 NB: No API change since v1.7.0
17 1) MAJOR connections on ah waiting list that closed did not get removed from
20 2) MAJOR since we added the ability to hold an ah across http keepalive
21 transactions where more headers had already arrived, we broke the ability
22 to tell if more headers had arrived. Result was if the browser didn't
23 close the keepalive, we retained ah for the lifetime of the keepalive,
26 3) MAJOR windows-only-POLLHUP was not coming
28 4) Fix build on NetBSD
34 NB: No API change since v1.7.0
39 1) libuv one-per-session valgrind leak fixed
41 2) MINOR An error about hdr struct in _lws_ws_related is corrected, it's not
42 known to affect anything added until after it was fixed
44 3) MINOR During the close shutdown wait state introduced at v1.7, if something
45 requests callback on writeable for the socket it will busywait until the
48 4) MINOR update URLs in test html for libwebsockets.org https STS changes
53 1) test server html is updated with tabs and a new live server monitoring
54 feature. Input sanitization added to the js.
60 NB: No API change since v1.7.0
65 1) MAJOR (Windows-only) fix assert firing
67 2) MAJOR http:/1.1 connections handled by lws_return_http_status() did not
68 get sent a content-length resulting in the link hanging until the peer closed
69 it. attack.sh updated to add a test for this.
75 1) MINOR test-server gained some new switches
77 -C <file> use external SSL cert file
78 -K <file> use external SSL key file
79 -A <file> use external SSL CA cert file
81 -u <uid> set effective uid
82 -g <gid> set effective gid
84 together you can use them like this to have the test-server work with the
85 usual purchased SSL certs from an official CA.
87 --ssl -C your.crt -K your.key -A your.cer -u 99 -g 99
89 2) MINOR the OpenSSL magic to setup ECDH cipher usage is implemented in the
90 library, and the ciphers restricted to use ECDH only.
91 Using this, the lws test server can score an A at SSLLABS test
93 3) MINOR STS (SSL always) header is added to the test server if you use --ssl. With
94 that, we score A+ at SSLLABS test
96 4) MINOR daemonize function (disabled at cmake by default) is updated to work
99 5) MINOR example systemd .service file now provided for test server
100 (not installed by default)
109 1) There is now a "permessage-deflate" / RFC7692 implementation. It's very
110 similar to "deflate-frame" we have offered for a long while; deflate-frame is
111 now provided as an alias of permessage-deflate.
113 The main differences are that the new permessage-deflate implementation:
115 - properly performs streaming respecting input and output buffer limits. The
116 old deflate-frame implementation could only work on complete deflate input
117 and produce complete inflate output for each frame. The new implementation
118 only mallocs buffers at initialization.
120 - goes around the event loop after each input package is processed allowing
121 interleaved output processing. The RX flow control api can be used to
122 force compressed input processing to match the rate of compressed output
123 processing (test--echo shows an example of how to do this).
125 - when being "deflate-frame" for compatibility he uses the same default zlib
126 settings as the old "deflate-frame", but instead of exponentially increasing
127 malloc allocations until the whole output will fit, he observes the default
128 input and output chunking buffer sizes of "permessage-deflate", that's
129 1024 in and 1024 out at a time.
131 2) deflate-stream has been disabled for many versions (for over a year) and is
132 now removed. Browsers are now standardizing on "permessage-deflate" / RFC7692
134 3) struct lws_extension is simplified, and lws extensions now have a public
135 api (their callback) for use in user code to compose extensions and options
136 the user code wants. lws_get_internal_exts() is deprecated but kept around
137 as a NOP. The changes allow one extension implementation to go by different
138 names and allows the user client code to control option offers per-ext.
140 The test client and server are updated to use the new way. If you use
141 the old way it should still work, but extensions will be disabled until you
144 Extensions are now responsible for allocating and per-instance private struct
145 at instance construction time and freeing it when the instance is destroyed.
146 Not needing to know the size means the extension's struct can be opaque
153 1) The info struct gained three new members
155 - max_http_header_data: 0 for default (1024) or set the maximum amount of known
156 http header payload that lws can deal with. Payload in unknown http
157 headers is dropped silently. If for some reason you need to send huge
158 cookies or other HTTP-level headers, you can now increase this at context-
161 - max_http_header_pool: 0 for default (16) or set the maximum amount of http
162 headers that can be tracked by lws in this context. For the server, if
163 the header pool is completely in use then accepts on the listen socket
164 are disabled until one becomes free. For the client, if you simultaneously
165 have pending connects for more than this number of client connections,
166 additional connects will fail until some of the pending connections timeout
169 - timeout_secs: 0 for default (currently 20s), or set the library's
170 network activity timeout to the given number of seconds
172 HTTP header processing in lws only exists until just after the first main
173 callback after the HTTP handshake... for ws connections that is ESTABLISHED and
174 for HTTP connections the HTTP callback.
176 So these settings are not related to the maximum number of simultaneous
177 connections, but the number of HTTP handshakes that may be expected or ongoing,
178 or have just completed, at one time. The reason it's useful is it changes the
179 memory allocation for header processing to be one-time at context creation
180 instead of every time there is a new connection, and gives you control over
183 Setting max_http_header_pool to 1 is fine it will just queue incoming
184 connections before the accept as necessary, you can still have as many
185 simultaneous post-header connections as you like. Since the http header
186 processing is completed and the allocation released after ESTABLISHED or the
187 HTTP callback, even with a pool of 1 many connections can be handled rapidly.
189 2) There is a new callback that allows the user code to get acccess to the
190 optional close code + aux data that may have been sent by the peer.
192 LWS_CALLBACK_WS_PEER_INITIATED_CLOSE:
193 The peer has sent an unsolicited Close WS packet. @in and
194 @len are the optional close code (first 2 bytes, network
195 order) and the optional additional information which is not
196 defined in the standard, and may be a string or non-human-
198 If you return 0 lws will echo the close and then close the
199 connection. If you return nonzero lws will just close the
202 As usual not handling it does the right thing, if you're not interested in it
205 The test server has "open and close" testing buttons at the bottom, if you
206 open and close that connection, on close it will send a close code 3000 decimal
207 and the string "Bye!" as the aux data.
209 The test server dumb-increment callback handles this callback reason and prints
211 lwsts[15714]: LWS_CALLBACK_WS_PEER_INITIATED_CLOSE: len 6
212 lwsts[15714]: 0: 0x0B
213 lwsts[15714]: 1: 0xB8
214 lwsts[15714]: 2: 0x42
215 lwsts[15714]: 3: 0x79
216 lwsts[15714]: 4: 0x65
217 lwsts[15714]: 5: 0x21
219 3) There is a new API to allow the user code to control the content of the
220 close frame sent when about to return nonzero from the user callback to
221 indicate the connection should close.
224 * lws_close_reason - Set reason and aux data to send with Close packet
225 * If you are going to return nonzero from the callback
226 * requesting the connection to close, you can optionally
227 * call this to set the reason the peer will be told if
230 * @wsi: The websocket connection to set the close reason on
231 * @status: A valid close status from websocket standard
232 * @buf: NULL or buffer containing up to 124 bytes of auxiliary data
233 * @len: Length of data in @buf to send
235 LWS_VISIBLE LWS_EXTERN void
236 lws_close_reason(struct lws *wsi, enum lws_close_status status,
237 unsigned char *buf, size_t len);
239 An extra button is added to the "open and close" test server page that requests
240 that the test server close the connection from his end.
242 The test server code will do so by
244 lws_close_reason(wsi, LWS_CLOSE_STATUS_GOINGAWAY,
245 (unsigned char *)"seeya", 5);
248 The browser shows the close code and reason he received
250 websocket connection CLOSED, code: 1001, reason: seeya
252 4) There's a new context creation time option flag
254 LWS_SERVER_OPTION_VALIDATE_UTF8
256 if you set it in info->options, then TEXT and CLOSE frames will get checked to
257 confirm that they contain valid UTF-8. If they don't, the connection will get
260 5) ECDH Certs are now supported. Enable the CMake option
262 cmake .. -DLWS_SSL_SERVER_WITH_ECDH_CERT=1
264 **and** the info->options flag
266 LWS_SERVER_OPTION_SSL_ECDH
268 to build in support and select it at runtime.
270 6) There's a new api lws_parse_uri() that simplifies chopping up
271 https://xxx:yyy/zzz uris into parts nicely. The test client now uses this
272 to allow proper uris as well as the old address style.
274 7) SMP support is integrated into LWS without any internal threading. It's
275 very simple to use, libwebsockets-test-server-pthread shows how to do it,
276 use -j <n> argument there to control the number of service threads up to 32.
278 Two new members are added to the info struct
280 unsigned int count_threads;
281 unsigned int fd_limit_per_thread;
283 leave them at the default 0 to get the normal singlethreaded service loop.
285 Set count_threads to n to tell lws you will have n simultaneous service threads
286 operating on the context.
288 There is still a single listen socket on one port, no matter how many
291 When a connection is made, it is accepted by the service thread with the least
292 connections active to perform load balancing.
294 The user code is responsible for spawning n threads running the service loop
295 associated to a specific tsi (Thread Service Index, 0 .. n - 1). See
296 the libwebsockets-test-server-pthread for how to do.
298 If you leave fd_limit_per_thread at 0, then the process limit of fds is shared
299 between the service threads; if you process was allowed 1024 fds overall then
300 each thread is limited to 1024 / n.
302 You can set fd_limit_per_thread to a nonzero number to control this manually, eg
303 the overall supported fd limit is less than the process allowance.
305 You can control the context basic data allocation for multithreading from Cmake
306 using -DLWS_MAX_SMP=, if not given it's set to 32. The serv_buf allocation
307 for the threads (currently 4096) is made at runtime only for active threads.
309 Because lws will limit the requested number of actual threads supported
310 according to LWS_MAX_SMP, there is an api lws_get_count_threads(context) to
311 discover how many threads were actually allowed when the context was created.
313 It's required to implement locking in the user code in the same way that
314 libwebsockets-test-server-pthread does it, for the FD locking callbacks.
316 If LWS_MAX_SMP=1, then there is no code related to pthreads compiled in the
317 library. If more than 1, a small amount of pthread mutex code is built into
322 LWS_VISIBLE struct lws *
323 lws_adopt_socket(struct lws_context *context, lws_sockfd_type accept_fd)
325 allows foreign sockets accepted by non-lws code to be adopted by lws as if they
326 had just been accepted by lws' own listen socket.
328 9) X-Real-IP: header has been added as WSI_TOKEN_HTTP_X_REAL_IP
330 10) Libuv support is added, there are new related user apis
332 typedef void (lws_uv_signal_cb_t)(uv_loop_t *l, uv_signal_t *w, int revents);
334 LWS_VISIBLE LWS_EXTERN int
335 lws_uv_sigint_cfg(struct lws_context *context, int use_uv_sigint,
336 lws_uv_signal_cb_t *cb);
338 LWS_VISIBLE LWS_EXTERN int
339 lws_uv_initloop(struct lws_context *context, uv_loop_t *loop, int tsi);
342 lws_uv_sigint_cb(uv_loop_t *loop, uv_signal_t *watcher, int revents);
352 1) LWS_SEND_BUFFER_POST_PADDING is now 0 and deprecated. You can remove it; if
353 you still use it, obviously it does nothing. Old binary code with nonzero
354 LWS_SEND_BUFFER_POST_PADDING is perfectly compatible, the old code just
355 allocated a buffer bigger than the library is going to use.
357 The example apps no longer use LWS_SEND_BUFFER_POST_PADDING.
359 The only path who made use of it was sending with LWS_WRITE_CLOSE --->
361 2) Because of lws_close_reason() formalizing handling close frames,
362 LWS_WRITE_CLOSE is removed from libwebsockets.h. It was only of use to send
363 close frames...close frame content should be managed using lws_close_reason()
366 3) We check for invalid CLOSE codes and complain about protocol violation in
367 our close code. But it changes little since we were in the middle of closing
370 4) zero-length RX frames and zero length TX frames are now allowed.
372 5) Pings and close used to be limited to 124 bytes, the correct limit is 125
373 so that is now also allowed.
375 6) LWS_PRE is provided as a synonym for LWS_SEND_BUFFER_PRE_PADDING, either is
378 7) There's generic support for RFC7462 style extension options built into the
379 library now. As a consequence, a field "options" is added to lws_extension.
380 It can be NULL if there are no options on the extension. Extension internal
381 info is part of the public abi because extensions may be implemented outside
384 8) WSI_TOKEN_PROXY enum was accidentally defined to collide with another token
385 of value 73. That's now corrected and WSI_TOKEN_PROXY moved to his own place at
388 9) With the addition of libuv support, libev is not the only event loop
389 library in town and his api names must be elaborated with _ev_
391 Callback typedef: lws_signal_cb ---> lws_ev_signal_cb_t
392 lws_sigint_cfg --> lws_ev_sigint_cfg
393 lws_initloop --> lws_ev_initloop
394 lws_sigint_cb --> lws_ev_sigint_cb
396 10) Libev support is made compatible with multithreaded service,
397 lws_ev_initloop (was lws_initloop) gets an extra argument for the
398 thread service index (use 0 if you will just have 1 service thread).
400 LWS_VISIBLE LWS_EXTERN int
401 lws_ev_initloop(struct lws_context *context, ev_loop_t *loop, int tsi);
404 v1.6.0-chrome48-firefox42
405 =======================
407 Major API improvements
408 ----------------------
410 v1.6.0 has many cleanups and improvements in the API. Although at first it
411 looks pretty drastic, user code will only need four actions to update it.
413 - Do the three search/replaces in your user code, /libwebsocket_/lws_/,
414 /libwebsockets_/lws_/, and /struct\ libwebsocket/struct\ lws/
416 - Remove the context parameter from your user callbacks
418 - Remove context as the first parameter from the "Eleven APIS" listed in the
419 User Api Changes section
421 - Add lws_get_context(wsi) as the first parameter on the "Three APIS" listed
422 in the User Api Changes section, and anywhere else you still need context
424 That's it... generally only a handful of the 14 affected APIs are actually in
425 use in your user code and you can find them quickest by compiling and visiting
426 the errors each in turn. And the end results are much cleaner, more
427 predictable and maintainable.
433 1) lws now exposes his internal platform file abstraction in a way that can be
434 both used by user code to make it platform-agnostic, and be overridden or
435 subclassed by user code. This allows things like handling the URI "directory
436 space" as a virtual filesystem that may or may not be backed by a regular
437 filesystem. One example use is serving files from inside large compressed
438 archive storage without having to unpack anything except the file being
441 The test server shows how to use it, basically the platform-specific part of
442 lws prepares a file operations structure that lives in the lws context.
444 Helpers are provided to also leverage these platform-independent file handling
447 static inline lws_filefd_type
448 lws_plat_file_open(struct lws *wsi, const char *filename,
449 unsigned long *filelen, int flags)
451 lws_plat_file_close(struct lws *wsi, lws_filefd_type fd)
453 static inline unsigned long
454 lws_plat_file_seek_cur(struct lws *wsi, lws_filefd_type fd, long offset)
457 lws_plat_file_read(struct lws *wsi, lws_filefd_type fd, unsigned long *amount,
458 unsigned char *buf, unsigned long len)
461 lws_plat_file_write(struct lws *wsi, lws_filefd_type fd, unsigned long *amount,
462 unsigned char *buf, unsigned long len)
464 The user code can also override or subclass the file operations, to either
465 wrap or replace them. An example is shown in test server.
467 A wsi can be associated with the file activity, allowing per-connection
468 authentication and state to be used when interpreting the file request.
470 2) A new API void * lws_wsi_user(struct lws *wsi) lets you get the pointer to
471 the user data associated with the wsi, just from the wsi.
473 3) URI argument handling. Libwebsockets parses and protects URI arguments
474 like test.html?arg1=1&arg2=2, it decodes %xx uriencoding format and reduces
475 path attacks like ../.../../etc/passwd so they cannot go behind the web
476 server's /. There is a list of confirmed attacks we're proof against in
477 ./test-server/attack.sh.
479 There is a new API lws_hdr_copy_fragment that should be used now to access
480 the URI arguments (it returns the fragments length)
482 while (lws_hdr_copy_fragment(wsi, buf, sizeof(buf),
483 WSI_TOKEN_HTTP_URI_ARGS, n) > 0) {
484 lwsl_info("URI Arg %d: %s\n", ++n, buf);
487 For the example above, calling with n=0 will return "arg1=1" and n=1 "arg2=2".
488 All legal uriencodings will have been reduced in those strings.
490 lws_hdr_copy_fragment() returns the length of the x=y fragment, so it's also
491 possible to deal with arguments containing %00. If you don't care about that,
492 the returned string has '\0' appended to simplify processing.
500 - lws_callback_on_writable_all_protocol(const struct lws_protocols *protocol)
501 - lws_callback_all_protocol(const struct lws_protocols *protocol)
502 - lws_rx_flow_allow_all_protocol(lws_rx_flow_allow_all_protocol)
504 Now take an additional pointer to the lws_context in their first argument.
506 The reason for this change is struct lws_protocols has been changed to remove
507 members that lws used for private storage: so the protocols struct in now
508 truly const and may be reused serially or simultaneously by different contexts.
512 LWS_VISIBLE LWS_EXTERN int
513 lws_add_http_header_by_name(struct lws_context *context,
515 const unsigned char *name,
516 const unsigned char *value,
520 LWS_VISIBLE LWS_EXTERN int
521 lws_finalize_http_header(struct lws_context *context,
525 LWS_VISIBLE LWS_EXTERN int
526 lws_add_http_header_by_token(struct lws_context *context,
528 enum lws_token_indexes token,
529 const unsigned char *value,
533 LWS_VISIBLE LWS_EXTERN int
534 lws_add_http_header_content_length(struct lws_context *context,
536 unsigned long content_length,
539 LWS_VISIBLE LWS_EXTERN int
540 lws_add_http_header_status(struct lws_context *context, struct lws *wsi,
541 unsigned int code, unsigned char **p,
544 LWS_VISIBLE LWS_EXTERN int
545 lws_serve_http_file(struct lws_context *context, struct lws *wsi,
546 const char *file, const char *content_type,
547 const char *other_headers, int other_headers_len);
548 LWS_VISIBLE LWS_EXTERN int
549 lws_serve_http_file_fragment(struct lws_context *context, struct lws *wsi);
551 LWS_VISIBLE LWS_EXTERN int
552 lws_return_http_status(struct lws_context *context, struct lws *wsi,
553 unsigned int code, const char *html_body);
555 LWS_VISIBLE LWS_EXTERN int
556 lws_callback_on_writable(const struct lws_context *context, struct lws *wsi);
558 LWS_VISIBLE LWS_EXTERN void
559 lws_get_peer_addresses(struct lws_context *context, struct lws *wsi,
560 lws_sockfd_type fd, char *name, int name_len,
561 char *rip, int rip_len);
563 LWS_VISIBLE LWS_EXTERN int
564 lws_read(struct lws_context *context, struct lws *wsi,
565 unsigned char *buf, size_t len);
567 no longer require their initial struct lws_context * parameter.
569 3) Several older apis start with libwebsocket_ or libwebsockets_ while newer ones
570 all begin lws_. These apis have been changed to all begin with lws_.
572 To convert, search-replace
574 - libwebsockets_/lws_
576 - struct\ libwebsocket/struct\ lws
578 4) context parameter removed from user callback.
580 Since almost all apis no longer need the context as a parameter, it's no longer
581 provided at the user callback directly.
583 However if you need it, for ALL callbacks wsi is valid and has a valid context
584 pointer you can recover using lws_get_context(wsi).
587 v1.5-chrome47-firefox41
588 =======================
593 LWS_CALLBACK_CLIENT_CONNECTION_ERROR may provide an error string if in is
594 non-NULL. If so, the string has length len.
596 LWS_SERVER_OPTION_PEER_CERT_NOT_REQUIRED is available to relax the requirement
597 for peer certs if you are using the option to require client certs.
599 LWS_WITHOUT_BUILTIN_SHA1 cmake option forces lws to use SHA1() defined
600 externally, eg, byOpenSSL, and disables build of libwebsockets_SHA1()
603 v1.4-chrome43-firefox36
604 =======================
609 There's a new member in the info struct used to control context creation,
610 ssl_private_key_password, which allows passing into lws the passphrase on
613 There's a new member in struct protocols, id, which is ignored by lws but can
614 be used by the user code to mark the selected protocol by user-defined version
615 or capabliity flag information, for the case multiple versions of a protocol are
618 int lws_is_ssl(wsi) added to allow user code to know if the connection was made
619 over ssl or not. If LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT is used, both
620 ssl and non-ssl connections are possible and may need to be treated differently
623 int lws_partial_buffered(wsi) added... should be checked after any
624 libwebsocket_write that will be followed by another libwebsocket_write inside
625 the same writeable callback. If set, you can't do any more writes until the
626 writeable callback is called again. If you only do one write per writeable callback,
629 HTTP2-related: HTTP2 changes how headers are handled, lws now has new version-
630 agnositic header creation APIs. These do the right thing depending on each
631 connection's HTTP version without the user code having to know or care, except
632 to make sure to use the new APIs for headers (test-server is updated to use
633 them already, so look there for examples)
635 The APIs "render" the headers into a user-provided buffer and bump *p as it
636 is used. If *p reaches end, then the APIs return nonzero for error.
638 LWS_VISIBLE LWS_EXTERN int
639 lws_add_http_header_status(struct libwebsocket_context *context,
640 struct libwebsocket *wsi,
645 Start a response header reporting status like 200, 500, etc
647 LWS_VISIBLE LWS_EXTERN int
648 lws_add_http_header_by_name(struct libwebsocket_context *context,
649 struct libwebsocket *wsi,
650 const unsigned char *name,
651 const unsigned char *value,
656 Add a header like name: value in HTTP1.x
658 LWS_VISIBLE LWS_EXTERN int
659 lws_finalize_http_header(struct libwebsocket_context *context,
660 struct libwebsocket *wsi,
664 Finish off the headers, like add the extra \r\n in HTTP1.x
666 LWS_VISIBLE LWS_EXTERN int
667 lws_add_http_header_by_token(struct libwebsocket_context *context,
668 struct libwebsocket *wsi,
669 enum lws_token_indexes token,
670 const unsigned char *value,
675 Add a header by using a lws token as the name part. In HTTP2, this can be
676 compressed to one or two bytes.
682 protocols struct member no_buffer_all_partial_tx is removed. Under some
683 conditions like rewriting extension such as compression in use, the built-in
684 partial send buffering is the only way to deal with the problem, so turning
685 it off is deprecated.
691 HTTP2-related: API libwebsockets_serve_http_file() takes an extra parameter at
694 int other_headers_len)
696 If you are providing other headers, they must be generated using the new
697 HTTP-version-agnostic APIs, and you must provide the length of them using this
698 additional parameter.
700 struct lws_context_creation_info now has an additional member
701 SSL_CTX *provided_client_ssl_ctx you may set to an externally-initialized
702 SSL_CTX managed outside lws. Defaulting to zero keeps the existing behaviour of
703 lws managing the context, if you memset the struct to 0 or have as a filescope
704 initialized struct in bss, no need to change anything.
707 v1.3-chrome37-firefox30
708 =======================
711 CMakeLists.txt | 447 +++--
715 cmake/LibwebsocketsConfig.cmake.in | 17 +
716 cmake/LibwebsocketsConfigVersion.cmake.in | 11 +
717 config.h.cmake | 18 +
718 cross-ming.cmake | 31 +
719 cross-openwrt-makefile | 91 +
720 lib/client-handshake.c | 205 ++-
721 lib/client-parser.c | 58 +-
722 lib/client.c | 158 +-
723 lib/context.c | 341 ++++
724 lib/extension-deflate-frame.c | 2 +-
725 lib/extension.c | 178 ++
726 lib/handshake.c | 287 +---
727 lib/lextable.h | 338 ++++
729 lib/libwebsockets.c | 2089 +++--------------------
730 lib/libwebsockets.h | 253 ++-
731 lib/lws-plat-unix.c | 404 +++++
732 lib/lws-plat-win.c | 358 ++++
733 lib/minilex.c | 530 +++---
734 lib/output.c | 445 ++---
735 lib/parsers.c | 682 ++++----
736 lib/pollfd.c | 239 +++
737 lib/private-libwebsockets.h | 501 +++++-
738 lib/server-handshake.c | 274 +--
739 lib/server.c | 858 ++++++++--
740 lib/service.c | 517 ++++++
742 lib/ssl-http2.c | 78 +
743 lib/ssl.c | 571 +++++++
744 test-server/attack.sh | 101 +-
745 test-server/test-client.c | 9 +-
746 test-server/test-echo.c | 17 +-
747 test-server/test-fraggle.c | 7 -
748 test-server/test-ping.c | 12 +-
749 test-server/test-server.c | 330 ++--
750 test-server/test.html | 4 +-
751 win32port/client/client.vcxproj | 259 ---
752 win32port/client/client.vcxproj.filters | 39 -
753 .../libwebsocketswin32.vcxproj.filters | 93 -
754 win32port/server/server.vcxproj | 276 ---
755 win32port/server/server.vcxproj.filters | 51 -
756 win32port/win32helpers/gettimeofday.h | 59 +-
757 win32port/win32helpers/netdb.h | 1 -
758 win32port/win32helpers/strings.h | 0
759 win32port/win32helpers/sys/time.h | 1 -
760 win32port/win32helpers/unistd.h | 0
761 win32port/win32helpers/websock-w32.c | 104 --
762 win32port/win32helpers/websock-w32.h | 62 -
763 win32port/win32port.sln | 100 --
764 win32port/zlib/gzio.c | 3 +-
765 55 files changed, 6779 insertions(+), 5059 deletions(-)
771 POST method is supported
773 The protocol 0 / HTTP callback can now get two new kinds of callback,
774 LWS_CALLBACK_HTTP_BODY (in and len are a chunk of the body of the HTTP request)
775 and LWS_CALLBACK_HTTP_BODY_COMPLETION (the expected amount of body has arrived
776 and been passed to the user code already). These callbacks are used with the
777 post method (see the test server for details).
779 The period between the HTTP header completion and the completion of the body
780 processing is protected by a 5s timeout.
782 The chunks are stored in a malloc'd buffer of size protocols[0].rx_buffer_size.
785 New server option you can enable from user code
786 LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT allows non-SSL connections to
787 also be accepted on an SSL listening port. It's disabled unless you enable
791 Two new callbacks are added in protocols[0] that are optional for allowing
792 limited thread access to libwebsockets, LWS_CALLBACK_LOCK_POLL and
793 LWS_CALLBACK_UNLOCK_POLL.
795 If you use them, they protect internal and external poll list changes, but if
796 you want to use external thread access to libwebsocket_callback_on_writable()
797 you have to implement your locking here even if you don't use external
800 If you will use another thread for this, take a lot of care about managing
801 your list of live wsi by doing it from ESTABLISHED and CLOSED callbacks
802 (with your own locking).
804 If you configure cmake with -DLWS_WITH_LIBEV=1 then the code allowing the libev
805 eventloop instead of the default poll() one will also be compiled in. But to
806 use it, you must also set the LWS_SERVER_OPTION_LIBEV flag on the context
807 creation info struct options member.
809 IPV6 is supported and enabled by default except for Windows, you can disable
810 the support at build-time by giving -DLWS_IPV6=, and disable use of it even if
811 compiled in by making sure the flag LWS_SERVER_OPTION_DISABLE_IPV6 is set on
812 the context creation info struct options member.
814 You can give LWS_SERVER_OPTION_DISABLE_OS_CA_CERTS option flag to
815 guarantee the OS CAs will not be used, even if that support was selected at
818 Optional "token limits" may be enforced by setting the member "token_limits"
819 in struct lws_context_creation_info to point to a struct lws_token_limits.
820 NULL means no token limits used for compatibility.
826 Extra optional argument to libwebsockets_serve_http_file() allows injecion
827 of HTTP headers into the canned response. Eg, cookies may be added like
828 that without getting involved in having to send the header by hand.
830 A new info member http_proxy_address may be used at context creation time to
831 set the http proxy. If non-NULL, it overrides http_proxy environment var.
833 Cmake supports LWS_SSL_CLIENT_USE_OS_CA_CERTS defaulting to on, which gets
834 the client to use the OS CA Roots. If you're worried somebody with the
835 ability to forge for force creation of a client cert from the root CA in
836 your OS, you should disable this since your selfsigned $0 cert is a lot safer
840 v1.23-chrome32-firefox24
841 ========================
844 CMakeLists.txt | 573 ++++++++----
845 COPYING | 503 -----------
846 INSTALL | 365 --------
848 README.build | 371 ++------
849 README.coding | 63 ++
850 autogen.sh | 1578 ---------------------------------
852 cmake/FindGit.cmake | 163 ++++
853 cmake/FindOpenSSLbins.cmake | 15 +-
854 cmake/UseRPMTools.cmake | 176 ++++
855 config.h.cmake | 25 +-
856 configure.ac | 226 -----
857 cross-arm-linux-gnueabihf.cmake | 28 +
858 lib/Makefile.am | 89 --
859 lib/base64-decode.c | 98 +-
860 lib/client-handshake.c | 123 ++-
861 lib/client-parser.c | 19 +-
862 lib/client.c | 145 ++-
863 lib/daemonize.c | 4 +-
864 lib/extension.c | 2 +-
865 lib/getifaddrs.h | 4 +-
866 lib/handshake.c | 76 +-
867 lib/libwebsockets.c | 491 ++++++----
868 lib/libwebsockets.h | 164 ++--
869 lib/output.c | 214 ++++-
870 lib/parsers.c | 102 +--
871 lib/private-libwebsockets.h | 66 +-
872 lib/server-handshake.c | 5 +-
875 libwebsockets-api-doc.html | 249 +++---
876 libwebsockets.pc.in | 11 -
877 libwebsockets.spec | 14 +-
879 scripts/FindLibWebSockets.cmake | 33 +
880 scripts/kernel-doc | 1 +
881 test-server/Makefile.am | 131 ---
882 test-server/leaf.jpg | Bin 0 -> 2477518 bytes
883 test-server/test-client.c | 78 +-
884 test-server/test-echo.c | 33 +-
885 test-server/test-fraggle.c | 26 +-
886 test-server/test-ping.c | 15 +-
887 test-server/test-server.c | 197 +++-
888 test-server/test.html | 5 +-
889 win32port/win32helpers/gettimeofday.c | 74 +-
890 win32port/win32helpers/websock-w32.h | 6 +-
891 48 files changed, 2493 insertions(+), 4212 deletions(-)
897 - You can now call libwebsocket_callback_on_writable() on http connectons,
898 and get a LWS_CALLBACK_HTTP_WRITEABLE callback, the same way you can
899 regulate writes with a websocket protocol connection.
901 - A new member in the context creation parameter struct "ssl_cipher_list" is
902 added, replacing CIPHERS_LIST_STRING. NULL means use the ssl library
903 default list of ciphers.
905 - Not really an api addition, but libwebsocket_service_fd() will now zero
906 the revents field of the pollfd it was called with if it handled the
907 descriptor. So you can tell if it is a non-lws fd by checking revents
908 after the service call... if it's still nonzero, the descriptor
909 belongs to you and you need to take care of it.
911 - libwebsocket_rx_flow_allow_all_protocol(protocol) will unthrottle all
912 connections with the established protocol. It's designed to be
913 called from user server code when it sees it can accept more input
914 and may have throttled connections using the server rx flow apis
915 while it was unable to accept any other input The user server code
916 then does not have to try to track while connections it choked, this
917 will free up all of them in one call.
919 - there's a new, optional callback LWS_CALLBACK_CLOSED_HTTP which gets
920 called when an HTTP protocol socket closes
922 - for LWS_CALLBACK_FILTER_PROTOCOL_CONNECTION callback, the user_space alloc
923 has already been done before the callback happens. That means we can
924 use the user parameter to the callback to contain the user pointer, and
925 move the protocol name to the "in" parameter. The docs for this
926 callback are also updated to reflect how to check headers in there.
928 - libwebsocket_client_connect() is now properly nonblocking and async. See
929 README.coding and test-client.c for information on the callbacks you
930 can rely on controlling the async connection period with.
932 - if your OS does not support the http_proxy environment variable convention
933 (eg, reportedly OSX), you can use a new api libwebsocket_set_proxy()
934 to set the proxy details in between context creation and the connection
935 action. For OSes that support http_proxy, that's used automatically.
940 - the external poll callbacks now get the socket descriptor coming from the
941 "in" parameter. The user parameter provides the user_space for the
942 wsi as it normally does on the other callbacks.
943 LWS_CALLBACK_FILTER_NETWORK_CONNECTION also has the socket descriptor
944 delivered by @in now instead of @user.
946 - libwebsocket_write() now returns -1 for error, or the amount of data
947 actually accepted for send. Under load, the OS may signal it is
948 ready to send new data on the socket, but have only a restricted
949 amount of memory to buffer the packet compared to usual.
955 - libwebsocket_ensure_user_space() is removed from the public api, if you
956 were using it to get user_space, you need to adapt your code to only
957 use user_space inside the user callback.
959 - CIPHERS_LIST_STRING is removed
961 - autotools build has been removed. See README.build for info on how to
962 use CMake for your platform
965 v1.21-chrome26-firefox18
966 ========================
968 - Fixes buffer overflow bug in max frame size handling if you used the
969 default protocol buffer size. If you declared rx_buffer_size in your
970 protocol, which is recommended anyway, your code was unaffected.
972 v1.2-chrome26-firefox18
973 =======================
979 CMakeLists.txt | 544 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
980 LICENSE | 526 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
983 README.build | 258 ++++++++++++++++++++++++++++++++-----
984 README.coding | 52 ++++++++
985 changelog | 136 ++++++++++++++++++++
986 cmake/FindOpenSSLbins.cmake | 33 +++++
987 config.h.cmake | 173 +++++++++++++++++++++++++
988 configure.ac | 22 +++-
989 lib/Makefile.am | 20 ++-
990 lib/base64-decode.c | 2 +-
991 lib/client-handshake.c | 190 +++++++++++-----------------
992 lib/client-parser.c | 88 +++++++------
993 lib/client.c | 384 ++++++++++++++++++++++++++++++-------------------------
994 lib/daemonize.c | 32 +++--
995 lib/extension-deflate-frame.c | 58 +++++----
996 lib/extension-deflate-stream.c | 19 ++-
997 lib/extension-deflate-stream.h | 4 +-
998 lib/extension.c | 11 +-
999 lib/getifaddrs.c | 315 +++++++++++++++++++++++-----------------------
1000 lib/getifaddrs.h | 30 ++---
1001 lib/handshake.c | 124 +++++++++++-------
1002 lib/libwebsockets.c | 736 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--------------------------------------
1003 lib/libwebsockets.h | 237 ++++++++++++++++++++++------------
1004 lib/output.c | 192 +++++++++++-----------------
1005 lib/parsers.c | 966 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----------------------------------------------------------------
1006 lib/private-libwebsockets.h | 225 +++++++++++++++++++++------------
1007 lib/server-handshake.c | 82 ++++++------
1008 lib/server.c | 96 +++++++-------
1009 libwebsockets-api-doc.html | 189 ++++++++++++++++++----------
1010 libwebsockets.spec | 17 +--
1011 test-server/attack.sh | 148 ++++++++++++++++++++++
1012 test-server/test-client.c | 125 +++++++++---------
1013 test-server/test-echo.c | 31 +++--
1014 test-server/test-fraggle.c | 32 ++---
1015 test-server/test-ping.c | 52 ++++----
1016 test-server/test-server.c | 129 ++++++++++++-------
1017 win32port/libwebsocketswin32/libwebsocketswin32.vcxproj | 279 ----------------------------------------
1018 win32port/libwebsocketswin32/libwebsocketswin32.vcxproj.filters | 23 +++-
1019 41 files changed, 4398 insertions(+), 2219 deletions(-)
1025 - lws_get_library_version() returns a const char * with a string like
1026 "1.1 9e7f737", representing the library version from configure.ac
1027 and the git HEAD hash the library was built from
1029 - TCP Keepalive can now optionally be applied to all lws sockets, on Linux
1030 also with controllable timeout, number of probes and probe interval.
1031 (On BSD type OS, you can only use system default settings for the
1032 timing and retries, although enabling it is supported by setting
1033 ka_time to nonzero, the exact value has no meaning.)
1034 This enables detection of idle connections which are logically okay,
1035 but are in fact dead, due to network connectivity issues at the server,
1036 client, or any intermediary. By default it's not enabled, but you
1037 can enable it by setting a non-zero timeout (in seconds) at the new
1038 ka_time member at context creation time.
1040 - Two new optional user callbacks added, LWS_CALLBACK_PROTOCOL_DESTROY which
1041 is called one-time per protocol as the context is being destroyed, and
1042 LWS_CALLBACK_PROTOCOL_INIT which is called when the context is created
1043 and the protocols are added, again it's a one-time affair.
1044 This lets you manage per-protocol allocations properly including
1045 cleaning up after yourself when the server goes down.
1050 - libwebsocket_create_context() has changed from taking a ton of parameters
1051 to just taking a pointer to a struct containing the parameters. The
1052 struct lws_context_creation_info is in libwebsockets.h, the members
1053 are in the same order as when they were parameters to the call
1054 previously. The test apps are all updated accordingly so you can
1055 see example code there.
1057 - Header tokens are now deleted after the websocket connection is
1058 established. Not just the header data is saved, but the pointer and
1059 length array is also removed from (union) scope saving several hundred
1060 bytes per connection once it is established
1062 - struct libwebsocket_protocols has a new member rx_buffer_size, this
1063 controls rx buffer size per connection of that protocol now. Sources
1064 for apps built against older versions of the library won't declare
1065 this in their protocols, defaulting it to 0. Zero buffer is legal,
1066 it causes a default buffer to be allocated (currently 4096)
1068 If you want to receive only atomic frames in your user callback, you
1069 should set this to greater than your largest frame size. If a frame
1070 comes that exceeds that, no error occurs but the callback happens as
1071 soon as the buffer limit is reached, and again if it is reached again
1072 or the frame completes. You can detect that has happened by seeing
1073 there is still frame content pending using
1074 libwebsockets_remaining_packet_payload()
1076 By correctly setting this, you can save a lot of memory when your
1077 protocol has small frames (see the test server and client sources).
1079 - LWS_MAX_HEADER_LEN now defaults to 1024 and is the total amount of known
1080 header payload lws can cope with, that includes the GET URL, origin
1081 etc. Headers not understood by lws are ignored and their payload
1082 not included in this.
1088 - The configuration-time option MAX_USER_RX_BUFFER has been replaced by a
1089 buffer size chosen per-protocol. For compatibility, there's a default
1090 of 4096 rx buffer, but user code should set the appropriate size for
1091 the protocol frames.
1093 - LWS_INITIAL_HDR_ALLOC and LWS_ADDITIONAL_HDR_ALLOC are no longer needed
1094 and have been removed. There's a new header management scheme that
1095 handles them in a much more compact way.
1097 - libwebsockets_hangup_on_client() is removed. If you want to close the
1098 connection you must do so from the user callback and by returning
1101 - libwebsocket_close_and_free_session() is now private to the library code
1102 only and not exposed for user code. If you want to close the
1103 connection, you must do so from the user callback by returning -1
1110 - Cmake project file added, aimed initially at Windows support: this replaces
1111 the visual studio project files that were in the tree until now.
1113 - CyaSSL now supported in place of OpenSSL (--use-cyassl on configure)
1115 - PATH_MAX or MAX_PATH no longer needed
1117 - cutomizable frame rx buffer size by protocol
1119 - optional TCP keepalive so dead peers can be detected, can be enabled at
1120 context-creation time
1122 - valgrind-clean: no SSL or CyaSSL: completely clean. With OpenSSL, 88 bytes
1123 lost at OpenSSL library init and symptomless reports of uninitialized
1124 memory usage... seems to be a known and ignored problem at OpenSSL
1126 - By default debug is enabled and the library is built for -O0 -g to faclitate
1127 that. Use --disable-debug configure option to build instead with -O4
1128 and no -g (debug info), obviously providing best performance and
1129 reduced binary size.
1131 - 1.0 introduced some code to try to not deflate small frames, however this
1132 seems to break when confronted with a mixture of frames above and
1133 below the threshold, so it's removed. Veto the compression extension
1134 in your user callback if you will typically have very small frames.
1136 - There are many memory usage improvements, both a reduction in malloc/
1137 realloc and architectural changes. A websocket connection now
1138 consumes only 296 bytes with SSL or 272 bytes without on x86_64,
1139 during header processing an additional 1262 bytes is allocated in a
1140 single malloc, but is freed when the websocket connection starts.
1141 The RX frame buffer defined by the protocol in user
1142 code is also allocated per connection, this represents the largest
1143 frame you can receive atomically in that protocol.
1145 - On ARM9 build, just http+ws server no extensions or ssl, <12Kbytes .text
1146 and 112 bytes per connection (+1328 only during header processing)
1149 v1.1-chrome26-firefox18
1150 =======================
1156 README-test-server | 291 ---
1157 README.build | 239 ++
1158 README.coding | 138 ++
1160 README.test-apps | 272 +++
1161 configure.ac | 116 +-
1162 lib/Makefile.am | 55 +-
1163 lib/base64-decode.c | 5 +-
1164 lib/client-handshake.c | 121 +-
1165 lib/client-parser.c | 394 ++++
1166 lib/client.c | 807 +++++++
1167 lib/daemonize.c | 212 ++
1168 lib/extension-deflate-frame.c | 132 +-
1169 lib/extension-deflate-stream.c | 12 +-
1170 lib/extension-x-google-mux.c | 1223 ----------
1171 lib/extension-x-google-mux.h | 96 -
1172 lib/extension.c | 8 -
1173 lib/getifaddrs.c | 271 +++
1174 lib/getifaddrs.h | 76 +
1175 lib/handshake.c | 582 +----
1176 lib/libwebsockets.c | 2493 ++++++---------------
1177 lib/libwebsockets.h | 115 +-
1179 lib/minilex.c | 440 ++++
1180 lib/output.c | 628 ++++++
1181 lib/parsers.c | 2016 +++++------------
1182 lib/private-libwebsockets.h | 284 +--
1183 lib/server-handshake.c | 275 +++
1184 lib/server.c | 377 ++++
1185 libwebsockets-api-doc.html | 300 +--
1187 test-server/Makefile.am | 111 +-
1188 test-server/libwebsockets.org-logo.png | Bin 0 -> 7029 bytes
1189 test-server/test-client.c | 45 +-
1190 test-server/test-echo.c | 330 +++
1191 test-server/test-fraggle.c | 20 +-
1192 test-server/test-ping.c | 22 +-
1193 test-server/test-server-extpoll.c | 554 -----
1194 test-server/test-server.c | 349 ++-
1195 test-server/test.html | 3 +-
1196 win32port/zlib/ZLib.vcxproj | 749 ++++---
1197 win32port/zlib/ZLib.vcxproj.filters | 188 +-
1198 win32port/zlib/adler32.c | 348 ++-
1199 win32port/zlib/compress.c | 160 +-
1200 win32port/zlib/crc32.c | 867 ++++----
1201 win32port/zlib/crc32.h | 882 ++++----
1202 win32port/zlib/deflate.c | 3799 +++++++++++++++-----------------
1203 win32port/zlib/deflate.h | 688 +++---
1204 win32port/zlib/gzclose.c | 50 +-
1205 win32port/zlib/gzguts.h | 325 ++-
1206 win32port/zlib/gzlib.c | 1157 +++++-----
1207 win32port/zlib/gzread.c | 1242 ++++++-----
1208 win32port/zlib/gzwrite.c | 1096 +++++----
1209 win32port/zlib/infback.c | 1272 ++++++-----
1210 win32port/zlib/inffast.c | 680 +++---
1211 win32port/zlib/inffast.h | 22 +-
1212 win32port/zlib/inffixed.h | 188 +-
1213 win32port/zlib/inflate.c | 2976 +++++++++++++------------
1214 win32port/zlib/inflate.h | 244 +-
1215 win32port/zlib/inftrees.c | 636 +++---
1216 win32port/zlib/inftrees.h | 124 +-
1217 win32port/zlib/trees.c | 2468 +++++++++++----------
1218 win32port/zlib/trees.h | 256 +--
1219 win32port/zlib/uncompr.c | 118 +-
1220 win32port/zlib/zconf.h | 934 ++++----
1221 win32port/zlib/zlib.h | 3357 ++++++++++++++--------------
1222 win32port/zlib/zutil.c | 642 +++---
1223 win32port/zlib/zutil.h | 526 ++---
1224 69 files changed, 19556 insertions(+), 20145 deletions(-)
1229 - libwebsockets_serve_http_file() now takes a context as first argument
1231 - libwebsockets_get_peer_addresses() now takes a context and wsi as first
1238 - lwsl_...() logging apis, default to stderr but retargetable by user code;
1239 may be used also by user code
1241 - lws_set_log_level() set which logging apis are able to emit (defaults to
1242 notice, warn, err severities), optionally set the emit callback
1244 - lwsl_emit_syslog() helper callback emits to syslog
1246 - lws_daemonize() helper code that forks the app into a headless daemon
1247 properly, maintains a lock file with pid in suitable for sysvinit etc to
1250 - LWS_CALLBACK_HTTP_FILE_COMPLETION callback added since http file
1251 transfer is now asynchronous (see test server code)
1253 - lws_frame_is_binary() from a wsi pointer, let you know if the received
1254 data was sent in BINARY mode
1260 - libwebsockets_fork_service_loop() - no longer supported (had intractable problems)
1261 arrange your code to act from the user callback instead from same
1262 process context as the service loop
1264 - libwebsockets_broadcast() - use libwebsocket_callback_on_writable[_all_protocol]()
1265 instead from same process context as the service loop. See the test apps
1268 - x-google-mux() removed until someone wants it
1270 - pre -v13 (ancient) protocol support removed
1276 - echo test server and client compatible with echo.websocket.org added
1278 - many new configure options (see README.build) to reduce footprint of the
1279 library to what you actually need, eg, --without-client and
1282 - http + websocket server can build to as little as 12K .text for ARM
1284 - no more MAX_CLIENTS limitation; adapts to support the max number of fds
1285 allowed to the process by ulimit, defaults to 1024 on Fedora and
1286 Ubuntu. Use ulimit to control this without needing to configure
1287 the library. Code here is smaller and faster.
1289 - adaptive ratio of listen socket to connection socket service allows
1290 good behaviour under Apache ab test load. Tested with thousands
1291 of simultaneous connections
1293 - reduction in per-connection memory footprint by moving to a union to hold
1294 mutually-exclusive state for the connection
1296 - robustness: Out of Memory taken care of for all allocation code now
1298 - internal getifaddrs option if your toolchain lacks it (some uclibc)
1300 - configurable memory limit for deflate operations
1302 - improvements in SSL code nonblocking operation, possible hang solved,
1303 some SSL operations broken down into pollable states so there is
1304 no library blocking, timeout coverage for SSL_connect
1306 - extpoll test server merged into single test server source
1308 - robustness: library should deal with all recoverable socket conditions
1310 - rx flowcontrol for backpressure notification fixed and implmeneted
1311 correctly in the test server
1313 - optimal lexical parser added for header processing; all headers in a
1314 single 276-byte state table
1316 - latency tracking api added (configure --with-latency)
1318 - Improved in-tree documentation, REAME.build, README.coding,
1319 README.test-apps, changelog
1324 v1.0-chrome25-firefox17 (6cd1ea9b005933f)