2 * libwebsockets - small server side websockets and web server implementation
4 * Copyright (C) 2010-2013 Andy Green <andy@warmcat.com>
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation:
9 * version 2.1 of the License.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
22 #include "private-libwebsockets.h"
24 const unsigned char lextable[] = {
28 #define FAIL_CHAR 0x08
30 int LWS_WARN_UNUSED_RESULT
31 lextable_decode(int pos, char c)
33 if (c >= 'A' && c <= 'Z')
37 if (lextable[pos] & (1 << 7)) { /* 1-byte, fail on mismatch */
38 if ((lextable[pos] & 0x7f) != c)
42 if (lextable[pos] == FAIL_CHAR)
47 if (lextable[pos] == FAIL_CHAR)
50 /* b7 = 0, end or 3-byte */
51 if (lextable[pos] < FAIL_CHAR) /* terminal marker */
54 if (lextable[pos] == c) /* goto */
55 return pos + (lextable[pos + 1]) +
56 (lextable[pos + 2] << 8);
64 _lws_header_table_reset(struct allocated_headers *ah)
66 /* init the ah to reflect no headers or data have appeared yet */
67 memset(ah->frag_index, 0, sizeof(ah->frag_index));
70 ah->http_response = 0;
73 // doesn't scrub the ah rxbuffer by default, parent must do if needed
76 lws_header_table_reset(struct lws *wsi, int autoservice)
78 struct allocated_headers *ah = wsi->u.hdr.ah;
79 struct lws_context_per_thread *pt;
80 struct lws_pollfd *pfd;
82 /* if we have the idea we're resetting 'our' ah, must be bound to one */
84 /* ah also concurs with ownership */
85 assert(ah->wsi == wsi);
87 _lws_header_table_reset(ah);
89 wsi->u.hdr.parser_state = WSI_TOKEN_NAME_PART;
90 wsi->u.hdr.lextable_pos = 0;
92 /* since we will restart the ah, our new headers are not completed */
93 wsi->hdr_parsing_completed = 0;
95 /* while we hold the ah, keep a timeout on the wsi */
96 lws_set_timeout(wsi, PENDING_TIMEOUT_HOLDING_AH,
97 wsi->vhost->timeout_secs_ah_idle);
100 * if we inherited pending rx (from socket adoption deferred
101 * processing), apply and free it.
103 if (wsi->u.hdr.preamble_rx) {
104 memcpy(ah->rx, wsi->u.hdr.preamble_rx,
105 wsi->u.hdr.preamble_rx_len);
106 ah->rxlen = wsi->u.hdr.preamble_rx_len;
107 lws_free_set_NULL(wsi->u.hdr.preamble_rx);
110 lwsl_notice("%s: calling service on readbuf ah\n", __func__);
112 pt = &wsi->context->pt[(int)wsi->tsi];
114 /* unlike a normal connect, we have the headers already
115 * (or the first part of them anyway)
117 pfd = &pt->fds[wsi->position_in_fds_table];
118 pfd->revents |= LWS_POLLIN;
119 lwsl_err("%s: calling service\n", __func__);
120 lws_service_fd_tsi(wsi->context, pfd, wsi->tsi);
125 int LWS_WARN_UNUSED_RESULT
126 lws_header_table_attach(struct lws *wsi, int autoservice)
128 struct lws_context *context = wsi->context;
129 struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi];
130 struct lws_pollargs pa;
134 lwsl_info("%s: wsi %p: ah %p (tsi %d, count = %d) in\n", __func__, (void *)wsi,
135 (void *)wsi->u.hdr.ah, wsi->tsi, pt->ah_count_in_use);
137 /* if we are already bound to one, just clear it down */
139 lwsl_info("cleardown\n");
144 pwsi = &pt->ah_wait_list;
147 /* if already waiting on list, if no new ah just ret */
148 if (pt->ah_count_in_use ==
149 context->max_http_header_pool) {
150 lwsl_notice("%s: no free ah to attach\n", __func__);
153 /* new ah.... remove ourselves from waiting list */
154 *pwsi = wsi->u.hdr.ah_wait_list; /* set our prev to our next */
155 wsi->u.hdr.ah_wait_list = NULL; /* no next any more */
156 pt->ah_wait_list_length--;
159 pwsi = &(*pwsi)->u.hdr.ah_wait_list;
162 * pool is all busy... add us to waiting list and return that we
163 * weren't able to deliver it right now
165 if (pt->ah_count_in_use == context->max_http_header_pool) {
166 lwsl_info("%s: adding %p to ah waiting list\n", __func__, wsi);
167 wsi->u.hdr.ah_wait_list = pt->ah_wait_list;
168 pt->ah_wait_list = wsi;
169 pt->ah_wait_list_length++;
171 /* we cannot accept input then */
173 _lws_change_pollfd(wsi, LWS_POLLIN, 0, &pa);
177 for (n = 0; n < context->max_http_header_pool; n++)
178 if (!pt->ah_pool[n].in_use)
181 /* if the count of in use said something free... */
182 assert(n != context->max_http_header_pool);
184 wsi->u.hdr.ah = &pt->ah_pool[n];
185 wsi->u.hdr.ah->in_use = 1;
186 pt->ah_pool[n].wsi = wsi; /* mark our owner */
187 pt->ah_count_in_use++;
189 _lws_change_pollfd(wsi, 0, LWS_POLLIN, &pa);
191 lwsl_info("%s: did attach wsi %p: ah %p: count %d (on exit)\n", __func__,
192 (void *)wsi, (void *)wsi->u.hdr.ah, pt->ah_count_in_use);
198 /* and reset the rx state */
199 wsi->u.hdr.ah->rxpos = 0;
200 wsi->u.hdr.ah->rxlen = 0;
202 lws_header_table_reset(wsi, autoservice);
203 time(&wsi->u.hdr.ah->assigned);
205 #ifndef LWS_NO_CLIENT
206 if (wsi->state == LWSS_CLIENT_UNCONNECTED)
207 if (!lws_client_connect_via_info2(wsi))
208 /* our client connect has failed, the wsi
223 lws_header_table_force_to_detachable_state(struct lws *wsi)
226 wsi->u.hdr.ah->rxpos = -1;
227 wsi->u.hdr.ah->rxlen = -1;
228 wsi->hdr_parsing_completed = 1;
233 lws_header_table_is_in_detachable_state(struct lws *wsi)
235 struct allocated_headers *ah = wsi->u.hdr.ah;
237 return ah && ah->rxpos == ah->rxlen && wsi->hdr_parsing_completed;
241 __lws_remove_from_ah_waiting_list(struct lws *wsi)
243 struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi];
244 struct lws **pwsi =&pt->ah_wait_list;
251 lwsl_info("%s: wsi %p, remv wait\n",
253 *pwsi = wsi->u.hdr.ah_wait_list;
254 wsi->u.hdr.ah_wait_list = NULL;
255 pt->ah_wait_list_length--;
258 pwsi = &(*pwsi)->u.hdr.ah_wait_list;
263 int lws_header_table_detach(struct lws *wsi, int autoservice)
265 struct lws_context *context = wsi->context;
266 struct allocated_headers *ah = wsi->u.hdr.ah;
267 struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi];
268 struct lws_pollargs pa;
273 __lws_remove_from_ah_waiting_list(wsi);
279 lwsl_info("%s: wsi %p: ah %p (tsi=%d, count = %d)\n", __func__,
280 (void *)wsi, (void *)ah, wsi->tsi,
281 pt->ah_count_in_use);
283 if (wsi->u.hdr.preamble_rx)
284 lws_free_set_NULL(wsi->u.hdr.preamble_rx);
286 /* may not be detached while he still has unprocessed rx */
287 if (!lws_header_table_is_in_detachable_state(wsi)) {
288 lwsl_err("%s: %p: CANNOT DETACH rxpos:%d, rxlen:%d, wsi->hdr_parsing_completed = %d\n", __func__, wsi,
289 ah->rxpos, ah->rxlen, wsi->hdr_parsing_completed);
295 /* we did have an ah attached */
297 if (ah->assigned && now - ah->assigned > 3) {
299 * we're detaching the ah, but it was held an
300 * unreasonably long time
302 lwsl_notice("%s: wsi %p: ah held %ds, "
303 "ah.rxpos %d, ah.rxlen %d, mode/state %d %d,"
304 "wsi->more_rx_waiting %d\n", __func__, wsi,
305 (int)(now - ah->assigned),
306 ah->rxpos, ah->rxlen, wsi->mode, wsi->state,
307 wsi->more_rx_waiting);
312 /* if we think we're detaching one, there should be one in use */
313 assert(pt->ah_count_in_use > 0);
314 /* and this specific one should have been in use */
316 wsi->u.hdr.ah = NULL;
317 ah->wsi = NULL; /* no owner */
319 pwsi = &pt->ah_wait_list;
321 /* oh there is nobody on the waiting list... leave it at that then */
324 pt->ah_count_in_use--;
329 /* somebody else on same tsi is waiting, give it to oldest guy */
331 lwsl_info("pt wait list %p\n", *pwsi);
332 while ((*pwsi)->u.hdr.ah_wait_list)
333 pwsi = &(*pwsi)->u.hdr.ah_wait_list;
336 lwsl_info("last wsi in wait list %p\n", wsi);
339 ah->wsi = wsi; /* new owner */
340 /* and reset the rx state */
343 lws_header_table_reset(wsi, autoservice);
344 time(&wsi->u.hdr.ah->assigned);
346 /* clients acquire the ah and then insert themselves in fds table... */
347 if (wsi->position_in_fds_table != -1) {
348 lwsl_info("%s: Enabling %p POLLIN\n", __func__, wsi);
350 /* he has been stuck waiting for an ah, but now his wait is over,
353 _lws_change_pollfd(wsi, 0, LWS_POLLIN, &pa);
356 /* point prev guy to next guy in list instead */
357 *pwsi = wsi->u.hdr.ah_wait_list;
358 /* the guy who got one is out of the list */
359 wsi->u.hdr.ah_wait_list = NULL;
360 pt->ah_wait_list_length--;
362 #ifndef LWS_NO_CLIENT
363 if (wsi->state == LWSS_CLIENT_UNCONNECTED) {
366 if (!lws_client_connect_via_info2(wsi)) {
367 /* our client connect has failed, the wsi
377 assert(!!pt->ah_wait_list_length == !!(lws_intptr_t)pt->ah_wait_list);
379 lwsl_info("%s: wsi %p: ah %p (tsi=%d, count = %d)\n", __func__,
380 (void *)wsi, (void *)ah, wsi->tsi,
381 pt->ah_count_in_use);
388 lws_hdr_fragment_length(struct lws *wsi, enum lws_token_indexes h, int frag_idx)
395 n = wsi->u.hdr.ah->frag_index[h];
400 return wsi->u.hdr.ah->frags[n].len;
401 n = wsi->u.hdr.ah->frags[n].nfrag;
402 } while (frag_idx-- && n);
407 LWS_VISIBLE int lws_hdr_total_length(struct lws *wsi, enum lws_token_indexes h)
415 n = wsi->u.hdr.ah->frag_index[h];
419 len += wsi->u.hdr.ah->frags[n].len;
420 n = wsi->u.hdr.ah->frags[n].nfrag;
426 LWS_VISIBLE int lws_hdr_copy_fragment(struct lws *wsi, char *dst, int len,
427 enum lws_token_indexes h, int frag_idx)
435 f = wsi->u.hdr.ah->frag_index[h];
440 while (n < frag_idx) {
441 f = wsi->u.hdr.ah->frags[f].nfrag;
447 if (wsi->u.hdr.ah->frags[f].len >= len)
450 memcpy(dst, wsi->u.hdr.ah->data + wsi->u.hdr.ah->frags[f].offset,
451 wsi->u.hdr.ah->frags[f].len);
452 dst[wsi->u.hdr.ah->frags[f].len] = '\0';
454 return wsi->u.hdr.ah->frags[f].len;
457 LWS_VISIBLE int lws_hdr_copy(struct lws *wsi, char *dst, int len,
458 enum lws_token_indexes h)
460 int toklen = lws_hdr_total_length(wsi, h);
469 n = wsi->u.hdr.ah->frag_index[h];
474 strcpy(dst, &wsi->u.hdr.ah->data[wsi->u.hdr.ah->frags[n].offset]);
475 dst += wsi->u.hdr.ah->frags[n].len;
476 n = wsi->u.hdr.ah->frags[n].nfrag;
482 char *lws_hdr_simple_ptr(struct lws *wsi, enum lws_token_indexes h)
486 n = wsi->u.hdr.ah->frag_index[h];
490 return wsi->u.hdr.ah->data + wsi->u.hdr.ah->frags[n].offset;
493 int LWS_WARN_UNUSED_RESULT
494 lws_pos_in_bounds(struct lws *wsi)
496 if (wsi->u.hdr.ah->pos < (unsigned int)wsi->context->max_http_header_data)
499 if (wsi->u.hdr.ah->pos == wsi->context->max_http_header_data) {
500 lwsl_err("Ran out of header data space\n");
505 * with these tests everywhere, it should never be able to exceed
506 * the limit, only meet the limit
509 lwsl_err("%s: pos %d, limit %d\n", __func__, wsi->u.hdr.ah->pos,
510 wsi->context->max_http_header_data);
516 int LWS_WARN_UNUSED_RESULT
517 lws_hdr_simple_create(struct lws *wsi, enum lws_token_indexes h, const char *s)
519 wsi->u.hdr.ah->nfrag++;
520 if (wsi->u.hdr.ah->nfrag == ARRAY_SIZE(wsi->u.hdr.ah->frags)) {
521 lwsl_warn("More hdr frags than we can deal with, dropping\n");
525 wsi->u.hdr.ah->frag_index[h] = wsi->u.hdr.ah->nfrag;
527 wsi->u.hdr.ah->frags[wsi->u.hdr.ah->nfrag].offset = wsi->u.hdr.ah->pos;
528 wsi->u.hdr.ah->frags[wsi->u.hdr.ah->nfrag].len = 0;
529 wsi->u.hdr.ah->frags[wsi->u.hdr.ah->nfrag].nfrag = 0;
532 if (lws_pos_in_bounds(wsi))
535 wsi->u.hdr.ah->data[wsi->u.hdr.ah->pos++] = *s;
537 wsi->u.hdr.ah->frags[wsi->u.hdr.ah->nfrag].len++;
543 signed char char_to_hex(const char c)
545 if (c >= '0' && c <= '9')
548 if (c >= 'a' && c <= 'f')
551 if (c >= 'A' && c <= 'F')
557 static int LWS_WARN_UNUSED_RESULT
558 issue_char(struct lws *wsi, unsigned char c)
560 unsigned short frag_len;
562 if (lws_pos_in_bounds(wsi))
565 frag_len = wsi->u.hdr.ah->frags[wsi->u.hdr.ah->nfrag].len;
567 * If we haven't hit the token limit, just copy the character into
570 if (frag_len < wsi->u.hdr.current_token_limit) {
571 wsi->u.hdr.ah->data[wsi->u.hdr.ah->pos++] = c;
573 wsi->u.hdr.ah->frags[wsi->u.hdr.ah->nfrag].len++;
577 /* Insert a null character when we *hit* the limit: */
578 if (frag_len == wsi->u.hdr.current_token_limit) {
579 if (lws_pos_in_bounds(wsi))
581 wsi->u.hdr.ah->data[wsi->u.hdr.ah->pos++] = '\0';
582 lwsl_warn("header %i exceeds limit %d\n",
583 wsi->u.hdr.parser_state,
584 wsi->u.hdr.current_token_limit);
590 int LWS_WARN_UNUSED_RESULT
591 lws_parse(struct lws *wsi, unsigned char c)
593 static const unsigned char methods[] = {
596 WSI_TOKEN_OPTIONS_URI,
599 WSI_TOKEN_DELETE_URI,
602 struct allocated_headers *ah = wsi->u.hdr.ah;
603 struct lws_context *context = wsi->context;
604 unsigned int n, m, enc = 0;
606 assert(wsi->u.hdr.ah);
608 switch (wsi->u.hdr.parser_state) {
611 lwsl_parser("WSI_TOK_(%d) '%c'\n", wsi->u.hdr.parser_state, c);
613 /* collect into malloc'd buffers */
614 /* optional initial space swallow */
615 if (!ah->frags[ah->frag_index[wsi->u.hdr.parser_state]].len &&
619 for (m = 0; m < ARRAY_SIZE(methods); m++)
620 if (wsi->u.hdr.parser_state == methods[m])
622 if (m == ARRAY_SIZE(methods))
623 /* it was not any of the methods */
626 /* special URI processing... end at space */
629 /* enforce starting with / */
630 if (!ah->frags[ah->nfrag].len)
631 if (issue_char(wsi, '/') < 0)
634 if (wsi->u.hdr.ups == URIPS_SEEN_SLASH_DOT_DOT) {
636 * back up one dir level if possible
637 * safe against header fragmentation because
638 * the method URI can only be in 1 fragment
640 if (ah->frags[ah->nfrag].len > 2) {
642 ah->frags[ah->nfrag].len--;
645 ah->frags[ah->nfrag].len--;
646 } while (ah->frags[ah->nfrag].len > 1 &&
647 ah->data[ah->pos] != '/');
651 /* begin parsing HTTP version: */
652 if (issue_char(wsi, '\0') < 0)
654 wsi->u.hdr.parser_state = WSI_TOKEN_HTTP;
660 * special URI processing... convert %xx
663 switch (wsi->u.hdr.ues) {
666 wsi->u.hdr.ues = URIES_SEEN_PERCENT;
670 case URIES_SEEN_PERCENT:
671 if (char_to_hex(c) < 0)
672 /* illegal post-% char */
675 wsi->u.hdr.esc_stash = c;
676 wsi->u.hdr.ues = URIES_SEEN_PERCENT_H1;
679 case URIES_SEEN_PERCENT_H1:
680 if (char_to_hex(c) < 0)
681 /* illegal post-% char */
684 c = (char_to_hex(wsi->u.hdr.esc_stash) << 4) |
687 wsi->u.hdr.ues = URIES_IDLE;
693 * special URI processing...
694 * convert /.. or /... or /../ etc to /
696 * convert // or /// etc to /
697 * leave /.dir or whatever alone
700 switch (wsi->u.hdr.ups) {
704 /* genuine delimiter */
705 if ((c == '&' || c == ';') && !enc) {
706 if (issue_char(wsi, c) < 0)
708 /* swallow the terminator */
709 ah->frags[ah->nfrag].len--;
710 /* link to next fragment */
711 ah->frags[ah->nfrag].nfrag = ah->nfrag + 1;
713 if (ah->nfrag >= ARRAY_SIZE(ah->frags))
715 /* start next fragment after the & */
716 wsi->u.hdr.post_literal_equal = 0;
717 ah->frags[ah->nfrag].offset = ah->pos;
718 ah->frags[ah->nfrag].len = 0;
719 ah->frags[ah->nfrag].nfrag = 0;
722 /* uriencoded = in the name part, disallow */
723 if (c == '=' && enc &&
724 ah->frag_index[WSI_TOKEN_HTTP_URI_ARGS] &&
725 !wsi->u.hdr.post_literal_equal)
728 /* after the real =, we don't care how many = */
729 if (c == '=' && !enc)
730 wsi->u.hdr.post_literal_equal = 1;
733 if (c == '+' && !enc)
735 /* issue the first / always */
736 if (c == '/' && !ah->frag_index[WSI_TOKEN_HTTP_URI_ARGS])
737 wsi->u.hdr.ups = URIPS_SEEN_SLASH;
739 case URIPS_SEEN_SLASH:
740 /* swallow subsequent slashes */
743 /* track and swallow the first . after / */
745 wsi->u.hdr.ups = URIPS_SEEN_SLASH_DOT;
748 wsi->u.hdr.ups = URIPS_IDLE;
750 case URIPS_SEEN_SLASH_DOT:
751 /* swallow second . */
753 wsi->u.hdr.ups = URIPS_SEEN_SLASH_DOT_DOT;
756 /* change /./ to / */
758 wsi->u.hdr.ups = URIPS_SEEN_SLASH;
761 /* it was like /.dir ... regurgitate the . */
762 wsi->u.hdr.ups = URIPS_IDLE;
763 if (issue_char(wsi, '.') < 0)
767 case URIPS_SEEN_SLASH_DOT_DOT:
769 /* /../ or /..[End of URI] --> backup to last / */
770 if (c == '/' || c == '?') {
772 * back up one dir level if possible
773 * safe against header fragmentation because
774 * the method URI can only be in 1 fragment
776 if (ah->frags[ah->nfrag].len > 2) {
778 ah->frags[ah->nfrag].len--;
781 ah->frags[ah->nfrag].len--;
782 } while (ah->frags[ah->nfrag].len > 1 &&
783 ah->data[ah->pos] != '/');
785 wsi->u.hdr.ups = URIPS_SEEN_SLASH;
786 if (ah->frags[ah->nfrag].len > 1)
791 /* /..[^/] ... regurgitate and allow */
793 if (issue_char(wsi, '.') < 0)
795 if (issue_char(wsi, '.') < 0)
797 wsi->u.hdr.ups = URIPS_IDLE;
801 if (c == '?' && !enc &&
802 !ah->frag_index[WSI_TOKEN_HTTP_URI_ARGS]) { /* start of URI arguments */
803 if (wsi->u.hdr.ues != URIES_IDLE)
806 /* seal off uri header */
807 if (issue_char(wsi, '\0') < 0)
810 /* move to using WSI_TOKEN_HTTP_URI_ARGS */
812 if (ah->nfrag >= ARRAY_SIZE(ah->frags))
814 ah->frags[ah->nfrag].offset = ah->pos;
815 ah->frags[ah->nfrag].len = 0;
816 ah->frags[ah->nfrag].nfrag = 0;
818 wsi->u.hdr.post_literal_equal = 0;
819 ah->frag_index[WSI_TOKEN_HTTP_URI_ARGS] = ah->nfrag;
820 wsi->u.hdr.ups = URIPS_IDLE;
826 if (wsi->u.hdr.parser_state != WSI_TOKEN_CHALLENGE &&
828 if (wsi->u.hdr.ues != URIES_IDLE)
832 wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING_SAW_CR;
836 n = issue_char(wsi, c);
840 wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING;
843 /* per-protocol end of headers management */
845 if (wsi->u.hdr.parser_state == WSI_TOKEN_CHALLENGE)
846 goto set_parsing_complete;
849 /* collecting and checking a name part */
850 case WSI_TOKEN_NAME_PART:
851 lwsl_parser("WSI_TOKEN_NAME_PART '%c' (mode=%d)\n", c, wsi->mode);
853 wsi->u.hdr.lextable_pos =
854 lextable_decode(wsi->u.hdr.lextable_pos, c);
856 * Server needs to look out for unknown methods...
858 if (wsi->u.hdr.lextable_pos < 0 &&
859 wsi->mode == LWSCM_HTTP_SERVING) {
860 /* this is not a header we know about */
861 for (m = 0; m < ARRAY_SIZE(methods); m++)
862 if (ah->frag_index[methods[m]]) {
864 * already had the method, no idea what
865 * this crap from the client is, ignore
867 wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING;
871 * hm it's an unknown http method from a client in fact,
872 * it cannot be valid http
874 if (m == ARRAY_SIZE(methods)) {
876 * are we set up to accept raw in these cases?
878 if (lws_check_opt(wsi->vhost->options,
879 LWS_SERVER_OPTION_FALLBACK_TO_RAW))
880 return 2; /* transition to raw */
882 lwsl_info("Unknown method - dropping\n");
888 * ...otherwise for a client, let him ignore unknown headers
889 * coming from the server
891 if (wsi->u.hdr.lextable_pos < 0) {
892 wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING;
896 if (lextable[wsi->u.hdr.lextable_pos] < FAIL_CHAR) {
899 n = ((unsigned int)lextable[wsi->u.hdr.lextable_pos] << 8) |
900 lextable[wsi->u.hdr.lextable_pos + 1];
902 lwsl_parser("known hdr %d\n", n);
903 for (m = 0; m < ARRAY_SIZE(methods); m++)
904 if (n == methods[m] &&
905 ah->frag_index[methods[m]]) {
906 lwsl_warn("Duplicated method\n");
911 * WSORIGIN is protocol equiv to ORIGIN,
912 * JWebSocket likes to send it, map to ORIGIN
914 if (n == WSI_TOKEN_SWORIGIN)
915 n = WSI_TOKEN_ORIGIN;
917 wsi->u.hdr.parser_state = (enum lws_token_indexes)
918 (WSI_TOKEN_GET_URI + n);
920 if (context->token_limits)
921 wsi->u.hdr.current_token_limit =
922 context->token_limits->token_limit[
923 wsi->u.hdr.parser_state];
925 wsi->u.hdr.current_token_limit =
926 wsi->context->max_http_header_data;
928 if (wsi->u.hdr.parser_state == WSI_TOKEN_CHALLENGE)
929 goto set_parsing_complete;
938 if (ah->nfrag == ARRAY_SIZE(ah->frags)) {
939 lwsl_warn("More hdr frags than we can deal with\n");
943 ah->frags[ah->nfrag].offset = ah->pos;
944 ah->frags[ah->nfrag].len = 0;
945 ah->frags[ah->nfrag].nfrag = 0;
947 n = ah->frag_index[wsi->u.hdr.parser_state];
948 if (!n) { /* first fragment */
949 ah->frag_index[wsi->u.hdr.parser_state] = ah->nfrag;
953 while (ah->frags[n].nfrag)
954 n = ah->frags[n].nfrag;
955 ah->frags[n].nfrag = ah->nfrag;
957 if (issue_char(wsi, ' ') < 0)
961 /* skipping arg part of a name we didn't recognize */
962 case WSI_TOKEN_SKIPPING:
963 lwsl_parser("WSI_TOKEN_SKIPPING '%c'\n", c);
966 wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING_SAW_CR;
969 case WSI_TOKEN_SKIPPING_SAW_CR:
970 lwsl_parser("WSI_TOKEN_SKIPPING_SAW_CR '%c'\n", c);
971 if (wsi->u.hdr.ues != URIES_IDLE)
974 wsi->u.hdr.parser_state = WSI_TOKEN_NAME_PART;
975 wsi->u.hdr.lextable_pos = 0;
977 wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING;
979 /* we're done, ignore anything else */
981 case WSI_PARSING_COMPLETE:
982 lwsl_parser("WSI_PARSING_COMPLETE '%c'\n", c);
988 set_parsing_complete:
989 if (wsi->u.hdr.ues != URIES_IDLE)
991 if (lws_hdr_total_length(wsi, WSI_TOKEN_UPGRADE)) {
992 if (lws_hdr_total_length(wsi, WSI_TOKEN_VERSION))
993 wsi->ietf_spec_revision =
994 atoi(lws_hdr_simple_ptr(wsi, WSI_TOKEN_VERSION));
996 lwsl_parser("v%02d hdrs completed\n", wsi->ietf_spec_revision);
998 wsi->u.hdr.parser_state = WSI_PARSING_COMPLETE;
999 wsi->hdr_parsing_completed = 1;
1004 lwsl_notice(" forbidding on uri sanitation\n");
1005 lws_return_http_status(wsi, HTTP_STATUS_FORBIDDEN, NULL);
1009 LWS_VISIBLE int lws_frame_is_binary(struct lws *wsi)
1011 return wsi->u.ws.frame_is_binary;
1015 lws_add_wsi_to_draining_ext_list(struct lws *wsi)
1017 struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi];
1019 if (wsi->u.ws.rx_draining_ext)
1022 lwsl_ext("%s: RX EXT DRAINING: Adding to list\n", __func__);
1024 wsi->u.ws.rx_draining_ext = 1;
1025 wsi->u.ws.rx_draining_ext_list = pt->rx_draining_ext_list;
1026 pt->rx_draining_ext_list = wsi;
1030 lws_remove_wsi_from_draining_ext_list(struct lws *wsi)
1032 struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi];
1033 struct lws **w = &pt->rx_draining_ext_list;
1035 if (!wsi->u.ws.rx_draining_ext)
1038 lwsl_ext("%s: RX EXT DRAINING: Removing from list\n", __func__);
1040 wsi->u.ws.rx_draining_ext = 0;
1042 /* remove us from context draining ext list */
1045 /* if us, point it instead to who we were pointing to */
1046 *w = wsi->u.ws.rx_draining_ext_list;
1049 w = &((*w)->u.ws.rx_draining_ext_list);
1051 wsi->u.ws.rx_draining_ext_list = NULL;
1055 * client-parser.c: lws_client_rx_sm() needs to be roughly kept in
1056 * sync with changes here, esp related to ext draining
1060 lws_rx_sm(struct lws *wsi, unsigned char c)
1062 int callback_action = LWS_CALLBACK_RECEIVE;
1063 int ret = 0, n, rx_draining_ext = 0;
1064 struct lws_tokens eff_buf;
1066 eff_buf.token = NULL;
1067 eff_buf.token_len = 0;
1068 if (wsi->socket_is_permanently_unusable)
1071 switch (wsi->lws_rx_parse_state) {
1073 if (wsi->u.ws.rx_draining_ext) {
1074 eff_buf.token = NULL;
1075 eff_buf.token_len = 0;
1076 lws_remove_wsi_from_draining_ext_list(wsi);
1077 rx_draining_ext = 1;
1078 lwsl_debug("%s: doing draining flow\n", __func__);
1080 goto drain_extension;
1082 switch (wsi->ietf_spec_revision) {
1085 * no prepended frame key any more
1087 wsi->u.ws.all_zero_nonce = 1;
1091 lwsl_warn("lws_rx_sm: unknown spec version %d\n",
1092 wsi->ietf_spec_revision);
1096 case LWS_RXPS_04_mask_1:
1097 wsi->u.ws.mask[1] = c;
1099 wsi->u.ws.all_zero_nonce = 0;
1100 wsi->lws_rx_parse_state = LWS_RXPS_04_mask_2;
1102 case LWS_RXPS_04_mask_2:
1103 wsi->u.ws.mask[2] = c;
1105 wsi->u.ws.all_zero_nonce = 0;
1106 wsi->lws_rx_parse_state = LWS_RXPS_04_mask_3;
1108 case LWS_RXPS_04_mask_3:
1109 wsi->u.ws.mask[3] = c;
1111 wsi->u.ws.all_zero_nonce = 0;
1114 * start from the zero'th byte in the XOR key buffer since
1115 * this is the start of a frame with a new key
1118 wsi->u.ws.mask_idx = 0;
1120 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_1;
1124 * 04 logical framing from the spec (all this is masked when incoming
1125 * and has to be unmasked)
1127 * We ignore the possibility of extension data because we don't
1128 * negotiate any extensions at the moment.
1131 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1132 * +-+-+-+-+-------+-+-------------+-------------------------------+
1133 * |F|R|R|R| opcode|R| Payload len | Extended payload length |
1134 * |I|S|S|S| (4) |S| (7) | (16/63) |
1135 * |N|V|V|V| |V| | (if payload len==126/127) |
1137 * +-+-+-+-+-------+-+-------------+ - - - - - - - - - - - - - - - +
1138 * | Extended payload length continued, if payload len == 127 |
1139 * + - - - - - - - - - - - - - - - +-------------------------------+
1140 * | | Extension data |
1141 * +-------------------------------+ - - - - - - - - - - - - - - - +
1143 * +---------------------------------------------------------------+
1144 * : Application data :
1145 * +---------------------------------------------------------------+
1147 * We pass payload through to userland as soon as we get it, ignoring
1148 * FIN. It's up to userland to buffer it up if it wants to see a
1149 * whole unfragmented block of the original size (which may be up to
1153 case LWS_RXPS_04_FRAME_HDR_1:
1156 wsi->u.ws.opcode = c & 0xf;
1157 wsi->u.ws.rsv = c & 0x70;
1158 wsi->u.ws.final = !!((c >> 7) & 1);
1160 switch (wsi->u.ws.opcode) {
1161 case LWSWSOPC_TEXT_FRAME:
1162 case LWSWSOPC_BINARY_FRAME:
1163 wsi->u.ws.rsv_first_msg = (c & 0x70);
1164 wsi->u.ws.frame_is_binary =
1165 wsi->u.ws.opcode == LWSWSOPC_BINARY_FRAME;
1166 wsi->u.ws.first_fragment = 1;
1178 lwsl_info("illegal opcode\n");
1181 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN;
1184 case LWS_RXPS_04_FRAME_HDR_LEN:
1186 wsi->u.ws.this_frame_masked = !!(c & 0x80);
1190 /* control frames are not allowed to have big lengths */
1191 if (wsi->u.ws.opcode & 8)
1192 goto illegal_ctl_length;
1194 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN16_2;
1197 /* control frames are not allowed to have big lengths */
1198 if (wsi->u.ws.opcode & 8)
1199 goto illegal_ctl_length;
1201 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_8;
1204 wsi->u.ws.rx_packet_length = c & 0x7f;
1205 if (wsi->u.ws.this_frame_masked)
1206 wsi->lws_rx_parse_state =
1207 LWS_RXPS_07_COLLECT_FRAME_KEY_1;
1209 if (wsi->u.ws.rx_packet_length)
1210 wsi->lws_rx_parse_state =
1211 LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED;
1213 wsi->lws_rx_parse_state = LWS_RXPS_NEW;
1220 case LWS_RXPS_04_FRAME_HDR_LEN16_2:
1221 wsi->u.ws.rx_packet_length = c << 8;
1222 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN16_1;
1225 case LWS_RXPS_04_FRAME_HDR_LEN16_1:
1226 wsi->u.ws.rx_packet_length |= c;
1227 if (wsi->u.ws.this_frame_masked)
1228 wsi->lws_rx_parse_state =
1229 LWS_RXPS_07_COLLECT_FRAME_KEY_1;
1231 wsi->lws_rx_parse_state =
1232 LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED;
1235 case LWS_RXPS_04_FRAME_HDR_LEN64_8:
1237 lwsl_warn("b63 of length must be zero\n");
1238 /* kill the connection */
1241 #if defined __LP64__
1242 wsi->u.ws.rx_packet_length = ((size_t)c) << 56;
1244 wsi->u.ws.rx_packet_length = 0;
1246 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_7;
1249 case LWS_RXPS_04_FRAME_HDR_LEN64_7:
1250 #if defined __LP64__
1251 wsi->u.ws.rx_packet_length |= ((size_t)c) << 48;
1253 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_6;
1256 case LWS_RXPS_04_FRAME_HDR_LEN64_6:
1257 #if defined __LP64__
1258 wsi->u.ws.rx_packet_length |= ((size_t)c) << 40;
1260 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_5;
1263 case LWS_RXPS_04_FRAME_HDR_LEN64_5:
1264 #if defined __LP64__
1265 wsi->u.ws.rx_packet_length |= ((size_t)c) << 32;
1267 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_4;
1270 case LWS_RXPS_04_FRAME_HDR_LEN64_4:
1271 wsi->u.ws.rx_packet_length |= ((size_t)c) << 24;
1272 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_3;
1275 case LWS_RXPS_04_FRAME_HDR_LEN64_3:
1276 wsi->u.ws.rx_packet_length |= ((size_t)c) << 16;
1277 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_2;
1280 case LWS_RXPS_04_FRAME_HDR_LEN64_2:
1281 wsi->u.ws.rx_packet_length |= ((size_t)c) << 8;
1282 wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_1;
1285 case LWS_RXPS_04_FRAME_HDR_LEN64_1:
1286 wsi->u.ws.rx_packet_length |= ((size_t)c);
1287 if (wsi->u.ws.this_frame_masked)
1288 wsi->lws_rx_parse_state =
1289 LWS_RXPS_07_COLLECT_FRAME_KEY_1;
1291 wsi->lws_rx_parse_state =
1292 LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED;
1295 case LWS_RXPS_07_COLLECT_FRAME_KEY_1:
1296 wsi->u.ws.mask[0] = c;
1298 wsi->u.ws.all_zero_nonce = 0;
1299 wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_2;
1302 case LWS_RXPS_07_COLLECT_FRAME_KEY_2:
1303 wsi->u.ws.mask[1] = c;
1305 wsi->u.ws.all_zero_nonce = 0;
1306 wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_3;
1309 case LWS_RXPS_07_COLLECT_FRAME_KEY_3:
1310 wsi->u.ws.mask[2] = c;
1312 wsi->u.ws.all_zero_nonce = 0;
1313 wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_4;
1316 case LWS_RXPS_07_COLLECT_FRAME_KEY_4:
1317 wsi->u.ws.mask[3] = c;
1319 wsi->u.ws.all_zero_nonce = 0;
1320 wsi->lws_rx_parse_state =
1321 LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED;
1322 wsi->u.ws.mask_idx = 0;
1323 if (wsi->u.ws.rx_packet_length == 0) {
1324 wsi->lws_rx_parse_state = LWS_RXPS_NEW;
1330 case LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED:
1331 assert(wsi->u.ws.rx_ubuf);
1333 if (wsi->u.ws.rx_draining_ext)
1334 goto drain_extension;
1336 if (wsi->u.ws.rx_ubuf_head + LWS_PRE >=
1337 wsi->u.ws.rx_ubuf_alloc) {
1338 lwsl_err("Attempted overflow \n");
1341 if (wsi->u.ws.all_zero_nonce)
1342 wsi->u.ws.rx_ubuf[LWS_PRE +
1343 (wsi->u.ws.rx_ubuf_head++)] = c;
1345 wsi->u.ws.rx_ubuf[LWS_PRE +
1346 (wsi->u.ws.rx_ubuf_head++)] =
1348 (wsi->u.ws.mask_idx++) & 3];
1350 if (--wsi->u.ws.rx_packet_length == 0) {
1351 /* spill because we have the whole frame */
1352 wsi->lws_rx_parse_state = LWS_RXPS_NEW;
1357 * if there's no protocol max frame size given, we are
1358 * supposed to default to context->pt_serv_buf_size
1361 if (!wsi->protocol->rx_buffer_size &&
1362 wsi->u.ws.rx_ubuf_head != wsi->context->pt_serv_buf_size)
1365 if (wsi->protocol->rx_buffer_size &&
1366 wsi->u.ws.rx_ubuf_head !=
1367 wsi->protocol->rx_buffer_size)
1370 /* spill because we filled our rx buffer */
1373 * is this frame a control packet we should take care of at this
1374 * layer? If so service it and hide it from the user callback
1377 lwsl_parser("spill on %s\n", wsi->protocol->name);
1379 switch (wsi->u.ws.opcode) {
1380 case LWSWSOPC_CLOSE:
1382 /* is this an acknowledgement of our close? */
1383 if (wsi->state == LWSS_AWAITING_CLOSE_ACK) {
1385 * fine he has told us he is closing too, let's
1388 lwsl_parser("seen client close ack\n");
1391 if (wsi->state == LWSS_RETURNED_CLOSE_ALREADY)
1392 /* if he sends us 2 CLOSE, kill him */
1395 if (lws_partial_buffered(wsi)) {
1397 * if we're in the middle of something,
1398 * we can't do a normal close response and
1399 * have to just close our end.
1401 wsi->socket_is_permanently_unusable = 1;
1402 lwsl_parser("Closing on peer close due to Pending tx\n");
1406 if (user_callback_handle_rxflow(
1407 wsi->protocol->callback, wsi,
1408 LWS_CALLBACK_WS_PEER_INITIATED_CLOSE,
1410 &wsi->u.ws.rx_ubuf[LWS_PRE],
1411 wsi->u.ws.rx_ubuf_head))
1414 lwsl_parser("server sees client close packet\n");
1415 wsi->state = LWSS_RETURNED_CLOSE_ALREADY;
1416 /* deal with the close packet contents as a PONG */
1417 wsi->u.ws.payload_is_close = 1;
1418 goto process_as_ping;
1421 lwsl_info("received %d byte ping, sending pong\n",
1422 wsi->u.ws.rx_ubuf_head);
1424 if (wsi->u.ws.ping_pending_flag) {
1426 * there is already a pending ping payload
1427 * we should just log and drop
1429 lwsl_parser("DROP PING since one pending\n");
1433 /* control packets can only be < 128 bytes long */
1434 if (wsi->u.ws.rx_ubuf_head > 128 - 3) {
1435 lwsl_parser("DROP PING payload too large\n");
1439 /* stash the pong payload */
1440 memcpy(wsi->u.ws.ping_payload_buf + LWS_PRE,
1441 &wsi->u.ws.rx_ubuf[LWS_PRE],
1442 wsi->u.ws.rx_ubuf_head);
1444 wsi->u.ws.ping_payload_len = wsi->u.ws.rx_ubuf_head;
1445 wsi->u.ws.ping_pending_flag = 1;
1447 /* get it sent as soon as possible */
1448 lws_callback_on_writable(wsi);
1450 wsi->u.ws.rx_ubuf_head = 0;
1454 lwsl_info("received pong\n");
1455 lwsl_hexdump(&wsi->u.ws.rx_ubuf[LWS_PRE],
1456 wsi->u.ws.rx_ubuf_head);
1458 if (wsi->pending_timeout == PENDING_TIMEOUT_WS_PONG_CHECK_GET_PONG) {
1459 lwsl_info("received expected PONG on wsi %p\n", wsi);
1460 lws_set_timeout(wsi, NO_PENDING_TIMEOUT, 0);
1464 callback_action = LWS_CALLBACK_RECEIVE_PONG;
1467 case LWSWSOPC_TEXT_FRAME:
1468 case LWSWSOPC_BINARY_FRAME:
1469 case LWSWSOPC_CONTINUATION:
1473 lwsl_parser("passing opc %x up to exts\n",
1476 * It's something special we can't understand here.
1477 * Pass the payload up to the extension's parsing
1481 eff_buf.token = &wsi->u.ws.rx_ubuf[LWS_PRE];
1482 eff_buf.token_len = wsi->u.ws.rx_ubuf_head;
1484 if (lws_ext_cb_active(wsi, LWS_EXT_CB_EXTENDED_PAYLOAD_RX,
1486 /* not handle or fail */
1487 lwsl_ext("ext opc opcode 0x%x unknown\n",
1490 wsi->u.ws.rx_ubuf_head = 0;
1495 * No it's real payload, pass it up to the user callback.
1496 * It's nicely buffered with the pre-padding taken care of
1497 * so it can be sent straight out again using lws_write
1500 eff_buf.token = &wsi->u.ws.rx_ubuf[LWS_PRE];
1501 eff_buf.token_len = wsi->u.ws.rx_ubuf_head;
1504 lwsl_ext("%s: passing %d to ext\n", __func__, eff_buf.token_len);
1506 if (wsi->state == LWSS_RETURNED_CLOSE_ALREADY ||
1507 wsi->state == LWSS_AWAITING_CLOSE_ACK)
1510 n = lws_ext_cb_active(wsi, LWS_EXT_CB_PAYLOAD_RX, &eff_buf, 0);
1511 /* eff_buf may be pointing somewhere completely different now,
1514 wsi->u.ws.first_fragment = 0;
1517 * we may rely on this to get RX, just drop connection
1519 wsi->socket_is_permanently_unusable = 1;
1523 if (rx_draining_ext && eff_buf.token_len == 0)
1526 if (n && eff_buf.token_len) {
1527 /* extension had more... main loop will come back */
1528 lws_add_wsi_to_draining_ext_list(wsi);
1530 lws_remove_wsi_from_draining_ext_list(wsi);
1532 if (eff_buf.token_len > 0 ||
1533 callback_action == LWS_CALLBACK_RECEIVE_PONG) {
1534 eff_buf.token[eff_buf.token_len] = '\0';
1536 if (wsi->protocol->callback) {
1538 if (callback_action == LWS_CALLBACK_RECEIVE_PONG)
1539 lwsl_info("Doing pong callback\n");
1541 ret = user_callback_handle_rxflow(
1542 wsi->protocol->callback,
1544 (enum lws_callback_reasons)callback_action,
1550 lwsl_err("No callback on payload spill!\n");
1554 wsi->u.ws.rx_ubuf_head = 0;
1562 lwsl_warn("Control frame with xtended length is illegal\n");
1563 /* kill the connection */
1568 lws_remaining_packet_payload(struct lws *wsi)
1570 return wsi->u.ws.rx_packet_length;
1573 /* Once we reach LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED, we know how much
1574 * to expect in that state and can deal with it in bulk more efficiently.
1578 lws_payload_until_length_exhausted(struct lws *wsi, unsigned char **buf,
1581 unsigned char *buffer = *buf, mask[4];
1586 if (wsi->protocol->rx_buffer_size)
1587 buffer_size = wsi->protocol->rx_buffer_size;
1589 buffer_size = wsi->context->pt_serv_buf_size;
1590 avail = buffer_size - wsi->u.ws.rx_ubuf_head;
1592 /* do not consume more than we should */
1593 if (avail > wsi->u.ws.rx_packet_length)
1594 avail = wsi->u.ws.rx_packet_length;
1596 /* do not consume more than what is in the buffer */
1600 /* we want to leave 1 byte for the parser to handle properly */
1605 rx_ubuf = wsi->u.ws.rx_ubuf + LWS_PRE + wsi->u.ws.rx_ubuf_head;
1606 if (wsi->u.ws.all_zero_nonce)
1607 memcpy(rx_ubuf, buffer, avail);
1610 for (n = 0; n < 4; n++)
1611 mask[n] = wsi->u.ws.mask[(wsi->u.ws.mask_idx + n) & 3];
1613 /* deal with 4-byte chunks using unwrapped loop */
1616 *(rx_ubuf++) = *(buffer++) ^ mask[0];
1617 *(rx_ubuf++) = *(buffer++) ^ mask[1];
1618 *(rx_ubuf++) = *(buffer++) ^ mask[2];
1619 *(rx_ubuf++) = *(buffer++) ^ mask[3];
1621 /* and the remaining bytes bytewise */
1622 for (n = 0; n < (int)(avail & 3); n++)
1623 *(rx_ubuf++) = *(buffer++) ^ mask[n];
1625 wsi->u.ws.mask_idx = (wsi->u.ws.mask_idx + avail) & 3;
1629 wsi->u.ws.rx_ubuf_head += avail;
1630 wsi->u.ws.rx_packet_length -= avail;