57 min agoopenssl: need ldl to detect apis when no openssl .so bringing it in master
Andy Green [Mon, 27 May 2019 10:52:28 +0000 (18:52 +0800)]
openssl: need ldl to detect apis when no openssl .so bringing it in

test apps also accordingly need building with -ldl

4 days agoclient: modernize socks5 fixing heap overflow
Andy Green [Wed, 22 May 2019 14:51:04 +0000 (15:51 +0100)]
client: modernize socks5 fixing heap overflow

9 days agounix plat: add minimal wsi fd map option
Andy Green [Fri, 17 May 2019 00:20:07 +0000 (01:20 +0100)]
unix plat: add minimal wsi fd map option

An lws context usually contains a processwide fd -> wsi lookup table.

This allows any possible fd returned by a *nix type OS to be immediately
converted to a wsi just by indexing an array of struct lws * the size of
the highest possible fd, as found by ulimit -n or similar.

This works modestly for Linux type systems where the default ulimit -n for
a process is 1024, it means a 4KB or 8KB lookup table for 32-bit or
64-bit systems.

However in the case your lws usage is much simpler, like one outgoing
client connection and no serving, this represents increasing waste.  It's
made much worse if the system has a much larger default ulimit -n, eg 1M,
the table is occupying 4MB or 8MB, of which you will only use one.

Even so, because lws can't be sure the OS won't return a socket fd at any
number up to (ulimit -n - 1), it has to allocate the whole lookup table
at the moment.

This patch looks to see if the context creation info is setting
info->fd_limit_per_thread... if it leaves it at the default 0, then
everything is as it was before this patch.  However if finds that
(info->fd_limit_per_thread * actual_number_of_service_threads) where
the default number of service threads is 1, is less than the fd limit
set by ulimit -n, lws switches to a slower lookup table scheme, which
only allocates the requested number of slots.  Lookups happen then by
iterating the table and comparing rather than indexing the array
directly, which is obviously somewhat of a performance hit.

However in the case where you know lws will only have a very few wsi
maximum, this method can very usefully trade off speed to be able to
avoid the allocation sized by ulimit -n.

minimal examples for client that can make use of this are also modified
by this patch to use the smaller context allocations.

9 days agotokenize: add one more api test
Andy Green [Fri, 17 May 2019 12:59:20 +0000 (13:59 +0100)]
tokenize: add one more api test

10 days agono h2: fix unused var warning
Andy Green [Fri, 17 May 2019 00:24:52 +0000 (01:24 +0100)]
no h2: fix unused var warning

11 days agoSubject: [PATCH] Fix bzero misdetection also for GCC >=8
Orgad Shaneh [Thu, 16 May 2019 07:28:20 +0000 (10:28 +0300)]
Subject: [PATCH] Fix bzero misdetection also for GCC >=8

The fix in 1d6128d1fe76e6148cd9955db38be39481526f65 worked for
MinGW with GCC7, but GCC8 evidentially got smarter, and it
also substitutes bzero->memset for larger arrays.

Set the emitted warning as an error to avoid misdetection.

12 days agocmake: probe gcc flags capability
Andy Green [Wed, 15 May 2019 06:27:18 +0000 (07:27 +0100)]
cmake: probe gcc flags capability

old gcc doesn't have some of the extended warning flags we want to apply...
use cmake to confirm the gcc has them before trying to use them.

2 weeks agoabstract: raw protocol name is raw-skt
Andy Green [Sun, 12 May 2019 14:49:01 +0000 (15:49 +0100)]
abstract: raw protocol name is raw-skt

not raw_skt

2 weeks agoh2: align h1 upgrade to work same as alpn upgrade
Andy Green [Sun, 12 May 2019 07:01:50 +0000 (08:01 +0100)]
h2: align h1 upgrade to work same as alpn upgrade

Although the code exists for non-tls h1 upgrade to h2, it hasn't been looked
after since all expected uses for h2 are going to be via h2 / alpn.

This patch aligns its upgrade actions with alpn upgrade path so it works OK

$ curl --http2 http://localhost:7681/ -v -w "\n"

ie, without tls.  Operation via tls is unaffected.

To use the non-tls upgrade path, you have to be listening without tls, ie with the
test server without -s.  If you're listening in a way that requires tls, this
can't be used to bypass that (or, eg, client certs) in itself, since you have to be
able to talk to it in h1 in the first place to attempt the upgrade to h2.

The common h2 path has some code to dropping the ah unconditionally it looks
like after the first service... this is too aggressive since the first thing
coming on the upgrade path is WINDOW_UPDATE.  It looks wrong anyway, transaction /
stream completion will drop the ah and should be enough.

2 weeks agombedtls: correct memory cert usage
Andy Green [Fri, 10 May 2019 05:29:35 +0000 (06:29 +0100)]
mbedtls: correct memory cert usage

2 weeks agouv: solve contradiction with WITHOUT_SERVER
Andy Green [Thu, 9 May 2019 06:28:36 +0000 (07:28 +0100)]
uv: solve contradiction with WITHOUT_SERVER

3 weeks agogeneric-sessions update
Andy Green [Fri, 5 Apr 2019 13:13:59 +0000 (21:13 +0800)]
generic-sessions update

Generic sessions has been overdue some love to align it with
the progress in the rest of lws.

1) Strict Content Security Policy
2) http2 compatibility
3) fixes and additions for use in a separate process via unix domain socket
4) work on ws and http proxying in lws
5) add minimal example

3 weeks agopmd: split ebufs to track in and out
Andy Green [Sat, 4 May 2019 12:19:12 +0000 (13:19 +0100)]
pmd: split ebufs to track in and out

3 weeks agosmtp: make abstract
Andy Green [Sun, 21 Apr 2019 18:57:19 +0000 (19:57 +0100)]
smtp: make abstract

3 weeks agows: connection parse: check just the resolved token
Andy Green [Sat, 4 May 2019 07:23:03 +0000 (08:23 +0100)]
ws: connection parse: check just the resolved token

Add strncasecmp to correctly restrict the check to just the
tokenizer token extent

3 weeks agocc0: align dedication to CC0 FAQ recommended format
Andy Green [Wed, 1 May 2019 06:57:56 +0000 (07:57 +0100)]
cc0: align dedication to CC0 FAQ recommended format

thanks to Bruce Perens for noting it.

This doesn't change the intention or status of the CC0 files, they were
pure CC0 before (ie, public domain) and they are pure CC0 now.  It just
gets rid of the (C) part at the top of the dedication which may be read
to be a bit contradictory since the purpose is to make it public domain.

3 weeks agoopenssl3: improve api availability tests
Andy Green [Tue, 30 Apr 2019 07:13:32 +0000 (08:13 +0100)]
openssl3: improve api availability tests

3 weeks agolejp: allow up to 20 digit decimal numbers
Andy Green [Sun, 28 Apr 2019 05:58:13 +0000 (06:58 +0100)]
lejp: allow up to 20 digit decimal numbers

3 weeks agolejp: make sure child object close is not mistaken for parent
Andy Green [Sun, 21 Apr 2019 19:07:07 +0000 (20:07 +0100)]
lejp: make sure child object close is not mistaken for parent

3 weeks agopermissions: adapt drop permissions plat function to do uid and gid lookup separately
Andy Green [Sun, 21 Apr 2019 18:51:03 +0000 (19:51 +0100)]
permissions: adapt drop permissions plat function to do uid and gid lookup separately

3 weeks agoplugins: remove requirement for libuv on unix
Andy Green [Sun, 21 Apr 2019 18:46:41 +0000 (19:46 +0100)]
plugins: remove requirement for libuv on unix

5 weeks agorx flow: use dll2
Andy Green [Sun, 21 Apr 2019 05:24:05 +0000 (06:24 +0100)]
rx flow: use dll2

5 weeks agorx flow: handle partial flow buffer consumption
Andy Green [Fri, 19 Apr 2019 06:13:40 +0000 (07:13 +0100)]
rx flow: handle partial flow buffer consumption

rx flow control needs to handle the situation that it is draining from
a previous rx flow control period, and the user code reasserts rx flow
control partway through that.

The accounting for the used rx then boils down to only trimming the
rxflow buflist we were "replaying" to consume however much we managed
to deliver of that this time before the rx flow control came again.

"Normal" rx consumption is wrong in this case, since we accounted for
it entirely in the rxflow cache buflist.

The patch recognizes this situation, does the accounting in the cache
buflist, and then lies to the caller that there was no rx consumption
to be accounted for at his level.

5 weeks agoclient http rx: check correct binding state
Andy Green [Sat, 20 Apr 2019 08:14:49 +0000 (09:14 +0100)]
client http rx: check correct binding state

6 weeks agohttp: refactor and fixes in lws_get_mimetype
pavelxdd [Mon, 8 Apr 2019 18:03:32 +0000 (21:03 +0300)]
http: refactor and fixes in lws_get_mimetype

- prioritize user-defined mimetypes over predefined server mimetypes.
- fix accessing memory out of string bounds.
- prefer case-insensitive comparison for extension matching.
- other minor fixes and improvements.

7 weeks agospa: add info args and stride
Andy Green [Fri, 5 Apr 2019 01:01:20 +0000 (09:01 +0800)]
spa: add info args and stride

This is aimed at allowing a stride to optionally be
given for the parameter name array... this will allow
use of lws_struct metadata as the parameter name

Also introduce the option to put all allocations in
an lwsac instead of via lws_mallocs.

7 weeks agopost: only report BODY_COMPLETION once
Andy Green [Fri, 5 Apr 2019 01:08:55 +0000 (09:08 +0800)]
post: only report BODY_COMPLETION once

7 weeks agolws_struct
Andy Green [Sat, 30 Mar 2019 14:14:15 +0000 (22:14 +0800)]

lws_struct JSON + sqlite3 serializer and deserializer


7 weeks agows: client: if server sends no subprotocol prefer any existing protocol
kzhdev [Fri, 5 Apr 2019 01:04:25 +0000 (20:04 -0500)]
ws: client: if server sends no subprotocol prefer any existing protocol

7 weeks agoopenssl: client: handle no tcr
kzhdev [Fri, 5 Apr 2019 17:14:47 +0000 (12:14 -0500)]
openssl: client: handle no tcr

7 weeks agocgi: fix h2 timeouts
Andy Green [Fri, 5 Apr 2019 13:19:09 +0000 (21:19 +0800)]
cgi: fix h2 timeouts

7 weeks agohttp: basic auth: fix delay on Firefox
pavelxdd [Wed, 3 Apr 2019 07:18:17 +0000 (10:18 +0300)]
http: basic auth: fix delay on Firefox

Firefox sends HTTP requests with "Connection: keep-alive" header.
When LWS responds with 401 and WWW-Authenticate header, Firefox
doesn't show an authentication dialog until connection is closed.
Adding "Content-Length: 0" solves the problem.

7 weeks agoopenssl: client: check wsi from openssl private data
Andy Green [Wed, 3 Apr 2019 00:04:48 +0000 (08:04 +0800)]
openssl: client: check wsi from openssl private data

v2.4 was patched to check NULL wsi in the verify callback,
nobody has reported it on later versions, but might as well
check it too.

7 weeks agowindows: fix build on VS2017 WIN10
Kieran [Mon, 1 Apr 2019 15:23:52 +0000 (23:23 +0800)]
windows: fix build on VS2017 WIN10

8 weeks agocmake: Fix bzero mis-detection on MinGW
elivdahan [Mon, 1 Apr 2019 06:38:20 +0000 (09:38 +0300)]
cmake: Fix bzero mis-detection on MinGW

Using a C compiler ignores non-existent functions, and tries to link them anyway.

The compiler optimizes `bzero(buf, 1)` to `movb   $0x0,0xf(%esp)`, so bzero is
not called at all, and the linker succeeds.

Increase the buffer size to 100 to avoid this optimization.

8 weeks agolwsac_use_zero
Andy Green [Thu, 28 Mar 2019 05:07:45 +0000 (13:07 +0800)]

8 weeks agodocs: add READMEs/
Andy Green [Wed, 27 Mar 2019 22:47:02 +0000 (06:47 +0800)]
docs: add READMEs/

2 months agodocs: lws_dll and lws_dll2 documentation 3
Andy Green [Sat, 23 Mar 2019 08:50:20 +0000 (16:50 +0800)]
docs: lws_dll and lws_dll2 documentation 3

2 months agows proxy: also proxy ACCEPT_LANGUAGE
Andy Green [Mon, 25 Mar 2019 11:03:19 +0000 (19:03 +0800)]
ws proxy: also proxy ACCEPT_LANGUAGE

2 months agounix skt: allow control over skt user:group
Andy Green [Mon, 25 Mar 2019 00:07:28 +0000 (08:07 +0800)]
unix skt: allow control over skt user:group

If you're providing a unix socket service that will be proxied / served by another
process on the same machine, the unix fd permissions on the listening unix socket fd
have to be managed so only something running under the server credentials
can open the listening unix socket.

2 months agocontext: add info members to drop privileges using user and group name strings
Andy Green [Sun, 24 Mar 2019 09:54:48 +0000 (17:54 +0800)]
context: add info members to drop privileges using user and group name strings

Up until now if you wanted to drop privs, a numeric uid and gid had to be
given in info to control post-init permissions... this adds info.username
and info.groupname where you can do the same using user and group names.

The internal plat helper lws_plat_drop_app_privileges() is updated to directly use
context instead of info both ways it can be called, and to be able to return fatal

All failures to lookup non-0 or -1 uid or gid names from uid, or to look up
uid or gid from username or groupnames given, get an err message and fatal exit.

2 months agodocs: correct lws_random doxygen docs 9
Andy Green [Sun, 24 Mar 2019 06:03:31 +0000 (14:03 +0800)]
docs: correct lws_random doxygen docs 9

2 months agolws_hex_to_byte_array
Andy Green [Sat, 23 Mar 2019 04:41:29 +0000 (12:41 +0800)]

Convert ascii hex into byte array

2 months agoclose: after DROP_PROTOCOL no longer report traffic to callback
Andy Green [Sat, 23 Mar 2019 00:02:53 +0000 (08:02 +0800)]
close: after DROP_PROTOCOL no longer report traffic to callback


2 months agohttp proxy: proxy Authorization header
Andy Green [Fri, 22 Mar 2019 10:52:08 +0000 (18:52 +0800)]
http proxy: proxy Authorization header

Sai notifications are signed using Authorization: and "sai" auth type.

After the auth type, the format is, eg, "sha256=<hash>" .

2 months agolws_spa: add CLOSE callback
Andy Green [Fri, 22 Mar 2019 08:55:51 +0000 (16:55 +0800)]
lws_spa: add CLOSE callback

This should ease the situation where there was creation done in the
callback for LWS_UFS_OPEN

2 months agohttp proxy: support POST
Andy Green [Thu, 21 Mar 2019 22:22:40 +0000 (06:22 +0800)]
http proxy: support POST

2 months agospa: allow instantiation with no parse array
Andy Green [Fri, 22 Mar 2019 03:23:06 +0000 (11:23 +0800)]
spa: allow instantiation with no parse array

If you just want a "file" in multipart, don't care about the length or
anything else, then you don't need any params tables and associated

2 months agoalpn: handle ALLOW_NON_SSL_ON_SSL_PORT
Andy Green [Thu, 21 Mar 2019 21:30:22 +0000 (05:30 +0800)]

2 months agohrtimer: insert must handle head tail pointers
Andy Green [Thu, 21 Mar 2019 10:53:59 +0000 (18:53 +0800)]
hrtimer: insert must handle head tail pointers

2 months agohrtimer: remove from correct dll before resetting
Andy Green [Thu, 21 Mar 2019 05:41:36 +0000 (13:41 +0800)]
hrtimer: remove from correct dll before resetting

2 months agows proxy: also proxy h1 ws to h1 and h2
Andy Green [Tue, 19 Mar 2019 03:53:57 +0000 (11:53 +0800)]
ws proxy: also proxy h1 ws to h1 and h2

lws has been able to proxy h2 or h1 inbound connections to an
h1 onward connection for a while now.  It's simple to use just
build with LWS_WITH_HTTP_PROXY and make a mount where the origin
is the onward connection details.  Unix sockets can also be
used as the onward connection.

This patch extends the support to be able to also do the same for
inbound h2 or h1 ws upgrades to an h1 ws onward connection as well.

This allows you to offer completely different services in a
common URL space, including ones that connect back by ws / wss.

2 months agominimal-http-server-eventlib-smp
Andy Green [Thu, 21 Mar 2019 01:27:45 +0000 (09:27 +0800)]

2 months agolws_dll[2]_foreach_safe: add user cb param
Andy Green [Wed, 20 Mar 2019 23:04:44 +0000 (07:04 +0800)]
lws_dll[2]_foreach_safe: add user cb param

The callback flow is a bit more disruptive than doing the iteration
directly in your function.  This helps by passing a user void *
into the callback set as an lws_dll[2]_foreach_safe() arg.

2 months agonossl recv: always respond to 0 length read as shutdown
Andy Green [Wed, 20 Mar 2019 22:47:54 +0000 (06:47 +0800)]
nossl recv: always respond to 0 length read as shutdown

2 months agolws_dll: remove lws_dll_lws and deprecate lws_dll_remove
Andy Green [Tue, 19 Mar 2019 23:39:55 +0000 (07:39 +0800)]
lws_dll: remove lws_dll_lws and deprecate lws_dll_remove

2 months agolws_dll: teach it to track tail as well as head
Andy Green [Tue, 19 Mar 2019 03:54:27 +0000 (11:54 +0800)]
lws_dll: teach it to track tail as well as head

2 months agolws_dll_foreach_safe
Andy Green [Mon, 18 Mar 2019 08:12:45 +0000 (16:12 +0800)]

2 months agoopenssl: gencrypto: aes gcm AAD: use EncryptUpdate or DecryptUpdate to set AAD
Andy Green [Wed, 20 Mar 2019 22:16:16 +0000 (06:16 +0800)]
openssl: gencrypto: aes gcm AAD: use EncryptUpdate or DecryptUpdate to set AAD

Until 1.1.1b OpenSSL didn't mind we were setting AAD for AES GCM
using EVP_EncryptUpdate() for both encrypt and decrypt... but now
it noticed and the bug is fixed.

2 months agoopenssl3: handle EC_POINT_get_affine_coordinates api change
Andy Green [Wed, 20 Mar 2019 11:24:29 +0000 (19:24 +0800)]
openssl3: handle EC_POINT_get_affine_coordinates api change

2 months agoopenssl: reuse client SSL_CTX where possible
Andy Green [Sun, 17 Mar 2019 02:03:22 +0000 (10:03 +0800)]
openssl: reuse client SSL_CTX where possible

If you have multiple vhosts with client contexts enabled, under
OpenSSL each one brings in the system cert bundle.

On, there are many vhosts and the waste adds up
to about 9MB of heap.

This patch makes a sha256 from the client context configuration, and
if a suitable client context already exists on another vhost, bumps
a refcount and reuses the client context.

In the case client contexts are configured differently, a new one
is created (and is available for reuse as well).

2 months agoserver-status: show correct statm value
Andy Green [Sun, 17 Mar 2019 05:58:28 +0000 (13:58 +0800)]
server-status: show correct statm value

2 months agominimal-http-server-proxy
Andy Green [Sat, 16 Mar 2019 08:19:00 +0000 (16:19 +0800)]

2 months agoopenssl: try to reduce memory usage
Andy Green [Sat, 16 Mar 2019 02:17:28 +0000 (10:17 +0800)]
openssl: try to reduce memory usage

2 months agombedtls: handle vhost without valid cert gracefully
Andy Green [Sat, 16 Mar 2019 01:54:52 +0000 (09:54 +0800)]
mbedtls: handle vhost without valid cert gracefully

2 months agoglibc: if malloc_trim() exists, call it periodically
Andy Green [Sat, 16 Mar 2019 00:10:47 +0000 (08:10 +0800)]
glibc: if malloc_trim() exists, call it periodically

2 months agoappveyor: add JOSE target
Andy Green [Fri, 15 Mar 2019 07:28:30 +0000 (15:28 +0800)]
appveyor: add JOSE target

2 months agowindows: prepare for udp
Andy Green [Sat, 9 Mar 2019 21:12:58 +0000 (05:12 +0800)]
windows: prepare for udp

2 months agojwk: remove unistd.h include
Andy Green [Thu, 14 Mar 2019 13:22:17 +0000 (21:22 +0800)]
jwk: remove unistd.h include

2 months agolws_dir: wrap dir scanning backend and convert lejp-conf
Andy Green [Thu, 14 Mar 2019 00:24:40 +0000 (08:24 +0800)]
lws_dir: wrap dir scanning backend and convert lejp-conf

We use POSIX dir scanning apis normally, but for windows, we require libuv
to do it for us.

Formalize that into a wrapper lws_dir() that hides the backend code.

Make it configurable, ON by default and forced on with lejp-conf that
depends on it.

2 months agombedtls: Fix reads getting stuck when the socket has disconnected
Santeri Hernejärvi [Thu, 14 Mar 2019 11:05:35 +0000 (12:05 +0100)]
mbedtls: Fix reads getting stuck when the socket has disconnected

We've seen this behaviour when iOS resumes from sleep:

dbg> 0x11cd03750: ssl err dbg> lws_ssl_capable_read: WANT_READ
dbg> SSL Capable more service
dbg> 0x11cd03750: SSL_read says -1
dbg> 0x11cd03750: ssl err 2 errno 57
dbg> lws_ssl_capable_read: WANT_READ
dbg> 0x11cd0375dbg> SSL Capable more service
dbg> 0x11cd03750: SSL_read says -1
dbg> 0x11cd03750: ssl err 2 errno 57
dbg> lws_ssl_capable_read: WANT_READ

2 months agodbus: selftests should use more unique mirror session name
Andy Green [Thu, 14 Mar 2019 00:52:51 +0000 (08:52 +0800)]
dbus: selftests should use more unique mirror session name

2 months agodbus: signal.h needed explicitly on some platforms
Brian Lee [Wed, 13 Mar 2019 14:29:18 +0000 (14:29 +0000)]
dbus: signal.h needed explicitly on some platforms

2 months agovhost: fix allocated protocol list freeing at destroy time
Andy Green [Tue, 12 Mar 2019 01:20:58 +0000 (09:20 +0800)]
vhost: fix allocated protocol list freeing at destroy time

2 months agolwsac_use_zeroed: lwsac helper equivalent to zalloc
Andy Green [Tue, 12 Mar 2019 00:05:09 +0000 (08:05 +0800)]
lwsac_use_zeroed: lwsac helper equivalent to zalloc

2 months agolejp: integrate error strings and api to core lejp
Andy Green [Mon, 11 Mar 2019 23:54:27 +0000 (07:54 +0800)]
lejp: integrate error strings and api to core lejp

lejp-conf isn't the only user that needs to generate human-readable
JSON parsing error stacks.

Build it in with lejp and introduce an error code -> string api

2 months agominimal-http-client-custom-headers
Andy Green [Sun, 10 Mar 2019 21:54:08 +0000 (05:54 +0800)]

2 months agoold openssl: dont build with membuffer apis
Andy Green [Fri, 8 Mar 2019 07:26:33 +0000 (15:26 +0800)]
old openssl: dont build with membuffer apis

2 months agovhost info: add memory buffer cert support
Andy Green [Thu, 14 Feb 2019 06:35:24 +0000 (14:35 +0800)]
vhost info: add memory buffer cert support

2 months agovhost: add pprotocols to vhost info
Andy Green [Sat, 9 Mar 2019 21:34:02 +0000 (05:34 +0800)]
vhost: add pprotocols to vhost info

info.protocols works okay, but it has an annoying problem... you have to know
the type for each protocol's pss at the top level of the code, so you can set
the struct lws_protocols user_data size for it.

Lws already rewrites the protocol tables for a vhost in the case of runtime
protocol plugins... this adapts that already-existing code slightly to give
a new optional way to declare the protocol array.

Everything works as before by default, but now info.protocols may be NULL and
info.pprotocols defined instead (if that's also NULL, as it will be if you
just ignore it after memsetting to 0, then it continues to fall back to the
dummy protocol handler as before).

info.pprotocols is a NULL-termined array of pointers to lws_protocol
structs.  This can be composed at the top level of your code without knowing
anything except the name of the externally-defined lws_protocol struct(s).

The minimal example http-server-dynamic is changed to use the new scheme as
an example.

2 months agooptee: supporting sockaddr* variants and cleanup
Akira Tsukamoto [Fri, 8 Mar 2019 15:16:19 +0000 (00:16 +0900)]
optee: supporting sockaddr* variants and cleanup

Without this patch, the build will break with gcc 8.2 as bellow.
optee_os/lib/libwebsockets/libwebsockets/lib/core-net/network.c: In function ‘lws_socket_bind’:
optee_os/lib/libwebsockets/libwebsockets/lib/core-net/network.c:347:4: error: ‘memcpy’ forming offset [5, 16] is out of the bounds [0, 4] of object ‘sin’ with type ‘struct sockaddr_storage’ [-Werror=array-bounds]
    memcpy(&sain, &sin, sizeof(sain));
/home/akirat/dev/otrp/aist-tb/optee_os/lib/libwebsockets/libwebsockets/lib/core-net/network.c:224:26: note: ‘sin’ declared here
  struct sockaddr_storage sin;
cc1: all warnings being treated as errors

Signed-off-by: Akira Tsukamoto <>
2 months agomingw: windows: make minimal examples build
Andy Green [Fri, 8 Mar 2019 03:43:33 +0000 (11:43 +0800)]
mingw: windows: make minimal examples build

2 months agobzero: replace all with memset
Andy Green [Fri, 8 Mar 2019 02:50:55 +0000 (10:50 +0800)]
bzero: replace all with memset

lws_explicit_bzero() is available if the goal is to have volatile zeroing.

2 months agoipv6: force ipv4 if iface bind uses ipv4 address
Andy Green [Fri, 8 Mar 2019 00:58:56 +0000 (08:58 +0800)]
ipv6: force ipv4 if iface bind uses ipv4 address

2 months agoxenial: fix missing stdio.h errors in minimal examples
Andy Green [Thu, 7 Mar 2019 10:31:59 +0000 (18:31 +0800)]
xenial: fix missing stdio.h errors in minimal examples

2 months agominimal-ws-client-echo: add -i iface option to allow control of client iface bind
Andy Green [Thu, 7 Mar 2019 03:59:20 +0000 (11:59 +0800)]
minimal-ws-client-echo: add -i iface option to allow control of client iface bind

2 months agoipv6: support [ipv6]:port in client proxy
Andy Green [Thu, 7 Mar 2019 02:36:57 +0000 (10:36 +0800)]
ipv6: support [ipv6]:port in client proxy

2 months agoadopt: force incoming fd to nonblocking
Andy Green [Thu, 7 Mar 2019 01:49:52 +0000 (09:49 +0800)]
adopt: force incoming fd to nonblocking

Incoming fds muct be nonblocking for any event loop... add a platform
api to do that and call it during adopt.

2 months agocmake cross: non-bash doesn't deal with quoted options correctly
Andy Green [Mon, 4 Mar 2019 12:43:58 +0000 (20:43 +0800)]
cmake cross: non-bash doesn't deal with quoted options correctly

Although it works find on Fedora / bash, the extra quotes are snipped
on Ubuntu / dash.  Removing the quotes works OK on both.

2 months agocmake: override build system release optimization policy
Andy Green [Wed, 27 Feb 2019 23:05:12 +0000 (07:05 +0800)]
cmake: override build system release optimization policy

The cmake config on the build system actually decides the release build optimization policy.
On Fedora, it's -O2.  On Ubuntu, it's -O3.

Anything given in CMakeLists.txt is overridden by the build system policy since it goes at
the end of the compiler commandline.

When you are building cross, the build system's opinion of your cross binary optimization
level is irrelevant, and at worst destructive.  Some versions of gcc contain broken optimizations
that are applied only at -O3.

This patch removes any doomed attempt to set -O in CMakeLists.txt, which has
no effect since the build system policy is still added at the end, but
removes confusion; and adds code to all the cross build files to forcibly
override release optimization level to -O2, removing the build system's
opinion of how your cross build should look.

2 months agoah: custom headers for h1
Andy Green [Tue, 26 Feb 2019 09:18:24 +0000 (17:18 +0800)]
ah: custom headers for h1

Until now lws only parses headers it knows at build-time from its
prebuilt lexical analyzer.

This adds an on-by-default cmake option and a couple of apis
to also store and query "custom", ie, unknown-to-lws headers.

A minimal example is also provided.

At the moment it only works on h1, h2 support needs improvements
to the hpack implementation.

Since it bloats ah memory usage compared to without it if custom
headers are present, the related code and ah footprint can be
disabled with the cmake option LWS_WITH_CUSTOM_HEADERS, but it's
on by default normally.  ESP32 platform disables it.

2 months agolibuv: account for pipe close only once
Andy Green [Fri, 1 Mar 2019 11:42:42 +0000 (19:42 +0800)]
libuv: account for pipe close only once

2 months agoipv6: migrate header includes to private.h
Andy Green [Thu, 28 Feb 2019 01:44:28 +0000 (09:44 +0800)]
ipv6: migrate header includes to private.h

2 months agouv: ensure watcher exists before operating on it
Andy Green [Sat, 23 Feb 2019 22:16:57 +0000 (06:16 +0800)]
uv: ensure watcher exists before operating on it

This seen in the wild...

==20578== Invalid read of size 1
==20578==    at 0x4D2E018: uv_poll_stop (poll.c:112)
==20578==    by 0x48BC159: elops_io_uv (libuv.c:684)
==20578==    by 0x4872F55: __remove_wsi_socket_from_fds (pollfd.c:326)
==20578==    by 0x486EF1B: __lws_close_free_wsi (close.c:425)
==20578==    by 0x486F3E2: lws_close_free_wsi (close.c:518)
==20578==    by 0x487564C: lws_service_fd_tsi (service.c:1033)
==20578==    by 0x48BAEA9: lws_io_cb (libuv.c:117)
==20578==    by 0x4D3606F: uv__io_poll (linux-core.c:379)
==20578==    by 0x4D27714: uv_run (core.c:361)
==20578==    by 0x48BC347: elops_run_pt_uv (libuv.c:735)
==20578==    by 0x4875746: lws_service (service.c:1080)
==20578==    by 0x401A51: main (main.c:309)
==20578==  Address 0x58 is not stack'd, malloc'd or (recently) free'd

2 months agosmp: take pt lock in poll foreign thread detection
Andy Green [Sat, 23 Feb 2019 07:24:57 +0000 (15:24 +0800)]
smp: take pt lock in poll foreign thread detection

2 months agolibuv.c: set m to 0 by default
Adam Duskett [Fri, 22 Feb 2019 20:47:41 +0000 (15:47 -0500)]
libuv.c: set m to 0 by default
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Setting m to 0 by default will prevent "error: ‘m’ may be used uninitialized in this function"
while compiling with the option -DLWS_WITH_LIBUV=ON.

2 months agosmp: adopt: deal with load balancing init window
Andy Green [Fri, 22 Feb 2019 21:41:30 +0000 (05:41 +0800)]
smp: adopt: deal with load balancing init window

With SMP as soon as we add the new sockfd to the fds table, in the
case we load-balanced the fd on to a different pt, service on it
becomes live immediately and concurrently.  This can lead to the
unexpected situation that while we think we're still initing the
new wsi from our thread, it can have lived out its whole life
concurrently from another service thread.

Add a volatile flag to inform the owning pt that if it wants to
service the wsi during this init window, it must wait and retry
next time around the event loop.

2 months agows: setting default protocol index to an illegal index disables default ws binding
Andy Green [Fri, 22 Feb 2019 06:27:21 +0000 (14:27 +0800)]
ws: setting default protocol index to an illegal index disables default ws binding

On lwsws, incoming ws connections to the default vhost
are not rejected by the dummy protocol handler and not
really serviced either, leading to bots connecting to it to
get immortal, idle ws connections with no timeout (since it's an
established ws connection).

Rejecting these connections by default by adding a handler
for ESTABLISHED in the dummy handler will solve it nicely,
but it will break an unknown number of dumb. protocol-less
user implementations that rely on this behaviour by using
break; from their own ESTABLISHED handler and calling
through to the currently NOP dummy handler one.

Add support to assertively disable the default protocol
index used for subprotocol-less ws connections instead.

2 months agoclean: LWS_SSL_ENABLED use vh as the macro arg name to clarify what should be given
Andy Green [Thu, 21 Feb 2019 22:45:25 +0000 (06:45 +0800)]
clean: LWS_SSL_ENABLED use vh as the macro arg name to clarify what should be given

2 months agohttp: log ws upgrades
Andy Green [Tue, 19 Feb 2019 23:47:48 +0000 (07:47 +0800)]
http: log ws upgrades