/* * libwebsockets - small server side websockets and web server implementation * * Copyright (C) 2010-2013 Andy Green * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation: * version 2.1 of the License. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, * MA 02110-1301 USA */ #include "private-libwebsockets.h" #if defined(WIN32) || defined(_WIN32) #include #endif unsigned char lextable[] = { #include "lextable.h" }; int lextable_decode(int pos, char c) { while (pos >= 0) { if (lextable[pos + 1] == 0) /* terminal marker */ return pos; /* case insensitive - RFC2616 */ if ((lextable[pos] & 0x7f) == tolower(c)) return pos + (lextable[pos + 1] << 1); if (lextable[pos] & 0x80) return -1; pos += 2; } return pos; } int lws_allocate_header_table(struct libwebsocket *wsi) { wsi->u.hdr.ah = malloc(sizeof(*wsi->u.hdr.ah)); if (wsi->u.hdr.ah == NULL) { lwsl_err("Out of memory\n"); return -1; } memset(wsi->u.hdr.ah->frag_index, 0, sizeof(wsi->u.hdr.ah->frag_index)); wsi->u.hdr.ah->next_frag_index = 0; wsi->u.hdr.ah->pos = 0; return 0; } LWS_VISIBLE int lws_hdr_total_length(struct libwebsocket *wsi, enum lws_token_indexes h) { int n; int len = 0; n = wsi->u.hdr.ah->frag_index[h]; if (n == 0) return 0; do { len += wsi->u.hdr.ah->frags[n].len; n = wsi->u.hdr.ah->frags[n].next_frag_index; } while (n); return len; } LWS_VISIBLE int lws_hdr_copy(struct libwebsocket *wsi, char *dest, int len, enum lws_token_indexes h) { int toklen = lws_hdr_total_length(wsi, h); int n; if (toklen >= len) return -1; n = wsi->u.hdr.ah->frag_index[h]; if (n == 0) return 0; do { strcpy(dest, &wsi->u.hdr.ah->data[wsi->u.hdr.ah->frags[n].offset]); dest += wsi->u.hdr.ah->frags[n].len; n = wsi->u.hdr.ah->frags[n].next_frag_index; } while (n); return toklen; } char *lws_hdr_simple_ptr(struct libwebsocket *wsi, enum lws_token_indexes h) { int n; n = wsi->u.hdr.ah->frag_index[h]; if (!n) return NULL; return &wsi->u.hdr.ah->data[wsi->u.hdr.ah->frags[n].offset]; } int lws_hdr_simple_create(struct libwebsocket *wsi, enum lws_token_indexes h, const char *s) { wsi->u.hdr.ah->next_frag_index++; if (wsi->u.hdr.ah->next_frag_index == sizeof(wsi->u.hdr.ah->frags) / sizeof(wsi->u.hdr.ah->frags[0])) { lwsl_warn("More hdr frags than we can deal with, dropping\n"); return -1; } wsi->u.hdr.ah->frag_index[h] = wsi->u.hdr.ah->next_frag_index; wsi->u.hdr.ah->frags[wsi->u.hdr.ah->next_frag_index].offset = wsi->u.hdr.ah->pos; wsi->u.hdr.ah->frags[wsi->u.hdr.ah->next_frag_index].len = 0; wsi->u.hdr.ah->frags[wsi->u.hdr.ah->next_frag_index].next_frag_index = 0; do { if (wsi->u.hdr.ah->pos == sizeof(wsi->u.hdr.ah->data)) { lwsl_err("Ran out of header data space\n"); return -1; } wsi->u.hdr.ah->data[wsi->u.hdr.ah->pos++] = *s; if (*s) wsi->u.hdr.ah->frags[ wsi->u.hdr.ah->next_frag_index].len++; } while (*s++); return 0; } static char char_to_hex(const char c) { if (c >= '0' && c <= '9') return c - '0'; if (c >= 'a' && c <= 'f') return c - 'a' + 10; if (c >= 'A' && c <= 'F') return c - 'A' + 10; return -1; } static int issue_char(struct libwebsocket *wsi, unsigned char c) { if (wsi->u.hdr.ah->pos == sizeof(wsi->u.hdr.ah->data)) { lwsl_warn("excessive header content\n"); return -1; } wsi->u.hdr.ah->data[wsi->u.hdr.ah->pos++] = c; if (c) wsi->u.hdr.ah->frags[wsi->u.hdr.ah->next_frag_index].len++; return 0; } int libwebsocket_parse(struct libwebsocket *wsi, unsigned char c) { int n; switch (wsi->u.hdr.parser_state) { case WSI_TOKEN_GET_URI: case WSI_TOKEN_POST_URI: case WSI_TOKEN_HOST: case WSI_TOKEN_CONNECTION: case WSI_TOKEN_KEY1: case WSI_TOKEN_KEY2: case WSI_TOKEN_PROTOCOL: case WSI_TOKEN_UPGRADE: case WSI_TOKEN_ORIGIN: case WSI_TOKEN_SWORIGIN: case WSI_TOKEN_DRAFT: case WSI_TOKEN_CHALLENGE: case WSI_TOKEN_KEY: case WSI_TOKEN_VERSION: case WSI_TOKEN_ACCEPT: case WSI_TOKEN_NONCE: case WSI_TOKEN_EXTENSIONS: case WSI_TOKEN_HTTP: case WSI_TOKEN_HTTP_ACCEPT: case WSI_TOKEN_HTTP_IF_MODIFIED_SINCE: case WSI_TOKEN_HTTP_ACCEPT_ENCODING: case WSI_TOKEN_HTTP_ACCEPT_LANGUAGE: case WSI_TOKEN_HTTP_PRAGMA: case WSI_TOKEN_HTTP_CACHE_CONTROL: case WSI_TOKEN_HTTP_AUTHORIZATION: case WSI_TOKEN_HTTP_COOKIE: case WSI_TOKEN_HTTP_CONTENT_LENGTH: case WSI_TOKEN_HTTP_CONTENT_TYPE: case WSI_TOKEN_HTTP_DATE: case WSI_TOKEN_HTTP_RANGE: case WSI_TOKEN_HTTP_REFERER: lwsl_parser("WSI_TOK_(%d) '%c'\n", wsi->u.hdr.parser_state, c); /* collect into malloc'd buffers */ /* optional initial space swallow */ if (!wsi->u.hdr.ah->frags[wsi->u.hdr.ah->frag_index[ wsi->u.hdr.parser_state]].len && c == ' ') break; if ((wsi->u.hdr.parser_state != WSI_TOKEN_GET_URI) && (wsi->u.hdr.parser_state != WSI_TOKEN_POST_URI)) goto check_eol; /* special URI processing... end at space */ if (c == ' ') { /* enforce starting with / */ if (!wsi->u.hdr.ah->frags[wsi->u.hdr.ah->next_frag_index].len) if (issue_char(wsi, '/') < 0) return -1; c = '\0'; wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING; goto spill; } /* special URI processing... convert %xx */ switch (wsi->u.hdr.ues) { case URIES_IDLE: if (c == '%') { wsi->u.hdr.ues = URIES_SEEN_PERCENT; goto swallow; } break; case URIES_SEEN_PERCENT: if (char_to_hex(c) < 0) { /* regurgitate */ if (issue_char(wsi, '%') < 0) return -1; wsi->u.hdr.ues = URIES_IDLE; /* continue on to assess c */ break; } wsi->u.hdr.esc_stash = c; wsi->u.hdr.ues = URIES_SEEN_PERCENT_H1; goto swallow; case URIES_SEEN_PERCENT_H1: if (char_to_hex(c) < 0) { /* regurgitate */ issue_char(wsi, '%'); wsi->u.hdr.ues = URIES_IDLE; /* regurgitate + assess */ if (libwebsocket_parse(wsi, wsi->u.hdr.esc_stash) < 0) return -1; /* continue on to assess c */ break; } c = (char_to_hex(wsi->u.hdr.esc_stash) << 4) | char_to_hex(c); wsi->u.hdr.ues = URIES_IDLE; break; } /* * special URI processing... * convert /.. or /... or /../ etc to / * convert /./ to / * convert // or /// etc to / * leave /.dir or whatever alone */ switch (wsi->u.hdr.ups) { case URIPS_IDLE: /* issue the first / always */ if (c == '/') wsi->u.hdr.ups = URIPS_SEEN_SLASH; break; case URIPS_SEEN_SLASH: /* swallow subsequent slashes */ if (c == '/') goto swallow; /* track and swallow the first . after / */ if (c == '.') { wsi->u.hdr.ups = URIPS_SEEN_SLASH_DOT; goto swallow; } else wsi->u.hdr.ups = URIPS_IDLE; break; case URIPS_SEEN_SLASH_DOT: /* swallow second . */ if (c == '.') { /* * back up one dir level if possible * safe against header fragmentation because * the method URI can only be in 1 fragment */ if (wsi->u.hdr.ah->frags[wsi->u.hdr.ah->next_frag_index].len > 2) { wsi->u.hdr.ah->pos--; wsi->u.hdr.ah->frags[wsi->u.hdr.ah->next_frag_index].len--; do { wsi->u.hdr.ah->pos--; wsi->u.hdr.ah->frags[wsi->u.hdr.ah->next_frag_index].len--; } while (wsi->u.hdr.ah->frags[wsi->u.hdr.ah->next_frag_index].len > 1 && wsi->u.hdr.ah->data[wsi->u.hdr.ah->pos] != '/'); } wsi->u.hdr.ups = URIPS_SEEN_SLASH_DOT_DOT; goto swallow; } /* change /./ to / */ if (c == '/') { wsi->u.hdr.ups = URIPS_SEEN_SLASH; goto swallow; } /* it was like /.dir ... regurgitate the . */ wsi->u.hdr.ups = URIPS_IDLE; issue_char(wsi, '.'); break; case URIPS_SEEN_SLASH_DOT_DOT: /* swallow prior .. chars and any subsequent . */ if (c == '.') goto swallow; /* last issued was /, so another / == // */ if (c == '/') goto swallow; else /* last we issued was / so SEEN_SLASH */ wsi->u.hdr.ups = URIPS_SEEN_SLASH; break; case URIPS_ARGUMENTS: /* leave them alone */ break; } check_eol: /* bail at EOL */ if (wsi->u.hdr.parser_state != WSI_TOKEN_CHALLENGE && c == '\x0d') { c = '\0'; wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING_SAW_CR; lwsl_parser("*\n"); } if (c == '?') { /* start of URI arguments */ /* seal off uri header */ wsi->u.hdr.ah->data[wsi->u.hdr.ah->pos++] = '\0'; /* move to using WSI_TOKEN_HTTP_URI_ARGS */ wsi->u.hdr.ah->next_frag_index++; wsi->u.hdr.ah->frags[ wsi->u.hdr.ah->next_frag_index].offset = wsi->u.hdr.ah->pos; wsi->u.hdr.ah->frags[ wsi->u.hdr.ah->next_frag_index].len = 0; wsi->u.hdr.ah->frags[ wsi->u.hdr.ah->next_frag_index].next_frag_index = 0; wsi->u.hdr.ah->frag_index[WSI_TOKEN_HTTP_URI_ARGS] = wsi->u.hdr.ah->next_frag_index; /* defeat normal uri path processing */ wsi->u.hdr.ups = URIPS_ARGUMENTS; goto swallow; } spill: if (issue_char(wsi, c) < 0) return -1; swallow: /* per-protocol end of headers management */ if (wsi->u.hdr.parser_state == WSI_TOKEN_CHALLENGE) goto set_parsing_complete; break; /* collecting and checking a name part */ case WSI_TOKEN_NAME_PART: lwsl_parser("WSI_TOKEN_NAME_PART '%c'\n", c); wsi->u.hdr.lextable_pos = lextable_decode(wsi->u.hdr.lextable_pos, c); if (wsi->u.hdr.lextable_pos < 0) { /* this is not a header we know about */ if (wsi->u.hdr.ah->frag_index[WSI_TOKEN_GET_URI] || wsi->u.hdr.ah->frag_index[WSI_TOKEN_POST_URI] || wsi->u.hdr.ah->frag_index[WSI_TOKEN_HTTP]) { /* * altready had the method, no idea what * this crap is, ignore */ wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING; break; } /* * hm it's an unknown http method in fact, * treat as dangerous */ lwsl_info("Unknown method - dropping\n"); return -1; } if (lextable[wsi->u.hdr.lextable_pos + 1] == 0) { /* terminal state */ n = lextable[wsi->u.hdr.lextable_pos] & 0x7f; lwsl_parser("known hdr %d\n", n); if (n == WSI_TOKEN_GET_URI && wsi->u.hdr.ah->frag_index[WSI_TOKEN_GET_URI]) { lwsl_warn("Duplicated GET\n"); return -1; } else if (n == WSI_TOKEN_POST_URI && wsi->u.hdr.ah->frag_index[WSI_TOKEN_POST_URI]) { lwsl_warn("Duplicated POST\n"); return -1; } /* * WSORIGIN is protocol equiv to ORIGIN, * JWebSocket likes to send it, map to ORIGIN */ if (n == WSI_TOKEN_SWORIGIN) n = WSI_TOKEN_ORIGIN; wsi->u.hdr.parser_state = (enum lws_token_indexes) (WSI_TOKEN_GET_URI + n); if (wsi->u.hdr.parser_state == WSI_TOKEN_CHALLENGE) goto set_parsing_complete; goto start_fragment; } break; start_fragment: wsi->u.hdr.ah->next_frag_index++; if (wsi->u.hdr.ah->next_frag_index == sizeof(wsi->u.hdr.ah->frags) / sizeof(wsi->u.hdr.ah->frags[0])) { lwsl_warn("More hdr frags than we can deal with\n"); return -1; } wsi->u.hdr.ah->frags[wsi->u.hdr.ah->next_frag_index].offset = wsi->u.hdr.ah->pos; wsi->u.hdr.ah->frags[wsi->u.hdr.ah->next_frag_index].len = 0; wsi->u.hdr.ah->frags[ wsi->u.hdr.ah->next_frag_index].next_frag_index = 0; n = wsi->u.hdr.ah->frag_index[wsi->u.hdr.parser_state]; if (!n) { /* first fragment */ wsi->u.hdr.ah->frag_index[wsi->u.hdr.parser_state] = wsi->u.hdr.ah->next_frag_index; break; } /* continuation */ while (wsi->u.hdr.ah->frags[n].next_frag_index) n = wsi->u.hdr.ah->frags[n].next_frag_index; wsi->u.hdr.ah->frags[n].next_frag_index = wsi->u.hdr.ah->next_frag_index; if (wsi->u.hdr.ah->pos == sizeof(wsi->u.hdr.ah->data)) { lwsl_warn("excessive header content\n"); return -1; } wsi->u.hdr.ah->data[wsi->u.hdr.ah->pos++] = ' '; wsi->u.hdr.ah->frags[wsi->u.hdr.ah->next_frag_index].len++; break; /* skipping arg part of a name we didn't recognize */ case WSI_TOKEN_SKIPPING: lwsl_parser("WSI_TOKEN_SKIPPING '%c'\n", c); if (c == '\x0d') wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING_SAW_CR; break; case WSI_TOKEN_SKIPPING_SAW_CR: lwsl_parser("WSI_TOKEN_SKIPPING_SAW_CR '%c'\n", c); if (c == '\x0a') { wsi->u.hdr.parser_state = WSI_TOKEN_NAME_PART; wsi->u.hdr.lextable_pos = 0; } else wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING; break; /* we're done, ignore anything else */ case WSI_PARSING_COMPLETE: lwsl_parser("WSI_PARSING_COMPLETE '%c'\n", c); break; default: /* keep gcc happy */ break; } return 0; set_parsing_complete: if (lws_hdr_total_length(wsi, WSI_TOKEN_UPGRADE)) { if (lws_hdr_total_length(wsi, WSI_TOKEN_VERSION)) wsi->ietf_spec_revision = atoi(lws_hdr_simple_ptr(wsi, WSI_TOKEN_VERSION)); lwsl_parser("v%02d hdrs completed\n", wsi->ietf_spec_revision); } wsi->u.hdr.parser_state = WSI_PARSING_COMPLETE; wsi->hdr_parsing_completed = 1; return 0; } /** * lws_frame_is_binary: true if the current frame was sent in binary mode * * @wsi: the connection we are inquiring about * * This is intended to be called from the LWS_CALLBACK_RECEIVE callback if * it's interested to see if the frame it's dealing with was sent in binary * mode. */ LWS_VISIBLE int lws_frame_is_binary(struct libwebsocket *wsi) { return wsi->u.ws.frame_is_binary; } int libwebsocket_rx_sm(struct libwebsocket *wsi, unsigned char c) { int n; struct lws_tokens eff_buf; int ret = 0; #ifndef LWS_NO_EXTENSIONS int handled; int m; #endif #if 0 lwsl_debug("RX: %02X ", c); #endif switch (wsi->lws_rx_parse_state) { case LWS_RXPS_NEW: switch (wsi->ietf_spec_revision) { case 13: /* * no prepended frame key any more */ wsi->u.ws.all_zero_nonce = 1; goto handle_first; default: lwsl_warn("lws_rx_sm: unknown spec version %d\n", wsi->ietf_spec_revision); break; } break; case LWS_RXPS_04_MASK_NONCE_1: wsi->u.ws.frame_masking_nonce_04[1] = c; if (c) wsi->u.ws.all_zero_nonce = 0; wsi->lws_rx_parse_state = LWS_RXPS_04_MASK_NONCE_2; break; case LWS_RXPS_04_MASK_NONCE_2: wsi->u.ws.frame_masking_nonce_04[2] = c; if (c) wsi->u.ws.all_zero_nonce = 0; wsi->lws_rx_parse_state = LWS_RXPS_04_MASK_NONCE_3; break; case LWS_RXPS_04_MASK_NONCE_3: wsi->u.ws.frame_masking_nonce_04[3] = c; if (c) wsi->u.ws.all_zero_nonce = 0; /* * start from the zero'th byte in the XOR key buffer since * this is the start of a frame with a new key */ wsi->u.ws.frame_mask_index = 0; wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_1; break; /* * 04 logical framing from the spec (all this is masked when incoming * and has to be unmasked) * * We ignore the possibility of extension data because we don't * negotiate any extensions at the moment. * * 0 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 * +-+-+-+-+-------+-+-------------+-------------------------------+ * |F|R|R|R| opcode|R| Payload len | Extended payload length | * |I|S|S|S| (4) |S| (7) | (16/63) | * |N|V|V|V| |V| | (if payload len==126/127) | * | |1|2|3| |4| | | * +-+-+-+-+-------+-+-------------+ - - - - - - - - - - - - - - - + * | Extended payload length continued, if payload len == 127 | * + - - - - - - - - - - - - - - - +-------------------------------+ * | | Extension data | * +-------------------------------+ - - - - - - - - - - - - - - - + * : : * +---------------------------------------------------------------+ * : Application data : * +---------------------------------------------------------------+ * * We pass payload through to userland as soon as we get it, ignoring * FIN. It's up to userland to buffer it up if it wants to see a * whole unfragmented block of the original size (which may be up to * 2^63 long!) */ case LWS_RXPS_04_FRAME_HDR_1: handle_first: wsi->u.ws.opcode = c & 0xf; wsi->u.ws.rsv = c & 0x70; wsi->u.ws.final = !!((c >> 7) & 1); switch (wsi->u.ws.opcode) { case LWS_WS_OPCODE_07__TEXT_FRAME: case LWS_WS_OPCODE_07__BINARY_FRAME: wsi->u.ws.frame_is_binary = wsi->u.ws.opcode == LWS_WS_OPCODE_07__BINARY_FRAME; break; } wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN; break; case LWS_RXPS_04_FRAME_HDR_LEN: wsi->u.ws.this_frame_masked = !!(c & 0x80); switch (c & 0x7f) { case 126: /* control frames are not allowed to have big lengths */ if (wsi->u.ws.opcode & 8) goto illegal_ctl_length; wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN16_2; break; case 127: /* control frames are not allowed to have big lengths */ if (wsi->u.ws.opcode & 8) goto illegal_ctl_length; wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_8; break; default: wsi->u.ws.rx_packet_length = c & 0x7f; if (wsi->u.ws.this_frame_masked) wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_1; else wsi->lws_rx_parse_state = LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED; break; } break; case LWS_RXPS_04_FRAME_HDR_LEN16_2: wsi->u.ws.rx_packet_length = c << 8; wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN16_1; break; case LWS_RXPS_04_FRAME_HDR_LEN16_1: wsi->u.ws.rx_packet_length |= c; if (wsi->u.ws.this_frame_masked) wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_1; else wsi->lws_rx_parse_state = LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED; break; case LWS_RXPS_04_FRAME_HDR_LEN64_8: if (c & 0x80) { lwsl_warn("b63 of length must be zero\n"); /* kill the connection */ return -1; } #if defined __LP64__ wsi->u.ws.rx_packet_length = ((size_t)c) << 56; #else wsi->u.ws.rx_packet_length = 0; #endif wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_7; break; case LWS_RXPS_04_FRAME_HDR_LEN64_7: #if defined __LP64__ wsi->u.ws.rx_packet_length |= ((size_t)c) << 48; #endif wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_6; break; case LWS_RXPS_04_FRAME_HDR_LEN64_6: #if defined __LP64__ wsi->u.ws.rx_packet_length |= ((size_t)c) << 40; #endif wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_5; break; case LWS_RXPS_04_FRAME_HDR_LEN64_5: #if defined __LP64__ wsi->u.ws.rx_packet_length |= ((size_t)c) << 32; #endif wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_4; break; case LWS_RXPS_04_FRAME_HDR_LEN64_4: wsi->u.ws.rx_packet_length |= ((size_t)c) << 24; wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_3; break; case LWS_RXPS_04_FRAME_HDR_LEN64_3: wsi->u.ws.rx_packet_length |= ((size_t)c) << 16; wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_2; break; case LWS_RXPS_04_FRAME_HDR_LEN64_2: wsi->u.ws.rx_packet_length |= ((size_t)c) << 8; wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_1; break; case LWS_RXPS_04_FRAME_HDR_LEN64_1: wsi->u.ws.rx_packet_length |= ((size_t)c); if (wsi->u.ws.this_frame_masked) wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_1; else wsi->lws_rx_parse_state = LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED; break; case LWS_RXPS_07_COLLECT_FRAME_KEY_1: wsi->u.ws.frame_masking_nonce_04[0] = c; if (c) wsi->u.ws.all_zero_nonce = 0; wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_2; break; case LWS_RXPS_07_COLLECT_FRAME_KEY_2: wsi->u.ws.frame_masking_nonce_04[1] = c; if (c) wsi->u.ws.all_zero_nonce = 0; wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_3; break; case LWS_RXPS_07_COLLECT_FRAME_KEY_3: wsi->u.ws.frame_masking_nonce_04[2] = c; if (c) wsi->u.ws.all_zero_nonce = 0; wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_4; break; case LWS_RXPS_07_COLLECT_FRAME_KEY_4: wsi->u.ws.frame_masking_nonce_04[3] = c; if (c) wsi->u.ws.all_zero_nonce = 0; wsi->lws_rx_parse_state = LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED; wsi->u.ws.frame_mask_index = 0; if (wsi->u.ws.rx_packet_length == 0) goto spill; break; case LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED: if (!wsi->u.ws.rx_user_buffer) lwsl_err("NULL user buffer...\n"); if (wsi->u.ws.all_zero_nonce) wsi->u.ws.rx_user_buffer[LWS_SEND_BUFFER_PRE_PADDING + (wsi->u.ws.rx_user_buffer_head++)] = c; else wsi->u.ws.rx_user_buffer[LWS_SEND_BUFFER_PRE_PADDING + (wsi->u.ws.rx_user_buffer_head++)] = c ^ wsi->u.ws.frame_masking_nonce_04[ (wsi->u.ws.frame_mask_index++) & 3]; if (--wsi->u.ws.rx_packet_length == 0) { /* spill because we have the whole frame */ wsi->lws_rx_parse_state = LWS_RXPS_NEW; goto spill; } /* * if there's no protocol max frame size given, we are * supposed to default to LWS_MAX_SOCKET_IO_BUF */ if (!wsi->protocol->rx_buffer_size && wsi->u.ws.rx_user_buffer_head != LWS_MAX_SOCKET_IO_BUF) break; else if (wsi->protocol->rx_buffer_size && wsi->u.ws.rx_user_buffer_head != wsi->protocol->rx_buffer_size) break; /* spill because we filled our rx buffer */ spill: /* * is this frame a control packet we should take care of at this * layer? If so service it and hide it from the user callback */ lwsl_parser("spill on %s\n", wsi->protocol->name); switch (wsi->u.ws.opcode) { case LWS_WS_OPCODE_07__CLOSE: /* is this an acknowledgement of our close? */ if (wsi->state == WSI_STATE_AWAITING_CLOSE_ACK) { /* * fine he has told us he is closing too, let's * finish our close */ lwsl_parser("seen client close ack\n"); return -1; } lwsl_parser("server sees client close packet\n"); /* parrot the close packet payload back */ n = libwebsocket_write(wsi, (unsigned char *) &wsi->u.ws.rx_user_buffer[ LWS_SEND_BUFFER_PRE_PADDING], wsi->u.ws.rx_user_buffer_head, LWS_WRITE_CLOSE); if (n < 0) lwsl_info("write of close ack failed %d\n", n); wsi->state = WSI_STATE_RETURNED_CLOSE_ALREADY; /* close the connection */ return -1; case LWS_WS_OPCODE_07__PING: lwsl_info("received %d byte ping, sending pong\n", wsi->u.ws.rx_user_buffer_head); lwsl_hexdump(&wsi->u.ws.rx_user_buffer[ LWS_SEND_BUFFER_PRE_PADDING], wsi->u.ws.rx_user_buffer_head); /* parrot the ping packet payload back as a pong */ n = libwebsocket_write(wsi, (unsigned char *) &wsi->u.ws.rx_user_buffer[LWS_SEND_BUFFER_PRE_PADDING], wsi->u.ws.rx_user_buffer_head, LWS_WRITE_PONG); if (n < 0) return -1; /* ... then just drop it */ wsi->u.ws.rx_user_buffer_head = 0; return 0; case LWS_WS_OPCODE_07__PONG: /* ... then just drop it */ wsi->u.ws.rx_user_buffer_head = 0; return 0; case LWS_WS_OPCODE_07__TEXT_FRAME: case LWS_WS_OPCODE_07__BINARY_FRAME: case LWS_WS_OPCODE_07__CONTINUATION: break; default: #ifndef LWS_NO_EXTENSIONS lwsl_parser("passing opc %x up to exts\n", wsi->u.ws.opcode); /* * It's something special we can't understand here. * Pass the payload up to the extension's parsing * state machine. */ eff_buf.token = &wsi->u.ws.rx_user_buffer[ LWS_SEND_BUFFER_PRE_PADDING]; eff_buf.token_len = wsi->u.ws.rx_user_buffer_head; handled = 0; for (n = 0; n < wsi->count_active_extensions; n++) { m = wsi->active_extensions[n]->callback( wsi->protocol->owning_server, wsi->active_extensions[n], wsi, LWS_EXT_CALLBACK_EXTENDED_PAYLOAD_RX, wsi->active_extensions_user[n], &eff_buf, 0); if (m) handled = 1; } if (!handled) #endif lwsl_ext("ext opc opcode 0x%x unknown\n", wsi->u.ws.opcode); wsi->u.ws.rx_user_buffer_head = 0; return 0; } /* * No it's real payload, pass it up to the user callback. * It's nicely buffered with the pre-padding taken care of * so it can be sent straight out again using libwebsocket_write */ eff_buf.token = &wsi->u.ws.rx_user_buffer[ LWS_SEND_BUFFER_PRE_PADDING]; eff_buf.token_len = wsi->u.ws.rx_user_buffer_head; #ifndef LWS_NO_EXTENSIONS for (n = 0; n < wsi->count_active_extensions; n++) { m = wsi->active_extensions[n]->callback( wsi->protocol->owning_server, wsi->active_extensions[n], wsi, LWS_EXT_CALLBACK_PAYLOAD_RX, wsi->active_extensions_user[n], &eff_buf, 0); if (m < 0) { lwsl_ext( "Extension '%s' failed to handle payload!\n", wsi->active_extensions[n]->name); return -1; } } #endif if (eff_buf.token_len > 0) { eff_buf.token[eff_buf.token_len] = '\0'; if (wsi->protocol->callback) ret = user_callback_handle_rxflow( wsi->protocol->callback, wsi->protocol->owning_server, wsi, LWS_CALLBACK_RECEIVE, wsi->user_space, eff_buf.token, eff_buf.token_len); else lwsl_err("No callback on payload spill!\n"); } wsi->u.ws.rx_user_buffer_head = 0; break; } return ret; illegal_ctl_length: lwsl_warn("Control frame with xtended length is illegal\n"); /* kill the connection */ return -1; } int libwebsocket_interpret_incoming_packet(struct libwebsocket *wsi, unsigned char *buf, size_t len) { size_t n = 0; int m; #if 0 lwsl_parser("received %d byte packet\n", (int)len); lwsl_hexdump(buf, len); #endif /* let the rx protocol state machine have as much as it needs */ while (n < len) { /* * we were accepting input but now we stopped doing so */ if (!(wsi->u.ws.rxflow_change_to & LWS_RXFLOW_ALLOW)) { /* his RX is flowcontrolled, don't send remaining now */ if (!wsi->u.ws.rxflow_buffer) { /* a new rxflow, buffer it and warn caller */ lwsl_info("new rxflow input buffer len %d\n", len - n); wsi->u.ws.rxflow_buffer = (unsigned char *)malloc(len - n); wsi->u.ws.rxflow_len = len - n; wsi->u.ws.rxflow_pos = 0; memcpy(wsi->u.ws.rxflow_buffer, buf + n, len - n); } else /* rxflow while we were spilling prev rxflow */ lwsl_info("stalling in existing rxflow buf\n"); return 1; } /* account for what we're using in rxflow buffer */ if (wsi->u.ws.rxflow_buffer) wsi->u.ws.rxflow_pos++; /* process the byte */ m = libwebsocket_rx_sm(wsi, buf[n++]); if (m < 0) return -1; } return 0; } /** * libwebsockets_remaining_packet_payload() - Bytes to come before "overall" * rx packet is complete * @wsi: Websocket instance (available from user callback) * * This function is intended to be called from the callback if the * user code is interested in "complete packets" from the client. * libwebsockets just passes through payload as it comes and issues a buffer * additionally when it hits a built-in limit. The LWS_CALLBACK_RECEIVE * callback handler can use this API to find out if the buffer it has just * been given is the last piece of a "complete packet" from the client -- * when that is the case libwebsockets_remaining_packet_payload() will return * 0. * * Many protocols won't care becuse their packets are always small. */ LWS_VISIBLE size_t libwebsockets_remaining_packet_payload(struct libwebsocket *wsi) { return wsi->u.ws.rx_packet_length; }