1 /*
2 * libwebsockets - small server side websockets and web server implementation
3 *
4 * Copyright (C) 2010 - 2019 Andy Green <andy@warmcat.com>
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to
8 * deal in the Software without restriction, including without limitation the
9 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10 * sell copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22 * IN THE SOFTWARE.
23 */
24
25 #include "private-lib-core.h"
26
27 /*
28 * bitmap of control messages that are valid to receive for each http2 state
29 */
30
31 static const uint16_t http2_rx_validity[] = {
32 /* LWS_H2S_IDLE */
33 (1 << LWS_H2_FRAME_TYPE_SETTINGS) |
34 (1 << LWS_H2_FRAME_TYPE_PRIORITY) |
35 // (1 << LWS_H2_FRAME_TYPE_WINDOW_UPDATE)| /* ignore */
36 (1 << LWS_H2_FRAME_TYPE_HEADERS) |
37 (1 << LWS_H2_FRAME_TYPE_CONTINUATION),
38 /* LWS_H2S_RESERVED_LOCAL */
39 (1 << LWS_H2_FRAME_TYPE_SETTINGS) |
40 (1 << LWS_H2_FRAME_TYPE_RST_STREAM) |
41 (1 << LWS_H2_FRAME_TYPE_PRIORITY) |
42 (1 << LWS_H2_FRAME_TYPE_WINDOW_UPDATE),
43 /* LWS_H2S_RESERVED_REMOTE */
44 (1 << LWS_H2_FRAME_TYPE_SETTINGS) |
45 (1 << LWS_H2_FRAME_TYPE_HEADERS) |
46 (1 << LWS_H2_FRAME_TYPE_CONTINUATION) |
47 (1 << LWS_H2_FRAME_TYPE_RST_STREAM) |
48 (1 << LWS_H2_FRAME_TYPE_PRIORITY),
49 /* LWS_H2S_OPEN */
50 (1 << LWS_H2_FRAME_TYPE_DATA) |
51 (1 << LWS_H2_FRAME_TYPE_HEADERS) |
52 (1 << LWS_H2_FRAME_TYPE_PRIORITY) |
53 (1 << LWS_H2_FRAME_TYPE_RST_STREAM) |
54 (1 << LWS_H2_FRAME_TYPE_SETTINGS) |
55 (1 << LWS_H2_FRAME_TYPE_PUSH_PROMISE) |
56 (1 << LWS_H2_FRAME_TYPE_PING) |
57 (1 << LWS_H2_FRAME_TYPE_GOAWAY) |
58 (1 << LWS_H2_FRAME_TYPE_WINDOW_UPDATE) |
59 (1 << LWS_H2_FRAME_TYPE_CONTINUATION),
60 /* LWS_H2S_HALF_CLOSED_REMOTE */
61 (1 << LWS_H2_FRAME_TYPE_SETTINGS) |
62 (1 << LWS_H2_FRAME_TYPE_WINDOW_UPDATE) |
63 (1 << LWS_H2_FRAME_TYPE_PRIORITY) |
64 (1 << LWS_H2_FRAME_TYPE_RST_STREAM),
65 /* LWS_H2S_HALF_CLOSED_LOCAL */
66 (1 << LWS_H2_FRAME_TYPE_DATA) |
67 (1 << LWS_H2_FRAME_TYPE_HEADERS) |
68 (1 << LWS_H2_FRAME_TYPE_PRIORITY) |
69 (1 << LWS_H2_FRAME_TYPE_RST_STREAM) |
70 (1 << LWS_H2_FRAME_TYPE_SETTINGS) |
71 (1 << LWS_H2_FRAME_TYPE_PUSH_PROMISE) |
72 (1 << LWS_H2_FRAME_TYPE_PING) |
73 (1 << LWS_H2_FRAME_TYPE_GOAWAY) |
74 (1 << LWS_H2_FRAME_TYPE_WINDOW_UPDATE) |
75 (1 << LWS_H2_FRAME_TYPE_CONTINUATION),
76 /* LWS_H2S_CLOSED */
77 (1 << LWS_H2_FRAME_TYPE_SETTINGS) |
78 (1 << LWS_H2_FRAME_TYPE_PRIORITY) |
79 (1 << LWS_H2_FRAME_TYPE_WINDOW_UPDATE) |
80 (1 << LWS_H2_FRAME_TYPE_RST_STREAM),
81 };
82
83 static const char *preface = "PRI * HTTP/2.0\x0d\x0a\x0d\x0aSM\x0d\x0a\x0d\x0a";
84
85 static const char * const h2_state_names[] = {
86 "LWS_H2S_IDLE",
87 "LWS_H2S_RESERVED_LOCAL",
88 "LWS_H2S_RESERVED_REMOTE",
89 "LWS_H2S_OPEN",
90 "LWS_H2S_HALF_CLOSED_REMOTE",
91 "LWS_H2S_HALF_CLOSED_LOCAL",
92 "LWS_H2S_CLOSED",
93 };
94
95 #if 0
96 static const char * const h2_setting_names[] = {
97 "",
98 "H2SET_HEADER_TABLE_SIZE",
99 "H2SET_ENABLE_PUSH",
100 "H2SET_MAX_CONCURRENT_STREAMS",
101 "H2SET_INITIAL_WINDOW_SIZE",
102 "H2SET_MAX_FRAME_SIZE",
103 "H2SET_MAX_HEADER_LIST_SIZE",
104 "reserved",
105 "H2SET_ENABLE_CONNECT_PROTOCOL"
106 };
107
108 void
109 lws_h2_dump_settings(struct http2_settings *set)
110 {
111 int n;
112
113 for (n = 1; n < H2SET_COUNT; n++)
114 lwsl_notice(" %30s: %10d\n", h2_setting_names[n], set->s[n]);
115 }
116 #else
117 void
lws_h2_dump_settings(struct http2_settings * set)118 lws_h2_dump_settings(struct http2_settings *set)
119 {
120 }
121 #endif
122
123 struct lws_h2_protocol_send *
lws_h2_new_pps(enum lws_h2_protocol_send_type type)124 lws_h2_new_pps(enum lws_h2_protocol_send_type type)
125 {
126 struct lws_h2_protocol_send *pps = lws_malloc(sizeof(*pps), "pps");
127
128 if (pps)
129 pps->type = type;
130
131 return pps;
132 }
133
lws_h2_init(struct lws * wsi)134 void lws_h2_init(struct lws *wsi)
135 {
136 wsi->h2.h2n->our_set = wsi->a.vhost->h2.set;
137 wsi->h2.h2n->peer_set = lws_h2_defaults;
138 }
139
140 void
lws_h2_state(struct lws * wsi,enum lws_h2_states s)141 lws_h2_state(struct lws *wsi, enum lws_h2_states s)
142 {
143 if (!wsi)
144 return;
145 lwsl_info("%s: %s: state %s -> %s\n", __func__, lws_wsi_tag(wsi),
146 h2_state_names[wsi->h2.h2_state],
147 h2_state_names[s]);
148
149 (void)h2_state_names;
150 wsi->h2.h2_state = (uint8_t)s;
151 }
152
153 int
lws_h2_update_peer_txcredit(struct lws * wsi,unsigned int sid,int bump)154 lws_h2_update_peer_txcredit(struct lws *wsi, unsigned int sid, int bump)
155 {
156 struct lws *nwsi = lws_get_network_wsi(wsi);
157 struct lws_h2_protocol_send *pps;
158
159 assert(wsi);
160
161 if (!bump)
162 return 0;
163
164 if (sid == (unsigned int)-1)
165 sid = wsi->mux.my_sid;
166
167 lwsl_info("%s: sid %d: bump %d -> %d\n", __func__, sid, bump,
168 (int)wsi->txc.peer_tx_cr_est + bump);
169
170 pps = lws_h2_new_pps(LWS_H2_PPS_UPDATE_WINDOW);
171 if (!pps)
172 return 1;
173
174 pps->u.update_window.sid = (unsigned int)sid;
175 pps->u.update_window.credit = (unsigned int)bump;
176 wsi->txc.peer_tx_cr_est += bump;
177
178 lws_wsi_txc_describe(&wsi->txc, __func__, wsi->mux.my_sid);
179
180 lws_pps_schedule(wsi, pps);
181
182 pps = lws_h2_new_pps(LWS_H2_PPS_UPDATE_WINDOW);
183 if (!pps)
184 return 1;
185
186 pps->u.update_window.sid = 0;
187 pps->u.update_window.credit = (unsigned int)bump;
188 nwsi->txc.peer_tx_cr_est += bump;
189
190 lws_wsi_txc_describe(&nwsi->txc, __func__, nwsi->mux.my_sid);
191
192 lws_pps_schedule(nwsi, pps);
193
194 return 0;
195 }
196
197 int
lws_h2_get_peer_txcredit_estimate(struct lws * wsi)198 lws_h2_get_peer_txcredit_estimate(struct lws *wsi)
199 {
200 lws_wsi_txc_describe(&wsi->txc, __func__, wsi->mux.my_sid);
201 return (int)wsi->txc.peer_tx_cr_est;
202 }
203
204 static int
lws_h2_update_peer_txcredit_thresh(struct lws * wsi,unsigned int sid,int threshold,int bump)205 lws_h2_update_peer_txcredit_thresh(struct lws *wsi, unsigned int sid, int threshold, int bump)
206 {
207 if (wsi->txc.peer_tx_cr_est > threshold)
208 return 0;
209
210 return lws_h2_update_peer_txcredit(wsi, sid, bump);
211 }
212
213 /* cx + vh lock */
214
215 static struct lws *
__lws_wsi_server_new(struct lws_vhost * vh,struct lws * parent_wsi,unsigned int sid)216 __lws_wsi_server_new(struct lws_vhost *vh, struct lws *parent_wsi,
217 unsigned int sid)
218 {
219 struct lws *nwsi = lws_get_network_wsi(parent_wsi);
220 struct lws_h2_netconn *h2n = nwsi->h2.h2n;
221 char tmp[50], tmp1[50];
222 unsigned int n, b = 0;
223 struct lws *wsi;
224 const char *p;
225
226 lws_context_assert_lock_held(vh->context);
227 lws_vhost_assert_lock_held(vh);
228
229 /*
230 * The identifier of a newly established stream MUST be numerically
231 * greater than all streams that the initiating endpoint has opened or
232 * reserved. This governs streams that are opened using a HEADERS frame
233 * and streams that are reserved using PUSH_PROMISE. An endpoint that
234 * receives an unexpected stream identifier MUST respond with a
235 * connection error (Section 5.4.1) of type PROTOCOL_ERROR.
236 */
237 if (sid <= h2n->highest_sid_opened) {
238 lwsl_info("%s: tried to open lower sid %d (%d)\n", __func__,
239 sid, (int)h2n->highest_sid_opened);
240 lws_h2_goaway(nwsi, H2_ERR_PROTOCOL_ERROR, "Bad sid");
241 return NULL;
242 }
243
244 /* no more children allowed by parent */
245 if (parent_wsi->mux.child_count + 1 >
246 parent_wsi->h2.h2n->our_set.s[H2SET_MAX_CONCURRENT_STREAMS]) {
247 lwsl_notice("reached concurrent stream limit\n");
248 return NULL;
249 }
250
251 n = 0;
252 p = &parent_wsi->lc.gutag[1];
253 do {
254 if (*p == '|') {
255 b++;
256 if (b == 3)
257 continue;
258 }
259 tmp1[n++] = *p++;
260 } while (b < 3 && n < sizeof(tmp1) - 2);
261 tmp1[n] = '\0';
262 lws_snprintf(tmp, sizeof(tmp), "h2_sid%u_(%s)", sid, tmp1);
263 wsi = lws_create_new_server_wsi(vh, parent_wsi->tsi, tmp);
264 if (!wsi) {
265 lwsl_notice("new server wsi failed (%s)\n", lws_vh_tag(vh));
266 return NULL;
267 }
268
269 #if defined(LWS_WITH_SERVER)
270 if (lwsi_role_server(parent_wsi)) {
271 lws_metrics_caliper_bind(wsi->cal_conn, wsi->a.context->mth_srv);
272 }
273 #endif
274
275 h2n->highest_sid_opened = sid;
276
277 lws_wsi_mux_insert(wsi, parent_wsi, sid);
278 if (sid >= h2n->highest_sid)
279 h2n->highest_sid = sid + 2;
280
281 wsi->mux_substream = 1;
282 wsi->seen_nonpseudoheader = 0;
283
284 wsi->txc.tx_cr = (int32_t)nwsi->h2.h2n->peer_set.s[H2SET_INITIAL_WINDOW_SIZE];
285 wsi->txc.peer_tx_cr_est =
286 (int32_t)nwsi->h2.h2n->our_set.s[H2SET_INITIAL_WINDOW_SIZE];
287
288 lwsi_set_state(wsi, LRS_ESTABLISHED);
289 lwsi_set_role(wsi, lwsi_role(parent_wsi));
290
291 wsi->a.protocol = &vh->protocols[0];
292 if (lws_ensure_user_space(wsi))
293 goto bail1;
294
295 #if defined(LWS_WITH_SERVER) && defined(LWS_WITH_SECURE_STREAMS)
296 if (lws_adopt_ss_server_accept(wsi))
297 goto bail1;
298 #endif
299
300 /* get the ball rolling */
301 lws_validity_confirmed(wsi);
302
303 lwsl_info("%s: %s new ch %s, sid %d, usersp=%p\n", __func__,
304 lws_wsi_tag(parent_wsi), lws_wsi_tag(wsi), sid, wsi->user_space);
305
306 lws_wsi_txc_describe(&wsi->txc, __func__, wsi->mux.my_sid);
307 lws_wsi_txc_describe(&nwsi->txc, __func__, 0);
308
309 return wsi;
310
311 bail1:
312 /* undo the insert */
313 parent_wsi->mux.child_list = wsi->mux.sibling_list;
314 parent_wsi->mux.child_count--;
315
316 if (wsi->user_space)
317 lws_free_set_NULL(wsi->user_space);
318 vh->protocols[0].callback(wsi, LWS_CALLBACK_WSI_DESTROY, NULL, NULL, 0);
319 __lws_vhost_unbind_wsi(wsi);
320 lws_free(wsi);
321
322 return NULL;
323 }
324
325 struct lws *
lws_wsi_h2_adopt(struct lws * parent_wsi,struct lws * wsi)326 lws_wsi_h2_adopt(struct lws *parent_wsi, struct lws *wsi)
327 {
328 struct lws *nwsi = lws_get_network_wsi(parent_wsi);
329
330 /* no more children allowed by parent */
331 if (parent_wsi->mux.child_count + 1 >
332 parent_wsi->h2.h2n->our_set.s[H2SET_MAX_CONCURRENT_STREAMS]) {
333 lwsl_notice("reached concurrent stream limit\n");
334 return NULL;
335 }
336
337 /* sid is set just before issuing the headers, ensuring monoticity */
338
339 wsi->seen_nonpseudoheader = 0;
340 #if defined(LWS_WITH_CLIENT)
341 wsi->client_mux_substream = 1;
342 #endif
343 wsi->h2.initialized = 1;
344
345 #if 0
346 /* only assign sid at header send time when we know it */
347 if (!wsi->mux.my_sid) {
348 wsi->mux.my_sid = nwsi->h2.h2n->highest_sid;
349 nwsi->h2.h2n->highest_sid += 2;
350 }
351 #endif
352
353 lwsl_info("%s: binding wsi %s to sid %d (next %d)\n", __func__,
354 lws_wsi_tag(wsi), (int)wsi->mux.my_sid, (int)nwsi->h2.h2n->highest_sid);
355
356 lws_wsi_mux_insert(wsi, parent_wsi, wsi->mux.my_sid);
357
358 wsi->txc.tx_cr = (int32_t)nwsi->h2.h2n->peer_set.s[H2SET_INITIAL_WINDOW_SIZE];
359 wsi->txc.peer_tx_cr_est = (int32_t)
360 nwsi->h2.h2n->our_set.s[H2SET_INITIAL_WINDOW_SIZE];
361
362 lws_wsi_txc_describe(&wsi->txc, __func__, wsi->mux.my_sid);
363
364 if (lws_ensure_user_space(wsi))
365 goto bail1;
366
367 lws_role_transition(wsi, LWSIFR_CLIENT, LRS_H2_WAITING_TO_SEND_HEADERS,
368 &role_ops_h2);
369
370 lws_callback_on_writable(wsi);
371
372 return wsi;
373
374 bail1:
375 /* undo the insert */
376 parent_wsi->mux.child_list = wsi->mux.sibling_list;
377 parent_wsi->mux.child_count--;
378
379 if (wsi->user_space)
380 lws_free_set_NULL(wsi->user_space);
381 wsi->a.protocol->callback(wsi, LWS_CALLBACK_WSI_DESTROY, NULL, NULL, 0);
382 lws_free(wsi);
383
384 return NULL;
385 }
386
387
388 int
lws_h2_issue_preface(struct lws * wsi)389 lws_h2_issue_preface(struct lws *wsi)
390 {
391 struct lws_h2_netconn *h2n = wsi->h2.h2n;
392 struct lws_h2_protocol_send *pps;
393
394 if (!h2n) {
395 lwsl_warn("%s: no valid h2n\n", __func__);
396 return 1;
397 }
398
399 if (h2n->sent_preface)
400 return 1;
401
402 lwsl_debug("%s: %s: fd %d\n", __func__, lws_wsi_tag(wsi), (int)wsi->desc.sockfd);
403
404 if (lws_issue_raw(wsi, (uint8_t *)preface, strlen(preface)) !=
405 (int)strlen(preface))
406 return 1;
407
408 h2n->sent_preface = 1;
409
410 lws_role_transition(wsi, LWSIFR_CLIENT, LRS_H2_WAITING_TO_SEND_HEADERS,
411 &role_ops_h2);
412
413 h2n->count = 0;
414 wsi->txc.tx_cr = 65535;
415
416 /*
417 * we must send a settings frame
418 */
419 pps = lws_h2_new_pps(LWS_H2_PPS_MY_SETTINGS);
420 if (!pps)
421 return 1;
422 lws_pps_schedule(wsi, pps);
423 lwsl_info("%s: h2 client sending settings\n", __func__);
424
425 return 0;
426 }
427
428 void
lws_pps_schedule(struct lws * wsi,struct lws_h2_protocol_send * pps)429 lws_pps_schedule(struct lws *wsi, struct lws_h2_protocol_send *pps)
430 {
431 struct lws *nwsi = lws_get_network_wsi(wsi);
432 struct lws_h2_netconn *h2n = nwsi->h2.h2n;
433
434 pps->next = h2n->pps;
435 h2n->pps = pps;
436 lws_rx_flow_control(wsi, LWS_RXFLOW_REASON_APPLIES_DISABLE |
437 LWS_RXFLOW_REASON_H2_PPS_PENDING);
438 lws_callback_on_writable(wsi);
439 }
440
441 int
lws_h2_goaway(struct lws * wsi,uint32_t err,const char * reason)442 lws_h2_goaway(struct lws *wsi, uint32_t err, const char *reason)
443 {
444 struct lws_h2_netconn *h2n = wsi->h2.h2n;
445 struct lws_h2_protocol_send *pps;
446
447 if (h2n->type == LWS_H2_FRAME_TYPE_COUNT)
448 return 0;
449
450 pps = lws_h2_new_pps(LWS_H2_PPS_GOAWAY);
451 if (!pps)
452 return 1;
453
454 lwsl_info("%s: %s: ERR 0x%x, '%s'\n", __func__, lws_wsi_tag(wsi), (int)err, reason);
455
456 pps->u.ga.err = err;
457 pps->u.ga.highest_sid = h2n->highest_sid;
458 lws_strncpy(pps->u.ga.str, reason, sizeof(pps->u.ga.str));
459 lws_pps_schedule(wsi, pps);
460
461 h2n->type = LWS_H2_FRAME_TYPE_COUNT; /* ie, IGNORE */
462
463 return 0;
464 }
465
466 int
lws_h2_rst_stream(struct lws * wsi,uint32_t err,const char * reason)467 lws_h2_rst_stream(struct lws *wsi, uint32_t err, const char *reason)
468 {
469 struct lws *nwsi = lws_get_network_wsi(wsi);
470 struct lws_h2_netconn *h2n = nwsi->h2.h2n;
471 struct lws_h2_protocol_send *pps;
472
473 if (!h2n)
474 return 0;
475
476 if (!wsi->h2_stream_carries_ws && h2n->type == LWS_H2_FRAME_TYPE_COUNT)
477 return 0;
478
479 pps = lws_h2_new_pps(LWS_H2_PPS_RST_STREAM);
480 if (!pps)
481 return 1;
482
483 lwsl_info("%s: RST_STREAM 0x%x, sid %d, REASON '%s'\n", __func__,
484 (int)err, wsi->mux.my_sid, reason);
485
486 pps->u.rs.sid = wsi->mux.my_sid;
487 pps->u.rs.err = err;
488
489 lws_pps_schedule(wsi, pps);
490
491 h2n->type = LWS_H2_FRAME_TYPE_COUNT; /* ie, IGNORE */
492 lws_h2_state(wsi, LWS_H2_STATE_CLOSED);
493
494 return 0;
495 }
496
497 int
lws_h2_settings(struct lws * wsi,struct http2_settings * settings,unsigned char * buf,int len)498 lws_h2_settings(struct lws *wsi, struct http2_settings *settings,
499 unsigned char *buf, int len)
500 {
501 struct lws *nwsi = lws_get_network_wsi(wsi);
502 unsigned int a, b;
503
504 if (!len)
505 return 0;
506
507 if (len < LWS_H2_SETTINGS_LEN)
508 return 1;
509
510 while (len >= LWS_H2_SETTINGS_LEN) {
511 a = (unsigned int)((buf[0] << 8) | buf[1]);
512 if (!a || a >= H2SET_COUNT)
513 goto skip;
514 b = (unsigned int)(buf[2] << 24 | buf[3] << 16 | buf[4] << 8 | buf[5]);
515
516 switch (a) {
517 case H2SET_HEADER_TABLE_SIZE:
518 break;
519 case H2SET_ENABLE_PUSH:
520 if (b > 1) {
521 lws_h2_goaway(nwsi, H2_ERR_PROTOCOL_ERROR,
522 "ENABLE_PUSH invalid arg");
523 return 1;
524 }
525 break;
526 case H2SET_MAX_CONCURRENT_STREAMS:
527 break;
528 case H2SET_INITIAL_WINDOW_SIZE:
529 if (b > 0x7fffffff) {
530 lws_h2_goaway(nwsi, H2_ERR_FLOW_CONTROL_ERROR,
531 "Inital Window beyond max");
532 return 1;
533 }
534
535 #if defined(LWS_WITH_CLIENT)
536 #if defined(LWS_AMAZON_RTOS) || defined(LWS_AMAZON_LINUX)
537 if (
538 #else
539 if (wsi->flags & LCCSCF_H2_QUIRK_OVERFLOWS_TXCR &&
540 #endif
541 b == 0x7fffffff) {
542 b >>= 4;
543
544 break;
545 }
546 #endif
547
548 /*
549 * In addition to changing the flow-control window for
550 * streams that are not yet active, a SETTINGS frame
551 * can alter the initial flow-control window size for
552 * streams with active flow-control windows (that is,
553 * streams in the "open" or "half-closed (remote)"
554 * state). When the value of
555 * SETTINGS_INITIAL_WINDOW_SIZE changes, a receiver
556 * MUST adjust the size of all stream flow-control
557 * windows that it maintains by the difference between
558 * the new value and the old value.
559 */
560
561 lws_start_foreach_ll(struct lws *, w,
562 nwsi->mux.child_list) {
563 lwsl_info("%s: adi child tc cr %d +%d -> %d",
564 __func__, (int)w->txc.tx_cr,
565 b - (unsigned int)settings->s[a],
566 (int)(w->txc.tx_cr + (int)b -
567 (int)settings->s[a]));
568 w->txc.tx_cr += (int)b - (int)settings->s[a];
569 if (w->txc.tx_cr > 0 &&
570 w->txc.tx_cr <=
571 (int32_t)(b - settings->s[a]))
572
573 lws_callback_on_writable(w);
574 } lws_end_foreach_ll(w, mux.sibling_list);
575
576 break;
577 case H2SET_MAX_FRAME_SIZE:
578 if (b < wsi->a.vhost->h2.set.s[H2SET_MAX_FRAME_SIZE]) {
579 lws_h2_goaway(nwsi, H2_ERR_PROTOCOL_ERROR,
580 "Frame size < initial");
581 return 1;
582 }
583 if (b > 0x00ffffff) {
584 lws_h2_goaway(nwsi, H2_ERR_PROTOCOL_ERROR,
585 "Settings Frame size above max");
586 return 1;
587 }
588 break;
589 case H2SET_MAX_HEADER_LIST_SIZE:
590 break;
591 }
592 settings->s[a] = b;
593 lwsl_info("http2 settings %d <- 0x%x\n", a, b);
594 skip:
595 len -= LWS_H2_SETTINGS_LEN;
596 buf += LWS_H2_SETTINGS_LEN;
597 }
598
599 if (len)
600 return 1;
601
602 lws_h2_dump_settings(settings);
603
604 return 0;
605 }
606
607 /* RFC7640 Sect 6.9
608 *
609 * The WINDOW_UPDATE frame can be specific to a stream or to the entire
610 * connection. In the former case, the frame's stream identifier
611 * indicates the affected stream; in the latter, the value "0" indicates
612 * that the entire connection is the subject of the frame.
613 *
614 * ...
615 *
616 * Two flow-control windows are applicable: the stream flow-control
617 * window and the connection flow-control window. The sender MUST NOT
618 * send a flow-controlled frame with a length that exceeds the space
619 * available in either of the flow-control windows advertised by the
620 * receiver. Frames with zero length with the END_STREAM flag set (that
621 * is, an empty DATA frame) MAY be sent if there is no available space
622 * in either flow-control window.
623 */
624
625 int
lws_h2_tx_cr_get(struct lws * wsi)626 lws_h2_tx_cr_get(struct lws *wsi)
627 {
628 int c = wsi->txc.tx_cr;
629 struct lws *nwsi = lws_get_network_wsi(wsi);
630
631 if (!wsi->mux_substream && !nwsi->upgraded_to_http2)
632 return ~0x80000000;
633
634 lwsl_info ("%s: %s: own tx credit %d: nwsi credit %d\n",
635 __func__, lws_wsi_tag(wsi), c, (int)nwsi->txc.tx_cr);
636
637 if (nwsi->txc.tx_cr < c)
638 c = nwsi->txc.tx_cr;
639
640 if (c < 0)
641 return 0;
642
643 return c;
644 }
645
646 void
lws_h2_tx_cr_consume(struct lws * wsi,int consumed)647 lws_h2_tx_cr_consume(struct lws *wsi, int consumed)
648 {
649 struct lws *nwsi = lws_get_network_wsi(wsi);
650
651 wsi->txc.tx_cr -= consumed;
652
653 if (nwsi != wsi)
654 nwsi->txc.tx_cr -= consumed;
655 }
656
lws_h2_frame_write(struct lws * wsi,int type,int flags,unsigned int sid,unsigned int len,unsigned char * buf)657 int lws_h2_frame_write(struct lws *wsi, int type, int flags,
658 unsigned int sid, unsigned int len, unsigned char *buf)
659 {
660 struct lws *nwsi = lws_get_network_wsi(wsi);
661 unsigned char *p = &buf[-LWS_H2_FRAME_HEADER_LENGTH];
662 int n;
663
664 //if (wsi->h2_stream_carries_ws)
665 // lwsl_hexdump_level(LLL_NOTICE, buf, len);
666
667 *p++ = (uint8_t)(len >> 16);
668 *p++ = (uint8_t)(len >> 8);
669 *p++ = (uint8_t)len;
670 *p++ = (uint8_t)type;
671 *p++ = (uint8_t)flags;
672 *p++ = (uint8_t)(sid >> 24);
673 *p++ = (uint8_t)(sid >> 16);
674 *p++ = (uint8_t)(sid >> 8);
675 *p++ = (uint8_t)sid;
676
677 lwsl_debug("%s: %s (eff %s). typ %d, fl 0x%x, sid=%d, len=%d, "
678 "txcr=%d, nwsi->txcr=%d\n", __func__, lws_wsi_tag(wsi),
679 lws_wsi_tag(nwsi), type, flags,
680 sid, len, (int)wsi->txc.tx_cr, (int)nwsi->txc.tx_cr);
681
682 if (type == LWS_H2_FRAME_TYPE_DATA) {
683 if (wsi->txc.tx_cr < (int)len)
684
685 lwsl_info("%s: %s: sending payload len %d"
686 " but tx_cr only %d!\n", __func__,
687 lws_wsi_tag(wsi), len, (int)wsi->txc.tx_cr);
688 lws_h2_tx_cr_consume(wsi, (int)len);
689 }
690
691 n = lws_issue_raw(nwsi, &buf[-LWS_H2_FRAME_HEADER_LENGTH],
692 len + LWS_H2_FRAME_HEADER_LENGTH);
693 if (n < 0)
694 return n;
695
696 if (n >= LWS_H2_FRAME_HEADER_LENGTH)
697 return n - LWS_H2_FRAME_HEADER_LENGTH;
698
699 return n;
700 }
701
lws_h2_set_bin(struct lws * wsi,int n,unsigned char * buf)702 static void lws_h2_set_bin(struct lws *wsi, int n, unsigned char *buf)
703 {
704 *buf++ = (uint8_t)(n >> 8);
705 *buf++ = (uint8_t)n;
706 *buf++ = (uint8_t)(wsi->h2.h2n->our_set.s[n] >> 24);
707 *buf++ = (uint8_t)(wsi->h2.h2n->our_set.s[n] >> 16);
708 *buf++ = (uint8_t)(wsi->h2.h2n->our_set.s[n] >> 8);
709 *buf = (uint8_t)wsi->h2.h2n->our_set.s[n];
710 }
711
712 /* we get called on the network connection */
713
lws_h2_do_pps_send(struct lws * wsi)714 int lws_h2_do_pps_send(struct lws *wsi)
715 {
716 struct lws_h2_netconn *h2n = wsi->h2.h2n;
717 struct lws_h2_protocol_send *pps = NULL;
718 struct lws *cwsi;
719 uint8_t set[LWS_PRE + 64], *p = &set[LWS_PRE], *q;
720 int n, m = 0, flags = 0;
721
722 if (!h2n)
723 return 1;
724
725 /* get the oldest pps */
726
727 lws_start_foreach_llp(struct lws_h2_protocol_send **, pps1, h2n->pps) {
728 if ((*pps1)->next == NULL) { /* we are the oldest in the list */
729 pps = *pps1; /* remove us from the list */
730 *pps1 = NULL;
731 continue;
732 }
733 } lws_end_foreach_llp(pps1, next);
734
735 if (!pps)
736 return 1;
737
738 lwsl_info("%s: %s: %d\n", __func__, lws_wsi_tag(wsi), pps->type);
739
740 switch (pps->type) {
741
742 case LWS_H2_PPS_MY_SETTINGS:
743
744 /*
745 * if any of our settings varies from h2 "default defaults"
746 * then we must inform the peer
747 */
748 for (n = 1; n < H2SET_COUNT; n++)
749 if (h2n->our_set.s[n] != lws_h2_defaults.s[n]) {
750 lwsl_debug("sending SETTING %d 0x%x\n", n,
751 (unsigned int)
752 wsi->h2.h2n->our_set.s[n]);
753
754 lws_h2_set_bin(wsi, n, &set[LWS_PRE + m]);
755 m += (int)sizeof(h2n->one_setting);
756 }
757 n = lws_h2_frame_write(wsi, LWS_H2_FRAME_TYPE_SETTINGS,
758 flags, LWS_H2_STREAM_ID_MASTER, (unsigned int)m,
759 &set[LWS_PRE]);
760 if (n != m) {
761 lwsl_info("send %d %d\n", n, m);
762 goto bail;
763 }
764 break;
765
766 case LWS_H2_PPS_SETTINGS_INITIAL_UPDATE_WINDOW:
767 q = &set[LWS_PRE];
768 *q++ = (uint8_t)(H2SET_INITIAL_WINDOW_SIZE >> 8);
769 *q++ = (uint8_t)(H2SET_INITIAL_WINDOW_SIZE);
770 *q++ = (uint8_t)(pps->u.update_window.credit >> 24);
771 *q++ = (uint8_t)(pps->u.update_window.credit >> 16);
772 *q++ = (uint8_t)(pps->u.update_window.credit >> 8);
773 *q = (uint8_t)(pps->u.update_window.credit);
774
775 lwsl_debug("%s: resetting initial window to %d\n", __func__,
776 (int)pps->u.update_window.credit);
777
778 n = lws_h2_frame_write(wsi, LWS_H2_FRAME_TYPE_SETTINGS,
779 flags, LWS_H2_STREAM_ID_MASTER, 6,
780 &set[LWS_PRE]);
781 if (n != 6) {
782 lwsl_info("send %d %d\n", n, m);
783 goto bail;
784 }
785 break;
786
787 case LWS_H2_PPS_ACK_SETTINGS:
788 /* send ack ... always empty */
789 n = lws_h2_frame_write(wsi, LWS_H2_FRAME_TYPE_SETTINGS, 1,
790 LWS_H2_STREAM_ID_MASTER, 0,
791 &set[LWS_PRE]);
792 if (n) {
793 lwsl_err("%s: writing settings ack frame failed %d\n", __func__, n);
794 goto bail;
795 }
796 wsi->h2_acked_settings = 0;
797 /* this is the end of the preface dance then? */
798 if (lwsi_state(wsi) == LRS_H2_AWAIT_SETTINGS) {
799 lwsi_set_state(wsi, LRS_ESTABLISHED);
800 #if defined(LWS_WITH_FILE_OPS)
801 wsi->http.fop_fd = NULL;
802 #endif
803 if (lws_is_ssl(lws_get_network_wsi(wsi)))
804 break;
805
806 if (wsi->a.vhost->options &
807 LWS_SERVER_OPTION_H2_PRIOR_KNOWLEDGE)
808 break;
809
810 /*
811 * we need to treat the headers from the upgrade as the
812 * first job. So these need to get shifted to sid 1.
813 */
814
815 lws_context_lock(wsi->a.context, "h2 mig");
816 lws_vhost_lock(wsi->a.vhost);
817
818 h2n->swsi = __lws_wsi_server_new(wsi->a.vhost, wsi, 1);
819
820 lws_vhost_unlock(wsi->a.vhost);
821 lws_context_unlock(wsi->a.context);
822
823 if (!h2n->swsi)
824 goto bail;
825
826 /* pass on the initial headers to SID 1 */
827 h2n->swsi->http.ah = wsi->http.ah;
828 wsi->http.ah = NULL;
829
830 lwsl_info("%s: inherited headers %p\n", __func__,
831 h2n->swsi->http.ah);
832 h2n->swsi->txc.tx_cr = (int32_t)
833 h2n->our_set.s[H2SET_INITIAL_WINDOW_SIZE];
834 lwsl_info("initial tx credit on %s: %d\n",
835 lws_wsi_tag(h2n->swsi),
836 (int)h2n->swsi->txc.tx_cr);
837 h2n->swsi->h2.initialized = 1;
838 /* demanded by HTTP2 */
839 h2n->swsi->h2.END_STREAM = 1;
840 lwsl_info("servicing initial http request\n");
841
842 #if defined(LWS_WITH_SERVER)
843 if (lws_http_action(h2n->swsi))
844 goto bail;
845 #endif
846 break;
847 }
848 break;
849
850 /*
851 * h2 only has PING... ACK = 0 = ping, ACK = 1 = pong
852 */
853
854 case LWS_H2_PPS_PING:
855 case LWS_H2_PPS_PONG:
856 if (pps->type == LWS_H2_PPS_PING)
857 lwsl_info("sending PING\n");
858 else {
859 lwsl_info("sending PONG\n");
860 flags = LWS_H2_FLAG_SETTINGS_ACK;
861 }
862
863 memcpy(&set[LWS_PRE], pps->u.ping.ping_payload, 8);
864 n = lws_h2_frame_write(wsi, LWS_H2_FRAME_TYPE_PING, flags,
865 LWS_H2_STREAM_ID_MASTER, 8,
866 &set[LWS_PRE]);
867 if (n != 8)
868 goto bail;
869
870 break;
871
872 case LWS_H2_PPS_GOAWAY:
873 lwsl_info("LWS_H2_PPS_GOAWAY\n");
874 *p++ = (uint8_t)(pps->u.ga.highest_sid >> 24);
875 *p++ = (uint8_t)(pps->u.ga.highest_sid >> 16);
876 *p++ = (uint8_t)(pps->u.ga.highest_sid >> 8);
877 *p++ = (uint8_t)(pps->u.ga.highest_sid);
878 *p++ = (uint8_t)(pps->u.ga.err >> 24);
879 *p++ = (uint8_t)(pps->u.ga.err >> 16);
880 *p++ = (uint8_t)(pps->u.ga.err >> 8);
881 *p++ = (uint8_t)(pps->u.ga.err);
882 q = (unsigned char *)pps->u.ga.str;
883 n = 0;
884 while (*q && n++ < (int)sizeof(pps->u.ga.str))
885 *p++ = *q++;
886 h2n->we_told_goaway = 1;
887 n = lws_h2_frame_write(wsi, LWS_H2_FRAME_TYPE_GOAWAY, 0,
888 LWS_H2_STREAM_ID_MASTER,
889 (unsigned int)lws_ptr_diff(p, &set[LWS_PRE]),
890 &set[LWS_PRE]);
891 if (n != 4) {
892 lwsl_info("send %d %d\n", n, m);
893 goto bail;
894 }
895 goto bail;
896
897 case LWS_H2_PPS_RST_STREAM:
898 lwsl_info("LWS_H2_PPS_RST_STREAM\n");
899 *p++ = (uint8_t)(pps->u.rs.err >> 24);
900 *p++ = (uint8_t)(pps->u.rs.err >> 16);
901 *p++ = (uint8_t)(pps->u.rs.err >> 8);
902 *p++ = (uint8_t)(pps->u.rs.err);
903 n = lws_h2_frame_write(wsi, LWS_H2_FRAME_TYPE_RST_STREAM,
904 0, pps->u.rs.sid, 4, &set[LWS_PRE]);
905 if (n != 4) {
906 lwsl_info("send %d %d\n", n, m);
907 goto bail;
908 }
909 cwsi = lws_wsi_mux_from_id(wsi, pps->u.rs.sid);
910 if (cwsi) {
911 lwsl_debug("%s: closing cwsi %s %s %s (wsi %s)\n",
912 __func__, lws_wsi_tag(cwsi),
913 cwsi->role_ops->name,
914 cwsi->a.protocol->name, lws_wsi_tag(wsi));
915 lws_close_free_wsi(cwsi, 0, "reset stream");
916 }
917 break;
918
919 case LWS_H2_PPS_UPDATE_WINDOW:
920 lwsl_info("Issuing LWS_H2_PPS_UPDATE_WINDOW: sid %d: add %d\n",
921 (int)pps->u.update_window.sid,
922 (int)pps->u.update_window.credit);
923 *p++ = (uint8_t)((pps->u.update_window.credit >> 24) & 0x7f); /* 31b */
924 *p++ = (uint8_t)(pps->u.update_window.credit >> 16);
925 *p++ = (uint8_t)(pps->u.update_window.credit >> 8);
926 *p++ = (uint8_t)(pps->u.update_window.credit);
927 n = lws_h2_frame_write(wsi, LWS_H2_FRAME_TYPE_WINDOW_UPDATE,
928 0, pps->u.update_window.sid, 4,
929 &set[LWS_PRE]);
930 if (n != 4) {
931 lwsl_info("send %d %d\n", n, m);
932 goto bail;
933 }
934 break;
935
936 default:
937 break;
938 }
939
940 lws_free(pps);
941
942 return 0;
943
944 bail:
945 lws_free(pps);
946
947 return 1;
948 }
949
950 static int
951 lws_h2_parse_end_of_frame(struct lws *wsi);
952
953 /*
954 * The frame header part has just completely arrived.
955 * Perform actions for header completion.
956 */
957 static int
lws_h2_parse_frame_header(struct lws * wsi)958 lws_h2_parse_frame_header(struct lws *wsi)
959 {
960 struct lws_h2_netconn *h2n = wsi->h2.h2n;
961 struct lws_h2_protocol_send *pps;
962 int n;
963
964 /*
965 * We just got the frame header
966 */
967 h2n->count = 0;
968 h2n->swsi = wsi;
969 /* b31 is a reserved bit */
970 h2n->sid = h2n->sid & 0x7fffffff;
971
972 if (h2n->sid && !(h2n->sid & 1)) {
973 char pes[32];
974 lws_snprintf(pes, sizeof(pes), "Even Stream ID 0x%x", (unsigned int)h2n->sid);
975 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, pes);
976
977 return 0;
978 }
979
980 /* let the network wsi live a bit longer if subs are active */
981
982 if (!wsi->immortal_substream_count)
983 lws_set_timeout(wsi, PENDING_TIMEOUT_HTTP_KEEPALIVE_IDLE,
984 wsi->a.vhost->keepalive_timeout ?
985 wsi->a.vhost->keepalive_timeout : 31);
986
987 if (h2n->sid)
988 h2n->swsi = lws_wsi_mux_from_id(wsi, h2n->sid);
989
990 lwsl_debug("%s (%s): fr hdr: typ 0x%x, fla 0x%x, sid 0x%x, len 0x%x\n",
991 lws_wsi_tag(wsi), lws_wsi_tag(h2n->swsi), h2n->type,
992 h2n->flags, (unsigned int)h2n->sid, (unsigned int)h2n->length);
993
994 if (h2n->we_told_goaway && h2n->sid > h2n->highest_sid)
995 h2n->type = LWS_H2_FRAME_TYPE_COUNT; /* ie, IGNORE */
996
997 if (h2n->type >= LWS_H2_FRAME_TYPE_COUNT) {
998 lwsl_info("%s: ignoring unknown frame type %d (len %d)\n", __func__, h2n->type, (unsigned int)h2n->length);
999 /* we MUST ignore frames we don't understand */
1000 h2n->type = LWS_H2_FRAME_TYPE_COUNT;
1001 }
1002
1003 /*
1004 * Even if we have decided to logically ignore this frame, we must
1005 * consume the correct "frame length" amount of data to retain sync
1006 */
1007
1008 if (h2n->length > h2n->our_set.s[H2SET_MAX_FRAME_SIZE]) {
1009 /*
1010 * peer sent us something bigger than we told
1011 * it we would allow
1012 */
1013 lwsl_info("%s: received oversize frame %d\n", __func__,
1014 (unsigned int)h2n->length);
1015 lws_h2_goaway(wsi, H2_ERR_FRAME_SIZE_ERROR,
1016 "Peer ignored our frame size setting");
1017 return 1;
1018 }
1019
1020 if (h2n->swsi)
1021 lwsl_info("%s: %s, State: %s, received cmd %d\n",
1022 __func__, lws_wsi_tag(h2n->swsi),
1023 h2_state_names[h2n->swsi->h2.h2_state], h2n->type);
1024 else {
1025 /* if it's data, either way no swsi means CLOSED state */
1026 if (h2n->type == LWS_H2_FRAME_TYPE_DATA) {
1027 if (h2n->sid <= h2n->highest_sid_opened
1028 #if defined(LWS_WITH_CLIENT)
1029 && wsi->client_h2_alpn
1030 #endif
1031 ) {
1032 lwsl_notice("ignoring straggling data fl 0x%x\n",
1033 h2n->flags);
1034 /* ie, IGNORE */
1035 h2n->type = LWS_H2_FRAME_TYPE_COUNT;
1036 } else {
1037 lwsl_info("%s: received %d bytes data for unknown sid %d, highest known %d\n",
1038 __func__, (int)h2n->length, (int)h2n->sid, (int)h2n->highest_sid_opened);
1039
1040 // if (h2n->sid > h2n->highest_sid_opened) {
1041 lws_h2_goaway(wsi, H2_ERR_STREAM_CLOSED,
1042 "Data for nonexistent sid");
1043 return 0;
1044 // }
1045 }
1046 }
1047 /* if the sid is credible, treat as wsi for it closed */
1048 if (h2n->sid > h2n->highest_sid_opened &&
1049 h2n->type != LWS_H2_FRAME_TYPE_HEADERS &&
1050 h2n->type != LWS_H2_FRAME_TYPE_PRIORITY) {
1051 /* if not credible, reject it */
1052 lwsl_info("%s: %s, No child for sid %d, rxcmd %d\n",
1053 __func__, lws_wsi_tag(h2n->swsi), (unsigned int)h2n->sid, h2n->type);
1054 lws_h2_goaway(wsi, H2_ERR_STREAM_CLOSED,
1055 "Data for nonexistent sid");
1056 return 0;
1057 }
1058 }
1059
1060 if (h2n->swsi && h2n->sid && h2n->type != LWS_H2_FRAME_TYPE_COUNT &&
1061 !(http2_rx_validity[h2n->swsi->h2.h2_state] & (1 << h2n->type))) {
1062 lwsl_info("%s: %s, State: %s, ILLEGAL cmdrx %d (OK 0x%x)\n",
1063 __func__, lws_wsi_tag(h2n->swsi),
1064 h2_state_names[h2n->swsi->h2.h2_state], h2n->type,
1065 http2_rx_validity[h2n->swsi->h2.h2_state]);
1066
1067 if (h2n->swsi->h2.h2_state == LWS_H2_STATE_CLOSED ||
1068 h2n->swsi->h2.h2_state == LWS_H2_STATE_HALF_CLOSED_REMOTE)
1069 n = H2_ERR_STREAM_CLOSED;
1070 else
1071 n = H2_ERR_PROTOCOL_ERROR;
1072 lws_h2_goaway(wsi, (unsigned int)n, "invalid rx for state");
1073
1074 return 0;
1075 }
1076
1077 if (h2n->cont_exp && h2n->type != LWS_H2_FRAME_TYPE_COUNT &&
1078 (h2n->cont_exp_sid != h2n->sid ||
1079 h2n->type != LWS_H2_FRAME_TYPE_CONTINUATION)) {
1080 lwsl_info("%s: expected cont on sid %u (got %d on sid %u)\n",
1081 __func__, (unsigned int)h2n->cont_exp_sid, h2n->type,
1082 (unsigned int)h2n->sid);
1083 h2n->cont_exp = 0;
1084 if (h2n->cont_exp_headers)
1085 n = H2_ERR_COMPRESSION_ERROR;
1086 else
1087 n = H2_ERR_PROTOCOL_ERROR;
1088 lws_h2_goaway(wsi, (unsigned int)n, "Continuation hdrs State");
1089
1090 return 0;
1091 }
1092
1093 switch (h2n->type) {
1094 case LWS_H2_FRAME_TYPE_DATA:
1095 lwsl_info("seen incoming LWS_H2_FRAME_TYPE_DATA start\n");
1096 if (!h2n->sid) {
1097 lwsl_info("DATA: 0 sid\n");
1098 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, "DATA 0 sid");
1099 break;
1100 }
1101 lwsl_info("Frame header DATA: sid %u, flags 0x%x, len %u\n",
1102 (unsigned int)h2n->sid, h2n->flags,
1103 (unsigned int)h2n->length);
1104
1105 if (!h2n->swsi) {
1106 lwsl_notice("DATA: NULL swsi\n");
1107 break;
1108 }
1109
1110 lwsl_info("DATA rx on state %d\n", h2n->swsi->h2.h2_state);
1111
1112 if (
1113 h2n->swsi->h2.h2_state == LWS_H2_STATE_HALF_CLOSED_REMOTE ||
1114 h2n->swsi->h2.h2_state == LWS_H2_STATE_CLOSED) {
1115 lws_h2_goaway(wsi, H2_ERR_STREAM_CLOSED, "conn closed");
1116 break;
1117 }
1118
1119 if (h2n->length == 0)
1120 lws_h2_parse_end_of_frame(wsi);
1121
1122 break;
1123
1124 case LWS_H2_FRAME_TYPE_PRIORITY:
1125 lwsl_info("LWS_H2_FRAME_TYPE_PRIORITY complete frame\n");
1126 if (!h2n->sid) {
1127 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1128 "Priority has 0 sid");
1129 break;
1130 }
1131 if (h2n->length != 5) {
1132 lws_h2_goaway(wsi, H2_ERR_FRAME_SIZE_ERROR,
1133 "Priority has length other than 5");
1134 break;
1135 }
1136 break;
1137 case LWS_H2_FRAME_TYPE_PUSH_PROMISE:
1138 lwsl_info("LWS_H2_FRAME_TYPE_PUSH_PROMISE complete frame\n");
1139 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, "Server only");
1140 break;
1141
1142 case LWS_H2_FRAME_TYPE_GOAWAY:
1143 lwsl_debug("LWS_H2_FRAME_TYPE_GOAWAY received\n");
1144 break;
1145
1146 case LWS_H2_FRAME_TYPE_RST_STREAM:
1147 if (!h2n->sid)
1148 return 1;
1149 if (!h2n->swsi) {
1150 if (h2n->sid <= h2n->highest_sid_opened)
1151 break;
1152 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1153 "crazy sid on RST_STREAM");
1154 return 1;
1155 }
1156 if (h2n->length != 4) {
1157 lws_h2_goaway(wsi, H2_ERR_FRAME_SIZE_ERROR,
1158 "RST_STREAM can only be length 4");
1159 break;
1160 }
1161 lws_h2_state(h2n->swsi, LWS_H2_STATE_CLOSED);
1162 break;
1163
1164 case LWS_H2_FRAME_TYPE_SETTINGS:
1165 lwsl_info("LWS_H2_FRAME_TYPE_SETTINGS complete frame\n");
1166 /* nonzero sid on settings is illegal */
1167 if (h2n->sid) {
1168 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1169 "Settings has nonzero sid");
1170 break;
1171 }
1172
1173 if (!(h2n->flags & LWS_H2_FLAG_SETTINGS_ACK)) {
1174 if (h2n->length % 6) {
1175 lws_h2_goaway(wsi, H2_ERR_FRAME_SIZE_ERROR,
1176 "Settings length error");
1177 break;
1178 }
1179
1180 if (h2n->type == LWS_H2_FRAME_TYPE_COUNT)
1181 return 0;
1182
1183 if (wsi->upgraded_to_http2 &&
1184 #if defined(LWS_WITH_CLIENT)
1185 (!(wsi->flags & LCCSCF_H2_QUIRK_NGHTTP2_END_STREAM) ||
1186 #else
1187 (
1188 #endif
1189 !wsi->h2_acked_settings)) {
1190
1191 pps = lws_h2_new_pps(LWS_H2_PPS_ACK_SETTINGS);
1192 if (!pps)
1193 return 1;
1194 lws_pps_schedule(wsi, pps);
1195 wsi->h2_acked_settings = 1;
1196 }
1197 break;
1198 }
1199 /* came to us with ACK set... not allowed to have payload */
1200
1201 if (h2n->length) {
1202 lws_h2_goaway(wsi, H2_ERR_FRAME_SIZE_ERROR,
1203 "Settings with ACK not allowed payload");
1204 break;
1205 }
1206 break;
1207 case LWS_H2_FRAME_TYPE_PING:
1208 if (h2n->sid) {
1209 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1210 "Ping has nonzero sid");
1211 break;
1212 }
1213 if (h2n->length != 8) {
1214 lws_h2_goaway(wsi, H2_ERR_FRAME_SIZE_ERROR,
1215 "Ping payload can only be 8");
1216 break;
1217 }
1218 break;
1219 case LWS_H2_FRAME_TYPE_CONTINUATION:
1220 lwsl_info("LWS_H2_FRAME_TYPE_CONTINUATION: sid = %u %d %d\n",
1221 (unsigned int)h2n->sid, (int)h2n->cont_exp,
1222 (int)h2n->cont_exp_sid);
1223
1224 if (!h2n->cont_exp ||
1225 h2n->cont_exp_sid != h2n->sid ||
1226 !h2n->sid ||
1227 !h2n->swsi) {
1228 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1229 "unexpected CONTINUATION");
1230 break;
1231 }
1232
1233 if (h2n->swsi->h2.END_HEADERS) {
1234 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1235 "END_HEADERS already seen");
1236 break;
1237 }
1238 /* END_STREAM is in HEADERS, skip resetting it */
1239 goto update_end_headers;
1240
1241 case LWS_H2_FRAME_TYPE_HEADERS:
1242 lwsl_info("HEADERS: frame header: sid = %u\n",
1243 (unsigned int)h2n->sid);
1244 if (!h2n->sid) {
1245 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, "sid 0");
1246 return 1;
1247 }
1248
1249 if (h2n->swsi && !h2n->swsi->h2.END_STREAM &&
1250 h2n->swsi->h2.END_HEADERS &&
1251 !(h2n->flags & LWS_H2_FLAG_END_STREAM)) {
1252 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1253 "extra HEADERS together");
1254 return 1;
1255 }
1256
1257 #if defined(LWS_WITH_CLIENT)
1258 if (wsi->client_h2_alpn) {
1259 if (h2n->sid) {
1260 h2n->swsi = lws_wsi_mux_from_id(wsi, h2n->sid);
1261 lwsl_info("HEADERS: nwsi %s: sid %u mapped "
1262 "to wsi %s\n", lws_wsi_tag(wsi),
1263 (unsigned int)h2n->sid,
1264 lws_wsi_tag(h2n->swsi));
1265 if (!h2n->swsi)
1266 break;
1267 }
1268 goto update_end_headers;
1269 }
1270 #endif
1271
1272 if (!h2n->swsi) {
1273 /* no more children allowed by parent */
1274 if (wsi->mux.child_count + 1 >
1275 wsi->h2.h2n->our_set.s[H2SET_MAX_CONCURRENT_STREAMS]) {
1276 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1277 "Another stream not allowed");
1278
1279 return 1;
1280 }
1281
1282 /*
1283 * The peer has sent us a HEADERS implying the creation
1284 * of a new stream
1285 */
1286
1287 lws_context_lock(wsi->a.context, "h2 new str");
1288 lws_vhost_lock(wsi->a.vhost);
1289
1290 h2n->swsi = __lws_wsi_server_new(wsi->a.vhost, wsi,
1291 h2n->sid);
1292
1293 lws_vhost_unlock(wsi->a.vhost);
1294 lws_context_unlock(wsi->a.context);
1295
1296 if (!h2n->swsi) {
1297 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1298 "OOM");
1299
1300 return 1;
1301 }
1302
1303 if (h2n->sid >= h2n->highest_sid)
1304 h2n->highest_sid = h2n->sid + 2;
1305
1306 h2n->swsi->h2.initialized = 1;
1307
1308 if (lws_h2_update_peer_txcredit(h2n->swsi,
1309 h2n->swsi->mux.my_sid, 4 * 65536))
1310 goto cleanup_wsi;
1311 }
1312
1313 /*
1314 * ah needs attaching to child wsi, even though
1315 * we only fill it from network wsi
1316 */
1317 if (!h2n->swsi->http.ah)
1318 if (lws_header_table_attach(h2n->swsi, 0)) {
1319 lwsl_err("%s: Failed to get ah\n", __func__);
1320 return 1;
1321 }
1322
1323 /*
1324 * The first use of a new stream identifier implicitly closes
1325 * all streams in the "idle" state that might have been
1326 * initiated by that peer with a lower-valued stream identifier.
1327 *
1328 * For example, if a client sends a HEADERS frame on stream 7
1329 * without ever sending a frame on stream 5, then stream 5
1330 * transitions to the "closed" state when the first frame for
1331 * stream 7 is sent or received.
1332 */
1333 lws_start_foreach_ll(struct lws *, w, wsi->mux.child_list) {
1334 if (w->mux.my_sid < h2n->sid &&
1335 w->h2.h2_state == LWS_H2_STATE_IDLE)
1336 lws_close_free_wsi(w, 0, "h2 sid close");
1337 assert(w->mux.sibling_list != w);
1338 } lws_end_foreach_ll(w, mux.sibling_list);
1339
1340 h2n->cont_exp = !(h2n->flags & LWS_H2_FLAG_END_HEADERS);
1341 h2n->cont_exp_sid = h2n->sid;
1342 h2n->cont_exp_headers = 1;
1343 // lws_header_table_reset(h2n->swsi, 0);
1344
1345 update_end_headers:
1346 if (lws_check_opt(h2n->swsi->a.vhost->options,
1347 LWS_SERVER_OPTION_VH_H2_HALF_CLOSED_LONG_POLL)) {
1348
1349 /*
1350 * We don't directly timeout streams that enter the
1351 * half-closed remote state, allowing immortal long
1352 * poll
1353 */
1354 lws_mux_mark_immortal(h2n->swsi);
1355 lwsl_info("%s: %s: h2 stream entering long poll\n",
1356 __func__, lws_wsi_tag(h2n->swsi));
1357
1358 } else {
1359 h2n->swsi->h2.END_STREAM =
1360 !!(h2n->flags & LWS_H2_FLAG_END_STREAM);
1361 lwsl_debug("%s: hdr END_STREAM = %d\n",__func__,
1362 h2n->swsi->h2.END_STREAM);
1363 }
1364
1365 /* no END_HEADERS means CONTINUATION must come */
1366 h2n->swsi->h2.END_HEADERS =
1367 !!(h2n->flags & LWS_H2_FLAG_END_HEADERS);
1368 lwsl_info("%s: %s: END_HEADERS %d\n", __func__, lws_wsi_tag(h2n->swsi),
1369 h2n->swsi->h2.END_HEADERS);
1370 if (h2n->swsi->h2.END_HEADERS)
1371 h2n->cont_exp = 0;
1372 lwsl_debug("END_HEADERS %d\n", h2n->swsi->h2.END_HEADERS);
1373 break;
1374
1375 cleanup_wsi:
1376
1377 return 1;
1378
1379 case LWS_H2_FRAME_TYPE_WINDOW_UPDATE:
1380 if (h2n->length != 4) {
1381 lws_h2_goaway(wsi, H2_ERR_FRAME_SIZE_ERROR,
1382 "window update frame not 4");
1383 break;
1384 }
1385 lwsl_info("LWS_H2_FRAME_TYPE_WINDOW_UPDATE\n");
1386 break;
1387 case LWS_H2_FRAME_TYPE_COUNT:
1388 if (h2n->length == 0)
1389 lws_h2_parse_end_of_frame(wsi);
1390 else
1391 lwsl_debug("%s: going on to deal with unknown frame remaining len %d\n", __func__, (unsigned int)h2n->length);
1392 break;
1393 default:
1394 lwsl_info("%s: ILLEGAL FRAME TYPE %d\n", __func__, h2n->type);
1395 h2n->type = LWS_H2_FRAME_TYPE_COUNT; /* ie, IGNORE */
1396 break;
1397 }
1398 if (h2n->length == 0)
1399 h2n->frame_state = 0;
1400
1401 return 0;
1402 }
1403
1404 static const char * const method_names[] = {
1405 "GET", "POST",
1406 #if defined(LWS_WITH_HTTP_UNCOMMON_HEADERS)
1407 "OPTIONS", "PUT", "PATCH", "DELETE",
1408 #endif
1409 "CONNECT", "HEAD"
1410 };
1411 static unsigned char method_index[] = {
1412 WSI_TOKEN_GET_URI,
1413 WSI_TOKEN_POST_URI,
1414 #if defined(LWS_WITH_HTTP_UNCOMMON_HEADERS)
1415 WSI_TOKEN_OPTIONS_URI,
1416 WSI_TOKEN_PUT_URI,
1417 WSI_TOKEN_PATCH_URI,
1418 WSI_TOKEN_DELETE_URI,
1419 #endif
1420 WSI_TOKEN_CONNECT,
1421 WSI_TOKEN_HEAD_URI,
1422 };
1423
1424 /*
1425 * The last byte of the whole frame has been handled.
1426 * Perform actions for frame completion.
1427 *
1428 * This is the crunch time for parsing that may have occured on a network
1429 * wsi with a pending partial send... we may call lws_http_action() to send
1430 * a response, conflicting with the partial.
1431 *
1432 * So in that case we change the wsi state and do the lws_http_action() in the
1433 * WRITABLE handler as a priority.
1434 */
1435 static int
lws_h2_parse_end_of_frame(struct lws * wsi)1436 lws_h2_parse_end_of_frame(struct lws *wsi)
1437 {
1438 struct lws_h2_netconn *h2n = wsi->h2.h2n;
1439 struct lws *eff_wsi = wsi;
1440 const char *p;
1441 int n;
1442
1443 h2n->frame_state = 0;
1444 h2n->count = 0;
1445
1446 if (h2n->sid)
1447 h2n->swsi = lws_wsi_mux_from_id(wsi, h2n->sid);
1448
1449 if (h2n->sid > h2n->highest_sid)
1450 h2n->highest_sid = h2n->sid;
1451
1452 if (h2n->collected_priority && (h2n->dep & ~(1u << 31)) == h2n->sid) {
1453 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, "depends on own sid");
1454 return 0;
1455 }
1456
1457 switch (h2n->type) {
1458
1459 case LWS_H2_FRAME_TYPE_SETTINGS:
1460
1461 #if defined(LWS_WITH_CLIENT)
1462 if (wsi->client_h2_alpn && !wsi->client_mux_migrated &&
1463 !(h2n->flags & LWS_H2_FLAG_SETTINGS_ACK)) {
1464 struct lws_h2_protocol_send *pps;
1465
1466 /* migrate original client ask on to substream 1 */
1467 #if defined(LWS_WITH_FILE_OPS)
1468 wsi->http.fop_fd = NULL;
1469 #endif
1470 lwsl_info("%s: migrating\n", __func__);
1471 wsi->client_mux_migrated = 1;
1472 /*
1473 * we need to treat the headers from the upgrade as the
1474 * first job. So these need to get shifted to sid 1.
1475 */
1476 lws_context_lock(wsi->a.context, "h2 mig");
1477 lws_vhost_lock(wsi->a.vhost);
1478
1479 h2n->swsi = __lws_wsi_server_new(wsi->a.vhost, wsi, 1);
1480
1481 lws_vhost_unlock(wsi->a.vhost);
1482 lws_context_unlock(wsi->a.context);
1483
1484 if (!h2n->swsi)
1485 return 1;
1486 h2n->sid = 1;
1487
1488 assert(lws_wsi_mux_from_id(wsi, 1) == h2n->swsi);
1489
1490 // lws_role_transition(wsi, LWSIFR_CLIENT,
1491 // LRS_H2_WAITING_TO_SEND_HEADERS,
1492 // &role_ops_h2);
1493
1494 lws_role_transition(h2n->swsi, LWSIFR_CLIENT,
1495 LRS_H2_WAITING_TO_SEND_HEADERS,
1496 &role_ops_h2);
1497
1498 /* pass on the initial headers to SID 1 */
1499 h2n->swsi->http.ah = wsi->http.ah;
1500 #if defined(LWS_WITH_SYS_FAULT_INJECTION)
1501 lws_fi_import(&h2n->swsi->fic, &wsi->fic);
1502 #endif
1503 h2n->swsi->client_mux_substream = 1;
1504 h2n->swsi->client_h2_alpn = 1;
1505 #if defined(LWS_WITH_CLIENT)
1506 h2n->swsi->flags = wsi->flags;
1507 #if defined(LWS_WITH_CONMON)
1508 /* sid1 needs to represent the connection experience
1509 * ... we take over responsibility for the DNS list
1510 * copy as well
1511 */
1512 h2n->swsi->conmon = wsi->conmon;
1513 h2n->swsi->conmon_datum = wsi->conmon_datum;
1514 h2n->swsi->sa46_peer = wsi->sa46_peer;
1515 wsi->conmon.dns_results_copy = NULL;
1516 #endif
1517 #endif /* CLIENT */
1518
1519 #if defined(LWS_WITH_SECURE_STREAMS)
1520 if (wsi->for_ss) {
1521 lws_ss_handle_t *h = (lws_ss_handle_t *)lws_get_opaque_user_data(wsi);
1522
1523 h2n->swsi->for_ss = 1;
1524 wsi->for_ss = 0;
1525
1526 if (h->wsi == wsi)
1527 h->wsi = h2n->swsi;
1528 }
1529 #endif
1530
1531 h2n->swsi->a.protocol = wsi->a.protocol;
1532 if (h2n->swsi->user_space &&
1533 !h2n->swsi->user_space_externally_allocated)
1534 lws_free(h2n->swsi->user_space);
1535 h2n->swsi->user_space = wsi->user_space;
1536 h2n->swsi->user_space_externally_allocated =
1537 wsi->user_space_externally_allocated;
1538 h2n->swsi->a.opaque_user_data = wsi->a.opaque_user_data;
1539 wsi->a.opaque_user_data = NULL;
1540 h2n->swsi->txc.manual_initial_tx_credit =
1541 wsi->txc.manual_initial_tx_credit;
1542
1543 #if defined(LWS_WITH_TLS)
1544 lws_strncpy(h2n->swsi->alpn, wsi->alpn,
1545 sizeof(wsi->alpn));
1546 #endif
1547
1548 wsi->user_space = NULL;
1549
1550 if (h2n->swsi->http.ah)
1551 h2n->swsi->http.ah->wsi = h2n->swsi;
1552 wsi->http.ah = NULL;
1553
1554 lwsl_info("%s: MIGRATING nwsi %s -> swsi %s\n", __func__,
1555 lws_wsi_tag(wsi), lws_wsi_tag(h2n->swsi));
1556 h2n->swsi->txc.tx_cr = (int32_t)
1557 h2n->peer_set.s[H2SET_INITIAL_WINDOW_SIZE];
1558 lwsl_info("%s: initial tx credit on %s: %d\n",
1559 __func__, lws_wsi_tag(h2n->swsi),
1560 (int)h2n->swsi->txc.tx_cr);
1561 h2n->swsi->h2.initialized = 1;
1562
1563 /* set our initial window size */
1564 if (!wsi->h2.initialized) {
1565 wsi->txc.tx_cr = (int32_t)
1566 h2n->peer_set.s[H2SET_INITIAL_WINDOW_SIZE];
1567
1568 lwsl_info("%s: initial tx credit for us to "
1569 "write on nwsi %s: %d\n", __func__,
1570 lws_wsi_tag(wsi), (int)wsi->txc.tx_cr);
1571 wsi->h2.initialized = 1;
1572 }
1573
1574 lws_callback_on_writable(h2n->swsi);
1575
1576 if (!wsi->h2_acked_settings ||
1577 !(wsi->flags & LCCSCF_H2_QUIRK_NGHTTP2_END_STREAM)
1578 ) {
1579 pps = lws_h2_new_pps(LWS_H2_PPS_ACK_SETTINGS);
1580 if (!pps)
1581 return 1;
1582 lws_pps_schedule(wsi, pps);
1583 lwsl_info("%s: SETTINGS ack PPS\n", __func__);
1584 wsi->h2_acked_settings = 1;
1585 }
1586
1587 /* also attach any queued guys */
1588
1589 lws_wsi_mux_apply_queue(wsi);
1590 }
1591 #endif
1592 break;
1593
1594 case LWS_H2_FRAME_TYPE_CONTINUATION:
1595 case LWS_H2_FRAME_TYPE_HEADERS:
1596
1597 if (!h2n->swsi)
1598 break;
1599
1600 /* service the http request itself */
1601
1602 if (h2n->last_action_dyntable_resize) {
1603 lws_h2_goaway(wsi, H2_ERR_COMPRESSION_ERROR,
1604 "dyntable resize last in headers");
1605 break;
1606 }
1607
1608 if (!h2n->swsi->h2.END_HEADERS) {
1609 /* we are not finished yet */
1610 lwsl_info("witholding http action for continuation\n");
1611 h2n->cont_exp_sid = h2n->sid;
1612 h2n->cont_exp = 1;
1613 break;
1614 }
1615
1616 /* confirm the hpack stream state is reasonable for finishing */
1617
1618 if (h2n->hpack != HPKS_TYPE) {
1619 /* hpack incomplete */
1620 lwsl_info("hpack incomplete %d (type %d, len %u)\n",
1621 h2n->hpack, h2n->type,
1622 (unsigned int)h2n->hpack_len);
1623 lws_h2_goaway(wsi, H2_ERR_COMPRESSION_ERROR,
1624 "hpack incomplete");
1625 break;
1626 }
1627
1628 /* this is the last part of HEADERS */
1629 switch (h2n->swsi->h2.h2_state) {
1630 case LWS_H2_STATE_IDLE:
1631 lws_h2_state(h2n->swsi, LWS_H2_STATE_OPEN);
1632 break;
1633 case LWS_H2_STATE_RESERVED_REMOTE:
1634 lws_h2_state(h2n->swsi, LWS_H2_STATE_HALF_CLOSED_LOCAL);
1635 break;
1636 }
1637
1638 lwsl_info("http req, %s, h2n->swsi=%s\n", lws_wsi_tag(wsi),
1639 lws_wsi_tag(h2n->swsi));
1640 h2n->swsi->hdr_parsing_completed = 1;
1641
1642 #if defined(LWS_WITH_CLIENT)
1643 if (h2n->swsi->client_mux_substream &&
1644 lws_client_interpret_server_handshake(h2n->swsi)) {
1645 /*
1646 * This is more complicated than it looks, one exit from
1647 * interpret_server_handshake() is to do a close that
1648 * turns into a redirect.
1649 *
1650 * In that case, the wsi survives having being reset
1651 * and detached from any h2 identity. We need to get
1652 * our parents out from touching it any more
1653 */
1654 lwsl_info("%s: cli int serv hs closed, or redir\n", __func__);
1655 return 2;
1656 }
1657 #endif
1658
1659 if (lws_hdr_extant(h2n->swsi, WSI_TOKEN_HTTP_CONTENT_LENGTH)) {
1660 const char *simp = lws_hdr_simple_ptr(h2n->swsi,
1661 WSI_TOKEN_HTTP_CONTENT_LENGTH);
1662
1663 if (!simp) /* coverity */
1664 return 1;
1665 h2n->swsi->http.rx_content_length = (unsigned long long)atoll(simp);
1666 h2n->swsi->http.rx_content_remain =
1667 h2n->swsi->http.rx_content_length;
1668 h2n->swsi->http.content_length_given = 1;
1669 lwsl_info("setting rx_content_length %lld\n",
1670 (long long)h2n->swsi->http.rx_content_length);
1671 }
1672
1673 {
1674 int n = 0, len;
1675 char buf[256];
1676 const unsigned char *c;
1677
1678 do {
1679 c = lws_token_to_string((enum lws_token_indexes)n);
1680 if (!c) {
1681 n++;
1682 continue;
1683 }
1684
1685 len = lws_hdr_total_length(h2n->swsi, (enum lws_token_indexes)n);
1686 if (!len || len > (int)sizeof(buf) - 1) {
1687 n++;
1688 continue;
1689 }
1690
1691 if (lws_hdr_copy(h2n->swsi, buf, sizeof buf,
1692 (enum lws_token_indexes)n) < 0) {
1693 lwsl_info(" %s !oversize!\n",
1694 (char *)c);
1695 } else {
1696 buf[sizeof(buf) - 1] = '\0';
1697
1698 lwsl_info(" %s = %s\n",
1699 (char *)c, buf);
1700 }
1701 n++;
1702 } while (c);
1703 }
1704
1705 if (h2n->swsi->h2.h2_state == LWS_H2_STATE_HALF_CLOSED_REMOTE ||
1706 h2n->swsi->h2.h2_state == LWS_H2_STATE_CLOSED) {
1707 lws_h2_goaway(wsi, H2_ERR_STREAM_CLOSED,
1708 "Banning service on CLOSED_REMOTE");
1709 break;
1710 }
1711
1712 switch (h2n->swsi->h2.h2_state) {
1713 case LWS_H2_STATE_IDLE:
1714 lws_h2_state(h2n->swsi, LWS_H2_STATE_OPEN);
1715 break;
1716 case LWS_H2_STATE_OPEN:
1717 if (h2n->swsi->h2.END_STREAM)
1718 lws_h2_state(h2n->swsi,
1719 LWS_H2_STATE_HALF_CLOSED_REMOTE);
1720 break;
1721 case LWS_H2_STATE_HALF_CLOSED_LOCAL:
1722 if (h2n->swsi->h2.END_STREAM)
1723 /*
1724 * action the END_STREAM
1725 */
1726 lws_h2_state(h2n->swsi, LWS_H2_STATE_CLOSED);
1727 break;
1728 }
1729
1730 #if defined(LWS_WITH_CLIENT)
1731
1732 /*
1733 * If we already had the END_STREAM along with the END_HEADERS,
1734 * we have already transitioned to STATE_CLOSED and we are not
1735 * going to be doing anything further on this stream.
1736 *
1737 * In that case handle the transaction completion and
1738 * finalize the stream for the peer
1739 */
1740
1741 if (h2n->swsi->h2.h2_state == LWS_H2_STATE_CLOSED &&
1742 h2n->swsi->client_mux_substream) {
1743
1744 lws_h2_rst_stream(h2n->swsi, H2_ERR_NO_ERROR,
1745 "client done");
1746
1747 if (lws_http_transaction_completed_client(h2n->swsi))
1748 lwsl_debug("tx completed returned close\n");
1749 break;
1750 }
1751
1752 if (h2n->swsi->client_mux_substream) {
1753 lwsl_info("%s: %s: headers: client path (h2 state %s)\n",
1754 __func__, lws_wsi_tag(wsi),
1755 h2_state_names[h2n->swsi->h2.h2_state]);
1756 break;
1757 }
1758 #endif
1759
1760 if (!lws_hdr_total_length(h2n->swsi, WSI_TOKEN_HTTP_COLON_PATH) ||
1761 !lws_hdr_total_length(h2n->swsi, WSI_TOKEN_HTTP_COLON_METHOD) ||
1762 !lws_hdr_total_length(h2n->swsi, WSI_TOKEN_HTTP_COLON_SCHEME) ||
1763 lws_hdr_total_length(h2n->swsi, WSI_TOKEN_HTTP_COLON_STATUS) ||
1764 lws_hdr_extant(h2n->swsi, WSI_TOKEN_CONNECTION)) {
1765 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1766 "Pseudoheader checks");
1767 break;
1768 }
1769
1770 if (lws_hdr_extant(h2n->swsi, WSI_TOKEN_TE)) {
1771 n = lws_hdr_total_length(h2n->swsi, WSI_TOKEN_TE);
1772
1773 if (n != 8 ||
1774 !lws_hdr_simple_ptr(h2n->swsi, WSI_TOKEN_TE) ||
1775 strncmp(lws_hdr_simple_ptr(h2n->swsi, WSI_TOKEN_TE),
1776 "trailers", (unsigned int)n)) {
1777 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1778 "Illegal transfer-encoding");
1779 break;
1780 }
1781 }
1782
1783 #if defined(LWS_WITH_HTTP_STREAM_COMPRESSION)
1784 lws_http_compression_validate(h2n->swsi);
1785 #endif
1786
1787 p = lws_hdr_simple_ptr(h2n->swsi, WSI_TOKEN_HTTP_COLON_METHOD);
1788 /*
1789 * duplicate :path into the individual method uri header
1790 * index, so that it looks the same as h1 in the ah
1791 */
1792 for (n = 0; n < (int)LWS_ARRAY_SIZE(method_names); n++)
1793 if (p && !strcasecmp(p, method_names[n])) {
1794 h2n->swsi->http.ah->frag_index[method_index[n]] =
1795 h2n->swsi->http.ah->frag_index[
1796 WSI_TOKEN_HTTP_COLON_PATH];
1797 break;
1798 }
1799
1800 {
1801 lwsl_debug("%s: setting DEF_ACT from 0x%x\n", __func__,
1802 (unsigned int)h2n->swsi->wsistate);
1803 lwsi_set_state(h2n->swsi, LRS_DEFERRING_ACTION);
1804 lws_callback_on_writable(h2n->swsi);
1805 }
1806 break;
1807
1808 case LWS_H2_FRAME_TYPE_DATA:
1809 lwsl_info("%s: DATA flags 0x%x\n", __func__, h2n->flags);
1810 if (!h2n->swsi)
1811 break;
1812
1813 if (lws_hdr_total_length(h2n->swsi,
1814 WSI_TOKEN_HTTP_CONTENT_LENGTH) &&
1815 h2n->swsi->h2.END_STREAM &&
1816 h2n->swsi->http.rx_content_length &&
1817 h2n->swsi->http.rx_content_remain) {
1818 lws_h2_rst_stream(h2n->swsi, H2_ERR_PROTOCOL_ERROR,
1819 "Not enough rx content");
1820 break;
1821 }
1822
1823 if (h2n->swsi->h2.END_STREAM &&
1824 h2n->swsi->h2.h2_state == LWS_H2_STATE_OPEN)
1825 lws_h2_state(h2n->swsi,
1826 LWS_H2_STATE_HALF_CLOSED_REMOTE);
1827
1828 if (h2n->swsi->h2.END_STREAM &&
1829 h2n->swsi->h2.h2_state == LWS_H2_STATE_HALF_CLOSED_LOCAL)
1830 lws_h2_state(h2n->swsi, LWS_H2_STATE_CLOSED);
1831
1832 #if defined(LWS_WITH_CLIENT)
1833 /*
1834 * client... remote END_STREAM implies we weren't going to
1835 * send anything else anyway.
1836 */
1837
1838 if (h2n->swsi->client_mux_substream &&
1839 (h2n->flags & LWS_H2_FLAG_END_STREAM)) {
1840 lwsl_info("%s: %s: DATA: end stream\n",
1841 __func__, lws_wsi_tag(h2n->swsi));
1842
1843 if (h2n->swsi->h2.h2_state == LWS_H2_STATE_OPEN) {
1844 lws_h2_state(h2n->swsi,
1845 LWS_H2_STATE_HALF_CLOSED_REMOTE);
1846 // lws_h2_rst_stream(h2n->swsi, H2_ERR_NO_ERROR,
1847 // "client done");
1848
1849 // if (lws_http_transaction_completed_client(h2n->swsi))
1850 // lwsl_debug("tx completed returned close\n");
1851 }
1852
1853 //if (h2n->swsi->h2.h2_state == LWS_H2_STATE_HALF_CLOSED_LOCAL)
1854 {
1855 lws_h2_state(h2n->swsi, LWS_H2_STATE_CLOSED);
1856
1857 lws_h2_rst_stream(h2n->swsi, H2_ERR_NO_ERROR,
1858 "client done");
1859
1860 if (lws_http_transaction_completed_client(h2n->swsi))
1861 lwsl_debug("tx completed returned close\n");
1862 }
1863 }
1864 #endif
1865 break;
1866
1867 case LWS_H2_FRAME_TYPE_PING:
1868 if (h2n->flags & LWS_H2_FLAG_SETTINGS_ACK)
1869 lws_validity_confirmed(wsi);
1870 else {
1871 /* they're sending us a ping request */
1872 struct lws_h2_protocol_send *pps =
1873 lws_h2_new_pps(LWS_H2_PPS_PONG);
1874 if (!pps)
1875 return 1;
1876
1877 lwsl_info("rx ping, preparing pong\n");
1878
1879 memcpy(pps->u.ping.ping_payload, h2n->ping_payload, 8);
1880 lws_pps_schedule(wsi, pps);
1881 }
1882
1883 break;
1884
1885 case LWS_H2_FRAME_TYPE_WINDOW_UPDATE:
1886 /*
1887 * We only have an unsigned 31-bit (positive) increment possible
1888 */
1889 h2n->hpack_e_dep &= ~(1u << 31);
1890 lwsl_info("WINDOW_UPDATE: sid %u %u (0x%x)\n",
1891 (unsigned int)h2n->sid,
1892 (unsigned int)h2n->hpack_e_dep,
1893 (unsigned int)h2n->hpack_e_dep);
1894
1895 if (h2n->sid)
1896 eff_wsi = h2n->swsi;
1897
1898 if (!eff_wsi) {
1899 if (h2n->sid > h2n->highest_sid_opened)
1900 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1901 "alien sid");
1902 break; /* ignore */
1903 }
1904
1905 if (eff_wsi->a.vhost->options &
1906 LWS_SERVER_OPTION_H2_JUST_FIX_WINDOW_UPDATE_OVERFLOW &&
1907 (uint64_t)eff_wsi->txc.tx_cr + (uint64_t)h2n->hpack_e_dep >
1908 (uint64_t)0x7fffffff)
1909 h2n->hpack_e_dep = (uint32_t)(0x7fffffff - eff_wsi->txc.tx_cr);
1910
1911 if ((uint64_t)eff_wsi->txc.tx_cr + (uint64_t)h2n->hpack_e_dep >
1912 (uint64_t)0x7fffffff) {
1913 lwsl_warn("%s: WINDOW_UPDATE 0x%llx + 0x%llx = 0x%llx, too high\n",
1914 __func__, (unsigned long long)eff_wsi->txc.tx_cr,
1915 (unsigned long long)h2n->hpack_e_dep,
1916 (unsigned long long)eff_wsi->txc.tx_cr + (unsigned long long)h2n->hpack_e_dep);
1917 if (h2n->sid)
1918 lws_h2_rst_stream(h2n->swsi,
1919 H2_ERR_FLOW_CONTROL_ERROR,
1920 "Flow control exceeded max");
1921 else
1922 lws_h2_goaway(wsi, H2_ERR_FLOW_CONTROL_ERROR,
1923 "Flow control exceeded max");
1924 break;
1925 }
1926
1927 if (!h2n->hpack_e_dep) {
1928 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1929 "Zero length window update");
1930 break;
1931 }
1932 n = eff_wsi->txc.tx_cr;
1933 eff_wsi->txc.tx_cr += (int32_t)h2n->hpack_e_dep;
1934
1935 lws_wsi_txc_report_manual_txcr_in(eff_wsi,
1936 (int32_t)h2n->hpack_e_dep);
1937
1938 lws_wsi_txc_describe(&eff_wsi->txc, "WINDOW_UPDATE in",
1939 eff_wsi->mux.my_sid);
1940
1941 if (n <= 0 && eff_wsi->txc.tx_cr <= 0)
1942 /* it helps, but won't change sendability for anyone */
1943 break;
1944
1945 /*
1946 * It may have changed sendability (depends on SID 0 tx credit
1947 * too)... for us and any children waiting on us... reassess
1948 * blockage for all children first
1949 */
1950 lws_start_foreach_ll(struct lws *, w, wsi->mux.child_list) {
1951 lws_callback_on_writable(w);
1952 } lws_end_foreach_ll(w, mux.sibling_list);
1953
1954 if (eff_wsi->txc.skint &&
1955 !lws_wsi_txc_check_skint(&eff_wsi->txc,
1956 lws_h2_tx_cr_get(eff_wsi)))
1957 /*
1958 * This one became un-skint, schedule a writeable
1959 * callback
1960 */
1961 lws_callback_on_writable(eff_wsi);
1962
1963 break;
1964
1965 case LWS_H2_FRAME_TYPE_GOAWAY:
1966 lwsl_notice("GOAWAY: last sid %u, error 0x%08X, string '%s'\n",
1967 (unsigned int)h2n->goaway_last_sid,
1968 (unsigned int)h2n->goaway_err, h2n->goaway_str);
1969
1970 return 1;
1971
1972 case LWS_H2_FRAME_TYPE_RST_STREAM:
1973 lwsl_info("LWS_H2_FRAME_TYPE_RST_STREAM: sid %u: reason 0x%x\n",
1974 (unsigned int)h2n->sid,
1975 (unsigned int)h2n->hpack_e_dep);
1976 break;
1977
1978 case LWS_H2_FRAME_TYPE_COUNT: /* IGNORING FRAME */
1979 break;
1980 }
1981
1982 return 0;
1983 }
1984
1985 /*
1986 * This may want to send something on the network wsi, which may be in the
1987 * middle of a partial send. PPS sends are OK because they are queued to
1988 * go through the WRITABLE handler already.
1989 *
1990 * The read parser for the network wsi has no choice but to parse its stream
1991 * anyway, because otherwise it will not be able to get tx credit window
1992 * messages.
1993 *
1994 * Therefore if we will send non-PPS, ie, lws_http_action() for a stream
1995 * wsi, we must change its state and handle it as a priority in the
1996 * POLLOUT handler instead of writing it here.
1997 *
1998 * About closing... for the main network wsi, it should return nonzero to
1999 * close it all. If it needs to close an swsi, it can do it here.
2000 */
2001 int
lws_h2_parser(struct lws * wsi,unsigned char * in,lws_filepos_t _inlen,lws_filepos_t * inused)2002 lws_h2_parser(struct lws *wsi, unsigned char *in, lws_filepos_t _inlen,
2003 lws_filepos_t *inused)
2004 {
2005 struct lws_h2_netconn *h2n = wsi->h2.h2n;
2006 struct lws_h2_protocol_send *pps;
2007 unsigned char c, *oldin = in, *iend = in + (size_t)_inlen;
2008 int n, m;
2009
2010 if (!h2n)
2011 goto fail;
2012
2013 while (in < iend) {
2014
2015 c = *in++;
2016
2017 switch (lwsi_state(wsi)) {
2018 case LRS_H2_AWAIT_PREFACE:
2019 if (preface[h2n->count++] != c)
2020 goto fail;
2021
2022 if (preface[h2n->count])
2023 break;
2024
2025 lwsl_info("http2: %s: established\n", lws_wsi_tag(wsi));
2026 lwsi_set_state(wsi, LRS_H2_AWAIT_SETTINGS);
2027 lws_validity_confirmed(wsi);
2028 h2n->count = 0;
2029 wsi->txc.tx_cr = 65535;
2030
2031 /*
2032 * we must send a settings frame -- empty one is OK...
2033 * that must be the first thing sent by server
2034 * and the peer must send a SETTINGS with ACK flag...
2035 */
2036 pps = lws_h2_new_pps(LWS_H2_PPS_MY_SETTINGS);
2037 if (!pps)
2038 goto fail;
2039 lws_pps_schedule(wsi, pps);
2040 break;
2041
2042 case LRS_H2_WAITING_TO_SEND_HEADERS:
2043 case LRS_ESTABLISHED:
2044 case LRS_H2_AWAIT_SETTINGS:
2045
2046 if (h2n->frame_state != LWS_H2_FRAME_HEADER_LENGTH)
2047 goto try_frame_start;
2048
2049 /*
2050 * post-header, preamble / payload / padding part
2051 */
2052 h2n->count++;
2053
2054 if (h2n->type == LWS_H2_FRAME_TYPE_COUNT) { /* IGNORING FRAME */
2055 //lwsl_debug("%s: consuming for ignored %u %u\n", __func__, (unsigned int)h2n->count, (unsigned int)h2n->length);
2056 goto frame_end;
2057 }
2058
2059
2060 if (h2n->flags & LWS_H2_FLAG_PADDED &&
2061 !h2n->pad_length) {
2062 /*
2063 * Get the padding count... actual padding is
2064 * at the end of the frame.
2065 */
2066 h2n->padding = c;
2067 h2n->pad_length = 1;
2068 h2n->preamble++;
2069
2070 if (h2n->padding > h2n->length - 1)
2071 lws_h2_goaway(wsi,
2072 H2_ERR_PROTOCOL_ERROR,
2073 "execssive padding");
2074 break; /* we consumed this */
2075 }
2076
2077 if (h2n->flags & LWS_H2_FLAG_PRIORITY &&
2078 !h2n->collected_priority) {
2079 /* going to be 5 preamble bytes */
2080
2081 lwsl_debug("PRIORITY FLAG: 0x%x\n", c);
2082
2083 if (h2n->preamble++ - h2n->pad_length < 4) {
2084 h2n->dep = ((h2n->dep) << 8) | c;
2085 break; /* we consumed this */
2086 }
2087 h2n->weight_temp = c;
2088 h2n->collected_priority = 1;
2089 lwsl_debug("PRI FL: dep 0x%x, weight 0x%02X\n",
2090 (unsigned int)h2n->dep,
2091 h2n->weight_temp);
2092 break; /* we consumed this */
2093 }
2094 if (h2n->padding && h2n->count >
2095 (h2n->length - h2n->padding)) {
2096 if (c) {
2097 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
2098 "nonzero padding");
2099 break;
2100 }
2101 goto frame_end;
2102 }
2103
2104 /* applies to wsi->h2.swsi which may be wsi */
2105 switch(h2n->type) {
2106
2107 case LWS_H2_FRAME_TYPE_SETTINGS:
2108 n = (int)(h2n->count - 1u - h2n->preamble) %
2109 LWS_H2_SETTINGS_LEN;
2110 h2n->one_setting[n] = c;
2111 if (n != LWS_H2_SETTINGS_LEN - 1)
2112 break;
2113 lws_h2_settings(wsi, &h2n->peer_set,
2114 h2n->one_setting,
2115 LWS_H2_SETTINGS_LEN);
2116 break;
2117
2118 case LWS_H2_FRAME_TYPE_CONTINUATION:
2119 case LWS_H2_FRAME_TYPE_HEADERS:
2120 if (!h2n->swsi)
2121 break;
2122 if (lws_hpack_interpret(h2n->swsi, c)) {
2123 lwsl_info("%s: hpack failed\n",
2124 __func__);
2125 goto fail;
2126 }
2127 break;
2128
2129 case LWS_H2_FRAME_TYPE_GOAWAY:
2130 switch (h2n->inside++) {
2131 case 0:
2132 case 1:
2133 case 2:
2134 case 3:
2135 h2n->goaway_last_sid <<= 8;
2136 h2n->goaway_last_sid |= c;
2137 h2n->goaway_str[0] = '\0';
2138 break;
2139
2140 case 4:
2141 case 5:
2142 case 6:
2143 case 7:
2144 h2n->goaway_err <<= 8;
2145 h2n->goaway_err |= c;
2146 break;
2147
2148 default:
2149 if (h2n->inside - 9 <
2150 sizeof(h2n->goaway_str) - 1)
2151 h2n->goaway_str[
2152 h2n->inside - 9] = (char)c;
2153 h2n->goaway_str[
2154 sizeof(h2n->goaway_str) - 1] = '\0';
2155 break;
2156 }
2157 break;
2158
2159 case LWS_H2_FRAME_TYPE_DATA:
2160
2161 // lwsl_info("%s: LWS_H2_FRAME_TYPE_DATA: fl 0x%x\n",
2162 // __func__, h2n->flags);
2163
2164 /*
2165 * let the network wsi live a bit longer if
2166 * subs are active... our frame may take a long
2167 * time to chew through
2168 */
2169 if (!wsi->immortal_substream_count)
2170 lws_set_timeout(wsi,
2171 PENDING_TIMEOUT_HTTP_KEEPALIVE_IDLE,
2172 wsi->a.vhost->keepalive_timeout ?
2173 wsi->a.vhost->keepalive_timeout : 31);
2174
2175 if (!h2n->swsi)
2176 break;
2177
2178 if (lws_buflist_next_segment_len(
2179 &h2n->swsi->buflist, NULL))
2180 lwsl_info("%s: substream has pending\n",
2181 __func__);
2182
2183 if (lwsi_role_http(h2n->swsi) &&
2184 lwsi_state(h2n->swsi) == LRS_ESTABLISHED) {
2185 lwsi_set_state(h2n->swsi, LRS_BODY);
2186 lwsl_info("%s: %s to LRS_BODY\n",
2187 __func__, lws_wsi_tag(h2n->swsi));
2188 }
2189
2190 /*
2191 * in + length may cover multiple frames, we
2192 * can only consider the length of the DATA
2193 * in front of us
2194 */
2195
2196 if (lws_hdr_total_length(h2n->swsi,
2197 WSI_TOKEN_HTTP_CONTENT_LENGTH) &&
2198 h2n->swsi->http.rx_content_length &&
2199 h2n->swsi->http.rx_content_remain <
2200 h2n->length && /* last */
2201 h2n->inside < h2n->length) {
2202
2203 lwsl_warn("%s: %lu %lu %lu %lu\n", __func__,
2204 (unsigned long)h2n->swsi->http.rx_content_remain,
2205 (unsigned long)(lws_ptr_diff_size_t(iend, in) + 1),
2206 (unsigned long)h2n->inside, (unsigned long)h2n->length);
2207
2208 /* unread data in frame */
2209 lws_h2_goaway(wsi,
2210 H2_ERR_PROTOCOL_ERROR,
2211 "More rx than content_length told");
2212 break;
2213 }
2214
2215 /*
2216 * We operate on a frame. The RX we have at
2217 * hand may exceed the current frame.
2218 */
2219
2220 n = (int)lws_ptr_diff_size_t(iend, in) + 1;
2221 if (n > (int)(h2n->length - h2n->count + 1)) {
2222 if (h2n->count > h2n->length)
2223 goto close_swsi_and_return;
2224 n = (int)(h2n->length - h2n->count) + 1;
2225 lwsl_debug("---- restricting len to %d "
2226 "\n", n);
2227 }
2228 #if defined(LWS_WITH_CLIENT)
2229 if (h2n->swsi->client_mux_substream) {
2230 if (!h2n->swsi->a.protocol) {
2231 lwsl_err("%s: %p doesn't have protocol\n",
2232 __func__, lws_wsi_tag(h2n->swsi));
2233 m = 1;
2234 } else {
2235 h2n->swsi->txc.peer_tx_cr_est -= n;
2236 wsi->txc.peer_tx_cr_est -= n;
2237 lws_wsi_txc_describe(&h2n->swsi->txc,
2238 __func__,
2239 h2n->swsi->mux.my_sid);
2240 m = user_callback_handle_rxflow(
2241 h2n->swsi->a.protocol->callback,
2242 h2n->swsi,
2243 LWS_CALLBACK_RECEIVE_CLIENT_HTTP_READ,
2244 h2n->swsi->user_space,
2245 in - 1, (unsigned int)n);
2246 }
2247
2248 in += n - 1;
2249 h2n->inside += (unsigned int)n;
2250 h2n->count += (unsigned int)n - 1;
2251
2252 if (m) {
2253 lwsl_info("RECEIVE_CLIENT_HTTP "
2254 "closed it\n");
2255 goto close_swsi_and_return;
2256 }
2257
2258 goto do_windows;
2259 }
2260 #endif
2261 if (lwsi_state(h2n->swsi) == LRS_DEFERRING_ACTION) {
2262 m = lws_buflist_append_segment(
2263 &h2n->swsi->buflist, in - 1, (unsigned int)n);
2264 if (m < 0)
2265 return -1;
2266
2267 /*
2268 * Since we're in an open-ended
2269 * DEFERRING_ACTION, don't add this swsi
2270 * to the pt list of wsi holding buflist
2271 * content yet, we are not in a position
2272 * to consume it until we get out of
2273 * DEFERRING_ACTION.
2274 */
2275
2276 in += n - 1;
2277 h2n->inside += (unsigned int)n;
2278 h2n->count += (unsigned int)n - 1;
2279
2280 lwsl_debug("%s: deferred %d\n", __func__, n);
2281 goto do_windows;
2282 }
2283
2284 h2n->swsi->outer_will_close = 1;
2285 /*
2286 * choose the length for this go so that we end at
2287 * the frame boundary, in the case there is already
2288 * more waiting leave it for next time around
2289 */
2290
2291 n = lws_read_h1(h2n->swsi, in - 1, (unsigned int)n);
2292 // lwsl_notice("%s: lws_read_h1 %d\n", __func__, n);
2293 h2n->swsi->outer_will_close = 0;
2294 /*
2295 * can return 0 in POST body with
2296 * content len exhausted somehow.
2297 */
2298 if (n < 0 ||
2299 (!n && h2n->swsi->http.content_length_given && !lws_buflist_next_segment_len(
2300 &wsi->buflist, NULL))) {
2301 lwsl_info("%s: lws_read_h1 told %d %u / %u\n",
2302 __func__, n,
2303 (unsigned int)h2n->count,
2304 (unsigned int)h2n->length);
2305 in += h2n->length - h2n->count;
2306 h2n->inside = h2n->length;
2307 h2n->count = h2n->length - 1;
2308
2309 //if (n < 0)
2310 // goto already_closed_swsi;
2311 goto close_swsi_and_return;
2312 }
2313
2314 lwsl_info("%s: lws_read_h1 telling %d %u / %u\n",
2315 __func__, n,
2316 (unsigned int)h2n->count,
2317 (unsigned int)h2n->length);
2318
2319 in += (unsigned int)n - 1;
2320 h2n->inside += (unsigned int)n;
2321 h2n->count += (unsigned int)n - 1;
2322
2323 h2n->swsi->txc.peer_tx_cr_est -= n;
2324 wsi->txc.peer_tx_cr_est -= n;
2325
2326 do_windows:
2327
2328 #if defined(LWS_WITH_CLIENT)
2329 if (!(h2n->swsi->flags & LCCSCF_H2_MANUAL_RXFLOW))
2330 #endif
2331 {
2332 /*
2333 * The default behaviour is we just keep
2334 * cranking the other side's tx credit
2335 * back up, for simple bulk transfer as
2336 * fast as we can take it
2337 */
2338
2339 m = n + 65536;
2340
2341 /* update both the stream and nwsi */
2342
2343 lws_h2_update_peer_txcredit_thresh(h2n->swsi,
2344 h2n->sid, m, m);
2345 }
2346 #if defined(LWS_WITH_CLIENT)
2347 else {
2348 /*
2349 * If he's handling it himself, only
2350 * repair the nwsi credit but allow the
2351 * stream credit to run down until the
2352 * user code deals with it
2353 */
2354 lws_h2_update_peer_txcredit(wsi, 0, n);
2355 h2n->swsi->txc.manual = 1;
2356 }
2357 #endif
2358 break;
2359
2360 case LWS_H2_FRAME_TYPE_PRIORITY:
2361 if (h2n->count <= 4) {
2362 h2n->dep <<= 8;
2363 h2n->dep |= c;
2364 break;
2365 }
2366 h2n->weight_temp = c;
2367 lwsl_info("PRIORITY: dep 0x%x, weight 0x%02X\n",
2368 (unsigned int)h2n->dep, h2n->weight_temp);
2369
2370 if ((h2n->dep & ~(1u << 31)) == h2n->sid) {
2371 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
2372 "cant depend on own sid");
2373 break;
2374 }
2375 break;
2376
2377 case LWS_H2_FRAME_TYPE_RST_STREAM:
2378 h2n->hpack_e_dep <<= 8;
2379 h2n->hpack_e_dep |= c;
2380 break;
2381
2382 case LWS_H2_FRAME_TYPE_PUSH_PROMISE:
2383 break;
2384
2385 case LWS_H2_FRAME_TYPE_PING:
2386 if (h2n->flags & LWS_H2_FLAG_SETTINGS_ACK) { // ack
2387 } else { /* they're sending us a ping request */
2388 if (h2n->count > 8)
2389 return 1;
2390 h2n->ping_payload[h2n->count - 1] = c;
2391 }
2392 break;
2393
2394 case LWS_H2_FRAME_TYPE_WINDOW_UPDATE:
2395 h2n->hpack_e_dep <<= 8;
2396 h2n->hpack_e_dep |= c;
2397 break;
2398
2399 case LWS_H2_FRAME_TYPE_COUNT: /* IGNORING FRAME */
2400 //lwsl_debug("%s: consuming for ignored %u %u\n", __func__, (unsigned int)h2n->count, (unsigned int)h2n->length);
2401 h2n->count++;
2402 break;
2403
2404 default:
2405 lwsl_notice("%s: unhandled frame type %d\n",
2406 __func__, h2n->type);
2407
2408 goto fail;
2409 }
2410
2411 frame_end:
2412 if (h2n->count > h2n->length) {
2413 lwsl_notice("%s: count > length %u %u (type %d)\n",
2414 __func__, (unsigned int)h2n->count,
2415 (unsigned int)h2n->length, h2n->type);
2416
2417 } else
2418 if (h2n->count != h2n->length)
2419 break;
2420
2421 /*
2422 * end of frame just happened
2423 */
2424 n = lws_h2_parse_end_of_frame(wsi);
2425 if (n == 2) {
2426 *inused = (lws_filepos_t)lws_ptr_diff_size_t(in, oldin);
2427
2428 return 2;
2429 }
2430 if (n)
2431 goto fail;
2432
2433 break;
2434
2435 try_frame_start:
2436 if (h2n->frame_state <= 8) {
2437
2438 switch (h2n->frame_state++) {
2439 case 0:
2440 h2n->pad_length = 0;
2441 h2n->collected_priority = 0;
2442 h2n->padding = 0;
2443 h2n->preamble = 0;
2444 h2n->length = c;
2445 h2n->inside = 0;
2446 break;
2447 case 1:
2448 case 2:
2449 h2n->length <<= 8;
2450 h2n->length |= c;
2451 break;
2452 case 3:
2453 h2n->type = c;
2454 break;
2455 case 4:
2456 h2n->flags = c;
2457 break;
2458
2459 case 5:
2460 case 6:
2461 case 7:
2462 case 8:
2463 h2n->sid <<= 8;
2464 h2n->sid |= c;
2465 break;
2466 }
2467 }
2468
2469 if (h2n->frame_state == LWS_H2_FRAME_HEADER_LENGTH &&
2470 lws_h2_parse_frame_header(wsi))
2471 goto fail;
2472 break;
2473
2474 default:
2475 if (h2n->type == LWS_H2_FRAME_TYPE_COUNT) { /* IGNORING FRAME */
2476 //lwsl_debug("%s: consuming for ignored %u %u\n", __func__, (unsigned int)h2n->count, (unsigned int)h2n->length);
2477 h2n->count++;
2478 }
2479 break;
2480 }
2481 }
2482
2483 *inused = (lws_filepos_t)lws_ptr_diff_size_t(in, oldin);
2484
2485 return 0;
2486
2487 close_swsi_and_return:
2488
2489 lws_close_free_wsi(h2n->swsi, 0, "close_swsi_and_return");
2490 h2n->swsi = NULL;
2491 h2n->frame_state = 0;
2492 h2n->count = 0;
2493
2494 // already_closed_swsi:
2495 *inused = (lws_filepos_t)lws_ptr_diff_size_t(in, oldin);
2496
2497 return 2;
2498
2499 fail:
2500 *inused = (lws_filepos_t)lws_ptr_diff_size_t(in, oldin);
2501
2502 return 1;
2503 }
2504
2505 #if defined(LWS_WITH_CLIENT)
2506 int
lws_h2_client_handshake(struct lws * wsi)2507 lws_h2_client_handshake(struct lws *wsi)
2508 {
2509 struct lws_context_per_thread *pt = &wsi->a.context->pt[(int)wsi->tsi];
2510 uint8_t *buf, *start, *p, *p1, *end;
2511 char *meth = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_METHOD),
2512 *uri = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_URI), *simp;
2513 struct lws *nwsi = lws_get_network_wsi(wsi);
2514 const char *path = "/";
2515 int n, m;
2516 /*
2517 * The identifier of a newly established stream MUST be numerically
2518 * greater than all streams that the initiating endpoint has opened or
2519 * reserved. This governs streams that are opened using a HEADERS frame
2520 * and streams that are reserved using PUSH_PROMISE. An endpoint that
2521 * receives an unexpected stream identifier MUST respond with a
2522 * connection error (Section 5.4.1) of type PROTOCOL_ERROR.
2523 */
2524 unsigned int sid = nwsi->h2.h2n->highest_sid_opened + 2;
2525
2526 lwsl_debug("%s\n", __func__);
2527
2528 /*
2529 * We MUST allocate our sid here at the point we're about to send the
2530 * stream open. It's because we don't know the order in which multiple
2531 * open streams will send their headers... in h2, sending the headers
2532 * is the point the stream is opened. The peer requires that we only
2533 * open streams in ascending sid order
2534 */
2535
2536 wsi->mux.my_sid = nwsi->h2.h2n->highest_sid_opened = sid;
2537 lwsl_info("%s: %s: assigning SID %d at header send\n", __func__,
2538 lws_wsi_tag(wsi), sid);
2539
2540
2541 lwsl_info("%s: CLIENT_WAITING_TO_SEND_HEADERS: pollout (sid %d)\n",
2542 __func__, wsi->mux.my_sid);
2543
2544 p = start = buf = pt->serv_buf + LWS_PRE;
2545 end = start + (wsi->a.context->pt_serv_buf_size / 2) - LWS_PRE - 1;
2546
2547 /* it's time for us to send our client stream headers */
2548
2549 if (!meth)
2550 meth = "GET";
2551
2552 /* h2 pseudoheaders must be in a bunch at the start */
2553
2554 if (lws_add_http_header_by_token(wsi,
2555 WSI_TOKEN_HTTP_COLON_METHOD,
2556 (unsigned char *)meth,
2557 (int)strlen(meth), &p, end))
2558 goto fail_length;
2559
2560 if (lws_add_http_header_by_token(wsi,
2561 WSI_TOKEN_HTTP_COLON_SCHEME,
2562 (unsigned char *)"https", 5,
2563 &p, end))
2564 goto fail_length;
2565
2566
2567 n = lws_hdr_total_length(wsi, _WSI_TOKEN_CLIENT_URI);
2568 if (n)
2569 path = uri;
2570 else
2571 if (wsi->stash && wsi->stash->cis[CIS_PATH]) {
2572 path = wsi->stash->cis[CIS_PATH];
2573 n = (int)strlen(path);
2574 } else
2575 n = 1;
2576
2577 if (n > 1 && path[0] == '/' && path[1] == '/') {
2578 path++;
2579 n--;
2580 }
2581
2582 if (n && lws_add_http_header_by_token(wsi,
2583 WSI_TOKEN_HTTP_COLON_PATH,
2584 (unsigned char *)path, n, &p, end))
2585 goto fail_length;
2586
2587 n = lws_hdr_total_length(wsi, _WSI_TOKEN_CLIENT_HOST);
2588 simp = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_HOST);
2589 if (!n && wsi->stash && wsi->stash->cis[CIS_ADDRESS]) {
2590 n = (int)strlen(wsi->stash->cis[CIS_ADDRESS]);
2591 simp = wsi->stash->cis[CIS_ADDRESS];
2592 }
2593
2594 // n = lws_hdr_total_length(wsi, _WSI_TOKEN_CLIENT_ORIGIN);
2595 // simp = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_ORIGIN);
2596 #if 0
2597 if (n && simp && lws_add_http_header_by_token(wsi,
2598 WSI_TOKEN_HTTP_COLON_AUTHORITY,
2599 (unsigned char *)simp, n, &p, end))
2600 goto fail_length;
2601 #endif
2602
2603
2604 if (/*!wsi->client_h2_alpn && */n && simp &&
2605 lws_add_http_header_by_token(wsi, WSI_TOKEN_HOST,
2606 (unsigned char *)simp, n, &p, end))
2607 goto fail_length;
2608
2609
2610 if (wsi->flags & LCCSCF_HTTP_MULTIPART_MIME) {
2611 p1 = lws_http_multipart_headers(wsi, p);
2612 if (!p1)
2613 goto fail_length;
2614 p = p1;
2615 }
2616
2617 if (wsi->flags & LCCSCF_HTTP_X_WWW_FORM_URLENCODED) {
2618 if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CONTENT_TYPE,
2619 (unsigned char *)"application/x-www-form-urlencoded",
2620 33, &p, end))
2621 goto fail_length;
2622 lws_client_http_body_pending(wsi, 1);
2623 }
2624
2625 /* give userland a chance to append, eg, cookies */
2626
2627 #if defined(LWS_WITH_CACHE_NSCOOKIEJAR) && defined(LWS_WITH_CLIENT)
2628 if (wsi->flags & LCCSCF_CACHE_COOKIES)
2629 lws_cookie_send_cookies(wsi, (char **)&p, (char *)end);
2630 #endif
2631
2632 if (wsi->a.protocol->callback(wsi,
2633 LWS_CALLBACK_CLIENT_APPEND_HANDSHAKE_HEADER,
2634 wsi->user_space, &p, lws_ptr_diff_size_t(end, p) - 12))
2635 goto fail_length;
2636
2637 if (lws_finalize_http_header(wsi, &p, end))
2638 goto fail_length;
2639
2640 m = LWS_WRITE_HTTP_HEADERS;
2641 #if defined(LWS_WITH_CLIENT)
2642 /* below is not needed in spec, indeed it destroys the long poll
2643 * feature, but required by nghttp2 */
2644 if ((wsi->flags & LCCSCF_H2_QUIRK_NGHTTP2_END_STREAM) &&
2645 !(wsi->client_http_body_pending || lws_has_buffered_out(wsi)))
2646 m |= LWS_WRITE_H2_STREAM_END;
2647 #endif
2648
2649 // lwsl_hexdump_notice(start, p - start);
2650
2651 n = lws_write(wsi, start, lws_ptr_diff_size_t(p, start), (enum lws_write_protocol)m);
2652
2653 if (n != lws_ptr_diff(p, start)) {
2654 lwsl_err("_write returned %d from %ld\n", n,
2655 (long)(p - start));
2656 return -1;
2657 }
2658
2659 /*
2660 * Normally let's charge up the peer tx credit a bit. But if
2661 * MANUAL_REFLOW is set, just set it to the initial credit given in
2662 * the client create info
2663 */
2664
2665 n = 4 * 65536;
2666 if (wsi->flags & LCCSCF_H2_MANUAL_RXFLOW) {
2667 n = wsi->txc.manual_initial_tx_credit;
2668 wsi->txc.manual = 1;
2669 }
2670
2671 if (lws_h2_update_peer_txcredit(wsi, wsi->mux.my_sid, n))
2672 return 1;
2673
2674 lws_h2_state(wsi, LWS_H2_STATE_OPEN);
2675 lwsi_set_state(wsi, LRS_ESTABLISHED);
2676
2677 if (wsi->flags & LCCSCF_HTTP_MULTIPART_MIME)
2678 lws_callback_on_writable(wsi);
2679
2680 return 0;
2681
2682 fail_length:
2683 lwsl_err("Client hdrs too long: incr context info.pt_serv_buf_size\n");
2684
2685 return -1;
2686 }
2687 #endif
2688
2689 #if defined(LWS_ROLE_WS) && defined(LWS_WITH_SERVER)
2690 int
lws_h2_ws_handshake(struct lws * wsi)2691 lws_h2_ws_handshake(struct lws *wsi)
2692 {
2693 uint8_t buf[LWS_PRE + 2048], *p = buf + LWS_PRE, *start = p,
2694 *end = &buf[sizeof(buf) - 1];
2695 const struct lws_http_mount *hit;
2696 const char * uri_ptr;
2697 size_t m;
2698 int n;
2699
2700 if (lws_add_http_header_status(wsi, HTTP_STATUS_OK, &p, end))
2701 return -1;
2702
2703 if (lws_hdr_total_length(wsi, WSI_TOKEN_PROTOCOL) > 64)
2704 return -1;
2705
2706 if (wsi->proxied_ws_parent && wsi->child_list) {
2707 if (lws_hdr_simple_ptr(wsi, WSI_TOKEN_PROTOCOL)) {
2708 if (lws_add_http_header_by_token(wsi, WSI_TOKEN_PROTOCOL,
2709 (uint8_t *)lws_hdr_simple_ptr(wsi,
2710 WSI_TOKEN_PROTOCOL),
2711 (int)strlen(lws_hdr_simple_ptr(wsi,
2712 WSI_TOKEN_PROTOCOL)),
2713 &p, end))
2714 return -1;
2715 }
2716 } else {
2717
2718 /* we can only return the protocol header if:
2719 * - one came in, and ... */
2720 if (lws_hdr_total_length(wsi, WSI_TOKEN_PROTOCOL) &&
2721 /* - it is not an empty string */
2722 wsi->a.protocol->name && wsi->a.protocol->name[0]) {
2723
2724 #if defined(LWS_WITH_SECURE_STREAMS) && defined(LWS_WITH_SERVER)
2725
2726 /*
2727 * This is the h2 version of server-ws.c understanding that it
2728 * did the ws upgrade on a ss server object, therefore it needs
2729 * to pass back to the peer the policy ws-protocol name, not
2730 * the generic ss-ws.c protocol name
2731 */
2732
2733 if (wsi->a.vhost && wsi->a.vhost->ss_handle &&
2734 wsi->a.vhost->ss_handle->policy->u.http.u.ws.subprotocol) {
2735 lws_ss_handle_t *h =
2736 (lws_ss_handle_t *)wsi->a.opaque_user_data;
2737
2738 lwsl_notice("%s: Server SS %s .wsi %s switching to ws protocol\n",
2739 __func__, lws_ss_tag(h), lws_wsi_tag(h->wsi));
2740
2741 wsi->a.protocol = &protocol_secstream_ws;
2742
2743 /*
2744 * inform the SS user code that this has done a one-way
2745 * upgrade to some other protocol... it will likely
2746 * want to treat subsequent payloads differently
2747 */
2748
2749 lws_ss_event_helper(h, LWSSSCS_SERVER_UPGRADE);
2750
2751 lws_mux_mark_immortal(wsi);
2752
2753 if (lws_add_http_header_by_token(wsi, WSI_TOKEN_PROTOCOL,
2754 (unsigned char *)wsi->a.vhost->ss_handle->policy->
2755 u.http.u.ws.subprotocol,
2756 (int)strlen(wsi->a.vhost->ss_handle->policy->
2757 u.http.u.ws.subprotocol), &p, end))
2758 return -1;
2759 } else
2760 #endif
2761
2762 if (lws_add_http_header_by_token(wsi, WSI_TOKEN_PROTOCOL,
2763 (unsigned char *)wsi->a.protocol->name,
2764 (int)strlen(wsi->a.protocol->name), &p, end))
2765 return -1;
2766 }
2767 }
2768
2769 if (lws_finalize_http_header(wsi, &p, end))
2770 return -1;
2771
2772 m = lws_ptr_diff_size_t(p, start);
2773 // lwsl_hexdump_notice(start, m);
2774 n = lws_write(wsi, start, m, LWS_WRITE_HTTP_HEADERS);
2775 if (n != (int)m) {
2776 lwsl_err("_write returned %d from %d\n", n, (int)m);
2777
2778 return -1;
2779 }
2780
2781 /*
2782 * alright clean up, set our state to generic ws established, the
2783 * mode / state of the nwsi will get the h2 processing done.
2784 */
2785
2786 lwsi_set_state(wsi, LRS_ESTABLISHED);
2787 wsi->lws_rx_parse_state = 0; // ==LWS_RXPS_NEW;
2788
2789 uri_ptr = lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_COLON_PATH);
2790 n = lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_COLON_PATH);
2791 hit = lws_find_mount(wsi, uri_ptr, n);
2792
2793 if (hit && hit->cgienv &&
2794 wsi->a.protocol->callback(wsi, LWS_CALLBACK_HTTP_PMO, wsi->user_space,
2795 (void *)hit->cgienv, 0))
2796 return 1;
2797
2798 lws_validity_confirmed(wsi);
2799
2800 return 0;
2801 }
2802 #endif
2803
2804 int
lws_read_h2(struct lws * wsi,unsigned char * buf,lws_filepos_t len)2805 lws_read_h2(struct lws *wsi, unsigned char *buf, lws_filepos_t len)
2806 {
2807 unsigned char *oldbuf = buf;
2808 lws_filepos_t body_chunk_len;
2809
2810 // lwsl_notice("%s: h2 path: wsistate 0x%x len %d\n", __func__,
2811 // wsi->wsistate, (int)len);
2812
2813 /*
2814 * wsi here is always the network connection wsi, not a stream
2815 * wsi. Once we unpicked the framing we will find the right
2816 * swsi and make it the target of the frame.
2817 *
2818 * If it's ws over h2, the nwsi will get us here to do the h2
2819 * processing, and that will call us back with the swsi +
2820 * ESTABLISHED state for the inner payload, handled in a later
2821 * case.
2822 */
2823 while (len) {
2824 int m;
2825
2826 /*
2827 * we were accepting input but now we stopped doing so
2828 */
2829 if (lws_is_flowcontrolled(wsi)) {
2830 lws_rxflow_cache(wsi, buf, 0, (size_t)len);
2831 buf += len;
2832 break;
2833 }
2834
2835 /*
2836 * lws_h2_parser() may send something; when it gets the
2837 * whole frame, it will want to perform some action
2838 * involving a reply. But we may be in a partial send
2839 * situation on the network wsi...
2840 *
2841 * Even though we may be in a partial send and unable to
2842 * send anything new, we still have to parse the network
2843 * wsi in order to gain tx credit to send, which is
2844 * potentially necessary to clear the old partial send.
2845 *
2846 * ALL network wsi-specific frames are sent by PPS
2847 * already, these are sent as a priority on the writable
2848 * handler, and so respect partial sends. The only
2849 * problem is when a stream wsi wants to send an, eg,
2850 * reply headers frame in response to the parsing
2851 * we will do now... the *stream wsi* must stall in a
2852 * different state until it is able to do so from a
2853 * priority on the WRITABLE callback, same way that
2854 * file transfers operate.
2855 */
2856
2857 m = lws_h2_parser(wsi, buf, len, &body_chunk_len);
2858 if (m && m != 2) {
2859 lwsl_debug("%s: http2_parser bail: %d\n", __func__, m);
2860 lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS,
2861 "lws_read_h2 bail");
2862
2863 return -1;
2864 }
2865 if (m == 2) {
2866 /* swsi has been closed */
2867 buf += body_chunk_len;
2868 break;
2869 }
2870
2871 buf += body_chunk_len;
2872 len -= body_chunk_len;
2873 }
2874
2875 return lws_ptr_diff(buf, oldbuf);
2876 }
2877
2878 int
lws_h2_client_stream_long_poll_rxonly(struct lws * wsi)2879 lws_h2_client_stream_long_poll_rxonly(struct lws *wsi)
2880 {
2881
2882 if (!wsi->mux_substream)
2883 return 1;
2884
2885 /*
2886 * Elect to send an empty DATA with END_STREAM, to force the stream
2887 * into HALF_CLOSED LOCAL
2888 */
2889 wsi->h2.long_poll = 1;
2890 wsi->h2.send_END_STREAM = 1;
2891
2892 // lws_header_table_detach(wsi, 0);
2893
2894 lws_callback_on_writable(wsi);
2895
2896 return 0;
2897 }
2898