53047392 | 19-Jul-2016 |
Daniel P. Berrange <berrange@redhat.com> |
io: introduce a network socket listener API
The existing QIOChannelSocket class provides the ability to listen on a single socket at a time. This patch introduces a QIONetListener class that provide
io: introduce a network socket listener API
The existing QIOChannelSocket class provides the ability to listen on a single socket at a time. This patch introduces a QIONetListener class that provides a higher level API concept around listening for network services, allowing for listening on multiple sockets.
Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
show more ...
|
52aa5644 | 07-Oct-2017 |
Stefan Weil <sw@weilnetz.de> |
io: Add missing GCC_FMT_ATTR (fix -Werror=suggest-attribute=format)
This fixes a compiler warning:
/qemu/io/channel-websock.c:163:5: error: function might be possible candidate for ‘gnu_printf’ fo
io: Add missing GCC_FMT_ATTR (fix -Werror=suggest-attribute=format)
This fixes a compiler warning:
/qemu/io/channel-websock.c:163:5: error: function might be possible candidate for ‘gnu_printf’ format attribute [-Werror=suggest-attribute=format]
Signed-off-by: Stefan Weil <sw@weilnetz.de> Acked-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
show more ...
|
7fc3fcef | 11-Oct-2017 |
Daniel P. Berrange <berrange@redhat.com> |
io: fix mem leak in websock error path
Coverity pointed out the 'date' is not free()d in the error path
Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redha
io: fix mem leak in websock error path
Coverity pointed out the 'date' is not free()d in the error path
Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
show more ...
|
0efd6c9e | 10-Oct-2017 |
Daniel P. Berrange <berrange@redhat.com> |
io: add trace points for websocket HTTP protocol headers
Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com> |
6d5d23b0 | 09-Oct-2017 |
Daniel P. Berrange <berrange@redhat.com> |
io: cope with websock 'Connection' header having multiple values
The noVNC server sends a header "Connection: keep-alive, Upgrade" which fails our simple equality test. Split the header on ',', trim
io: cope with websock 'Connection' header having multiple values
The noVNC server sends a header "Connection: keep-alive, Upgrade" which fails our simple equality test. Split the header on ',', trim whitespace and then check for 'upgrade' token.
Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
show more ...
|
8dfd5f96 | 09-Oct-2017 |
Daniel P. Berrange <berrange@redhat.com> |
io: get rid of bounce buffering in websock write path
Currently most outbound I/O on the websock channel gets copied into the rawoutput buffer, and then immediately copied again into the encoutput b
io: get rid of bounce buffering in websock write path
Currently most outbound I/O on the websock channel gets copied into the rawoutput buffer, and then immediately copied again into the encoutput buffer, with a header prepended. Now that qio_channel_websock_encode accepts a struct iovec, we can trivially remove this bounce buffering and write directly to encoutput.
In doing so, we also now correctly validate the encoutput size against the QIO_CHANNEL_WEBSOCK_MAX_BUFFER limit.
Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
show more ...
|
fb74e590 | 09-Oct-2017 |
Daniel P. Berrange <berrange@redhat.com> |
io: pass a struct iovec into qio_channel_websock_encode
Instead of requiring use of another Buffer, pass a struct iovec into qio_channel_websock_encode, which gives callers more flexibility in how t
io: pass a struct iovec into qio_channel_websock_encode
Instead of requiring use of another Buffer, pass a struct iovec into qio_channel_websock_encode, which gives callers more flexibility in how they process data.
Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
show more ...
|
bac6c954 | 09-Oct-2017 |
Daniel P. Berrange <berrange@redhat.com> |
io: get rid of qio_channel_websock_encode helper method
The qio_channel_websock_encode method is only used in one place, everything else calls qio_channel_websock_encode_buffer directly. It can also
io: get rid of qio_channel_websock_encode helper method
The qio_channel_websock_encode method is only used in one place, everything else calls qio_channel_websock_encode_buffer directly. It can also be pushed up a level into the qio_channel_websock_writev method, since every other caller of qio_channel_websock_write_wire has already filled encoutput.
Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
show more ...
|
57b0cdf1 | 09-Oct-2017 |
Daniel P. Berrange <berrange@redhat.com> |
io: simplify websocket ping reply handling
We must ensure we don't get flooded with ping replies if the outbound channel is slow. Currently we do this by keeping the ping reply in a separate tempora
io: simplify websocket ping reply handling
We must ensure we don't get flooded with ping replies if the outbound channel is slow. Currently we do this by keeping the ping reply in a separate temporary buffer and only writing it if the encoutput buffer is completely empty. This is overly pessimistic, as it is reasonable to add a ping reply to the encoutput buffer even if it has previous data in it, as long as that previous data doesn't include a ping reply.
To track this better, put the ping reply directly into the encoutput buffer, and then record the size of encoutput at this time in pong_remain. As we write encoutput to the underlying channel, we can decrement the pong_remain counter. Once it hits zero, we can accept further ping replies for transmission.
Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
show more ...
|
a7b20a8e | 09-Oct-2017 |
Daniel P. Berrange <berrange@redhat.com> |
io: monitor encoutput buffer size from websocket GSource
The websocket GSource is monitoring the size of the rawoutput buffer to determine if the channel can accepts more writes. The rawoutput buffe
io: monitor encoutput buffer size from websocket GSource
The websocket GSource is monitoring the size of the rawoutput buffer to determine if the channel can accepts more writes. The rawoutput buffer, however, is merely a temporary staging buffer before data is copied into the encoutput buffer. Thus its size will always be zero when the GSource runs.
This flaw causes the encoutput buffer to grow without bound if the other end of the underlying data channel doesn't read data being sent. This can be seen with VNC if a client is on a slow WAN link and the guest OS is sending many screen updates. A malicious VNC client can act like it is on a slow link by playing a video in the guest and then reading data very slowly, causing QEMU host memory to expand arbitrarily.
This issue is assigned CVE-2017-15268, publically reported in
https://bugs.launchpad.net/qemu/+bug/1718964
Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
show more ...
|
59f183bb | 21-Sep-2017 |
Daniel P. Berrange <berrange@redhat.com> |
io: add trace events for websockets frame handling
It is useful to trace websockets frame encoding/decoding when debugging problems.
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by
io: add trace events for websockets frame handling
It is useful to trace websockets frame encoding/decoding when debugging problems.
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
show more ...
|
530ca60c | 12-Sep-2017 |
Brandon Carpenter <brandon.carpenter@cypherpath.com> |
io: Attempt to send websocket close messages to client
Make a best effort attempt to close websocket connections according to the RFC. Sends the close message, as room permits in the socket buffer,
io: Attempt to send websocket close messages to client
Make a best effort attempt to close websocket connections according to the RFC. Sends the close message, as room permits in the socket buffer, and immediately closes the socket.
Signed-off-by: Brandon Carpenter <brandon.carpenter@cypherpath.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
show more ...
|
268a53f5 | 12-Sep-2017 |
Brandon Carpenter <brandon.carpenter@cypherpath.com> |
io: Reply to ping frames
Add an immediate ping reply (pong) to the outgoing stream when a ping is received. Unsolicited pongs are ignored.
Signed-off-by: Brandon Carpenter <brandon.carpenter@cypher
io: Reply to ping frames
Add an immediate ping reply (pong) to the outgoing stream when a ping is received. Unsolicited pongs are ignored.
Signed-off-by: Brandon Carpenter <brandon.carpenter@cypherpath.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
show more ...
|
01af17fc | 12-Sep-2017 |
Brandon Carpenter <brandon.carpenter@cypherpath.com> |
io: Ignore websocket PING and PONG frames
Keep pings and gratuitous pongs generated by web browsers from killing websocket connections.
Signed-off-by: Brandon Carpenter <brandon.carpenter@cypherpat
io: Ignore websocket PING and PONG frames
Keep pings and gratuitous pongs generated by web browsers from killing websocket connections.
Signed-off-by: Brandon Carpenter <brandon.carpenter@cypherpath.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
show more ...
|
3a29640e | 12-Sep-2017 |
Brandon Carpenter <brandon.carpenter@cypherpath.com> |
io: Allow empty websocket payload
Some browsers send pings/pongs with no payload, so allow empty payloads instead of closing the connection.
Signed-off-by: Brandon Carpenter <brandon.carpenter@cyph
io: Allow empty websocket payload
Some browsers send pings/pongs with no payload, so allow empty payloads instead of closing the connection.
Signed-off-by: Brandon Carpenter <brandon.carpenter@cypherpath.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
show more ...
|
ff1300e6 | 12-Sep-2017 |
Brandon Carpenter <brandon.carpenter@cypherpath.com> |
io: Add support for fragmented websocket binary frames
Allows fragmented binary frames by saving the previous opcode. Handles the case where an intermediary (i.e., web proxy) fragments frames origin
io: Add support for fragmented websocket binary frames
Allows fragmented binary frames by saving the previous opcode. Handles the case where an intermediary (i.e., web proxy) fragments frames originally sent unfragmented by the client.
Signed-off-by: Brandon Carpenter <brandon.carpenter@cypherpath.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
show more ...
|
eefa3d8e | 12-Sep-2017 |
Brandon Carpenter <brandon.carpenter@cypherpath.com> |
io: Small updates in preparation for websocket changes
Gets rid of unnecessary bit shifting and performs proper EOF checking to avoid a large number of repeated calls to recvmsg() when a client abru
io: Small updates in preparation for websocket changes
Gets rid of unnecessary bit shifting and performs proper EOF checking to avoid a large number of repeated calls to recvmsg() when a client abruptly terminates a connection (bug fix).
Signed-off-by: Brandon Carpenter <brandon.carpenter@cypherpath.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
show more ...
|
33badfd1 | 06-Sep-2017 |
Daniel P. Berrange <berrange@redhat.com> |
io: use case insensitive check for Connection & Upgrade websock headers
When checking the value of the Connection and Upgrade HTTP headers the websock RFC (6455) requires the comparison to be case i
io: use case insensitive check for Connection & Upgrade websock headers
When checking the value of the Connection and Upgrade HTTP headers the websock RFC (6455) requires the comparison to be case insensitive. The Connection value should be an exact match not a substring.
Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
show more ...
|
3a3f8705 | 06-Sep-2017 |
Daniel P. Berrange <berrange@redhat.com> |
io: include full error message in websocket handshake trace
When the websocket handshake fails it is useful to log the real error message via the trace points for debugging purposes.
Fixes bug: #17
io: include full error message in websocket handshake trace
When the websocket handshake fails it is useful to log the real error message via the trace points for debugging purposes.
Fixes bug: #1715186
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
show more ...
|
f69a8bde | 06-Sep-2017 |
Daniel P. Berrange <berrange@redhat.com> |
io: send proper HTTP response for websocket errors
When any error occurs while processing the websockets handshake, QEMU just terminates the connection abruptly. This is in violation of the HTTP spe
io: send proper HTTP response for websocket errors
When any error occurs while processing the websockets handshake, QEMU just terminates the connection abruptly. This is in violation of the HTTP specs and does not help the client understand what they did wrong. This is particularly bad when the client gives the wrong path, as a "404 Not Found" would be very helpful.
Refactor the handshake code so that it always sends a response to the client unless there was an I/O error.
Fixes bug: #1715186
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
show more ...
|
e8ffaa31 | 05-Sep-2017 |
Eric Blake <eblake@redhat.com> |
io: Add new qio_channel_read{, v}_all_eof functions
Some callers want to distinguish between clean EOF (no bytes read) vs. a short read (at least one byte read, but EOF encountered before reaching t
io: Add new qio_channel_read{, v}_all_eof functions
Some callers want to distinguish between clean EOF (no bytes read) vs. a short read (at least one byte read, but EOF encountered before reaching the desired length), as it allows clients the ability to do a graceful shutdown when a server shuts down at defined safe points in the protocol, rather than treating all shutdown scenarios as an error due to EOF. However, we don't want to require all callers to have to check for early EOF. So add another wrapper function that can be used by the callers that care about the distinction.
Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <20170905191114.5959-3-eblake@redhat.com> Acked-by: Daniel P. Berrange <berrange@redhat.com>
show more ...
|
9ffb8270 | 05-Sep-2017 |
Eric Blake <eblake@redhat.com> |
io: Yield rather than wait when already in coroutine
The new qio_channel_{read,write}{,v}_all functions are documented as yielding until data is available. When used on a blocking channel, this yie
io: Yield rather than wait when already in coroutine
The new qio_channel_{read,write}{,v}_all functions are documented as yielding until data is available. When used on a blocking channel, this yield is done via qio_channel_wait() which spawns a nested event loop under the hood (so it is that secondary loop which yields as needed); but if we are already in a coroutine (at which point QIO_CHANNEL_ERR_BLOCK is only possible if we are a non-blocking channel), we want to yield the current coroutine instead of spawning a nested event loop.
Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <20170905191114.5959-2-eblake@redhat.com> Acked-by: Daniel P. Berrange <berrange@redhat.com> [commit message updated] Signed-off-by: Eric Blake <eblake@redhat.com>
show more ...
|
d4622e55 | 30-Aug-2017 |
Daniel P. Berrange <berrange@redhat.com> |
io: add new qio_channel_{readv, writev, read, write}_all functions
These functions wait until they are able to read / write the full requested data buffer(s).
Reviewed-by: Eric Blake <eblake@redhat
io: add new qio_channel_{readv, writev, read, write}_all functions
These functions wait until they are able to read / write the full requested data buffer(s).
Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
show more ...
|
b2587932 | 16-Jun-2017 |
Cao jin <caoj.fnst@cn.fujitsu.com> |
util: remove the obsolete non-blocking connect
The non-blocking connect mechanism is obsolete, and it doesn't work well in inet connection, because it will call getaddrinfo first and getaddrinfo wil
util: remove the obsolete non-blocking connect
The non-blocking connect mechanism is obsolete, and it doesn't work well in inet connection, because it will call getaddrinfo first and getaddrinfo will blocks on DNS lookups. Since commit e65c67e4 & d984464e, the non-blocking connect of migration goes through QIOChannel in a different manner(using a thread), and nobody use this old non-blocking connect anymore.
Any newly written code which needs a non-blocking connect should use the QIOChannel code, so we can drop NonBlockingConnectHandler as a concept entirely.
Suggested-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com> Signed-off-by: Mao Zhongyi <maozy.fnst@cn.fujitsu.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
show more ...
|
8bd9c4e6 | 02-Aug-2017 |
Peter Xu <peterx@redhat.com> |
io: fix qio_channel_socket_accept err handling
When accept failed, we should setup errp with the reason. More importantly, the caller may assume errp be non-NULL when error happens, and not setting
io: fix qio_channel_socket_accept err handling
When accept failed, we should setup errp with the reason. More importantly, the caller may assume errp be non-NULL when error happens, and not setting the errp may crash QEMU.
At the same time, move the trace_qio_channel_socket_accept_fail() after the if check on EINTR. Two reasons:
1. when EINTR happened, it's not really a fault (we should just try again), so we should not log with an "accept failure".
2. trace_*() functions may overwrite errno, then the old errno will be missing. We need to either check errno before trace_*() calls, or reserve the errno.
Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <1501666880-10159-3-git-send-email-peterx@redhat.com> Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
show more ...
|