1 /*
2 * libwebsockets - small server side websockets and web server implementation
3 *
4 * Copyright (C) 2010 - 2019 Andy Green <andy@warmcat.com>
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to
8 * deal in the Software without restriction, including without limitation the
9 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10 * sell copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22 * IN THE SOFTWARE.
23 */
24
25 #include "private-lib-core.h"
26
27 /*
28 * bitmap of control messages that are valid to receive for each http2 state
29 */
30
31 static const uint16_t http2_rx_validity[] = {
32 /* LWS_H2S_IDLE */
33 (1 << LWS_H2_FRAME_TYPE_SETTINGS) |
34 (1 << LWS_H2_FRAME_TYPE_PRIORITY) |
35 // (1 << LWS_H2_FRAME_TYPE_WINDOW_UPDATE)| /* ignore */
36 (1 << LWS_H2_FRAME_TYPE_HEADERS) |
37 (1 << LWS_H2_FRAME_TYPE_CONTINUATION),
38 /* LWS_H2S_RESERVED_LOCAL */
39 (1 << LWS_H2_FRAME_TYPE_SETTINGS) |
40 (1 << LWS_H2_FRAME_TYPE_RST_STREAM) |
41 (1 << LWS_H2_FRAME_TYPE_PRIORITY) |
42 (1 << LWS_H2_FRAME_TYPE_WINDOW_UPDATE),
43 /* LWS_H2S_RESERVED_REMOTE */
44 (1 << LWS_H2_FRAME_TYPE_SETTINGS) |
45 (1 << LWS_H2_FRAME_TYPE_HEADERS) |
46 (1 << LWS_H2_FRAME_TYPE_CONTINUATION) |
47 (1 << LWS_H2_FRAME_TYPE_RST_STREAM) |
48 (1 << LWS_H2_FRAME_TYPE_PRIORITY),
49 /* LWS_H2S_OPEN */
50 (1 << LWS_H2_FRAME_TYPE_DATA) |
51 (1 << LWS_H2_FRAME_TYPE_HEADERS) |
52 (1 << LWS_H2_FRAME_TYPE_PRIORITY) |
53 (1 << LWS_H2_FRAME_TYPE_RST_STREAM) |
54 (1 << LWS_H2_FRAME_TYPE_SETTINGS) |
55 (1 << LWS_H2_FRAME_TYPE_PUSH_PROMISE) |
56 (1 << LWS_H2_FRAME_TYPE_PING) |
57 (1 << LWS_H2_FRAME_TYPE_GOAWAY) |
58 (1 << LWS_H2_FRAME_TYPE_WINDOW_UPDATE) |
59 (1 << LWS_H2_FRAME_TYPE_CONTINUATION),
60 /* LWS_H2S_HALF_CLOSED_REMOTE */
61 (1 << LWS_H2_FRAME_TYPE_SETTINGS) |
62 (1 << LWS_H2_FRAME_TYPE_WINDOW_UPDATE) |
63 (1 << LWS_H2_FRAME_TYPE_PRIORITY) |
64 (1 << LWS_H2_FRAME_TYPE_RST_STREAM),
65 /* LWS_H2S_HALF_CLOSED_LOCAL */
66 (1 << LWS_H2_FRAME_TYPE_DATA) |
67 (1 << LWS_H2_FRAME_TYPE_HEADERS) |
68 (1 << LWS_H2_FRAME_TYPE_PRIORITY) |
69 (1 << LWS_H2_FRAME_TYPE_RST_STREAM) |
70 (1 << LWS_H2_FRAME_TYPE_SETTINGS) |
71 (1 << LWS_H2_FRAME_TYPE_PUSH_PROMISE) |
72 (1 << LWS_H2_FRAME_TYPE_PING) |
73 (1 << LWS_H2_FRAME_TYPE_GOAWAY) |
74 (1 << LWS_H2_FRAME_TYPE_WINDOW_UPDATE) |
75 (1 << LWS_H2_FRAME_TYPE_CONTINUATION),
76 /* LWS_H2S_CLOSED */
77 (1 << LWS_H2_FRAME_TYPE_SETTINGS) |
78 (1 << LWS_H2_FRAME_TYPE_PRIORITY) |
79 (1 << LWS_H2_FRAME_TYPE_WINDOW_UPDATE) |
80 (1 << LWS_H2_FRAME_TYPE_RST_STREAM),
81 };
82
83 static const char *preface = "PRI * HTTP/2.0\x0d\x0a\x0d\x0aSM\x0d\x0a\x0d\x0a";
84
85 static const char * const h2_state_names[] = {
86 "LWS_H2S_IDLE",
87 "LWS_H2S_RESERVED_LOCAL",
88 "LWS_H2S_RESERVED_REMOTE",
89 "LWS_H2S_OPEN",
90 "LWS_H2S_HALF_CLOSED_REMOTE",
91 "LWS_H2S_HALF_CLOSED_LOCAL",
92 "LWS_H2S_CLOSED",
93 };
94
95 #if 0
96 static const char * const h2_setting_names[] = {
97 "",
98 "H2SET_HEADER_TABLE_SIZE",
99 "H2SET_ENABLE_PUSH",
100 "H2SET_MAX_CONCURRENT_STREAMS",
101 "H2SET_INITIAL_WINDOW_SIZE",
102 "H2SET_MAX_FRAME_SIZE",
103 "H2SET_MAX_HEADER_LIST_SIZE",
104 "reserved",
105 "H2SET_ENABLE_CONNECT_PROTOCOL"
106 };
107
108 void
109 lws_h2_dump_settings(struct http2_settings *set)
110 {
111 int n;
112
113 for (n = 1; n < H2SET_COUNT; n++)
114 lwsl_notice(" %30s: %10d\n", h2_setting_names[n], set->s[n]);
115 }
116 #else
117 void
lws_h2_dump_settings(struct http2_settings * set)118 lws_h2_dump_settings(struct http2_settings *set)
119 {
120 }
121 #endif
122
123 struct lws_h2_protocol_send *
lws_h2_new_pps(enum lws_h2_protocol_send_type type)124 lws_h2_new_pps(enum lws_h2_protocol_send_type type)
125 {
126 struct lws_h2_protocol_send *pps = lws_malloc(sizeof(*pps), "pps");
127
128 if (pps)
129 pps->type = type;
130
131 return pps;
132 }
133
lws_h2_init(struct lws * wsi)134 void lws_h2_init(struct lws *wsi)
135 {
136 wsi->h2.h2n->our_set = wsi->a.vhost->h2.set;
137 wsi->h2.h2n->peer_set = lws_h2_defaults;
138 }
139
140 void
lws_h2_state(struct lws * wsi,enum lws_h2_states s)141 lws_h2_state(struct lws *wsi, enum lws_h2_states s)
142 {
143 if (!wsi)
144 return;
145 lwsl_info("%s: %s: state %s -> %s\n", __func__, lws_wsi_tag(wsi),
146 h2_state_names[wsi->h2.h2_state],
147 h2_state_names[s]);
148
149 (void)h2_state_names;
150 wsi->h2.h2_state = (uint8_t)s;
151 }
152
153 int
lws_h2_update_peer_txcredit(struct lws * wsi,unsigned int sid,int bump)154 lws_h2_update_peer_txcredit(struct lws *wsi, unsigned int sid, int bump)
155 {
156 struct lws *nwsi = lws_get_network_wsi(wsi);
157 struct lws_h2_protocol_send *pps;
158
159 assert(wsi);
160
161 if (!bump)
162 return 0;
163
164 if (sid == (unsigned int)-1)
165 sid = wsi->mux.my_sid;
166
167 lwsl_info("%s: sid %d: bump %d -> %d\n", __func__, sid, bump,
168 (int)wsi->txc.peer_tx_cr_est + bump);
169
170 pps = lws_h2_new_pps(LWS_H2_PPS_UPDATE_WINDOW);
171 if (!pps)
172 return 1;
173
174 pps->u.update_window.sid = (unsigned int)sid;
175 pps->u.update_window.credit = (unsigned int)bump;
176 wsi->txc.peer_tx_cr_est += bump;
177
178 lws_wsi_txc_describe(&wsi->txc, __func__, wsi->mux.my_sid);
179
180 lws_pps_schedule(wsi, pps);
181
182 pps = lws_h2_new_pps(LWS_H2_PPS_UPDATE_WINDOW);
183 if (!pps)
184 return 1;
185
186 pps->u.update_window.sid = 0;
187 pps->u.update_window.credit = (unsigned int)bump;
188 nwsi->txc.peer_tx_cr_est += bump;
189
190 lws_wsi_txc_describe(&nwsi->txc, __func__, nwsi->mux.my_sid);
191
192 lws_pps_schedule(nwsi, pps);
193
194 return 0;
195 }
196
197 int
lws_h2_get_peer_txcredit_estimate(struct lws * wsi)198 lws_h2_get_peer_txcredit_estimate(struct lws *wsi)
199 {
200 lws_wsi_txc_describe(&wsi->txc, __func__, wsi->mux.my_sid);
201 return (int)wsi->txc.peer_tx_cr_est;
202 }
203
204 static int
lws_h2_update_peer_txcredit_thresh(struct lws * wsi,unsigned int sid,int threshold,int bump)205 lws_h2_update_peer_txcredit_thresh(struct lws *wsi, unsigned int sid, int threshold, int bump)
206 {
207 if (wsi->txc.peer_tx_cr_est > threshold)
208 return 0;
209
210 return lws_h2_update_peer_txcredit(wsi, sid, bump);
211 }
212
213 /* cx + vh lock */
214
215 static struct lws *
__lws_wsi_server_new(struct lws_vhost * vh,struct lws * parent_wsi,unsigned int sid)216 __lws_wsi_server_new(struct lws_vhost *vh, struct lws *parent_wsi,
217 unsigned int sid)
218 {
219 struct lws *nwsi = lws_get_network_wsi(parent_wsi);
220 struct lws_h2_netconn *h2n = nwsi->h2.h2n;
221 char tmp[50], tmp1[50];
222 unsigned int n, b = 0;
223 struct lws *wsi;
224 const char *p;
225
226 lws_context_assert_lock_held(vh->context);
227 lws_vhost_assert_lock_held(vh);
228
229 /*
230 * The identifier of a newly established stream MUST be numerically
231 * greater than all streams that the initiating endpoint has opened or
232 * reserved. This governs streams that are opened using a HEADERS frame
233 * and streams that are reserved using PUSH_PROMISE. An endpoint that
234 * receives an unexpected stream identifier MUST respond with a
235 * connection error (Section 5.4.1) of type PROTOCOL_ERROR.
236 */
237 if (sid <= h2n->highest_sid_opened) {
238 lwsl_info("%s: tried to open lower sid %d (%d)\n", __func__,
239 sid, (int)h2n->highest_sid_opened);
240 lws_h2_goaway(nwsi, H2_ERR_PROTOCOL_ERROR, "Bad sid");
241 return NULL;
242 }
243
244 /* no more children allowed by parent */
245 if (parent_wsi->mux.child_count + 1 >
246 parent_wsi->h2.h2n->our_set.s[H2SET_MAX_CONCURRENT_STREAMS]) {
247 lwsl_notice("reached concurrent stream limit\n");
248 return NULL;
249 }
250
251 n = 0;
252 p = &parent_wsi->lc.gutag[1];
253 do {
254 if (*p == '|') {
255 b++;
256 if (b == 3)
257 continue;
258 }
259 tmp1[n++] = *p++;
260 } while (b < 3 && n < sizeof(tmp1) - 2);
261 tmp1[n] = '\0';
262 lws_snprintf(tmp, sizeof(tmp), "h2_sid%u_(%s)", sid, tmp1);
263 wsi = lws_create_new_server_wsi(vh, parent_wsi->tsi, tmp);
264 if (!wsi) {
265 lwsl_notice("new server wsi failed (%s)\n", lws_vh_tag(vh));
266 return NULL;
267 }
268
269 #if defined(LWS_WITH_SERVER)
270 if (lwsi_role_server(parent_wsi))
271 lws_metrics_caliper_bind(wsi->cal_conn, wsi->a.context->mth_srv);
272 #endif
273
274 h2n->highest_sid_opened = sid;
275
276 lws_wsi_mux_insert(wsi, parent_wsi, sid);
277 if (sid >= h2n->highest_sid)
278 h2n->highest_sid = sid + 2;
279
280 wsi->mux_substream = 1;
281 wsi->seen_nonpseudoheader = 0;
282
283 wsi->txc.tx_cr = (int32_t)nwsi->h2.h2n->peer_set.s[H2SET_INITIAL_WINDOW_SIZE];
284 wsi->txc.peer_tx_cr_est =
285 (int32_t)nwsi->h2.h2n->our_set.s[H2SET_INITIAL_WINDOW_SIZE];
286
287 lwsi_set_state(wsi, LRS_ESTABLISHED);
288 lwsi_set_role(wsi, lwsi_role(parent_wsi));
289
290 wsi->a.protocol = &vh->protocols[0];
291 if (lws_ensure_user_space(wsi))
292 goto bail1;
293
294 #if defined(LWS_WITH_SERVER) && defined(LWS_WITH_SECURE_STREAMS)
295 if (lws_adopt_ss_server_accept(wsi))
296 goto bail1;
297 #endif
298
299 /* get the ball rolling */
300 lws_validity_confirmed(wsi);
301
302 lwsl_info("%s: %s new ch %s, sid %d, usersp=%p\n", __func__,
303 lws_wsi_tag(parent_wsi), lws_wsi_tag(wsi), sid, wsi->user_space);
304
305 lws_wsi_txc_describe(&wsi->txc, __func__, wsi->mux.my_sid);
306 lws_wsi_txc_describe(&nwsi->txc, __func__, 0);
307
308 return wsi;
309
310 bail1:
311 /* undo the insert */
312 parent_wsi->mux.child_list = wsi->mux.sibling_list;
313 parent_wsi->mux.child_count--;
314
315 if (wsi->user_space)
316 lws_free_set_NULL(wsi->user_space);
317 vh->protocols[0].callback(wsi, LWS_CALLBACK_WSI_DESTROY, NULL, NULL, 0);
318 __lws_vhost_unbind_wsi(wsi);
319 lws_free(wsi);
320
321 return NULL;
322 }
323
324 struct lws *
lws_wsi_h2_adopt(struct lws * parent_wsi,struct lws * wsi)325 lws_wsi_h2_adopt(struct lws *parent_wsi, struct lws *wsi)
326 {
327 struct lws *nwsi = lws_get_network_wsi(parent_wsi);
328
329 /* no more children allowed by parent */
330 if (parent_wsi->mux.child_count + 1 >
331 parent_wsi->h2.h2n->our_set.s[H2SET_MAX_CONCURRENT_STREAMS]) {
332 lwsl_notice("reached concurrent stream limit\n");
333 return NULL;
334 }
335
336 /* sid is set just before issuing the headers, ensuring monoticity */
337
338 wsi->seen_nonpseudoheader = 0;
339 #if defined(LWS_WITH_CLIENT)
340 wsi->client_mux_substream = 1;
341 #endif
342 wsi->h2.initialized = 1;
343
344 #if 0
345 /* only assign sid at header send time when we know it */
346 if (!wsi->mux.my_sid) {
347 wsi->mux.my_sid = nwsi->h2.h2n->highest_sid;
348 nwsi->h2.h2n->highest_sid += 2;
349 }
350 #endif
351
352 lwsl_info("%s: binding wsi %s to sid %d (next %d)\n", __func__,
353 lws_wsi_tag(wsi), (int)wsi->mux.my_sid, (int)nwsi->h2.h2n->highest_sid);
354
355 lws_wsi_mux_insert(wsi, parent_wsi, wsi->mux.my_sid);
356
357 wsi->txc.tx_cr = (int32_t)nwsi->h2.h2n->peer_set.s[H2SET_INITIAL_WINDOW_SIZE];
358 wsi->txc.peer_tx_cr_est = (int32_t)
359 nwsi->h2.h2n->our_set.s[H2SET_INITIAL_WINDOW_SIZE];
360
361 lws_wsi_txc_describe(&wsi->txc, __func__, wsi->mux.my_sid);
362
363 if (lws_ensure_user_space(wsi))
364 goto bail1;
365
366 lws_role_transition(wsi, LWSIFR_CLIENT, LRS_H2_WAITING_TO_SEND_HEADERS,
367 &role_ops_h2);
368
369 lws_callback_on_writable(wsi);
370
371 return wsi;
372
373 bail1:
374 /* undo the insert */
375 parent_wsi->mux.child_list = wsi->mux.sibling_list;
376 parent_wsi->mux.child_count--;
377
378 if (wsi->user_space)
379 lws_free_set_NULL(wsi->user_space);
380 wsi->a.protocol->callback(wsi, LWS_CALLBACK_WSI_DESTROY, NULL, NULL, 0);
381 lws_free(wsi);
382
383 return NULL;
384 }
385
386
387 int
lws_h2_issue_preface(struct lws * wsi)388 lws_h2_issue_preface(struct lws *wsi)
389 {
390 struct lws_h2_netconn *h2n = wsi->h2.h2n;
391 struct lws_h2_protocol_send *pps;
392
393 if (!h2n) {
394 lwsl_warn("%s: no valid h2n\n", __func__);
395 return 1;
396 }
397
398 lwsl_debug("%s: %s: fd %d\n", __func__, lws_wsi_tag(wsi), (int)wsi->desc.sockfd);
399
400 if (lws_issue_raw(wsi, (uint8_t *)preface, strlen(preface)) !=
401 (int)strlen(preface))
402 return 1;
403
404 lws_role_transition(wsi, LWSIFR_CLIENT, LRS_H2_WAITING_TO_SEND_HEADERS,
405 &role_ops_h2);
406
407 h2n->count = 0;
408 wsi->txc.tx_cr = 65535;
409
410 /*
411 * we must send a settings frame
412 */
413 pps = lws_h2_new_pps(LWS_H2_PPS_MY_SETTINGS);
414 if (!pps)
415 return 1;
416 lws_pps_schedule(wsi, pps);
417 lwsl_info("%s: h2 client sending settings\n", __func__);
418
419 return 0;
420 }
421
422 void
lws_pps_schedule(struct lws * wsi,struct lws_h2_protocol_send * pps)423 lws_pps_schedule(struct lws *wsi, struct lws_h2_protocol_send *pps)
424 {
425 struct lws *nwsi = lws_get_network_wsi(wsi);
426 struct lws_h2_netconn *h2n = nwsi->h2.h2n;
427
428 pps->next = h2n->pps;
429 h2n->pps = pps;
430 lws_rx_flow_control(wsi, LWS_RXFLOW_REASON_APPLIES_DISABLE |
431 LWS_RXFLOW_REASON_H2_PPS_PENDING);
432 lws_callback_on_writable(wsi);
433 }
434
435 int
lws_h2_goaway(struct lws * wsi,uint32_t err,const char * reason)436 lws_h2_goaway(struct lws *wsi, uint32_t err, const char *reason)
437 {
438 struct lws_h2_netconn *h2n = wsi->h2.h2n;
439 struct lws_h2_protocol_send *pps;
440
441 if (h2n->type == LWS_H2_FRAME_TYPE_COUNT)
442 return 0;
443
444 pps = lws_h2_new_pps(LWS_H2_PPS_GOAWAY);
445 if (!pps)
446 return 1;
447
448 lwsl_info("%s: %s: ERR 0x%x, '%s'\n", __func__, lws_wsi_tag(wsi), (int)err, reason);
449
450 pps->u.ga.err = err;
451 pps->u.ga.highest_sid = h2n->highest_sid;
452 lws_strncpy(pps->u.ga.str, reason, sizeof(pps->u.ga.str));
453 lws_pps_schedule(wsi, pps);
454
455 h2n->type = LWS_H2_FRAME_TYPE_COUNT; /* ie, IGNORE */
456
457 return 0;
458 }
459
460 int
lws_h2_rst_stream(struct lws * wsi,uint32_t err,const char * reason)461 lws_h2_rst_stream(struct lws *wsi, uint32_t err, const char *reason)
462 {
463 struct lws *nwsi = lws_get_network_wsi(wsi);
464 struct lws_h2_netconn *h2n = nwsi->h2.h2n;
465 struct lws_h2_protocol_send *pps;
466
467 if (!h2n)
468 return 0;
469
470 if (!wsi->h2_stream_carries_ws && h2n->type == LWS_H2_FRAME_TYPE_COUNT)
471 return 0;
472
473 pps = lws_h2_new_pps(LWS_H2_PPS_RST_STREAM);
474 if (!pps)
475 return 1;
476
477 lwsl_info("%s: RST_STREAM 0x%x, sid %d, REASON '%s'\n", __func__,
478 (int)err, wsi->mux.my_sid, reason);
479
480 pps->u.rs.sid = wsi->mux.my_sid;
481 pps->u.rs.err = err;
482
483 lws_pps_schedule(wsi, pps);
484
485 h2n->type = LWS_H2_FRAME_TYPE_COUNT; /* ie, IGNORE */
486 lws_h2_state(wsi, LWS_H2_STATE_CLOSED);
487
488 return 0;
489 }
490
491 int
lws_h2_settings(struct lws * wsi,struct http2_settings * settings,unsigned char * buf,int len)492 lws_h2_settings(struct lws *wsi, struct http2_settings *settings,
493 unsigned char *buf, int len)
494 {
495 struct lws *nwsi = lws_get_network_wsi(wsi);
496 unsigned int a, b;
497
498 if (!len)
499 return 0;
500
501 if (len < LWS_H2_SETTINGS_LEN)
502 return 1;
503
504 while (len >= LWS_H2_SETTINGS_LEN) {
505 a = (unsigned int)((buf[0] << 8) | buf[1]);
506 if (!a || a >= H2SET_COUNT)
507 goto skip;
508 b = (unsigned int)(buf[2] << 24 | buf[3] << 16 | buf[4] << 8 | buf[5]);
509
510 switch (a) {
511 case H2SET_HEADER_TABLE_SIZE:
512 break;
513 case H2SET_ENABLE_PUSH:
514 if (b > 1) {
515 lws_h2_goaway(nwsi, H2_ERR_PROTOCOL_ERROR,
516 "ENABLE_PUSH invalid arg");
517 return 1;
518 }
519 break;
520 case H2SET_MAX_CONCURRENT_STREAMS:
521 break;
522 case H2SET_INITIAL_WINDOW_SIZE:
523 if (b > 0x7fffffff) {
524 lws_h2_goaway(nwsi, H2_ERR_FLOW_CONTROL_ERROR,
525 "Inital Window beyond max");
526 return 1;
527 }
528
529 #if defined(LWS_WITH_CLIENT)
530 #if defined(LWS_AMAZON_RTOS) || defined(LWS_AMAZON_LINUX)
531 if (
532 #else
533 if (wsi->flags & LCCSCF_H2_QUIRK_OVERFLOWS_TXCR &&
534 #endif
535 b == 0x7fffffff) {
536 b >>= 4;
537
538 break;
539 }
540 #endif
541
542 /*
543 * In addition to changing the flow-control window for
544 * streams that are not yet active, a SETTINGS frame
545 * can alter the initial flow-control window size for
546 * streams with active flow-control windows (that is,
547 * streams in the "open" or "half-closed (remote)"
548 * state). When the value of
549 * SETTINGS_INITIAL_WINDOW_SIZE changes, a receiver
550 * MUST adjust the size of all stream flow-control
551 * windows that it maintains by the difference between
552 * the new value and the old value.
553 */
554
555 lws_start_foreach_ll(struct lws *, w,
556 nwsi->mux.child_list) {
557 lwsl_info("%s: adi child tc cr %d +%d -> %d",
558 __func__, (int)w->txc.tx_cr,
559 b - (unsigned int)settings->s[a],
560 (int)(w->txc.tx_cr + (int)b -
561 (int)settings->s[a]));
562 w->txc.tx_cr += (int)b - (int)settings->s[a];
563 if (w->txc.tx_cr > 0 &&
564 w->txc.tx_cr <=
565 (int32_t)(b - settings->s[a]))
566
567 lws_callback_on_writable(w);
568 } lws_end_foreach_ll(w, mux.sibling_list);
569
570 break;
571 case H2SET_MAX_FRAME_SIZE:
572 if (b < wsi->a.vhost->h2.set.s[H2SET_MAX_FRAME_SIZE]) {
573 lws_h2_goaway(nwsi, H2_ERR_PROTOCOL_ERROR,
574 "Frame size < initial");
575 return 1;
576 }
577 if (b > 0x00ffffff) {
578 lws_h2_goaway(nwsi, H2_ERR_PROTOCOL_ERROR,
579 "Settings Frame size above max");
580 return 1;
581 }
582 break;
583 case H2SET_MAX_HEADER_LIST_SIZE:
584 break;
585 }
586 settings->s[a] = b;
587 lwsl_info("http2 settings %d <- 0x%x\n", a, b);
588 skip:
589 len -= LWS_H2_SETTINGS_LEN;
590 buf += LWS_H2_SETTINGS_LEN;
591 }
592
593 if (len)
594 return 1;
595
596 lws_h2_dump_settings(settings);
597
598 return 0;
599 }
600
601 /* RFC7640 Sect 6.9
602 *
603 * The WINDOW_UPDATE frame can be specific to a stream or to the entire
604 * connection. In the former case, the frame's stream identifier
605 * indicates the affected stream; in the latter, the value "0" indicates
606 * that the entire connection is the subject of the frame.
607 *
608 * ...
609 *
610 * Two flow-control windows are applicable: the stream flow-control
611 * window and the connection flow-control window. The sender MUST NOT
612 * send a flow-controlled frame with a length that exceeds the space
613 * available in either of the flow-control windows advertised by the
614 * receiver. Frames with zero length with the END_STREAM flag set (that
615 * is, an empty DATA frame) MAY be sent if there is no available space
616 * in either flow-control window.
617 */
618
619 int
lws_h2_tx_cr_get(struct lws * wsi)620 lws_h2_tx_cr_get(struct lws *wsi)
621 {
622 int c = wsi->txc.tx_cr;
623 struct lws *nwsi = lws_get_network_wsi(wsi);
624
625 if (!wsi->mux_substream && !nwsi->upgraded_to_http2)
626 return ~0x80000000;
627
628 lwsl_info ("%s: %s: own tx credit %d: nwsi credit %d\n",
629 __func__, lws_wsi_tag(wsi), c, (int)nwsi->txc.tx_cr);
630
631 if (nwsi->txc.tx_cr < c)
632 c = nwsi->txc.tx_cr;
633
634 if (c < 0)
635 return 0;
636
637 return c;
638 }
639
640 void
lws_h2_tx_cr_consume(struct lws * wsi,int consumed)641 lws_h2_tx_cr_consume(struct lws *wsi, int consumed)
642 {
643 struct lws *nwsi = lws_get_network_wsi(wsi);
644
645 wsi->txc.tx_cr -= consumed;
646
647 if (nwsi != wsi)
648 nwsi->txc.tx_cr -= consumed;
649 }
650
lws_h2_frame_write(struct lws * wsi,int type,int flags,unsigned int sid,unsigned int len,unsigned char * buf)651 int lws_h2_frame_write(struct lws *wsi, int type, int flags,
652 unsigned int sid, unsigned int len, unsigned char *buf)
653 {
654 struct lws *nwsi = lws_get_network_wsi(wsi);
655 unsigned char *p = &buf[-LWS_H2_FRAME_HEADER_LENGTH];
656 int n;
657
658 //if (wsi->h2_stream_carries_ws)
659 // lwsl_hexdump_level(LLL_NOTICE, buf, len);
660
661 *p++ = (uint8_t)(len >> 16);
662 *p++ = (uint8_t)(len >> 8);
663 *p++ = (uint8_t)len;
664 *p++ = (uint8_t)type;
665 *p++ = (uint8_t)flags;
666 *p++ = (uint8_t)(sid >> 24);
667 *p++ = (uint8_t)(sid >> 16);
668 *p++ = (uint8_t)(sid >> 8);
669 *p++ = (uint8_t)sid;
670
671 lwsl_debug("%s: %s (eff %s). typ %d, fl 0x%x, sid=%d, len=%d, "
672 "txcr=%d, nwsi->txcr=%d\n", __func__, lws_wsi_tag(wsi),
673 lws_wsi_tag(nwsi), type, flags,
674 sid, len, (int)wsi->txc.tx_cr, (int)nwsi->txc.tx_cr);
675
676 if (type == LWS_H2_FRAME_TYPE_DATA) {
677 if (wsi->txc.tx_cr < (int)len)
678
679 lwsl_info("%s: %s: sending payload len %d"
680 " but tx_cr only %d!\n", __func__,
681 lws_wsi_tag(wsi), len, (int)wsi->txc.tx_cr);
682 lws_h2_tx_cr_consume(wsi, (int)len);
683 }
684
685 n = lws_issue_raw(nwsi, &buf[-LWS_H2_FRAME_HEADER_LENGTH],
686 len + LWS_H2_FRAME_HEADER_LENGTH);
687 if (n < 0)
688 return n;
689
690 if (n >= LWS_H2_FRAME_HEADER_LENGTH)
691 return n - LWS_H2_FRAME_HEADER_LENGTH;
692
693 return n;
694 }
695
lws_h2_set_bin(struct lws * wsi,int n,unsigned char * buf)696 static void lws_h2_set_bin(struct lws *wsi, int n, unsigned char *buf)
697 {
698 *buf++ = (uint8_t)(n >> 8);
699 *buf++ = (uint8_t)n;
700 *buf++ = (uint8_t)(wsi->h2.h2n->our_set.s[n] >> 24);
701 *buf++ = (uint8_t)(wsi->h2.h2n->our_set.s[n] >> 16);
702 *buf++ = (uint8_t)(wsi->h2.h2n->our_set.s[n] >> 8);
703 *buf = (uint8_t)wsi->h2.h2n->our_set.s[n];
704 }
705
706 /* we get called on the network connection */
707
lws_h2_do_pps_send(struct lws * wsi)708 int lws_h2_do_pps_send(struct lws *wsi)
709 {
710 struct lws_h2_netconn *h2n = wsi->h2.h2n;
711 struct lws_h2_protocol_send *pps = NULL;
712 struct lws *cwsi;
713 uint8_t set[LWS_PRE + 64], *p = &set[LWS_PRE], *q;
714 int n, m = 0, flags = 0;
715
716 if (!h2n)
717 return 1;
718
719 /* get the oldest pps */
720
721 lws_start_foreach_llp(struct lws_h2_protocol_send **, pps1, h2n->pps) {
722 if ((*pps1)->next == NULL) { /* we are the oldest in the list */
723 pps = *pps1; /* remove us from the list */
724 *pps1 = NULL;
725 continue;
726 }
727 } lws_end_foreach_llp(pps1, next);
728
729 if (!pps)
730 return 1;
731
732 lwsl_info("%s: %s: %d\n", __func__, lws_wsi_tag(wsi), pps->type);
733
734 switch (pps->type) {
735
736 case LWS_H2_PPS_MY_SETTINGS:
737
738 /*
739 * if any of our settings varies from h2 "default defaults"
740 * then we must inform the peer
741 */
742 for (n = 1; n < H2SET_COUNT; n++)
743 if (h2n->our_set.s[n] != lws_h2_defaults.s[n]) {
744 lwsl_debug("sending SETTING %d 0x%x\n", n,
745 (unsigned int)
746 wsi->h2.h2n->our_set.s[n]);
747
748 lws_h2_set_bin(wsi, n, &set[LWS_PRE + m]);
749 m += (int)sizeof(h2n->one_setting);
750 }
751 n = lws_h2_frame_write(wsi, LWS_H2_FRAME_TYPE_SETTINGS,
752 flags, LWS_H2_STREAM_ID_MASTER, (unsigned int)m,
753 &set[LWS_PRE]);
754 if (n != m) {
755 lwsl_info("send %d %d\n", n, m);
756 goto bail;
757 }
758 break;
759
760 case LWS_H2_PPS_SETTINGS_INITIAL_UPDATE_WINDOW:
761 q = &set[LWS_PRE];
762 *q++ = (uint8_t)(H2SET_INITIAL_WINDOW_SIZE >> 8);
763 *q++ = (uint8_t)(H2SET_INITIAL_WINDOW_SIZE);
764 *q++ = (uint8_t)(pps->u.update_window.credit >> 24);
765 *q++ = (uint8_t)(pps->u.update_window.credit >> 16);
766 *q++ = (uint8_t)(pps->u.update_window.credit >> 8);
767 *q = (uint8_t)(pps->u.update_window.credit);
768
769 lwsl_debug("%s: resetting initial window to %d\n", __func__,
770 (int)pps->u.update_window.credit);
771
772 n = lws_h2_frame_write(wsi, LWS_H2_FRAME_TYPE_SETTINGS,
773 flags, LWS_H2_STREAM_ID_MASTER, 6,
774 &set[LWS_PRE]);
775 if (n != 6) {
776 lwsl_info("send %d %d\n", n, m);
777 goto bail;
778 }
779 break;
780
781 case LWS_H2_PPS_ACK_SETTINGS:
782 /* send ack ... always empty */
783 n = lws_h2_frame_write(wsi, LWS_H2_FRAME_TYPE_SETTINGS, 1,
784 LWS_H2_STREAM_ID_MASTER, 0,
785 &set[LWS_PRE]);
786 if (n) {
787 lwsl_err("%s: writing settings ack frame failed %d\n", __func__, n);
788 goto bail;
789 }
790 wsi->h2_acked_settings = 0;
791 /* this is the end of the preface dance then? */
792 if (lwsi_state(wsi) == LRS_H2_AWAIT_SETTINGS) {
793 lwsi_set_state(wsi, LRS_ESTABLISHED);
794 #if defined(LWS_WITH_FILE_OPS)
795 wsi->http.fop_fd = NULL;
796 #endif
797 if (lws_is_ssl(lws_get_network_wsi(wsi)))
798 break;
799
800 if (wsi->a.vhost->options &
801 LWS_SERVER_OPTION_H2_PRIOR_KNOWLEDGE)
802 break;
803
804 /*
805 * we need to treat the headers from the upgrade as the
806 * first job. So these need to get shifted to sid 1.
807 */
808
809 lws_context_lock(wsi->a.context, "h2 mig");
810 lws_vhost_lock(wsi->a.vhost);
811
812 h2n->swsi = __lws_wsi_server_new(wsi->a.vhost, wsi, 1);
813
814 lws_vhost_unlock(wsi->a.vhost);
815 lws_context_unlock(wsi->a.context);
816
817 if (!h2n->swsi)
818 goto bail;
819
820 /* pass on the initial headers to SID 1 */
821 h2n->swsi->http.ah = wsi->http.ah;
822 wsi->http.ah = NULL;
823
824 lwsl_info("%s: inherited headers %p\n", __func__,
825 h2n->swsi->http.ah);
826 h2n->swsi->txc.tx_cr = (int32_t)
827 h2n->our_set.s[H2SET_INITIAL_WINDOW_SIZE];
828 lwsl_info("initial tx credit on %s: %d\n",
829 lws_wsi_tag(h2n->swsi),
830 (int)h2n->swsi->txc.tx_cr);
831 h2n->swsi->h2.initialized = 1;
832 /* demanded by HTTP2 */
833 h2n->swsi->h2.END_STREAM = 1;
834 lwsl_info("servicing initial http request\n");
835
836 #if defined(LWS_WITH_SERVER)
837 if (lws_http_action(h2n->swsi))
838 goto bail;
839 #endif
840 break;
841 }
842 break;
843
844 /*
845 * h2 only has PING... ACK = 0 = ping, ACK = 1 = pong
846 */
847
848 case LWS_H2_PPS_PING:
849 case LWS_H2_PPS_PONG:
850 if (pps->type == LWS_H2_PPS_PING)
851 lwsl_info("sending PING\n");
852 else {
853 lwsl_info("sending PONG\n");
854 flags = LWS_H2_FLAG_SETTINGS_ACK;
855 }
856
857 memcpy(&set[LWS_PRE], pps->u.ping.ping_payload, 8);
858 n = lws_h2_frame_write(wsi, LWS_H2_FRAME_TYPE_PING, flags,
859 LWS_H2_STREAM_ID_MASTER, 8,
860 &set[LWS_PRE]);
861 if (n != 8)
862 goto bail;
863
864 break;
865
866 case LWS_H2_PPS_GOAWAY:
867 lwsl_info("LWS_H2_PPS_GOAWAY\n");
868 *p++ = (uint8_t)(pps->u.ga.highest_sid >> 24);
869 *p++ = (uint8_t)(pps->u.ga.highest_sid >> 16);
870 *p++ = (uint8_t)(pps->u.ga.highest_sid >> 8);
871 *p++ = (uint8_t)(pps->u.ga.highest_sid);
872 *p++ = (uint8_t)(pps->u.ga.err >> 24);
873 *p++ = (uint8_t)(pps->u.ga.err >> 16);
874 *p++ = (uint8_t)(pps->u.ga.err >> 8);
875 *p++ = (uint8_t)(pps->u.ga.err);
876 q = (unsigned char *)pps->u.ga.str;
877 n = 0;
878 while (*q && n++ < (int)sizeof(pps->u.ga.str))
879 *p++ = *q++;
880 h2n->we_told_goaway = 1;
881 n = lws_h2_frame_write(wsi, LWS_H2_FRAME_TYPE_GOAWAY, 0,
882 LWS_H2_STREAM_ID_MASTER,
883 (unsigned int)lws_ptr_diff(p, &set[LWS_PRE]),
884 &set[LWS_PRE]);
885 if (n != 4) {
886 lwsl_info("send %d %d\n", n, m);
887 goto bail;
888 }
889 goto bail;
890
891 case LWS_H2_PPS_RST_STREAM:
892 lwsl_info("LWS_H2_PPS_RST_STREAM\n");
893 *p++ = (uint8_t)(pps->u.rs.err >> 24);
894 *p++ = (uint8_t)(pps->u.rs.err >> 16);
895 *p++ = (uint8_t)(pps->u.rs.err >> 8);
896 *p++ = (uint8_t)(pps->u.rs.err);
897 n = lws_h2_frame_write(wsi, LWS_H2_FRAME_TYPE_RST_STREAM,
898 0, pps->u.rs.sid, 4, &set[LWS_PRE]);
899 if (n != 4) {
900 lwsl_info("send %d %d\n", n, m);
901 goto bail;
902 }
903 cwsi = lws_wsi_mux_from_id(wsi, pps->u.rs.sid);
904 if (cwsi) {
905 lwsl_debug("%s: closing cwsi %s %s %s (wsi %s)\n",
906 __func__, lws_wsi_tag(cwsi),
907 cwsi->role_ops->name,
908 cwsi->a.protocol->name, lws_wsi_tag(wsi));
909 lws_close_free_wsi(cwsi, 0, "reset stream");
910 }
911 break;
912
913 case LWS_H2_PPS_UPDATE_WINDOW:
914 lwsl_info("Issuing LWS_H2_PPS_UPDATE_WINDOW: sid %d: add %d\n",
915 (int)pps->u.update_window.sid,
916 (int)pps->u.update_window.credit);
917 *p++ = (uint8_t)((pps->u.update_window.credit >> 24) & 0x7f); /* 31b */
918 *p++ = (uint8_t)(pps->u.update_window.credit >> 16);
919 *p++ = (uint8_t)(pps->u.update_window.credit >> 8);
920 *p++ = (uint8_t)(pps->u.update_window.credit);
921 n = lws_h2_frame_write(wsi, LWS_H2_FRAME_TYPE_WINDOW_UPDATE,
922 0, pps->u.update_window.sid, 4,
923 &set[LWS_PRE]);
924 if (n != 4) {
925 lwsl_info("send %d %d\n", n, m);
926 goto bail;
927 }
928 break;
929
930 default:
931 break;
932 }
933
934 lws_free(pps);
935
936 return 0;
937
938 bail:
939 lws_free(pps);
940
941 return 1;
942 }
943
944 static int
945 lws_h2_parse_end_of_frame(struct lws *wsi);
946
947 /*
948 * The frame header part has just completely arrived.
949 * Perform actions for header completion.
950 */
951 static int
lws_h2_parse_frame_header(struct lws * wsi)952 lws_h2_parse_frame_header(struct lws *wsi)
953 {
954 struct lws_h2_netconn *h2n = wsi->h2.h2n;
955 struct lws_h2_protocol_send *pps;
956 int n;
957
958 /*
959 * We just got the frame header
960 */
961 h2n->count = 0;
962 h2n->swsi = wsi;
963 /* b31 is a reserved bit */
964 h2n->sid = h2n->sid & 0x7fffffff;
965
966 if (h2n->sid && !(h2n->sid & 1)) {
967 char pes[32];
968 lws_snprintf(pes, sizeof(pes), "Even Stream ID 0x%x", (unsigned int)h2n->sid);
969 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, pes);
970
971 return 0;
972 }
973
974 /* let the network wsi live a bit longer if subs are active */
975
976 if (!wsi->immortal_substream_count)
977 lws_set_timeout(wsi, PENDING_TIMEOUT_HTTP_KEEPALIVE_IDLE,
978 wsi->a.vhost->keepalive_timeout ?
979 wsi->a.vhost->keepalive_timeout : 31);
980
981 if (h2n->sid)
982 h2n->swsi = lws_wsi_mux_from_id(wsi, h2n->sid);
983
984 lwsl_debug("%s (%s): fr hdr: typ 0x%x, fla 0x%x, sid 0x%x, len 0x%x\n",
985 lws_wsi_tag(wsi), lws_wsi_tag(h2n->swsi), h2n->type,
986 h2n->flags, (unsigned int)h2n->sid, (unsigned int)h2n->length);
987
988 if (h2n->we_told_goaway && h2n->sid > h2n->highest_sid)
989 h2n->type = LWS_H2_FRAME_TYPE_COUNT; /* ie, IGNORE */
990
991 if (h2n->type >= LWS_H2_FRAME_TYPE_COUNT) {
992 lwsl_info("%s: ignoring unknown frame type %d (len %d)\n", __func__, h2n->type, (unsigned int)h2n->length);
993 /* we MUST ignore frames we don't understand */
994 h2n->type = LWS_H2_FRAME_TYPE_COUNT;
995 }
996
997 /*
998 * Even if we have decided to logically ignore this frame, we must
999 * consume the correct "frame length" amount of data to retain sync
1000 */
1001
1002 if (h2n->length > h2n->our_set.s[H2SET_MAX_FRAME_SIZE]) {
1003 /*
1004 * peer sent us something bigger than we told
1005 * it we would allow
1006 */
1007 lwsl_info("%s: received oversize frame %d\n", __func__,
1008 (unsigned int)h2n->length);
1009 lws_h2_goaway(wsi, H2_ERR_FRAME_SIZE_ERROR,
1010 "Peer ignored our frame size setting");
1011 return 1;
1012 }
1013
1014 if (h2n->swsi)
1015 lwsl_info("%s: %s, State: %s, received cmd %d\n",
1016 __func__, lws_wsi_tag(h2n->swsi),
1017 h2_state_names[h2n->swsi->h2.h2_state], h2n->type);
1018 else {
1019 /* if it's data, either way no swsi means CLOSED state */
1020 if (h2n->type == LWS_H2_FRAME_TYPE_DATA) {
1021 if (h2n->sid <= h2n->highest_sid_opened
1022 #if defined(LWS_WITH_CLIENT)
1023 && wsi->client_h2_alpn
1024 #endif
1025 ) {
1026 lwsl_notice("ignoring straggling data fl 0x%x\n",
1027 h2n->flags);
1028 /* ie, IGNORE */
1029 h2n->type = LWS_H2_FRAME_TYPE_COUNT;
1030 } else {
1031 lwsl_info("%s: received %d bytes data for unknown sid %d, highest known %d\n",
1032 __func__, (int)h2n->length, (int)h2n->sid, (int)h2n->highest_sid_opened);
1033
1034 // if (h2n->sid > h2n->highest_sid_opened) {
1035 lws_h2_goaway(wsi, H2_ERR_STREAM_CLOSED,
1036 "Data for nonexistent sid");
1037 return 0;
1038 // }
1039 }
1040 }
1041 /* if the sid is credible, treat as wsi for it closed */
1042 if (h2n->sid > h2n->highest_sid_opened &&
1043 h2n->type != LWS_H2_FRAME_TYPE_HEADERS &&
1044 h2n->type != LWS_H2_FRAME_TYPE_PRIORITY) {
1045 /* if not credible, reject it */
1046 lwsl_info("%s: %s, No child for sid %d, rxcmd %d\n",
1047 __func__, lws_wsi_tag(h2n->swsi), (unsigned int)h2n->sid, h2n->type);
1048 lws_h2_goaway(wsi, H2_ERR_STREAM_CLOSED,
1049 "Data for nonexistent sid");
1050 return 0;
1051 }
1052 }
1053
1054 if (h2n->swsi && h2n->sid && h2n->type != LWS_H2_FRAME_TYPE_COUNT &&
1055 !(http2_rx_validity[h2n->swsi->h2.h2_state] & (1 << h2n->type))) {
1056 lwsl_info("%s: %s, State: %s, ILLEGAL cmdrx %d (OK 0x%x)\n",
1057 __func__, lws_wsi_tag(h2n->swsi),
1058 h2_state_names[h2n->swsi->h2.h2_state], h2n->type,
1059 http2_rx_validity[h2n->swsi->h2.h2_state]);
1060
1061 if (h2n->swsi->h2.h2_state == LWS_H2_STATE_CLOSED ||
1062 h2n->swsi->h2.h2_state == LWS_H2_STATE_HALF_CLOSED_REMOTE)
1063 n = H2_ERR_STREAM_CLOSED;
1064 else
1065 n = H2_ERR_PROTOCOL_ERROR;
1066 lws_h2_goaway(wsi, (unsigned int)n, "invalid rx for state");
1067
1068 return 0;
1069 }
1070
1071 if (h2n->cont_exp && h2n->type != LWS_H2_FRAME_TYPE_COUNT &&
1072 (h2n->cont_exp_sid != h2n->sid ||
1073 h2n->type != LWS_H2_FRAME_TYPE_CONTINUATION)) {
1074 lwsl_info("%s: expected cont on sid %u (got %d on sid %u)\n",
1075 __func__, (unsigned int)h2n->cont_exp_sid, h2n->type,
1076 (unsigned int)h2n->sid);
1077 h2n->cont_exp = 0;
1078 if (h2n->cont_exp_headers)
1079 n = H2_ERR_COMPRESSION_ERROR;
1080 else
1081 n = H2_ERR_PROTOCOL_ERROR;
1082 lws_h2_goaway(wsi, (unsigned int)n, "Continuation hdrs State");
1083
1084 return 0;
1085 }
1086
1087 switch (h2n->type) {
1088 case LWS_H2_FRAME_TYPE_DATA:
1089 lwsl_info("seen incoming LWS_H2_FRAME_TYPE_DATA start\n");
1090 if (!h2n->sid) {
1091 lwsl_info("DATA: 0 sid\n");
1092 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, "DATA 0 sid");
1093 break;
1094 }
1095 lwsl_info("Frame header DATA: sid %u, flags 0x%x, len %u\n",
1096 (unsigned int)h2n->sid, h2n->flags,
1097 (unsigned int)h2n->length);
1098
1099 if (!h2n->swsi) {
1100 lwsl_notice("DATA: NULL swsi\n");
1101 break;
1102 }
1103
1104 lwsl_info("DATA rx on state %d\n", h2n->swsi->h2.h2_state);
1105
1106 if (
1107 h2n->swsi->h2.h2_state == LWS_H2_STATE_HALF_CLOSED_REMOTE ||
1108 h2n->swsi->h2.h2_state == LWS_H2_STATE_CLOSED) {
1109 lws_h2_goaway(wsi, H2_ERR_STREAM_CLOSED, "conn closed");
1110 break;
1111 }
1112
1113 if (h2n->length == 0)
1114 lws_h2_parse_end_of_frame(wsi);
1115
1116 break;
1117
1118 case LWS_H2_FRAME_TYPE_PRIORITY:
1119 lwsl_info("LWS_H2_FRAME_TYPE_PRIORITY complete frame\n");
1120 if (!h2n->sid) {
1121 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1122 "Priority has 0 sid");
1123 break;
1124 }
1125 if (h2n->length != 5) {
1126 lws_h2_goaway(wsi, H2_ERR_FRAME_SIZE_ERROR,
1127 "Priority has length other than 5");
1128 break;
1129 }
1130 break;
1131 case LWS_H2_FRAME_TYPE_PUSH_PROMISE:
1132 lwsl_info("LWS_H2_FRAME_TYPE_PUSH_PROMISE complete frame\n");
1133 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, "Server only");
1134 break;
1135
1136 case LWS_H2_FRAME_TYPE_GOAWAY:
1137 lwsl_debug("LWS_H2_FRAME_TYPE_GOAWAY received\n");
1138 break;
1139
1140 case LWS_H2_FRAME_TYPE_RST_STREAM:
1141 if (!h2n->sid)
1142 return 1;
1143 if (!h2n->swsi) {
1144 if (h2n->sid <= h2n->highest_sid_opened)
1145 break;
1146 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1147 "crazy sid on RST_STREAM");
1148 return 1;
1149 }
1150 if (h2n->length != 4) {
1151 lws_h2_goaway(wsi, H2_ERR_FRAME_SIZE_ERROR,
1152 "RST_STREAM can only be length 4");
1153 break;
1154 }
1155 lws_h2_state(h2n->swsi, LWS_H2_STATE_CLOSED);
1156 break;
1157
1158 case LWS_H2_FRAME_TYPE_SETTINGS:
1159 lwsl_info("LWS_H2_FRAME_TYPE_SETTINGS complete frame\n");
1160 /* nonzero sid on settings is illegal */
1161 if (h2n->sid) {
1162 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1163 "Settings has nonzero sid");
1164 break;
1165 }
1166
1167 if (!(h2n->flags & LWS_H2_FLAG_SETTINGS_ACK)) {
1168 if (h2n->length % 6) {
1169 lws_h2_goaway(wsi, H2_ERR_FRAME_SIZE_ERROR,
1170 "Settings length error");
1171 break;
1172 }
1173
1174 if (h2n->type == LWS_H2_FRAME_TYPE_COUNT)
1175 return 0;
1176
1177 if (wsi->upgraded_to_http2 &&
1178 #if defined(LWS_WITH_CLIENT)
1179 (!(wsi->flags & LCCSCF_H2_QUIRK_NGHTTP2_END_STREAM) ||
1180 #else
1181 (
1182 #endif
1183 !wsi->h2_acked_settings)) {
1184
1185 pps = lws_h2_new_pps(LWS_H2_PPS_ACK_SETTINGS);
1186 if (!pps)
1187 return 1;
1188 lws_pps_schedule(wsi, pps);
1189 wsi->h2_acked_settings = 1;
1190 }
1191 break;
1192 }
1193 /* came to us with ACK set... not allowed to have payload */
1194
1195 if (h2n->length) {
1196 lws_h2_goaway(wsi, H2_ERR_FRAME_SIZE_ERROR,
1197 "Settings with ACK not allowed payload");
1198 break;
1199 }
1200 break;
1201 case LWS_H2_FRAME_TYPE_PING:
1202 if (h2n->sid) {
1203 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1204 "Ping has nonzero sid");
1205 break;
1206 }
1207 if (h2n->length != 8) {
1208 lws_h2_goaway(wsi, H2_ERR_FRAME_SIZE_ERROR,
1209 "Ping payload can only be 8");
1210 break;
1211 }
1212 break;
1213 case LWS_H2_FRAME_TYPE_CONTINUATION:
1214 lwsl_info("LWS_H2_FRAME_TYPE_CONTINUATION: sid = %u %d %d\n",
1215 (unsigned int)h2n->sid, (int)h2n->cont_exp,
1216 (int)h2n->cont_exp_sid);
1217
1218 if (!h2n->cont_exp ||
1219 h2n->cont_exp_sid != h2n->sid ||
1220 !h2n->sid ||
1221 !h2n->swsi) {
1222 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1223 "unexpected CONTINUATION");
1224 break;
1225 }
1226
1227 if (h2n->swsi->h2.END_HEADERS) {
1228 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1229 "END_HEADERS already seen");
1230 break;
1231 }
1232 /* END_STREAM is in HEADERS, skip resetting it */
1233 goto update_end_headers;
1234
1235 case LWS_H2_FRAME_TYPE_HEADERS:
1236 lwsl_info("HEADERS: frame header: sid = %u\n",
1237 (unsigned int)h2n->sid);
1238 if (!h2n->sid) {
1239 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, "sid 0");
1240 return 1;
1241 }
1242
1243 if (h2n->swsi && !h2n->swsi->h2.END_STREAM &&
1244 h2n->swsi->h2.END_HEADERS &&
1245 !(h2n->flags & LWS_H2_FLAG_END_STREAM)) {
1246 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1247 "extra HEADERS together");
1248 return 1;
1249 }
1250
1251 #if defined(LWS_WITH_CLIENT)
1252 if (wsi->client_h2_alpn) {
1253 if (h2n->sid) {
1254 h2n->swsi = lws_wsi_mux_from_id(wsi, h2n->sid);
1255 lwsl_info("HEADERS: nwsi %s: sid %u mapped "
1256 "to wsi %s\n", lws_wsi_tag(wsi),
1257 (unsigned int)h2n->sid,
1258 lws_wsi_tag(h2n->swsi));
1259 if (!h2n->swsi)
1260 break;
1261 }
1262 goto update_end_headers;
1263 }
1264 #endif
1265
1266 if (!h2n->swsi) {
1267 /* no more children allowed by parent */
1268 if (wsi->mux.child_count + 1 >
1269 wsi->h2.h2n->our_set.s[H2SET_MAX_CONCURRENT_STREAMS]) {
1270 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1271 "Another stream not allowed");
1272
1273 return 1;
1274 }
1275
1276 /*
1277 * The peer has sent us a HEADERS implying the creation
1278 * of a new stream
1279 */
1280
1281 lws_context_lock(wsi->a.context, "h2 new str");
1282 lws_vhost_lock(wsi->a.vhost);
1283
1284 h2n->swsi = __lws_wsi_server_new(wsi->a.vhost, wsi,
1285 h2n->sid);
1286
1287 lws_vhost_unlock(wsi->a.vhost);
1288 lws_context_unlock(wsi->a.context);
1289
1290 if (!h2n->swsi) {
1291 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1292 "OOM");
1293
1294 return 1;
1295 }
1296
1297 if (h2n->sid >= h2n->highest_sid)
1298 h2n->highest_sid = h2n->sid + 2;
1299
1300 h2n->swsi->h2.initialized = 1;
1301
1302 if (lws_h2_update_peer_txcredit(h2n->swsi,
1303 h2n->swsi->mux.my_sid, 4 * 65536))
1304 goto cleanup_wsi;
1305 }
1306
1307 /*
1308 * ah needs attaching to child wsi, even though
1309 * we only fill it from network wsi
1310 */
1311 if (!h2n->swsi->http.ah)
1312 if (lws_header_table_attach(h2n->swsi, 0)) {
1313 lwsl_err("%s: Failed to get ah\n", __func__);
1314 return 1;
1315 }
1316
1317 /*
1318 * The first use of a new stream identifier implicitly closes
1319 * all streams in the "idle" state that might have been
1320 * initiated by that peer with a lower-valued stream identifier.
1321 *
1322 * For example, if a client sends a HEADERS frame on stream 7
1323 * without ever sending a frame on stream 5, then stream 5
1324 * transitions to the "closed" state when the first frame for
1325 * stream 7 is sent or received.
1326 */
1327 lws_start_foreach_ll(struct lws *, w, wsi->mux.child_list) {
1328 if (w->mux.my_sid < h2n->sid &&
1329 w->h2.h2_state == LWS_H2_STATE_IDLE)
1330 lws_close_free_wsi(w, 0, "h2 sid close");
1331 assert(w->mux.sibling_list != w);
1332 } lws_end_foreach_ll(w, mux.sibling_list);
1333
1334 h2n->cont_exp = !(h2n->flags & LWS_H2_FLAG_END_HEADERS);
1335 h2n->cont_exp_sid = h2n->sid;
1336 h2n->cont_exp_headers = 1;
1337 // lws_header_table_reset(h2n->swsi, 0);
1338
1339 update_end_headers:
1340 if (lws_check_opt(h2n->swsi->a.vhost->options,
1341 LWS_SERVER_OPTION_VH_H2_HALF_CLOSED_LONG_POLL)) {
1342
1343 /*
1344 * We don't directly timeout streams that enter the
1345 * half-closed remote state, allowing immortal long
1346 * poll
1347 */
1348 lws_mux_mark_immortal(h2n->swsi);
1349 lwsl_info("%s: %s: h2 stream entering long poll\n",
1350 __func__, lws_wsi_tag(h2n->swsi));
1351
1352 } else {
1353 h2n->swsi->h2.END_STREAM =
1354 !!(h2n->flags & LWS_H2_FLAG_END_STREAM);
1355 lwsl_debug("%s: hdr END_STREAM = %d\n",__func__,
1356 h2n->swsi->h2.END_STREAM);
1357 }
1358
1359 /* no END_HEADERS means CONTINUATION must come */
1360 h2n->swsi->h2.END_HEADERS =
1361 !!(h2n->flags & LWS_H2_FLAG_END_HEADERS);
1362 lwsl_info("%s: %s: END_HEADERS %d\n", __func__, lws_wsi_tag(h2n->swsi),
1363 h2n->swsi->h2.END_HEADERS);
1364 if (h2n->swsi->h2.END_HEADERS)
1365 h2n->cont_exp = 0;
1366 lwsl_debug("END_HEADERS %d\n", h2n->swsi->h2.END_HEADERS);
1367 break;
1368
1369 cleanup_wsi:
1370
1371 return 1;
1372
1373 case LWS_H2_FRAME_TYPE_WINDOW_UPDATE:
1374 if (h2n->length != 4) {
1375 lws_h2_goaway(wsi, H2_ERR_FRAME_SIZE_ERROR,
1376 "window update frame not 4");
1377 break;
1378 }
1379 lwsl_info("LWS_H2_FRAME_TYPE_WINDOW_UPDATE\n");
1380 break;
1381 case LWS_H2_FRAME_TYPE_COUNT:
1382 if (h2n->length == 0)
1383 lws_h2_parse_end_of_frame(wsi);
1384 else
1385 lwsl_debug("%s: going on to deal with unknown frame remaining len %d\n", __func__, (unsigned int)h2n->length);
1386 break;
1387 default:
1388 lwsl_info("%s: ILLEGAL FRAME TYPE %d\n", __func__, h2n->type);
1389 h2n->type = LWS_H2_FRAME_TYPE_COUNT; /* ie, IGNORE */
1390 break;
1391 }
1392 if (h2n->length == 0)
1393 h2n->frame_state = 0;
1394
1395 return 0;
1396 }
1397
1398 static const char * const method_names[] = {
1399 "GET", "POST",
1400 #if defined(LWS_WITH_HTTP_UNCOMMON_HEADERS)
1401 "OPTIONS", "PUT", "PATCH", "DELETE",
1402 #endif
1403 "CONNECT", "HEAD"
1404 };
1405 static unsigned char method_index[] = {
1406 WSI_TOKEN_GET_URI,
1407 WSI_TOKEN_POST_URI,
1408 #if defined(LWS_WITH_HTTP_UNCOMMON_HEADERS)
1409 WSI_TOKEN_OPTIONS_URI,
1410 WSI_TOKEN_PUT_URI,
1411 WSI_TOKEN_PATCH_URI,
1412 WSI_TOKEN_DELETE_URI,
1413 #endif
1414 WSI_TOKEN_CONNECT,
1415 WSI_TOKEN_HEAD_URI,
1416 };
1417
1418 /*
1419 * The last byte of the whole frame has been handled.
1420 * Perform actions for frame completion.
1421 *
1422 * This is the crunch time for parsing that may have occured on a network
1423 * wsi with a pending partial send... we may call lws_http_action() to send
1424 * a response, conflicting with the partial.
1425 *
1426 * So in that case we change the wsi state and do the lws_http_action() in the
1427 * WRITABLE handler as a priority.
1428 */
1429 static int
lws_h2_parse_end_of_frame(struct lws * wsi)1430 lws_h2_parse_end_of_frame(struct lws *wsi)
1431 {
1432 struct lws_h2_netconn *h2n = wsi->h2.h2n;
1433 struct lws *eff_wsi = wsi;
1434 const char *p;
1435 int n;
1436
1437 h2n->frame_state = 0;
1438 h2n->count = 0;
1439
1440 if (h2n->sid)
1441 h2n->swsi = lws_wsi_mux_from_id(wsi, h2n->sid);
1442
1443 if (h2n->sid > h2n->highest_sid)
1444 h2n->highest_sid = h2n->sid;
1445
1446 if (h2n->collected_priority && (h2n->dep & ~(1u << 31)) == h2n->sid) {
1447 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, "depends on own sid");
1448 return 0;
1449 }
1450
1451 switch (h2n->type) {
1452
1453 case LWS_H2_FRAME_TYPE_SETTINGS:
1454
1455 #if defined(LWS_WITH_CLIENT)
1456 if (wsi->client_h2_alpn && !wsi->client_mux_migrated &&
1457 !(h2n->flags & LWS_H2_FLAG_SETTINGS_ACK)) {
1458 struct lws_h2_protocol_send *pps;
1459
1460 /* migrate original client ask on to substream 1 */
1461 #if defined(LWS_WITH_FILE_OPS)
1462 wsi->http.fop_fd = NULL;
1463 #endif
1464 lwsl_info("%s: migrating\n", __func__);
1465 wsi->client_mux_migrated = 1;
1466 /*
1467 * we need to treat the headers from the upgrade as the
1468 * first job. So these need to get shifted to sid 1.
1469 */
1470 lws_context_lock(wsi->a.context, "h2 mig");
1471 lws_vhost_lock(wsi->a.vhost);
1472
1473 h2n->swsi = __lws_wsi_server_new(wsi->a.vhost, wsi, 1);
1474
1475 lws_vhost_unlock(wsi->a.vhost);
1476 lws_context_unlock(wsi->a.context);
1477
1478 if (!h2n->swsi)
1479 return 1;
1480 h2n->sid = 1;
1481
1482 assert(lws_wsi_mux_from_id(wsi, 1) == h2n->swsi);
1483
1484 // lws_role_transition(wsi, LWSIFR_CLIENT,
1485 // LRS_H2_WAITING_TO_SEND_HEADERS,
1486 // &role_ops_h2);
1487
1488 lws_role_transition(h2n->swsi, LWSIFR_CLIENT,
1489 LRS_H2_WAITING_TO_SEND_HEADERS,
1490 &role_ops_h2);
1491
1492 /* pass on the initial headers to SID 1 */
1493 h2n->swsi->http.ah = wsi->http.ah;
1494 #if defined(LWS_WITH_SYS_FAULT_INJECTION)
1495 lws_fi_import(&h2n->swsi->fic, &wsi->fic);
1496 #endif
1497 h2n->swsi->client_mux_substream = 1;
1498 h2n->swsi->client_h2_alpn = 1;
1499 #if defined(LWS_WITH_CLIENT)
1500 h2n->swsi->flags = wsi->flags;
1501 #if defined(LWS_WITH_CONMON)
1502 /* sid1 needs to represent the connection experience
1503 * ... we take over responsibility for the DNS list
1504 * copy as well
1505 */
1506 h2n->swsi->conmon = wsi->conmon;
1507 h2n->swsi->conmon_datum = wsi->conmon_datum;
1508 h2n->swsi->sa46_peer = wsi->sa46_peer;
1509 wsi->conmon.dns_results_copy = NULL;
1510 #endif
1511 #endif /* CLIENT */
1512
1513 #if defined(LWS_WITH_SECURE_STREAMS)
1514 if (wsi->for_ss) {
1515 lws_ss_handle_t *h = (lws_ss_handle_t *)lws_get_opaque_user_data(wsi);
1516
1517 h2n->swsi->for_ss = 1;
1518 wsi->for_ss = 0;
1519
1520 if (h->wsi == wsi)
1521 h->wsi = h2n->swsi;
1522 }
1523 #endif
1524
1525 h2n->swsi->a.protocol = wsi->a.protocol;
1526 if (h2n->swsi->user_space &&
1527 !h2n->swsi->user_space_externally_allocated)
1528 lws_free(h2n->swsi->user_space);
1529 h2n->swsi->user_space = wsi->user_space;
1530 h2n->swsi->user_space_externally_allocated =
1531 wsi->user_space_externally_allocated;
1532 h2n->swsi->a.opaque_user_data = wsi->a.opaque_user_data;
1533 wsi->a.opaque_user_data = NULL;
1534 h2n->swsi->txc.manual_initial_tx_credit =
1535 wsi->txc.manual_initial_tx_credit;
1536
1537 wsi->user_space = NULL;
1538
1539 if (h2n->swsi->http.ah)
1540 h2n->swsi->http.ah->wsi = h2n->swsi;
1541 wsi->http.ah = NULL;
1542
1543 lwsl_info("%s: MIGRATING nwsi %s -> swsi %s\n", __func__,
1544 lws_wsi_tag(wsi), lws_wsi_tag(h2n->swsi));
1545 h2n->swsi->txc.tx_cr = (int32_t)
1546 h2n->peer_set.s[H2SET_INITIAL_WINDOW_SIZE];
1547 lwsl_info("%s: initial tx credit on %s: %d\n",
1548 __func__, lws_wsi_tag(h2n->swsi),
1549 (int)h2n->swsi->txc.tx_cr);
1550 h2n->swsi->h2.initialized = 1;
1551
1552 /* set our initial window size */
1553 if (!wsi->h2.initialized) {
1554 wsi->txc.tx_cr = (int32_t)
1555 h2n->peer_set.s[H2SET_INITIAL_WINDOW_SIZE];
1556
1557 lwsl_info("%s: initial tx credit for us to "
1558 "write on nwsi %s: %d\n", __func__,
1559 lws_wsi_tag(wsi), (int)wsi->txc.tx_cr);
1560 wsi->h2.initialized = 1;
1561 }
1562
1563 lws_callback_on_writable(h2n->swsi);
1564
1565 if (!wsi->h2_acked_settings ||
1566 !(wsi->flags & LCCSCF_H2_QUIRK_NGHTTP2_END_STREAM)
1567 ) {
1568 pps = lws_h2_new_pps(LWS_H2_PPS_ACK_SETTINGS);
1569 if (!pps)
1570 return 1;
1571 lws_pps_schedule(wsi, pps);
1572 lwsl_info("%s: SETTINGS ack PPS\n", __func__);
1573 wsi->h2_acked_settings = 1;
1574 }
1575
1576 /* also attach any queued guys */
1577
1578 lws_wsi_mux_apply_queue(wsi);
1579 }
1580 #endif
1581 break;
1582
1583 case LWS_H2_FRAME_TYPE_CONTINUATION:
1584 case LWS_H2_FRAME_TYPE_HEADERS:
1585
1586 if (!h2n->swsi)
1587 break;
1588
1589 /* service the http request itself */
1590
1591 if (h2n->last_action_dyntable_resize) {
1592 lws_h2_goaway(wsi, H2_ERR_COMPRESSION_ERROR,
1593 "dyntable resize last in headers");
1594 break;
1595 }
1596
1597 if (!h2n->swsi->h2.END_HEADERS) {
1598 /* we are not finished yet */
1599 lwsl_info("witholding http action for continuation\n");
1600 h2n->cont_exp_sid = h2n->sid;
1601 h2n->cont_exp = 1;
1602 break;
1603 }
1604
1605 /* confirm the hpack stream state is reasonable for finishing */
1606
1607 if (h2n->hpack != HPKS_TYPE) {
1608 /* hpack incomplete */
1609 lwsl_info("hpack incomplete %d (type %d, len %u)\n",
1610 h2n->hpack, h2n->type,
1611 (unsigned int)h2n->hpack_len);
1612 lws_h2_goaway(wsi, H2_ERR_COMPRESSION_ERROR,
1613 "hpack incomplete");
1614 break;
1615 }
1616
1617 /* this is the last part of HEADERS */
1618 switch (h2n->swsi->h2.h2_state) {
1619 case LWS_H2_STATE_IDLE:
1620 lws_h2_state(h2n->swsi, LWS_H2_STATE_OPEN);
1621 break;
1622 case LWS_H2_STATE_RESERVED_REMOTE:
1623 lws_h2_state(h2n->swsi, LWS_H2_STATE_HALF_CLOSED_LOCAL);
1624 break;
1625 }
1626
1627 lwsl_info("http req, %s, h2n->swsi=%s\n", lws_wsi_tag(wsi),
1628 lws_wsi_tag(h2n->swsi));
1629 h2n->swsi->hdr_parsing_completed = 1;
1630
1631 #if defined(LWS_WITH_CLIENT)
1632 if (h2n->swsi->client_mux_substream &&
1633 lws_client_interpret_server_handshake(h2n->swsi)) {
1634 lwsl_info("%s: cli int serv hs closed it\n", __func__);
1635 break;
1636 }
1637 #endif
1638
1639 if (lws_hdr_extant(h2n->swsi, WSI_TOKEN_HTTP_CONTENT_LENGTH)) {
1640 const char *simp = lws_hdr_simple_ptr(h2n->swsi,
1641 WSI_TOKEN_HTTP_CONTENT_LENGTH);
1642
1643 if (!simp) /* coverity */
1644 return 1;
1645 h2n->swsi->http.rx_content_length = (unsigned long long)atoll(simp);
1646 h2n->swsi->http.rx_content_remain =
1647 h2n->swsi->http.rx_content_length;
1648 h2n->swsi->http.content_length_given = 1;
1649 lwsl_info("setting rx_content_length %lld\n",
1650 (long long)h2n->swsi->http.rx_content_length);
1651 }
1652
1653 {
1654 int n = 0, len;
1655 char buf[256];
1656 const unsigned char *c;
1657
1658 do {
1659 c = lws_token_to_string((enum lws_token_indexes)n);
1660 if (!c) {
1661 n++;
1662 continue;
1663 }
1664
1665 len = lws_hdr_total_length(h2n->swsi, (enum lws_token_indexes)n);
1666 if (!len || len > (int)sizeof(buf) - 1) {
1667 n++;
1668 continue;
1669 }
1670
1671 if (lws_hdr_copy(h2n->swsi, buf, sizeof buf,
1672 (enum lws_token_indexes)n) < 0) {
1673 lwsl_info(" %s !oversize!\n",
1674 (char *)c);
1675 } else {
1676 buf[sizeof(buf) - 1] = '\0';
1677
1678 lwsl_info(" %s = %s\n",
1679 (char *)c, buf);
1680 }
1681 n++;
1682 } while (c);
1683 }
1684
1685 if (h2n->swsi->h2.h2_state == LWS_H2_STATE_HALF_CLOSED_REMOTE ||
1686 h2n->swsi->h2.h2_state == LWS_H2_STATE_CLOSED) {
1687 lws_h2_goaway(wsi, H2_ERR_STREAM_CLOSED,
1688 "Banning service on CLOSED_REMOTE");
1689 break;
1690 }
1691
1692 switch (h2n->swsi->h2.h2_state) {
1693 case LWS_H2_STATE_IDLE:
1694 lws_h2_state(h2n->swsi, LWS_H2_STATE_OPEN);
1695 break;
1696 case LWS_H2_STATE_OPEN:
1697 if (h2n->swsi->h2.END_STREAM)
1698 lws_h2_state(h2n->swsi,
1699 LWS_H2_STATE_HALF_CLOSED_REMOTE);
1700 break;
1701 case LWS_H2_STATE_HALF_CLOSED_LOCAL:
1702 if (h2n->swsi->h2.END_STREAM)
1703 /*
1704 * action the END_STREAM
1705 */
1706 lws_h2_state(h2n->swsi, LWS_H2_STATE_CLOSED);
1707 break;
1708 }
1709
1710 #if defined(LWS_WITH_CLIENT)
1711
1712 /*
1713 * If we already had the END_STREAM along with the END_HEADERS,
1714 * we have already transitioned to STATE_CLOSED and we are not
1715 * going to be doing anything further on this stream.
1716 *
1717 * In that case handle the transaction completion and
1718 * finalize the stream for the peer
1719 */
1720
1721 if (h2n->swsi->h2.h2_state == LWS_H2_STATE_CLOSED &&
1722 h2n->swsi->client_mux_substream) {
1723
1724 lws_h2_rst_stream(h2n->swsi, H2_ERR_NO_ERROR,
1725 "client done");
1726
1727 if (lws_http_transaction_completed_client(h2n->swsi))
1728 lwsl_debug("tx completed returned close\n");
1729 break;
1730 }
1731
1732 if (h2n->swsi->client_mux_substream) {
1733 lwsl_info("%s: %s: headers: client path (h2 state %s)\n",
1734 __func__, lws_wsi_tag(wsi),
1735 h2_state_names[h2n->swsi->h2.h2_state]);
1736 break;
1737 }
1738 #endif
1739
1740 if (!lws_hdr_total_length(h2n->swsi, WSI_TOKEN_HTTP_COLON_PATH) ||
1741 !lws_hdr_total_length(h2n->swsi, WSI_TOKEN_HTTP_COLON_METHOD) ||
1742 !lws_hdr_total_length(h2n->swsi, WSI_TOKEN_HTTP_COLON_SCHEME) ||
1743 lws_hdr_total_length(h2n->swsi, WSI_TOKEN_HTTP_COLON_STATUS) ||
1744 lws_hdr_extant(h2n->swsi, WSI_TOKEN_CONNECTION)) {
1745 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1746 "Pseudoheader checks");
1747 break;
1748 }
1749
1750 if (lws_hdr_extant(h2n->swsi, WSI_TOKEN_TE)) {
1751 n = lws_hdr_total_length(h2n->swsi, WSI_TOKEN_TE);
1752
1753 if (n != 8 ||
1754 !lws_hdr_simple_ptr(h2n->swsi, WSI_TOKEN_TE) ||
1755 strncmp(lws_hdr_simple_ptr(h2n->swsi, WSI_TOKEN_TE),
1756 "trailers", (unsigned int)n)) {
1757 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1758 "Illegal transfer-encoding");
1759 break;
1760 }
1761 }
1762
1763 #if defined(LWS_WITH_HTTP_STREAM_COMPRESSION)
1764 lws_http_compression_validate(h2n->swsi);
1765 #endif
1766
1767 p = lws_hdr_simple_ptr(h2n->swsi, WSI_TOKEN_HTTP_COLON_METHOD);
1768 /*
1769 * duplicate :path into the individual method uri header
1770 * index, so that it looks the same as h1 in the ah
1771 */
1772 for (n = 0; n < (int)LWS_ARRAY_SIZE(method_names); n++)
1773 if (p && !strcasecmp(p, method_names[n])) {
1774 h2n->swsi->http.ah->frag_index[method_index[n]] =
1775 h2n->swsi->http.ah->frag_index[
1776 WSI_TOKEN_HTTP_COLON_PATH];
1777 break;
1778 }
1779
1780 {
1781 lwsl_debug("%s: setting DEF_ACT from 0x%x\n", __func__,
1782 (unsigned int)h2n->swsi->wsistate);
1783 lwsi_set_state(h2n->swsi, LRS_DEFERRING_ACTION);
1784 lws_callback_on_writable(h2n->swsi);
1785 }
1786 break;
1787
1788 case LWS_H2_FRAME_TYPE_DATA:
1789 lwsl_info("%s: DATA flags 0x%x\n", __func__, h2n->flags);
1790 if (!h2n->swsi)
1791 break;
1792
1793 if (lws_hdr_total_length(h2n->swsi,
1794 WSI_TOKEN_HTTP_CONTENT_LENGTH) &&
1795 h2n->swsi->h2.END_STREAM &&
1796 h2n->swsi->http.rx_content_length &&
1797 h2n->swsi->http.rx_content_remain) {
1798 lws_h2_rst_stream(h2n->swsi, H2_ERR_PROTOCOL_ERROR,
1799 "Not enough rx content");
1800 break;
1801 }
1802
1803 if (h2n->swsi->h2.END_STREAM &&
1804 h2n->swsi->h2.h2_state == LWS_H2_STATE_OPEN)
1805 lws_h2_state(h2n->swsi,
1806 LWS_H2_STATE_HALF_CLOSED_REMOTE);
1807
1808 if (h2n->swsi->h2.END_STREAM &&
1809 h2n->swsi->h2.h2_state == LWS_H2_STATE_HALF_CLOSED_LOCAL)
1810 lws_h2_state(h2n->swsi, LWS_H2_STATE_CLOSED);
1811
1812 #if defined(LWS_WITH_CLIENT)
1813 /*
1814 * client... remote END_STREAM implies we weren't going to
1815 * send anything else anyway.
1816 */
1817
1818 if (h2n->swsi->client_mux_substream &&
1819 (h2n->flags & LWS_H2_FLAG_END_STREAM)) {
1820 lwsl_info("%s: %s: DATA: end stream\n",
1821 __func__, lws_wsi_tag(h2n->swsi));
1822
1823 if (h2n->swsi->h2.h2_state == LWS_H2_STATE_OPEN) {
1824 lws_h2_state(h2n->swsi,
1825 LWS_H2_STATE_HALF_CLOSED_REMOTE);
1826 // lws_h2_rst_stream(h2n->swsi, H2_ERR_NO_ERROR,
1827 // "client done");
1828
1829 // if (lws_http_transaction_completed_client(h2n->swsi))
1830 // lwsl_debug("tx completed returned close\n");
1831 }
1832
1833 //if (h2n->swsi->h2.h2_state == LWS_H2_STATE_HALF_CLOSED_LOCAL)
1834 {
1835 lws_h2_state(h2n->swsi, LWS_H2_STATE_CLOSED);
1836
1837 lws_h2_rst_stream(h2n->swsi, H2_ERR_NO_ERROR,
1838 "client done");
1839
1840 if (lws_http_transaction_completed_client(h2n->swsi))
1841 lwsl_debug("tx completed returned close\n");
1842 }
1843 }
1844 #endif
1845 break;
1846
1847 case LWS_H2_FRAME_TYPE_PING:
1848 if (h2n->flags & LWS_H2_FLAG_SETTINGS_ACK)
1849 lws_validity_confirmed(wsi);
1850 else {
1851 /* they're sending us a ping request */
1852 struct lws_h2_protocol_send *pps =
1853 lws_h2_new_pps(LWS_H2_PPS_PONG);
1854 if (!pps)
1855 return 1;
1856
1857 lwsl_info("rx ping, preparing pong\n");
1858
1859 memcpy(pps->u.ping.ping_payload, h2n->ping_payload, 8);
1860 lws_pps_schedule(wsi, pps);
1861 }
1862
1863 break;
1864
1865 case LWS_H2_FRAME_TYPE_WINDOW_UPDATE:
1866 /*
1867 * We only have an unsigned 31-bit (positive) increment possible
1868 */
1869 h2n->hpack_e_dep &= ~(1u << 31);
1870 lwsl_info("WINDOW_UPDATE: sid %u %u (0x%x)\n",
1871 (unsigned int)h2n->sid,
1872 (unsigned int)h2n->hpack_e_dep,
1873 (unsigned int)h2n->hpack_e_dep);
1874
1875 if (h2n->sid)
1876 eff_wsi = h2n->swsi;
1877
1878 if (!eff_wsi) {
1879 if (h2n->sid > h2n->highest_sid_opened)
1880 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1881 "alien sid");
1882 break; /* ignore */
1883 }
1884
1885 if (eff_wsi->a.vhost->options &
1886 LWS_SERVER_OPTION_H2_JUST_FIX_WINDOW_UPDATE_OVERFLOW &&
1887 (uint64_t)eff_wsi->txc.tx_cr + (uint64_t)h2n->hpack_e_dep >
1888 (uint64_t)0x7fffffff)
1889 h2n->hpack_e_dep = (uint32_t)(0x7fffffff - eff_wsi->txc.tx_cr);
1890
1891 if ((uint64_t)eff_wsi->txc.tx_cr + (uint64_t)h2n->hpack_e_dep >
1892 (uint64_t)0x7fffffff) {
1893 lwsl_warn("%s: WINDOW_UPDATE 0x%llx + 0x%llx = 0x%llx, too high\n",
1894 __func__, (unsigned long long)eff_wsi->txc.tx_cr,
1895 (unsigned long long)h2n->hpack_e_dep,
1896 (unsigned long long)eff_wsi->txc.tx_cr + (unsigned long long)h2n->hpack_e_dep);
1897 if (h2n->sid)
1898 lws_h2_rst_stream(h2n->swsi,
1899 H2_ERR_FLOW_CONTROL_ERROR,
1900 "Flow control exceeded max");
1901 else
1902 lws_h2_goaway(wsi, H2_ERR_FLOW_CONTROL_ERROR,
1903 "Flow control exceeded max");
1904 break;
1905 }
1906
1907 if (!h2n->hpack_e_dep) {
1908 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1909 "Zero length window update");
1910 break;
1911 }
1912 n = eff_wsi->txc.tx_cr;
1913 eff_wsi->txc.tx_cr += (int32_t)h2n->hpack_e_dep;
1914
1915 lws_wsi_txc_report_manual_txcr_in(eff_wsi,
1916 (int32_t)h2n->hpack_e_dep);
1917
1918 lws_wsi_txc_describe(&eff_wsi->txc, "WINDOW_UPDATE in",
1919 eff_wsi->mux.my_sid);
1920
1921 if (n <= 0 && eff_wsi->txc.tx_cr <= 0)
1922 /* it helps, but won't change sendability for anyone */
1923 break;
1924
1925 /*
1926 * It may have changed sendability (depends on SID 0 tx credit
1927 * too)... for us and any children waiting on us... reassess
1928 * blockage for all children first
1929 */
1930 lws_start_foreach_ll(struct lws *, w, wsi->mux.child_list) {
1931 lws_callback_on_writable(w);
1932 } lws_end_foreach_ll(w, mux.sibling_list);
1933
1934 if (eff_wsi->txc.skint &&
1935 !lws_wsi_txc_check_skint(&eff_wsi->txc,
1936 lws_h2_tx_cr_get(eff_wsi)))
1937 /*
1938 * This one became un-skint, schedule a writeable
1939 * callback
1940 */
1941 lws_callback_on_writable(eff_wsi);
1942
1943 break;
1944
1945 case LWS_H2_FRAME_TYPE_GOAWAY:
1946 lwsl_notice("GOAWAY: last sid %u, error 0x%08X, string '%s'\n",
1947 (unsigned int)h2n->goaway_last_sid,
1948 (unsigned int)h2n->goaway_err, h2n->goaway_str);
1949
1950 return 1;
1951
1952 case LWS_H2_FRAME_TYPE_RST_STREAM:
1953 lwsl_info("LWS_H2_FRAME_TYPE_RST_STREAM: sid %u: reason 0x%x\n",
1954 (unsigned int)h2n->sid,
1955 (unsigned int)h2n->hpack_e_dep);
1956 break;
1957
1958 case LWS_H2_FRAME_TYPE_COUNT: /* IGNORING FRAME */
1959 break;
1960 }
1961
1962 return 0;
1963 }
1964
1965 /*
1966 * This may want to send something on the network wsi, which may be in the
1967 * middle of a partial send. PPS sends are OK because they are queued to
1968 * go through the WRITABLE handler already.
1969 *
1970 * The read parser for the network wsi has no choice but to parse its stream
1971 * anyway, because otherwise it will not be able to get tx credit window
1972 * messages.
1973 *
1974 * Therefore if we will send non-PPS, ie, lws_http_action() for a stream
1975 * wsi, we must change its state and handle it as a priority in the
1976 * POLLOUT handler instead of writing it here.
1977 *
1978 * About closing... for the main network wsi, it should return nonzero to
1979 * close it all. If it needs to close an swsi, it can do it here.
1980 */
1981 int
lws_h2_parser(struct lws * wsi,unsigned char * in,lws_filepos_t _inlen,lws_filepos_t * inused)1982 lws_h2_parser(struct lws *wsi, unsigned char *in, lws_filepos_t _inlen,
1983 lws_filepos_t *inused)
1984 {
1985 struct lws_h2_netconn *h2n = wsi->h2.h2n;
1986 struct lws_h2_protocol_send *pps;
1987 unsigned char c, *oldin = in, *iend = in + (size_t)_inlen;
1988 int n, m;
1989
1990 if (!h2n)
1991 goto fail;
1992
1993 while (in < iend) {
1994
1995 c = *in++;
1996
1997 switch (lwsi_state(wsi)) {
1998 case LRS_H2_AWAIT_PREFACE:
1999 if (preface[h2n->count++] != c)
2000 goto fail;
2001
2002 if (preface[h2n->count])
2003 break;
2004
2005 lwsl_info("http2: %s: established\n", lws_wsi_tag(wsi));
2006 lwsi_set_state(wsi, LRS_H2_AWAIT_SETTINGS);
2007 lws_validity_confirmed(wsi);
2008 h2n->count = 0;
2009 wsi->txc.tx_cr = 65535;
2010
2011 /*
2012 * we must send a settings frame -- empty one is OK...
2013 * that must be the first thing sent by server
2014 * and the peer must send a SETTINGS with ACK flag...
2015 */
2016 pps = lws_h2_new_pps(LWS_H2_PPS_MY_SETTINGS);
2017 if (!pps)
2018 goto fail;
2019 lws_pps_schedule(wsi, pps);
2020 break;
2021
2022 case LRS_H2_WAITING_TO_SEND_HEADERS:
2023 case LRS_ESTABLISHED:
2024 case LRS_H2_AWAIT_SETTINGS:
2025
2026 if (h2n->frame_state != LWS_H2_FRAME_HEADER_LENGTH)
2027 goto try_frame_start;
2028
2029 /*
2030 * post-header, preamble / payload / padding part
2031 */
2032 h2n->count++;
2033
2034 if (h2n->type == LWS_H2_FRAME_TYPE_COUNT) { /* IGNORING FRAME */
2035 lwsl_debug("%s: consuming for ignored %u %u\n", __func__, (unsigned int)h2n->count, (unsigned int)h2n->length);
2036 goto frame_end;
2037 }
2038
2039
2040 if (h2n->flags & LWS_H2_FLAG_PADDED &&
2041 !h2n->pad_length) {
2042 /*
2043 * Get the padding count... actual padding is
2044 * at the end of the frame.
2045 */
2046 h2n->padding = c;
2047 h2n->pad_length = 1;
2048 h2n->preamble++;
2049
2050 if (h2n->padding > h2n->length - 1)
2051 lws_h2_goaway(wsi,
2052 H2_ERR_PROTOCOL_ERROR,
2053 "execssive padding");
2054 break; /* we consumed this */
2055 }
2056
2057 if (h2n->flags & LWS_H2_FLAG_PRIORITY &&
2058 !h2n->collected_priority) {
2059 /* going to be 5 preamble bytes */
2060
2061 lwsl_debug("PRIORITY FLAG: 0x%x\n", c);
2062
2063 if (h2n->preamble++ - h2n->pad_length < 4) {
2064 h2n->dep = ((h2n->dep) << 8) | c;
2065 break; /* we consumed this */
2066 }
2067 h2n->weight_temp = c;
2068 h2n->collected_priority = 1;
2069 lwsl_debug("PRI FL: dep 0x%x, weight 0x%02X\n",
2070 (unsigned int)h2n->dep,
2071 h2n->weight_temp);
2072 break; /* we consumed this */
2073 }
2074 if (h2n->padding && h2n->count >
2075 (h2n->length - h2n->padding)) {
2076 if (c) {
2077 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
2078 "nonzero padding");
2079 break;
2080 }
2081 goto frame_end;
2082 }
2083
2084 /* applies to wsi->h2.swsi which may be wsi */
2085 switch(h2n->type) {
2086
2087 case LWS_H2_FRAME_TYPE_SETTINGS:
2088 n = (int)(h2n->count - 1u - h2n->preamble) %
2089 LWS_H2_SETTINGS_LEN;
2090 h2n->one_setting[n] = c;
2091 if (n != LWS_H2_SETTINGS_LEN - 1)
2092 break;
2093 lws_h2_settings(wsi, &h2n->peer_set,
2094 h2n->one_setting,
2095 LWS_H2_SETTINGS_LEN);
2096 break;
2097
2098 case LWS_H2_FRAME_TYPE_CONTINUATION:
2099 case LWS_H2_FRAME_TYPE_HEADERS:
2100 if (!h2n->swsi)
2101 break;
2102 if (lws_hpack_interpret(h2n->swsi, c)) {
2103 lwsl_info("%s: hpack failed\n",
2104 __func__);
2105 goto fail;
2106 }
2107 break;
2108
2109 case LWS_H2_FRAME_TYPE_GOAWAY:
2110 switch (h2n->inside++) {
2111 case 0:
2112 case 1:
2113 case 2:
2114 case 3:
2115 h2n->goaway_last_sid <<= 8;
2116 h2n->goaway_last_sid |= c;
2117 h2n->goaway_str[0] = '\0';
2118 break;
2119
2120 case 4:
2121 case 5:
2122 case 6:
2123 case 7:
2124 h2n->goaway_err <<= 8;
2125 h2n->goaway_err |= c;
2126 break;
2127
2128 default:
2129 if (h2n->inside - 9 <
2130 sizeof(h2n->goaway_str) - 1)
2131 h2n->goaway_str[
2132 h2n->inside - 9] = (char)c;
2133 h2n->goaway_str[
2134 sizeof(h2n->goaway_str) - 1] = '\0';
2135 break;
2136 }
2137 break;
2138
2139 case LWS_H2_FRAME_TYPE_DATA:
2140
2141 // lwsl_info("%s: LWS_H2_FRAME_TYPE_DATA: fl 0x%x\n",
2142 // __func__, h2n->flags);
2143
2144 /*
2145 * let the network wsi live a bit longer if
2146 * subs are active... our frame may take a long
2147 * time to chew through
2148 */
2149 if (!wsi->immortal_substream_count)
2150 lws_set_timeout(wsi,
2151 PENDING_TIMEOUT_HTTP_KEEPALIVE_IDLE,
2152 wsi->a.vhost->keepalive_timeout ?
2153 wsi->a.vhost->keepalive_timeout : 31);
2154
2155 if (!h2n->swsi)
2156 break;
2157
2158 if (lws_buflist_next_segment_len(
2159 &h2n->swsi->buflist, NULL))
2160 lwsl_info("%s: substream has pending\n",
2161 __func__);
2162
2163 if (lwsi_role_http(h2n->swsi) &&
2164 lwsi_state(h2n->swsi) == LRS_ESTABLISHED) {
2165 lwsi_set_state(h2n->swsi, LRS_BODY);
2166 lwsl_info("%s: %s to LRS_BODY\n",
2167 __func__, lws_wsi_tag(h2n->swsi));
2168 }
2169
2170 /*
2171 * in + length may cover multiple frames, we
2172 * can only consider the length of the DATA
2173 * in front of us
2174 */
2175
2176 if (lws_hdr_total_length(h2n->swsi,
2177 WSI_TOKEN_HTTP_CONTENT_LENGTH) &&
2178 h2n->swsi->http.rx_content_length &&
2179 h2n->swsi->http.rx_content_remain <
2180 h2n->length && /* last */
2181 h2n->inside < h2n->length) {
2182
2183 lwsl_warn("%s: %lu %lu %lu %lu\n", __func__,
2184 (unsigned long)h2n->swsi->http.rx_content_remain,
2185 (unsigned long)(lws_ptr_diff_size_t(iend, in) + 1),
2186 (unsigned long)h2n->inside, (unsigned long)h2n->length);
2187
2188 /* unread data in frame */
2189 lws_h2_goaway(wsi,
2190 H2_ERR_PROTOCOL_ERROR,
2191 "More rx than content_length told");
2192 break;
2193 }
2194
2195 /*
2196 * We operate on a frame. The RX we have at
2197 * hand may exceed the current frame.
2198 */
2199
2200 n = (int)lws_ptr_diff_size_t(iend, in) + 1;
2201 if (n > (int)(h2n->length - h2n->count + 1)) {
2202 if (h2n->count > h2n->length)
2203 goto close_swsi_and_return;
2204 n = (int)(h2n->length - h2n->count) + 1;
2205 lwsl_debug("---- restricting len to %d "
2206 "\n", n);
2207 }
2208 #if defined(LWS_WITH_CLIENT)
2209 if (h2n->swsi->client_mux_substream) {
2210 if (!h2n->swsi->a.protocol) {
2211 lwsl_err("%s: %p doesn't have protocol\n",
2212 __func__, lws_wsi_tag(h2n->swsi));
2213 m = 1;
2214 } else {
2215 h2n->swsi->txc.peer_tx_cr_est -= n;
2216 wsi->txc.peer_tx_cr_est -= n;
2217 lws_wsi_txc_describe(&h2n->swsi->txc,
2218 __func__,
2219 h2n->swsi->mux.my_sid);
2220 m = user_callback_handle_rxflow(
2221 h2n->swsi->a.protocol->callback,
2222 h2n->swsi,
2223 LWS_CALLBACK_RECEIVE_CLIENT_HTTP_READ,
2224 h2n->swsi->user_space,
2225 in - 1, (unsigned int)n);
2226 }
2227
2228 in += n - 1;
2229 h2n->inside += (unsigned int)n;
2230 h2n->count += (unsigned int)n - 1;
2231
2232 if (m) {
2233 lwsl_info("RECEIVE_CLIENT_HTTP "
2234 "closed it\n");
2235 goto close_swsi_and_return;
2236 }
2237
2238 break;
2239 }
2240 #endif
2241
2242 if (lwsi_state(h2n->swsi) == LRS_DEFERRING_ACTION) {
2243 m = lws_buflist_append_segment(
2244 &h2n->swsi->buflist, in - 1, (unsigned int)n);
2245 if (m < 0)
2246 return -1;
2247
2248 /*
2249 * Since we're in an open-ended
2250 * DEFERRING_ACTION, don't add this swsi
2251 * to the pt list of wsi holding buflist
2252 * content yet, we are not in a position
2253 * to consume it until we get out of
2254 * DEFERRING_ACTION.
2255 */
2256
2257 in += n - 1;
2258 h2n->inside += (unsigned int)n;
2259 h2n->count += (unsigned int)n - 1;
2260
2261 lwsl_debug("%s: deferred %d\n", __func__, n);
2262 goto do_windows;
2263 }
2264
2265 h2n->swsi->outer_will_close = 1;
2266 /*
2267 * choose the length for this go so that we end at
2268 * the frame boundary, in the case there is already
2269 * more waiting leave it for next time around
2270 */
2271
2272 n = lws_read_h1(h2n->swsi, in - 1, (unsigned int)n);
2273 // lwsl_notice("%s: lws_read_h1 %d\n", __func__, n);
2274 h2n->swsi->outer_will_close = 0;
2275 /*
2276 * can return 0 in POST body with
2277 * content len exhausted somehow.
2278 */
2279 if (n < 0 ||
2280 (!n && h2n->swsi->http.content_length_given && !lws_buflist_next_segment_len(
2281 &wsi->buflist, NULL))) {
2282 lwsl_info("%s: lws_read_h1 told %d %u / %u\n",
2283 __func__, n,
2284 (unsigned int)h2n->count,
2285 (unsigned int)h2n->length);
2286 in += h2n->length - h2n->count;
2287 h2n->inside = h2n->length;
2288 h2n->count = h2n->length - 1;
2289
2290 //if (n < 0)
2291 // goto already_closed_swsi;
2292 goto close_swsi_and_return;
2293 }
2294
2295 lwsl_info("%s: lws_read_h1 telling %d %u / %u\n",
2296 __func__, n,
2297 (unsigned int)h2n->count,
2298 (unsigned int)h2n->length);
2299
2300 in += (unsigned int)n - 1;
2301 h2n->inside += (unsigned int)n;
2302 h2n->count += (unsigned int)n - 1;
2303
2304 h2n->swsi->txc.peer_tx_cr_est -= n;
2305 wsi->txc.peer_tx_cr_est -= n;
2306
2307 do_windows:
2308
2309 #if defined(LWS_WITH_CLIENT)
2310 if (!(h2n->swsi->flags & LCCSCF_H2_MANUAL_RXFLOW))
2311 #endif
2312 {
2313 /*
2314 * The default behaviour is we just keep
2315 * cranking the other side's tx credit
2316 * back up, for simple bulk transfer as
2317 * fast as we can take it
2318 */
2319
2320 m = n; //(2 * h2n->length) + 65536;
2321
2322 /* update both the stream and nwsi */
2323
2324 lws_h2_update_peer_txcredit_thresh(h2n->swsi,
2325 h2n->sid, m, m);
2326 }
2327 #if defined(LWS_WITH_CLIENT)
2328 else {
2329 /*
2330 * If he's handling it himself, only
2331 * repair the nwsi credit but allow the
2332 * stream credit to run down until the
2333 * user code deals with it
2334 */
2335 lws_h2_update_peer_txcredit(wsi, 0, n);
2336 h2n->swsi->txc.manual = 1;
2337 }
2338 #endif
2339 break;
2340
2341 case LWS_H2_FRAME_TYPE_PRIORITY:
2342 if (h2n->count <= 4) {
2343 h2n->dep <<= 8;
2344 h2n->dep |= c;
2345 break;
2346 }
2347 h2n->weight_temp = c;
2348 lwsl_info("PRIORITY: dep 0x%x, weight 0x%02X\n",
2349 (unsigned int)h2n->dep, h2n->weight_temp);
2350
2351 if ((h2n->dep & ~(1u << 31)) == h2n->sid) {
2352 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
2353 "cant depend on own sid");
2354 break;
2355 }
2356 break;
2357
2358 case LWS_H2_FRAME_TYPE_RST_STREAM:
2359 h2n->hpack_e_dep <<= 8;
2360 h2n->hpack_e_dep |= c;
2361 break;
2362
2363 case LWS_H2_FRAME_TYPE_PUSH_PROMISE:
2364 break;
2365
2366 case LWS_H2_FRAME_TYPE_PING:
2367 if (h2n->flags & LWS_H2_FLAG_SETTINGS_ACK) { // ack
2368 } else { /* they're sending us a ping request */
2369 if (h2n->count > 8)
2370 return 1;
2371 h2n->ping_payload[h2n->count - 1] = c;
2372 }
2373 break;
2374
2375 case LWS_H2_FRAME_TYPE_WINDOW_UPDATE:
2376 h2n->hpack_e_dep <<= 8;
2377 h2n->hpack_e_dep |= c;
2378 break;
2379
2380 case LWS_H2_FRAME_TYPE_COUNT: /* IGNORING FRAME */
2381 lwsl_debug("%s: consuming for ignored %u %u\n", __func__, (unsigned int)h2n->count, (unsigned int)h2n->length);
2382 h2n->count++;
2383 break;
2384
2385 default:
2386 lwsl_notice("%s: unhandled frame type %d\n",
2387 __func__, h2n->type);
2388
2389 goto fail;
2390 }
2391
2392 frame_end:
2393 if (h2n->count > h2n->length) {
2394 lwsl_notice("%s: count > length %u %u (type %d)\n",
2395 __func__, (unsigned int)h2n->count,
2396 (unsigned int)h2n->length, h2n->type);
2397
2398 } else
2399 if (h2n->count != h2n->length)
2400 break;
2401
2402 /*
2403 * end of frame just happened
2404 */
2405 if (lws_h2_parse_end_of_frame(wsi))
2406 goto fail;
2407
2408 break;
2409
2410 try_frame_start:
2411 if (h2n->frame_state <= 8) {
2412
2413 switch (h2n->frame_state++) {
2414 case 0:
2415 h2n->pad_length = 0;
2416 h2n->collected_priority = 0;
2417 h2n->padding = 0;
2418 h2n->preamble = 0;
2419 h2n->length = c;
2420 h2n->inside = 0;
2421 break;
2422 case 1:
2423 case 2:
2424 h2n->length <<= 8;
2425 h2n->length |= c;
2426 break;
2427 case 3:
2428 h2n->type = c;
2429 break;
2430 case 4:
2431 h2n->flags = c;
2432 break;
2433
2434 case 5:
2435 case 6:
2436 case 7:
2437 case 8:
2438 h2n->sid <<= 8;
2439 h2n->sid |= c;
2440 break;
2441 }
2442 }
2443
2444 if (h2n->frame_state == LWS_H2_FRAME_HEADER_LENGTH &&
2445 lws_h2_parse_frame_header(wsi))
2446 goto fail;
2447 break;
2448
2449 default:
2450 if (h2n->type == LWS_H2_FRAME_TYPE_COUNT) { /* IGNORING FRAME */
2451 lwsl_debug("%s: consuming for ignored %u %u\n", __func__, (unsigned int)h2n->count, (unsigned int)h2n->length);
2452 h2n->count++;
2453 }
2454 break;
2455 }
2456 }
2457
2458 *inused = (lws_filepos_t)lws_ptr_diff_size_t(in, oldin);
2459
2460 return 0;
2461
2462 close_swsi_and_return:
2463
2464 lws_close_free_wsi(h2n->swsi, 0, "close_swsi_and_return");
2465 h2n->swsi = NULL;
2466 h2n->frame_state = 0;
2467 h2n->count = 0;
2468
2469 // already_closed_swsi:
2470 *inused = (lws_filepos_t)lws_ptr_diff_size_t(in, oldin);
2471
2472 return 2;
2473
2474 fail:
2475 *inused = (lws_filepos_t)lws_ptr_diff_size_t(in, oldin);
2476
2477 return 1;
2478 }
2479
2480 #if defined(LWS_WITH_CLIENT)
2481 int
lws_h2_client_handshake(struct lws * wsi)2482 lws_h2_client_handshake(struct lws *wsi)
2483 {
2484 struct lws_context_per_thread *pt = &wsi->a.context->pt[(int)wsi->tsi];
2485 uint8_t *buf, *start, *p, *p1, *end;
2486 char *meth = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_METHOD),
2487 *uri = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_URI), *simp;
2488 struct lws *nwsi = lws_get_network_wsi(wsi);
2489 int n, m;
2490 /*
2491 * The identifier of a newly established stream MUST be numerically
2492 * greater than all streams that the initiating endpoint has opened or
2493 * reserved. This governs streams that are opened using a HEADERS frame
2494 * and streams that are reserved using PUSH_PROMISE. An endpoint that
2495 * receives an unexpected stream identifier MUST respond with a
2496 * connection error (Section 5.4.1) of type PROTOCOL_ERROR.
2497 */
2498 unsigned int sid = nwsi->h2.h2n->highest_sid_opened + 2;
2499
2500 lwsl_debug("%s\n", __func__);
2501
2502 /*
2503 * We MUST allocate our sid here at the point we're about to send the
2504 * stream open. It's because we don't know the order in which multiple
2505 * open streams will send their headers... in h2, sending the headers
2506 * is the point the stream is opened. The peer requires that we only
2507 * open streams in ascending sid order
2508 */
2509
2510 wsi->mux.my_sid = nwsi->h2.h2n->highest_sid_opened = sid;
2511 lwsl_info("%s: %s: assigning SID %d at header send\n", __func__,
2512 lws_wsi_tag(wsi), sid);
2513
2514
2515 lwsl_info("%s: CLIENT_WAITING_TO_SEND_HEADERS: pollout (sid %d)\n",
2516 __func__, wsi->mux.my_sid);
2517
2518 p = start = buf = pt->serv_buf + LWS_PRE;
2519 end = start + (wsi->a.context->pt_serv_buf_size / 2) - LWS_PRE - 1;
2520
2521 /* it's time for us to send our client stream headers */
2522
2523 if (!meth)
2524 meth = "GET";
2525
2526 if (lws_add_http_header_by_token(wsi,
2527 WSI_TOKEN_HTTP_COLON_METHOD,
2528 (unsigned char *)meth,
2529 (int)strlen(meth), &p, end))
2530 goto fail_length;
2531
2532 if (lws_add_http_header_by_token(wsi,
2533 WSI_TOKEN_HTTP_COLON_SCHEME,
2534 (unsigned char *)"https", 5,
2535 &p, end))
2536 goto fail_length;
2537
2538 n = lws_hdr_total_length(wsi, _WSI_TOKEN_CLIENT_URI);
2539 if (n && lws_add_http_header_by_token(wsi,
2540 WSI_TOKEN_HTTP_COLON_PATH,
2541 (unsigned char *)uri, n, &p, end))
2542 goto fail_length;
2543
2544 n = lws_hdr_total_length(wsi, _WSI_TOKEN_CLIENT_ORIGIN);
2545 simp = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_ORIGIN);
2546 if (n && simp && lws_add_http_header_by_token(wsi,
2547 WSI_TOKEN_HTTP_COLON_AUTHORITY,
2548 (unsigned char *)simp, n, &p, end))
2549 goto fail_length;
2550
2551 n = lws_hdr_total_length(wsi, _WSI_TOKEN_CLIENT_HOST);
2552 simp = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_HOST);
2553
2554 if (!wsi->client_h2_alpn && n && simp &&
2555 lws_add_http_header_by_token(wsi, WSI_TOKEN_HOST,
2556 (unsigned char *)simp, n, &p, end))
2557 goto fail_length;
2558
2559 if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_USER_AGENT,
2560 (unsigned char *)"lwsss", 5,
2561 &p, end))
2562 goto fail_length;
2563
2564 if (wsi->flags & LCCSCF_HTTP_MULTIPART_MIME) {
2565 p1 = lws_http_multipart_headers(wsi, p);
2566 if (!p1)
2567 goto fail_length;
2568 p = p1;
2569 }
2570
2571 if (wsi->flags & LCCSCF_HTTP_X_WWW_FORM_URLENCODED) {
2572 if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CONTENT_TYPE,
2573 (unsigned char *)"application/x-www-form-urlencoded",
2574 33, &p, end))
2575 goto fail_length;
2576 lws_client_http_body_pending(wsi, 1);
2577 }
2578
2579 /* give userland a chance to append, eg, cookies */
2580
2581 if (wsi->a.protocol->callback(wsi,
2582 LWS_CALLBACK_CLIENT_APPEND_HANDSHAKE_HEADER,
2583 wsi->user_space, &p, lws_ptr_diff_size_t(end, p) - 12))
2584 goto fail_length;
2585
2586 if (lws_finalize_http_header(wsi, &p, end))
2587 goto fail_length;
2588
2589 m = LWS_WRITE_HTTP_HEADERS;
2590 #if defined(LWS_WITH_CLIENT)
2591 /* below is not needed in spec, indeed it destroys the long poll
2592 * feature, but required by nghttp2 */
2593 if ((wsi->flags & LCCSCF_H2_QUIRK_NGHTTP2_END_STREAM) &&
2594 !(wsi->client_http_body_pending || lws_has_buffered_out(wsi)))
2595 m |= LWS_WRITE_H2_STREAM_END;
2596 #endif
2597
2598 // lwsl_hexdump_notice(start, p - start);
2599
2600 n = lws_write(wsi, start, lws_ptr_diff_size_t(p, start), (enum lws_write_protocol)m);
2601
2602 if (n != lws_ptr_diff(p, start)) {
2603 lwsl_err("_write returned %d from %ld\n", n,
2604 (long)(p - start));
2605 return -1;
2606 }
2607
2608 /*
2609 * Normally let's charge up the peer tx credit a bit. But if
2610 * MANUAL_REFLOW is set, just set it to the initial credit given in
2611 * the client create info
2612 */
2613
2614 n = 4 * 65536;
2615 if (wsi->flags & LCCSCF_H2_MANUAL_RXFLOW) {
2616 n = wsi->txc.manual_initial_tx_credit;
2617 wsi->txc.manual = 1;
2618 }
2619
2620 if (lws_h2_update_peer_txcredit(wsi, wsi->mux.my_sid, n))
2621 return 1;
2622
2623 lws_h2_state(wsi, LWS_H2_STATE_OPEN);
2624 lwsi_set_state(wsi, LRS_ESTABLISHED);
2625
2626 if (wsi->flags & LCCSCF_HTTP_MULTIPART_MIME)
2627 lws_callback_on_writable(wsi);
2628
2629 return 0;
2630
2631 fail_length:
2632 lwsl_err("Client hdrs too long: incr context info.pt_serv_buf_size\n");
2633
2634 return -1;
2635 }
2636 #endif
2637
2638 #if defined(LWS_ROLE_WS) && defined(LWS_WITH_SERVER)
2639 int
lws_h2_ws_handshake(struct lws * wsi)2640 lws_h2_ws_handshake(struct lws *wsi)
2641 {
2642 uint8_t buf[LWS_PRE + 2048], *p = buf + LWS_PRE, *start = p,
2643 *end = &buf[sizeof(buf) - 1];
2644 const struct lws_http_mount *hit;
2645 const char * uri_ptr;
2646 size_t m;
2647 int n;
2648
2649 if (lws_add_http_header_status(wsi, HTTP_STATUS_OK, &p, end))
2650 return -1;
2651
2652 if (lws_hdr_total_length(wsi, WSI_TOKEN_PROTOCOL) > 64)
2653 return -1;
2654
2655 if (wsi->proxied_ws_parent && wsi->child_list) {
2656 if (lws_hdr_simple_ptr(wsi, WSI_TOKEN_PROTOCOL)) {
2657 if (lws_add_http_header_by_token(wsi, WSI_TOKEN_PROTOCOL,
2658 (uint8_t *)lws_hdr_simple_ptr(wsi,
2659 WSI_TOKEN_PROTOCOL),
2660 (int)strlen(lws_hdr_simple_ptr(wsi,
2661 WSI_TOKEN_PROTOCOL)),
2662 &p, end))
2663 return -1;
2664 }
2665 } else {
2666
2667 /* we can only return the protocol header if:
2668 * - one came in, and ... */
2669 if (lws_hdr_total_length(wsi, WSI_TOKEN_PROTOCOL) &&
2670 /* - it is not an empty string */
2671 wsi->a.protocol->name && wsi->a.protocol->name[0]) {
2672
2673 #if defined(LWS_WITH_SECURE_STREAMS) && defined(LWS_WITH_SERVER)
2674
2675 /*
2676 * This is the h2 version of server-ws.c understanding that it
2677 * did the ws upgrade on a ss server object, therefore it needs
2678 * to pass back to the peer the policy ws-protocol name, not
2679 * the generic ss-ws.c protocol name
2680 */
2681
2682 if (wsi->a.vhost && wsi->a.vhost->ss_handle &&
2683 wsi->a.vhost->ss_handle->policy->u.http.u.ws.subprotocol) {
2684 lws_ss_handle_t *h =
2685 (lws_ss_handle_t *)wsi->a.opaque_user_data;
2686
2687 lwsl_notice("%s: Server SS %s .wsi %s switching to ws protocol\n",
2688 __func__, lws_ss_tag(h), lws_wsi_tag(h->wsi));
2689
2690 wsi->a.protocol = &protocol_secstream_ws;
2691
2692 /*
2693 * inform the SS user code that this has done a one-way
2694 * upgrade to some other protocol... it will likely
2695 * want to treat subsequent payloads differently
2696 */
2697
2698 lws_ss_event_helper(h, LWSSSCS_SERVER_UPGRADE);
2699
2700 lws_mux_mark_immortal(wsi);
2701
2702 if (lws_add_http_header_by_token(wsi, WSI_TOKEN_PROTOCOL,
2703 (unsigned char *)wsi->a.vhost->ss_handle->policy->
2704 u.http.u.ws.subprotocol,
2705 (int)strlen(wsi->a.vhost->ss_handle->policy->
2706 u.http.u.ws.subprotocol), &p, end))
2707 return -1;
2708 } else
2709 #endif
2710
2711 if (lws_add_http_header_by_token(wsi, WSI_TOKEN_PROTOCOL,
2712 (unsigned char *)wsi->a.protocol->name,
2713 (int)strlen(wsi->a.protocol->name), &p, end))
2714 return -1;
2715 }
2716 }
2717
2718 if (lws_finalize_http_header(wsi, &p, end))
2719 return -1;
2720
2721 m = lws_ptr_diff_size_t(p, start);
2722 // lwsl_hexdump_notice(start, m);
2723 n = lws_write(wsi, start, m, LWS_WRITE_HTTP_HEADERS);
2724 if (n != (int)m) {
2725 lwsl_err("_write returned %d from %d\n", n, (int)m);
2726
2727 return -1;
2728 }
2729
2730 /*
2731 * alright clean up, set our state to generic ws established, the
2732 * mode / state of the nwsi will get the h2 processing done.
2733 */
2734
2735 lwsi_set_state(wsi, LRS_ESTABLISHED);
2736 wsi->lws_rx_parse_state = 0; // ==LWS_RXPS_NEW;
2737
2738 uri_ptr = lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_COLON_PATH);
2739 n = lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_COLON_PATH);
2740 hit = lws_find_mount(wsi, uri_ptr, n);
2741
2742 if (hit && hit->cgienv &&
2743 wsi->a.protocol->callback(wsi, LWS_CALLBACK_HTTP_PMO, wsi->user_space,
2744 (void *)hit->cgienv, 0))
2745 return 1;
2746
2747 lws_validity_confirmed(wsi);
2748
2749 return 0;
2750 }
2751 #endif
2752
2753 int
lws_read_h2(struct lws * wsi,unsigned char * buf,lws_filepos_t len)2754 lws_read_h2(struct lws *wsi, unsigned char *buf, lws_filepos_t len)
2755 {
2756 unsigned char *oldbuf = buf;
2757 lws_filepos_t body_chunk_len;
2758
2759 // lwsl_notice("%s: h2 path: wsistate 0x%x len %d\n", __func__,
2760 // wsi->wsistate, (int)len);
2761
2762 /*
2763 * wsi here is always the network connection wsi, not a stream
2764 * wsi. Once we unpicked the framing we will find the right
2765 * swsi and make it the target of the frame.
2766 *
2767 * If it's ws over h2, the nwsi will get us here to do the h2
2768 * processing, and that will call us back with the swsi +
2769 * ESTABLISHED state for the inner payload, handled in a later
2770 * case.
2771 */
2772 while (len) {
2773 int m;
2774
2775 /*
2776 * we were accepting input but now we stopped doing so
2777 */
2778 if (lws_is_flowcontrolled(wsi)) {
2779 lws_rxflow_cache(wsi, buf, 0, (size_t)len);
2780 buf += len;
2781 break;
2782 }
2783
2784 /*
2785 * lws_h2_parser() may send something; when it gets the
2786 * whole frame, it will want to perform some action
2787 * involving a reply. But we may be in a partial send
2788 * situation on the network wsi...
2789 *
2790 * Even though we may be in a partial send and unable to
2791 * send anything new, we still have to parse the network
2792 * wsi in order to gain tx credit to send, which is
2793 * potentially necessary to clear the old partial send.
2794 *
2795 * ALL network wsi-specific frames are sent by PPS
2796 * already, these are sent as a priority on the writable
2797 * handler, and so respect partial sends. The only
2798 * problem is when a stream wsi wants to send an, eg,
2799 * reply headers frame in response to the parsing
2800 * we will do now... the *stream wsi* must stall in a
2801 * different state until it is able to do so from a
2802 * priority on the WRITABLE callback, same way that
2803 * file transfers operate.
2804 */
2805
2806 m = lws_h2_parser(wsi, buf, len, &body_chunk_len);
2807 if (m && m != 2) {
2808 lwsl_debug("%s: http2_parser bail: %d\n", __func__, m);
2809 lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS,
2810 "lws_read_h2 bail");
2811
2812 return -1;
2813 }
2814 if (m == 2) {
2815 /* swsi has been closed */
2816 buf += body_chunk_len;
2817 break;
2818 }
2819
2820 buf += body_chunk_len;
2821 len -= body_chunk_len;
2822 }
2823
2824 return lws_ptr_diff(buf, oldbuf);
2825 }
2826
2827 int
lws_h2_client_stream_long_poll_rxonly(struct lws * wsi)2828 lws_h2_client_stream_long_poll_rxonly(struct lws *wsi)
2829 {
2830
2831 if (!wsi->mux_substream)
2832 return 1;
2833
2834 /*
2835 * Elect to send an empty DATA with END_STREAM, to force the stream
2836 * into HALF_CLOSED LOCAL
2837 */
2838 wsi->h2.long_poll = 1;
2839 wsi->h2.send_END_STREAM = 1;
2840
2841 // lws_header_table_detach(wsi, 0);
2842
2843 lws_callback_on_writable(wsi);
2844
2845 return 0;
2846 }
2847