1 /*
2 * libwebsockets - small server side websockets and web server implementation
3 *
4 * Copyright (C) 2010 - 2019 Andy Green <andy@warmcat.com>
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to
8 * deal in the Software without restriction, including without limitation the
9 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10 * sell copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22 * IN THE SOFTWARE.
23 */
24
25 #include "private-lib-core.h"
26
27 /*
28 * bitmap of control messages that are valid to receive for each http2 state
29 */
30
31 static const uint16_t http2_rx_validity[] = {
32 /* LWS_H2S_IDLE */
33 (1 << LWS_H2_FRAME_TYPE_SETTINGS) |
34 (1 << LWS_H2_FRAME_TYPE_PRIORITY) |
35 // (1 << LWS_H2_FRAME_TYPE_WINDOW_UPDATE)| /* ignore */
36 (1 << LWS_H2_FRAME_TYPE_HEADERS) |
37 (1 << LWS_H2_FRAME_TYPE_CONTINUATION),
38 /* LWS_H2S_RESERVED_LOCAL */
39 (1 << LWS_H2_FRAME_TYPE_SETTINGS) |
40 (1 << LWS_H2_FRAME_TYPE_RST_STREAM) |
41 (1 << LWS_H2_FRAME_TYPE_PRIORITY) |
42 (1 << LWS_H2_FRAME_TYPE_WINDOW_UPDATE),
43 /* LWS_H2S_RESERVED_REMOTE */
44 (1 << LWS_H2_FRAME_TYPE_SETTINGS) |
45 (1 << LWS_H2_FRAME_TYPE_HEADERS) |
46 (1 << LWS_H2_FRAME_TYPE_CONTINUATION) |
47 (1 << LWS_H2_FRAME_TYPE_RST_STREAM) |
48 (1 << LWS_H2_FRAME_TYPE_PRIORITY),
49 /* LWS_H2S_OPEN */
50 (1 << LWS_H2_FRAME_TYPE_DATA) |
51 (1 << LWS_H2_FRAME_TYPE_HEADERS) |
52 (1 << LWS_H2_FRAME_TYPE_PRIORITY) |
53 (1 << LWS_H2_FRAME_TYPE_RST_STREAM) |
54 (1 << LWS_H2_FRAME_TYPE_SETTINGS) |
55 (1 << LWS_H2_FRAME_TYPE_PUSH_PROMISE) |
56 (1 << LWS_H2_FRAME_TYPE_PING) |
57 (1 << LWS_H2_FRAME_TYPE_GOAWAY) |
58 (1 << LWS_H2_FRAME_TYPE_WINDOW_UPDATE) |
59 (1 << LWS_H2_FRAME_TYPE_CONTINUATION),
60 /* LWS_H2S_HALF_CLOSED_REMOTE */
61 (1 << LWS_H2_FRAME_TYPE_SETTINGS) |
62 (1 << LWS_H2_FRAME_TYPE_WINDOW_UPDATE) |
63 (1 << LWS_H2_FRAME_TYPE_PRIORITY) |
64 (1 << LWS_H2_FRAME_TYPE_RST_STREAM),
65 /* LWS_H2S_HALF_CLOSED_LOCAL */
66 (1 << LWS_H2_FRAME_TYPE_DATA) |
67 (1 << LWS_H2_FRAME_TYPE_HEADERS) |
68 (1 << LWS_H2_FRAME_TYPE_PRIORITY) |
69 (1 << LWS_H2_FRAME_TYPE_RST_STREAM) |
70 (1 << LWS_H2_FRAME_TYPE_SETTINGS) |
71 (1 << LWS_H2_FRAME_TYPE_PUSH_PROMISE) |
72 (1 << LWS_H2_FRAME_TYPE_PING) |
73 (1 << LWS_H2_FRAME_TYPE_GOAWAY) |
74 (1 << LWS_H2_FRAME_TYPE_WINDOW_UPDATE) |
75 (1 << LWS_H2_FRAME_TYPE_CONTINUATION),
76 /* LWS_H2S_CLOSED */
77 (1 << LWS_H2_FRAME_TYPE_SETTINGS) |
78 (1 << LWS_H2_FRAME_TYPE_PRIORITY) |
79 (1 << LWS_H2_FRAME_TYPE_WINDOW_UPDATE) |
80 (1 << LWS_H2_FRAME_TYPE_RST_STREAM),
81 };
82
83 static const char *preface = "PRI * HTTP/2.0\x0d\x0a\x0d\x0aSM\x0d\x0a\x0d\x0a";
84
85 static const char * const h2_state_names[] = {
86 "LWS_H2S_IDLE",
87 "LWS_H2S_RESERVED_LOCAL",
88 "LWS_H2S_RESERVED_REMOTE",
89 "LWS_H2S_OPEN",
90 "LWS_H2S_HALF_CLOSED_REMOTE",
91 "LWS_H2S_HALF_CLOSED_LOCAL",
92 "LWS_H2S_CLOSED",
93 };
94
95 #if 0
96 static const char * const h2_setting_names[] = {
97 "",
98 "H2SET_HEADER_TABLE_SIZE",
99 "H2SET_ENABLE_PUSH",
100 "H2SET_MAX_CONCURRENT_STREAMS",
101 "H2SET_INITIAL_WINDOW_SIZE",
102 "H2SET_MAX_FRAME_SIZE",
103 "H2SET_MAX_HEADER_LIST_SIZE",
104 "reserved",
105 "H2SET_ENABLE_CONNECT_PROTOCOL"
106 };
107
108 void
109 lws_h2_dump_settings(struct http2_settings *set)
110 {
111 int n;
112
113 for (n = 1; n < H2SET_COUNT; n++)
114 lwsl_notice(" %30s: %10d\n", h2_setting_names[n], set->s[n]);
115 }
116 #else
117 void
lws_h2_dump_settings(struct http2_settings *set)118 lws_h2_dump_settings(struct http2_settings *set)
119 {
120 }
121 #endif
122
123 struct lws_h2_protocol_send *
lws_h2_new_pps(enum lws_h2_protocol_send_type type)124 lws_h2_new_pps(enum lws_h2_protocol_send_type type)
125 {
126 struct lws_h2_protocol_send *pps = lws_malloc(sizeof(*pps), "pps");
127
128 if (pps)
129 pps->type = type;
130
131 return pps;
132 }
133
lws_h2_init(struct lws *wsi)134 void lws_h2_init(struct lws *wsi)
135 {
136 wsi->h2.h2n->our_set = wsi->a.vhost->h2.set;
137 wsi->h2.h2n->peer_set = lws_h2_defaults;
138 }
139
140 void
lws_h2_state(struct lws *wsi, enum lws_h2_states s)141 lws_h2_state(struct lws *wsi, enum lws_h2_states s)
142 {
143 if (!wsi)
144 return;
145 lwsl_info("%s: %s: state %s -> %s\n", __func__, lws_wsi_tag(wsi),
146 h2_state_names[wsi->h2.h2_state],
147 h2_state_names[s]);
148
149 (void)h2_state_names;
150 wsi->h2.h2_state = (uint8_t)s;
151 }
152
153 int
lws_h2_update_peer_txcredit(struct lws *wsi, unsigned int sid, int bump)154 lws_h2_update_peer_txcredit(struct lws *wsi, unsigned int sid, int bump)
155 {
156 struct lws *nwsi = lws_get_network_wsi(wsi);
157 struct lws_h2_protocol_send *pps;
158
159 assert(wsi);
160
161 if (!bump)
162 return 0;
163
164 if (sid == (unsigned int)-1)
165 sid = wsi->mux.my_sid;
166
167 lwsl_info("%s: sid %d: bump %d -> %d\n", __func__, sid, bump,
168 (int)wsi->txc.peer_tx_cr_est + bump);
169
170 pps = lws_h2_new_pps(LWS_H2_PPS_UPDATE_WINDOW);
171 if (!pps)
172 return 1;
173
174 pps->u.update_window.sid = (unsigned int)sid;
175 pps->u.update_window.credit = (unsigned int)bump;
176 wsi->txc.peer_tx_cr_est += bump;
177
178 lws_wsi_txc_describe(&wsi->txc, __func__, wsi->mux.my_sid);
179
180 lws_pps_schedule(wsi, pps);
181
182 pps = lws_h2_new_pps(LWS_H2_PPS_UPDATE_WINDOW);
183 if (!pps)
184 return 1;
185
186 pps->u.update_window.sid = 0;
187 pps->u.update_window.credit = (unsigned int)bump;
188 nwsi->txc.peer_tx_cr_est += bump;
189
190 lws_wsi_txc_describe(&nwsi->txc, __func__, nwsi->mux.my_sid);
191
192 lws_pps_schedule(nwsi, pps);
193
194 return 0;
195 }
196
197 int
lws_h2_get_peer_txcredit_estimate(struct lws *wsi)198 lws_h2_get_peer_txcredit_estimate(struct lws *wsi)
199 {
200 lws_wsi_txc_describe(&wsi->txc, __func__, wsi->mux.my_sid);
201 return (int)wsi->txc.peer_tx_cr_est;
202 }
203
204 static int
lws_h2_update_peer_txcredit_thresh(struct lws *wsi, unsigned int sid, int threshold, int bump)205 lws_h2_update_peer_txcredit_thresh(struct lws *wsi, unsigned int sid, int threshold, int bump)
206 {
207 if (wsi->txc.peer_tx_cr_est > threshold)
208 return 0;
209
210 return lws_h2_update_peer_txcredit(wsi, sid, bump);
211 }
212
213 /* cx + vh lock */
214
215 static struct lws *
__lws_wsi_server_new(struct lws_vhost *vh, struct lws *parent_wsi, unsigned int sid)216 __lws_wsi_server_new(struct lws_vhost *vh, struct lws *parent_wsi,
217 unsigned int sid)
218 {
219 struct lws *nwsi = lws_get_network_wsi(parent_wsi);
220 struct lws_h2_netconn *h2n = nwsi->h2.h2n;
221 char tmp[50], tmp1[50];
222 unsigned int n, b = 0;
223 struct lws *wsi;
224 const char *p;
225
226 lws_context_assert_lock_held(vh->context);
227 lws_vhost_assert_lock_held(vh);
228
229 /*
230 * The identifier of a newly established stream MUST be numerically
231 * greater than all streams that the initiating endpoint has opened or
232 * reserved. This governs streams that are opened using a HEADERS frame
233 * and streams that are reserved using PUSH_PROMISE. An endpoint that
234 * receives an unexpected stream identifier MUST respond with a
235 * connection error (Section 5.4.1) of type PROTOCOL_ERROR.
236 */
237 if (sid <= h2n->highest_sid_opened) {
238 lwsl_info("%s: tried to open lower sid %d (%d)\n", __func__,
239 sid, (int)h2n->highest_sid_opened);
240 lws_h2_goaway(nwsi, H2_ERR_PROTOCOL_ERROR, "Bad sid");
241 return NULL;
242 }
243
244 /* no more children allowed by parent */
245 if (parent_wsi->mux.child_count + 1 >
246 parent_wsi->h2.h2n->our_set.s[H2SET_MAX_CONCURRENT_STREAMS]) {
247 lwsl_notice("reached concurrent stream limit\n");
248 return NULL;
249 }
250
251 n = 0;
252 p = &parent_wsi->lc.gutag[1];
253 do {
254 if (*p == '|') {
255 b++;
256 if (b == 3)
257 continue;
258 }
259 tmp1[n++] = *p++;
260 } while (b < 3 && n < sizeof(tmp1) - 2);
261 tmp1[n] = '\0';
262 lws_snprintf(tmp, sizeof(tmp), "h2_sid%u_(%s)", sid, tmp1);
263 wsi = lws_create_new_server_wsi(vh, parent_wsi->tsi, tmp);
264 if (!wsi) {
265 lwsl_notice("new server wsi failed (%s)\n", lws_vh_tag(vh));
266 return NULL;
267 }
268
269 #if defined(LWS_WITH_SERVER)
270 if (lwsi_role_server(parent_wsi)) {
271 lws_metrics_caliper_bind(wsi->cal_conn, wsi->a.context->mth_srv);
272 }
273 #endif
274
275 h2n->highest_sid_opened = sid;
276
277 lws_wsi_mux_insert(wsi, parent_wsi, sid);
278 if (sid >= h2n->highest_sid)
279 h2n->highest_sid = sid + 2;
280
281 wsi->mux_substream = 1;
282 wsi->seen_nonpseudoheader = 0;
283
284 wsi->txc.tx_cr = (int32_t)nwsi->h2.h2n->peer_set.s[H2SET_INITIAL_WINDOW_SIZE];
285 wsi->txc.peer_tx_cr_est =
286 (int32_t)nwsi->h2.h2n->our_set.s[H2SET_INITIAL_WINDOW_SIZE];
287
288 lwsi_set_state(wsi, LRS_ESTABLISHED);
289 lwsi_set_role(wsi, lwsi_role(parent_wsi));
290
291 wsi->a.protocol = &vh->protocols[0];
292 if (lws_ensure_user_space(wsi))
293 goto bail1;
294
295 #if defined(LWS_WITH_SERVER) && defined(LWS_WITH_SECURE_STREAMS)
296 if (lws_adopt_ss_server_accept(wsi))
297 goto bail1;
298 #endif
299
300 /* get the ball rolling */
301 lws_validity_confirmed(wsi);
302
303 lwsl_info("%s: %s new ch %s, sid %d, usersp=%p\n", __func__,
304 lws_wsi_tag(parent_wsi), lws_wsi_tag(wsi), sid, wsi->user_space);
305
306 lws_wsi_txc_describe(&wsi->txc, __func__, wsi->mux.my_sid);
307 lws_wsi_txc_describe(&nwsi->txc, __func__, 0);
308
309 return wsi;
310
311 bail1:
312 /* undo the insert */
313 parent_wsi->mux.child_list = wsi->mux.sibling_list;
314 parent_wsi->mux.child_count--;
315
316 if (wsi->user_space)
317 lws_free_set_NULL(wsi->user_space);
318 vh->protocols[0].callback(wsi, LWS_CALLBACK_WSI_DESTROY, NULL, NULL, 0);
319 __lws_vhost_unbind_wsi(wsi);
320 lws_free(wsi);
321
322 return NULL;
323 }
324
325 struct lws *
lws_wsi_h2_adopt(struct lws *parent_wsi, struct lws *wsi)326 lws_wsi_h2_adopt(struct lws *parent_wsi, struct lws *wsi)
327 {
328 struct lws *nwsi = lws_get_network_wsi(parent_wsi);
329
330 /* no more children allowed by parent */
331 if (parent_wsi->mux.child_count + 1 >
332 parent_wsi->h2.h2n->our_set.s[H2SET_MAX_CONCURRENT_STREAMS]) {
333 lwsl_notice("reached concurrent stream limit\n");
334 return NULL;
335 }
336
337 /* sid is set just before issuing the headers, ensuring monoticity */
338
339 wsi->seen_nonpseudoheader = 0;
340 #if defined(LWS_WITH_CLIENT)
341 wsi->client_mux_substream = 1;
342 #endif
343 wsi->h2.initialized = 1;
344
345 #if 0
346 /* only assign sid at header send time when we know it */
347 if (!wsi->mux.my_sid) {
348 wsi->mux.my_sid = nwsi->h2.h2n->highest_sid;
349 nwsi->h2.h2n->highest_sid += 2;
350 }
351 #endif
352
353 lwsl_info("%s: binding wsi %s to sid %d (next %d)\n", __func__,
354 lws_wsi_tag(wsi), (int)wsi->mux.my_sid, (int)nwsi->h2.h2n->highest_sid);
355
356 lws_wsi_mux_insert(wsi, parent_wsi, wsi->mux.my_sid);
357
358 wsi->txc.tx_cr = (int32_t)nwsi->h2.h2n->peer_set.s[H2SET_INITIAL_WINDOW_SIZE];
359 wsi->txc.peer_tx_cr_est = (int32_t)
360 nwsi->h2.h2n->our_set.s[H2SET_INITIAL_WINDOW_SIZE];
361
362 lws_wsi_txc_describe(&wsi->txc, __func__, wsi->mux.my_sid);
363
364 if (lws_ensure_user_space(wsi))
365 goto bail1;
366
367 lws_role_transition(wsi, LWSIFR_CLIENT, LRS_H2_WAITING_TO_SEND_HEADERS,
368 &role_ops_h2);
369
370 lws_callback_on_writable(wsi);
371
372 return wsi;
373
374 bail1:
375 /* undo the insert */
376 parent_wsi->mux.child_list = wsi->mux.sibling_list;
377 parent_wsi->mux.child_count--;
378
379 if (wsi->user_space)
380 lws_free_set_NULL(wsi->user_space);
381 wsi->a.protocol->callback(wsi, LWS_CALLBACK_WSI_DESTROY, NULL, NULL, 0);
382 lws_free(wsi);
383
384 return NULL;
385 }
386
387
388 int
lws_h2_issue_preface(struct lws *wsi)389 lws_h2_issue_preface(struct lws *wsi)
390 {
391 struct lws_h2_netconn *h2n = wsi->h2.h2n;
392 struct lws_h2_protocol_send *pps;
393
394 if (!h2n) {
395 lwsl_warn("%s: no valid h2n\n", __func__);
396 return 1;
397 }
398
399 if (h2n->sent_preface)
400 return 1;
401
402 lwsl_debug("%s: %s: fd %d\n", __func__, lws_wsi_tag(wsi), (int)wsi->desc.sockfd);
403
404 if (lws_issue_raw(wsi, (uint8_t *)preface, strlen(preface)) !=
405 (int)strlen(preface))
406 return 1;
407
408 h2n->sent_preface = 1;
409
410 lws_role_transition(wsi, LWSIFR_CLIENT, LRS_H2_WAITING_TO_SEND_HEADERS,
411 &role_ops_h2);
412
413 h2n->count = 0;
414 wsi->txc.tx_cr = 65535;
415
416 /*
417 * we must send a settings frame
418 */
419 pps = lws_h2_new_pps(LWS_H2_PPS_MY_SETTINGS);
420 if (!pps)
421 return 1;
422 lws_pps_schedule(wsi, pps);
423 lwsl_info("%s: h2 client sending settings\n", __func__);
424
425 return 0;
426 }
427
428 void
lws_pps_schedule(struct lws *wsi, struct lws_h2_protocol_send *pps)429 lws_pps_schedule(struct lws *wsi, struct lws_h2_protocol_send *pps)
430 {
431 struct lws *nwsi = lws_get_network_wsi(wsi);
432 struct lws_h2_netconn *h2n = nwsi->h2.h2n;
433
434 if (!h2n) {
435 lwsl_warn("%s: null h2n\n", __func__);
436 lws_free(pps);
437 return;
438 }
439
440 pps->next = h2n->pps;
441 h2n->pps = pps;
442 lws_rx_flow_control(wsi, LWS_RXFLOW_REASON_APPLIES_DISABLE |
443 LWS_RXFLOW_REASON_H2_PPS_PENDING);
444 lws_callback_on_writable(wsi);
445 }
446
447 int
lws_h2_goaway(struct lws *wsi, uint32_t err, const char *reason)448 lws_h2_goaway(struct lws *wsi, uint32_t err, const char *reason)
449 {
450 struct lws_h2_netconn *h2n = wsi->h2.h2n;
451 struct lws_h2_protocol_send *pps;
452
453 if (h2n->type == LWS_H2_FRAME_TYPE_COUNT)
454 return 0;
455
456 pps = lws_h2_new_pps(LWS_H2_PPS_GOAWAY);
457 if (!pps)
458 return 1;
459
460 lwsl_info("%s: %s: ERR 0x%x, '%s'\n", __func__, lws_wsi_tag(wsi), (int)err, reason);
461
462 pps->u.ga.err = err;
463 pps->u.ga.highest_sid = h2n->highest_sid;
464 lws_strncpy(pps->u.ga.str, reason, sizeof(pps->u.ga.str));
465 lws_pps_schedule(wsi, pps);
466
467 h2n->type = LWS_H2_FRAME_TYPE_COUNT; /* ie, IGNORE */
468
469 return 0;
470 }
471
472 int
lws_h2_rst_stream(struct lws *wsi, uint32_t err, const char *reason)473 lws_h2_rst_stream(struct lws *wsi, uint32_t err, const char *reason)
474 {
475 struct lws *nwsi = lws_get_network_wsi(wsi);
476 struct lws_h2_netconn *h2n = nwsi->h2.h2n;
477 struct lws_h2_protocol_send *pps;
478
479 if (!h2n)
480 return 0;
481
482 if (!wsi->h2_stream_carries_ws && h2n->type == LWS_H2_FRAME_TYPE_COUNT)
483 return 0;
484
485 pps = lws_h2_new_pps(LWS_H2_PPS_RST_STREAM);
486 if (!pps)
487 return 1;
488
489 lwsl_info("%s: RST_STREAM 0x%x, sid %d, REASON '%s'\n", __func__,
490 (int)err, wsi->mux.my_sid, reason);
491
492 pps->u.rs.sid = wsi->mux.my_sid;
493 pps->u.rs.err = err;
494
495 lws_pps_schedule(wsi, pps);
496
497 h2n->type = LWS_H2_FRAME_TYPE_COUNT; /* ie, IGNORE */
498 lws_h2_state(wsi, LWS_H2_STATE_CLOSED);
499
500 return 0;
501 }
502
503 int
lws_h2_settings(struct lws *wsi, struct http2_settings *settings, unsigned char *buf, int len)504 lws_h2_settings(struct lws *wsi, struct http2_settings *settings,
505 unsigned char *buf, int len)
506 {
507 struct lws *nwsi = lws_get_network_wsi(wsi);
508 unsigned int a, b;
509
510 if (!len)
511 return 0;
512
513 if (len < LWS_H2_SETTINGS_LEN)
514 return 1;
515
516 while (len >= LWS_H2_SETTINGS_LEN) {
517 a = (unsigned int)((buf[0] << 8) | buf[1]);
518 if (!a || a >= H2SET_COUNT)
519 goto skip;
520 b = (unsigned int)(buf[2] << 24 | buf[3] << 16 | buf[4] << 8 | buf[5]);
521
522 switch (a) {
523 case H2SET_HEADER_TABLE_SIZE:
524 break;
525 case H2SET_ENABLE_PUSH:
526 if (b > 1) {
527 lws_h2_goaway(nwsi, H2_ERR_PROTOCOL_ERROR,
528 "ENABLE_PUSH invalid arg");
529 return 1;
530 }
531 break;
532 case H2SET_MAX_CONCURRENT_STREAMS:
533 break;
534 case H2SET_INITIAL_WINDOW_SIZE:
535 if (b > 0x7fffffff) {
536 lws_h2_goaway(nwsi, H2_ERR_FLOW_CONTROL_ERROR,
537 "Inital Window beyond max");
538 return 1;
539 }
540
541 #if defined(LWS_WITH_CLIENT)
542 #if defined(LWS_AMAZON_RTOS) || defined(LWS_AMAZON_LINUX)
543 if (
544 #else
545 if (wsi->flags & LCCSCF_H2_QUIRK_OVERFLOWS_TXCR &&
546 #endif
547 b == 0x7fffffff) {
548 b >>= 4;
549
550 break;
551 }
552 #endif
553
554 /*
555 * In addition to changing the flow-control window for
556 * streams that are not yet active, a SETTINGS frame
557 * can alter the initial flow-control window size for
558 * streams with active flow-control windows (that is,
559 * streams in the "open" or "half-closed (remote)"
560 * state). When the value of
561 * SETTINGS_INITIAL_WINDOW_SIZE changes, a receiver
562 * MUST adjust the size of all stream flow-control
563 * windows that it maintains by the difference between
564 * the new value and the old value.
565 */
566
567 lws_start_foreach_ll(struct lws *, w,
568 nwsi->mux.child_list) {
569 lwsl_info("%s: adi child tc cr %d +%d -> %d",
570 __func__, (int)w->txc.tx_cr,
571 b - (unsigned int)settings->s[a],
572 (int)(w->txc.tx_cr + (int)b -
573 (int)settings->s[a]));
574 w->txc.tx_cr += (int)b - (int)settings->s[a];
575 if (w->txc.tx_cr > 0 &&
576 w->txc.tx_cr <=
577 (int32_t)(b - settings->s[a]))
578
579 lws_callback_on_writable(w);
580 } lws_end_foreach_ll(w, mux.sibling_list);
581
582 break;
583 case H2SET_MAX_FRAME_SIZE:
584 if (b < wsi->a.vhost->h2.set.s[H2SET_MAX_FRAME_SIZE]) {
585 lws_h2_goaway(nwsi, H2_ERR_PROTOCOL_ERROR,
586 "Frame size < initial");
587 return 1;
588 }
589 if (b > 0x00ffffff) {
590 lws_h2_goaway(nwsi, H2_ERR_PROTOCOL_ERROR,
591 "Settings Frame size above max");
592 return 1;
593 }
594 break;
595 case H2SET_MAX_HEADER_LIST_SIZE:
596 break;
597 }
598 settings->s[a] = b;
599 lwsl_info("http2 settings %d <- 0x%x\n", a, b);
600 skip:
601 len -= LWS_H2_SETTINGS_LEN;
602 buf += LWS_H2_SETTINGS_LEN;
603 }
604
605 if (len)
606 return 1;
607
608 lws_h2_dump_settings(settings);
609
610 return 0;
611 }
612
613 /* RFC7640 Sect 6.9
614 *
615 * The WINDOW_UPDATE frame can be specific to a stream or to the entire
616 * connection. In the former case, the frame's stream identifier
617 * indicates the affected stream; in the latter, the value "0" indicates
618 * that the entire connection is the subject of the frame.
619 *
620 * ...
621 *
622 * Two flow-control windows are applicable: the stream flow-control
623 * window and the connection flow-control window. The sender MUST NOT
624 * send a flow-controlled frame with a length that exceeds the space
625 * available in either of the flow-control windows advertised by the
626 * receiver. Frames with zero length with the END_STREAM flag set (that
627 * is, an empty DATA frame) MAY be sent if there is no available space
628 * in either flow-control window.
629 */
630
631 int
632 lws_h2_tx_cr_get(struct lws *wsi)
633 {
634 int c = wsi->txc.tx_cr;
635 struct lws *nwsi = lws_get_network_wsi(wsi);
636
637 if (!wsi->mux_substream && !nwsi->upgraded_to_http2)
638 return ~0x80000000;
639
640 lwsl_info ("%s: %s: own tx credit %d: nwsi credit %d\n",
641 __func__, lws_wsi_tag(wsi), c, (int)nwsi->txc.tx_cr);
642
643 if (nwsi->txc.tx_cr < c)
644 c = nwsi->txc.tx_cr;
645
646 if (c < 0)
647 return 0;
648
649 return c;
650 }
651
652 void
653 lws_h2_tx_cr_consume(struct lws *wsi, int consumed)
654 {
655 struct lws *nwsi = lws_get_network_wsi(wsi);
656
657 wsi->txc.tx_cr -= consumed;
658
659 if (nwsi != wsi)
660 nwsi->txc.tx_cr -= consumed;
661 }
662
663 int lws_h2_frame_write(struct lws *wsi, int type, int flags,
664 unsigned int sid, unsigned int len, unsigned char *buf)
665 {
666 struct lws *nwsi = lws_get_network_wsi(wsi);
667 unsigned char *p = &buf[-LWS_H2_FRAME_HEADER_LENGTH];
668 int n;
669
670 //if (wsi->h2_stream_carries_ws)
671 // lwsl_hexdump_level(LLL_NOTICE, buf, len);
672
673 *p++ = (uint8_t)(len >> 16);
674 *p++ = (uint8_t)(len >> 8);
675 *p++ = (uint8_t)len;
676 *p++ = (uint8_t)type;
677 *p++ = (uint8_t)flags;
678 *p++ = (uint8_t)(sid >> 24);
679 *p++ = (uint8_t)(sid >> 16);
680 *p++ = (uint8_t)(sid >> 8);
681 *p++ = (uint8_t)sid;
682
683 lwsl_debug("%s: %s (eff %s). typ %d, fl 0x%x, sid=%d, len=%d, "
684 "txcr=%d, nwsi->txcr=%d\n", __func__, lws_wsi_tag(wsi),
685 lws_wsi_tag(nwsi), type, flags,
686 sid, len, (int)wsi->txc.tx_cr, (int)nwsi->txc.tx_cr);
687
688 if (type == LWS_H2_FRAME_TYPE_DATA) {
689 if (wsi->txc.tx_cr < (int)len)
690
691 lwsl_info("%s: %s: sending payload len %d"
692 " but tx_cr only %d!\n", __func__,
693 lws_wsi_tag(wsi), len, (int)wsi->txc.tx_cr);
694 lws_h2_tx_cr_consume(wsi, (int)len);
695 }
696
697 n = lws_issue_raw(nwsi, &buf[-LWS_H2_FRAME_HEADER_LENGTH],
698 len + LWS_H2_FRAME_HEADER_LENGTH);
699 if (n < 0)
700 return n;
701
702 if (n >= LWS_H2_FRAME_HEADER_LENGTH)
703 return n - LWS_H2_FRAME_HEADER_LENGTH;
704
705 return n;
706 }
707
708 static void lws_h2_set_bin(struct lws *wsi, int n, unsigned char *buf)
709 {
710 *buf++ = (uint8_t)(n >> 8);
711 *buf++ = (uint8_t)n;
712 *buf++ = (uint8_t)(wsi->h2.h2n->our_set.s[n] >> 24);
713 *buf++ = (uint8_t)(wsi->h2.h2n->our_set.s[n] >> 16);
714 *buf++ = (uint8_t)(wsi->h2.h2n->our_set.s[n] >> 8);
715 *buf = (uint8_t)wsi->h2.h2n->our_set.s[n];
716 }
717
718 /* we get called on the network connection */
719
720 int lws_h2_do_pps_send(struct lws *wsi)
721 {
722 struct lws_h2_netconn *h2n = wsi->h2.h2n;
723 struct lws_h2_protocol_send *pps = NULL;
724 struct lws *cwsi;
725 uint8_t set[LWS_PRE + 64], *p = &set[LWS_PRE], *q;
726 int n, m = 0, flags = 0;
727
728 if (!h2n)
729 return 1;
730
731 /* get the oldest pps */
732
733 lws_start_foreach_llp(struct lws_h2_protocol_send **, pps1, h2n->pps) {
734 if ((*pps1)->next == NULL) { /* we are the oldest in the list */
735 pps = *pps1; /* remove us from the list */
736 *pps1 = NULL;
737 continue;
738 }
739 } lws_end_foreach_llp(pps1, next);
740
741 if (!pps)
742 return 1;
743
744 lwsl_info("%s: %s: %d\n", __func__, lws_wsi_tag(wsi), pps->type);
745
746 switch (pps->type) {
747
748 case LWS_H2_PPS_MY_SETTINGS:
749
750 /*
751 * if any of our settings varies from h2 "default defaults"
752 * then we must inform the peer
753 */
754 for (n = 1; n < H2SET_COUNT; n++)
755 if (h2n->our_set.s[n] != lws_h2_defaults.s[n]) {
756 lwsl_debug("sending SETTING %d 0x%x\n", n,
757 (unsigned int)
758 wsi->h2.h2n->our_set.s[n]);
759
760 lws_h2_set_bin(wsi, n, &set[LWS_PRE + m]);
761 m += (int)sizeof(h2n->one_setting);
762 }
763 n = lws_h2_frame_write(wsi, LWS_H2_FRAME_TYPE_SETTINGS,
764 flags, LWS_H2_STREAM_ID_MASTER, (unsigned int)m,
765 &set[LWS_PRE]);
766 if (n != m) {
767 lwsl_info("send %d %d\n", n, m);
768 goto bail;
769 }
770 break;
771
772 case LWS_H2_PPS_SETTINGS_INITIAL_UPDATE_WINDOW:
773 q = &set[LWS_PRE];
774 *q++ = (uint8_t)(H2SET_INITIAL_WINDOW_SIZE >> 8);
775 *q++ = (uint8_t)(H2SET_INITIAL_WINDOW_SIZE);
776 *q++ = (uint8_t)(pps->u.update_window.credit >> 24);
777 *q++ = (uint8_t)(pps->u.update_window.credit >> 16);
778 *q++ = (uint8_t)(pps->u.update_window.credit >> 8);
779 *q = (uint8_t)(pps->u.update_window.credit);
780
781 lwsl_debug("%s: resetting initial window to %d\n", __func__,
782 (int)pps->u.update_window.credit);
783
784 n = lws_h2_frame_write(wsi, LWS_H2_FRAME_TYPE_SETTINGS,
785 flags, LWS_H2_STREAM_ID_MASTER, 6,
786 &set[LWS_PRE]);
787 if (n != 6) {
788 lwsl_info("send %d %d\n", n, m);
789 goto bail;
790 }
791 break;
792
793 case LWS_H2_PPS_ACK_SETTINGS:
794 /* send ack ... always empty */
795 n = lws_h2_frame_write(wsi, LWS_H2_FRAME_TYPE_SETTINGS, 1,
796 LWS_H2_STREAM_ID_MASTER, 0,
797 &set[LWS_PRE]);
798 if (n) {
799 lwsl_err("%s: writing settings ack frame failed %d\n", __func__, n);
800 goto bail;
801 }
802 wsi->h2_acked_settings = 0;
803 /* this is the end of the preface dance then? */
804 if (lwsi_state(wsi) == LRS_H2_AWAIT_SETTINGS) {
805 lwsi_set_state(wsi, LRS_ESTABLISHED);
806 #if defined(LWS_WITH_FILE_OPS)
807 wsi->http.fop_fd = NULL;
808 #endif
809 if (lws_is_ssl(lws_get_network_wsi(wsi)))
810 break;
811
812 if (wsi->a.vhost->options &
813 LWS_SERVER_OPTION_H2_PRIOR_KNOWLEDGE)
814 break;
815
816 /*
817 * we need to treat the headers from the upgrade as the
818 * first job. So these need to get shifted to sid 1.
819 */
820
821 lws_context_lock(wsi->a.context, "h2 mig");
822 lws_vhost_lock(wsi->a.vhost);
823
824 h2n->swsi = __lws_wsi_server_new(wsi->a.vhost, wsi, 1);
825
826 lws_vhost_unlock(wsi->a.vhost);
827 lws_context_unlock(wsi->a.context);
828
829 if (!h2n->swsi)
830 goto bail;
831
832 /* pass on the initial headers to SID 1 */
833 h2n->swsi->http.ah = wsi->http.ah;
834 wsi->http.ah = NULL;
835
836 lwsl_info("%s: inherited headers %p\n", __func__,
837 h2n->swsi->http.ah);
838 h2n->swsi->txc.tx_cr = (int32_t)
839 h2n->our_set.s[H2SET_INITIAL_WINDOW_SIZE];
840 lwsl_info("initial tx credit on %s: %d\n",
841 lws_wsi_tag(h2n->swsi),
842 (int)h2n->swsi->txc.tx_cr);
843 h2n->swsi->h2.initialized = 1;
844 /* demanded by HTTP2 */
845 h2n->swsi->h2.END_STREAM = 1;
846 lwsl_info("servicing initial http request\n");
847
848 #if defined(LWS_WITH_SERVER)
849 if (lws_http_action(h2n->swsi))
850 goto bail;
851 #endif
852 break;
853 }
854 break;
855
856 /*
857 * h2 only has PING... ACK = 0 = ping, ACK = 1 = pong
858 */
859
860 case LWS_H2_PPS_PING:
861 case LWS_H2_PPS_PONG:
862 if (pps->type == LWS_H2_PPS_PING)
863 lwsl_info("sending PING\n");
864 else {
865 lwsl_info("sending PONG\n");
866 flags = LWS_H2_FLAG_SETTINGS_ACK;
867 }
868
869 memcpy(&set[LWS_PRE], pps->u.ping.ping_payload, 8);
870 n = lws_h2_frame_write(wsi, LWS_H2_FRAME_TYPE_PING, flags,
871 LWS_H2_STREAM_ID_MASTER, 8,
872 &set[LWS_PRE]);
873 if (n != 8)
874 goto bail;
875
876 break;
877
878 case LWS_H2_PPS_GOAWAY:
879 lwsl_info("LWS_H2_PPS_GOAWAY\n");
880 *p++ = (uint8_t)(pps->u.ga.highest_sid >> 24);
881 *p++ = (uint8_t)(pps->u.ga.highest_sid >> 16);
882 *p++ = (uint8_t)(pps->u.ga.highest_sid >> 8);
883 *p++ = (uint8_t)(pps->u.ga.highest_sid);
884 *p++ = (uint8_t)(pps->u.ga.err >> 24);
885 *p++ = (uint8_t)(pps->u.ga.err >> 16);
886 *p++ = (uint8_t)(pps->u.ga.err >> 8);
887 *p++ = (uint8_t)(pps->u.ga.err);
888 q = (unsigned char *)pps->u.ga.str;
889 n = 0;
890 while (*q && n++ < (int)sizeof(pps->u.ga.str))
891 *p++ = *q++;
892 h2n->we_told_goaway = 1;
893 n = lws_h2_frame_write(wsi, LWS_H2_FRAME_TYPE_GOAWAY, 0,
894 LWS_H2_STREAM_ID_MASTER,
895 (unsigned int)lws_ptr_diff(p, &set[LWS_PRE]),
896 &set[LWS_PRE]);
897 if (n != 4) {
898 lwsl_info("send %d %d\n", n, m);
899 goto bail;
900 }
901 goto bail;
902
903 case LWS_H2_PPS_RST_STREAM:
904 lwsl_info("LWS_H2_PPS_RST_STREAM\n");
905 *p++ = (uint8_t)(pps->u.rs.err >> 24);
906 *p++ = (uint8_t)(pps->u.rs.err >> 16);
907 *p++ = (uint8_t)(pps->u.rs.err >> 8);
908 *p++ = (uint8_t)(pps->u.rs.err);
909 n = lws_h2_frame_write(wsi, LWS_H2_FRAME_TYPE_RST_STREAM,
910 0, pps->u.rs.sid, 4, &set[LWS_PRE]);
911 if (n != 4) {
912 lwsl_info("send %d %d\n", n, m);
913 goto bail;
914 }
915 cwsi = lws_wsi_mux_from_id(wsi, pps->u.rs.sid);
916 if (cwsi) {
917 lwsl_debug("%s: closing cwsi %s %s %s (wsi %s)\n",
918 __func__, lws_wsi_tag(cwsi),
919 cwsi->role_ops->name,
920 cwsi->a.protocol->name, lws_wsi_tag(wsi));
921 lws_close_free_wsi(cwsi, 0, "reset stream");
922 }
923 break;
924
925 case LWS_H2_PPS_UPDATE_WINDOW:
926 lwsl_info("Issuing LWS_H2_PPS_UPDATE_WINDOW: sid %d: add %d\n",
927 (int)pps->u.update_window.sid,
928 (int)pps->u.update_window.credit);
929 *p++ = (uint8_t)((pps->u.update_window.credit >> 24) & 0x7f); /* 31b */
930 *p++ = (uint8_t)(pps->u.update_window.credit >> 16);
931 *p++ = (uint8_t)(pps->u.update_window.credit >> 8);
932 *p++ = (uint8_t)(pps->u.update_window.credit);
933 n = lws_h2_frame_write(wsi, LWS_H2_FRAME_TYPE_WINDOW_UPDATE,
934 0, pps->u.update_window.sid, 4,
935 &set[LWS_PRE]);
936 if (n != 4) {
937 lwsl_info("send %d %d\n", n, m);
938 goto bail;
939 }
940 break;
941
942 default:
943 break;
944 }
945
946 lws_free(pps);
947
948 return 0;
949
950 bail:
951 lws_free(pps);
952
953 return 1;
954 }
955
956 static int
957 lws_h2_parse_end_of_frame(struct lws *wsi);
958
959 /*
960 * The frame header part has just completely arrived.
961 * Perform actions for header completion.
962 */
963 static int
964 lws_h2_parse_frame_header(struct lws *wsi)
965 {
966 struct lws_h2_netconn *h2n = wsi->h2.h2n;
967 struct lws_h2_protocol_send *pps;
968 int n;
969
970 /*
971 * We just got the frame header
972 */
973 h2n->count = 0;
974 h2n->swsi = wsi;
975 /* b31 is a reserved bit */
976 h2n->sid = h2n->sid & 0x7fffffff;
977
978 if (h2n->sid && !(h2n->sid & 1)) {
979 char pes[32];
980 lws_snprintf(pes, sizeof(pes), "Even Stream ID 0x%x", (unsigned int)h2n->sid);
981 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, pes);
982
983 return 0;
984 }
985
986 /* let the network wsi live a bit longer if subs are active */
987
988 if (!wsi->immortal_substream_count)
989 lws_set_timeout(wsi, PENDING_TIMEOUT_HTTP_KEEPALIVE_IDLE,
990 wsi->a.vhost->keepalive_timeout ?
991 wsi->a.vhost->keepalive_timeout : 31);
992
993 if (h2n->sid)
994 h2n->swsi = lws_wsi_mux_from_id(wsi, h2n->sid);
995
996 lwsl_debug("%s (%s): fr hdr: typ 0x%x, fla 0x%x, sid 0x%x, len 0x%x\n",
997 lws_wsi_tag(wsi), lws_wsi_tag(h2n->swsi), h2n->type,
998 h2n->flags, (unsigned int)h2n->sid, (unsigned int)h2n->length);
999
1000 if (h2n->we_told_goaway && h2n->sid > h2n->highest_sid)
1001 h2n->type = LWS_H2_FRAME_TYPE_COUNT; /* ie, IGNORE */
1002
1003 if (h2n->type >= LWS_H2_FRAME_TYPE_COUNT) {
1004 lwsl_info("%s: ignoring unknown frame type %d (len %d)\n", __func__, h2n->type, (unsigned int)h2n->length);
1005 /* we MUST ignore frames we don't understand */
1006 h2n->type = LWS_H2_FRAME_TYPE_COUNT;
1007 }
1008
1009 /*
1010 * Even if we have decided to logically ignore this frame, we must
1011 * consume the correct "frame length" amount of data to retain sync
1012 */
1013
1014 if (h2n->length > h2n->our_set.s[H2SET_MAX_FRAME_SIZE]) {
1015 /*
1016 * peer sent us something bigger than we told
1017 * it we would allow
1018 */
1019 lwsl_info("%s: received oversize frame %d\n", __func__,
1020 (unsigned int)h2n->length);
1021 lws_h2_goaway(wsi, H2_ERR_FRAME_SIZE_ERROR,
1022 "Peer ignored our frame size setting");
1023 return 1;
1024 }
1025
1026 if (h2n->swsi)
1027 lwsl_info("%s: %s, State: %s, received cmd %d\n",
1028 __func__, lws_wsi_tag(h2n->swsi),
1029 h2_state_names[h2n->swsi->h2.h2_state], h2n->type);
1030 else {
1031 /* if it's data, either way no swsi means CLOSED state */
1032 if (h2n->type == LWS_H2_FRAME_TYPE_DATA) {
1033 if (h2n->sid <= h2n->highest_sid_opened
1034 #if defined(LWS_WITH_CLIENT)
1035 && wsi->client_h2_alpn
1036 #endif
1037 ) {
1038 lwsl_notice("ignoring straggling data fl 0x%x\n",
1039 h2n->flags);
1040 /* ie, IGNORE */
1041 h2n->type = LWS_H2_FRAME_TYPE_COUNT;
1042 } else {
1043 lwsl_info("%s: received %d bytes data for unknown sid %d, highest known %d\n",
1044 __func__, (int)h2n->length, (int)h2n->sid, (int)h2n->highest_sid_opened);
1045
1046 // if (h2n->sid > h2n->highest_sid_opened) {
1047 lws_h2_goaway(wsi, H2_ERR_STREAM_CLOSED,
1048 "Data for nonexistent sid");
1049 return 0;
1050 // }
1051 }
1052 }
1053 /* if the sid is credible, treat as wsi for it closed */
1054 if (h2n->sid > h2n->highest_sid_opened &&
1055 h2n->type != LWS_H2_FRAME_TYPE_HEADERS &&
1056 h2n->type != LWS_H2_FRAME_TYPE_PRIORITY) {
1057 /* if not credible, reject it */
1058 lwsl_info("%s: %s, No child for sid %d, rxcmd %d\n",
1059 __func__, lws_wsi_tag(h2n->swsi), (unsigned int)h2n->sid, h2n->type);
1060 lws_h2_goaway(wsi, H2_ERR_STREAM_CLOSED,
1061 "Data for nonexistent sid");
1062 return 0;
1063 }
1064 }
1065
1066 if (h2n->swsi && h2n->sid && h2n->type != LWS_H2_FRAME_TYPE_COUNT &&
1067 !(http2_rx_validity[h2n->swsi->h2.h2_state] & (1 << h2n->type))) {
1068 lwsl_info("%s: %s, State: %s, ILLEGAL cmdrx %d (OK 0x%x)\n",
1069 __func__, lws_wsi_tag(h2n->swsi),
1070 h2_state_names[h2n->swsi->h2.h2_state], h2n->type,
1071 http2_rx_validity[h2n->swsi->h2.h2_state]);
1072
1073 if (h2n->swsi->h2.h2_state == LWS_H2_STATE_CLOSED ||
1074 h2n->swsi->h2.h2_state == LWS_H2_STATE_HALF_CLOSED_REMOTE)
1075 n = H2_ERR_STREAM_CLOSED;
1076 else
1077 n = H2_ERR_PROTOCOL_ERROR;
1078 lws_h2_goaway(wsi, (unsigned int)n, "invalid rx for state");
1079
1080 return 0;
1081 }
1082
1083 if (h2n->cont_exp && h2n->type != LWS_H2_FRAME_TYPE_COUNT &&
1084 (h2n->cont_exp_sid != h2n->sid ||
1085 h2n->type != LWS_H2_FRAME_TYPE_CONTINUATION)) {
1086 lwsl_info("%s: expected cont on sid %u (got %d on sid %u)\n",
1087 __func__, (unsigned int)h2n->cont_exp_sid, h2n->type,
1088 (unsigned int)h2n->sid);
1089 h2n->cont_exp = 0;
1090 if (h2n->cont_exp_headers)
1091 n = H2_ERR_COMPRESSION_ERROR;
1092 else
1093 n = H2_ERR_PROTOCOL_ERROR;
1094 lws_h2_goaway(wsi, (unsigned int)n, "Continuation hdrs State");
1095
1096 return 0;
1097 }
1098
1099 switch (h2n->type) {
1100 case LWS_H2_FRAME_TYPE_DATA:
1101 lwsl_info("seen incoming LWS_H2_FRAME_TYPE_DATA start\n");
1102 if (!h2n->sid) {
1103 lwsl_info("DATA: 0 sid\n");
1104 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, "DATA 0 sid");
1105 break;
1106 }
1107 lwsl_info("Frame header DATA: sid %u, flags 0x%x, len %u\n",
1108 (unsigned int)h2n->sid, h2n->flags,
1109 (unsigned int)h2n->length);
1110
1111 if (!h2n->swsi) {
1112 lwsl_notice("DATA: NULL swsi\n");
1113 break;
1114 }
1115
1116 lwsl_info("DATA rx on state %d\n", h2n->swsi->h2.h2_state);
1117
1118 if (
1119 h2n->swsi->h2.h2_state == LWS_H2_STATE_HALF_CLOSED_REMOTE ||
1120 h2n->swsi->h2.h2_state == LWS_H2_STATE_CLOSED) {
1121 lws_h2_goaway(wsi, H2_ERR_STREAM_CLOSED, "conn closed");
1122 break;
1123 }
1124
1125 if (h2n->length == 0)
1126 lws_h2_parse_end_of_frame(wsi);
1127
1128 break;
1129
1130 case LWS_H2_FRAME_TYPE_PRIORITY:
1131 lwsl_info("LWS_H2_FRAME_TYPE_PRIORITY complete frame\n");
1132 if (!h2n->sid) {
1133 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1134 "Priority has 0 sid");
1135 break;
1136 }
1137 if (h2n->length != 5) {
1138 lws_h2_goaway(wsi, H2_ERR_FRAME_SIZE_ERROR,
1139 "Priority has length other than 5");
1140 break;
1141 }
1142 break;
1143 case LWS_H2_FRAME_TYPE_PUSH_PROMISE:
1144 lwsl_info("LWS_H2_FRAME_TYPE_PUSH_PROMISE complete frame\n");
1145 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, "Server only");
1146 break;
1147
1148 case LWS_H2_FRAME_TYPE_GOAWAY:
1149 lwsl_debug("LWS_H2_FRAME_TYPE_GOAWAY received\n");
1150 break;
1151
1152 case LWS_H2_FRAME_TYPE_RST_STREAM:
1153 if (!h2n->sid)
1154 return 1;
1155 if (!h2n->swsi) {
1156 if (h2n->sid <= h2n->highest_sid_opened)
1157 break;
1158 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1159 "crazy sid on RST_STREAM");
1160 return 1;
1161 }
1162 if (h2n->length != 4) {
1163 lws_h2_goaway(wsi, H2_ERR_FRAME_SIZE_ERROR,
1164 "RST_STREAM can only be length 4");
1165 break;
1166 }
1167 lws_h2_state(h2n->swsi, LWS_H2_STATE_CLOSED);
1168 break;
1169
1170 case LWS_H2_FRAME_TYPE_SETTINGS:
1171 lwsl_info("LWS_H2_FRAME_TYPE_SETTINGS complete frame\n");
1172 /* nonzero sid on settings is illegal */
1173 if (h2n->sid) {
1174 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1175 "Settings has nonzero sid");
1176 break;
1177 }
1178
1179 if (!(h2n->flags & LWS_H2_FLAG_SETTINGS_ACK)) {
1180 if (h2n->length % 6) {
1181 lws_h2_goaway(wsi, H2_ERR_FRAME_SIZE_ERROR,
1182 "Settings length error");
1183 break;
1184 }
1185
1186 if (h2n->type == LWS_H2_FRAME_TYPE_COUNT)
1187 return 0;
1188
1189 if (wsi->upgraded_to_http2 &&
1190 #if defined(LWS_WITH_CLIENT)
1191 (!(wsi->flags & LCCSCF_H2_QUIRK_NGHTTP2_END_STREAM) ||
1192 #else
1193 (
1194 #endif
1195 !wsi->h2_acked_settings)) {
1196
1197 pps = lws_h2_new_pps(LWS_H2_PPS_ACK_SETTINGS);
1198 if (!pps)
1199 return 1;
1200 lws_pps_schedule(wsi, pps);
1201 wsi->h2_acked_settings = 1;
1202 }
1203 break;
1204 }
1205 /* came to us with ACK set... not allowed to have payload */
1206
1207 if (h2n->length) {
1208 lws_h2_goaway(wsi, H2_ERR_FRAME_SIZE_ERROR,
1209 "Settings with ACK not allowed payload");
1210 break;
1211 }
1212 break;
1213 case LWS_H2_FRAME_TYPE_PING:
1214 if (h2n->sid) {
1215 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1216 "Ping has nonzero sid");
1217 break;
1218 }
1219 if (h2n->length != 8) {
1220 lws_h2_goaway(wsi, H2_ERR_FRAME_SIZE_ERROR,
1221 "Ping payload can only be 8");
1222 break;
1223 }
1224 break;
1225 case LWS_H2_FRAME_TYPE_CONTINUATION:
1226 lwsl_info("LWS_H2_FRAME_TYPE_CONTINUATION: sid = %u %d %d\n",
1227 (unsigned int)h2n->sid, (int)h2n->cont_exp,
1228 (int)h2n->cont_exp_sid);
1229
1230 if (!h2n->cont_exp ||
1231 h2n->cont_exp_sid != h2n->sid ||
1232 !h2n->sid ||
1233 !h2n->swsi) {
1234 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1235 "unexpected CONTINUATION");
1236 break;
1237 }
1238
1239 if (h2n->swsi->h2.END_HEADERS) {
1240 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1241 "END_HEADERS already seen");
1242 break;
1243 }
1244 /* END_STREAM is in HEADERS, skip resetting it */
1245 goto update_end_headers;
1246
1247 case LWS_H2_FRAME_TYPE_HEADERS:
1248 lwsl_info("HEADERS: frame header: sid = %u\n",
1249 (unsigned int)h2n->sid);
1250 if (!h2n->sid) {
1251 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, "sid 0");
1252 return 1;
1253 }
1254
1255 if (h2n->swsi && !h2n->swsi->h2.END_STREAM &&
1256 h2n->swsi->h2.END_HEADERS &&
1257 !(h2n->flags & LWS_H2_FLAG_END_STREAM)) {
1258 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1259 "extra HEADERS together");
1260 return 1;
1261 }
1262
1263 #if defined(LWS_WITH_CLIENT)
1264 if (wsi->client_h2_alpn) {
1265 if (h2n->sid) {
1266 h2n->swsi = lws_wsi_mux_from_id(wsi, h2n->sid);
1267 lwsl_info("HEADERS: nwsi %s: sid %u mapped "
1268 "to wsi %s\n", lws_wsi_tag(wsi),
1269 (unsigned int)h2n->sid,
1270 lws_wsi_tag(h2n->swsi));
1271 if (!h2n->swsi)
1272 break;
1273 }
1274 goto update_end_headers;
1275 }
1276 #endif
1277
1278 if (!h2n->swsi) {
1279 /* no more children allowed by parent */
1280 if (wsi->mux.child_count + 1 >
1281 wsi->h2.h2n->our_set.s[H2SET_MAX_CONCURRENT_STREAMS]) {
1282 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1283 "Another stream not allowed");
1284
1285 return 1;
1286 }
1287
1288 /*
1289 * The peer has sent us a HEADERS implying the creation
1290 * of a new stream
1291 */
1292
1293 lws_context_lock(wsi->a.context, "h2 new str");
1294 lws_vhost_lock(wsi->a.vhost);
1295
1296 h2n->swsi = __lws_wsi_server_new(wsi->a.vhost, wsi,
1297 h2n->sid);
1298
1299 lws_vhost_unlock(wsi->a.vhost);
1300 lws_context_unlock(wsi->a.context);
1301
1302 if (!h2n->swsi) {
1303 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1304 "OOM");
1305
1306 return 1;
1307 }
1308
1309 if (h2n->sid >= h2n->highest_sid)
1310 h2n->highest_sid = h2n->sid + 2;
1311
1312 h2n->swsi->h2.initialized = 1;
1313
1314 if (lws_h2_update_peer_txcredit(h2n->swsi,
1315 h2n->swsi->mux.my_sid, 4 * 65536))
1316 goto cleanup_wsi;
1317 }
1318
1319 /*
1320 * ah needs attaching to child wsi, even though
1321 * we only fill it from network wsi
1322 */
1323 if (!h2n->swsi->http.ah)
1324 if (lws_header_table_attach(h2n->swsi, 0)) {
1325 lwsl_err("%s: Failed to get ah\n", __func__);
1326 return 1;
1327 }
1328
1329 /*
1330 * The first use of a new stream identifier implicitly closes
1331 * all streams in the "idle" state that might have been
1332 * initiated by that peer with a lower-valued stream identifier.
1333 *
1334 * For example, if a client sends a HEADERS frame on stream 7
1335 * without ever sending a frame on stream 5, then stream 5
1336 * transitions to the "closed" state when the first frame for
1337 * stream 7 is sent or received.
1338 */
1339 lws_start_foreach_ll(struct lws *, w, wsi->mux.child_list) {
1340 if (w->mux.my_sid < h2n->sid &&
1341 w->h2.h2_state == LWS_H2_STATE_IDLE)
1342 lws_close_free_wsi(w, 0, "h2 sid close");
1343 assert(w->mux.sibling_list != w);
1344 } lws_end_foreach_ll(w, mux.sibling_list);
1345
1346 h2n->cont_exp = !(h2n->flags & LWS_H2_FLAG_END_HEADERS);
1347 h2n->cont_exp_sid = h2n->sid;
1348 h2n->cont_exp_headers = 1;
1349 // lws_header_table_reset(h2n->swsi, 0);
1350
1351 update_end_headers:
1352 if (lws_check_opt(h2n->swsi->a.vhost->options,
1353 LWS_SERVER_OPTION_VH_H2_HALF_CLOSED_LONG_POLL)) {
1354
1355 /*
1356 * We don't directly timeout streams that enter the
1357 * half-closed remote state, allowing immortal long
1358 * poll
1359 */
1360 lws_mux_mark_immortal(h2n->swsi);
1361 lwsl_info("%s: %s: h2 stream entering long poll\n",
1362 __func__, lws_wsi_tag(h2n->swsi));
1363
1364 } else {
1365 h2n->swsi->h2.END_STREAM =
1366 !!(h2n->flags & LWS_H2_FLAG_END_STREAM);
1367 lwsl_debug("%s: hdr END_STREAM = %d\n",__func__,
1368 h2n->swsi->h2.END_STREAM);
1369 }
1370
1371 /* no END_HEADERS means CONTINUATION must come */
1372 h2n->swsi->h2.END_HEADERS =
1373 !!(h2n->flags & LWS_H2_FLAG_END_HEADERS);
1374 lwsl_info("%s: %s: END_HEADERS %d\n", __func__, lws_wsi_tag(h2n->swsi),
1375 h2n->swsi->h2.END_HEADERS);
1376 if (h2n->swsi->h2.END_HEADERS)
1377 h2n->cont_exp = 0;
1378 lwsl_debug("END_HEADERS %d\n", h2n->swsi->h2.END_HEADERS);
1379 break;
1380
1381 cleanup_wsi:
1382
1383 return 1;
1384
1385 case LWS_H2_FRAME_TYPE_WINDOW_UPDATE:
1386 if (h2n->length != 4) {
1387 lws_h2_goaway(wsi, H2_ERR_FRAME_SIZE_ERROR,
1388 "window update frame not 4");
1389 break;
1390 }
1391 lwsl_info("LWS_H2_FRAME_TYPE_WINDOW_UPDATE\n");
1392 break;
1393 case LWS_H2_FRAME_TYPE_COUNT:
1394 if (h2n->length == 0)
1395 lws_h2_parse_end_of_frame(wsi);
1396 else
1397 lwsl_debug("%s: going on to deal with unknown frame remaining len %d\n", __func__, (unsigned int)h2n->length);
1398 break;
1399 default:
1400 lwsl_info("%s: ILLEGAL FRAME TYPE %d\n", __func__, h2n->type);
1401 h2n->type = LWS_H2_FRAME_TYPE_COUNT; /* ie, IGNORE */
1402 break;
1403 }
1404 if (h2n->length == 0)
1405 h2n->frame_state = 0;
1406
1407 return 0;
1408 }
1409
1410 static const char * const method_names[] = {
1411 "GET", "POST",
1412 #if defined(LWS_WITH_HTTP_UNCOMMON_HEADERS)
1413 "OPTIONS", "PUT", "PATCH", "DELETE",
1414 #endif
1415 "CONNECT", "HEAD"
1416 };
1417 static unsigned char method_index[] = {
1418 WSI_TOKEN_GET_URI,
1419 WSI_TOKEN_POST_URI,
1420 #if defined(LWS_WITH_HTTP_UNCOMMON_HEADERS)
1421 WSI_TOKEN_OPTIONS_URI,
1422 WSI_TOKEN_PUT_URI,
1423 WSI_TOKEN_PATCH_URI,
1424 WSI_TOKEN_DELETE_URI,
1425 #endif
1426 WSI_TOKEN_CONNECT,
1427 WSI_TOKEN_HEAD_URI,
1428 };
1429
1430 /*
1431 * The last byte of the whole frame has been handled.
1432 * Perform actions for frame completion.
1433 *
1434 * This is the crunch time for parsing that may have occured on a network
1435 * wsi with a pending partial send... we may call lws_http_action() to send
1436 * a response, conflicting with the partial.
1437 *
1438 * So in that case we change the wsi state and do the lws_http_action() in the
1439 * WRITABLE handler as a priority.
1440 */
1441 static int
1442 lws_h2_parse_end_of_frame(struct lws *wsi)
1443 {
1444 struct lws_h2_netconn *h2n = wsi->h2.h2n;
1445 struct lws *eff_wsi = wsi;
1446 const char *p;
1447 int n;
1448
1449 h2n->frame_state = 0;
1450 h2n->count = 0;
1451
1452 if (h2n->sid)
1453 h2n->swsi = lws_wsi_mux_from_id(wsi, h2n->sid);
1454
1455 if (h2n->sid > h2n->highest_sid)
1456 h2n->highest_sid = h2n->sid;
1457
1458 if (h2n->collected_priority && (h2n->dep & ~(1u << 31)) == h2n->sid) {
1459 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, "depends on own sid");
1460 return 0;
1461 }
1462
1463 switch (h2n->type) {
1464
1465 case LWS_H2_FRAME_TYPE_SETTINGS:
1466
1467 #if defined(LWS_WITH_CLIENT)
1468 if (wsi->client_h2_alpn && !wsi->client_mux_migrated &&
1469 !(h2n->flags & LWS_H2_FLAG_SETTINGS_ACK)) {
1470 struct lws_h2_protocol_send *pps;
1471
1472 /* migrate original client ask on to substream 1 */
1473 #if defined(LWS_WITH_FILE_OPS)
1474 wsi->http.fop_fd = NULL;
1475 #endif
1476 lwsl_info("%s: migrating\n", __func__);
1477 wsi->client_mux_migrated = 1;
1478 /*
1479 * we need to treat the headers from the upgrade as the
1480 * first job. So these need to get shifted to sid 1.
1481 */
1482 lws_context_lock(wsi->a.context, "h2 mig");
1483 lws_vhost_lock(wsi->a.vhost);
1484
1485 h2n->swsi = __lws_wsi_server_new(wsi->a.vhost, wsi, 1);
1486
1487 lws_vhost_unlock(wsi->a.vhost);
1488 lws_context_unlock(wsi->a.context);
1489
1490 if (!h2n->swsi)
1491 return 1;
1492 h2n->sid = 1;
1493
1494 assert(lws_wsi_mux_from_id(wsi, 1) == h2n->swsi);
1495
1496 // lws_role_transition(wsi, LWSIFR_CLIENT,
1497 // LRS_H2_WAITING_TO_SEND_HEADERS,
1498 // &role_ops_h2);
1499
1500 lws_role_transition(h2n->swsi, LWSIFR_CLIENT,
1501 LRS_H2_WAITING_TO_SEND_HEADERS,
1502 &role_ops_h2);
1503
1504 /* pass on the initial headers to SID 1 */
1505 h2n->swsi->http.ah = wsi->http.ah;
1506 #if defined(LWS_WITH_SYS_FAULT_INJECTION)
1507 lws_fi_import(&h2n->swsi->fic, &wsi->fic);
1508 #endif
1509 h2n->swsi->client_mux_substream = 1;
1510 h2n->swsi->client_h2_alpn = 1;
1511 #if defined(LWS_WITH_CLIENT)
1512 h2n->swsi->flags = wsi->flags;
1513 #if defined(LWS_WITH_CONMON)
1514 /* sid1 needs to represent the connection experience
1515 * ... we take over responsibility for the DNS list
1516 * copy as well
1517 */
1518 h2n->swsi->conmon = wsi->conmon;
1519 h2n->swsi->conmon_datum = wsi->conmon_datum;
1520 h2n->swsi->sa46_peer = wsi->sa46_peer;
1521 wsi->conmon.dns_results_copy = NULL;
1522 #endif
1523 #endif /* CLIENT */
1524
1525 #if defined(LWS_WITH_SECURE_STREAMS)
1526 if (wsi->for_ss) {
1527 lws_ss_handle_t *h = (lws_ss_handle_t *)lws_get_opaque_user_data(wsi);
1528
1529 h2n->swsi->for_ss = 1;
1530 wsi->for_ss = 0;
1531
1532 if (h->wsi == wsi)
1533 h->wsi = h2n->swsi;
1534 }
1535 #endif
1536
1537 h2n->swsi->a.protocol = wsi->a.protocol;
1538 if (h2n->swsi->user_space &&
1539 !h2n->swsi->user_space_externally_allocated)
1540 lws_free(h2n->swsi->user_space);
1541 h2n->swsi->user_space = wsi->user_space;
1542 h2n->swsi->user_space_externally_allocated =
1543 wsi->user_space_externally_allocated;
1544 h2n->swsi->a.opaque_user_data = wsi->a.opaque_user_data;
1545 wsi->a.opaque_user_data = NULL;
1546 h2n->swsi->txc.manual_initial_tx_credit =
1547 wsi->txc.manual_initial_tx_credit;
1548
1549 #if defined(LWS_WITH_TLS)
1550 lws_strncpy(h2n->swsi->alpn, wsi->alpn,
1551 sizeof(wsi->alpn));
1552 #endif
1553
1554 wsi->user_space = NULL;
1555
1556 if (h2n->swsi->http.ah)
1557 h2n->swsi->http.ah->wsi = h2n->swsi;
1558 wsi->http.ah = NULL;
1559
1560 lwsl_info("%s: MIGRATING nwsi %s -> swsi %s\n", __func__,
1561 lws_wsi_tag(wsi), lws_wsi_tag(h2n->swsi));
1562 h2n->swsi->txc.tx_cr = (int32_t)
1563 h2n->peer_set.s[H2SET_INITIAL_WINDOW_SIZE];
1564 lwsl_info("%s: initial tx credit on %s: %d\n",
1565 __func__, lws_wsi_tag(h2n->swsi),
1566 (int)h2n->swsi->txc.tx_cr);
1567 h2n->swsi->h2.initialized = 1;
1568
1569 /* set our initial window size */
1570 if (!wsi->h2.initialized) {
1571 wsi->txc.tx_cr = (int32_t)
1572 h2n->peer_set.s[H2SET_INITIAL_WINDOW_SIZE];
1573
1574 lwsl_info("%s: initial tx credit for us to "
1575 "write on nwsi %s: %d\n", __func__,
1576 lws_wsi_tag(wsi), (int)wsi->txc.tx_cr);
1577 wsi->h2.initialized = 1;
1578 }
1579
1580 lws_callback_on_writable(h2n->swsi);
1581
1582 if (!wsi->h2_acked_settings ||
1583 !(wsi->flags & LCCSCF_H2_QUIRK_NGHTTP2_END_STREAM)
1584 ) {
1585 pps = lws_h2_new_pps(LWS_H2_PPS_ACK_SETTINGS);
1586 if (!pps)
1587 return 1;
1588 lws_pps_schedule(wsi, pps);
1589 lwsl_info("%s: SETTINGS ack PPS\n", __func__);
1590 wsi->h2_acked_settings = 1;
1591 }
1592
1593 /* also attach any queued guys */
1594
1595 lws_wsi_mux_apply_queue(wsi);
1596 }
1597 #endif
1598 break;
1599
1600 case LWS_H2_FRAME_TYPE_CONTINUATION:
1601 case LWS_H2_FRAME_TYPE_HEADERS:
1602
1603 if (!h2n->swsi)
1604 break;
1605
1606 /* service the http request itself */
1607
1608 if (h2n->last_action_dyntable_resize) {
1609 lws_h2_goaway(wsi, H2_ERR_COMPRESSION_ERROR,
1610 "dyntable resize last in headers");
1611 break;
1612 }
1613
1614 if (!h2n->swsi->h2.END_HEADERS) {
1615 /* we are not finished yet */
1616 lwsl_info("witholding http action for continuation\n");
1617 h2n->cont_exp_sid = h2n->sid;
1618 h2n->cont_exp = 1;
1619 break;
1620 }
1621
1622 /* confirm the hpack stream state is reasonable for finishing */
1623
1624 if (h2n->hpack != HPKS_TYPE) {
1625 /* hpack incomplete */
1626 lwsl_info("hpack incomplete %d (type %d, len %u)\n",
1627 h2n->hpack, h2n->type,
1628 (unsigned int)h2n->hpack_len);
1629 lws_h2_goaway(wsi, H2_ERR_COMPRESSION_ERROR,
1630 "hpack incomplete");
1631 break;
1632 }
1633
1634 /* this is the last part of HEADERS */
1635 switch (h2n->swsi->h2.h2_state) {
1636 case LWS_H2_STATE_IDLE:
1637 lws_h2_state(h2n->swsi, LWS_H2_STATE_OPEN);
1638 break;
1639 case LWS_H2_STATE_RESERVED_REMOTE:
1640 lws_h2_state(h2n->swsi, LWS_H2_STATE_HALF_CLOSED_LOCAL);
1641 break;
1642 }
1643
1644 lwsl_info("http req, %s, h2n->swsi=%s\n", lws_wsi_tag(wsi),
1645 lws_wsi_tag(h2n->swsi));
1646 h2n->swsi->hdr_parsing_completed = 1;
1647
1648 #if defined(LWS_WITH_CLIENT)
1649 if (h2n->swsi->client_mux_substream &&
1650 lws_client_interpret_server_handshake(h2n->swsi)) {
1651 /*
1652 * This is more complicated than it looks, one exit from
1653 * interpret_server_handshake() is to do a close that
1654 * turns into a redirect.
1655 *
1656 * In that case, the wsi survives having being reset
1657 * and detached from any h2 identity. We need to get
1658 * our parents out from touching it any more
1659 */
1660 lwsl_info("%s: cli int serv hs closed, or redir\n", __func__);
1661 return 2;
1662 }
1663 #endif
1664
1665 if (lws_hdr_extant(h2n->swsi, WSI_TOKEN_HTTP_CONTENT_LENGTH)) {
1666 const char *simp = lws_hdr_simple_ptr(h2n->swsi,
1667 WSI_TOKEN_HTTP_CONTENT_LENGTH);
1668
1669 if (!simp) /* coverity */
1670 return 1;
1671 h2n->swsi->http.rx_content_length = (unsigned long long)atoll(simp);
1672 h2n->swsi->http.rx_content_remain =
1673 h2n->swsi->http.rx_content_length;
1674 h2n->swsi->http.content_length_given = 1;
1675 lwsl_info("setting rx_content_length %lld\n",
1676 (long long)h2n->swsi->http.rx_content_length);
1677 }
1678
1679 {
1680 int n = 0, len;
1681 char buf[256];
1682 const unsigned char *c;
1683
1684 do {
1685 c = lws_token_to_string((enum lws_token_indexes)n);
1686 if (!c) {
1687 n++;
1688 continue;
1689 }
1690
1691 len = lws_hdr_total_length(h2n->swsi, (enum lws_token_indexes)n);
1692 if (!len || len > (int)sizeof(buf) - 1) {
1693 n++;
1694 continue;
1695 }
1696
1697 if (lws_hdr_copy(h2n->swsi, buf, sizeof buf,
1698 (enum lws_token_indexes)n) < 0) {
1699 lwsl_info(" %s !oversize!\n",
1700 (char *)c);
1701 } else {
1702 buf[sizeof(buf) - 1] = '\0';
1703
1704 lwsl_info(" %s = %s\n",
1705 (char *)c, buf);
1706 }
1707 n++;
1708 } while (c);
1709 }
1710
1711 if (h2n->swsi->h2.h2_state == LWS_H2_STATE_HALF_CLOSED_REMOTE ||
1712 h2n->swsi->h2.h2_state == LWS_H2_STATE_CLOSED) {
1713 lws_h2_goaway(wsi, H2_ERR_STREAM_CLOSED,
1714 "Banning service on CLOSED_REMOTE");
1715 break;
1716 }
1717
1718 switch (h2n->swsi->h2.h2_state) {
1719 case LWS_H2_STATE_IDLE:
1720 lws_h2_state(h2n->swsi, LWS_H2_STATE_OPEN);
1721 break;
1722 case LWS_H2_STATE_OPEN:
1723 if (h2n->swsi->h2.END_STREAM)
1724 lws_h2_state(h2n->swsi,
1725 LWS_H2_STATE_HALF_CLOSED_REMOTE);
1726 break;
1727 case LWS_H2_STATE_HALF_CLOSED_LOCAL:
1728 if (h2n->swsi->h2.END_STREAM)
1729 /*
1730 * action the END_STREAM
1731 */
1732 lws_h2_state(h2n->swsi, LWS_H2_STATE_CLOSED);
1733 break;
1734 }
1735
1736 #if defined(LWS_WITH_CLIENT)
1737
1738 /*
1739 * If we already had the END_STREAM along with the END_HEADERS,
1740 * we have already transitioned to STATE_CLOSED and we are not
1741 * going to be doing anything further on this stream.
1742 *
1743 * In that case handle the transaction completion and
1744 * finalize the stream for the peer
1745 */
1746
1747 if (h2n->swsi->h2.h2_state == LWS_H2_STATE_CLOSED &&
1748 h2n->swsi->client_mux_substream) {
1749
1750 lws_h2_rst_stream(h2n->swsi, H2_ERR_NO_ERROR,
1751 "client done");
1752
1753 if (lws_http_transaction_completed_client(h2n->swsi))
1754 lwsl_debug("tx completed returned close\n");
1755 break;
1756 }
1757
1758 if (h2n->swsi->client_mux_substream) {
1759 lwsl_info("%s: %s: headers: client path (h2 state %s)\n",
1760 __func__, lws_wsi_tag(wsi),
1761 h2_state_names[h2n->swsi->h2.h2_state]);
1762 break;
1763 }
1764 #endif
1765
1766 if (!lws_hdr_total_length(h2n->swsi, WSI_TOKEN_HTTP_COLON_PATH) ||
1767 !lws_hdr_total_length(h2n->swsi, WSI_TOKEN_HTTP_COLON_METHOD) ||
1768 !lws_hdr_total_length(h2n->swsi, WSI_TOKEN_HTTP_COLON_SCHEME) ||
1769 lws_hdr_total_length(h2n->swsi, WSI_TOKEN_HTTP_COLON_STATUS) ||
1770 lws_hdr_extant(h2n->swsi, WSI_TOKEN_CONNECTION)) {
1771 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1772 "Pseudoheader checks");
1773 break;
1774 }
1775
1776 if (lws_hdr_extant(h2n->swsi, WSI_TOKEN_TE)) {
1777 n = lws_hdr_total_length(h2n->swsi, WSI_TOKEN_TE);
1778
1779 if (n != 8 ||
1780 !lws_hdr_simple_ptr(h2n->swsi, WSI_TOKEN_TE) ||
1781 strncmp(lws_hdr_simple_ptr(h2n->swsi, WSI_TOKEN_TE),
1782 "trailers", (unsigned int)n)) {
1783 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1784 "Illegal transfer-encoding");
1785 break;
1786 }
1787 }
1788
1789 #if defined(LWS_WITH_HTTP_STREAM_COMPRESSION)
1790 lws_http_compression_validate(h2n->swsi);
1791 #endif
1792
1793 p = lws_hdr_simple_ptr(h2n->swsi, WSI_TOKEN_HTTP_COLON_METHOD);
1794 /*
1795 * duplicate :path into the individual method uri header
1796 * index, so that it looks the same as h1 in the ah
1797 */
1798 for (n = 0; n < (int)LWS_ARRAY_SIZE(method_names); n++)
1799 if (p && !strcasecmp(p, method_names[n])) {
1800 h2n->swsi->http.ah->frag_index[method_index[n]] =
1801 h2n->swsi->http.ah->frag_index[
1802 WSI_TOKEN_HTTP_COLON_PATH];
1803 break;
1804 }
1805
1806 {
1807 lwsl_debug("%s: setting DEF_ACT from 0x%x\n", __func__,
1808 (unsigned int)h2n->swsi->wsistate);
1809 lwsi_set_state(h2n->swsi, LRS_DEFERRING_ACTION);
1810 lws_callback_on_writable(h2n->swsi);
1811 }
1812 break;
1813
1814 case LWS_H2_FRAME_TYPE_DATA:
1815 lwsl_info("%s: DATA flags 0x%x\n", __func__, h2n->flags);
1816 if (!h2n->swsi)
1817 break;
1818
1819 if (lws_hdr_total_length(h2n->swsi,
1820 WSI_TOKEN_HTTP_CONTENT_LENGTH) &&
1821 h2n->swsi->h2.END_STREAM &&
1822 h2n->swsi->http.rx_content_length &&
1823 h2n->swsi->http.rx_content_remain) {
1824 lws_h2_rst_stream(h2n->swsi, H2_ERR_PROTOCOL_ERROR,
1825 "Not enough rx content");
1826 break;
1827 }
1828
1829 if (h2n->swsi->h2.END_STREAM &&
1830 h2n->swsi->h2.h2_state == LWS_H2_STATE_OPEN)
1831 lws_h2_state(h2n->swsi,
1832 LWS_H2_STATE_HALF_CLOSED_REMOTE);
1833
1834 if (h2n->swsi->h2.END_STREAM &&
1835 h2n->swsi->h2.h2_state == LWS_H2_STATE_HALF_CLOSED_LOCAL)
1836 lws_h2_state(h2n->swsi, LWS_H2_STATE_CLOSED);
1837
1838 #if defined(LWS_WITH_CLIENT)
1839 /*
1840 * client... remote END_STREAM implies we weren't going to
1841 * send anything else anyway.
1842 */
1843
1844 if (h2n->swsi->client_mux_substream &&
1845 (h2n->flags & LWS_H2_FLAG_END_STREAM)) {
1846 lwsl_info("%s: %s: DATA: end stream\n",
1847 __func__, lws_wsi_tag(h2n->swsi));
1848
1849 if (h2n->swsi->h2.h2_state == LWS_H2_STATE_OPEN) {
1850 lws_h2_state(h2n->swsi,
1851 LWS_H2_STATE_HALF_CLOSED_REMOTE);
1852 // lws_h2_rst_stream(h2n->swsi, H2_ERR_NO_ERROR,
1853 // "client done");
1854
1855 // if (lws_http_transaction_completed_client(h2n->swsi))
1856 // lwsl_debug("tx completed returned close\n");
1857 }
1858
1859 //if (h2n->swsi->h2.h2_state == LWS_H2_STATE_HALF_CLOSED_LOCAL)
1860 {
1861 lws_h2_state(h2n->swsi, LWS_H2_STATE_CLOSED);
1862
1863 lws_h2_rst_stream(h2n->swsi, H2_ERR_NO_ERROR,
1864 "client done");
1865
1866 if (lws_http_transaction_completed_client(h2n->swsi))
1867 lwsl_debug("tx completed returned close\n");
1868 }
1869 }
1870 #endif
1871 break;
1872
1873 case LWS_H2_FRAME_TYPE_PING:
1874 if (h2n->flags & LWS_H2_FLAG_SETTINGS_ACK)
1875 lws_validity_confirmed(wsi);
1876 else {
1877 /* they're sending us a ping request */
1878 struct lws_h2_protocol_send *pps =
1879 lws_h2_new_pps(LWS_H2_PPS_PONG);
1880 if (!pps)
1881 return 1;
1882
1883 lwsl_info("rx ping, preparing pong\n");
1884
1885 memcpy(pps->u.ping.ping_payload, h2n->ping_payload, 8);
1886 lws_pps_schedule(wsi, pps);
1887 }
1888
1889 break;
1890
1891 case LWS_H2_FRAME_TYPE_WINDOW_UPDATE:
1892 /*
1893 * We only have an unsigned 31-bit (positive) increment possible
1894 */
1895 h2n->hpack_e_dep &= ~(1u << 31);
1896 lwsl_info("WINDOW_UPDATE: sid %u %u (0x%x)\n",
1897 (unsigned int)h2n->sid,
1898 (unsigned int)h2n->hpack_e_dep,
1899 (unsigned int)h2n->hpack_e_dep);
1900
1901 if (h2n->sid)
1902 eff_wsi = h2n->swsi;
1903
1904 if (!eff_wsi) {
1905 if (h2n->sid > h2n->highest_sid_opened)
1906 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1907 "alien sid");
1908 break; /* ignore */
1909 }
1910
1911 if (eff_wsi->a.vhost->options &
1912 LWS_SERVER_OPTION_H2_JUST_FIX_WINDOW_UPDATE_OVERFLOW &&
1913 (uint64_t)eff_wsi->txc.tx_cr + (uint64_t)h2n->hpack_e_dep >
1914 (uint64_t)0x7fffffff)
1915 h2n->hpack_e_dep = (uint32_t)(0x7fffffff - eff_wsi->txc.tx_cr);
1916
1917 if ((uint64_t)eff_wsi->txc.tx_cr + (uint64_t)h2n->hpack_e_dep >
1918 (uint64_t)0x7fffffff) {
1919 lwsl_warn("%s: WINDOW_UPDATE 0x%llx + 0x%llx = 0x%llx, too high\n",
1920 __func__, (unsigned long long)eff_wsi->txc.tx_cr,
1921 (unsigned long long)h2n->hpack_e_dep,
1922 (unsigned long long)eff_wsi->txc.tx_cr + (unsigned long long)h2n->hpack_e_dep);
1923 if (h2n->sid)
1924 lws_h2_rst_stream(h2n->swsi,
1925 H2_ERR_FLOW_CONTROL_ERROR,
1926 "Flow control exceeded max");
1927 else
1928 lws_h2_goaway(wsi, H2_ERR_FLOW_CONTROL_ERROR,
1929 "Flow control exceeded max");
1930 break;
1931 }
1932
1933 if (!h2n->hpack_e_dep) {
1934 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
1935 "Zero length window update");
1936 break;
1937 }
1938 n = eff_wsi->txc.tx_cr;
1939 eff_wsi->txc.tx_cr += (int32_t)h2n->hpack_e_dep;
1940
1941 lws_wsi_txc_report_manual_txcr_in(eff_wsi,
1942 (int32_t)h2n->hpack_e_dep);
1943
1944 lws_wsi_txc_describe(&eff_wsi->txc, "WINDOW_UPDATE in",
1945 eff_wsi->mux.my_sid);
1946
1947 if (n <= 0 && eff_wsi->txc.tx_cr <= 0)
1948 /* it helps, but won't change sendability for anyone */
1949 break;
1950
1951 /*
1952 * It may have changed sendability (depends on SID 0 tx credit
1953 * too)... for us and any children waiting on us... reassess
1954 * blockage for all children first
1955 */
1956 lws_start_foreach_ll(struct lws *, w, wsi->mux.child_list) {
1957 lws_callback_on_writable(w);
1958 } lws_end_foreach_ll(w, mux.sibling_list);
1959
1960 if (eff_wsi->txc.skint &&
1961 !lws_wsi_txc_check_skint(&eff_wsi->txc,
1962 lws_h2_tx_cr_get(eff_wsi)))
1963 /*
1964 * This one became un-skint, schedule a writeable
1965 * callback
1966 */
1967 lws_callback_on_writable(eff_wsi);
1968
1969 break;
1970
1971 case LWS_H2_FRAME_TYPE_GOAWAY:
1972 lwsl_notice("GOAWAY: last sid %u, error 0x%08X, string '%s'\n",
1973 (unsigned int)h2n->goaway_last_sid,
1974 (unsigned int)h2n->goaway_err, h2n->goaway_str);
1975
1976 return 1;
1977
1978 case LWS_H2_FRAME_TYPE_RST_STREAM:
1979 lwsl_info("LWS_H2_FRAME_TYPE_RST_STREAM: sid %u: reason 0x%x\n",
1980 (unsigned int)h2n->sid,
1981 (unsigned int)h2n->hpack_e_dep);
1982 break;
1983
1984 case LWS_H2_FRAME_TYPE_COUNT: /* IGNORING FRAME */
1985 break;
1986 }
1987
1988 return 0;
1989 }
1990
1991 /*
1992 * This may want to send something on the network wsi, which may be in the
1993 * middle of a partial send. PPS sends are OK because they are queued to
1994 * go through the WRITABLE handler already.
1995 *
1996 * The read parser for the network wsi has no choice but to parse its stream
1997 * anyway, because otherwise it will not be able to get tx credit window
1998 * messages.
1999 *
2000 * Therefore if we will send non-PPS, ie, lws_http_action() for a stream
2001 * wsi, we must change its state and handle it as a priority in the
2002 * POLLOUT handler instead of writing it here.
2003 *
2004 * About closing... for the main network wsi, it should return nonzero to
2005 * close it all. If it needs to close an swsi, it can do it here.
2006 */
2007 int
2008 lws_h2_parser(struct lws *wsi, unsigned char *in, lws_filepos_t _inlen,
2009 lws_filepos_t *inused)
2010 {
2011 struct lws_h2_netconn *h2n = wsi->h2.h2n;
2012 struct lws_h2_protocol_send *pps;
2013 unsigned char c, *oldin = in, *iend = in + (size_t)_inlen;
2014 int n, m;
2015
2016 if (!h2n)
2017 goto fail;
2018
2019 while (in < iend) {
2020
2021 c = *in++;
2022
2023 switch (lwsi_state(wsi)) {
2024 case LRS_H2_AWAIT_PREFACE:
2025 if (preface[h2n->count++] != c)
2026 goto fail;
2027
2028 if (preface[h2n->count])
2029 break;
2030
2031 lwsl_info("http2: %s: established\n", lws_wsi_tag(wsi));
2032 lwsi_set_state(wsi, LRS_H2_AWAIT_SETTINGS);
2033 lws_validity_confirmed(wsi);
2034 h2n->count = 0;
2035 wsi->txc.tx_cr = 65535;
2036
2037 /*
2038 * we must send a settings frame -- empty one is OK...
2039 * that must be the first thing sent by server
2040 * and the peer must send a SETTINGS with ACK flag...
2041 */
2042 pps = lws_h2_new_pps(LWS_H2_PPS_MY_SETTINGS);
2043 if (!pps)
2044 goto fail;
2045 lws_pps_schedule(wsi, pps);
2046 break;
2047
2048 case LRS_H2_WAITING_TO_SEND_HEADERS:
2049 case LRS_ESTABLISHED:
2050 case LRS_H2_AWAIT_SETTINGS:
2051
2052 if (h2n->frame_state != LWS_H2_FRAME_HEADER_LENGTH)
2053 goto try_frame_start;
2054
2055 /*
2056 * post-header, preamble / payload / padding part
2057 */
2058 h2n->count++;
2059
2060 if (h2n->type == LWS_H2_FRAME_TYPE_COUNT) { /* IGNORING FRAME */
2061 //lwsl_debug("%s: consuming for ignored %u %u\n", __func__, (unsigned int)h2n->count, (unsigned int)h2n->length);
2062 goto frame_end;
2063 }
2064
2065
2066 if (h2n->flags & LWS_H2_FLAG_PADDED &&
2067 !h2n->pad_length) {
2068 /*
2069 * Get the padding count... actual padding is
2070 * at the end of the frame.
2071 */
2072 h2n->padding = c;
2073 h2n->pad_length = 1;
2074 h2n->preamble++;
2075
2076 if (h2n->padding > h2n->length - 1)
2077 lws_h2_goaway(wsi,
2078 H2_ERR_PROTOCOL_ERROR,
2079 "execssive padding");
2080 break; /* we consumed this */
2081 }
2082
2083 if (h2n->flags & LWS_H2_FLAG_PRIORITY &&
2084 !h2n->collected_priority) {
2085 /* going to be 5 preamble bytes */
2086
2087 lwsl_debug("PRIORITY FLAG: 0x%x\n", c);
2088
2089 if (h2n->preamble++ - h2n->pad_length < 4) {
2090 h2n->dep = ((h2n->dep) << 8) | c;
2091 break; /* we consumed this */
2092 }
2093 h2n->weight_temp = c;
2094 h2n->collected_priority = 1;
2095 lwsl_debug("PRI FL: dep 0x%x, weight 0x%02X\n",
2096 (unsigned int)h2n->dep,
2097 h2n->weight_temp);
2098 break; /* we consumed this */
2099 }
2100 if (h2n->padding && h2n->count >
2101 (h2n->length - h2n->padding)) {
2102 if (c) {
2103 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
2104 "nonzero padding");
2105 break;
2106 }
2107 goto frame_end;
2108 }
2109
2110 /* applies to wsi->h2.swsi which may be wsi */
2111 switch(h2n->type) {
2112
2113 case LWS_H2_FRAME_TYPE_SETTINGS:
2114 n = (int)(h2n->count - 1u - h2n->preamble) %
2115 LWS_H2_SETTINGS_LEN;
2116 h2n->one_setting[n] = c;
2117 if (n != LWS_H2_SETTINGS_LEN - 1)
2118 break;
2119 lws_h2_settings(wsi, &h2n->peer_set,
2120 h2n->one_setting,
2121 LWS_H2_SETTINGS_LEN);
2122 break;
2123
2124 case LWS_H2_FRAME_TYPE_CONTINUATION:
2125 case LWS_H2_FRAME_TYPE_HEADERS:
2126 if (!h2n->swsi)
2127 break;
2128 if (lws_hpack_interpret(h2n->swsi, c)) {
2129 lwsl_info("%s: hpack failed\n",
2130 __func__);
2131 goto fail;
2132 }
2133 break;
2134
2135 case LWS_H2_FRAME_TYPE_GOAWAY:
2136 switch (h2n->inside++) {
2137 case 0:
2138 case 1:
2139 case 2:
2140 case 3:
2141 h2n->goaway_last_sid <<= 8;
2142 h2n->goaway_last_sid |= c;
2143 h2n->goaway_str[0] = '\0';
2144 break;
2145
2146 case 4:
2147 case 5:
2148 case 6:
2149 case 7:
2150 h2n->goaway_err <<= 8;
2151 h2n->goaway_err |= c;
2152 break;
2153
2154 default:
2155 if (h2n->inside - 9 <
2156 sizeof(h2n->goaway_str) - 1)
2157 h2n->goaway_str[
2158 h2n->inside - 9] = (char)c;
2159 h2n->goaway_str[
2160 sizeof(h2n->goaway_str) - 1] = '\0';
2161 break;
2162 }
2163 break;
2164
2165 case LWS_H2_FRAME_TYPE_DATA:
2166
2167 // lwsl_info("%s: LWS_H2_FRAME_TYPE_DATA: fl 0x%x\n",
2168 // __func__, h2n->flags);
2169
2170 /*
2171 * let the network wsi live a bit longer if
2172 * subs are active... our frame may take a long
2173 * time to chew through
2174 */
2175 if (!wsi->immortal_substream_count)
2176 lws_set_timeout(wsi,
2177 PENDING_TIMEOUT_HTTP_KEEPALIVE_IDLE,
2178 wsi->a.vhost->keepalive_timeout ?
2179 wsi->a.vhost->keepalive_timeout : 31);
2180
2181 if (!h2n->swsi)
2182 break;
2183
2184 if (lws_buflist_next_segment_len(
2185 &h2n->swsi->buflist, NULL))
2186 lwsl_info("%s: substream has pending\n",
2187 __func__);
2188
2189 if (lwsi_role_http(h2n->swsi) &&
2190 lwsi_state(h2n->swsi) == LRS_ESTABLISHED) {
2191 lwsi_set_state(h2n->swsi, LRS_BODY);
2192 lwsl_info("%s: %s to LRS_BODY\n",
2193 __func__, lws_wsi_tag(h2n->swsi));
2194 }
2195
2196 /*
2197 * in + length may cover multiple frames, we
2198 * can only consider the length of the DATA
2199 * in front of us
2200 */
2201
2202 if (lws_hdr_total_length(h2n->swsi,
2203 WSI_TOKEN_HTTP_CONTENT_LENGTH) &&
2204 h2n->swsi->http.rx_content_length &&
2205 h2n->swsi->http.rx_content_remain <
2206 h2n->length && /* last */
2207 h2n->inside < h2n->length) {
2208
2209 lwsl_warn("%s: %lu %lu %lu %lu\n", __func__,
2210 (unsigned long)h2n->swsi->http.rx_content_remain,
2211 (unsigned long)(lws_ptr_diff_size_t(iend, in) + 1),
2212 (unsigned long)h2n->inside, (unsigned long)h2n->length);
2213
2214 /* unread data in frame */
2215 lws_h2_goaway(wsi,
2216 H2_ERR_PROTOCOL_ERROR,
2217 "More rx than content_length told");
2218 break;
2219 }
2220
2221 /*
2222 * We operate on a frame. The RX we have at
2223 * hand may exceed the current frame.
2224 */
2225
2226 n = (int)lws_ptr_diff_size_t(iend, in) + 1;
2227 if (n > (int)(h2n->length - h2n->count + 1)) {
2228 if (h2n->count > h2n->length)
2229 goto close_swsi_and_return;
2230 n = (int)(h2n->length - h2n->count) + 1;
2231 lwsl_debug("---- restricting len to %d "
2232 "\n", n);
2233 }
2234 #if defined(LWS_WITH_CLIENT)
2235 if (h2n->swsi->client_mux_substream) {
2236 if (!h2n->swsi->a.protocol) {
2237 lwsl_err("%s: %p doesn't have protocol\n",
2238 __func__, lws_wsi_tag(h2n->swsi));
2239 m = 1;
2240 } else {
2241 h2n->swsi->txc.peer_tx_cr_est -= n;
2242 wsi->txc.peer_tx_cr_est -= n;
2243 lws_wsi_txc_describe(&h2n->swsi->txc,
2244 __func__,
2245 h2n->swsi->mux.my_sid);
2246 m = user_callback_handle_rxflow(
2247 h2n->swsi->a.protocol->callback,
2248 h2n->swsi,
2249 LWS_CALLBACK_RECEIVE_CLIENT_HTTP_READ,
2250 h2n->swsi->user_space,
2251 in - 1, (unsigned int)n);
2252 }
2253
2254 in += n - 1;
2255 h2n->inside += (unsigned int)n;
2256 h2n->count += (unsigned int)n - 1;
2257
2258 if (m) {
2259 lwsl_info("RECEIVE_CLIENT_HTTP "
2260 "closed it\n");
2261 goto close_swsi_and_return;
2262 }
2263
2264 goto do_windows;
2265 }
2266 #endif
2267 if (lwsi_state(h2n->swsi) == LRS_DEFERRING_ACTION) {
2268 m = lws_buflist_append_segment(
2269 &h2n->swsi->buflist, in - 1, (unsigned int)n);
2270 if (m < 0)
2271 return -1;
2272
2273 /*
2274 * Since we're in an open-ended
2275 * DEFERRING_ACTION, don't add this swsi
2276 * to the pt list of wsi holding buflist
2277 * content yet, we are not in a position
2278 * to consume it until we get out of
2279 * DEFERRING_ACTION.
2280 */
2281
2282 in += n - 1;
2283 h2n->inside += (unsigned int)n;
2284 h2n->count += (unsigned int)n - 1;
2285
2286 lwsl_debug("%s: deferred %d\n", __func__, n);
2287 goto do_windows;
2288 }
2289
2290 h2n->swsi->outer_will_close = 1;
2291 /*
2292 * choose the length for this go so that we end at
2293 * the frame boundary, in the case there is already
2294 * more waiting leave it for next time around
2295 */
2296
2297 n = lws_read_h1(h2n->swsi, in - 1, (unsigned int)n);
2298 // lwsl_notice("%s: lws_read_h1 %d\n", __func__, n);
2299 h2n->swsi->outer_will_close = 0;
2300 /*
2301 * can return 0 in POST body with
2302 * content len exhausted somehow.
2303 */
2304 if (n < 0 ||
2305 (!n && h2n->swsi->http.content_length_given && !lws_buflist_next_segment_len(
2306 &wsi->buflist, NULL))) {
2307 lwsl_info("%s: lws_read_h1 told %d %u / %u\n",
2308 __func__, n,
2309 (unsigned int)h2n->count,
2310 (unsigned int)h2n->length);
2311 in += h2n->length - h2n->count;
2312 h2n->inside = h2n->length;
2313 h2n->count = h2n->length - 1;
2314
2315 //if (n < 0)
2316 // goto already_closed_swsi;
2317 goto close_swsi_and_return;
2318 }
2319
2320 lwsl_info("%s: lws_read_h1 telling %d %u / %u\n",
2321 __func__, n,
2322 (unsigned int)h2n->count,
2323 (unsigned int)h2n->length);
2324
2325 in += (unsigned int)n - 1;
2326 h2n->inside += (unsigned int)n;
2327 h2n->count += (unsigned int)n - 1;
2328
2329 h2n->swsi->txc.peer_tx_cr_est -= n;
2330 wsi->txc.peer_tx_cr_est -= n;
2331
2332 do_windows:
2333
2334 #if defined(LWS_WITH_CLIENT)
2335 if (!(h2n->swsi->flags & LCCSCF_H2_MANUAL_RXFLOW))
2336 #endif
2337 {
2338 /*
2339 * The default behaviour is we just keep
2340 * cranking the other side's tx credit
2341 * back up, for simple bulk transfer as
2342 * fast as we can take it
2343 */
2344
2345 m = n + 65536;
2346
2347 /* update both the stream and nwsi */
2348
2349 lws_h2_update_peer_txcredit_thresh(h2n->swsi,
2350 h2n->sid, m, m);
2351 }
2352 #if defined(LWS_WITH_CLIENT)
2353 else {
2354 /*
2355 * If he's handling it himself, only
2356 * repair the nwsi credit but allow the
2357 * stream credit to run down until the
2358 * user code deals with it
2359 */
2360 lws_h2_update_peer_txcredit(wsi, 0, n);
2361 h2n->swsi->txc.manual = 1;
2362 }
2363 #endif
2364 break;
2365
2366 case LWS_H2_FRAME_TYPE_PRIORITY:
2367 if (h2n->count <= 4) {
2368 h2n->dep <<= 8;
2369 h2n->dep |= c;
2370 break;
2371 }
2372 h2n->weight_temp = c;
2373 lwsl_info("PRIORITY: dep 0x%x, weight 0x%02X\n",
2374 (unsigned int)h2n->dep, h2n->weight_temp);
2375
2376 if ((h2n->dep & ~(1u << 31)) == h2n->sid) {
2377 lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR,
2378 "cant depend on own sid");
2379 break;
2380 }
2381 break;
2382
2383 case LWS_H2_FRAME_TYPE_RST_STREAM:
2384 h2n->hpack_e_dep <<= 8;
2385 h2n->hpack_e_dep |= c;
2386 break;
2387
2388 case LWS_H2_FRAME_TYPE_PUSH_PROMISE:
2389 break;
2390
2391 case LWS_H2_FRAME_TYPE_PING:
2392 if (h2n->flags & LWS_H2_FLAG_SETTINGS_ACK) { // ack
2393 } else { /* they're sending us a ping request */
2394 if (h2n->count > 8)
2395 return 1;
2396 h2n->ping_payload[h2n->count - 1] = c;
2397 }
2398 break;
2399
2400 case LWS_H2_FRAME_TYPE_WINDOW_UPDATE:
2401 h2n->hpack_e_dep <<= 8;
2402 h2n->hpack_e_dep |= c;
2403 break;
2404
2405 case LWS_H2_FRAME_TYPE_COUNT: /* IGNORING FRAME */
2406 //lwsl_debug("%s: consuming for ignored %u %u\n", __func__, (unsigned int)h2n->count, (unsigned int)h2n->length);
2407 h2n->count++;
2408 break;
2409
2410 default:
2411 lwsl_notice("%s: unhandled frame type %d\n",
2412 __func__, h2n->type);
2413
2414 goto fail;
2415 }
2416
2417 frame_end:
2418 if (h2n->count > h2n->length) {
2419 lwsl_notice("%s: count > length %u %u (type %d)\n",
2420 __func__, (unsigned int)h2n->count,
2421 (unsigned int)h2n->length, h2n->type);
2422
2423 } else
2424 if (h2n->count != h2n->length)
2425 break;
2426
2427 /*
2428 * end of frame just happened
2429 */
2430 n = lws_h2_parse_end_of_frame(wsi);
2431 if (n == 2) {
2432 *inused = (lws_filepos_t)lws_ptr_diff_size_t(in, oldin);
2433
2434 return 2;
2435 }
2436 if (n)
2437 goto fail;
2438
2439 break;
2440
2441 try_frame_start:
2442 if (h2n->frame_state <= 8) {
2443
2444 switch (h2n->frame_state++) {
2445 case 0:
2446 h2n->pad_length = 0;
2447 h2n->collected_priority = 0;
2448 h2n->padding = 0;
2449 h2n->preamble = 0;
2450 h2n->length = c;
2451 h2n->inside = 0;
2452 break;
2453 case 1:
2454 case 2:
2455 h2n->length <<= 8;
2456 h2n->length |= c;
2457 break;
2458 case 3:
2459 h2n->type = c;
2460 break;
2461 case 4:
2462 h2n->flags = c;
2463 break;
2464
2465 case 5:
2466 case 6:
2467 case 7:
2468 case 8:
2469 h2n->sid <<= 8;
2470 h2n->sid |= c;
2471 break;
2472 }
2473 }
2474
2475 if (h2n->frame_state == LWS_H2_FRAME_HEADER_LENGTH &&
2476 lws_h2_parse_frame_header(wsi))
2477 goto fail;
2478 break;
2479
2480 default:
2481 if (h2n->type == LWS_H2_FRAME_TYPE_COUNT) { /* IGNORING FRAME */
2482 //lwsl_debug("%s: consuming for ignored %u %u\n", __func__, (unsigned int)h2n->count, (unsigned int)h2n->length);
2483 h2n->count++;
2484 }
2485 break;
2486 }
2487 }
2488
2489 *inused = (lws_filepos_t)lws_ptr_diff_size_t(in, oldin);
2490
2491 return 0;
2492
2493 close_swsi_and_return:
2494
2495 lws_close_free_wsi(h2n->swsi, 0, "close_swsi_and_return");
2496 h2n->swsi = NULL;
2497 h2n->frame_state = 0;
2498 h2n->count = 0;
2499
2500 // already_closed_swsi:
2501 *inused = (lws_filepos_t)lws_ptr_diff_size_t(in, oldin);
2502
2503 return 2;
2504
2505 fail:
2506 *inused = (lws_filepos_t)lws_ptr_diff_size_t(in, oldin);
2507
2508 return 1;
2509 }
2510
2511 #if defined(LWS_WITH_CLIENT)
2512 int
2513 lws_h2_client_handshake(struct lws *wsi)
2514 {
2515 struct lws_context_per_thread *pt = &wsi->a.context->pt[(int)wsi->tsi];
2516 uint8_t *buf, *start, *p, *p1, *end;
2517 char *meth = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_METHOD),
2518 *uri = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_URI), *simp;
2519 struct lws *nwsi = lws_get_network_wsi(wsi);
2520 const char *path = "/";
2521 int n, m;
2522 /*
2523 * The identifier of a newly established stream MUST be numerically
2524 * greater than all streams that the initiating endpoint has opened or
2525 * reserved. This governs streams that are opened using a HEADERS frame
2526 * and streams that are reserved using PUSH_PROMISE. An endpoint that
2527 * receives an unexpected stream identifier MUST respond with a
2528 * connection error (Section 5.4.1) of type PROTOCOL_ERROR.
2529 */
2530 unsigned int sid = nwsi->h2.h2n->highest_sid_opened + 2;
2531
2532 lwsl_debug("%s\n", __func__);
2533
2534 /*
2535 * We MUST allocate our sid here at the point we're about to send the
2536 * stream open. It's because we don't know the order in which multiple
2537 * open streams will send their headers... in h2, sending the headers
2538 * is the point the stream is opened. The peer requires that we only
2539 * open streams in ascending sid order
2540 */
2541
2542 wsi->mux.my_sid = nwsi->h2.h2n->highest_sid_opened = sid;
2543 lwsl_info("%s: %s: assigning SID %d at header send\n", __func__,
2544 lws_wsi_tag(wsi), sid);
2545
2546
2547 lwsl_info("%s: CLIENT_WAITING_TO_SEND_HEADERS: pollout (sid %d)\n",
2548 __func__, wsi->mux.my_sid);
2549
2550 p = start = buf = pt->serv_buf + LWS_PRE;
2551 end = start + (wsi->a.context->pt_serv_buf_size / 2) - LWS_PRE - 1;
2552
2553 /* it's time for us to send our client stream headers */
2554
2555 if (!meth)
2556 meth = "GET";
2557
2558 /* h2 pseudoheaders must be in a bunch at the start */
2559
2560 if (lws_add_http_header_by_token(wsi,
2561 WSI_TOKEN_HTTP_COLON_METHOD,
2562 (unsigned char *)meth,
2563 (int)strlen(meth), &p, end))
2564 goto fail_length;
2565
2566 if (lws_add_http_header_by_token(wsi,
2567 WSI_TOKEN_HTTP_COLON_SCHEME,
2568 (unsigned char *)"https", 5,
2569 &p, end))
2570 goto fail_length;
2571
2572
2573 n = lws_hdr_total_length(wsi, _WSI_TOKEN_CLIENT_URI);
2574 if (n)
2575 path = uri;
2576 else
2577 if (wsi->stash && wsi->stash->cis[CIS_PATH]) {
2578 path = wsi->stash->cis[CIS_PATH];
2579 n = (int)strlen(path);
2580 } else
2581 n = 1;
2582
2583 if (n > 1 && path[0] == '/' && path[1] == '/') {
2584 path++;
2585 n--;
2586 }
2587
2588 if (n && lws_add_http_header_by_token(wsi,
2589 WSI_TOKEN_HTTP_COLON_PATH,
2590 (unsigned char *)path, n, &p, end))
2591 goto fail_length;
2592
2593 n = lws_hdr_total_length(wsi, _WSI_TOKEN_CLIENT_HOST);
2594 simp = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_HOST);
2595 if (!n && wsi->stash && wsi->stash->cis[CIS_ADDRESS]) {
2596 n = (int)strlen(wsi->stash->cis[CIS_ADDRESS]);
2597 simp = wsi->stash->cis[CIS_ADDRESS];
2598 }
2599
2600 // n = lws_hdr_total_length(wsi, _WSI_TOKEN_CLIENT_ORIGIN);
2601 // simp = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_ORIGIN);
2602 #if 0
2603 if (n && simp && lws_add_http_header_by_token(wsi,
2604 WSI_TOKEN_HTTP_COLON_AUTHORITY,
2605 (unsigned char *)simp, n, &p, end))
2606 goto fail_length;
2607 #endif
2608
2609
2610 if (/*!wsi->client_h2_alpn && */n && simp &&
2611 lws_add_http_header_by_token(wsi, WSI_TOKEN_HOST,
2612 (unsigned char *)simp, n, &p, end))
2613 goto fail_length;
2614
2615
2616 if (wsi->flags & LCCSCF_HTTP_MULTIPART_MIME) {
2617 p1 = lws_http_multipart_headers(wsi, p);
2618 if (!p1)
2619 goto fail_length;
2620 p = p1;
2621 }
2622
2623 if (wsi->flags & LCCSCF_HTTP_X_WWW_FORM_URLENCODED) {
2624 if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CONTENT_TYPE,
2625 (unsigned char *)"application/x-www-form-urlencoded",
2626 33, &p, end))
2627 goto fail_length;
2628 lws_client_http_body_pending(wsi, 1);
2629 }
2630
2631 /* give userland a chance to append, eg, cookies */
2632
2633 #if defined(LWS_WITH_CACHE_NSCOOKIEJAR) && defined(LWS_WITH_CLIENT)
2634 if (wsi->flags & LCCSCF_CACHE_COOKIES)
2635 lws_cookie_send_cookies(wsi, (char **)&p, (char *)end);
2636 #endif
2637
2638 if (wsi->a.protocol->callback(wsi,
2639 LWS_CALLBACK_CLIENT_APPEND_HANDSHAKE_HEADER,
2640 wsi->user_space, &p, lws_ptr_diff_size_t(end, p) - 12))
2641 goto fail_length;
2642
2643 if (lws_finalize_http_header(wsi, &p, end))
2644 goto fail_length;
2645
2646 m = LWS_WRITE_HTTP_HEADERS;
2647 #if defined(LWS_WITH_CLIENT)
2648 /* below is not needed in spec, indeed it destroys the long poll
2649 * feature, but required by nghttp2 */
2650 if ((wsi->flags & LCCSCF_H2_QUIRK_NGHTTP2_END_STREAM) &&
2651 !(wsi->client_http_body_pending || lws_has_buffered_out(wsi)))
2652 m |= LWS_WRITE_H2_STREAM_END;
2653 #endif
2654
2655 // lwsl_hexdump_notice(start, p - start);
2656
2657 n = lws_write(wsi, start, lws_ptr_diff_size_t(p, start), (enum lws_write_protocol)m);
2658
2659 if (n != lws_ptr_diff(p, start)) {
2660 lwsl_err("_write returned %d from %ld\n", n,
2661 (long)(p - start));
2662 return -1;
2663 }
2664
2665 /*
2666 * Normally let's charge up the peer tx credit a bit. But if
2667 * MANUAL_REFLOW is set, just set it to the initial credit given in
2668 * the client create info
2669 */
2670
2671 n = 4 * 65536;
2672 if (wsi->flags & LCCSCF_H2_MANUAL_RXFLOW) {
2673 n = wsi->txc.manual_initial_tx_credit;
2674 wsi->txc.manual = 1;
2675 }
2676
2677 if (lws_h2_update_peer_txcredit(wsi, wsi->mux.my_sid, n))
2678 return 1;
2679
2680 lws_h2_state(wsi, LWS_H2_STATE_OPEN);
2681 lwsi_set_state(wsi, LRS_ESTABLISHED);
2682
2683 if (wsi->flags & LCCSCF_HTTP_MULTIPART_MIME)
2684 lws_callback_on_writable(wsi);
2685
2686 return 0;
2687
2688 fail_length:
2689 lwsl_err("Client hdrs too long: incr context info.pt_serv_buf_size\n");
2690
2691 return -1;
2692 }
2693 #endif
2694
2695 #if defined(LWS_ROLE_WS) && defined(LWS_WITH_SERVER)
2696 int
2697 lws_h2_ws_handshake(struct lws *wsi)
2698 {
2699 uint8_t buf[LWS_PRE + 2048], *p = buf + LWS_PRE, *start = p,
2700 *end = &buf[sizeof(buf) - 1];
2701 const struct lws_http_mount *hit;
2702 const char * uri_ptr;
2703 size_t m;
2704 int n;
2705
2706 if (lws_add_http_header_status(wsi, HTTP_STATUS_OK, &p, end))
2707 return -1;
2708
2709 if (lws_hdr_total_length(wsi, WSI_TOKEN_PROTOCOL) > 64)
2710 return -1;
2711
2712 if (wsi->proxied_ws_parent && wsi->child_list) {
2713 if (lws_hdr_simple_ptr(wsi, WSI_TOKEN_PROTOCOL)) {
2714 if (lws_add_http_header_by_token(wsi, WSI_TOKEN_PROTOCOL,
2715 (uint8_t *)lws_hdr_simple_ptr(wsi,
2716 WSI_TOKEN_PROTOCOL),
2717 (int)strlen(lws_hdr_simple_ptr(wsi,
2718 WSI_TOKEN_PROTOCOL)),
2719 &p, end))
2720 return -1;
2721 }
2722 } else {
2723
2724 /* we can only return the protocol header if:
2725 * - one came in, and ... */
2726 if (lws_hdr_total_length(wsi, WSI_TOKEN_PROTOCOL) &&
2727 /* - it is not an empty string */
2728 wsi->a.protocol->name && wsi->a.protocol->name[0]) {
2729
2730 #if defined(LWS_WITH_SECURE_STREAMS) && defined(LWS_WITH_SERVER)
2731
2732 /*
2733 * This is the h2 version of server-ws.c understanding that it
2734 * did the ws upgrade on a ss server object, therefore it needs
2735 * to pass back to the peer the policy ws-protocol name, not
2736 * the generic ss-ws.c protocol name
2737 */
2738
2739 if (wsi->a.vhost && wsi->a.vhost->ss_handle &&
2740 wsi->a.vhost->ss_handle->policy->u.http.u.ws.subprotocol) {
2741 lws_ss_handle_t *h =
2742 (lws_ss_handle_t *)wsi->a.opaque_user_data;
2743
2744 lwsl_notice("%s: Server SS %s .wsi %s switching to ws protocol\n",
2745 __func__, lws_ss_tag(h), lws_wsi_tag(h->wsi));
2746
2747 wsi->a.protocol = &protocol_secstream_ws;
2748
2749 /*
2750 * inform the SS user code that this has done a one-way
2751 * upgrade to some other protocol... it will likely
2752 * want to treat subsequent payloads differently
2753 */
2754
2755 lws_ss_event_helper(h, LWSSSCS_SERVER_UPGRADE);
2756
2757 lws_mux_mark_immortal(wsi);
2758
2759 if (lws_add_http_header_by_token(wsi, WSI_TOKEN_PROTOCOL,
2760 (unsigned char *)wsi->a.vhost->ss_handle->policy->
2761 u.http.u.ws.subprotocol,
2762 (int)strlen(wsi->a.vhost->ss_handle->policy->
2763 u.http.u.ws.subprotocol), &p, end))
2764 return -1;
2765 } else
2766 #endif
2767
2768 if (lws_add_http_header_by_token(wsi, WSI_TOKEN_PROTOCOL,
2769 (unsigned char *)wsi->a.protocol->name,
2770 (int)strlen(wsi->a.protocol->name), &p, end))
2771 return -1;
2772 }
2773 }
2774
2775 if (lws_finalize_http_header(wsi, &p, end))
2776 return -1;
2777
2778 m = lws_ptr_diff_size_t(p, start);
2779 // lwsl_hexdump_notice(start, m);
2780 n = lws_write(wsi, start, m, LWS_WRITE_HTTP_HEADERS);
2781 if (n != (int)m) {
2782 lwsl_err("_write returned %d from %d\n", n, (int)m);
2783
2784 return -1;
2785 }
2786
2787 /*
2788 * alright clean up, set our state to generic ws established, the
2789 * mode / state of the nwsi will get the h2 processing done.
2790 */
2791
2792 lwsi_set_state(wsi, LRS_ESTABLISHED);
2793 wsi->lws_rx_parse_state = 0; // ==LWS_RXPS_NEW;
2794
2795 uri_ptr = lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_COLON_PATH);
2796 n = lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_COLON_PATH);
2797 hit = lws_find_mount(wsi, uri_ptr, n);
2798
2799 if (hit && hit->cgienv &&
2800 wsi->a.protocol->callback(wsi, LWS_CALLBACK_HTTP_PMO, wsi->user_space,
2801 (void *)hit->cgienv, 0))
2802 return 1;
2803
2804 lws_validity_confirmed(wsi);
2805
2806 return 0;
2807 }
2808 #endif
2809
2810 int
2811 lws_read_h2(struct lws *wsi, unsigned char *buf, lws_filepos_t len)
2812 {
2813 unsigned char *oldbuf = buf;
2814
2815 // lwsl_notice("%s: h2 path: wsistate 0x%x len %d\n", __func__,
2816 // wsi->wsistate, (int)len);
2817
2818 /*
2819 * wsi here is always the network connection wsi, not a stream
2820 * wsi. Once we unpicked the framing we will find the right
2821 * swsi and make it the target of the frame.
2822 *
2823 * If it's ws over h2, the nwsi will get us here to do the h2
2824 * processing, and that will call us back with the swsi +
2825 * ESTABLISHED state for the inner payload, handled in a later
2826 * case.
2827 */
2828 while (len) {
2829 lws_filepos_t body_chunk_len = 0;
2830 int m;
2831
2832 /*
2833 * we were accepting input but now we stopped doing so
2834 */
2835 if (lws_is_flowcontrolled(wsi)) {
2836 lws_rxflow_cache(wsi, buf, 0, (size_t)len);
2837 buf += len;
2838 break;
2839 }
2840
2841 /*
2842 * lws_h2_parser() may send something; when it gets the
2843 * whole frame, it will want to perform some action
2844 * involving a reply. But we may be in a partial send
2845 * situation on the network wsi...
2846 *
2847 * Even though we may be in a partial send and unable to
2848 * send anything new, we still have to parse the network
2849 * wsi in order to gain tx credit to send, which is
2850 * potentially necessary to clear the old partial send.
2851 *
2852 * ALL network wsi-specific frames are sent by PPS
2853 * already, these are sent as a priority on the writable
2854 * handler, and so respect partial sends. The only
2855 * problem is when a stream wsi wants to send an, eg,
2856 * reply headers frame in response to the parsing
2857 * we will do now... the *stream wsi* must stall in a
2858 * different state until it is able to do so from a
2859 * priority on the WRITABLE callback, same way that
2860 * file transfers operate.
2861 */
2862
2863 m = lws_h2_parser(wsi, buf, len, &body_chunk_len);
2864 if (m && m != 2) {
2865 lwsl_debug("%s: http2_parser bail: %d\n", __func__, m);
2866 lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS,
2867 "lws_read_h2 bail");
2868
2869 return -1;
2870 }
2871 if (m == 2) {
2872 /* swsi has been closed */
2873 buf += body_chunk_len;
2874 break;
2875 }
2876
2877 buf += body_chunk_len;
2878 len -= body_chunk_len;
2879 }
2880
2881 return lws_ptr_diff(buf, oldbuf);
2882 }
2883
2884 int
2885 lws_h2_client_stream_long_poll_rxonly(struct lws *wsi)
2886 {
2887
2888 if (!wsi->mux_substream)
2889 return 1;
2890
2891 /*
2892 * Elect to send an empty DATA with END_STREAM, to force the stream
2893 * into HALF_CLOSED LOCAL
2894 */
2895 wsi->h2.long_poll = 1;
2896 wsi->h2.send_END_STREAM = 1;
2897
2898 // lws_header_table_detach(wsi, 0);
2899
2900 lws_callback_on_writable(wsi);
2901
2902 return 0;
2903 }
2904