From: Brandon Carpenter <brandon.carpenter@cypherpath.com>
To: qemu-devel@nongnu.org
Cc: berrange@redhat.com, brandon.carpenter@cypherpath.com
Subject: [Qemu-devel] [PATCH v3 7/7] io: Attempt to send websocket close messages to client
Date: Tue, 12 Sep 2017 08:21:53 -0700 [thread overview]
Message-ID: <20170912152153.7729-8-brandon.carpenter@cypherpath.com> (raw)
In-Reply-To: <20170912152153.7729-1-brandon.carpenter@cypherpath.com>
Make a best effort attempt to close websocket connections according to
the RFC. Sends the close message, as room permits in the socket buffer,
and immediately closes the socket.
Signed-off-by: Brandon Carpenter <brandon.carpenter@cypherpath.com>
---
io/channel-websock.c | 65 +++++++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 62 insertions(+), 3 deletions(-)
diff --git a/io/channel-websock.c b/io/channel-websock.c
index a29fee42d5..c50f8c6c50 100644
--- a/io/channel-websock.c
+++ b/io/channel-websock.c
@@ -122,6 +122,15 @@ enum {
QIO_CHANNEL_WEBSOCK_OPCODE_PONG = 0xA
};
+enum {
+ QIO_CHANNEL_WEBSOCK_STATUS_NORMAL = 1000,
+ QIO_CHANNEL_WEBSOCK_STATUS_PROTOCOL_ERR = 1002,
+ QIO_CHANNEL_WEBSOCK_STATUS_INVALID_DATA = 1003,
+ QIO_CHANNEL_WEBSOCK_STATUS_POLICY = 1008,
+ QIO_CHANNEL_WEBSOCK_STATUS_TOO_LARGE = 1009,
+ QIO_CHANNEL_WEBSOCK_STATUS_SERVER_ERR = 1011,
+};
+
static size_t
qio_channel_websock_extract_headers(char *buffer,
QIOChannelWebsockHTTPHeader *hdrs,
@@ -523,6 +532,26 @@ static void qio_channel_websock_encode(QIOChannelWebsock *ioc)
}
+static ssize_t qio_channel_websock_write_wire(QIOChannelWebsock *, Error **);
+
+
+static void qio_channel_websock_write_close(QIOChannelWebsock *ioc,
+ uint16_t code, const char *reason)
+{
+ buffer_reserve(&ioc->rawoutput, 2 + (reason ? strlen(reason) : 0));
+ *(uint16_t *)(ioc->rawoutput.buffer + ioc->rawoutput.offset) = cpu_to_be16(code);
+ ioc->rawoutput.offset += 2;
+ if (reason) {
+ buffer_append(&ioc->rawoutput, reason, strlen(reason));
+ }
+ qio_channel_websock_encode_buffer(&ioc->encoutput,
+ QIO_CHANNEL_WEBSOCK_OPCODE_CLOSE, &ioc->rawoutput);
+ buffer_reset(&ioc->rawoutput);
+ qio_channel_websock_write_wire(ioc, NULL);
+ qio_channel_shutdown(ioc->master, QIO_CHANNEL_SHUTDOWN_BOTH, NULL);
+}
+
+
static int qio_channel_websock_decode_header(QIOChannelWebsock *ioc,
Error **errp)
{
@@ -536,6 +565,8 @@ static int qio_channel_websock_decode_header(QIOChannelWebsock *ioc,
error_setg(errp,
"Decoding header but %zu bytes of payload remain",
ioc->payload_remain);
+ qio_channel_websock_write_close(ioc,
+ QIO_CHANNEL_WEBSOCK_STATUS_SERVER_ERR, "internal server error");
return -1;
}
if (ioc->encinput.offset < QIO_CHANNEL_WEBSOCK_HEADER_LEN_7_BIT) {
@@ -568,19 +599,29 @@ static int qio_channel_websock_decode_header(QIOChannelWebsock *ioc,
if (!fin) {
if (opcode != QIO_CHANNEL_WEBSOCK_OPCODE_BINARY_FRAME) {
error_setg(errp, "only binary websocket frames may be fragmented");
+ qio_channel_websock_write_close(ioc,
+ QIO_CHANNEL_WEBSOCK_STATUS_POLICY ,
+ "only binary frames may be fragmented");
return -1;
}
} else {
if (opcode != QIO_CHANNEL_WEBSOCK_OPCODE_BINARY_FRAME &&
+ opcode != QIO_CHANNEL_WEBSOCK_OPCODE_CLOSE &&
opcode != QIO_CHANNEL_WEBSOCK_OPCODE_PING &&
opcode != QIO_CHANNEL_WEBSOCK_OPCODE_PONG) {
- error_setg(errp, "unsupported opcode: %#04x; only binary, ping, "
- "and pong websocket frames are supported", opcode);
+ error_setg(errp, "unsupported opcode: %#04x; only binary, close, "
+ "ping, and pong websocket frames are supported", opcode);
+ qio_channel_websock_write_close(ioc,
+ QIO_CHANNEL_WEBSOCK_STATUS_INVALID_DATA ,
+ "only binary, close, ping, and pong frames are supported");
return -1;
}
}
if (!has_mask) {
error_setg(errp, "client websocket frames must be masked");
+ qio_channel_websock_write_close(ioc,
+ QIO_CHANNEL_WEBSOCK_STATUS_PROTOCOL_ERR,
+ "client frames must be masked");
return -1;
}
@@ -590,6 +631,9 @@ static int qio_channel_websock_decode_header(QIOChannelWebsock *ioc,
ioc->mask = header->u.m;
} else if (opcode & QIO_CHANNEL_WEBSOCK_CONTROL_OPCODE_MASK) {
error_setg(errp, "websocket control frame is too large");
+ qio_channel_websock_write_close(ioc,
+ QIO_CHANNEL_WEBSOCK_STATUS_PROTOCOL_ERR,
+ "control frame is too large");
return -1;
} else if (payload_len == QIO_CHANNEL_WEBSOCK_PAYLOAD_LEN_MAGIC_16_BIT &&
ioc->encinput.offset >= QIO_CHANNEL_WEBSOCK_HEADER_LEN_16_BIT) {
@@ -607,7 +651,7 @@ static int qio_channel_websock_decode_header(QIOChannelWebsock *ioc,
}
buffer_advance(&ioc->encinput, header_size);
- return 1;
+ return 0;
}
@@ -657,6 +701,21 @@ static int qio_channel_websock_decode_payload(QIOChannelWebsock *ioc,
buffer_reserve(&ioc->rawinput, payload_len);
buffer_append(&ioc->rawinput, ioc->encinput.buffer, payload_len);
}
+ } else if (ioc->opcode == QIO_CHANNEL_WEBSOCK_OPCODE_CLOSE) {
+ /* close frames are echoed back */
+ error_setg(errp, "websocket closed by peer");
+ if (payload_len) {
+ /* echo client status */
+ qio_channel_websock_encode_buffer(&ioc->encoutput,
+ QIO_CHANNEL_WEBSOCK_OPCODE_CLOSE, &ioc->encinput);
+ qio_channel_websock_write_wire(ioc, NULL);
+ qio_channel_shutdown(ioc->master, QIO_CHANNEL_SHUTDOWN_BOTH, NULL);
+ } else {
+ /* send our own status */
+ qio_channel_websock_write_close(ioc,
+ QIO_CHANNEL_WEBSOCK_STATUS_NORMAL, "peer requested close");
+ }
+ return -1;
} else if (ioc->opcode == QIO_CHANNEL_WEBSOCK_OPCODE_PING) {
/* ping frames produce an immediate reply */
buffer_reset(&ioc->ping_reply);
--
2.14.1
--
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain proprietary,
confidential or privileged information or otherwise be protected by law.
Any unauthorized review, use, disclosure or distribution is prohibited. If
you are not the intended recipient, please notify the sender and destroy
all copies and the original message.
next prev parent reply other threads:[~2017-09-12 15:22 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-12 15:21 [Qemu-devel] [PATCH v3 0/7] Update websocket code to more fully support the RFC Brandon Carpenter
2017-09-12 15:21 ` [Qemu-devel] [PATCH v3 1/7] io: Always remove an old channel watch before adding a new one Brandon Carpenter
2017-09-12 15:21 ` [Qemu-devel] [PATCH v3 2/7] io: Small updates in preparation for websocket changes Brandon Carpenter
2017-09-12 15:21 ` [Qemu-devel] [PATCH v3 3/7] io: Add support for fragmented websocket binary frames Brandon Carpenter
2017-09-12 15:21 ` [Qemu-devel] [PATCH v3 4/7] io: Allow empty websocket payload Brandon Carpenter
2017-09-12 15:21 ` [Qemu-devel] [PATCH v3 5/7] io: Ignore websocket PING and PONG frames Brandon Carpenter
2017-09-12 15:21 ` [Qemu-devel] [PATCH v3 6/7] io: Reply to ping frames Brandon Carpenter
2017-09-12 15:21 ` Brandon Carpenter [this message]
2017-09-18 14:48 ` [Qemu-devel] [PATCH v3 0/7] Update websocket code to more fully support the RFC Stefan Hajnoczi
2017-09-20 16:56 ` Brandon Carpenter
2017-09-21 9:55 ` Daniel P. Berrange
2017-09-21 15:54 ` Brandon Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170912152153.7729-8-brandon.carpenter@cypherpath.com \
--to=brandon.carpenter@cypherpath.com \
--cc=berrange@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.