From: "Daniel P. Berrange" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>,
Brandon Carpenter <brandon.carpenter@cypherpath.com>,
"Daniel P . Berrange" <berrange@redhat.com>
Subject: [Qemu-devel] [PULL v1 08/11] io: Ignore websocket PING and PONG frames
Date: Wed, 4 Oct 2017 13:25:12 +0100 [thread overview]
Message-ID: <20171004122515.20627-9-berrange@redhat.com> (raw)
In-Reply-To: <20171004122515.20627-1-berrange@redhat.com>
From: Brandon Carpenter <brandon.carpenter@cypherpath.com>
Keep pings and gratuitous pongs generated by web browsers from killing
websocket connections.
Signed-off-by: Brandon Carpenter <brandon.carpenter@cypherpath.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
io/channel-websock.c | 21 +++++++++++++++++----
1 file changed, 17 insertions(+), 4 deletions(-)
diff --git a/io/channel-websock.c b/io/channel-websock.c
index b19b5d96da..bfe4008d83 100644
--- a/io/channel-websock.c
+++ b/io/channel-websock.c
@@ -115,6 +115,7 @@
#define QIO_CHANNEL_WEBSOCK_HEADER_FIELD_OPCODE 0x0f
#define QIO_CHANNEL_WEBSOCK_HEADER_FIELD_HAS_MASK 0x80
#define QIO_CHANNEL_WEBSOCK_HEADER_FIELD_PAYLOAD_LEN 0x7f
+#define QIO_CHANNEL_WEBSOCK_CONTROL_OPCODE_MASK 0x8
typedef struct QIOChannelWebsockHeader QIOChannelWebsockHeader;
@@ -659,8 +660,11 @@ static int qio_channel_websock_decode_header(QIOChannelWebsock *ioc,
return -1;
}
} else {
- if (opcode != QIO_CHANNEL_WEBSOCK_OPCODE_BINARY_FRAME) {
- error_setg(errp, "only binary websocket frames are supported");
+ if (opcode != QIO_CHANNEL_WEBSOCK_OPCODE_BINARY_FRAME &&
+ opcode != QIO_CHANNEL_WEBSOCK_OPCODE_PING &&
+ opcode != QIO_CHANNEL_WEBSOCK_OPCODE_PONG) {
+ error_setg(errp, "unsupported opcode: %#04x; only binary, ping, "
+ "and pong websocket frames are supported", opcode);
return -1;
}
}
@@ -673,6 +677,9 @@ static int qio_channel_websock_decode_header(QIOChannelWebsock *ioc,
ioc->payload_remain = payload_len;
header_size = QIO_CHANNEL_WEBSOCK_HEADER_LEN_7_BIT;
ioc->mask = header->u.m;
+ } else if (opcode & QIO_CHANNEL_WEBSOCK_CONTROL_OPCODE_MASK) {
+ error_setg(errp, "websocket control frame is too large");
+ return -1;
} else if (payload_len == QIO_CHANNEL_WEBSOCK_PAYLOAD_LEN_MAGIC_16_BIT &&
ioc->encinput.offset >= QIO_CHANNEL_WEBSOCK_HEADER_LEN_16_BIT) {
ioc->payload_remain = be16_to_cpu(header->u.s16.l16);
@@ -728,9 +735,15 @@ static int qio_channel_websock_decode_payload(QIOChannelWebsock *ioc,
}
}
+ /* Drop the payload of ping/pong packets */
+ if (ioc->opcode == QIO_CHANNEL_WEBSOCK_OPCODE_BINARY_FRAME) {
+ if (payload_len) {
+ buffer_reserve(&ioc->rawinput, payload_len);
+ buffer_append(&ioc->rawinput, ioc->encinput.buffer, payload_len);
+ }
+ }
+
if (payload_len) {
- buffer_reserve(&ioc->rawinput, payload_len);
- buffer_append(&ioc->rawinput, ioc->encinput.buffer, payload_len);
buffer_advance(&ioc->encinput, payload_len);
}
return 0;
--
2.13.5
next prev parent reply other threads:[~2017-10-04 12:25 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-04 12:25 [Qemu-devel] [PULL v1 00/11] Merge qio 2017/10/04 Daniel P. Berrange
2017-10-04 12:25 ` [Qemu-devel] [PULL v1 01/11] io: send proper HTTP response for websocket errors Daniel P. Berrange
2017-10-04 12:25 ` [Qemu-devel] [PULL v1 02/11] io: include full error message in websocket handshake trace Daniel P. Berrange
2017-10-04 12:25 ` [Qemu-devel] [PULL v1 03/11] io: use case insensitive check for Connection & Upgrade websock headers Daniel P. Berrange
2017-10-04 12:25 ` [Qemu-devel] [PULL v1 04/11] ui: Always remove an old VNC channel watch before adding a new one Daniel P. Berrange
2017-10-04 12:25 ` [Qemu-devel] [PULL v1 05/11] io: Small updates in preparation for websocket changes Daniel P. Berrange
2017-10-04 12:25 ` [Qemu-devel] [PULL v1 06/11] io: Add support for fragmented websocket binary frames Daniel P. Berrange
2017-10-04 12:25 ` [Qemu-devel] [PULL v1 07/11] io: Allow empty websocket payload Daniel P. Berrange
2017-10-04 12:25 ` Daniel P. Berrange [this message]
2017-10-04 12:25 ` [Qemu-devel] [PULL v1 09/11] io: Reply to ping frames Daniel P. Berrange
2017-10-04 12:25 ` [Qemu-devel] [PULL v1 10/11] io: Attempt to send websocket close messages to client Daniel P. Berrange
2017-10-04 12:25 ` [Qemu-devel] [PULL v1 11/11] io: add trace events for websockets frame handling Daniel P. Berrange
2017-10-05 14:30 ` [Qemu-devel] [PULL v1 00/11] Merge qio 2017/10/04 Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171004122515.20627-9-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=brandon.carpenter@cypherpath.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.