src/server/daemon/httplistener.c@22eca559aded
src/server/daemon/httplistener.c
Sat, 26 Nov 2022 17:07:08 +0100
- author
- Olaf Wintermann <olaf.wintermann@gmail.com>
- date
- Sat, 26 Nov 2022 17:07:08 +0100
- changeset 438
- 22eca559aded
- parent 415
- d938228c382e
- child 440
- d77b8f3e14e2
- permissions
- -rw-r--r--
refactore http listener creation
/* * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. * * Copyright 2013 Olaf Wintermann. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include "../public/nsapi.h" #include <stdio.h> #include <stdlib.h> #include <fcntl.h> #include <sys/shm.h> #include <sys/types.h> #include <sys/ipc.h> #include <sys/socket.h> #include <sys/file.h> #include <arpa/inet.h> #include <netinet/in.h> #include <netdb.h> #include <stdio.h> #include <stdlib.h> #include <fcntl.h> #include <unistd.h> #include <strings.h> #include <stdbool.h> #include <pthread.h> #include <arpa/inet.h> #include <netinet/in.h> #include <stdio.h> #include <stdlib.h> #include <sys/socket.h> #include <unistd.h> #include <cx/hash_map.h> #include "../util/atomic.h" #include "httplistener.h" #include "netsite.h" #include "session.h" #include "configmanager.h" #include "log.h" #define LISTENER_MAX_PROTOCOL_TOKENS 1024 #define LISTENER_PROTO_IPV4 "ipv4" #define LISTENER_PROTO_IPV6 "ipv6" /* * key: string format: <protocol>:<port> * value: WSSocket* * * protocol: ipv4 | ipv6 * port: short */ static CxMap *listener_socket_map; static pthread_mutex_t listener_mutex; int http_listener_global_init(void) { listener_socket_map = cxHashMapCreate(cxDefaultAllocator, 4); if(!listener_socket_map) { return 1; } listener_mutex = PTHREAD_MUTEX_INITIALIZER; return 0; } int start_all_listener() { ServerConfiguration *conf = cfgmgr_get_server_config(); CxList *ls = conf->listeners; CxIterator iter = cxListIterator(ls, 0); cx_foreach(HttpListener *, listener, iter) { http_listener_start(listener); } return 0; } static HttpSSL* create_http_ssl(ListenerConfig *conf) { SSL_CTX *ctx = SSL_CTX_new(SSLv23_server_method()); if(!ctx) { return NULL; } SSL_CTX_set_options( ctx, SSL_OP_SINGLE_DH_USE | SSL_OP_NO_SSLv3); int error = 0; if(conf->disable_proto.ptr) { cxstring *plist = NULL; ssize_t n = cx_strsplit_a(cxDefaultAllocator, conf->disable_proto, cx_str(","), LISTENER_MAX_PROTOCOL_TOKENS, &plist); if(plist) { for(int i=0;i<n;i++) { cxstring proto = plist[i]; log_ereport( LOG_VERBOSE, "Listener %s: Disable protocol %s", conf->name.ptr, proto.ptr); if(!cx_strcasecmp(cx_strtrim(proto), cx_str("SSLv2"))) { SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); } else if(!cx_strcasecmp(cx_strtrim(proto), cx_str("SSLv3"))) { SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3); } else if(!cx_strcasecmp(cx_strtrim(proto), cx_str("TLSv1"))) { SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1); } else if(!cx_strcasecmp(cx_strtrim(proto), cx_str("TLSv1.1"))) { #ifdef SSL_OP_NO_TLSv1_1 SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_1); #else log_ereport( LOG_WARN, "Listener: %s: TLSv1.1 not supported", conf->name.ptr); #endif } else if(cx_strcasecmp(cx_strtrim(proto), cx_str("TLSv1.2"))) { #ifdef SSL_OP_NO_TLSv1_2 SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_2); #else log_ereport( LOG_WARN, "Listener: %s: TLSv1.2 not supported", conf->name.ptr); #endif } else if(cx_strcasecmp(cx_strtrim(proto), cx_str("TLSv1.3"))) { #ifdef SSL_OP_NO_TLSv1_3 SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_3); #else log_ereport( LOG_WARN, "Listener: %s: TLSv1.3 not supported", conf->name.ptr); #endif } else { error = 1; log_ereport( LOG_MISCONFIG, "Listener: %s: Unknown protocol %s", conf->name.ptr, proto.ptr); } } free(plist); } } if(error) { SSL_CTX_free(ctx); return NULL; } int ret; char errbuf[512]; error = 0; if(!conf->chainfile.ptr) { ret = SSL_CTX_use_certificate_file(ctx, conf->certfile.ptr, SSL_FILETYPE_PEM); if(!ret) { ERR_error_string(ERR_get_error(), errbuf); log_ereport(LOG_MISCONFIG, "Cannot load ssl chain file: %s", errbuf); error = 1; } } else { ret = SSL_CTX_use_certificate_chain_file(ctx, conf->chainfile.ptr); if(!ret) { ERR_error_string(ERR_get_error(), errbuf); log_ereport(LOG_MISCONFIG, "Cannot load ssl cert file: %s", errbuf); error = 1; } } ret = SSL_CTX_use_PrivateKey_file(ctx, conf->privkeyfile.ptr, SSL_FILETYPE_PEM); if(!ret) { ERR_error_string(ERR_get_error(), errbuf); log_ereport(LOG_MISCONFIG, "Cannot load ssl key file: %s", errbuf); error = 1; } if(error) { SSL_CTX_free(ctx); return NULL; } HttpSSL *ssl = pool_malloc(conf->cfg->pool, sizeof(HttpSSL)); ZERO(ssl, sizeof(HttpSSL)); ssl->sslctx = ctx; return NULL; } static WSSocket* create_socket(ListenerConfig *conf, const char *protocol) { WSBool ipv4 = !strcmp(protocol, "ipv4") ? TRUE : FALSE; int s = -1; if(ipv4) { // ipv4 socket s = socket(AF_INET, SOCK_STREAM, 0); } else { // ipv6 socket s = socket(AF_INET6, SOCK_STREAM, IPPROTO_TCP); } if(s < 0) { log_ereport( LOG_FAILURE, "cannot create socket: protocol: %s port: %d error: %s", protocol, conf->port, strerror(errno)); return NULL; } // socket options int o = 1; setsockopt( s, SOL_SOCKET, SO_REUSEADDR, &o, sizeof(int)); #ifdef LINUX if(!ipv4) { o = 1; setsockopt( listener->server_socket6, IPPROTO_IPV6, IPV6_V6ONLY, &o, sizeof(int)); } #endif // bind server socket to address struct sockaddr_in servaddr4; struct sockaddr_in6 servaddr6; struct sockaddr *servaddr; size_t servaddr_size; if(ipv4) { // ipv4 memset(&servaddr4, 0, sizeof(servaddr4)); servaddr4.sin_family = AF_INET; servaddr4.sin_addr.s_addr = htonl(INADDR_ANY); servaddr4.sin_port = htons(conf->port); servaddr = (struct sockaddr *)&servaddr4; servaddr_size = sizeof(servaddr4); } else { // ipv6 memset(&servaddr6, 0, sizeof(servaddr6)); servaddr6.sin6_family = AF_INET6; servaddr6.sin6_addr = in6addr_any; servaddr6.sin6_port = htons(conf->port); servaddr = (struct sockaddr *)&servaddr6; servaddr_size = sizeof(servaddr6); } if(bind(s, servaddr, servaddr_size)) { log_ereport( LOG_FAILURE, "cannot bind socket: protocol: %s port: %d error: %s", protocol, conf->port, strerror(errno)); close(s); return NULL; } // everything is ok, create WSSocket object WSSocket *wssocket = malloc(sizeof(WSSocket)); if(!wssocket) { close(s); return NULL; } ZERO(wssocket, sizeof(WSSocket)); wssocket->socket = s; return wssocket; } static WSSocket* get_socket(ListenerConfig *conf, const char *protocol) { char key_data[32]; size_t key_len = snprintf(key_data, 32, "%s:%d", protocol, conf->port); CxHashKey key = cx_hash_key(key_data, key_len); WSSocket *sock = cxMapGet(listener_socket_map, key); if(!sock) { sock = create_socket(conf, protocol); if(sock) { cxMapPut(listener_socket_map, key, sock); } } return sock; } /* * returns HttpSSL of socket1 or socket2 if ssl is available */ static HttpSSL* socket_get_ssl(WSSocket *socket1, WSSocket *socket2) { if(socket1 && socket1->ssl) { return socket1->ssl; } if(socket2 && socket2->ssl) { return socket2->ssl; } return NULL; } static HttpListener* listener_create(ListenerConfig *conf) { pool_handle_t *pool = conf->cfg->pool; HttpListener *listener = pool_malloc(pool, sizeof(HttpListener)); if(!listener) { return NULL; } ZERO(listener, sizeof(HttpListener)); listener->running = 0; listener->cfg = conf->cfg; listener->name = cx_strdup_a(pool_allocator(pool), cx_strcast(conf->name)); listener->default_vs.vs_name = pool_strdup(pool, conf->vs.ptr); listener->threadpool = NULL; if(conf->threadpool.ptr != NULL) { listener->threadpool = get_threadpool(cx_strcast(conf->threadpool)); } if(listener->threadpool == NULL) { listener->threadpool = get_default_threadpool(); } if(conf->blockingio) { listener->session_handler = create_basic_session_handler(pool); } else { listener->session_handler = create_event_session_handler(pool); } listener->nacceptors = conf->nacceptors; listener->port = conf->port; listener->ref = 1; listener->next = NULL; listener->ssl = NULL; // create sockets listener->server_socket = get_socket(conf, LISTENER_PROTO_IPV4); listener->server_socket6 = get_socket(conf, LISTENER_PROTO_IPV6); if(!listener->server_socket && !listener->server_socket6) { log_ereport(LOG_FAILURE, "Listener %s: no server socket", conf->name.ptr); return NULL; } if(listener->server_socket) { wssocket_ref(listener->server_socket); } if(listener->server_socket6) { wssocket_ref(listener->server_socket6); } // create SSL context if(conf->ssl) { HttpSSL *ssl = socket_get_ssl(listener->server_socket, listener->server_socket6); if(!ssl) { ssl = create_http_ssl(conf); if(!ssl) { log_ereport(LOG_FAILURE, "Listener %s: cannot create SSL context", conf->name.ptr); return NULL; } } if(listener->server_socket) { listener->server_socket->ssl = ssl; } if(listener->server_socket6) { listener->server_socket6->ssl = ssl; } } // create acceptors listener->acceptors = calloc(listener->nacceptors, sizeof(void*)); listener->acceptors6 = calloc(listener->nacceptors, sizeof(void*)); for (int i=0;i<listener->nacceptors;i++) { listener->acceptors[i] = acceptor_new(listener); listener->acceptors6[i] = acceptor_new(listener); listener->acceptors6[i]->ipv6 = TRUE; } return listener; } HttpListener* http_listener_create(ListenerConfig *conf) { pthread_mutex_lock(&listener_mutex); HttpListener *listener = listener_create(conf); pthread_mutex_unlock(&listener_mutex); return listener; } int http_listener_start(HttpListener *listener) { if(listener->running) { return 0; } log_ereport(LOG_INFORM, "start listener on port %d", listener->port); WSBool ipv4 = listener->server_socket ? TRUE : FALSE; WSBool ipv6 = listener->server_socket6 ? TRUE: FALSE; if (ipv4 && !listener->server_socket->listening && listen(listener->server_socket->socket, 256) == -1) { log_ereport(LOG_FAILURE, "http_listener_start: listen failed: %s", strerror(errno)); return -1; } else { listener->server_socket->listening = TRUE; } if (ipv6 && !listener->server_socket6->listening && listen(listener->server_socket6->socket, 256) == -1) { log_ereport(LOG_FAILURE, "http_listener_start: listen v6 failed: %s", strerror(errno)); return -1; } else { listener->server_socket6->listening = TRUE; } // start acceptor threads for (int i=0;i<listener->nacceptors;i++) { if(ipv4) { acceptor_start(listener->acceptors[i]); } if(ipv6) { acceptor_start(listener->acceptors6[i]); } } listener->running = TRUE; return 0; } void http_listener_ref(HttpListener *listener) { ws_atomic_inc32(&listener->ref); } void http_listener_unref(HttpListener *listener) { uint32_t ref = ws_atomic_dec32(&listener->ref); if(ref == 0) { log_ereport(LOG_VERBOSE, "HttpListener %s: destroy", listener->name.ptr); free(listener->acceptors); // TODO: unref cfg // TODO: unref session handler free(listener); } } Acceptor* acceptor_new(HttpListener *listener) { Acceptor *acceptor = malloc(sizeof(Acceptor)); acceptor->listener = listener; acceptor->ipv6 = WS_FALSE; return acceptor; } void acceptor_start(Acceptor *a) { if(pthread_create( &a->tid, NULL, (void*(*)(void*))acceptor_thread, a) != 0) { log_ereport(LOG_FAILURE, "Listener %s: acceptor_start: %s", a->listener->name.ptr, strerror(errno)); } } void* acceptor_thread(Acceptor *acceptor) { WS_ASSERT(acceptor); WS_ASSERT(acceptor->listener); WS_ASSERT(acceptor->listener->session_handler); WS_ASSERT(acceptor->listener->session_handler->enqueue_connection); HttpListener *listener = acceptor->listener; int server_socket; ConnectionAddr ca; struct sockaddr *ca_ptr; socklen_t ca_length; ConnectionAddrType addr_type; if(acceptor->ipv6) { server_socket = listener->server_socket6->socket; ca_ptr = (struct sockaddr*)&ca.address_v6; ca_length = sizeof(ca.address_v6); addr_type = CONN_ADDR_IPV6; } else { server_socket = listener->server_socket->socket; ca_ptr = (struct sockaddr*)&ca.address_v4; ca_length = sizeof(ca.address_v4); addr_type = CONN_ADDR_IPV4; } for (;;) { // accept connections int clientfd; socklen_t length = ca_length; // accept a connection clientfd = accept( server_socket, ca_ptr, &length); if (clientfd == -1) { log_ereport(LOG_FAILURE, "accept %s failed: %s", acceptor->ipv6 ? "ipv6" : "ipv4", strerror(errno)); continue; } // check listener HttpListener *ls = listener; int acceptor_exit = 0; while(ls->next) { ls = ls->next; acceptor_exit = 1; } /* create Connection object */ Connection *conn = malloc(sizeof(Connection)); conn->address = ca; conn->addr_type = addr_type; conn->fd = clientfd; conn->listener = ls; conn->ssl_accepted = 0; if(ls->ssl) { // SSL connections are always non-blocking // set socket non blocking int flags; if((flags = fcntl(conn->fd, F_GETFL, 0)) == -1) { flags = 0; } if(fcntl(conn->fd, F_SETFL, flags | O_NONBLOCK)) { perror("Error: acceptor_thread: fcntl"); // TODO: error } SSL *ssl = SSL_new(ls->ssl->sslctx); SSL_set_fd(ssl, clientfd); conn->ssl = ssl; conn->read = connection_ssl_read; conn->write = connection_ssl_write; conn->close = connection_ssl_close; } else { conn->ssl = NULL; conn->read = connection_read; conn->write = connection_write; conn->close = connection_close; } if(conn) { cfg_ref(ls->cfg); /* enqueue the connection */ ls->session_handler->enqueue_connection( ls->session_handler, conn); } /* ready for new connection */ if(acceptor_exit) { // this acceptor is outdated log_ereport(LOG_VERBOSE, "acceptor thread %p: exit", (void*)acceptor->tid); break; } } http_listener_unref(listener->next); http_listener_unref(listener); return NULL; } void wssocket_ref(WSSocket *ws) { ws_atomic_inc32(&ws->ref); } void wssocket_unref(WSSocket *ws) { // does nothing yet, because maybe it is not a good idea to destroy // a socket ws_atomic_dec32(&ws->ref); }
