 |
libwebsockets
Lightweight C library for HTML5 websockets
|
|
libwebsockets
Lightweight C library for HTML5 websockets
|
CMake is a multi-platform build tool that can generate build files for many different target platforms. See more info at http://www.cmake.org
CMake also allows/recommends you to do "out of source"-builds, that is, the build files are separated from your sources, so there is no need to create elaborate clean scripts to get a clean source tree, instead you simply remove your build directory.
Libwebsockets has been tested to build successfully on the following platforms with SSL support (for OpenSSL/wolfSSL/BoringSSL):
The project settings used by CMake to generate the platform specific build files is called CMakeLists.txt. CMake then uses one of its "Generators" to output a Visual Studio project or Make file for instance. To see a list of the available generators for your platform, simply run the "cmake" command.
Note that by default OpenSSL will be linked, if you don't want SSL support see below on how to toggle compile options.
build/directory can have any name and be located anywhere on your filesystem, and that the argument..` given to cmake is simply the source directory of libwebsockets containing the CMakeLists.txt project file. All examples in this file assumes you use ".."NOTE2: A common option you may want to give is to set the install path, same as –prefix= with autotools. It defaults to /usr/local. You can do this by, eg
NOTE3: On machines that want libraries in lib64, you can also add the following to the cmake line
NOTE4: If you are building against a non-distro OpenSSL (eg, in order to get access to ALPN support only in newer OpenSSL versions) the nice way to express that in one cmake command is eg,
When you run the test apps using non-distro SSL, you have to force them to use your libs, not the distro ones
To get it to build on latest openssl (2016-04-10) it needed this approach
Mac users have reported
worked for them when using "homebrew" OpenSSL
NOTE5: To build with debug info and _DEBUG for lower priority debug messages compiled in, use
NOTE6 To build on Solaris the linker needs to be informed to use lib socket and libnsl, and only builds in 64bit mode.
On Linux, lws now lets you retain selected root capabilities when dropping privileges. If libcap-dev or similar package is installed providing sys/capabilities.h, and libcap or similar package is installed providing libcap.so, CMake will enable the capability features.
The context creation info struct .caps[] and .count_caps members can then be set by user code to enable selected root capabilities to survive the transition to running under an unprivileged user.
When changing cmake options, for some reason the only way to get it to see the changes sometimes is delete the contents of your build directory and do the cmake from scratch.
deleting build/CMakeCache.txt may be enough.
Install OpenSSL binaries. https://wiki.openssl.org/index.php/Binaries
(NOTE: Preferably in the default location to make it easier for CMake to find them)
NOTE2: Be sure that OPENSSL_CONF environment variable is defined and points at <OpenSSL install="" location>="">.cfg
(NOTE: There is also a cmake-gui available on Windows if you prefer that)
NOTE2: See this link to find out the version number corresponding to your Visual Studio edition: http://superuser.com/a/194065
<path to src>/build directory, which can be used to build.Install MinGW: http://sourceforge.net/projects/mingw/files
(NOTE: Preferably in the default location C:)
Fix up MinGW headers
a) If still necessary, sdd the following lines to C:.h:
Update crtdefs.h line 47 to say:
b) Create C:.h and copy and paste the content from following link into it:
https://github.com/Alexpux/mingw-w64/blob/master/mingw-w64-headers/include/mstcpip.h
Install OpenSSL binaries. https://wiki.openssl.org/index.php/Binaries
(NOTE: Preferably in the default location to make it easier for CMake to find them)
NOTE2: Be sure that OPENSSL_CONF environment variable is defined and points at <OpenSSL install="" location>="">.cfg
Generate the build files (default is Make files) using MSYS shell:
(NOTE: The build/directory can have any name and be located anywhere on your filesystem, and that the argument..` given to cmake is simply the source directory of libwebsockets containing the CMakeLists.txt project file. All examples in this file assumes you use "..")
NOTE2: To generate build files allowing to create libwebsockets binaries with debug information set the CMAKE_BUILD_TYPE flag to DEBUG:
cmake .. -DLWS_WITH_MBEDTLS=1Just building lws against stock Fedora OpenSSL or stock Fedora mbedTLS, for SSL handhake mbedTLS takes ~36ms and OpenSSL takes ~1ms on the same x86_64 build machine here, with everything else the same. Over the 144 connections of h2spec compliance testing for example, this ends up completing in 400ms for OpenSSL and 5.5sec for mbedTLS on x86_64. In other words mbedTLS is very slow compared to OpenSSL under the (fairly typical) conditions I tested it.
This isn't an inefficiency in the mbedtls interface implementation, it's just mbedTLS doing the crypto much slower than OpenSSL, which has accelerated versions of common crypto operations it automatically uses for platforms supporting it. As of Oct 2017 mbedTLS itself has no such optimizations for any platform that I could find. It's just pure C running on the CPU.
Lws supports both almost the same, so instead of taking my word for it you are invited to try it both ways and see which the results (including, eg, binary size and memory usage as well as speed) suggest you use.
OP-TEE is a "Secure World" Trusted Execution Environment.
Although lws is only part of the necessary picture to have an https-enabled TA, it does support OP-TEE as a platform and if you provide the other pieces, does work very well.
Select it in cmake with -DLWS_PLAT_OPTEE=1
To set compile time flags you can either use one of the CMake gui applications or do it via the command line.
To list available options (omit the H if you don't want the help text):
cmake -LH ..
Then to set an option and build (for example turn off SSL support):
cmake -DLWS_WITH_SSL=0 ..
or cmake -DLWS_WITH_SSL:BOOL=OFF ..
If you have a curses-enabled build you simply type: (not all packages include this, my debian install does not for example).
ccmake
On windows CMake comes with a gui application: Start -> Programs -> CMake -> CMake (cmake-gui)
wolfSSL/CyaSSL is a lightweight SSL library targeted at embedded systems: https://www.wolfssl.com/wolfSSL/Products-wolfssl.html
It contains a OpenSSL compatibility layer which makes it possible to pretty much link to it instead of OpenSSL, giving a much smaller footprint.
NOTE: wolfssl needs to be compiled using the --enable-opensslextra flag for this to work.
NOTE: On windows use the .lib file extension for LWS_WOLFSSL_LIBRARIES instead.
NOTE: On windows use the .lib file extension for LWS_CYASSL_LIBRARIES instead.
Step 1, get ESP-IDF with lws integrated as a component
Step 2: Get Application including the test plugins
Set your IDF_PATH to point to the esp-idf you downloaded in 1)
There's docs for how to build the lws-esp32 test app and reproduce it in the README.md here
https://github.com/lws-team/lws-esp32/blob/master/README.md
The directory ./plugin-standalone/ shows how easy it is to create plugins outside of lws itself. First build lws itself with -DLWS_WITH_PLUGINS, then use the same flow to build the standalone plugin
if you changed the default plugin directory when you built lws, you must also give the same arguments to cmake here (eg, -DCMAKE_INSTALL_PREFIX:PATH=/usr/something/else... )
Otherwise if you run lwsws or libwebsockets-test-server-v2.0, it will now find the additional plugin "libprotocol_example_standalone.so"
If you have multiple vhosts, you must enable plugins at the vhost additionally, discovered plugins are not enabled automatically for security reasons. You do this using info->pvo or for lwsws, in the JSON config.
Enable -DLWS_WITH_HTTP2=1 in cmake to build with http/2 support enabled.
You must have built and be running lws against a version of openssl that has ALPN. At the time of writing, recent distros have started upgrading to OpenSSL 1.1+ that supports this already. You'll know it's right by seeing
at lws startup.
Recent Firefox and Chrome also support HTTP/2 by ALPN, so these should just work with the test server running in -s / ssl mode.
For testing with nghttp client:
Testing with h2spec (https://github.com/summerwind/h2spec)
At the time of writing, http/2 support is not fully complete; however all the h2spec tests pass.
To enable cross-compiling libwebsockets using CMake you need to create a "Toolchain file" that you supply to CMake when generating your build files. CMake will then use the cross compilers and build paths specified in this file to look for dependencies and such.
Libwebsockets includes an example toolchain file cross-arm-linux-gnueabihf.cmake you can use as a starting point.
The commandline to configure for cross with this would look like
The example shows how to build with no external cross lib dependencies, you need to provide the cross libraries otherwise.
NOTE: start from an EMPTY build directory if you had a non-cross build in there before the settings will be cached and your changes ignored. Delete build/CMakeCache.txt at least before trying a new cmake config to ensure you are really building the options you think you are.
Additional information on cross compilation with CMake: http://www.vtk.org/Wiki/CMake_Cross_Compiling
Here are step by step instructions for cross-building the external projects needed for lws with lwsws + mbedtls as an example.
In the example, my toolchain lives in /projects/aist-tb/arm-tc and is named arm-linux-gnueabihf. So you will need to adapt those to where your toolchain lives and its name where you see them here.
Likewise I do all this in /tmp but it has no special meaning, you can adapt that to somewhere else.
All "foreign" cross-built binaries are sent into /tmp/cross so they cannot be confused for 'native' x86_64 stuff on your host machine in /usr/[local/]....
1) cd /tmp
2) wget -O mytoolchainfile https://raw.githubusercontent.com/warmcat/libwebsockets/master/contrib/cross-arm-linux-gnueabihf.cmake
3) Edit /tmp/mytoolchainfile adapting CROSS_PATH, CMAKE_C_COMPILER and CMAKE_CXX_COMPILER to reflect your toolchain install dir and path to your toolchain C and C++ compilers respectively. For my case:
1) export PATH=/projects/aist-tb/arm-tc/bin:$PATH Notice there is a **/bin** on the end of the toolchain path
2) cd /tmp ; mkdir cross we will put the cross-built libs in /tmp/cross
3) git clone https://github.com/libuv/libuv.git get libuv
4) cd libuv
5) ./autogen.sh
If it has problems, you will need to install automake, libtool etc.
6) ./configure --host=arm-linux-gnueabihf --prefix=/tmp/cross
7) make && make install this will install to /tmp/cross/...
8) file /tmp/cross/lib/libuv.so.1.0.0 Check it's really built for ARM
1) cd /tmp
2) git clone https://github.com/madler/zlib.git
3) CC=arm-linux-gnueabihf-gcc ./configure --prefix=/tmp/cross
4) make && make install
5) file /tmp/cross/lib/libz.so.1.2.11 This is just to confirm we built an ARM lib as expected
1) cd /tmp
2) git clone https://github.com/ARMmbed/mbedtls.git
3) cd mbedtls ; mkdir build ; cd build
3) cmake .. -DCMAKE_TOOLCHAIN_FILE=/tmp/mytoolchainfile -DCMAKE_INSTALL_PREFIX:PATH=/tmp/cross -DCMAKE_BUILD_TYPE=RELEASE -DUSE_SHARED_MBEDTLS_LIBRARY=1 mbedtls also uses cmake, so you can simply reuse the toolchain file you used for libwebsockets. That is why you shouldn't put project-specific options in the toolchain file, it should just describe the toolchain.
4) make && make install
5) file /tmp/cross/lib/libmbedcrypto.so.2.6.0
1) cd /tmp
2) git clone ssh://git@github.com/warmcat/libwebsockets
3) cd libwebsockets ; mkdir build ; cd build
4) (this is all one line on the commandline)
3) make && make install
4) file /tmp/cross/lib/libwebsockets.so.11
5) arm-linux-gnueabihf-objdump -p /tmp/cross/lib/libwebsockets.so.11 | grep NEEDED Confirm that the lws library was linked against everything we expect (libm / libc are provided by your toolchain)
You will also find the lws test apps in /tmp/cross/bin... to run lws on the target you will need to copy the related things from /tmp/cross... all the .so from /tmp/cross/lib and anything from /tmp/cross/bin you want.
Embedded server-only configuration without extensions (ie, no compression on websocket connections), but with full v13 websocket features and http server, built on ARM Cortex-A9:
Update at 8dac94d (2013-02-18)
This shows the impact of the major configuration with/without options at 13ba5bbc633ea962d46d using Ubuntu ARM on a PandaBoard ES.
These are accounting for static allocations from the library elf, there are additional dynamic allocations via malloc. These are a bit old now but give the right idea for relative "expense" of features.
Static allocations, ARM9
| .text | .rodata | .data | .bss | |
|---|---|---|---|---|
| All (no without) | 35024 | 9940 | 336 | 4104 |
| without client | 25684 | 7144 | 336 | 4104 |
| without client, exts | 21652 | 6288 | 288 | 4104 |
| without client, exts, debug[1] | 19756 | 3768 | 288 | 4104 |
| without server | 30304 | 8160 | 336 | 4104 |
| without server, exts | 25382 | 7204 | 288 | 4104 |
| without server, exts, debug[1] | 23712 | 4256 | 288 | 4104 |
[1] --disable-debug only removes messages below lwsl_notice. Since that is the default logging level the impact is not noticeable, error, warn and notice logs are all still there.
[2] 1024 fd per process is the default limit (set by ulimit) in at least Fedora and Ubuntu. You can make significant savings tailoring this to actual expected peak fds, ie, at a limit of 20, context creation allocation reduces to 4432 + 240 = 4672)
[3] known header content is freed after connection establishment
1.8.14