[Libwebsockets] SegFault for Websocket Server on Multiple Network Interface

Andy Green andy at warmcat.com
Tue Jul 11 13:18:24 CEST 2017



On 07/11/2017 07:05 PM, techi eth wrote:
> Thanks for your input.
> 
> On rejecting connection in callback will cleanup all the resources & 
> close listening socket ?

No.  It will close the connection.

If you want to add the capability to dynamically remove vhosts, by all 
means, send me a patch.

> Is there any function available in lws  like _/context/_destroy(),which 
> will call from application to do the job ?

You seem a bit confused about this listen socket business.

If both vhosts listen on :443, there is only ONE listen socket open on 
:443.  If both vhosts opened their own listen socket, how would the tcp 
layer know which vhost socket should get the connection?  It would have 
to decide before we could fetch headers or whatever.  It couldn't work.

If you close the single shared listen socket, no vhost can receive anything.

When the secure connection comes, it uses a TLS trick called SNI to get 
the hostname the client was using to connect before the secure tunnel is 
set up.  From that, it decides which vhost he was trying to connect to, 
sets up the TLS tunnel using the correct vhost's certificates, and binds 
the connection to the right vhost.

If you want one of the vhosts to start rejecting connections, you can 
use lws_get_vhost(wsi) once the wsi has bound to a particular vhost and 
act differently if it is the 'down' vhost the wsi is bound to.

-Andy

> On Tue, Jul 11, 2017 at 3:02 PM, Andy Green <andy at warmcat.com 
> <mailto:andy at warmcat.com>> wrote:
> 
> 
> 
>     On 07/11/2017 05:25 PM, techi eth wrote:
> 
>         Hi,
> 
>         Now i am able to run both the SSL server. Thanks for input.
>         Could you please check attached file & let me know i am right in
>         using libwebsocket.
> 
> 
>     I don't have time to look at users' code.  Unless I feel I owe them
>     for contributions, mowing my lawn or whatever.
> 
>         I would just like to know how to stop one server listening on vhost.
> 
> 
>     I assume you want to do it dynamically... the closest you can do
>     easily is reject the connection in an early callback.
> 
>     If you handle the http callback, you can also have it decide to
>     respond with a redirect or a 500 page or whatever.
> 
>     -Andy
> 
>         Thanks
> 
>         On Mon, Jul 10, 2017 at 3:27 PM, techi eth <techieth at gmail.com
>         <mailto:techieth at gmail.com> <mailto:techieth at gmail.com
>         <mailto:techieth at gmail.com>>> wrote:
> 
>              I have tried test as suggested by you now I don’t see segfault
>              anymore however I am not able to connect over server.
> 
>              Could you please check attached test code & detaild lws log
>         & give
>              me hint what is wrong in code.
> 
>              Thanks for your input.
> 
>              On Sat, Jul 8, 2017 at 4:28 PM, Andy Green
>         <andy at warmcat.com <mailto:andy at warmcat.com>
>              <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>> wrote:
> 
> 
> 
>                  On 07/08/2017 06:51 PM, techi eth wrote:
> 
>                      Thanks for your input.
>                      Having two context is not right or technically
>         complex ?
> 
>                      I was running two server without SSL mode from past
>         1 month
>                      & it is working fine with two context.
> 
> 
>                  Well... if you want two contexts you better fix your
>         segfault.         You're always free to do what you prefer (and
>         I am free to
>                  ignore your problems with it).
> 
>                  From:
> 
>                    - the POV SNI won't work sharing port 443, because
>         the two
>                  vhosts you created by having two contexts don't know
>         about each
>                  other
> 
>                    - the POV you only have one set of fds in your
>         process, the
>                  context holds a lookup table for all of them
> 
>                    - the POV you only need to service (ie, wait in poll
>         or epoll)
>                  for one set of fds, not have an idle context increase your
>                  service latency on handling service for an active
>         context every time
> 
>                  ...you should have one context and two vhosts.
> 
>                  That's literally what the vhosts are for.  It's easy to
>         do, and
>                  from lws perspective "the right thing".
> 
>                  -Andy
> 
>                      On Sat, Jul 8, 2017 at 3:59 PM, Andy Green
>         <andy at warmcat.com <mailto:andy at warmcat.com>
>                      <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>         <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>                      <mailto:andy at warmcat.com
>         <mailto:andy at warmcat.com>>>> wrote:
> 
> 
> 
>                           On 07/08/2017 06:12 PM, techi eth wrote:
> 
>                               It is with two context.One context each
>         for one
>                      network interface.
> 
> 
>                           I can suggest you don't do that.
> 
>                           Let's leave aside how I am supposed to guess
>         what you
>                      have done to
>                           service both.
> 
>                           The network interface to bind to is an
>         attribute of the
>                      vhost, not
>                           the context.
> 
>                           By default, for compatibility lws creates you
>         one vhost
>                      called
>                           "default" when you create the context.
> 
>                           If you set the option bit
>                      LWS_SERVER_OPTION_EXPLICIT_VHOSTS when you
>                           create the context, creating the context does not
>                      create any vhosts.
> 
>                           Instead you can use the same
>         lws_context_creation_info
>                      struct to
>                           create as many vhosts as you want and attach
>         them to
>                      the context
>                           yourself, using
> 
>                           LWS_EXTERN LWS_VISIBLE struct lws_vhost *
>                           lws_create_vhost(struct lws_context *context,
>                                             struct
>         lws_context_creation_info *info);
> 
>                           You can mostly re-use your existing info struct
>                      contents, changing
>                           .iface and .name to reflect the vhost hostname
>         (ie,
>                      "warmcat.com <http://warmcat.com> <http://warmcat.com>
>                           <http://warmcat.com>" if people reached it by
>         typing
>                      "warmcat.com <http://warmcat.com> <http://warmcat.com>
>                           <http://warmcat.com>" in their browser).  And
>         changing the
>                           protocols, mounts etc according to what you
>         want to be
>                      available.
> 
>                           Both can be on port 443, lws will use SNI to
>         match the
>                      hostname the
>                           client had used to reach it to decide which
>         vhost to
>                      give them.
> 
>                           Each vhost can be told to use different SSL
>         certs and
>                      keys.  Lws
>                           will sort it out.
> 
>                           So... one context.  Two vhosts.
> 
>         https://warmcat.com and https://libwebsockets.org are two
>                      vhosts on
>                           the same lws server using this method.
> 
>                           -Andy
> 
> 
> 
>                               On Sat, Jul 8, 2017 at 3:31 PM, Andy Green
>                      <andy at warmcat.com <mailto:andy at warmcat.com>
>         <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>                               <mailto:andy at warmcat.com
>         <mailto:andy at warmcat.com> <mailto:andy at warmcat.com
>         <mailto:andy at warmcat.com>>>
>                      <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>         <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>                               <mailto:andy at warmcat.com
>         <mailto:andy at warmcat.com>
>                      <mailto:andy at warmcat.com
>         <mailto:andy at warmcat.com>>>>> wrote:
> 
> 
> 
>                                    On 07/08/2017 05:44 PM, techi eth wrote:
> 
>                                        OpenSSL version : 1.0.2h
> 
> 
>                                    Supposedly the new OpenSSL init /
>         destroy api
>                      was introduced in
>                                    1.0.2g, so it shouldn't be the problem.
> 
>                                        I have tried libwebsocket from
>         master & i
>                      am getting same
>                                        error.I will do the setup to get
>         the trace.
>                                        Do you confirm libwebsokcet works
>         in above
>                      mentioned
>                               use case ?
> 
> 
>                                    I have no idea what your use case
>         looks like.
> 
>                                    Two contexts?  One context?
> 
>                                        Is their any running sample then
>         it would
>                      be good for
>                               me to test ?
> 
> 
>                                    Find out the line of source and
>         reason for the
>                      segfault.  "A
>                                    segfault" by itself is like saying
>         "an error"
>                      or "a
>                               problem", it can
>                                    mean anything.  Related to lws,
>         related to
>                      your code,
>                               something else...
> 
>                                    -Andy
> 
> 
>                                        On Sat, Jul 8, 2017 at 2:51 PM,
>         Andy Green
>                               <andy at warmcat.com
>         <mailto:andy at warmcat.com> <mailto:andy at warmcat.com
>         <mailto:andy at warmcat.com>>
>                      <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>         <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>
>                                        <mailto:andy at warmcat.com
>         <mailto:andy at warmcat.com>
>                      <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>         <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>                      <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>>
>                               <mailto:andy at warmcat.com
>         <mailto:andy at warmcat.com> <mailto:andy at warmcat.com
>         <mailto:andy at warmcat.com>>
>                      <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>         <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>
> 
>                                        <mailto:andy at warmcat.com
>         <mailto:andy at warmcat.com>
>                      <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>         <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>                      <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>>>>
> 
>                               wrote:
> 
> 
> 
>                                             On 07/08/2017 05:16 PM,
>         techi eth wrote:
> 
>                                                 I was facing segfault
>         over below
>                      use case with
>                                        libwebsocket.
> 
> 
>                                             It's usually of zero use to hear
>                      there is a segfault
>                                        without getting
>                                             a backtrace.
> 
>                                                 I have two network
>         interface & i
>                      am trying to
>                               run SSL
>                                        server on
>                                                 port 443 for each network
>                      interface.When i run
>                                        independently
>                                                 each server by separate
>         programme
>                      for each it
>                               works
>                                        great but
>                                                 when i run both in same
>         programme
>                      one is
>                               giving segfault.
> 
> 
>                                             Is this by any remote chance
>         with two
>                      contexts?
> 
>                                             What version is your OpenSSL?
> 
>                                             -Andy
> 
>                                                 Last line i am getting is
>                      (inserted SSL accept
>                               into
>                                        fds, trying
>                                                 SSL_accept).
> 
>                                                 Note : Same programme
>         when i run
>                      without SSL
>                               it works
>                                        great.
> 
> 
> 
> 
>                                                           
>         _______________________________________________
>                                                 Libwebsockets mailing list
>         Libwebsockets at ml.libwebsockets.org
>         <mailto:Libwebsockets at ml.libwebsockets.org>
>                      <mailto:Libwebsockets at ml.libwebsockets.org
>         <mailto:Libwebsockets at ml.libwebsockets.org>>
>                               <mailto:Libwebsockets at ml.libwebsockets.org
>         <mailto:Libwebsockets at ml.libwebsockets.org>
>                      <mailto:Libwebsockets at ml.libwebsockets.org
>         <mailto:Libwebsockets at ml.libwebsockets.org>>>
>                                       
>         <mailto:Libwebsockets at ml.libwebsockets.org
>         <mailto:Libwebsockets at ml.libwebsockets.org>
>                      <mailto:Libwebsockets at ml.libwebsockets.org
>         <mailto:Libwebsockets at ml.libwebsockets.org>>
>                               <mailto:Libwebsockets at ml.libwebsockets.org
>         <mailto:Libwebsockets at ml.libwebsockets.org>
>                      <mailto:Libwebsockets at ml.libwebsockets.org
>         <mailto:Libwebsockets at ml.libwebsockets.org>>>>
>                                                           
>         <mailto:Libwebsockets at ml.libwebsockets.org
>         <mailto:Libwebsockets at ml.libwebsockets.org>
>                      <mailto:Libwebsockets at ml.libwebsockets.org
>         <mailto:Libwebsockets at ml.libwebsockets.org>>
>                               <mailto:Libwebsockets at ml.libwebsockets.org
>         <mailto:Libwebsockets at ml.libwebsockets.org>
>                      <mailto:Libwebsockets at ml.libwebsockets.org
>         <mailto:Libwebsockets at ml.libwebsockets.org>>>
>                                       
>         <mailto:Libwebsockets at ml.libwebsockets.org
>         <mailto:Libwebsockets at ml.libwebsockets.org>
>                      <mailto:Libwebsockets at ml.libwebsockets.org
>         <mailto:Libwebsockets at ml.libwebsockets.org>>
>                               <mailto:Libwebsockets at ml.libwebsockets.org
>         <mailto:Libwebsockets at ml.libwebsockets.org>
>                      <mailto:Libwebsockets at ml.libwebsockets.org
>         <mailto:Libwebsockets at ml.libwebsockets.org>>>>>
>         https://libwebsockets.org/mailman/listinfo/libwebsockets
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>
>                     
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>>
>                                         
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>
>                     
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>>>
>                                                         
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>
>                     
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>>
>                                         
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>
>                     
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>>>>
>                                                                         
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>
>                     
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>>
>                                         
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>
>                     
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>>>
>                                                         
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>
>                     
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>>
>                                         
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>
>                     
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets
>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>>>>>
> 
> 
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Libwebsockets mailing list
> Libwebsockets at ml.libwebsockets.org
> https://libwebsockets.org/mailman/listinfo/libwebsockets
> 



More information about the Libwebsockets mailing list