[Libwebsockets] SegFault for Websocket Server on Multiple Network Interface

techi eth techieth at gmail.com
Wed Jul 12 08:05:02 CEST 2017


Sorry but I am bit confuse from your single socket statement.

Here I have two IP address (Due to two different network interface) so I
think there should be two socket however if vhost concept is based on
single socket working on port sharing then I think this may work.



I am not sure how it will behave when concurrent read/write happen on
single socket by the multiple client from multiple network at same time.


If network connection go down (I have rejected connection & callback closed
) & up again shall i need to create vhost again ?


Thanks

On Tue, Jul 11, 2017 at 4:48 PM, Andy Green <andy at warmcat.com> wrote:

>
>
> On 07/11/2017 07:05 PM, techi eth wrote:
>
>> Thanks for your input.
>>
>> On rejecting connection in callback will cleanup all the resources &
>> close listening socket ?
>>
>
> No.  It will close the connection.
>
> If you want to add the capability to dynamically remove vhosts, by all
> means, send me a patch.
>
> Is there any function available in lws  like _/context/_destroy(),which
>> will call from application to do the job ?
>>
>
> You seem a bit confused about this listen socket business.
>
> If both vhosts listen on :443, there is only ONE listen socket open on
> :443.  If both vhosts opened their own listen socket, how would the tcp
> layer know which vhost socket should get the connection?  It would have to
> decide before we could fetch headers or whatever.  It couldn't work.
>
> If you close the single shared listen socket, no vhost can receive
> anything.
>
> When the secure connection comes, it uses a TLS trick called SNI to get
> the hostname the client was using to connect before the secure tunnel is
> set up.  From that, it decides which vhost he was trying to connect to,
> sets up the TLS tunnel using the correct vhost's certificates, and binds
> the connection to the right vhost.
>
> If you want one of the vhosts to start rejecting connections, you can use
> lws_get_vhost(wsi) once the wsi has bound to a particular vhost and act
> differently if it is the 'down' vhost the wsi is bound to.
>
> -Andy
>
> On Tue, Jul 11, 2017 at 3:02 PM, Andy Green <andy at warmcat.com <mailto:
>> andy at warmcat.com>> wrote:
>>
>>
>>
>>     On 07/11/2017 05:25 PM, techi eth wrote:
>>
>>         Hi,
>>
>>         Now i am able to run both the SSL server. Thanks for input.
>>         Could you please check attached file & let me know i am right in
>>         using libwebsocket.
>>
>>
>>     I don't have time to look at users' code.  Unless I feel I owe them
>>     for contributions, mowing my lawn or whatever.
>>
>>         I would just like to know how to stop one server listening on
>> vhost.
>>
>>
>>     I assume you want to do it dynamically... the closest you can do
>>     easily is reject the connection in an early callback.
>>
>>     If you handle the http callback, you can also have it decide to
>>     respond with a redirect or a 500 page or whatever.
>>
>>     -Andy
>>
>>         Thanks
>>
>>         On Mon, Jul 10, 2017 at 3:27 PM, techi eth <techieth at gmail.com
>>         <mailto:techieth at gmail.com> <mailto:techieth at gmail.com
>>         <mailto:techieth at gmail.com>>> wrote:
>>
>>              I have tried test as suggested by you now I don’t see
>> segfault
>>              anymore however I am not able to connect over server.
>>
>>              Could you please check attached test code & detaild lws log
>>         & give
>>              me hint what is wrong in code.
>>
>>              Thanks for your input.
>>
>>              On Sat, Jul 8, 2017 at 4:28 PM, Andy Green
>>         <andy at warmcat.com <mailto:andy at warmcat.com>
>>              <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>> wrote:
>>
>>
>>
>>                  On 07/08/2017 06:51 PM, techi eth wrote:
>>
>>                      Thanks for your input.
>>                      Having two context is not right or technically
>>         complex ?
>>
>>                      I was running two server without SSL mode from past
>>         1 month
>>                      & it is working fine with two context.
>>
>>
>>                  Well... if you want two contexts you better fix your
>>         segfault.         You're always free to do what you prefer (and
>>         I am free to
>>                  ignore your problems with it).
>>
>>                  From:
>>
>>                    - the POV SNI won't work sharing port 443, because
>>         the two
>>                  vhosts you created by having two contexts don't know
>>         about each
>>                  other
>>
>>                    - the POV you only have one set of fds in your
>>         process, the
>>                  context holds a lookup table for all of them
>>
>>                    - the POV you only need to service (ie, wait in poll
>>         or epoll)
>>                  for one set of fds, not have an idle context increase
>> your
>>                  service latency on handling service for an active
>>         context every time
>>
>>                  ...you should have one context and two vhosts.
>>
>>                  That's literally what the vhosts are for.  It's easy to
>>         do, and
>>                  from lws perspective "the right thing".
>>
>>                  -Andy
>>
>>                      On Sat, Jul 8, 2017 at 3:59 PM, Andy Green
>>         <andy at warmcat.com <mailto:andy at warmcat.com>
>>                      <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>>         <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>>                      <mailto:andy at warmcat.com
>>         <mailto:andy at warmcat.com>>>> wrote:
>>
>>
>>
>>                           On 07/08/2017 06:12 PM, techi eth wrote:
>>
>>                               It is with two context.One context each
>>         for one
>>                      network interface.
>>
>>
>>                           I can suggest you don't do that.
>>
>>                           Let's leave aside how I am supposed to guess
>>         what you
>>                      have done to
>>                           service both.
>>
>>                           The network interface to bind to is an
>>         attribute of the
>>                      vhost, not
>>                           the context.
>>
>>                           By default, for compatibility lws creates you
>>         one vhost
>>                      called
>>                           "default" when you create the context.
>>
>>                           If you set the option bit
>>                      LWS_SERVER_OPTION_EXPLICIT_VHOSTS when you
>>                           create the context, creating the context does
>> not
>>                      create any vhosts.
>>
>>                           Instead you can use the same
>>         lws_context_creation_info
>>                      struct to
>>                           create as many vhosts as you want and attach
>>         them to
>>                      the context
>>                           yourself, using
>>
>>                           LWS_EXTERN LWS_VISIBLE struct lws_vhost *
>>                           lws_create_vhost(struct lws_context *context,
>>                                             struct
>>         lws_context_creation_info *info);
>>
>>                           You can mostly re-use your existing info struct
>>                      contents, changing
>>                           .iface and .name to reflect the vhost hostname
>>         (ie,
>>                      "warmcat.com <http://warmcat.com> <
>> http://warmcat.com>
>>                           <http://warmcat.com>" if people reached it by
>>         typing
>>                      "warmcat.com <http://warmcat.com> <
>> http://warmcat.com>
>>                           <http://warmcat.com>" in their browser).  And
>>         changing the
>>                           protocols, mounts etc according to what you
>>         want to be
>>                      available.
>>
>>                           Both can be on port 443, lws will use SNI to
>>         match the
>>                      hostname the
>>                           client had used to reach it to decide which
>>         vhost to
>>                      give them.
>>
>>                           Each vhost can be told to use different SSL
>>         certs and
>>                      keys.  Lws
>>                           will sort it out.
>>
>>                           So... one context.  Two vhosts.
>>
>>         https://warmcat.com and https://libwebsockets.org are two
>>                      vhosts on
>>                           the same lws server using this method.
>>
>>                           -Andy
>>
>>
>>
>>                               On Sat, Jul 8, 2017 at 3:31 PM, Andy Green
>>                      <andy at warmcat.com <mailto:andy at warmcat.com>
>>         <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>>                               <mailto:andy at warmcat.com
>>         <mailto:andy at warmcat.com> <mailto:andy at warmcat.com
>>         <mailto:andy at warmcat.com>>>
>>                      <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>>         <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>>                               <mailto:andy at warmcat.com
>>         <mailto:andy at warmcat.com>
>>                      <mailto:andy at warmcat.com
>>         <mailto:andy at warmcat.com>>>>> wrote:
>>
>>
>>
>>                                    On 07/08/2017 05:44 PM, techi eth
>> wrote:
>>
>>                                        OpenSSL version : 1.0.2h
>>
>>
>>                                    Supposedly the new OpenSSL init /
>>         destroy api
>>                      was introduced in
>>                                    1.0.2g, so it shouldn't be the problem.
>>
>>                                        I have tried libwebsocket from
>>         master & i
>>                      am getting same
>>                                        error.I will do the setup to get
>>         the trace.
>>                                        Do you confirm libwebsokcet works
>>         in above
>>                      mentioned
>>                               use case ?
>>
>>
>>                                    I have no idea what your use case
>>         looks like.
>>
>>                                    Two contexts?  One context?
>>
>>                                        Is their any running sample then
>>         it would
>>                      be good for
>>                               me to test ?
>>
>>
>>                                    Find out the line of source and
>>         reason for the
>>                      segfault.  "A
>>                                    segfault" by itself is like saying
>>         "an error"
>>                      or "a
>>                               problem", it can
>>                                    mean anything.  Related to lws,
>>         related to
>>                      your code,
>>                               something else...
>>
>>                                    -Andy
>>
>>
>>                                        On Sat, Jul 8, 2017 at 2:51 PM,
>>         Andy Green
>>                               <andy at warmcat.com
>>         <mailto:andy at warmcat.com> <mailto:andy at warmcat.com
>>         <mailto:andy at warmcat.com>>
>>                      <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>>         <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>
>>                                        <mailto:andy at warmcat.com
>>         <mailto:andy at warmcat.com>
>>                      <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>>         <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>>                      <mailto:andy at warmcat.com <mailto:andy at warmcat.com
>> >>>>
>>                               <mailto:andy at warmcat.com
>>         <mailto:andy at warmcat.com> <mailto:andy at warmcat.com
>>         <mailto:andy at warmcat.com>>
>>                      <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>>         <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>
>>
>>                                        <mailto:andy at warmcat.com
>>         <mailto:andy at warmcat.com>
>>                      <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>>         <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>>                      <mailto:andy at warmcat.com <mailto:andy at warmcat.com
>> >>>>>>
>>
>>
>>                               wrote:
>>
>>
>>
>>                                             On 07/08/2017 05:16 PM,
>>         techi eth wrote:
>>
>>                                                 I was facing segfault
>>         over below
>>                      use case with
>>                                        libwebsocket.
>>
>>
>>                                             It's usually of zero use to
>> hear
>>                      there is a segfault
>>                                        without getting
>>                                             a backtrace.
>>
>>                                                 I have two network
>>         interface & i
>>                      am trying to
>>                               run SSL
>>                                        server on
>>                                                 port 443 for each network
>>                      interface.When i run
>>                                        independently
>>                                                 each server by separate
>>         programme
>>                      for each it
>>                               works
>>                                        great but
>>                                                 when i run both in same
>>         programme
>>                      one is
>>                               giving segfault.
>>
>>
>>                                             Is this by any remote chance
>>         with two
>>                      contexts?
>>
>>                                             What version is your OpenSSL?
>>
>>                                             -Andy
>>
>>                                                 Last line i am getting is
>>                      (inserted SSL accept
>>                               into
>>                                        fds, trying
>>                                                 SSL_accept).
>>
>>                                                 Note : Same programme
>>         when i run
>>                      without SSL
>>                               it works
>>                                        great.
>>
>>
>>
>>
>>
>> _______________________________________________
>>                                                 Libwebsockets mailing list
>>         Libwebsockets at ml.libwebsockets.org
>>         <mailto:Libwebsockets at ml.libwebsockets.org>
>>                      <mailto:Libwebsockets at ml.libwebsockets.org
>>         <mailto:Libwebsockets at ml.libwebsockets.org>>
>>                               <mailto:Libwebsockets at ml.libwebsockets.org
>>         <mailto:Libwebsockets at ml.libwebsockets.org>
>>                      <mailto:Libwebsockets at ml.libwebsockets.org
>>         <mailto:Libwebsockets at ml.libwebsockets.org>>>
>>                                               <mailto:
>> Libwebsockets at ml.libwebsockets.org
>>         <mailto:Libwebsockets at ml.libwebsockets.org>
>>                      <mailto:Libwebsockets at ml.libwebsockets.org
>>         <mailto:Libwebsockets at ml.libwebsockets.org>>
>>                               <mailto:Libwebsockets at ml.libwebsockets.org
>>         <mailto:Libwebsockets at ml.libwebsockets.org>
>>                      <mailto:Libwebsockets at ml.libwebsockets.org
>>         <mailto:Libwebsockets at ml.libwebsockets.org>>>>
>>                                                                   <mailto:
>> Libwebsockets at ml.libwebsockets.org
>>         <mailto:Libwebsockets at ml.libwebsockets.org>
>>                      <mailto:Libwebsockets at ml.libwebsockets.org
>>         <mailto:Libwebsockets at ml.libwebsockets.org>>
>>                               <mailto:Libwebsockets at ml.libwebsockets.org
>>         <mailto:Libwebsockets at ml.libwebsockets.org>
>>                      <mailto:Libwebsockets at ml.libwebsockets.org
>>         <mailto:Libwebsockets at ml.libwebsockets.org>>>
>>                                               <mailto:
>> Libwebsockets at ml.libwebsockets.org
>>         <mailto:Libwebsockets at ml.libwebsockets.org>
>>                      <mailto:Libwebsockets at ml.libwebsockets.org
>>         <mailto:Libwebsockets at ml.libwebsockets.org>>
>>                               <mailto:Libwebsockets at ml.libwebsockets.org
>>         <mailto:Libwebsockets at ml.libwebsockets.org>
>>                      <mailto:Libwebsockets at ml.libwebsockets.org
>>         <mailto:Libwebsockets at ml.libwebsockets.org>>>>>
>>         https://libwebsockets.org/mailman/listinfo/libwebsockets
>>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>
>>                             <https://libwebsockets.org/mai
>> lman/listinfo/libwebsockets
>>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>>
>>                                                 <
>> https://libwebsockets.org/mailman/listinfo/libwebsockets
>>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>
>>                             <https://libwebsockets.org/mai
>> lman/listinfo/libwebsockets
>>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>>>
>>                                                                 <
>> https://libwebsockets.org/mailman/listinfo/libwebsockets
>>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>
>>                             <https://libwebsockets.org/mai
>> lman/listinfo/libwebsockets
>>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>>
>>                                                 <
>> https://libwebsockets.org/mailman/listinfo/libwebsockets
>>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>
>>                             <https://libwebsockets.org/mai
>> lman/listinfo/libwebsockets
>>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>>>>
>>
>>       <https://libwebsockets.org/mailman/listinfo/libwebsockets
>>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>
>>                             <https://libwebsockets.org/mai
>> lman/listinfo/libwebsockets
>>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>>
>>                                                 <
>> https://libwebsockets.org/mailman/listinfo/libwebsockets
>>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>
>>                             <https://libwebsockets.org/mai
>> lman/listinfo/libwebsockets
>>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>>>
>>                                                                 <
>> https://libwebsockets.org/mailman/listinfo/libwebsockets
>>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>
>>                             <https://libwebsockets.org/mai
>> lman/listinfo/libwebsockets
>>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>>
>>                                                 <
>> https://libwebsockets.org/mailman/listinfo/libwebsockets
>>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>
>>                             <https://libwebsockets.org/mai
>> lman/listinfo/libwebsockets
>>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>>>>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Libwebsockets mailing list
>> Libwebsockets at ml.libwebsockets.org
>> https://libwebsockets.org/mailman/listinfo/libwebsockets
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://libwebsockets.org/pipermail/libwebsockets/attachments/20170712/06e86f41/attachment-0002.html>


More information about the Libwebsockets mailing list