[Libwebsockets] SegFault for Websocket Server on Multiple Network Interface

Andy Green andy at warmcat.com
Wed Jul 12 08:11:41 CEST 2017



On July 12, 2017 2:05:02 PM GMT+08:00, techi eth <techieth at gmail.com> wrote:
>Sorry but I am bit confuse from your single socket statement.
>
>Here I have two IP address (Due to two different network interface) so
>I
>think there should be two socket however if vhost concept is based on
>single socket working on port sharing then I think this may work.

I think it will indeed be two listen sockets then, each bound to one ip or interface.

Typically vhosts are all piled on the same listen socket + port.

>I am not sure how it will behave when concurrent read/write happen on
>single socket by the multiple client from multiple network at same
>time.

There is no problem with it.  By default lws binds to all interfaces at the port (with one socket), this appears as 0.0.0.0 listen address in netstat.  So it is easy to confirm.

>
>If network connection go down (I have rejected connection & callback
>closed
>) & up again shall i need to create vhost again ?

No.

-Andy

>
>Thanks
>
>On Tue, Jul 11, 2017 at 4:48 PM, Andy Green <andy at warmcat.com> wrote:
>
>>
>>
>> On 07/11/2017 07:05 PM, techi eth wrote:
>>
>>> Thanks for your input.
>>>
>>> On rejecting connection in callback will cleanup all the resources &
>>> close listening socket ?
>>>
>>
>> No.  It will close the connection.
>>
>> If you want to add the capability to dynamically remove vhosts, by
>all
>> means, send me a patch.
>>
>> Is there any function available in lws  like
>_/context/_destroy(),which
>>> will call from application to do the job ?
>>>
>>
>> You seem a bit confused about this listen socket business.
>>
>> If both vhosts listen on :443, there is only ONE listen socket open
>on
>> :443.  If both vhosts opened their own listen socket, how would the
>tcp
>> layer know which vhost socket should get the connection?  It would
>have to
>> decide before we could fetch headers or whatever.  It couldn't work.
>>
>> If you close the single shared listen socket, no vhost can receive
>> anything.
>>
>> When the secure connection comes, it uses a TLS trick called SNI to
>get
>> the hostname the client was using to connect before the secure tunnel
>is
>> set up.  From that, it decides which vhost he was trying to connect
>to,
>> sets up the TLS tunnel using the correct vhost's certificates, and
>binds
>> the connection to the right vhost.
>>
>> If you want one of the vhosts to start rejecting connections, you can
>use
>> lws_get_vhost(wsi) once the wsi has bound to a particular vhost and
>act
>> differently if it is the 'down' vhost the wsi is bound to.
>>
>> -Andy
>>
>> On Tue, Jul 11, 2017 at 3:02 PM, Andy Green <andy at warmcat.com
><mailto:
>>> andy at warmcat.com>> wrote:
>>>
>>>
>>>
>>>     On 07/11/2017 05:25 PM, techi eth wrote:
>>>
>>>         Hi,
>>>
>>>         Now i am able to run both the SSL server. Thanks for input.
>>>         Could you please check attached file & let me know i am
>right in
>>>         using libwebsocket.
>>>
>>>
>>>     I don't have time to look at users' code.  Unless I feel I owe
>them
>>>     for contributions, mowing my lawn or whatever.
>>>
>>>         I would just like to know how to stop one server listening
>on
>>> vhost.
>>>
>>>
>>>     I assume you want to do it dynamically... the closest you can do
>>>     easily is reject the connection in an early callback.
>>>
>>>     If you handle the http callback, you can also have it decide to
>>>     respond with a redirect or a 500 page or whatever.
>>>
>>>     -Andy
>>>
>>>         Thanks
>>>
>>>         On Mon, Jul 10, 2017 at 3:27 PM, techi eth
><techieth at gmail.com
>>>         <mailto:techieth at gmail.com> <mailto:techieth at gmail.com
>>>         <mailto:techieth at gmail.com>>> wrote:
>>>
>>>              I have tried test as suggested by you now I don’t see
>>> segfault
>>>              anymore however I am not able to connect over server.
>>>
>>>              Could you please check attached test code & detaild lws
>log
>>>         & give
>>>              me hint what is wrong in code.
>>>
>>>              Thanks for your input.
>>>
>>>              On Sat, Jul 8, 2017 at 4:28 PM, Andy Green
>>>         <andy at warmcat.com <mailto:andy at warmcat.com>
>>>              <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>
>wrote:
>>>
>>>
>>>
>>>                  On 07/08/2017 06:51 PM, techi eth wrote:
>>>
>>>                      Thanks for your input.
>>>                      Having two context is not right or technically
>>>         complex ?
>>>
>>>                      I was running two server without SSL mode from
>past
>>>         1 month
>>>                      & it is working fine with two context.
>>>
>>>
>>>                  Well... if you want two contexts you better fix
>your
>>>         segfault.         You're always free to do what you prefer
>(and
>>>         I am free to
>>>                  ignore your problems with it).
>>>
>>>                  From:
>>>
>>>                    - the POV SNI won't work sharing port 443,
>because
>>>         the two
>>>                  vhosts you created by having two contexts don't
>know
>>>         about each
>>>                  other
>>>
>>>                    - the POV you only have one set of fds in your
>>>         process, the
>>>                  context holds a lookup table for all of them
>>>
>>>                    - the POV you only need to service (ie, wait in
>poll
>>>         or epoll)
>>>                  for one set of fds, not have an idle context
>increase
>>> your
>>>                  service latency on handling service for an active
>>>         context every time
>>>
>>>                  ...you should have one context and two vhosts.
>>>
>>>                  That's literally what the vhosts are for.  It's
>easy to
>>>         do, and
>>>                  from lws perspective "the right thing".
>>>
>>>                  -Andy
>>>
>>>                      On Sat, Jul 8, 2017 at 3:59 PM, Andy Green
>>>         <andy at warmcat.com <mailto:andy at warmcat.com>
>>>                      <mailto:andy at warmcat.com
><mailto:andy at warmcat.com>>
>>>         <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>>>                      <mailto:andy at warmcat.com
>>>         <mailto:andy at warmcat.com>>>> wrote:
>>>
>>>
>>>
>>>                           On 07/08/2017 06:12 PM, techi eth wrote:
>>>
>>>                               It is with two context.One context
>each
>>>         for one
>>>                      network interface.
>>>
>>>
>>>                           I can suggest you don't do that.
>>>
>>>                           Let's leave aside how I am supposed to
>guess
>>>         what you
>>>                      have done to
>>>                           service both.
>>>
>>>                           The network interface to bind to is an
>>>         attribute of the
>>>                      vhost, not
>>>                           the context.
>>>
>>>                           By default, for compatibility lws creates
>you
>>>         one vhost
>>>                      called
>>>                           "default" when you create the context.
>>>
>>>                           If you set the option bit
>>>                      LWS_SERVER_OPTION_EXPLICIT_VHOSTS when you
>>>                           create the context, creating the context
>does
>>> not
>>>                      create any vhosts.
>>>
>>>                           Instead you can use the same
>>>         lws_context_creation_info
>>>                      struct to
>>>                           create as many vhosts as you want and
>attach
>>>         them to
>>>                      the context
>>>                           yourself, using
>>>
>>>                           LWS_EXTERN LWS_VISIBLE struct lws_vhost *
>>>                           lws_create_vhost(struct lws_context
>*context,
>>>                                             struct
>>>         lws_context_creation_info *info);
>>>
>>>                           You can mostly re-use your existing info
>struct
>>>                      contents, changing
>>>                           .iface and .name to reflect the vhost
>hostname
>>>         (ie,
>>>                      "warmcat.com <http://warmcat.com> <
>>> http://warmcat.com>
>>>                           <http://warmcat.com>" if people reached it
>by
>>>         typing
>>>                      "warmcat.com <http://warmcat.com> <
>>> http://warmcat.com>
>>>                           <http://warmcat.com>" in their browser). 
>And
>>>         changing the
>>>                           protocols, mounts etc according to what
>you
>>>         want to be
>>>                      available.
>>>
>>>                           Both can be on port 443, lws will use SNI
>to
>>>         match the
>>>                      hostname the
>>>                           client had used to reach it to decide
>which
>>>         vhost to
>>>                      give them.
>>>
>>>                           Each vhost can be told to use different
>SSL
>>>         certs and
>>>                      keys.  Lws
>>>                           will sort it out.
>>>
>>>                           So... one context.  Two vhosts.
>>>
>>>         https://warmcat.com and https://libwebsockets.org are two
>>>                      vhosts on
>>>                           the same lws server using this method.
>>>
>>>                           -Andy
>>>
>>>
>>>
>>>                               On Sat, Jul 8, 2017 at 3:31 PM, Andy
>Green
>>>                      <andy at warmcat.com <mailto:andy at warmcat.com>
>>>         <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>>>                               <mailto:andy at warmcat.com
>>>         <mailto:andy at warmcat.com> <mailto:andy at warmcat.com
>>>         <mailto:andy at warmcat.com>>>
>>>                      <mailto:andy at warmcat.com
><mailto:andy at warmcat.com>
>>>         <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>
>>>                               <mailto:andy at warmcat.com
>>>         <mailto:andy at warmcat.com>
>>>                      <mailto:andy at warmcat.com
>>>         <mailto:andy at warmcat.com>>>>> wrote:
>>>
>>>
>>>
>>>                                    On 07/08/2017 05:44 PM, techi eth
>>> wrote:
>>>
>>>                                        OpenSSL version : 1.0.2h
>>>
>>>
>>>                                    Supposedly the new OpenSSL init /
>>>         destroy api
>>>                      was introduced in
>>>                                    1.0.2g, so it shouldn't be the
>problem.
>>>
>>>                                        I have tried libwebsocket
>from
>>>         master & i
>>>                      am getting same
>>>                                        error.I will do the setup to
>get
>>>         the trace.
>>>                                        Do you confirm libwebsokcet
>works
>>>         in above
>>>                      mentioned
>>>                               use case ?
>>>
>>>
>>>                                    I have no idea what your use case
>>>         looks like.
>>>
>>>                                    Two contexts?  One context?
>>>
>>>                                        Is their any running sample
>then
>>>         it would
>>>                      be good for
>>>                               me to test ?
>>>
>>>
>>>                                    Find out the line of source and
>>>         reason for the
>>>                      segfault.  "A
>>>                                    segfault" by itself is like
>saying
>>>         "an error"
>>>                      or "a
>>>                               problem", it can
>>>                                    mean anything.  Related to lws,
>>>         related to
>>>                      your code,
>>>                               something else...
>>>
>>>                                    -Andy
>>>
>>>
>>>                                        On Sat, Jul 8, 2017 at 2:51
>PM,
>>>         Andy Green
>>>                               <andy at warmcat.com
>>>         <mailto:andy at warmcat.com> <mailto:andy at warmcat.com
>>>         <mailto:andy at warmcat.com>>
>>>                      <mailto:andy at warmcat.com
><mailto:andy at warmcat.com>
>>>         <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>
>>>                                        <mailto:andy at warmcat.com
>>>         <mailto:andy at warmcat.com>
>>>                      <mailto:andy at warmcat.com
><mailto:andy at warmcat.com>>
>>>         <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>>>                      <mailto:andy at warmcat.com
><mailto:andy at warmcat.com
>>> >>>>
>>>                               <mailto:andy at warmcat.com
>>>         <mailto:andy at warmcat.com> <mailto:andy at warmcat.com
>>>         <mailto:andy at warmcat.com>>
>>>                      <mailto:andy at warmcat.com
><mailto:andy at warmcat.com>
>>>         <mailto:andy at warmcat.com <mailto:andy at warmcat.com>>>
>>>
>>>                                        <mailto:andy at warmcat.com
>>>         <mailto:andy at warmcat.com>
>>>                      <mailto:andy at warmcat.com
><mailto:andy at warmcat.com>>
>>>         <mailto:andy at warmcat.com <mailto:andy at warmcat.com>
>>>                      <mailto:andy at warmcat.com
><mailto:andy at warmcat.com
>>> >>>>>>
>>>
>>>
>>>                               wrote:
>>>
>>>
>>>
>>>                                             On 07/08/2017 05:16 PM,
>>>         techi eth wrote:
>>>
>>>                                                 I was facing
>segfault
>>>         over below
>>>                      use case with
>>>                                        libwebsocket.
>>>
>>>
>>>                                             It's usually of zero use
>to
>>> hear
>>>                      there is a segfault
>>>                                        without getting
>>>                                             a backtrace.
>>>
>>>                                                 I have two network
>>>         interface & i
>>>                      am trying to
>>>                               run SSL
>>>                                        server on
>>>                                                 port 443 for each
>network
>>>                      interface.When i run
>>>                                        independently
>>>                                                 each server by
>separate
>>>         programme
>>>                      for each it
>>>                               works
>>>                                        great but
>>>                                                 when i run both in
>same
>>>         programme
>>>                      one is
>>>                               giving segfault.
>>>
>>>
>>>                                             Is this by any remote
>chance
>>>         with two
>>>                      contexts?
>>>
>>>                                             What version is your
>OpenSSL?
>>>
>>>                                             -Andy
>>>
>>>                                                 Last line i am
>getting is
>>>                      (inserted SSL accept
>>>                               into
>>>                                        fds, trying
>>>                                                 SSL_accept).
>>>
>>>                                                 Note : Same
>programme
>>>         when i run
>>>                      without SSL
>>>                               it works
>>>                                        great.
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>>                                                 Libwebsockets
>mailing list
>>>         Libwebsockets at ml.libwebsockets.org
>>>         <mailto:Libwebsockets at ml.libwebsockets.org>
>>>                      <mailto:Libwebsockets at ml.libwebsockets.org
>>>         <mailto:Libwebsockets at ml.libwebsockets.org>>
>>>                              
><mailto:Libwebsockets at ml.libwebsockets.org
>>>         <mailto:Libwebsockets at ml.libwebsockets.org>
>>>                      <mailto:Libwebsockets at ml.libwebsockets.org
>>>         <mailto:Libwebsockets at ml.libwebsockets.org>>>
>>>                                               <mailto:
>>> Libwebsockets at ml.libwebsockets.org
>>>         <mailto:Libwebsockets at ml.libwebsockets.org>
>>>                      <mailto:Libwebsockets at ml.libwebsockets.org
>>>         <mailto:Libwebsockets at ml.libwebsockets.org>>
>>>                              
><mailto:Libwebsockets at ml.libwebsockets.org
>>>         <mailto:Libwebsockets at ml.libwebsockets.org>
>>>                      <mailto:Libwebsockets at ml.libwebsockets.org
>>>         <mailto:Libwebsockets at ml.libwebsockets.org>>>>
>>>                                                                  
><mailto:
>>> Libwebsockets at ml.libwebsockets.org
>>>         <mailto:Libwebsockets at ml.libwebsockets.org>
>>>                      <mailto:Libwebsockets at ml.libwebsockets.org
>>>         <mailto:Libwebsockets at ml.libwebsockets.org>>
>>>                              
><mailto:Libwebsockets at ml.libwebsockets.org
>>>         <mailto:Libwebsockets at ml.libwebsockets.org>
>>>                      <mailto:Libwebsockets at ml.libwebsockets.org
>>>         <mailto:Libwebsockets at ml.libwebsockets.org>>>
>>>                                               <mailto:
>>> Libwebsockets at ml.libwebsockets.org
>>>         <mailto:Libwebsockets at ml.libwebsockets.org>
>>>                      <mailto:Libwebsockets at ml.libwebsockets.org
>>>         <mailto:Libwebsockets at ml.libwebsockets.org>>
>>>                              
><mailto:Libwebsockets at ml.libwebsockets.org
>>>         <mailto:Libwebsockets at ml.libwebsockets.org>
>>>                      <mailto:Libwebsockets at ml.libwebsockets.org
>>>         <mailto:Libwebsockets at ml.libwebsockets.org>>>>>
>>>         https://libwebsockets.org/mailman/listinfo/libwebsockets
>>>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>
>>>                             <https://libwebsockets.org/mai
>>> lman/listinfo/libwebsockets
>>>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>>
>>>                                                 <
>>> https://libwebsockets.org/mailman/listinfo/libwebsockets
>>>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>
>>>                             <https://libwebsockets.org/mai
>>> lman/listinfo/libwebsockets
>>>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>>>
>>>                                                                 <
>>> https://libwebsockets.org/mailman/listinfo/libwebsockets
>>>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>
>>>                             <https://libwebsockets.org/mai
>>> lman/listinfo/libwebsockets
>>>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>>
>>>                                                 <
>>> https://libwebsockets.org/mailman/listinfo/libwebsockets
>>>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>
>>>                             <https://libwebsockets.org/mai
>>> lman/listinfo/libwebsockets
>>>        
><https://libwebsockets.org/mailman/listinfo/libwebsockets>>>>
>>>
>>>       <https://libwebsockets.org/mailman/listinfo/libwebsockets
>>>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>
>>>                             <https://libwebsockets.org/mai
>>> lman/listinfo/libwebsockets
>>>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>>
>>>                                                 <
>>> https://libwebsockets.org/mailman/listinfo/libwebsockets
>>>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>
>>>                             <https://libwebsockets.org/mai
>>> lman/listinfo/libwebsockets
>>>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>>>
>>>                                                                 <
>>> https://libwebsockets.org/mailman/listinfo/libwebsockets
>>>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>
>>>                             <https://libwebsockets.org/mai
>>> lman/listinfo/libwebsockets
>>>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>>
>>>                                                 <
>>> https://libwebsockets.org/mailman/listinfo/libwebsockets
>>>         <https://libwebsockets.org/mailman/listinfo/libwebsockets>
>>>                             <https://libwebsockets.org/mai
>>> lman/listinfo/libwebsockets
>>>        
><https://libwebsockets.org/mailman/listinfo/libwebsockets>>>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Libwebsockets mailing list
>>> Libwebsockets at ml.libwebsockets.org
>>> https://libwebsockets.org/mailman/listinfo/libwebsockets
>>>
>>>



More information about the Libwebsockets mailing list