blob: c323d95ef108e404899b57f431727c34f5e80279 [file] [log] [blame]
// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/websockets/websocket_channel.h"
#include <limits.h> // for INT_MAX
#include <algorithm>
#include <utility>
#include <vector>
#include "base/big_endian.h"
#include "base/bind.h"
#include "base/containers/circular_deque.h"
#include "base/location.h"
#include "base/macros.h"
#include "base/memory/weak_ptr.h"
#include "base/metrics/histogram_macros.h"
#include "base/numerics/safe_conversions.h"
#include "base/single_thread_task_runner.h"
#include "base/strings/stringprintf.h"
#include "base/threading/thread_task_runner_handle.h"
#include "base/time/time.h"
#include "net/base/auth.h"
#include "net/base/io_buffer.h"
#include "net/http/http_request_headers.h"
#include "net/http/http_response_headers.h"
#include "net/http/http_util.h"
#include "net/log/net_log_with_source.h"
#include "net/websockets/websocket_errors.h"
#include "net/websockets/websocket_event_interface.h"
#include "net/websockets/websocket_frame.h"
#include "net/websockets/websocket_handshake_request_info.h"
#include "net/websockets/websocket_handshake_response_info.h"
#include "net/websockets/websocket_handshake_stream_create_helper.h"
#include "net/websockets/websocket_stream.h"
#include "starboard/types.h"
#include "url/origin.h"
namespace net {
namespace {
using base::StreamingUtf8Validator;
const int kDefaultSendQuotaLowWaterMark = 1 << 16;
const int kDefaultSendQuotaHighWaterMark = 1 << 17;
const size_t kWebSocketCloseCodeLength = 2;
// Timeout for waiting for the server to acknowledge a closing handshake.
const int kClosingHandshakeTimeoutSeconds = 60;
// We wait for the server to close the underlying connection as recommended in
// https://tools.ietf.org/html/rfc6455#section-7.1.1
// We don't use 2MSL since there're server implementations that don't follow
// the recommendation and wait for the client to close the underlying
// connection. It leads to unnecessarily long time before CloseEvent
// invocation. We want to avoid this rather than strictly following the spec
// recommendation.
const int kUnderlyingConnectionCloseTimeoutSeconds = 2;
using ChannelState = WebSocketChannel::ChannelState;
// Maximum close reason length = max control frame payload -
// status code length
// = 125 - 2
const size_t kMaximumCloseReasonLength = 125 - kWebSocketCloseCodeLength;
// Check a close status code for strict compliance with RFC6455. This is only
// used for close codes received from a renderer that we are intending to send
// out over the network. See ParseClose() for the restrictions on incoming close
// codes. The |code| parameter is type int for convenience of implementation;
// the real type is uint16_t. Code 1005 is treated specially; it cannot be set
// explicitly by Javascript but the renderer uses it to indicate we should send
// a Close frame with no payload.
bool IsStrictlyValidCloseStatusCode(int code) {
static const int kInvalidRanges[] = {
// [BAD, OK)
0, 1000, // 1000 is the first valid code
1006, 1007, // 1006 MUST NOT be set.
1014, 3000, // 1014 unassigned; 1015 up to 2999 are reserved.
5000, 65536, // Codes above 5000 are invalid.
};
const int* const kInvalidRangesEnd =
kInvalidRanges + arraysize(kInvalidRanges);
DCHECK_GE(code, 0);
DCHECK_LT(code, 65536);
const int* upper = std::upper_bound(kInvalidRanges, kInvalidRangesEnd, code);
DCHECK_NE(kInvalidRangesEnd, upper);
DCHECK_GT(upper, kInvalidRanges);
DCHECK_GT(*upper, code);
DCHECK_LE(*(upper - 1), code);
return ((upper - kInvalidRanges) % 2) == 0;
}
// Sets |name| to the name of the frame type for the given |opcode|. Note that
// for all of Text, Binary and Continuation opcode, this method returns
// "Data frame".
void GetFrameTypeForOpcode(WebSocketFrameHeader::OpCode opcode,
std::string* name) {
switch (opcode) {
case WebSocketFrameHeader::kOpCodeText: // fall-thru
case WebSocketFrameHeader::kOpCodeBinary: // fall-thru
case WebSocketFrameHeader::kOpCodeContinuation:
*name = "Data frame";
break;
case WebSocketFrameHeader::kOpCodePing:
*name = "Ping";
break;
case WebSocketFrameHeader::kOpCodePong:
*name = "Pong";
break;
case WebSocketFrameHeader::kOpCodeClose:
*name = "Close";
break;
default:
*name = "Unknown frame type";
break;
}
return;
}
class DependentIOBuffer : public WrappedIOBuffer {
public:
DependentIOBuffer(scoped_refptr<IOBuffer> buffer, size_t offset)
: WrappedIOBuffer(buffer->data() + offset), buffer_(std::move(buffer)) {}
private:
~DependentIOBuffer() override = default;
scoped_refptr<net::IOBuffer> buffer_;
};
} // namespace
// A class to encapsulate a set of frames and information about the size of
// those frames.
class WebSocketChannel::SendBuffer {
public:
SendBuffer() : total_bytes_(0) {}
// Add a WebSocketFrame to the buffer and increase total_bytes_.
void AddFrame(std::unique_ptr<WebSocketFrame> chunk);
// Return a pointer to the frames_ for write purposes.
std::vector<std::unique_ptr<WebSocketFrame>>* frames() { return &frames_; }
private:
// The frames_ that will be sent in the next call to WriteFrames().
std::vector<std::unique_ptr<WebSocketFrame>> frames_;
// The total size of the payload data in |frames_|. This will be used to
// measure the throughput of the link.
// TODO(ricea): Measure the throughput of the link.
uint64_t total_bytes_;
};
void WebSocketChannel::SendBuffer::AddFrame(
std::unique_ptr<WebSocketFrame> frame) {
total_bytes_ += frame->header.payload_length;
frames_.push_back(std::move(frame));
}
// Implementation of WebSocketStream::ConnectDelegate that simply forwards the
// calls on to the WebSocketChannel that created it.
class WebSocketChannel::ConnectDelegate
: public WebSocketStream::ConnectDelegate {
public:
explicit ConnectDelegate(WebSocketChannel* creator) : creator_(creator) {}
void OnCreateRequest(net::URLRequest* request) override {
creator_->OnCreateURLRequest(request);
}
void OnSuccess(std::unique_ptr<WebSocketStream> stream) override {
creator_->OnConnectSuccess(std::move(stream));
// |this| may have been deleted.
}
void OnFailure(const std::string& message) override {
creator_->OnConnectFailure(message);
// |this| has been deleted.
}
void OnStartOpeningHandshake(
std::unique_ptr<WebSocketHandshakeRequestInfo> request) override {
creator_->OnStartOpeningHandshake(std::move(request));
}
void OnFinishOpeningHandshake(
std::unique_ptr<WebSocketHandshakeResponseInfo> response) override {
creator_->OnFinishOpeningHandshake(std::move(response));
}
void OnSSLCertificateError(
std::unique_ptr<WebSocketEventInterface::SSLErrorCallbacks>
ssl_error_callbacks,
const SSLInfo& ssl_info,
bool fatal) override {
creator_->OnSSLCertificateError(std::move(ssl_error_callbacks), ssl_info,
fatal);
}
int OnAuthRequired(scoped_refptr<AuthChallengeInfo> auth_info,
scoped_refptr<HttpResponseHeaders> headers,
const HostPortPair& host_port_pair,
base::OnceCallback<void(const AuthCredentials*)> callback,
base::Optional<AuthCredentials>* credentials) override {
return creator_->OnAuthRequired(std::move(auth_info), std::move(headers),
host_port_pair, std::move(callback),
credentials);
}
private:
// A pointer to the WebSocketChannel that created this object. There is no
// danger of this pointer being stale, because deleting the WebSocketChannel
// cancels the connect process, deleting this object and preventing its
// callbacks from being called.
WebSocketChannel* const creator_;
DISALLOW_COPY_AND_ASSIGN(ConnectDelegate);
};
class WebSocketChannel::PendingReceivedFrame {
public:
PendingReceivedFrame(bool final,
WebSocketFrameHeader::OpCode opcode,
scoped_refptr<IOBuffer> data,
uint64_t offset,
uint64_t size)
: final_(final),
opcode_(opcode),
data_(std::move(data)),
offset_(offset),
size_(size) {}
PendingReceivedFrame(const PendingReceivedFrame& other) = default;
PendingReceivedFrame(PendingReceivedFrame&& other) = default;
~PendingReceivedFrame() = default;
// PendingReceivedFrame is placed in a base::queue and so needs to be copyable
// and movable.
PendingReceivedFrame& operator=(const PendingReceivedFrame& other) = default;
PendingReceivedFrame& operator=(PendingReceivedFrame&& other) = default;
bool final() const { return final_; }
WebSocketFrameHeader::OpCode opcode() const { return opcode_; }
// ResetOpcode() to Continuation.
void ResetOpcode() {
DCHECK(WebSocketFrameHeader::IsKnownDataOpCode(opcode_));
opcode_ = WebSocketFrameHeader::kOpCodeContinuation;
}
const scoped_refptr<IOBuffer>& data() const { return data_; }
uint64_t offset() const { return offset_; }
uint64_t size() const { return size_; }
// Increase |offset_| by |bytes|.
void DidConsume(uint64_t bytes) {
DCHECK_LE(offset_, size_);
DCHECK_LE(bytes, size_ - offset_);
offset_ += bytes;
}
private:
bool final_;
WebSocketFrameHeader::OpCode opcode_;
scoped_refptr<IOBuffer> data_;
// Where to start reading from data_. Everything prior to offset_ has
// already been sent to the browser.
uint64_t offset_;
// The size of data_.
uint64_t size_;
};
WebSocketChannel::WebSocketChannel(
std::unique_ptr<WebSocketEventInterface> event_interface,
URLRequestContext* url_request_context)
: event_interface_(std::move(event_interface)),
url_request_context_(url_request_context),
send_quota_low_water_mark_(kDefaultSendQuotaLowWaterMark),
send_quota_high_water_mark_(kDefaultSendQuotaHighWaterMark),
current_send_quota_(0),
current_receive_quota_(0),
closing_handshake_timeout_(
base::TimeDelta::FromSeconds(kClosingHandshakeTimeoutSeconds)),
underlying_connection_close_timeout_(base::TimeDelta::FromSeconds(
kUnderlyingConnectionCloseTimeoutSeconds)),
has_received_close_frame_(false),
received_close_code_(0),
state_(FRESHLY_CONSTRUCTED),
sending_text_message_(false),
receiving_text_message_(false),
expecting_to_handle_continuation_(false),
initial_frame_forwarded_(false) {}
WebSocketChannel::~WebSocketChannel() {
// The stream may hold a pointer to read_frames_, and so it needs to be
// destroyed first.
stream_.reset();
// The timer may have a callback pointing back to us, so stop it just in case
// someone decides to run the event loop from their destructor.
close_timer_.Stop();
}
void WebSocketChannel::SendAddChannelRequest(
const GURL& socket_url,
const std::vector<std::string>& requested_subprotocols,
const url::Origin& origin,
const GURL& site_for_cookies,
const HttpRequestHeaders& additional_headers) {
SendAddChannelRequestWithSuppliedCallback(
socket_url, requested_subprotocols, origin, site_for_cookies,
additional_headers, base::Bind(&WebSocketStream::CreateAndConnectStream));
}
void WebSocketChannel::SetState(State new_state) {
DCHECK_NE(state_, new_state);
if (new_state == CONNECTED)
established_on_ = base::TimeTicks::Now();
if (state_ == CONNECTED && !established_on_.is_null()) {
UMA_HISTOGRAM_LONG_TIMES(
"Net.WebSocket.Duration", base::TimeTicks::Now() - established_on_);
}
state_ = new_state;
}
bool WebSocketChannel::InClosingState() const {
// The state RECV_CLOSED is not supported here, because it is only used in one
// code path and should not leak into the code in general.
DCHECK_NE(RECV_CLOSED, state_)
<< "InClosingState called with state_ == RECV_CLOSED";
return state_ == SEND_CLOSED || state_ == CLOSE_WAIT || state_ == CLOSED;
}
WebSocketChannel::ChannelState WebSocketChannel::SendFrame(
bool fin,
WebSocketFrameHeader::OpCode op_code,
scoped_refptr<IOBuffer> buffer,
size_t buffer_size) {
DCHECK_LE(buffer_size, static_cast<size_t>(INT_MAX));
DCHECK(stream_) << "Got SendFrame without a connection established; fin="
<< fin << " op_code=" << op_code
<< " buffer_size=" << buffer_size;
if (InClosingState()) {
DVLOG(1) << "SendFrame called in state " << state_
<< ". This may be a bug, or a harmless race.";
return CHANNEL_ALIVE;
}
DCHECK_EQ(state_, CONNECTED);
if (buffer_size > base::checked_cast<size_t>(current_send_quota_)) {
// TODO(ricea): Kill renderer.
FailChannel("Send quota exceeded", kWebSocketErrorGoingAway, "");
return CHANNEL_DELETED;
// |this| has been deleted.
}
DCHECK(WebSocketFrameHeader::IsKnownDataOpCode(op_code))
<< "Got SendFrame with bogus op_code " << op_code << " fin=" << fin
<< " buffer_size=" << buffer_size;
if (op_code == WebSocketFrameHeader::kOpCodeText ||
(op_code == WebSocketFrameHeader::kOpCodeContinuation &&
sending_text_message_)) {
StreamingUtf8Validator::State state =
outgoing_utf8_validator_.AddBytes(buffer->data(), buffer_size);
if (state == StreamingUtf8Validator::INVALID ||
(state == StreamingUtf8Validator::VALID_MIDPOINT && fin)) {
// TODO(ricea): Kill renderer.
FailChannel("Browser sent a text frame containing invalid UTF-8",
kWebSocketErrorGoingAway, "");
return CHANNEL_DELETED;
// |this| has been deleted.
}
sending_text_message_ = !fin;
DCHECK(!fin || state == StreamingUtf8Validator::VALID_ENDPOINT);
}
current_send_quota_ -= buffer_size;
// TODO(ricea): If current_send_quota_ has dropped below
// send_quota_low_water_mark_, it might be good to increase the "low
// water mark" and "high water mark", but only if the link to the WebSocket
// server is not saturated.
return SendFrameInternal(fin, op_code, std::move(buffer), buffer_size);
// |this| may have been deleted.
}
ChannelState WebSocketChannel::SendFlowControl(int64_t quota) {
DCHECK(state_ == CONNECTING || state_ == CONNECTED || state_ == SEND_CLOSED ||
state_ == CLOSE_WAIT);
// TODO(ricea): Kill the renderer if it tries to send us a negative quota
// value or > INT_MAX.
DCHECK_GE(quota, 0);
DCHECK_LE(quota, INT_MAX);
if (!pending_received_frames_.empty()) {
DCHECK_EQ(0u, current_receive_quota_);
}
while (!pending_received_frames_.empty() && quota > 0) {
PendingReceivedFrame& front = pending_received_frames_.front();
const uint64_t data_size = front.size() - front.offset();
const uint64_t bytes_to_send =
std::min(base::checked_cast<uint64_t>(quota), data_size);
const bool final = front.final() && data_size == bytes_to_send;
scoped_refptr<IOBuffer> buffer_to_pass;
if (front.data()) {
buffer_to_pass =
base::MakeRefCounted<DependentIOBuffer>(front.data(), front.offset());
} else {
DCHECK(!bytes_to_send) << "Non empty data should not be null.";
}
DVLOG(3) << "Sending frame previously split due to quota to the "
<< "renderer: quota=" << quota << " data_size=" << data_size
<< " bytes_to_send=" << bytes_to_send;
event_interface_->OnDataFrame(final, front.opcode(),
std::move(buffer_to_pass), bytes_to_send);
if (bytes_to_send < data_size) {
front.DidConsume(bytes_to_send);
front.ResetOpcode();
return CHANNEL_ALIVE;
}
quota -= bytes_to_send;
pending_received_frames_.pop();
}
if (!InClosingState() && pending_received_frames_.empty() &&
has_received_close_frame_) {
// We've been waiting for the client to consume the frames before
// responding to the closing handshake initiated by the server.
return RespondToClosingHandshake();
}
// If current_receive_quota_ == 0 then there is no pending ReadFrames()
// operation.
const bool start_read =
current_receive_quota_ == 0 && quota > 0 &&
(state_ == CONNECTED || state_ == SEND_CLOSED || state_ == CLOSE_WAIT);
current_receive_quota_ += quota;
if (start_read)
return ReadFrames();
return CHANNEL_ALIVE;
}
ChannelState WebSocketChannel::StartClosingHandshake(
uint16_t code,
const std::string& reason) {
if (InClosingState()) {
// When the associated renderer process is killed while the channel is in
// CLOSING state we reach here.
DVLOG(1) << "StartClosingHandshake called in state " << state_
<< ". This may be a bug, or a harmless race.";
return CHANNEL_ALIVE;
}
if (has_received_close_frame_) {
// We reach here if the client wants to start a closing handshake while
// the browser is waiting for the client to consume incoming data frames
// before responding to a closing handshake initiated by the server.
// As the client doesn't want the data frames any more, we can respond to
// the closing handshake initiated by the server.
return RespondToClosingHandshake();
}
if (state_ == CONNECTING) {
// Abort the in-progress handshake and drop the connection immediately.
stream_request_.reset();
SetState(CLOSED);
DoDropChannel(false, kWebSocketErrorAbnormalClosure, "");
return CHANNEL_DELETED;
}
DCHECK_EQ(state_, CONNECTED);
DCHECK(!close_timer_.IsRunning());
// This use of base::Unretained() is safe because we stop the timer in the
// destructor.
close_timer_.Start(
FROM_HERE,
closing_handshake_timeout_,
base::Bind(&WebSocketChannel::CloseTimeout, base::Unretained(this)));
// Javascript actually only permits 1000 and 3000-4999, but the implementation
// itself may produce different codes. The length of |reason| is also checked
// by Javascript.
if (!IsStrictlyValidCloseStatusCode(code) ||
reason.size() > kMaximumCloseReasonLength) {
// "InternalServerError" is actually used for errors from any endpoint, per
// errata 3227 to RFC6455. If the renderer is sending us an invalid code or
// reason it must be malfunctioning in some way, and based on that we
// interpret this as an internal error.
if (SendClose(kWebSocketErrorInternalServerError, "") == CHANNEL_DELETED)
return CHANNEL_DELETED;
DCHECK_EQ(CONNECTED, state_);
SetState(SEND_CLOSED);
return CHANNEL_ALIVE;
}
if (SendClose(code, StreamingUtf8Validator::Validate(reason)
? reason
: std::string()) == CHANNEL_DELETED)
return CHANNEL_DELETED;
DCHECK_EQ(CONNECTED, state_);
SetState(SEND_CLOSED);
return CHANNEL_ALIVE;
}
void WebSocketChannel::SendAddChannelRequestForTesting(
const GURL& socket_url,
const std::vector<std::string>& requested_subprotocols,
const url::Origin& origin,
const GURL& site_for_cookies,
const HttpRequestHeaders& additional_headers,
const WebSocketStreamRequestCreationCallback& callback) {
SendAddChannelRequestWithSuppliedCallback(socket_url, requested_subprotocols,
origin, site_for_cookies,
additional_headers, callback);
}
void WebSocketChannel::SetClosingHandshakeTimeoutForTesting(
base::TimeDelta delay) {
closing_handshake_timeout_ = delay;
}
void WebSocketChannel::SetUnderlyingConnectionCloseTimeoutForTesting(
base::TimeDelta delay) {
underlying_connection_close_timeout_ = delay;
}
void WebSocketChannel::SendAddChannelRequestWithSuppliedCallback(
const GURL& socket_url,
const std::vector<std::string>& requested_subprotocols,
const url::Origin& origin,
const GURL& site_for_cookies,
const HttpRequestHeaders& additional_headers,
const WebSocketStreamRequestCreationCallback& callback) {
DCHECK_EQ(FRESHLY_CONSTRUCTED, state_);
if (!socket_url.SchemeIsWSOrWSS()) {
// TODO(ricea): Kill the renderer (this error should have been caught by
// Javascript).
event_interface_->OnFailChannel("Invalid scheme");
// |this| is deleted here.
return;
}
socket_url_ = socket_url;
auto connect_delegate = std::make_unique<ConnectDelegate>(this);
auto create_helper = std::make_unique<WebSocketHandshakeStreamCreateHelper>(
connect_delegate.get(), requested_subprotocols);
stream_request_ =
callback.Run(socket_url_, std::move(create_helper), origin,
site_for_cookies, additional_headers, url_request_context_,
NetLogWithSource(), std::move(connect_delegate));
SetState(CONNECTING);
}
void WebSocketChannel::OnCreateURLRequest(URLRequest* request) {
event_interface_->OnCreateURLRequest(request);
}
void WebSocketChannel::OnConnectSuccess(
std::unique_ptr<WebSocketStream> stream) {
DCHECK(stream);
DCHECK_EQ(CONNECTING, state_);
stream_ = std::move(stream);
SetState(CONNECTED);
event_interface_->OnAddChannelResponse(stream_->GetSubProtocol(),
stream_->GetExtensions());
// TODO(ricea): Get flow control information from the WebSocketStream once we
// have a multiplexing WebSocketStream.
current_send_quota_ = send_quota_high_water_mark_;
event_interface_->OnFlowControl(send_quota_high_water_mark_);
// |stream_request_| is not used once the connection has succeeded.
stream_request_.reset();
ignore_result(ReadFrames());
// |this| may have been deleted.
}
void WebSocketChannel::OnConnectFailure(const std::string& message) {
DCHECK_EQ(CONNECTING, state_);
// Copy the message before we delete its owner.
std::string message_copy = message;
SetState(CLOSED);
stream_request_.reset();
event_interface_->OnFailChannel(message_copy);
// |this| has been deleted.
}
void WebSocketChannel::OnSSLCertificateError(
std::unique_ptr<WebSocketEventInterface::SSLErrorCallbacks>
ssl_error_callbacks,
const SSLInfo& ssl_info,
bool fatal) {
event_interface_->OnSSLCertificateError(std::move(ssl_error_callbacks),
socket_url_, ssl_info, fatal);
}
int WebSocketChannel::OnAuthRequired(
scoped_refptr<AuthChallengeInfo> auth_info,
scoped_refptr<HttpResponseHeaders> response_headers,
const HostPortPair& host_port_pair,
base::OnceCallback<void(const AuthCredentials*)> callback,
base::Optional<AuthCredentials>* credentials) {
return event_interface_->OnAuthRequired(
std::move(auth_info), std::move(response_headers), host_port_pair,
std::move(callback), credentials);
}
void WebSocketChannel::OnStartOpeningHandshake(
std::unique_ptr<WebSocketHandshakeRequestInfo> request) {
event_interface_->OnStartOpeningHandshake(std::move(request));
}
void WebSocketChannel::OnFinishOpeningHandshake(
std::unique_ptr<WebSocketHandshakeResponseInfo> response) {
event_interface_->OnFinishOpeningHandshake(std::move(response));
}
ChannelState WebSocketChannel::WriteFrames() {
int result = OK;
do {
// This use of base::Unretained is safe because this object owns the
// WebSocketStream and destroying it cancels all callbacks.
result = stream_->WriteFrames(
data_being_sent_->frames(),
base::Bind(base::IgnoreResult(&WebSocketChannel::OnWriteDone),
base::Unretained(this),
false));
if (result != ERR_IO_PENDING) {
if (OnWriteDone(true, result) == CHANNEL_DELETED)
return CHANNEL_DELETED;
// OnWriteDone() returns CHANNEL_DELETED on error. Here |state_| is
// guaranteed to be the same as before OnWriteDone() call.
}
} while (result == OK && data_being_sent_);
return CHANNEL_ALIVE;
}
ChannelState WebSocketChannel::OnWriteDone(bool synchronous, int result) {
DCHECK_NE(FRESHLY_CONSTRUCTED, state_);
DCHECK_NE(CONNECTING, state_);
DCHECK_NE(ERR_IO_PENDING, result);
DCHECK(data_being_sent_);
switch (result) {
case OK:
if (data_to_send_next_) {
data_being_sent_ = std::move(data_to_send_next_);
if (!synchronous)
return WriteFrames();
} else {
data_being_sent_.reset();
if (current_send_quota_ < send_quota_low_water_mark_) {
// TODO(ricea): Increase low_water_mark and high_water_mark if
// throughput is high, reduce them if throughput is low. Low water
// mark needs to be >= the bandwidth delay product *of the IPC
// channel*. Because factors like context-switch time, thread wake-up
// time, and bus speed come into play it is complex and probably needs
// to be determined empirically.
DCHECK_LE(send_quota_low_water_mark_, send_quota_high_water_mark_);
// TODO(ricea): Truncate quota by the quota specified by the remote
// server, if the protocol in use supports quota.
int fresh_quota = send_quota_high_water_mark_ - current_send_quota_;
current_send_quota_ += fresh_quota;
event_interface_->OnFlowControl(fresh_quota);
return CHANNEL_ALIVE;
}
}
return CHANNEL_ALIVE;
// If a recoverable error condition existed, it would go here.
default:
DCHECK_LT(result, 0)
<< "WriteFrames() should only return OK or ERR_ codes";
stream_->Close();
SetState(CLOSED);
DoDropChannel(false, kWebSocketErrorAbnormalClosure, "");
return CHANNEL_DELETED;
}
}
ChannelState WebSocketChannel::ReadFrames() {
int result = OK;
while (result == OK && current_receive_quota_ > 0) {
// This use of base::Unretained is safe because this object owns the
// WebSocketStream, and any pending reads will be cancelled when it is
// destroyed.
result = stream_->ReadFrames(
&read_frames_,
base::Bind(base::IgnoreResult(&WebSocketChannel::OnReadDone),
base::Unretained(this),
false));
if (result != ERR_IO_PENDING) {
if (OnReadDone(true, result) == CHANNEL_DELETED)
return CHANNEL_DELETED;
}
DCHECK_NE(CLOSED, state_);
}
return CHANNEL_ALIVE;
}
ChannelState WebSocketChannel::OnReadDone(bool synchronous, int result) {
DCHECK_NE(FRESHLY_CONSTRUCTED, state_);
DCHECK_NE(CONNECTING, state_);
DCHECK_NE(ERR_IO_PENDING, result);
switch (result) {
case OK:
// ReadFrames() must use ERR_CONNECTION_CLOSED for a closed connection
// with no data read, not an empty response.
DCHECK(!read_frames_.empty())
<< "ReadFrames() returned OK, but nothing was read.";
for (size_t i = 0; i < read_frames_.size(); ++i) {
if (HandleFrame(std::move(read_frames_[i])) == CHANNEL_DELETED)
return CHANNEL_DELETED;
}
read_frames_.clear();
// There should always be a call to ReadFrames pending.
// TODO(ricea): Unless we are out of quota.
DCHECK_NE(CLOSED, state_);
if (!synchronous)
return ReadFrames();
return CHANNEL_ALIVE;
case ERR_WS_PROTOCOL_ERROR:
// This could be kWebSocketErrorProtocolError (specifically, non-minimal
// encoding of payload length) or kWebSocketErrorMessageTooBig, or an
// extension-specific error.
FailChannel("Invalid frame header", kWebSocketErrorProtocolError,
"WebSocket Protocol Error");
return CHANNEL_DELETED;
default:
DCHECK_LT(result, 0)
<< "ReadFrames() should only return OK or ERR_ codes";
stream_->Close();
SetState(CLOSED);
uint16_t code = kWebSocketErrorAbnormalClosure;
std::string reason = "";
bool was_clean = false;
if (has_received_close_frame_) {
code = received_close_code_;
reason = received_close_reason_;
was_clean = (result == ERR_CONNECTION_CLOSED);
}
DoDropChannel(was_clean, code, reason);
return CHANNEL_DELETED;
}
}
ChannelState WebSocketChannel::HandleFrame(
std::unique_ptr<WebSocketFrame> frame) {
if (frame->header.masked) {
// RFC6455 Section 5.1 "A client MUST close a connection if it detects a
// masked frame."
FailChannel(
"A server must not mask any frames that it sends to the "
"client.",
kWebSocketErrorProtocolError, "Masked frame from server");
return CHANNEL_DELETED;
}
const WebSocketFrameHeader::OpCode opcode = frame->header.opcode;
DCHECK(!WebSocketFrameHeader::IsKnownControlOpCode(opcode) ||
frame->header.final);
if (frame->header.reserved1 || frame->header.reserved2 ||
frame->header.reserved3) {
FailChannel(
base::StringPrintf("One or more reserved bits are on: reserved1 = %d, "
"reserved2 = %d, reserved3 = %d",
static_cast<int>(frame->header.reserved1),
static_cast<int>(frame->header.reserved2),
static_cast<int>(frame->header.reserved3)),
kWebSocketErrorProtocolError, "Invalid reserved bit");
return CHANNEL_DELETED;
}
// Respond to the frame appropriately to its type.
return HandleFrameByState(opcode, frame->header.final, std::move(frame->data),
frame->header.payload_length);
}
ChannelState WebSocketChannel::HandleFrameByState(
const WebSocketFrameHeader::OpCode opcode,
bool final,
scoped_refptr<IOBuffer> data_buffer,
uint64_t size) {
DCHECK_NE(RECV_CLOSED, state_)
<< "HandleFrame() does not support being called re-entrantly from within "
"SendClose()";
DCHECK_NE(CLOSED, state_);
if (state_ == CLOSE_WAIT) {
std::string frame_name;
GetFrameTypeForOpcode(opcode, &frame_name);
// FailChannel() won't send another Close frame.
FailChannel(frame_name + " received after close",
kWebSocketErrorProtocolError, "");
return CHANNEL_DELETED;
}
switch (opcode) {
case WebSocketFrameHeader::kOpCodeText: // fall-thru
case WebSocketFrameHeader::kOpCodeBinary:
case WebSocketFrameHeader::kOpCodeContinuation:
return HandleDataFrame(opcode, final, std::move(data_buffer), size);
case WebSocketFrameHeader::kOpCodePing:
DVLOG(1) << "Got Ping of size " << size;
if (state_ == CONNECTED)
return SendFrameInternal(true, WebSocketFrameHeader::kOpCodePong,
std::move(data_buffer), size);
DVLOG(3) << "Ignored ping in state " << state_;
return CHANNEL_ALIVE;
case WebSocketFrameHeader::kOpCodePong:
DVLOG(1) << "Got Pong of size " << size;
// There is no need to do anything with pong messages.
return CHANNEL_ALIVE;
case WebSocketFrameHeader::kOpCodeClose: {
uint16_t code = kWebSocketNormalClosure;
std::string reason;
std::string message;
if (!ParseClose(std::move(data_buffer), size, &code, &reason, &message)) {
FailChannel(message, code, reason);
return CHANNEL_DELETED;
}
// TODO(ricea): Find a way to safely log the message from the close
// message (escape control codes and so on).
DVLOG(1) << "Got Close with code " << code;
return HandleCloseFrame(code, reason);
}
default:
FailChannel(base::StringPrintf("Unrecognized frame opcode: %d", opcode),
kWebSocketErrorProtocolError, "Unknown opcode");
return CHANNEL_DELETED;
}
}
ChannelState WebSocketChannel::HandleDataFrame(
WebSocketFrameHeader::OpCode opcode,
bool final,
scoped_refptr<IOBuffer> data_buffer,
uint64_t size) {
if (state_ != CONNECTED) {
DVLOG(3) << "Ignored data packet received in state " << state_;
return CHANNEL_ALIVE;
}
if (has_received_close_frame_) {
DVLOG(3) << "Ignored data packet as we've received a close frame.";
return CHANNEL_ALIVE;
}
DCHECK(opcode == WebSocketFrameHeader::kOpCodeContinuation ||
opcode == WebSocketFrameHeader::kOpCodeText ||
opcode == WebSocketFrameHeader::kOpCodeBinary);
const bool got_continuation =
(opcode == WebSocketFrameHeader::kOpCodeContinuation);
if (got_continuation != expecting_to_handle_continuation_) {
const std::string console_log = got_continuation
? "Received unexpected continuation frame."
: "Received start of new message but previous message is unfinished.";
const std::string reason = got_continuation
? "Unexpected continuation"
: "Previous data frame unfinished";
FailChannel(console_log, kWebSocketErrorProtocolError, reason);
return CHANNEL_DELETED;
}
expecting_to_handle_continuation_ = !final;
WebSocketFrameHeader::OpCode opcode_to_send = opcode;
if (!initial_frame_forwarded_ &&
opcode == WebSocketFrameHeader::kOpCodeContinuation) {
opcode_to_send = receiving_text_message_
? WebSocketFrameHeader::kOpCodeText
: WebSocketFrameHeader::kOpCodeBinary;
}
if (opcode == WebSocketFrameHeader::kOpCodeText ||
(opcode == WebSocketFrameHeader::kOpCodeContinuation &&
receiving_text_message_)) {
// This call is not redundant when size == 0 because it tells us what
// the current state is.
StreamingUtf8Validator::State state = incoming_utf8_validator_.AddBytes(
size ? data_buffer->data() : NULL, static_cast<size_t>(size));
if (state == StreamingUtf8Validator::INVALID ||
(state == StreamingUtf8Validator::VALID_MIDPOINT && final)) {
FailChannel("Could not decode a text frame as UTF-8.",
kWebSocketErrorProtocolError, "Invalid UTF-8 in text frame");
return CHANNEL_DELETED;
}
receiving_text_message_ = !final;
DCHECK(!final || state == StreamingUtf8Validator::VALID_ENDPOINT);
}
if (size == 0U && !final)
return CHANNEL_ALIVE;
initial_frame_forwarded_ = !final;
if (size > current_receive_quota_ || !pending_received_frames_.empty()) {
const bool no_quota = (current_receive_quota_ == 0);
DCHECK(no_quota || pending_received_frames_.empty());
DVLOG(3) << "Queueing frame to renderer due to quota. quota="
<< current_receive_quota_ << " size=" << size;
WebSocketFrameHeader::OpCode opcode_to_queue =
no_quota ? opcode_to_send : WebSocketFrameHeader::kOpCodeContinuation;
pending_received_frames_.push(PendingReceivedFrame(
final, opcode_to_queue, data_buffer, current_receive_quota_, size));
if (no_quota)
return CHANNEL_ALIVE;
size = current_receive_quota_;
final = false;
}
current_receive_quota_ -= size;
// Sends the received frame to the renderer process.
event_interface_->OnDataFrame(final, opcode_to_send, std::move(data_buffer),
size);
return CHANNEL_ALIVE;
}
ChannelState WebSocketChannel::HandleCloseFrame(uint16_t code,
const std::string& reason) {
DVLOG(1) << "Got Close with code " << code;
switch (state_) {
case CONNECTED:
has_received_close_frame_ = true;
received_close_code_ = code;
received_close_reason_ = reason;
if (!pending_received_frames_.empty()) {
// We have some data to be sent to the renderer before sending this
// frame.
return CHANNEL_ALIVE;
}
return RespondToClosingHandshake();
case SEND_CLOSED:
SetState(CLOSE_WAIT);
DCHECK(close_timer_.IsRunning());
close_timer_.Stop();
// This use of base::Unretained() is safe because we stop the timer
// in the destructor.
close_timer_.Start(
FROM_HERE, underlying_connection_close_timeout_,
base::Bind(&WebSocketChannel::CloseTimeout, base::Unretained(this)));
// From RFC6455 section 7.1.5: "Each endpoint
// will see the status code sent by the other end as _The WebSocket
// Connection Close Code_."
has_received_close_frame_ = true;
received_close_code_ = code;
received_close_reason_ = reason;
break;
default:
LOG(DFATAL) << "Got Close in unexpected state " << state_;
break;
}
return CHANNEL_ALIVE;
}
ChannelState WebSocketChannel::RespondToClosingHandshake() {
DCHECK(has_received_close_frame_);
DCHECK_EQ(CONNECTED, state_);
SetState(RECV_CLOSED);
if (SendClose(received_close_code_, received_close_reason_) ==
CHANNEL_DELETED)
return CHANNEL_DELETED;
DCHECK_EQ(RECV_CLOSED, state_);
SetState(CLOSE_WAIT);
DCHECK(!close_timer_.IsRunning());
// This use of base::Unretained() is safe because we stop the timer
// in the destructor.
close_timer_.Start(
FROM_HERE, underlying_connection_close_timeout_,
base::Bind(&WebSocketChannel::CloseTimeout, base::Unretained(this)));
event_interface_->OnClosingHandshake();
return CHANNEL_ALIVE;
}
ChannelState WebSocketChannel::SendFrameInternal(
bool fin,
WebSocketFrameHeader::OpCode op_code,
scoped_refptr<IOBuffer> buffer,
uint64_t size) {
DCHECK(state_ == CONNECTED || state_ == RECV_CLOSED);
DCHECK(stream_);
auto frame = std::make_unique<WebSocketFrame>(op_code);
WebSocketFrameHeader& header = frame->header;
header.final = fin;
header.masked = true;
header.payload_length = size;
frame->data = std::move(buffer);
if (data_being_sent_) {
// Either the link to the WebSocket server is saturated, or several messages
// are being sent in a batch.
// TODO(ricea): Keep some statistics to work out the situation and adjust
// quota appropriately.
if (!data_to_send_next_)
data_to_send_next_ = std::make_unique<SendBuffer>();
data_to_send_next_->AddFrame(std::move(frame));
return CHANNEL_ALIVE;
}
data_being_sent_ = std::make_unique<SendBuffer>();
data_being_sent_->AddFrame(std::move(frame));
return WriteFrames();
}
void WebSocketChannel::FailChannel(const std::string& message,
uint16_t code,
const std::string& reason) {
DCHECK_NE(FRESHLY_CONSTRUCTED, state_);
DCHECK_NE(CONNECTING, state_);
DCHECK_NE(CLOSED, state_);
// TODO(ricea): Logging.
if (state_ == CONNECTED) {
if (SendClose(code, reason) == CHANNEL_DELETED)
return;
}
// Careful study of RFC6455 section 7.1.7 and 7.1.1 indicates the browser
// should close the connection itself without waiting for the closing
// handshake.
stream_->Close();
SetState(CLOSED);
event_interface_->OnFailChannel(message);
}
ChannelState WebSocketChannel::SendClose(uint16_t code,
const std::string& reason) {
DCHECK(state_ == CONNECTED || state_ == RECV_CLOSED);
DCHECK_LE(reason.size(), kMaximumCloseReasonLength);
scoped_refptr<IOBuffer> body;
uint64_t size = 0;
if (code == kWebSocketErrorNoStatusReceived) {
// Special case: translate kWebSocketErrorNoStatusReceived into a Close
// frame with no payload.
DCHECK(reason.empty());
body = base::MakeRefCounted<IOBuffer>(0);
} else {
const size_t payload_length = kWebSocketCloseCodeLength + reason.length();
body = base::MakeRefCounted<IOBuffer>(payload_length);
size = payload_length;
base::WriteBigEndian(body->data(), code);
static_assert(sizeof(code) == kWebSocketCloseCodeLength,
"they should both be two");
std::copy(
reason.begin(), reason.end(), body->data() + kWebSocketCloseCodeLength);
}
return SendFrameInternal(true, WebSocketFrameHeader::kOpCodeClose,
std::move(body), size);
}
bool WebSocketChannel::ParseClose(scoped_refptr<IOBuffer> buffer,
uint64_t size,
uint16_t* code,
std::string* reason,
std::string* message) {
reason->clear();
if (size < kWebSocketCloseCodeLength) {
if (size == 0U) {
*code = kWebSocketErrorNoStatusReceived;
return true;
}
DVLOG(1) << "Close frame with payload size " << size << " received "
<< "(the first byte is " << std::hex
<< static_cast<int>(buffer->data()[0]) << ")";
*code = kWebSocketErrorProtocolError;
*message =
"Received a broken close frame containing an invalid size body.";
return false;
}
const char* data = buffer->data();
uint16_t unchecked_code = 0;
base::ReadBigEndian(data, &unchecked_code);
static_assert(sizeof(unchecked_code) == kWebSocketCloseCodeLength,
"they should both be two bytes");
switch (unchecked_code) {
case kWebSocketErrorNoStatusReceived:
case kWebSocketErrorAbnormalClosure:
case kWebSocketErrorTlsHandshake:
*code = kWebSocketErrorProtocolError;
*message =
"Received a broken close frame containing a reserved status code.";
return false;
default:
*code = unchecked_code;
break;
}
std::string text(data + kWebSocketCloseCodeLength, data + size);
if (StreamingUtf8Validator::Validate(text)) {
reason->swap(text);
return true;
}
*code = kWebSocketErrorProtocolError;
*reason = "Invalid UTF-8 in Close frame";
*message = "Received a broken close frame containing invalid UTF-8.";
return false;
}
void WebSocketChannel::DoDropChannel(bool was_clean,
uint16_t code,
const std::string& reason) {
event_interface_->OnDropChannel(was_clean, code, reason);
}
void WebSocketChannel::CloseTimeout() {
stream_->Close();
SetState(CLOSED);
DoDropChannel(false, kWebSocketErrorAbnormalClosure, "");
// |this| has been deleted.
}
} // namespace net