2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
30 #include "qemu_socket.h"
31 #include "qemu-timer.h"
33 #include "qemu-objects.h"
35 #define VNC_REFRESH_INTERVAL_BASE 30
36 #define VNC_REFRESH_INTERVAL_INC 50
37 #define VNC_REFRESH_INTERVAL_MAX 2000
38 static const struct timeval VNC_REFRESH_STATS
= { 0, 500000 };
39 static const struct timeval VNC_REFRESH_LOSSY
= { 2, 0 };
41 #include "vnc_keysym.h"
44 #define count_bits(c, v) { \
45 for (c = 0; v; v >>= 1) \
51 static VncDisplay
*vnc_display
; /* needed for info vnc */
52 static DisplayChangeListener
*dcl
;
54 static int vnc_cursor_define(VncState
*vs
);
56 static char *addr_to_string(const char *format
,
57 struct sockaddr_storage
*sa
,
60 char host
[NI_MAXHOST
];
61 char serv
[NI_MAXSERV
];
65 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
68 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
69 VNC_DEBUG("Cannot resolve address %d: %s\n",
70 err
, gai_strerror(err
));
74 /* Enough for the existing format + the 2 vars we're
76 addrlen
= strlen(format
) + strlen(host
) + strlen(serv
);
77 addr
= qemu_malloc(addrlen
+ 1);
78 snprintf(addr
, addrlen
, format
, host
, serv
);
85 char *vnc_socket_local_addr(const char *format
, int fd
) {
86 struct sockaddr_storage sa
;
90 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
93 return addr_to_string(format
, &sa
, salen
);
96 char *vnc_socket_remote_addr(const char *format
, int fd
) {
97 struct sockaddr_storage sa
;
101 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
104 return addr_to_string(format
, &sa
, salen
);
107 static int put_addr_qdict(QDict
*qdict
, struct sockaddr_storage
*sa
,
110 char host
[NI_MAXHOST
];
111 char serv
[NI_MAXSERV
];
114 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
117 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
118 VNC_DEBUG("Cannot resolve address %d: %s\n",
119 err
, gai_strerror(err
));
123 qdict_put(qdict
, "host", qstring_from_str(host
));
124 qdict_put(qdict
, "service", qstring_from_str(serv
));
125 qdict_put(qdict
, "family",qstring_from_str(inet_strfamily(sa
->ss_family
)));
130 static int vnc_server_addr_put(QDict
*qdict
, int fd
)
132 struct sockaddr_storage sa
;
136 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0) {
140 return put_addr_qdict(qdict
, &sa
, salen
);
143 static int vnc_qdict_remote_addr(QDict
*qdict
, int fd
)
145 struct sockaddr_storage sa
;
149 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0) {
153 return put_addr_qdict(qdict
, &sa
, salen
);
156 static const char *vnc_auth_name(VncDisplay
*vd
) {
158 case VNC_AUTH_INVALID
:
174 case VNC_AUTH_VENCRYPT
:
175 #ifdef CONFIG_VNC_TLS
176 switch (vd
->subauth
) {
177 case VNC_AUTH_VENCRYPT_PLAIN
:
178 return "vencrypt+plain";
179 case VNC_AUTH_VENCRYPT_TLSNONE
:
180 return "vencrypt+tls+none";
181 case VNC_AUTH_VENCRYPT_TLSVNC
:
182 return "vencrypt+tls+vnc";
183 case VNC_AUTH_VENCRYPT_TLSPLAIN
:
184 return "vencrypt+tls+plain";
185 case VNC_AUTH_VENCRYPT_X509NONE
:
186 return "vencrypt+x509+none";
187 case VNC_AUTH_VENCRYPT_X509VNC
:
188 return "vencrypt+x509+vnc";
189 case VNC_AUTH_VENCRYPT_X509PLAIN
:
190 return "vencrypt+x509+plain";
191 case VNC_AUTH_VENCRYPT_TLSSASL
:
192 return "vencrypt+tls+sasl";
193 case VNC_AUTH_VENCRYPT_X509SASL
:
194 return "vencrypt+x509+sasl";
207 static int vnc_server_info_put(QDict
*qdict
)
209 if (vnc_server_addr_put(qdict
, vnc_display
->lsock
) < 0) {
213 qdict_put(qdict
, "auth", qstring_from_str(vnc_auth_name(vnc_display
)));
217 static void vnc_client_cache_auth(VncState
*client
)
219 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
227 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
228 qdict
= qobject_to_qdict(client
->info
);
231 #ifdef CONFIG_VNC_TLS
232 if (client
->tls
.session
&&
234 qdict_put(qdict
, "x509_dname", qstring_from_str(client
->tls
.dname
));
237 #ifdef CONFIG_VNC_SASL
238 if (client
->sasl
.conn
&&
239 client
->sasl
.username
) {
240 qdict_put(qdict
, "sasl_username",
241 qstring_from_str(client
->sasl
.username
));
246 static void vnc_client_cache_addr(VncState
*client
)
251 if (vnc_qdict_remote_addr(qdict
, client
->csock
) < 0) {
253 /* XXX: how to report the error? */
257 client
->info
= QOBJECT(qdict
);
260 static void vnc_qmp_event(VncState
*vs
, MonitorEvent event
)
269 server
= qdict_new();
270 if (vnc_server_info_put(server
) < 0) {
275 data
= qobject_from_jsonf("{ 'client': %p, 'server': %p }",
276 vs
->info
, QOBJECT(server
));
278 monitor_protocol_event(event
, data
);
280 qobject_incref(vs
->info
);
281 qobject_decref(data
);
284 static void info_vnc_iter(QObject
*obj
, void *opaque
)
287 Monitor
*mon
= opaque
;
289 client
= qobject_to_qdict(obj
);
290 monitor_printf(mon
, "Client:\n");
291 monitor_printf(mon
, " address: %s:%s\n",
292 qdict_get_str(client
, "host"),
293 qdict_get_str(client
, "service"));
295 #ifdef CONFIG_VNC_TLS
296 monitor_printf(mon
, " x509_dname: %s\n",
297 qdict_haskey(client
, "x509_dname") ?
298 qdict_get_str(client
, "x509_dname") : "none");
300 #ifdef CONFIG_VNC_SASL
301 monitor_printf(mon
, " username: %s\n",
302 qdict_haskey(client
, "sasl_username") ?
303 qdict_get_str(client
, "sasl_username") : "none");
307 void do_info_vnc_print(Monitor
*mon
, const QObject
*data
)
312 server
= qobject_to_qdict(data
);
313 if (qdict_get_bool(server
, "enabled") == 0) {
314 monitor_printf(mon
, "Server: disabled\n");
318 monitor_printf(mon
, "Server:\n");
319 monitor_printf(mon
, " address: %s:%s\n",
320 qdict_get_str(server
, "host"),
321 qdict_get_str(server
, "service"));
322 monitor_printf(mon
, " auth: %s\n", qdict_get_str(server
, "auth"));
324 clients
= qdict_get_qlist(server
, "clients");
325 if (qlist_empty(clients
)) {
326 monitor_printf(mon
, "Client: none\n");
328 qlist_iter(clients
, info_vnc_iter
, mon
);
332 void do_info_vnc(Monitor
*mon
, QObject
**ret_data
)
334 if (vnc_display
== NULL
|| vnc_display
->display
== NULL
) {
335 *ret_data
= qobject_from_jsonf("{ 'enabled': false }");
341 QTAILQ_FOREACH(client
, &vnc_display
->clients
, next
) {
343 /* incref so that it's not freed by upper layers */
344 qobject_incref(client
->info
);
345 qlist_append_obj(clist
, client
->info
);
349 *ret_data
= qobject_from_jsonf("{ 'enabled': true, 'clients': %p }",
351 assert(*ret_data
!= NULL
);
353 if (vnc_server_info_put(qobject_to_qdict(*ret_data
)) < 0) {
354 qobject_decref(*ret_data
);
361 1) Get the queue working for IO.
362 2) there is some weirdness when using the -S option (the screen is grey
363 and not totally invalidated
364 3) resolutions > 1024
367 static int vnc_update_client(VncState
*vs
, int has_dirty
);
368 static int vnc_update_client_sync(VncState
*vs
, int has_dirty
);
369 static void vnc_disconnect_start(VncState
*vs
);
370 static void vnc_disconnect_finish(VncState
*vs
);
371 static void vnc_init_timer(VncDisplay
*vd
);
372 static void vnc_remove_timer(VncDisplay
*vd
);
374 static void vnc_colordepth(VncState
*vs
);
375 static void framebuffer_update_request(VncState
*vs
, int incremental
,
376 int x_position
, int y_position
,
378 static void vnc_refresh(void *opaque
);
379 static int vnc_refresh_server_surface(VncDisplay
*vd
);
381 static inline void vnc_set_bit(uint32_t *d
, int k
)
383 d
[k
>> 5] |= 1 << (k
& 0x1f);
386 static inline void vnc_clear_bit(uint32_t *d
, int k
)
388 d
[k
>> 5] &= ~(1 << (k
& 0x1f));
391 static inline void vnc_set_bits(uint32_t *d
, int n
, int nb_words
)
401 d
[j
++] = (1 << n
) - 1;
406 static inline int vnc_get_bit(const uint32_t *d
, int k
)
408 return (d
[k
>> 5] >> (k
& 0x1f)) & 1;
411 static inline int vnc_and_bits(const uint32_t *d1
, const uint32_t *d2
,
415 for(i
= 0; i
< nb_words
; i
++) {
416 if ((d1
[i
] & d2
[i
]) != 0)
422 static void vnc_dpy_update(DisplayState
*ds
, int x
, int y
, int w
, int h
)
425 VncDisplay
*vd
= ds
->opaque
;
426 struct VncSurface
*s
= &vd
->guest
;
430 /* round x down to ensure the loop only spans one 16-pixel block per,
431 iteration. otherwise, if (x % 16) != 0, the last iteration may span
432 two 16-pixel blocks but we only mark the first as dirty
437 x
= MIN(x
, s
->ds
->width
);
438 y
= MIN(y
, s
->ds
->height
);
439 w
= MIN(x
+ w
, s
->ds
->width
) - x
;
440 h
= MIN(h
, s
->ds
->height
);
443 for (i
= 0; i
< w
; i
+= 16)
444 vnc_set_bit(s
->dirty
[y
], (x
+ i
) / 16);
447 void vnc_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
,
450 vnc_write_u16(vs
, x
);
451 vnc_write_u16(vs
, y
);
452 vnc_write_u16(vs
, w
);
453 vnc_write_u16(vs
, h
);
455 vnc_write_s32(vs
, encoding
);
458 void buffer_reserve(Buffer
*buffer
, size_t len
)
460 if ((buffer
->capacity
- buffer
->offset
) < len
) {
461 buffer
->capacity
+= (len
+ 1024);
462 buffer
->buffer
= qemu_realloc(buffer
->buffer
, buffer
->capacity
);
463 if (buffer
->buffer
== NULL
) {
464 fprintf(stderr
, "vnc: out of memory\n");
470 int buffer_empty(Buffer
*buffer
)
472 return buffer
->offset
== 0;
475 uint8_t *buffer_end(Buffer
*buffer
)
477 return buffer
->buffer
+ buffer
->offset
;
480 void buffer_reset(Buffer
*buffer
)
485 void buffer_free(Buffer
*buffer
)
487 qemu_free(buffer
->buffer
);
489 buffer
->capacity
= 0;
490 buffer
->buffer
= NULL
;
493 void buffer_append(Buffer
*buffer
, const void *data
, size_t len
)
495 memcpy(buffer
->buffer
+ buffer
->offset
, data
, len
);
496 buffer
->offset
+= len
;
499 static void vnc_desktop_resize(VncState
*vs
)
501 DisplayState
*ds
= vs
->ds
;
503 if (vs
->csock
== -1 || !vnc_has_feature(vs
, VNC_FEATURE_RESIZE
)) {
506 if (vs
->client_width
== ds_get_width(ds
) &&
507 vs
->client_height
== ds_get_height(ds
)) {
510 vs
->client_width
= ds_get_width(ds
);
511 vs
->client_height
= ds_get_height(ds
);
513 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
515 vnc_write_u16(vs
, 1); /* number of rects */
516 vnc_framebuffer_update(vs
, 0, 0, vs
->client_width
, vs
->client_height
,
517 VNC_ENCODING_DESKTOPRESIZE
);
518 vnc_unlock_output(vs
);
522 #ifdef CONFIG_VNC_THREAD
523 static void vnc_abort_display_jobs(VncDisplay
*vd
)
527 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
530 vnc_unlock_output(vs
);
532 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
535 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
538 vnc_unlock_output(vs
);
542 static void vnc_abort_display_jobs(VncDisplay
*vd
)
547 static void vnc_dpy_resize(DisplayState
*ds
)
549 VncDisplay
*vd
= ds
->opaque
;
552 vnc_abort_display_jobs(vd
);
556 vd
->server
= qemu_mallocz(sizeof(*vd
->server
));
557 if (vd
->server
->data
)
558 qemu_free(vd
->server
->data
);
559 *(vd
->server
) = *(ds
->surface
);
560 vd
->server
->data
= qemu_mallocz(vd
->server
->linesize
*
565 vd
->guest
.ds
= qemu_mallocz(sizeof(*vd
->guest
.ds
));
566 if (ds_get_bytes_per_pixel(ds
) != vd
->guest
.ds
->pf
.bytes_per_pixel
)
567 console_color_init(ds
);
568 *(vd
->guest
.ds
) = *(ds
->surface
);
569 memset(vd
->guest
.dirty
, 0xFF, sizeof(vd
->guest
.dirty
));
571 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
573 vnc_desktop_resize(vs
);
574 if (vs
->vd
->cursor
) {
575 vnc_cursor_define(vs
);
577 memset(vs
->dirty
, 0xFF, sizeof(vs
->dirty
));
582 static void vnc_write_pixels_copy(VncState
*vs
, struct PixelFormat
*pf
,
583 void *pixels
, int size
)
585 vnc_write(vs
, pixels
, size
);
588 /* slowest but generic code. */
589 void vnc_convert_pixel(VncState
*vs
, uint8_t *buf
, uint32_t v
)
592 VncDisplay
*vd
= vs
->vd
;
594 r
= ((((v
& vd
->server
->pf
.rmask
) >> vd
->server
->pf
.rshift
) << vs
->clientds
.pf
.rbits
) >>
595 vd
->server
->pf
.rbits
);
596 g
= ((((v
& vd
->server
->pf
.gmask
) >> vd
->server
->pf
.gshift
) << vs
->clientds
.pf
.gbits
) >>
597 vd
->server
->pf
.gbits
);
598 b
= ((((v
& vd
->server
->pf
.bmask
) >> vd
->server
->pf
.bshift
) << vs
->clientds
.pf
.bbits
) >>
599 vd
->server
->pf
.bbits
);
600 v
= (r
<< vs
->clientds
.pf
.rshift
) |
601 (g
<< vs
->clientds
.pf
.gshift
) |
602 (b
<< vs
->clientds
.pf
.bshift
);
603 switch(vs
->clientds
.pf
.bytes_per_pixel
) {
608 if (vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) {
618 if (vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) {
633 static void vnc_write_pixels_generic(VncState
*vs
, struct PixelFormat
*pf
,
634 void *pixels1
, int size
)
638 if (pf
->bytes_per_pixel
== 4) {
639 uint32_t *pixels
= pixels1
;
642 for(i
= 0; i
< n
; i
++) {
643 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
644 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
646 } else if (pf
->bytes_per_pixel
== 2) {
647 uint16_t *pixels
= pixels1
;
650 for(i
= 0; i
< n
; i
++) {
651 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
652 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
654 } else if (pf
->bytes_per_pixel
== 1) {
655 uint8_t *pixels
= pixels1
;
658 for(i
= 0; i
< n
; i
++) {
659 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
660 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
663 fprintf(stderr
, "vnc_write_pixels_generic: VncState color depth not supported\n");
667 int vnc_raw_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
671 VncDisplay
*vd
= vs
->vd
;
673 row
= vd
->server
->data
+ y
* ds_get_linesize(vs
->ds
) + x
* ds_get_bytes_per_pixel(vs
->ds
);
674 for (i
= 0; i
< h
; i
++) {
675 vs
->write_pixels(vs
, &vd
->server
->pf
, row
, w
* ds_get_bytes_per_pixel(vs
->ds
));
676 row
+= ds_get_linesize(vs
->ds
);
681 int vnc_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
685 switch(vs
->vnc_encoding
) {
686 case VNC_ENCODING_ZLIB
:
687 n
= vnc_zlib_send_framebuffer_update(vs
, x
, y
, w
, h
);
689 case VNC_ENCODING_HEXTILE
:
690 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_HEXTILE
);
691 n
= vnc_hextile_send_framebuffer_update(vs
, x
, y
, w
, h
);
693 case VNC_ENCODING_TIGHT
:
694 n
= vnc_tight_send_framebuffer_update(vs
, x
, y
, w
, h
);
696 case VNC_ENCODING_TIGHT_PNG
:
697 n
= vnc_tight_png_send_framebuffer_update(vs
, x
, y
, w
, h
);
699 case VNC_ENCODING_ZRLE
:
700 n
= vnc_zrle_send_framebuffer_update(vs
, x
, y
, w
, h
);
702 case VNC_ENCODING_ZYWRLE
:
703 n
= vnc_zywrle_send_framebuffer_update(vs
, x
, y
, w
, h
);
706 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_RAW
);
707 n
= vnc_raw_send_framebuffer_update(vs
, x
, y
, w
, h
);
713 static void vnc_copy(VncState
*vs
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
715 /* send bitblit op to the vnc client */
717 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
719 vnc_write_u16(vs
, 1); /* number of rects */
720 vnc_framebuffer_update(vs
, dst_x
, dst_y
, w
, h
, VNC_ENCODING_COPYRECT
);
721 vnc_write_u16(vs
, src_x
);
722 vnc_write_u16(vs
, src_y
);
723 vnc_unlock_output(vs
);
727 static void vnc_dpy_copy(DisplayState
*ds
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
729 VncDisplay
*vd
= ds
->opaque
;
733 int i
,x
,y
,pitch
,depth
,inc
,w_lim
,s
;
736 vnc_refresh_server_surface(vd
);
737 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
738 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
739 vs
->force_update
= 1;
740 vnc_update_client_sync(vs
, 1);
741 /* vs might be free()ed here */
745 /* do bitblit op on the local surface too */
746 pitch
= ds_get_linesize(vd
->ds
);
747 depth
= ds_get_bytes_per_pixel(vd
->ds
);
748 src_row
= vd
->server
->data
+ pitch
* src_y
+ depth
* src_x
;
749 dst_row
= vd
->server
->data
+ pitch
* dst_y
+ depth
* dst_x
;
754 src_row
+= pitch
* (h
-1);
755 dst_row
+= pitch
* (h
-1);
760 w_lim
= w
- (16 - (dst_x
% 16));
764 w_lim
= w
- (w_lim
% 16);
765 for (i
= 0; i
< h
; i
++) {
766 for (x
= 0; x
<= w_lim
;
767 x
+= s
, src_row
+= cmp_bytes
, dst_row
+= cmp_bytes
) {
769 if ((s
= w
- w_lim
) == 0)
772 s
= (16 - (dst_x
% 16));
777 cmp_bytes
= s
* depth
;
778 if (memcmp(src_row
, dst_row
, cmp_bytes
) == 0)
780 memmove(dst_row
, src_row
, cmp_bytes
);
781 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
782 if (!vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
783 vnc_set_bit(vs
->dirty
[y
], ((x
+ dst_x
) / 16));
787 src_row
+= pitch
- w
* depth
;
788 dst_row
+= pitch
- w
* depth
;
792 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
793 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
794 vnc_copy(vs
, src_x
, src_y
, dst_x
, dst_y
, w
, h
);
799 static void vnc_mouse_set(int x
, int y
, int visible
)
801 /* can we ask the client(s) to move the pointer ??? */
804 static int vnc_cursor_define(VncState
*vs
)
806 QEMUCursor
*c
= vs
->vd
->cursor
;
807 PixelFormat pf
= qemu_default_pixelformat(32);
810 if (vnc_has_feature(vs
, VNC_FEATURE_RICH_CURSOR
)) {
812 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
813 vnc_write_u8(vs
, 0); /* padding */
814 vnc_write_u16(vs
, 1); /* # of rects */
815 vnc_framebuffer_update(vs
, c
->hot_x
, c
->hot_y
, c
->width
, c
->height
,
816 VNC_ENCODING_RICH_CURSOR
);
817 isize
= c
->width
* c
->height
* vs
->clientds
.pf
.bytes_per_pixel
;
818 vnc_write_pixels_generic(vs
, &pf
, c
->data
, isize
);
819 vnc_write(vs
, vs
->vd
->cursor_mask
, vs
->vd
->cursor_msize
);
820 vnc_unlock_output(vs
);
826 static void vnc_dpy_cursor_define(QEMUCursor
*c
)
828 VncDisplay
*vd
= vnc_display
;
831 cursor_put(vd
->cursor
);
832 qemu_free(vd
->cursor_mask
);
835 cursor_get(vd
->cursor
);
836 vd
->cursor_msize
= cursor_get_mono_bpl(c
) * c
->height
;
837 vd
->cursor_mask
= qemu_mallocz(vd
->cursor_msize
);
838 cursor_get_mono_mask(c
, 0, vd
->cursor_mask
);
840 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
841 vnc_cursor_define(vs
);
845 static int find_and_clear_dirty_height(struct VncState
*vs
,
846 int y
, int last_x
, int x
)
849 VncDisplay
*vd
= vs
->vd
;
851 for (h
= 1; h
< (vd
->server
->height
- y
); h
++) {
853 if (!vnc_get_bit(vs
->dirty
[y
+ h
], last_x
))
855 for (tmp_x
= last_x
; tmp_x
< x
; tmp_x
++)
856 vnc_clear_bit(vs
->dirty
[y
+ h
], tmp_x
);
862 #ifdef CONFIG_VNC_THREAD
863 static int vnc_update_client_sync(VncState
*vs
, int has_dirty
)
865 int ret
= vnc_update_client(vs
, has_dirty
);
870 static int vnc_update_client_sync(VncState
*vs
, int has_dirty
)
872 return vnc_update_client(vs
, has_dirty
);
876 static int vnc_update_client(VncState
*vs
, int has_dirty
)
878 if (vs
->need_update
&& vs
->csock
!= -1) {
879 VncDisplay
*vd
= vs
->vd
;
886 if (vs
->output
.offset
&& !vs
->audio_cap
&& !vs
->force_update
)
887 /* kernel send buffers are full -> drop frames to throttle */
890 if (!has_dirty
&& !vs
->audio_cap
&& !vs
->force_update
)
894 * Send screen updates to the vnc client using the server
895 * surface and server dirty map. guest surface updates
896 * happening in parallel don't disturb us, the next pass will
897 * send them to the client.
899 job
= vnc_job_new(vs
);
901 width
= MIN(vd
->server
->width
, vs
->client_width
);
902 height
= MIN(vd
->server
->height
, vs
->client_height
);
904 for (y
= 0; y
< height
; y
++) {
907 for (x
= 0; x
< width
/ 16; x
++) {
908 if (vnc_get_bit(vs
->dirty
[y
], x
)) {
912 vnc_clear_bit(vs
->dirty
[y
], x
);
915 int h
= find_and_clear_dirty_height(vs
, y
, last_x
, x
);
917 n
+= vnc_job_add_rect(job
, last_x
* 16, y
,
918 (x
- last_x
) * 16, h
);
924 int h
= find_and_clear_dirty_height(vs
, y
, last_x
, x
);
925 n
+= vnc_job_add_rect(job
, last_x
* 16, y
,
926 (x
- last_x
) * 16, h
);
931 vs
->force_update
= 0;
936 vnc_disconnect_finish(vs
);
942 static void audio_capture_notify(void *opaque
, audcnotification_e cmd
)
944 VncState
*vs
= opaque
;
947 case AUD_CNOTIFY_DISABLE
:
949 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
950 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
951 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_END
);
952 vnc_unlock_output(vs
);
956 case AUD_CNOTIFY_ENABLE
:
958 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
959 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
960 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN
);
961 vnc_unlock_output(vs
);
967 static void audio_capture_destroy(void *opaque
)
971 static void audio_capture(void *opaque
, void *buf
, int size
)
973 VncState
*vs
= opaque
;
976 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
977 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
978 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_DATA
);
979 vnc_write_u32(vs
, size
);
980 vnc_write(vs
, buf
, size
);
981 vnc_unlock_output(vs
);
985 static void audio_add(VncState
*vs
)
987 struct audio_capture_ops ops
;
990 monitor_printf(default_mon
, "audio already running\n");
994 ops
.notify
= audio_capture_notify
;
995 ops
.destroy
= audio_capture_destroy
;
996 ops
.capture
= audio_capture
;
998 vs
->audio_cap
= AUD_add_capture(&vs
->as
, &ops
, vs
);
999 if (!vs
->audio_cap
) {
1000 monitor_printf(default_mon
, "Failed to add audio capture\n");
1004 static void audio_del(VncState
*vs
)
1006 if (vs
->audio_cap
) {
1007 AUD_del_capture(vs
->audio_cap
, vs
);
1008 vs
->audio_cap
= NULL
;
1012 static void vnc_disconnect_start(VncState
*vs
)
1014 if (vs
->csock
== -1)
1016 qemu_set_fd_handler2(vs
->csock
, NULL
, NULL
, NULL
, NULL
);
1017 closesocket(vs
->csock
);
1021 static void vnc_disconnect_finish(VncState
*vs
)
1025 vnc_jobs_join(vs
); /* Wait encoding jobs */
1027 vnc_lock_output(vs
);
1028 vnc_qmp_event(vs
, QEVENT_VNC_DISCONNECTED
);
1030 buffer_free(&vs
->input
);
1031 buffer_free(&vs
->output
);
1033 qobject_decref(vs
->info
);
1036 vnc_tight_clear(vs
);
1039 #ifdef CONFIG_VNC_TLS
1040 vnc_tls_client_cleanup(vs
);
1041 #endif /* CONFIG_VNC_TLS */
1042 #ifdef CONFIG_VNC_SASL
1043 vnc_sasl_client_cleanup(vs
);
1044 #endif /* CONFIG_VNC_SASL */
1047 QTAILQ_REMOVE(&vs
->vd
->clients
, vs
, next
);
1049 if (QTAILQ_EMPTY(&vs
->vd
->clients
)) {
1053 qemu_remove_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
1054 vnc_remove_timer(vs
->vd
);
1055 if (vs
->vd
->lock_key_sync
)
1056 qemu_remove_led_event_handler(vs
->led
);
1057 vnc_unlock_output(vs
);
1059 #ifdef CONFIG_VNC_THREAD
1060 qemu_mutex_destroy(&vs
->output_mutex
);
1062 for (i
= 0; i
< VNC_STAT_ROWS
; ++i
) {
1063 qemu_free(vs
->lossy_rect
[i
]);
1065 qemu_free(vs
->lossy_rect
);
1069 int vnc_client_io_error(VncState
*vs
, int ret
, int last_errno
)
1071 if (ret
== 0 || ret
== -1) {
1073 switch (last_errno
) {
1077 case WSAEWOULDBLOCK
:
1085 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1086 ret
, ret
< 0 ? last_errno
: 0);
1087 vnc_disconnect_start(vs
);
1095 void vnc_client_error(VncState
*vs
)
1097 VNC_DEBUG("Closing down client sock: protocol error\n");
1098 vnc_disconnect_start(vs
);
1103 * Called to write a chunk of data to the client socket. The data may
1104 * be the raw data, or may have already been encoded by SASL.
1105 * The data will be written either straight onto the socket, or
1106 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1108 * NB, it is theoretically possible to have 2 layers of encryption,
1109 * both SASL, and this TLS layer. It is highly unlikely in practice
1110 * though, since SASL encryption will typically be a no-op if TLS
1113 * Returns the number of bytes written, which may be less than
1114 * the requested 'datalen' if the socket would block. Returns
1115 * -1 on error, and disconnects the client socket.
1117 long vnc_client_write_buf(VncState
*vs
, const uint8_t *data
, size_t datalen
)
1120 #ifdef CONFIG_VNC_TLS
1121 if (vs
->tls
.session
) {
1122 ret
= gnutls_write(vs
->tls
.session
, data
, datalen
);
1124 if (ret
== GNUTLS_E_AGAIN
)
1131 #endif /* CONFIG_VNC_TLS */
1132 ret
= send(vs
->csock
, (const void *)data
, datalen
, 0);
1133 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data
, datalen
, ret
);
1134 return vnc_client_io_error(vs
, ret
, socket_error());
1139 * Called to write buffered data to the client socket, when not
1140 * using any SASL SSF encryption layers. Will write as much data
1141 * as possible without blocking. If all buffered data is written,
1142 * will switch the FD poll() handler back to read monitoring.
1144 * Returns the number of bytes written, which may be less than
1145 * the buffered output data if the socket would block. Returns
1146 * -1 on error, and disconnects the client socket.
1148 static long vnc_client_write_plain(VncState
*vs
)
1152 #ifdef CONFIG_VNC_SASL
1153 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1154 vs
->output
.buffer
, vs
->output
.capacity
, vs
->output
.offset
,
1155 vs
->sasl
.waitWriteSSF
);
1157 if (vs
->sasl
.conn
&&
1159 vs
->sasl
.waitWriteSSF
) {
1160 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->sasl
.waitWriteSSF
);
1162 vs
->sasl
.waitWriteSSF
-= ret
;
1164 #endif /* CONFIG_VNC_SASL */
1165 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->output
.offset
);
1169 memmove(vs
->output
.buffer
, vs
->output
.buffer
+ ret
, (vs
->output
.offset
- ret
));
1170 vs
->output
.offset
-= ret
;
1172 if (vs
->output
.offset
== 0) {
1173 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
1181 * First function called whenever there is data to be written to
1182 * the client socket. Will delegate actual work according to whether
1183 * SASL SSF layers are enabled (thus requiring encryption calls)
1185 static void vnc_client_write_locked(void *opaque
)
1187 VncState
*vs
= opaque
;
1189 #ifdef CONFIG_VNC_SASL
1190 if (vs
->sasl
.conn
&&
1192 !vs
->sasl
.waitWriteSSF
) {
1193 vnc_client_write_sasl(vs
);
1195 #endif /* CONFIG_VNC_SASL */
1196 vnc_client_write_plain(vs
);
1199 void vnc_client_write(void *opaque
)
1201 VncState
*vs
= opaque
;
1203 vnc_lock_output(vs
);
1204 if (vs
->output
.offset
) {
1205 vnc_client_write_locked(opaque
);
1206 } else if (vs
->csock
!= -1) {
1207 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
1209 vnc_unlock_output(vs
);
1212 void vnc_read_when(VncState
*vs
, VncReadEvent
*func
, size_t expecting
)
1214 vs
->read_handler
= func
;
1215 vs
->read_handler_expect
= expecting
;
1220 * Called to read a chunk of data from the client socket. The data may
1221 * be the raw data, or may need to be further decoded by SASL.
1222 * The data will be read either straight from to the socket, or
1223 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1225 * NB, it is theoretically possible to have 2 layers of encryption,
1226 * both SASL, and this TLS layer. It is highly unlikely in practice
1227 * though, since SASL encryption will typically be a no-op if TLS
1230 * Returns the number of bytes read, which may be less than
1231 * the requested 'datalen' if the socket would block. Returns
1232 * -1 on error, and disconnects the client socket.
1234 long vnc_client_read_buf(VncState
*vs
, uint8_t *data
, size_t datalen
)
1237 #ifdef CONFIG_VNC_TLS
1238 if (vs
->tls
.session
) {
1239 ret
= gnutls_read(vs
->tls
.session
, data
, datalen
);
1241 if (ret
== GNUTLS_E_AGAIN
)
1248 #endif /* CONFIG_VNC_TLS */
1249 ret
= recv(vs
->csock
, (void *)data
, datalen
, 0);
1250 VNC_DEBUG("Read wire %p %zd -> %ld\n", data
, datalen
, ret
);
1251 return vnc_client_io_error(vs
, ret
, socket_error());
1256 * Called to read data from the client socket to the input buffer,
1257 * when not using any SASL SSF encryption layers. Will read as much
1258 * data as possible without blocking.
1260 * Returns the number of bytes read. Returns -1 on error, and
1261 * disconnects the client socket.
1263 static long vnc_client_read_plain(VncState
*vs
)
1266 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1267 vs
->input
.buffer
, vs
->input
.capacity
, vs
->input
.offset
);
1268 buffer_reserve(&vs
->input
, 4096);
1269 ret
= vnc_client_read_buf(vs
, buffer_end(&vs
->input
), 4096);
1272 vs
->input
.offset
+= ret
;
1278 * First function called whenever there is more data to be read from
1279 * the client socket. Will delegate actual work according to whether
1280 * SASL SSF layers are enabled (thus requiring decryption calls)
1282 void vnc_client_read(void *opaque
)
1284 VncState
*vs
= opaque
;
1287 #ifdef CONFIG_VNC_SASL
1288 if (vs
->sasl
.conn
&& vs
->sasl
.runSSF
)
1289 ret
= vnc_client_read_sasl(vs
);
1291 #endif /* CONFIG_VNC_SASL */
1292 ret
= vnc_client_read_plain(vs
);
1294 if (vs
->csock
== -1)
1295 vnc_disconnect_finish(vs
);
1299 while (vs
->read_handler
&& vs
->input
.offset
>= vs
->read_handler_expect
) {
1300 size_t len
= vs
->read_handler_expect
;
1303 ret
= vs
->read_handler(vs
, vs
->input
.buffer
, len
);
1304 if (vs
->csock
== -1) {
1305 vnc_disconnect_finish(vs
);
1310 memmove(vs
->input
.buffer
, vs
->input
.buffer
+ len
, (vs
->input
.offset
- len
));
1311 vs
->input
.offset
-= len
;
1313 vs
->read_handler_expect
= ret
;
1318 void vnc_write(VncState
*vs
, const void *data
, size_t len
)
1320 buffer_reserve(&vs
->output
, len
);
1322 if (vs
->csock
!= -1 && buffer_empty(&vs
->output
)) {
1323 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, vnc_client_write
, vs
);
1326 buffer_append(&vs
->output
, data
, len
);
1329 void vnc_write_s32(VncState
*vs
, int32_t value
)
1331 vnc_write_u32(vs
, *(uint32_t *)&value
);
1334 void vnc_write_u32(VncState
*vs
, uint32_t value
)
1338 buf
[0] = (value
>> 24) & 0xFF;
1339 buf
[1] = (value
>> 16) & 0xFF;
1340 buf
[2] = (value
>> 8) & 0xFF;
1341 buf
[3] = value
& 0xFF;
1343 vnc_write(vs
, buf
, 4);
1346 void vnc_write_u16(VncState
*vs
, uint16_t value
)
1350 buf
[0] = (value
>> 8) & 0xFF;
1351 buf
[1] = value
& 0xFF;
1353 vnc_write(vs
, buf
, 2);
1356 void vnc_write_u8(VncState
*vs
, uint8_t value
)
1358 vnc_write(vs
, (char *)&value
, 1);
1361 void vnc_flush(VncState
*vs
)
1363 vnc_lock_output(vs
);
1364 if (vs
->csock
!= -1 && vs
->output
.offset
) {
1365 vnc_client_write_locked(vs
);
1367 vnc_unlock_output(vs
);
1370 uint8_t read_u8(uint8_t *data
, size_t offset
)
1372 return data
[offset
];
1375 uint16_t read_u16(uint8_t *data
, size_t offset
)
1377 return ((data
[offset
] & 0xFF) << 8) | (data
[offset
+ 1] & 0xFF);
1380 int32_t read_s32(uint8_t *data
, size_t offset
)
1382 return (int32_t)((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1383 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1386 uint32_t read_u32(uint8_t *data
, size_t offset
)
1388 return ((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1389 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1392 static void client_cut_text(VncState
*vs
, size_t len
, uint8_t *text
)
1396 static void check_pointer_type_change(Notifier
*notifier
)
1398 VncState
*vs
= container_of(notifier
, VncState
, mouse_mode_notifier
);
1399 int absolute
= kbd_mouse_is_absolute();
1401 if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
) && vs
->absolute
!= absolute
) {
1402 vnc_lock_output(vs
);
1403 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1404 vnc_write_u8(vs
, 0);
1405 vnc_write_u16(vs
, 1);
1406 vnc_framebuffer_update(vs
, absolute
, 0,
1407 ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1408 VNC_ENCODING_POINTER_TYPE_CHANGE
);
1409 vnc_unlock_output(vs
);
1412 vs
->absolute
= absolute
;
1415 static void pointer_event(VncState
*vs
, int button_mask
, int x
, int y
)
1420 if (button_mask
& 0x01)
1421 buttons
|= MOUSE_EVENT_LBUTTON
;
1422 if (button_mask
& 0x02)
1423 buttons
|= MOUSE_EVENT_MBUTTON
;
1424 if (button_mask
& 0x04)
1425 buttons
|= MOUSE_EVENT_RBUTTON
;
1426 if (button_mask
& 0x08)
1428 if (button_mask
& 0x10)
1432 kbd_mouse_event(ds_get_width(vs
->ds
) > 1 ?
1433 x
* 0x7FFF / (ds_get_width(vs
->ds
) - 1) : 0x4000,
1434 ds_get_height(vs
->ds
) > 1 ?
1435 y
* 0x7FFF / (ds_get_height(vs
->ds
) - 1) : 0x4000,
1437 } else if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
)) {
1441 kbd_mouse_event(x
, y
, dz
, buttons
);
1443 if (vs
->last_x
!= -1)
1444 kbd_mouse_event(x
- vs
->last_x
,
1452 static void reset_keys(VncState
*vs
)
1455 for(i
= 0; i
< 256; i
++) {
1456 if (vs
->modifiers_state
[i
]) {
1457 if (i
& SCANCODE_GREY
)
1458 kbd_put_keycode(SCANCODE_EMUL0
);
1459 kbd_put_keycode(i
| SCANCODE_UP
);
1460 vs
->modifiers_state
[i
] = 0;
1465 static void press_key(VncState
*vs
, int keysym
)
1467 int keycode
= keysym2scancode(vs
->vd
->kbd_layout
, keysym
) & SCANCODE_KEYMASK
;
1468 if (keycode
& SCANCODE_GREY
)
1469 kbd_put_keycode(SCANCODE_EMUL0
);
1470 kbd_put_keycode(keycode
& SCANCODE_KEYCODEMASK
);
1471 if (keycode
& SCANCODE_GREY
)
1472 kbd_put_keycode(SCANCODE_EMUL0
);
1473 kbd_put_keycode(keycode
| SCANCODE_UP
);
1476 static void kbd_leds(void *opaque
, int ledstate
)
1478 VncState
*vs
= opaque
;
1481 caps
= ledstate
& QEMU_CAPS_LOCK_LED
? 1 : 0;
1482 num
= ledstate
& QEMU_NUM_LOCK_LED
? 1 : 0;
1484 if (vs
->modifiers_state
[0x3a] != caps
) {
1485 vs
->modifiers_state
[0x3a] = caps
;
1487 if (vs
->modifiers_state
[0x45] != num
) {
1488 vs
->modifiers_state
[0x45] = num
;
1492 static void do_key_event(VncState
*vs
, int down
, int keycode
, int sym
)
1494 /* QEMU console switch */
1496 case 0x2a: /* Left Shift */
1497 case 0x36: /* Right Shift */
1498 case 0x1d: /* Left CTRL */
1499 case 0x9d: /* Right CTRL */
1500 case 0x38: /* Left ALT */
1501 case 0xb8: /* Right ALT */
1503 vs
->modifiers_state
[keycode
] = 1;
1505 vs
->modifiers_state
[keycode
] = 0;
1507 case 0x02 ... 0x0a: /* '1' to '9' keys */
1508 if (down
&& vs
->modifiers_state
[0x1d] && vs
->modifiers_state
[0x38]) {
1509 /* Reset the modifiers sent to the current console */
1511 console_select(keycode
- 0x02);
1515 case 0x3a: /* CapsLock */
1516 case 0x45: /* NumLock */
1518 vs
->modifiers_state
[keycode
] ^= 1;
1522 if (down
&& vs
->vd
->lock_key_sync
&&
1523 keycode_is_keypad(vs
->vd
->kbd_layout
, keycode
)) {
1524 /* If the numlock state needs to change then simulate an additional
1525 keypress before sending this one. This will happen if the user
1526 toggles numlock away from the VNC window.
1528 if (keysym_is_numlock(vs
->vd
->kbd_layout
, sym
& 0xFFFF)) {
1529 if (!vs
->modifiers_state
[0x45]) {
1530 vs
->modifiers_state
[0x45] = 1;
1531 press_key(vs
, 0xff7f);
1534 if (vs
->modifiers_state
[0x45]) {
1535 vs
->modifiers_state
[0x45] = 0;
1536 press_key(vs
, 0xff7f);
1541 if (down
&& vs
->vd
->lock_key_sync
&&
1542 ((sym
>= 'A' && sym
<= 'Z') || (sym
>= 'a' && sym
<= 'z'))) {
1543 /* If the capslock state needs to change then simulate an additional
1544 keypress before sending this one. This will happen if the user
1545 toggles capslock away from the VNC window.
1547 int uppercase
= !!(sym
>= 'A' && sym
<= 'Z');
1548 int shift
= !!(vs
->modifiers_state
[0x2a] | vs
->modifiers_state
[0x36]);
1549 int capslock
= !!(vs
->modifiers_state
[0x3a]);
1551 if (uppercase
== shift
) {
1552 vs
->modifiers_state
[0x3a] = 0;
1553 press_key(vs
, 0xffe5);
1556 if (uppercase
!= shift
) {
1557 vs
->modifiers_state
[0x3a] = 1;
1558 press_key(vs
, 0xffe5);
1563 if (is_graphic_console()) {
1564 if (keycode
& SCANCODE_GREY
)
1565 kbd_put_keycode(SCANCODE_EMUL0
);
1567 kbd_put_keycode(keycode
& SCANCODE_KEYCODEMASK
);
1569 kbd_put_keycode(keycode
| SCANCODE_UP
);
1571 /* QEMU console emulation */
1573 int numlock
= vs
->modifiers_state
[0x45];
1575 case 0x2a: /* Left Shift */
1576 case 0x36: /* Right Shift */
1577 case 0x1d: /* Left CTRL */
1578 case 0x9d: /* Right CTRL */
1579 case 0x38: /* Left ALT */
1580 case 0xb8: /* Right ALT */
1583 kbd_put_keysym(QEMU_KEY_UP
);
1586 kbd_put_keysym(QEMU_KEY_DOWN
);
1589 kbd_put_keysym(QEMU_KEY_LEFT
);
1592 kbd_put_keysym(QEMU_KEY_RIGHT
);
1595 kbd_put_keysym(QEMU_KEY_DELETE
);
1598 kbd_put_keysym(QEMU_KEY_HOME
);
1601 kbd_put_keysym(QEMU_KEY_END
);
1604 kbd_put_keysym(QEMU_KEY_PAGEUP
);
1607 kbd_put_keysym(QEMU_KEY_PAGEDOWN
);
1611 kbd_put_keysym(numlock
? '7' : QEMU_KEY_HOME
);
1614 kbd_put_keysym(numlock
? '8' : QEMU_KEY_UP
);
1617 kbd_put_keysym(numlock
? '9' : QEMU_KEY_PAGEUP
);
1620 kbd_put_keysym(numlock
? '4' : QEMU_KEY_LEFT
);
1623 kbd_put_keysym('5');
1626 kbd_put_keysym(numlock
? '6' : QEMU_KEY_RIGHT
);
1629 kbd_put_keysym(numlock
? '1' : QEMU_KEY_END
);
1632 kbd_put_keysym(numlock
? '2' : QEMU_KEY_DOWN
);
1635 kbd_put_keysym(numlock
? '3' : QEMU_KEY_PAGEDOWN
);
1638 kbd_put_keysym('0');
1641 kbd_put_keysym(numlock
? '.' : QEMU_KEY_DELETE
);
1645 kbd_put_keysym('/');
1648 kbd_put_keysym('*');
1651 kbd_put_keysym('-');
1654 kbd_put_keysym('+');
1657 kbd_put_keysym('\n');
1661 kbd_put_keysym(sym
);
1668 static void key_event(VncState
*vs
, int down
, uint32_t sym
)
1673 if (lsym
>= 'A' && lsym
<= 'Z' && is_graphic_console()) {
1674 lsym
= lsym
- 'A' + 'a';
1677 keycode
= keysym2scancode(vs
->vd
->kbd_layout
, lsym
& 0xFFFF) & SCANCODE_KEYMASK
;
1678 do_key_event(vs
, down
, keycode
, sym
);
1681 static void ext_key_event(VncState
*vs
, int down
,
1682 uint32_t sym
, uint16_t keycode
)
1684 /* if the user specifies a keyboard layout, always use it */
1685 if (keyboard_layout
)
1686 key_event(vs
, down
, sym
);
1688 do_key_event(vs
, down
, keycode
, sym
);
1691 static void framebuffer_update_request(VncState
*vs
, int incremental
,
1692 int x_position
, int y_position
,
1695 if (y_position
> ds_get_height(vs
->ds
))
1696 y_position
= ds_get_height(vs
->ds
);
1697 if (y_position
+ h
>= ds_get_height(vs
->ds
))
1698 h
= ds_get_height(vs
->ds
) - y_position
;
1701 vs
->need_update
= 1;
1703 vs
->force_update
= 1;
1704 for (i
= 0; i
< h
; i
++) {
1705 vnc_set_bits(vs
->dirty
[y_position
+ i
],
1706 (ds_get_width(vs
->ds
) / 16), VNC_DIRTY_WORDS
);
1711 static void send_ext_key_event_ack(VncState
*vs
)
1713 vnc_lock_output(vs
);
1714 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1715 vnc_write_u8(vs
, 0);
1716 vnc_write_u16(vs
, 1);
1717 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1718 VNC_ENCODING_EXT_KEY_EVENT
);
1719 vnc_unlock_output(vs
);
1723 static void send_ext_audio_ack(VncState
*vs
)
1725 vnc_lock_output(vs
);
1726 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1727 vnc_write_u8(vs
, 0);
1728 vnc_write_u16(vs
, 1);
1729 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
), ds_get_height(vs
->ds
),
1730 VNC_ENCODING_AUDIO
);
1731 vnc_unlock_output(vs
);
1735 static void set_encodings(VncState
*vs
, int32_t *encodings
, size_t n_encodings
)
1738 unsigned int enc
= 0;
1741 vs
->vnc_encoding
= 0;
1742 vs
->tight
.compression
= 9;
1743 vs
->tight
.quality
= -1; /* Lossless by default */
1747 * Start from the end because the encodings are sent in order of preference.
1748 * This way the prefered encoding (first encoding defined in the array)
1749 * will be set at the end of the loop.
1751 for (i
= n_encodings
- 1; i
>= 0; i
--) {
1754 case VNC_ENCODING_RAW
:
1755 vs
->vnc_encoding
= enc
;
1757 case VNC_ENCODING_COPYRECT
:
1758 vs
->features
|= VNC_FEATURE_COPYRECT_MASK
;
1760 case VNC_ENCODING_HEXTILE
:
1761 vs
->features
|= VNC_FEATURE_HEXTILE_MASK
;
1762 vs
->vnc_encoding
= enc
;
1764 case VNC_ENCODING_TIGHT
:
1765 vs
->features
|= VNC_FEATURE_TIGHT_MASK
;
1766 vs
->vnc_encoding
= enc
;
1768 case VNC_ENCODING_TIGHT_PNG
:
1769 vs
->features
|= VNC_FEATURE_TIGHT_PNG_MASK
;
1770 vs
->vnc_encoding
= enc
;
1772 case VNC_ENCODING_ZLIB
:
1773 vs
->features
|= VNC_FEATURE_ZLIB_MASK
;
1774 vs
->vnc_encoding
= enc
;
1776 case VNC_ENCODING_ZRLE
:
1777 vs
->features
|= VNC_FEATURE_ZRLE_MASK
;
1778 vs
->vnc_encoding
= enc
;
1780 case VNC_ENCODING_ZYWRLE
:
1781 vs
->features
|= VNC_FEATURE_ZYWRLE_MASK
;
1782 vs
->vnc_encoding
= enc
;
1784 case VNC_ENCODING_DESKTOPRESIZE
:
1785 vs
->features
|= VNC_FEATURE_RESIZE_MASK
;
1787 case VNC_ENCODING_POINTER_TYPE_CHANGE
:
1788 vs
->features
|= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK
;
1790 case VNC_ENCODING_RICH_CURSOR
:
1791 vs
->features
|= VNC_FEATURE_RICH_CURSOR_MASK
;
1793 case VNC_ENCODING_EXT_KEY_EVENT
:
1794 send_ext_key_event_ack(vs
);
1796 case VNC_ENCODING_AUDIO
:
1797 send_ext_audio_ack(vs
);
1799 case VNC_ENCODING_WMVi
:
1800 vs
->features
|= VNC_FEATURE_WMVI_MASK
;
1802 case VNC_ENCODING_COMPRESSLEVEL0
... VNC_ENCODING_COMPRESSLEVEL0
+ 9:
1803 vs
->tight
.compression
= (enc
& 0x0F);
1805 case VNC_ENCODING_QUALITYLEVEL0
... VNC_ENCODING_QUALITYLEVEL0
+ 9:
1806 if (vs
->vd
->lossy
) {
1807 vs
->tight
.quality
= (enc
& 0x0F);
1811 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i
, enc
, enc
);
1815 vnc_desktop_resize(vs
);
1816 check_pointer_type_change(&vs
->mouse_mode_notifier
);
1819 static void set_pixel_conversion(VncState
*vs
)
1821 if ((vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) ==
1822 (vs
->ds
->surface
->flags
& QEMU_BIG_ENDIAN_FLAG
) &&
1823 !memcmp(&(vs
->clientds
.pf
), &(vs
->ds
->surface
->pf
), sizeof(PixelFormat
))) {
1824 vs
->write_pixels
= vnc_write_pixels_copy
;
1825 vnc_hextile_set_pixel_conversion(vs
, 0);
1827 vs
->write_pixels
= vnc_write_pixels_generic
;
1828 vnc_hextile_set_pixel_conversion(vs
, 1);
1832 static void set_pixel_format(VncState
*vs
,
1833 int bits_per_pixel
, int depth
,
1834 int big_endian_flag
, int true_color_flag
,
1835 int red_max
, int green_max
, int blue_max
,
1836 int red_shift
, int green_shift
, int blue_shift
)
1838 if (!true_color_flag
) {
1839 vnc_client_error(vs
);
1843 vs
->clientds
= *(vs
->vd
->guest
.ds
);
1844 vs
->clientds
.pf
.rmax
= red_max
;
1845 count_bits(vs
->clientds
.pf
.rbits
, red_max
);
1846 vs
->clientds
.pf
.rshift
= red_shift
;
1847 vs
->clientds
.pf
.rmask
= red_max
<< red_shift
;
1848 vs
->clientds
.pf
.gmax
= green_max
;
1849 count_bits(vs
->clientds
.pf
.gbits
, green_max
);
1850 vs
->clientds
.pf
.gshift
= green_shift
;
1851 vs
->clientds
.pf
.gmask
= green_max
<< green_shift
;
1852 vs
->clientds
.pf
.bmax
= blue_max
;
1853 count_bits(vs
->clientds
.pf
.bbits
, blue_max
);
1854 vs
->clientds
.pf
.bshift
= blue_shift
;
1855 vs
->clientds
.pf
.bmask
= blue_max
<< blue_shift
;
1856 vs
->clientds
.pf
.bits_per_pixel
= bits_per_pixel
;
1857 vs
->clientds
.pf
.bytes_per_pixel
= bits_per_pixel
/ 8;
1858 vs
->clientds
.pf
.depth
= bits_per_pixel
== 32 ? 24 : bits_per_pixel
;
1859 vs
->clientds
.flags
= big_endian_flag
? QEMU_BIG_ENDIAN_FLAG
: 0x00;
1861 set_pixel_conversion(vs
);
1863 vga_hw_invalidate();
1867 static void pixel_format_message (VncState
*vs
) {
1868 char pad
[3] = { 0, 0, 0 };
1870 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.bits_per_pixel
); /* bits-per-pixel */
1871 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.depth
); /* depth */
1873 #ifdef HOST_WORDS_BIGENDIAN
1874 vnc_write_u8(vs
, 1); /* big-endian-flag */
1876 vnc_write_u8(vs
, 0); /* big-endian-flag */
1878 vnc_write_u8(vs
, 1); /* true-color-flag */
1879 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.rmax
); /* red-max */
1880 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.gmax
); /* green-max */
1881 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.bmax
); /* blue-max */
1882 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.rshift
); /* red-shift */
1883 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.gshift
); /* green-shift */
1884 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.bshift
); /* blue-shift */
1886 vnc_hextile_set_pixel_conversion(vs
, 0);
1888 vs
->clientds
= *(vs
->ds
->surface
);
1889 vs
->clientds
.flags
&= ~QEMU_ALLOCATED_FLAG
;
1890 vs
->write_pixels
= vnc_write_pixels_copy
;
1892 vnc_write(vs
, pad
, 3); /* padding */
1895 static void vnc_dpy_setdata(DisplayState
*ds
)
1897 /* We don't have to do anything */
1900 static void vnc_colordepth(VncState
*vs
)
1902 if (vnc_has_feature(vs
, VNC_FEATURE_WMVI
)) {
1903 /* Sending a WMVi message to notify the client*/
1904 vnc_lock_output(vs
);
1905 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1906 vnc_write_u8(vs
, 0);
1907 vnc_write_u16(vs
, 1); /* number of rects */
1908 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
),
1909 ds_get_height(vs
->ds
), VNC_ENCODING_WMVi
);
1910 pixel_format_message(vs
);
1911 vnc_unlock_output(vs
);
1914 set_pixel_conversion(vs
);
1918 static int protocol_client_msg(VncState
*vs
, uint8_t *data
, size_t len
)
1922 VncDisplay
*vd
= vs
->vd
;
1925 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
1926 if (!qemu_timer_expired(vd
->timer
, qemu_get_clock(rt_clock
) + vd
->timer_interval
))
1927 qemu_mod_timer(vd
->timer
, qemu_get_clock(rt_clock
) + vd
->timer_interval
);
1931 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT
:
1935 set_pixel_format(vs
, read_u8(data
, 4), read_u8(data
, 5),
1936 read_u8(data
, 6), read_u8(data
, 7),
1937 read_u16(data
, 8), read_u16(data
, 10),
1938 read_u16(data
, 12), read_u8(data
, 14),
1939 read_u8(data
, 15), read_u8(data
, 16));
1941 case VNC_MSG_CLIENT_SET_ENCODINGS
:
1946 limit
= read_u16(data
, 2);
1948 return 4 + (limit
* 4);
1950 limit
= read_u16(data
, 2);
1952 for (i
= 0; i
< limit
; i
++) {
1953 int32_t val
= read_s32(data
, 4 + (i
* 4));
1954 memcpy(data
+ 4 + (i
* 4), &val
, sizeof(val
));
1957 set_encodings(vs
, (int32_t *)(data
+ 4), limit
);
1959 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST
:
1963 framebuffer_update_request(vs
,
1964 read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4),
1965 read_u16(data
, 6), read_u16(data
, 8));
1967 case VNC_MSG_CLIENT_KEY_EVENT
:
1971 key_event(vs
, read_u8(data
, 1), read_u32(data
, 4));
1973 case VNC_MSG_CLIENT_POINTER_EVENT
:
1977 pointer_event(vs
, read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4));
1979 case VNC_MSG_CLIENT_CUT_TEXT
:
1984 uint32_t dlen
= read_u32(data
, 4);
1989 client_cut_text(vs
, read_u32(data
, 4), data
+ 8);
1991 case VNC_MSG_CLIENT_QEMU
:
1995 switch (read_u8(data
, 1)) {
1996 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT
:
2000 ext_key_event(vs
, read_u16(data
, 2),
2001 read_u32(data
, 4), read_u32(data
, 8));
2003 case VNC_MSG_CLIENT_QEMU_AUDIO
:
2007 switch (read_u16 (data
, 2)) {
2008 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE
:
2011 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE
:
2014 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT
:
2017 switch (read_u8(data
, 4)) {
2018 case 0: vs
->as
.fmt
= AUD_FMT_U8
; break;
2019 case 1: vs
->as
.fmt
= AUD_FMT_S8
; break;
2020 case 2: vs
->as
.fmt
= AUD_FMT_U16
; break;
2021 case 3: vs
->as
.fmt
= AUD_FMT_S16
; break;
2022 case 4: vs
->as
.fmt
= AUD_FMT_U32
; break;
2023 case 5: vs
->as
.fmt
= AUD_FMT_S32
; break;
2025 printf("Invalid audio format %d\n", read_u8(data
, 4));
2026 vnc_client_error(vs
);
2029 vs
->as
.nchannels
= read_u8(data
, 5);
2030 if (vs
->as
.nchannels
!= 1 && vs
->as
.nchannels
!= 2) {
2031 printf("Invalid audio channel coount %d\n",
2033 vnc_client_error(vs
);
2036 vs
->as
.freq
= read_u32(data
, 6);
2039 printf ("Invalid audio message %d\n", read_u8(data
, 4));
2040 vnc_client_error(vs
);
2046 printf("Msg: %d\n", read_u16(data
, 0));
2047 vnc_client_error(vs
);
2052 printf("Msg: %d\n", data
[0]);
2053 vnc_client_error(vs
);
2057 vnc_read_when(vs
, protocol_client_msg
, 1);
2061 static int protocol_client_init(VncState
*vs
, uint8_t *data
, size_t len
)
2066 vs
->client_width
= ds_get_width(vs
->ds
);
2067 vs
->client_height
= ds_get_height(vs
->ds
);
2068 vnc_write_u16(vs
, vs
->client_width
);
2069 vnc_write_u16(vs
, vs
->client_height
);
2071 pixel_format_message(vs
);
2074 size
= snprintf(buf
, sizeof(buf
), "QEMU (%s)", qemu_name
);
2076 size
= snprintf(buf
, sizeof(buf
), "QEMU");
2078 vnc_write_u32(vs
, size
);
2079 vnc_write(vs
, buf
, size
);
2082 vnc_client_cache_auth(vs
);
2083 vnc_qmp_event(vs
, QEVENT_VNC_INITIALIZED
);
2085 vnc_read_when(vs
, protocol_client_msg
, 1);
2090 void start_client_init(VncState
*vs
)
2092 vnc_read_when(vs
, protocol_client_init
, 1);
2095 static void make_challenge(VncState
*vs
)
2099 srand(time(NULL
)+getpid()+getpid()*987654+rand());
2101 for (i
= 0 ; i
< sizeof(vs
->challenge
) ; i
++)
2102 vs
->challenge
[i
] = (int) (256.0*rand()/(RAND_MAX
+1.0));
2105 static int protocol_client_auth_vnc(VncState
*vs
, uint8_t *data
, size_t len
)
2107 unsigned char response
[VNC_AUTH_CHALLENGE_SIZE
];
2109 unsigned char key
[8];
2110 time_t now
= time(NULL
);
2112 if (!vs
->vd
->password
) {
2113 VNC_DEBUG("No password configured on server");
2116 if (vs
->vd
->expires
< now
) {
2117 VNC_DEBUG("Password is expired");
2121 memcpy(response
, vs
->challenge
, VNC_AUTH_CHALLENGE_SIZE
);
2123 /* Calculate the expected challenge response */
2124 pwlen
= strlen(vs
->vd
->password
);
2125 for (i
=0; i
<sizeof(key
); i
++)
2126 key
[i
] = i
<pwlen
? vs
->vd
->password
[i
] : 0;
2128 for (j
= 0; j
< VNC_AUTH_CHALLENGE_SIZE
; j
+= 8)
2129 des(response
+j
, response
+j
);
2131 /* Compare expected vs actual challenge response */
2132 if (memcmp(response
, data
, VNC_AUTH_CHALLENGE_SIZE
) != 0) {
2133 VNC_DEBUG("Client challenge reponse did not match\n");
2136 VNC_DEBUG("Accepting VNC challenge response\n");
2137 vnc_write_u32(vs
, 0); /* Accept auth */
2140 start_client_init(vs
);
2145 vnc_write_u32(vs
, 1); /* Reject auth */
2146 if (vs
->minor
>= 8) {
2147 static const char err
[] = "Authentication failed";
2148 vnc_write_u32(vs
, sizeof(err
));
2149 vnc_write(vs
, err
, sizeof(err
));
2152 vnc_client_error(vs
);
2156 void start_auth_vnc(VncState
*vs
)
2159 /* Send client a 'random' challenge */
2160 vnc_write(vs
, vs
->challenge
, sizeof(vs
->challenge
));
2163 vnc_read_when(vs
, protocol_client_auth_vnc
, sizeof(vs
->challenge
));
2167 static int protocol_client_auth(VncState
*vs
, uint8_t *data
, size_t len
)
2169 /* We only advertise 1 auth scheme at a time, so client
2170 * must pick the one we sent. Verify this */
2171 if (data
[0] != vs
->vd
->auth
) { /* Reject auth */
2172 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data
[0]);
2173 vnc_write_u32(vs
, 1);
2174 if (vs
->minor
>= 8) {
2175 static const char err
[] = "Authentication failed";
2176 vnc_write_u32(vs
, sizeof(err
));
2177 vnc_write(vs
, err
, sizeof(err
));
2179 vnc_client_error(vs
);
2180 } else { /* Accept requested auth */
2181 VNC_DEBUG("Client requested auth %d\n", (int)data
[0]);
2182 switch (vs
->vd
->auth
) {
2184 VNC_DEBUG("Accept auth none\n");
2185 if (vs
->minor
>= 8) {
2186 vnc_write_u32(vs
, 0); /* Accept auth completion */
2189 start_client_init(vs
);
2193 VNC_DEBUG("Start VNC auth\n");
2197 #ifdef CONFIG_VNC_TLS
2198 case VNC_AUTH_VENCRYPT
:
2199 VNC_DEBUG("Accept VeNCrypt auth\n");;
2200 start_auth_vencrypt(vs
);
2202 #endif /* CONFIG_VNC_TLS */
2204 #ifdef CONFIG_VNC_SASL
2206 VNC_DEBUG("Accept SASL auth\n");
2207 start_auth_sasl(vs
);
2209 #endif /* CONFIG_VNC_SASL */
2211 default: /* Should not be possible, but just in case */
2212 VNC_DEBUG("Reject auth %d server code bug\n", vs
->vd
->auth
);
2213 vnc_write_u8(vs
, 1);
2214 if (vs
->minor
>= 8) {
2215 static const char err
[] = "Authentication failed";
2216 vnc_write_u32(vs
, sizeof(err
));
2217 vnc_write(vs
, err
, sizeof(err
));
2219 vnc_client_error(vs
);
2225 static int protocol_version(VncState
*vs
, uint8_t *version
, size_t len
)
2229 memcpy(local
, version
, 12);
2232 if (sscanf(local
, "RFB %03d.%03d\n", &vs
->major
, &vs
->minor
) != 2) {
2233 VNC_DEBUG("Malformed protocol version %s\n", local
);
2234 vnc_client_error(vs
);
2237 VNC_DEBUG("Client request protocol version %d.%d\n", vs
->major
, vs
->minor
);
2238 if (vs
->major
!= 3 ||
2244 VNC_DEBUG("Unsupported client version\n");
2245 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2247 vnc_client_error(vs
);
2250 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2251 * as equivalent to v3.3 by servers
2253 if (vs
->minor
== 4 || vs
->minor
== 5)
2256 if (vs
->minor
== 3) {
2257 if (vs
->vd
->auth
== VNC_AUTH_NONE
) {
2258 VNC_DEBUG("Tell client auth none\n");
2259 vnc_write_u32(vs
, vs
->vd
->auth
);
2261 start_client_init(vs
);
2262 } else if (vs
->vd
->auth
== VNC_AUTH_VNC
) {
2263 VNC_DEBUG("Tell client VNC auth\n");
2264 vnc_write_u32(vs
, vs
->vd
->auth
);
2268 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs
->vd
->auth
);
2269 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2271 vnc_client_error(vs
);
2274 VNC_DEBUG("Telling client we support auth %d\n", vs
->vd
->auth
);
2275 vnc_write_u8(vs
, 1); /* num auth */
2276 vnc_write_u8(vs
, vs
->vd
->auth
);
2277 vnc_read_when(vs
, protocol_client_auth
, 1);
2284 static VncRectStat
*vnc_stat_rect(VncDisplay
*vd
, int x
, int y
)
2286 struct VncSurface
*vs
= &vd
->guest
;
2288 return &vs
->stats
[y
/ VNC_STAT_RECT
][x
/ VNC_STAT_RECT
];
2291 void vnc_sent_lossy_rect(VncState
*vs
, int x
, int y
, int w
, int h
)
2295 w
= (x
+ w
) / VNC_STAT_RECT
;
2296 h
= (y
+ h
) / VNC_STAT_RECT
;
2300 for (j
= y
; j
<= y
+ h
; j
++) {
2301 for (i
= x
; i
<= x
+ w
; i
++) {
2302 vs
->lossy_rect
[j
][i
] = 1;
2307 static int vnc_refresh_lossy_rect(VncDisplay
*vd
, int x
, int y
)
2310 int sty
= y
/ VNC_STAT_RECT
;
2311 int stx
= x
/ VNC_STAT_RECT
;
2314 y
= y
/ VNC_STAT_RECT
* VNC_STAT_RECT
;
2315 x
= x
/ VNC_STAT_RECT
* VNC_STAT_RECT
;
2317 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2320 /* kernel send buffers are full -> refresh later */
2321 if (vs
->output
.offset
) {
2325 if (!vs
->lossy_rect
[sty
][stx
]) {
2328 vs
->lossy_rect
[sty
][stx
] = 0;
2329 for (j
= 0; j
< VNC_STAT_RECT
; ++j
) {
2330 vnc_set_bits(vs
->dirty
[y
+ j
], x
/ 16, VNC_STAT_RECT
/ 16);
2337 static int vnc_update_stats(VncDisplay
*vd
, struct timeval
* tv
)
2343 for (y
= 0; y
< vd
->guest
.ds
->height
; y
+= VNC_STAT_RECT
) {
2344 for (x
= 0; x
< vd
->guest
.ds
->width
; x
+= VNC_STAT_RECT
) {
2345 VncRectStat
*rect
= vnc_stat_rect(vd
, x
, y
);
2347 rect
->updated
= false;
2351 timersub(tv
, &VNC_REFRESH_STATS
, &res
);
2353 if (timercmp(&vd
->guest
.last_freq_check
, &res
, >)) {
2356 vd
->guest
.last_freq_check
= *tv
;
2358 for (y
= 0; y
< vd
->guest
.ds
->height
; y
+= VNC_STAT_RECT
) {
2359 for (x
= 0; x
< vd
->guest
.ds
->width
; x
+= VNC_STAT_RECT
) {
2360 VncRectStat
*rect
= vnc_stat_rect(vd
, x
, y
);
2361 int count
= ARRAY_SIZE(rect
->times
);
2362 struct timeval min
, max
;
2364 if (!timerisset(&rect
->times
[count
- 1])) {
2368 max
= rect
->times
[(rect
->idx
+ count
- 1) % count
];
2369 timersub(tv
, &max
, &res
);
2371 if (timercmp(&res
, &VNC_REFRESH_LOSSY
, >)) {
2373 has_dirty
+= vnc_refresh_lossy_rect(vd
, x
, y
);
2374 memset(rect
->times
, 0, sizeof (rect
->times
));
2378 min
= rect
->times
[rect
->idx
];
2379 max
= rect
->times
[(rect
->idx
+ count
- 1) % count
];
2380 timersub(&max
, &min
, &res
);
2382 rect
->freq
= res
.tv_sec
+ res
.tv_usec
/ 1000000.;
2383 rect
->freq
/= count
;
2384 rect
->freq
= 1. / rect
->freq
;
2390 double vnc_update_freq(VncState
*vs
, int x
, int y
, int w
, int h
)
2396 x
= (x
/ VNC_STAT_RECT
) * VNC_STAT_RECT
;
2397 y
= (y
/ VNC_STAT_RECT
) * VNC_STAT_RECT
;
2399 for (j
= y
; j
<= y
+ h
; j
+= VNC_STAT_RECT
) {
2400 for (i
= x
; i
<= x
+ w
; i
+= VNC_STAT_RECT
) {
2401 total
+= vnc_stat_rect(vs
->vd
, i
, j
)->freq
;
2413 static void vnc_rect_updated(VncDisplay
*vd
, int x
, int y
, struct timeval
* tv
)
2417 rect
= vnc_stat_rect(vd
, x
, y
);
2418 if (rect
->updated
) {
2421 rect
->times
[rect
->idx
] = *tv
;
2422 rect
->idx
= (rect
->idx
+ 1) % ARRAY_SIZE(rect
->times
);
2423 rect
->updated
= true;
2426 static int vnc_refresh_server_surface(VncDisplay
*vd
)
2430 uint8_t *server_row
;
2432 uint32_t width_mask
[VNC_DIRTY_WORDS
];
2438 gettimeofday(&tv
, NULL
);
2439 has_dirty
= vnc_update_stats(vd
, &tv
);
2442 * Walk through the guest dirty map.
2443 * Check and copy modified bits from guest to server surface.
2444 * Update server dirty map.
2446 vnc_set_bits(width_mask
, (ds_get_width(vd
->ds
) / 16), VNC_DIRTY_WORDS
);
2447 cmp_bytes
= 16 * ds_get_bytes_per_pixel(vd
->ds
);
2448 guest_row
= vd
->guest
.ds
->data
;
2449 server_row
= vd
->server
->data
;
2450 for (y
= 0; y
< vd
->guest
.ds
->height
; y
++) {
2451 if (vnc_and_bits(vd
->guest
.dirty
[y
], width_mask
, VNC_DIRTY_WORDS
)) {
2454 uint8_t *server_ptr
;
2456 guest_ptr
= guest_row
;
2457 server_ptr
= server_row
;
2459 for (x
= 0; x
< vd
->guest
.ds
->width
;
2460 x
+= 16, guest_ptr
+= cmp_bytes
, server_ptr
+= cmp_bytes
) {
2461 if (!vnc_get_bit(vd
->guest
.dirty
[y
], (x
/ 16)))
2463 vnc_clear_bit(vd
->guest
.dirty
[y
], (x
/ 16));
2464 if (memcmp(server_ptr
, guest_ptr
, cmp_bytes
) == 0)
2466 memcpy(server_ptr
, guest_ptr
, cmp_bytes
);
2467 vnc_rect_updated(vd
, x
, y
, &tv
);
2468 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2469 vnc_set_bit(vs
->dirty
[y
], (x
/ 16));
2474 guest_row
+= ds_get_linesize(vd
->ds
);
2475 server_row
+= ds_get_linesize(vd
->ds
);
2480 static void vnc_refresh(void *opaque
)
2482 VncDisplay
*vd
= opaque
;
2484 int has_dirty
, rects
= 0;
2488 if (vnc_trylock_display(vd
)) {
2489 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
2490 qemu_mod_timer(vd
->timer
, qemu_get_clock(rt_clock
) +
2491 vd
->timer_interval
);
2495 has_dirty
= vnc_refresh_server_surface(vd
);
2496 vnc_unlock_display(vd
);
2498 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
2499 rects
+= vnc_update_client(vs
, has_dirty
);
2500 /* vs might be free()ed here */
2503 /* vd->timer could be NULL now if the last client disconnected,
2504 * in this case don't update the timer */
2505 if (vd
->timer
== NULL
)
2508 if (has_dirty
&& rects
) {
2509 vd
->timer_interval
/= 2;
2510 if (vd
->timer_interval
< VNC_REFRESH_INTERVAL_BASE
)
2511 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
2513 vd
->timer_interval
+= VNC_REFRESH_INTERVAL_INC
;
2514 if (vd
->timer_interval
> VNC_REFRESH_INTERVAL_MAX
)
2515 vd
->timer_interval
= VNC_REFRESH_INTERVAL_MAX
;
2517 qemu_mod_timer(vd
->timer
, qemu_get_clock(rt_clock
) + vd
->timer_interval
);
2520 static void vnc_init_timer(VncDisplay
*vd
)
2522 vd
->timer_interval
= VNC_REFRESH_INTERVAL_BASE
;
2523 if (vd
->timer
== NULL
&& !QTAILQ_EMPTY(&vd
->clients
)) {
2524 vd
->timer
= qemu_new_timer(rt_clock
, vnc_refresh
, vd
);
2529 static void vnc_remove_timer(VncDisplay
*vd
)
2531 if (vd
->timer
!= NULL
&& QTAILQ_EMPTY(&vd
->clients
)) {
2532 qemu_del_timer(vd
->timer
);
2533 qemu_free_timer(vd
->timer
);
2538 static void vnc_connect(VncDisplay
*vd
, int csock
)
2540 VncState
*vs
= qemu_mallocz(sizeof(VncState
));
2544 vs
->lossy_rect
= qemu_mallocz(VNC_STAT_ROWS
* sizeof (*vs
->lossy_rect
));
2545 for (i
= 0; i
< VNC_STAT_ROWS
; ++i
) {
2546 vs
->lossy_rect
[i
] = qemu_mallocz(VNC_STAT_COLS
* sizeof (uint8_t));
2549 VNC_DEBUG("New client on socket %d\n", csock
);
2551 socket_set_nonblock(vs
->csock
);
2552 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
2554 vnc_client_cache_addr(vs
);
2555 vnc_qmp_event(vs
, QEVENT_VNC_CONNECTED
);
2562 vs
->as
.freq
= 44100;
2563 vs
->as
.nchannels
= 2;
2564 vs
->as
.fmt
= AUD_FMT_S16
;
2565 vs
->as
.endianness
= 0;
2567 #ifdef CONFIG_VNC_THREAD
2568 qemu_mutex_init(&vs
->output_mutex
);
2571 QTAILQ_INSERT_HEAD(&vd
->clients
, vs
, next
);
2575 vnc_write(vs
, "RFB 003.008\n", 12);
2577 vnc_read_when(vs
, protocol_version
, 12);
2579 if (vs
->vd
->lock_key_sync
)
2580 vs
->led
= qemu_add_led_event_handler(kbd_leds
, vs
);
2582 vs
->mouse_mode_notifier
.notify
= check_pointer_type_change
;
2583 qemu_add_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
2587 /* vs might be free()ed here */
2590 static void vnc_listen_read(void *opaque
)
2592 VncDisplay
*vs
= opaque
;
2593 struct sockaddr_in addr
;
2594 socklen_t addrlen
= sizeof(addr
);
2599 int csock
= qemu_accept(vs
->lsock
, (struct sockaddr
*)&addr
, &addrlen
);
2601 vnc_connect(vs
, csock
);
2605 void vnc_display_init(DisplayState
*ds
)
2607 VncDisplay
*vs
= qemu_mallocz(sizeof(*vs
));
2609 dcl
= qemu_mallocz(sizeof(DisplayChangeListener
));
2618 QTAILQ_INIT(&vs
->clients
);
2619 vs
->expires
= TIME_MAX
;
2621 if (keyboard_layout
)
2622 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, keyboard_layout
);
2624 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, "en-us");
2626 if (!vs
->kbd_layout
)
2629 #ifdef CONFIG_VNC_THREAD
2630 qemu_mutex_init(&vs
->mutex
);
2631 vnc_start_worker_thread();
2634 dcl
->dpy_copy
= vnc_dpy_copy
;
2635 dcl
->dpy_update
= vnc_dpy_update
;
2636 dcl
->dpy_resize
= vnc_dpy_resize
;
2637 dcl
->dpy_setdata
= vnc_dpy_setdata
;
2638 register_displaychangelistener(ds
, dcl
);
2639 ds
->mouse_set
= vnc_mouse_set
;
2640 ds
->cursor_define
= vnc_dpy_cursor_define
;
2644 void vnc_display_close(DisplayState
*ds
)
2646 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2651 qemu_free(vs
->display
);
2654 if (vs
->lsock
!= -1) {
2655 qemu_set_fd_handler2(vs
->lsock
, NULL
, NULL
, NULL
, NULL
);
2659 vs
->auth
= VNC_AUTH_INVALID
;
2660 #ifdef CONFIG_VNC_TLS
2661 vs
->subauth
= VNC_AUTH_INVALID
;
2662 vs
->tls
.x509verify
= 0;
2666 int vnc_display_disable_login(DisplayState
*ds
)
2668 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2675 qemu_free(vs
->password
);
2678 vs
->password
= NULL
;
2679 vs
->auth
= VNC_AUTH_VNC
;
2684 int vnc_display_password(DisplayState
*ds
, const char *password
)
2686 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2693 /* This is not the intention of this interface but err on the side
2695 return vnc_display_disable_login(ds
);
2699 qemu_free(vs
->password
);
2700 vs
->password
= NULL
;
2702 vs
->password
= qemu_strdup(password
);
2703 vs
->auth
= VNC_AUTH_VNC
;
2708 int vnc_display_pw_expire(DisplayState
*ds
, time_t expires
)
2710 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2712 vs
->expires
= expires
;
2716 char *vnc_display_local_addr(DisplayState
*ds
)
2718 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2720 return vnc_socket_local_addr("%s:%s", vs
->lsock
);
2723 int vnc_display_open(DisplayState
*ds
, const char *display
)
2725 VncDisplay
*vs
= ds
? (VncDisplay
*)ds
->opaque
: vnc_display
;
2726 const char *options
;
2729 #ifdef CONFIG_VNC_TLS
2730 int tls
= 0, x509
= 0;
2732 #ifdef CONFIG_VNC_SASL
2736 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
2739 int lock_key_sync
= 1;
2743 vnc_display_close(ds
);
2744 if (strcmp(display
, "none") == 0)
2747 if (!(vs
->display
= strdup(display
)))
2751 while ((options
= strchr(options
, ','))) {
2753 if (strncmp(options
, "password", 8) == 0) {
2754 password
= 1; /* Require password auth */
2755 } else if (strncmp(options
, "reverse", 7) == 0) {
2757 } else if (strncmp(options
, "no-lock-key-sync", 9) == 0) {
2759 #ifdef CONFIG_VNC_SASL
2760 } else if (strncmp(options
, "sasl", 4) == 0) {
2761 sasl
= 1; /* Require SASL auth */
2763 #ifdef CONFIG_VNC_TLS
2764 } else if (strncmp(options
, "tls", 3) == 0) {
2765 tls
= 1; /* Require TLS */
2766 } else if (strncmp(options
, "x509", 4) == 0) {
2768 x509
= 1; /* Require x509 certificates */
2769 if (strncmp(options
, "x509verify", 10) == 0)
2770 vs
->tls
.x509verify
= 1; /* ...and verify client certs */
2772 /* Now check for 'x509=/some/path' postfix
2773 * and use that to setup x509 certificate/key paths */
2774 start
= strchr(options
, '=');
2775 end
= strchr(options
, ',');
2776 if (start
&& (!end
|| (start
< end
))) {
2777 int len
= end
? end
-(start
+1) : strlen(start
+1);
2778 char *path
= qemu_strndup(start
+ 1, len
);
2780 VNC_DEBUG("Trying certificate path '%s'\n", path
);
2781 if (vnc_tls_set_x509_creds_dir(vs
, path
) < 0) {
2782 fprintf(stderr
, "Failed to find x509 certificates/keys in %s\n", path
);
2784 qemu_free(vs
->display
);
2790 fprintf(stderr
, "No certificate path provided\n");
2791 qemu_free(vs
->display
);
2796 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
2797 } else if (strncmp(options
, "acl", 3) == 0) {
2800 } else if (strncmp(options
, "lossy", 5) == 0) {
2805 #ifdef CONFIG_VNC_TLS
2806 if (acl
&& x509
&& vs
->tls
.x509verify
) {
2807 if (!(vs
->tls
.acl
= qemu_acl_init("vnc.x509dname"))) {
2808 fprintf(stderr
, "Failed to create x509 dname ACL\n");
2813 #ifdef CONFIG_VNC_SASL
2815 if (!(vs
->sasl
.acl
= qemu_acl_init("vnc.username"))) {
2816 fprintf(stderr
, "Failed to create username ACL\n");
2823 * Combinations we support here:
2825 * - no-auth (clear text, no auth)
2826 * - password (clear text, weak auth)
2827 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2828 * - tls (encrypt, weak anonymous creds, no auth)
2829 * - tls + password (encrypt, weak anonymous creds, weak auth)
2830 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2831 * - tls + x509 (encrypt, good x509 creds, no auth)
2832 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2833 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2835 * NB1. TLS is a stackable auth scheme.
2836 * NB2. the x509 schemes have option to validate a client cert dname
2839 #ifdef CONFIG_VNC_TLS
2841 vs
->auth
= VNC_AUTH_VENCRYPT
;
2843 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2844 vs
->subauth
= VNC_AUTH_VENCRYPT_X509VNC
;
2846 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2847 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSVNC
;
2850 #endif /* CONFIG_VNC_TLS */
2851 VNC_DEBUG("Initializing VNC server with password auth\n");
2852 vs
->auth
= VNC_AUTH_VNC
;
2853 #ifdef CONFIG_VNC_TLS
2854 vs
->subauth
= VNC_AUTH_INVALID
;
2856 #endif /* CONFIG_VNC_TLS */
2857 #ifdef CONFIG_VNC_SASL
2859 #ifdef CONFIG_VNC_TLS
2861 vs
->auth
= VNC_AUTH_VENCRYPT
;
2863 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2864 vs
->subauth
= VNC_AUTH_VENCRYPT_X509SASL
;
2866 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2867 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSSASL
;
2870 #endif /* CONFIG_VNC_TLS */
2871 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2872 vs
->auth
= VNC_AUTH_SASL
;
2873 #ifdef CONFIG_VNC_TLS
2874 vs
->subauth
= VNC_AUTH_INVALID
;
2876 #endif /* CONFIG_VNC_TLS */
2877 #endif /* CONFIG_VNC_SASL */
2879 #ifdef CONFIG_VNC_TLS
2881 vs
->auth
= VNC_AUTH_VENCRYPT
;
2883 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2884 vs
->subauth
= VNC_AUTH_VENCRYPT_X509NONE
;
2886 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2887 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSNONE
;
2891 VNC_DEBUG("Initializing VNC server with no auth\n");
2892 vs
->auth
= VNC_AUTH_NONE
;
2893 #ifdef CONFIG_VNC_TLS
2894 vs
->subauth
= VNC_AUTH_INVALID
;
2899 #ifdef CONFIG_VNC_SASL
2900 if ((saslErr
= sasl_server_init(NULL
, "qemu")) != SASL_OK
) {
2901 fprintf(stderr
, "Failed to initialize SASL auth %s",
2902 sasl_errstring(saslErr
, NULL
, NULL
));
2908 vs
->lock_key_sync
= lock_key_sync
;
2911 /* connect to viewer */
2912 if (strncmp(display
, "unix:", 5) == 0)
2913 vs
->lsock
= unix_connect(display
+5);
2915 vs
->lsock
= inet_connect(display
, SOCK_STREAM
);
2916 if (-1 == vs
->lsock
) {
2921 int csock
= vs
->lsock
;
2923 vnc_connect(vs
, csock
);
2928 /* listen for connects */
2930 dpy
= qemu_malloc(256);
2931 if (strncmp(display
, "unix:", 5) == 0) {
2932 pstrcpy(dpy
, 256, "unix:");
2933 vs
->lsock
= unix_listen(display
+5, dpy
+5, 256-5);
2935 vs
->lsock
= inet_listen(display
, dpy
, 256, SOCK_STREAM
, 5900);
2937 if (-1 == vs
->lsock
) {
2945 return qemu_set_fd_handler2(vs
->lsock
, NULL
, vnc_listen_read
, NULL
, vs
);