Supports following protocol versions:
- http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-75
- http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76
- - http://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-07
+ - http://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-10
You can make a cert/key with openssl using:
openssl req -new -x509 -days 365 -nodes -out self.pem -keyout self.pem
'''
-import os, sys, time, errno, signal, socket, struct, traceback, select
-from cgi import parse_qsl
+import os, sys, time, errno, signal, socket, traceback, select
+import array, struct
from base64 import b64encode, b64decode
# Imports that vary by python version
+
+# python 3.0 differences
if sys.hexversion > 0x3000000:
- # python >= 3.0
- from io import StringIO
- from http.server import SimpleHTTPRequestHandler
- from urllib.parse import urlsplit
b2s = lambda buf: buf.decode('latin_1')
s2b = lambda s: s.encode('latin_1')
+ s2a = lambda s: s
else:
- # python 2.X
- from cStringIO import StringIO
- from SimpleHTTPServer import SimpleHTTPRequestHandler
- from urlparse import urlsplit
- # No-ops
- b2s = lambda buf: buf
- s2b = lambda s: s
-
-if sys.hexversion >= 0x2060000:
- # python >= 2.6
- from multiprocessing import Process
- from hashlib import md5, sha1
-else:
- # python < 2.6
- Process = None
- from md5 import md5
- from sha import sha as sha1
+ b2s = lambda buf: buf # No-op
+ s2b = lambda s: s # No-op
+ s2a = lambda s: [ord(c) for c in s]
+try: from io import StringIO
+except: from cStringIO import StringIO
+try: from http.server import SimpleHTTPRequestHandler
+except: from SimpleHTTPServer import SimpleHTTPRequestHandler
+
+# python 2.6 differences
+try: from hashlib import md5, sha1
+except: from md5 import md5; from sha import sha as sha1
+
+# python 2.5 differences
+try:
+ from struct import pack, unpack_from
+except:
+ from struct import pack
+ def unpack_from(fmt, buf, offset=0):
+ slice = buffer(buf, offset, struct.calcsize(fmt))
+ return struct.unpack(fmt, slice)
# Degraded functionality if these imports are missing
-for mod, sup in [('numpy', 'HyBi protocol'),
- ('ctypes', 'HyBi protocol'), ('ssl', 'TLS/SSL/wss'),
+for mod, sup in [('numpy', 'HyBi protocol'), ('ssl', 'TLS/SSL/wss'),
+ ('multiprocessing', 'Multi-Processing'),
('resource', 'daemonizing')]:
try:
globals()[mod] = __import__(mod)
except ImportError:
globals()[mod] = None
- print("WARNING: no '%s' module, %s support disabled" % (
+ print("WARNING: no '%s' module, %s is slower or disabled" % (
mod, sup))
+if multiprocessing and sys.platform == 'win32':
+ # make sockets pickle-able/inheritable
+ import multiprocessing.reduction
class WebSocketServer(object):
buffer_size = 65536
+
server_handshake_hixie = """HTTP/1.1 101 Web Socket Protocol Handshake\r
Upgrade: WebSocket\r
Connection: Upgrade\r
policy_response = """<cross-domain-policy><allow-access-from domain="*" to-ports="*" /></cross-domain-policy>\n"""
+ # An exception before the WebSocket connection was established
class EClose(Exception):
pass
- def __init__(self, listen_host='', listen_port=None,
+ # An exception while the WebSocket client was connected
+ class CClose(Exception):
+ pass
+
+ def __init__(self, listen_host='', listen_port=None, source_is_ipv6=False,
verbose=False, cert='', key='', ssl_only=None,
- daemon=False, record='', web=''):
+ daemon=False, record='', web='',
+ run_once=False, timeout=0):
# settings
- self.verbose = verbose
- self.listen_host = listen_host
- self.listen_port = listen_port
- self.ssl_only = ssl_only
- self.daemon = daemon
- self.handler_id = 1
+ self.verbose = verbose
+ self.listen_host = listen_host
+ self.listen_port = listen_port
+ self.prefer_ipv6 = source_is_ipv6
+ self.ssl_only = ssl_only
+ self.daemon = daemon
+ self.run_once = run_once
+ self.timeout = timeout
+
+ self.launch_time = time.time()
+ self.ws_connection = False
+ self.handler_id = 1
# Make paths settings absolute
self.cert = os.path.abspath(cert)
os.chdir(self.web)
# Sanity checks
- if ssl and self.ssl_only:
+ if not ssl and self.ssl_only:
raise Exception("No 'ssl' module and SSL-only specified")
if self.daemon and not resource:
raise Exception("Module 'resource' required to daemonize")
self.listen_host, self.listen_port))
print(" - Flash security policy server")
if self.web:
- print(" - Web server")
+ print(" - Web server. Web root: %s" % self.web)
if ssl:
if os.path.exists(self.cert):
print(" - SSL/TLS support")
#
# WebSocketServer static methods
#
+
+ @staticmethod
+ def socket(host, port=None, connect=False, prefer_ipv6=False, unix_socket=None, use_ssl=False):
+ """ Resolve a host (and optional port) to an IPv4 or IPv6
+ address. Create a socket. Bind to it if listen is set,
+ otherwise connect to it. Return the socket.
+ """
+ flags = 0
+ if host == '':
+ host = None
+ if connect and not (port or unix_socket):
+ raise Exception("Connect mode requires a port")
+ if use_ssl and not ssl:
+ raise Exception("SSL socket requested but Python SSL module not loaded.");
+ if not connect and use_ssl:
+ raise Exception("SSL only supported in connect mode (for now)")
+ if not connect:
+ flags = flags | socket.AI_PASSIVE
+
+ if not unix_socket:
+ addrs = socket.getaddrinfo(host, port, 0, socket.SOCK_STREAM,
+ socket.IPPROTO_TCP, flags)
+ if not addrs:
+ raise Exception("Could not resolve host '%s'" % host)
+ addrs.sort(key=lambda x: x[0])
+ if prefer_ipv6:
+ addrs.reverse()
+ sock = socket.socket(addrs[0][0], addrs[0][1])
+ if connect:
+ sock.connect(addrs[0][4])
+ if use_ssl:
+ sock = ssl.wrap_socket(sock)
+ else:
+ sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+ sock.bind(addrs[0][4])
+ sock.listen(100)
+ else:
+ sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
+ sock.connect(unix_socket)
+
+ return sock
+
@staticmethod
def daemonize(keepfd=None, chdir='/'):
os.umask(0)
os.dup2(os.open(os.devnull, os.O_RDWR), sys.stdout.fileno())
os.dup2(os.open(os.devnull, os.O_RDWR), sys.stderr.fileno())
+ @staticmethod
+ def unmask(buf, f):
+ pstart = f['hlen'] + 4
+ pend = pstart + f['length']
+ if numpy:
+ b = c = s2b('')
+ if f['length'] >= 4:
+ mask = numpy.frombuffer(buf, dtype=numpy.dtype('<u4'),
+ offset=f['hlen'], count=1)
+ data = numpy.frombuffer(buf, dtype=numpy.dtype('<u4'),
+ offset=pstart, count=int(f['length'] / 4))
+ #b = numpy.bitwise_xor(data, mask).data
+ b = numpy.bitwise_xor(data, mask).tostring()
+
+ if f['length'] % 4:
+ #print("Partial unmask")
+ mask = numpy.frombuffer(buf, dtype=numpy.dtype('B'),
+ offset=f['hlen'], count=(f['length'] % 4))
+ data = numpy.frombuffer(buf, dtype=numpy.dtype('B'),
+ offset=pend - (f['length'] % 4),
+ count=(f['length'] % 4))
+ c = numpy.bitwise_xor(data, mask).tostring()
+ return b + c
+ else:
+ # Slower fallback
+ data = array.array('B')
+ mask = s2a(f['mask'])
+ data.fromstring(buf[pstart:pend])
+ for i in range(len(data)):
+ data[i] ^= mask[i % 4]
+ return data.tostring()
+
@staticmethod
def encode_hybi(buf, opcode, base64=False):
""" Encode a HyBi style WebSocket frame.
b1 = 0x80 | (opcode & 0x0f) # FIN + opcode
payload_len = len(buf)
if payload_len <= 125:
- header = struct.pack('>BB', b1, payload_len)
- elif payload_len > 125 and payload_len <= 65536:
- header = struct.pack('>BBH', b1, 126, payload_len)
+ header = pack('>BB', b1, payload_len)
+ elif payload_len > 125 and payload_len < 65536:
+ header = pack('>BBH', b1, 126, payload_len)
elif payload_len >= 65536:
- header = struct.pack('>BBQ', b1, 127, payload_len)
+ header = pack('>BBQ', b1, 127, payload_len)
#print("Encoded: %s" % repr(header + buf))
'length' : 0,
'payload' : None,
'left' : 0,
- 'close_code' : None,
- 'close_reason' : None}
+ 'close_code' : 1000,
+ 'close_reason' : ''}
blen = len(buf)
f['left'] = blen
if blen < f['hlen']:
return f # Incomplete frame header
- b1, b2 = struct.unpack_from(">BB", buf)
+ b1, b2 = unpack_from(">BB", buf)
f['opcode'] = b1 & 0x0f
f['fin'] = (b1 & 0x80) >> 7
has_mask = (b2 & 0x80) >> 7
f['hlen'] = 4
if blen < f['hlen']:
return f # Incomplete frame header
- (f['length'],) = struct.unpack_from('>xxH', buf)
+ (f['length'],) = unpack_from('>xxH', buf)
elif f['length'] == 127:
f['hlen'] = 10
if blen < f['hlen']:
return f # Incomplete frame header
- (f['length'],) = struct.unpack_from('>xxQ', buf)
+ (f['length'],) = unpack_from('>xxQ', buf)
full_len = f['hlen'] + has_mask * 4 + f['length']
if has_mask:
# unmask payload
f['mask'] = buf[f['hlen']:f['hlen']+4]
- b = c = ''
- if f['length'] >= 4:
- mask = numpy.frombuffer(buf, dtype=numpy.dtype('<L4'),
- offset=f['hlen'], count=1)
- data = numpy.frombuffer(buf, dtype=numpy.dtype('<L4'),
- offset=f['hlen'] + 4, count=int(f['length'] / 4))
- #b = numpy.bitwise_xor(data, mask).data
- b = numpy.bitwise_xor(data, mask).tostring()
-
- if f['length'] % 4:
- print("Partial unmask")
- mask = numpy.frombuffer(buf, dtype=numpy.dtype('B'),
- offset=f['hlen'], count=(f['length'] % 4))
- data = numpy.frombuffer(buf, dtype=numpy.dtype('B'),
- offset=full_len - (f['length'] % 4),
- count=(f['length'] % 4))
- c = numpy.bitwise_xor(data, mask).tostring()
- f['payload'] = b + c
+ f['payload'] = WebSocketServer.unmask(buf, f)
else:
print("Unmasked frame: %s" % repr(buf))
f['payload'] = buf[(f['hlen'] + has_mask * 4):full_len]
if f['opcode'] == 0x08:
if f['length'] >= 2:
- f['close_code'] = struct.unpack_from(">H", f['payload'])
+ f['close_code'] = unpack_from(">H", f['payload'])[0]
if f['length'] > 3:
f['close_reason'] = f['payload'][2:]
num1 = int("".join([c for c in key1 if c.isdigit()])) / spaces1
num2 = int("".join([c for c in key2 if c.isdigit()])) / spaces2
- return b2s(md5(struct.pack('>II8s',
+ return b2s(md5(pack('>II8s',
int(num1), int(num2), key3)).digest())
#
buf = self.client.recv(self.buffer_size)
if len(buf) == 0:
- closed = "Client closed abruptly"
+ closed = {'code': 1000, 'reason': "Client closed abruptly"}
return bufs, closed
if self.recv_part:
break
else:
if frame['opcode'] == 0x8: # connection close
- closed = "Client closed, reason: %s - %s" % (
- frame['close_code'],
- frame['close_reason'])
+ closed = {'code': frame['close_code'],
+ 'reason': frame['close_reason']}
break
else:
- if buf[0:2] == '\xff\x00':
- closed = "Client sent orderly close frame"
+ if buf[0:2] == s2b('\xff\x00'):
+ closed = {'code': 1000,
+ 'reason': "Client sent orderly close frame"}
break
- elif buf[0:2] == '\x00\xff':
+ elif buf[0:2] == s2b('\x00\xff'):
buf = buf[2:]
continue # No-op
return bufs, closed
- def send_close(self, code=None, reason=''):
+ def send_close(self, code=1000, reason=''):
""" Send a WebSocket orderly close frame. """
if self.version.startswith("hybi"):
- msg = s2b('')
- if code != None:
- msg = struct.pack(">H%ds" % (len(reason)), code)
+ msg = pack(">H%ds" % len(reason), code, reason)
- buf = self.encode_hybi(msg, opcode=0x08, base64=False)
+ buf, h, t = self.encode_hybi(msg, opcode=0x08, base64=False)
self.client.send(buf)
elif self.version == "hixie-76":
# No orderly close for 75
+ def do_websocket_handshake(self, headers, path):
+ h = self.headers = headers
+ self.path = path
+
+ prot = 'WebSocket-Protocol'
+ protocols = h.get('Sec-'+prot, h.get(prot, '')).split(',')
+
+ ver = h.get('Sec-WebSocket-Version')
+ if ver:
+ # HyBi/IETF version of the protocol
+
+ # HyBi-07 report version 7
+ # HyBi-08 - HyBi-12 report version 8
+ # HyBi-13 reports version 13
+ if ver in ['7', '8', '13']:
+ self.version = "hybi-%02d" % int(ver)
+ else:
+ raise self.EClose('Unsupported protocol version %s' % ver)
+
+ key = h['Sec-WebSocket-Key']
+
+ # Choose binary if client supports it
+ if 'binary' in protocols:
+ self.base64 = False
+ elif 'base64' in protocols:
+ self.base64 = True
+ else:
+ raise self.EClose("Client must support 'binary' or 'base64' protocol")
+
+ # Generate the hash value for the accept header
+ accept = b64encode(sha1(s2b(key + self.GUID)).digest())
+
+ response = self.server_handshake_hybi % b2s(accept)
+ if self.base64:
+ response += "Sec-WebSocket-Protocol: base64\r\n"
+ else:
+ response += "Sec-WebSocket-Protocol: binary\r\n"
+ response += "\r\n"
+
+ else:
+ # Hixie version of the protocol (75 or 76)
+
+ if h.get('key3'):
+ trailer = self.gen_md5(h)
+ pre = "Sec-"
+ self.version = "hixie-76"
+ else:
+ trailer = ""
+ pre = ""
+ self.version = "hixie-75"
+
+ # We only support base64 in Hixie era
+ self.base64 = True
+
+ response = self.server_handshake_hixie % (pre,
+ h['Origin'], pre, self.scheme, h['Host'], path)
+
+ if 'base64' in protocols:
+ response += "%sWebSocket-Protocol: base64\r\n" % pre
+ else:
+ self.msg("Warning: client does not report 'base64' protocol support")
+ response += "\r\n" + trailer
+
+ return response
+
+
def do_handshake(self, sock, address):
"""
do_handshake does the following:
- Send a WebSockets handshake server response.
- Return the socket for this WebSocket client.
"""
-
stype = ""
-
ready = select.select([sock], [], [], 3)[0]
+
+
if not ready:
raise self.EClose("ignoring socket not ready")
# Peek, but do not read the data so that we have a opportunity
sock.send(s2b(self.policy_response))
raise self.EClose("Sending flash policy response")
- elif handshake[0] in ("\x16", "\x80"):
+ elif handshake[0] in ("\x16", "\x80", 22, 128):
# SSL wrap the connection
if not ssl:
raise self.EClose("SSL connection but no 'ssl' module")
if not os.path.exists(self.cert):
raise self.EClose("SSL connection but '%s' not found"
% self.cert)
+ retsock = None
try:
retsock = ssl.wrap_socket(
sock,
except ssl.SSLError:
_, x, _ = sys.exc_info()
if x.args[0] == ssl.SSL_ERROR_EOF:
- raise self.EClose("")
+ if len(x.args) > 1:
+ raise self.EClose(x.args[1])
+ else:
+ raise self.EClose("Got SSL_ERROR_EOF")
else:
raise
- scheme = "wss"
+ self.scheme = "wss"
stype = "SSL/TLS (wss://)"
elif self.ssl_only:
else:
retsock = sock
- scheme = "ws"
+ self.scheme = "ws"
stype = "Plain non-SSL (ws://)"
wsh = WSRequestHandler(retsock, address, not self.web)
else:
raise self.EClose("")
- h = self.headers = wsh.headers
- path = self.path = wsh.path
-
- prot = 'WebSocket-Protocol'
- protocols = h.get('Sec-'+prot, h.get(prot, '')).split(',')
-
- ver = h.get('Sec-WebSocket-Version')
- if ver:
- # HyBi/IETF version of the protocol
-
- if sys.hexversion < 0x2060000 or not numpy:
- raise self.EClose("Python >= 2.6 and numpy module is required for HyBi-07 or greater")
-
- if ver == '7':
- self.version = "hybi-07"
- else:
- raise self.EClose('Unsupported protocol version %s' % ver)
-
- key = h['Sec-WebSocket-Key']
-
- # Choose binary if client supports it
- if 'binary' in protocols:
- self.base64 = False
- elif 'base64' in protocols:
- self.base64 = True
- else:
- raise self.EClose("Client must support 'binary' or 'base64' protocol")
-
- # Generate the hash value for the accept header
- accept = b64encode(sha1(s2b(key + self.GUID)).digest())
-
- response = self.server_handshake_hybi % accept
- if self.base64:
- response += "Sec-WebSocket-Protocol: base64\r\n"
- else:
- response += "Sec-WebSocket-Protocol: binary\r\n"
- response += "\r\n"
-
- else:
- # Hixie version of the protocol (75 or 76)
-
- if h.get('key3'):
- trailer = self.gen_md5(h)
- pre = "Sec-"
- self.version = "hixie-76"
- else:
- trailer = ""
- pre = ""
- self.version = "hixie-75"
-
- # We only support base64 in Hixie era
- self.base64 = True
-
- response = self.server_handshake_hixie % (pre,
- h['Origin'], pre, scheme, h['Host'], path)
-
- if 'base64' in protocols:
- response += "%sWebSocket-Protocol: base64\r\n" % pre
- else:
- self.msg("Warning: client does not report 'base64' protocol support")
- response += "\r\n" + trailer
+ response = self.do_websocket_handshake(wsh.headers, wsh.path)
self.msg("%s: %s WebSocket connection" % (address[0], stype))
self.msg("%s: Version %s, base64: '%s'" % (address[0],
self.version, self.base64))
+ if self.path != '/':
+ self.msg("%s: Path: '%s'" % (address[0], self.path))
+
# Send server WebSockets handshake response
#self.msg("sending response [%s]" % response)
self.rec = None
self.start_time = int(time.time()*1000)
- # handler process
+ # handler process
try:
try:
self.client = self.do_handshake(startsock, address)
self.rec = open(fname, 'w+')
self.rec.write("var VNC_frame_data = [\n")
+ self.ws_connection = True
self.new_client()
+ except self.CClose:
+ # Close the client
+ _, exc, _ = sys.exc_info()
+ if self.client:
+ self.send_close(exc.args[0], exc.args[1])
except self.EClose:
_, exc, _ = sys.exc_info()
# Connection was not a WebSockets connection
self.rec.close()
if self.client and self.client != startsock:
+ # Close the SSL wrapped socket
+ # Original socket closed by caller
self.client.close()
def new_client(self):
is a WebSockets client then call new_client() method (which must
be overridden) for each new client connection.
"""
-
- lsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- lsock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
- lsock.bind((self.listen_host, self.listen_port))
- lsock.listen(100)
+ lsock = self.socket(self.listen_host, self.listen_port, False, self.prefer_ipv6)
if self.daemon:
self.daemonize(keepfd=lsock.fileno(), chdir=self.web)
# Allow override of SIGINT
signal.signal(signal.SIGINT, self.do_SIGINT)
- if not Process:
+ if not multiprocessing:
# os.fork() (python 2.4) child reaper
signal.signal(signal.SIGCHLD, self.fallback_SIGCHLD)
startsock = None
pid = err = 0
+ time_elapsed = time.time() - self.launch_time
+ if self.timeout and time_elapsed > self.timeout:
+ self.msg('listener exit due to --timeout %s'
+ % self.timeout)
+ break
+
try:
self.poll()
continue
else:
raise
-
- if Process:
+
+ if self.run_once:
+ # Run in same process if run_once
+ self.top_new_client(startsock, address)
+ if self.ws_connection :
+ self.msg('%s: exiting due to --run-once'
+ % address[0])
+ break
+ elif multiprocessing:
self.vmsg('%s: new handler Process' % address[0])
- p = Process(target=self.top_new_client,
+ p = multiprocessing.Process(
+ target=self.top_new_client,
args=(startsock, address))
p.start()
# child will not return
def log_message(self, f, *args):
# Save instead of printing
self.last_message = f % args
-