--- AnyEvent/lib/AnyEvent/Handle.pm 2010/10/16 02:01:54 1.202 +++ AnyEvent/lib/AnyEvent/Handle.pm 2013/12/17 16:43:15 1.240 @@ -13,7 +13,7 @@ fh => \*STDIN, on_error => sub { my ($hdl, $fatal, $msg) = @_; - warn "got error $msg\n"; + AE::log error => $msg; $hdl->destroy; $cv->send; }; @@ -24,7 +24,7 @@ # read the response line $hdl->push_read (line => sub { my ($hdl, $line) = @_; - warn "got line <$line>\n"; + say "got line <$line>"; $cv->send; }); @@ -77,6 +77,8 @@ \&$func } +sub MAX_READ_SIZE() { 131072 } + =head1 METHODS =over 4 @@ -114,10 +116,10 @@ =item on_prepare => $cb->($handle) This (rarely used) callback is called before a new connection is -attempted, but after the file handle has been created. It could be used to -prepare the file handle with parameters required for the actual connect -(as opposed to settings that can be changed when the connection is already -established). +attempted, but after the file handle has been created (you can access that +file handle via C<< $handle->{fh} >>). It could be used to prepare the +file handle with parameters required for the actual connect (as opposed to +settings that can be changed when the connection is already established). The return value of this callback should be the connect timeout value in seconds (or C<0>, or C, or the empty list, to indicate that the @@ -128,13 +130,19 @@ This callback is called when a connection has been successfully established. The peer's numeric host and port (the socket peername) are passed as -parameters, together with a retry callback. - -If, for some reason, the handle is not acceptable, calling C<$retry> -will continue with the next connection target (in case of multi-homed -hosts or SRV records there can be multiple connection endpoints). At the -time it is called the read and write queues, eof status, tls status and -similar properties of the handle will have been reset. +parameters, together with a retry callback. At the time it is called the +read and write queues, EOF status, TLS status and similar properties of +the handle will have been reset. + +It is not allowed to use the read or write queues while the handle object +is connecting. + +If, for some reason, the handle is not acceptable, calling C<$retry> will +continue with the next connection target (in case of multi-homed hosts or +SRV records there can be multiple connection endpoints). The C<$retry> +callback can be invoked after the connect callback returns, i.e. one can +start a handshake and then decide to retry with the next host if the +handshake fails. In most cases, you should ignore the C<$retry> parameter. @@ -159,14 +167,20 @@ fatal errors the handle object will be destroyed (by a call to C<< -> destroy >>) after invoking the error callback (which means you are free to examine the handle object). Examples of fatal errors are an EOF condition -with active (but unsatisifable) read watchers (C) or I/O errors. In +with active (but unsatisfiable) read watchers (C) or I/O errors. In cases where the other side can close the connection at will, it is often easiest to not report C errors in this callback. AnyEvent::Handle tries to find an appropriate error code for you to check -against, but in some cases (TLS errors), this does not work well. It is -recommended to always output the C<$message> argument in human-readable -error messages (it's usually the same as C<"$!">). +against, but in some cases (TLS errors), this does not work well. + +If you report the error to the user, it is recommended to always output +the C<$message> argument in human-readable error messages (you don't need +to report C<"$!"> if you report C<$message>). + +If you want to react programmatically to the error, then looking at C<$!> +and comparing it against some of the documented C values is usually +better than looking at the C<$message>. Non-fatal errors can be retried by returning, but it is recommended to simply ignore this parameter and instead abondon the handle object @@ -224,8 +238,8 @@ =item on_drain => $cb->($handle) -This sets the callback that is called when the write buffer becomes empty -(or immediately if the buffer is empty already). +This sets the callback that is called once when the write buffer becomes +empty (and immediately when the handle object is created). To append to the write buffer, use the C<< ->push_write >> method. @@ -247,22 +261,27 @@ will be invoked (and if that one is missing, a non-fatal C error will be raised). -There are three variants of the timeouts that work independently -of each other, for both read and write, just read, and just write: +There are three variants of the timeouts that work independently of each +other, for both read and write (triggered when nothing was read I +written), just read (triggered when nothing was read), and just write: C, C and C, with corresponding callbacks C, C and C, and reset functions C, C, and C. -Note that timeout processing is active even when you do not have -any outstanding read or write requests: If you plan to keep the connection -idle then you should disable the timeout temporarily or ignore the timeout -in the C callback, in which case AnyEvent::Handle will simply -restart the timeout. +Note that timeout processing is active even when you do not have any +outstanding read or write requests: If you plan to keep the connection +idle then you should disable the timeout temporarily or ignore the +timeout in the corresponding C callback, in which case +AnyEvent::Handle will simply restart the timeout. -Zero (the default) disables this timeout. +Zero (the default) disables the corresponding timeout. =item on_timeout => $cb->($handle) +=item on_rtimeout => $cb->($handle) + +=item on_wtimeout => $cb->($handle) + Called whenever the inactivity timeout passes. If you return from this callback, then the timeout will be reset as if some activity had happened, so this condition is not fatal in any way. @@ -279,6 +298,21 @@ amount of data without a callback ever being called as long as the line isn't finished). +=item wbuf_max => + +If defined, then a fatal error will be raised (with C<$!> set to C) +when the write buffer ever (strictly) exceeds this size. This is useful to +avoid some forms of denial-of-service attacks. + +Although the units of this parameter is bytes, this is the I number +of bytes not yet accepted by the kernel. This can make a difference when +you e.g. use TLS, as TLS typically makes your write data larger (but it +can also make it smaller due to compression). + +As an example of when this limit is useful, take a chat server that sends +chat messages to a client. If the client does not read those in a timely +manner then the send buffer in the server would grow unbounded. + =item autocork => When disabled (the default), C will try to immediately @@ -339,9 +373,18 @@ =item read_size => -The default read block size (the number of bytes this module will -try to read during each loop iteration, which affects memory -requirements). Default: C<8192>. +The initial read block size, the number of bytes this module will try +to read during each loop iteration. Each handle object will consume +at least this amount of memory for the read buffer as well, so when +handling many connections watch out for memory requirements). See also +C. Default: C<2048>. + +=item max_read_size => + +The maximum read buffer size used by the dynamic adjustment +algorithm: Each time AnyEvent::Handle can read C bytes in +one go it will double C up to the maximum given by this +option. Default: C<131072> or C, whichever is higher. =item low_water_mark => @@ -388,7 +431,8 @@ TLS mode requires Net::SSLeay to be installed (it will be loaded automatically when you try to create a TLS handle): this module doesn't have a dependency on that module, so if your module requires it, you have -to add the dependency yourself. +to add the dependency yourself. If Net::SSLeay cannot be loaded or is too +old, you get an C error. Unlike TCP, TLS has a server and client side: for the TLS server side, use C, and for the TLS client side of a connection, use C @@ -414,8 +458,9 @@ =item tls_ctx => $anyevent_tls Use the given C object to create the new TLS connection -(unless a connection object was specified directly). If this parameter is -missing, then AnyEvent::Handle will use C. +(unless a connection object was specified directly). If this +parameter is missing (or C), then AnyEvent::Handle will use +C. Instead of an object, you can also specify a hash reference with C<< key => value >> pairs. Those will be passed to L to create a @@ -453,7 +498,7 @@ This callback will only be called on TLS shutdowns, not when the underlying handle signals EOF. -=item json => JSON or JSON::XS object +=item json => L, L or L object This is the json coder object used by the C read and write types. @@ -461,8 +506,17 @@ suitable one (on demand), which will write and expect UTF-8 encoded JSON texts. -Note that you are responsible to depend on the JSON module if you want to -use this functionality, as AnyEvent does not have a dependency itself. +=item cbor => L object + +This is the cbor coder object used by the C read and write types. + +If you don't supply it, then AnyEvent::Handle will create and use a +suitable one (on demand), which will write CBOR without using extensions, +if possible. texts. + +Note that you are responsible to depend on the L module if you +want to use this functionality, as AnyEvent does not have a dependency on +it itself. =back @@ -494,6 +548,8 @@ sub { my ($fh, $host, $port, $retry) = @_; + delete $self->{_connect}; # no longer needed + if ($fh) { $self->{fh} = $fh; @@ -510,7 +566,7 @@ } else { if ($self->{on_connect_error}) { $self->{on_connect_error}($self, "$!"); - $self->destroy; + $self->destroy if $self; } else { $self->_error ($!, 1); } @@ -520,7 +576,7 @@ local $self->{fh} = $_[0]; $self->{on_prepare} - ? $self->{on_prepare}->($self) + ? $self->{on_prepare}->($self) : () } ); @@ -548,6 +604,10 @@ $self->{_ractivity} = $self->{_wactivity} = AE::now; + $self->{read_size} ||= 2048; + $self->{max_read_size} = $self->{read_size} + if $self->{read_size} > ($self->{max_read_size} || MAX_READ_SIZE); + $self->timeout (delete $self->{timeout} ) if $self->{timeout}; $self->rtimeout (delete $self->{rtimeout} ) if $self->{rtimeout}; $self->wtimeout (delete $self->{wtimeout} ) if $self->{wtimeout}; @@ -725,12 +785,20 @@ Configures the C setting (C disables it). +=item $handle->wbuf_max ($max_octets) + +Configures the C setting (C disables it). + =cut sub rbuf_max { $_[0]{rbuf_max} = $_[1]; } +sub wbuf_max { + $_[0]{wbuf_max} = $_[1]; +} + ############################################################################# =item $handle->timeout ($seconds) @@ -741,6 +809,9 @@ Configures (or disables) the inactivity timeout. +The timeout will be checked instantly, so this method might destroy the +handle before it returns. + =item $handle->timeout_reset =item $handle->rtimeout_reset @@ -833,7 +904,7 @@ AnyEvent::Handle will automatically try to get rid of it for you. When data could be written and the write buffer is shorter then the low -water mark, the C callback will be invoked. +water mark, the C callback will be invoked once. =over 4 @@ -858,9 +929,9 @@ =item $handle->push_write ($data) -Queues the given scalar to be written. You can push as much data as you -want (only limited by the available memory), as C -buffers it independently of the kernel. +Queues the given scalar to be written. You can push as much data as +you want (only limited by the available memory and C), as +C buffers it independently of the kernel. This method may invoke callbacks (and therefore the handle might be destroyed after it returns). @@ -898,6 +969,13 @@ # if still data left in wbuf, we need to poll $self->{_ww} = AE::io $self->{fh}, 1, $cb if length $self->{wbuf}; + + if ( + defined $self->{wbuf_max} + && $self->{wbuf_max} < length $self->{wbuf} + ) { + $self->_error (Errno::ENOSPC, 1), return; + } }; } @@ -986,10 +1064,10 @@ this module doesn't need delimiters after or between JSON texts to be able to read them, many other languages depend on that. -A simple RPC protocol that interoperates easily with others is to send -JSON arrays (or objects, although arrays are usually the better choice as -they mimic how function argument passing works) and a newline after each -JSON text: +A simple RPC protocol that interoperates easily with other languages is +to send JSON arrays (or objects, although arrays are usually the better +choice as they mimic how function argument passing works) and a newline +after each JSON text: $handle->push_write (json => ["method", "arg1", "arg2"]); # whatever $handle->push_write ("\012"); @@ -1002,19 +1080,50 @@ Other languages could read single lines terminated by a newline and pass this line into their JSON decoder of choice. +=item cbor => $perl_scalar + +Encodes the given scalar into a CBOR value. Unless you provide your own +L object, this means it will be encoded to a CBOR string not +using any extensions, if possible. + +CBOR values are self-delimiting, so you can write CBOR at one end of +a handle and read them at the other end without using any additional +framing. + +A simple nd very very fast RPC protocol that interoperates with +other languages is to send CBOR and receive CBOR values (arrays are +recommended): + + $handle->push_write (cbor => ["method", "arg1", "arg2"]); # whatever + +An AnyEvent::Handle receiver would simply use the C read type: + + $handle->push_read (cbor => sub { my $array = $_[1]; ... }); + =cut sub json_coder() { eval { require JSON::XS; JSON::XS->new->utf8 } - || do { require JSON; JSON->new->utf8 } + || do { require JSON::PP; JSON::PP->new->utf8 } } register_write_type json => sub { my ($self, $ref) = @_; - my $json = $self->{json} ||= json_coder; + ($self->{json} ||= json_coder) + ->encode ($ref) +}; + +sub cbor_coder() { + require CBOR::XS; + CBOR::XS->new +} + +register_write_type cbor => sub { + my ($self, $scalar) = @_; - $json->encode ($ref) + ($self->{cbor} ||= cbor_coder) + ->encode ($scalar) }; =item storable => $reference @@ -1027,7 +1136,7 @@ register_write_type storable => sub { my ($self, $ref) = @_; - require Storable; + require Storable unless $Storable::VERSION; pack "w/a*", Storable::nfreeze ($ref) }; @@ -1042,7 +1151,7 @@ C to C<0>). This method is a shorthand for just that, and replaces the C callback with: - sub { shutdown $_[0]{fh}, 1 } # for push_shutdown + sub { shutdown $_[0]{fh}, 1 } This simply shuts down the write side and signals an EOF condition to the the peer. @@ -1074,7 +1183,7 @@ the handle object and the remaining arguments. The function is supposed to return a single octet string that will be -appended to the write buffer, so you cna mentally treat this function as a +appended to the write buffer, so you can mentally treat this function as a "arguments to on-the-wire-format" converter. Example: implement a custom write type C that joins the remaining @@ -1378,7 +1487,7 @@ Example: read 2 bytes. $handle->push_read (chunk => 2, sub { - warn "yay ", unpack "H*", $_[1]; + say "yay " . unpack "H*", $_[1]; }); =cut @@ -1418,11 +1527,13 @@ my ($self, $cb, $eol) = @_; if (@_ < 3) { - # this is more than twice as fast as the generic code below + # this is faster then the generic code below sub { - $_[0]{rbuf} =~ s/^([^\015\012]*)(\015?\012)// or return; + (my $pos = index $_[0]{rbuf}, "\012") >= 0 + or return; - $cb->($_[0], $1, $2); + (my $str = substr $_[0]{rbuf}, 0, $pos + 1, "") =~ s/(\015?\012)\Z// or die; + $cb->($_[0], $str, "$1"); 1 } } else { @@ -1432,7 +1543,7 @@ sub { $_[0]{rbuf} =~ s/$eol// or return; - $cb->($_[0], $1, $2); + $cb->($_[0], "$1", "$2"); 1 } } @@ -1490,13 +1601,13 @@ # accept if ($$rbuf =~ $accept) { $data .= substr $$rbuf, 0, $+[0], ""; - $cb->($self, $data); + $cb->($_[0], $data); return 1; } # reject if ($reject && $$rbuf =~ $reject) { - $self->_error (Errno::EBADMSG); + $_[0]->_error (Errno::EBADMSG); } # skip @@ -1522,20 +1633,20 @@ sub { unless ($_[0]{rbuf} =~ s/^(0|[1-9][0-9]*)://) { if ($_[0]{rbuf} =~ /[^0-9]/) { - $self->_error (Errno::EBADMSG); + $_[0]->_error (Errno::EBADMSG); } return; } my $len = $1; - $self->unshift_read (chunk => $len, sub { + $_[0]->unshift_read (chunk => $len, sub { my $string = $_[1]; $_[0]->unshift_read (chunk => 1, sub { if ($_[1] eq ",") { $cb->($_[0], $string); } else { - $self->_error (Errno::EBADMSG); + $_[0]->_error (Errno::EBADMSG); } }); }); @@ -1595,13 +1706,12 @@ Reads a JSON object or array, decodes it and passes it to the callback. When a parse error occurs, an C error will be raised. -If a C object was passed to the constructor, then that will be used -for the final decode, otherwise it will create a JSON coder expecting UTF-8. +If a C object was passed to the constructor, then that will be +used for the final decode, otherwise it will create a L or +L coder object expecting UTF-8. This read type uses the incremental parser available with JSON version -2.09 (and JSON::XS version 2.2) and above. You have to provide a -dependency on your own: this module will load the JSON module, but -AnyEvent does not depend on it itself. +2.09 (and JSON::XS version 2.2) and above. Since JSON texts are fully self-delimiting, the C read and write types are an ideal simple RPC protocol: just exchange JSON datagrams. See @@ -1615,30 +1725,75 @@ my $json = $self->{json} ||= json_coder; my $data; - my $rbuf = \$self->{rbuf}; sub { - my $ref = eval { $json->incr_parse ($self->{rbuf}) }; + my $ref = eval { $json->incr_parse ($_[0]{rbuf}) }; if ($ref) { - $self->{rbuf} = $json->incr_text; + $_[0]{rbuf} = $json->incr_text; $json->incr_text = ""; - $cb->($self, $ref); + $cb->($_[0], $ref); 1 } elsif ($@) { # error case $json->incr_skip; - $self->{rbuf} = $json->incr_text; + $_[0]{rbuf} = $json->incr_text; $json->incr_text = ""; - $self->_error (Errno::EBADMSG); + $_[0]->_error (Errno::EBADMSG); () } else { - $self->{rbuf} = ""; + $_[0]{rbuf} = ""; + + () + } + } +}; + +=item cbor => $cb->($handle, $scalar) + +Reads a CBOR value, decodes it and passes it to the callback. When a parse +error occurs, an C error will be raised. + +If a L object was passed to the constructor, then that will be +used for the final decode, otherwise it will create a CBOR coder without +enabling any options. + +You have to provide a dependency to L on your own: this module +will load the L module, but AnyEvent does not depend on it +itself. + +Since CBOR values are fully self-delimiting, the C read and write +types are an ideal simple RPC protocol: just exchange CBOR datagrams. See +the C write type description, above, for an actual example. + +=cut + +register_read_type cbor => sub { + my ($self, $cb) = @_; + my $cbor = $self->{cbor} ||= cbor_coder; + + my $data; + + sub { + my (@value) = eval { $cbor->incr_parse ($_[0]{rbuf}) }; + + if (@value) { + $cb->($_[0], @value); + + 1 + } elsif ($@) { + # error case + $cbor->incr_reset; + + $_[0]->_error (Errno::EBADMSG); + + () + } else { () } } @@ -1657,7 +1812,7 @@ register_read_type storable => sub { my ($self, $cb) = @_; - require Storable; + require Storable unless $Storable::VERSION; sub { # when we can use 5.10 we can use ".", but for 5.8 we use the re-pack method @@ -1670,18 +1825,17 @@ if ($format + $len <= length $_[0]{rbuf}) { my $data = substr $_[0]{rbuf}, $format, $len; substr $_[0]{rbuf}, 0, $format + $len, ""; - $cb->($_[0], Storable::thaw ($data)); + + eval { $cb->($_[0], Storable::thaw ($data)); 1 } + or return $_[0]->_error (Errno::EBADMSG); } else { # remove prefix substr $_[0]{rbuf}, 0, $format, ""; # read remaining chunk $_[0]->unshift_read (chunk => $len, sub { - if (my $ref = eval { Storable::thaw ($_[1]) }) { - $cb->($_[0], $ref); - } else { - $self->_error (Errno::EBADMSG); - } + eval { $cb->($_[0], Storable::thaw ($_[1])); 1 } + or $_[0]->_error (Errno::EBADMSG); }); } @@ -1689,6 +1843,92 @@ } }; +=item tls_detect => $cb->($handle, $detect, $major, $minor) + +Checks the input stream for a valid SSL or TLS handshake TLSPaintext +record without consuming anything. Only SSL version 3 or higher +is handled, up to the fictituous protocol 4.x (but both SSL3+ and +SSL2-compatible framing is supported). + +If it detects that the input data is likely TLS, it calls the callback +with a true value for C<$detect> and the (on-wire) TLS version as second +and third argument (C<$major> is C<3>, and C<$minor> is 0..3 for SSL +3.0, TLS 1.0, 1.1 and 1.2, respectively). If it detects the input to +be definitely not TLS, it calls the callback with a false value for +C<$detect>. + +The callback could use this information to decide whether or not to start +TLS negotiation. + +In all cases the data read so far is passed to the following read +handlers. + +Usually you want to use the C read type instead. + +If you want to design a protocol that works in the presence of TLS +dtection, make sure that any non-TLS data doesn't start with the octet 22 +(ASCII SYN, 16 hex) or 128-255 (i.e. highest bit set). The checks this +read type does are a bit more strict, but might losen in the future to +accomodate protocol changes. + +This read type does not rely on L (and thus, not on +L). + +=item tls_autostart => $tls[, $tls_ctx] + +Tries to detect a valid SSL or TLS handshake. If one is detected, it tries +to start tls by calling C with the given arguments. + +In practise, C<$tls> must be C, or a Net::SSLeay context that has +been configured to accept, as servers do not normally send a handshake on +their own and ths cannot be detected in this way. + +See C above for more details. + +Example: give the client a chance to start TLS before accepting a text +line. + + $hdl->push_read (tls_detect => "accept"); + $hdl->push_read (line => sub { + print "received ", ($_[0]{tls} ? "encrypted" : "cleartext"), " <$_[1]>\n"; + }); + +=cut + +register_read_type tls_detect => sub { + my ($self, $cb) = @_; + + sub { + # this regex matches a full or partial tls record + if ( + # ssl3+: type(22=handshake) major(=3) minor(any) length_hi + $self->{rbuf} =~ /^(?:\z| \x16 (\z| [\x03\x04] (?:\z| . (?:\z| [\x00-\x40] ))))/xs + # ssl2 comapatible: len_hi len_lo type(1) major minor dummy(forlength) + or $self->{rbuf} =~ /^(?:\z| [\x80-\xff] (?:\z| . (?:\z| \x01 (\z| [\x03\x04] (?:\z| . (?:\z| . ))))))/xs + ) { + return if 3 != length $1; # partial match, can't decide yet + + # full match, valid TLS record + my ($major, $minor) = unpack "CC", $1; + $cb->($self, "accept", $major + $minor * 0.1); + } else { + # mismatch == guaranteed not TLS + $cb->($self, undef); + } + + 1 + } +}; + +register_read_type tls_autostart => sub { + my ($self, @tls) = @_; + + $RH{tls_detect}($self, sub { + return unless $_[1]; + $_[0]->starttls (@tls); + }) +}; + =back =item custom read types - Package::anyevent_read_type $handle, $cb, @args @@ -1728,15 +1968,24 @@ will automatically C for you when neither C is set nor there are any read requests in the queue. -These methods will have no effect when in TLS mode (as TLS doesn't support -half-duplex connections). +In older versions of this module (<= 5.3), these methods had no effect, +as TLS does not support half-duplex connections. In current versions they +work as expected, as this behaviour is required to avoid certain resource +attacks, where the program would be forced to read (and buffer) arbitrary +amounts of data before being able to send some data. The drawback is that +some readings of the the SSL/TLS specifications basically require this +attack to be working, as SSL/TLS implementations might stall sending data +during a rehandshake. + +As a guideline, during the initial handshake, you should not stop reading, +and as a client, it might cause problems, depending on your application. =cut sub stop_read { my ($self) = @_; - delete $self->{_rw} unless $self->{tls}; + delete $self->{_rw}; } sub start_read { @@ -1747,7 +1996,7 @@ $self->{_rw} = AE::io $self->{fh}, 0, sub { my $rbuf = \($self->{tls} ? my $buf : $self->{rbuf}); - my $len = sysread $self->{fh}, $$rbuf, $self->{read_size} || 8192, length $$rbuf; + my $len = sysread $self->{fh}, $$rbuf, $self->{read_size}, length $$rbuf; if ($len > 0) { $self->{_activity} = $self->{_ractivity} = AE::now; @@ -1760,6 +2009,12 @@ $self->_drain_rbuf; } + if ($len == $self->{read_size}) { + $self->{read_size} *= 2; + $self->{read_size} = $self->{max_read_size} || MAX_READ_SIZE + if $self->{read_size} > ($self->{max_read_size} || MAX_READ_SIZE); + } + } elsif (defined $len) { delete $self->{_rw}; $self->{_eof} = 1; @@ -1781,7 +2036,7 @@ return $self->_error ($!, 1) if $err == Net::SSLeay::ERROR_SYSCALL (); - my $err =Net::SSLeay::ERR_error_string (Net::SSLeay::ERR_get_error ()); + my $err = Net::SSLeay::ERR_error_string (Net::SSLeay::ERR_get_error ()); # reduce error string to look less scary $err =~ s/^error:[0-9a-fA-F]{8}:[^:]+:([^:]+):/\L$1: /; @@ -1805,15 +2060,18 @@ my $tmp; - if (length $self->{_tls_wbuf}) { - while (($tmp = Net::SSLeay::write ($self->{tls}, $self->{_tls_wbuf})) > 0) { - substr $self->{_tls_wbuf}, 0, $tmp, ""; + while (length $self->{_tls_wbuf}) { + if (($tmp = Net::SSLeay::write ($self->{tls}, $self->{_tls_wbuf})) <= 0) { + $tmp = Net::SSLeay::get_error ($self->{tls}, $tmp); + + return $self->_tls_error ($tmp) + if $tmp != $ERROR_WANT_READ + && ($tmp != $ERROR_SYSCALL || $!); + + last; } - $tmp = Net::SSLeay::get_error ($self->{tls}, $tmp); - return $self->_tls_error ($tmp) - if $tmp != $ERROR_WANT_READ - && ($tmp != $ERROR_SYSCALL || $!); + substr $self->{_tls_wbuf}, 0, $tmp, ""; } while (defined ($tmp = Net::SSLeay::read ($self->{tls}))) { @@ -1837,7 +2095,7 @@ $self->{tls} or return; # tls session might have gone away in callback } - $tmp = Net::SSLeay::get_error ($self->{tls}, -1); + $tmp = Net::SSLeay::get_error ($self->{tls}, -1); # -1 is not neccessarily correct, but Net::SSLeay doesn't tell us return $self->_tls_error ($tmp) if $tmp != $ERROR_WANT_READ && ($tmp != $ERROR_SYSCALL || $!); @@ -1857,11 +2115,13 @@ Instead of starting TLS negotiation immediately when the AnyEvent::Handle object is created, you can also do that at a later time by calling -C. +C. See the C constructor argument for general info. Starting TLS is currently an asynchronous operation - when you push some write data and then call C<< ->starttls >> then TLS negotiation will start -immediately, after which the queued write data is then sent. +immediately, after which the queued write data is then sent. This might +change in future versions, so best make sure you have no outstanding write +data when calling this method. The first argument is the same as the C constructor argument (either C<"connect">, C<"accept"> or an existing Net::SSLeay object). @@ -1893,13 +2153,19 @@ Carp::croak "It is an error to call starttls on an AnyEvent::Handle object while TLS is already active, caught" if $self->{tls}; + unless (defined $AnyEvent::TLS::VERSION) { + eval { + require Net::SSLeay; + require AnyEvent::TLS; + 1 + } or return $self->_error (Errno::EPROTO, 1, "TLS support not available on this system"); + } + $self->{tls} = $tls; $self->{tls_ctx} = $ctx if @_ > 2; return unless $self->{fh}; - require Net::SSLeay; - $ERROR_SYSCALL = Net::SSLeay::ERROR_SYSCALL (); $ERROR_WANT_READ = Net::SSLeay::ERROR_WANT_READ (); @@ -1909,8 +2175,6 @@ local $Carp::CarpLevel = 1; # skip ourselves when creating a new context or session if ("HASH" eq ref $ctx) { - require AnyEvent::TLS; - if ($ctx->{cache}) { my $key = $ctx+0; $ctx = $TLS_CACHE{$key} ||= new AnyEvent::TLS %$ctx; @@ -1942,7 +2206,8 @@ $self->{_rbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ()); $self->{_wbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ()); - Net::SSLeay::BIO_write ($self->{_rbio}, delete $self->{rbuf}); + Net::SSLeay::BIO_write ($self->{_rbio}, $self->{rbuf}); + $self->{rbuf} = ""; Net::SSLeay::set_bio ($tls, $self->{_rbio}, $self->{_wbio}); @@ -1990,6 +2255,19 @@ delete @$self{qw(_rbio _wbio _tls_wbuf _on_starttls)}; } +=item $handle->resettls + +This rarely-used method simply resets and TLS state on the handle, usually +causing data loss. + +One case where it may be useful is when you want to skip over the data in +the stream but you are not interested in interpreting it, so data loss is +no concern. + +=cut + +*resettls = \&_freetls; + sub DESTROY { my ($self) = @_; @@ -2114,6 +2392,86 @@ from within all other callbacks, you need to explicitly call the C<< ->destroy >> method. +=item Why is my C callback never called? + +Probably because your C callback is being called instead: When +you have outstanding requests in your read queue, then an EOF is +considered an error as you clearly expected some data. + +To avoid this, make sure you have an empty read queue whenever your handle +is supposed to be "idle" (i.e. connection closes are O.K.). You can set +an C handler that simply pushes the first read requests in the +queue. + +See also the next question, which explains this in a bit more detail. + +=item How can I serve requests in a loop? + +Most protocols consist of some setup phase (authentication for example) +followed by a request handling phase, where the server waits for requests +and handles them, in a loop. + +There are two important variants: The first (traditional, better) variant +handles requests until the server gets some QUIT command, causing it to +close the connection first (highly desirable for a busy TCP server). A +client dropping the connection is an error, which means this variant can +detect an unexpected detection close. + +To handle this case, always make sure you have a non-empty read queue, by +pushing the "read request start" handler on it: + + # we assume a request starts with a single line + my @start_request; @start_request = (line => sub { + my ($hdl, $line) = @_; + + ... handle request + + # push next request read, possibly from a nested callback + $hdl->push_read (@start_request); + }); + + # auth done, now go into request handling loop + # now push the first @start_request + $hdl->push_read (@start_request); + +By always having an outstanding C, the handle always expects +some data and raises the C error when the connction is dropped +unexpectedly. + +The second variant is a protocol where the client can drop the connection +at any time. For TCP, this means that the server machine may run out of +sockets easier, and in general, it means you cannot distinguish a protocl +failure/client crash from a normal connection close. Nevertheless, these +kinds of protocols are common (and sometimes even the best solution to the +problem). + +Having an outstanding read request at all times is possible if you ignore +C errors, but this doesn't help with when the client drops the +connection during a request, which would still be an error. + +A better solution is to push the initial request read in an C +callback. This avoids an error, as when the server doesn't expect data +(i.e. is idly waiting for the next request, an EOF will not raise an +error, but simply result in an C callback. It is also a bit slower +and simpler: + + # auth done, now go into request handling loop + $hdl->on_read (sub { + my ($hdl) = @_; + + # called each time we receive data but the read queue is empty + # simply start read the request + + $hdl->push_read (line => sub { + my ($hdl, $line) = @_; + + ... handle request + + # do nothing special when the request has been handled, just + # let the request queue go empty. + }); + }); + =item I get different callback invocations in TLS mode/Why can't I pause reading? @@ -2144,6 +2502,10 @@ my $data = delete $_[0]{rbuf}; }); +Note that this example removes the C member from the handle object, +which is not normally allowed by the API. It is expressly permitted in +this case only, as the handle object needs to be destroyed afterwards. + The reason to use C is that TCP connections, due to latencies and packets loss, might get closed quite violently with an error, when in fact all data has been received. @@ -2163,7 +2525,7 @@ $handle->push_write (...); $handle->on_drain (sub { - warn "all data submitted to the kernel\n"; + AE::log debug => "All data submitted to the kernel."; undef $handle; }); @@ -2257,7 +2619,6 @@ =back - =head1 SUBCLASSING AnyEvent::Handle In many cases, you might want to subclass AnyEvent::Handle. @@ -2293,4 +2654,5 @@ =cut -1; # End of AnyEvent::Handle +1 +