[ViewVC] Diff of: cvs/AnyEvent/lib/AnyEvent/Handle.pm

Comparing AnyEvent/lib/AnyEvent/Handle.pm (file contents):
Revision 1.197 by root, Tue Aug 31 00:59:55 2010 UTC vs.
Revision 1.236 by root, Sat May 12 23:14:29 2012 UTC

    my $hdl; $hdl = new AnyEvent::Handle
       fh => \*STDIN,
       on_error => sub {
          my ($hdl, $fatal, $msg) = @_;
-         warn "got error $msg\n";
+         AE::log error => $msg;
          $hdl->destroy;
          $cv->send;
       };
    # send some request line
    $hdl->push_write ("getinfo\015\012");
    # read the response line
    $hdl->push_read (line => sub {
       my ($hdl, $line) = @_;
-      warn "got line <$line>\n";
+      say "got line <$line>";
       $cv->send;
    });
    $cv->recv;
 =head1 DESCRIPTION
-This module is a helper module to make it easier to do event-based I/O on
+This is a helper module to make it easier to do event-based I/O on
-stream-based filehandles (sockets, pipes or other stream things).
+stream-based filehandles (sockets, pipes, and other stream things).
 The L<AnyEvent::Intro> tutorial contains some well-documented
 AnyEvent::Handle examples.
-In the following, when the documentation refers to of "bytes" then this
+In the following, where the documentation refers to "bytes", it means
-means characters. As sysread and syswrite are used for all I/O, their
+characters. As sysread and syswrite are used for all I/O, their
 treatment of characters applies to this module as well.
 At the very minimum, you should specify C<fh> or C<connect>, and the
 C<on_error> callback.
    }
    \&$func
 }
+sub MAX_READ_SIZE() { 131072 }
 =head1 METHODS
 =over 4
 =item $handle = B<new> AnyEvent::Handle fh => $filehandle, key => value...
 =over 4
 =item on_prepare => $cb->($handle)
 This (rarely used) callback is called before a new connection is
-attempted, but after the file handle has been created. It could be used to
+attempted, but after the file handle has been created (you can access that
+file handle via C<< $handle->{fh} >>). It could be used to prepare the
-prepare the file handle with parameters required for the actual connect
+file handle with parameters required for the actual connect (as opposed to
-(as opposed to settings that can be changed when the connection is already
+settings that can be changed when the connection is already established).
-established).
 The return value of this callback should be the connect timeout value in
-seconds (or C<0>, or C<undef>, or the empty list, to indicate the default
+seconds (or C<0>, or C<undef>, or the empty list, to indicate that the
-timeout is to be used).
+default timeout is to be used).
 =item on_connect => $cb->($handle, $host, $port, $retry->())
 This callback is called when a connection has been successfully established.
-The actual numeric host and port (the socket peername) are passed as
+The peer's numeric host and port (the socket peername) are passed as
-parameters, together with a retry callback.
+parameters, together with a retry callback. At the time it is called the
+read and write queues, EOF status, TLS status and similar properties of
+the handle will have been reset.
+It is not allowed to use the read or write queues while the handle object
+is connecting.
-When, for some reason, the handle is not acceptable, then calling
+If, for some reason, the handle is not acceptable, calling C<$retry> will
-C<$retry> will continue with the next connection target (in case of
+continue with the next connection target (in case of multi-homed hosts or
-multi-homed hosts or SRV records there can be multiple connection
+SRV records there can be multiple connection endpoints). The C<$retry>
-endpoints). At the time it is called the read and write queues, eof
+callback can be invoked after the connect callback returns, i.e. one can
-status, tls status and similar properties of the handle will have been
+start a handshake and then decide to retry with the next host if the
-reset.
+handshake fails.
-In most cases, ignoring the C<$retry> parameter is the way to go.
+In most cases, you should ignore the C<$retry> parameter.
 =item on_connect_error => $cb->($handle, $message)
 This callback is called when the connection could not be
 established. C<$!> will contain the relevant error code, and C<$message> a
 =item on_error => $cb->($handle, $fatal, $message)
 This is the error callback, which is called when, well, some error
 occured, such as not being able to resolve the hostname, failure to
-connect or a read error.
+connect, or a read error.
 Some errors are fatal (which is indicated by C<$fatal> being true). On
 fatal errors the handle object will be destroyed (by a call to C<< ->
 destroy >>) after invoking the error callback (which means you are free to
 examine the handle object). Examples of fatal errors are an EOF condition
-with active (but unsatisifable) read watchers (C<EPIPE>) or I/O errors. In
+with active (but unsatisfiable) read watchers (C<EPIPE>) or I/O errors. In
-cases where the other side can close the connection at their will it is
+cases where the other side can close the connection at will, it is
 often easiest to not report C<EPIPE> errors in this callback.
 AnyEvent::Handle tries to find an appropriate error code for you to check
-against, but in some cases (TLS errors), this does not work well. It is
+against, but in some cases (TLS errors), this does not work well.
-recommended to always output the C<$message> argument in human-readable
-error messages (it's usually the same as C<"$!">).
+If you report the error to the user, it is recommended to always output
+the C<$message> argument in human-readable error messages (you don't need
+to report C<"$!"> if you report C<$message>).
+If you want to react programmatically to the error, then looking at C<$!>
+and comparing it against some of the documented C<Errno> values is usually
+better than looking at the C<$message>.
-Non-fatal errors can be retried by simply returning, but it is recommended
+Non-fatal errors can be retried by returning, but it is recommended
 to simply ignore this parameter and instead abondon the handle object
 when this callback is invoked. Examples of non-fatal errors are timeouts
 C<ETIMEDOUT>) or badly-formatted data (C<EBADMSG>).
-On callback entrance, the value of C<$!> contains the operating system
+On entry to the callback, the value of C<$!> contains the operating
-error code (or C<ENOSPC>, C<EPIPE>, C<ETIMEDOUT>, C<EBADMSG> or
+system error code (or C<ENOSPC>, C<EPIPE>, C<ETIMEDOUT>, C<EBADMSG> or
 C<EPROTO>).
 While not mandatory, it is I<highly> recommended to set this callback, as
-you will not be notified of errors otherwise. The default simply calls
+you will not be notified of errors otherwise. The default just calls
 C<croak>.
 =item on_read => $cb->($handle)
 This sets the default read callback, which is called when data arrives
 the beginning from it.
 You can also call C<< ->push_read (...) >> or any other function that
 modifies the read queue. Or do both. Or ...
-When an EOF condition is detected then AnyEvent::Handle will first try to
+When an EOF condition is detected, AnyEvent::Handle will first try to
 feed all the remaining data to the queued callbacks and C<on_read> before
 calling the C<on_eof> callback. If no progress can be made, then a fatal
 error will be raised (with C<$!> set to C<EPIPE>).
 Note that, unlike requests in the read queue, an C<on_read> callback
 If an EOF condition has been detected but no C<on_eof> callback has been
 set, then a fatal error will be raised with C<$!> set to <0>.
 =item on_drain => $cb->($handle)
-This sets the callback that is called when the write buffer becomes empty
+This sets the callback that is called once when the write buffer becomes
-(or when the callback is set and the buffer is empty already).
+empty (and immediately when the handle object is created).
 To append to the write buffer, use the C<< ->push_write >> method.
 This callback is useful when you don't want to put all of your write data
 into the queue at once, for example, when you want to write the contents
 many seconds pass without a successful read or write on the underlying
 file handle (or a call to C<timeout_reset>), the C<on_timeout> callback
 will be invoked (and if that one is missing, a non-fatal C<ETIMEDOUT>
 error will be raised).
-There are three variants of the timeouts that work fully independent
+There are three variants of the timeouts that work independently of each
-of each other, for both read and write, just read, and just write:
+other, for both read and write (triggered when nothing was read I<OR>
+written), just read (triggered when nothing was read), and just write:
 C<timeout>, C<rtimeout> and C<wtimeout>, with corresponding callbacks
 C<on_timeout>, C<on_rtimeout> and C<on_wtimeout>, and reset functions
 C<timeout_reset>, C<rtimeout_reset>, and C<wtimeout_reset>.
-Note that timeout processing is also active when you currently do not have
+Note that timeout processing is active even when you do not have any
-any outstanding read or write requests: If you plan to keep the connection
+outstanding read or write requests: If you plan to keep the connection
-idle then you should disable the timout temporarily or ignore the timeout
+idle then you should disable the timeout temporarily or ignore the
-in the C<on_timeout> callback, in which case AnyEvent::Handle will simply
+timeout in the corresponding C<on_timeout> callback, in which case
-restart the timeout.
+AnyEvent::Handle will simply restart the timeout.
-Zero (the default) disables this timeout.
+Zero (the default) disables the corresponding timeout.
 =item on_timeout => $cb->($handle)
+=item on_rtimeout => $cb->($handle)
+=item on_wtimeout => $cb->($handle)
 Called whenever the inactivity timeout passes. If you return from this
 callback, then the timeout will be reset as if some activity had happened,
 so this condition is not fatal in any way.
 be configured to accept only so-and-so much data that it cannot act on
 (for example, when expecting a line, an attacker could send an unlimited
 amount of data without a callback ever being called as long as the line
 isn't finished).
+=item wbuf_max => <bytes>
+If defined, then a fatal error will be raised (with C<$!> set to C<ENOSPC>)
+when the write buffer ever (strictly) exceeds this size. This is useful to
+avoid some forms of denial-of-service attacks.
+Although the units of this parameter is bytes, this is the I<raw> number
+of bytes not yet accepted by the kernel. This can make a difference when
+you e.g. use TLS, as TLS typically makes your write data larger (but it
+can also make it smaller due to compression).
+As an example of when this limit is useful, take a chat server that sends
+chat messages to a client. If the client does not read those in a timely
+manner then the send buffer in the server would grow unbounded.
 =item autocork => <boolean>
-When disabled (the default), then C<push_write> will try to immediately
+When disabled (the default), C<push_write> will try to immediately
-write the data to the handle, if possible. This avoids having to register
+write the data to the handle if possible. This avoids having to register
 a write watcher and wait for the next event loop iteration, but can
 be inefficient if you write multiple small chunks (on the wire, this
 disadvantage is usually avoided by your kernel's nagle algorithm, see
 C<no_delay>, but this option can save costly syscalls).
-When enabled, then writes will always be queued till the next event loop
+When enabled, writes will always be queued till the next event loop
 iteration. This is efficient when you do many small writes per iteration,
 but less efficient when you do a single write only per iteration (or when
 the write buffer often is full). It also increases write latency.
 =item no_delay => <boolean>
 the Nagle algorithm, and usually it is beneficial.
 In some situations you want as low a delay as possible, which can be
 accomplishd by setting this option to a true value.
-The default is your opertaing system's default behaviour (most likely
+The default is your operating system's default behaviour (most likely
-enabled), this option explicitly enables or disables it, if possible.
+enabled). This option explicitly enables or disables it, if possible.
 =item keepalive => <boolean>
 Enables (default disable) the SO_KEEPALIVE option on the stream socket:
 normally, TCP connections have no time-out once established, so TCP
 connections, once established, can stay alive forever even when the other
 side has long gone. TCP keepalives are a cheap way to take down long-lived
-TCP connections whent he other side becomes unreachable. While the default
+TCP connections when the other side becomes unreachable. While the default
 is OS-dependent, TCP keepalives usually kick in after around two hours,
 and, if the other side doesn't reply, take down the TCP connection some 10
 to 15 minutes later.
 It is harmless to specify this option for file handles that do not support
 already have occured on BSD systems), but at least it will protect you
 from most attacks.
 =item read_size => <bytes>
-The default read block size (the amount of bytes this module will
+The initial read block size, the number of bytes this module will try
-try to read during each loop iteration, which affects memory
+to read during each loop iteration. Each handle object will consume
-requirements). Default: C<8192>.
+at least this amount of memory for the read buffer as well, so when
+handling many connections watch out for memory requirements). See also
+C<max_read_size>. Default: C<2048>.
+=item max_read_size => <bytes>
+The maximum read buffer size used by the dynamic adjustment
+algorithm: Each time AnyEvent::Handle can read C<read_size> bytes in
+one go it will double C<read_size> up to the maximum given by this
+option. Default: C<131072> or C<read_size>, whichever is higher.
 =item low_water_mark => <bytes>
-Sets the amount of bytes (default: C<0>) that make up an "empty" write
+Sets the number of bytes (default: C<0>) that make up an "empty" write
-buffer: If the write reaches this size or gets even samller it is
+buffer: If the buffer reaches this size or gets even samller it is
 considered empty.
 Sometimes it can be beneficial (for performance reasons) to add data to
 the write buffer before it is fully drained, but this is a rare case, as
 the operating system kernel usually buffers data as well, so the default
 is good in almost all cases.
 =item linger => <seconds>
-If non-zero (default: C<3600>), then the destructor of the
+If this is non-zero (default: C<3600>), the destructor of the
 AnyEvent::Handle object will check whether there is still outstanding
 write data and will install a watcher that will write this data to the
 socket. No errors will be reported (this mostly matches how the operating
 system treats outstanding data at socket close time).
 A string used to identify the remote site - usually the DNS hostname
 (I<not> IDN!) used to create the connection, rarely the IP address.
 Apart from being useful in error messages, this string is also used in TLS
 peername verification (see C<verify_peername> in L<AnyEvent::TLS>). This
-verification will be skipped when C<peername> is not specified or
+verification will be skipped when C<peername> is not specified or is
 C<undef>.
 =item tls => "accept" | "connect" | Net::SSLeay::SSL object
 When this parameter is given, it enables TLS (SSL) mode, that means
 appropriate error message.
 TLS mode requires Net::SSLeay to be installed (it will be loaded
 automatically when you try to create a TLS handle): this module doesn't
 have a dependency on that module, so if your module requires it, you have
-to add the dependency yourself.
+to add the dependency yourself. If Net::SSLeay cannot be loaded or is too
+old, you get an C<EPROTO> error.
 Unlike TCP, TLS has a server and client side: for the TLS server side, use
 C<accept>, and for the TLS client side of a connection, use C<connect>
 mode.
 B<IMPORTANT:> since Net::SSLeay "objects" are really only integers,
 passing in the wrong integer will lead to certain crash. This most often
 happens when one uses a stylish C<< tls => 1 >> and is surprised about the
 segmentation fault.
-See the C<< ->starttls >> method for when need to start TLS negotiation later.
+Use the C<< ->starttls >> method if you need to start TLS negotiation later.
 =item tls_ctx => $anyevent_tls
 Use the given C<AnyEvent::TLS> object to create the new TLS connection
-(unless a connection object was specified directly). If this parameter is
+(unless a connection object was specified directly). If this
-missing, then AnyEvent::Handle will use C<AnyEvent::Handle::TLS_CTX>.
+parameter is missing (or C<undef>), then AnyEvent::Handle will use
+C<AnyEvent::Handle::TLS_CTX>.
 Instead of an object, you can also specify a hash reference with C<< key
 => value >> pairs. Those will be passed to L<AnyEvent::TLS> to create a
 new TLS context object.
 TLS handshake failures will not cause C<on_error> to be invoked when this
 callback is in effect, instead, the error message will be passed to C<on_starttls>.
 Without this callback, handshake failures lead to C<on_error> being
-called, as normal.
+called as usual.
-Note that you cannot call C<starttls> right again in this callback. If you
+Note that you cannot just call C<starttls> again in this callback. If you
 need to do that, start an zero-second timer instead whose callback can
 then call C<< ->starttls >> again.
 =item on_stoptls => $cb->($handle)
                $self->{connect}[0],
                $self->{connect}[1],
                sub {
                   my ($fh, $host, $port, $retry) = @_;
+                  delete $self->{_connect}; # no longer needed
                   if ($fh) {
                      $self->{fh} = $fh;
                      delete $self->{_skip_drain_rbuf};
                      $self->_start;
                             });
                   } else {
                      if ($self->{on_connect_error}) {
                         $self->{on_connect_error}($self, "$!");
-                        $self->destroy;
+                        $self->destroy if $self;
                      } else {
                         $self->_error ($!, 1);
                      }
                   }
                },
                sub {
                   local $self->{fh} = $_[0];
                   $self->{on_prepare}
-                     ?  $self->{on_prepare}->($self)
+                     ? $self->{on_prepare}->($self)
                      : ()
                }
             );
       }
    $self->{_activity}  =
    $self->{_ractivity} =
    $self->{_wactivity} = AE::now;
+   $self->{read_size} ||= 2048;
+   $self->{max_read_size} = $self->{read_size}
+      if $self->{read_size} > ($self->{max_read_size} || MAX_READ_SIZE);
    $self->timeout   (delete $self->{timeout}  ) if $self->{timeout};
    $self->rtimeout  (delete $self->{rtimeout} ) if $self->{rtimeout};
    $self->wtimeout  (delete $self->{wtimeout} ) if $self->{wtimeout};
    $self->no_delay  (delete $self->{no_delay} ) if exists $self->{no_delay}  && $self->{no_delay};
    $self->oobinline (exists $self->{oobinline} ? delete $self->{oobinline} : 1);
    $self->starttls  (delete $self->{tls}, delete $self->{tls_ctx})
       if $self->{tls};
-   $self->on_drain  (delete $self->{on_drain}) if $self->{on_drain};
+   $self->on_drain  (delete $self->{on_drain} ) if $self->{on_drain};
    $self->start_read
       if $self->{on_read} || @{ $self->{_queue} };
    $self->_drain_wbuf;
 =cut
 sub no_delay {
    $_[0]{no_delay} = $_[1];
-   eval {
-      local $SIG{__DIE__};
-      setsockopt $_[0]{fh}, Socket::IPPROTO_TCP (), Socket::TCP_NODELAY (), int $_[1]
+   setsockopt $_[0]{fh}, Socket::IPPROTO_TCP (), Socket::TCP_NODELAY (), int $_[1]
-         if $_[0]{fh};
+      if $_[0]{fh};
-   };
 }
 =item $handle->keepalive ($boolean)
 Enables or disables the C<keepalive> setting (see constructor argument of
 =item $handle->rbuf_max ($max_octets)
 Configures the C<rbuf_max> setting (C<undef> disables it).
+=item $handle->wbuf_max ($max_octets)
+Configures the C<wbuf_max> setting (C<undef> disables it).
 =cut
 sub rbuf_max {
    $_[0]{rbuf_max} = $_[1];
 }
+sub wbuf_max {
+   $_[0]{wbuf_max} = $_[1];
+}
 #############################################################################
 =item $handle->timeout ($seconds)
 =item $handle->rtimeout ($seconds)
 =item $handle->wtimeout ($seconds)
 Configures (or disables) the inactivity timeout.
+The timeout will be checked instantly, so this method might destroy the
+handle before it returns.
 =item $handle->timeout_reset
 =item $handle->rtimeout_reset
       $_[0]{$on_timeout} = $_[1];
    };
    *$timeout = sub {
       my ($self, $new_value) = @_;
+      $new_value >= 0
+         or Carp::croak "AnyEvent::Handle->$timeout called with negative timeout ($new_value), caught";
       $self->{$timeout} = $new_value;
       delete $self->{$tw}; &$cb;
    };
 The write queue is very simple: you can add data to its end, and
 AnyEvent::Handle will automatically try to get rid of it for you.
 When data could be written and the write buffer is shorter then the low
-water mark, the C<on_drain> callback will be invoked.
+water mark, the C<on_drain> callback will be invoked once.
 =over 4
 =item $handle->on_drain ($cb)
       if $cb && $self->{low_water_mark} >= (length $self->{wbuf}) + (length $self->{_tls_wbuf});
 }
 =item $handle->push_write ($data)
-Queues the given scalar to be written. You can push as much data as you
+Queues the given scalar to be written. You can push as much data as
-want (only limited by the available memory), as C<AnyEvent::Handle>
+you want (only limited by the available memory and C<wbuf_max>), as
-buffers it independently of the kernel.
+C<AnyEvent::Handle> buffers it independently of the kernel.
 This method may invoke callbacks (and therefore the handle might be
 destroyed after it returns).
 =cut
       $cb->() unless $self->{autocork};
       # if still data left in wbuf, we need to poll
       $self->{_ww} = AE::io $self->{fh}, 1, $cb
          if length $self->{wbuf};
+      if (
+         defined $self->{wbuf_max}
+         && $self->{wbuf_max} < length $self->{wbuf}
+      ) {
+         $self->_error (Errno::ENOSPC, 1), return;
+      }
    };
 }
 our %WH;
 =cut
 register_write_type storable => sub {
    my ($self, $ref) = @_;
-   require Storable;
+   require Storable unless $Storable::VERSION;
    pack "w/a*", Storable::nfreeze ($ref)
 };
 =back
 before it was actually written. One way to do that is to replace your
 C<on_drain> handler by a callback that shuts down the socket (and set
 C<low_water_mark> to C<0>). This method is a shorthand for just that, and
 replaces the C<on_drain> callback with:
-   sub { shutdown $_[0]{fh}, 1 }    # for push_shutdown
+   sub { shutdown $_[0]{fh}, 1 }
 This simply shuts down the write side and signals an EOF condition to the
 the peer.
 You can rely on the normal read queue and C<on_eof> handling
 Whenever the given C<type> is used, C<push_write> will the function with
 the handle object and the remaining arguments.
 The function is supposed to return a single octet string that will be
-appended to the write buffer, so you cna mentally treat this function as a
+appended to the write buffer, so you can mentally treat this function as a
 "arguments to on-the-wire-format" converter.
 Example: implement a custom write type C<join> that joins the remaining
 arguments using the first one.
 partial message has been received so far), or change the read queue with
 e.g. C<push_read>.
 In the more complex case, you want to queue multiple callbacks. In this
 case, AnyEvent::Handle will call the first queued callback each time new
-data arrives (also the first time it is queued) and removes it when it has
+data arrives (also the first time it is queued) and remove it when it has
 done its job (see C<push_read>, below).
 This way you can, for example, push three line-reads, followed by reading
 a chunk of data, and AnyEvent::Handle will execute them in order.
    $self->_drain_rbuf if $cb;
 }
 =item $handle->rbuf
-Returns the read buffer (as a modifiable lvalue).
+Returns the read buffer (as a modifiable lvalue). You can also access the
+read buffer directly as the C<< ->{rbuf} >> member, if you want (this is
+much faster, and no less clean).
-You can access the read buffer directly as the C<< ->{rbuf} >>
+The only operation allowed on the read buffer (apart from looking at it)
-member, if you want. However, the only operation allowed on the
+is removing data from its beginning. Otherwise modifying or appending to
-read buffer (apart from looking at it) is removing data from its
+it is not allowed and will lead to hard-to-track-down bugs.
-beginning. Otherwise modifying or appending to it is not allowed and will
-lead to hard-to-track-down bugs.
-NOTE: The read buffer should only be used or modified if the C<on_read>,
+NOTE: The read buffer should only be used or modified in the C<on_read>
-C<push_read> or C<unshift_read> methods are used. The other read methods
+callback or when C<push_read> or C<unshift_read> are used with a single
-automatically manage the read buffer.
+callback (i.e. untyped). Typed C<push_read> and C<unshift_read> methods
+will manage the read buffer on their own.
 =cut
 sub rbuf : lvalue {
    $_[0]{rbuf}
    my $cb = pop;
    if (@_) {
       my $type = shift;
+      $cb = ($RH{$type} ||= _load_func "$type\::anyevent_read_type"
-      $cb = ($RH{$type} or Carp::croak "unsupported type passed to AnyEvent::Handle::unshift_read")
+             or Carp::croak "unsupported/unloadable type '$type' passed to AnyEvent::Handle::unshift_read")
             ->($self, $cb, @_);
    }
    unshift @{ $self->{_queue} }, $cb;
    $self->_drain_rbuf;
 data.
 Example: read 2 bytes.
    $handle->push_read (chunk => 2, sub {
-      warn "yay ", unpack "H*", $_[1];
+      say "yay " . unpack "H*", $_[1];
    });
 =cut
 register_read_type chunk => sub {
    if (@_ < 3) {
       # this is more than twice as fast as the generic code below
       sub {
          $_[0]{rbuf} =~ s/^([^\015\012]*)(\015?\012)// or return;
-         $cb->($_[0], $1, $2);
+         $cb->($_[0], "$1", "$2");
          1
       }
    } else {
       $eol = quotemeta $eol unless ref $eol;
       $eol = qr|^(.*?)($eol)|s;
       sub {
          $_[0]{rbuf} =~ s/$eol// or return;
-         $cb->($_[0], $1, $2);
+         $cb->($_[0], "$1", "$2");
          1
       }
    }
 };
 the receive buffer when neither C<$accept> nor C<$reject> match,
 and everything preceding and including the match will be accepted
 unconditionally. This is useful to skip large amounts of data that you
 know cannot be matched, so that the C<$accept> or C<$reject> regex do not
 have to start matching from the beginning. This is purely an optimisation
-and is usually worth only when you expect more than a few kilobytes.
+and is usually worth it only when you expect more than a few kilobytes.
 Example: expect a http header, which ends at C<\015\012\015\012>. Since we
-expect the header to be very large (it isn't in practise, but...), we use
+expect the header to be very large (it isn't in practice, but...), we use
 a skip regex to skip initial portions. The skip regex is tricky in that
 it only accepts something not ending in either \015 or \012, as these are
 required for the accept regex.
    $handle->push_read (regex =>
    sub {
       # accept
       if ($$rbuf =~ $accept) {
          $data .= substr $$rbuf, 0, $+[0], "";
-         $cb->($self, $data);
+         $cb->($_[0], $data);
          return 1;
       }
       # reject
       if ($reject && $$rbuf =~ $reject) {
-         $self->_error (Errno::EBADMSG);
+         $_[0]->_error (Errno::EBADMSG);
       }
       # skip
       if ($skip && $$rbuf =~ $skip) {
          $data .= substr $$rbuf, 0, $+[0], "";
    my ($self, $cb) = @_;
    sub {
       unless ($_[0]{rbuf} =~ s/^(0|[1-9][0-9]*)://) {
          if ($_[0]{rbuf} =~ /[^0-9]/) {
-            $self->_error (Errno::EBADMSG);
+            $_[0]->_error (Errno::EBADMSG);
          }
          return;
       }
       my $len = $1;
-      $self->unshift_read (chunk => $len, sub {
+      $_[0]->unshift_read (chunk => $len, sub {
          my $string = $_[1];
          $_[0]->unshift_read (chunk => 1, sub {
             if ($_[1] eq ",") {
                $cb->($_[0], $string);
             } else {
-               $self->_error (Errno::EBADMSG);
+               $_[0]->_error (Errno::EBADMSG);
             }
          });
       });
       1
    my $data;
    my $rbuf = \$self->{rbuf};
    sub {
-      my $ref = eval { $json->incr_parse ($self->{rbuf}) };
+      my $ref = eval { $json->incr_parse ($_[0]{rbuf}) };
       if ($ref) {
-         $self->{rbuf} = $json->incr_text;
+         $_[0]{rbuf} = $json->incr_text;
          $json->incr_text = "";
-         $cb->($self, $ref);
+         $cb->($_[0], $ref);
          1
       } elsif ($@) {
          # error case
          $json->incr_skip;
-         $self->{rbuf} = $json->incr_text;
+         $_[0]{rbuf} = $json->incr_text;
          $json->incr_text = "";
-         $self->_error (Errno::EBADMSG);
+         $_[0]->_error (Errno::EBADMSG);
          ()
       } else {
-         $self->{rbuf} = "";
+         $_[0]{rbuf} = "";
          ()
       }
    }
 };
 =cut
 register_read_type storable => sub {
    my ($self, $cb) = @_;
-   require Storable;
+   require Storable unless $Storable::VERSION;
    sub {
       # when we can use 5.10 we can use ".", but for 5.8 we use the re-pack method
       defined (my $len = eval { unpack "w", $_[0]{rbuf} })
          or return;
       # bypass unshift if we already have the remaining chunk
       if ($format + $len <= length $_[0]{rbuf}) {
          my $data = substr $_[0]{rbuf}, $format, $len;
          substr $_[0]{rbuf}, 0, $format + $len, "";
-         $cb->($_[0], Storable::thaw ($data));
+         eval { $cb->($_[0], Storable::thaw ($data)); 1 }
+            or return $_[0]->_error (Errno::EBADMSG);
       } else {
          # remove prefix
          substr $_[0]{rbuf}, 0, $format, "";
          # read remaining chunk
          $_[0]->unshift_read (chunk => $len, sub {
-            if (my $ref = eval { Storable::thaw ($_[1]) }) {
+            eval { $cb->($_[0], Storable::thaw ($_[1])); 1 }
-               $cb->($_[0], $ref);
-            } else {
-               $self->_error (Errno::EBADMSG);
+               or $_[0]->_error (Errno::EBADMSG);
-            }
          });
       }
       1
    }
+};
+=item tls_detect => $cb->($handle, $detect, $major, $minor)
+Checks the input stream for a valid SSL or TLS handshake TLSPaintext
+record without consuming anything. Only SSL version 3 or higher
+is handled, up to the fictituous protocol 4.x (but both SSL3+ and
+SSL2-compatible framing is supported).
+If it detects that the input data is likely TLS, it calls the callback
+with a true value for C<$detect> and the (on-wire) TLS version as second
+and third argument (C<$major> is C<3>, and C<$minor> is 0..3 for SSL
+3.0, TLS 1.0, 1.1 and 1.2, respectively).  If it detects the input to
+be definitely not TLS, it calls the callback with a false value for
+C<$detect>.
+The callback could use this information to decide whether or not to start
+TLS negotiation.
+In all cases the data read so far is passed to the following read
+handlers.
+Usually you want to use the C<tls_autostart> read type instead.
+If you want to design a protocol that works in the presence of TLS
+dtection, make sure that any non-TLS data doesn't start with the octet 22
+(ASCII SYN, 16 hex) or 128-255 (i.e. highest bit set). The checks this
+read type does are a bit more strict, but might losen in the future to
+accomodate protocol changes.
+This read type does not rely on L<AnyEvent::TLS> (and thus, not on
+L<Net::SSLeay>).
+=item tls_autostart => $tls[, $tls_ctx]
+Tries to detect a valid SSL or TLS handshake. If one is detected, it tries
+to start tls by calling C<starttls> with the given arguments.
+In practise, C<$tls> must be C<accept>, or a Net::SSLeay context that has
+been configured to accept, as servers do not normally send a handshake on
+their own and ths cannot be detected in this way.
+See C<tls_detect> above for more details.
+Example: give the client a chance to start TLS before accepting a text
+line.
+   $hdl->push_read (tls_detect => "accept");
+   $hdl->push_read (line => sub {
+      print "received ", ($_[0]{tls} ? "encrypted" : "cleartext"), " <$_[1]>\n";
+   });
+=cut
+register_read_type tls_detect => sub {
+   my ($self, $cb) = @_;
+   sub {
+      # this regex matches a full or partial tls record
+      if (
+         # ssl3+: type(22=handshake) major(=3) minor(any) length_hi
+         $self->{rbuf} =~ /^(?:\z| \x16 (\z| [\x03\x04] (?:\z| . (?:\z| [\x00-\x40] ))))/xs
+         # ssl2 comapatible: len_hi len_lo type(1) major minor dummy(forlength)
+         or $self->{rbuf} =~ /^(?:\z| [\x80-\xff] (?:\z| . (?:\z| \x01 (\z| [\x03\x04] (?:\z| . (?:\z| . ))))))/xs
+      ) {
+         return if 3 != length $1; # partial match, can't decide yet
+         # full match, valid TLS record
+         my ($major, $minor) = unpack "CC", $1;
+         $cb->($self, "accept", $major + $minor * 0.1);
+      } else {
+         # mismatch == guaranteed not TLS
+         $cb->($self, undef);
+      }
+      1
+   }
+};
+register_read_type tls_autostart => sub {
+   my ($self, @tls) = @_;
+   $RH{tls_detect}($self, sub {
+      return unless $_[1];
+      $_[0]->starttls (@tls);
+   })
 };
 =back
 =item custom read types - Package::anyevent_read_type $handle, $cb, @args
 Note that AnyEvent::Handle will automatically C<start_read> for you when
 you change the C<on_read> callback or push/unshift a read callback, and it
 will automatically C<stop_read> for you when neither C<on_read> is set nor
 there are any read requests in the queue.
-These methods will have no effect when in TLS mode (as TLS doesn't support
+In older versions of this module (<= 5.3), these methods had no effect,
-half-duplex connections).
+as TLS does not support half-duplex connections. In current versions they
+work as expected, as this behaviour is required to avoid certain resource
+attacks, where the program would be forced to read (and buffer) arbitrary
+amounts of data before being able to send some data. The drawback is that
+some readings of the the SSL/TLS specifications basically require this
+attack to be working, as SSL/TLS implementations might stall sending data
+during a rehandshake.
+As a guideline, during the initial handshake, you should not stop reading,
+and as a client, it might cause problems, depending on your application.
 =cut
 sub stop_read {
    my ($self) = @_;
-   delete $self->{_rw} unless $self->{tls};
+   delete $self->{_rw};
 }
 sub start_read {
    my ($self) = @_;
    unless ($self->{_rw} || $self->{_eof} || !$self->{fh}) {
       Scalar::Util::weaken $self;
       $self->{_rw} = AE::io $self->{fh}, 0, sub {
          my $rbuf = \($self->{tls} ? my $buf : $self->{rbuf});
-         my $len = sysread $self->{fh}, $$rbuf, $self->{read_size} || 8192, length $$rbuf;
+         my $len = sysread $self->{fh}, $$rbuf, $self->{read_size}, length $$rbuf;
          if ($len > 0) {
             $self->{_activity} = $self->{_ractivity} = AE::now;
             if ($self->{tls}) {
                &_dotls ($self);
             } else {
                $self->_drain_rbuf;
             }
+            if ($len == $self->{read_size}) {
+               $self->{read_size} *= 2;
+               $self->{read_size} = $self->{max_read_size} || MAX_READ_SIZE
+                  if $self->{read_size} > ($self->{max_read_size} || MAX_READ_SIZE);
+            }
          } elsif (defined $len) {
             delete $self->{_rw};
             $self->{_eof} = 1;
             $self->_drain_rbuf;
    my ($self, $err) = @_;
    return $self->_error ($!, 1)
       if $err == Net::SSLeay::ERROR_SYSCALL ();
-   my $err =Net::SSLeay::ERR_error_string (Net::SSLeay::ERR_get_error ());
+   my $err = Net::SSLeay::ERR_error_string (Net::SSLeay::ERR_get_error ());
    # reduce error string to look less scary
    $err =~ s/^error:[0-9a-fA-F]{8}:[^:]+:([^:]+):/\L$1: /;
    if ($self->{_on_starttls}) {
 =item $handle->starttls ($tls[, $tls_ctx])
 Instead of starting TLS negotiation immediately when the AnyEvent::Handle
 object is created, you can also do that at a later time by calling
-C<starttls>.
+C<starttls>. See the C<tls> constructor argument for general info.
 Starting TLS is currently an asynchronous operation - when you push some
 write data and then call C<< ->starttls >> then TLS negotiation will start
-immediately, after which the queued write data is then sent.
+immediately, after which the queued write data is then sent. This might
+change in future versions, so best make sure you have no outstanding write
+data when calling this method.
 The first argument is the same as the C<tls> constructor argument (either
 C<"connect">, C<"accept"> or an existing Net::SSLeay object).
 The second argument is the optional C<AnyEvent::TLS> object that is used
 context in C<< $handle->{tls_ctx} >> after this call and can be used or
 changed to your liking. Note that the handshake might have already started
 when this function returns.
 Due to bugs in OpenSSL, it might or might not be possible to do multiple
-handshakes on the same stream. Best do not attempt to use the stream after
+handshakes on the same stream. It is best to not attempt to use the
-stopping TLS.
+stream after stopping TLS.
 This method may invoke callbacks (and therefore the handle might be
 destroyed after it returns).
 =cut
    my ($self, $tls, $ctx) = @_;
    Carp::croak "It is an error to call starttls on an AnyEvent::Handle object while TLS is already active, caught"
       if $self->{tls};
+   unless (defined $AnyEvent::TLS::VERSION) {
+      eval {
+         require Net::SSLeay;
+         require AnyEvent::TLS;
+         1
+      } or return $self->_error (Errno::EPROTO, 1, "TLS support not available on this system");
+   }
    $self->{tls}     = $tls;
    $self->{tls_ctx} = $ctx if @_ > 2;
    return unless $self->{fh};
-   require Net::SSLeay;
    $ERROR_SYSCALL   = Net::SSLeay::ERROR_SYSCALL     ();
    $ERROR_WANT_READ = Net::SSLeay::ERROR_WANT_READ   ();
    $tls = delete $self->{tls};
    $ctx = $self->{tls_ctx};
    local $Carp::CarpLevel = 1; # skip ourselves when creating a new context or session
    if ("HASH" eq ref $ctx) {
-      require AnyEvent::TLS;
       if ($ctx->{cache}) {
          my $key = $ctx+0;
          $ctx = $TLS_CACHE{$key} ||= new AnyEvent::TLS %$ctx;
       } else {
          $ctx = new AnyEvent::TLS %$ctx;
    Net::SSLeay::CTX_set_mode ($tls, 1|2);
    $self->{_rbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ());
    $self->{_wbio} = Net::SSLeay::BIO_new (Net::SSLeay::BIO_s_mem ());
-   Net::SSLeay::BIO_write ($self->{_rbio}, delete $self->{rbuf});
+   Net::SSLeay::BIO_write ($self->{_rbio}, $self->{rbuf});
+   $self->{rbuf} = "";
    Net::SSLeay::set_bio ($tls, $self->{_rbio}, $self->{_wbio});
    $self->{_on_starttls} = sub { $_[0]{on_starttls}(@_) }
       if $self->{on_starttls};
       if $self->{tls} > 0;
    delete @$self{qw(_rbio _wbio _tls_wbuf _on_starttls)};
 }
+=item $handle->resettls
+This rarely-used method simply resets and TLS state on the handle, usually
+causing data loss.
+One case where it may be useful is when you want to skip over the data in
+the stream but you are not interested in interpreting it, so data loss is
+no concern.
+=cut
+*resettls = \&_freetls;
 sub DESTROY {
    my ($self) = @_;
    &_freetls;
       push @linger, AE::io $fh, 1, sub {
          my $len = syswrite $fh, $wbuf, length $wbuf;
          if ($len > 0) {
             substr $wbuf, 0, $len, "";
-         } else {
+         } elsif (defined $len || ($! != EAGAIN && $! != EINTR && $! != WSAEWOULDBLOCK)) {
             @linger = (); # end
          }
       };
       push @linger, AE::timer $linger, 0, sub {
          @linger = ();
 It is only safe to "forget" the reference inside EOF or error callbacks,
 from within all other callbacks, you need to explicitly call the C<<
 ->destroy >> method.
+=item Why is my C<on_eof> callback never called?
+Probably because your C<on_error> callback is being called instead: When
+you have outstanding requests in your read queue, then an EOF is
+considered an error as you clearly expected some data.
+To avoid this, make sure you have an empty read queue whenever your handle
+is supposed to be "idle" (i.e. connection closes are O.K.). You can set
+an C<on_read> handler that simply pushes the first read requests in the
+queue.
+See also the next question, which explains this in a bit more detail.
+=item How can I serve requests in a loop?
+Most protocols consist of some setup phase (authentication for example)
+followed by a request handling phase, where the server waits for requests
+and handles them, in a loop.
+There are two important variants: The first (traditional, better) variant
+handles requests until the server gets some QUIT command, causing it to
+close the connection first (highly desirable for a busy TCP server). A
+client dropping the connection is an error, which means this variant can
+detect an unexpected detection close.
+To handle this case, always make sure you have a non-empty read queue, by
+pushing the "read request start" handler on it:
+   # we assume a request starts with a single line
+   my @start_request; @start_request = (line => sub {
+      my ($hdl, $line) = @_;
+      ... handle request
+      # push next request read, possibly from a nested callback
+      $hdl->push_read (@start_request);
+   });
+   # auth done, now go into request handling loop
+   # now push the first @start_request
+   $hdl->push_read (@start_request);
+By always having an outstanding C<push_read>, the handle always expects
+some data and raises the C<EPIPE> error when the connction is dropped
+unexpectedly.
+The second variant is a protocol where the client can drop the connection
+at any time. For TCP, this means that the server machine may run out of
+sockets easier, and in general, it means you cannot distinguish a protocl
+failure/client crash from a normal connection close. Nevertheless, these
+kinds of protocols are common (and sometimes even the best solution to the
+problem).
+Having an outstanding read request at all times is possible if you ignore
+C<EPIPE> errors, but this doesn't help with when the client drops the
+connection during a request, which would still be an error.
+A better solution is to push the initial request read in an C<on_read>
+callback. This avoids an error, as when the server doesn't expect data
+(i.e. is idly waiting for the next request, an EOF will not raise an
+error, but simply result in an C<on_eof> callback. It is also a bit slower
+and simpler:
+   # auth done, now go into request handling loop
+   $hdl->on_read (sub {
+      my ($hdl) = @_;
+      # called each time we receive data but the read queue is empty
+      # simply start read the request
+      $hdl->push_read (line => sub {
+         my ($hdl, $line) = @_;
+         ... handle request
+         # do nothing special when the request has been handled, just
+         # let the request queue go empty.
+      });
+   });
 =item I get different callback invocations in TLS mode/Why can't I pause
 reading?
 Unlike, say, TCP, TLS connections do not consist of two independent
-communication channels, one for each direction. Or put differently. The
+communication channels, one for each direction. Or put differently, the
 read and write directions are not independent of each other: you cannot
 write data unless you are also prepared to read, and vice versa.
-This can mean than, in TLS mode, you might get C<on_error> or C<on_eof>
+This means that, in TLS mode, you might get C<on_error> or C<on_eof>
 callback invocations when you are not expecting any read data - the reason
 is that AnyEvent::Handle always reads in TLS mode.
 During the connection, you have to make sure that you always have a
 non-empty read-queue, or an C<on_read> watcher. At the end of the
    $handle->on_eof (undef);
    $handle->on_error (sub {
       my $data = delete $_[0]{rbuf};
    });
+Note that this example removes the C<rbuf> member from the handle object,
+which is not normally allowed by the API. It is expressly permitted in
+this case only, as the handle object needs to be destroyed afterwards.
 The reason to use C<on_error> is that TCP connections, due to latencies
 and packets loss, might get closed quite violently with an error, when in
-fact, all data has been received.
+fact all data has been received.
 It is usually better to use acknowledgements when transferring data,
 to make sure the other side hasn't just died and you got the data
 intact. This is also one reason why so many internet protocols have an
 explicit QUIT command.
 C<low_water_mark> this will be called precisely when all data has been
 written to the socket:
    $handle->push_write (...);
    $handle->on_drain (sub {
-      warn "all data submitted to the kernel\n";
+      AE::log debug => "All data submitted to the kernel.";
       undef $handle;
    });
 If you just want to queue some data and then signal EOF to the other side,
 consider using C<< ->push_shutdown >> instead.
 =item I want to contact a TLS/SSL server, I don't care about security.
 If your TLS server is a pure TLS server (e.g. HTTPS) that only speaks TLS,
-simply connect to it and then create the AnyEvent::Handle with the C<tls>
+connect to it and then create the AnyEvent::Handle with the C<tls>
 parameter:
    tcp_connect $host, $port, sub {
       my ($fh) = @_;
 When you have intermediate CA certificates that your clients might not
 know about, just append them to the C<cert_file>.
 =back
 =head1 SUBCLASSING AnyEvent::Handle
 In many cases, you might want to subclass AnyEvent::Handle.
 To make this easier, a given version of AnyEvent::Handle uses these
 =item * all members not documented here and not prefixed with an underscore
 are free to use in subclasses.
 Of course, new versions of AnyEvent::Handle may introduce more "public"
-member variables, but thats just life, at least it is documented.
+member variables, but that's just life. At least it is documented.
 =back
 =head1 AUTHOR
 Robin Redeker C<< <elmex at ta-sa.org> >>, Marc Lehmann <schmorp@schmorp.de>.
 =cut
-1; # End of AnyEvent::Handle
+1

Diff Legend

-–
+Removed lines
-+
+Added lines
-<
+Changed lines
->
+Changed lines

Comparing AnyEvent/lib/AnyEvent/Handle.pm (file contents): Revision 1.197 by root, Tue Aug 31 00:59:55 2010 UTC vs. Revision 1.236 by root, Sat May 12 23:14:29 2012 UTC

Diff Legend

Comparing AnyEvent/lib/AnyEvent/Handle.pm (file contents):
Revision 1.197 by root, Tue Aug 31 00:59:55 2010 UTC vs.
Revision 1.236 by root, Sat May 12 23:14:29 2012 UTC