Project homepage Mailing List  Warmcat.com  API Docs  Github Mirror 
{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1711642713, "reponame":"libwebsockets", "desc":"libwebsockets lightweight C networking library", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://libwebsockets.org/repo/libwebsockets", "f":3, "items": [ {"schema":"libjg2-1", "cid":"0b4561ed4c1432dbeaad702eb3152319", "oid":{ "oid": "e4be3317ee421f951fb16a85c7edacc9b8a0e6aa", "alias": [ "refs/heads/main"]},"blobname": "include/libwebsockets/lws-context-vhost.h", "blob": "/*\n * libwebsockets - small server side websockets and web server implementation\n *\n * Copyright (C) 2010 - 2021 Andy Green \u003candy@warmcat.com\u003e\n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \u0022Software\u0022), to\n * deal in the Software without restriction, including without limitation the\n * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or\n * sell copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \u0022AS IS\u0022, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS\n * IN THE SOFTWARE.\n */\n\n/*! \u005cdefgroup context-and-vhost context and vhost related functions\n * ##Context and Vhost releated functions\n * \u005cingroup lwsapi\n *\n *\n * LWS requires that there is one context, in which you may define multiple\n * vhosts. Each vhost is a virtual host, with either its own listen port\n * or sharing an existing one. Each vhost has its own SSL context that can\n * be set up individually or left disabled.\n *\n * If you don't care about multiple \u0022site\u0022 support, you can ignore it and\n * lws will create a single default vhost at context creation time.\n */\n///@{\n\n/*\n * NOTE: These public enums are part of the abi. If you want to add one,\n * add it at where specified so existing users are unaffected.\n */\n\n\n#define LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT\t ((1ll \u003c\u003c 1) | \u005c\n\t\t\t\t\t\t\t\t (1ll \u003c\u003c 12))\n\t/**\u003c (VH) Don't allow the connection unless the client has a\n\t * client cert that we recognize; provides\n\t * LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT */\n#define LWS_SERVER_OPTION_SKIP_SERVER_CANONICAL_NAME\t\t (1ll \u003c\u003c 2)\n\t/**\u003c (CTX) Don't try to get the server's hostname */\n#define LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT\t\t ((1ll \u003c\u003c 3) | \u005c\n\t\t\t\t\t\t\t\t (1ll \u003c\u003c 12))\n\t/**\u003c (VH) Allow non-SSL (plaintext) connections on the same\n\t * port as SSL is listening. If combined with\n\t * LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS it will try to\n\t * force http connections on an https listener (eg, http://x.com:443) to\n\t * redirect to an explicit https connection (eg, https://x.com)\n\t */\n#define LWS_SERVER_OPTION_LIBEV\t\t\t\t\t (1ll \u003c\u003c 4)\n\t/**\u003c (CTX) Use libev event loop */\n#define LWS_SERVER_OPTION_DISABLE_IPV6\t\t\t\t (1ll \u003c\u003c 5)\n\t/**\u003c (VH) Disable IPV6 support */\n#define LWS_SERVER_OPTION_DISABLE_OS_CA_CERTS\t\t\t (1ll \u003c\u003c 6)\n\t/**\u003c (VH) Don't load OS CA certs, you will need to load your\n\t * own CA cert(s) */\n#define LWS_SERVER_OPTION_PEER_CERT_NOT_REQUIRED\t\t (1ll \u003c\u003c 7)\n\t/**\u003c (VH) Accept connections with no valid Cert (eg, selfsigned) */\n#define LWS_SERVER_OPTION_VALIDATE_UTF8\t\t\t\t (1ll \u003c\u003c 8)\n\t/**\u003c (VH) Check UT-8 correctness */\n#define LWS_SERVER_OPTION_SSL_ECDH\t\t\t\t ((1ll \u003c\u003c 9) | \u005c\n\t\t\t\t\t\t\t\t (1ll \u003c\u003c 12))\n\t/**\u003c (VH) initialize ECDH ciphers */\n#define LWS_SERVER_OPTION_LIBUV\t\t\t\t\t(1ll \u003c\u003c 10)\n\t/**\u003c (CTX) Use libuv event loop */\n#define LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS\t\t((1ll \u003c\u003c 11) |\u005c\n\t\t\t\t\t\t\t\t (1ll \u003c\u003c 12))\n\t/**\u003c (VH) Use an http redirect to force the client to ask for https.\n\t * Notice if your http server issues the STS header and the client has\n\t * ever seen that, the client will fail the http connection before it\n\t * can actually do the redirect.\n\t *\n\t * Combine with LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS to handle, eg,\n\t * http://x.com:443 -\u003e https://x.com\n\t *\n\t * (deprecated: use mount redirection) */\n#define LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT\t\t\t (1ll \u003c\u003c 12)\n\t/**\u003c (CTX) Initialize the SSL library at all */\n#define LWS_SERVER_OPTION_EXPLICIT_VHOSTS\t\t\t (1ll \u003c\u003c 13)\n\t/**\u003c (CTX) Only create the context when calling context\n\t * create api, implies user code will create its own vhosts */\n#define LWS_SERVER_OPTION_UNIX_SOCK\t\t\t\t (1ll \u003c\u003c 14)\n\t/**\u003c (VH) Use Unix socket */\n#define LWS_SERVER_OPTION_STS\t\t\t\t\t (1ll \u003c\u003c 15)\n\t/**\u003c (VH) Send Strict Transport Security header, making\n\t * clients subsequently go to https even if user asked for http */\n#define LWS_SERVER_OPTION_IPV6_V6ONLY_MODIFY\t\t\t (1ll \u003c\u003c 16)\n\t/**\u003c (VH) Enable LWS_SERVER_OPTION_IPV6_V6ONLY_VALUE to take effect */\n#define LWS_SERVER_OPTION_IPV6_V6ONLY_VALUE\t\t\t (1ll \u003c\u003c 17)\n\t/**\u003c (VH) if set, only ipv6 allowed on the vhost */\n#define LWS_SERVER_OPTION_UV_NO_SIGSEGV_SIGFPE_SPIN\t\t (1ll \u003c\u003c 18)\n\t/**\u003c (CTX) Libuv only: Do not spin on SIGSEGV / SIGFPE. A segfault\n\t * normally makes the lib spin so you can attach a debugger to it\n\t * even if it happened without a debugger in place. You can disable\n\t * that by giving this option.\n\t */\n#define LWS_SERVER_OPTION_JUST_USE_RAW_ORIGIN\t\t\t (1ll \u003c\u003c 19)\n\t/**\u003c For backwards-compatibility reasons, by default\n\t * lws prepends \u0022http://\u0022 to the origin you give in the client\n\t * connection info struct. If you give this flag when you create\n\t * the context, only the string you give in the client connect\n\t * info for .origin (if any) will be used directly.\n\t */\n#define LWS_SERVER_OPTION_FALLBACK_TO_RAW /* use below name */\t (1ll \u003c\u003c 20)\n#define LWS_SERVER_OPTION_FALLBACK_TO_APPLY_LISTEN_ACCEPT_CONFIG (1ll \u003c\u003c 20)\n\t/**\u003c (VH) if invalid http is coming in the first line, then abandon\n\t * trying to treat the connection as http, and belatedly apply the\n\t * .listen_accept_role / .listen_accept_protocol info struct members to\n\t * the connection. If they are NULL, for backwards-compatibility the\n\t * connection is bound to \u0022raw-skt\u0022 role, and in order of priority:\n\t * 1) the vh protocol with a pvo named \u0022raw\u0022, 2) the vh protocol with a\n\t * pvo named \u0022default\u0022, or 3) protocols[0].\n\t *\n\t * Must be combined with LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT\n\t * to work with a socket listening with tls.\n\t */\n\n#define LWS_SERVER_OPTION_LIBEVENT\t\t\t\t(1ll \u003c\u003c 21)\n\t/**\u003c (CTX) Use libevent event loop */\n\n#define LWS_SERVER_OPTION_ONLY_RAW /* Use below name instead */\t(1ll \u003c\u003c 22)\n#define LWS_SERVER_OPTION_ADOPT_APPLY_LISTEN_ACCEPT_CONFIG\t(1ll \u003c\u003c 22)\n\t/**\u003c (VH) All connections to this vhost / port are bound to the\n\t * role and protocol given in .listen_accept_role /\n\t * .listen_accept_protocol.\n\t *\n\t * If those explicit user-controlled names are NULL, for backwards-\n\t * compatibility the connection is bound to \u0022raw-skt\u0022 role, and in order\n\t * of priority: 1) the vh protocol with a pvo named \u0022raw\u0022, 2) the vh\n\t * protocol with a pvo named \u0022default\u0022, or 3) protocols[0].\n\t *\n\t * It's much preferred to specify the role + protocol using the\n\t * .listen_accept_role and .listen_accept_protocol in the info struct.\n\t */\n#define LWS_SERVER_OPTION_ALLOW_LISTEN_SHARE\t\t\t(1ll \u003c\u003c 23)\n\t/**\u003c (VH) Set to allow multiple listen sockets on one interface +\n\t * address + port. The default is to strictly allow only one\n\t * listen socket at a time. This is automatically selected if you\n\t * have multiple service threads. Linux only.\n\t */\n#define LWS_SERVER_OPTION_CREATE_VHOST_SSL_CTX\t\t\t(1ll \u003c\u003c 24)\n\t/**\u003c (VH) Force setting up the vhost SSL_CTX, even though the user\n\t * code doesn't explicitly provide a cert in the info struct. It\n\t * implies the user code is going to provide a cert at the\n\t * LWS_CALLBACK_OPENSSL_LOAD_EXTRA_SERVER_VERIFY_CERTS callback, which\n\t * provides the vhost SSL_CTX * in the user parameter.\n\t */\n#define LWS_SERVER_OPTION_SKIP_PROTOCOL_INIT\t\t\t(1ll \u003c\u003c 25)\n\t/**\u003c (VH) You probably don't want this. It forces this vhost to not\n\t * call LWS_CALLBACK_PROTOCOL_INIT on its protocols. It's used in the\n\t * special case of a temporary vhost bound to a single protocol.\n\t */\n#define LWS_SERVER_OPTION_IGNORE_MISSING_CERT\t\t\t(1ll \u003c\u003c 26)\n\t/**\u003c (VH) Don't fail if the vhost TLS cert or key are missing, just\n\t * continue. The vhost won't be able to serve anything, but if for\n\t * example the ACME plugin was configured to fetch a cert, this lets\n\t * you bootstrap your vhost from having no cert to start with.\n\t */\n#define LWS_SERVER_OPTION_VHOST_UPG_STRICT_HOST_CHECK\t\t(1ll \u003c\u003c 27)\n\t/**\u003c (VH) On this vhost, if the connection is being upgraded, insist\n\t * that there's a Host: header and that the contents match the vhost\n\t * name + port (443 / 80 are assumed if no :port given based on if the\n\t * connection is using TLS).\n\t *\n\t * By default, without this flag, on upgrade lws just checks that the\n\t * Host: header was given without checking the contents... this is to\n\t * allow lax hostname mappings like localhost / 127.0.0.1, and CNAME\n\t * mappings like www.mysite.com / mysite.com\n\t */\n#define LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE (1ll \u003c\u003c 28)\n\t/**\u003c (VH) Send lws default HTTP headers recommended by Mozilla\n\t * Observatory for security. This is a helper option that sends canned\n\t * headers on each http response enabling a VERY strict Content Security\n\t * Policy. The policy is so strict, for example it won't let the page\n\t * run its own inline JS nor show images or take CSS from a different\n\t * server. In many cases your JS only comes from your server as do the\n\t * image sources and CSS, so that is what you want... attackers hoping\n\t * to inject JS into your DOM are completely out of luck since even if\n\t * they succeed, it will be rejected for execution by the browser\n\t * according to the strict CSP. In other cases you have to deviate from\n\t * the complete strictness, in which case don't use this flag: use the\n\t * .headers member in the vhost init described in struct\n\t * lws_context_creation_info instead to send the adapted headers\n\t * yourself.\n\t */\n\n#define LWS_SERVER_OPTION_ALLOW_HTTP_ON_HTTPS_LISTENER\t\t (1ll \u003c\u003c 29)\n\t/**\u003c (VH) If you really want to allow HTTP connections on a tls\n\t * listener, you can do it with this combined with\n\t * LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT. But this is allowing\n\t * accidental loss of the security assurances provided by tls depending\n\t * on the client using http when he meant https... it's not\n\t * recommended.\n\t */\n#define LWS_SERVER_OPTION_FAIL_UPON_UNABLE_TO_BIND\t\t (1ll \u003c\u003c 30)\n\t/**\u003c (VH) When instantiating a new vhost and the specified port is\n\t * already in use, a null value shall be return to signal the error.\n\t */\n\n#define LWS_SERVER_OPTION_H2_JUST_FIX_WINDOW_UPDATE_OVERFLOW\t (1ll \u003c\u003c 31)\n\t/**\u003c (VH) Indicates the connections using this vhost should ignore\n\t * h2 WINDOW_UPDATE from broken peers and fix them up */\n\n#define LWS_SERVER_OPTION_VH_H2_HALF_CLOSED_LONG_POLL\t\t (1ll \u003c\u003c 32)\n\t/**\u003c (VH) Tell the vhost to treat half-closed remote clients as\n\t * entered into an immortal (ie, not subject to normal timeouts) long\n\t * poll mode.\n\t */\n\n#define LWS_SERVER_OPTION_GLIB\t\t\t\t\t (1ll \u003c\u003c 33)\n\t/**\u003c (CTX) Use glib event loop */\n\n#define LWS_SERVER_OPTION_H2_PRIOR_KNOWLEDGE\t\t\t (1ll \u003c\u003c 34)\n\t/**\u003c (VH) Tell the vhost to treat plain text http connections as\n\t * H2 with prior knowledge (no upgrade request involved)\n\t */\n\n#define LWS_SERVER_OPTION_NO_LWS_SYSTEM_STATES\t\t\t (1ll \u003c\u003c 35)\n\t/**\u003c (CTX) Disable lws_system state, eg, because we are a secure streams\n\t * proxy client that is not trying to track system state by itself. */\n\n#define LWS_SERVER_OPTION_SS_PROXY\t\t\t\t (1ll \u003c\u003c 36)\n\t/**\u003c (VH) We are being a SS Proxy listen socket for the vhost */\n\n#define LWS_SERVER_OPTION_SDEVENT\t\t\t \t (1ll \u003c\u003c 37)\n\t/**\u003c (CTX) Use sd-event loop */\n\n#define LWS_SERVER_OPTION_ULOOP\t\t\t\t\t (1ll \u003c\u003c 38)\n\t/**\u003c (CTX) Use libubox / uloop event loop */\n\n#define LWS_SERVER_OPTION_DISABLE_TLS_SESSION_CACHE\t\t (1ll \u003c\u003c 39)\n\t/**\u003c (VHOST) Disallow use of client tls caching (on by default) */\n\n\n\t/****** add new things just above ---^ ******/\n\n\n#define lws_check_opt(c, f) ((((uint64_t)c) \u0026 ((uint64_t)f)) \u003d\u003d ((uint64_t)f))\n\nstruct lws_plat_file_ops;\nstruct lws_ss_policy;\nstruct lws_ss_plugin;\nstruct lws_metric_policy;\nstruct lws_sss_ops;\n\ntypedef int (*lws_context_ready_cb_t)(struct lws_context *context);\n\n#if defined(LWS_WITH_NETWORK)\ntypedef int (*lws_peer_limits_notify_t)(struct lws_context *ctx,\n\t\t\t\t\tlws_sockfd_type sockfd,\n\t\t\t\t\tlws_sockaddr46 *sa46);\n#endif\n\n/** struct lws_context_creation_info - parameters to create context and /or vhost with\n *\n * This is also used to create vhosts.... if LWS_SERVER_OPTION_EXPLICIT_VHOSTS\n * is not given, then for backwards compatibility one vhost is created at\n * context-creation time using the info from this struct.\n *\n * If LWS_SERVER_OPTION_EXPLICIT_VHOSTS is given, then no vhosts are created\n * at the same time as the context, they are expected to be created afterwards.\n */\nstruct lws_context_creation_info {\n#if defined(LWS_WITH_NETWORK)\n\tconst char *iface;\n\t/**\u003c VHOST: NULL to bind the listen socket to all interfaces, or the\n\t * interface name, eg, \u0022eth2\u0022\n\t * If options specifies LWS_SERVER_OPTION_UNIX_SOCK, this member is\n\t * the pathname of a UNIX domain socket. you can use the UNIX domain\n\t * sockets in abstract namespace, by prepending an at symbol to the\n\t * socket name. */\n\tconst struct lws_protocols *protocols;\n\t/**\u003c VHOST: Array of structures listing supported protocols and a\n\t * protocol-specific callback for each one. The list is ended with an\n\t * entry that has a NULL callback pointer. SEE ALSO .pprotocols below,\n\t * which gives an alternative way to provide an array of pointers to\n\t * protocol structs. */\n#if defined(LWS_ROLE_WS)\n\tconst struct lws_extension *extensions;\n\t/**\u003c VHOST: NULL or array of lws_extension structs listing the\n\t * extensions this context supports. */\n#endif\n#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2)\n\tconst struct lws_token_limits *token_limits;\n\t/**\u003c CONTEXT: NULL or struct lws_token_limits pointer which is\n\t * initialized with a token length limit for each possible WSI_TOKEN_ */\n\tconst char *http_proxy_address;\n\t/**\u003c VHOST: If non-NULL, attempts to proxy via the given address.\n\t * If proxy auth is required, use format\n\t * \u0022username:password\u005c@server:port\u0022 */\n\tconst struct lws_protocol_vhost_options *headers;\n\t\t/**\u003c VHOST: pointer to optional linked list of per-vhost\n\t\t * canned headers that are added to server responses */\n\n\tconst struct lws_protocol_vhost_options *reject_service_keywords;\n\t/**\u003c CONTEXT: Optional list of keywords and rejection codes + text.\n\t *\n\t * The keywords are checked for existing in the user agent string.\n\t *\n\t * Eg, \u0022badrobot\u0022 \u0022404 Not Found\u0022\n\t */\n\tconst struct lws_protocol_vhost_options *pvo;\n\t/**\u003c VHOST: pointer to optional linked list of per-vhost\n\t * options made accessible to protocols */\n\tconst char *log_filepath;\n\t/**\u003c VHOST: filepath to append logs to... this is opened before\n\t *\t\tany dropping of initial privileges */\n\tconst struct lws_http_mount *mounts;\n\t/**\u003c VHOST: optional linked list of mounts for this vhost */\n\tconst char *server_string;\n\t/**\u003c CONTEXT: string used in HTTP headers to identify server\n\t * software, if NULL, \u0022libwebsockets\u0022. */\n\n\tconst char *error_document_404;\n\t/**\u003c VHOST: If non-NULL, when asked to serve a non-existent file,\n\t * lws attempts to server this url path instead. Eg,\n\t * \u0022/404.html\u0022 */\n\tint port;\n\t/**\u003c VHOST: Port to listen on. Use CONTEXT_PORT_NO_LISTEN to suppress\n\t * listening for a client. Use CONTEXT_PORT_NO_LISTEN_SERVER if you are\n\t * writing a server but you are using \u005cref sock-adopt instead of the\n\t * built-in listener.\n\t *\n\t * You can also set port to 0, in which case the kernel will pick\n\t * a random port that is not already in use. You can find out what\n\t * port the vhost is listening on using lws_get_vhost_listen_port()\n\t *\n\t * If options specifies LWS_SERVER_OPTION_UNIX_SOCK, you should set\n\t * port to 0 */\n\n\tunsigned int http_proxy_port;\n\t/**\u003c VHOST: If http_proxy_address was non-NULL, uses this port */\n\tunsigned int max_http_header_data2;\n\t/**\u003c CONTEXT: if max_http_header_data is 0 and this\n\t * is nonzero, this will be used in place of the default. It's\n\t * like this for compatibility with the original short version,\n\t * this is unsigned int length. */\n\tunsigned int max_http_header_pool2;\n\t/**\u003c CONTEXT: if max_http_header_pool is 0 and this\n\t * is nonzero, this will be used in place of the default. It's\n\t * like this for compatibility with the original short version:\n\t * this is unsigned int length. */\n\n\tint keepalive_timeout;\n\t/**\u003c VHOST: (default \u003d 0 \u003d 5s, 31s for http/2) seconds to allow remote\n\t * client to hold on to an idle HTTP/1.1 connection. Timeout lifetime\n\t * applied to idle h2 network connections */\n\tuint32_t\thttp2_settings[7];\n\t/**\u003c VHOST: if http2_settings[0] is nonzero, the values given in\n\t *\t http2_settings[1]..[6] are used instead of the lws\n\t *\t platform default values.\n\t *\t Just leave all at 0 if you don't care.\n\t */\n\n\tunsigned short max_http_header_data;\n\t/**\u003c CONTEXT: The max amount of header payload that can be handled\n\t * in an http request (unrecognized header payload is dropped) */\n\tunsigned short max_http_header_pool;\n\t/**\u003c CONTEXT: The max number of connections with http headers that\n\t * can be processed simultaneously (the corresponding memory is\n\t * allocated and deallocated dynamically as needed). If the pool is\n\t * fully busy new incoming connections must wait for accept until one\n\t * becomes free. 0 \u003d allow as many ah as number of availble fds for\n\t * the process */\n\n#endif\n\n#if defined(LWS_WITH_TLS)\n\tconst char *ssl_private_key_password;\n\t/**\u003c VHOST: NULL or the passphrase needed for the private key. (For\n\t * backwards compatibility, this can also be used to pass the client\n\t * cert passphrase when setting up a vhost client SSL context, but it is\n\t * preferred to use .client_ssl_private_key_password for that.) */\n\tconst char *ssl_cert_filepath;\n\t/**\u003c VHOST: If libwebsockets was compiled to use ssl, and you want\n\t * to listen using SSL, set to the filepath to fetch the\n\t * server cert from, otherwise NULL for unencrypted. (For backwards\n\t * compatibility, this can also be used to pass the client certificate\n\t * when setting up a vhost client SSL context, but it is preferred to\n\t * use .client_ssl_cert_filepath for that.)\n\t *\n\t * Notice you can alternatively set a single DER or PEM from a memory\n\t * buffer as the vhost tls cert using \u005cp server_ssl_cert_mem and\n\t * \u005cp server_ssl_cert_mem_len.\n\t */\n\tconst char *ssl_private_key_filepath;\n\t/**\u003c VHOST: filepath to private key if wanting SSL mode;\n\t * this should not be set to NULL when ssl_cert_filepath is set.\n\t *\n\t * Alteratively, the certificate and private key can both be set in\n\t * the OPENSSL_LOAD_EXTRA_SERVER_VERIFY_CERTS callback directly via\n\t * openSSL library calls. This requires that\n\t * LWS_SERVER_OPTION_CREATE_VHOST_SSL_CTX is set in the vhost info options\n\t * to force initializtion of the SSL_CTX context.\n\t *\n\t * (For backwards compatibility, this can also be used\n\t * to pass the client cert private key filepath when setting up a\n\t * vhost client SSL context, but it is preferred to use\n\t * .client_ssl_private_key_filepath for that.)\n\t *\n\t * Notice you can alternatively set a DER or PEM private key from a\n\t * memory buffer as the vhost tls private key using\n\t * \u005cp server_ssl_private_key_mem and \u005cp server_ssl_private_key_mem_len.\n\t */\n\tconst char *ssl_ca_filepath;\n\t/**\u003c VHOST: CA certificate filepath or NULL. (For backwards\n\t * compatibility, this can also be used to pass the client CA\n\t * filepath when setting up a vhost client SSL context,\n\t * but it is preferred to use .client_ssl_ca_filepath for that.)\n\t *\n\t * Notice you can alternatively set a DER or PEM CA cert from a memory\n\t * buffer using \u005cp server_ssl_ca_mem and \u005cp server_ssl_ca_mem_len.\n\t */\n\tconst char *ssl_cipher_list;\n\t/**\u003c VHOST: List of valid ciphers to use ON TLS1.2 AND LOWER ONLY (eg,\n\t * \u0022RC4-MD5:RC4-SHA:AES128-SHA:AES256-SHA:HIGH:!DSS:!aNULL\u0022\n\t * or you can leave it as NULL to get \u0022DEFAULT\u0022 (For backwards\n\t * compatibility, this can also be used to pass the client cipher\n\t * list when setting up a vhost client SSL context,\n\t * but it is preferred to use .client_ssl_cipher_list for that.)\n\t * SEE .tls1_3_plus_cipher_list and .client_tls_1_3_plus_cipher_list\n\t * for the equivalent for tls1.3.\n\t */\n\tconst char *ecdh_curve;\n\t/**\u003c VHOST: if NULL, defaults to initializing server with\n\t * \u0022prime256v1\u0022 */\n\tconst char *tls1_3_plus_cipher_list;\n\t/**\u003c VHOST: List of valid ciphers to use for incoming server connections\n\t * ON TLS1.3 AND ABOVE (eg, \u0022TLS_CHACHA20_POLY1305_SHA256\u0022 on this vhost\n\t * or you can leave it as NULL to get \u0022DEFAULT\u0022.\n\t * SEE .client_tls_1_3_plus_cipher_list to do the same on the vhost\n\t * client SSL_CTX.\n\t */\n\n\tconst void *server_ssl_cert_mem;\n\t/**\u003c VHOST: Alternative for \u005cp ssl_cert_filepath that allows setting\n\t * from memory instead of from a file. At most one of\n\t * \u005cp ssl_cert_filepath or \u005cp server_ssl_cert_mem should be non-NULL. */\n\tconst void *server_ssl_private_key_mem;\n\t/**\u003c VHOST: Alternative for \u005cp ssl_private_key_filepath allowing\n\t * init from a private key in memory instead of a file. At most one\n\t * of \u005cp ssl_private_key_filepath or \u005cp server_ssl_private_key_mem\n\t * should be non-NULL. */\n\tconst void *server_ssl_ca_mem;\n\t/**\u003c VHOST: Alternative for \u005cp ssl_ca_filepath allowing\n\t * init from a CA cert in memory instead of a file. At most one\n\t * of \u005cp ssl_ca_filepath or \u005cp server_ssl_ca_mem should be non-NULL. */\n\n\tlong ssl_options_set;\n\t/**\u003c VHOST: Any bits set here will be set as server SSL options */\n\tlong ssl_options_clear;\n\t/**\u003c VHOST: Any bits set here will be cleared as server SSL options */\n\tint simultaneous_ssl_restriction;\n\t/**\u003c CONTEXT: 0 (no limit) or limit of simultaneous SSL sessions\n\t * possible.*/\n\tint simultaneous_ssl_handshake_restriction;\n\t/**\u003c CONTEXT: 0 (no limit) or limit of simultaneous SSL handshakes ongoing */\n\tint ssl_info_event_mask;\n\t/**\u003c VHOST: mask of ssl events to be reported on LWS_CALLBACK_SSL_INFO\n\t * callback for connections on this vhost. The mask values are of\n\t * the form SSL_CB_ALERT, defined in openssl/ssl.h. The default of\n\t * 0 means no info events will be reported.\n\t */\n\tunsigned int server_ssl_cert_mem_len;\n\t/**\u003c VHOST: Server SSL context init: length of server_ssl_cert_mem in\n\t * bytes */\n\tunsigned int server_ssl_private_key_mem_len;\n\t/**\u003c VHOST: length of \u005cp server_ssl_private_key_mem in memory */\n\tunsigned int server_ssl_ca_mem_len;\n\t/**\u003c VHOST: length of \u005cp server_ssl_ca_mem in memory */\n\n\tconst char *alpn;\n\t/**\u003c CONTEXT: If non-NULL, default list of advertised alpn, comma-\n\t *\t separated\n\t *\n\t * VHOST: If non-NULL, per-vhost list of advertised alpn, comma-\n\t *\t separated\n\t */\n\n\n#if defined(LWS_WITH_CLIENT)\n\tconst char *client_ssl_private_key_password;\n\t/**\u003c VHOST: Client SSL context init: NULL or the passphrase needed\n\t * for the private key */\n\tconst char *client_ssl_cert_filepath;\n\t/**\u003c VHOST: Client SSL context init: The certificate the client\n\t * should present to the peer on connection */\n\tconst void *client_ssl_cert_mem;\n\t/**\u003c VHOST: Client SSL context init: client certificate memory buffer or\n\t * NULL... use this to load client cert from memory instead of file */\n\tunsigned int client_ssl_cert_mem_len;\n\t/**\u003c VHOST: Client SSL context init: length of client_ssl_cert_mem in\n\t * bytes */\n\tconst char *client_ssl_private_key_filepath;\n\t/**\u003c VHOST: Client SSL context init: filepath to client private key\n\t * if this is set to NULL but client_ssl_cert_filepath is set, you\n\t * can handle the LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS\n\t * callback of protocols[0] to allow setting of the private key directly\n\t * via tls library calls */\n\tconst void *client_ssl_key_mem;\n\t/**\u003c VHOST: Client SSL context init: client key memory buffer or\n\t * NULL... use this to load client key from memory instead of file */\n\tconst char *client_ssl_ca_filepath;\n\t/**\u003c VHOST: Client SSL context init: CA certificate filepath or NULL */\n\tconst void *client_ssl_ca_mem;\n\t/**\u003c VHOST: Client SSL context init: CA certificate memory buffer or\n\t * NULL... use this to load CA cert from memory instead of file */\n\n\tconst char *client_ssl_cipher_list;\n\t/**\u003c VHOST: Client SSL context init: List of valid ciphers to use (eg,\n\t* \u0022RC4-MD5:RC4-SHA:AES128-SHA:AES256-SHA:HIGH:!DSS:!aNULL\u0022\n\t* or you can leave it as NULL to get \u0022DEFAULT\u0022 */\n\tconst char *client_tls_1_3_plus_cipher_list;\n\t/**\u003c VHOST: List of valid ciphers to use for outgoing client connections\n\t * ON TLS1.3 AND ABOVE on this vhost (eg,\n\t * \u0022TLS_CHACHA20_POLY1305_SHA256\u0022) or you can leave it as NULL to get\n\t * \u0022DEFAULT\u0022.\n\t */\n\n\tlong ssl_client_options_set;\n\t/**\u003c VHOST: Any bits set here will be set as CLIENT SSL options */\n\tlong ssl_client_options_clear;\n\t/**\u003c VHOST: Any bits set here will be cleared as CLIENT SSL options */\n\n\n\tunsigned int client_ssl_ca_mem_len;\n\t/**\u003c VHOST: Client SSL context init: length of client_ssl_ca_mem in\n\t * bytes */\n\tunsigned int client_ssl_key_mem_len;\n\t/**\u003c VHOST: Client SSL context init: length of client_ssl_key_mem in\n\t * bytes */\n\n#endif\n\n#if !defined(LWS_WITH_MBEDTLS)\n\tSSL_CTX *provided_client_ssl_ctx;\n\t/**\u003c CONTEXT: If non-null, swap out libwebsockets ssl\n\t * implementation for the one provided by provided_ssl_ctx.\n\t * Libwebsockets no longer is responsible for freeing the context\n\t * if this option is selected. */\n#else /* WITH_MBEDTLS */\n\tconst char *mbedtls_client_preload_filepath;\n\t/**\u003c CONTEXT: If NULL, no effect. Otherwise it should point to a\n\t * filepath where every created client SSL_CTX is preloaded from the\n\t * system trust bundle.\n\t *\n\t * This sets a processwide variable that affects all contexts.\n\t *\n\t * Requires that the mbedtls provides mbedtls_x509_crt_parse_file(),\n\t * else disabled.\n\t */\n#endif\n#endif\n\n\tint ka_time;\n\t/**\u003c CONTEXT: 0 for no TCP keepalive, otherwise apply this keepalive\n\t * timeout to all libwebsocket sockets, client or server */\n\tint ka_probes;\n\t/**\u003c CONTEXT: if ka_time was nonzero, after the timeout expires how many\n\t * times to try to get a response from the peer before giving up\n\t * and killing the connection */\n\tint ka_interval;\n\t/**\u003c CONTEXT: if ka_time was nonzero, how long to wait before each ka_probes\n\t * attempt */\n\tunsigned int timeout_secs;\n\t/**\u003c VHOST: various processes involving network roundtrips in the\n\t * library are protected from hanging forever by timeouts. If\n\t * nonzero, this member lets you set the timeout used in seconds.\n\t * Otherwise a default timeout is used. */\n\tunsigned int connect_timeout_secs;\n\t/**\u003c VHOST: client connections have this long to find a working server\n\t * from the DNS results, or the whole connection times out. If zero,\n\t * a default timeout is used */\n\tint bind_iface;\n\t/**\u003c VHOST: nonzero to strictly bind sockets to the interface name in\n\t * .iface (eg, \u0022eth2\u0022), using SO_BIND_TO_DEVICE.\n\t *\n\t * Requires SO_BINDTODEVICE support from your OS and CAP_NET_RAW\n\t * capability.\n\t *\n\t * Notice that common things like access network interface IP from\n\t * your local machine use your lo / loopback interface and will be\n\t * disallowed by this.\n\t */\n\tunsigned int timeout_secs_ah_idle;\n\t/**\u003c VHOST: seconds to allow a client to hold an ah without using it.\n\t * 0 defaults to 10s. */\n#endif /* WITH_NETWORK */\n\n#if defined(LWS_WITH_TLS_SESSIONS)\n\tuint32_t\t\t\ttls_session_timeout;\n\t/**\u003c VHOST: seconds until timeout/ttl for newly created sessions.\n\t * 0 means default timeout (defined per protocol, usually 300s). */\n\tuint32_t\t\t\ttls_session_cache_max;\n\t/**\u003c VHOST: 0 for default limit of 10, or the maximum number of\n\t * client tls sessions we are willing to cache */\n#endif\n\n\tgid_t gid;\n\t/**\u003c CONTEXT: group id to change to after setting listen socket,\n\t * or -1. See also .username below. */\n\tuid_t uid;\n\t/**\u003c CONTEXT: user id to change to after setting listen socket,\n\t * or -1. See also .groupname below. */\n\tuint64_t options;\n\t/**\u003c VHOST + CONTEXT: 0, or LWS_SERVER_OPTION_... bitfields */\n\tvoid *user;\n\t/**\u003c VHOST + CONTEXT: optional user pointer that will be associated\n\t * with the context when creating the context (and can be retrieved by\n\t * lws_context_user(context), or with the vhost when creating the vhost\n\t * (and can be retrieved by lws_vhost_user(vhost)). You will need to\n\t * use LWS_SERVER_OPTION_EXPLICIT_VHOSTS and create the vhost separately\n\t * if you care about giving the context and vhost different user pointer\n\t * values.\n\t */\n\tunsigned int count_threads;\n\t/**\u003c CONTEXT: how many contexts to create in an array, 0 \u003d 1 */\n\tunsigned int fd_limit_per_thread;\n\t/**\u003c CONTEXT: nonzero means restrict each service thread to this\n\t * many fds, 0 means the default which is divide the process fd\n\t * limit by the number of threads.\n\t *\n\t * Note if this is nonzero, and fd_limit_per_thread multiplied by the\n\t * number of service threads is less than the process ulimit, then lws\n\t * restricts internal lookup table allocation to the smaller size, and\n\t * switches to a less efficient lookup scheme. You should use this to\n\t * trade off speed against memory usage if you know the lws context\n\t * will only use a handful of fds.\n\t *\n\t * Bear in mind lws may use some fds internally, for example for the\n\t * cancel pipe, so you may need to allow for some extras for normal\n\t * operation.\n\t */\n\tconst char *vhost_name;\n\t/**\u003c VHOST: name of vhost, must match external DNS name used to\n\t * access the site, like \u0022warmcat.com\u0022 as it's used to match\n\t * Host: header and / or SNI name for SSL.\n\t * CONTEXT: NULL, or the name to associate with the context for\n\t * context-specific logging\n\t */\n#if defined(LWS_WITH_PLUGINS)\n\tconst char * const *plugin_dirs;\n\t/**\u003c CONTEXT: NULL, or NULL-terminated array of directories to\n\t * scan for lws protocol plugins at context creation time */\n#endif\n\tvoid *external_baggage_free_on_destroy;\n\t/**\u003c CONTEXT: NULL, or pointer to something externally malloc'd, that\n\t * should be freed when the context is destroyed. This allows you to\n\t * automatically sync the freeing action to the context destruction\n\t * action, so there is no need for an external free() if the context\n\t * succeeded to create.\n\t */\n\n\n\tunsigned int pt_serv_buf_size;\n\t/**\u003c CONTEXT: 0 \u003d default of 4096. This buffer is used by\n\t * various service related features including file serving, it\n\t * defines the max chunk of file that can be sent at once.\n\t * At the risk of lws having to buffer failed large sends, it\n\t * can be increased to, eg, 128KiB to improve throughput. */\n#if defined(LWS_WITH_FILE_OPS)\n\tconst struct lws_plat_file_ops *fops;\n\t/**\u003c CONTEXT: NULL, or pointer to an array of fops structs, terminated\n\t * by a sentinel with NULL .open.\n\t *\n\t * If NULL, lws provides just the platform file operations struct for\n\t * backwards compatibility.\n\t */\n#endif\n\n#if defined(LWS_WITH_SOCKS5)\n\tconst char *socks_proxy_address;\n\t/**\u003c VHOST: If non-NULL, attempts to proxy via the given address.\n\t * If proxy auth is required, use format\n\t * \u0022username:password\u005c@server:port\u0022 */\n\tunsigned int socks_proxy_port;\n\t/**\u003c VHOST: If socks_proxy_address was non-NULL, uses this port\n\t * if nonzero, otherwise requires \u0022server:port\u0022 in .socks_proxy_address\n\t */\n#endif\n\n#if defined(LWS_HAVE_SYS_CAPABILITY_H) \u0026\u0026 defined(LWS_HAVE_LIBCAP)\n\tcap_value_t caps[4];\n\t/**\u003c CONTEXT: array holding Linux capabilities you want to\n\t * continue to be available to the server after it transitions\n\t * to a noprivileged user. Usually none are needed but for, eg,\n\t * .bind_iface, CAP_NET_RAW is required. This gives you a way\n\t * to still have the capability but drop root.\n\t */\n\tchar count_caps;\n\t/**\u003c CONTEXT: count of Linux capabilities in .caps[]. 0 means\n\t * no capabilities will be inherited from root (the default) */\n#endif\n\tvoid **foreign_loops;\n\t/**\u003c CONTEXT: This is ignored if the context is not being started with\n\t *\t\tan event loop, ie, .options has a flag like\n\t *\t\tLWS_SERVER_OPTION_LIBUV.\n\t *\n\t *\t\tNULL indicates lws should start its own even loop for\n\t *\t\teach service thread, and deal with closing the loops\n\t *\t\twhen the context is destroyed.\n\t *\n\t *\t\tNon-NULL means it points to an array of external\n\t *\t\t(\u0022foreign\u0022) event loops that are to be used in turn for\n\t *\t\teach service thread. In the default case of 1 service\n\t *\t\tthread, it can just point to one foreign event loop.\n\t */\n\tvoid (*signal_cb)(void *event_lib_handle, int signum);\n\t/**\u003c CONTEXT: NULL: default signal handling. Otherwise this receives\n\t *\t\tthe signal handler callback. event_lib_handle is the\n\t *\t\tnative event library signal handle, eg uv_signal_t *\n\t *\t\tfor libuv.\n\t */\n\tstruct lws_context **pcontext;\n\t/**\u003c CONTEXT: if non-NULL, at the end of context destroy processing,\n\t * the pointer pointed to by pcontext is written with NULL. You can\n\t * use this to let foreign event loops know that lws context destruction\n\t * is fully completed.\n\t */\n\tvoid (*finalize)(struct lws_vhost *vh, void *arg);\n\t/**\u003c VHOST: NULL, or pointer to function that will be called back\n\t *\t when the vhost is just about to be freed. The arg parameter\n\t *\t will be set to whatever finalize_arg is below.\n\t */\n\tvoid *finalize_arg;\n\t/**\u003c VHOST: opaque pointer lws ignores but passes to the finalize\n\t *\t callback. If you don't care, leave it NULL.\n\t */\n\tconst char *listen_accept_role;\n\t/**\u003c VHOST: NULL for default, or force accepted incoming connections to\n\t * bind to this role. Uses the role names from their ops struct, eg,\n\t * \u0022raw-skt\u0022.\n\t */\n\tconst char *listen_accept_protocol;\n\t/**\u003c VHOST: NULL for default, or force accepted incoming connections to\n\t * bind to this vhost protocol name.\n\t */\n\tconst struct lws_protocols **pprotocols;\n\t/**\u003c VHOST: NULL: use .protocols, otherwise ignore .protocols and use\n\t * this array of pointers to protocols structs. The end of the array\n\t * is marked by a NULL pointer.\n\t *\n\t * This is preferred over .protocols, because it allows the protocol\n\t * struct to be opaquely defined elsewhere, with just a pointer to it\n\t * needed to create the context with it. .protocols requires also\n\t * the type of the user data to be known so its size can be given.\n\t */\n\n\tconst char *username; /**\u003c CONTEXT: string username for post-init\n\t * permissions. Like .uid but takes a string username. */\n\tconst char *groupname; /**\u003c CONTEXT: string groupname for post-init\n\t * permissions. Like .gid but takes a string groupname. */\n\tconst char *unix_socket_perms; /**\u003c VHOST: if your vhost is listening\n\t * on a unix socket, you can give a \u0022username:groupname\u0022 string here\n\t * to control the owner:group it's created with. It's always created\n\t * with 0660 mode. */\n\tconst lws_system_ops_t *system_ops;\n\t/**\u003c CONTEXT: hook up lws_system_ apis to system-specific\n\t * implementations */\n\tconst lws_retry_bo_t *retry_and_idle_policy;\n\t/**\u003c VHOST: optional retry and idle policy to apply to this vhost.\n\t * Currently only the idle parts are applied to the connections.\n\t */\n#if defined(LWS_WITH_SYS_STATE)\n\tlws_state_notify_link_t * const *register_notifier_list;\n\t/**\u003c CONTEXT: NULL, or pointer to an array of notifiers that should\n\t * be registered during context creation, so they can see state change\n\t * events from very early on. The array should end with a NULL. */\n#endif\n#if defined(LWS_WITH_SECURE_STREAMS)\n#if defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY)\n\tconst struct lws_ss_policy *pss_policies; /**\u003c CONTEXT: point to first\n\t * in a linked-list of streamtype policies prepared by user code */\n#else\n\tconst char *pss_policies_json; /**\u003c CONTEXT: point to a string\n\t * containing a JSON description of the secure streams policies. Set\n\t * to NULL if not using Secure Streams.\n\t * If the platform supports files and the string does not begin with\n\t * '{', lws treats the string as a filepath to open to get the JSON\n\t * policy.\n\t */\n#endif\n\tconst struct lws_ss_plugin **pss_plugins; /**\u003c CONTEXT: point to an array\n\t * of pointers to plugin structs here, terminated with a NULL ptr.\n\t * Set to NULL if not using Secure Streams. */\n\tconst char *ss_proxy_bind; /**\u003c CONTEXT: NULL, or: ss_proxy_port \u003d\u003d 0:\n\t * point to a string giving the Unix Domain Socket address to use (start\n\t * with @ for abstract namespace), ss_proxy_port nonzero: set the\n\t * network interface address (not name, it's ambiguous for ipv4/6) to\n\t * bind the tcp connection to the proxy to */\n\tconst char *ss_proxy_address; /**\u003c CONTEXT: NULL, or if ss_proxy_port\n\t * nonzero: the tcp address of the ss proxy to connect to */\n\tuint16_t ss_proxy_port; /* 0 \u003d if connecting to ss proxy, do it via a\n\t * Unix Domain Socket, \u0022+@proxy.ss.lws\u0022 if ss_proxy_bind is NULL else\n\t * the socket path given in ss_proxy_bind (start it with a + or +@);\n\t * nonzero means connect via a tcp socket to the tcp address in\n\t * ss_proxy_bind and the given port */\n\tconst struct lws_transport_proxy_ops *txp_ops_ssproxy; /**\u003c CONTEXT: NULL, or\n\t * custom sss transport ops used for ss proxy communication. NULL means\n\t * to use the default wsi-based proxy server */\n\tconst void *txp_ssproxy_info; /**\u003c CONTEXT: NULL, or extra transport-\n\t * specifi creation info to be used at \u005cp txp_ops_ssproxy creation */\n\tconst struct lws_transport_client_ops *txp_ops_sspc; /**\u003c CONTEXT: NULL, or\n\t * custom sss transport ops used for ss client communication to the ss\n\t * proxy. NULL means to use the default wsi-based client support */\n#endif\n\n#if defined(LWS_WITH_SECURE_STREAMS_PROXY_API)\n#endif\n\n\tint rlimit_nofile;\n\t/**\u003c 0 \u003d inherit the initial ulimit for files / sockets from the startup\n\t * environment. Nonzero \u003d try to set the limit for this process.\n\t */\n#if defined(LWS_WITH_PEER_LIMITS)\n\tlws_peer_limits_notify_t pl_notify_cb;\n\t/**\u003c CONTEXT: NULL, or a callback to receive notifications each time a\n\t * connection is being dropped because of peer limits.\n\t *\n\t * The callback provides the context, and an lws_sockaddr46 with the\n\t * peer address and port.\n\t */\n\tunsigned short ip_limit_ah;\n\t/**\u003c CONTEXT: max number of ah a single IP may use simultaneously\n\t *\t 0 is no limit. This is a soft limit: if the limit is\n\t *\t reached, connections from that IP will wait in the ah\n\t *\t waiting list and not be able to acquire an ah until\n\t *\t a connection belonging to the IP relinquishes one it\n\t *\t already has.\n\t */\n\tunsigned short ip_limit_wsi;\n\t/**\u003c CONTEXT: max number of wsi a single IP may use simultaneously.\n\t *\t 0 is no limit. This is a hard limit, connections from\n\t *\t the same IP will simply be dropped once it acquires the\n\t *\t amount of simultaneous wsi / accepted connections\n\t *\t given here.\n\t */\n\n#endif /* PEER_LIMITS */\n\n#if defined(LWS_WITH_SYS_FAULT_INJECTION)\n\tlws_fi_ctx_t\t\t\t\tfic;\n\t/**\u003c CONTEXT | VHOST: attach external Fault Injection context to the\n\t * lws_context or vhost. If creating the context + default vhost in\n\t * one step, only the context binds to \u005cp fi. When creating a vhost\n\t * otherwise this can bind to the vhost so the faults can be injected\n\t * from the start.\n\t */\n#endif\n\n#if defined(LWS_WITH_SYS_SMD)\n\tlws_smd_notification_cb_t\t\tearly_smd_cb;\n\t/**\u003c CONTEXT: NULL, or an smd notification callback that will be registered\n\t * immediately after the smd in the context is initialized. This ensures\n\t * you can get all notifications without having to intercept the event loop\n\t * creation, eg, when using an event library. Other callbacks can be\n\t * registered later manually without problems.\n\t */\n\tvoid\t\t\t\t\t*early_smd_opaque;\n\tlws_smd_class_t\t\t\t\tearly_smd_class_filter;\n\tlws_usec_t\t\t\t\tsmd_ttl_us;\n\t/**\u003c CONTEXT: SMD messages older than this many us are removed from the\n\t * queue and destroyed even if not fully delivered yet. If zero,\n\t * defaults to 2 seconds (5 second for FREERTOS).\n\t */\n\tuint16_t\t\t\t\tsmd_queue_depth;\n\t/**\u003c CONTEXT: Maximum queue depth, If zero defaults to 40\n\t * (20 for FREERTOS) */\n#endif\n\n#if defined(LWS_WITH_SYS_METRICS)\n\tconst struct lws_metric_policy\t\t*metrics_policies;\n\t/**\u003c CONTEXT: non-SS policy metrics policies */\n\tconst char\t\t\t\t*metrics_prefix;\n\t/**\u003c CONTEXT: prefix for this context's metrics, used to distinguish\n\t * metrics pooled from different processes / applications, so, eg what\n\t * would be \u0022cpu.svc\u0022 if this is NULL becomes \u0022myapp.cpu.svc\u0022 is this is\n\t * set to \u0022myapp\u0022. Policies are applied using the name with the prefix,\n\t * if present.\n\t */\n#endif\n\n\tint\t\t\t\t\tfo_listen_queue;\n\t/**\u003c VHOST: 0 \u003d no TCP_FASTOPEN, nonzero \u003d enable TCP_FASTOPEN if the\n\t * platform supports it, with the given queue length for the listen\n\t * socket.\n\t */\n\n\tconst struct lws_plugin_evlib\t\t*event_lib_custom;\n\t/**\u003c CONTEXT: If non-NULL, override event library selection so it uses\n\t * this custom event library implementation, instead of default internal\n\t * loop. Don't set any other event lib context creation flags in that\n\t * case. it will be used automatically. This is useful for integration\n\t * where an existing application is using its own handrolled event loop\n\t * instead of an event library, it provides a way to allow lws to use\n\t * the custom event loop natively as if it were an \u0022event library\u0022.\n\t */\n\n#if defined(LWS_WITH_TLS_JIT_TRUST)\n\tsize_t\t\t\t\t\tjitt_cache_max_footprint;\n\t/**\u003c CONTEXT: 0 for no limit, else max bytes used by JIT Trust cache...\n\t * LRU items are evicted to keep under this limit */\n\tint\t\t\t\t\tvh_idle_grace_ms;\n\t/**\u003c CONTEXT: 0 for default of 5000ms, or number of ms JIT Trust vhosts\n\t * are allowed to live without active connections using them. */\n#endif\n\n\tlws_log_cx_t\t\t\t\t*log_cx;\n\t/**\u003c CONTEXT: NULL to use the default, process-scope logging context,\n\t * else a specific logging context to associate with this context */\n\n#if defined(LWS_WITH_CACHE_NSCOOKIEJAR) \u0026\u0026 defined(LWS_WITH_CLIENT)\n\tconst char\t\t\t\t*http_nsc_filepath;\n\t/**\u003c CONTEXT: Filepath to use for http netscape cookiejar file */\n\n\tsize_t\t\t\t\t\thttp_nsc_heap_max_footprint;\n\t/**\u003c CONTEXT: 0, or limit in bytes for heap usage of memory cookie\n\t * cache */\n\tsize_t\t\t\t\t\thttp_nsc_heap_max_items;\n\t/**\u003c CONTEXT: 0, or the max number of items allowed in the cookie cache\n\t * before destroying lru items to keep it under the limit */\n\tsize_t\t\t\t\t\thttp_nsc_heap_max_payload;\n\t/**\u003c CONTEXT: 0, or the maximum size of a single cookie we are able to\n\t * handle */\n#endif\n\n#if defined(LWS_WITH_SYS_ASYNC_DNS)\n\tconst char\t\t\t\t**async_dns_servers;\n\t/**\u003c CONTEXT: NULL, or a pointer to an array of strings containing the\n\t * numeric IP like \u00228.8.8.8\u0022 or \u00222001:4860:4860::8888\u0022 for a list of DNS\n\t * server to forcibly add. If given, the list of strings must be\n\t * terminated with a NULL.\n\t */\n#endif\n\n#if defined(WIN32)\n\tunsigned int win32_connect_check_interval_usec;\n\t/**\u003c CONTEXT: win32 needs client connection status checking at intervals\n\t * to work reliably. This sets the interval in us, up to 999999. By\n\t * default, it's 500us.\n\t */\n#endif\n\n\tint default_loglevel;\n\t/**\u003c CONTEXT: 0 for LLL_USER, LLL_ERR, LLL_WARN, LLL_NOTICE enabled by default when\n\t * using lws_cmdline_option_handle_builtin(), else set to the LLL_ flags you want\n\t * to be the default before calling lws_cmdline_option_handle_builtin(). Your\n\t * selected default loglevel can then be cleanly overridden using -d 1039 etc\n\t * commandline switch */\n\n\tlws_sockfd_type\t\tvh_listen_sockfd;\n\t/**\u003c VHOST: 0 for normal vhost listen socket fd creation, if any.\n\t * Nonzero to force the selection of an already-existing fd for the\n\t * vhost's listen socket, which is already prepared. This is intended\n\t * for an external process having chosen the fd, which cannot then be\n\t * zero.\n\t */\n\n\t/* Add new things just above here ---^\n\t * This is part of the ABI, don't needlessly break compatibility\n\t *\n\t * The below is to ensure later library versions with new\n\t * members added above will see 0 (default) even if the app\n\t * was not built against the newer headers.\n\t */\n\n\tvoid *_unused[2]; /**\u003c dummy */\n};\n\n/**\n * lws_create_context() - Create the websocket handler\n * \u005cparam info:\tpointer to struct with parameters\n *\n *\tThis function creates the listening socket (if serving) and takes care\n *\tof all initialization in one step.\n *\n *\tIf option LWS_SERVER_OPTION_EXPLICIT_VHOSTS is given, no vhost is\n *\tcreated; you're expected to create your own vhosts afterwards using\n *\tlws_create_vhost(). Otherwise a vhost named \u0022default\u0022 is also created\n *\tusing the information in the vhost-related members, for compatibility.\n *\n *\tAfter initialization, it returns a struct lws_context * that\n *\trepresents this server. After calling, user code needs to take care\n *\tof calling lws_service() with the context pointer to get the\n *\tserver's sockets serviced. This must be done in the same process\n *\tcontext as the initialization call.\n *\n *\tThe protocol callback functions are called for a handful of events\n *\tincluding http requests coming in, websocket connections becoming\n *\testablished, and data arriving; it's also called periodically to allow\n *\tasync transmission.\n *\n *\tHTTP requests are sent always to the FIRST protocol in protocol, since\n *\tat that time websocket protocol has not been negotiated. Other\n *\tprotocols after the first one never see any HTTP callback activity.\n *\n *\tThe server created is a simple http server by default; part of the\n *\twebsocket standard is upgrading this http connection to a websocket one.\n *\n *\tThis allows the same server to provide files like scripts and favicon /\n *\timages or whatever over http and dynamic data over websockets all in\n *\tone place; they're all handled in the user callback.\n */\nLWS_VISIBLE LWS_EXTERN struct lws_context *\nlws_create_context(const struct lws_context_creation_info *info);\n\n\n/**\n * lws_context_destroy() - Destroy the websocket context\n * \u005cparam context:\tWebsocket context\n *\n *\tThis function closes any active connections and then frees the\n *\tcontext. After calling this, any further use of the context is\n *\tundefined.\n */\nLWS_VISIBLE LWS_EXTERN void\nlws_context_destroy(struct lws_context *context);\n\ntypedef int (*lws_reload_func)(void);\n\n/**\n * lws_context_deprecate() - Deprecate the websocket context\n *\n * \u005cparam context:\tWebsocket context\n * \u005cparam cb: Callback notified when old context listen sockets are closed\n *\n *\tThis function is used on an existing context before superceding it\n *\twith a new context.\n *\n *\tIt closes any listen sockets in the context, so new connections are\n *\tnot possible.\n *\n *\tAnd it marks the context to be deleted when the number of active\n *\tconnections into it falls to zero.\n *\n *\tThis is aimed at allowing seamless configuration reloads.\n *\n *\tThe callback cb will be called after the listen sockets are actually\n *\tclosed and may be reopened. In the callback the new context should be\n *\tconfigured and created. (With libuv, socket close happens async after\n *\tmore loop events).\n */\nLWS_VISIBLE LWS_EXTERN void\nlws_context_deprecate(struct lws_context *context, lws_reload_func cb);\n\nLWS_VISIBLE LWS_EXTERN int\nlws_context_is_deprecated(struct lws_context *context);\n\n/**\n * lws_set_proxy() - Setups proxy to lws_context.\n * \u005cparam vhost:\tpointer to struct lws_vhost you want set proxy for\n * \u005cparam proxy: pointer to c string containing proxy in format address:port\n *\n * Returns 0 if proxy string was parsed and proxy was setup.\n * Returns -1 if proxy is NULL or has incorrect format.\n *\n * This is only required if your OS does not provide the http_proxy\n * environment variable (eg, OSX)\n *\n * IMPORTANT! You should call this function right after creation of the\n * lws_context and before call to connect. If you call this\n * function after connect behavior is undefined.\n * This function will override proxy settings made on lws_context\n * creation with genenv() call.\n */\nLWS_VISIBLE LWS_EXTERN int\nlws_set_proxy(struct lws_vhost *vhost, const char *proxy);\n\n/**\n * lws_set_socks() - Setup socks to lws_context.\n * \u005cparam vhost:\tpointer to struct lws_vhost you want set socks for\n * \u005cparam socks: pointer to c string containing socks in format address:port\n *\n * Returns 0 if socks string was parsed and socks was setup.\n * Returns -1 if socks is NULL or has incorrect format.\n *\n * This is only required if your OS does not provide the socks_proxy\n * environment variable (eg, OSX)\n *\n * IMPORTANT! You should call this function right after creation of the\n * lws_context and before call to connect. If you call this\n * function after connect behavior is undefined.\n * This function will override proxy settings made on lws_context\n * creation with genenv() call.\n */\nLWS_VISIBLE LWS_EXTERN int\nlws_set_socks(struct lws_vhost *vhost, const char *socks);\n\nstruct lws_vhost;\n\n/**\n * lws_create_vhost() - Create a vhost (virtual server context)\n * \u005cparam context:\tpointer to result of lws_create_context()\n * \u005cparam info:\t\tpointer to struct with parameters\n *\n * This function creates a virtual server (vhost) using the vhost-related\n * members of the info struct. You can create many vhosts inside one context\n * if you created the context with the option LWS_SERVER_OPTION_EXPLICIT_VHOSTS\n */\nLWS_VISIBLE LWS_EXTERN struct lws_vhost *\nlws_create_vhost(struct lws_context *context,\n\t\t const struct lws_context_creation_info *info);\n\n/**\n * lws_vhost_destroy() - Destroy a vhost (virtual server context)\n *\n * \u005cparam vh:\t\tpointer to result of lws_create_vhost()\n *\n * This function destroys a vhost. Normally, if you just want to exit,\n * then lws_destroy_context() will take care of everything. If you want\n * to destroy an individual vhost and all connections and allocations, you\n * can do it with this.\n *\n * If the vhost has a listen sockets shared by other vhosts, it will be given\n * to one of the vhosts sharing it rather than closed.\n *\n * The vhost close is staged according to the needs of the event loop, and if\n * there are multiple service threads. At the point the vhost itself if\n * about to be freed, if you provided a finalize callback and optional arg at\n * vhost creation time, it will be called just before the vhost is freed.\n */\nLWS_VISIBLE LWS_EXTERN void\nlws_vhost_destroy(struct lws_vhost *vh);\n\n/**\n * lwsws_get_config_globals() - Parse a JSON server config file\n * \u005cparam info:\t\tpointer to struct with parameters\n * \u005cparam d:\t\tfilepath of the config file\n * \u005cparam config_strings: storage for the config strings extracted from JSON,\n * \t\t\t the pointer is incremented as strings are stored\n * \u005cparam len:\t\tpointer to the remaining length left in config_strings\n *\t\t\t the value is decremented as strings are stored\n *\n * This function prepares a n lws_context_creation_info struct with global\n * settings from a file d.\n *\n * Requires CMake option LWS_WITH_LEJP_CONF to have been enabled\n */\nLWS_VISIBLE LWS_EXTERN int\nlwsws_get_config_globals(struct lws_context_creation_info *info, const char *d,\n\t\t\t char **config_strings, int *len);\n\n/**\n * lwsws_get_config_vhosts() - Create vhosts from a JSON server config file\n * \u005cparam context:\tpointer to result of lws_create_context()\n * \u005cparam info:\t\tpointer to struct with parameters\n * \u005cparam d:\t\tfilepath of the config file\n * \u005cparam config_strings: storage for the config strings extracted from JSON,\n * \t\t\t the pointer is incremented as strings are stored\n * \u005cparam len:\t\tpointer to the remaining length left in config_strings\n *\t\t\t the value is decremented as strings are stored\n *\n * This function creates vhosts into a context according to the settings in\n *JSON files found in directory d.\n *\n * Requires CMake option LWS_WITH_LEJP_CONF to have been enabled\n */\nLWS_VISIBLE LWS_EXTERN int\nlwsws_get_config_vhosts(struct lws_context *context,\n\t\t\tstruct lws_context_creation_info *info, const char *d,\n\t\t\tchar **config_strings, int *len);\n\n/**\n * lws_get_vhost() - return the vhost a wsi belongs to\n *\n * \u005cparam wsi: which connection\n */\nLWS_VISIBLE LWS_EXTERN struct lws_vhost *\nlws_get_vhost(struct lws *wsi);\n\n/**\n * lws_get_vhost_name() - returns the name of a vhost\n *\n * \u005cparam vhost: which vhost\n */\nLWS_VISIBLE LWS_EXTERN const char *\nlws_get_vhost_name(struct lws_vhost *vhost);\n\n/**\n * lws_get_vhost_by_name() - returns the vhost with the requested name, or NULL\n *\n * \u005cparam context: the lws_context to look in\n * \u005cparam name: vhost name we are looking for\n *\n * Returns NULL, or the vhost with the name \u005cp name\n */\nLWS_VISIBLE LWS_EXTERN struct lws_vhost *\nlws_get_vhost_by_name(struct lws_context *context, const char *name);\n\n/**\n * lws_get_vhost_port() - returns the port a vhost listens on, or -1\n *\n * \u005cparam vhost: which vhost\n */\nLWS_VISIBLE LWS_EXTERN int\nlws_get_vhost_port(struct lws_vhost *vhost);\n\n/**\n * lws_get_vhost_user() - returns the user pointer for the vhost\n *\n * \u005cparam vhost: which vhost\n */\nLWS_VISIBLE LWS_EXTERN void *\nlws_get_vhost_user(struct lws_vhost *vhost);\n\n/**\n * lws_get_vhost_iface() - returns the binding for the vhost listen socket\n *\n * \u005cparam vhost: which vhost\n */\nLWS_VISIBLE LWS_EXTERN const char *\nlws_get_vhost_iface(struct lws_vhost *vhost);\n\n/**\n * lws_vhost_user() - get the user data associated with the vhost\n * \u005cparam vhost: Websocket vhost\n *\n * This returns the optional user pointer that can be attached to\n * a vhost when it was created. Lws never dereferences this pointer, it only\n * sets it when the vhost is created, and returns it using this api.\n */\nLWS_VISIBLE LWS_EXTERN void *\nlws_vhost_user(struct lws_vhost *vhost);\n\n/**\n * lws_context_user() - get the user data associated with the context\n * \u005cparam context: Websocket context\n *\n * This returns the optional user allocation that can be attached to\n * the context the sockets live in at context_create time. It's a way\n * to let all sockets serviced in the same context share data without\n * using globals statics in the user code.\n */\nLWS_VISIBLE LWS_EXTERN void *\nlws_context_user(struct lws_context *context);\n\nLWS_VISIBLE LWS_EXTERN const char *\nlws_vh_tag(struct lws_vhost *vh);\n\nLWS_VISIBLE LWS_EXTERN void\n_lws_context_info_defaults(struct lws_context_creation_info *info,\n\t\t\t const char *sspol);\n\nLWS_VISIBLE LWS_EXTERN void\nlws_default_loop_exit(struct lws_context *cx);\n\nLWS_VISIBLE LWS_EXTERN void\nlws_context_default_loop_run_destroy(struct lws_context *cx);\n\nLWS_VISIBLE LWS_EXTERN int\nlws_cmdline_passfail(int argc, const char **argv, int actual);\n\n/**\n * lws_systemd_inherited_fd() - prepare vhost creation info for systemd exported fd if any\n *\n * \u005cparam index: 0+ index of exported fd\n * \u005cparam info: info struct to be prepared with related info, if any\n *\n * Returns 0 and points info to the related fd, aligning the other information\n * to the type of fd and port it is bound to, or returns nonzero if no such\n * inherited fd.\n */\nLWS_VISIBLE LWS_EXTERN int\nlws_systemd_inherited_fd(unsigned int index,\n\t\t\t struct lws_context_creation_info *info);\n\n/**\n * lws_context_is_being_destroyed() - find out if context is being destroyed\n *\n * \u005cparam context: the struct lws_context pointer\n *\n * Returns nonzero if the context has had lws_context_destroy() called on it...\n * when using event library loops the destroy process can be asynchronous. In\n * the special case of libuv foreign loops, the failure to create the context\n * may have to do work on the foreign loop to reverse the partial creation,\n * meaning a failed context create cannot unpick what it did and return NULL.\n *\n * In that condition, a valid context that is already started the destroy\n * process is returned, and this test api will return nonzero as a way to\n * find out the create is in the middle of failing.\n */\nLWS_VISIBLE LWS_EXTERN int\nlws_context_is_being_destroyed(struct lws_context *context);\n\n/*! \u005cdefgroup vhost-mounts Vhost mounts and options\n * \u005cingroup context-and-vhost-creation\n *\n * ##Vhost mounts and options\n */\n///@{\n/** struct lws_protocol_vhost_options - linked list of per-vhost protocol\n * \t\t\t\t\tname\u003dvalue options\n *\n * This provides a general way to attach a linked-list of name\u003dvalue pairs,\n * which can also have an optional child link-list using the options member.\n */\nstruct lws_protocol_vhost_options {\n\tconst struct lws_protocol_vhost_options *next; /**\u003c linked list */\n\tconst struct lws_protocol_vhost_options *options; /**\u003c child linked-list of more options for this node */\n\tconst char *name; /**\u003c name of name\u003dvalue pair */\n\tconst char *value; /**\u003c value of name\u003dvalue pair */\n};\n\n/** enum lws_mount_protocols\n * This specifies the mount protocol for a mountpoint, whether it is to be\n * served from a filesystem, or it is a cgi etc.\n */\nenum lws_mount_protocols {\n\tLWSMPRO_HTTP\t\t\u003d 0, /**\u003c http reverse proxy */\n\tLWSMPRO_HTTPS\t\t\u003d 1, /**\u003c https reverse proxy */\n\tLWSMPRO_FILE\t\t\u003d 2, /**\u003c serve from filesystem directory */\n\tLWSMPRO_CGI\t\t\u003d 3, /**\u003c pass to CGI to handle */\n\tLWSMPRO_REDIR_HTTP\t\u003d 4, /**\u003c redirect to http:// url */\n\tLWSMPRO_REDIR_HTTPS\t\u003d 5, /**\u003c redirect to https:// url */\n\tLWSMPRO_CALLBACK\t\u003d 6, /**\u003c handle by named protocol's callback */\n\tLWSMPRO_NO_MOUNT \u003d 7, /**\u003c matches fall back to no match processing */\n};\n\n/** enum lws_authentication_mode\n * This specifies the authentication mode of the mount. The basic_auth_login_file mount parameter\n * is ignored unless LWSAUTHM_DEFAULT is set.\n */\nenum lws_authentication_mode {\n\tLWSAUTHM_DEFAULT \u003d 0, /**\u003c default authenticate only if basic_auth_login_file is provided */\n\tLWSAUTHM_BASIC_AUTH_CALLBACK \u003d 1 \u003c\u003c 28 /**\u003c Basic auth with a custom verifier */\n};\n\n/** The authentication mode is stored in the top 4 bits of lws_http_mount.auth_mask */\n#define AUTH_MODE_MASK 0xF0000000\n\n/** struct lws_http_mount\n *\n * arguments for mounting something in a vhost's url namespace\n */\nstruct lws_http_mount {\n\tconst struct lws_http_mount *mount_next;\n\t/**\u003c pointer to next struct lws_http_mount */\n\tconst char *mountpoint;\n\t/**\u003c mountpoint in http pathspace, eg, \u0022/\u0022 */\n\tconst char *origin;\n\t/**\u003c path to be mounted, eg, \u0022/var/www/warmcat.com\u0022 */\n\tconst char *def;\n\t/**\u003c default target, eg, \u0022index.html\u0022 */\n\tconst char *protocol;\n\t/**\u003c\u0022protocol-name\u0022 to handle mount */\n\n\tconst struct lws_protocol_vhost_options *cgienv;\n\t/**\u003c optional linked-list of cgi options. These are created\n\t * as environment variables for the cgi process\n\t */\n\tconst struct lws_protocol_vhost_options *extra_mimetypes;\n\t/**\u003c optional linked-list of mimetype mappings */\n\tconst struct lws_protocol_vhost_options *interpret;\n\t/**\u003c optional linked-list of files to be interpreted */\n\n\tint cgi_timeout;\n\t/**\u003c seconds cgi is allowed to live, if cgi://mount type */\n\tint cache_max_age;\n\t/**\u003c max-age for reuse of client cache of files, seconds */\n\tunsigned int auth_mask;\n\t/**\u003c bits set here must be set for authorized client session */\n\n\tunsigned int cache_reusable:1; /**\u003c set if client cache may reuse this */\n\tunsigned int cache_revalidate:1; /**\u003c set if client cache should revalidate on use */\n\tunsigned int cache_intermediaries:1; /**\u003c set if intermediaries are allowed to cache */\n\tunsigned int cache_no:1; /**\u003c set if client should check cache always*/\n\n\tunsigned char origin_protocol; /**\u003c one of enum lws_mount_protocols */\n\tunsigned char mountpoint_len; /**\u003c length of mountpoint string */\n\n\tconst char *basic_auth_login_file;\n\t/**\u003cNULL, or filepath to use to check basic auth logins against. (requires LWSAUTHM_DEFAULT) */\n\n\t/* Add new things just above here ---^\n\t * This is part of the ABI, don't needlessly break compatibility\n\t */\n};\n\nLWS_VISIBLE LWS_EXTERN void\nlws_vhost_set_mounts(struct lws_vhost *v, const struct lws_http_mount *mounts);\n\n///@}\n///@}\n","s":{"c":1711642713,"u": 3831}} ],"g": 11706,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 1, "si": 0, "db":0, "di":0, "sat":0, "lfc": "0000"}