1 /*
2  * libwebsockets - small server side websockets and web server implementation
3  *
4  * Copyright (C) 2019 - 2020 Andy Green <andy@warmcat.com>
5  *
6  * Permission is hereby granted, free of charge, to any person obtaining a copy
7  * of this software and associated documentation files (the "Software"), to
8  * deal in the Software without restriction, including without limitation the
9  * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10  * sell copies of the Software, and to permit persons to whom the Software is
11  * furnished to do so, subject to the following conditions:
12  *
13  * The above copyright notice and this permission notice shall be included in
14  * all copies or substantial portions of the Software.
15  *
16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22  * IN THE SOFTWARE.
23  *
24  *
25  * In the case Secure Streams protocol needs to pass through a buffer,
26  * or a streamed connection, the protocol metadata must be serialized.  This
27  * file provides internal apis to perform the serialization and deserialization
28  * in and out of an lws_dsh fifo-type buffer.
29  */
30 
31 #include <private-lib-core.h>
32 
33 typedef enum {
34 	RPAR_TYPE,
35 	RPAR_LEN_MSB,
36 	RPAR_LEN_LSB,
37 
38 	RPAR_FLAG_B3,
39 	RPAR_FLAG_B2,
40 	RPAR_FLAG_B1,
41 	RPAR_FLAG_B0,
42 
43 	RPAR_LATA3,
44 	RPAR_LATA2,
45 	RPAR_LATA1,
46 	RPAR_LATA0,
47 
48 	RPAR_LATB7,
49 	RPAR_LATB6,
50 	RPAR_LATB5,
51 	RPAR_LATB4,
52 	RPAR_LATB3,
53 	RPAR_LATB2,
54 	RPAR_LATB1,
55 	RPAR_LATB0,
56 
57 	RPAR_RIDESHARE_LEN,
58 	RPAR_RIDESHARE,
59 
60 	RPAR_RESULT_CREATION_RIDESHARE,
61 
62 	RPAR_METADATA_NAMELEN,
63 	RPAR_METADATA_NAME,
64 	RPAR_METADATA_VALUE,
65 
66 	RPAR_PAYLOAD,
67 
68 	RPAR_RX_TXCR_UPDATE,
69 
70 	RPAR_STREAMTYPE,
71 	RPAR_INITTXC0,
72 
73 	RPAR_TXCR0,
74 
75 	RPAR_RESULT_CREATION,
76 
77 	RPAR_STATEINDEX,
78 	RPAR_ORD3,
79 	RPAR_ORD2,
80 	RPAR_ORD1,
81 	RPAR_ORD0,
82 } rx_parser_t;
83 
84 #if defined(_DEBUG)
85 static const char *sn[] = {
86 	"unset",
87 
88 	"LPCS_WAIT_INITIAL_TX",
89 	"LPCS_REPORTING_FAIL",
90 	"LPCS_REPORTING_OK",
91 	"LPCS_OPERATIONAL",
92 	"LPCS_DESTROYED",
93 
94 	"LPCS_SENDING_INITIAL_TX",
95 	"LPCS_WAITING_CREATE_RESULT",
96 	"LPCS_LOCAL_CONNECTED",
97 	"LPCS_ONWARD_CONNECT",
98 };
99 #endif
100 
101 void
lws_ss_serialize_state_transition(lws_ss_conn_states_t * state,int new_state)102 lws_ss_serialize_state_transition(lws_ss_conn_states_t *state, int new_state)
103 {
104 #if defined(_DEBUG)
105 	lwsl_info("%s: %s -> %s\n", __func__, sn[*state], sn[new_state]);
106 #endif
107 	*state = new_state;
108 }
109 
110 
111 /*
112  * event loop received something and is queueing it for the foreign side of
113  * the dsh to consume later as serialized rx
114  */
115 
116 int
lws_ss_serialize_rx_payload(struct lws_dsh * dsh,const uint8_t * buf,size_t len,int flags,const char * rsp)117 lws_ss_serialize_rx_payload(struct lws_dsh *dsh, const uint8_t *buf,
118 			    size_t len, int flags, const char *rsp)
119 {
120 	lws_usec_t us = lws_now_usecs();
121 	uint8_t pre[128];
122 	int est = 19, l = 0;
123 
124 	if (flags & LWSSS_FLAG_RIDESHARE) {
125 		/*
126 		 * We should have the rideshare name if we have been told it's
127 		 * on a non-default rideshare
128 		 */
129 		assert(rsp);
130 		l = strlen(rsp);
131 		est += 1 + l;
132 	} else
133 		assert(!rsp);
134 
135 	// lwsl_user("%s: len %d, flags: %d\n", __func__, (int)len, flags);
136 	// lwsl_hexdump_info(buf, len);
137 
138 	pre[0] = LWSSS_SER_RXPRE_RX_PAYLOAD;
139 	lws_ser_wu16be(&pre[1], len + est - 3);
140 	lws_ser_wu32be(&pre[3], flags);
141 	lws_ser_wu32be(&pre[7], 0);	/* write will compute latency here... */
142 	lws_ser_wu64be(&pre[11], us);	/* ... and set this to the write time */
143 
144 	/*
145 	 * If we are on a non-default rideshare, append the non-default name to
146 	 * the headers of the payload part, 1-byte length first
147 	 */
148 
149 	if (flags & LWSSS_FLAG_RIDESHARE) {
150 		pre[19] = (uint8_t)l;
151 		memcpy(&pre[20], rsp, l);
152 	}
153 
154 	if (lws_dsh_alloc_tail(dsh, KIND_SS_TO_P, pre, est, buf, len)) {
155 		lwsl_err("%s: unable to alloc in dsh 1\n", __func__);
156 
157 		return 1;
158 	}
159 
160 	return 0;
161 }
162 
163 /*
164  * event loop is consuming dsh-buffered, already-serialized tx from the
165  * foreign side
166  */
167 
168 int
lws_ss_deserialize_tx_payload(struct lws_dsh * dsh,struct lws * wsi,lws_ss_tx_ordinal_t ord,uint8_t * buf,size_t * len,int * flags)169 lws_ss_deserialize_tx_payload(struct lws_dsh *dsh, struct lws *wsi,
170 			      lws_ss_tx_ordinal_t ord, uint8_t *buf,
171 			      size_t *len, int *flags)
172 {
173 	uint8_t *p;
174 	size_t si;
175 
176 	if (lws_dsh_get_head(dsh, KIND_C_TO_P, (void **)&p, &si)) {
177 		*len = 0;
178 		return 0;
179 	}
180 
181 	/*
182 	 * The packet in the dsh has a proxying serialization header, process
183 	 * and strip it so we just forward the payload
184 	 */
185 
186 	if (*len <= si - 23 || si < 23) {
187 		/*
188 		 * What comes out of the dsh needs to fit in the tx buffer
189 		 */
190 		lwsl_err("%s: *len = %d, si = %d\n", __func__, (int)*len, (int)si);
191 		assert(0);
192 		return 1;
193 	}
194 	if (p[0] != LWSSS_SER_TXPRE_TX_PAYLOAD) {
195 		assert(0);
196 		return 1;
197 	}
198 
199 	*len = lws_ser_ru16be(&p[1]) - (23 - 3);
200 	assert(*len == si - 23);
201 
202 	memcpy(buf, p + 23, si - 23);
203 
204 	*flags = lws_ser_ru32be(&p[3]);
205 
206 #if defined(LWS_WITH_DETAILED_LATENCY)
207 	if (wsi && wsi->context->detailed_latency_cb) {
208 		/*
209 		 * use the proxied latency information to compute the client
210 		 * and our delays, and apply to wsi.
211 		 *
212 		 * + 7 u32   us held at client before written
213 		 * +11 u32   us taken for transit to proxy
214 		 * +15 u64   ustime when proxy got packet from client
215 		 */
216 		lws_usec_t us = lws_now_usecs();
217 
218 		wsi->detlat.acc_size = wsi->detlat.req_size = si - 23;
219 		wsi->detlat.latencies[LAT_DUR_PROXY_CLIENT_REQ_TO_WRITE] =
220 						lws_ser_ru32be(&p[7]);
221 		wsi->detlat.latencies[LAT_DUR_PROXY_CLIENT_WRITE_TO_PROXY_RX] =
222 						lws_ser_ru32be(&p[11]);
223 		wsi->detlat.latencies[LAT_DUR_PROXY_RX_TO_ONWARD_TX] =
224 						us - lws_ser_ru64be(&p[15]);
225 
226 		wsi->detlat.latencies[LAT_DUR_USERCB] = 0;
227 	}
228 #endif
229 
230 	// lwsl_user("%s: len %d, flags: %d\n", __func__, (int)*len, *flags);
231 	// lwsl_hexdump_info(buf, *len);
232 
233 	lws_dsh_free((void **)&p);
234 
235 	return 0;
236 }
237 
238 /*
239  * event loop side is issuing state, serialize and put it in the dbuf for
240  * the foreign side to consume later
241  */
242 
243 int
lws_ss_serialize_state(struct lws_dsh * dsh,lws_ss_constate_t state,lws_ss_tx_ordinal_t ack)244 lws_ss_serialize_state(struct lws_dsh *dsh, lws_ss_constate_t state,
245 		       lws_ss_tx_ordinal_t ack)
246 {
247 	uint8_t pre[8];
248 
249 	lwsl_info("%s: %s, ord 0x%x\n", __func__, lws_ss_state_name(state),
250 		  (unsigned int)ack);
251 
252 	pre[0] = LWSSS_SER_RXPRE_CONNSTATE;
253 	pre[1] = 0;
254 	pre[2] = 5;
255 	pre[3] = (uint8_t)state;
256 	lws_ser_wu32be(&pre[4], ack);
257 
258 	if (lws_dsh_alloc_tail(dsh, KIND_SS_TO_P, pre, 8, NULL, 0)) {
259 		lwsl_err("%s: unable to alloc in dsh 2\n", __func__);
260 
261 		return 1;
262 	}
263 
264 	return 0;
265 }
266 
267 /*
268  * event loop side was told about remote peer tx credit window update, serialize
269  * and put it in the dbuf for the foreign side to consume later
270  */
271 
272 int
lws_ss_serialize_txcr(struct lws_dsh * dsh,int txcr)273 lws_ss_serialize_txcr(struct lws_dsh *dsh, int txcr)
274 {
275 	uint8_t pre[7];
276 
277 	lwsl_info("%s: %d\n", __func__, txcr);
278 
279 	pre[0] = LWSSS_SER_RXPRE_TXCR_UPDATE;
280 	pre[1] = 0;
281 	pre[2] = 4;
282 	lws_ser_wu32be(&pre[3], txcr);
283 
284 	if (lws_dsh_alloc_tail(dsh, KIND_SS_TO_P, pre, 7, NULL, 0)) {
285 		lwsl_err("%s: unable to alloc in dsh 2\n", __func__);
286 
287 		return 1;
288 	}
289 
290 	return 0;
291 }
292 
293 /*
294  * event loop side is consuming serialized data from the client via dsh, parse
295  * it using a bytewise parser for the serialization header(s)...
296  * it's possibly coalesced
297  */
298 
299 int
lws_ss_deserialize_parse(struct lws_ss_serialization_parser * par,struct lws_context * context,struct lws_dsh * dsh,const uint8_t * cp,size_t len,lws_ss_conn_states_t * state,void * parconn,lws_ss_handle_t ** pss,lws_ss_info_t * ssi,char client)300 lws_ss_deserialize_parse(struct lws_ss_serialization_parser *par,
301 			 struct lws_context *context,
302 			 struct lws_dsh *dsh, const uint8_t *cp, size_t len,
303 			 lws_ss_conn_states_t *state, void *parconn,
304 			 lws_ss_handle_t **pss, lws_ss_info_t *ssi, char client)
305 {
306 	lws_ss_metadata_t *pm;
307 	lws_sspc_handle_t *h;
308 	uint8_t pre[23];
309 	lws_usec_t us;
310 	uint32_t flags;
311 	uint8_t *p;
312 	int n;
313 
314 	while (len--) {
315 		switch (par->ps) {
316 		case RPAR_TYPE:
317 			par->type = *cp++;
318 			par->ps++;
319 			break;
320 
321 		case RPAR_LEN_MSB: /* this is remaining frame length */
322 			par->rem = (*cp++) << 8;
323 			par->ps++;
324 			break;
325 
326 		case RPAR_LEN_LSB:
327 			par->rem |= *cp++;
328 			switch (par->type) {
329 
330 			/* event loop side */
331 
332 			case LWSSS_SER_TXPRE_TX_PAYLOAD:
333 				if (client)
334 					goto hangup;
335 				if (*state != LPCS_OPERATIONAL)
336 					goto hangup;
337 				par->ps = RPAR_FLAG_B3;
338 				break;
339 
340 			case LWSSS_SER_TXPRE_DESTROYING:
341 				if (client)
342 					goto hangup;
343 				par->ps = RPAR_TYPE;
344 				lwsl_notice("%s: DESTROYING\n", __func__);
345 				goto hangup;
346 
347 			case LWSSS_SER_TXPRE_ONWARD_CONNECT:
348 				if (client)
349 					goto hangup;
350 				if (*state != LPCS_OPERATIONAL)
351 					goto hangup;
352 				par->ps = RPAR_TYPE;
353 				if (*pss)
354 					lws_ss_client_connect(*pss);
355 				break;
356 
357 			case LWSSS_SER_TXPRE_STREAMTYPE:
358 				if (client)
359 					goto hangup;
360 				if (*state != LPCS_WAIT_INITIAL_TX)
361 					goto hangup;
362 				if (par->rem < 4)
363 					goto hangup;
364 				par->ctr = 0;
365 				par->ps = RPAR_INITTXC0;
366 				break;
367 
368 			case LWSSS_SER_TXPRE_METADATA:
369 				if (client)
370 					goto hangup;
371 				if (par->rem < 3)
372 					goto hangup;
373 				par->ctr = 0;
374 				par->ps = RPAR_METADATA_NAMELEN;
375 				break;
376 
377 			case LWSSS_SER_TXPRE_TXCR_UPDATE:
378 				par->ps = RPAR_TXCR0;
379 				par->ctr = 0;
380 				break;
381 
382 			/* client side */
383 
384 			case LWSSS_SER_RXPRE_RX_PAYLOAD:
385 				if (!client)
386 					goto hangup;
387 				if (*state != LPCS_OPERATIONAL &&
388 				    *state != LPCS_LOCAL_CONNECTED) {
389 					lwsl_err("rx in state %d\n", *state);
390 					goto hangup;
391 				}
392 				par->rideshare[0] = '\0';
393 				par->ps = RPAR_FLAG_B3;
394 				break;
395 
396 			case LWSSS_SER_RXPRE_CREATE_RESULT:
397 				if (!client)
398 					goto hangup;
399 				if (*state != LPCS_WAITING_CREATE_RESULT) {
400 					lwsl_err("a2\n");
401 					goto hangup;
402 				}
403 				if (par->rem < 1) {
404 					lwsl_err("a3\n");
405 					goto hangup;
406 				}
407 				par->ps = RPAR_RESULT_CREATION;
408 				break;
409 
410 			case LWSSS_SER_RXPRE_CONNSTATE:
411 				if (!client)
412 					goto hangup;
413 				if (*state != LPCS_LOCAL_CONNECTED &&
414 				    *state != LPCS_OPERATIONAL) {
415 					lwsl_err("a4\n");
416 					goto hangup;
417 				}
418 				if (par->rem < 4) {
419 					lwsl_err("a5\n");
420 					goto hangup;
421 				}
422 				par->ps = RPAR_STATEINDEX;
423 				break;
424 
425 			case LWSSS_SER_RXPRE_TXCR_UPDATE:
426 				par->ctr = 0;
427 				par->ps = RPAR_RX_TXCR_UPDATE;
428 				break;
429 
430 			default:
431 				lwsl_notice("%s: bad type 0x%x\n", __func__,
432 					    par->type);
433 				goto hangup;
434 			}
435 			break;
436 
437 			case RPAR_FLAG_B3:
438 			case RPAR_FLAG_B2:
439 			case RPAR_FLAG_B1:
440 			case RPAR_FLAG_B0:
441 				par->flags <<= 8;
442 				par->flags |= *cp++;
443 				par->ps++;
444 				if (!par->rem--)
445 					goto hangup;
446 				break;
447 
448 			case RPAR_LATA3:
449 			case RPAR_LATA2:
450 			case RPAR_LATA1:
451 			case RPAR_LATA0:
452 				par->usd_phandling <<= 8;
453 				par->usd_phandling |= *cp++;
454 				par->ps++;
455 				if (!par->rem--)
456 					goto hangup;
457 				break;
458 
459 			case RPAR_LATB7:
460 			case RPAR_LATB6:
461 			case RPAR_LATB5:
462 			case RPAR_LATB4:
463 			case RPAR_LATB3:
464 			case RPAR_LATB2:
465 			case RPAR_LATB1:
466 			case RPAR_LATB0:
467 				par->ust_pwait <<= 8;
468 				par->ust_pwait |= *cp++;
469 				par->ps++;
470 				par->frag1 = 1;
471 				if (!par->rem--)
472 					goto hangup;
473 
474 				if (par->ps == RPAR_RIDESHARE_LEN &&
475 				    !(par->flags & LWSSS_FLAG_RIDESHARE))
476 					par->ps = RPAR_PAYLOAD;
477 
478 				if (par->rem)
479 					break;
480 
481 				/* fallthru - handle 0-length payload */
482 
483 				if (!(par->flags & LWSSS_FLAG_RIDESHARE))
484 					goto payload_ff;
485 				goto hangup;
486 
487 			/*
488 			 * Inbound rideshare info is provided on the RX packet
489 			 * itself
490 			 */
491 
492 		case RPAR_RIDESHARE_LEN:
493 			par->slen = *cp++;
494 			par->ctr = 0;
495 			par->ps++;
496 			if (par->rem-- < par->slen)
497 				goto hangup;
498 			break;
499 
500 		case RPAR_RIDESHARE:
501 			par->rideshare[par->ctr++] = *cp++;
502 			if (!par->rem--)
503 				goto hangup;
504 			if (par->ctr != par->slen)
505 				break;
506 			par->ps = RPAR_PAYLOAD;
507 			if (par->rem)
508 				break;
509 
510 			/* fallthru - handle 0-length payload */
511 
512 		case RPAR_PAYLOAD:
513 payload_ff:
514 			n = (int)len + 1;
515 			if (n > par->rem)
516 				n = par->rem;
517 			if (n > 1380)
518 				n = 1380;
519 
520 			/* deal with refragmented SOM / EOM flags */
521 
522 			flags = par->flags & LWSSS_FLAG_RELATED_START;
523 			if (par->frag1)
524 				flags |= par->flags &
525 				    (LWSSS_FLAG_SOM | LWSSS_FLAG_POLL);
526 
527 			if (par->rem == n)
528 				flags |= par->flags & (LWSSS_FLAG_EOM |
529 						LWSSS_FLAG_RELATED_END);
530 
531 			par->frag1 = 0;
532 			us = lws_now_usecs();
533 
534 			if (!client) {
535 				/*
536 				 * Proxy - we received some serialized tx from
537 				 * the client.
538 				 *
539 				 * The header for buffering private to the
540 				 * proxy is 23 bytes vs 19 to hold the
541 				 * current time when it was buffered
542 				 */
543 
544 				lwsl_info("%s: C2P RX: len %d\n", __func__, (int)n);
545 
546 				p = pre;
547 				pre[0] = LWSSS_SER_TXPRE_TX_PAYLOAD;
548 				lws_ser_wu16be(&p[1], n + 23 - 3);
549 				lws_ser_wu32be(&p[3], par->flags);
550 				/* us held at client before written */
551 				lws_ser_wu32be(&p[7], par->usd_phandling);
552 				/* us taken for transit to proxy */
553 				lws_ser_wu32be(&p[11], us - par->ust_pwait);
554 				/* time used later to find proxy hold time */
555 				lws_ser_wu64be(&p[15], us);
556 
557 				if (lws_dsh_alloc_tail(dsh, KIND_C_TO_P, pre,
558 						       23, cp, n)) {
559 					lwsl_err("%s: unable to alloc in dsh 3\n",
560 						 __func__);
561 
562 					return 1;
563 				}
564 
565 				lws_ss_request_tx(*pss);
566 			} else {
567 
568 				/*
569 				 * Client receives some RX from proxy
570 				 *
571 				 * Pass whatever payload we have to ss user
572 				 */
573 
574 				lwsl_info("%s: P2C RX: len %d\n", __func__, (int)n);
575 
576 				h = lws_container_of(par, lws_sspc_handle_t, parser);
577 				h->txc.peer_tx_cr_est -= n;
578 
579 				ssi->rx((void *)pss, (uint8_t *)cp, n, flags);
580 
581 #if defined(LWS_WITH_DETAILED_LATENCY)
582 				if (lws_det_lat_active(context)) {
583 					lws_detlat_t d;
584 
585 					d.type = LDLT_READ;
586 					d.acc_size = d.req_size = n;
587 					d.latencies[LAT_DUR_USERCB] =
588 							lws_now_usecs() - us;
589 					d.latencies[LAT_DUR_PROXY_CLIENT_REQ_TO_WRITE] =
590 							par->usd_phandling;
591 					d.latencies[LAT_DUR_PROXY_CLIENT_WRITE_TO_PROXY_RX] =
592 						us - par->ust_pwait;
593 
594 					lws_det_lat_cb(context, &d);
595 				}
596 #endif
597 			}
598 
599 			if (n) {
600 				cp += n;
601 				par->rem -= n;
602 				len = (len + 1) - n;
603 			}
604 			if (!par->rem)
605 				par->ps = RPAR_TYPE;
606 			break;
607 
608 		case RPAR_RX_TXCR_UPDATE:
609 			if (!--par->rem && par->ctr != 3)
610 				goto hangup;
611 
612 			par->temp32 = (par->temp32 << 8) | *cp++;
613 			if (++par->ctr < 4)
614 				break;
615 
616 			/*
617 			 * Proxy is telling us remote endpoint is allowing us
618 			 * par->temp32 more bytes tx credit to write to it
619 			 */
620 
621 			h = lws_container_of(par, lws_sspc_handle_t, parser);
622 			h->txc.tx_cr += par->temp32;
623 			lwsl_info("%s: RX_PEER_TXCR: %d\n", __func__, par->temp32);
624 			lws_sspc_request_tx(h); /* in case something waiting */
625 			par->ctr = 0;
626 			par->ps = RPAR_TYPE;
627 			break;
628 
629 		case RPAR_INITTXC0:
630 			if (!--par->rem)
631 				goto hangup;
632 
633 			par->temp32 = (par->temp32 << 8) | *cp++;
634 			if (++par->ctr < 4)
635 				break;
636 
637 			par->txcr_out = par->temp32;
638 			par->ctr = 0;
639 			par->ps = RPAR_STREAMTYPE;
640 			break;
641 
642 		/*
643 		 * These are the client adjusting our / the remote peer ability
644 		 * to send back to him. He's sending a signed u32 BE
645 		 */
646 
647 		case RPAR_TXCR0:
648 
649 			par->temp32 = (par->temp32 << 8) | *cp++;
650 			if (++par->ctr < 4) {
651 				if (!--par->rem)
652 					goto hangup;
653 				break;
654 			}
655 
656 			if (--par->rem)
657 				goto hangup;
658 
659 			if (!client) {
660 				/*
661 				 * We're the proxy, being told by the client
662 				 * that it wants to allow more tx from the peer
663 				 * on the onward connection towards it.
664 				 */
665 #if defined(LWS_ROLE_H2) || defined(LWS_ROLE_MQTT)
666 				if ((*pss)->wsi) {
667 					lws_wsi_tx_credit((*pss)->wsi,
668 							  LWSTXCR_PEER_TO_US,
669 							  par->temp32);
670 					lwsl_notice("%s: proxy RX_PEER_TXCR: +%d (est %d)\n",
671 						 __func__, par->temp32,
672 						 (*pss)->wsi->txc.peer_tx_cr_est);
673 					lws_ss_request_tx(*pss);
674 				} else
675 #endif
676 					lwsl_info("%s: dropping TXCR\n", __func__);
677 			} else {
678 				/*
679 				 * We're the client, being told by the proxy
680 				 * about tx credit being given to us from the
681 				 * remote peer, allowing the client to write to
682 				 * it.
683 				 */
684 				h = lws_container_of(par, lws_sspc_handle_t, parser);
685 				h->txc.tx_cr += par->temp32;
686 				lwsl_info("%s: client RX_PEER_TXCR: %d\n",
687 							__func__, par->temp32);
688 				lws_sspc_request_tx(h); /* in case something waiting */
689 			}
690 			par->ps = RPAR_TYPE;
691 			break;
692 
693 		case RPAR_METADATA_NAMELEN:
694 			if (!--par->rem)
695 				goto hangup;
696 			par->slen = *cp++;
697 			if (par->slen >= sizeof(par->metadata_name) - 1)
698 				goto hangup;
699 			par->ctr = 0;
700 			par->ps++;
701 			break;
702 
703 		case RPAR_METADATA_NAME:
704 			if (!--par->rem)
705 				goto hangup;
706 			par->metadata_name[par->ctr++] = *cp++;
707 			if (par->ctr != par->slen)
708 				break;
709 			par->ps = RPAR_METADATA_VALUE;
710 
711 			/* only non-client side can receive these */
712 
713 			/*
714 			 * This is the policy's metadata list for the given
715 			 * name
716 			 */
717 			pm = lws_ss_policy_metadata((*pss)->policy,
718 						    par->metadata_name);
719 			if (!pm) {
720 				lwsl_err("%s: metadata %s not in proxy policy\n",
721 					 __func__, par->metadata_name);
722 
723 				goto hangup;
724 			}
725 
726 			par->ssmd = &(*pss)->metadata[pm->length];
727 
728 			if (par->ssmd->value_on_lws_heap)
729 				lws_free_set_NULL(par->ssmd->value);
730 			par->ssmd->value_on_lws_heap = 0;
731 
732 			par->ssmd->value = lws_malloc(par->rem + 1, "metadata");
733 			if (!par->ssmd->value) {
734 				lwsl_err("%s: OOM mdv\n", __func__);
735 				goto hangup;
736 			}
737 			par->ssmd->length = par->rem;
738 			/* mark it as needing cleanup */
739 			par->ssmd->value_on_lws_heap = 1;
740 			par->ctr = 0;
741 			break;
742 
743 		case RPAR_METADATA_VALUE:
744 			((uint8_t *)(par->ssmd->value))[par->ctr++] = *cp++;
745 			if (--par->rem)
746 				break;
747 
748 			/* we think we got all the value */
749 			lwsl_info("%s: RPAR_METADATA_VALUE for %s (len %d)\n",
750 				  __func__, par->ssmd->name,
751 				  (int)par->ssmd->length);
752 			lwsl_hexdump_info(par->ssmd->value, par->ssmd->length);
753 			par->ps = RPAR_TYPE;
754 			break;
755 
756 		case RPAR_STREAMTYPE:
757 			if (client)
758 				goto hangup;
759 			if (par->ctr == sizeof(par->streamtype) - 1)
760 				goto hangup;
761 
762 			/*
763 			 * We're the proxy, creating an SS on behalf of a
764 			 * client
765 			 */
766 
767 			par->streamtype[par->ctr++] = *cp++;
768 			if (--par->rem)
769 				break;
770 
771 			par->ps = RPAR_TYPE;
772 			par->streamtype[par->ctr] = '\0';
773 			lwsl_notice("%s: creating proxied ss '%s', txcr %d\n",
774 				    __func__, par->streamtype, par->txcr_out);
775 
776 			ssi->streamtype = par->streamtype;
777 			if (par->txcr_out)
778 				ssi->manual_initial_tx_credit = par->txcr_out;
779 
780 			if (lws_ss_create(context, 0, ssi, parconn, pss, NULL, NULL)) {
781 				/*
782 				 * We're unable to create the onward secure
783 				 * stream he asked for... schedule a chance to
784 				 * inform him
785 				 */
786 				lwsl_err("%s: create '%s' fail\n",
787 					__func__, par->streamtype);
788 				*state = LPCS_REPORTING_FAIL;
789 			} else {
790 				lwsl_debug("%s: create '%s' OK\n",
791 					__func__, par->streamtype);
792 				*state = LPCS_REPORTING_OK;
793 			}
794 
795 			if (*pss) {
796 				(*pss)->being_serialized = 1;
797 				lwsl_notice("%s: Created SS initial credit %d\n",
798 					   __func__, par->txcr_out);
799 				(*pss)->info.manual_initial_tx_credit = par->txcr_out;
800 			}
801 
802 			/* parent needs to schedule write on client conn */
803 			break;
804 
805 		/* clientside states */
806 
807 		case RPAR_RESULT_CREATION:
808 			if (*cp++) {
809 				lwsl_err("%s: stream creation failed\n",
810 					 __func__);
811 				goto hangup;
812 			}
813 
814 			lws_ss_serialize_state_transition(state,
815 							  LPCS_LOCAL_CONNECTED);
816 			h = lws_container_of(par, lws_sspc_handle_t, parser);
817 			if (h->cwsi)
818 				lws_callback_on_writable(h->cwsi);
819 
820 			/*
821 			 * This is telling us that the streamtype could be (and
822 			 * was) created at the proxy.  It's not telling us that
823 			 * the onward peer connection could be connected.
824 			 *
825 			 * We'll get a proxied state() coming later that informs
826 			 * us about the situation with that.
827 			 */
828 
829 			par->rsl_pos = 0;
830 			par->rsl_idx = 0;
831 			h = lws_container_of(par, lws_sspc_handle_t, parser);
832 			memset(&h->rideshare_ofs[0], 0, sizeof(h->rideshare_ofs[0]));
833 			h->rideshare_list[0] = '\0';
834 			h->rsidx = 0;
835 
836 			if (!--par->rem)
837 				par->ps = RPAR_TYPE;
838 			else {
839 				par->ps = RPAR_RESULT_CREATION_RIDESHARE;
840 				if (par->rem >= sizeof(h->rideshare_list))
841 					goto hangup;
842 			}
843 			break;
844 
845 		case RPAR_RESULT_CREATION_RIDESHARE:
846 			h = lws_container_of(par, lws_sspc_handle_t, parser);
847 			if (*cp == ',') {
848 				cp++;
849 				h->rideshare_list[par->rsl_pos++] = '\0';
850 				if (par->rsl_idx == LWS_ARRAY_SIZE(h->rideshare_ofs))
851 					goto hangup;
852 				h->rideshare_ofs[++par->rsl_idx] = par->rsl_pos;
853 			} else
854 				h->rideshare_list[par->rsl_pos++] = *cp++;
855 			if (!--par->rem)
856 				par->ps = RPAR_TYPE;
857 			break;
858 
859 		case RPAR_STATEINDEX:
860 			par->ctr = *cp++;
861 			par->ps = RPAR_ORD3;
862 			break;
863 
864 		case RPAR_ORD3:
865 			par->flags = (*cp++) << 24;
866 			par->ps++;
867 			break;
868 
869 		case RPAR_ORD2:
870 			par->flags |= (*cp++) << 16;
871 			par->ps++;
872 			break;
873 
874 		case RPAR_ORD1:
875 			par->flags |= (*cp++) << 8;
876 			par->ps++;
877 			break;
878 
879 		case RPAR_ORD0:
880 			par->flags |= *cp++;
881 			par->ps++;
882 			par->ps = RPAR_TYPE;
883 
884 			/*
885 			 * we received a proxied state change
886 			 */
887 
888 			switch (par->ctr) {
889 			case LWSSSCS_DISCONNECTED:
890 			case LWSSSCS_UNREACHABLE:
891 			case LWSSSCS_AUTH_FAILED:
892 				lws_ss_serialize_state_transition(state,
893 						LPCS_LOCAL_CONNECTED);
894 				break;
895 			case LWSSSCS_CONNECTED:
896 				lwsl_info("%s: CONNECTED %s\n", __func__,
897 					    ssi->streamtype);
898 				lws_ss_serialize_state_transition(state,
899 						LPCS_OPERATIONAL);
900 				break;
901 			default:
902 				break;
903 			}
904 
905 			if (par->ctr < 0 || par->ctr > 9)
906 				goto hangup;
907 
908 #if defined(_DEBUG)
909 			lwsl_info("%s: forwarding proxied state %s\n",
910 					__func__, sn[par->ctr]);
911 #endif
912 			if (ssi->state((void *)pss, NULL, par->ctr, par->flags))
913 				goto hangup;
914 			break;
915 
916 
917 		default:
918 			goto hangup;
919 		}
920 	}
921 
922 	return 0;
923 
924 hangup:
925 	return -1;
926 }
927