romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-05-28 16:18:13 +03:00
Code Issues Projects Releases Packages Wiki Activity
curl/docs/libcurl/libcurl-env-dbg.md
Ruocco, Calvin d3594be653
ws: tests and fixes 
This started out as regression tests for the `curl_ws_recv()` and
`curl_ws_send()` implementation and ended up with a bugfix, additional
protocol validation and minor logging improvements.

- Fix reset of fragmented message decoder state when a PING/PONG is
  received in between message fragments.

- Fix undefined behavior (applying zero offset to null pointer) in
  curl_ws_send() when the given buffer is NULL.

- Detect invalid overlong PING/PONG/CLOSE frames.
- Detect invalid fragmented PING/PONG/CLOSE frames.
- Detect invalid sequences of fragmented frames.

  - a) A continuation frame (0x80...) is received without any ongoing
    fragmented message.
  - b) A new fragmented message is started (0x81/0x01/0x82/0x02...)
    before the ongoing fragmented message has terminated.

- Made logs for invalid opcodes easier to understand.
- Moved noisy logs to the `CURL_TRC_WS` log level.
- Unified the prefixes for WebSocket log messages: `[WS] ...`

- Add env var `CURL_WS_FORCE_ZERO_MASK` in debug builds.

  - If set, it forces the bit mask applied to outgoing payloads to
    0x00000000, which effectively means the payload is not masked at
    all. This drastically simplifies defining the expected `<protocol>`
    data in test cases.

- 2700: Frame types
- 2701: Invalid opcode 0x3
- 2702: Invalid opcode 0xB
- 2703: Invalid reserved bit RSV1 _(replaces 2310)_
- 2704: Invalid reserved bit RSV2
- 2705: Invalid reserved bit RSV3
- 2706: Invalid masked server message
- 2707: Peculiar frame sizes _(part. replaces 2311)_
- 2708: Automatic PONG
- 2709: No automatic PONG _(replaces 2312)_
- 2710: Unsolicited PONG
- 2711: Empty PING/PONG/CLOSE
- 2712: Max sized PING/PONG/CLOSE
- 2713: Invalid oversized PING _(replaces 2307)_
- 2714: Invalid oversized PONG
- 2715: Invalid oversized CLOSE
- 2716: Invalid fragmented PING
- 2717: Invalid fragmented PONG
- 2718: Invalid fragmented CLOSE
- 2719: Fragmented messages _(part. replaces 2311)_
- 2720: Fragmented messages with empty fragments
- 2721: Fragmented messages with interleaved pong
- 2722: Invalid fragmented message without initial frame
- 2723: Invalid fragmented message without final frame

- 2305: curl_ws_recv() loop reading three larger frames
  - This test involuntarily sent an invalid sequence of opcodes (0x01...,0x01...,0x81...) , but neither libcurl nor the test caught this! The correct sequence was tested in 2311 (0x01...,0x00...,0x80...). See below for 2311.
  - Validation of the opcode sequence was added to libcurl and is now tested in 2723.
  - Superseded by 2719 (fragmented message) and 2707 (large frames).
- 2307: overlong PING payload
  - The tested PING payload length check was actually missing, but the test didn't catch this since it involuntarily sent an invalid opcode (0x19... instead of 0x89...) so that the expected error occurred, but for the wrong reason.
  - Superseded by 2713.
- 2310: unknown reserved bit set in frame header
  - Superseded by 2703 and extended by 2704 and 2705.
- 2311: curl_ws_recv() read fragmented message
  - Superseded by 2719 (fragmented message) and 2707 (large frames).
- 2312: WebSockets no auto ping
  - Superseded by 2709.

- No tests for `CURLOPT_WRITEFUNCTION`.
- No tests for sending of invalid frames/fragments.

Closes #17136
2025-06-02 11:15:38 +02:00

165 lines
4.8 KiB
Markdown
Raw Blame History

---
c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
SPDX-License-Identifier: curl
Title: libcurl-env-dbg
Section: 3
Source: libcurl
See-also:
- libcurl-env (3)
Protocol:
- All
Added-in: n/a
---
# NAME
libcurl-env-dbg - environment variables libcurl DEBUGBUILD understands
# DESCRIPTION
This is a set of variables only recognized and used if libcurl was built
"debug enabled", which should never be true for a library used in production.
These variables are intended for internal use only, subject to change and have
many effects on the behavior of libcurl. Refer to the source code to determine
how exactly they are being used.
## `CURL_ALTSVC_HTTP`
Bypass the AltSvc HTTPS protocol restriction if this variable exists.
## `CURL_DBG_SOCK_RBLOCK`
The percentage of recv() calls that should be answered with an EAGAIN at
random. For TCP/UNIX sockets.
## `CURL_DBG_SOCK_RMAX`
The maximum data that shall be received from the network in one recv() call.
For TCP/UNIX sockets. This is applied to every recv.
Example: **CURL_DBG_SOCK_RMAX=400** means recv buffer size is limited to a
maximum of 400 bytes.
## `CURL_DBG_SOCK_WBLOCK`
The percentage of send() calls that should be answered with an EAGAIN at
random. For TCP/UNIX sockets.
## `CURL_DBG_SOCK_WPARTIAL`
The percentage of data that shall be written to the network. For TCP/UNIX
sockets. This is applied to every send.
Example: **CURL_DBG_SOCK_WPARTIAL=80** means a send with 1000 bytes would
only send 800.
## `CURL_DBG_QUIC_WBLOCK`
The percentage of send() calls that should be answered with EAGAIN at random.
QUIC only.
## `CURL_DEBUG`
Trace logging behavior as an alternative to calling curl_global_trace(3).
Example: **CURL_DEBUG=http/2** means trace details about HTTP/2 handling.
In the curl command line tool, built with `--enable-debug`, this environment
variable adds to arguments like `--verbose`, `-vvv`. At least a single `-v`
is needed to make the run emit trace output, but when it does, the contents
of `CURL_DEBUG` are added and can override existing options.
Example: **CURL_DEBUG=tcp,-http/2 curl -vv url** means trace protocol details,
triggered by `-vv`, add tracing of TCP in addition and remove tracing of
HTTP/2.
## `CURL_DEBUG_SIZE`
Fake the size returned by CURLINFO_HEADER_SIZE and CURLINFO_REQUEST_SIZE.
## `CURL_DNS_SERVER`
When built with c-ares for name resolving, setting this environment variable
to `[IP:port]` makes libcurl use that DNS server instead of the system
default. This is used by the curl test suite.
## `CURL_GETHOSTNAME`
Fake the local machine's unqualified hostname for NTLM and SMTP.
## `CURL_HSTS_HTTP`
Bypass the HSTS HTTPS protocol restriction if this variable exists.
## `CURL_FORCETIME`
A time of 0 is used for AWS signatures and NTLM if this variable exists.
## `CURL_ENTROPY`
A fixed faked value to use instead of a proper random number so that functions
in libcurl that are otherwise getting random outputs can be tested for what
they generate.
## `CURL_SMALLREQSEND`
An alternative size of HTTP data to be sent at a time only if smaller than the
current.
## `CURL_SMALLSENDS`
An alternative size of socket data to be sent at a time only if smaller than
the current.
## `CURL_TIME`
Fake Unix timestamp to use for AltSvc, HSTS and CURLINFO variables that are
time related.
This variable can also be used to fake the data returned by some CURLINFO
variables that are not time-related (such as CURLINFO_LOCAL_PORT), and in that
case the value is not a timestamp.
## `CURL_TRACE`
LDAP tracing is enabled if this variable exists and its value is 1 or greater.
OpenLDAP tracing is separate. Refer to CURL_OPENLDAP_TRACE.
## `CURL_OPENLDAP_TRACE`
OpenLDAP tracing is enabled if this variable exists and its value is 1 or
greater. There is a number of debug levels, refer to *openldap.c* comments.
## `CURL_WS_CHUNK_SIZE`
Used to influence the buffer chunk size used for WebSocket encoding and
decoding.
## `CURL_WS_CHUNK_EAGAIN`
Used to simulate blocking sends after this chunk size for WebSocket
connections.
## `CURL_WS_FORCE_ZERO_MASK`
Used to set the bitmask of all sent WebSocket frames to zero. The value of the
environment variable does not matter.
## `CURL_FORBID_REUSE`
Used to set the CURLOPT_FORBID_REUSE flag on each transfer initiated
by the curl command line tool. The value of the environment variable
does not matter.
## `CURL_GRACEFUL_SHUTDOWN`
Make a blocking, graceful shutdown of all remaining connections when
a multi handle is destroyed. This implicitly triggers for easy handles
that are run via easy_perform. The value of the environment variable
gives the shutdown timeout in milliseconds.
## `CURL_H2_STREAM_WIN_MAX`
Set to a positive 32-bit number to override the HTTP/2 stream window's
default of 10MB. Used in testing to verify correct window update handling.
Reference in a new issue View git blame Copy permalink