Develop Reference

C HTTP sockets closing prematurely and apparently giving read errors

td;lr: trying to echo "Hello World" to an HTTP client but getting issues with the socket closing too soon and mysterious read errors from wrk benchmark tool.
I am trying to make a simple "Hello World" HTTP server with the picoev event loop library but the client/peer connection is dropping too soon and wrk benchmark tool returns read errors for whatever reason I'm not aware. This is the code I'm using:
#include <assert.h>
#include <errno.h>
#include <fcntl.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <stdio.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <sys/uio.h>
#include <unistd.h>
#include "picoev.h"
#define HOST 0 /* 0x7f000001 for localhost */
#define PORT 8080
#define MAX_FDS 1024 * 128
#define TIMEOUT_SECS 10
char buf[1024];
ssize_t response;
int listen_sock;
static void close_conn(picoev_loop* loop, int fd)
{
picoev_del(loop, fd);
close(fd);
}
static void write_callback(picoev_loop* loop, int fd, int events, void* cb_arg)
{
// check whether neither events nor timeouts are present
if ((events & PICOEV_TIMEOUT) != 0) {
/* timeout */
close_conn(loop, fd);
} else if ((events & PICOEV_READ) != 0) {
/* update timeout, and read */
picoev_set_timeout(loop, fd, TIMEOUT_SECS);
ret = read(fd, buf, sizeof(buf));
if (ret == 0 | ret == -1) {
close_conn(loop, fd);
}
else {
write(fd, "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nContent-Length: 13\r\nConnection: close\r\n\r\nHello, world!", ret);
close_conn(loop, fd);
}
}
}
static void accept_callback(picoev_loop* loop, int fd, int events, void* cb_arg)
{
int newfd = accept4(fd, NULL, NULL, SOCK_NONBLOCK | SOCK_CLOEXEC);
if (newfd != -1) {
picoev_add(loop, newfd, PICOEV_READ, TIMEOUT_SECS, write_callback, NULL);
}
}
int main(void)
{
picoev_loop* loop;
/* listen to port */
listen_sock = socket(AF_INET, SOCK_STREAM, 0);
setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, 1, sizeof(1));
struct sockaddr_in listen_addr;
listen_addr.sin_family = AF_INET;
listen_addr.sin_port = htons(PORT);
listen_addr.sin_addr.s_addr = htonl(HOST);
bind(listen_sock, (struct sockaddr*)&listen_addr, sizeof(listen_addr));
listen(listen_sock, 1000000);
/* init picoev */
picoev_init(MAX_FDS);
/* create loop */
loop = picoev_create_loop(60);
/* add listen socket */
picoev_add(loop, listen_sock, PICOEV_READ, 1, accept_callback, NULL);
/* loop */
while (1) {
// Picoev async call to write etc..
picoev_loop_once(loop, 10);
}
/* cleanup */
picoev_destroy_loop(loop);
picoev_deinit();
return 0;
}
Curling with curl http://0.0.0.0:8080/ -v returns:
* Trying 0.0.0.0...
* TCP_NODELAY set
* Connected to 0.0.0.0 (127.0.0.1) port 8080 (#0)
> GET / HTTP/1.1
> Host: 0.0.0.0:8080
> User-Agent: curl/7.52.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: text/html
< Content-Length: 13
* transfer closed with 13 bytes remaining to read
* Curl_http_done: called premature == 1
* stopped the pause stream!
* Closing connection 0
curl: (18) transfer closed with 13 bytes remaining to read
or the following after trying to benchmark thousands of concurrent connections a few times after another:
* Trying 0.0.0.0...
* TCP_NODELAY set
* connect to 0.0.0.0 port 8080 failed: Connection refused
* Failed to connect to 0.0.0.0 port 8080: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 0.0.0.0 port 8080: Connection refused
and wrk -t1 -c400 http://0.0.0.0:8080/ returns all errors being read:
Running 10s test # http://0.0.0.0:8080/
1 threads and 400 connections
Thread Stats Avg Stdev Max +/- Stdev
Latency 0.00us 0.00us 0.00us -nan%
Req/Sec 0.00 0.00 0.00 -nan%
0 requests in 10.08s, 9.05MB read
Socket errors: connect 0, read 249652, write 0, timeout 0
Requests/sec: 0.00
Transfer/sec: 0.90MB
I don't understand if the problem is either the socket closing too soon, the response (ret) being incorrect, zombie fd's not being killed or a combination of them. Trying to strace the program doesn't give any valuable info as to where the issue lies, just a lot of epoll_wait's. I've already tried many HTTP response variations to no avail and as you can see I'm trying to kill any zombie or erring fd as soon as necessary but either I'm doing it wrong or the problem lies elsewhere. Can someone help me pinpoint the issue where it belongs?

In this line of code:
write(fd, "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nContent-Length: 13\r\nConnection: close\r\n\r\nHello, world!", ret);
You use ret for the third parameter of your call to write(). This parameter is used to indicate to write() how many bytes should be written.
However, ret was used to store the result of a call to read(). Thus, there is no relationship between the value passed to write() and the size of the message you want to send.
Fix this by initializing ret with the length of the message you want to send.
const char *msg = "HTTP/1.1 ...";
ret = strlen(msg);
write(fd, msg, ret);

Mutual Authentication and restricting user certificates to specific set at server

I'm looking for a way to restrict client certificates to specific set of self-signed certificates on the server side using the OpenSSL API.
There is a set of trusted self-signed certificates, say ./dir/*.pem. I want to reject connections, if they don't supply one of those certificates.
I can achieve almost desired behaviour by comparing server and client certificate fingerprints in the SSL context verification callback:
SSL_CTX *ctx;
...
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback);
static inline int get_fingerprint(X509* cert, unsigned char *md, unsigned int *n)
{
return X509_digest(cert, EVP_sha1(), md, n);
}
static inline int compare_certificates(X509 *c1, X509 *c2)
{
unsigned char md1[EVP_MAX_MD_SIZE], md2[EVP_MAX_MD_SIZE];
unsigned int n1, n2;
if (!(get_fingerprint(c1, md1, &n1) && get_fingerprint(c2, md2, &n2))) {
return -1;
}
return memcmp(md1, md2, n1);
}
static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
{
SSL *ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
int err = X509_STORE_CTX_get_error(ctx);
/* Allow self-signed certificates */
if (!preverify_ok && err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) {
preverify_ok = 1;
}
if (0 != compare_certificates(ctx->current_cert, SSL_CTX_get0_certificate(ssl->ctx))) {
/* Peer certificate doesn't match the server certificate */
preverify_ok = 0;
}
/* More checks ... */
return preverify_ok;
}
So if the server and client certificate fingerprints match, verification passes. Otherwise, connection is closed by the server.
I might compute fingerprints of the trusted certificates somewhere in initialization phase, then check them in a loop within the verify_callback. However, I don't like this idea. There should be easier way to do this.
I thought SSL_CTX_load_verify_locations() is just what I was looking for(but it looks like it's not; i'll explain why):
SSL_CTX_load_verify_locations() specifies the locations for ctx, at which CA certificates for verification purposes are located.
...
If CAfile is not NULL, it points to a file of CA certificates in PEM format. The file can contain several CA certificates...
The certificates in CApath are only looked up when required, e.g. when building the certificate chain or when actually performing the verification of a peer certificate.
(man 3 SSL_CTX_load_verify_locations)
Well, I guess SSL_VERIFY_FAIL_IF_NO_PEER_CERT implies verifying the peer certificate. Then it looks like all I need to do is to make a bundle of trusted certificates and pass it to SSL_CTX_load_verify_locations():
bundle_file=CAbundle.pem
cd ./dir
rm -f $bundle_file
for i in *.pem; do
openssl x509 -in $i -text >> $bundle_file
done
c_rehash .
SSL_CTX *ctx;
const char *cafile = "dir/CAbundle.pem";
const char *capath = NULL;
...
if (!SSL_CTX_load_verify_locations(ctx, cafile, capath)) {
/* Unable to set verify locations ... */
}
cert_names = SSL_load_client_CA_file(cafile);
if (cert_names != NULL) {
SSL_CTX_set_client_CA_list(ctx, cert_names);
} else {
/* Handle error ... */
}
All looks good. But the server still accepts connections with different peer certificates.
I've reproduced this behaviour using standard OpenSSL utilities here: https://gist.github.com/rosmanov/d960a5d58a96bdb730303c5b8e86f951
So my question is: how do I configure the server to accept only peers providing only specific certificates?
Update
I've found that the "whitelist" of certificates (CA bundle) actually works,
when I remove the following from the verify_callback:
if (!preverify_ok && err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) {
preverify_ok = 1;
}
So without this block everything just works. The server responds to a client connected with one of certificates listed in CAbundle.pem. If a client connects with different certificate, the server closes connection.
However, there is a strange thing. In both cases openssl s_client outputs:
Verify return code: 18 (self signed certificate)
Then maybe
if (!preverify_ok
&& err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
&& allow_self_signed
&& !cafile
&& !capath) {
preverify_ok = 1;
}
?
Update 2
Now I understand why openssl s_client outputs Verify return code: 18 (self signed...). It doesn't trust server's certificate unless -CAfile or -CApath contains the server certificate. And the server certificate is self-signed.

An explanation (for commandline) and a halfanswer (for library):
I (this time fully) redid your gist and was reminded of an inconsistency here. Commandline openssl xxx utilities are mostly designed as test/debugging tools, and in particular:
s_client normally (except anonymous, SRP, etc) receives a cert chain from the server, but uses a callback that only logs what it got and ignores/overrides any error; this is the block
depth=0 C = AU, ST = StateA, L = CityA, O = CompanyA, CN = localhost, emailAddress = a#gmail.com
verify error:num=18:self signed certificate
verify return:1
depth=0 C = AU, ST = StateA, L = CityA, O = CompanyA, CN = localhost, emailAddress = a#gmail.com
verify return:1
just after CONNECTED(fd) in your s_client output, but as you see in spite of the error it continues with the handshake resulting in a usable connection.
s_server is a more complicated. It does not request a cert from client by default, only if you specify -verify or -Verify (which set SSL_VERIFY_PEER which is not the default for server), and if it does request a cert client has the option whether to send one (with associated proof in CertVerify). If client does send chain, s_server uses the same callback as s_client which overrides any error and continues with the connection; this in your s_server output with the same verify error:num-18... which actually means 'root (including selfsigned which is its own root) in received chain but not in local truststore'. If client does not send chain, -verify continues, but -Verify (which also sets SSL_VERIFY_FAIL_IF_NO_PEER_CERT) aborts the handshake with alert 40 and returns an error, so the s_server output is very different:
verify depth is 0, must return a certificate
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
ERROR
140679792887624:error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate:s3_srvr.c:3271:
shutting down SSL
CONNECTION CLOSED
ACCEPT
But a program using the library should work. I hacked up this simple test from parts of some other programs (hence the odd indentation):
/* SO36821430 2016-04-25 */
#include <stdio.h>
#if defined(_WIN32)&&!defined(WIN32)
#define WIN32 /*anything*/
#endif
#ifdef WIN32
#include <winsock2.h>
typedef int socklen_t;
#define SOCKERR WSAGetLastError()
#include "openssl/applink.c"
#else
#include <unistd.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#ifndef INADDR_NONE
#define INADDR_NONE (ipaddr_t)-1
#endif
typedef int SOCKET;
enum { INVALID_SOCKET = -1, SOCKET_ERROR = -1 };
#define SOCKERR errno
#define closesocket close
#endif
#include "openssl/ssl.h"
#include "openssl/err.h"
#include "openssl/rand.h"
void sockerr (const char *what){
fprintf (stderr, "%s %d %s\n", what, SOCKERR, strerror(SOCKERR));
}
void sslerrn (const char *what){
fprintf (stderr, "* %s failed:\n", what);
ERR_print_errors_fp (stderr);
}
void sslerr (const char *what, int rv){
fprintf (stderr, "* %s return %d:\n", what, rv);
ERR_print_errors_fp (stderr);
}
void sslerrx (SSL * ssl, const char *what, int rv){
int rc = SSL_get_error (ssl, rv);
if( rv == -1 && rc == SSL_ERROR_SYSCALL ) sockerr (what);
else fprintf (stderr, "* %s return %d,%d\n", what, rv, rc);
ERR_print_errors_fp (stderr);
}
void subj_oneline (X509 * cert, FILE *fp){
X509_NAME * subj = X509_get_subject_name (cert);
BIO *bmem = BIO_new (BIO_s_mem()); char *ptr; int n;
X509_NAME_print_ex (bmem, subj, 0, XN_FLAG_ONELINE);
n = (int) BIO_get_mem_data (bmem, &ptr);
if( n <= 0 ) ptr = "?", n = 1;
fwrite (ptr,1,n,fp);
}
const char * inaddr;
int inport;
char buf [9999];
int main (int argc, char* argv[] )
{
int rv;
struct sockaddr_in sin; socklen_t sinlen;
SOCKET s1, s2; SSL_CTX *ctx = NULL;
time_t now; struct tm * tm;
#ifdef WIN32
struct WSAData wsa;
rv = WSAStartup (MAKEWORD(1,1), &wsa);
if(rv){ printf ("WSAStartup %d\n", rv); exit(1); }
#endif
if( argc < 2 || argc > 6 )
printf ("usage: %s port key cert CAcerts\n", argv[0]), exit(1);
sin.sin_addr.s_addr = INADDR_ANY;
sin.sin_port = htons (atoi(argv[1]));
sin.sin_family = AF_INET;
/**/
SSL_library_init();
SSL_load_error_strings();
ctx = SSL_CTX_new (SSLv23_server_method());
if( !ctx ){ sslerrn("CTX_new"); exit(1); }
SSL_CTX_set_options (ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3);
rv = SSL_CTX_use_PrivateKey_file (ctx, argv[2], SSL_FILETYPE_PEM);
if( rv != 1 ){ sslerr ("use_PrivateKey_file",rv); exit(1); }
rv = SSL_CTX_use_certificate_file (ctx, argv[3], SSL_FILETYPE_PEM);
if( rv != 1 ){ sslerr ("use_certificate_file",rv); exit(1); }
SSL_CTX_set_verify (ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
if( !SSL_CTX_load_verify_locations (ctx, argv[4], NULL) ){
sslerrn ("load_verify_locations"); exit(1); }
SSL_CTX_set_client_CA_list (ctx, SSL_load_client_CA_file (argv[4]));
/**/
if( (s1 = socket (AF_INET,SOCK_STREAM,0)) == INVALID_SOCKET ){
sockerr ("socket()"); exit(1); }
if( bind (s1, (struct sockaddr*)&sin, sizeof sin) < 0 ){
sockerr ("bind()"); exit(1); }
if( listen (s1, 5) < 0 ){
sockerr ("listen()"); exit(1); }
do{
sinlen = sizeof sin;
if( (s2 = accept (s1, (struct sockaddr*)&sin, &sinlen)) == INVALID_SOCKET ){
sockerr ("accept()"); exit(1); }
now = time(NULL); tm = localtime(&now);
printf ("+ %s %u #%02d.%02d.%02d\n", inet_ntoa (sin.sin_addr),
ntohs (sin.sin_port), tm->tm_hour, tm->tm_min, tm->tm_sec);
/**/
SSL * ssl = SSL_new (ctx);
if( !ssl ){ sslerrn("SSL_new"); goto next; }
SSL_set_fd (ssl, s2);
if( (rv = SSL_accept(ssl)) < 0 ){
sslerrx (ssl, "SSL_accept", rv); goto next; }
{ X509 * cert = SSL_get_peer_certificate (ssl);
/*EVP_PKEY * key = cert? X509_get_pubkey (cert): NULL;*/
fprintf (stdout, "=%ld", SSL_get_verify_result (ssl));
if( cert ) putchar (':'), subj_oneline (cert, stdout);
putchar ('\n');
}
while( (rv = SSL_read (ssl, buf, sizeof buf)) > 0 )
printf ("%d: %.*s\n", rv, rv, buf);
sslerrx (ssl, "SSL_read", rv);
next:
if( ssl ) SSL_free (ssl);
/**/
now = time(NULL); tm = localtime(&now);
printf ("- %s %u #%02d.%02d.%02d\n", inet_ntoa (sin.sin_addr),
ntohs (sin.sin_port), tm->tm_hour, tm->tm_min, tm->tm_sec);
closesocket (s2);
} while (1);
return 0;
}
When run with $port cert1.key cert1.pem CAbundle.pem and connected from client using cert2.key & cert2.pem this aborts the handshake with alert 48 unknown_ca and returns an error as desired:
+ 127.0.0.1 46765 #22.07.36
* SSL_accept return -1,1
140240689366696:error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed:s3_srvr.c:3270:
- 127.0.0.1 46765 #22.07.36
HTH.

If you want a whitelist of specific client certificates, you can prepare an indexed list in memory when you initialize.
For example, you can use PEM_X509_INFO_read to read a concatenated file of all client certificates in PEM format. This will give you a STACK_OF(X509_INFO)* of certificates. The number of certificates can be found with sk_X509_INFO_num, and you can see each certificate at sk_X509_INFO_value(..)->x509.
Then, for example, you can simply build an in-memory index and qsort by compare_x509.
Now, when your verify callback is called, just do a bsearch on your index by compare_x509, and either the certificate is on your whitelist, or it isn't.
You can accept the match on the result of compare_x5099, or of course you could double-check by verifying the full certificate once the search finds a match in the index.

Pulling a specific number out of a returned message

I'm writing a program to simulate a very basic internet explorer using the GET function in Linux. The only problem I seem to be having is that I'm unsure how to pull value for the content length out of the returned value. Right now I have numbers hard coded in, but they only really work for my file size, and not one any bigger or smaller. If I could manage to parse the content length, I could fix this issue. If someone could put me on the right path to parsing that, I would be very appreciative.
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <fcntl.h>
/* VSIE client program uses TCP protocol to connect to the remote http server.
The program will take 2 input arguments:
1) command option, get (receive) or head (send)
2) http URL address
*/
#define MAX 80
#define MAX2 1024
#define http "HTTP/1.1"
#define TRUE 1
#define FALSE 0
#define HEADERSTOP "\n\n"
main(int argc, char *argv[])
{
unsigned char *e;
char command[MAX];
char server[MAX];
char path[MAX];
char filename[MAX]= "";
char httpString[MAX];
int i, x, f, n, length = 0;
int numBytes = 0;
int getData = TRUE;
int getFlag = FALSE;
int flag = FALSE;
int headFlag = FALSE;
FILE *in;
int sk;
unsigned char buf[MAX2];
struct sockaddr_in remote;
struct hostent *hp;
struct servent *sp;
short port = 0;
// parse input arguments
sscanf(argv[2],"%[^'/']%s",server,path);
if (strcmp(argv[1],"-get") == 0)
{
sprintf(command, "GET");
getFlag = TRUE;
}
else if (strcmp(argv[1],"-head") == 0)
{
sprintf(command, "HEAD");
}
//build http 1.1 GET or HEAD message
sprintf(httpString,"%s %s %s\nHost: %s\n\n", command, path,http,server);
printf("command = %s, server = %s, path = %s\n", command, server, path);
printf("httpString = %s\n",httpString);
//parse filename from path
length = strlen(path);
x=0;
f=0;
for(i = 0; i < length; i++)
{
//printf("path[%d] = %c \n",i,path[i]);
if ((flag == TRUE) & (f == 2))
{
filename[x] = path[i];
x++;
}
if (path[i] == '/')
{
flag = TRUE;
f++;
}
}
printf("filename = %s\n", filename);
//if command = get, open filename
//if(command == "-get")
if (getFlag == TRUE)
{
if((in = fopen (filename,"w")) == NULL)
{
//printf("FAILURE: opening input file %s\n",filename);
perror("FAILURE: opening input file");
exit(1);
}
printf("file opened successfully\n");
}
//get internet address of host & port number of http service
hp = gethostbyname(server);
if (hp == NULL)
{
printf("Can't find host name. %s\n", server);
exit (1);
}
//copy the h_addr (source) to s_add (destination) for n bytes specified by length
bcopy(hp->h_addr,&remote.sin_addr.s_addr,hp->h_length);
/* get the port number */
sp = getservbyname("http", "tcp");
if (sp == NULL)
{
printf("can't find port # %d\n",sp->s_port);
exit (1);
}
port = sp->s_port;
remote.sin_port = sp->s_port;
printf("port = %d, port = %d \n", port, remote.sin_port);
//create socket for http server - socket type: Sock_Stream, protocol: TCP
sk = socket(AF_INET,SOCK_STREAM,0);
if (sk < 0)
{
perror("error opening socket");
exit(1);
}
remote.sin_family = AF_INET;
//initiate connection to the server address w/ TCP socket
if (connect(sk, (struct sockaddr *) &remote, sizeof(remote)) < 0)
{
printf("connect fails!\n");
exit(1);
}
printf("connection successful\n");
//send http message
printf("send message:%s\n", httpString);
//send(sk,httpString,strlen(httpString)+1,0);
if(send(sk,httpString,sizeof(httpString),0) < 0)
{
printf("send() failed");
//exit(1);
}
n = 1;
//Loop until all data received
while(getData == TRUE)
{
//wait for and print the return message
numBytes = recv(sk,buf,sizeof(buf),0);
if (numBytes < 0)
{
perror("error reading from socket");
break;
}
else if (numBytes < MAX2)
{
getData = FALSE;
printf("***end while loop****\n");
}
if (headFlag == FALSE){
e = memchr(buf, '\n', sizeof(buf));
while (*(e+1) != '\r'){
e = memchr(e+1, '\n', sizeof(buf));
}
headFlag = TRUE;
}
printf("\n****number of bytes received %d****\n",numBytes);
//saved the retrieved content into the file (input argument)
if (getFlag == TRUE)
{
//printf("write output\n");
printf("%.*s\n", (numBytes-763), buf);
if(e != NULL){
fwrite(e, numBytes, 1, in);
e = NULL;
}else{
fwrite(buf, numBytes, 1, in);
}
}
n++;
} // end while()
//close socket & file
close(sk);
if(fclose(in) !=0)
{
perror("FAILURE: Closing input file");
exit(1);
}
return 0;
} //end main()
The returned information is:
****number of bytes received 1024****
HTTP/1.1 200 OK
Date: Tue, 08 Apr 2014 17:37:10 GMT
Server: Apache/2.2.22 (Ubuntu)
Last-Modified: Tue, 18 Feb 2014 19:41:06 GMT
ETag: "1724117-9fb-4f2b373fef880"
Accept-Ranges: bytes
Content-Length: 2555
Vary: Accept-Encoding
Content-Type: text/html

Here is some code that shows you one way to do it. The bit that matters for you is
strtok - split the string into lines
strstr - find a string that contains the words you are looking for
sscanf - scan the line for the value of the integer
Everything else is just there to make the example work.
#include <stdio.h>
#include <string.h>
int main(void) {
char httpString[]="HTTP/1.1 200 OK\n"\
"Date: Tue, 08 Apr 2014 17:37:10 GMT\n"\
"Server: Apache/2.2.22 (Ubuntu)\n"\
"Last-Modified: Tue, 18 Feb 2014 19:41:06 GMT\n"\
"ETag: \"1724117-9fb-4f2b373fef880\"\n"\
"Accept-Ranges: bytes\n"\
"Content-Length: 2555\n"\
"Vary: Accept-Encoding\n"\
"Content-Type: text/html\n";
printf("string is %s\n", httpString);
char *line;
line = strtok(httpString, "\n");
while(line != NULL) {
if (strstr(line, "Content-Length:")!= NULL) {
int theNumber;
sscanf(line, "Content-Length: %d", &theNumber);
printf("The number is %d\n", theNumber);
}
line = strtok(NULL, "\n");
}
return 0;
}
Output:
string is HTTP/1.1 200 OK
Date: Tue, 08 Apr 2014 17:37:10 GMT
Server: Apache/2.2.22 (Ubuntu)
Last-Modified: Tue, 18 Feb 2014 19:41:06 GMT
ETag: "1724117-9fb-4f2b373fef880"
Accept-Ranges: bytes
Content-Length: 2555
Vary: Accept-Encoding
Content-Type: text/html
The number is 2555
Alternatively - as mentioned by #enhzflep in the comments, if you look for the index of the string Content-length: in the original, then you can do a sscanf with a string that starts right after that point:
char searchString[] = "Content-length:";
int offset, number;
offset = strstr(httpString, searchString);
sscanf(offset + strlen(searchString), "%d", &number);

Unable to connect to host using getaddrinfo()

Note: This is a project for homework, I will try to write the remaining code, but cannot figure out why this is unable to connect to an input URL.
I was given skeleton code that I modified a bit to receive an input URL. Expected usage could be: ./a.out http://google.com
For whatever reason it never succeeds in connecting. The error message "could not connect" always is printed. Later I will need to take a file from the URL and save it to the local directory but I will try to figure out how to do that (my guess is that it has to do with recv() in the code below). In the case of "http://google.com" I would be expected to take "index.html".
The skeleton code is using connect() but the man page for getaddrinfo() uses bind() which seems to be much faster but also is not working. Using connect() it never seems to leave the for loop (Edit: It never leaves because it seems to be stuck trying to connect):
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
int main(int argc, char** argv) {
// Alex: Input usage (expecting one URL)
if (argc != 2) {
printf("Usage: ./hw1 URL\n");
exit(1);
}
// Alex: Set noHttp as argv[1] and remove "http://"
char* noHttp = argv[1];
char http[] = "http://";
if (strlen(noHttp) > 7 && !strncmp(noHttp, http, 7)) noHttp += 7;
else {
printf("Invalid URL, expecting http://host/path\n");
exit(1);
}
printf("%s\n", noHttp);
struct addrinfo hints;
struct addrinfo* result, * rp;
int sock_fd, s;
// Alex: I moved assigning hints.ai_socktype after memset()
memset(&hints, 0, sizeof(struct addrinfo));
//hints.ai_socktype = SOCK_STREAM;
s = getaddrinfo(noHttp, "8080", &hints, &result); // To Stack Overflow: This changed to "80", I am leaving it here because there are comments about it
if (0 != s) {
perror("Error populating address structure");
exit(1);
}
int i = 0;
for (rp = result; rp != NULL; rp = rp->ai_next) {
printf("i = %d\n", i);
i++;
//printf("rp->ai_flags = %d\n", rp->ai_flags);
printf("rp->ai_family = %d\n", rp->ai_family);
printf("rp->ai_socktype = %d\n", rp->ai_socktype);
printf("rp->ai_protocol = %d\n", rp->ai_protocol);
sock_fd = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol);
printf("sock_fd = %d\n", sock_fd);
if (sock_fd == -1) continue;
// Success
if (connect(sock_fd, rp->ai_addr, rp->ai_addrlen) != -1) break;
close(sock_fd);
}
if (rp == NULL) {
fprintf(stderr, "could not connect\n");
exit(1);
}
freeaddrinfo(result);
char buf[255];
memset(&buf, 0, sizeof(buf));
int recv_count = recv(sock_fd, buf, 255, 0);
if (recv_count < 0) {
perror("Receive failed");
exit(1);
}
printf("%s",buf);
shutdown(sock_fd, SHUT_RDWR);
return 0;
}
Edit: I replaced "8080" with "80" as Uku Loskit recommended.

Your program looks OK to me, run netcat on port 8080 and connet to the host:
$ echo "Hello" | ncat -l 8080
will return:
$ gcc -Wall sample.c
$ ./a.out http://127.0.0.1
127.0.0.1
i = 0
rp->ai_family = 2
rp->ai_socktype = 1
rp->ai_protocol = 6
sock_fd = 3
Hello
$
in order to connect to HTTP, you need to send HTTP request first or it will block, add after the line 64:
freeaddrinfo(result);
send(sock_fd, "GET / HTTP/1.1\n\n", 16, 0); // HTTP request
char buf[255];
memset(&buf, 0, sizeof(buf));
this will send the request:
GET / HTTP/1.1
and change the port to 80, it should work:
$ ./a.out http://google.com
google.com
i = 0
rp->ai_family = 2
rp->ai_socktype = 1
rp->ai_protocol = 6
sock_fd = 3
HTTP/1.1 200 OK
Date: Sun, 01 Sep 2013 21:05:16 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151
$

You should be connecting on port 80, not 8080. Port 80 is the default for HTTP.

When you change your port number to 80 and connect to http://google.com, it'll work as expected, but hangs on the recv() call because an HTTP server won't send anything to you until you ask it for something. Sp.'s answer gives you an example of how to do this by adding a send() call before your recv() call.
What's happening right now is you're connecting to it, and it's waiting for you to tell it what you want. What you are doing is just waiting for it to send you something with your recv() call, so you're both going to just wait until it times out.

g_io_channel + socket = server , still didnt receive proper data and just get one client ? in C language

folks,
if you dont mind please see following code :
#include <glib.h>
#include <gio/gio.h> // gio channel
#include <sys/socket.h> //socket();
#include <netdb.h> // structure
#include <stdio.h> // printf
void deal(GIOChannel *in, GIOCondition condition, gpointer data)
{
struct sockaddr_storage income;
int insock = g_io_channel_unix_get_fd(in);
socklen_t income_len = sizeof(income);
int newsock = accept(insock, (struct sockaddr*)&income, &income_len );
if(newsock == -1)
{
printf("failure on newsock\n");
}
char buff[128];
int recv_total = 0;
int recv_byte = 128;
int recv_sizing;
while (recv_total < recv_byte ){
recv_sizing = recv(newsock,buff + recv_total,recv_byte,0);
// breaking if recv_sizing = -1 assuming as error, 0 assuming as lost communication from client suddenly
if(recv_sizing < 0 || recv_sizing == 0)
{
printf("connection lost or error while recv(); [ just guess ] number : %d \n",recv_sizing);
break;
}
recv_byte -= recv_sizing;
recv_total += recv_sizing;
}
buff[recv_total] = '\0';
//recv_sizing = recv(newsock,buff,recv_byte,0);
printf("data : %s\n",buff);
close(newsock); // close immediate and look for another some1 new
}
int main()
{
GIOChannel *in;
struct sockaddr_in my;
my.sin_addr.s_addr = INADDR_ANY;
my.sin_family = AF_INET;
my.sin_port = htons(3000);
//socket initiate root socket
int rsock = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
//allow re-use address
setsockopt(rsock,SOL_SOCKET,SO_REUSEADDR,(int*)1,sizeof(int));
//binding
bind(rsock,(struct sockaddr*)&my,sizeof(my));
//listen
listen(rsock,10);
in = g_io_channel_unix_new(rsock);
g_io_add_watch(in, G_IO_IN | G_IO_OUT | G_IO_HUP, (GIOFunc) deal, NULL);
GMainLoop *loop = g_main_loop_new(NULL,FALSE); // pengganti while(1) ato gtk_main_loop
g_main_loop_run(loop);
return 0;
}
and it get compiled :
$ gcc -o dengersocket_glib dengersocket_glib.c `pkg-config --cflags --libs glib-2.0`
and now listening and look forward any packet data from client
and the client send the following packet :
$ echo wew | nc -v localhost 3000
nc: connect to localhost port 3000 (tcp) failed: Connection refused
Connection to localhost 3000 port [tcp/*] succeeded!
and now the server receive following weird packet :
$ ./dengersocket_glib
data : �o=
and my question is, where is the fault on my code ?,
1.how to get the proper packet and every single client could connect to the server ? [solved]
2.the passing data is solved, but still just could accept only one client, how to get more than one client?

int recv_total;
should be
int recv_total = 0;
With the random garbage value your recv_total has due to lack of initialization, you'll also get random garbage data in buf unless recv_total just happened to be <128, and the first char in the buffer will be garbage unless recv_total happened to be 0.
EDIT:
Also, your accept call is wrong, you cast a size to void * but are supposed to pass a pointer to a socklen_t which should contain and receive the size of the sockaddr.
socklen_t ss = sizeof(income);
accept(..., &ss);
Then, check the return value from accept, see that you got a valid socket.
if (newsock == -1) {
printf("...");
}