nemasu / asmttpd Goto Github PK
View Code? Open in Web Editor NEWWeb server for Linux written in amd64 assembly.
License: GNU General Public License v2.0
Web server for Linux written in amd64 assembly.
License: GNU General Public License v2.0
can we put another commandline argument to specify port?
Display directory contents when URL is a directory.
I have cloned this project and have followed the installation instructions as mentioned in the Readme file.
Now when I run following command:
sudo ./asmttpd web_root
It exits without displaying exactly what had happened:
asmttpd - 0.08
Using Document Root: web_root
An error has occured, exiting
FYI, I've yasm 1.1.0.2352
installed on my Ubuntu 12.04 machine.
Are there any plans on supporting secure connections? They are already possible by proxying through nginx to add a certificate for https. But when I have nginx running I don't need asmttpd to serve static content.
C:\Users\shaba>curl -I http://localhost:8080/
HTTP/1.1 200 OK
Server: asmttpd/0.4.4
Accept-Ranges: bytes
Content-Length: 17905
Content-Type: text/html
C:\Users\shaba>curl -I http://localhost:8080/plans
HTTP/1.1 200 OK
Server: asmttpd/0.4.4
Accept-Ranges: bytes
Content-Length: 9223372036854775807
Content-Type: application/octet-stream
C:\Users\shaba>curl -I http://localhost:8080/plans/index.html
HTTP/1.1 200 OK
Server: asmttpd/0.4.4
Accept-Ranges: bytes
Content-Length: 22342
Content-Type: text/html
C:\Users\shaba>curl -I http://localhost:8080/support/
HTTP/1.1 200 OK
Server: asmttpd/0.4.4
Accept-Ranges: bytes
Content-Length: 9223372036854775807
Content-Type: application/octet-stream
C:\Users\shaba>curl -I http://localhost:8080/support/index.html
HTTP/1.1 200 OK
Server: asmttpd/0.4.4
Accept-Ranges: bytes
Content-Length: 33833
Content-Type: text/html
Appears to be a scenario where the base domain automatically routes to index.html but everything else gets treated as application/octet-stream
. Seems similar to #13
Need to improve performance of header creation.
Make a concat function that takes in an offset of destination string.
This way it wont need to calculate the length every time it adds a header.
It returns the new length already, so we can easily keep track of the length as creation happens.
as the title
~ > curl --head http://my_host/
HTTP/1.1 200 OK
Server: asmttpd/0.3
Accept-Ranges: bytes
Content-Length: 9223372036854775807 <- ERROR
Content-Type: application/octet-stream
index.html:
hello
was this project abandoned ?
The whole Project has no single Documentation File besides README and Comments in the Source Code. I want to understand this project, but without Documentation, this task gets even harder.
In order to achieve better portability it's better to use 'as' instead, it can be installed on ARM64, POWER9, MIPS, most OS supported.
Most GNU/Linux distros have gcc by default, but not yasm.
https://github.com/TechEmpower/FrameworkBenchmarks
For simplest benches requirements are easy: just set couple headers and return cashed in memory JSON or plain text resource.
Full list of requirements: http://frameworkbenchmarks.readthedocs.org/en/latest/Project-Information/Framework-Tests/#specific-test-requirements
Only a very trivial issue however code comments seem a bit inconsistent. Should we standardize on:
mov rax, rbx ; This is a comment
Space after ';' and start with capital letter?
I compiled it with nasm
nasm -f elf64 main.asm -o main.o
Then run
ld -m elf_x86_64 main.o -o asmttpd
Then on Ubuntu Subsystem Linux for Windows 10
after i chmod on it
chmod -R 777 ./asmttpd
I run it
./asmttpd web_root 8000
It gracefully try to bypass firewall by showing a pop up
with option of Public and Private network. However it gives me
segmentation fault (core dumped). And i can't curl on it,
curl on localhost port 8000 connection refused.
How to fix this?
for example:
$ wget -O - http://localhost
--2014-07-07 20:56:51-- http://localhost/
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:80... failed: Connection refused.
Connecting to localhost (localhost)|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/octet-stream]
Saving to: ‘STDOUT’
The result is 0 bytes. Firefox interprets this as a bin file with a random name. If I specify http://localhost/index.html then it works perfectly.
Please could you add a "default document" feature in the future?
Hi, newbie here. I'd like to use asmttpd serving on port 5552 (decimal) which in hex is 0x15B0. I've changed LISTEN_PORT in main.asm accordingly, but it wont load. I suspect it is something about the hex value format, the default is 0x5000 for port 80 and not 0x50 as expected (by me). 0x15B000 doesn't work also. Also, how can I run it without sudo?
My current plan for handling 10k+ connections, will edit as it's improved.
Comments are welcome :)
Idea: Don't block on anything until it's ready. When waiting for I/O, accept more connections.
+Asynchronous I/O.
+Non-blocking sockets.
+Multi-threaded.
+Self contained threads.
+Single thread can handle multiple connections, more threads = more connections
+Only one thread design needed
+No synchronization of threads needed
+Self load balancing threads. ie. Threads with more free cycles will call accept more often.
-/+ One connection will use about 10 KB of memory.
-More complicated (but more awesome too).
-Will likely be a tad slower on many small requests.
struct Data = socket fd, file fd, send_offset, length, 8KB buf(recv, path, url) =
8 + 8 + 8 + 8 + 8192 + 104 + 2000 = 10328 bytes
Storing pointer to struct in epoll user data, no need for extra data structure.
worker-thread pseudocode
top:
accept
epol_ctl( socket fd, read )
epoll_wait ( socket recv, send fds, and file read fds )
socket recv ( if file fd == 0 ):
allocate data mem & add socket fd to data
recv
parse for file & open, store fd in data & create header.
epoll_ctl( file fd, read )
socket send:
send
if done, free data, epoll_ctl delete else inc offset
file read ( if file fd != 0 ):
get info from Data struct: offset, length
read()
update Data, if done remove&close file fd, add socket send fd
goto top
The server crashes if a request of more than 0xFF bytes length is issued. I've identified three independent bugs causing such problems. They might be exploitable to execute arbitrary code.
First, RAX holds the length of the request path and is not explicitly zeroed out before the worker_thread_append_directory_path loop. Since LODSB only overwrites AL, the RAX=0 condition is never met and the loop will never terminate the request path is longer than 0xFF bytes and therefore a bit of AH is set.
Zeroing out RAX before worker_thread_append_directory_path (e.g. xor rax,rax) fixes this issue.
Test case: $ curl -v http://192.168.0.21/m$(perl -e'print "/"x300' )
Second, an off-by-two bug when leads to a crash if the request is more than 8192 bytes long. The sys_recv call fills the buffer with 8192 bytes in this case, and returns 8192 in RAX. However, RAX is then copied to r11, incremented and used as an array index to write the 0x00 byte to (mov BYTE [rdi], 0x00). This will overwrite buffer[8193], while the last allocated buffer byte was buffer[8191].
Test case: $ curl -v http://192.168.0.21/m$(perl -e'print "/"x9999' )
Third, the remaining space of the receive buffer is reused to build the file system path from the request path without any boundary checking. This leads to an out-of-boundary write and possible heap corruption if the space remaining in the receive buffer is less than the length of the request path (i.e. if the request path is longer than ~4096 bytes) but the request as a whole still fits into the receive buffer (so it ends with \r\n\r\n and is still considered a valid request).
Test case: $ curl -v http://192.168.0.21/m$(perl -e'print "/"x4242' )
It currently serves an SVG but it sends it as a download. So the image never loads.
/x.js
-> 200 OK/x.min.js
-> 404 Not Foundcreate packages and ebuild for gentoo, add them to repositories.
I have a kubernetes ingress controller in front of this. It seems it only works if I disable http/2. Can this be implemented?
How would you feel about a FASM (flat assembler) version of asmttpd? I would be interested in creating and maintaining one.
Listening socket isn't closed when program exists.
https://en.m.wikipedia.org/wiki/Memory_barrier#Multithreaded_programming_and_memory_visibility
You need mfence/lfence/sfence before mutex_lock() returns, and before unlock() returns.
I wanted to test it, but it isn't working. I tried to use the release version but I'm getting the same error and no verbose debug information. What should I do?
sudo ./asmttpd web_root/
asmttpd - 0.4
Using Document Root: web_root/
Segmentation fault (core dumped)
Implement HEAD request handling.
When you start the server without root privileges the output is:
Error - Bind() failed. Check if port is in use.
Maybe you can add that there can also be a permission problem
How to replicate:
Place large file in the web root open firefox start download then pres the abort sign.
The server then quits with the return value 141
File system can be accessed outside of document root by using ../ in URL.
I'm thinking about tinkering with the Raspberry and this httpd
with such a small footprint seems to be a perfect thing to experiment with in this environment. Just wondering if anyone has done anything on the Pi and any advice?
Why do a byte-wise comparison of these? Some can be DWORD compares, and all of them could be a cmpsb
loop instead of being manually unrolled.
Lines 366 to 384 in b5addaf
I telnet the server port listened by asmhttpd and after sending the first line of http request, and the error response got:
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
GET / HTTP/1.1
HTTP/1.1 400 Bad Request
Server: asmttpd/0.4.5
But when I send http request by curl, the response is ok.
$ curl "http://127.0.0.1:8081/" -v
GET / HTTP/1.1
Host: 127.0.0.1:8081
User-Agent: curl/7.65.3
Accept: /
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.