2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
31 #include "sysemu/sysemu.h"
32 #include "qemu/sockets.h"
33 #include "qemu/timer.h"
35 #include "qemu/config-file.h"
36 #include "qapi/qmp/types.h"
37 #include "qmp-commands.h"
38 #include "qemu/osdep.h"
40 #include "qapi-event.h"
42 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
43 #define VNC_REFRESH_INTERVAL_INC 50
44 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
45 static const struct timeval VNC_REFRESH_STATS
= { 0, 500000 };
46 static const struct timeval VNC_REFRESH_LOSSY
= { 2, 0 };
48 #include "vnc_keysym.h"
51 static QTAILQ_HEAD(, VncDisplay
) vnc_displays
=
52 QTAILQ_HEAD_INITIALIZER(vnc_displays
);
54 static int vnc_cursor_define(VncState
*vs
);
55 static void vnc_release_modifiers(VncState
*vs
);
57 static void vnc_set_share_mode(VncState
*vs
, VncShareMode mode
)
60 static const char *mn
[] = {
62 [VNC_SHARE_MODE_CONNECTING
] = "connecting",
63 [VNC_SHARE_MODE_SHARED
] = "shared",
64 [VNC_SHARE_MODE_EXCLUSIVE
] = "exclusive",
65 [VNC_SHARE_MODE_DISCONNECTED
] = "disconnected",
67 fprintf(stderr
, "%s/%d: %s -> %s\n", __func__
,
68 vs
->csock
, mn
[vs
->share_mode
], mn
[mode
]);
71 switch (vs
->share_mode
) {
72 case VNC_SHARE_MODE_CONNECTING
:
73 vs
->vd
->num_connecting
--;
75 case VNC_SHARE_MODE_SHARED
:
78 case VNC_SHARE_MODE_EXCLUSIVE
:
79 vs
->vd
->num_exclusive
--;
85 vs
->share_mode
= mode
;
87 switch (vs
->share_mode
) {
88 case VNC_SHARE_MODE_CONNECTING
:
89 vs
->vd
->num_connecting
++;
91 case VNC_SHARE_MODE_SHARED
:
94 case VNC_SHARE_MODE_EXCLUSIVE
:
95 vs
->vd
->num_exclusive
++;
102 static char *addr_to_string(const char *format
,
103 struct sockaddr_storage
*sa
,
106 char host
[NI_MAXHOST
];
107 char serv
[NI_MAXSERV
];
111 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
114 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
115 VNC_DEBUG("Cannot resolve address %d: %s\n",
116 err
, gai_strerror(err
));
120 /* Enough for the existing format + the 2 vars we're
121 * substituting in. */
122 addrlen
= strlen(format
) + strlen(host
) + strlen(serv
);
123 addr
= g_malloc(addrlen
+ 1);
124 snprintf(addr
, addrlen
, format
, host
, serv
);
125 addr
[addrlen
] = '\0';
131 char *vnc_socket_local_addr(const char *format
, int fd
) {
132 struct sockaddr_storage sa
;
136 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
139 return addr_to_string(format
, &sa
, salen
);
142 char *vnc_socket_remote_addr(const char *format
, int fd
) {
143 struct sockaddr_storage sa
;
147 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0)
150 return addr_to_string(format
, &sa
, salen
);
153 static VncBasicInfo
*vnc_basic_info_get(struct sockaddr_storage
*sa
,
157 char host
[NI_MAXHOST
];
158 char serv
[NI_MAXSERV
];
161 if ((err
= getnameinfo((struct sockaddr
*)sa
, salen
,
164 NI_NUMERICHOST
| NI_NUMERICSERV
)) != 0) {
165 VNC_DEBUG("Cannot resolve address %d: %s\n",
166 err
, gai_strerror(err
));
170 info
= g_malloc0(sizeof(VncBasicInfo
));
171 info
->host
= g_strdup(host
);
172 info
->service
= g_strdup(serv
);
173 info
->family
= inet_netfamily(sa
->ss_family
);
177 static VncBasicInfo
*vnc_basic_info_get_from_server_addr(int fd
)
179 struct sockaddr_storage sa
;
183 if (getsockname(fd
, (struct sockaddr
*)&sa
, &salen
) < 0) {
187 return vnc_basic_info_get(&sa
, salen
);
190 static VncBasicInfo
*vnc_basic_info_get_from_remote_addr(int fd
)
192 struct sockaddr_storage sa
;
196 if (getpeername(fd
, (struct sockaddr
*)&sa
, &salen
) < 0) {
200 return vnc_basic_info_get(&sa
, salen
);
203 static const char *vnc_auth_name(VncDisplay
*vd
) {
205 case VNC_AUTH_INVALID
:
221 case VNC_AUTH_VENCRYPT
:
222 #ifdef CONFIG_VNC_TLS
223 switch (vd
->subauth
) {
224 case VNC_AUTH_VENCRYPT_PLAIN
:
225 return "vencrypt+plain";
226 case VNC_AUTH_VENCRYPT_TLSNONE
:
227 return "vencrypt+tls+none";
228 case VNC_AUTH_VENCRYPT_TLSVNC
:
229 return "vencrypt+tls+vnc";
230 case VNC_AUTH_VENCRYPT_TLSPLAIN
:
231 return "vencrypt+tls+plain";
232 case VNC_AUTH_VENCRYPT_X509NONE
:
233 return "vencrypt+x509+none";
234 case VNC_AUTH_VENCRYPT_X509VNC
:
235 return "vencrypt+x509+vnc";
236 case VNC_AUTH_VENCRYPT_X509PLAIN
:
237 return "vencrypt+x509+plain";
238 case VNC_AUTH_VENCRYPT_TLSSASL
:
239 return "vencrypt+tls+sasl";
240 case VNC_AUTH_VENCRYPT_X509SASL
:
241 return "vencrypt+x509+sasl";
254 static VncServerInfo
*vnc_server_info_get(VncDisplay
*vd
)
257 VncBasicInfo
*bi
= vnc_basic_info_get_from_server_addr(vd
->lsock
);
262 info
= g_malloc(sizeof(*info
));
264 info
->has_auth
= true;
265 info
->auth
= g_strdup(vnc_auth_name(vd
));
269 static void vnc_client_cache_auth(VncState
*client
)
275 #ifdef CONFIG_VNC_TLS
276 if (client
->tls
.session
&&
278 client
->info
->has_x509_dname
= true;
279 client
->info
->x509_dname
= g_strdup(client
->tls
.dname
);
282 #ifdef CONFIG_VNC_SASL
283 if (client
->sasl
.conn
&&
284 client
->sasl
.username
) {
285 client
->info
->has_sasl_username
= true;
286 client
->info
->sasl_username
= g_strdup(client
->sasl
.username
);
291 static void vnc_client_cache_addr(VncState
*client
)
293 VncBasicInfo
*bi
= vnc_basic_info_get_from_remote_addr(client
->csock
);
296 client
->info
= g_malloc0(sizeof(*client
->info
));
297 client
->info
->base
= bi
;
301 static void vnc_qmp_event(VncState
*vs
, QAPIEvent event
)
308 g_assert(vs
->info
->base
);
310 si
= vnc_server_info_get(vs
->vd
);
316 case QAPI_EVENT_VNC_CONNECTED
:
317 qapi_event_send_vnc_connected(si
, vs
->info
->base
, &error_abort
);
319 case QAPI_EVENT_VNC_INITIALIZED
:
320 qapi_event_send_vnc_initialized(si
, vs
->info
, &error_abort
);
322 case QAPI_EVENT_VNC_DISCONNECTED
:
323 qapi_event_send_vnc_disconnected(si
, vs
->info
, &error_abort
);
329 qapi_free_VncServerInfo(si
);
332 static VncClientInfo
*qmp_query_vnc_client(const VncState
*client
)
334 struct sockaddr_storage sa
;
335 socklen_t salen
= sizeof(sa
);
336 char host
[NI_MAXHOST
];
337 char serv
[NI_MAXSERV
];
340 if (getpeername(client
->csock
, (struct sockaddr
*)&sa
, &salen
) < 0) {
344 if (getnameinfo((struct sockaddr
*)&sa
, salen
,
347 NI_NUMERICHOST
| NI_NUMERICSERV
) < 0) {
351 info
= g_malloc0(sizeof(*info
));
352 info
->base
= g_malloc0(sizeof(*info
->base
));
353 info
->base
->host
= g_strdup(host
);
354 info
->base
->service
= g_strdup(serv
);
355 info
->base
->family
= inet_netfamily(sa
.ss_family
);
357 info
->base
->websocket
= client
->websocket
;
360 #ifdef CONFIG_VNC_TLS
361 if (client
->tls
.session
&& client
->tls
.dname
) {
362 info
->has_x509_dname
= true;
363 info
->x509_dname
= g_strdup(client
->tls
.dname
);
366 #ifdef CONFIG_VNC_SASL
367 if (client
->sasl
.conn
&& client
->sasl
.username
) {
368 info
->has_sasl_username
= true;
369 info
->sasl_username
= g_strdup(client
->sasl
.username
);
376 static VncDisplay
*vnc_display_find(const char *id
)
381 return QTAILQ_FIRST(&vnc_displays
);
383 QTAILQ_FOREACH(vd
, &vnc_displays
, next
) {
384 if (strcmp(id
, vd
->id
) == 0) {
391 static VncClientInfoList
*qmp_query_client_list(VncDisplay
*vd
)
393 VncClientInfoList
*cinfo
, *prev
= NULL
;
396 QTAILQ_FOREACH(client
, &vd
->clients
, next
) {
397 cinfo
= g_new0(VncClientInfoList
, 1);
398 cinfo
->value
= qmp_query_vnc_client(client
);
405 VncInfo
*qmp_query_vnc(Error
**errp
)
407 VncInfo
*info
= g_malloc0(sizeof(*info
));
408 VncDisplay
*vd
= vnc_display_find(NULL
);
410 if (vd
== NULL
|| vd
->display
== NULL
) {
411 info
->enabled
= false;
413 struct sockaddr_storage sa
;
414 socklen_t salen
= sizeof(sa
);
415 char host
[NI_MAXHOST
];
416 char serv
[NI_MAXSERV
];
418 info
->enabled
= true;
420 /* for compatibility with the original command */
421 info
->has_clients
= true;
422 info
->clients
= qmp_query_client_list(vd
);
424 if (vd
->lsock
== -1) {
428 if (getsockname(vd
->lsock
, (struct sockaddr
*)&sa
,
430 error_set(errp
, QERR_UNDEFINED_ERROR
);
434 if (getnameinfo((struct sockaddr
*)&sa
, salen
,
437 NI_NUMERICHOST
| NI_NUMERICSERV
) < 0) {
438 error_set(errp
, QERR_UNDEFINED_ERROR
);
442 info
->has_host
= true;
443 info
->host
= g_strdup(host
);
445 info
->has_service
= true;
446 info
->service
= g_strdup(serv
);
448 info
->has_family
= true;
449 info
->family
= inet_netfamily(sa
.ss_family
);
451 info
->has_auth
= true;
452 info
->auth
= g_strdup(vnc_auth_name(vd
));
458 qapi_free_VncInfo(info
);
462 static VncBasicInfoList
*qmp_query_server_entry(int socket
,
464 VncBasicInfoList
*prev
)
466 VncBasicInfoList
*list
;
468 struct sockaddr_storage sa
;
469 socklen_t salen
= sizeof(sa
);
470 char host
[NI_MAXHOST
];
471 char serv
[NI_MAXSERV
];
473 if (getsockname(socket
, (struct sockaddr
*)&sa
, &salen
) < 0 ||
474 getnameinfo((struct sockaddr
*)&sa
, salen
,
475 host
, sizeof(host
), serv
, sizeof(serv
),
476 NI_NUMERICHOST
| NI_NUMERICSERV
) < 0) {
480 info
= g_new0(VncBasicInfo
, 1);
481 info
->host
= g_strdup(host
);
482 info
->service
= g_strdup(serv
);
483 info
->family
= inet_netfamily(sa
.ss_family
);
484 info
->websocket
= websocket
;
486 list
= g_new0(VncBasicInfoList
, 1);
492 static void qmp_query_auth(VncDisplay
*vd
, VncInfo2
*info
)
496 info
->auth
= VNC_PRIMARY_AUTH_VNC
;
499 info
->auth
= VNC_PRIMARY_AUTH_RA2
;
502 info
->auth
= VNC_PRIMARY_AUTH_RA2NE
;
505 info
->auth
= VNC_PRIMARY_AUTH_TIGHT
;
508 info
->auth
= VNC_PRIMARY_AUTH_ULTRA
;
511 info
->auth
= VNC_PRIMARY_AUTH_TLS
;
513 case VNC_AUTH_VENCRYPT
:
514 info
->auth
= VNC_PRIMARY_AUTH_VENCRYPT
;
515 #ifdef CONFIG_VNC_TLS
516 info
->has_vencrypt
= true;
517 switch (vd
->subauth
) {
518 case VNC_AUTH_VENCRYPT_PLAIN
:
519 info
->vencrypt
= VNC_VENCRYPT_SUB_AUTH_PLAIN
;
521 case VNC_AUTH_VENCRYPT_TLSNONE
:
522 info
->vencrypt
= VNC_VENCRYPT_SUB_AUTH_TLS_NONE
;
524 case VNC_AUTH_VENCRYPT_TLSVNC
:
525 info
->vencrypt
= VNC_VENCRYPT_SUB_AUTH_TLS_VNC
;
527 case VNC_AUTH_VENCRYPT_TLSPLAIN
:
528 info
->vencrypt
= VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN
;
530 case VNC_AUTH_VENCRYPT_X509NONE
:
531 info
->vencrypt
= VNC_VENCRYPT_SUB_AUTH_X509_NONE
;
533 case VNC_AUTH_VENCRYPT_X509VNC
:
534 info
->vencrypt
= VNC_VENCRYPT_SUB_AUTH_X509_VNC
;
536 case VNC_AUTH_VENCRYPT_X509PLAIN
:
537 info
->vencrypt
= VNC_VENCRYPT_SUB_AUTH_X509_PLAIN
;
539 case VNC_AUTH_VENCRYPT_TLSSASL
:
540 info
->vencrypt
= VNC_VENCRYPT_SUB_AUTH_TLS_SASL
;
542 case VNC_AUTH_VENCRYPT_X509SASL
:
543 info
->vencrypt
= VNC_VENCRYPT_SUB_AUTH_X509_SASL
;
546 info
->has_vencrypt
= false;
552 info
->auth
= VNC_PRIMARY_AUTH_SASL
;
556 info
->auth
= VNC_PRIMARY_AUTH_NONE
;
561 VncInfo2List
*qmp_query_vnc_servers(Error
**errp
)
563 VncInfo2List
*item
, *prev
= NULL
;
568 QTAILQ_FOREACH(vd
, &vnc_displays
, next
) {
569 info
= g_new0(VncInfo2
, 1);
570 info
->id
= g_strdup(vd
->id
);
571 info
->clients
= qmp_query_client_list(vd
);
572 qmp_query_auth(vd
, info
);
574 dev
= DEVICE(object_property_get_link(OBJECT(vd
->dcl
.con
),
576 info
->has_display
= true;
577 info
->display
= g_strdup(dev
->id
);
579 if (vd
->lsock
!= -1) {
580 info
->server
= qmp_query_server_entry(vd
->lsock
, false,
584 if (vd
->lwebsock
!= -1) {
585 info
->server
= qmp_query_server_entry(vd
->lwebsock
, true,
590 item
= g_new0(VncInfo2List
, 1);
599 1) Get the queue working for IO.
600 2) there is some weirdness when using the -S option (the screen is grey
601 and not totally invalidated
602 3) resolutions > 1024
605 static int vnc_update_client(VncState
*vs
, int has_dirty
, bool sync
);
606 static void vnc_disconnect_start(VncState
*vs
);
608 static void vnc_colordepth(VncState
*vs
);
609 static void framebuffer_update_request(VncState
*vs
, int incremental
,
610 int x_position
, int y_position
,
612 static void vnc_refresh(DisplayChangeListener
*dcl
);
613 static int vnc_refresh_server_surface(VncDisplay
*vd
);
615 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty
[VNC_MAX_HEIGHT
],
616 VNC_MAX_WIDTH
/ VNC_DIRTY_PIXELS_PER_BIT
),
617 int width
, int height
,
618 int x
, int y
, int w
, int h
) {
619 /* this is needed this to ensure we updated all affected
620 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */
621 w
+= (x
% VNC_DIRTY_PIXELS_PER_BIT
);
622 x
-= (x
% VNC_DIRTY_PIXELS_PER_BIT
);
626 w
= MIN(x
+ w
, width
) - x
;
627 h
= MIN(y
+ h
, height
);
630 bitmap_set(dirty
[y
], x
/ VNC_DIRTY_PIXELS_PER_BIT
,
631 DIV_ROUND_UP(w
, VNC_DIRTY_PIXELS_PER_BIT
));
635 static void vnc_dpy_update(DisplayChangeListener
*dcl
,
636 int x
, int y
, int w
, int h
)
638 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
639 struct VncSurface
*s
= &vd
->guest
;
640 int width
= pixman_image_get_width(vd
->server
);
641 int height
= pixman_image_get_height(vd
->server
);
643 vnc_set_area_dirty(s
->dirty
, width
, height
, x
, y
, w
, h
);
646 void vnc_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
,
649 vnc_write_u16(vs
, x
);
650 vnc_write_u16(vs
, y
);
651 vnc_write_u16(vs
, w
);
652 vnc_write_u16(vs
, h
);
654 vnc_write_s32(vs
, encoding
);
657 void buffer_reserve(Buffer
*buffer
, size_t len
)
659 if ((buffer
->capacity
- buffer
->offset
) < len
) {
660 buffer
->capacity
+= (len
+ 1024);
661 buffer
->buffer
= g_realloc(buffer
->buffer
, buffer
->capacity
);
662 if (buffer
->buffer
== NULL
) {
663 fprintf(stderr
, "vnc: out of memory\n");
669 static int buffer_empty(Buffer
*buffer
)
671 return buffer
->offset
== 0;
674 uint8_t *buffer_end(Buffer
*buffer
)
676 return buffer
->buffer
+ buffer
->offset
;
679 void buffer_reset(Buffer
*buffer
)
684 void buffer_free(Buffer
*buffer
)
686 g_free(buffer
->buffer
);
688 buffer
->capacity
= 0;
689 buffer
->buffer
= NULL
;
692 void buffer_append(Buffer
*buffer
, const void *data
, size_t len
)
694 memcpy(buffer
->buffer
+ buffer
->offset
, data
, len
);
695 buffer
->offset
+= len
;
698 void buffer_advance(Buffer
*buf
, size_t len
)
700 memmove(buf
->buffer
, buf
->buffer
+ len
,
701 (buf
->offset
- len
));
705 static void vnc_desktop_resize(VncState
*vs
)
707 if (vs
->csock
== -1 || !vnc_has_feature(vs
, VNC_FEATURE_RESIZE
)) {
710 if (vs
->client_width
== pixman_image_get_width(vs
->vd
->server
) &&
711 vs
->client_height
== pixman_image_get_height(vs
->vd
->server
)) {
714 vs
->client_width
= pixman_image_get_width(vs
->vd
->server
);
715 vs
->client_height
= pixman_image_get_height(vs
->vd
->server
);
717 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
719 vnc_write_u16(vs
, 1); /* number of rects */
720 vnc_framebuffer_update(vs
, 0, 0, vs
->client_width
, vs
->client_height
,
721 VNC_ENCODING_DESKTOPRESIZE
);
722 vnc_unlock_output(vs
);
726 static void vnc_abort_display_jobs(VncDisplay
*vd
)
730 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
733 vnc_unlock_output(vs
);
735 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
738 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
741 vnc_unlock_output(vs
);
745 int vnc_server_fb_stride(VncDisplay
*vd
)
747 return pixman_image_get_stride(vd
->server
);
750 void *vnc_server_fb_ptr(VncDisplay
*vd
, int x
, int y
)
754 ptr
= (uint8_t *)pixman_image_get_data(vd
->server
);
755 ptr
+= y
* vnc_server_fb_stride(vd
);
756 ptr
+= x
* VNC_SERVER_FB_BYTES
;
760 static void vnc_dpy_switch(DisplayChangeListener
*dcl
,
761 DisplaySurface
*surface
)
763 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
767 vnc_abort_display_jobs(vd
);
770 qemu_pixman_image_unref(vd
->server
);
772 width
= MIN(VNC_MAX_WIDTH
, ROUND_UP(surface_width(vd
->ds
),
773 VNC_DIRTY_PIXELS_PER_BIT
));
774 height
= MIN(VNC_MAX_HEIGHT
, surface_height(vd
->ds
));
775 vd
->server
= pixman_image_create_bits(VNC_SERVER_FB_FORMAT
,
776 width
, height
, NULL
, 0);
780 if (ds_get_bytes_per_pixel(ds
) != vd
->guest
.ds
->pf
.bytes_per_pixel
)
781 console_color_init(ds
);
783 qemu_pixman_image_unref(vd
->guest
.fb
);
784 vd
->guest
.fb
= pixman_image_ref(surface
->image
);
785 vd
->guest
.format
= surface
->format
;
786 memset(vd
->guest
.dirty
, 0x00, sizeof(vd
->guest
.dirty
));
787 vnc_set_area_dirty(vd
->guest
.dirty
, width
, height
, 0, 0,
790 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
792 vnc_desktop_resize(vs
);
793 if (vs
->vd
->cursor
) {
794 vnc_cursor_define(vs
);
796 memset(vs
->dirty
, 0x00, sizeof(vs
->dirty
));
797 vnc_set_area_dirty(vs
->dirty
, width
, height
, 0, 0,
803 static void vnc_write_pixels_copy(VncState
*vs
,
804 void *pixels
, int size
)
806 vnc_write(vs
, pixels
, size
);
809 /* slowest but generic code. */
810 void vnc_convert_pixel(VncState
*vs
, uint8_t *buf
, uint32_t v
)
814 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
815 r
= (((v
& 0x00ff0000) >> 16) << vs
->client_pf
.rbits
) >> 8;
816 g
= (((v
& 0x0000ff00) >> 8) << vs
->client_pf
.gbits
) >> 8;
817 b
= (((v
& 0x000000ff) >> 0) << vs
->client_pf
.bbits
) >> 8;
819 # error need some bits here if you change VNC_SERVER_FB_FORMAT
821 v
= (r
<< vs
->client_pf
.rshift
) |
822 (g
<< vs
->client_pf
.gshift
) |
823 (b
<< vs
->client_pf
.bshift
);
824 switch (vs
->client_pf
.bytes_per_pixel
) {
854 static void vnc_write_pixels_generic(VncState
*vs
,
855 void *pixels1
, int size
)
859 if (VNC_SERVER_FB_BYTES
== 4) {
860 uint32_t *pixels
= pixels1
;
863 for (i
= 0; i
< n
; i
++) {
864 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
865 vnc_write(vs
, buf
, vs
->client_pf
.bytes_per_pixel
);
870 int vnc_raw_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
874 VncDisplay
*vd
= vs
->vd
;
876 row
= vnc_server_fb_ptr(vd
, x
, y
);
877 for (i
= 0; i
< h
; i
++) {
878 vs
->write_pixels(vs
, row
, w
* VNC_SERVER_FB_BYTES
);
879 row
+= vnc_server_fb_stride(vd
);
884 int vnc_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
888 switch(vs
->vnc_encoding
) {
889 case VNC_ENCODING_ZLIB
:
890 n
= vnc_zlib_send_framebuffer_update(vs
, x
, y
, w
, h
);
892 case VNC_ENCODING_HEXTILE
:
893 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_HEXTILE
);
894 n
= vnc_hextile_send_framebuffer_update(vs
, x
, y
, w
, h
);
896 case VNC_ENCODING_TIGHT
:
897 n
= vnc_tight_send_framebuffer_update(vs
, x
, y
, w
, h
);
899 case VNC_ENCODING_TIGHT_PNG
:
900 n
= vnc_tight_png_send_framebuffer_update(vs
, x
, y
, w
, h
);
902 case VNC_ENCODING_ZRLE
:
903 n
= vnc_zrle_send_framebuffer_update(vs
, x
, y
, w
, h
);
905 case VNC_ENCODING_ZYWRLE
:
906 n
= vnc_zywrle_send_framebuffer_update(vs
, x
, y
, w
, h
);
909 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_RAW
);
910 n
= vnc_raw_send_framebuffer_update(vs
, x
, y
, w
, h
);
916 static void vnc_copy(VncState
*vs
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
918 /* send bitblit op to the vnc client */
920 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
922 vnc_write_u16(vs
, 1); /* number of rects */
923 vnc_framebuffer_update(vs
, dst_x
, dst_y
, w
, h
, VNC_ENCODING_COPYRECT
);
924 vnc_write_u16(vs
, src_x
);
925 vnc_write_u16(vs
, src_y
);
926 vnc_unlock_output(vs
);
930 static void vnc_dpy_copy(DisplayChangeListener
*dcl
,
931 int src_x
, int src_y
,
932 int dst_x
, int dst_y
, int w
, int h
)
934 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
938 int i
, x
, y
, pitch
, inc
, w_lim
, s
;
941 vnc_refresh_server_surface(vd
);
942 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
943 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
944 vs
->force_update
= 1;
945 vnc_update_client(vs
, 1, true);
946 /* vs might be free()ed here */
950 /* do bitblit op on the local surface too */
951 pitch
= vnc_server_fb_stride(vd
);
952 src_row
= vnc_server_fb_ptr(vd
, src_x
, src_y
);
953 dst_row
= vnc_server_fb_ptr(vd
, dst_x
, dst_y
);
958 src_row
+= pitch
* (h
-1);
959 dst_row
+= pitch
* (h
-1);
964 w_lim
= w
- (VNC_DIRTY_PIXELS_PER_BIT
- (dst_x
% VNC_DIRTY_PIXELS_PER_BIT
));
968 w_lim
= w
- (w_lim
% VNC_DIRTY_PIXELS_PER_BIT
);
970 for (i
= 0; i
< h
; i
++) {
971 for (x
= 0; x
<= w_lim
;
972 x
+= s
, src_row
+= cmp_bytes
, dst_row
+= cmp_bytes
) {
974 if ((s
= w
- w_lim
) == 0)
977 s
= (VNC_DIRTY_PIXELS_PER_BIT
-
978 (dst_x
% VNC_DIRTY_PIXELS_PER_BIT
));
981 s
= VNC_DIRTY_PIXELS_PER_BIT
;
983 cmp_bytes
= s
* VNC_SERVER_FB_BYTES
;
984 if (memcmp(src_row
, dst_row
, cmp_bytes
) == 0)
986 memmove(dst_row
, src_row
, cmp_bytes
);
987 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
988 if (!vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
989 set_bit(((x
+ dst_x
) / VNC_DIRTY_PIXELS_PER_BIT
),
994 src_row
+= pitch
- w
* VNC_SERVER_FB_BYTES
;
995 dst_row
+= pitch
- w
* VNC_SERVER_FB_BYTES
;
999 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
1000 if (vnc_has_feature(vs
, VNC_FEATURE_COPYRECT
)) {
1001 vnc_copy(vs
, src_x
, src_y
, dst_x
, dst_y
, w
, h
);
1006 static void vnc_mouse_set(DisplayChangeListener
*dcl
,
1007 int x
, int y
, int visible
)
1009 /* can we ask the client(s) to move the pointer ??? */
1012 static int vnc_cursor_define(VncState
*vs
)
1014 QEMUCursor
*c
= vs
->vd
->cursor
;
1017 if (vnc_has_feature(vs
, VNC_FEATURE_RICH_CURSOR
)) {
1018 vnc_lock_output(vs
);
1019 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1020 vnc_write_u8(vs
, 0); /* padding */
1021 vnc_write_u16(vs
, 1); /* # of rects */
1022 vnc_framebuffer_update(vs
, c
->hot_x
, c
->hot_y
, c
->width
, c
->height
,
1023 VNC_ENCODING_RICH_CURSOR
);
1024 isize
= c
->width
* c
->height
* vs
->client_pf
.bytes_per_pixel
;
1025 vnc_write_pixels_generic(vs
, c
->data
, isize
);
1026 vnc_write(vs
, vs
->vd
->cursor_mask
, vs
->vd
->cursor_msize
);
1027 vnc_unlock_output(vs
);
1033 static void vnc_dpy_cursor_define(DisplayChangeListener
*dcl
,
1036 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
1039 cursor_put(vd
->cursor
);
1040 g_free(vd
->cursor_mask
);
1043 cursor_get(vd
->cursor
);
1044 vd
->cursor_msize
= cursor_get_mono_bpl(c
) * c
->height
;
1045 vd
->cursor_mask
= g_malloc0(vd
->cursor_msize
);
1046 cursor_get_mono_mask(c
, 0, vd
->cursor_mask
);
1048 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
1049 vnc_cursor_define(vs
);
1053 static int find_and_clear_dirty_height(struct VncState
*vs
,
1054 int y
, int last_x
, int x
, int height
)
1058 for (h
= 1; h
< (height
- y
); h
++) {
1059 if (!test_bit(last_x
, vs
->dirty
[y
+ h
])) {
1062 bitmap_clear(vs
->dirty
[y
+ h
], last_x
, x
- last_x
);
1068 static int vnc_update_client(VncState
*vs
, int has_dirty
, bool sync
)
1070 vs
->has_dirty
+= has_dirty
;
1071 if (vs
->need_update
&& vs
->csock
!= -1) {
1072 VncDisplay
*vd
= vs
->vd
;
1078 if (vs
->output
.offset
&& !vs
->audio_cap
&& !vs
->force_update
)
1079 /* kernel send buffers are full -> drop frames to throttle */
1082 if (!vs
->has_dirty
&& !vs
->audio_cap
&& !vs
->force_update
)
1086 * Send screen updates to the vnc client using the server
1087 * surface and server dirty map. guest surface updates
1088 * happening in parallel don't disturb us, the next pass will
1089 * send them to the client.
1091 job
= vnc_job_new(vs
);
1093 height
= pixman_image_get_height(vd
->server
);
1094 width
= pixman_image_get_width(vd
->server
);
1100 unsigned long offset
= find_next_bit((unsigned long *) &vs
->dirty
,
1101 height
* VNC_DIRTY_BPL(vs
),
1102 y
* VNC_DIRTY_BPL(vs
));
1103 if (offset
== height
* VNC_DIRTY_BPL(vs
)) {
1104 /* no more dirty bits */
1107 y
= offset
/ VNC_DIRTY_BPL(vs
);
1108 x
= offset
% VNC_DIRTY_BPL(vs
);
1109 x2
= find_next_zero_bit((unsigned long *) &vs
->dirty
[y
],
1110 VNC_DIRTY_BPL(vs
), x
);
1111 bitmap_clear(vs
->dirty
[y
], x
, x2
- x
);
1112 h
= find_and_clear_dirty_height(vs
, y
, x
, x2
, height
);
1113 x2
= MIN(x2
, width
/ VNC_DIRTY_PIXELS_PER_BIT
);
1115 n
+= vnc_job_add_rect(job
, x
* VNC_DIRTY_PIXELS_PER_BIT
, y
,
1116 (x2
- x
) * VNC_DIRTY_PIXELS_PER_BIT
, h
);
1124 vs
->force_update
= 0;
1129 if (vs
->csock
== -1) {
1130 vnc_disconnect_finish(vs
);
1139 static void audio_capture_notify(void *opaque
, audcnotification_e cmd
)
1141 VncState
*vs
= opaque
;
1144 case AUD_CNOTIFY_DISABLE
:
1145 vnc_lock_output(vs
);
1146 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
1147 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
1148 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_END
);
1149 vnc_unlock_output(vs
);
1153 case AUD_CNOTIFY_ENABLE
:
1154 vnc_lock_output(vs
);
1155 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
1156 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
1157 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN
);
1158 vnc_unlock_output(vs
);
1164 static void audio_capture_destroy(void *opaque
)
1168 static void audio_capture(void *opaque
, void *buf
, int size
)
1170 VncState
*vs
= opaque
;
1172 vnc_lock_output(vs
);
1173 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
1174 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
1175 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_DATA
);
1176 vnc_write_u32(vs
, size
);
1177 vnc_write(vs
, buf
, size
);
1178 vnc_unlock_output(vs
);
1182 static void audio_add(VncState
*vs
)
1184 struct audio_capture_ops ops
;
1186 if (vs
->audio_cap
) {
1187 error_report("audio already running");
1191 ops
.notify
= audio_capture_notify
;
1192 ops
.destroy
= audio_capture_destroy
;
1193 ops
.capture
= audio_capture
;
1195 vs
->audio_cap
= AUD_add_capture(&vs
->as
, &ops
, vs
);
1196 if (!vs
->audio_cap
) {
1197 error_report("Failed to add audio capture");
1201 static void audio_del(VncState
*vs
)
1203 if (vs
->audio_cap
) {
1204 AUD_del_capture(vs
->audio_cap
, vs
);
1205 vs
->audio_cap
= NULL
;
1209 static void vnc_disconnect_start(VncState
*vs
)
1211 if (vs
->csock
== -1)
1213 vnc_set_share_mode(vs
, VNC_SHARE_MODE_DISCONNECTED
);
1214 qemu_set_fd_handler2(vs
->csock
, NULL
, NULL
, NULL
, NULL
);
1215 closesocket(vs
->csock
);
1219 void vnc_disconnect_finish(VncState
*vs
)
1223 vnc_jobs_join(vs
); /* Wait encoding jobs */
1225 vnc_lock_output(vs
);
1226 vnc_qmp_event(vs
, QAPI_EVENT_VNC_DISCONNECTED
);
1228 buffer_free(&vs
->input
);
1229 buffer_free(&vs
->output
);
1230 #ifdef CONFIG_VNC_WS
1231 buffer_free(&vs
->ws_input
);
1232 buffer_free(&vs
->ws_output
);
1233 #endif /* CONFIG_VNC_WS */
1235 qapi_free_VncClientInfo(vs
->info
);
1238 vnc_tight_clear(vs
);
1241 #ifdef CONFIG_VNC_TLS
1242 vnc_tls_client_cleanup(vs
);
1243 #endif /* CONFIG_VNC_TLS */
1244 #ifdef CONFIG_VNC_SASL
1245 vnc_sasl_client_cleanup(vs
);
1246 #endif /* CONFIG_VNC_SASL */
1248 vnc_release_modifiers(vs
);
1250 if (vs
->initialized
) {
1251 QTAILQ_REMOVE(&vs
->vd
->clients
, vs
, next
);
1252 qemu_remove_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
1255 if (vs
->vd
->lock_key_sync
)
1256 qemu_remove_led_event_handler(vs
->led
);
1257 vnc_unlock_output(vs
);
1259 qemu_mutex_destroy(&vs
->output_mutex
);
1260 if (vs
->bh
!= NULL
) {
1261 qemu_bh_delete(vs
->bh
);
1263 buffer_free(&vs
->jobs_buffer
);
1265 for (i
= 0; i
< VNC_STAT_ROWS
; ++i
) {
1266 g_free(vs
->lossy_rect
[i
]);
1268 g_free(vs
->lossy_rect
);
1272 int vnc_client_io_error(VncState
*vs
, int ret
, int last_errno
)
1274 if (ret
== 0 || ret
== -1) {
1276 switch (last_errno
) {
1280 case WSAEWOULDBLOCK
:
1288 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1289 ret
, ret
< 0 ? last_errno
: 0);
1290 vnc_disconnect_start(vs
);
1298 void vnc_client_error(VncState
*vs
)
1300 VNC_DEBUG("Closing down client sock: protocol error\n");
1301 vnc_disconnect_start(vs
);
1304 #ifdef CONFIG_VNC_TLS
1305 static long vnc_client_write_tls(gnutls_session_t
*session
,
1306 const uint8_t *data
,
1309 long ret
= gnutls_write(*session
, data
, datalen
);
1311 if (ret
== GNUTLS_E_AGAIN
) {
1320 #endif /* CONFIG_VNC_TLS */
1323 * Called to write a chunk of data to the client socket. The data may
1324 * be the raw data, or may have already been encoded by SASL.
1325 * The data will be written either straight onto the socket, or
1326 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1328 * NB, it is theoretically possible to have 2 layers of encryption,
1329 * both SASL, and this TLS layer. It is highly unlikely in practice
1330 * though, since SASL encryption will typically be a no-op if TLS
1333 * Returns the number of bytes written, which may be less than
1334 * the requested 'datalen' if the socket would block. Returns
1335 * -1 on error, and disconnects the client socket.
1337 long vnc_client_write_buf(VncState
*vs
, const uint8_t *data
, size_t datalen
)
1340 #ifdef CONFIG_VNC_TLS
1341 if (vs
->tls
.session
) {
1342 ret
= vnc_client_write_tls(&vs
->tls
.session
, data
, datalen
);
1344 #ifdef CONFIG_VNC_WS
1345 if (vs
->ws_tls
.session
) {
1346 ret
= vnc_client_write_tls(&vs
->ws_tls
.session
, data
, datalen
);
1348 #endif /* CONFIG_VNC_WS */
1349 #endif /* CONFIG_VNC_TLS */
1351 ret
= send(vs
->csock
, (const void *)data
, datalen
, 0);
1353 #ifdef CONFIG_VNC_TLS
1355 #endif /* CONFIG_VNC_TLS */
1356 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data
, datalen
, ret
);
1357 return vnc_client_io_error(vs
, ret
, socket_error());
1362 * Called to write buffered data to the client socket, when not
1363 * using any SASL SSF encryption layers. Will write as much data
1364 * as possible without blocking. If all buffered data is written,
1365 * will switch the FD poll() handler back to read monitoring.
1367 * Returns the number of bytes written, which may be less than
1368 * the buffered output data if the socket would block. Returns
1369 * -1 on error, and disconnects the client socket.
1371 static long vnc_client_write_plain(VncState
*vs
)
1375 #ifdef CONFIG_VNC_SASL
1376 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1377 vs
->output
.buffer
, vs
->output
.capacity
, vs
->output
.offset
,
1378 vs
->sasl
.waitWriteSSF
);
1380 if (vs
->sasl
.conn
&&
1382 vs
->sasl
.waitWriteSSF
) {
1383 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->sasl
.waitWriteSSF
);
1385 vs
->sasl
.waitWriteSSF
-= ret
;
1387 #endif /* CONFIG_VNC_SASL */
1388 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->output
.offset
);
1392 buffer_advance(&vs
->output
, ret
);
1394 if (vs
->output
.offset
== 0) {
1395 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
1403 * First function called whenever there is data to be written to
1404 * the client socket. Will delegate actual work according to whether
1405 * SASL SSF layers are enabled (thus requiring encryption calls)
1407 static void vnc_client_write_locked(void *opaque
)
1409 VncState
*vs
= opaque
;
1411 #ifdef CONFIG_VNC_SASL
1412 if (vs
->sasl
.conn
&&
1414 !vs
->sasl
.waitWriteSSF
) {
1415 vnc_client_write_sasl(vs
);
1417 #endif /* CONFIG_VNC_SASL */
1419 #ifdef CONFIG_VNC_WS
1420 if (vs
->encode_ws
) {
1421 vnc_client_write_ws(vs
);
1423 #endif /* CONFIG_VNC_WS */
1425 vnc_client_write_plain(vs
);
1430 void vnc_client_write(void *opaque
)
1432 VncState
*vs
= opaque
;
1434 vnc_lock_output(vs
);
1435 if (vs
->output
.offset
1436 #ifdef CONFIG_VNC_WS
1437 || vs
->ws_output
.offset
1440 vnc_client_write_locked(opaque
);
1441 } else if (vs
->csock
!= -1) {
1442 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
1444 vnc_unlock_output(vs
);
1447 void vnc_read_when(VncState
*vs
, VncReadEvent
*func
, size_t expecting
)
1449 vs
->read_handler
= func
;
1450 vs
->read_handler_expect
= expecting
;
1453 #ifdef CONFIG_VNC_TLS
1454 static long vnc_client_read_tls(gnutls_session_t
*session
, uint8_t *data
,
1457 long ret
= gnutls_read(*session
, data
, datalen
);
1459 if (ret
== GNUTLS_E_AGAIN
) {
1468 #endif /* CONFIG_VNC_TLS */
1471 * Called to read a chunk of data from the client socket. The data may
1472 * be the raw data, or may need to be further decoded by SASL.
1473 * The data will be read either straight from to the socket, or
1474 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1476 * NB, it is theoretically possible to have 2 layers of encryption,
1477 * both SASL, and this TLS layer. It is highly unlikely in practice
1478 * though, since SASL encryption will typically be a no-op if TLS
1481 * Returns the number of bytes read, which may be less than
1482 * the requested 'datalen' if the socket would block. Returns
1483 * -1 on error, and disconnects the client socket.
1485 long vnc_client_read_buf(VncState
*vs
, uint8_t *data
, size_t datalen
)
1488 #ifdef CONFIG_VNC_TLS
1489 if (vs
->tls
.session
) {
1490 ret
= vnc_client_read_tls(&vs
->tls
.session
, data
, datalen
);
1492 #ifdef CONFIG_VNC_WS
1493 if (vs
->ws_tls
.session
) {
1494 ret
= vnc_client_read_tls(&vs
->ws_tls
.session
, data
, datalen
);
1496 #endif /* CONFIG_VNC_WS */
1497 #endif /* CONFIG_VNC_TLS */
1499 ret
= qemu_recv(vs
->csock
, data
, datalen
, 0);
1501 #ifdef CONFIG_VNC_TLS
1503 #endif /* CONFIG_VNC_TLS */
1504 VNC_DEBUG("Read wire %p %zd -> %ld\n", data
, datalen
, ret
);
1505 return vnc_client_io_error(vs
, ret
, socket_error());
1510 * Called to read data from the client socket to the input buffer,
1511 * when not using any SASL SSF encryption layers. Will read as much
1512 * data as possible without blocking.
1514 * Returns the number of bytes read. Returns -1 on error, and
1515 * disconnects the client socket.
1517 static long vnc_client_read_plain(VncState
*vs
)
1520 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1521 vs
->input
.buffer
, vs
->input
.capacity
, vs
->input
.offset
);
1522 buffer_reserve(&vs
->input
, 4096);
1523 ret
= vnc_client_read_buf(vs
, buffer_end(&vs
->input
), 4096);
1526 vs
->input
.offset
+= ret
;
1530 static void vnc_jobs_bh(void *opaque
)
1532 VncState
*vs
= opaque
;
1534 vnc_jobs_consume_buffer(vs
);
1538 * First function called whenever there is more data to be read from
1539 * the client socket. Will delegate actual work according to whether
1540 * SASL SSF layers are enabled (thus requiring decryption calls)
1542 void vnc_client_read(void *opaque
)
1544 VncState
*vs
= opaque
;
1547 #ifdef CONFIG_VNC_SASL
1548 if (vs
->sasl
.conn
&& vs
->sasl
.runSSF
)
1549 ret
= vnc_client_read_sasl(vs
);
1551 #endif /* CONFIG_VNC_SASL */
1552 #ifdef CONFIG_VNC_WS
1553 if (vs
->encode_ws
) {
1554 ret
= vnc_client_read_ws(vs
);
1556 vnc_disconnect_start(vs
);
1558 } else if (ret
== -2) {
1559 vnc_client_error(vs
);
1563 #endif /* CONFIG_VNC_WS */
1565 ret
= vnc_client_read_plain(vs
);
1568 if (vs
->csock
== -1)
1569 vnc_disconnect_finish(vs
);
1573 while (vs
->read_handler
&& vs
->input
.offset
>= vs
->read_handler_expect
) {
1574 size_t len
= vs
->read_handler_expect
;
1577 ret
= vs
->read_handler(vs
, vs
->input
.buffer
, len
);
1578 if (vs
->csock
== -1) {
1579 vnc_disconnect_finish(vs
);
1584 buffer_advance(&vs
->input
, len
);
1586 vs
->read_handler_expect
= ret
;
1591 void vnc_write(VncState
*vs
, const void *data
, size_t len
)
1593 buffer_reserve(&vs
->output
, len
);
1595 if (vs
->csock
!= -1 && buffer_empty(&vs
->output
)) {
1596 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, vnc_client_write
, vs
);
1599 buffer_append(&vs
->output
, data
, len
);
1602 void vnc_write_s32(VncState
*vs
, int32_t value
)
1604 vnc_write_u32(vs
, *(uint32_t *)&value
);
1607 void vnc_write_u32(VncState
*vs
, uint32_t value
)
1611 buf
[0] = (value
>> 24) & 0xFF;
1612 buf
[1] = (value
>> 16) & 0xFF;
1613 buf
[2] = (value
>> 8) & 0xFF;
1614 buf
[3] = value
& 0xFF;
1616 vnc_write(vs
, buf
, 4);
1619 void vnc_write_u16(VncState
*vs
, uint16_t value
)
1623 buf
[0] = (value
>> 8) & 0xFF;
1624 buf
[1] = value
& 0xFF;
1626 vnc_write(vs
, buf
, 2);
1629 void vnc_write_u8(VncState
*vs
, uint8_t value
)
1631 vnc_write(vs
, (char *)&value
, 1);
1634 void vnc_flush(VncState
*vs
)
1636 vnc_lock_output(vs
);
1637 if (vs
->csock
!= -1 && (vs
->output
.offset
1638 #ifdef CONFIG_VNC_WS
1639 || vs
->ws_output
.offset
1642 vnc_client_write_locked(vs
);
1644 vnc_unlock_output(vs
);
1647 static uint8_t read_u8(uint8_t *data
, size_t offset
)
1649 return data
[offset
];
1652 static uint16_t read_u16(uint8_t *data
, size_t offset
)
1654 return ((data
[offset
] & 0xFF) << 8) | (data
[offset
+ 1] & 0xFF);
1657 static int32_t read_s32(uint8_t *data
, size_t offset
)
1659 return (int32_t)((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1660 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1663 uint32_t read_u32(uint8_t *data
, size_t offset
)
1665 return ((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1666 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1669 static void client_cut_text(VncState
*vs
, size_t len
, uint8_t *text
)
1673 static void check_pointer_type_change(Notifier
*notifier
, void *data
)
1675 VncState
*vs
= container_of(notifier
, VncState
, mouse_mode_notifier
);
1676 int absolute
= qemu_input_is_absolute();
1678 if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
) && vs
->absolute
!= absolute
) {
1679 vnc_lock_output(vs
);
1680 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1681 vnc_write_u8(vs
, 0);
1682 vnc_write_u16(vs
, 1);
1683 vnc_framebuffer_update(vs
, absolute
, 0,
1684 pixman_image_get_width(vs
->vd
->server
),
1685 pixman_image_get_height(vs
->vd
->server
),
1686 VNC_ENCODING_POINTER_TYPE_CHANGE
);
1687 vnc_unlock_output(vs
);
1690 vs
->absolute
= absolute
;
1693 static void pointer_event(VncState
*vs
, int button_mask
, int x
, int y
)
1695 static uint32_t bmap
[INPUT_BUTTON_MAX
] = {
1696 [INPUT_BUTTON_LEFT
] = 0x01,
1697 [INPUT_BUTTON_MIDDLE
] = 0x02,
1698 [INPUT_BUTTON_RIGHT
] = 0x04,
1699 [INPUT_BUTTON_WHEEL_UP
] = 0x08,
1700 [INPUT_BUTTON_WHEEL_DOWN
] = 0x10,
1702 QemuConsole
*con
= vs
->vd
->dcl
.con
;
1703 int width
= pixman_image_get_width(vs
->vd
->server
);
1704 int height
= pixman_image_get_height(vs
->vd
->server
);
1706 if (vs
->last_bmask
!= button_mask
) {
1707 qemu_input_update_buttons(con
, bmap
, vs
->last_bmask
, button_mask
);
1708 vs
->last_bmask
= button_mask
;
1712 qemu_input_queue_abs(con
, INPUT_AXIS_X
, x
, width
);
1713 qemu_input_queue_abs(con
, INPUT_AXIS_Y
, y
, height
);
1714 } else if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
)) {
1715 qemu_input_queue_rel(con
, INPUT_AXIS_X
, x
- 0x7FFF);
1716 qemu_input_queue_rel(con
, INPUT_AXIS_Y
, y
- 0x7FFF);
1718 if (vs
->last_x
!= -1) {
1719 qemu_input_queue_rel(con
, INPUT_AXIS_X
, x
- vs
->last_x
);
1720 qemu_input_queue_rel(con
, INPUT_AXIS_Y
, y
- vs
->last_y
);
1725 qemu_input_event_sync();
1728 static void reset_keys(VncState
*vs
)
1731 for(i
= 0; i
< 256; i
++) {
1732 if (vs
->modifiers_state
[i
]) {
1733 qemu_input_event_send_key_number(vs
->vd
->dcl
.con
, i
, false);
1734 vs
->modifiers_state
[i
] = 0;
1739 static void press_key(VncState
*vs
, int keysym
)
1741 int keycode
= keysym2scancode(vs
->vd
->kbd_layout
, keysym
) & SCANCODE_KEYMASK
;
1742 qemu_input_event_send_key_number(vs
->vd
->dcl
.con
, keycode
, true);
1743 qemu_input_event_send_key_delay(0);
1744 qemu_input_event_send_key_number(vs
->vd
->dcl
.con
, keycode
, false);
1745 qemu_input_event_send_key_delay(0);
1748 static int current_led_state(VncState
*vs
)
1752 if (vs
->modifiers_state
[0x46]) {
1753 ledstate
|= QEMU_SCROLL_LOCK_LED
;
1755 if (vs
->modifiers_state
[0x45]) {
1756 ledstate
|= QEMU_NUM_LOCK_LED
;
1758 if (vs
->modifiers_state
[0x3a]) {
1759 ledstate
|= QEMU_CAPS_LOCK_LED
;
1765 static void vnc_led_state_change(VncState
*vs
)
1769 if (!vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
)) {
1773 ledstate
= current_led_state(vs
);
1774 vnc_lock_output(vs
);
1775 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1776 vnc_write_u8(vs
, 0);
1777 vnc_write_u16(vs
, 1);
1778 vnc_framebuffer_update(vs
, 0, 0, 1, 1, VNC_ENCODING_LED_STATE
);
1779 vnc_write_u8(vs
, ledstate
);
1780 vnc_unlock_output(vs
);
1784 static void kbd_leds(void *opaque
, int ledstate
)
1786 VncState
*vs
= opaque
;
1788 bool has_changed
= (ledstate
!= current_led_state(vs
));
1790 trace_vnc_key_guest_leds((ledstate
& QEMU_CAPS_LOCK_LED
),
1791 (ledstate
& QEMU_NUM_LOCK_LED
),
1792 (ledstate
& QEMU_SCROLL_LOCK_LED
));
1794 caps
= ledstate
& QEMU_CAPS_LOCK_LED
? 1 : 0;
1795 num
= ledstate
& QEMU_NUM_LOCK_LED
? 1 : 0;
1796 scr
= ledstate
& QEMU_SCROLL_LOCK_LED
? 1 : 0;
1798 if (vs
->modifiers_state
[0x3a] != caps
) {
1799 vs
->modifiers_state
[0x3a] = caps
;
1801 if (vs
->modifiers_state
[0x45] != num
) {
1802 vs
->modifiers_state
[0x45] = num
;
1804 if (vs
->modifiers_state
[0x46] != scr
) {
1805 vs
->modifiers_state
[0x46] = scr
;
1808 /* Sending the current led state message to the client */
1810 vnc_led_state_change(vs
);
1814 static void do_key_event(VncState
*vs
, int down
, int keycode
, int sym
)
1816 /* QEMU console switch */
1818 case 0x2a: /* Left Shift */
1819 case 0x36: /* Right Shift */
1820 case 0x1d: /* Left CTRL */
1821 case 0x9d: /* Right CTRL */
1822 case 0x38: /* Left ALT */
1823 case 0xb8: /* Right ALT */
1825 vs
->modifiers_state
[keycode
] = 1;
1827 vs
->modifiers_state
[keycode
] = 0;
1829 case 0x02 ... 0x0a: /* '1' to '9' keys */
1830 if (vs
->vd
->dcl
.con
== NULL
&&
1831 down
&& vs
->modifiers_state
[0x1d] && vs
->modifiers_state
[0x38]) {
1832 /* Reset the modifiers sent to the current console */
1834 console_select(keycode
- 0x02);
1838 case 0x3a: /* CapsLock */
1839 case 0x45: /* NumLock */
1841 vs
->modifiers_state
[keycode
] ^= 1;
1845 /* Turn off the lock state sync logic if the client support the led
1848 if (down
&& vs
->vd
->lock_key_sync
&&
1849 !vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
) &&
1850 keycode_is_keypad(vs
->vd
->kbd_layout
, keycode
)) {
1851 /* If the numlock state needs to change then simulate an additional
1852 keypress before sending this one. This will happen if the user
1853 toggles numlock away from the VNC window.
1855 if (keysym_is_numlock(vs
->vd
->kbd_layout
, sym
& 0xFFFF)) {
1856 if (!vs
->modifiers_state
[0x45]) {
1857 trace_vnc_key_sync_numlock(true);
1858 vs
->modifiers_state
[0x45] = 1;
1859 press_key(vs
, 0xff7f);
1862 if (vs
->modifiers_state
[0x45]) {
1863 trace_vnc_key_sync_numlock(false);
1864 vs
->modifiers_state
[0x45] = 0;
1865 press_key(vs
, 0xff7f);
1870 if (down
&& vs
->vd
->lock_key_sync
&&
1871 !vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
) &&
1872 ((sym
>= 'A' && sym
<= 'Z') || (sym
>= 'a' && sym
<= 'z'))) {
1873 /* If the capslock state needs to change then simulate an additional
1874 keypress before sending this one. This will happen if the user
1875 toggles capslock away from the VNC window.
1877 int uppercase
= !!(sym
>= 'A' && sym
<= 'Z');
1878 int shift
= !!(vs
->modifiers_state
[0x2a] | vs
->modifiers_state
[0x36]);
1879 int capslock
= !!(vs
->modifiers_state
[0x3a]);
1881 if (uppercase
== shift
) {
1882 trace_vnc_key_sync_capslock(false);
1883 vs
->modifiers_state
[0x3a] = 0;
1884 press_key(vs
, 0xffe5);
1887 if (uppercase
!= shift
) {
1888 trace_vnc_key_sync_capslock(true);
1889 vs
->modifiers_state
[0x3a] = 1;
1890 press_key(vs
, 0xffe5);
1895 if (qemu_console_is_graphic(NULL
)) {
1896 qemu_input_event_send_key_number(vs
->vd
->dcl
.con
, keycode
, down
);
1898 bool numlock
= vs
->modifiers_state
[0x45];
1899 bool control
= (vs
->modifiers_state
[0x1d] ||
1900 vs
->modifiers_state
[0x9d]);
1901 /* QEMU console emulation */
1904 case 0x2a: /* Left Shift */
1905 case 0x36: /* Right Shift */
1906 case 0x1d: /* Left CTRL */
1907 case 0x9d: /* Right CTRL */
1908 case 0x38: /* Left ALT */
1909 case 0xb8: /* Right ALT */
1912 kbd_put_keysym(QEMU_KEY_UP
);
1915 kbd_put_keysym(QEMU_KEY_DOWN
);
1918 kbd_put_keysym(QEMU_KEY_LEFT
);
1921 kbd_put_keysym(QEMU_KEY_RIGHT
);
1924 kbd_put_keysym(QEMU_KEY_DELETE
);
1927 kbd_put_keysym(QEMU_KEY_HOME
);
1930 kbd_put_keysym(QEMU_KEY_END
);
1933 kbd_put_keysym(QEMU_KEY_PAGEUP
);
1936 kbd_put_keysym(QEMU_KEY_PAGEDOWN
);
1940 kbd_put_keysym(numlock
? '7' : QEMU_KEY_HOME
);
1943 kbd_put_keysym(numlock
? '8' : QEMU_KEY_UP
);
1946 kbd_put_keysym(numlock
? '9' : QEMU_KEY_PAGEUP
);
1949 kbd_put_keysym(numlock
? '4' : QEMU_KEY_LEFT
);
1952 kbd_put_keysym('5');
1955 kbd_put_keysym(numlock
? '6' : QEMU_KEY_RIGHT
);
1958 kbd_put_keysym(numlock
? '1' : QEMU_KEY_END
);
1961 kbd_put_keysym(numlock
? '2' : QEMU_KEY_DOWN
);
1964 kbd_put_keysym(numlock
? '3' : QEMU_KEY_PAGEDOWN
);
1967 kbd_put_keysym('0');
1970 kbd_put_keysym(numlock
? '.' : QEMU_KEY_DELETE
);
1974 kbd_put_keysym('/');
1977 kbd_put_keysym('*');
1980 kbd_put_keysym('-');
1983 kbd_put_keysym('+');
1986 kbd_put_keysym('\n');
1991 kbd_put_keysym(sym
& 0x1f);
1993 kbd_put_keysym(sym
);
2001 static void vnc_release_modifiers(VncState
*vs
)
2003 static const int keycodes
[] = {
2004 /* shift, control, alt keys, both left & right */
2005 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
2009 if (!qemu_console_is_graphic(NULL
)) {
2012 for (i
= 0; i
< ARRAY_SIZE(keycodes
); i
++) {
2013 keycode
= keycodes
[i
];
2014 if (!vs
->modifiers_state
[keycode
]) {
2017 qemu_input_event_send_key_number(vs
->vd
->dcl
.con
, keycode
, false);
2021 static const char *code2name(int keycode
)
2023 return QKeyCode_lookup
[qemu_input_key_number_to_qcode(keycode
)];
2026 static void key_event(VncState
*vs
, int down
, uint32_t sym
)
2031 if (lsym
>= 'A' && lsym
<= 'Z' && qemu_console_is_graphic(NULL
)) {
2032 lsym
= lsym
- 'A' + 'a';
2035 keycode
= keysym2scancode(vs
->vd
->kbd_layout
, lsym
& 0xFFFF) & SCANCODE_KEYMASK
;
2036 trace_vnc_key_event_map(down
, sym
, keycode
, code2name(keycode
));
2037 do_key_event(vs
, down
, keycode
, sym
);
2040 static void ext_key_event(VncState
*vs
, int down
,
2041 uint32_t sym
, uint16_t keycode
)
2043 /* if the user specifies a keyboard layout, always use it */
2044 if (keyboard_layout
) {
2045 key_event(vs
, down
, sym
);
2047 trace_vnc_key_event_ext(down
, sym
, keycode
, code2name(keycode
));
2048 do_key_event(vs
, down
, keycode
, sym
);
2052 static void framebuffer_update_request(VncState
*vs
, int incremental
,
2053 int x
, int y
, int w
, int h
)
2055 int width
= pixman_image_get_width(vs
->vd
->server
);
2056 int height
= pixman_image_get_height(vs
->vd
->server
);
2058 vs
->need_update
= 1;
2064 vs
->force_update
= 1;
2065 vnc_set_area_dirty(vs
->dirty
, width
, height
, x
, y
, w
, h
);
2068 static void send_ext_key_event_ack(VncState
*vs
)
2070 vnc_lock_output(vs
);
2071 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
2072 vnc_write_u8(vs
, 0);
2073 vnc_write_u16(vs
, 1);
2074 vnc_framebuffer_update(vs
, 0, 0,
2075 pixman_image_get_width(vs
->vd
->server
),
2076 pixman_image_get_height(vs
->vd
->server
),
2077 VNC_ENCODING_EXT_KEY_EVENT
);
2078 vnc_unlock_output(vs
);
2082 static void send_ext_audio_ack(VncState
*vs
)
2084 vnc_lock_output(vs
);
2085 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
2086 vnc_write_u8(vs
, 0);
2087 vnc_write_u16(vs
, 1);
2088 vnc_framebuffer_update(vs
, 0, 0,
2089 pixman_image_get_width(vs
->vd
->server
),
2090 pixman_image_get_height(vs
->vd
->server
),
2091 VNC_ENCODING_AUDIO
);
2092 vnc_unlock_output(vs
);
2096 static void set_encodings(VncState
*vs
, int32_t *encodings
, size_t n_encodings
)
2099 unsigned int enc
= 0;
2102 vs
->vnc_encoding
= 0;
2103 vs
->tight
.compression
= 9;
2104 vs
->tight
.quality
= -1; /* Lossless by default */
2108 * Start from the end because the encodings are sent in order of preference.
2109 * This way the preferred encoding (first encoding defined in the array)
2110 * will be set at the end of the loop.
2112 for (i
= n_encodings
- 1; i
>= 0; i
--) {
2115 case VNC_ENCODING_RAW
:
2116 vs
->vnc_encoding
= enc
;
2118 case VNC_ENCODING_COPYRECT
:
2119 vs
->features
|= VNC_FEATURE_COPYRECT_MASK
;
2121 case VNC_ENCODING_HEXTILE
:
2122 vs
->features
|= VNC_FEATURE_HEXTILE_MASK
;
2123 vs
->vnc_encoding
= enc
;
2125 case VNC_ENCODING_TIGHT
:
2126 vs
->features
|= VNC_FEATURE_TIGHT_MASK
;
2127 vs
->vnc_encoding
= enc
;
2129 #ifdef CONFIG_VNC_PNG
2130 case VNC_ENCODING_TIGHT_PNG
:
2131 vs
->features
|= VNC_FEATURE_TIGHT_PNG_MASK
;
2132 vs
->vnc_encoding
= enc
;
2135 case VNC_ENCODING_ZLIB
:
2136 vs
->features
|= VNC_FEATURE_ZLIB_MASK
;
2137 vs
->vnc_encoding
= enc
;
2139 case VNC_ENCODING_ZRLE
:
2140 vs
->features
|= VNC_FEATURE_ZRLE_MASK
;
2141 vs
->vnc_encoding
= enc
;
2143 case VNC_ENCODING_ZYWRLE
:
2144 vs
->features
|= VNC_FEATURE_ZYWRLE_MASK
;
2145 vs
->vnc_encoding
= enc
;
2147 case VNC_ENCODING_DESKTOPRESIZE
:
2148 vs
->features
|= VNC_FEATURE_RESIZE_MASK
;
2150 case VNC_ENCODING_POINTER_TYPE_CHANGE
:
2151 vs
->features
|= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK
;
2153 case VNC_ENCODING_RICH_CURSOR
:
2154 vs
->features
|= VNC_FEATURE_RICH_CURSOR_MASK
;
2156 case VNC_ENCODING_EXT_KEY_EVENT
:
2157 send_ext_key_event_ack(vs
);
2159 case VNC_ENCODING_AUDIO
:
2160 send_ext_audio_ack(vs
);
2162 case VNC_ENCODING_WMVi
:
2163 vs
->features
|= VNC_FEATURE_WMVI_MASK
;
2165 case VNC_ENCODING_LED_STATE
:
2166 vs
->features
|= VNC_FEATURE_LED_STATE_MASK
;
2168 case VNC_ENCODING_COMPRESSLEVEL0
... VNC_ENCODING_COMPRESSLEVEL0
+ 9:
2169 vs
->tight
.compression
= (enc
& 0x0F);
2171 case VNC_ENCODING_QUALITYLEVEL0
... VNC_ENCODING_QUALITYLEVEL0
+ 9:
2172 if (vs
->vd
->lossy
) {
2173 vs
->tight
.quality
= (enc
& 0x0F);
2177 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i
, enc
, enc
);
2181 vnc_desktop_resize(vs
);
2182 check_pointer_type_change(&vs
->mouse_mode_notifier
, NULL
);
2183 vnc_led_state_change(vs
);
2186 static void set_pixel_conversion(VncState
*vs
)
2188 pixman_format_code_t fmt
= qemu_pixman_get_format(&vs
->client_pf
);
2190 if (fmt
== VNC_SERVER_FB_FORMAT
) {
2191 vs
->write_pixels
= vnc_write_pixels_copy
;
2192 vnc_hextile_set_pixel_conversion(vs
, 0);
2194 vs
->write_pixels
= vnc_write_pixels_generic
;
2195 vnc_hextile_set_pixel_conversion(vs
, 1);
2199 static void set_pixel_format(VncState
*vs
,
2200 int bits_per_pixel
, int depth
,
2201 int big_endian_flag
, int true_color_flag
,
2202 int red_max
, int green_max
, int blue_max
,
2203 int red_shift
, int green_shift
, int blue_shift
)
2205 if (!true_color_flag
) {
2206 vnc_client_error(vs
);
2210 switch (bits_per_pixel
) {
2216 vnc_client_error(vs
);
2220 vs
->client_pf
.rmax
= red_max
;
2221 vs
->client_pf
.rbits
= hweight_long(red_max
);
2222 vs
->client_pf
.rshift
= red_shift
;
2223 vs
->client_pf
.rmask
= red_max
<< red_shift
;
2224 vs
->client_pf
.gmax
= green_max
;
2225 vs
->client_pf
.gbits
= hweight_long(green_max
);
2226 vs
->client_pf
.gshift
= green_shift
;
2227 vs
->client_pf
.gmask
= green_max
<< green_shift
;
2228 vs
->client_pf
.bmax
= blue_max
;
2229 vs
->client_pf
.bbits
= hweight_long(blue_max
);
2230 vs
->client_pf
.bshift
= blue_shift
;
2231 vs
->client_pf
.bmask
= blue_max
<< blue_shift
;
2232 vs
->client_pf
.bits_per_pixel
= bits_per_pixel
;
2233 vs
->client_pf
.bytes_per_pixel
= bits_per_pixel
/ 8;
2234 vs
->client_pf
.depth
= bits_per_pixel
== 32 ? 24 : bits_per_pixel
;
2235 vs
->client_be
= big_endian_flag
;
2237 set_pixel_conversion(vs
);
2239 graphic_hw_invalidate(vs
->vd
->dcl
.con
);
2240 graphic_hw_update(vs
->vd
->dcl
.con
);
2243 static void pixel_format_message (VncState
*vs
) {
2244 char pad
[3] = { 0, 0, 0 };
2246 vs
->client_pf
= qemu_default_pixelformat(32);
2248 vnc_write_u8(vs
, vs
->client_pf
.bits_per_pixel
); /* bits-per-pixel */
2249 vnc_write_u8(vs
, vs
->client_pf
.depth
); /* depth */
2251 #ifdef HOST_WORDS_BIGENDIAN
2252 vnc_write_u8(vs
, 1); /* big-endian-flag */
2254 vnc_write_u8(vs
, 0); /* big-endian-flag */
2256 vnc_write_u8(vs
, 1); /* true-color-flag */
2257 vnc_write_u16(vs
, vs
->client_pf
.rmax
); /* red-max */
2258 vnc_write_u16(vs
, vs
->client_pf
.gmax
); /* green-max */
2259 vnc_write_u16(vs
, vs
->client_pf
.bmax
); /* blue-max */
2260 vnc_write_u8(vs
, vs
->client_pf
.rshift
); /* red-shift */
2261 vnc_write_u8(vs
, vs
->client_pf
.gshift
); /* green-shift */
2262 vnc_write_u8(vs
, vs
->client_pf
.bshift
); /* blue-shift */
2263 vnc_write(vs
, pad
, 3); /* padding */
2265 vnc_hextile_set_pixel_conversion(vs
, 0);
2266 vs
->write_pixels
= vnc_write_pixels_copy
;
2269 static void vnc_colordepth(VncState
*vs
)
2271 if (vnc_has_feature(vs
, VNC_FEATURE_WMVI
)) {
2272 /* Sending a WMVi message to notify the client*/
2273 vnc_lock_output(vs
);
2274 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
2275 vnc_write_u8(vs
, 0);
2276 vnc_write_u16(vs
, 1); /* number of rects */
2277 vnc_framebuffer_update(vs
, 0, 0,
2278 pixman_image_get_width(vs
->vd
->server
),
2279 pixman_image_get_height(vs
->vd
->server
),
2281 pixel_format_message(vs
);
2282 vnc_unlock_output(vs
);
2285 set_pixel_conversion(vs
);
2289 static int protocol_client_msg(VncState
*vs
, uint8_t *data
, size_t len
)
2293 VncDisplay
*vd
= vs
->vd
;
2296 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
2300 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT
:
2304 set_pixel_format(vs
, read_u8(data
, 4), read_u8(data
, 5),
2305 read_u8(data
, 6), read_u8(data
, 7),
2306 read_u16(data
, 8), read_u16(data
, 10),
2307 read_u16(data
, 12), read_u8(data
, 14),
2308 read_u8(data
, 15), read_u8(data
, 16));
2310 case VNC_MSG_CLIENT_SET_ENCODINGS
:
2315 limit
= read_u16(data
, 2);
2317 return 4 + (limit
* 4);
2319 limit
= read_u16(data
, 2);
2321 for (i
= 0; i
< limit
; i
++) {
2322 int32_t val
= read_s32(data
, 4 + (i
* 4));
2323 memcpy(data
+ 4 + (i
* 4), &val
, sizeof(val
));
2326 set_encodings(vs
, (int32_t *)(data
+ 4), limit
);
2328 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST
:
2332 framebuffer_update_request(vs
,
2333 read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4),
2334 read_u16(data
, 6), read_u16(data
, 8));
2336 case VNC_MSG_CLIENT_KEY_EVENT
:
2340 key_event(vs
, read_u8(data
, 1), read_u32(data
, 4));
2342 case VNC_MSG_CLIENT_POINTER_EVENT
:
2346 pointer_event(vs
, read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4));
2348 case VNC_MSG_CLIENT_CUT_TEXT
:
2353 uint32_t dlen
= read_u32(data
, 4);
2354 if (dlen
> (1 << 20)) {
2355 error_report("vnc: client_cut_text msg payload has %u bytes"
2356 " which exceeds our limit of 1MB.", dlen
);
2357 vnc_client_error(vs
);
2365 client_cut_text(vs
, read_u32(data
, 4), data
+ 8);
2367 case VNC_MSG_CLIENT_QEMU
:
2371 switch (read_u8(data
, 1)) {
2372 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT
:
2376 ext_key_event(vs
, read_u16(data
, 2),
2377 read_u32(data
, 4), read_u32(data
, 8));
2379 case VNC_MSG_CLIENT_QEMU_AUDIO
:
2383 switch (read_u16 (data
, 2)) {
2384 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE
:
2387 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE
:
2390 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT
:
2393 switch (read_u8(data
, 4)) {
2394 case 0: vs
->as
.fmt
= AUD_FMT_U8
; break;
2395 case 1: vs
->as
.fmt
= AUD_FMT_S8
; break;
2396 case 2: vs
->as
.fmt
= AUD_FMT_U16
; break;
2397 case 3: vs
->as
.fmt
= AUD_FMT_S16
; break;
2398 case 4: vs
->as
.fmt
= AUD_FMT_U32
; break;
2399 case 5: vs
->as
.fmt
= AUD_FMT_S32
; break;
2401 printf("Invalid audio format %d\n", read_u8(data
, 4));
2402 vnc_client_error(vs
);
2405 vs
->as
.nchannels
= read_u8(data
, 5);
2406 if (vs
->as
.nchannels
!= 1 && vs
->as
.nchannels
!= 2) {
2407 printf("Invalid audio channel coount %d\n",
2409 vnc_client_error(vs
);
2412 vs
->as
.freq
= read_u32(data
, 6);
2415 printf ("Invalid audio message %d\n", read_u8(data
, 4));
2416 vnc_client_error(vs
);
2422 printf("Msg: %d\n", read_u16(data
, 0));
2423 vnc_client_error(vs
);
2428 printf("Msg: %d\n", data
[0]);
2429 vnc_client_error(vs
);
2433 vnc_read_when(vs
, protocol_client_msg
, 1);
2437 static int protocol_client_init(VncState
*vs
, uint8_t *data
, size_t len
)
2443 mode
= data
[0] ? VNC_SHARE_MODE_SHARED
: VNC_SHARE_MODE_EXCLUSIVE
;
2444 switch (vs
->vd
->share_policy
) {
2445 case VNC_SHARE_POLICY_IGNORE
:
2447 * Ignore the shared flag. Nothing to do here.
2449 * Doesn't conform to the rfb spec but is traditional qemu
2450 * behavior, thus left here as option for compatibility
2454 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
:
2456 * Policy: Allow clients ask for exclusive access.
2458 * Implementation: When a client asks for exclusive access,
2459 * disconnect all others. Shared connects are allowed as long
2460 * as no exclusive connection exists.
2462 * This is how the rfb spec suggests to handle the shared flag.
2464 if (mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
2466 QTAILQ_FOREACH(client
, &vs
->vd
->clients
, next
) {
2470 if (client
->share_mode
!= VNC_SHARE_MODE_EXCLUSIVE
&&
2471 client
->share_mode
!= VNC_SHARE_MODE_SHARED
) {
2474 vnc_disconnect_start(client
);
2477 if (mode
== VNC_SHARE_MODE_SHARED
) {
2478 if (vs
->vd
->num_exclusive
> 0) {
2479 vnc_disconnect_start(vs
);
2484 case VNC_SHARE_POLICY_FORCE_SHARED
:
2486 * Policy: Shared connects only.
2487 * Implementation: Disallow clients asking for exclusive access.
2489 * Useful for shared desktop sessions where you don't want
2490 * someone forgetting to say -shared when running the vnc
2491 * client disconnect everybody else.
2493 if (mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
2494 vnc_disconnect_start(vs
);
2499 vnc_set_share_mode(vs
, mode
);
2501 if (vs
->vd
->num_shared
> vs
->vd
->connections_limit
) {
2502 vnc_disconnect_start(vs
);
2506 vs
->client_width
= pixman_image_get_width(vs
->vd
->server
);
2507 vs
->client_height
= pixman_image_get_height(vs
->vd
->server
);
2508 vnc_write_u16(vs
, vs
->client_width
);
2509 vnc_write_u16(vs
, vs
->client_height
);
2511 pixel_format_message(vs
);
2514 size
= snprintf(buf
, sizeof(buf
), "QEMU (%s)", qemu_name
);
2516 size
= snprintf(buf
, sizeof(buf
), "QEMU");
2518 vnc_write_u32(vs
, size
);
2519 vnc_write(vs
, buf
, size
);
2522 vnc_client_cache_auth(vs
);
2523 vnc_qmp_event(vs
, QAPI_EVENT_VNC_INITIALIZED
);
2525 vnc_read_when(vs
, protocol_client_msg
, 1);
2530 void start_client_init(VncState
*vs
)
2532 vnc_read_when(vs
, protocol_client_init
, 1);
2535 static void make_challenge(VncState
*vs
)
2539 srand(time(NULL
)+getpid()+getpid()*987654+rand());
2541 for (i
= 0 ; i
< sizeof(vs
->challenge
) ; i
++)
2542 vs
->challenge
[i
] = (int) (256.0*rand()/(RAND_MAX
+1.0));
2545 static int protocol_client_auth_vnc(VncState
*vs
, uint8_t *data
, size_t len
)
2547 unsigned char response
[VNC_AUTH_CHALLENGE_SIZE
];
2549 unsigned char key
[8];
2550 time_t now
= time(NULL
);
2552 if (!vs
->vd
->password
) {
2553 VNC_DEBUG("No password configured on server");
2556 if (vs
->vd
->expires
< now
) {
2557 VNC_DEBUG("Password is expired");
2561 memcpy(response
, vs
->challenge
, VNC_AUTH_CHALLENGE_SIZE
);
2563 /* Calculate the expected challenge response */
2564 pwlen
= strlen(vs
->vd
->password
);
2565 for (i
=0; i
<sizeof(key
); i
++)
2566 key
[i
] = i
<pwlen
? vs
->vd
->password
[i
] : 0;
2568 for (j
= 0; j
< VNC_AUTH_CHALLENGE_SIZE
; j
+= 8)
2569 des(response
+j
, response
+j
);
2571 /* Compare expected vs actual challenge response */
2572 if (memcmp(response
, data
, VNC_AUTH_CHALLENGE_SIZE
) != 0) {
2573 VNC_DEBUG("Client challenge response did not match\n");
2576 VNC_DEBUG("Accepting VNC challenge response\n");
2577 vnc_write_u32(vs
, 0); /* Accept auth */
2580 start_client_init(vs
);
2585 vnc_write_u32(vs
, 1); /* Reject auth */
2586 if (vs
->minor
>= 8) {
2587 static const char err
[] = "Authentication failed";
2588 vnc_write_u32(vs
, sizeof(err
));
2589 vnc_write(vs
, err
, sizeof(err
));
2592 vnc_client_error(vs
);
2596 void start_auth_vnc(VncState
*vs
)
2599 /* Send client a 'random' challenge */
2600 vnc_write(vs
, vs
->challenge
, sizeof(vs
->challenge
));
2603 vnc_read_when(vs
, protocol_client_auth_vnc
, sizeof(vs
->challenge
));
2607 static int protocol_client_auth(VncState
*vs
, uint8_t *data
, size_t len
)
2609 /* We only advertise 1 auth scheme at a time, so client
2610 * must pick the one we sent. Verify this */
2611 if (data
[0] != vs
->auth
) { /* Reject auth */
2612 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data
[0]);
2613 vnc_write_u32(vs
, 1);
2614 if (vs
->minor
>= 8) {
2615 static const char err
[] = "Authentication failed";
2616 vnc_write_u32(vs
, sizeof(err
));
2617 vnc_write(vs
, err
, sizeof(err
));
2619 vnc_client_error(vs
);
2620 } else { /* Accept requested auth */
2621 VNC_DEBUG("Client requested auth %d\n", (int)data
[0]);
2624 VNC_DEBUG("Accept auth none\n");
2625 if (vs
->minor
>= 8) {
2626 vnc_write_u32(vs
, 0); /* Accept auth completion */
2629 start_client_init(vs
);
2633 VNC_DEBUG("Start VNC auth\n");
2637 #ifdef CONFIG_VNC_TLS
2638 case VNC_AUTH_VENCRYPT
:
2639 VNC_DEBUG("Accept VeNCrypt auth\n");
2640 start_auth_vencrypt(vs
);
2642 #endif /* CONFIG_VNC_TLS */
2644 #ifdef CONFIG_VNC_SASL
2646 VNC_DEBUG("Accept SASL auth\n");
2647 start_auth_sasl(vs
);
2649 #endif /* CONFIG_VNC_SASL */
2651 default: /* Should not be possible, but just in case */
2652 VNC_DEBUG("Reject auth %d server code bug\n", vs
->auth
);
2653 vnc_write_u8(vs
, 1);
2654 if (vs
->minor
>= 8) {
2655 static const char err
[] = "Authentication failed";
2656 vnc_write_u32(vs
, sizeof(err
));
2657 vnc_write(vs
, err
, sizeof(err
));
2659 vnc_client_error(vs
);
2665 static int protocol_version(VncState
*vs
, uint8_t *version
, size_t len
)
2669 memcpy(local
, version
, 12);
2672 if (sscanf(local
, "RFB %03d.%03d\n", &vs
->major
, &vs
->minor
) != 2) {
2673 VNC_DEBUG("Malformed protocol version %s\n", local
);
2674 vnc_client_error(vs
);
2677 VNC_DEBUG("Client request protocol version %d.%d\n", vs
->major
, vs
->minor
);
2678 if (vs
->major
!= 3 ||
2684 VNC_DEBUG("Unsupported client version\n");
2685 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2687 vnc_client_error(vs
);
2690 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2691 * as equivalent to v3.3 by servers
2693 if (vs
->minor
== 4 || vs
->minor
== 5)
2696 if (vs
->minor
== 3) {
2697 if (vs
->auth
== VNC_AUTH_NONE
) {
2698 VNC_DEBUG("Tell client auth none\n");
2699 vnc_write_u32(vs
, vs
->auth
);
2701 start_client_init(vs
);
2702 } else if (vs
->auth
== VNC_AUTH_VNC
) {
2703 VNC_DEBUG("Tell client VNC auth\n");
2704 vnc_write_u32(vs
, vs
->auth
);
2708 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs
->auth
);
2709 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2711 vnc_client_error(vs
);
2714 VNC_DEBUG("Telling client we support auth %d\n", vs
->auth
);
2715 vnc_write_u8(vs
, 1); /* num auth */
2716 vnc_write_u8(vs
, vs
->auth
);
2717 vnc_read_when(vs
, protocol_client_auth
, 1);
2724 static VncRectStat
*vnc_stat_rect(VncDisplay
*vd
, int x
, int y
)
2726 struct VncSurface
*vs
= &vd
->guest
;
2728 return &vs
->stats
[y
/ VNC_STAT_RECT
][x
/ VNC_STAT_RECT
];
2731 void vnc_sent_lossy_rect(VncState
*vs
, int x
, int y
, int w
, int h
)
2735 w
= (x
+ w
) / VNC_STAT_RECT
;
2736 h
= (y
+ h
) / VNC_STAT_RECT
;
2740 for (j
= y
; j
<= h
; j
++) {
2741 for (i
= x
; i
<= w
; i
++) {
2742 vs
->lossy_rect
[j
][i
] = 1;
2747 static int vnc_refresh_lossy_rect(VncDisplay
*vd
, int x
, int y
)
2750 int sty
= y
/ VNC_STAT_RECT
;
2751 int stx
= x
/ VNC_STAT_RECT
;
2754 y
= y
/ VNC_STAT_RECT
* VNC_STAT_RECT
;
2755 x
= x
/ VNC_STAT_RECT
* VNC_STAT_RECT
;
2757 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2760 /* kernel send buffers are full -> refresh later */
2761 if (vs
->output
.offset
) {
2765 if (!vs
->lossy_rect
[sty
][stx
]) {
2769 vs
->lossy_rect
[sty
][stx
] = 0;
2770 for (j
= 0; j
< VNC_STAT_RECT
; ++j
) {
2771 bitmap_set(vs
->dirty
[y
+ j
],
2772 x
/ VNC_DIRTY_PIXELS_PER_BIT
,
2773 VNC_STAT_RECT
/ VNC_DIRTY_PIXELS_PER_BIT
);
2781 static int vnc_update_stats(VncDisplay
*vd
, struct timeval
* tv
)
2783 int width
= pixman_image_get_width(vd
->guest
.fb
);
2784 int height
= pixman_image_get_height(vd
->guest
.fb
);
2789 for (y
= 0; y
< height
; y
+= VNC_STAT_RECT
) {
2790 for (x
= 0; x
< width
; x
+= VNC_STAT_RECT
) {
2791 VncRectStat
*rect
= vnc_stat_rect(vd
, x
, y
);
2793 rect
->updated
= false;
2797 qemu_timersub(tv
, &VNC_REFRESH_STATS
, &res
);
2799 if (timercmp(&vd
->guest
.last_freq_check
, &res
, >)) {
2802 vd
->guest
.last_freq_check
= *tv
;
2804 for (y
= 0; y
< height
; y
+= VNC_STAT_RECT
) {
2805 for (x
= 0; x
< width
; x
+= VNC_STAT_RECT
) {
2806 VncRectStat
*rect
= vnc_stat_rect(vd
, x
, y
);
2807 int count
= ARRAY_SIZE(rect
->times
);
2808 struct timeval min
, max
;
2810 if (!timerisset(&rect
->times
[count
- 1])) {
2814 max
= rect
->times
[(rect
->idx
+ count
- 1) % count
];
2815 qemu_timersub(tv
, &max
, &res
);
2817 if (timercmp(&res
, &VNC_REFRESH_LOSSY
, >)) {
2819 has_dirty
+= vnc_refresh_lossy_rect(vd
, x
, y
);
2820 memset(rect
->times
, 0, sizeof (rect
->times
));
2824 min
= rect
->times
[rect
->idx
];
2825 max
= rect
->times
[(rect
->idx
+ count
- 1) % count
];
2826 qemu_timersub(&max
, &min
, &res
);
2828 rect
->freq
= res
.tv_sec
+ res
.tv_usec
/ 1000000.;
2829 rect
->freq
/= count
;
2830 rect
->freq
= 1. / rect
->freq
;
2836 double vnc_update_freq(VncState
*vs
, int x
, int y
, int w
, int h
)
2842 x
= (x
/ VNC_STAT_RECT
) * VNC_STAT_RECT
;
2843 y
= (y
/ VNC_STAT_RECT
) * VNC_STAT_RECT
;
2845 for (j
= y
; j
<= y
+ h
; j
+= VNC_STAT_RECT
) {
2846 for (i
= x
; i
<= x
+ w
; i
+= VNC_STAT_RECT
) {
2847 total
+= vnc_stat_rect(vs
->vd
, i
, j
)->freq
;
2859 static void vnc_rect_updated(VncDisplay
*vd
, int x
, int y
, struct timeval
* tv
)
2863 rect
= vnc_stat_rect(vd
, x
, y
);
2864 if (rect
->updated
) {
2867 rect
->times
[rect
->idx
] = *tv
;
2868 rect
->idx
= (rect
->idx
+ 1) % ARRAY_SIZE(rect
->times
);
2869 rect
->updated
= true;
2872 static int vnc_refresh_server_surface(VncDisplay
*vd
)
2874 int width
= MIN(pixman_image_get_width(vd
->guest
.fb
),
2875 pixman_image_get_width(vd
->server
));
2876 int height
= MIN(pixman_image_get_height(vd
->guest
.fb
),
2877 pixman_image_get_height(vd
->server
));
2878 int cmp_bytes
, server_stride
, min_stride
, guest_stride
, y
= 0;
2879 uint8_t *guest_row0
= NULL
, *server_row0
;
2882 pixman_image_t
*tmpbuf
= NULL
;
2884 struct timeval tv
= { 0, 0 };
2886 if (!vd
->non_adaptive
) {
2887 gettimeofday(&tv
, NULL
);
2888 has_dirty
= vnc_update_stats(vd
, &tv
);
2892 * Walk through the guest dirty map.
2893 * Check and copy modified bits from guest to server surface.
2894 * Update server dirty map.
2896 server_row0
= (uint8_t *)pixman_image_get_data(vd
->server
);
2897 server_stride
= guest_stride
= pixman_image_get_stride(vd
->server
);
2898 cmp_bytes
= MIN(VNC_DIRTY_PIXELS_PER_BIT
* VNC_SERVER_FB_BYTES
,
2900 if (vd
->guest
.format
!= VNC_SERVER_FB_FORMAT
) {
2901 int width
= pixman_image_get_width(vd
->server
);
2902 tmpbuf
= qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT
, width
);
2904 guest_row0
= (uint8_t *)pixman_image_get_data(vd
->guest
.fb
);
2905 guest_stride
= pixman_image_get_stride(vd
->guest
.fb
);
2907 min_stride
= MIN(server_stride
, guest_stride
);
2911 uint8_t *guest_ptr
, *server_ptr
;
2912 unsigned long offset
= find_next_bit((unsigned long *) &vd
->guest
.dirty
,
2913 height
* VNC_DIRTY_BPL(&vd
->guest
),
2914 y
* VNC_DIRTY_BPL(&vd
->guest
));
2915 if (offset
== height
* VNC_DIRTY_BPL(&vd
->guest
)) {
2916 /* no more dirty bits */
2919 y
= offset
/ VNC_DIRTY_BPL(&vd
->guest
);
2920 x
= offset
% VNC_DIRTY_BPL(&vd
->guest
);
2922 server_ptr
= server_row0
+ y
* server_stride
+ x
* cmp_bytes
;
2924 if (vd
->guest
.format
!= VNC_SERVER_FB_FORMAT
) {
2925 qemu_pixman_linebuf_fill(tmpbuf
, vd
->guest
.fb
, width
, 0, y
);
2926 guest_ptr
= (uint8_t *)pixman_image_get_data(tmpbuf
);
2928 guest_ptr
= guest_row0
+ y
* guest_stride
;
2930 guest_ptr
+= x
* cmp_bytes
;
2932 for (; x
< DIV_ROUND_UP(width
, VNC_DIRTY_PIXELS_PER_BIT
);
2933 x
++, guest_ptr
+= cmp_bytes
, server_ptr
+= cmp_bytes
) {
2934 int _cmp_bytes
= cmp_bytes
;
2935 if (!test_and_clear_bit(x
, vd
->guest
.dirty
[y
])) {
2938 if ((x
+ 1) * cmp_bytes
> min_stride
) {
2939 _cmp_bytes
= min_stride
- x
* cmp_bytes
;
2941 if (memcmp(server_ptr
, guest_ptr
, _cmp_bytes
) == 0) {
2944 memcpy(server_ptr
, guest_ptr
, _cmp_bytes
);
2945 if (!vd
->non_adaptive
) {
2946 vnc_rect_updated(vd
, x
* VNC_DIRTY_PIXELS_PER_BIT
,
2949 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2950 set_bit(x
, vs
->dirty
[y
]);
2957 qemu_pixman_image_unref(tmpbuf
);
2961 static void vnc_refresh(DisplayChangeListener
*dcl
)
2963 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
2965 int has_dirty
, rects
= 0;
2967 if (QTAILQ_EMPTY(&vd
->clients
)) {
2968 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_MAX
);
2972 graphic_hw_update(vd
->dcl
.con
);
2974 if (vnc_trylock_display(vd
)) {
2975 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
2979 has_dirty
= vnc_refresh_server_surface(vd
);
2980 vnc_unlock_display(vd
);
2982 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
2983 rects
+= vnc_update_client(vs
, has_dirty
, false);
2984 /* vs might be free()ed here */
2987 if (has_dirty
&& rects
) {
2988 vd
->dcl
.update_interval
/= 2;
2989 if (vd
->dcl
.update_interval
< VNC_REFRESH_INTERVAL_BASE
) {
2990 vd
->dcl
.update_interval
= VNC_REFRESH_INTERVAL_BASE
;
2993 vd
->dcl
.update_interval
+= VNC_REFRESH_INTERVAL_INC
;
2994 if (vd
->dcl
.update_interval
> VNC_REFRESH_INTERVAL_MAX
) {
2995 vd
->dcl
.update_interval
= VNC_REFRESH_INTERVAL_MAX
;
3000 static void vnc_connect(VncDisplay
*vd
, int csock
,
3001 bool skipauth
, bool websocket
)
3003 VncState
*vs
= g_malloc0(sizeof(VncState
));
3010 vs
->auth
= VNC_AUTH_NONE
;
3011 #ifdef CONFIG_VNC_TLS
3012 vs
->subauth
= VNC_AUTH_INVALID
;
3015 vs
->auth
= vd
->auth
;
3016 #ifdef CONFIG_VNC_TLS
3017 vs
->subauth
= vd
->subauth
;
3021 vs
->lossy_rect
= g_malloc0(VNC_STAT_ROWS
* sizeof (*vs
->lossy_rect
));
3022 for (i
= 0; i
< VNC_STAT_ROWS
; ++i
) {
3023 vs
->lossy_rect
[i
] = g_malloc0(VNC_STAT_COLS
* sizeof (uint8_t));
3026 VNC_DEBUG("New client on socket %d\n", csock
);
3027 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
3028 qemu_set_nonblock(vs
->csock
);
3029 #ifdef CONFIG_VNC_WS
3032 #ifdef CONFIG_VNC_TLS
3033 if (vd
->tls
.x509cert
) {
3034 qemu_set_fd_handler2(vs
->csock
, NULL
, vncws_tls_handshake_peek
,
3037 #endif /* CONFIG_VNC_TLS */
3039 qemu_set_fd_handler2(vs
->csock
, NULL
, vncws_handshake_read
,
3043 #endif /* CONFIG_VNC_WS */
3045 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
3048 vnc_client_cache_addr(vs
);
3049 vnc_qmp_event(vs
, QAPI_EVENT_VNC_CONNECTED
);
3050 vnc_set_share_mode(vs
, VNC_SHARE_MODE_CONNECTING
);
3052 #ifdef CONFIG_VNC_WS
3059 if (vd
->num_connecting
> vd
->connections_limit
) {
3060 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
3061 if (vs
->share_mode
== VNC_SHARE_MODE_CONNECTING
) {
3062 vnc_disconnect_start(vs
);
3069 void vnc_init_state(VncState
*vs
)
3071 vs
->initialized
= true;
3072 VncDisplay
*vd
= vs
->vd
;
3077 vs
->as
.freq
= 44100;
3078 vs
->as
.nchannels
= 2;
3079 vs
->as
.fmt
= AUD_FMT_S16
;
3080 vs
->as
.endianness
= 0;
3082 qemu_mutex_init(&vs
->output_mutex
);
3083 vs
->bh
= qemu_bh_new(vnc_jobs_bh
, vs
);
3085 QTAILQ_INSERT_TAIL(&vd
->clients
, vs
, next
);
3087 graphic_hw_update(vd
->dcl
.con
);
3089 vnc_write(vs
, "RFB 003.008\n", 12);
3091 vnc_read_when(vs
, protocol_version
, 12);
3093 if (vs
->vd
->lock_key_sync
)
3094 vs
->led
= qemu_add_led_event_handler(kbd_leds
, vs
);
3096 vs
->mouse_mode_notifier
.notify
= check_pointer_type_change
;
3097 qemu_add_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
3099 /* vs might be free()ed here */
3102 static void vnc_listen_read(void *opaque
, bool websocket
)
3104 VncDisplay
*vs
= opaque
;
3105 struct sockaddr_in addr
;
3106 socklen_t addrlen
= sizeof(addr
);
3110 graphic_hw_update(vs
->dcl
.con
);
3111 #ifdef CONFIG_VNC_WS
3113 csock
= qemu_accept(vs
->lwebsock
, (struct sockaddr
*)&addr
, &addrlen
);
3115 #endif /* CONFIG_VNC_WS */
3117 csock
= qemu_accept(vs
->lsock
, (struct sockaddr
*)&addr
, &addrlen
);
3121 socket_set_nodelay(csock
);
3122 vnc_connect(vs
, csock
, false, websocket
);
3126 static void vnc_listen_regular_read(void *opaque
)
3128 vnc_listen_read(opaque
, false);
3131 #ifdef CONFIG_VNC_WS
3132 static void vnc_listen_websocket_read(void *opaque
)
3134 vnc_listen_read(opaque
, true);
3136 #endif /* CONFIG_VNC_WS */
3138 static const DisplayChangeListenerOps dcl_ops
= {
3140 .dpy_refresh
= vnc_refresh
,
3141 .dpy_gfx_copy
= vnc_dpy_copy
,
3142 .dpy_gfx_update
= vnc_dpy_update
,
3143 .dpy_gfx_switch
= vnc_dpy_switch
,
3144 .dpy_gfx_check_format
= qemu_pixman_check_format
,
3145 .dpy_mouse_set
= vnc_mouse_set
,
3146 .dpy_cursor_define
= vnc_dpy_cursor_define
,
3149 void vnc_display_init(const char *id
)
3153 if (vnc_display_find(id
) != NULL
) {
3156 vs
= g_malloc0(sizeof(*vs
));
3158 vs
->id
= strdup(id
);
3159 QTAILQ_INSERT_TAIL(&vnc_displays
, vs
, next
);
3162 #ifdef CONFIG_VNC_WS
3166 QTAILQ_INIT(&vs
->clients
);
3167 vs
->expires
= TIME_MAX
;
3169 if (keyboard_layout
) {
3170 trace_vnc_key_map_init(keyboard_layout
);
3171 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, keyboard_layout
);
3173 vs
->kbd_layout
= init_keyboard_layout(name2keysym
, "en-us");
3176 if (!vs
->kbd_layout
)
3179 qemu_mutex_init(&vs
->mutex
);
3180 vnc_start_worker_thread();
3182 vs
->dcl
.ops
= &dcl_ops
;
3183 register_displaychangelistener(&vs
->dcl
);
3187 static void vnc_display_close(VncDisplay
*vs
)
3191 g_free(vs
->display
);
3193 if (vs
->lsock
!= -1) {
3194 qemu_set_fd_handler2(vs
->lsock
, NULL
, NULL
, NULL
, NULL
);
3198 #ifdef CONFIG_VNC_WS
3199 g_free(vs
->ws_display
);
3200 vs
->ws_display
= NULL
;
3201 if (vs
->lwebsock
!= -1) {
3202 qemu_set_fd_handler2(vs
->lwebsock
, NULL
, NULL
, NULL
, NULL
);
3203 close(vs
->lwebsock
);
3206 #endif /* CONFIG_VNC_WS */
3207 vs
->auth
= VNC_AUTH_INVALID
;
3208 #ifdef CONFIG_VNC_TLS
3209 vs
->subauth
= VNC_AUTH_INVALID
;
3210 vs
->tls
.x509verify
= 0;
3214 int vnc_display_password(const char *id
, const char *password
)
3216 VncDisplay
*vs
= vnc_display_find(id
);
3221 if (vs
->auth
== VNC_AUTH_NONE
) {
3222 error_printf_unless_qmp("If you want use passwords please enable "
3223 "password auth using '-vnc ${dpy},password'.");
3227 g_free(vs
->password
);
3228 vs
->password
= g_strdup(password
);
3233 int vnc_display_pw_expire(const char *id
, time_t expires
)
3235 VncDisplay
*vs
= vnc_display_find(id
);
3241 vs
->expires
= expires
;
3245 char *vnc_display_local_addr(const char *id
)
3247 VncDisplay
*vs
= vnc_display_find(id
);
3249 return vnc_socket_local_addr("%s:%s", vs
->lsock
);
3252 static QemuOptsList qemu_vnc_opts
= {
3254 .head
= QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts
.head
),
3255 .implied_opt_name
= "vnc",
3259 .type
= QEMU_OPT_STRING
,
3261 .name
= "websocket",
3262 .type
= QEMU_OPT_STRING
,
3265 .type
= QEMU_OPT_STRING
,
3268 .type
= QEMU_OPT_STRING
,
3271 .type
= QEMU_OPT_STRING
,
3274 .type
= QEMU_OPT_NUMBER
,
3276 .name
= "connections",
3277 .type
= QEMU_OPT_NUMBER
,
3280 .type
= QEMU_OPT_BOOL
,
3283 .type
= QEMU_OPT_BOOL
,
3285 .name
= "lock-key-sync",
3286 .type
= QEMU_OPT_BOOL
,
3289 .type
= QEMU_OPT_BOOL
,
3292 .type
= QEMU_OPT_BOOL
,
3294 .name
= "x509verify",
3295 .type
= QEMU_OPT_BOOL
,
3298 .type
= QEMU_OPT_BOOL
,
3301 .type
= QEMU_OPT_BOOL
,
3303 .name
= "non-adaptive",
3304 .type
= QEMU_OPT_BOOL
,
3306 { /* end of list */ }
3310 void vnc_display_open(const char *id
, Error
**errp
)
3312 VncDisplay
*vs
= vnc_display_find(id
);
3313 QemuOpts
*opts
= qemu_opts_find(&qemu_vnc_opts
, id
);
3314 const char *display
, *share
, *device_id
;
3318 #ifdef CONFIG_VNC_WS
3319 const char *websocket
;
3321 #ifdef CONFIG_VNC_TLS
3322 int tls
= 0, x509
= 0;
3325 #ifdef CONFIG_VNC_SASL
3329 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
3332 int lock_key_sync
= 1;
3335 error_setg(errp
, "VNC display not active");
3338 vnc_display_close(vs
);
3343 display
= qemu_opt_get(opts
, "vnc");
3344 if (!display
|| strcmp(display
, "none") == 0) {
3347 vs
->display
= g_strdup(display
);
3349 password
= qemu_opt_get_bool(opts
, "password", false);
3350 if (password
&& fips_get_state()) {
3352 "VNC password auth disabled due to FIPS mode, "
3353 "consider using the VeNCrypt or SASL authentication "
3354 "methods as an alternative");
3358 reverse
= qemu_opt_get_bool(opts
, "reverse", false);
3359 lock_key_sync
= qemu_opt_get_bool(opts
, "lock-key-sync", true);
3360 #ifdef CONFIG_VNC_SASL
3361 sasl
= qemu_opt_get_bool(opts
, "sasl", false);
3363 #ifdef CONFIG_VNC_TLS
3364 tls
= qemu_opt_get_bool(opts
, "tls", false);
3365 path
= qemu_opt_get(opts
, "x509");
3368 vs
->tls
.x509verify
= qemu_opt_get_bool(opts
, "x509verify", false);
3369 if (vnc_tls_set_x509_creds_dir(vs
, path
) < 0) {
3370 error_setg(errp
, "Failed to find x509 certificates/keys in %s",
3376 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
3377 acl
= qemu_opt_get_bool(opts
, "acl", false);
3380 share
= qemu_opt_get(opts
, "share");
3382 if (strcmp(share
, "ignore") == 0) {
3383 vs
->share_policy
= VNC_SHARE_POLICY_IGNORE
;
3384 } else if (strcmp(share
, "allow-exclusive") == 0) {
3385 vs
->share_policy
= VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
;
3386 } else if (strcmp(share
, "force-shared") == 0) {
3387 vs
->share_policy
= VNC_SHARE_POLICY_FORCE_SHARED
;
3389 error_setg(errp
, "unknown vnc share= option");
3393 vs
->share_policy
= VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
;
3395 vs
->connections_limit
= qemu_opt_get_number(opts
, "connections", 32);
3397 #ifdef CONFIG_VNC_WS
3398 websocket
= qemu_opt_get(opts
, "websocket");
3400 /* extract the host specification from display */
3401 char *host
= NULL
, *host_end
= NULL
;
3404 /* ipv6 hosts have colons */
3405 host_end
= strrchr(display
, ':');
3407 host
= g_strndup(display
, host_end
- display
+ 1);
3409 host
= g_strdup(":");
3411 vs
->ws_display
= g_strconcat(host
, websocket
, NULL
);
3414 #endif /* CONFIG_VNC_WS */
3416 #ifdef CONFIG_VNC_JPEG
3417 vs
->lossy
= qemu_opt_get_bool(opts
, "lossy", false);
3419 vs
->non_adaptive
= qemu_opt_get_bool(opts
, "non-adaptive", false);
3420 /* adaptive updates are only used with tight encoding and
3421 * if lossy updates are enabled so we can disable all the
3422 * calculations otherwise */
3424 vs
->non_adaptive
= true;
3427 #ifdef CONFIG_VNC_TLS
3428 if (acl
&& x509
&& vs
->tls
.x509verify
) {
3431 if (strcmp(vs
->id
, "default") == 0) {
3432 aclname
= g_strdup("vnc.x509dname");
3434 aclname
= g_strdup_printf("vnc.%s.x509dname", vs
->id
);
3436 vs
->tls
.acl
= qemu_acl_init(aclname
);
3438 fprintf(stderr
, "Failed to create x509 dname ACL\n");
3444 #ifdef CONFIG_VNC_SASL
3448 if (strcmp(vs
->id
, "default") == 0) {
3449 aclname
= g_strdup("vnc.username");
3451 aclname
= g_strdup_printf("vnc.%s.username", vs
->id
);
3453 vs
->sasl
.acl
= qemu_acl_init(aclname
);
3454 if (!vs
->sasl
.acl
) {
3455 fprintf(stderr
, "Failed to create username ACL\n");
3463 * Combinations we support here:
3465 * - no-auth (clear text, no auth)
3466 * - password (clear text, weak auth)
3467 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
3468 * - tls (encrypt, weak anonymous creds, no auth)
3469 * - tls + password (encrypt, weak anonymous creds, weak auth)
3470 * - tls + sasl (encrypt, weak anonymous creds, good auth)
3471 * - tls + x509 (encrypt, good x509 creds, no auth)
3472 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
3473 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
3475 * NB1. TLS is a stackable auth scheme.
3476 * NB2. the x509 schemes have option to validate a client cert dname
3479 #ifdef CONFIG_VNC_TLS
3481 vs
->auth
= VNC_AUTH_VENCRYPT
;
3483 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3484 vs
->subauth
= VNC_AUTH_VENCRYPT_X509VNC
;
3486 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3487 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSVNC
;
3490 #endif /* CONFIG_VNC_TLS */
3491 VNC_DEBUG("Initializing VNC server with password auth\n");
3492 vs
->auth
= VNC_AUTH_VNC
;
3493 #ifdef CONFIG_VNC_TLS
3494 vs
->subauth
= VNC_AUTH_INVALID
;
3496 #endif /* CONFIG_VNC_TLS */
3497 #ifdef CONFIG_VNC_SASL
3499 #ifdef CONFIG_VNC_TLS
3501 vs
->auth
= VNC_AUTH_VENCRYPT
;
3503 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3504 vs
->subauth
= VNC_AUTH_VENCRYPT_X509SASL
;
3506 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3507 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSSASL
;
3510 #endif /* CONFIG_VNC_TLS */
3511 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3512 vs
->auth
= VNC_AUTH_SASL
;
3513 #ifdef CONFIG_VNC_TLS
3514 vs
->subauth
= VNC_AUTH_INVALID
;
3516 #endif /* CONFIG_VNC_TLS */
3517 #endif /* CONFIG_VNC_SASL */
3519 #ifdef CONFIG_VNC_TLS
3521 vs
->auth
= VNC_AUTH_VENCRYPT
;
3523 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3524 vs
->subauth
= VNC_AUTH_VENCRYPT_X509NONE
;
3526 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3527 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSNONE
;
3531 VNC_DEBUG("Initializing VNC server with no auth\n");
3532 vs
->auth
= VNC_AUTH_NONE
;
3533 #ifdef CONFIG_VNC_TLS
3534 vs
->subauth
= VNC_AUTH_INVALID
;
3539 #ifdef CONFIG_VNC_SASL
3540 if ((saslErr
= sasl_server_init(NULL
, "qemu")) != SASL_OK
) {
3541 error_setg(errp
, "Failed to initialize SASL auth: %s",
3542 sasl_errstring(saslErr
, NULL
, NULL
));
3546 vs
->lock_key_sync
= lock_key_sync
;
3548 device_id
= qemu_opt_get(opts
, "display");
3551 int head
= qemu_opt_get_number(opts
, "head", 0);
3553 dev
= qdev_find_recursive(sysbus_get_default(), device_id
);
3555 error_set(errp
, QERR_DEVICE_NOT_FOUND
, device_id
);
3559 con
= qemu_console_lookup_by_device(dev
, head
);
3561 error_setg(errp
, "Device %s is not bound to a QemuConsole",
3569 if (con
!= vs
->dcl
.con
) {
3570 unregister_displaychangelistener(&vs
->dcl
);
3572 register_displaychangelistener(&vs
->dcl
);
3576 /* connect to viewer */
3579 #ifdef CONFIG_VNC_WS
3582 if (strncmp(display
, "unix:", 5) == 0) {
3583 csock
= unix_connect(display
+5, errp
);
3585 csock
= inet_connect(display
, errp
);
3590 vnc_connect(vs
, csock
, false, false);
3592 /* listen for connects */
3594 dpy
= g_malloc(256);
3595 if (strncmp(display
, "unix:", 5) == 0) {
3596 pstrcpy(dpy
, 256, "unix:");
3597 vs
->lsock
= unix_listen(display
+5, dpy
+5, 256-5, errp
);
3599 vs
->lsock
= inet_listen(display
, dpy
, 256,
3600 SOCK_STREAM
, 5900, errp
);
3601 if (vs
->lsock
< 0) {
3605 #ifdef CONFIG_VNC_WS
3606 if (vs
->websocket
) {
3607 if (vs
->ws_display
) {
3608 vs
->lwebsock
= inet_listen(vs
->ws_display
, NULL
, 256,
3609 SOCK_STREAM
, 0, errp
);
3611 vs
->lwebsock
= inet_listen(vs
->display
, NULL
, 256,
3612 SOCK_STREAM
, 5700, errp
);
3615 if (vs
->lwebsock
< 0) {
3624 #endif /* CONFIG_VNC_WS */
3626 g_free(vs
->display
);
3628 qemu_set_fd_handler2(vs
->lsock
, NULL
,
3629 vnc_listen_regular_read
, NULL
, vs
);
3630 #ifdef CONFIG_VNC_WS
3631 if (vs
->websocket
) {
3632 qemu_set_fd_handler2(vs
->lwebsock
, NULL
,
3633 vnc_listen_websocket_read
, NULL
, vs
);
3635 #endif /* CONFIG_VNC_WS */
3640 g_free(vs
->display
);
3642 #ifdef CONFIG_VNC_WS
3643 g_free(vs
->ws_display
);
3644 vs
->ws_display
= NULL
;
3645 #endif /* CONFIG_VNC_WS */
3648 void vnc_display_add_client(const char *id
, int csock
, bool skipauth
)
3650 VncDisplay
*vs
= vnc_display_find(id
);
3655 vnc_connect(vs
, csock
, skipauth
, false);
3658 QemuOpts
*vnc_parse_func(const char *str
)
3660 return qemu_opts_parse(qemu_find_opts("vnc"), str
, 1);
3663 int vnc_init_func(QemuOpts
*opts
, void *opaque
)
3665 Error
*local_err
= NULL
;
3666 QemuOptsList
*olist
= qemu_find_opts("vnc");
3667 char *id
= (char *)qemu_opts_id(opts
);
3670 /* auto-assign id if not present */
3672 id
= g_strdup("default");
3673 while (qemu_opts_find(olist
, id
)) {
3675 id
= g_strdup_printf("vnc%d", i
++);
3677 qemu_opts_set_id(opts
, id
);
3680 vnc_display_init(id
);
3681 vnc_display_open(id
, &local_err
);
3682 if (local_err
!= NULL
) {
3683 error_report("Failed to start VNC server on `%s': %s",
3684 qemu_opt_get(opts
, "display"),
3685 error_get_pretty(local_err
));
3686 error_free(local_err
);
3692 static void vnc_register_config(void)
3694 qemu_add_opts(&qemu_vnc_opts
);
3696 machine_init(vnc_register_config
);
