2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
27 #include "qemu/osdep.h"
31 #include "sysemu/sysemu.h"
32 #include "qemu/error-report.h"
33 #include "qemu/option.h"
34 #include "qemu/sockets.h"
35 #include "qemu/timer.h"
37 #include "qemu/config-file.h"
38 #include "qapi/qapi-events.h"
39 #include "qapi/error.h"
40 #include "qapi/qapi-commands-ui.h"
42 #include "crypto/hash.h"
43 #include "crypto/tlscredsanon.h"
44 #include "crypto/tlscredsx509.h"
45 #include "qom/object_interfaces.h"
46 #include "qemu/cutils.h"
47 #include "io/dns-resolver.h"
49 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
50 #define VNC_REFRESH_INTERVAL_INC 50
51 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
52 static const struct timeval VNC_REFRESH_STATS
= { 0, 500000 };
53 static const struct timeval VNC_REFRESH_LOSSY
= { 2, 0 };
55 #include "vnc_keysym.h"
56 #include "crypto/cipher.h"
58 static QTAILQ_HEAD(, VncDisplay
) vnc_displays
=
59 QTAILQ_HEAD_INITIALIZER(vnc_displays
);
61 static int vnc_cursor_define(VncState
*vs
);
62 static void vnc_release_modifiers(VncState
*vs
);
63 static void vnc_update_throttle_offset(VncState
*vs
);
65 static void vnc_set_share_mode(VncState
*vs
, VncShareMode mode
)
68 static const char *mn
[] = {
70 [VNC_SHARE_MODE_CONNECTING
] = "connecting",
71 [VNC_SHARE_MODE_SHARED
] = "shared",
72 [VNC_SHARE_MODE_EXCLUSIVE
] = "exclusive",
73 [VNC_SHARE_MODE_DISCONNECTED
] = "disconnected",
75 fprintf(stderr
, "%s/%p: %s -> %s\n", __func__
,
76 vs
->ioc
, mn
[vs
->share_mode
], mn
[mode
]);
79 switch (vs
->share_mode
) {
80 case VNC_SHARE_MODE_CONNECTING
:
81 vs
->vd
->num_connecting
--;
83 case VNC_SHARE_MODE_SHARED
:
86 case VNC_SHARE_MODE_EXCLUSIVE
:
87 vs
->vd
->num_exclusive
--;
93 vs
->share_mode
= mode
;
95 switch (vs
->share_mode
) {
96 case VNC_SHARE_MODE_CONNECTING
:
97 vs
->vd
->num_connecting
++;
99 case VNC_SHARE_MODE_SHARED
:
100 vs
->vd
->num_shared
++;
102 case VNC_SHARE_MODE_EXCLUSIVE
:
103 vs
->vd
->num_exclusive
++;
111 static void vnc_init_basic_info(SocketAddress
*addr
,
115 switch (addr
->type
) {
116 case SOCKET_ADDRESS_TYPE_INET
:
117 info
->host
= g_strdup(addr
->u
.inet
.host
);
118 info
->service
= g_strdup(addr
->u
.inet
.port
);
119 if (addr
->u
.inet
.ipv6
) {
120 info
->family
= NETWORK_ADDRESS_FAMILY_IPV6
;
122 info
->family
= NETWORK_ADDRESS_FAMILY_IPV4
;
126 case SOCKET_ADDRESS_TYPE_UNIX
:
127 info
->host
= g_strdup("");
128 info
->service
= g_strdup(addr
->u
.q_unix
.path
);
129 info
->family
= NETWORK_ADDRESS_FAMILY_UNIX
;
132 case SOCKET_ADDRESS_TYPE_VSOCK
:
133 case SOCKET_ADDRESS_TYPE_FD
:
134 error_setg(errp
, "Unsupported socket address type %s",
135 SocketAddressType_str(addr
->type
));
144 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket
*ioc
,
148 SocketAddress
*addr
= NULL
;
151 error_setg(errp
, "No listener socket available");
155 addr
= qio_channel_socket_get_local_address(ioc
, errp
);
160 vnc_init_basic_info(addr
, info
, errp
);
161 qapi_free_SocketAddress(addr
);
164 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket
*ioc
,
168 SocketAddress
*addr
= NULL
;
170 addr
= qio_channel_socket_get_remote_address(ioc
, errp
);
175 vnc_init_basic_info(addr
, info
, errp
);
176 qapi_free_SocketAddress(addr
);
179 static const char *vnc_auth_name(VncDisplay
*vd
) {
181 case VNC_AUTH_INVALID
:
197 case VNC_AUTH_VENCRYPT
:
198 switch (vd
->subauth
) {
199 case VNC_AUTH_VENCRYPT_PLAIN
:
200 return "vencrypt+plain";
201 case VNC_AUTH_VENCRYPT_TLSNONE
:
202 return "vencrypt+tls+none";
203 case VNC_AUTH_VENCRYPT_TLSVNC
:
204 return "vencrypt+tls+vnc";
205 case VNC_AUTH_VENCRYPT_TLSPLAIN
:
206 return "vencrypt+tls+plain";
207 case VNC_AUTH_VENCRYPT_X509NONE
:
208 return "vencrypt+x509+none";
209 case VNC_AUTH_VENCRYPT_X509VNC
:
210 return "vencrypt+x509+vnc";
211 case VNC_AUTH_VENCRYPT_X509PLAIN
:
212 return "vencrypt+x509+plain";
213 case VNC_AUTH_VENCRYPT_TLSSASL
:
214 return "vencrypt+tls+sasl";
215 case VNC_AUTH_VENCRYPT_X509SASL
:
216 return "vencrypt+x509+sasl";
226 static VncServerInfo
*vnc_server_info_get(VncDisplay
*vd
)
231 if (!vd
->listener
|| !vd
->listener
->nsioc
) {
235 info
= g_malloc0(sizeof(*info
));
236 vnc_init_basic_info_from_server_addr(vd
->listener
->sioc
[0],
237 qapi_VncServerInfo_base(info
), &err
);
238 info
->has_auth
= true;
239 info
->auth
= g_strdup(vnc_auth_name(vd
));
241 qapi_free_VncServerInfo(info
);
248 static void vnc_client_cache_auth(VncState
*client
)
255 client
->info
->x509_dname
=
256 qcrypto_tls_session_get_peer_name(client
->tls
);
257 client
->info
->has_x509_dname
=
258 client
->info
->x509_dname
!= NULL
;
260 #ifdef CONFIG_VNC_SASL
261 if (client
->sasl
.conn
&&
262 client
->sasl
.username
) {
263 client
->info
->has_sasl_username
= true;
264 client
->info
->sasl_username
= g_strdup(client
->sasl
.username
);
269 static void vnc_client_cache_addr(VncState
*client
)
273 client
->info
= g_malloc0(sizeof(*client
->info
));
274 vnc_init_basic_info_from_remote_addr(client
->sioc
,
275 qapi_VncClientInfo_base(client
->info
),
278 qapi_free_VncClientInfo(client
->info
);
284 static void vnc_qmp_event(VncState
*vs
, QAPIEvent event
)
292 si
= vnc_server_info_get(vs
->vd
);
298 case QAPI_EVENT_VNC_CONNECTED
:
299 qapi_event_send_vnc_connected(si
, qapi_VncClientInfo_base(vs
->info
),
302 case QAPI_EVENT_VNC_INITIALIZED
:
303 qapi_event_send_vnc_initialized(si
, vs
->info
, &error_abort
);
305 case QAPI_EVENT_VNC_DISCONNECTED
:
306 qapi_event_send_vnc_disconnected(si
, vs
->info
, &error_abort
);
312 qapi_free_VncServerInfo(si
);
315 static VncClientInfo
*qmp_query_vnc_client(const VncState
*client
)
320 info
= g_malloc0(sizeof(*info
));
322 vnc_init_basic_info_from_remote_addr(client
->sioc
,
323 qapi_VncClientInfo_base(info
),
327 qapi_free_VncClientInfo(info
);
331 info
->websocket
= client
->websocket
;
334 info
->x509_dname
= qcrypto_tls_session_get_peer_name(client
->tls
);
335 info
->has_x509_dname
= info
->x509_dname
!= NULL
;
337 #ifdef CONFIG_VNC_SASL
338 if (client
->sasl
.conn
&& client
->sasl
.username
) {
339 info
->has_sasl_username
= true;
340 info
->sasl_username
= g_strdup(client
->sasl
.username
);
347 static VncDisplay
*vnc_display_find(const char *id
)
352 return QTAILQ_FIRST(&vnc_displays
);
354 QTAILQ_FOREACH(vd
, &vnc_displays
, next
) {
355 if (strcmp(id
, vd
->id
) == 0) {
362 static VncClientInfoList
*qmp_query_client_list(VncDisplay
*vd
)
364 VncClientInfoList
*cinfo
, *prev
= NULL
;
367 QTAILQ_FOREACH(client
, &vd
->clients
, next
) {
368 cinfo
= g_new0(VncClientInfoList
, 1);
369 cinfo
->value
= qmp_query_vnc_client(client
);
376 VncInfo
*qmp_query_vnc(Error
**errp
)
378 VncInfo
*info
= g_malloc0(sizeof(*info
));
379 VncDisplay
*vd
= vnc_display_find(NULL
);
380 SocketAddress
*addr
= NULL
;
382 if (vd
== NULL
|| !vd
->listener
|| !vd
->listener
->nsioc
) {
383 info
->enabled
= false;
385 info
->enabled
= true;
387 /* for compatibility with the original command */
388 info
->has_clients
= true;
389 info
->clients
= qmp_query_client_list(vd
);
391 addr
= qio_channel_socket_get_local_address(vd
->listener
->sioc
[0],
397 switch (addr
->type
) {
398 case SOCKET_ADDRESS_TYPE_INET
:
399 info
->host
= g_strdup(addr
->u
.inet
.host
);
400 info
->service
= g_strdup(addr
->u
.inet
.port
);
401 if (addr
->u
.inet
.ipv6
) {
402 info
->family
= NETWORK_ADDRESS_FAMILY_IPV6
;
404 info
->family
= NETWORK_ADDRESS_FAMILY_IPV4
;
408 case SOCKET_ADDRESS_TYPE_UNIX
:
409 info
->host
= g_strdup("");
410 info
->service
= g_strdup(addr
->u
.q_unix
.path
);
411 info
->family
= NETWORK_ADDRESS_FAMILY_UNIX
;
414 case SOCKET_ADDRESS_TYPE_VSOCK
:
415 case SOCKET_ADDRESS_TYPE_FD
:
416 error_setg(errp
, "Unsupported socket address type %s",
417 SocketAddressType_str(addr
->type
));
423 info
->has_host
= true;
424 info
->has_service
= true;
425 info
->has_family
= true;
427 info
->has_auth
= true;
428 info
->auth
= g_strdup(vnc_auth_name(vd
));
431 qapi_free_SocketAddress(addr
);
435 qapi_free_SocketAddress(addr
);
436 qapi_free_VncInfo(info
);
441 static void qmp_query_auth(int auth
, int subauth
,
442 VncPrimaryAuth
*qmp_auth
,
443 VncVencryptSubAuth
*qmp_vencrypt
,
444 bool *qmp_has_vencrypt
);
446 static VncServerInfo2List
*qmp_query_server_entry(QIOChannelSocket
*ioc
,
450 VncServerInfo2List
*prev
)
452 VncServerInfo2List
*list
;
453 VncServerInfo2
*info
;
457 addr
= qio_channel_socket_get_local_address(ioc
, &err
);
463 info
= g_new0(VncServerInfo2
, 1);
464 vnc_init_basic_info(addr
, qapi_VncServerInfo2_base(info
), &err
);
465 qapi_free_SocketAddress(addr
);
467 qapi_free_VncServerInfo2(info
);
471 info
->websocket
= websocket
;
473 qmp_query_auth(auth
, subauth
, &info
->auth
,
474 &info
->vencrypt
, &info
->has_vencrypt
);
476 list
= g_new0(VncServerInfo2List
, 1);
482 static void qmp_query_auth(int auth
, int subauth
,
483 VncPrimaryAuth
*qmp_auth
,
484 VncVencryptSubAuth
*qmp_vencrypt
,
485 bool *qmp_has_vencrypt
)
489 *qmp_auth
= VNC_PRIMARY_AUTH_VNC
;
492 *qmp_auth
= VNC_PRIMARY_AUTH_RA2
;
495 *qmp_auth
= VNC_PRIMARY_AUTH_RA2NE
;
498 *qmp_auth
= VNC_PRIMARY_AUTH_TIGHT
;
501 *qmp_auth
= VNC_PRIMARY_AUTH_ULTRA
;
504 *qmp_auth
= VNC_PRIMARY_AUTH_TLS
;
506 case VNC_AUTH_VENCRYPT
:
507 *qmp_auth
= VNC_PRIMARY_AUTH_VENCRYPT
;
508 *qmp_has_vencrypt
= true;
510 case VNC_AUTH_VENCRYPT_PLAIN
:
511 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_PLAIN
;
513 case VNC_AUTH_VENCRYPT_TLSNONE
:
514 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_TLS_NONE
;
516 case VNC_AUTH_VENCRYPT_TLSVNC
:
517 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_TLS_VNC
;
519 case VNC_AUTH_VENCRYPT_TLSPLAIN
:
520 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN
;
522 case VNC_AUTH_VENCRYPT_X509NONE
:
523 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_X509_NONE
;
525 case VNC_AUTH_VENCRYPT_X509VNC
:
526 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_X509_VNC
;
528 case VNC_AUTH_VENCRYPT_X509PLAIN
:
529 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_X509_PLAIN
;
531 case VNC_AUTH_VENCRYPT_TLSSASL
:
532 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_TLS_SASL
;
534 case VNC_AUTH_VENCRYPT_X509SASL
:
535 *qmp_vencrypt
= VNC_VENCRYPT_SUB_AUTH_X509_SASL
;
538 *qmp_has_vencrypt
= false;
543 *qmp_auth
= VNC_PRIMARY_AUTH_SASL
;
547 *qmp_auth
= VNC_PRIMARY_AUTH_NONE
;
552 VncInfo2List
*qmp_query_vnc_servers(Error
**errp
)
554 VncInfo2List
*item
, *prev
= NULL
;
560 QTAILQ_FOREACH(vd
, &vnc_displays
, next
) {
561 info
= g_new0(VncInfo2
, 1);
562 info
->id
= g_strdup(vd
->id
);
563 info
->clients
= qmp_query_client_list(vd
);
564 qmp_query_auth(vd
->auth
, vd
->subauth
, &info
->auth
,
565 &info
->vencrypt
, &info
->has_vencrypt
);
567 dev
= DEVICE(object_property_get_link(OBJECT(vd
->dcl
.con
),
569 info
->has_display
= true;
570 info
->display
= g_strdup(dev
->id
);
572 for (i
= 0; vd
->listener
!= NULL
&& i
< vd
->listener
->nsioc
; i
++) {
573 info
->server
= qmp_query_server_entry(
574 vd
->listener
->sioc
[i
], false, vd
->auth
, vd
->subauth
,
577 for (i
= 0; vd
->wslistener
!= NULL
&& i
< vd
->wslistener
->nsioc
; i
++) {
578 info
->server
= qmp_query_server_entry(
579 vd
->wslistener
->sioc
[i
], true, vd
->ws_auth
,
580 vd
->ws_subauth
, info
->server
);
583 item
= g_new0(VncInfo2List
, 1);
592 1) Get the queue working for IO.
593 2) there is some weirdness when using the -S option (the screen is grey
594 and not totally invalidated
595 3) resolutions > 1024
598 static int vnc_update_client(VncState
*vs
, int has_dirty
);
599 static void vnc_disconnect_start(VncState
*vs
);
601 static void vnc_colordepth(VncState
*vs
);
602 static void framebuffer_update_request(VncState
*vs
, int incremental
,
603 int x_position
, int y_position
,
605 static void vnc_refresh(DisplayChangeListener
*dcl
);
606 static int vnc_refresh_server_surface(VncDisplay
*vd
);
608 static int vnc_width(VncDisplay
*vd
)
610 return MIN(VNC_MAX_WIDTH
, ROUND_UP(surface_width(vd
->ds
),
611 VNC_DIRTY_PIXELS_PER_BIT
));
614 static int vnc_height(VncDisplay
*vd
)
616 return MIN(VNC_MAX_HEIGHT
, surface_height(vd
->ds
));
619 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty
[VNC_MAX_HEIGHT
],
620 VNC_MAX_WIDTH
/ VNC_DIRTY_PIXELS_PER_BIT
),
622 int x
, int y
, int w
, int h
)
624 int width
= vnc_width(vd
);
625 int height
= vnc_height(vd
);
627 /* this is needed this to ensure we updated all affected
628 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */
629 w
+= (x
% VNC_DIRTY_PIXELS_PER_BIT
);
630 x
-= (x
% VNC_DIRTY_PIXELS_PER_BIT
);
634 w
= MIN(x
+ w
, width
) - x
;
635 h
= MIN(y
+ h
, height
);
638 bitmap_set(dirty
[y
], x
/ VNC_DIRTY_PIXELS_PER_BIT
,
639 DIV_ROUND_UP(w
, VNC_DIRTY_PIXELS_PER_BIT
));
643 static void vnc_dpy_update(DisplayChangeListener
*dcl
,
644 int x
, int y
, int w
, int h
)
646 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
647 struct VncSurface
*s
= &vd
->guest
;
649 vnc_set_area_dirty(s
->dirty
, vd
, x
, y
, w
, h
);
652 void vnc_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
,
655 vnc_write_u16(vs
, x
);
656 vnc_write_u16(vs
, y
);
657 vnc_write_u16(vs
, w
);
658 vnc_write_u16(vs
, h
);
660 vnc_write_s32(vs
, encoding
);
664 static void vnc_desktop_resize(VncState
*vs
)
666 if (vs
->ioc
== NULL
|| !vnc_has_feature(vs
, VNC_FEATURE_RESIZE
)) {
669 if (vs
->client_width
== pixman_image_get_width(vs
->vd
->server
) &&
670 vs
->client_height
== pixman_image_get_height(vs
->vd
->server
)) {
674 assert(pixman_image_get_width(vs
->vd
->server
) < 65536 &&
675 pixman_image_get_width(vs
->vd
->server
) >= 0);
676 assert(pixman_image_get_height(vs
->vd
->server
) < 65536 &&
677 pixman_image_get_height(vs
->vd
->server
) >= 0);
678 vs
->client_width
= pixman_image_get_width(vs
->vd
->server
);
679 vs
->client_height
= pixman_image_get_height(vs
->vd
->server
);
681 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
683 vnc_write_u16(vs
, 1); /* number of rects */
684 vnc_framebuffer_update(vs
, 0, 0, vs
->client_width
, vs
->client_height
,
685 VNC_ENCODING_DESKTOPRESIZE
);
686 vnc_unlock_output(vs
);
690 static void vnc_abort_display_jobs(VncDisplay
*vd
)
694 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
697 vnc_unlock_output(vs
);
699 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
702 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
705 vnc_unlock_output(vs
);
709 int vnc_server_fb_stride(VncDisplay
*vd
)
711 return pixman_image_get_stride(vd
->server
);
714 void *vnc_server_fb_ptr(VncDisplay
*vd
, int x
, int y
)
718 ptr
= (uint8_t *)pixman_image_get_data(vd
->server
);
719 ptr
+= y
* vnc_server_fb_stride(vd
);
720 ptr
+= x
* VNC_SERVER_FB_BYTES
;
724 static void vnc_update_server_surface(VncDisplay
*vd
)
728 qemu_pixman_image_unref(vd
->server
);
731 if (QTAILQ_EMPTY(&vd
->clients
)) {
735 width
= vnc_width(vd
);
736 height
= vnc_height(vd
);
737 vd
->server
= pixman_image_create_bits(VNC_SERVER_FB_FORMAT
,
741 memset(vd
->guest
.dirty
, 0x00, sizeof(vd
->guest
.dirty
));
742 vnc_set_area_dirty(vd
->guest
.dirty
, vd
, 0, 0,
746 static void vnc_dpy_switch(DisplayChangeListener
*dcl
,
747 DisplaySurface
*surface
)
749 static const char placeholder_msg
[] =
750 "Display output is not active.";
751 static DisplaySurface
*placeholder
;
752 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
755 if (surface
== NULL
) {
756 if (placeholder
== NULL
) {
757 placeholder
= qemu_create_message_surface(640, 480, placeholder_msg
);
759 surface
= placeholder
;
762 vnc_abort_display_jobs(vd
);
766 vnc_update_server_surface(vd
);
769 qemu_pixman_image_unref(vd
->guest
.fb
);
770 vd
->guest
.fb
= pixman_image_ref(surface
->image
);
771 vd
->guest
.format
= surface
->format
;
773 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
775 vnc_desktop_resize(vs
);
776 if (vs
->vd
->cursor
) {
777 vnc_cursor_define(vs
);
779 memset(vs
->dirty
, 0x00, sizeof(vs
->dirty
));
780 vnc_set_area_dirty(vs
->dirty
, vd
, 0, 0,
783 vnc_update_throttle_offset(vs
);
788 static void vnc_write_pixels_copy(VncState
*vs
,
789 void *pixels
, int size
)
791 vnc_write(vs
, pixels
, size
);
794 /* slowest but generic code. */
795 void vnc_convert_pixel(VncState
*vs
, uint8_t *buf
, uint32_t v
)
799 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
800 r
= (((v
& 0x00ff0000) >> 16) << vs
->client_pf
.rbits
) >> 8;
801 g
= (((v
& 0x0000ff00) >> 8) << vs
->client_pf
.gbits
) >> 8;
802 b
= (((v
& 0x000000ff) >> 0) << vs
->client_pf
.bbits
) >> 8;
804 # error need some bits here if you change VNC_SERVER_FB_FORMAT
806 v
= (r
<< vs
->client_pf
.rshift
) |
807 (g
<< vs
->client_pf
.gshift
) |
808 (b
<< vs
->client_pf
.bshift
);
809 switch (vs
->client_pf
.bytes_per_pixel
) {
839 static void vnc_write_pixels_generic(VncState
*vs
,
840 void *pixels1
, int size
)
844 if (VNC_SERVER_FB_BYTES
== 4) {
845 uint32_t *pixels
= pixels1
;
848 for (i
= 0; i
< n
; i
++) {
849 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
850 vnc_write(vs
, buf
, vs
->client_pf
.bytes_per_pixel
);
855 int vnc_raw_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
859 VncDisplay
*vd
= vs
->vd
;
861 row
= vnc_server_fb_ptr(vd
, x
, y
);
862 for (i
= 0; i
< h
; i
++) {
863 vs
->write_pixels(vs
, row
, w
* VNC_SERVER_FB_BYTES
);
864 row
+= vnc_server_fb_stride(vd
);
869 int vnc_send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
872 bool encode_raw
= false;
873 size_t saved_offs
= vs
->output
.offset
;
875 switch(vs
->vnc_encoding
) {
876 case VNC_ENCODING_ZLIB
:
877 n
= vnc_zlib_send_framebuffer_update(vs
, x
, y
, w
, h
);
879 case VNC_ENCODING_HEXTILE
:
880 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_HEXTILE
);
881 n
= vnc_hextile_send_framebuffer_update(vs
, x
, y
, w
, h
);
883 case VNC_ENCODING_TIGHT
:
884 n
= vnc_tight_send_framebuffer_update(vs
, x
, y
, w
, h
);
886 case VNC_ENCODING_TIGHT_PNG
:
887 n
= vnc_tight_png_send_framebuffer_update(vs
, x
, y
, w
, h
);
889 case VNC_ENCODING_ZRLE
:
890 n
= vnc_zrle_send_framebuffer_update(vs
, x
, y
, w
, h
);
892 case VNC_ENCODING_ZYWRLE
:
893 n
= vnc_zywrle_send_framebuffer_update(vs
, x
, y
, w
, h
);
900 /* If the client has the same pixel format as our internal buffer and
901 * a RAW encoding would need less space fall back to RAW encoding to
902 * save bandwidth and processing power in the client. */
903 if (!encode_raw
&& vs
->write_pixels
== vnc_write_pixels_copy
&&
904 12 + h
* w
* VNC_SERVER_FB_BYTES
<= (vs
->output
.offset
- saved_offs
)) {
905 vs
->output
.offset
= saved_offs
;
910 vnc_framebuffer_update(vs
, x
, y
, w
, h
, VNC_ENCODING_RAW
);
911 n
= vnc_raw_send_framebuffer_update(vs
, x
, y
, w
, h
);
917 static void vnc_mouse_set(DisplayChangeListener
*dcl
,
918 int x
, int y
, int visible
)
920 /* can we ask the client(s) to move the pointer ??? */
923 static int vnc_cursor_define(VncState
*vs
)
925 QEMUCursor
*c
= vs
->vd
->cursor
;
928 if (vnc_has_feature(vs
, VNC_FEATURE_RICH_CURSOR
)) {
930 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
931 vnc_write_u8(vs
, 0); /* padding */
932 vnc_write_u16(vs
, 1); /* # of rects */
933 vnc_framebuffer_update(vs
, c
->hot_x
, c
->hot_y
, c
->width
, c
->height
,
934 VNC_ENCODING_RICH_CURSOR
);
935 isize
= c
->width
* c
->height
* vs
->client_pf
.bytes_per_pixel
;
936 vnc_write_pixels_generic(vs
, c
->data
, isize
);
937 vnc_write(vs
, vs
->vd
->cursor_mask
, vs
->vd
->cursor_msize
);
938 vnc_unlock_output(vs
);
944 static void vnc_dpy_cursor_define(DisplayChangeListener
*dcl
,
947 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
950 cursor_put(vd
->cursor
);
951 g_free(vd
->cursor_mask
);
954 cursor_get(vd
->cursor
);
955 vd
->cursor_msize
= cursor_get_mono_bpl(c
) * c
->height
;
956 vd
->cursor_mask
= g_malloc0(vd
->cursor_msize
);
957 cursor_get_mono_mask(c
, 0, vd
->cursor_mask
);
959 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
960 vnc_cursor_define(vs
);
964 static int find_and_clear_dirty_height(VncState
*vs
,
965 int y
, int last_x
, int x
, int height
)
969 for (h
= 1; h
< (height
- y
); h
++) {
970 if (!test_bit(last_x
, vs
->dirty
[y
+ h
])) {
973 bitmap_clear(vs
->dirty
[y
+ h
], last_x
, x
- last_x
);
980 * Figure out how much pending data we should allow in the output
981 * buffer before we throttle incremental display updates, and/or
982 * drop audio samples.
984 * We allow for equiv of 1 full display's worth of FB updates,
985 * and 1 second of audio samples. If audio backlog was larger
986 * than that the client would already suffering awful audio
987 * glitches, so dropping samples is no worse really).
989 static void vnc_update_throttle_offset(VncState
*vs
)
992 vs
->client_width
* vs
->client_height
* vs
->client_pf
.bytes_per_pixel
;
996 switch (vs
->as
.fmt
) {
1011 offset
+= vs
->as
.freq
* bps
* vs
->as
.nchannels
;
1014 /* Put a floor of 1MB on offset, so that if we have a large pending
1015 * buffer and the display is resized to a small size & back again
1016 * we don't suddenly apply a tiny send limit
1018 offset
= MAX(offset
, 1024 * 1024);
1020 if (vs
->throttle_output_offset
!= offset
) {
1021 trace_vnc_client_throttle_threshold(
1022 vs
, vs
->ioc
, vs
->throttle_output_offset
, offset
, vs
->client_width
,
1023 vs
->client_height
, vs
->client_pf
.bytes_per_pixel
, vs
->audio_cap
);
1026 vs
->throttle_output_offset
= offset
;
1029 static bool vnc_should_update(VncState
*vs
)
1031 switch (vs
->update
) {
1032 case VNC_STATE_UPDATE_NONE
:
1034 case VNC_STATE_UPDATE_INCREMENTAL
:
1035 /* Only allow incremental updates if the pending send queue
1036 * is less than the permitted threshold, and the job worker
1037 * is completely idle.
1039 if (vs
->output
.offset
< vs
->throttle_output_offset
&&
1040 vs
->job_update
== VNC_STATE_UPDATE_NONE
) {
1043 trace_vnc_client_throttle_incremental(
1044 vs
, vs
->ioc
, vs
->job_update
, vs
->output
.offset
);
1046 case VNC_STATE_UPDATE_FORCE
:
1047 /* Only allow forced updates if the pending send queue
1048 * does not contain a previous forced update, and the
1049 * job worker is completely idle.
1051 * Note this means we'll queue a forced update, even if
1052 * the output buffer size is otherwise over the throttle
1055 if (vs
->force_update_offset
== 0 &&
1056 vs
->job_update
== VNC_STATE_UPDATE_NONE
) {
1059 trace_vnc_client_throttle_forced(
1060 vs
, vs
->ioc
, vs
->job_update
, vs
->force_update_offset
);
1066 static int vnc_update_client(VncState
*vs
, int has_dirty
)
1068 VncDisplay
*vd
= vs
->vd
;
1074 if (vs
->disconnecting
) {
1075 vnc_disconnect_finish(vs
);
1079 vs
->has_dirty
+= has_dirty
;
1080 if (!vnc_should_update(vs
)) {
1084 if (!vs
->has_dirty
&& vs
->update
!= VNC_STATE_UPDATE_FORCE
) {
1089 * Send screen updates to the vnc client using the server
1090 * surface and server dirty map. guest surface updates
1091 * happening in parallel don't disturb us, the next pass will
1092 * send them to the client.
1094 job
= vnc_job_new(vs
);
1096 height
= pixman_image_get_height(vd
->server
);
1097 width
= pixman_image_get_width(vd
->server
);
1103 unsigned long offset
= find_next_bit((unsigned long *) &vs
->dirty
,
1104 height
* VNC_DIRTY_BPL(vs
),
1105 y
* VNC_DIRTY_BPL(vs
));
1106 if (offset
== height
* VNC_DIRTY_BPL(vs
)) {
1107 /* no more dirty bits */
1110 y
= offset
/ VNC_DIRTY_BPL(vs
);
1111 x
= offset
% VNC_DIRTY_BPL(vs
);
1112 x2
= find_next_zero_bit((unsigned long *) &vs
->dirty
[y
],
1113 VNC_DIRTY_BPL(vs
), x
);
1114 bitmap_clear(vs
->dirty
[y
], x
, x2
- x
);
1115 h
= find_and_clear_dirty_height(vs
, y
, x
, x2
, height
);
1116 x2
= MIN(x2
, width
/ VNC_DIRTY_PIXELS_PER_BIT
);
1118 n
+= vnc_job_add_rect(job
, x
* VNC_DIRTY_PIXELS_PER_BIT
, y
,
1119 (x2
- x
) * VNC_DIRTY_PIXELS_PER_BIT
, h
);
1121 if (!x
&& x2
== width
/ VNC_DIRTY_PIXELS_PER_BIT
) {
1129 vs
->job_update
= vs
->update
;
1130 vs
->update
= VNC_STATE_UPDATE_NONE
;
1137 static void audio_capture_notify(void *opaque
, audcnotification_e cmd
)
1139 VncState
*vs
= opaque
;
1141 assert(vs
->magic
== VNC_MAGIC
);
1143 case AUD_CNOTIFY_DISABLE
:
1144 vnc_lock_output(vs
);
1145 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
1146 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
1147 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_END
);
1148 vnc_unlock_output(vs
);
1152 case AUD_CNOTIFY_ENABLE
:
1153 vnc_lock_output(vs
);
1154 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
1155 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
1156 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN
);
1157 vnc_unlock_output(vs
);
1163 static void audio_capture_destroy(void *opaque
)
1167 static void audio_capture(void *opaque
, void *buf
, int size
)
1169 VncState
*vs
= opaque
;
1171 assert(vs
->magic
== VNC_MAGIC
);
1172 vnc_lock_output(vs
);
1173 if (vs
->output
.offset
< vs
->throttle_output_offset
) {
1174 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU
);
1175 vnc_write_u8(vs
, VNC_MSG_SERVER_QEMU_AUDIO
);
1176 vnc_write_u16(vs
, VNC_MSG_SERVER_QEMU_AUDIO_DATA
);
1177 vnc_write_u32(vs
, size
);
1178 vnc_write(vs
, buf
, size
);
1180 trace_vnc_client_throttle_audio(vs
, vs
->ioc
, vs
->output
.offset
);
1182 vnc_unlock_output(vs
);
1186 static void audio_add(VncState
*vs
)
1188 struct audio_capture_ops ops
;
1190 if (vs
->audio_cap
) {
1191 error_report("audio already running");
1195 ops
.notify
= audio_capture_notify
;
1196 ops
.destroy
= audio_capture_destroy
;
1197 ops
.capture
= audio_capture
;
1199 vs
->audio_cap
= AUD_add_capture(&vs
->as
, &ops
, vs
);
1200 if (!vs
->audio_cap
) {
1201 error_report("Failed to add audio capture");
1205 static void audio_del(VncState
*vs
)
1207 if (vs
->audio_cap
) {
1208 AUD_del_capture(vs
->audio_cap
, vs
);
1209 vs
->audio_cap
= NULL
;
1213 static void vnc_disconnect_start(VncState
*vs
)
1215 if (vs
->disconnecting
) {
1218 trace_vnc_client_disconnect_start(vs
, vs
->ioc
);
1219 vnc_set_share_mode(vs
, VNC_SHARE_MODE_DISCONNECTED
);
1221 g_source_remove(vs
->ioc_tag
);
1224 qio_channel_close(vs
->ioc
, NULL
);
1225 vs
->disconnecting
= TRUE
;
1228 void vnc_disconnect_finish(VncState
*vs
)
1232 trace_vnc_client_disconnect_finish(vs
, vs
->ioc
);
1234 vnc_jobs_join(vs
); /* Wait encoding jobs */
1236 vnc_lock_output(vs
);
1237 vnc_qmp_event(vs
, QAPI_EVENT_VNC_DISCONNECTED
);
1239 buffer_free(&vs
->input
);
1240 buffer_free(&vs
->output
);
1242 qapi_free_VncClientInfo(vs
->info
);
1245 vnc_tight_clear(vs
);
1248 #ifdef CONFIG_VNC_SASL
1249 vnc_sasl_client_cleanup(vs
);
1250 #endif /* CONFIG_VNC_SASL */
1252 vnc_release_modifiers(vs
);
1254 if (vs
->mouse_mode_notifier
.notify
!= NULL
) {
1255 qemu_remove_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
1257 QTAILQ_REMOVE(&vs
->vd
->clients
, vs
, next
);
1258 if (QTAILQ_EMPTY(&vs
->vd
->clients
)) {
1259 /* last client gone */
1260 vnc_update_server_surface(vs
->vd
);
1263 vnc_unlock_output(vs
);
1265 qemu_mutex_destroy(&vs
->output_mutex
);
1266 if (vs
->bh
!= NULL
) {
1267 qemu_bh_delete(vs
->bh
);
1269 buffer_free(&vs
->jobs_buffer
);
1271 for (i
= 0; i
< VNC_STAT_ROWS
; ++i
) {
1272 g_free(vs
->lossy_rect
[i
]);
1274 g_free(vs
->lossy_rect
);
1276 object_unref(OBJECT(vs
->ioc
));
1278 object_unref(OBJECT(vs
->sioc
));
1284 size_t vnc_client_io_error(VncState
*vs
, ssize_t ret
, Error
**errp
)
1288 trace_vnc_client_eof(vs
, vs
->ioc
);
1289 vnc_disconnect_start(vs
);
1290 } else if (ret
!= QIO_CHANNEL_ERR_BLOCK
) {
1291 trace_vnc_client_io_error(vs
, vs
->ioc
,
1292 errp
? error_get_pretty(*errp
) :
1294 vnc_disconnect_start(vs
);
1307 void vnc_client_error(VncState
*vs
)
1309 VNC_DEBUG("Closing down client sock: protocol error\n");
1310 vnc_disconnect_start(vs
);
1315 * Called to write a chunk of data to the client socket. The data may
1316 * be the raw data, or may have already been encoded by SASL.
1317 * The data will be written either straight onto the socket, or
1318 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1320 * NB, it is theoretically possible to have 2 layers of encryption,
1321 * both SASL, and this TLS layer. It is highly unlikely in practice
1322 * though, since SASL encryption will typically be a no-op if TLS
1325 * Returns the number of bytes written, which may be less than
1326 * the requested 'datalen' if the socket would block. Returns
1327 * 0 on I/O error, and disconnects the client socket.
1329 size_t vnc_client_write_buf(VncState
*vs
, const uint8_t *data
, size_t datalen
)
1333 ret
= qio_channel_write(
1334 vs
->ioc
, (const char *)data
, datalen
, &err
);
1335 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data
, datalen
, ret
);
1336 return vnc_client_io_error(vs
, ret
, &err
);
1341 * Called to write buffered data to the client socket, when not
1342 * using any SASL SSF encryption layers. Will write as much data
1343 * as possible without blocking. If all buffered data is written,
1344 * will switch the FD poll() handler back to read monitoring.
1346 * Returns the number of bytes written, which may be less than
1347 * the buffered output data if the socket would block. Returns
1348 * 0 on I/O error, and disconnects the client socket.
1350 static size_t vnc_client_write_plain(VncState
*vs
)
1355 #ifdef CONFIG_VNC_SASL
1356 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1357 vs
->output
.buffer
, vs
->output
.capacity
, vs
->output
.offset
,
1358 vs
->sasl
.waitWriteSSF
);
1360 if (vs
->sasl
.conn
&&
1362 vs
->sasl
.waitWriteSSF
) {
1363 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->sasl
.waitWriteSSF
);
1365 vs
->sasl
.waitWriteSSF
-= ret
;
1367 #endif /* CONFIG_VNC_SASL */
1368 ret
= vnc_client_write_buf(vs
, vs
->output
.buffer
, vs
->output
.offset
);
1372 if (ret
>= vs
->force_update_offset
) {
1373 if (vs
->force_update_offset
!= 0) {
1374 trace_vnc_client_unthrottle_forced(vs
, vs
->ioc
);
1376 vs
->force_update_offset
= 0;
1378 vs
->force_update_offset
-= ret
;
1380 offset
= vs
->output
.offset
;
1381 buffer_advance(&vs
->output
, ret
);
1382 if (offset
>= vs
->throttle_output_offset
&&
1383 vs
->output
.offset
< vs
->throttle_output_offset
) {
1384 trace_vnc_client_unthrottle_incremental(vs
, vs
->ioc
, vs
->output
.offset
);
1387 if (vs
->output
.offset
== 0) {
1389 g_source_remove(vs
->ioc_tag
);
1391 vs
->ioc_tag
= qio_channel_add_watch(
1392 vs
->ioc
, G_IO_IN
, vnc_client_io
, vs
, NULL
);
1400 * First function called whenever there is data to be written to
1401 * the client socket. Will delegate actual work according to whether
1402 * SASL SSF layers are enabled (thus requiring encryption calls)
1404 static void vnc_client_write_locked(VncState
*vs
)
1406 #ifdef CONFIG_VNC_SASL
1407 if (vs
->sasl
.conn
&&
1409 !vs
->sasl
.waitWriteSSF
) {
1410 vnc_client_write_sasl(vs
);
1412 #endif /* CONFIG_VNC_SASL */
1414 vnc_client_write_plain(vs
);
1418 static void vnc_client_write(VncState
*vs
)
1420 assert(vs
->magic
== VNC_MAGIC
);
1421 vnc_lock_output(vs
);
1422 if (vs
->output
.offset
) {
1423 vnc_client_write_locked(vs
);
1424 } else if (vs
->ioc
!= NULL
) {
1426 g_source_remove(vs
->ioc_tag
);
1428 vs
->ioc_tag
= qio_channel_add_watch(
1429 vs
->ioc
, G_IO_IN
, vnc_client_io
, vs
, NULL
);
1431 vnc_unlock_output(vs
);
1434 void vnc_read_when(VncState
*vs
, VncReadEvent
*func
, size_t expecting
)
1436 vs
->read_handler
= func
;
1437 vs
->read_handler_expect
= expecting
;
1442 * Called to read a chunk of data from the client socket. The data may
1443 * be the raw data, or may need to be further decoded by SASL.
1444 * The data will be read either straight from to the socket, or
1445 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1447 * NB, it is theoretically possible to have 2 layers of encryption,
1448 * both SASL, and this TLS layer. It is highly unlikely in practice
1449 * though, since SASL encryption will typically be a no-op if TLS
1452 * Returns the number of bytes read, which may be less than
1453 * the requested 'datalen' if the socket would block. Returns
1454 * 0 on I/O error or EOF, and disconnects the client socket.
1456 size_t vnc_client_read_buf(VncState
*vs
, uint8_t *data
, size_t datalen
)
1460 ret
= qio_channel_read(
1461 vs
->ioc
, (char *)data
, datalen
, &err
);
1462 VNC_DEBUG("Read wire %p %zd -> %ld\n", data
, datalen
, ret
);
1463 return vnc_client_io_error(vs
, ret
, &err
);
1468 * Called to read data from the client socket to the input buffer,
1469 * when not using any SASL SSF encryption layers. Will read as much
1470 * data as possible without blocking.
1472 * Returns the number of bytes read, which may be less than
1473 * the requested 'datalen' if the socket would block. Returns
1474 * 0 on I/O error or EOF, and disconnects the client socket.
1476 static size_t vnc_client_read_plain(VncState
*vs
)
1479 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1480 vs
->input
.buffer
, vs
->input
.capacity
, vs
->input
.offset
);
1481 buffer_reserve(&vs
->input
, 4096);
1482 ret
= vnc_client_read_buf(vs
, buffer_end(&vs
->input
), 4096);
1485 vs
->input
.offset
+= ret
;
1489 static void vnc_jobs_bh(void *opaque
)
1491 VncState
*vs
= opaque
;
1493 assert(vs
->magic
== VNC_MAGIC
);
1494 vnc_jobs_consume_buffer(vs
);
1498 * First function called whenever there is more data to be read from
1499 * the client socket. Will delegate actual work according to whether
1500 * SASL SSF layers are enabled (thus requiring decryption calls)
1501 * Returns 0 on success, -1 if client disconnected
1503 static int vnc_client_read(VncState
*vs
)
1507 #ifdef CONFIG_VNC_SASL
1508 if (vs
->sasl
.conn
&& vs
->sasl
.runSSF
)
1509 ret
= vnc_client_read_sasl(vs
);
1511 #endif /* CONFIG_VNC_SASL */
1512 ret
= vnc_client_read_plain(vs
);
1514 if (vs
->disconnecting
) {
1515 vnc_disconnect_finish(vs
);
1521 while (vs
->read_handler
&& vs
->input
.offset
>= vs
->read_handler_expect
) {
1522 size_t len
= vs
->read_handler_expect
;
1525 ret
= vs
->read_handler(vs
, vs
->input
.buffer
, len
);
1526 if (vs
->disconnecting
) {
1527 vnc_disconnect_finish(vs
);
1532 buffer_advance(&vs
->input
, len
);
1534 vs
->read_handler_expect
= ret
;
1540 gboolean
vnc_client_io(QIOChannel
*ioc G_GNUC_UNUSED
,
1541 GIOCondition condition
, void *opaque
)
1543 VncState
*vs
= opaque
;
1545 assert(vs
->magic
== VNC_MAGIC
);
1546 if (condition
& G_IO_IN
) {
1547 if (vnc_client_read(vs
) < 0) {
1548 /* vs is free()ed here */
1552 if (condition
& G_IO_OUT
) {
1553 vnc_client_write(vs
);
1556 if (vs
->disconnecting
) {
1557 if (vs
->ioc_tag
!= 0) {
1558 g_source_remove(vs
->ioc_tag
);
1567 * Scale factor to apply to vs->throttle_output_offset when checking for
1568 * hard limit. Worst case normal usage could be x2, if we have a complete
1569 * incremental update and complete forced update in the output buffer.
1570 * So x3 should be good enough, but we pick x5 to be conservative and thus
1571 * (hopefully) never trigger incorrectly.
1573 #define VNC_THROTTLE_OUTPUT_LIMIT_SCALE 5
1575 void vnc_write(VncState
*vs
, const void *data
, size_t len
)
1577 assert(vs
->magic
== VNC_MAGIC
);
1578 if (vs
->disconnecting
) {
1581 /* Protection against malicious client/guest to prevent our output
1582 * buffer growing without bound if client stops reading data. This
1583 * should rarely trigger, because we have earlier throttling code
1584 * which stops issuing framebuffer updates and drops audio data
1585 * if the throttle_output_offset value is exceeded. So we only reach
1586 * this higher level if a huge number of pseudo-encodings get
1587 * triggered while data can't be sent on the socket.
1589 * NB throttle_output_offset can be zero during early protocol
1590 * handshake, or from the job thread's VncState clone
1592 if (vs
->throttle_output_offset
!= 0 &&
1593 (vs
->output
.offset
/ VNC_THROTTLE_OUTPUT_LIMIT_SCALE
) >
1594 vs
->throttle_output_offset
) {
1595 trace_vnc_client_output_limit(vs
, vs
->ioc
, vs
->output
.offset
,
1596 vs
->throttle_output_offset
);
1597 vnc_disconnect_start(vs
);
1600 buffer_reserve(&vs
->output
, len
);
1602 if (vs
->ioc
!= NULL
&& buffer_empty(&vs
->output
)) {
1604 g_source_remove(vs
->ioc_tag
);
1606 vs
->ioc_tag
= qio_channel_add_watch(
1607 vs
->ioc
, G_IO_IN
| G_IO_OUT
, vnc_client_io
, vs
, NULL
);
1610 buffer_append(&vs
->output
, data
, len
);
1613 void vnc_write_s32(VncState
*vs
, int32_t value
)
1615 vnc_write_u32(vs
, *(uint32_t *)&value
);
1618 void vnc_write_u32(VncState
*vs
, uint32_t value
)
1622 buf
[0] = (value
>> 24) & 0xFF;
1623 buf
[1] = (value
>> 16) & 0xFF;
1624 buf
[2] = (value
>> 8) & 0xFF;
1625 buf
[3] = value
& 0xFF;
1627 vnc_write(vs
, buf
, 4);
1630 void vnc_write_u16(VncState
*vs
, uint16_t value
)
1634 buf
[0] = (value
>> 8) & 0xFF;
1635 buf
[1] = value
& 0xFF;
1637 vnc_write(vs
, buf
, 2);
1640 void vnc_write_u8(VncState
*vs
, uint8_t value
)
1642 vnc_write(vs
, (char *)&value
, 1);
1645 void vnc_flush(VncState
*vs
)
1647 vnc_lock_output(vs
);
1648 if (vs
->ioc
!= NULL
&& vs
->output
.offset
) {
1649 vnc_client_write_locked(vs
);
1651 if (vs
->disconnecting
) {
1652 if (vs
->ioc_tag
!= 0) {
1653 g_source_remove(vs
->ioc_tag
);
1657 vnc_unlock_output(vs
);
1660 static uint8_t read_u8(uint8_t *data
, size_t offset
)
1662 return data
[offset
];
1665 static uint16_t read_u16(uint8_t *data
, size_t offset
)
1667 return ((data
[offset
] & 0xFF) << 8) | (data
[offset
+ 1] & 0xFF);
1670 static int32_t read_s32(uint8_t *data
, size_t offset
)
1672 return (int32_t)((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1673 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1676 uint32_t read_u32(uint8_t *data
, size_t offset
)
1678 return ((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
1679 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
1682 static void client_cut_text(VncState
*vs
, size_t len
, uint8_t *text
)
1686 static void check_pointer_type_change(Notifier
*notifier
, void *data
)
1688 VncState
*vs
= container_of(notifier
, VncState
, mouse_mode_notifier
);
1689 int absolute
= qemu_input_is_absolute();
1691 if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
) && vs
->absolute
!= absolute
) {
1692 vnc_lock_output(vs
);
1693 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1694 vnc_write_u8(vs
, 0);
1695 vnc_write_u16(vs
, 1);
1696 vnc_framebuffer_update(vs
, absolute
, 0,
1697 pixman_image_get_width(vs
->vd
->server
),
1698 pixman_image_get_height(vs
->vd
->server
),
1699 VNC_ENCODING_POINTER_TYPE_CHANGE
);
1700 vnc_unlock_output(vs
);
1703 vs
->absolute
= absolute
;
1706 static void pointer_event(VncState
*vs
, int button_mask
, int x
, int y
)
1708 static uint32_t bmap
[INPUT_BUTTON__MAX
] = {
1709 [INPUT_BUTTON_LEFT
] = 0x01,
1710 [INPUT_BUTTON_MIDDLE
] = 0x02,
1711 [INPUT_BUTTON_RIGHT
] = 0x04,
1712 [INPUT_BUTTON_WHEEL_UP
] = 0x08,
1713 [INPUT_BUTTON_WHEEL_DOWN
] = 0x10,
1715 QemuConsole
*con
= vs
->vd
->dcl
.con
;
1716 int width
= pixman_image_get_width(vs
->vd
->server
);
1717 int height
= pixman_image_get_height(vs
->vd
->server
);
1719 if (vs
->last_bmask
!= button_mask
) {
1720 qemu_input_update_buttons(con
, bmap
, vs
->last_bmask
, button_mask
);
1721 vs
->last_bmask
= button_mask
;
1725 qemu_input_queue_abs(con
, INPUT_AXIS_X
, x
, 0, width
);
1726 qemu_input_queue_abs(con
, INPUT_AXIS_Y
, y
, 0, height
);
1727 } else if (vnc_has_feature(vs
, VNC_FEATURE_POINTER_TYPE_CHANGE
)) {
1728 qemu_input_queue_rel(con
, INPUT_AXIS_X
, x
- 0x7FFF);
1729 qemu_input_queue_rel(con
, INPUT_AXIS_Y
, y
- 0x7FFF);
1731 if (vs
->last_x
!= -1) {
1732 qemu_input_queue_rel(con
, INPUT_AXIS_X
, x
- vs
->last_x
);
1733 qemu_input_queue_rel(con
, INPUT_AXIS_Y
, y
- vs
->last_y
);
1738 qemu_input_event_sync();
1741 static void reset_keys(VncState
*vs
)
1744 for(i
= 0; i
< 256; i
++) {
1745 if (vs
->modifiers_state
[i
]) {
1746 qemu_input_event_send_key_number(vs
->vd
->dcl
.con
, i
, false);
1747 qemu_input_event_send_key_delay(vs
->vd
->key_delay_ms
);
1748 vs
->modifiers_state
[i
] = 0;
1753 static void press_key(VncState
*vs
, int keysym
)
1755 int keycode
= keysym2scancode(vs
->vd
->kbd_layout
, keysym
,
1756 false, false, false) & SCANCODE_KEYMASK
;
1757 qemu_input_event_send_key_number(vs
->vd
->dcl
.con
, keycode
, true);
1758 qemu_input_event_send_key_delay(vs
->vd
->key_delay_ms
);
1759 qemu_input_event_send_key_number(vs
->vd
->dcl
.con
, keycode
, false);
1760 qemu_input_event_send_key_delay(vs
->vd
->key_delay_ms
);
1763 static void vnc_led_state_change(VncState
*vs
)
1765 if (!vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
)) {
1769 vnc_lock_output(vs
);
1770 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
1771 vnc_write_u8(vs
, 0);
1772 vnc_write_u16(vs
, 1);
1773 vnc_framebuffer_update(vs
, 0, 0, 1, 1, VNC_ENCODING_LED_STATE
);
1774 vnc_write_u8(vs
, vs
->vd
->ledstate
);
1775 vnc_unlock_output(vs
);
1779 static void kbd_leds(void *opaque
, int ledstate
)
1781 VncDisplay
*vd
= opaque
;
1784 trace_vnc_key_guest_leds((ledstate
& QEMU_CAPS_LOCK_LED
),
1785 (ledstate
& QEMU_NUM_LOCK_LED
),
1786 (ledstate
& QEMU_SCROLL_LOCK_LED
));
1788 if (ledstate
== vd
->ledstate
) {
1792 vd
->ledstate
= ledstate
;
1794 QTAILQ_FOREACH(client
, &vd
->clients
, next
) {
1795 vnc_led_state_change(client
);
1799 static void do_key_event(VncState
*vs
, int down
, int keycode
, int sym
)
1801 /* QEMU console switch */
1803 case 0x2a: /* Left Shift */
1804 case 0x36: /* Right Shift */
1805 case 0x1d: /* Left CTRL */
1806 case 0x9d: /* Right CTRL */
1807 case 0x38: /* Left ALT */
1808 case 0xb8: /* Right ALT */
1810 vs
->modifiers_state
[keycode
] = 1;
1812 vs
->modifiers_state
[keycode
] = 0;
1814 case 0x02 ... 0x0a: /* '1' to '9' keys */
1815 if (vs
->vd
->dcl
.con
== NULL
&&
1816 down
&& vs
->modifiers_state
[0x1d] && vs
->modifiers_state
[0x38]) {
1817 /* Reset the modifiers sent to the current console */
1819 console_select(keycode
- 0x02);
1823 case 0x3a: /* CapsLock */
1824 case 0x45: /* NumLock */
1826 vs
->modifiers_state
[keycode
] ^= 1;
1830 /* Turn off the lock state sync logic if the client support the led
1833 if (down
&& vs
->vd
->lock_key_sync
&&
1834 !vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
) &&
1835 keycode_is_keypad(vs
->vd
->kbd_layout
, keycode
)) {
1836 /* If the numlock state needs to change then simulate an additional
1837 keypress before sending this one. This will happen if the user
1838 toggles numlock away from the VNC window.
1840 if (keysym_is_numlock(vs
->vd
->kbd_layout
, sym
& 0xFFFF)) {
1841 if (!vs
->modifiers_state
[0x45]) {
1842 trace_vnc_key_sync_numlock(true);
1843 vs
->modifiers_state
[0x45] = 1;
1844 press_key(vs
, 0xff7f);
1847 if (vs
->modifiers_state
[0x45]) {
1848 trace_vnc_key_sync_numlock(false);
1849 vs
->modifiers_state
[0x45] = 0;
1850 press_key(vs
, 0xff7f);
1855 if (down
&& vs
->vd
->lock_key_sync
&&
1856 !vnc_has_feature(vs
, VNC_FEATURE_LED_STATE
) &&
1857 ((sym
>= 'A' && sym
<= 'Z') || (sym
>= 'a' && sym
<= 'z'))) {
1858 /* If the capslock state needs to change then simulate an additional
1859 keypress before sending this one. This will happen if the user
1860 toggles capslock away from the VNC window.
1862 int uppercase
= !!(sym
>= 'A' && sym
<= 'Z');
1863 int shift
= !!(vs
->modifiers_state
[0x2a] | vs
->modifiers_state
[0x36]);
1864 int capslock
= !!(vs
->modifiers_state
[0x3a]);
1866 if (uppercase
== shift
) {
1867 trace_vnc_key_sync_capslock(false);
1868 vs
->modifiers_state
[0x3a] = 0;
1869 press_key(vs
, 0xffe5);
1872 if (uppercase
!= shift
) {
1873 trace_vnc_key_sync_capslock(true);
1874 vs
->modifiers_state
[0x3a] = 1;
1875 press_key(vs
, 0xffe5);
1880 if (qemu_console_is_graphic(NULL
)) {
1881 qemu_input_event_send_key_number(vs
->vd
->dcl
.con
, keycode
, down
);
1882 qemu_input_event_send_key_delay(vs
->vd
->key_delay_ms
);
1884 bool numlock
= vs
->modifiers_state
[0x45];
1885 bool control
= (vs
->modifiers_state
[0x1d] ||
1886 vs
->modifiers_state
[0x9d]);
1887 /* QEMU console emulation */
1890 case 0x2a: /* Left Shift */
1891 case 0x36: /* Right Shift */
1892 case 0x1d: /* Left CTRL */
1893 case 0x9d: /* Right CTRL */
1894 case 0x38: /* Left ALT */
1895 case 0xb8: /* Right ALT */
1898 kbd_put_keysym(QEMU_KEY_UP
);
1901 kbd_put_keysym(QEMU_KEY_DOWN
);
1904 kbd_put_keysym(QEMU_KEY_LEFT
);
1907 kbd_put_keysym(QEMU_KEY_RIGHT
);
1910 kbd_put_keysym(QEMU_KEY_DELETE
);
1913 kbd_put_keysym(QEMU_KEY_HOME
);
1916 kbd_put_keysym(QEMU_KEY_END
);
1919 kbd_put_keysym(QEMU_KEY_PAGEUP
);
1922 kbd_put_keysym(QEMU_KEY_PAGEDOWN
);
1926 kbd_put_keysym(numlock
? '7' : QEMU_KEY_HOME
);
1929 kbd_put_keysym(numlock
? '8' : QEMU_KEY_UP
);
1932 kbd_put_keysym(numlock
? '9' : QEMU_KEY_PAGEUP
);
1935 kbd_put_keysym(numlock
? '4' : QEMU_KEY_LEFT
);
1938 kbd_put_keysym('5');
1941 kbd_put_keysym(numlock
? '6' : QEMU_KEY_RIGHT
);
1944 kbd_put_keysym(numlock
? '1' : QEMU_KEY_END
);
1947 kbd_put_keysym(numlock
? '2' : QEMU_KEY_DOWN
);
1950 kbd_put_keysym(numlock
? '3' : QEMU_KEY_PAGEDOWN
);
1953 kbd_put_keysym('0');
1956 kbd_put_keysym(numlock
? '.' : QEMU_KEY_DELETE
);
1960 kbd_put_keysym('/');
1963 kbd_put_keysym('*');
1966 kbd_put_keysym('-');
1969 kbd_put_keysym('+');
1972 kbd_put_keysym('\n');
1977 kbd_put_keysym(sym
& 0x1f);
1979 kbd_put_keysym(sym
);
1987 static void vnc_release_modifiers(VncState
*vs
)
1989 static const int keycodes
[] = {
1990 /* shift, control, alt keys, both left & right */
1991 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
1995 if (!qemu_console_is_graphic(NULL
)) {
1998 for (i
= 0; i
< ARRAY_SIZE(keycodes
); i
++) {
1999 keycode
= keycodes
[i
];
2000 if (!vs
->modifiers_state
[keycode
]) {
2003 qemu_input_event_send_key_number(vs
->vd
->dcl
.con
, keycode
, false);
2004 qemu_input_event_send_key_delay(vs
->vd
->key_delay_ms
);
2008 static const char *code2name(int keycode
)
2010 return QKeyCode_str(qemu_input_key_number_to_qcode(keycode
));
2013 static void key_event(VncState
*vs
, int down
, uint32_t sym
)
2015 bool shift
= vs
->modifiers_state
[0x2a] || vs
->modifiers_state
[0x36];
2016 bool altgr
= vs
->modifiers_state
[0xb8];
2017 bool ctrl
= vs
->modifiers_state
[0x1d] || vs
->modifiers_state
[0x9d];
2021 if (lsym
>= 'A' && lsym
<= 'Z' && qemu_console_is_graphic(NULL
)) {
2022 lsym
= lsym
- 'A' + 'a';
2025 keycode
= keysym2scancode(vs
->vd
->kbd_layout
, lsym
& 0xFFFF,
2026 shift
, altgr
, ctrl
) & SCANCODE_KEYMASK
;
2027 trace_vnc_key_event_map(down
, sym
, keycode
, code2name(keycode
));
2028 do_key_event(vs
, down
, keycode
, sym
);
2031 static void ext_key_event(VncState
*vs
, int down
,
2032 uint32_t sym
, uint16_t keycode
)
2034 /* if the user specifies a keyboard layout, always use it */
2035 if (keyboard_layout
) {
2036 key_event(vs
, down
, sym
);
2038 trace_vnc_key_event_ext(down
, sym
, keycode
, code2name(keycode
));
2039 do_key_event(vs
, down
, keycode
, sym
);
2043 static void framebuffer_update_request(VncState
*vs
, int incremental
,
2044 int x
, int y
, int w
, int h
)
2047 if (vs
->update
!= VNC_STATE_UPDATE_FORCE
) {
2048 vs
->update
= VNC_STATE_UPDATE_INCREMENTAL
;
2051 vs
->update
= VNC_STATE_UPDATE_FORCE
;
2052 vnc_set_area_dirty(vs
->dirty
, vs
->vd
, x
, y
, w
, h
);
2056 static void send_ext_key_event_ack(VncState
*vs
)
2058 vnc_lock_output(vs
);
2059 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
2060 vnc_write_u8(vs
, 0);
2061 vnc_write_u16(vs
, 1);
2062 vnc_framebuffer_update(vs
, 0, 0,
2063 pixman_image_get_width(vs
->vd
->server
),
2064 pixman_image_get_height(vs
->vd
->server
),
2065 VNC_ENCODING_EXT_KEY_EVENT
);
2066 vnc_unlock_output(vs
);
2070 static void send_ext_audio_ack(VncState
*vs
)
2072 vnc_lock_output(vs
);
2073 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
2074 vnc_write_u8(vs
, 0);
2075 vnc_write_u16(vs
, 1);
2076 vnc_framebuffer_update(vs
, 0, 0,
2077 pixman_image_get_width(vs
->vd
->server
),
2078 pixman_image_get_height(vs
->vd
->server
),
2079 VNC_ENCODING_AUDIO
);
2080 vnc_unlock_output(vs
);
2084 static void set_encodings(VncState
*vs
, int32_t *encodings
, size_t n_encodings
)
2087 unsigned int enc
= 0;
2090 vs
->vnc_encoding
= 0;
2091 vs
->tight
.compression
= 9;
2092 vs
->tight
.quality
= -1; /* Lossless by default */
2096 * Start from the end because the encodings are sent in order of preference.
2097 * This way the preferred encoding (first encoding defined in the array)
2098 * will be set at the end of the loop.
2100 for (i
= n_encodings
- 1; i
>= 0; i
--) {
2103 case VNC_ENCODING_RAW
:
2104 vs
->vnc_encoding
= enc
;
2106 case VNC_ENCODING_COPYRECT
:
2107 vs
->features
|= VNC_FEATURE_COPYRECT_MASK
;
2109 case VNC_ENCODING_HEXTILE
:
2110 vs
->features
|= VNC_FEATURE_HEXTILE_MASK
;
2111 vs
->vnc_encoding
= enc
;
2113 case VNC_ENCODING_TIGHT
:
2114 vs
->features
|= VNC_FEATURE_TIGHT_MASK
;
2115 vs
->vnc_encoding
= enc
;
2117 #ifdef CONFIG_VNC_PNG
2118 case VNC_ENCODING_TIGHT_PNG
:
2119 vs
->features
|= VNC_FEATURE_TIGHT_PNG_MASK
;
2120 vs
->vnc_encoding
= enc
;
2123 case VNC_ENCODING_ZLIB
:
2124 vs
->features
|= VNC_FEATURE_ZLIB_MASK
;
2125 vs
->vnc_encoding
= enc
;
2127 case VNC_ENCODING_ZRLE
:
2128 vs
->features
|= VNC_FEATURE_ZRLE_MASK
;
2129 vs
->vnc_encoding
= enc
;
2131 case VNC_ENCODING_ZYWRLE
:
2132 vs
->features
|= VNC_FEATURE_ZYWRLE_MASK
;
2133 vs
->vnc_encoding
= enc
;
2135 case VNC_ENCODING_DESKTOPRESIZE
:
2136 vs
->features
|= VNC_FEATURE_RESIZE_MASK
;
2138 case VNC_ENCODING_POINTER_TYPE_CHANGE
:
2139 vs
->features
|= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK
;
2141 case VNC_ENCODING_RICH_CURSOR
:
2142 vs
->features
|= VNC_FEATURE_RICH_CURSOR_MASK
;
2143 if (vs
->vd
->cursor
) {
2144 vnc_cursor_define(vs
);
2147 case VNC_ENCODING_EXT_KEY_EVENT
:
2148 send_ext_key_event_ack(vs
);
2150 case VNC_ENCODING_AUDIO
:
2151 send_ext_audio_ack(vs
);
2153 case VNC_ENCODING_WMVi
:
2154 vs
->features
|= VNC_FEATURE_WMVI_MASK
;
2156 case VNC_ENCODING_LED_STATE
:
2157 vs
->features
|= VNC_FEATURE_LED_STATE_MASK
;
2159 case VNC_ENCODING_COMPRESSLEVEL0
... VNC_ENCODING_COMPRESSLEVEL0
+ 9:
2160 vs
->tight
.compression
= (enc
& 0x0F);
2162 case VNC_ENCODING_QUALITYLEVEL0
... VNC_ENCODING_QUALITYLEVEL0
+ 9:
2163 if (vs
->vd
->lossy
) {
2164 vs
->tight
.quality
= (enc
& 0x0F);
2168 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i
, enc
, enc
);
2172 vnc_desktop_resize(vs
);
2173 check_pointer_type_change(&vs
->mouse_mode_notifier
, NULL
);
2174 vnc_led_state_change(vs
);
2177 static void set_pixel_conversion(VncState
*vs
)
2179 pixman_format_code_t fmt
= qemu_pixman_get_format(&vs
->client_pf
);
2181 if (fmt
== VNC_SERVER_FB_FORMAT
) {
2182 vs
->write_pixels
= vnc_write_pixels_copy
;
2183 vnc_hextile_set_pixel_conversion(vs
, 0);
2185 vs
->write_pixels
= vnc_write_pixels_generic
;
2186 vnc_hextile_set_pixel_conversion(vs
, 1);
2190 static void send_color_map(VncState
*vs
)
2194 vnc_write_u8(vs
, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES
);
2195 vnc_write_u8(vs
, 0); /* padding */
2196 vnc_write_u16(vs
, 0); /* first color */
2197 vnc_write_u16(vs
, 256); /* # of colors */
2199 for (i
= 0; i
< 256; i
++) {
2200 PixelFormat
*pf
= &vs
->client_pf
;
2202 vnc_write_u16(vs
, (((i
>> pf
->rshift
) & pf
->rmax
) << (16 - pf
->rbits
)));
2203 vnc_write_u16(vs
, (((i
>> pf
->gshift
) & pf
->gmax
) << (16 - pf
->gbits
)));
2204 vnc_write_u16(vs
, (((i
>> pf
->bshift
) & pf
->bmax
) << (16 - pf
->bbits
)));
2208 static void set_pixel_format(VncState
*vs
, int bits_per_pixel
,
2209 int big_endian_flag
, int true_color_flag
,
2210 int red_max
, int green_max
, int blue_max
,
2211 int red_shift
, int green_shift
, int blue_shift
)
2213 if (!true_color_flag
) {
2214 /* Expose a reasonable default 256 color map */
2224 switch (bits_per_pixel
) {
2230 vnc_client_error(vs
);
2234 vs
->client_pf
.rmax
= red_max
? red_max
: 0xFF;
2235 vs
->client_pf
.rbits
= ctpopl(red_max
);
2236 vs
->client_pf
.rshift
= red_shift
;
2237 vs
->client_pf
.rmask
= red_max
<< red_shift
;
2238 vs
->client_pf
.gmax
= green_max
? green_max
: 0xFF;
2239 vs
->client_pf
.gbits
= ctpopl(green_max
);
2240 vs
->client_pf
.gshift
= green_shift
;
2241 vs
->client_pf
.gmask
= green_max
<< green_shift
;
2242 vs
->client_pf
.bmax
= blue_max
? blue_max
: 0xFF;
2243 vs
->client_pf
.bbits
= ctpopl(blue_max
);
2244 vs
->client_pf
.bshift
= blue_shift
;
2245 vs
->client_pf
.bmask
= blue_max
<< blue_shift
;
2246 vs
->client_pf
.bits_per_pixel
= bits_per_pixel
;
2247 vs
->client_pf
.bytes_per_pixel
= bits_per_pixel
/ 8;
2248 vs
->client_pf
.depth
= bits_per_pixel
== 32 ? 24 : bits_per_pixel
;
2249 vs
->client_be
= big_endian_flag
;
2251 if (!true_color_flag
) {
2255 set_pixel_conversion(vs
);
2257 graphic_hw_invalidate(vs
->vd
->dcl
.con
);
2258 graphic_hw_update(vs
->vd
->dcl
.con
);
2261 static void pixel_format_message (VncState
*vs
) {
2262 char pad
[3] = { 0, 0, 0 };
2264 vs
->client_pf
= qemu_default_pixelformat(32);
2266 vnc_write_u8(vs
, vs
->client_pf
.bits_per_pixel
); /* bits-per-pixel */
2267 vnc_write_u8(vs
, vs
->client_pf
.depth
); /* depth */
2269 #ifdef HOST_WORDS_BIGENDIAN
2270 vnc_write_u8(vs
, 1); /* big-endian-flag */
2272 vnc_write_u8(vs
, 0); /* big-endian-flag */
2274 vnc_write_u8(vs
, 1); /* true-color-flag */
2275 vnc_write_u16(vs
, vs
->client_pf
.rmax
); /* red-max */
2276 vnc_write_u16(vs
, vs
->client_pf
.gmax
); /* green-max */
2277 vnc_write_u16(vs
, vs
->client_pf
.bmax
); /* blue-max */
2278 vnc_write_u8(vs
, vs
->client_pf
.rshift
); /* red-shift */
2279 vnc_write_u8(vs
, vs
->client_pf
.gshift
); /* green-shift */
2280 vnc_write_u8(vs
, vs
->client_pf
.bshift
); /* blue-shift */
2281 vnc_write(vs
, pad
, 3); /* padding */
2283 vnc_hextile_set_pixel_conversion(vs
, 0);
2284 vs
->write_pixels
= vnc_write_pixels_copy
;
2287 static void vnc_colordepth(VncState
*vs
)
2289 if (vnc_has_feature(vs
, VNC_FEATURE_WMVI
)) {
2290 /* Sending a WMVi message to notify the client*/
2291 vnc_lock_output(vs
);
2292 vnc_write_u8(vs
, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE
);
2293 vnc_write_u8(vs
, 0);
2294 vnc_write_u16(vs
, 1); /* number of rects */
2295 vnc_framebuffer_update(vs
, 0, 0,
2296 pixman_image_get_width(vs
->vd
->server
),
2297 pixman_image_get_height(vs
->vd
->server
),
2299 pixel_format_message(vs
);
2300 vnc_unlock_output(vs
);
2303 set_pixel_conversion(vs
);
2307 static int protocol_client_msg(VncState
*vs
, uint8_t *data
, size_t len
)
2312 VncDisplay
*vd
= vs
->vd
;
2315 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
2319 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT
:
2323 set_pixel_format(vs
, read_u8(data
, 4),
2324 read_u8(data
, 6), read_u8(data
, 7),
2325 read_u16(data
, 8), read_u16(data
, 10),
2326 read_u16(data
, 12), read_u8(data
, 14),
2327 read_u8(data
, 15), read_u8(data
, 16));
2329 case VNC_MSG_CLIENT_SET_ENCODINGS
:
2334 limit
= read_u16(data
, 2);
2336 return 4 + (limit
* 4);
2338 limit
= read_u16(data
, 2);
2340 for (i
= 0; i
< limit
; i
++) {
2341 int32_t val
= read_s32(data
, 4 + (i
* 4));
2342 memcpy(data
+ 4 + (i
* 4), &val
, sizeof(val
));
2345 set_encodings(vs
, (int32_t *)(data
+ 4), limit
);
2347 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST
:
2351 framebuffer_update_request(vs
,
2352 read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4),
2353 read_u16(data
, 6), read_u16(data
, 8));
2355 case VNC_MSG_CLIENT_KEY_EVENT
:
2359 key_event(vs
, read_u8(data
, 1), read_u32(data
, 4));
2361 case VNC_MSG_CLIENT_POINTER_EVENT
:
2365 pointer_event(vs
, read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4));
2367 case VNC_MSG_CLIENT_CUT_TEXT
:
2372 uint32_t dlen
= read_u32(data
, 4);
2373 if (dlen
> (1 << 20)) {
2374 error_report("vnc: client_cut_text msg payload has %u bytes"
2375 " which exceeds our limit of 1MB.", dlen
);
2376 vnc_client_error(vs
);
2384 client_cut_text(vs
, read_u32(data
, 4), data
+ 8);
2386 case VNC_MSG_CLIENT_QEMU
:
2390 switch (read_u8(data
, 1)) {
2391 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT
:
2395 ext_key_event(vs
, read_u16(data
, 2),
2396 read_u32(data
, 4), read_u32(data
, 8));
2398 case VNC_MSG_CLIENT_QEMU_AUDIO
:
2402 switch (read_u16 (data
, 2)) {
2403 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE
:
2406 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE
:
2409 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT
:
2412 switch (read_u8(data
, 4)) {
2413 case 0: vs
->as
.fmt
= AUD_FMT_U8
; break;
2414 case 1: vs
->as
.fmt
= AUD_FMT_S8
; break;
2415 case 2: vs
->as
.fmt
= AUD_FMT_U16
; break;
2416 case 3: vs
->as
.fmt
= AUD_FMT_S16
; break;
2417 case 4: vs
->as
.fmt
= AUD_FMT_U32
; break;
2418 case 5: vs
->as
.fmt
= AUD_FMT_S32
; break;
2420 VNC_DEBUG("Invalid audio format %d\n", read_u8(data
, 4));
2421 vnc_client_error(vs
);
2424 vs
->as
.nchannels
= read_u8(data
, 5);
2425 if (vs
->as
.nchannels
!= 1 && vs
->as
.nchannels
!= 2) {
2426 VNC_DEBUG("Invalid audio channel count %d\n",
2428 vnc_client_error(vs
);
2431 freq
= read_u32(data
, 6);
2432 /* No official limit for protocol, but 48khz is a sensible
2433 * upper bound for trustworthy clients, and this limit
2434 * protects calculations involving 'vs->as.freq' later.
2437 VNC_DEBUG("Invalid audio frequency %u > 48000", freq
);
2438 vnc_client_error(vs
);
2444 VNC_DEBUG("Invalid audio message %d\n", read_u8(data
, 4));
2445 vnc_client_error(vs
);
2451 VNC_DEBUG("Msg: %d\n", read_u16(data
, 0));
2452 vnc_client_error(vs
);
2457 VNC_DEBUG("Msg: %d\n", data
[0]);
2458 vnc_client_error(vs
);
2462 vnc_update_throttle_offset(vs
);
2463 vnc_read_when(vs
, protocol_client_msg
, 1);
2467 static int protocol_client_init(VncState
*vs
, uint8_t *data
, size_t len
)
2473 mode
= data
[0] ? VNC_SHARE_MODE_SHARED
: VNC_SHARE_MODE_EXCLUSIVE
;
2474 switch (vs
->vd
->share_policy
) {
2475 case VNC_SHARE_POLICY_IGNORE
:
2477 * Ignore the shared flag. Nothing to do here.
2479 * Doesn't conform to the rfb spec but is traditional qemu
2480 * behavior, thus left here as option for compatibility
2484 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
:
2486 * Policy: Allow clients ask for exclusive access.
2488 * Implementation: When a client asks for exclusive access,
2489 * disconnect all others. Shared connects are allowed as long
2490 * as no exclusive connection exists.
2492 * This is how the rfb spec suggests to handle the shared flag.
2494 if (mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
2496 QTAILQ_FOREACH(client
, &vs
->vd
->clients
, next
) {
2500 if (client
->share_mode
!= VNC_SHARE_MODE_EXCLUSIVE
&&
2501 client
->share_mode
!= VNC_SHARE_MODE_SHARED
) {
2504 vnc_disconnect_start(client
);
2507 if (mode
== VNC_SHARE_MODE_SHARED
) {
2508 if (vs
->vd
->num_exclusive
> 0) {
2509 vnc_disconnect_start(vs
);
2514 case VNC_SHARE_POLICY_FORCE_SHARED
:
2516 * Policy: Shared connects only.
2517 * Implementation: Disallow clients asking for exclusive access.
2519 * Useful for shared desktop sessions where you don't want
2520 * someone forgetting to say -shared when running the vnc
2521 * client disconnect everybody else.
2523 if (mode
== VNC_SHARE_MODE_EXCLUSIVE
) {
2524 vnc_disconnect_start(vs
);
2529 vnc_set_share_mode(vs
, mode
);
2531 if (vs
->vd
->num_shared
> vs
->vd
->connections_limit
) {
2532 vnc_disconnect_start(vs
);
2536 assert(pixman_image_get_width(vs
->vd
->server
) < 65536 &&
2537 pixman_image_get_width(vs
->vd
->server
) >= 0);
2538 assert(pixman_image_get_height(vs
->vd
->server
) < 65536 &&
2539 pixman_image_get_height(vs
->vd
->server
) >= 0);
2540 vs
->client_width
= pixman_image_get_width(vs
->vd
->server
);
2541 vs
->client_height
= pixman_image_get_height(vs
->vd
->server
);
2542 vnc_write_u16(vs
, vs
->client_width
);
2543 vnc_write_u16(vs
, vs
->client_height
);
2545 pixel_format_message(vs
);
2548 size
= snprintf(buf
, sizeof(buf
), "QEMU (%s)", qemu_name
);
2549 if (size
> sizeof(buf
)) {
2553 size
= snprintf(buf
, sizeof(buf
), "QEMU");
2556 vnc_write_u32(vs
, size
);
2557 vnc_write(vs
, buf
, size
);
2560 vnc_client_cache_auth(vs
);
2561 vnc_qmp_event(vs
, QAPI_EVENT_VNC_INITIALIZED
);
2563 vnc_read_when(vs
, protocol_client_msg
, 1);
2568 void start_client_init(VncState
*vs
)
2570 vnc_read_when(vs
, protocol_client_init
, 1);
2573 static void make_challenge(VncState
*vs
)
2577 srand(time(NULL
)+getpid()+getpid()*987654+rand());
2579 for (i
= 0 ; i
< sizeof(vs
->challenge
) ; i
++)
2580 vs
->challenge
[i
] = (int) (256.0*rand()/(RAND_MAX
+1.0));
2583 static int protocol_client_auth_vnc(VncState
*vs
, uint8_t *data
, size_t len
)
2585 unsigned char response
[VNC_AUTH_CHALLENGE_SIZE
];
2587 unsigned char key
[8];
2588 time_t now
= time(NULL
);
2589 QCryptoCipher
*cipher
= NULL
;
2592 if (!vs
->vd
->password
) {
2593 trace_vnc_auth_fail(vs
, vs
->auth
, "password is not set", "");
2596 if (vs
->vd
->expires
< now
) {
2597 trace_vnc_auth_fail(vs
, vs
->auth
, "password is expired", "");
2601 memcpy(response
, vs
->challenge
, VNC_AUTH_CHALLENGE_SIZE
);
2603 /* Calculate the expected challenge response */
2604 pwlen
= strlen(vs
->vd
->password
);
2605 for (i
=0; i
<sizeof(key
); i
++)
2606 key
[i
] = i
<pwlen
? vs
->vd
->password
[i
] : 0;
2608 cipher
= qcrypto_cipher_new(
2609 QCRYPTO_CIPHER_ALG_DES_RFB
,
2610 QCRYPTO_CIPHER_MODE_ECB
,
2611 key
, G_N_ELEMENTS(key
),
2614 trace_vnc_auth_fail(vs
, vs
->auth
, "cannot create cipher",
2615 error_get_pretty(err
));
2620 if (qcrypto_cipher_encrypt(cipher
,
2623 VNC_AUTH_CHALLENGE_SIZE
,
2625 trace_vnc_auth_fail(vs
, vs
->auth
, "cannot encrypt challenge response",
2626 error_get_pretty(err
));
2631 /* Compare expected vs actual challenge response */
2632 if (memcmp(response
, data
, VNC_AUTH_CHALLENGE_SIZE
) != 0) {
2633 trace_vnc_auth_fail(vs
, vs
->auth
, "mis-matched challenge response", "");
2636 trace_vnc_auth_pass(vs
, vs
->auth
);
2637 vnc_write_u32(vs
, 0); /* Accept auth */
2640 start_client_init(vs
);
2643 qcrypto_cipher_free(cipher
);
2647 vnc_write_u32(vs
, 1); /* Reject auth */
2648 if (vs
->minor
>= 8) {
2649 static const char err
[] = "Authentication failed";
2650 vnc_write_u32(vs
, sizeof(err
));
2651 vnc_write(vs
, err
, sizeof(err
));
2654 vnc_client_error(vs
);
2655 qcrypto_cipher_free(cipher
);
2659 void start_auth_vnc(VncState
*vs
)
2662 /* Send client a 'random' challenge */
2663 vnc_write(vs
, vs
->challenge
, sizeof(vs
->challenge
));
2666 vnc_read_when(vs
, protocol_client_auth_vnc
, sizeof(vs
->challenge
));
2670 static int protocol_client_auth(VncState
*vs
, uint8_t *data
, size_t len
)
2672 /* We only advertise 1 auth scheme at a time, so client
2673 * must pick the one we sent. Verify this */
2674 if (data
[0] != vs
->auth
) { /* Reject auth */
2675 trace_vnc_auth_reject(vs
, vs
->auth
, (int)data
[0]);
2676 vnc_write_u32(vs
, 1);
2677 if (vs
->minor
>= 8) {
2678 static const char err
[] = "Authentication failed";
2679 vnc_write_u32(vs
, sizeof(err
));
2680 vnc_write(vs
, err
, sizeof(err
));
2682 vnc_client_error(vs
);
2683 } else { /* Accept requested auth */
2684 trace_vnc_auth_start(vs
, vs
->auth
);
2687 if (vs
->minor
>= 8) {
2688 vnc_write_u32(vs
, 0); /* Accept auth completion */
2691 trace_vnc_auth_pass(vs
, vs
->auth
);
2692 start_client_init(vs
);
2699 case VNC_AUTH_VENCRYPT
:
2700 start_auth_vencrypt(vs
);
2703 #ifdef CONFIG_VNC_SASL
2705 start_auth_sasl(vs
);
2707 #endif /* CONFIG_VNC_SASL */
2709 default: /* Should not be possible, but just in case */
2710 trace_vnc_auth_fail(vs
, vs
->auth
, "Unhandled auth method", "");
2711 vnc_write_u8(vs
, 1);
2712 if (vs
->minor
>= 8) {
2713 static const char err
[] = "Authentication failed";
2714 vnc_write_u32(vs
, sizeof(err
));
2715 vnc_write(vs
, err
, sizeof(err
));
2717 vnc_client_error(vs
);
2723 static int protocol_version(VncState
*vs
, uint8_t *version
, size_t len
)
2727 memcpy(local
, version
, 12);
2730 if (sscanf(local
, "RFB %03d.%03d\n", &vs
->major
, &vs
->minor
) != 2) {
2731 VNC_DEBUG("Malformed protocol version %s\n", local
);
2732 vnc_client_error(vs
);
2735 VNC_DEBUG("Client request protocol version %d.%d\n", vs
->major
, vs
->minor
);
2736 if (vs
->major
!= 3 ||
2742 VNC_DEBUG("Unsupported client version\n");
2743 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2745 vnc_client_error(vs
);
2748 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2749 * as equivalent to v3.3 by servers
2751 if (vs
->minor
== 4 || vs
->minor
== 5)
2754 if (vs
->minor
== 3) {
2755 trace_vnc_auth_start(vs
, vs
->auth
);
2756 if (vs
->auth
== VNC_AUTH_NONE
) {
2757 vnc_write_u32(vs
, vs
->auth
);
2759 trace_vnc_auth_pass(vs
, vs
->auth
);
2760 start_client_init(vs
);
2761 } else if (vs
->auth
== VNC_AUTH_VNC
) {
2762 VNC_DEBUG("Tell client VNC auth\n");
2763 vnc_write_u32(vs
, vs
->auth
);
2767 trace_vnc_auth_fail(vs
, vs
->auth
,
2768 "Unsupported auth method for v3.3", "");
2769 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2771 vnc_client_error(vs
);
2774 vnc_write_u8(vs
, 1); /* num auth */
2775 vnc_write_u8(vs
, vs
->auth
);
2776 vnc_read_when(vs
, protocol_client_auth
, 1);
2783 static VncRectStat
*vnc_stat_rect(VncDisplay
*vd
, int x
, int y
)
2785 struct VncSurface
*vs
= &vd
->guest
;
2787 return &vs
->stats
[y
/ VNC_STAT_RECT
][x
/ VNC_STAT_RECT
];
2790 void vnc_sent_lossy_rect(VncState
*vs
, int x
, int y
, int w
, int h
)
2794 w
= (x
+ w
) / VNC_STAT_RECT
;
2795 h
= (y
+ h
) / VNC_STAT_RECT
;
2799 for (j
= y
; j
<= h
; j
++) {
2800 for (i
= x
; i
<= w
; i
++) {
2801 vs
->lossy_rect
[j
][i
] = 1;
2806 static int vnc_refresh_lossy_rect(VncDisplay
*vd
, int x
, int y
)
2809 int sty
= y
/ VNC_STAT_RECT
;
2810 int stx
= x
/ VNC_STAT_RECT
;
2813 y
= QEMU_ALIGN_DOWN(y
, VNC_STAT_RECT
);
2814 x
= QEMU_ALIGN_DOWN(x
, VNC_STAT_RECT
);
2816 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
2819 /* kernel send buffers are full -> refresh later */
2820 if (vs
->output
.offset
) {
2824 if (!vs
->lossy_rect
[sty
][stx
]) {
2828 vs
->lossy_rect
[sty
][stx
] = 0;
2829 for (j
= 0; j
< VNC_STAT_RECT
; ++j
) {
2830 bitmap_set(vs
->dirty
[y
+ j
],
2831 x
/ VNC_DIRTY_PIXELS_PER_BIT
,
2832 VNC_STAT_RECT
/ VNC_DIRTY_PIXELS_PER_BIT
);
2840 static int vnc_update_stats(VncDisplay
*vd
, struct timeval
* tv
)
2842 int width
= MIN(pixman_image_get_width(vd
->guest
.fb
),
2843 pixman_image_get_width(vd
->server
));
2844 int height
= MIN(pixman_image_get_height(vd
->guest
.fb
),
2845 pixman_image_get_height(vd
->server
));
2850 for (y
= 0; y
< height
; y
+= VNC_STAT_RECT
) {
2851 for (x
= 0; x
< width
; x
+= VNC_STAT_RECT
) {
2852 VncRectStat
*rect
= vnc_stat_rect(vd
, x
, y
);
2854 rect
->updated
= false;
2858 qemu_timersub(tv
, &VNC_REFRESH_STATS
, &res
);
2860 if (timercmp(&vd
->guest
.last_freq_check
, &res
, >)) {
2863 vd
->guest
.last_freq_check
= *tv
;
2865 for (y
= 0; y
< height
; y
+= VNC_STAT_RECT
) {
2866 for (x
= 0; x
< width
; x
+= VNC_STAT_RECT
) {
2867 VncRectStat
*rect
= vnc_stat_rect(vd
, x
, y
);
2868 int count
= ARRAY_SIZE(rect
->times
);
2869 struct timeval min
, max
;
2871 if (!timerisset(&rect
->times
[count
- 1])) {
2875 max
= rect
->times
[(rect
->idx
+ count
- 1) % count
];
2876 qemu_timersub(tv
, &max
, &res
);
2878 if (timercmp(&res
, &VNC_REFRESH_LOSSY
, >)) {
2880 has_dirty
+= vnc_refresh_lossy_rect(vd
, x
, y
);
2881 memset(rect
->times
, 0, sizeof (rect
->times
));
2885 min
= rect
->times
[rect
->idx
];
2886 max
= rect
->times
[(rect
->idx
+ count
- 1) % count
];
2887 qemu_timersub(&max
, &min
, &res
);
2889 rect
->freq
= res
.tv_sec
+ res
.tv_usec
/ 1000000.;
2890 rect
->freq
/= count
;
2891 rect
->freq
= 1. / rect
->freq
;
2897 double vnc_update_freq(VncState
*vs
, int x
, int y
, int w
, int h
)
2903 x
= QEMU_ALIGN_DOWN(x
, VNC_STAT_RECT
);
2904 y
= QEMU_ALIGN_DOWN(y
, VNC_STAT_RECT
);
2906 for (j
= y
; j
<= y
+ h
; j
+= VNC_STAT_RECT
) {
2907 for (i
= x
; i
<= x
+ w
; i
+= VNC_STAT_RECT
) {
2908 total
+= vnc_stat_rect(vs
->vd
, i
, j
)->freq
;
2920 static void vnc_rect_updated(VncDisplay
*vd
, int x
, int y
, struct timeval
* tv
)
2924 rect
= vnc_stat_rect(vd
, x
, y
);
2925 if (rect
->updated
) {
2928 rect
->times
[rect
->idx
] = *tv
;
2929 rect
->idx
= (rect
->idx
+ 1) % ARRAY_SIZE(rect
->times
);
2930 rect
->updated
= true;
2933 static int vnc_refresh_server_surface(VncDisplay
*vd
)
2935 int width
= MIN(pixman_image_get_width(vd
->guest
.fb
),
2936 pixman_image_get_width(vd
->server
));
2937 int height
= MIN(pixman_image_get_height(vd
->guest
.fb
),
2938 pixman_image_get_height(vd
->server
));
2939 int cmp_bytes
, server_stride
, line_bytes
, guest_ll
, guest_stride
, y
= 0;
2940 uint8_t *guest_row0
= NULL
, *server_row0
;
2943 pixman_image_t
*tmpbuf
= NULL
;
2945 struct timeval tv
= { 0, 0 };
2947 if (!vd
->non_adaptive
) {
2948 gettimeofday(&tv
, NULL
);
2949 has_dirty
= vnc_update_stats(vd
, &tv
);
2953 * Walk through the guest dirty map.
2954 * Check and copy modified bits from guest to server surface.
2955 * Update server dirty map.
2957 server_row0
= (uint8_t *)pixman_image_get_data(vd
->server
);
2958 server_stride
= guest_stride
= guest_ll
=
2959 pixman_image_get_stride(vd
->server
);
2960 cmp_bytes
= MIN(VNC_DIRTY_PIXELS_PER_BIT
* VNC_SERVER_FB_BYTES
,
2962 if (vd
->guest
.format
!= VNC_SERVER_FB_FORMAT
) {
2963 int width
= pixman_image_get_width(vd
->server
);
2964 tmpbuf
= qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT
, width
);
2967 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd
->guest
.fb
));
2968 guest_row0
= (uint8_t *)pixman_image_get_data(vd
->guest
.fb
);
2969 guest_stride
= pixman_image_get_stride(vd
->guest
.fb
);
2970 guest_ll
= pixman_image_get_width(vd
->guest
.fb
)
2971 * DIV_ROUND_UP(guest_bpp
, 8);
2973 line_bytes
= MIN(server_stride
, guest_ll
);
2977 uint8_t *guest_ptr
, *server_ptr
;
2978 unsigned long offset
= find_next_bit((unsigned long *) &vd
->guest
.dirty
,
2979 height
* VNC_DIRTY_BPL(&vd
->guest
),
2980 y
* VNC_DIRTY_BPL(&vd
->guest
));
2981 if (offset
== height
* VNC_DIRTY_BPL(&vd
->guest
)) {
2982 /* no more dirty bits */
2985 y
= offset
/ VNC_DIRTY_BPL(&vd
->guest
);
2986 x
= offset
% VNC_DIRTY_BPL(&vd
->guest
);
2988 server_ptr
= server_row0
+ y
* server_stride
+ x
* cmp_bytes
;
2990 if (vd
->guest
.format
!= VNC_SERVER_FB_FORMAT
) {
2991 qemu_pixman_linebuf_fill(tmpbuf
, vd
->guest
.fb
, width
, 0, y
);
2992 guest_ptr
= (uint8_t *)pixman_image_get_data(tmpbuf
);
2994 guest_ptr
= guest_row0
+ y
* guest_stride
;
2996 guest_ptr
+= x
* cmp_bytes
;
2998 for (; x
< DIV_ROUND_UP(width
, VNC_DIRTY_PIXELS_PER_BIT
);
2999 x
++, guest_ptr
+= cmp_bytes
, server_ptr
+= cmp_bytes
) {
3000 int _cmp_bytes
= cmp_bytes
;
3001 if (!test_and_clear_bit(x
, vd
->guest
.dirty
[y
])) {
3004 if ((x
+ 1) * cmp_bytes
> line_bytes
) {
3005 _cmp_bytes
= line_bytes
- x
* cmp_bytes
;
3007 assert(_cmp_bytes
>= 0);
3008 if (memcmp(server_ptr
, guest_ptr
, _cmp_bytes
) == 0) {
3011 memcpy(server_ptr
, guest_ptr
, _cmp_bytes
);
3012 if (!vd
->non_adaptive
) {
3013 vnc_rect_updated(vd
, x
* VNC_DIRTY_PIXELS_PER_BIT
,
3016 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
3017 set_bit(x
, vs
->dirty
[y
]);
3024 qemu_pixman_image_unref(tmpbuf
);
3028 static void vnc_refresh(DisplayChangeListener
*dcl
)
3030 VncDisplay
*vd
= container_of(dcl
, VncDisplay
, dcl
);
3032 int has_dirty
, rects
= 0;
3034 if (QTAILQ_EMPTY(&vd
->clients
)) {
3035 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_MAX
);
3039 graphic_hw_update(vd
->dcl
.con
);
3041 if (vnc_trylock_display(vd
)) {
3042 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
3046 has_dirty
= vnc_refresh_server_surface(vd
);
3047 vnc_unlock_display(vd
);
3049 QTAILQ_FOREACH_SAFE(vs
, &vd
->clients
, next
, vn
) {
3050 rects
+= vnc_update_client(vs
, has_dirty
);
3051 /* vs might be free()ed here */
3054 if (has_dirty
&& rects
) {
3055 vd
->dcl
.update_interval
/= 2;
3056 if (vd
->dcl
.update_interval
< VNC_REFRESH_INTERVAL_BASE
) {
3057 vd
->dcl
.update_interval
= VNC_REFRESH_INTERVAL_BASE
;
3060 vd
->dcl
.update_interval
+= VNC_REFRESH_INTERVAL_INC
;
3061 if (vd
->dcl
.update_interval
> VNC_REFRESH_INTERVAL_MAX
) {
3062 vd
->dcl
.update_interval
= VNC_REFRESH_INTERVAL_MAX
;
3067 static void vnc_connect(VncDisplay
*vd
, QIOChannelSocket
*sioc
,
3068 bool skipauth
, bool websocket
)
3070 VncState
*vs
= g_new0(VncState
, 1);
3071 bool first_client
= QTAILQ_EMPTY(&vd
->clients
);
3074 trace_vnc_client_connect(vs
, sioc
);
3075 vs
->magic
= VNC_MAGIC
;
3077 object_ref(OBJECT(vs
->sioc
));
3078 vs
->ioc
= QIO_CHANNEL(sioc
);
3079 object_ref(OBJECT(vs
->ioc
));
3082 buffer_init(&vs
->input
, "vnc-input/%p", sioc
);
3083 buffer_init(&vs
->output
, "vnc-output/%p", sioc
);
3084 buffer_init(&vs
->jobs_buffer
, "vnc-jobs_buffer/%p", sioc
);
3086 buffer_init(&vs
->tight
.tight
, "vnc-tight/%p", sioc
);
3087 buffer_init(&vs
->tight
.zlib
, "vnc-tight-zlib/%p", sioc
);
3088 buffer_init(&vs
->tight
.gradient
, "vnc-tight-gradient/%p", sioc
);
3089 #ifdef CONFIG_VNC_JPEG
3090 buffer_init(&vs
->tight
.jpeg
, "vnc-tight-jpeg/%p", sioc
);
3092 #ifdef CONFIG_VNC_PNG
3093 buffer_init(&vs
->tight
.png
, "vnc-tight-png/%p", sioc
);
3095 buffer_init(&vs
->zlib
.zlib
, "vnc-zlib/%p", sioc
);
3096 buffer_init(&vs
->zrle
.zrle
, "vnc-zrle/%p", sioc
);
3097 buffer_init(&vs
->zrle
.fb
, "vnc-zrle-fb/%p", sioc
);
3098 buffer_init(&vs
->zrle
.zlib
, "vnc-zrle-zlib/%p", sioc
);
3101 vs
->auth
= VNC_AUTH_NONE
;
3102 vs
->subauth
= VNC_AUTH_INVALID
;
3105 vs
->auth
= vd
->ws_auth
;
3106 vs
->subauth
= VNC_AUTH_INVALID
;
3108 vs
->auth
= vd
->auth
;
3109 vs
->subauth
= vd
->subauth
;
3112 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
3113 sioc
, websocket
, vs
->auth
, vs
->subauth
);
3115 vs
->lossy_rect
= g_malloc0(VNC_STAT_ROWS
* sizeof (*vs
->lossy_rect
));
3116 for (i
= 0; i
< VNC_STAT_ROWS
; ++i
) {
3117 vs
->lossy_rect
[i
] = g_new0(uint8_t, VNC_STAT_COLS
);
3120 VNC_DEBUG("New client on socket %p\n", vs
->sioc
);
3121 update_displaychangelistener(&vd
->dcl
, VNC_REFRESH_INTERVAL_BASE
);
3122 qio_channel_set_blocking(vs
->ioc
, false, NULL
);
3124 g_source_remove(vs
->ioc_tag
);
3129 vs
->ioc_tag
= qio_channel_add_watch(
3130 vs
->ioc
, G_IO_IN
, vncws_tls_handshake_io
, vs
, NULL
);
3132 vs
->ioc_tag
= qio_channel_add_watch(
3133 vs
->ioc
, G_IO_IN
, vncws_handshake_io
, vs
, NULL
);
3136 vs
->ioc_tag
= qio_channel_add_watch(
3137 vs
->ioc
, G_IO_IN
, vnc_client_io
, vs
, NULL
);
3140 vnc_client_cache_addr(vs
);
3141 vnc_qmp_event(vs
, QAPI_EVENT_VNC_CONNECTED
);
3142 vnc_set_share_mode(vs
, VNC_SHARE_MODE_CONNECTING
);
3147 vs
->as
.freq
= 44100;
3148 vs
->as
.nchannels
= 2;
3149 vs
->as
.fmt
= AUD_FMT_S16
;
3150 vs
->as
.endianness
= 0;
3152 qemu_mutex_init(&vs
->output_mutex
);
3153 vs
->bh
= qemu_bh_new(vnc_jobs_bh
, vs
);
3155 QTAILQ_INSERT_TAIL(&vd
->clients
, vs
, next
);
3157 vnc_update_server_surface(vd
);
3160 graphic_hw_update(vd
->dcl
.con
);
3162 if (!vs
->websocket
) {
3163 vnc_start_protocol(vs
);
3166 if (vd
->num_connecting
> vd
->connections_limit
) {
3167 QTAILQ_FOREACH(vs
, &vd
->clients
, next
) {
3168 if (vs
->share_mode
== VNC_SHARE_MODE_CONNECTING
) {
3169 vnc_disconnect_start(vs
);
3176 void vnc_start_protocol(VncState
*vs
)
3178 vnc_write(vs
, "RFB 003.008\n", 12);
3180 vnc_read_when(vs
, protocol_version
, 12);
3182 vs
->mouse_mode_notifier
.notify
= check_pointer_type_change
;
3183 qemu_add_mouse_mode_change_notifier(&vs
->mouse_mode_notifier
);
3186 static void vnc_listen_io(QIONetListener
*listener
,
3187 QIOChannelSocket
*cioc
,
3190 VncDisplay
*vd
= opaque
;
3191 bool isWebsock
= listener
== vd
->wslistener
;
3193 qio_channel_set_name(QIO_CHANNEL(cioc
),
3194 isWebsock
? "vnc-ws-server" : "vnc-server");
3195 qio_channel_set_delay(QIO_CHANNEL(cioc
), false);
3196 vnc_connect(vd
, cioc
, false, isWebsock
);
3199 static const DisplayChangeListenerOps dcl_ops
= {
3201 .dpy_refresh
= vnc_refresh
,
3202 .dpy_gfx_update
= vnc_dpy_update
,
3203 .dpy_gfx_switch
= vnc_dpy_switch
,
3204 .dpy_gfx_check_format
= qemu_pixman_check_format
,
3205 .dpy_mouse_set
= vnc_mouse_set
,
3206 .dpy_cursor_define
= vnc_dpy_cursor_define
,
3209 void vnc_display_init(const char *id
)
3213 if (vnc_display_find(id
) != NULL
) {
3216 vd
= g_malloc0(sizeof(*vd
));
3218 vd
->id
= strdup(id
);
3219 QTAILQ_INSERT_TAIL(&vnc_displays
, vd
, next
);
3221 QTAILQ_INIT(&vd
->clients
);
3222 vd
->expires
= TIME_MAX
;
3224 if (keyboard_layout
) {
3225 trace_vnc_key_map_init(keyboard_layout
);
3226 vd
->kbd_layout
= init_keyboard_layout(name2keysym
, keyboard_layout
);
3228 vd
->kbd_layout
= init_keyboard_layout(name2keysym
, "en-us");
3231 if (!vd
->kbd_layout
) {
3235 vd
->share_policy
= VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
;
3236 vd
->connections_limit
= 32;
3238 qemu_mutex_init(&vd
->mutex
);
3239 vnc_start_worker_thread();
3241 vd
->dcl
.ops
= &dcl_ops
;
3242 register_displaychangelistener(&vd
->dcl
);
3246 static void vnc_display_close(VncDisplay
*vd
)
3251 vd
->is_unix
= false;
3254 qio_net_listener_disconnect(vd
->listener
);
3255 object_unref(OBJECT(vd
->listener
));
3257 vd
->listener
= NULL
;
3259 if (vd
->wslistener
) {
3260 qio_net_listener_disconnect(vd
->wslistener
);
3261 object_unref(OBJECT(vd
->wslistener
));
3263 vd
->wslistener
= NULL
;
3265 vd
->auth
= VNC_AUTH_INVALID
;
3266 vd
->subauth
= VNC_AUTH_INVALID
;
3268 object_unparent(OBJECT(vd
->tlscreds
));
3269 vd
->tlscreds
= NULL
;
3271 g_free(vd
->tlsaclname
);
3272 vd
->tlsaclname
= NULL
;
3273 if (vd
->lock_key_sync
) {
3274 qemu_remove_led_event_handler(vd
->led
);
3279 int vnc_display_password(const char *id
, const char *password
)
3281 VncDisplay
*vd
= vnc_display_find(id
);
3286 if (vd
->auth
== VNC_AUTH_NONE
) {
3287 error_printf_unless_qmp("If you want use passwords please enable "
3288 "password auth using '-vnc ${dpy},password'.\n");
3292 g_free(vd
->password
);
3293 vd
->password
= g_strdup(password
);
3298 int vnc_display_pw_expire(const char *id
, time_t expires
)
3300 VncDisplay
*vd
= vnc_display_find(id
);
3306 vd
->expires
= expires
;
3310 static void vnc_display_print_local_addr(VncDisplay
*vd
)
3312 SocketAddress
*addr
;
3315 if (!vd
->listener
|| !vd
->listener
->nsioc
) {
3319 addr
= qio_channel_socket_get_local_address(vd
->listener
->sioc
[0], &err
);
3324 if (addr
->type
!= SOCKET_ADDRESS_TYPE_INET
) {
3325 qapi_free_SocketAddress(addr
);
3328 error_printf_unless_qmp("VNC server running on %s:%s\n",
3331 qapi_free_SocketAddress(addr
);
3334 static QemuOptsList qemu_vnc_opts
= {
3336 .head
= QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts
.head
),
3337 .implied_opt_name
= "vnc",
3341 .type
= QEMU_OPT_STRING
,
3343 .name
= "websocket",
3344 .type
= QEMU_OPT_STRING
,
3346 .name
= "tls-creds",
3347 .type
= QEMU_OPT_STRING
,
3350 .type
= QEMU_OPT_STRING
,
3353 .type
= QEMU_OPT_STRING
,
3356 .type
= QEMU_OPT_NUMBER
,
3358 .name
= "connections",
3359 .type
= QEMU_OPT_NUMBER
,
3362 .type
= QEMU_OPT_NUMBER
,
3365 .type
= QEMU_OPT_BOOL
,
3368 .type
= QEMU_OPT_BOOL
,
3371 .type
= QEMU_OPT_BOOL
,
3374 .type
= QEMU_OPT_BOOL
,
3376 .name
= "lock-key-sync",
3377 .type
= QEMU_OPT_BOOL
,
3379 .name
= "key-delay-ms",
3380 .type
= QEMU_OPT_NUMBER
,
3383 .type
= QEMU_OPT_BOOL
,
3386 .type
= QEMU_OPT_BOOL
,
3389 .type
= QEMU_OPT_BOOL
,
3391 .name
= "non-adaptive",
3392 .type
= QEMU_OPT_BOOL
,
3394 { /* end of list */ }
3400 vnc_display_setup_auth(int *auth
,
3402 QCryptoTLSCreds
*tlscreds
,
3409 * We have a choice of 3 authentication options
3415 * The channel can be run in 2 modes
3420 * And TLS can use 2 types of credentials
3425 * We thus have 9 possible logical combinations
3430 * 4. tls + anon + none
3431 * 5. tls + anon + vnc
3432 * 6. tls + anon + sasl
3433 * 7. tls + x509 + none
3434 * 8. tls + x509 + vnc
3435 * 9. tls + x509 + sasl
3437 * These need to be mapped into the VNC auth schemes
3438 * in an appropriate manner. In regular VNC, all the
3439 * TLS options get mapped into VNC_AUTH_VENCRYPT
3442 * In websockets, the https:// protocol already provides
3443 * TLS support, so there is no need to make use of the
3444 * VeNCrypt extension. Furthermore, websockets browser
3445 * clients could not use VeNCrypt even if they wanted to,
3446 * as they cannot control when the TLS handshake takes
3447 * place. Thus there is no option but to rely on https://,
3448 * meaning combinations 4->6 and 7->9 will be mapped to
3449 * VNC auth schemes in the same way as combos 1->3.
3451 * Regardless of fact that we have a different mapping to
3452 * VNC auth mechs for plain VNC vs websockets VNC, the end
3453 * result has the same security characteristics.
3455 if (websocket
|| !tlscreds
) {
3457 VNC_DEBUG("Initializing VNC server with password auth\n");
3458 *auth
= VNC_AUTH_VNC
;
3460 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3461 *auth
= VNC_AUTH_SASL
;
3463 VNC_DEBUG("Initializing VNC server with no auth\n");
3464 *auth
= VNC_AUTH_NONE
;
3466 *subauth
= VNC_AUTH_INVALID
;
3468 bool is_x509
= object_dynamic_cast(OBJECT(tlscreds
),
3469 TYPE_QCRYPTO_TLS_CREDS_X509
) != NULL
;
3470 bool is_anon
= object_dynamic_cast(OBJECT(tlscreds
),
3471 TYPE_QCRYPTO_TLS_CREDS_ANON
) != NULL
;
3473 if (!is_x509
&& !is_anon
) {
3475 "Unsupported TLS cred type %s",
3476 object_get_typename(OBJECT(tlscreds
)));
3479 *auth
= VNC_AUTH_VENCRYPT
;
3482 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3483 *subauth
= VNC_AUTH_VENCRYPT_X509VNC
;
3485 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3486 *subauth
= VNC_AUTH_VENCRYPT_TLSVNC
;
3491 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3492 *subauth
= VNC_AUTH_VENCRYPT_X509SASL
;
3494 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3495 *subauth
= VNC_AUTH_VENCRYPT_TLSSASL
;
3499 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3500 *subauth
= VNC_AUTH_VENCRYPT_X509NONE
;
3502 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3503 *subauth
= VNC_AUTH_VENCRYPT_TLSNONE
;
3511 static int vnc_display_get_address(const char *addrstr
,
3520 SocketAddress
**retaddr
,
3524 SocketAddress
*addr
= NULL
;
3526 addr
= g_new0(SocketAddress
, 1);
3528 if (strncmp(addrstr
, "unix:", 5) == 0) {
3529 addr
->type
= SOCKET_ADDRESS_TYPE_UNIX
;
3530 addr
->u
.q_unix
.path
= g_strdup(addrstr
+ 5);
3533 error_setg(errp
, "UNIX sockets not supported with websock");
3538 error_setg(errp
, "Port range not support with UNIX socket");
3545 unsigned long long baseport
= 0;
3546 InetSocketAddress
*inet
;
3548 port
= strrchr(addrstr
, ':');
3554 error_setg(errp
, "no vnc port specified");
3558 hostlen
= port
- addrstr
;
3560 if (*port
== '\0') {
3561 error_setg(errp
, "vnc port cannot be empty");
3566 addr
->type
= SOCKET_ADDRESS_TYPE_INET
;
3567 inet
= &addr
->u
.inet
;
3568 if (addrstr
[0] == '[' && addrstr
[hostlen
- 1] == ']') {
3569 inet
->host
= g_strndup(addrstr
+ 1, hostlen
- 2);
3571 inet
->host
= g_strndup(addrstr
, hostlen
);
3573 /* plain VNC port is just an offset, for websocket
3574 * port is absolute */
3576 if (g_str_equal(addrstr
, "") ||
3577 g_str_equal(addrstr
, "on")) {
3578 if (displaynum
== -1) {
3579 error_setg(errp
, "explicit websocket port is required");
3582 inet
->port
= g_strdup_printf(
3583 "%d", displaynum
+ 5700);
3585 inet
->has_to
= true;
3586 inet
->to
= to
+ 5700;
3589 inet
->port
= g_strdup(port
);
3592 int offset
= reverse
? 0 : 5900;
3593 if (parse_uint_full(port
, &baseport
, 10) < 0) {
3594 error_setg(errp
, "can't convert to a number: %s", port
);
3597 if (baseport
> 65535 ||
3598 baseport
+ offset
> 65535) {
3599 error_setg(errp
, "port %s out of range", port
);
3602 inet
->port
= g_strdup_printf(
3603 "%d", (int)baseport
+ offset
);
3606 inet
->has_to
= true;
3607 inet
->to
= to
+ offset
;
3612 inet
->has_ipv4
= has_ipv4
;
3614 inet
->has_ipv6
= has_ipv6
;
3623 qapi_free_SocketAddress(addr
);
3628 static void vnc_free_addresses(SocketAddress
***retsaddr
,
3633 for (i
= 0; i
< *retnsaddr
; i
++) {
3634 qapi_free_SocketAddress((*retsaddr
)[i
]);
3642 static int vnc_display_get_addresses(QemuOpts
*opts
,
3644 SocketAddress
***retsaddr
,
3646 SocketAddress
***retwsaddr
,
3650 SocketAddress
*saddr
= NULL
;
3651 SocketAddress
*wsaddr
= NULL
;
3652 QemuOptsIter addriter
;
3654 int to
= qemu_opt_get_number(opts
, "to", 0);
3655 bool has_ipv4
= qemu_opt_get(opts
, "ipv4");
3656 bool has_ipv6
= qemu_opt_get(opts
, "ipv6");
3657 bool ipv4
= qemu_opt_get_bool(opts
, "ipv4", false);
3658 bool ipv6
= qemu_opt_get_bool(opts
, "ipv6", false);
3659 int displaynum
= -1;
3667 addr
= qemu_opt_get(opts
, "vnc");
3668 if (addr
== NULL
|| g_str_equal(addr
, "none")) {
3672 if (qemu_opt_get(opts
, "websocket") &&
3673 !qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1
)) {
3675 "SHA1 hash support is required for websockets");
3679 qemu_opt_iter_init(&addriter
, opts
, "vnc");
3680 while ((addr
= qemu_opt_iter_next(&addriter
)) != NULL
) {
3682 rv
= vnc_display_get_address(addr
, false, reverse
, 0, to
,
3689 /* Historical compat - first listen address can be used
3690 * to set the default websocket port
3692 if (displaynum
== -1) {
3695 *retsaddr
= g_renew(SocketAddress
*, *retsaddr
, *retnsaddr
+ 1);
3696 (*retsaddr
)[(*retnsaddr
)++] = saddr
;
3699 /* If we had multiple primary displays, we don't do defaults
3700 * for websocket, and require explicit config instead. */
3701 if (*retnsaddr
> 1) {
3705 qemu_opt_iter_init(&addriter
, opts
, "websocket");
3706 while ((addr
= qemu_opt_iter_next(&addriter
)) != NULL
) {
3707 if (vnc_display_get_address(addr
, true, reverse
, displaynum
, to
,
3710 &wsaddr
, errp
) < 0) {
3714 /* Historical compat - if only a single listen address was
3715 * provided, then this is used to set the default listen
3716 * address for websocket too
3718 if (*retnsaddr
== 1 &&
3719 (*retsaddr
)[0]->type
== SOCKET_ADDRESS_TYPE_INET
&&
3720 wsaddr
->type
== SOCKET_ADDRESS_TYPE_INET
&&
3721 g_str_equal(wsaddr
->u
.inet
.host
, "") &&
3722 !g_str_equal((*retsaddr
)[0]->u
.inet
.host
, "")) {
3723 g_free(wsaddr
->u
.inet
.host
);
3724 wsaddr
->u
.inet
.host
= g_strdup((*retsaddr
)[0]->u
.inet
.host
);
3727 *retwsaddr
= g_renew(SocketAddress
*, *retwsaddr
, *retnwsaddr
+ 1);
3728 (*retwsaddr
)[(*retnwsaddr
)++] = wsaddr
;
3734 vnc_free_addresses(retsaddr
, retnsaddr
);
3735 vnc_free_addresses(retwsaddr
, retnwsaddr
);
3740 static int vnc_display_connect(VncDisplay
*vd
,
3741 SocketAddress
**saddr
,
3743 SocketAddress
**wsaddr
,
3747 /* connect to viewer */
3748 QIOChannelSocket
*sioc
= NULL
;
3750 error_setg(errp
, "Cannot use websockets in reverse mode");
3754 error_setg(errp
, "Expected a single address in reverse mode");
3757 /* TODO SOCKET_ADDRESS_TYPE_FD when fd has AF_UNIX */
3758 vd
->is_unix
= saddr
[0]->type
== SOCKET_ADDRESS_TYPE_UNIX
;
3759 sioc
= qio_channel_socket_new();
3760 qio_channel_set_name(QIO_CHANNEL(sioc
), "vnc-reverse");
3761 if (qio_channel_socket_connect_sync(sioc
, saddr
[0], errp
) < 0) {
3764 vnc_connect(vd
, sioc
, false, false);
3765 object_unref(OBJECT(sioc
));
3770 static int vnc_display_listen(VncDisplay
*vd
,
3771 SocketAddress
**saddr
,
3773 SocketAddress
**wsaddr
,
3780 vd
->listener
= qio_net_listener_new();
3781 qio_net_listener_set_name(vd
->listener
, "vnc-listen");
3782 for (i
= 0; i
< nsaddr
; i
++) {
3783 if (qio_net_listener_open_sync(vd
->listener
,
3790 qio_net_listener_set_client_func(vd
->listener
,
3791 vnc_listen_io
, vd
, NULL
);
3795 vd
->wslistener
= qio_net_listener_new();
3796 qio_net_listener_set_name(vd
->wslistener
, "vnc-ws-listen");
3797 for (i
= 0; i
< nwsaddr
; i
++) {
3798 if (qio_net_listener_open_sync(vd
->wslistener
,
3805 qio_net_listener_set_client_func(vd
->wslistener
,
3806 vnc_listen_io
, vd
, NULL
);
3813 void vnc_display_open(const char *id
, Error
**errp
)
3815 VncDisplay
*vd
= vnc_display_find(id
);
3816 QemuOpts
*opts
= qemu_opts_find(&qemu_vnc_opts
, id
);
3817 SocketAddress
**saddr
= NULL
, **wsaddr
= NULL
;
3818 size_t nsaddr
, nwsaddr
;
3819 const char *share
, *device_id
;
3821 bool password
= false;
3822 bool reverse
= false;
3825 #ifdef CONFIG_VNC_SASL
3829 int lock_key_sync
= 1;
3833 error_setg(errp
, "VNC display not active");
3836 vnc_display_close(vd
);
3842 reverse
= qemu_opt_get_bool(opts
, "reverse", false);
3843 if (vnc_display_get_addresses(opts
, reverse
, &saddr
, &nsaddr
,
3844 &wsaddr
, &nwsaddr
, errp
) < 0) {
3848 password
= qemu_opt_get_bool(opts
, "password", false);
3850 if (fips_get_state()) {
3852 "VNC password auth disabled due to FIPS mode, "
3853 "consider using the VeNCrypt or SASL authentication "
3854 "methods as an alternative");
3857 if (!qcrypto_cipher_supports(
3858 QCRYPTO_CIPHER_ALG_DES_RFB
, QCRYPTO_CIPHER_MODE_ECB
)) {
3860 "Cipher backend does not support DES RFB algorithm");
3865 lock_key_sync
= qemu_opt_get_bool(opts
, "lock-key-sync", true);
3866 key_delay_ms
= qemu_opt_get_number(opts
, "key-delay-ms", 10);
3867 sasl
= qemu_opt_get_bool(opts
, "sasl", false);
3868 #ifndef CONFIG_VNC_SASL
3870 error_setg(errp
, "VNC SASL auth requires cyrus-sasl support");
3873 #endif /* CONFIG_VNC_SASL */
3874 credid
= qemu_opt_get(opts
, "tls-creds");
3877 creds
= object_resolve_path_component(
3878 object_get_objects_root(), credid
);
3880 error_setg(errp
, "No TLS credentials with id '%s'",
3884 vd
->tlscreds
= (QCryptoTLSCreds
*)
3885 object_dynamic_cast(creds
,
3886 TYPE_QCRYPTO_TLS_CREDS
);
3887 if (!vd
->tlscreds
) {
3888 error_setg(errp
, "Object with id '%s' is not TLS credentials",
3892 object_ref(OBJECT(vd
->tlscreds
));
3894 if (vd
->tlscreds
->endpoint
!= QCRYPTO_TLS_CREDS_ENDPOINT_SERVER
) {
3896 "Expecting TLS credentials with a server endpoint");
3900 acl
= qemu_opt_get_bool(opts
, "acl", false);
3902 share
= qemu_opt_get(opts
, "share");
3904 if (strcmp(share
, "ignore") == 0) {
3905 vd
->share_policy
= VNC_SHARE_POLICY_IGNORE
;
3906 } else if (strcmp(share
, "allow-exclusive") == 0) {
3907 vd
->share_policy
= VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
;
3908 } else if (strcmp(share
, "force-shared") == 0) {
3909 vd
->share_policy
= VNC_SHARE_POLICY_FORCE_SHARED
;
3911 error_setg(errp
, "unknown vnc share= option");
3915 vd
->share_policy
= VNC_SHARE_POLICY_ALLOW_EXCLUSIVE
;
3917 vd
->connections_limit
= qemu_opt_get_number(opts
, "connections", 32);
3919 #ifdef CONFIG_VNC_JPEG
3920 vd
->lossy
= qemu_opt_get_bool(opts
, "lossy", false);
3922 vd
->non_adaptive
= qemu_opt_get_bool(opts
, "non-adaptive", false);
3923 /* adaptive updates are only used with tight encoding and
3924 * if lossy updates are enabled so we can disable all the
3925 * calculations otherwise */
3927 vd
->non_adaptive
= true;
3931 if (strcmp(vd
->id
, "default") == 0) {
3932 vd
->tlsaclname
= g_strdup("vnc.x509dname");
3934 vd
->tlsaclname
= g_strdup_printf("vnc.%s.x509dname", vd
->id
);
3936 qemu_acl_init(vd
->tlsaclname
);
3938 #ifdef CONFIG_VNC_SASL
3942 if (strcmp(vd
->id
, "default") == 0) {
3943 aclname
= g_strdup("vnc.username");
3945 aclname
= g_strdup_printf("vnc.%s.username", vd
->id
);
3947 vd
->sasl
.acl
= qemu_acl_init(aclname
);
3952 if (vnc_display_setup_auth(&vd
->auth
, &vd
->subauth
,
3953 vd
->tlscreds
, password
,
3954 sasl
, false, errp
) < 0) {
3957 trace_vnc_auth_init(vd
, 0, vd
->auth
, vd
->subauth
);
3959 if (vnc_display_setup_auth(&vd
->ws_auth
, &vd
->ws_subauth
,
3960 vd
->tlscreds
, password
,
3961 sasl
, true, errp
) < 0) {
3964 trace_vnc_auth_init(vd
, 1, vd
->ws_auth
, vd
->ws_subauth
);
3966 #ifdef CONFIG_VNC_SASL
3967 if ((saslErr
= sasl_server_init(NULL
, "qemu")) != SASL_OK
) {
3968 error_setg(errp
, "Failed to initialize SASL auth: %s",
3969 sasl_errstring(saslErr
, NULL
, NULL
));
3973 vd
->lock_key_sync
= lock_key_sync
;
3974 if (lock_key_sync
) {
3975 vd
->led
= qemu_add_led_event_handler(kbd_leds
, vd
);
3978 vd
->key_delay_ms
= key_delay_ms
;
3980 device_id
= qemu_opt_get(opts
, "display");
3982 int head
= qemu_opt_get_number(opts
, "head", 0);
3985 con
= qemu_console_lookup_by_device_name(device_id
, head
, &err
);
3987 error_propagate(errp
, err
);
3994 if (con
!= vd
->dcl
.con
) {
3995 unregister_displaychangelistener(&vd
->dcl
);
3997 register_displaychangelistener(&vd
->dcl
);
4000 if (saddr
== NULL
) {
4005 if (vnc_display_connect(vd
, saddr
, nsaddr
, wsaddr
, nwsaddr
, errp
) < 0) {
4009 if (vnc_display_listen(vd
, saddr
, nsaddr
, wsaddr
, nwsaddr
, errp
) < 0) {
4014 if (qemu_opt_get(opts
, "to")) {
4015 vnc_display_print_local_addr(vd
);
4019 vnc_free_addresses(&saddr
, &nsaddr
);
4020 vnc_free_addresses(&wsaddr
, &nwsaddr
);
4024 vnc_display_close(vd
);
4028 void vnc_display_add_client(const char *id
, int csock
, bool skipauth
)
4030 VncDisplay
*vd
= vnc_display_find(id
);
4031 QIOChannelSocket
*sioc
;
4037 sioc
= qio_channel_socket_new_fd(csock
, NULL
);
4039 qio_channel_set_name(QIO_CHANNEL(sioc
), "vnc-server");
4040 vnc_connect(vd
, sioc
, skipauth
, false);
4041 object_unref(OBJECT(sioc
));
4045 static void vnc_auto_assign_id(QemuOptsList
*olist
, QemuOpts
*opts
)
4050 id
= g_strdup("default");
4051 while (qemu_opts_find(olist
, id
)) {
4053 id
= g_strdup_printf("vnc%d", i
++);
4055 qemu_opts_set_id(opts
, id
);
4058 QemuOpts
*vnc_parse(const char *str
, Error
**errp
)
4060 QemuOptsList
*olist
= qemu_find_opts("vnc");
4061 QemuOpts
*opts
= qemu_opts_parse(olist
, str
, true, errp
);
4068 id
= qemu_opts_id(opts
);
4070 /* auto-assign id if not present */
4071 vnc_auto_assign_id(olist
, opts
);
4076 int vnc_init_func(void *opaque
, QemuOpts
*opts
, Error
**errp
)
4078 Error
*local_err
= NULL
;
4079 char *id
= (char *)qemu_opts_id(opts
);
4082 vnc_display_init(id
);
4083 vnc_display_open(id
, &local_err
);
4084 if (local_err
!= NULL
) {
4085 error_reportf_err(local_err
, "Failed to start VNC server: ");
4091 static void vnc_register_config(void)
4093 qemu_add_opts(&qemu_vnc_opts
);
4095 opts_init(vnc_register_config
);