Archipelago » qemu

/*

 * QEMU VNC display driver

 *

 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>

 * Copyright (C) 2006 Fabrice Bellard

 * Copyright (C) 2009 Red Hat, Inc

 *

 * Permission is hereby granted, free of charge, to any person obtaining a copy

 * of this software and associated documentation files (the "Software"), to deal

 * in the Software without restriction, including without limitation the rights

 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

 * copies of the Software, and to permit persons to whom the Software is

 * furnished to do so, subject to the following conditions:

 *

 * The above copyright notice and this permission notice shall be included in

 * all copies or substantial portions of the Software.

 *

 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL

 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN

 * THE SOFTWARE.

 */

#include "vnc.h"

#include "sysemu.h"

#include "qemu_socket.h"

#include "qemu-timer.h"

#include "acl.h"

#include "qemu-objects.h"

#define VNC_REFRESH_INTERVAL_BASE 30

#define VNC_REFRESH_INTERVAL_INC  50

#define VNC_REFRESH_INTERVAL_MAX  2000

#include "vnc_keysym.h"

#include "d3des.h"

#define count_bits(c, v) { \

    for (c = 0; v; v >>= 1) \

    { \

        c += v & 1; \

    } \

}

static VncDisplay *vnc_display; /* needed for info vnc */

static DisplayChangeListener *dcl;

static char *addr_to_string(const char *format,

                            struct sockaddr_storage *sa,

                            socklen_t salen) {

    char *addr;

    char host[NI_MAXHOST];

    char serv[NI_MAXSERV];

    int err;

    size_t addrlen;

    if ((err = getnameinfo((struct sockaddr *)sa, salen,

                           host, sizeof(host),

                           serv, sizeof(serv),

                           NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {

        VNC_DEBUG("Cannot resolve address %d: %s\n",

                  err, gai_strerror(err));

        return NULL;

    }

    /* Enough for the existing format + the 2 vars we're

     * substituting in. */

    addrlen = strlen(format) + strlen(host) + strlen(serv);

    addr = qemu_malloc(addrlen + 1);

    snprintf(addr, addrlen, format, host, serv);

    addr[addrlen] = '\0';

    return addr;

}

char *vnc_socket_local_addr(const char *format, int fd) {

    struct sockaddr_storage sa;

    socklen_t salen;

    salen = sizeof(sa);

    if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)

        return NULL;

    return addr_to_string(format, &sa, salen);

}

char *vnc_socket_remote_addr(const char *format, int fd) {

    struct sockaddr_storage sa;

    socklen_t salen;

    salen = sizeof(sa);

    if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)

        return NULL;

    return addr_to_string(format, &sa, salen);

}

static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,

                          socklen_t salen)

{

    char host[NI_MAXHOST];

    char serv[NI_MAXSERV];

    int err;

    if ((err = getnameinfo((struct sockaddr *)sa, salen,

                           host, sizeof(host),

                           serv, sizeof(serv),

                           NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {

        VNC_DEBUG("Cannot resolve address %d: %s\n",

                  err, gai_strerror(err));

        return -1;

    }

    qdict_put(qdict, "host", qstring_from_str(host));

    qdict_put(qdict, "service", qstring_from_str(serv));

    qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)));

    return 0;

}

static int vnc_server_addr_put(QDict *qdict, int fd)

{

    struct sockaddr_storage sa;

    socklen_t salen;

    salen = sizeof(sa);

    if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {

        return -1;

    }

    return put_addr_qdict(qdict, &sa, salen);

}

static int vnc_qdict_remote_addr(QDict *qdict, int fd)

{

    struct sockaddr_storage sa;

    socklen_t salen;

    salen = sizeof(sa);

    if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {

        return -1;

    }

    return put_addr_qdict(qdict, &sa, salen);

}

static const char *vnc_auth_name(VncDisplay *vd) {

    switch (vd->auth) {

    case VNC_AUTH_INVALID:

        return "invalid";

    case VNC_AUTH_NONE:

        return "none";

    case VNC_AUTH_VNC:

        return "vnc";

    case VNC_AUTH_RA2:

        return "ra2";

    case VNC_AUTH_RA2NE:

        return "ra2ne";

    case VNC_AUTH_TIGHT:

        return "tight";

    case VNC_AUTH_ULTRA:

        return "ultra";

    case VNC_AUTH_TLS:

        return "tls";

    case VNC_AUTH_VENCRYPT:

#ifdef CONFIG_VNC_TLS

        switch (vd->subauth) {

        case VNC_AUTH_VENCRYPT_PLAIN:

            return "vencrypt+plain";

        case VNC_AUTH_VENCRYPT_TLSNONE:

            return "vencrypt+tls+none";

        case VNC_AUTH_VENCRYPT_TLSVNC:

            return "vencrypt+tls+vnc";

        case VNC_AUTH_VENCRYPT_TLSPLAIN:

            return "vencrypt+tls+plain";

        case VNC_AUTH_VENCRYPT_X509NONE:

            return "vencrypt+x509+none";

        case VNC_AUTH_VENCRYPT_X509VNC:

            return "vencrypt+x509+vnc";

        case VNC_AUTH_VENCRYPT_X509PLAIN:

            return "vencrypt+x509+plain";

        case VNC_AUTH_VENCRYPT_TLSSASL:

            return "vencrypt+tls+sasl";

        case VNC_AUTH_VENCRYPT_X509SASL:

            return "vencrypt+x509+sasl";

        default:

            return "vencrypt";

        }

#else

        return "vencrypt";

#endif

    case VNC_AUTH_SASL:

        return "sasl";

    }

    return "unknown";

}

static int vnc_server_info_put(QDict *qdict)

{

    if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {

        return -1;

    }

    qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));

    return 0;

}

static void vnc_client_cache_auth(VncState *client)

{

    QDict *qdict;

    if (!client->info) {

        return;

    }

    qdict = qobject_to_qdict(client->info);

#ifdef CONFIG_VNC_TLS

    if (client->tls.session &&

        client->tls.dname) {

        qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));

    }

#endif

#ifdef CONFIG_VNC_SASL

    if (client->sasl.conn &&

        client->sasl.username) {

        qdict_put(qdict, "sasl_username",

                  qstring_from_str(client->sasl.username));

    }

#endif

}

static void vnc_client_cache_addr(VncState *client)

{

    QDict *qdict;

    qdict = qdict_new();

    if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {

        QDECREF(qdict);

        /* XXX: how to report the error? */

        return;

    }

    client->info = QOBJECT(qdict);

}

static void vnc_qmp_event(VncState *vs, MonitorEvent event)

{

    QDict *server;

    QObject *data;

    if (!vs->info) {

        return;

    }

    server = qdict_new();

    if (vnc_server_info_put(server) < 0) {

        QDECREF(server);

        return;

    }

    data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",

                              vs->info, QOBJECT(server));

    monitor_protocol_event(event, data);

    qobject_incref(vs->info);

    qobject_decref(data);

}

static void info_vnc_iter(QObject *obj, void *opaque)

{

    QDict *client;

    Monitor *mon = opaque;

    client = qobject_to_qdict(obj);

    monitor_printf(mon, "Client:\n");

    monitor_printf(mon, "     address: %s:%s\n",

                   qdict_get_str(client, "host"),

                   qdict_get_str(client, "service"));

#ifdef CONFIG_VNC_TLS

    monitor_printf(mon, "  x509_dname: %s\n",

        qdict_haskey(client, "x509_dname") ?

        qdict_get_str(client, "x509_dname") : "none");

#endif

#ifdef CONFIG_VNC_SASL

    monitor_printf(mon, "    username: %s\n",

        qdict_haskey(client, "sasl_username") ?

        qdict_get_str(client, "sasl_username") : "none");

#endif

}

void do_info_vnc_print(Monitor *mon, const QObject *data)

{

    QDict *server;

    QList *clients;

    server = qobject_to_qdict(data);

    if (qdict_get_bool(server, "enabled") == 0) {

        monitor_printf(mon, "Server: disabled\n");

        return;

    }

    monitor_printf(mon, "Server:\n");

    monitor_printf(mon, "     address: %s:%s\n",

                   qdict_get_str(server, "host"),

                   qdict_get_str(server, "service"));

    monitor_printf(mon, "        auth: %s\n", qdict_get_str(server, "auth"));

    clients = qdict_get_qlist(server, "clients");

    if (qlist_empty(clients)) {

        monitor_printf(mon, "Client: none\n");

    } else {

        qlist_iter(clients, info_vnc_iter, mon);

    }

}

/**

 * do_info_vnc(): Show VNC server information

 *

 * Return a QDict with server information. Connected clients are returned

 * as a QList of QDicts.

 *

 * The main QDict contains the following:

 *

 * - "enabled": true or false

 * - "host": server's IP address

 * - "family": address family ("ipv4" or "ipv6")

 * - "service": server's port number

 * - "auth": authentication method

 * - "clients": a QList of all connected clients

 *

 * Clients are described by a QDict, with the following information:

 *

 * - "host": client's IP address

 * - "family": address family ("ipv4" or "ipv6")

 * - "service": client's port number

 * - "x509_dname": TLS dname (optional)

 * - "sasl_username": SASL username (optional)

 *

 * Example:

 *

 * { "enabled": true, "host": "0.0.0.0", "service": "50402", "auth": "vnc",

 *   "family": "ipv4",

 *   "clients": [{ "host": "127.0.0.1", "service": "50401", "family": "ipv4" }]}

 */

void do_info_vnc(Monitor *mon, QObject **ret_data)

{

    if (vnc_display == NULL || vnc_display->display == NULL) {

        *ret_data = qobject_from_jsonf("{ 'enabled': false }");

    } else {

        QList *clist;

        VncState *client;

        clist = qlist_new();

        QTAILQ_FOREACH(client, &vnc_display->clients, next) {

            if (client->info) {

                /* incref so that it's not freed by upper layers */

                qobject_incref(client->info);

                qlist_append_obj(clist, client->info);

            }

        }

        *ret_data = qobject_from_jsonf("{ 'enabled': true, 'clients': %p }",

                                       QOBJECT(clist));

        assert(*ret_data != NULL);

        if (vnc_server_info_put(qobject_to_qdict(*ret_data)) < 0) {

            qobject_decref(*ret_data);

            *ret_data = NULL;

        }

    }

}

static inline uint32_t vnc_has_feature(VncState *vs, int feature) {

    return (vs->features & (1 << feature));

}

/* TODO

   1) Get the queue working for IO.

   2) there is some weirdness when using the -S option (the screen is grey

      and not totally invalidated

   3) resolutions > 1024

*/

static int vnc_update_client(VncState *vs, int has_dirty);

static void vnc_disconnect_start(VncState *vs);

static void vnc_disconnect_finish(VncState *vs);

static void vnc_init_timer(VncDisplay *vd);

static void vnc_remove_timer(VncDisplay *vd);

static void vnc_colordepth(VncState *vs);

static void framebuffer_update_request(VncState *vs, int incremental,

                                       int x_position, int y_position,

                                       int w, int h);

static void vnc_refresh(void *opaque);

static int vnc_refresh_server_surface(VncDisplay *vd);

static inline void vnc_set_bit(uint32_t *d, int k)

{

    d[k >> 5] |= 1 << (k & 0x1f);

}

static inline void vnc_clear_bit(uint32_t *d, int k)

{

    d[k >> 5] &= ~(1 << (k & 0x1f));

}

static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)

{

    int j;

    j = 0;

    while (n >= 32) {

        d[j++] = -1;

        n -= 32;

    }

    if (n > 0)

        d[j++] = (1 << n) - 1;

    while (j < nb_words)

        d[j++] = 0;

}

static inline int vnc_get_bit(const uint32_t *d, int k)

{

    return (d[k >> 5] >> (k & 0x1f)) & 1;

}

static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,

                               int nb_words)

{

    int i;

    for(i = 0; i < nb_words; i++) {

        if ((d1[i] & d2[i]) != 0)

            return 1;

    }

    return 0;

}

static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)

{

    int i;

    VncDisplay *vd = ds->opaque;

    struct VncSurface *s = &vd->guest;

    h += y;

    /* round x down to ensure the loop only spans one 16-pixel block per,

       iteration.  otherwise, if (x % 16) != 0, the last iteration may span

       two 16-pixel blocks but we only mark the first as dirty

    */

    w += (x % 16);

    x -= (x % 16);

    x = MIN(x, s->ds->width);

    y = MIN(y, s->ds->height);

    w = MIN(x + w, s->ds->width) - x;

    h = MIN(h, s->ds->height);

    for (; y < h; y++)

        for (i = 0; i < w; i += 16)

            vnc_set_bit(s->dirty[y], (x + i) / 16);

}

static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,

                                   int32_t encoding)

{

    vnc_write_u16(vs, x);

    vnc_write_u16(vs, y);

    vnc_write_u16(vs, w);

    vnc_write_u16(vs, h);

    vnc_write_s32(vs, encoding);

}

void buffer_reserve(Buffer *buffer, size_t len)

{

    if ((buffer->capacity - buffer->offset) < len) {

        buffer->capacity += (len + 1024);

        buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);

        if (buffer->buffer == NULL) {

            fprintf(stderr, "vnc: out of memory\n");

            exit(1);

        }

    }

}

int buffer_empty(Buffer *buffer)

{

    return buffer->offset == 0;

}

uint8_t *buffer_end(Buffer *buffer)

{

    return buffer->buffer + buffer->offset;

}

void buffer_reset(Buffer *buffer)

{

        buffer->offset = 0;

}

void buffer_append(Buffer *buffer, const void *data, size_t len)

{

    memcpy(buffer->buffer + buffer->offset, data, len);

    buffer->offset += len;

}

static void vnc_dpy_resize(DisplayState *ds)

{

    int size_changed;

    VncDisplay *vd = ds->opaque;

    VncState *vs;

    /* server surface */

    if (!vd->server)

        vd->server = qemu_mallocz(sizeof(*vd->server));

    if (vd->server->data)

        qemu_free(vd->server->data);

    *(vd->server) = *(ds->surface);

    vd->server->data = qemu_mallocz(vd->server->linesize *

                                    vd->server->height);

    /* guest surface */

    if (!vd->guest.ds)

        vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds));

    if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)

        console_color_init(ds);

    size_changed = ds_get_width(ds) != vd->guest.ds->width ||

                   ds_get_height(ds) != vd->guest.ds->height;

    *(vd->guest.ds) = *(ds->surface);

    memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));

    QTAILQ_FOREACH(vs, &vd->clients, next) {

        vnc_colordepth(vs);

        if (size_changed) {

            if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {

                vnc_write_u8(vs, 0);  /* msg id */

                vnc_write_u8(vs, 0);

                vnc_write_u16(vs, 1); /* number of rects */

                vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),

                        VNC_ENCODING_DESKTOPRESIZE);

                vnc_flush(vs);

            }

        }

        memset(vs->dirty, 0xFF, sizeof(vs->dirty));

    }

}

/* fastest code */

static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)

{

    vnc_write(vs, pixels, size);

}

/* slowest but generic code. */

static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)

{

    uint8_t r, g, b;

    VncDisplay *vd = vs->vd;

    r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>

        vd->server->pf.rbits);

    g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>

        vd->server->pf.gbits);

    b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>

        vd->server->pf.bbits);

    v = (r << vs->clientds.pf.rshift) |

        (g << vs->clientds.pf.gshift) |

        (b << vs->clientds.pf.bshift);

    switch(vs->clientds.pf.bytes_per_pixel) {

    case 1:

        buf[0] = v;

        break;

    case 2:

        if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {

            buf[0] = v >> 8;

            buf[1] = v;

        } else {

            buf[1] = v >> 8;

            buf[0] = v;

        }

        break;

    default:

    case 4:

        if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {

            buf[0] = v >> 24;

            buf[1] = v >> 16;

            buf[2] = v >> 8;

            buf[3] = v;

        } else {

            buf[3] = v >> 24;

            buf[2] = v >> 16;

            buf[1] = v >> 8;

            buf[0] = v;

        }

        break;

    }

}

static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)

{

    uint8_t buf[4];

    VncDisplay *vd = vs->vd;

    if (vd->server->pf.bytes_per_pixel == 4) {

        uint32_t *pixels = pixels1;

        int n, i;

        n = size >> 2;

        for(i = 0; i < n; i++) {

            vnc_convert_pixel(vs, buf, pixels[i]);

            vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);

        }

    } else if (vd->server->pf.bytes_per_pixel == 2) {

        uint16_t *pixels = pixels1;

        int n, i;

        n = size >> 1;

        for(i = 0; i < n; i++) {

            vnc_convert_pixel(vs, buf, pixels[i]);

            vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);

        }

    } else if (vd->server->pf.bytes_per_pixel == 1) {

        uint8_t *pixels = pixels1;

        int n, i;

        n = size;

        for(i = 0; i < n; i++) {

            vnc_convert_pixel(vs, buf, pixels[i]);

            vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);

        }

    } else {

        fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");

    }

}

static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)

{

    int i;

    uint8_t *row;

    VncDisplay *vd = vs->vd;

    row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);

    for (i = 0; i < h; i++) {

        vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));

        row += ds_get_linesize(vs->ds);

    }

}

static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)

{

    ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);

    ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);

}

#define BPP 8

#include "vnchextile.h"

#undef BPP

#define BPP 16

#include "vnchextile.h"

#undef BPP

#define BPP 32

#include "vnchextile.h"

#undef BPP

#define GENERIC

#define BPP 8

#include "vnchextile.h"

#undef BPP

#undef GENERIC

#define GENERIC

#define BPP 16

#include "vnchextile.h"

#undef BPP

#undef GENERIC

#define GENERIC

#define BPP 32

#include "vnchextile.h"

#undef BPP

#undef GENERIC

static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)

{

    int i, j;

    int has_fg, has_bg;

    uint8_t *last_fg, *last_bg;

    VncDisplay *vd = vs->vd;

    last_fg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);

    last_bg = (uint8_t *) qemu_malloc(vd->server->pf.bytes_per_pixel);

    has_fg = has_bg = 0;

    for (j = y; j < (y + h); j += 16) {

        for (i = x; i < (x + w); i += 16) {

            vs->send_hextile_tile(vs, i, j,

                                  MIN(16, x + w - i), MIN(16, y + h - j),

                                  last_bg, last_fg, &has_bg, &has_fg);

        }

    }

    free(last_fg);

    free(last_bg);

}

#define ZALLOC_ALIGNMENT 16

static void *zalloc(void *x, unsigned items, unsigned size)

{

    void *p;

    size *= items;

    size = (size + ZALLOC_ALIGNMENT - 1) & ~(ZALLOC_ALIGNMENT - 1);

    p = qemu_mallocz(size);

    return (p);

}

static void zfree(void *x, void *addr)

{

    qemu_free(addr);

}

static void vnc_zlib_init(VncState *vs)

{

    int i;

    for (i=0; i<(sizeof(vs->zlib_stream) / sizeof(z_stream)); i++)

        vs->zlib_stream[i].opaque = NULL;

}

static void vnc_zlib_start(VncState *vs)

{

    buffer_reset(&vs->zlib);

    // make the output buffer be the zlib buffer, so we can compress it later

    vs->zlib_tmp = vs->output;

    vs->output = vs->zlib;

}

static int vnc_zlib_stop(VncState *vs, int stream_id)

{

    z_streamp zstream = &vs->zlib_stream[stream_id];

    int previous_out;

    // switch back to normal output/zlib buffers

    vs->zlib = vs->output;

    vs->output = vs->zlib_tmp;

    // compress the zlib buffer

    // initialize the stream

    // XXX need one stream per session

    if (zstream->opaque != vs) {

        int err;

        VNC_DEBUG("VNC: initializing zlib stream %d\n", stream_id);

        VNC_DEBUG("VNC: opaque = %p | vs = %p\n", zstream->opaque, vs);

        zstream->zalloc = zalloc;

        zstream->zfree = zfree;

        err = deflateInit2(zstream, vs->tight_compression, Z_DEFLATED, MAX_WBITS,

                           MAX_MEM_LEVEL, Z_DEFAULT_STRATEGY);

        if (err != Z_OK) {

            fprintf(stderr, "VNC: error initializing zlib\n");

            return -1;

        }

        zstream->opaque = vs;

    }

    // XXX what to do if tight_compression changed in between?

    // reserve memory in output buffer

    buffer_reserve(&vs->output, vs->zlib.offset + 64);

    // set pointers

    zstream->next_in = vs->zlib.buffer;

    zstream->avail_in = vs->zlib.offset;

    zstream->next_out = vs->output.buffer + vs->output.offset;

    zstream->avail_out = vs->output.capacity - vs->output.offset;

    zstream->data_type = Z_BINARY;

    previous_out = zstream->total_out;

    // start encoding

    if (deflate(zstream, Z_SYNC_FLUSH) != Z_OK) {

        fprintf(stderr, "VNC: error during zlib compression\n");

        return -1;

    }

    vs->output.offset = vs->output.capacity - zstream->avail_out;

    return zstream->total_out - previous_out;

}

static void send_framebuffer_update_zlib(VncState *vs, int x, int y, int w, int h)

{

    int old_offset, new_offset, bytes_written;

    vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_ZLIB);

    // remember where we put in the follow-up size

    old_offset = vs->output.offset;

    vnc_write_s32(vs, 0);

    // compress the stream

    vnc_zlib_start(vs);

    send_framebuffer_update_raw(vs, x, y, w, h);

    bytes_written = vnc_zlib_stop(vs, 0);

    if (bytes_written == -1)

        return;

    // hack in the size

    new_offset = vs->output.offset;

    vs->output.offset = old_offset;

    vnc_write_u32(vs, bytes_written);

    vs->output.offset = new_offset;

}

static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)

{

    switch(vs->vnc_encoding) {

        case VNC_ENCODING_ZLIB:

            send_framebuffer_update_zlib(vs, x, y, w, h);

            break;

        case VNC_ENCODING_HEXTILE:

            vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);

            send_framebuffer_update_hextile(vs, x, y, w, h);

            break;

        default:

            vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);

            send_framebuffer_update_raw(vs, x, y, w, h);

            break;

    }

}

static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)

{

    /* send bitblit op to the vnc client */

    vnc_write_u8(vs, 0);  /* msg id */

    vnc_write_u8(vs, 0);

    vnc_write_u16(vs, 1); /* number of rects */

    vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);

    vnc_write_u16(vs, src_x);

    vnc_write_u16(vs, src_y);

    vnc_flush(vs);

}

static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)

{

    VncDisplay *vd = ds->opaque;

    VncState *vs, *vn;

    uint8_t *src_row;

    uint8_t *dst_row;

    int i,x,y,pitch,depth,inc,w_lim,s;

    int cmp_bytes;

    vnc_refresh_server_surface(vd);

    QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {

        if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {

            vs->force_update = 1;

            vnc_update_client(vs, 1);

            /* vs might be free()ed here */

        }

    }

    /* do bitblit op on the local surface too */

    pitch = ds_get_linesize(vd->ds);

    depth = ds_get_bytes_per_pixel(vd->ds);

    src_row = vd->server->data + pitch * src_y + depth * src_x;

    dst_row = vd->server->data + pitch * dst_y + depth * dst_x;

    y = dst_y;

    inc = 1;

    if (dst_y > src_y) {

        /* copy backwards */

        src_row += pitch * (h-1);

        dst_row += pitch * (h-1);

        pitch = -pitch;

        y = dst_y + h - 1;

        inc = -1;

    }

    w_lim = w - (16 - (dst_x % 16));

    if (w_lim < 0)

        w_lim = w;

    else

        w_lim = w - (w_lim % 16);

    for (i = 0; i < h; i++) {

        for (x = 0; x <= w_lim;

                x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {

            if (x == w_lim) {

                if ((s = w - w_lim) == 0)

                    break;

            } else if (!x) {

                s = (16 - (dst_x % 16));

                s = MIN(s, w_lim);

            } else {

                s = 16;

            }

            cmp_bytes = s * depth;

            if (memcmp(src_row, dst_row, cmp_bytes) == 0)

                continue;

            memmove(dst_row, src_row, cmp_bytes);

            QTAILQ_FOREACH(vs, &vd->clients, next) {

                if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {

                    vnc_set_bit(vs->dirty[y], ((x + dst_x) / 16));

                }

            }

        }

        src_row += pitch - w * depth;

        dst_row += pitch - w * depth;

        y += inc;

    }

    QTAILQ_FOREACH(vs, &vd->clients, next) {

        if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {

            vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);

        }

    }

}

static int find_and_clear_dirty_height(struct VncState *vs,

                                       int y, int last_x, int x)

{

    int h;

    VncDisplay *vd = vs->vd;

    for (h = 1; h < (vd->server->height - y); h++) {

        int tmp_x;

        if (!vnc_get_bit(vs->dirty[y + h], last_x))

            break;

        for (tmp_x = last_x; tmp_x < x; tmp_x++)

            vnc_clear_bit(vs->dirty[y + h], tmp_x);

    }

    return h;

}

static int vnc_update_client(VncState *vs, int has_dirty)

{

    if (vs->need_update && vs->csock != -1) {

        VncDisplay *vd = vs->vd;

        int y;

        int n_rectangles;

        int saved_offset;

        if (vs->output.offset && !vs->audio_cap && !vs->force_update)

            /* kernel send buffers are full -> drop frames to throttle */

            return 0;

        if (!has_dirty && !vs->audio_cap && !vs->force_update)

            return 0;

        /*

         * Send screen updates to the vnc client using the server

         * surface and server dirty map.  guest surface updates

         * happening in parallel don't disturb us, the next pass will

         * send them to the client.

         */

        n_rectangles = 0;

        vnc_write_u8(vs, 0);  /* msg id */

        vnc_write_u8(vs, 0);

        saved_offset = vs->output.offset;

        vnc_write_u16(vs, 0);

        for (y = 0; y < vd->server->height; y++) {

            int x;

            int last_x = -1;

            for (x = 0; x < vd->server->width / 16; x++) {

                if (vnc_get_bit(vs->dirty[y], x)) {

                    if (last_x == -1) {

                        last_x = x;

                    }

                    vnc_clear_bit(vs->dirty[y], x);

                } else {

                    if (last_x != -1) {

                        int h = find_and_clear_dirty_height(vs, y, last_x, x);

                        send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);

                        n_rectangles++;

                    }

                    last_x = -1;

                }

            }

            if (last_x != -1) {

                int h = find_and_clear_dirty_height(vs, y, last_x, x);

                send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);

                n_rectangles++;

            }

        }

        vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;

        vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;

        vnc_flush(vs);

        vs->force_update = 0;

        return n_rectangles;

    }

    if (vs->csock == -1)

        vnc_disconnect_finish(vs);

    return 0;

}

/* audio */

static void audio_capture_notify(void *opaque, audcnotification_e cmd)

{

    VncState *vs = opaque;

    switch (cmd) {

    case AUD_CNOTIFY_DISABLE:

        vnc_write_u8(vs, 255);

        vnc_write_u8(vs, 1);

        vnc_write_u16(vs, 0);

        vnc_flush(vs);

        break;

    case AUD_CNOTIFY_ENABLE:

        vnc_write_u8(vs, 255);

        vnc_write_u8(vs, 1);

        vnc_write_u16(vs, 1);

        vnc_flush(vs);

        break;

    }

}

static void audio_capture_destroy(void *opaque)

{

}

static void audio_capture(void *opaque, void *buf, int size)

{

    VncState *vs = opaque;

    vnc_write_u8(vs, 255);

    vnc_write_u8(vs, 1);

    vnc_write_u16(vs, 2);

    vnc_write_u32(vs, size);

    vnc_write(vs, buf, size);

    vnc_flush(vs);

}

static void audio_add(VncState *vs)

{

    Monitor *mon = cur_mon;

    struct audio_capture_ops ops;

    if (vs->audio_cap) {

        monitor_printf(mon, "audio already running\n");

        return;

    }

    ops.notify = audio_capture_notify;

    ops.destroy = audio_capture_destroy;

    ops.capture = audio_capture;

    vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);

    if (!vs->audio_cap) {

        monitor_printf(mon, "Failed to add audio capture\n");

    }

}

static void audio_del(VncState *vs)

{

    if (vs->audio_cap) {

        AUD_del_capture(vs->audio_cap, vs);

        vs->audio_cap = NULL;

    }

}

static void vnc_disconnect_start(VncState *vs)

{

    if (vs->csock == -1)

        return;

    qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);

    closesocket(vs->csock);

    vs->csock = -1;

}

static void vnc_disconnect_finish(VncState *vs)

{

    vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);

    if (vs->input.buffer) {

        qemu_free(vs->input.buffer);

        vs->input.buffer = NULL;

    }

    if (vs->output.buffer) {

        qemu_free(vs->output.buffer);

        vs->output.buffer = NULL;

    }

    qobject_decref(vs->info);

#ifdef CONFIG_VNC_TLS

    vnc_tls_client_cleanup(vs);

#endif /* CONFIG_VNC_TLS */

#ifdef CONFIG_VNC_SASL

    vnc_sasl_client_cleanup(vs);

#endif /* CONFIG_VNC_SASL */

    audio_del(vs);

    QTAILQ_REMOVE(&vs->vd->clients, vs, next);

    if (QTAILQ_EMPTY(&vs->vd->clients)) {

        dcl->idle = 1;

    }

    vnc_remove_timer(vs->vd);

    qemu_remove_led_event_handler(vs->led);

    qemu_free(vs);

}

int vnc_client_io_error(VncState *vs, int ret, int last_errno)

{

    if (ret == 0 || ret == -1) {

        if (ret == -1) {

            switch (last_errno) {

                case EINTR:

                case EAGAIN:

#ifdef _WIN32

                case WSAEWOULDBLOCK:

#endif

                    return 0;

                default:

                    break;

            }

        }

        VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",

                  ret, ret < 0 ? last_errno : 0);

        vnc_disconnect_start(vs);

        return 0;

    }

    return ret;

}

void vnc_client_error(VncState *vs)

{

    VNC_DEBUG("Closing down client sock: protocol error\n");

    vnc_disconnect_start(vs);

}

/*

 * Called to write a chunk of data to the client socket. The data may

 * be the raw data, or may have already been encoded by SASL.

 * The data will be written either straight onto the socket, or

 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled

 *

 * NB, it is theoretically possible to have 2 layers of encryption,

 * both SASL, and this TLS layer. It is highly unlikely in practice

 * though, since SASL encryption will typically be a no-op if TLS

 * is active

 *

 * Returns the number of bytes written, which may be less than

 * the requested 'datalen' if the socket would block. Returns

 * -1 on error, and disconnects the client socket.

 */

long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)

{

    long ret;

#ifdef CONFIG_VNC_TLS

    if (vs->tls.session) {

        ret = gnutls_write(vs->tls.session, data, datalen);

        if (ret < 0) {

            if (ret == GNUTLS_E_AGAIN)

                errno = EAGAIN;

            else

                errno = EIO;

            ret = -1;

        }

    } else

#endif /* CONFIG_VNC_TLS */

        ret = send(vs->csock, (const void *)data, datalen, 0);

    VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);

    return vnc_client_io_error(vs, ret, socket_error());

}

/*

 * Called to write buffered data to the client socket, when not

 * using any SASL SSF encryption layers. Will write as much data

 * as possible without blocking. If all buffered data is written,

 * will switch the FD poll() handler back to read monitoring.

 *

 * Returns the number of bytes written, which may be less than

 * the buffered output data if the socket would block. Returns

 * -1 on error, and disconnects the client socket.

 */

static long vnc_client_write_plain(VncState *vs)

{

    long ret;

#ifdef CONFIG_VNC_SASL

    VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",

              vs->output.buffer, vs->output.capacity, vs->output.offset,

              vs->sasl.waitWriteSSF);

    if (vs->sasl.conn &&

        vs->sasl.runSSF &&

        vs->sasl.waitWriteSSF) {

        ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);

        if (ret)

            vs->sasl.waitWriteSSF -= ret;

    } else

#endif /* CONFIG_VNC_SASL */

        ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);

    if (!ret)

        return 0;

    memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));

    vs->output.offset -= ret;

    if (vs->output.offset == 0) {

        qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);

    }

    return ret;

}

/*

 * First function called whenever there is data to be written to

 * the client socket. Will delegate actual work according to whether

 * SASL SSF layers are enabled (thus requiring encryption calls)

 */

void vnc_client_write(void *opaque)

{

    long ret;

    VncState *vs = opaque;

#ifdef CONFIG_VNC_SASL

    if (vs->sasl.conn &&

        vs->sasl.runSSF &&

        !vs->sasl.waitWriteSSF)

        ret = vnc_client_write_sasl(vs);

    else

#endif /* CONFIG_VNC_SASL */

        ret = vnc_client_write_plain(vs);

}

void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)

{

    vs->read_handler = func;

    vs->read_handler_expect = expecting;

}

/*

 * Called to read a chunk of data from the client socket. The data may

 * be the raw data, or may need to be further decoded by SASL.

 * The data will be read either straight from to the socket, or

 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled

 *

 * NB, it is theoretically possible to have 2 layers of encryption,

 * both SASL, and this TLS layer. It is highly unlikely in practice

 * though, since SASL encryption will typically be a no-op if TLS

 * is active

 *

 * Returns the number of bytes read, which may be less than

 * the requested 'datalen' if the socket would block. Returns

 * -1 on error, and disconnects the client socket.

 */

long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)

{

    long ret;

#ifdef CONFIG_VNC_TLS

    if (vs->tls.session) {

        ret = gnutls_read(vs->tls.session, data, datalen);

        if (ret < 0) {

            if (ret == GNUTLS_E_AGAIN)

                errno = EAGAIN;

            else

                errno = EIO;

            ret = -1;

        }

    } else

#endif /* CONFIG_VNC_TLS */

        ret = recv(vs->csock, (void *)data, datalen, 0);

    VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);

    return vnc_client_io_error(vs, ret, socket_error());

}

/*

 * Called to read data from the client socket to the input buffer,

 * when not using any SASL SSF encryption layers. Will read as much

 * data as possible without blocking.

 *

 * Returns the number of bytes read. Returns -1 on error, and

 * disconnects the client socket.

 */

static long vnc_client_read_plain(VncState *vs)

{

    int ret;

    VNC_DEBUG("Read plain %p size %zd offset %zd\n",

              vs->input.buffer, vs->input.capacity, vs->input.offset);

    buffer_reserve(&vs->input, 4096);

    ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);

    if (!ret)

        return 0;

    vs->input.offset += ret;

    return ret;

}

/*

 * First function called whenever there is more data to be read from

 * the client socket. Will delegate actual work according to whether

 * SASL SSF layers are enabled (thus requiring decryption calls)

 */

void vnc_client_read(void *opaque)

{

    VncState *vs = opaque;

    long ret;

#ifdef CONFIG_VNC_SASL

    if (vs->sasl.conn && vs->sasl.runSSF)

        ret = vnc_client_read_sasl(vs);

    else