ircd: integrate ircd side of wsockd support

include/client.h

@@ -66,6 +66,7 @@ struct LocalUser;
 struct PreClient;
 struct ListClient;
 struct scache_entry;
+struct ws_ctl;
 
 /*
  * Client structures
@@ -274,6 +275,7 @@ struct LocalUser
 
 	struct _ssl_ctl *ssl_ctl;		/* which ssl daemon we're associate with */
 	struct _ssl_ctl *z_ctl;			/* second ctl for ssl+zlib */
+	struct ws_ctl *ws_ctl;			/* ctl for wsockd */
 	uint32_t localflags;
 	struct ZipStats *zipstats;		/* zipstats */
 	uint16_t cork_count;			/* used for corking/uncorking connections */

include/listener.h

@@ -38,11 +38,12 @@ struct Listener
 	int active;		/* current state of listener */
 	int ssl;		/* ssl listener */
 	int defer_accept;	/* use TCP_DEFER_ACCEPT */
+	int wsock;		/* wsock listener */
 	struct rb_sockaddr_storage addr;
 	char vhost[HOSTLEN + 1];	/* virtual name of listener */
 };
 
-extern void add_listener(int port, const char *vaddr_ip, int family, int ssl, int defer_accept);
+extern void add_listener(int port, const char *vaddr_ip, int family, int ssl, int defer_accept, int wsock);
 extern void close_listener(struct Listener *listener);
 extern void close_listeners(void);
 extern const char *get_listener_name(const struct Listener *listener);

include/s_conf.h

@@ -297,6 +297,7 @@ struct server_info
 	char *ssl_dh_params;
 	char *ssl_cipher_list;
 	int ssld_count;
+	int wsockd_count;
 };
 
 struct admin_info

include/wsproc.h

@@ -0,0 +1,44 @@
+/*
+ *  wsproc.h: An interface to the charybdis websocket helper daemon
+ *  Copyright (C) 2007 Aaron Sethman <androsyn@ratbox.org>
+ *  Copyright (C) 2007 ircd-ratbox development team
+ *  Copyright (C) 2016 William Pitcock <nenolod@dereferenced.org>
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301
+ *  USA
+ */
+
+#ifndef INCLUDED_wsproc_h
+#define INCLUDED_wsproc_h
+
+struct ws_ctl;
+typedef struct ws_ctl ws_ctl_t;
+
+enum wsockd_status {
+	WSOCKD_ACTIVE,
+	WSOCKD_SHUTDOWN,
+	WSOCKD_DEAD,
+};
+
+void init_wsockd(void);
+void restart_wsockd(void);
+int start_wsockd(int count);
+ws_ctl_t *start_wsockd_accept(rb_fde_t *wsF, rb_fde_t *plainF, uint32_t id);
+void wsockd_decrement_clicount(ws_ctl_t *ctl);
+int get_wsockd_count(void);
+void wsockd_foreach_info(void (*func)(void *data, pid_t pid, int cli_count, enum wsockd_status status), void *data);
+
+#endif
+

ircd/Makefile.am

@@ -64,7 +64,8 @@ libircd_la_SOURCES =                  \
   supported.c                   \
   tgchange.c                    \
   version.c                     \
-  whowas.c
+  whowas.c			\
+  wsproc.c
 libircd_la_LDFLAGS = $(EXTRA_FLAGS) -avoid-version -no-undefined
 libircd_la_LIBADD = @LIBLTDL@ -L$(top_srcdir)/librb/src -lrb
 libircd_LTLIBRARIES = libircd.la

ircd/client.c

@@ -51,6 +51,7 @@
 #include "scache.h"
 #include "rb_dictionary.h"
 #include "sslproc.h"
+#include "wsproc.h"
 #include "s_assert.h"
 
 #define DEBUG_EXITED_CLIENTS
@@ -308,11 +309,14 @@ free_local_client(struct Client *client_p)
 	if (client_p->localClient->privset)
 		privilegeset_unref(client_p->localClient->privset);
 
-	if(IsSSL(client_p))
-	    ssld_decrement_clicount(client_p->localClient->ssl_ctl);
+	if (IsSSL(client_p))
+		ssld_decrement_clicount(client_p->localClient->ssl_ctl);
 
-	if(IsCapable(client_p, CAP_ZIP))
-	    ssld_decrement_clicount(client_p->localClient->z_ctl);
+	if (IsCapable(client_p, CAP_ZIP))
+		ssld_decrement_clicount(client_p->localClient->z_ctl);
+
+	if (client_p->localClient->ws_ctl != NULL)
+		wsockd_decrement_clicount(client_p->localClient->ws_ctl);
 
 	rb_bh_free(lclient_heap, client_p->localClient);
 	client_p->localClient = NULL;

ircd/ircd.c

@@ -60,6 +60,7 @@
 #include "patchlevel.h"
 #include "serno.h"
 #include "sslproc.h"
+#include "wsproc.h"
 #include "chmode.h"
 #include "privilege.h"
 #include "bandbi.h"
@@ -797,6 +798,7 @@ charybdis_main(int argc, char *argv[])
 
 	init_bandb();
 	init_ssld();
+	init_wsockd();
 
 	rehash_bans();
 

ircd/listener.c

@@ -39,6 +39,7 @@
 #include "s_conf.h"
 #include "hostmask.h"
 #include "sslproc.h"
+#include "wsproc.h"
 #include "hash.h"
 #include "s_assert.h"
 #include "logger.h"
@@ -324,7 +325,7 @@ find_listener(struct rb_sockaddr_storage *addr)
  * the format "255.255.255.255"
  */
 void
-add_listener(int port, const char *vhost_ip, int family, int ssl, int defer_accept)
+add_listener(int port, const char *vhost_ip, int family, int ssl, int defer_accept, int wsock)
 {
 	struct Listener *listener;
 	struct rb_sockaddr_storage vaddr;
@@ -400,6 +401,7 @@ add_listener(int port, const char *vhost_ip, int family, int ssl, int defer_acce
 	listener->F = NULL;
 	listener->ssl = ssl;
 	listener->defer_accept = defer_accept;
+	listener->wsock = wsock;
 
 	if(inetport(listener))
 		listener->active = 1;
@@ -486,6 +488,23 @@ add_connection(struct Listener *listener, rb_fde_t *F, struct sockaddr *sai, str
 		SetSSL(new_client);
 	}
 
+	if (listener->wsock)
+	{
+		rb_fde_t *xF[2];
+		if(rb_socketpair(AF_UNIX, SOCK_STREAM, 0, &xF[0], &xF[1], "Incoming wsockd Connection") == -1)
+		{
+			free_client(new_client);
+			return;
+		}
+		new_client->localClient->ws_ctl = start_wsockd_accept(F, xF[1], connid_get(new_client));        /* this will close F for us */
+		if(new_client->localClient->ws_ctl == NULL)
+		{
+			free_client(new_client);
+			return;
+		}
+		F = xF[0];
+	}
+
 	memcpy(&new_client->localClient->ip, sai, sizeof(struct rb_sockaddr_storage));
 	memcpy(&new_client->preClient->lip, lai, sizeof(struct rb_sockaddr_storage));
 

ircd/newconf.c

@@ -25,12 +25,14 @@
 #include "ircd.h"
 #include "snomask.h"
 #include "sslproc.h"
+#include "wsproc.h"
 #include "privilege.h"
 #include "chmode.h"
 
 #define CF_TYPE(x) ((x) & CF_MTYPE)
 
 static int yy_defer_accept = 1;
+static int yy_wsock = 0;
 
 struct TopConf *conf_cur_block;
 static char *conf_cur_block_name = NULL;
@@ -851,6 +853,12 @@ conf_set_listen_defer_accept(void *data)
 	yy_defer_accept = *(unsigned int *) data;
 }
 
+static void
+conf_set_listen_wsock(void *data)
+{
+	yy_wsock = *(unsigned int *) data;
+}
+
 static void
 conf_set_listen_port_both(void *data, int ssl)
 {
@@ -870,9 +878,9 @@ conf_set_listen_port_both(void *data, int ssl)
 				conf_report_warning("listener 'ANY/%d': support for plaintext listeners may be removed in a future release per RFC 7194.  "
                                                     "It is suggested that users be migrated to SSL/TLS connections.", args->v.number);
 			}
-			add_listener(args->v.number, listener_address, AF_INET, ssl, ssl || yy_defer_accept);
+			add_listener(args->v.number, listener_address, AF_INET, ssl, ssl || yy_defer_accept, yy_wsock);
 #ifdef RB_IPV6
-			add_listener(args->v.number, listener_address, AF_INET6, ssl, ssl || yy_defer_accept);
+			add_listener(args->v.number, listener_address, AF_INET6, ssl, ssl || yy_defer_accept, yy_wsock);
 #endif
                 }
 		else
@@ -891,7 +899,7 @@ conf_set_listen_port_both(void *data, int ssl)
                                                     "It is suggested that users be migrated to SSL/TLS connections.", listener_address, args->v.number);
 			}
 
-			add_listener(args->v.number, listener_address, family, ssl, ssl || yy_defer_accept);
+			add_listener(args->v.number, listener_address, family, ssl, ssl || yy_defer_accept, yy_wsock);
                 }
 	}
 }
@@ -2774,6 +2782,7 @@ newconf_init()
 
 	add_top_conf("listen", conf_begin_listen, conf_end_listen, NULL);
 	add_conf_item("listen", "defer_accept", CF_YESNO, conf_set_listen_defer_accept);
+	add_conf_item("listen", "wsock", CF_YESNO, conf_set_listen_wsock);
 	add_conf_item("listen", "port", CF_INT | CF_FLIST, conf_set_listen_port);
 	add_conf_item("listen", "sslport", CF_INT | CF_FLIST, conf_set_listen_sslport);
 	add_conf_item("listen", "ip", CF_QSTRING, conf_set_listen_address);

ircd/s_conf.c

@@ -45,6 +45,7 @@
 #include "cache.h"
 #include "privilege.h"
 #include "sslproc.h"
+#include "wsproc.h"
 #include "bandbi.h"
 #include "operhash.h"
 #include "chmode.h"
@@ -856,6 +857,9 @@ validate_conf(void)
 	if(ServerInfo.ssld_count < 1)
 		ServerInfo.ssld_count = 1;
 
+	/* XXX: configurable? */
+	ServerInfo.wsockd_count = 1;
+
 	if(!rb_setup_ssl_server(ServerInfo.ssl_cert, ServerInfo.ssl_private_key, ServerInfo.ssl_dh_params, ServerInfo.ssl_cipher_list))
 	{
 		ilog(L_MAIN, "WARNING: Unable to setup SSL.");
@@ -872,6 +876,12 @@ validate_conf(void)
 		start_ssldaemon(start, ServerInfo.ssl_cert, ServerInfo.ssl_private_key, ServerInfo.ssl_dh_params, ServerInfo.ssl_cipher_list);
 	}
 
+	if(ServerInfo.wsockd_count > get_wsockd_count())
+	{
+		int start = ServerInfo.wsockd_count - get_ssld_count();
+		start_wsockd(start);
+	}
+
 	/* General conf */
 	if (ConfigFileEntry.default_operstring == NULL)
 		ConfigFileEntry.default_operstring = rb_strdup("is an IRC operator");

ircd/wsproc.c

@@ -0,0 +1,594 @@
+/*
+ *  sslproc.c: An interface to ssld
+ *  Copyright (C) 2007 Aaron Sethman <androsyn@ratbox.org>
+ *  Copyright (C) 2007 ircd-ratbox development team
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301
+ *  USA
+ */
+
+#include <rb_lib.h>
+#include "stdinc.h"
+
+
+#include "s_conf.h"
+#include "logger.h"
+#include "listener.h"
+#include "wsproc.h"
+#include "s_serv.h"
+#include "ircd.h"
+#include "hash.h"
+#include "client.h"
+#include "send.h"
+#include "packet.h"
+
+static void ws_read_ctl(rb_fde_t * F, void *data);
+static int wsockd_count;
+
+static char tmpbuf[READBUF_SIZE];
+static char nul = '\0';
+
+#define MAXPASSFD 4
+#define READSIZE 1024
+typedef struct _ws_ctl_buf
+{
+	rb_dlink_node node;
+	char *buf;
+	size_t buflen;
+	rb_fde_t *F[MAXPASSFD];
+	int nfds;
+} ws_ctl_buf_t;
+
+
+struct ws_ctl
+{
+	rb_dlink_node node;
+	int cli_count;
+	rb_fde_t *F;
+	rb_fde_t *P;
+	pid_t pid;
+	rb_dlink_list readq;
+	rb_dlink_list writeq;
+	uint8_t shutdown;
+	uint8_t dead;
+};
+
+static rb_dlink_list wsock_daemons;
+
+static inline uint32_t
+buf_to_uint32(char *buf)
+{
+	uint32_t x;
+	memcpy(&x, buf, sizeof(x));
+	return x;
+}
+
+static inline void
+uint32_to_buf(char *buf, uint32_t x)
+{
+	memcpy(buf, &x, sizeof(x));
+	return;
+}
+
+static ws_ctl_t *
+allocate_ws_daemon(rb_fde_t * F, rb_fde_t * P, int pid)
+{
+	ws_ctl_t *ctl;
+
+	if(F == NULL || pid < 0)
+		return NULL;
+	ctl = rb_malloc(sizeof(ws_ctl_t));
+	ctl->F = F;
+	ctl->P = P;
+	ctl->pid = pid;
+	wsockd_count++;
+	rb_dlinkAdd(ctl, &ctl->node, &wsock_daemons);
+	return ctl;
+}
+
+static void
+free_ws_daemon(ws_ctl_t * ctl)
+{
+	rb_dlink_node *ptr;
+	ws_ctl_buf_t *ctl_buf;
+	int x;
+	if(ctl->cli_count)
+		return;
+
+	RB_DLINK_FOREACH(ptr, ctl->readq.head)
+	{
+		ctl_buf = ptr->data;
+		for(x = 0; x < ctl_buf->nfds; x++)
+			rb_close(ctl_buf->F[x]);
+
+		rb_free(ctl_buf->buf);
+		rb_free(ctl_buf);
+	}
+
+	RB_DLINK_FOREACH(ptr, ctl->writeq.head)
+	{
+		ctl_buf = ptr->data;
+		for(x = 0; x < ctl_buf->nfds; x++)
+			rb_close(ctl_buf->F[x]);
+
+		rb_free(ctl_buf->buf);
+		rb_free(ctl_buf);
+	}
+	rb_close(ctl->F);
+	rb_close(ctl->P);
+	rb_dlinkDelete(&ctl->node, &wsock_daemons);
+	rb_free(ctl);
+}
+
+static char *wsockd_path;
+
+static int wsockd_spin_count = 0;
+static time_t last_spin;
+static int wsockd_wait = 0;
+
+void
+restart_wsockd(void)
+{
+	rb_dlink_node *ptr, *next;
+	ws_ctl_t *ctl;
+
+	RB_DLINK_FOREACH_SAFE(ptr, next, wsock_daemons.head)
+	{
+		ctl = ptr->data;
+		if(ctl->dead)
+			continue;
+		if(ctl->shutdown)
+			continue;
+		ctl->shutdown = 1;
+		wsockd_count--;
+		if(!ctl->cli_count)
+		{
+			rb_kill(ctl->pid, SIGKILL);
+			free_ws_daemon(ctl);
+		}
+	}
+
+	start_wsockd(ServerInfo.wsockd_count);
+}
+
+static void
+ws_killall(void)
+{
+	rb_dlink_node *ptr, *next;
+	ws_ctl_t *ctl;
+	RB_DLINK_FOREACH_SAFE(ptr, next, wsock_daemons.head)
+	{
+		ctl = ptr->data;
+		if(ctl->dead)
+			continue;
+		ctl->dead = 1;
+		if(!ctl->shutdown)
+			wsockd_count--;
+		rb_kill(ctl->pid, SIGKILL);
+		if(!ctl->cli_count)
+			free_ws_daemon(ctl);
+	}
+}
+
+static void
+ws_dead(ws_ctl_t * ctl)
+{
+	if(ctl->dead)
+		return;
+
+	ctl->dead = 1;
+	rb_kill(ctl->pid, SIGKILL);	/* make sure the process is really gone */
+
+	if(!ctl->shutdown)
+	{
+		wsockd_count--;
+		ilog(L_MAIN, "wsockd helper died - attempting to restart");
+		sendto_realops_snomask(SNO_GENERAL, L_ALL, "wsockd helper died - attempting to restart");
+		start_wsockd(1);
+	}
+}
+
+static void
+ws_do_pipe(rb_fde_t * F, void *data)
+{
+	int retlen;
+	ws_ctl_t *ctl = data;
+	retlen = rb_write(F, "0", 1);
+	if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
+	{
+		ws_dead(ctl);
+		return;
+	}
+	rb_setselect(F, RB_SELECT_READ, ws_do_pipe, data);
+}
+
+static void
+restart_ssld_event(void *unused)
+{
+	wsockd_spin_count = 0;
+	last_spin = 0;
+	wsockd_wait = 0;
+	if(ServerInfo.wsockd_count > get_wsockd_count())
+	{
+		int start = ServerInfo.wsockd_count - get_wsockd_count();
+		ilog(L_MAIN, "Attempting to restart wsockd processes");
+		sendto_realops_snomask(SNO_GENERAL, L_ALL, "Attempting to restart wsockd processes");
+		start_wsockd(start);
+	}
+}
+
+int
+start_wsockd(int count)
+{
+	rb_fde_t *F1, *F2;
+	rb_fde_t *P1, *P2;
+#ifdef _WIN32
+	const char *suffix = ".exe";
+#else
+	const char *suffix = "";
+#endif
+
+	char fullpath[PATH_MAX + 1];
+	char fdarg[6];
+	const char *parv[2];
+	char buf[128];
+	char s_pid[10];
+	pid_t pid;
+	int started = 0, i;
+
+	if(wsockd_wait)
+		return 0;
+
+	if(wsockd_spin_count > 20 && (rb_current_time() - last_spin < 5))
+	{
+		ilog(L_MAIN, "ssld helper is spinning - will attempt to restart in 1 minute");
+		sendto_realops_snomask(SNO_GENERAL, L_ALL,
+				       "ssld helper is spinning - will attempt to restart in 1 minute");
+		rb_event_add("restart_ssld_event", restart_ssld_event, NULL, 60);
+		wsockd_wait = 1;
+		return 0;
+	}
+
+	wsockd_spin_count++;
+	last_spin = rb_current_time();
+
+	if(wsockd_path == NULL)
+	{
+		snprintf(fullpath, sizeof(fullpath), "%s%cwsockd%s", ircd_paths[IRCD_PATH_LIBEXEC], RB_PATH_SEPARATOR, suffix);
+
+		if(access(fullpath, X_OK) == -1)
+		{
+			snprintf(fullpath, sizeof(fullpath), "%s%cbin%cwsockd%s",
+				    ConfigFileEntry.dpath, RB_PATH_SEPARATOR, RB_PATH_SEPARATOR, suffix);
+			if(access(fullpath, X_OK) == -1)
+			{
+				ilog(L_MAIN,
+				     "Unable to execute ssld%s in %s or %s/bin",
+				     suffix, ircd_paths[IRCD_PATH_LIBEXEC], ConfigFileEntry.dpath);
+				return 0;
+			}
+		}
+		wsockd_path = rb_strdup(fullpath);
+	}
+	rb_strlcpy(buf, "-ircd ssld daemon", sizeof(buf));
+	parv[0] = buf;
+	parv[1] = NULL;
+
+	for(i = 0; i < count; i++)
+	{
+		ws_ctl_t *ctl;
+		if(rb_socketpair(AF_UNIX, SOCK_DGRAM, 0, &F1, &F2, "wsockd handle passing socket") == -1)
+		{
+			ilog(L_MAIN, "Unable to create wsockd - rb_socketpair failed: %s", strerror(errno));
+			return started;
+		}
+
+		rb_set_buffers(F1, READBUF_SIZE);
+		rb_set_buffers(F2, READBUF_SIZE);
+		snprintf(fdarg, sizeof(fdarg), "%d", rb_get_fd(F2));
+		rb_setenv("CTL_FD", fdarg, 1);
+		if(rb_pipe(&P1, &P2, "wsockd pipe") == -1)
+		{
+			ilog(L_MAIN, "Unable to create wsockd - rb_pipe failed: %s", strerror(errno));
+			return started;
+		}
+		snprintf(fdarg, sizeof(fdarg), "%d", rb_get_fd(P1));
+		rb_setenv("CTL_PIPE", fdarg, 1);
+		snprintf(s_pid, sizeof(s_pid), "%d", (int)getpid());
+		rb_setenv("CTL_PPID", s_pid, 1);
+
+#ifdef _WIN32
+		SetHandleInformation((HANDLE) rb_get_fd(F2), HANDLE_FLAG_INHERIT, 1);
+		SetHandleInformation((HANDLE) rb_get_fd(P1), HANDLE_FLAG_INHERIT, 1);
+#endif
+
+		pid = rb_spawn_process(wsockd_path, (const char **) parv);
+		if(pid == -1)
+		{
+			ilog(L_MAIN, "Unable to create ssld: %s\n", strerror(errno));
+			rb_close(F1);
+			rb_close(F2);
+			rb_close(P1);
+			rb_close(P2);
+			return started;
+		}
+		started++;
+		rb_close(F2);
+		rb_close(P1);
+		ctl = allocate_ws_daemon(F1, P2, pid);
+		ws_read_ctl(ctl->F, ctl);
+		ws_do_pipe(P2, ctl);
+
+	}
+	return started;
+}
+
+static void
+ws_process_dead_fd(ws_ctl_t * ctl, ws_ctl_buf_t * ctl_buf)
+{
+	struct Client *client_p;
+	char reason[256];
+	uint32_t fd;
+
+	if(ctl_buf->buflen < 6)
+		return;		/* bogus message..drop it.. XXX should warn here */
+
+	fd = buf_to_uint32(&ctl_buf->buf[1]);
+	rb_strlcpy(reason, &ctl_buf->buf[5], sizeof(reason));
+	client_p = find_cli_connid_hash(fd);
+	if(client_p == NULL)
+		return;
+	if(IsAnyServer(client_p) || IsRegistered(client_p))
+	{
+		/* read any last moment ERROR, QUIT or the like -- jilles */
+		if (!strcmp(reason, "Remote host closed the connection"))
+			read_packet(client_p->localClient->F, client_p);
+		if (IsAnyDead(client_p))
+			return;
+	}
+	exit_client(client_p, client_p, &me, reason);
+}
+
+
+static void
+ws_process_cmd_recv(ws_ctl_t * ctl)
+{
+	static const char *cannot_setup_ssl = "ssld cannot setup ssl, check your certificates and private key";
+	static const char *no_ssl_or_zlib = "ssld has neither SSL/TLS or zlib support killing all sslds";
+	rb_dlink_node *ptr, *next;
+	ws_ctl_buf_t *ctl_buf;
+	unsigned long len;
+
+	if(ctl->dead)
+		return;
+
+	RB_DLINK_FOREACH_SAFE(ptr, next, ctl->readq.head)
+	{
+		ctl_buf = ptr->data;
+		switch (*ctl_buf->buf)
+		{
+		case 'D':
+			ws_process_dead_fd(ctl, ctl_buf);
+			break;
+		default:
+			ilog(L_MAIN, "Received invalid command from ssld: %s", ctl_buf->buf);
+			sendto_realops_snomask(SNO_GENERAL, L_ALL, "Received invalid command from ssld");
+			break;
+		}
+		rb_dlinkDelete(ptr, &ctl->readq);
+		rb_free(ctl_buf->buf);
+		rb_free(ctl_buf);
+	}
+
+}
+
+
+static void
+ws_read_ctl(rb_fde_t * F, void *data)
+{
+	ws_ctl_buf_t *ctl_buf;
+	ws_ctl_t *ctl = data;
+	int retlen;
+
+	if(ctl->dead)
+		return;
+	do
+	{
+		ctl_buf = rb_malloc(sizeof(ws_ctl_buf_t));
+		ctl_buf->buf = rb_malloc(READSIZE);
+		retlen = rb_recv_fd_buf(ctl->F, ctl_buf->buf, READSIZE, ctl_buf->F, 4);
+		ctl_buf->buflen = retlen;
+		if(retlen <= 0)
+		{
+			rb_free(ctl_buf->buf);
+			rb_free(ctl_buf);
+		}
+		else
+			rb_dlinkAddTail(ctl_buf, &ctl_buf->node, &ctl->readq);
+	}
+	while(retlen > 0);
+
+	if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
+	{
+		ws_dead(ctl);
+		return;
+	}
+	ws_process_cmd_recv(ctl);
+	rb_setselect(ctl->F, RB_SELECT_READ, ws_read_ctl, ctl);
+}
+
+static ws_ctl_t *
+which_wsockd(void)
+{
+	ws_ctl_t *ctl, *lowest = NULL;
+	rb_dlink_node *ptr;
+
+	RB_DLINK_FOREACH(ptr, wsock_daemons.head)
+	{
+		ctl = ptr->data;
+		if(ctl->dead)
+			continue;
+		if(ctl->shutdown)
+			continue;
+		if(lowest == NULL)
+		{
+			lowest = ctl;
+			continue;
+		}
+		if(ctl->cli_count < lowest->cli_count)
+			lowest = ctl;
+	}
+
+	return (lowest);
+}
+
+static void
+ws_write_ctl(rb_fde_t * F, void *data)
+{
+	ws_ctl_t *ctl = data;
+	ws_ctl_buf_t *ctl_buf;
+	rb_dlink_node *ptr, *next;
+	int retlen, x;
+
+	if(ctl->dead)
+		return;
+
+	RB_DLINK_FOREACH_SAFE(ptr, next, ctl->writeq.head)
+	{
+		ctl_buf = ptr->data;
+		/* in theory unix sock_dgram shouldn't ever short write this.. */
+		retlen = rb_send_fd_buf(ctl->F, ctl_buf->F, ctl_buf->nfds, ctl_buf->buf, ctl_buf->buflen, ctl->pid);
+		if(retlen > 0)
+		{
+			rb_dlinkDelete(ptr, &ctl->writeq);
+			for(x = 0; x < ctl_buf->nfds; x++)
+				rb_close(ctl_buf->F[x]);
+			rb_free(ctl_buf->buf);
+			rb_free(ctl_buf);
+
+		}
+		if(retlen == 0 || (retlen < 0 && !rb_ignore_errno(errno)))
+		{
+			ws_dead(ctl);
+			return;
+		}
+		else
+		{
+			rb_setselect(ctl->F, RB_SELECT_WRITE, ws_write_ctl, ctl);
+		}
+	}
+}
+
+static void
+ws_cmd_write_queue(ws_ctl_t * ctl, rb_fde_t ** F, int count, const void *buf, size_t buflen)
+{
+	ws_ctl_buf_t *ctl_buf;
+	int x;
+
+	/* don't bother */
+	if(ctl->dead)
+		return;
+
+	ctl_buf = rb_malloc(sizeof(ws_ctl_buf_t));
+	ctl_buf->buf = rb_malloc(buflen);
+	memcpy(ctl_buf->buf, buf, buflen);
+	ctl_buf->buflen = buflen;
+
+	for(x = 0; x < count && x < MAXPASSFD; x++)
+	{
+		ctl_buf->F[x] = F[x];
+	}
+	ctl_buf->nfds = count;
+	rb_dlinkAddTail(ctl_buf, &ctl_buf->node, &ctl->writeq);
+	ws_write_ctl(ctl->F, ctl);
+}
+
+ws_ctl_t *
+start_wsockd_accept(rb_fde_t * sslF, rb_fde_t * plainF, uint32_t id)
+{
+	rb_fde_t *F[2];
+	ws_ctl_t *ctl;
+	char buf[5];
+	F[0] = sslF;
+	F[1] = plainF;
+
+	buf[0] = 'A';
+	uint32_to_buf(&buf[1], id);
+	ctl = which_wsockd();
+	if(!ctl)
+		return NULL;
+	ctl->cli_count++;
+	ws_cmd_write_queue(ctl, F, 2, buf, sizeof(buf));
+	return ctl;
+}
+
+void
+wsockd_decrement_clicount(ws_ctl_t * ctl)
+{
+	if(ctl == NULL)
+		return;
+
+	ctl->cli_count--;
+	if(ctl->shutdown && !ctl->cli_count)
+	{
+		ctl->dead = 1;
+		rb_kill(ctl->pid, SIGKILL);
+	}
+	if(ctl->dead && !ctl->cli_count)
+	{
+		free_ws_daemon(ctl);
+	}
+}
+
+static void
+cleanup_dead_ws(void *unused)
+{
+	rb_dlink_node *ptr, *next;
+	ws_ctl_t *ctl;
+	RB_DLINK_FOREACH_SAFE(ptr, next, wsock_daemons.head)
+	{
+		ctl = ptr->data;
+		if(ctl->dead && !ctl->cli_count)
+		{
+			free_ws_daemon(ctl);
+		}
+	}
+}
+
+int
+get_wsockd_count(void)
+{
+	return wsockd_count;
+}
+
+void
+wsockd_foreach_info(void (*func)(void *data, pid_t pid, int cli_count, enum wsockd_status status), void *data)
+{
+	rb_dlink_node *ptr, *next;
+	ws_ctl_t *ctl;
+	RB_DLINK_FOREACH_SAFE(ptr, next, wsock_daemons.head)
+	{
+		ctl = ptr->data;
+		func(data, ctl->pid, ctl->cli_count,
+			ctl->dead ? WSOCKD_DEAD :
+				(ctl->shutdown ? WSOCKD_SHUTDOWN : WSOCKD_ACTIVE));
+	}
+}
+
+void
+init_wsockd(void)
+{
+	rb_event_addish("cleanup_dead_ws", cleanup_dead_ws, NULL, 60);
+}