2 * QEMU VNC display driver
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
30 #include "qemu_socket.h"
31 #include "qemu-timer.h"
33 #include "qemu-objects.h"
34 #include "qmp-commands.h"
36 #define VNC_REFRESH_INTERVAL_BASE 30
37 #define VNC_REFRESH_INTERVAL_INC 50
38 #define VNC_REFRESH_INTERVAL_MAX 2000
39 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
40 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
42 #include "vnc_keysym.h"
45 static VncDisplay *vnc_display; /* needed for info vnc */
46 static DisplayChangeListener *dcl;
48 static int vnc_cursor_define(VncState *vs);
49 static void vnc_release_modifiers(VncState *vs);
51 static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
54 static const char *mn[] = {
56 [VNC_SHARE_MODE_CONNECTING] = "connecting",
57 [VNC_SHARE_MODE_SHARED] = "shared",
58 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
59 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
61 fprintf(stderr, "%s/%d: %s -> %s\n", __func__,
62 vs->csock, mn[vs->share_mode], mn[mode]);
65 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) {
66 vs->vd->num_exclusive--;
68 vs->share_mode = mode;
69 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) {
70 vs->vd->num_exclusive++;
74 static char *addr_to_string(const char *format,
75 struct sockaddr_storage *sa,
78 char host[NI_MAXHOST];
79 char serv[NI_MAXSERV];
83 if ((err = getnameinfo((struct sockaddr *)sa, salen,
86 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
87 VNC_DEBUG("Cannot resolve address %d: %s\n",
88 err, gai_strerror(err));
92 /* Enough for the existing format + the 2 vars we're
94 addrlen = strlen(format) + strlen(host) + strlen(serv);
95 addr = g_malloc(addrlen + 1);
96 snprintf(addr, addrlen, format, host, serv);
103 char *vnc_socket_local_addr(const char *format, int fd) {
104 struct sockaddr_storage sa;
108 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
111 return addr_to_string(format, &sa, salen);
114 char *vnc_socket_remote_addr(const char *format, int fd) {
115 struct sockaddr_storage sa;
119 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
122 return addr_to_string(format, &sa, salen);
125 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
128 char host[NI_MAXHOST];
129 char serv[NI_MAXSERV];
132 if ((err = getnameinfo((struct sockaddr *)sa, salen,
135 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
136 VNC_DEBUG("Cannot resolve address %d: %s\n",
137 err, gai_strerror(err));
141 qdict_put(qdict, "host", qstring_from_str(host));
142 qdict_put(qdict, "service", qstring_from_str(serv));
143 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)));
148 static int vnc_server_addr_put(QDict *qdict, int fd)
150 struct sockaddr_storage sa;
154 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
158 return put_addr_qdict(qdict, &sa, salen);
161 static int vnc_qdict_remote_addr(QDict *qdict, int fd)
163 struct sockaddr_storage sa;
167 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
171 return put_addr_qdict(qdict, &sa, salen);
174 static const char *vnc_auth_name(VncDisplay *vd) {
176 case VNC_AUTH_INVALID:
192 case VNC_AUTH_VENCRYPT:
193 #ifdef CONFIG_VNC_TLS
194 switch (vd->subauth) {
195 case VNC_AUTH_VENCRYPT_PLAIN:
196 return "vencrypt+plain";
197 case VNC_AUTH_VENCRYPT_TLSNONE:
198 return "vencrypt+tls+none";
199 case VNC_AUTH_VENCRYPT_TLSVNC:
200 return "vencrypt+tls+vnc";
201 case VNC_AUTH_VENCRYPT_TLSPLAIN:
202 return "vencrypt+tls+plain";
203 case VNC_AUTH_VENCRYPT_X509NONE:
204 return "vencrypt+x509+none";
205 case VNC_AUTH_VENCRYPT_X509VNC:
206 return "vencrypt+x509+vnc";
207 case VNC_AUTH_VENCRYPT_X509PLAIN:
208 return "vencrypt+x509+plain";
209 case VNC_AUTH_VENCRYPT_TLSSASL:
210 return "vencrypt+tls+sasl";
211 case VNC_AUTH_VENCRYPT_X509SASL:
212 return "vencrypt+x509+sasl";
225 static int vnc_server_info_put(QDict *qdict)
227 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
231 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
235 static void vnc_client_cache_auth(VncState *client)
237 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
245 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
246 qdict = qobject_to_qdict(client->info);
249 #ifdef CONFIG_VNC_TLS
250 if (client->tls.session &&
252 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
255 #ifdef CONFIG_VNC_SASL
256 if (client->sasl.conn &&
257 client->sasl.username) {
258 qdict_put(qdict, "sasl_username",
259 qstring_from_str(client->sasl.username));
264 static void vnc_client_cache_addr(VncState *client)
269 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
271 /* XXX: how to report the error? */
275 client->info = QOBJECT(qdict);
278 static void vnc_qmp_event(VncState *vs, MonitorEvent event)
287 server = qdict_new();
288 if (vnc_server_info_put(server) < 0) {
293 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
294 vs->info, QOBJECT(server));
296 monitor_protocol_event(event, data);
298 qobject_incref(vs->info);
299 qobject_decref(data);
302 static VncClientInfo *qmp_query_vnc_client(const VncState *client)
304 struct sockaddr_storage sa;
305 socklen_t salen = sizeof(sa);
306 char host[NI_MAXHOST];
307 char serv[NI_MAXSERV];
310 if (getpeername(client->csock, (struct sockaddr *)&sa, &salen) < 0) {
314 if (getnameinfo((struct sockaddr *)&sa, salen,
317 NI_NUMERICHOST | NI_NUMERICSERV) < 0) {
321 info = g_malloc0(sizeof(*info));
322 info->host = g_strdup(host);
323 info->service = g_strdup(serv);
324 info->family = g_strdup(inet_strfamily(sa.ss_family));
326 #ifdef CONFIG_VNC_TLS
327 if (client->tls.session && client->tls.dname) {
328 info->has_x509_dname = true;
329 info->x509_dname = g_strdup(client->tls.dname);
332 #ifdef CONFIG_VNC_SASL
333 if (client->sasl.conn && client->sasl.username) {
334 info->has_sasl_username = true;
335 info->sasl_username = g_strdup(client->sasl.username);
342 VncInfo *qmp_query_vnc(Error **errp)
344 VncInfo *info = g_malloc0(sizeof(*info));
346 if (vnc_display == NULL || vnc_display->display == NULL) {
347 info->enabled = false;
349 VncClientInfoList *cur_item = NULL;
350 struct sockaddr_storage sa;
351 socklen_t salen = sizeof(sa);
352 char host[NI_MAXHOST];
353 char serv[NI_MAXSERV];
356 info->enabled = true;
358 /* for compatibility with the original command */
359 info->has_clients = true;
361 QTAILQ_FOREACH(client, &vnc_display->clients, next) {
362 VncClientInfoList *cinfo = g_malloc0(sizeof(*info));
363 cinfo->value = qmp_query_vnc_client(client);
365 /* XXX: waiting for the qapi to support GSList */
367 info->clients = cur_item = cinfo;
369 cur_item->next = cinfo;
374 if (getsockname(vnc_display->lsock, (struct sockaddr *)&sa,
376 error_set(errp, QERR_UNDEFINED_ERROR);
380 if (getnameinfo((struct sockaddr *)&sa, salen,
383 NI_NUMERICHOST | NI_NUMERICSERV) < 0) {
384 error_set(errp, QERR_UNDEFINED_ERROR);
388 info->has_host = true;
389 info->host = g_strdup(host);
391 info->has_service = true;
392 info->service = g_strdup(serv);
394 info->has_family = true;
395 info->family = g_strdup(inet_strfamily(sa.ss_family));
397 info->has_auth = true;
398 info->auth = g_strdup(vnc_auth_name(vnc_display));
404 qapi_free_VncInfo(info);
409 1) Get the queue working for IO.
410 2) there is some weirdness when using the -S option (the screen is grey
411 and not totally invalidated
412 3) resolutions > 1024
415 static int vnc_update_client(VncState *vs, int has_dirty);
416 static int vnc_update_client_sync(VncState *vs, int has_dirty);
417 static void vnc_disconnect_start(VncState *vs);
418 static void vnc_disconnect_finish(VncState *vs);
419 static void vnc_init_timer(VncDisplay *vd);
420 static void vnc_remove_timer(VncDisplay *vd);
422 static void vnc_colordepth(VncState *vs);
423 static void framebuffer_update_request(VncState *vs, int incremental,
424 int x_position, int y_position,
426 static void vnc_refresh(void *opaque);
427 static int vnc_refresh_server_surface(VncDisplay *vd);
429 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
432 VncDisplay *vd = ds->opaque;
433 struct VncSurface *s = &vd->guest;
437 /* round x down to ensure the loop only spans one 16-pixel block per,
438 iteration. otherwise, if (x % 16) != 0, the last iteration may span
439 two 16-pixel blocks but we only mark the first as dirty
444 x = MIN(x, s->ds->width);
445 y = MIN(y, s->ds->height);
446 w = MIN(x + w, s->ds->width) - x;
447 h = MIN(h, s->ds->height);
450 for (i = 0; i < w; i += 16)
451 set_bit((x + i) / 16, s->dirty[y]);
454 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
457 vnc_write_u16(vs, x);
458 vnc_write_u16(vs, y);
459 vnc_write_u16(vs, w);
460 vnc_write_u16(vs, h);
462 vnc_write_s32(vs, encoding);
465 void buffer_reserve(Buffer *buffer, size_t len)
467 if ((buffer->capacity - buffer->offset) < len) {
468 buffer->capacity += (len + 1024);
469 buffer->buffer = g_realloc(buffer->buffer, buffer->capacity);
470 if (buffer->buffer == NULL) {
471 fprintf(stderr, "vnc: out of memory\n");
477 int buffer_empty(Buffer *buffer)
479 return buffer->offset == 0;
482 uint8_t *buffer_end(Buffer *buffer)
484 return buffer->buffer + buffer->offset;
487 void buffer_reset(Buffer *buffer)
492 void buffer_free(Buffer *buffer)
494 g_free(buffer->buffer);
496 buffer->capacity = 0;
497 buffer->buffer = NULL;
500 void buffer_append(Buffer *buffer, const void *data, size_t len)
502 memcpy(buffer->buffer + buffer->offset, data, len);
503 buffer->offset += len;
506 static void vnc_desktop_resize(VncState *vs)
508 DisplayState *ds = vs->ds;
510 if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
513 if (vs->client_width == ds_get_width(ds) &&
514 vs->client_height == ds_get_height(ds)) {
517 vs->client_width = ds_get_width(ds);
518 vs->client_height = ds_get_height(ds);
520 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
522 vnc_write_u16(vs, 1); /* number of rects */
523 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
524 VNC_ENCODING_DESKTOPRESIZE);
525 vnc_unlock_output(vs);
529 #ifdef CONFIG_VNC_THREAD
530 static void vnc_abort_display_jobs(VncDisplay *vd)
534 QTAILQ_FOREACH(vs, &vd->clients, next) {
537 vnc_unlock_output(vs);
539 QTAILQ_FOREACH(vs, &vd->clients, next) {
542 QTAILQ_FOREACH(vs, &vd->clients, next) {
545 vnc_unlock_output(vs);
549 static void vnc_abort_display_jobs(VncDisplay *vd)
554 static void vnc_dpy_resize(DisplayState *ds)
556 VncDisplay *vd = ds->opaque;
559 vnc_abort_display_jobs(vd);
563 vd->server = g_malloc0(sizeof(*vd->server));
564 if (vd->server->data)
565 g_free(vd->server->data);
566 *(vd->server) = *(ds->surface);
567 vd->server->data = g_malloc0(vd->server->linesize *
572 vd->guest.ds = g_malloc0(sizeof(*vd->guest.ds));
573 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
574 console_color_init(ds);
575 *(vd->guest.ds) = *(ds->surface);
576 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
578 QTAILQ_FOREACH(vs, &vd->clients, next) {
580 vnc_desktop_resize(vs);
581 if (vs->vd->cursor) {
582 vnc_cursor_define(vs);
584 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
589 static void vnc_write_pixels_copy(VncState *vs, struct PixelFormat *pf,
590 void *pixels, int size)
592 vnc_write(vs, pixels, size);
595 /* slowest but generic code. */
596 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
599 VncDisplay *vd = vs->vd;
601 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
602 vd->server->pf.rbits);
603 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
604 vd->server->pf.gbits);
605 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
606 vd->server->pf.bbits);
607 v = (r << vs->clientds.pf.rshift) |
608 (g << vs->clientds.pf.gshift) |
609 (b << vs->clientds.pf.bshift);
610 switch(vs->clientds.pf.bytes_per_pixel) {
615 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
625 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
640 static void vnc_write_pixels_generic(VncState *vs, struct PixelFormat *pf,
641 void *pixels1, int size)
645 if (pf->bytes_per_pixel == 4) {
646 uint32_t *pixels = pixels1;
649 for(i = 0; i < n; i++) {
650 vnc_convert_pixel(vs, buf, pixels[i]);
651 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
653 } else if (pf->bytes_per_pixel == 2) {
654 uint16_t *pixels = pixels1;
657 for(i = 0; i < n; i++) {
658 vnc_convert_pixel(vs, buf, pixels[i]);
659 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
661 } else if (pf->bytes_per_pixel == 1) {
662 uint8_t *pixels = pixels1;
665 for(i = 0; i < n; i++) {
666 vnc_convert_pixel(vs, buf, pixels[i]);
667 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
670 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
674 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
678 VncDisplay *vd = vs->vd;
680 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
681 for (i = 0; i < h; i++) {
682 vs->write_pixels(vs, &vd->server->pf, row, w * ds_get_bytes_per_pixel(vs->ds));
683 row += ds_get_linesize(vs->ds);
688 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
692 switch(vs->vnc_encoding) {
693 case VNC_ENCODING_ZLIB:
694 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
696 case VNC_ENCODING_HEXTILE:
697 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
698 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
700 case VNC_ENCODING_TIGHT:
701 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
703 case VNC_ENCODING_TIGHT_PNG:
704 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
706 case VNC_ENCODING_ZRLE:
707 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
709 case VNC_ENCODING_ZYWRLE:
710 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
713 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
714 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
720 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
722 /* send bitblit op to the vnc client */
724 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
726 vnc_write_u16(vs, 1); /* number of rects */
727 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
728 vnc_write_u16(vs, src_x);
729 vnc_write_u16(vs, src_y);
730 vnc_unlock_output(vs);
734 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
736 VncDisplay *vd = ds->opaque;
740 int i,x,y,pitch,depth,inc,w_lim,s;
743 vnc_refresh_server_surface(vd);
744 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
745 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
746 vs->force_update = 1;
747 vnc_update_client_sync(vs, 1);
748 /* vs might be free()ed here */
752 /* do bitblit op on the local surface too */
753 pitch = ds_get_linesize(vd->ds);
754 depth = ds_get_bytes_per_pixel(vd->ds);
755 src_row = vd->server->data + pitch * src_y + depth * src_x;
756 dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
761 src_row += pitch * (h-1);
762 dst_row += pitch * (h-1);
767 w_lim = w - (16 - (dst_x % 16));
771 w_lim = w - (w_lim % 16);
772 for (i = 0; i < h; i++) {
773 for (x = 0; x <= w_lim;
774 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
776 if ((s = w - w_lim) == 0)
779 s = (16 - (dst_x % 16));
784 cmp_bytes = s * depth;
785 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
787 memmove(dst_row, src_row, cmp_bytes);
788 QTAILQ_FOREACH(vs, &vd->clients, next) {
789 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
790 set_bit(((x + dst_x) / 16), vs->dirty[y]);
794 src_row += pitch - w * depth;
795 dst_row += pitch - w * depth;
799 QTAILQ_FOREACH(vs, &vd->clients, next) {
800 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
801 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
806 static void vnc_mouse_set(int x, int y, int visible)
808 /* can we ask the client(s) to move the pointer ??? */
811 static int vnc_cursor_define(VncState *vs)
813 QEMUCursor *c = vs->vd->cursor;
814 PixelFormat pf = qemu_default_pixelformat(32);
817 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
819 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
820 vnc_write_u8(vs, 0); /* padding */
821 vnc_write_u16(vs, 1); /* # of rects */
822 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
823 VNC_ENCODING_RICH_CURSOR);
824 isize = c->width * c->height * vs->clientds.pf.bytes_per_pixel;
825 vnc_write_pixels_generic(vs, &pf, c->data, isize);
826 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
827 vnc_unlock_output(vs);
833 static void vnc_dpy_cursor_define(QEMUCursor *c)
835 VncDisplay *vd = vnc_display;
838 cursor_put(vd->cursor);
839 g_free(vd->cursor_mask);
842 cursor_get(vd->cursor);
843 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
844 vd->cursor_mask = g_malloc0(vd->cursor_msize);
845 cursor_get_mono_mask(c, 0, vd->cursor_mask);
847 QTAILQ_FOREACH(vs, &vd->clients, next) {
848 vnc_cursor_define(vs);
852 static int find_and_clear_dirty_height(struct VncState *vs,
853 int y, int last_x, int x, int height)
857 for (h = 1; h < (height - y); h++) {
859 if (!test_bit(last_x, vs->dirty[y + h])) {
862 for (tmp_x = last_x; tmp_x < x; tmp_x++) {
863 clear_bit(tmp_x, vs->dirty[y + h]);
870 #ifdef CONFIG_VNC_THREAD
871 static int vnc_update_client_sync(VncState *vs, int has_dirty)
873 int ret = vnc_update_client(vs, has_dirty);
878 static int vnc_update_client_sync(VncState *vs, int has_dirty)
880 return vnc_update_client(vs, has_dirty);
884 static int vnc_update_client(VncState *vs, int has_dirty)
886 if (vs->need_update && vs->csock != -1) {
887 VncDisplay *vd = vs->vd;
894 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
895 /* kernel send buffers are full -> drop frames to throttle */
898 if (!has_dirty && !vs->audio_cap && !vs->force_update)
902 * Send screen updates to the vnc client using the server
903 * surface and server dirty map. guest surface updates
904 * happening in parallel don't disturb us, the next pass will
905 * send them to the client.
907 job = vnc_job_new(vs);
909 width = MIN(vd->server->width, vs->client_width);
910 height = MIN(vd->server->height, vs->client_height);
912 for (y = 0; y < height; y++) {
915 for (x = 0; x < width / 16; x++) {
916 if (test_and_clear_bit(x, vs->dirty[y])) {
922 int h = find_and_clear_dirty_height(vs, y, last_x, x,
925 n += vnc_job_add_rect(job, last_x * 16, y,
926 (x - last_x) * 16, h);
932 int h = find_and_clear_dirty_height(vs, y, last_x, x, height);
933 n += vnc_job_add_rect(job, last_x * 16, y,
934 (x - last_x) * 16, h);
939 vs->force_update = 0;
944 vnc_disconnect_finish(vs);
950 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
952 VncState *vs = opaque;
955 case AUD_CNOTIFY_DISABLE:
957 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
958 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
959 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
960 vnc_unlock_output(vs);
964 case AUD_CNOTIFY_ENABLE:
966 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
967 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
968 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
969 vnc_unlock_output(vs);
975 static void audio_capture_destroy(void *opaque)
979 static void audio_capture(void *opaque, void *buf, int size)
981 VncState *vs = opaque;
984 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
985 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
986 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
987 vnc_write_u32(vs, size);
988 vnc_write(vs, buf, size);
989 vnc_unlock_output(vs);
993 static void audio_add(VncState *vs)
995 struct audio_capture_ops ops;
998 monitor_printf(default_mon, "audio already running\n");
1002 ops.notify = audio_capture_notify;
1003 ops.destroy = audio_capture_destroy;
1004 ops.capture = audio_capture;
1006 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
1007 if (!vs->audio_cap) {
1008 monitor_printf(default_mon, "Failed to add audio capture\n");
1012 static void audio_del(VncState *vs)
1014 if (vs->audio_cap) {
1015 AUD_del_capture(vs->audio_cap, vs);
1016 vs->audio_cap = NULL;
1020 static void vnc_disconnect_start(VncState *vs)
1022 if (vs->csock == -1)
1024 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1025 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
1026 closesocket(vs->csock);
1030 static void vnc_disconnect_finish(VncState *vs)
1034 vnc_jobs_join(vs); /* Wait encoding jobs */
1036 vnc_lock_output(vs);
1037 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
1039 buffer_free(&vs->input);
1040 buffer_free(&vs->output);
1042 qobject_decref(vs->info);
1045 vnc_tight_clear(vs);
1048 #ifdef CONFIG_VNC_TLS
1049 vnc_tls_client_cleanup(vs);
1050 #endif /* CONFIG_VNC_TLS */
1051 #ifdef CONFIG_VNC_SASL
1052 vnc_sasl_client_cleanup(vs);
1053 #endif /* CONFIG_VNC_SASL */
1055 vnc_release_modifiers(vs);
1057 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1059 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1063 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1064 vnc_remove_timer(vs->vd);
1065 if (vs->vd->lock_key_sync)
1066 qemu_remove_led_event_handler(vs->led);
1067 vnc_unlock_output(vs);
1069 #ifdef CONFIG_VNC_THREAD
1070 qemu_mutex_destroy(&vs->output_mutex);
1071 qemu_bh_delete(vs->bh);
1072 buffer_free(&vs->jobs_buffer);
1075 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1076 g_free(vs->lossy_rect[i]);
1078 g_free(vs->lossy_rect);
1082 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
1084 if (ret == 0 || ret == -1) {
1086 switch (last_errno) {
1090 case WSAEWOULDBLOCK:
1098 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1099 ret, ret < 0 ? last_errno : 0);
1100 vnc_disconnect_start(vs);
1108 void vnc_client_error(VncState *vs)
1110 VNC_DEBUG("Closing down client sock: protocol error\n");
1111 vnc_disconnect_start(vs);
1116 * Called to write a chunk of data to the client socket. The data may
1117 * be the raw data, or may have already been encoded by SASL.
1118 * The data will be written either straight onto the socket, or
1119 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1121 * NB, it is theoretically possible to have 2 layers of encryption,
1122 * both SASL, and this TLS layer. It is highly unlikely in practice
1123 * though, since SASL encryption will typically be a no-op if TLS
1126 * Returns the number of bytes written, which may be less than
1127 * the requested 'datalen' if the socket would block. Returns
1128 * -1 on error, and disconnects the client socket.
1130 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1133 #ifdef CONFIG_VNC_TLS
1134 if (vs->tls.session) {
1135 ret = gnutls_write(vs->tls.session, data, datalen);
1137 if (ret == GNUTLS_E_AGAIN)
1144 #endif /* CONFIG_VNC_TLS */
1145 ret = send(vs->csock, (const void *)data, datalen, 0);
1146 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1147 return vnc_client_io_error(vs, ret, socket_error());
1152 * Called to write buffered data to the client socket, when not
1153 * using any SASL SSF encryption layers. Will write as much data
1154 * as possible without blocking. If all buffered data is written,
1155 * will switch the FD poll() handler back to read monitoring.
1157 * Returns the number of bytes written, which may be less than
1158 * the buffered output data if the socket would block. Returns
1159 * -1 on error, and disconnects the client socket.
1161 static long vnc_client_write_plain(VncState *vs)
1165 #ifdef CONFIG_VNC_SASL
1166 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1167 vs->output.buffer, vs->output.capacity, vs->output.offset,
1168 vs->sasl.waitWriteSSF);
1170 if (vs->sasl.conn &&
1172 vs->sasl.waitWriteSSF) {
1173 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1175 vs->sasl.waitWriteSSF -= ret;
1177 #endif /* CONFIG_VNC_SASL */
1178 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1182 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1183 vs->output.offset -= ret;
1185 if (vs->output.offset == 0) {
1186 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1194 * First function called whenever there is data to be written to
1195 * the client socket. Will delegate actual work according to whether
1196 * SASL SSF layers are enabled (thus requiring encryption calls)
1198 static void vnc_client_write_locked(void *opaque)
1200 VncState *vs = opaque;
1202 #ifdef CONFIG_VNC_SASL
1203 if (vs->sasl.conn &&
1205 !vs->sasl.waitWriteSSF) {
1206 vnc_client_write_sasl(vs);
1208 #endif /* CONFIG_VNC_SASL */
1209 vnc_client_write_plain(vs);
1212 void vnc_client_write(void *opaque)
1214 VncState *vs = opaque;
1216 vnc_lock_output(vs);
1217 if (vs->output.offset) {
1218 vnc_client_write_locked(opaque);
1219 } else if (vs->csock != -1) {
1220 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1222 vnc_unlock_output(vs);
1225 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1227 vs->read_handler = func;
1228 vs->read_handler_expect = expecting;
1233 * Called to read a chunk of data from the client socket. The data may
1234 * be the raw data, or may need to be further decoded by SASL.
1235 * The data will be read either straight from to the socket, or
1236 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1238 * NB, it is theoretically possible to have 2 layers of encryption,
1239 * both SASL, and this TLS layer. It is highly unlikely in practice
1240 * though, since SASL encryption will typically be a no-op if TLS
1243 * Returns the number of bytes read, which may be less than
1244 * the requested 'datalen' if the socket would block. Returns
1245 * -1 on error, and disconnects the client socket.
1247 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1250 #ifdef CONFIG_VNC_TLS
1251 if (vs->tls.session) {
1252 ret = gnutls_read(vs->tls.session, data, datalen);
1254 if (ret == GNUTLS_E_AGAIN)
1261 #endif /* CONFIG_VNC_TLS */
1262 ret = qemu_recv(vs->csock, data, datalen, 0);
1263 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1264 return vnc_client_io_error(vs, ret, socket_error());
1269 * Called to read data from the client socket to the input buffer,
1270 * when not using any SASL SSF encryption layers. Will read as much
1271 * data as possible without blocking.
1273 * Returns the number of bytes read. Returns -1 on error, and
1274 * disconnects the client socket.
1276 static long vnc_client_read_plain(VncState *vs)
1279 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1280 vs->input.buffer, vs->input.capacity, vs->input.offset);
1281 buffer_reserve(&vs->input, 4096);
1282 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1285 vs->input.offset += ret;
1289 #ifdef CONFIG_VNC_THREAD
1290 static void vnc_jobs_bh(void *opaque)
1292 VncState *vs = opaque;
1294 vnc_jobs_consume_buffer(vs);
1299 * First function called whenever there is more data to be read from
1300 * the client socket. Will delegate actual work according to whether
1301 * SASL SSF layers are enabled (thus requiring decryption calls)
1303 void vnc_client_read(void *opaque)
1305 VncState *vs = opaque;
1308 #ifdef CONFIG_VNC_SASL
1309 if (vs->sasl.conn && vs->sasl.runSSF)
1310 ret = vnc_client_read_sasl(vs);
1312 #endif /* CONFIG_VNC_SASL */
1313 ret = vnc_client_read_plain(vs);
1315 if (vs->csock == -1)
1316 vnc_disconnect_finish(vs);
1320 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1321 size_t len = vs->read_handler_expect;
1324 ret = vs->read_handler(vs, vs->input.buffer, len);
1325 if (vs->csock == -1) {
1326 vnc_disconnect_finish(vs);
1331 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1332 vs->input.offset -= len;
1334 vs->read_handler_expect = ret;
1339 void vnc_write(VncState *vs, const void *data, size_t len)
1341 buffer_reserve(&vs->output, len);
1343 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1344 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1347 buffer_append(&vs->output, data, len);
1350 void vnc_write_s32(VncState *vs, int32_t value)
1352 vnc_write_u32(vs, *(uint32_t *)&value);
1355 void vnc_write_u32(VncState *vs, uint32_t value)
1359 buf[0] = (value >> 24) & 0xFF;
1360 buf[1] = (value >> 16) & 0xFF;
1361 buf[2] = (value >> 8) & 0xFF;
1362 buf[3] = value & 0xFF;
1364 vnc_write(vs, buf, 4);
1367 void vnc_write_u16(VncState *vs, uint16_t value)
1371 buf[0] = (value >> 8) & 0xFF;
1372 buf[1] = value & 0xFF;
1374 vnc_write(vs, buf, 2);
1377 void vnc_write_u8(VncState *vs, uint8_t value)
1379 vnc_write(vs, (char *)&value, 1);
1382 void vnc_flush(VncState *vs)
1384 vnc_lock_output(vs);
1385 if (vs->csock != -1 && vs->output.offset) {
1386 vnc_client_write_locked(vs);
1388 vnc_unlock_output(vs);
1391 uint8_t read_u8(uint8_t *data, size_t offset)
1393 return data[offset];
1396 uint16_t read_u16(uint8_t *data, size_t offset)
1398 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1401 int32_t read_s32(uint8_t *data, size_t offset)
1403 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1404 (data[offset + 2] << 8) | data[offset + 3]);
1407 uint32_t read_u32(uint8_t *data, size_t offset)
1409 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1410 (data[offset + 2] << 8) | data[offset + 3]);
1413 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1417 static void check_pointer_type_change(Notifier *notifier, void *data)
1419 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1420 int absolute = kbd_mouse_is_absolute();
1422 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1423 vnc_lock_output(vs);
1424 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1425 vnc_write_u8(vs, 0);
1426 vnc_write_u16(vs, 1);
1427 vnc_framebuffer_update(vs, absolute, 0,
1428 ds_get_width(vs->ds), ds_get_height(vs->ds),
1429 VNC_ENCODING_POINTER_TYPE_CHANGE);
1430 vnc_unlock_output(vs);
1433 vs->absolute = absolute;
1436 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1441 if (button_mask & 0x01)
1442 buttons |= MOUSE_EVENT_LBUTTON;
1443 if (button_mask & 0x02)
1444 buttons |= MOUSE_EVENT_MBUTTON;
1445 if (button_mask & 0x04)
1446 buttons |= MOUSE_EVENT_RBUTTON;
1447 if (button_mask & 0x08)
1449 if (button_mask & 0x10)
1453 kbd_mouse_event(ds_get_width(vs->ds) > 1 ?
1454 x * 0x7FFF / (ds_get_width(vs->ds) - 1) : 0x4000,
1455 ds_get_height(vs->ds) > 1 ?
1456 y * 0x7FFF / (ds_get_height(vs->ds) - 1) : 0x4000,
1458 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1462 kbd_mouse_event(x, y, dz, buttons);
1464 if (vs->last_x != -1)
1465 kbd_mouse_event(x - vs->last_x,
1473 static void reset_keys(VncState *vs)
1476 for(i = 0; i < 256; i++) {
1477 if (vs->modifiers_state[i]) {
1478 if (i & SCANCODE_GREY)
1479 kbd_put_keycode(SCANCODE_EMUL0);
1480 kbd_put_keycode(i | SCANCODE_UP);
1481 vs->modifiers_state[i] = 0;
1486 static void press_key(VncState *vs, int keysym)
1488 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1489 if (keycode & SCANCODE_GREY)
1490 kbd_put_keycode(SCANCODE_EMUL0);
1491 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1492 if (keycode & SCANCODE_GREY)
1493 kbd_put_keycode(SCANCODE_EMUL0);
1494 kbd_put_keycode(keycode | SCANCODE_UP);
1497 static void kbd_leds(void *opaque, int ledstate)
1499 VncState *vs = opaque;
1502 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1503 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1505 if (vs->modifiers_state[0x3a] != caps) {
1506 vs->modifiers_state[0x3a] = caps;
1508 if (vs->modifiers_state[0x45] != num) {
1509 vs->modifiers_state[0x45] = num;
1513 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1515 /* QEMU console switch */
1517 case 0x2a: /* Left Shift */
1518 case 0x36: /* Right Shift */
1519 case 0x1d: /* Left CTRL */
1520 case 0x9d: /* Right CTRL */
1521 case 0x38: /* Left ALT */
1522 case 0xb8: /* Right ALT */
1524 vs->modifiers_state[keycode] = 1;
1526 vs->modifiers_state[keycode] = 0;
1528 case 0x02 ... 0x0a: /* '1' to '9' keys */
1529 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1530 /* Reset the modifiers sent to the current console */
1532 console_select(keycode - 0x02);
1536 case 0x3a: /* CapsLock */
1537 case 0x45: /* NumLock */
1539 vs->modifiers_state[keycode] ^= 1;
1543 if (down && vs->vd->lock_key_sync &&
1544 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1545 /* If the numlock state needs to change then simulate an additional
1546 keypress before sending this one. This will happen if the user
1547 toggles numlock away from the VNC window.
1549 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1550 if (!vs->modifiers_state[0x45]) {
1551 vs->modifiers_state[0x45] = 1;
1552 press_key(vs, 0xff7f);
1555 if (vs->modifiers_state[0x45]) {
1556 vs->modifiers_state[0x45] = 0;
1557 press_key(vs, 0xff7f);
1562 if (down && vs->vd->lock_key_sync &&
1563 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1564 /* If the capslock state needs to change then simulate an additional
1565 keypress before sending this one. This will happen if the user
1566 toggles capslock away from the VNC window.
1568 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1569 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1570 int capslock = !!(vs->modifiers_state[0x3a]);
1572 if (uppercase == shift) {
1573 vs->modifiers_state[0x3a] = 0;
1574 press_key(vs, 0xffe5);
1577 if (uppercase != shift) {
1578 vs->modifiers_state[0x3a] = 1;
1579 press_key(vs, 0xffe5);
1584 if (is_graphic_console()) {
1585 if (keycode & SCANCODE_GREY)
1586 kbd_put_keycode(SCANCODE_EMUL0);
1588 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1590 kbd_put_keycode(keycode | SCANCODE_UP);
1592 bool numlock = vs->modifiers_state[0x45];
1593 bool control = (vs->modifiers_state[0x1d] ||
1594 vs->modifiers_state[0x9d]);
1595 /* QEMU console emulation */
1598 case 0x2a: /* Left Shift */
1599 case 0x36: /* Right Shift */
1600 case 0x1d: /* Left CTRL */
1601 case 0x9d: /* Right CTRL */
1602 case 0x38: /* Left ALT */
1603 case 0xb8: /* Right ALT */
1606 kbd_put_keysym(QEMU_KEY_UP);
1609 kbd_put_keysym(QEMU_KEY_DOWN);
1612 kbd_put_keysym(QEMU_KEY_LEFT);
1615 kbd_put_keysym(QEMU_KEY_RIGHT);
1618 kbd_put_keysym(QEMU_KEY_DELETE);
1621 kbd_put_keysym(QEMU_KEY_HOME);
1624 kbd_put_keysym(QEMU_KEY_END);
1627 kbd_put_keysym(QEMU_KEY_PAGEUP);
1630 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1634 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1637 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1640 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1643 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1646 kbd_put_keysym('5');
1649 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1652 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1655 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1658 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1661 kbd_put_keysym('0');
1664 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1668 kbd_put_keysym('/');
1671 kbd_put_keysym('*');
1674 kbd_put_keysym('-');
1677 kbd_put_keysym('+');
1680 kbd_put_keysym('\n');
1685 kbd_put_keysym(sym & 0x1f);
1687 kbd_put_keysym(sym);
1695 static void vnc_release_modifiers(VncState *vs)
1697 static const int keycodes[] = {
1698 /* shift, control, alt keys, both left & right */
1699 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
1703 if (!is_graphic_console()) {
1706 for (i = 0; i < ARRAY_SIZE(keycodes); i++) {
1707 keycode = keycodes[i];
1708 if (!vs->modifiers_state[keycode]) {
1711 if (keycode & SCANCODE_GREY) {
1712 kbd_put_keycode(SCANCODE_EMUL0);
1714 kbd_put_keycode(keycode | SCANCODE_UP);
1718 static void key_event(VncState *vs, int down, uint32_t sym)
1723 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) {
1724 lsym = lsym - 'A' + 'a';
1727 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1728 do_key_event(vs, down, keycode, sym);
1731 static void ext_key_event(VncState *vs, int down,
1732 uint32_t sym, uint16_t keycode)
1734 /* if the user specifies a keyboard layout, always use it */
1735 if (keyboard_layout)
1736 key_event(vs, down, sym);
1738 do_key_event(vs, down, keycode, sym);
1741 static void framebuffer_update_request(VncState *vs, int incremental,
1742 int x_position, int y_position,
1746 const size_t width = ds_get_width(vs->ds) / 16;
1748 if (y_position > ds_get_height(vs->ds))
1749 y_position = ds_get_height(vs->ds);
1750 if (y_position + h >= ds_get_height(vs->ds))
1751 h = ds_get_height(vs->ds) - y_position;
1753 vs->need_update = 1;
1755 vs->force_update = 1;
1756 for (i = 0; i < h; i++) {
1757 bitmap_set(vs->dirty[y_position + i], 0, width);
1758 bitmap_clear(vs->dirty[y_position + i], width,
1759 VNC_DIRTY_BITS - width);
1764 static void send_ext_key_event_ack(VncState *vs)
1766 vnc_lock_output(vs);
1767 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1768 vnc_write_u8(vs, 0);
1769 vnc_write_u16(vs, 1);
1770 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1771 VNC_ENCODING_EXT_KEY_EVENT);
1772 vnc_unlock_output(vs);
1776 static void send_ext_audio_ack(VncState *vs)
1778 vnc_lock_output(vs);
1779 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1780 vnc_write_u8(vs, 0);
1781 vnc_write_u16(vs, 1);
1782 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1783 VNC_ENCODING_AUDIO);
1784 vnc_unlock_output(vs);
1788 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1791 unsigned int enc = 0;
1794 vs->vnc_encoding = 0;
1795 vs->tight.compression = 9;
1796 vs->tight.quality = -1; /* Lossless by default */
1800 * Start from the end because the encodings are sent in order of preference.
1801 * This way the preferred encoding (first encoding defined in the array)
1802 * will be set at the end of the loop.
1804 for (i = n_encodings - 1; i >= 0; i--) {
1807 case VNC_ENCODING_RAW:
1808 vs->vnc_encoding = enc;
1810 case VNC_ENCODING_COPYRECT:
1811 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1813 case VNC_ENCODING_HEXTILE:
1814 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1815 vs->vnc_encoding = enc;
1817 case VNC_ENCODING_TIGHT:
1818 vs->features |= VNC_FEATURE_TIGHT_MASK;
1819 vs->vnc_encoding = enc;
1821 case VNC_ENCODING_TIGHT_PNG:
1822 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
1823 vs->vnc_encoding = enc;
1825 case VNC_ENCODING_ZLIB:
1826 vs->features |= VNC_FEATURE_ZLIB_MASK;
1827 vs->vnc_encoding = enc;
1829 case VNC_ENCODING_ZRLE:
1830 vs->features |= VNC_FEATURE_ZRLE_MASK;
1831 vs->vnc_encoding = enc;
1833 case VNC_ENCODING_ZYWRLE:
1834 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
1835 vs->vnc_encoding = enc;
1837 case VNC_ENCODING_DESKTOPRESIZE:
1838 vs->features |= VNC_FEATURE_RESIZE_MASK;
1840 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1841 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1843 case VNC_ENCODING_RICH_CURSOR:
1844 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
1846 case VNC_ENCODING_EXT_KEY_EVENT:
1847 send_ext_key_event_ack(vs);
1849 case VNC_ENCODING_AUDIO:
1850 send_ext_audio_ack(vs);
1852 case VNC_ENCODING_WMVi:
1853 vs->features |= VNC_FEATURE_WMVI_MASK;
1855 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1856 vs->tight.compression = (enc & 0x0F);
1858 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1859 if (vs->vd->lossy) {
1860 vs->tight.quality = (enc & 0x0F);
1864 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1868 vnc_desktop_resize(vs);
1869 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
1872 static void set_pixel_conversion(VncState *vs)
1874 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1875 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1876 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1877 vs->write_pixels = vnc_write_pixels_copy;
1878 vnc_hextile_set_pixel_conversion(vs, 0);
1880 vs->write_pixels = vnc_write_pixels_generic;
1881 vnc_hextile_set_pixel_conversion(vs, 1);
1885 static void set_pixel_format(VncState *vs,
1886 int bits_per_pixel, int depth,
1887 int big_endian_flag, int true_color_flag,
1888 int red_max, int green_max, int blue_max,
1889 int red_shift, int green_shift, int blue_shift)
1891 if (!true_color_flag) {
1892 vnc_client_error(vs);
1896 vs->clientds = *(vs->vd->guest.ds);
1897 vs->clientds.pf.rmax = red_max;
1898 vs->clientds.pf.rbits = hweight_long(red_max);
1899 vs->clientds.pf.rshift = red_shift;
1900 vs->clientds.pf.rmask = red_max << red_shift;
1901 vs->clientds.pf.gmax = green_max;
1902 vs->clientds.pf.gbits = hweight_long(green_max);
1903 vs->clientds.pf.gshift = green_shift;
1904 vs->clientds.pf.gmask = green_max << green_shift;
1905 vs->clientds.pf.bmax = blue_max;
1906 vs->clientds.pf.bbits = hweight_long(blue_max);
1907 vs->clientds.pf.bshift = blue_shift;
1908 vs->clientds.pf.bmask = blue_max << blue_shift;
1909 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1910 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1911 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1912 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1914 set_pixel_conversion(vs);
1916 vga_hw_invalidate();
1920 static void pixel_format_message (VncState *vs) {
1921 char pad[3] = { 0, 0, 0 };
1923 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1924 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1926 #ifdef HOST_WORDS_BIGENDIAN
1927 vnc_write_u8(vs, 1); /* big-endian-flag */
1929 vnc_write_u8(vs, 0); /* big-endian-flag */
1931 vnc_write_u8(vs, 1); /* true-color-flag */
1932 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1933 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1934 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1935 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1936 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1937 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1939 vnc_hextile_set_pixel_conversion(vs, 0);
1941 vs->clientds = *(vs->ds->surface);
1942 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
1943 vs->write_pixels = vnc_write_pixels_copy;
1945 vnc_write(vs, pad, 3); /* padding */
1948 static void vnc_dpy_setdata(DisplayState *ds)
1950 VncDisplay *vd = ds->opaque;
1952 *(vd->guest.ds) = *(ds->surface);
1953 vnc_dpy_update(ds, 0, 0, ds_get_width(ds), ds_get_height(ds));
1956 static void vnc_colordepth(VncState *vs)
1958 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1959 /* Sending a WMVi message to notify the client*/
1960 vnc_lock_output(vs);
1961 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1962 vnc_write_u8(vs, 0);
1963 vnc_write_u16(vs, 1); /* number of rects */
1964 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1965 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1966 pixel_format_message(vs);
1967 vnc_unlock_output(vs);
1970 set_pixel_conversion(vs);
1974 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1978 VncDisplay *vd = vs->vd;
1981 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1982 if (!qemu_timer_expired(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval))
1983 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval);
1987 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
1991 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1992 read_u8(data, 6), read_u8(data, 7),
1993 read_u16(data, 8), read_u16(data, 10),
1994 read_u16(data, 12), read_u8(data, 14),
1995 read_u8(data, 15), read_u8(data, 16));
1997 case VNC_MSG_CLIENT_SET_ENCODINGS:
2002 limit = read_u16(data, 2);
2004 return 4 + (limit * 4);
2006 limit = read_u16(data, 2);
2008 for (i = 0; i < limit; i++) {
2009 int32_t val = read_s32(data, 4 + (i * 4));
2010 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2013 set_encodings(vs, (int32_t *)(data + 4), limit);
2015 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2019 framebuffer_update_request(vs,
2020 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2021 read_u16(data, 6), read_u16(data, 8));
2023 case VNC_MSG_CLIENT_KEY_EVENT:
2027 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2029 case VNC_MSG_CLIENT_POINTER_EVENT:
2033 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2035 case VNC_MSG_CLIENT_CUT_TEXT:
2040 uint32_t dlen = read_u32(data, 4);
2045 client_cut_text(vs, read_u32(data, 4), data + 8);
2047 case VNC_MSG_CLIENT_QEMU:
2051 switch (read_u8(data, 1)) {
2052 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2056 ext_key_event(vs, read_u16(data, 2),
2057 read_u32(data, 4), read_u32(data, 8));
2059 case VNC_MSG_CLIENT_QEMU_AUDIO:
2063 switch (read_u16 (data, 2)) {
2064 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2067 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2070 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2073 switch (read_u8(data, 4)) {
2074 case 0: vs->as.fmt = AUD_FMT_U8; break;
2075 case 1: vs->as.fmt = AUD_FMT_S8; break;
2076 case 2: vs->as.fmt = AUD_FMT_U16; break;
2077 case 3: vs->as.fmt = AUD_FMT_S16; break;
2078 case 4: vs->as.fmt = AUD_FMT_U32; break;
2079 case 5: vs->as.fmt = AUD_FMT_S32; break;
2081 printf("Invalid audio format %d\n", read_u8(data, 4));
2082 vnc_client_error(vs);
2085 vs->as.nchannels = read_u8(data, 5);
2086 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2087 printf("Invalid audio channel coount %d\n",
2089 vnc_client_error(vs);
2092 vs->as.freq = read_u32(data, 6);
2095 printf ("Invalid audio message %d\n", read_u8(data, 4));
2096 vnc_client_error(vs);
2102 printf("Msg: %d\n", read_u16(data, 0));
2103 vnc_client_error(vs);
2108 printf("Msg: %d\n", data[0]);
2109 vnc_client_error(vs);
2113 vnc_read_when(vs, protocol_client_msg, 1);
2117 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2123 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2124 switch (vs->vd->share_policy) {
2125 case VNC_SHARE_POLICY_IGNORE:
2127 * Ignore the shared flag. Nothing to do here.
2129 * Doesn't conform to the rfb spec but is traditional qemu
2130 * behavior, thus left here as option for compatibility
2134 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2136 * Policy: Allow clients ask for exclusive access.
2138 * Implementation: When a client asks for exclusive access,
2139 * disconnect all others. Shared connects are allowed as long
2140 * as no exclusive connection exists.
2142 * This is how the rfb spec suggests to handle the shared flag.
2144 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2146 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2150 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2151 client->share_mode != VNC_SHARE_MODE_SHARED) {
2154 vnc_disconnect_start(client);
2157 if (mode == VNC_SHARE_MODE_SHARED) {
2158 if (vs->vd->num_exclusive > 0) {
2159 vnc_disconnect_start(vs);
2164 case VNC_SHARE_POLICY_FORCE_SHARED:
2166 * Policy: Shared connects only.
2167 * Implementation: Disallow clients asking for exclusive access.
2169 * Useful for shared desktop sessions where you don't want
2170 * someone forgetting to say -shared when running the vnc
2171 * client disconnect everybody else.
2173 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2174 vnc_disconnect_start(vs);
2179 vnc_set_share_mode(vs, mode);
2181 vs->client_width = ds_get_width(vs->ds);
2182 vs->client_height = ds_get_height(vs->ds);
2183 vnc_write_u16(vs, vs->client_width);
2184 vnc_write_u16(vs, vs->client_height);
2186 pixel_format_message(vs);
2189 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2191 size = snprintf(buf, sizeof(buf), "QEMU");
2193 vnc_write_u32(vs, size);
2194 vnc_write(vs, buf, size);
2197 vnc_client_cache_auth(vs);
2198 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
2200 vnc_read_when(vs, protocol_client_msg, 1);
2205 void start_client_init(VncState *vs)
2207 vnc_read_when(vs, protocol_client_init, 1);
2210 static void make_challenge(VncState *vs)
2214 srand(time(NULL)+getpid()+getpid()*987654+rand());
2216 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2217 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2220 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2222 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2224 unsigned char key[8];
2225 time_t now = time(NULL);
2227 if (!vs->vd->password) {
2228 VNC_DEBUG("No password configured on server");
2231 if (vs->vd->expires < now) {
2232 VNC_DEBUG("Password is expired");
2236 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2238 /* Calculate the expected challenge response */
2239 pwlen = strlen(vs->vd->password);
2240 for (i=0; i<sizeof(key); i++)
2241 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2243 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
2244 des(response+j, response+j);
2246 /* Compare expected vs actual challenge response */
2247 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2248 VNC_DEBUG("Client challenge response did not match\n");
2251 VNC_DEBUG("Accepting VNC challenge response\n");
2252 vnc_write_u32(vs, 0); /* Accept auth */
2255 start_client_init(vs);
2260 vnc_write_u32(vs, 1); /* Reject auth */
2261 if (vs->minor >= 8) {
2262 static const char err[] = "Authentication failed";
2263 vnc_write_u32(vs, sizeof(err));
2264 vnc_write(vs, err, sizeof(err));
2267 vnc_client_error(vs);
2271 void start_auth_vnc(VncState *vs)
2274 /* Send client a 'random' challenge */
2275 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2278 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2282 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2284 /* We only advertise 1 auth scheme at a time, so client
2285 * must pick the one we sent. Verify this */
2286 if (data[0] != vs->auth) { /* Reject auth */
2287 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2288 vnc_write_u32(vs, 1);
2289 if (vs->minor >= 8) {
2290 static const char err[] = "Authentication failed";
2291 vnc_write_u32(vs, sizeof(err));
2292 vnc_write(vs, err, sizeof(err));
2294 vnc_client_error(vs);
2295 } else { /* Accept requested auth */
2296 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2299 VNC_DEBUG("Accept auth none\n");
2300 if (vs->minor >= 8) {
2301 vnc_write_u32(vs, 0); /* Accept auth completion */
2304 start_client_init(vs);
2308 VNC_DEBUG("Start VNC auth\n");
2312 #ifdef CONFIG_VNC_TLS
2313 case VNC_AUTH_VENCRYPT:
2314 VNC_DEBUG("Accept VeNCrypt auth\n");
2315 start_auth_vencrypt(vs);
2317 #endif /* CONFIG_VNC_TLS */
2319 #ifdef CONFIG_VNC_SASL
2321 VNC_DEBUG("Accept SASL auth\n");
2322 start_auth_sasl(vs);
2324 #endif /* CONFIG_VNC_SASL */
2326 default: /* Should not be possible, but just in case */
2327 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth);
2328 vnc_write_u8(vs, 1);
2329 if (vs->minor >= 8) {
2330 static const char err[] = "Authentication failed";
2331 vnc_write_u32(vs, sizeof(err));
2332 vnc_write(vs, err, sizeof(err));
2334 vnc_client_error(vs);
2340 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2344 memcpy(local, version, 12);
2347 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2348 VNC_DEBUG("Malformed protocol version %s\n", local);
2349 vnc_client_error(vs);
2352 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2353 if (vs->major != 3 ||
2359 VNC_DEBUG("Unsupported client version\n");
2360 vnc_write_u32(vs, VNC_AUTH_INVALID);
2362 vnc_client_error(vs);
2365 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2366 * as equivalent to v3.3 by servers
2368 if (vs->minor == 4 || vs->minor == 5)
2371 if (vs->minor == 3) {
2372 if (vs->auth == VNC_AUTH_NONE) {
2373 VNC_DEBUG("Tell client auth none\n");
2374 vnc_write_u32(vs, vs->auth);
2376 start_client_init(vs);
2377 } else if (vs->auth == VNC_AUTH_VNC) {
2378 VNC_DEBUG("Tell client VNC auth\n");
2379 vnc_write_u32(vs, vs->auth);
2383 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
2384 vnc_write_u32(vs, VNC_AUTH_INVALID);
2386 vnc_client_error(vs);
2389 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
2390 vnc_write_u8(vs, 1); /* num auth */
2391 vnc_write_u8(vs, vs->auth);
2392 vnc_read_when(vs, protocol_client_auth, 1);
2399 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2401 struct VncSurface *vs = &vd->guest;
2403 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2406 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2410 w = (x + w) / VNC_STAT_RECT;
2411 h = (y + h) / VNC_STAT_RECT;
2415 for (j = y; j <= h; j++) {
2416 for (i = x; i <= w; i++) {
2417 vs->lossy_rect[j][i] = 1;
2422 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2425 int sty = y / VNC_STAT_RECT;
2426 int stx = x / VNC_STAT_RECT;
2429 y = y / VNC_STAT_RECT * VNC_STAT_RECT;
2430 x = x / VNC_STAT_RECT * VNC_STAT_RECT;
2432 QTAILQ_FOREACH(vs, &vd->clients, next) {
2435 /* kernel send buffers are full -> refresh later */
2436 if (vs->output.offset) {
2440 if (!vs->lossy_rect[sty][stx]) {
2444 vs->lossy_rect[sty][stx] = 0;
2445 for (j = 0; j < VNC_STAT_RECT; ++j) {
2446 bitmap_set(vs->dirty[y + j], x / 16, VNC_STAT_RECT / 16);
2454 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2460 for (y = 0; y < vd->guest.ds->height; y += VNC_STAT_RECT) {
2461 for (x = 0; x < vd->guest.ds->width; x += VNC_STAT_RECT) {
2462 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2464 rect->updated = false;
2468 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2470 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2473 vd->guest.last_freq_check = *tv;
2475 for (y = 0; y < vd->guest.ds->height; y += VNC_STAT_RECT) {
2476 for (x = 0; x < vd->guest.ds->width; x += VNC_STAT_RECT) {
2477 VncRectStat *rect= vnc_stat_rect(vd, x, y);
2478 int count = ARRAY_SIZE(rect->times);
2479 struct timeval min, max;
2481 if (!timerisset(&rect->times[count - 1])) {
2485 max = rect->times[(rect->idx + count - 1) % count];
2486 qemu_timersub(tv, &max, &res);
2488 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2490 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2491 memset(rect->times, 0, sizeof (rect->times));
2495 min = rect->times[rect->idx];
2496 max = rect->times[(rect->idx + count - 1) % count];
2497 qemu_timersub(&max, &min, &res);
2499 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2500 rect->freq /= count;
2501 rect->freq = 1. / rect->freq;
2507 double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2513 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT;
2514 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT;
2516 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2517 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2518 total += vnc_stat_rect(vs->vd, i, j)->freq;
2530 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2534 rect = vnc_stat_rect(vd, x, y);
2535 if (rect->updated) {
2538 rect->times[rect->idx] = *tv;
2539 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2540 rect->updated = true;
2543 static int vnc_refresh_server_surface(VncDisplay *vd)
2547 uint8_t *server_row;
2552 struct timeval tv = { 0, 0 };
2554 if (!vd->non_adaptive) {
2555 gettimeofday(&tv, NULL);
2556 has_dirty = vnc_update_stats(vd, &tv);
2560 * Walk through the guest dirty map.
2561 * Check and copy modified bits from guest to server surface.
2562 * Update server dirty map.
2564 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2565 if (cmp_bytes > vd->ds->surface->linesize) {
2566 cmp_bytes = vd->ds->surface->linesize;
2568 guest_row = vd->guest.ds->data;
2569 server_row = vd->server->data;
2570 for (y = 0; y < vd->guest.ds->height; y++) {
2571 if (!bitmap_empty(vd->guest.dirty[y], VNC_DIRTY_BITS)) {
2574 uint8_t *server_ptr;
2576 guest_ptr = guest_row;
2577 server_ptr = server_row;
2579 for (x = 0; x + 15 < vd->guest.ds->width;
2580 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2581 if (!test_and_clear_bit((x / 16), vd->guest.dirty[y]))
2583 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2585 memcpy(server_ptr, guest_ptr, cmp_bytes);
2586 if (!vd->non_adaptive)
2587 vnc_rect_updated(vd, x, y, &tv);
2588 QTAILQ_FOREACH(vs, &vd->clients, next) {
2589 set_bit((x / 16), vs->dirty[y]);
2594 guest_row += ds_get_linesize(vd->ds);
2595 server_row += ds_get_linesize(vd->ds);
2600 static void vnc_refresh(void *opaque)
2602 VncDisplay *vd = opaque;
2604 int has_dirty, rects = 0;
2608 if (vnc_trylock_display(vd)) {
2609 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2610 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) +
2611 vd->timer_interval);
2615 has_dirty = vnc_refresh_server_surface(vd);
2616 vnc_unlock_display(vd);
2618 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2619 rects += vnc_update_client(vs, has_dirty);
2620 /* vs might be free()ed here */
2623 /* vd->timer could be NULL now if the last client disconnected,
2624 * in this case don't update the timer */
2625 if (vd->timer == NULL)
2628 if (has_dirty && rects) {
2629 vd->timer_interval /= 2;
2630 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2631 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2633 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2634 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2635 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2637 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval);
2640 static void vnc_init_timer(VncDisplay *vd)
2642 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2643 if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) {
2644 vd->timer = qemu_new_timer_ms(rt_clock, vnc_refresh, vd);
2645 vnc_dpy_resize(vd->ds);
2650 static void vnc_remove_timer(VncDisplay *vd)
2652 if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) {
2653 qemu_del_timer(vd->timer);
2654 qemu_free_timer(vd->timer);
2659 static void vnc_connect(VncDisplay *vd, int csock, int skipauth)
2661 VncState *vs = g_malloc0(sizeof(VncState));
2667 vs->auth = VNC_AUTH_NONE;
2668 #ifdef CONFIG_VNC_TLS
2669 vs->subauth = VNC_AUTH_INVALID;
2672 vs->auth = vd->auth;
2673 #ifdef CONFIG_VNC_TLS
2674 vs->subauth = vd->subauth;
2678 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
2679 for (i = 0; i < VNC_STAT_ROWS; ++i) {
2680 vs->lossy_rect[i] = g_malloc0(VNC_STAT_COLS * sizeof (uint8_t));
2683 VNC_DEBUG("New client on socket %d\n", csock);
2685 socket_set_nonblock(vs->csock);
2686 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2688 vnc_client_cache_addr(vs);
2689 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
2690 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
2697 vs->as.freq = 44100;
2698 vs->as.nchannels = 2;
2699 vs->as.fmt = AUD_FMT_S16;
2700 vs->as.endianness = 0;
2702 #ifdef CONFIG_VNC_THREAD
2703 qemu_mutex_init(&vs->output_mutex);
2704 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
2707 QTAILQ_INSERT_HEAD(&vd->clients, vs, next);
2711 vnc_write(vs, "RFB 003.008\n", 12);
2713 vnc_read_when(vs, protocol_version, 12);
2715 if (vs->vd->lock_key_sync)
2716 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
2718 vs->mouse_mode_notifier.notify = check_pointer_type_change;
2719 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
2723 /* vs might be free()ed here */
2726 static void vnc_listen_read(void *opaque)
2728 VncDisplay *vs = opaque;
2729 struct sockaddr_in addr;
2730 socklen_t addrlen = sizeof(addr);
2735 int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2737 vnc_connect(vs, csock, 0);
2741 void vnc_display_init(DisplayState *ds)
2743 VncDisplay *vs = g_malloc0(sizeof(*vs));
2745 dcl = g_malloc0(sizeof(DisplayChangeListener));
2754 QTAILQ_INIT(&vs->clients);
2755 vs->expires = TIME_MAX;
2757 if (keyboard_layout)
2758 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2760 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2762 if (!vs->kbd_layout)
2765 #ifdef CONFIG_VNC_THREAD
2766 qemu_mutex_init(&vs->mutex);
2767 vnc_start_worker_thread();
2770 dcl->dpy_copy = vnc_dpy_copy;
2771 dcl->dpy_update = vnc_dpy_update;
2772 dcl->dpy_resize = vnc_dpy_resize;
2773 dcl->dpy_setdata = vnc_dpy_setdata;
2774 register_displaychangelistener(ds, dcl);
2775 ds->mouse_set = vnc_mouse_set;
2776 ds->cursor_define = vnc_dpy_cursor_define;
2780 void vnc_display_close(DisplayState *ds)
2782 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2787 g_free(vs->display);
2790 if (vs->lsock != -1) {
2791 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2795 vs->auth = VNC_AUTH_INVALID;
2796 #ifdef CONFIG_VNC_TLS
2797 vs->subauth = VNC_AUTH_INVALID;
2798 vs->tls.x509verify = 0;
2802 int vnc_display_disable_login(DisplayState *ds)
2804 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2811 g_free(vs->password);
2814 vs->password = NULL;
2815 if (vs->auth == VNC_AUTH_NONE) {
2816 vs->auth = VNC_AUTH_VNC;
2822 int vnc_display_password(DisplayState *ds, const char *password)
2824 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2831 /* This is not the intention of this interface but err on the side
2833 return vnc_display_disable_login(ds);
2837 g_free(vs->password);
2838 vs->password = NULL;
2840 vs->password = g_strdup(password);
2841 if (vs->auth == VNC_AUTH_NONE) {
2842 vs->auth = VNC_AUTH_VNC;
2848 int vnc_display_pw_expire(DisplayState *ds, time_t expires)
2850 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2852 vs->expires = expires;
2856 char *vnc_display_local_addr(DisplayState *ds)
2858 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2860 return vnc_socket_local_addr("%s:%s", vs->lsock);
2863 int vnc_display_open(DisplayState *ds, const char *display)
2865 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2866 const char *options;
2869 #ifdef CONFIG_VNC_TLS
2870 int tls = 0, x509 = 0;
2872 #ifdef CONFIG_VNC_SASL
2876 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
2879 int lock_key_sync = 1;
2883 vnc_display_close(ds);
2884 if (strcmp(display, "none") == 0)
2887 if (!(vs->display = strdup(display)))
2889 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
2892 while ((options = strchr(options, ','))) {
2894 if (strncmp(options, "password", 8) == 0) {
2895 password = 1; /* Require password auth */
2896 } else if (strncmp(options, "reverse", 7) == 0) {
2898 } else if (strncmp(options, "no-lock-key-sync", 16) == 0) {
2900 #ifdef CONFIG_VNC_SASL
2901 } else if (strncmp(options, "sasl", 4) == 0) {
2902 sasl = 1; /* Require SASL auth */
2904 #ifdef CONFIG_VNC_TLS
2905 } else if (strncmp(options, "tls", 3) == 0) {
2906 tls = 1; /* Require TLS */
2907 } else if (strncmp(options, "x509", 4) == 0) {
2909 x509 = 1; /* Require x509 certificates */
2910 if (strncmp(options, "x509verify", 10) == 0)
2911 vs->tls.x509verify = 1; /* ...and verify client certs */
2913 /* Now check for 'x509=/some/path' postfix
2914 * and use that to setup x509 certificate/key paths */
2915 start = strchr(options, '=');
2916 end = strchr(options, ',');
2917 if (start && (!end || (start < end))) {
2918 int len = end ? end-(start+1) : strlen(start+1);
2919 char *path = g_strndup(start + 1, len);
2921 VNC_DEBUG("Trying certificate path '%s'\n", path);
2922 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2923 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2925 g_free(vs->display);
2931 fprintf(stderr, "No certificate path provided\n");
2932 g_free(vs->display);
2937 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
2938 } else if (strncmp(options, "acl", 3) == 0) {
2941 } else if (strncmp(options, "lossy", 5) == 0) {
2943 } else if (strncmp(options, "non-adapative", 13) == 0) {
2944 vs->non_adaptive = true;
2945 } else if (strncmp(options, "share=", 6) == 0) {
2946 if (strncmp(options+6, "ignore", 6) == 0) {
2947 vs->share_policy = VNC_SHARE_POLICY_IGNORE;
2948 } else if (strncmp(options+6, "allow-exclusive", 15) == 0) {
2949 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
2950 } else if (strncmp(options+6, "force-shared", 12) == 0) {
2951 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
2953 fprintf(stderr, "unknown vnc share= option\n");
2954 g_free(vs->display);
2961 #ifdef CONFIG_VNC_TLS
2962 if (acl && x509 && vs->tls.x509verify) {
2963 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2964 fprintf(stderr, "Failed to create x509 dname ACL\n");
2969 #ifdef CONFIG_VNC_SASL
2971 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2972 fprintf(stderr, "Failed to create username ACL\n");
2979 * Combinations we support here:
2981 * - no-auth (clear text, no auth)
2982 * - password (clear text, weak auth)
2983 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2984 * - tls (encrypt, weak anonymous creds, no auth)
2985 * - tls + password (encrypt, weak anonymous creds, weak auth)
2986 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2987 * - tls + x509 (encrypt, good x509 creds, no auth)
2988 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2989 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2991 * NB1. TLS is a stackable auth scheme.
2992 * NB2. the x509 schemes have option to validate a client cert dname
2995 #ifdef CONFIG_VNC_TLS
2997 vs->auth = VNC_AUTH_VENCRYPT;
2999 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3000 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
3002 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3003 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3006 #endif /* CONFIG_VNC_TLS */
3007 VNC_DEBUG("Initializing VNC server with password auth\n");
3008 vs->auth = VNC_AUTH_VNC;
3009 #ifdef CONFIG_VNC_TLS
3010 vs->subauth = VNC_AUTH_INVALID;
3012 #endif /* CONFIG_VNC_TLS */
3013 #ifdef CONFIG_VNC_SASL
3015 #ifdef CONFIG_VNC_TLS
3017 vs->auth = VNC_AUTH_VENCRYPT;
3019 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3020 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
3022 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3023 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3026 #endif /* CONFIG_VNC_TLS */
3027 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3028 vs->auth = VNC_AUTH_SASL;
3029 #ifdef CONFIG_VNC_TLS
3030 vs->subauth = VNC_AUTH_INVALID;
3032 #endif /* CONFIG_VNC_TLS */
3033 #endif /* CONFIG_VNC_SASL */
3035 #ifdef CONFIG_VNC_TLS
3037 vs->auth = VNC_AUTH_VENCRYPT;
3039 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3040 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
3042 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3043 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3047 VNC_DEBUG("Initializing VNC server with no auth\n");
3048 vs->auth = VNC_AUTH_NONE;
3049 #ifdef CONFIG_VNC_TLS
3050 vs->subauth = VNC_AUTH_INVALID;
3055 #ifdef CONFIG_VNC_SASL
3056 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
3057 fprintf(stderr, "Failed to initialize SASL auth %s",
3058 sasl_errstring(saslErr, NULL, NULL));
3059 g_free(vs->display);
3064 vs->lock_key_sync = lock_key_sync;
3067 /* connect to viewer */
3068 if (strncmp(display, "unix:", 5) == 0)
3069 vs->lsock = unix_connect(display+5);
3071 vs->lsock = inet_connect(display, SOCK_STREAM);
3072 if (-1 == vs->lsock) {
3073 g_free(vs->display);
3077 int csock = vs->lsock;
3079 vnc_connect(vs, csock, 0);
3084 /* listen for connects */
3086 dpy = g_malloc(256);
3087 if (strncmp(display, "unix:", 5) == 0) {
3088 pstrcpy(dpy, 256, "unix:");
3089 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
3091 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
3093 if (-1 == vs->lsock) {
3097 g_free(vs->display);
3101 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
3104 void vnc_display_add_client(DisplayState *ds, int csock, int skipauth)
3106 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
3108 return vnc_connect(vs, csock, skipauth);
projects / qemu.git / blob