Update to 0.6.1

This is a minor patch release which fixes the functionality of
the file_only parameter and prevents uninteded directory listings.

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "include/web-socket-js-project"]
+	path = include/web-socket-js-project
+	url = https://github.com/gimite/web-socket-js.git

CHANGES.txt

@@ -1,6 +1,30 @@
 Changes
 =======
 
+0.6.1 - May 11, 2015
+--------------------
+
+* **PATCH RELEASE**: Fixes a bug causing file_only to not be passed properly
+
+0.6.0 - Feb 18, 2014
+--------------------
+
+* **NOTE** : 0.6.0 will break existing code that sub-classes WebsocketProxy
+* Refactor to use standard SocketServer RequestHandler design
+* Fix zombie process bug on certain systems when using multiprocessing
+* Add better unit tests
+* Log information via python `logging` module
+
+0.5.1 - Jun 27, 2013
+--------------------
+
+ * use upstream einaros/ws (>=0.4.27) with websockify.js
+ * file_only and no_parent security options for WSRequestHandler
+ * Update build of web-socket-js (c0855c6cae)
+ * add include/web-socket-js-project submodule to gimite/web-socket-js
+   for DSFG compliance.
+ * drop Hixie protocol support
+
 0.4.1 - Mar 12, 2013
 --------------------
 

MANIFEST.in

@@ -1 +1,2 @@
-include CHANGES.txt websockify include README.md LICENSE.txt
+include CHANGES.txt README.md LICENSE.txt
+graft include

README.md

@@ -8,27 +8,41 @@ to normal socket traffic. Websockify accepts the WebSockets handshake,
 parses it, and then begins forwarding traffic between the client and
 the target in both directions.
 
+### News/help/contact
+
+Notable commits, announcements and news are posted to
+<a href="http://www.twitter.com/noVNC">@noVNC</a>
+
+If you are a websockify developer/integrator/user (or want to be)
+please join the <a
+href="https://groups.google.com/forum/?fromgroups#!forum/novnc">noVNC/websockify
+discussion group</a>
+
+Bugs and feature requests can be submitted via [github
+issues](https://github.com/kanaka/websockify/issues).
+
+If you want to show appreciation for websockify you could donate to a great
+non-profits such as: [Compassion
+International](http://www.compassion.com/), [SIL](http://www.sil.org),
+[Habitat for Humanity](http://www.habitat.org), [Electronic Frontier
+Foundation](https://www.eff.org/), [Against Malaria
+Foundation](http://www.againstmalaria.com/), [Nothing But
+Nets](http://www.nothingbutnets.net/), etc. Please tweet <a
+href="http://www.twitter.com/noVNC">@noVNC</a> if you do.
+
 ### WebSockets binary data
 
-Websockify 0.4.X supports all versions of the WebSockets protocol
-(Hixie and HyBi). Starting with websockify 0.5.0, only the HyBi / IETF
+Starting with websockify 0.5.0, only the HyBi / IETF
 6455 WebSocket protocol is supported.
 
-The older Hixie versions of the protocol only support UTF-8 text
-payloads. In order to transport binary data over UTF-8 an encoding
-must used to encapsulate the data within UTF-8. With Hixie clients,
-Websockify uses base64 to encode all traffic to and from the client.
-This does not affect the data between websockify and the server.
-
-With HyBi clients, websockify negotiates whether to base64 encode
-traffic to and from the client via the subprotocol header
-(Sec-WebSocket-Protocol). The valid subprotocol values are 'binary'
-and 'base64' and if the client sends both then the server (the python
-implementation) will prefer 'binary'. The 'binary' subprotocol
-indicates that the data will be sent raw using binary WebSocket
-frames. Some HyBi clients (such as the Flash fallback and older Chrome
-and iOS versions) do not support binary data which is why the
-negotiation is necessary.
+Websockify negotiates whether to base64 encode traffic to and from the
+client via the subprotocol header (Sec-WebSocket-Protocol). The valid
+subprotocol values are 'binary' and 'base64' and if the client sends
+both then the server (the python implementation) will prefer 'binary'.
+The 'binary' subprotocol indicates that the data will be sent raw
+using binary WebSocket frames. Some HyBi clients (such as the Flash
+fallback and older Chrome and iOS versions) do not support binary data
+which is why the negotiation is necessary.
 
 
 ### Encrypted WebSocket connections (wss://)
@@ -124,7 +138,7 @@ new (moved) port of the program.
 The program wrap mode is invoked by replacing the target with `--`
 followed by the program command line to wrap.
 
-    `./websockify 2023 -- PROGRAM ARGS`
+    `./run 2023 -- PROGRAM ARGS`
 
 The `--wrap-mode` option can be used to indicate what action to take
 when the wrapped program exits or daemonizes.
@@ -133,16 +147,17 @@ Here is an example of using websockify to wrap the vncserver command
 (which backgrounds itself) for use with
 [noVNC](https://github.com/kanaka/noVNC):
 
-    `./websockify 5901 --wrap-mode=ignore -- vncserver -geometry 1024x768 :1`
+    `./run 5901 --wrap-mode=ignore -- vncserver -geometry 1024x768 :1`
 
-Here is an example of wrapping telnetd (from krb5-telnetd).telnetd
+Here is an example of wrapping telnetd (from krb5-telnetd). telnetd
 exits after the connection closes so the wrap mode is set to respawn
 the command:
 
-    `sudo ./websockify 2023 --wrap-mode=respawn -- telnetd -debug 2023`
+    `sudo ./run 2023 --wrap-mode=respawn -- telnetd -debug 2023`
 
 The `wstelnet.html` page demonstrates a simple WebSockets based telnet
-client.
+client (use 'localhost' and '2023' for the host and port
+respectively).
 
 
 ### Building the Python ssl module (for python 2.5 and older)
@@ -151,11 +166,10 @@ client.
 
     `sudo aptitude install python-dev bluetooth-dev`
 
-* Download, build the ssl module and symlink to it:
+* At the top level of the websockify repostory, download, build and
+  symlink the ssl module:
 
-    `cd websockify/`
-
-    `wget http://pypi.python.org/packages/source/s/ssl/ssl-1.15.tar.gz`
+    `wget --no-check-certificate http://pypi.python.org/packages/source/s/ssl/ssl-1.15.tar.gz`
 
     `tar xvzf ssl-1.15.tar.gz`
 

Windows/Windows Service Readme.txt

@@ -12,7 +12,7 @@ Installation
 ---------------------------
 
 1. This service requires websockify.exe be in the same directory. Instructions on how to compile websockify python script as a windows executable can be found here:
-https://github.com/kanaka/noVNC/wiki/Compiling-Websockify-to-Windows-Executable
+https://github.com/kanaka/websockify/wiki/Compiling-Websockify-as-Windows-Executable
 
 2.To add this service to a Windows PC you need to run the commandline as administrator and then run this line:
 

docs/release.txt

@@ -1,4 +1,4 @@
-- Update setup.py and CHANGES.txt and commit
+- Update setup.py, CHANGES.txt and other/package.json and commit
 - Create version tag and tarball from tag
     WVER=0.1.0
     git tag v${WVER}
@@ -8,3 +8,6 @@
     python setup.py register
 - Upload the source distribution to pypi
     python setup.py sdist upload
+- Register with npmjs.org (once)
+- Upload websockify.js npmjs.org package
+    npm publish other/js

other/js/README.md

@@ -0,0 +1,7 @@
+A JavaScript implementation of the websockify WebSocket-to-TCP bridge/proxy.
+
+Copyright (C) 2013 - Joel Martin (github.com/kanaka)
+
+Licensed under LGPL-3.
+
+See http://github.com/kanaka/websockify for more info.

other/js/package.json

@@ -0,0 +1,24 @@
+{
+  "author": "Joel Martin <github@martintribe.org> (http://github.com/kanaka)",
+  "name": "websockify",
+  "description": "websockify is a WebSocket-to-TCP proxy/bridge",
+  "license": "LGPL-3",
+  "version": "0.6.1",
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/kanaka/websockify.git"
+  },
+  "files": ["../../docs/LICENSE.LGPL-3"],
+  "bin": {
+    "websockify": "./websockify.js"
+  },
+  "engines": {
+    "node": ">=0.8.9"
+  },
+  "dependencies": {
+    "ws": ">=0.4.27",
+    "base64": "latest",
+    "optimist": "latest",
+    "policyfile": "latest"
+  }
+}

other/js/websockify.js

@@ -7,14 +7,6 @@
 // Known to work with node 0.8.9
 // Requires node modules: ws, optimist and policyfile
 //     npm install ws optimist policyfile
-//
-// NOTE: 
-// This version requires a patched version of einaros/ws that supports
-// subprotocol negotiation. You can use the patched version like this:
-// 
-//     cd websockify/other
-//     git clone https://github.com/kanaka/ws
-//     npm link ./ws
 
 
 var argv = require('optimist').argv,
@@ -37,6 +29,7 @@ var argv = require('optimist').argv,
 // Handle new WebSocket client
 new_client = function(client) {
     var clientAddr = client._socket.remoteAddress, log;
+    console.log(client.upgradeReq.url);
     log = function (msg) {
         console.log(' ' + clientAddr + ': '+ msg);
     };
@@ -61,6 +54,12 @@ new_client = function(client) {
     });
     target.on('end', function() {
         log('target disconnected');
+        client.close();
+    });
+    target.on('error', function() {
+        log('target connection error');
+        target.end();
+        client.close();
     });
 
     client.on('message', function(msg) {
@@ -126,11 +125,9 @@ http_request = function (request, response) {
 
 // Select 'binary' or 'base64' subprotocol, preferring 'binary'
 selectProtocol = function(protocols, callback) {
-    var plist = protocols ? protocols.split(',') : "";
-    var plist = protocols.split(',');
-    if (plist.indexOf('binary') >= 0) {
+    if (protocols.indexOf('binary') >= 0) {
         callback(true, 'binary');
-    } else if (plist.indexOf('base64') >= 0) {
+    } else if (protocols.indexOf('base64') >= 0) {
         callback(true, 'base64');
     } else {
         console.log("Client must support 'binary' or 'base64' protocol");

other/launch.sh

@@ -16,6 +16,8 @@ usage() {
     echo "                          Default: localhost:5900"
     echo "    --cert CERT           Path to combined cert/key file"
     echo "                          Default: self.pem"
+    echo "    --web WEB             Path to web files (e.g. vnc.html)"
+    echo "                          Default: ./"
     exit 2
 }
 
@@ -24,6 +26,7 @@ HERE="$(cd "$(dirname "$0")" && pwd)"
 PORT="6080"
 VNC_DEST="localhost:5900"
 CERT=""
+WEB=""
 proxy_pid=""
 
 die() {
@@ -50,6 +53,7 @@ while [ "$*" ]; do
     --listen)  PORT="${OPTARG}"; shift            ;;
     --vnc)     VNC_DEST="${OPTARG}"; shift        ;;
     --cert)    CERT="${OPTARG}"; shift            ;;
+    --web)     WEB="${OPTARG}"; shift            ;;
     -h|--help) usage                              ;;
     -*) usage "Unknown chrooter option: ${param}" ;;
     *) break                                      ;;
@@ -60,18 +64,24 @@ done
 which netstat >/dev/null 2>&1 \
     || die "Must have netstat installed"
 
-netstat -ltn | grep -qs "${PORT}.*LISTEN" \
+netstat -ltn | grep -qs "${PORT} .*LISTEN" \
     && die "Port ${PORT} in use. Try --listen PORT"
 
 trap "cleanup" TERM QUIT INT EXIT
 
 # Find vnc.html
-if [ -e "$(pwd)/vnc.html" ]; then
+if [ -n "${WEB}" ]; then
+    if [ ! -e "${WEB}/vnc.html" ]; then
+        die "Could not find ${WEB}/vnc.html"
+    fi
+elif [ -e "$(pwd)/vnc.html" ]; then
     WEB=$(pwd)
 elif [ -e "${HERE}/../vnc.html" ]; then
     WEB=${HERE}/../
 elif [ -e "${HERE}/vnc.html" ]; then
     WEB=${HERE}
+elif [ -e "${HERE}/../share/novnc/vnc.html" ]; then
+    WEB=${HERE}/../share/novnc/
 else
     die "Could not find vnc.html"
 fi
@@ -92,7 +102,7 @@ else
 fi
 
 echo "Starting webserver and WebSockets proxy on port ${PORT}"
-${HERE}/wsproxy.py --web ${WEB} ${CERT:+--cert ${CERT}} ${PORT} ${VNC_DEST} &
+${HERE}/websockify --web ${WEB} ${CERT:+--cert ${CERT}} ${PORT} ${VNC_DEST} &
 proxy_pid="$!"
 sleep 1
 if ! ps -p ${proxy_pid} >/dev/null; then
@@ -101,7 +111,7 @@ if ! ps -p ${proxy_pid} >/dev/null; then
     exit 1
 fi
 
-echo -e "\n\nNavigate to to this URL:\n"
+echo -e "\n\nNavigate to this URL:\n"
 echo -e "    http://$(hostname):${PORT}/vnc.html?host=$(hostname)&port=${PORT}\n"
 echo -e "Press Ctrl-C to exit\n\n"
 

other/websocket.c

@@ -795,7 +795,7 @@ void start_server() {
         }
         handler_msg("handler exit\n");
     } else {
-        handler_msg("wsproxy exit\n");
+        handler_msg("websockify exit\n");
     }
 
 }

other/websocket.rb

@@ -9,11 +9,22 @@
 #     - http://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-10
 
 require 'gserver'
+require 'openssl'
 require 'stringio'
 require 'digest/md5'
 require 'digest/sha1'
 require 'base64'
 
+unless OpenSSL::SSL::SSLSocket.instance_methods.index("read_nonblock")
+  module OpenSSL
+    module SSL
+      class SSLSocket
+        alias :read_nonblock :readpartial
+      end
+    end
+  end
+end
+
 class EClose < Exception
 end
 
@@ -44,7 +55,17 @@ Sec-WebSocket-Accept: %s\r
     host = opts['listen_host'] || GServer::DEFAULT_HOST
 
     super(port, host)
-   
+    msg opts.inspect
+    if opts['server_cert']
+      msg "creating ssl context"
+      @sslContext = OpenSSL::SSL::SSLContext.new
+      @sslContext.cert = OpenSSL::X509::Certificate.new(File.open(opts['server_cert']))
+      @sslContext.key = OpenSSL::PKey::RSA.new(File.open(opts['server_key']))
+      @sslContext.ca_file = opts['server_cert']
+      @sslContext.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      @sslContext.verify_depth = 0
+    end
+
     @@client_id = 0  # Track client number total on class
 
     @verbose = opts['verbose']
@@ -53,6 +74,18 @@ Sec-WebSocket-Accept: %s\r
   
   def serve(io)
     @@client_id += 1
+    msg self.inspect
+    if @sslContext
+      msg "Enabling SSL context"
+      ssl = OpenSSL::SSL::SSLSocket.new(io, @sslContext)
+      #ssl.sync_close = true
+      #ssl.sync = true
+      msg "SSL accepting"
+      ssl.accept
+      io = ssl # replace the unencrypted handle with the encrypted one
+    end
+    
+    msg "initializing thread"
 
     # Initialize per thread state
     t = Thread.current
@@ -61,11 +94,11 @@ Sec-WebSocket-Accept: %s\r
     t[:recv_part] = nil
     t[:base64] = nil
 
-    puts "in serve, client: #{t[:client].inspect}"
+    puts "in serve, client: #{t[:my_client_id].inspect}"
 
     begin
       t[:client] = do_handshake(io)
-      new_client(t[:client])
+      new_websocket_client(t[:client])
     rescue EClose => e
       msg "Client closed: #{e.message}"
       return
@@ -85,12 +118,12 @@ Sec-WebSocket-Accept: %s\r
     if @verbose then print token; STDOUT.flush; end
   end
 
-  def msg(msg)
-    puts "% 3d: %s" % [Thread.current[:my_client_id], msg]
+  def msg(m)
+    printf("% 3d: %s\n", Thread.current[:my_client_id] || 0, m)
   end
 
-  def vmsg(msg)
-    if @verbose then msg(msg) end
+  def vmsg(m)
+    if @verbose then msg(m) end
   end
 
   #
@@ -110,12 +143,11 @@ Sec-WebSocket-Accept: %s\r
 
   def unmask(buf, hlen, length)
     pstart = hlen + 4
-    mask = buf[hlen...hlen+4]
+    mask = buf[hlen...hlen+4].each_byte.map{|b|b}
     data = buf[pstart...pstart+length]
     #data = data.bytes.zip(mask.bytes.cycle(length)).map { |d,m| d^m }
-    for i in (0...data.length) do
-      data[i] ^= mask[i%4]
-    end
+    i=-1
+    data = data.each_byte.map{|b| i+=1; (b ^ mask[i % 4]).chr}.join("")
     return data
   end
 
@@ -237,7 +269,7 @@ Sec-WebSocket-Accept: %s\r
 
     while t[:send_parts].length > 0
       buf = t[:send_parts].shift
-      sent = t[:client].send(buf, 0)
+      sent = t[:client].write(buf)
 
       if sent == buf.length
         traffic "<"
@@ -257,7 +289,7 @@ Sec-WebSocket-Accept: %s\r
     closed = false
     bufs = []
 
-    buf = t[:client].recv(@@Buffer_size)
+    buf = t[:client].read_nonblock(@@Buffer_size)
 
     if buf.length == 0
       return bufs, "Client closed abrubtly"
@@ -286,10 +318,10 @@ Sec-WebSocket-Accept: %s\r
           end
         end
       else
-        if buf[0...2] == "\xff\x00":
+        if buf[0...2] == "\xff\x00"
           closed = "Client sent orderly close frame"
           break
-        elsif buf[0...2] == "\x00\xff":
+        elsif buf[0...2] == "\x00\xff"
           buf = buf[2...buf.length]
           continue # No-op frame
         elsif buf.count("\xff") == 0
@@ -308,7 +340,7 @@ Sec-WebSocket-Accept: %s\r
 
       bufs << frame['payload']
 
-      if frame['left'] > 0:
+      if frame['left'] > 0
         buf = buf[-frame['left']...buf.length]
       else
         buf = ''
@@ -328,10 +360,10 @@ Sec-WebSocket-Accept: %s\r
       end
 
       buf, lenh, lent = encode_hybi(msg, opcode=0x08, base64=false)
-      t[:client].send(buf, 0)
+      t[:client].write(buf)
     elsif t[:version] == "hixie-76"
       buf = "\xff\x00"
-      t[:client].send(buf, 0)
+      t[:client].write(buf)
     end
   end
 
@@ -344,16 +376,21 @@ Sec-WebSocket-Accept: %s\r
       raise EClose, "ignoring socket not ready"
     end
 
-    handshake = sock.recv(1024, Socket::MSG_PEEK)
-    #msg "Handshake [#{handshake.inspect}]"
+    handshake = ""
+    msg "About to read from sock [#{sock.inspect}]"
+    handshake = sock.read_nonblock(1024)
+    msg "Handshake [#{handshake.inspect}]"
 
-    if handshake == ""
+    if handshake == nil or handshake == ""
       raise(EClose, "ignoring empty handshake")
     else
       stype = "Plain non-SSL (ws://)"
       scheme = "ws"
+      if sock.class == OpenSSL::SSL::SSLSocket
+        stype = "SSL (wss://)"
+        scheme = "wss"
+      end
       retsock = sock
-      sock.recv(1024)
     end
 
     h = t[:headers] = {}
@@ -365,7 +402,7 @@ Sec-WebSocket-Accept: %s\r
       hsplit = hline.match(/^([^:]+):\s*(.+)$/)
       h[hsplit[1].strip.downcase] = hsplit[2]
     end
-    #puts "Headers: #{h.inspect}"
+    puts "Headers: #{h.inspect}"
 
     unless h.has_key?('upgrade') &&
        h['upgrade'].downcase == 'websocket'
@@ -445,7 +482,7 @@ Sec-WebSocket-Accept: %s\r
     if t[:path] then msg "Path: '%s'" % [t[:path]] end
 
     #puts "sending reponse #{response.inspect}"
-    retsock.send(response, 0)
+    retsock.write(response)
 
     # Return the WebSocket socket which may be SSL wrapped
     return retsock

other/websockify.rb

@@ -39,7 +39,7 @@ Traffic Legend:
   end
 
   # Echo back whatever is received    
-  def new_client(client)
+  def new_websocket_client(client)
 
     msg "connecting to: %s:%s" % [@target_host, @target_port]
     tsock = TCPSocket.open(@target_host, @target_port)
@@ -92,7 +92,7 @@ Traffic Legend:
       # Receive target data and queue for the client
       if ins && ins.include?(target)
         buf = target.recv(@@Buffer_size)
-        if buf.length == 0:
+        if buf.length == 0
           raise EClose, "Target closed"
         end
 
@@ -128,7 +128,7 @@ parser = OptionParser.new do |o|
   o.parse!
 end
 
-if ARGV.length < 2:
+if ARGV.length < 2
   puts "Too few arguments"
   exit 2
 end

rebind.c

@@ -7,8 +7,8 @@
  * REBIND_PORT_NEW environment variables are set then bind on the new
  * port (of localhost) instead of the old port. 
  *
- * This allows a proxy (such as wsproxy) to run on the old port and translate
- * traffic to/from the new port.
+ * This allows a bridge/proxy (such as websockify) to run on the old port and
+ * translate traffic to/from the new port.
  *
  * Usage:
  *     LD_PRELOAD=./rebind.so \

setup.py

@@ -1,6 +1,6 @@
 from setuptools import setup, find_packages
 
-version = '0.4.1'
+version = '0.6.1'
 name = 'websockify'
 long_description = open("README.md").read() + "\n" + \
     open("CHANGES.txt").read() + "\n"

tests/echo.py

@@ -10,17 +10,17 @@ openssl req -new -x509 -days 365 -nodes -out self.pem -keyout self.pem
 as taken from http://docs.python.org/dev/library/ssl.html#certificates
 '''
 
-import os, sys, select, optparse
-sys.path.insert(0,os.path.dirname(__file__) + "/../")
-from websocket import WebSocketServer
+import os, sys, select, optparse, logging
+sys.path.insert(0,os.path.join(os.path.dirname(__file__), ".."))
+from websockify.websocket import WebSocketServer, WebSocketRequestHandler
 
-class WebSocketEcho(WebSocketServer):
+class WebSocketEcho(WebSocketRequestHandler):
     """
     WebSockets server that echos back whatever is received from the
     client.  """
     buffer_size = 8096
 
-    def new_client(self):
+    def new_websocket_client(self):
         """
         Echo back whatever is received.
         """
@@ -28,28 +28,27 @@ class WebSocketEcho(WebSocketServer):
         cqueue = []
         c_pend = 0
         cpartial = ""
-        rlist = [self.client]
+        rlist = [self.request]
 
         while True:
             wlist = []
 
-            if cqueue or c_pend: wlist.append(self.client)
+            if cqueue or c_pend: wlist.append(self.request)
             ins, outs, excepts = select.select(rlist, wlist, [], 1)
             if excepts: raise Exception("Socket exception")
 
-            if self.client in outs:
+            if self.request in outs:
                 # Send queued target data to the client
                 c_pend = self.send_frames(cqueue)
                 cqueue = []
 
-            if self.client in ins:
+            if self.request in ins:
                 # Receive client data, decode it, and send it back
                 frames, closed = self.recv_frames()
                 cqueue.extend(frames)
 
                 if closed:
                     self.send_close()
-                    raise self.EClose(closed)
 
 if __name__ == '__main__':
     parser = optparse.OptionParser(usage="%prog [options] listen_port")
@@ -69,7 +68,9 @@ if __name__ == '__main__':
     except:
         parser.error("Invalid arguments")
 
+    logging.basicConfig(level=logging.INFO)
+
     opts.web = "."
-    server = WebSocketEcho(**opts.__dict__)
+    server = WebSocketServer(WebSocketEcho, **opts.__dict__)
     server.start_server()
 

tests/echo.rb

@@ -12,7 +12,7 @@ require 'websocket'
 class WebSocketEcho < WebSocketServer
 
   # Echo back whatever is received    
-  def new_client(client)
+  def new_websocket_client(client)
 
     cqueue = []
     c_pend = 0
@@ -50,10 +50,17 @@ class WebSocketEcho < WebSocketServer
   end
 end
 
-port = ARGV[0].to_i
+port = ARGV[0].to_i || 8080
 puts "Starting server on port #{port}"
+server_cert = nil
+server_key = nil
+if ARGV.length > 2
+  server_cert = ARGV[1]
+  server_key = ARGV[2]
+end
 
-server = WebSocketEcho.new('listen_port' => port, 'verbose' => true)
+server = WebSocketEcho.new('listen_port' => port, 'verbose' => true, 
+  'server_cert' => server_cert, 'server_key' => server_key)
 server.start
 server.join
 

tests/load.py

@@ -6,35 +6,37 @@ that has a random payload (length and content) that is checksummed and
 given a sequence number. Any errors are reported and counted.
 '''
 
-import sys, os, select, random, time, optparse
-sys.path.insert(0,os.path.dirname(__file__) + "/../")
-from websocket import WebSocketServer
+import sys, os, select, random, time, optparse, logging
+sys.path.insert(0,os.path.join(os.path.dirname(__file__), ".."))
+from websockify.websocket import WebSocketServer, WebSocketRequestHandler
 
-class WebSocketLoad(WebSocketServer):
+class WebSocketLoadServer(WebSocketServer):
 
-    buffer_size = 65536
-
-    max_packet_size = 10000
     recv_cnt = 0
     send_cnt = 0
 
     def __init__(self, *args, **kwargs):
-        self.errors = 0
         self.delay = kwargs.pop('delay')
 
+        WebSocketServer.__init__(self, *args, **kwargs)
+
+
+class WebSocketLoad(WebSocketRequestHandler):
+
+    max_packet_size = 10000
+
+    def new_websocket_client(self):
         print "Prepopulating random array"
         self.rand_array = []
         for i in range(0, self.max_packet_size):
             self.rand_array.append(random.randint(0, 9))
 
-        WebSocketServer.__init__(self, *args, **kwargs)
-
-    def new_client(self):
+        self.errors = 0
         self.send_cnt = 0
         self.recv_cnt = 0
 
         try:
-            self.responder(self.client)
+            self.responder(self.request)
         except:
             print "accumulated errors:", self.errors
             self.errors = 0
@@ -61,14 +63,13 @@ class WebSocketLoad(WebSocketServer):
 
                 if closed:
                     self.send_close()
-                    raise self.EClose(closed)
 
             now = time.time() * 1000
             if client in outs:
                 if c_pend:
                     last_send = now
                     c_pend = self.send_frames()
-                elif now > (last_send + self.delay):
+                elif now > (last_send + self.server.delay):
                     last_send = now
                     c_pend = self.send_frames([self.generate()])
 
@@ -161,7 +162,9 @@ if __name__ == '__main__':
     except:
         parser.error("Invalid arguments")
 
+    logging.basicConfig(level=logging.INFO)
+
     opts.web = "."
-    server = WebSocketLoad(**opts.__dict__)
+    server = WebSocketLoadServer(WebSocketLoad, **opts.__dict__)
     server.start_server()
 

tests/test_websocket.py

@@ -0,0 +1,243 @@
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright(c)2013 NTT corp. All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+""" Unit tests for websocket """
+import errno
+import os
+import logging
+import select
+import shutil
+import socket
+import ssl
+import stubout
+import sys
+import tempfile
+import unittest
+from ssl import SSLError
+from websockify import websocket as websocket
+from SimpleHTTPServer import SimpleHTTPRequestHandler
+
+
+class MockConnection(object):
+    def __init__(self, path):
+        self.path = path
+
+    def makefile(self, mode='r', bufsize=-1):
+        return open(self.path, mode, bufsize)
+
+
+class WebSocketTestCase(unittest.TestCase):
+
+    def _init_logger(self, tmpdir):
+        name = 'websocket-unittest'
+        logger = logging.getLogger(name)
+        logger.setLevel(logging.DEBUG)
+        logger.propagate = True
+        filename = "%s.log" % (name)
+        handler = logging.FileHandler(filename)
+        handler.setFormatter(logging.Formatter("%(message)s"))
+        logger.addHandler(handler)
+
+    def setUp(self):
+        """Called automatically before each test."""
+        super(WebSocketTestCase, self).setUp()
+        self.stubs = stubout.StubOutForTesting()
+        # Temporary dir for test data
+        self.tmpdir = tempfile.mkdtemp()
+        # Put log somewhere persistent
+        self._init_logger('./')
+        # Mock this out cause it screws tests up
+        self.stubs.Set(os, 'chdir', lambda *args, **kwargs: None)
+        self.server = self._get_websockserver(daemon=True,
+                                              ssl_only=False)
+        self.soc = self.server.socket('localhost')
+
+    def tearDown(self):
+        """Called automatically after each test."""
+        self.stubs.UnsetAll()
+        shutil.rmtree(self.tmpdir)
+        super(WebSocketTestCase, self).tearDown()
+
+    def _get_websockserver(self, **kwargs):
+        return websocket.WebSocketServer(listen_host='localhost',
+                                         listen_port=80,
+                                         key=self.tmpdir,
+                                         web=self.tmpdir,
+                                         record=self.tmpdir,
+                                         **kwargs)        
+
+    def _mock_os_open_oserror(self, file, flags):
+        raise OSError('')
+
+    def _mock_os_close_oserror(self, fd):
+        raise OSError('')
+
+    def _mock_os_close_oserror_EBADF(self, fd):
+        raise OSError(errno.EBADF, '')
+
+    def _mock_socket(self, *args, **kwargs):
+        return self.soc
+
+    def _mock_select(self, rlist, wlist, xlist, timeout=None):
+        return '_mock_select'
+
+    def _mock_select_exception(self, rlist, wlist, xlist, timeout=None):
+        raise Exception
+
+    def _mock_select_keyboardinterrupt(self, rlist, wlist,
+                                       xlist, timeout=None):
+        raise KeyboardInterrupt
+
+    def _mock_select_systemexit(self, rlist, wlist, xlist, timeout=None):
+        sys.exit()
+
+    def test_daemonize_error(self):
+        soc = self._get_websockserver(daemon=True, ssl_only=1, idle_timeout=1)
+        self.stubs.Set(os, 'fork', lambda *args: None)
+        self.stubs.Set(os, 'setsid', lambda *args: None)
+        self.stubs.Set(os, 'close', self._mock_os_close_oserror)
+        self.assertRaises(OSError, soc.daemonize, keepfd=None, chdir='./')
+
+    def test_daemonize_EBADF_error(self):
+        soc = self._get_websockserver(daemon=True, ssl_only=1, idle_timeout=1)
+        self.stubs.Set(os, 'fork', lambda *args: None)
+        self.stubs.Set(os, 'setsid', lambda *args: None)
+        self.stubs.Set(os, 'close', self._mock_os_close_oserror_EBADF)
+        self.stubs.Set(os, 'open', self._mock_os_open_oserror)
+        self.assertRaises(OSError, soc.daemonize, keepfd=None, chdir='./')
+
+    def test_decode_hybi(self):
+        soc = self._get_websockserver(daemon=False, ssl_only=1, idle_timeout=1)
+        self.assertRaises(Exception, soc.decode_hybi, 'a' * 128,
+                          base64=True)
+
+    def test_do_websocket_handshake(self):
+        soc = self._get_websockserver(daemon=True, ssl_only=0, idle_timeout=1)
+        soc.scheme = 'scheme'
+        headers = {'Sec-WebSocket-Protocol': 'binary',
+                   'Sec-WebSocket-Version': '7',
+                   'Sec-WebSocket-Key': 'foo'}
+        soc.do_websocket_handshake(headers, '127.0.0.1')
+
+    def test_do_handshake(self):
+        soc = self._get_websockserver(daemon=True, ssl_only=0, idle_timeout=1)
+        self.stubs.Set(select, 'select', self._mock_select)
+        self.stubs.Set(socket._socketobject, 'recv', lambda *args: 'mock_recv')
+        self.assertRaises(Exception, soc.do_handshake, self.soc, '127.0.0.1')
+
+    def test_do_handshake_ssl_error(self):
+        soc = self._get_websockserver(daemon=True, ssl_only=0, idle_timeout=1)
+
+        def _mock_wrap_socket(*args, **kwargs):
+            from ssl import SSLError
+            raise SSLError('unit test exception')
+
+        self.stubs.Set(select, 'select', self._mock_select)
+        self.stubs.Set(socket._socketobject, 'recv', lambda *args: '\x16')
+        self.stubs.Set(ssl, 'wrap_socket', _mock_wrap_socket)
+        self.assertRaises(SSLError, soc.do_handshake, self.soc, '127.0.0.1')
+
+    def test_fallback_SIGCHILD(self):
+        soc = self._get_websockserver(daemon=True, ssl_only=0, idle_timeout=1)
+        soc.fallback_SIGCHLD(None, None)
+
+    def test_start_server_Exception(self):
+        soc = self._get_websockserver(daemon=False, ssl_only=1, idle_timeout=1)
+        self.stubs.Set(websocket.WebSocketServer, 'socket', self._mock_socket)
+        self.stubs.Set(websocket.WebSocketServer, 'daemonize',
+                       lambda *args, **kwargs: None)
+        self.stubs.Set(select, 'select', self._mock_select_exception)
+        self.assertEqual(None, soc.start_server())
+
+    def test_start_server_KeyboardInterrupt(self):
+        soc = self._get_websockserver(daemon=False, ssl_only=1, idle_timeout=1)
+        self.stubs.Set(websocket.WebSocketServer, 'socket', self._mock_socket)
+        self.stubs.Set(websocket.WebSocketServer, 'daemonize',
+                       lambda *args, **kwargs: None)
+        self.stubs.Set(select, 'select', self._mock_select_keyboardinterrupt)
+        self.assertEqual(None, soc.start_server())
+
+    def test_start_server_systemexit(self):
+        websocket.ssl = None
+        self.stubs.Set(websocket.WebSocketServer, 'socket', self._mock_socket)
+        self.stubs.Set(websocket.WebSocketServer, 'daemonize',
+                       lambda *args, **kwargs: None)
+        self.stubs.Set(select, 'select', self._mock_select_systemexit)
+        soc = self._get_websockserver(daemon=True, ssl_only=0, idle_timeout=1,
+                                      verbose=True)
+        self.assertEqual(None, soc.start_server())
+
+    def test_WSRequestHandle_do_GET_nofile(self):
+        request = 'GET /tmp.txt HTTP/0.9'
+        with tempfile.NamedTemporaryFile() as test_file:
+            test_file.write(request)
+            test_file.flush()
+            test_file.seek(0)
+            con = MockConnection(test_file.name)
+            soc = websocket.WSRequestHandler(con, "127.0.0.1", file_only=True)
+            soc.path = ''
+            soc.headers = {'upgrade': ''}
+            self.stubs.Set(SimpleHTTPRequestHandler, 'send_response',
+                           lambda *args: None)
+            soc.do_GET()
+            self.assertEqual(404, soc.last_code)
+
+    def test_WSRequestHandle_do_GET_hidden_resource(self):
+        request = 'GET /tmp.txt HTTP/0.9'
+        with tempfile.NamedTemporaryFile() as test_file:
+            test_file.write(request)
+            test_file.flush()
+            test_file.seek(0)
+            con = MockConnection(test_file.name)
+            soc = websocket.WSRequestHandler(con, '127.0.0.1', no_parent=True)
+            soc.path = test_file.name + '?'
+            soc.headers = {'upgrade': ''}
+            soc.webroot = 'no match startswith'
+            self.stubs.Set(SimpleHTTPRequestHandler,
+                           'send_response',
+                           lambda *args: None)
+        soc.do_GET()
+        self.assertEqual(403, soc.last_code)
+
+    def testsocket_set_keepalive_options(self):
+        keepcnt = 12
+        keepidle = 34
+        keepintvl = 56
+
+        sock = self.server.socket('localhost',
+                                  tcp_keepcnt=keepcnt,
+                                  tcp_keepidle=keepidle,
+                                  tcp_keepintvl=keepintvl)
+
+        self.assertEqual(sock.getsockopt(socket.SOL_TCP,
+                                         socket.TCP_KEEPCNT), keepcnt)
+        self.assertEqual(sock.getsockopt(socket.SOL_TCP,
+                                         socket.TCP_KEEPIDLE), keepidle)
+        self.assertEqual(sock.getsockopt(socket.SOL_TCP,
+                                         socket.TCP_KEEPINTVL), keepintvl)
+
+        sock = self.server.socket('localhost',
+                                  tcp_keepalive=False,
+                                  tcp_keepcnt=keepcnt,
+                                  tcp_keepidle=keepidle,
+                                  tcp_keepintvl=keepintvl)
+
+        self.assertNotEqual(sock.getsockopt(socket.SOL_TCP,
+                                            socket.TCP_KEEPCNT), keepcnt)
+        self.assertNotEqual(sock.getsockopt(socket.SOL_TCP,
+                                            socket.TCP_KEEPIDLE), keepidle)
+        self.assertNotEqual(sock.getsockopt(socket.SOL_TCP,
+                                            socket.TCP_KEEPINTVL), keepintvl)

tests/test_websocketproxy.py

@@ -0,0 +1,127 @@
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright(c)2013 NTT corp. All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+""" Unit tests for websocketproxy """
+import os
+import logging
+import select
+import shutil
+import stubout
+import subprocess
+import tempfile
+import time
+import unittest
+
+from websockify import websocketproxy
+
+
+class MockSocket(object):
+    def __init__(*args, **kwargs):
+        pass
+
+    def shutdown(*args):
+        pass
+
+    def close(*args):
+        pass
+
+
+class WebSocketProxyTest(unittest.TestCase):
+
+    def _init_logger(self, tmpdir):
+        name = 'websocket-unittest'
+        logger = logging.getLogger(name)
+        logger.setLevel(logging.DEBUG)
+        logger.propagate = True
+        filename = "%s.log" % (name)
+        handler = logging.FileHandler(filename)
+        handler.setFormatter(logging.Formatter("%(message)s"))
+        logger.addHandler(handler)
+
+    def setUp(self):
+        """Called automatically before each test."""
+        super(WebSocketProxyTest, self).setUp()
+        self.soc = ''
+        self.stubs = stubout.StubOutForTesting()
+        # Temporary dir for test data
+        self.tmpdir = tempfile.mkdtemp()
+        # Put log somewhere persistent
+        self._init_logger('./')
+        # Mock this out cause it screws tests up
+        self.stubs.Set(os, 'chdir', lambda *args, **kwargs: None)
+
+    def tearDown(self):
+        """Called automatically after each test."""
+        self.stubs.UnsetAll()
+        shutil.rmtree(self.tmpdir)
+        super(WebSocketProxyTest, self).tearDown()
+
+    def _get_websockproxy(self, **kwargs):
+        return websocketproxy.WebSocketProxy(key=self.tmpdir,
+                                             web=self.tmpdir,
+                                             record=self.tmpdir,
+                                             **kwargs)
+
+    def test_run_wrap_cmd(self):
+        web_socket_proxy = self._get_websockproxy()
+        web_socket_proxy.__dict__["wrap_cmd"] = "wrap_cmd"
+
+        def mock_Popen(*args, **kwargs):
+            return '_mock_cmd'
+
+        self.stubs.Set(subprocess, 'Popen', mock_Popen)
+        web_socket_proxy.run_wrap_cmd()
+        self.assertEquals(web_socket_proxy.spawn_message, True)
+
+    def test_started(self):
+        web_socket_proxy = self._get_websockproxy()
+        web_socket_proxy.__dict__["spawn_message"] = False
+        web_socket_proxy.__dict__["wrap_cmd"] = "wrap_cmd"
+
+        def mock_run_wrap_cmd(*args, **kwargs):
+            web_socket_proxy.__dict__["spawn_message"] = True
+
+        self.stubs.Set(web_socket_proxy, 'run_wrap_cmd', mock_run_wrap_cmd)
+        web_socket_proxy.started()
+        self.assertEquals(web_socket_proxy.__dict__["spawn_message"], True)
+
+    def test_poll(self):
+        web_socket_proxy = self._get_websockproxy()
+        web_socket_proxy.__dict__["wrap_cmd"] = "wrap_cmd"
+        web_socket_proxy.__dict__["wrap_mode"] = "respawn"
+        web_socket_proxy.__dict__["wrap_times"] = [99999999]
+        web_socket_proxy.__dict__["spawn_message"] = True
+        web_socket_proxy.__dict__["cmd"] = None
+        self.stubs.Set(time, 'time', lambda: 100000000.000)
+        web_socket_proxy.poll()
+        self.assertEquals(web_socket_proxy.spawn_message, False)
+
+    def test_new_client(self):
+        web_socket_proxy = self._get_websockproxy()
+        web_socket_proxy.__dict__["verbose"] = "verbose"
+        web_socket_proxy.__dict__["daemon"] = None
+        web_socket_proxy.__dict__["client"] = "client"
+
+        self.stubs.Set(web_socket_proxy, 'socket', MockSocket)
+
+        def mock_select(*args, **kwargs):
+            ins = None
+            outs = None
+            excepts = "excepts"
+            return ins, outs, excepts
+
+        self.stubs.Set(select, 'select', mock_select)
+        self.assertRaises(Exception, web_socket_proxy.new_websocket_client)

tests/tox.ini

@@ -0,0 +1,20 @@
+# Tox (http://tox.testrun.org/) is a tool for running tests
+# in multiple virtualenvs. This configuration file will run the
+# test suite on all supported python versions. To use it, "pip install tox"
+# and then run "tox" from this directory.
+
+[tox]
+envlist = py24,py25,py26,py27,py30
+setupdir = ../
+
+[testenv]
+commands = nosetests {posargs}
+deps =
+    mox
+    nose
+
+# At some point we should enable this since tox epdctes it to exist but
+# the code will need pep8ising first. 
+#[testenv:pep8]
+#commands = flake8
+#dep = flake8

tests/utf8-list.py

@@ -5,18 +5,15 @@ Display UTF-8 encoding for 0-255.'''
 
 import sys, os, socket, ssl, time, traceback
 from select import select
-
-sys.path.insert(0,os.path.dirname(__file__) + "/../")
-from websocket import WebSocketServer
+sys.path.insert(0,os.path.join(os.path.dirname(__file__), ".."))
+from websockify.websocket import WebSocketServer
 
 if __name__ == '__main__':
-    print "val: hixie | hybi_base64 | hybi_binary"
+    print "val: hybi_base64 | hybi_binary"
     for c in range(0, 256):
-        hixie = WebSocketServer.encode_hixie(chr(c))
         hybi_base64 = WebSocketServer.encode_hybi(chr(c), opcode=1,
                 base64=True)
         hybi_binary = WebSocketServer.encode_hybi(chr(c), opcode=2,
                 base64=False)
-        print "%d: %s | %s | %s" % (c, repr(hixie), repr(hybi_base64),
-                repr(hybi_binary))
+        print "%d: %s | %s" % (c, repr(hybi_base64), repr(hybi_binary))
 

websockify/websocketproxy.py

@@ -11,7 +11,11 @@ as taken from http://docs.python.org/dev/library/ssl.html#certificates
 
 '''
 
-import signal, socket, optparse, time, os, sys, subprocess
+import signal, socket, optparse, time, os, sys, subprocess, logging
+try:    from socketserver import ForkingMixIn
+except: from SocketServer import ForkingMixIn
+try:    from http.server import HTTPServer
+except: from BaseHTTPServer import HTTPServer
 from select import select
 import websocket
 try:
@@ -20,15 +24,7 @@ except:
     from cgi import parse_qs
     from urlparse import urlparse
 
-class WebSocketProxy(websocket.WebSocketServer):
-    """
-    Proxy traffic to and from a WebSockets client to a normal TCP
-    socket server target. All traffic to/from the client is base64
-    encoded/decoded to allow binary data to be sent/received to/from
-    the target.
-    """
-
-    buffer_size = 65536
+class ProxyRequestHandler(websocket.WebSocketRequestHandler):
 
     traffic_legend = """
 Traffic Legend:
@@ -42,148 +38,33 @@ Traffic Legend:
     <. - Client send partial
 """
 
-    def __init__(self, *args, **kwargs):
-        # Save off proxy specific options
-        self.target_host    = kwargs.pop('target_host', None)
-        self.target_port    = kwargs.pop('target_port', None)
-        self.wrap_cmd       = kwargs.pop('wrap_cmd', None)
-        self.wrap_mode      = kwargs.pop('wrap_mode', None)
-        self.unix_target    = kwargs.pop('unix_target', None)
-        self.ssl_target     = kwargs.pop('ssl_target', None)
-        self.target_cfg     = kwargs.pop('target_cfg', None)
-        # Last 3 timestamps command was run
-        self.wrap_times    = [0, 0, 0]
-
-        if self.wrap_cmd:
-            rebinder_path = ['./', os.path.dirname(sys.argv[0])]
-            self.rebinder = None
-
-            for rdir in rebinder_path:
-                rpath = os.path.join(rdir, "rebind.so")
-                if os.path.exists(rpath):
-                    self.rebinder = rpath
-                    break
-
-            if not self.rebinder:
-                raise Exception("rebind.so not found, perhaps you need to run make")
-            self.rebinder = os.path.abspath(self.rebinder)
-
-            self.target_host = "127.0.0.1"  # Loopback
-            # Find a free high port
-            sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-            sock.bind(('', 0))
-            self.target_port = sock.getsockname()[1]
-            sock.close()
-
-            os.environ.update({
-                "LD_PRELOAD": self.rebinder,
-                "REBIND_OLD_PORT": str(kwargs['listen_port']),
-                "REBIND_NEW_PORT": str(self.target_port)})
-
-        if self.target_cfg:
-            self.target_cfg = os.path.abspath(self.target_cfg)
-
-        websocket.WebSocketServer.__init__(self, *args, **kwargs)
-
-    def run_wrap_cmd(self):
-        print("Starting '%s'" % " ".join(self.wrap_cmd))
-        self.wrap_times.append(time.time())
-        self.wrap_times.pop(0)
-        self.cmd = subprocess.Popen(
-                self.wrap_cmd, env=os.environ, preexec_fn=_subprocess_setup)
-        self.spawn_message = True
-
-    def started(self):
-        """
-        Called after Websockets server startup (i.e. after daemonize)
-        """
-        # Need to call wrapped command after daemonization so we can
-        # know when the wrapped command exits
-        if self.wrap_cmd:
-            dst_string = "'%s' (port %s)" % (" ".join(self.wrap_cmd), self.target_port)
-        elif self.unix_target:
-            dst_string = self.unix_target
-        else:
-            dst_string = "%s:%s" % (self.target_host, self.target_port)
-
-        if self.target_cfg:
-            msg = "  - proxying from %s:%s to targets in %s" % (
-                self.listen_host, self.listen_port, self.target_cfg)
-        else:
-            msg = "  - proxying from %s:%s to %s" % (
-                self.listen_host, self.listen_port, dst_string)
-
-        if self.ssl_target:
-            msg += " (using SSL)"
-
-        print(msg + "\n")
-
-        if self.wrap_cmd:
-            self.run_wrap_cmd()
-
-    def poll(self):
-        # If we are wrapping a command, check it's status
-
-        if self.wrap_cmd and self.cmd:
-            ret = self.cmd.poll()
-            if ret != None:
-                self.vmsg("Wrapped command exited (or daemon). Returned %s" % ret)
-                self.cmd = None
-
-        if self.wrap_cmd and self.cmd == None:
-            # Response to wrapped command being gone
-            if self.wrap_mode == "ignore":
-                pass
-            elif self.wrap_mode == "exit":
-                sys.exit(ret)
-            elif self.wrap_mode == "respawn":
-                now = time.time()
-                avg = sum(self.wrap_times)/len(self.wrap_times)
-                if (now - avg) < 10:
-                    # 3 times in the last 10 seconds
-                    if self.spawn_message:
-                        print("Command respawning too fast")
-                        self.spawn_message = False
-                else:
-                    self.run_wrap_cmd()
-
-    #
-    # Routines above this point are run in the master listener
-    # process.
-    #
-
-    #
-    # Routines below this point are connection handler routines and
-    # will be run in a separate forked process for each connection.
-    #
-
-    def new_client(self):
+    def new_websocket_client(self):
         """
         Called after a new WebSocket connection has been established.
         """
         # Checks if we receive a token, and look
         # for a valid target for it then
-        if self.target_cfg:
-            (self.target_host, self.target_port) = self.get_target(self.target_cfg, self.path)
+        if self.server.target_cfg:
+            (self.server.target_host, self.server.target_port) = self.get_target(self.server.target_cfg, self.path)
 
         # Connect to the target
-        if self.wrap_cmd:
-            msg = "connecting to command: '%s' (port %s)" % (" ".join(self.wrap_cmd), self.target_port)
-        elif self.unix_target:
-            msg = "connecting to unix socket: %s" % self.unix_target
+        if self.server.wrap_cmd:
+            msg = "connecting to command: '%s' (port %s)" % (" ".join(self.server.wrap_cmd), self.server.target_port)
+        elif self.server.unix_target:
+            msg = "connecting to unix socket: %s" % self.server.unix_target
         else:
             msg = "connecting to: %s:%s" % (
-                                    self.target_host, self.target_port)
+                                    self.server.target_host, self.server.target_port)
 
-        if self.ssl_target:
+        if self.server.ssl_target:
             msg += " (using SSL)"
-        self.msg(msg)
+        self.log_message(msg)
 
-        tsock = self.socket(self.target_host, self.target_port,
-                connect=True, use_ssl=self.ssl_target, unix_socket=self.unix_target)
+        tsock = websocket.WebSocketServer.socket(self.server.target_host,
+                                                 self.server.target_port,
+                connect=True, use_ssl=self.server.ssl_target, unix_socket=self.server.unix_target)
 
-        if self.verbose and not self.daemon:
-            print(self.traffic_legend)
+        self.print_traffic(self.traffic_legend)
 
         # Start proxying
         try:
@@ -192,8 +73,9 @@ Traffic Legend:
             if tsock:
                 tsock.shutdown(socket.SHUT_RDWR)
                 tsock.close()
-                self.vmsg("%s:%s: Closed target" %(
-                    self.target_host, self.target_port))
+                if self.verbose: 
+                    self.log_message("%s:%s: Closed target" %(
+                            self.server.target_host, self.server.target_port))
             raise
 
     def get_target(self, target_cfg, path):
@@ -242,31 +124,32 @@ Traffic Legend:
         cqueue = []
         c_pend = 0
         tqueue = []
-        rlist = [self.client, target]
+        rlist = [self.request, target]
 
         while True:
             wlist = []
 
             if tqueue: wlist.append(target)
-            if cqueue or c_pend: wlist.append(self.client)
+            if cqueue or c_pend: wlist.append(self.request)
             ins, outs, excepts = select(rlist, wlist, [], 1)
             if excepts: raise Exception("Socket exception")
 
-            if self.client in outs:
+            if self.request in outs:
                 # Send queued target data to the client
                 c_pend = self.send_frames(cqueue)
 
                 cqueue = []
 
-            if self.client in ins:
+            if self.request in ins:
                 # Receive client data, decode it, and queue for target
                 bufs, closed = self.recv_frames()
                 tqueue.extend(bufs)
 
                 if closed:
                     # TODO: What about blocking on client socket?
-                    self.vmsg("%s:%s: Client closed connection" %(
-                        self.target_host, self.target_port))
+                    if self.verbose: 
+                        self.log_message("%s:%s: Client closed connection" %(
+                                self.server.target_host, self.server.target_port))
                     raise self.CClose(closed['code'], closed['reason'])
 
 
@@ -275,24 +158,139 @@ Traffic Legend:
                 dat = tqueue.pop(0)
                 sent = target.send(dat)
                 if sent == len(dat):
-                    self.traffic(">")
+                    self.print_traffic(">")
                 else:
                     # requeue the remaining data
                     tqueue.insert(0, dat[sent:])
-                    self.traffic(".>")
+                    self.print_traffic(".>")
 
 
             if target in ins:
                 # Receive target data, encode it and queue for client
                 buf = target.recv(self.buffer_size)
                 if len(buf) == 0:
-                    self.vmsg("%s:%s: Target closed connection" %(
-                        self.target_host, self.target_port))
+                    if self.verbose:
+                        self.log_message("%s:%s: Target closed connection" %(
+                                self.server.target_host, self.server.target_port))
                     raise self.CClose(1000, "Target closed")
 
                 cqueue.append(buf)
-                self.traffic("{")
+                self.print_traffic("{")
 
+class WebSocketProxy(websocket.WebSocketServer):
+    """
+    Proxy traffic to and from a WebSockets client to a normal TCP
+    socket server target. All traffic to/from the client is base64
+    encoded/decoded to allow binary data to be sent/received to/from
+    the target.
+    """
+
+    buffer_size = 65536
+
+    def __init__(self, RequestHandlerClass=ProxyRequestHandler, *args, **kwargs):
+        # Save off proxy specific options
+        self.target_host    = kwargs.pop('target_host', None)
+        self.target_port    = kwargs.pop('target_port', None)
+        self.wrap_cmd       = kwargs.pop('wrap_cmd', None)
+        self.wrap_mode      = kwargs.pop('wrap_mode', None)
+        self.unix_target    = kwargs.pop('unix_target', None)
+        self.ssl_target     = kwargs.pop('ssl_target', None)
+        self.target_cfg     = kwargs.pop('target_cfg', None)
+        # Last 3 timestamps command was run
+        self.wrap_times    = [0, 0, 0]
+
+        if self.wrap_cmd:
+            wsdir = os.path.dirname(sys.argv[0])
+            rebinder_path = [os.path.join(wsdir, "..", "lib"),
+                             os.path.join(wsdir, "..", "lib", "websockify"),
+                             wsdir]
+            self.rebinder = None
+
+            for rdir in rebinder_path:
+                rpath = os.path.join(rdir, "rebind.so")
+                if os.path.exists(rpath):
+                    self.rebinder = rpath
+                    break
+
+            if not self.rebinder:
+                raise Exception("rebind.so not found, perhaps you need to run make")
+            self.rebinder = os.path.abspath(self.rebinder)
+
+            self.target_host = "127.0.0.1"  # Loopback
+            # Find a free high port
+            sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+            sock.bind(('', 0))
+            self.target_port = sock.getsockname()[1]
+            sock.close()
+
+            os.environ.update({
+                "LD_PRELOAD": self.rebinder,
+                "REBIND_OLD_PORT": str(kwargs['listen_port']),
+                "REBIND_NEW_PORT": str(self.target_port)})
+
+        websocket.WebSocketServer.__init__(self, RequestHandlerClass, *args, **kwargs)
+
+    def run_wrap_cmd(self):
+        self.msg("Starting '%s'", " ".join(self.wrap_cmd))
+        self.wrap_times.append(time.time())
+        self.wrap_times.pop(0)
+        self.cmd = subprocess.Popen(
+                self.wrap_cmd, env=os.environ, preexec_fn=_subprocess_setup)
+        self.spawn_message = True
+
+    def started(self):
+        """
+        Called after Websockets server startup (i.e. after daemonize)
+        """
+        # Need to call wrapped command after daemonization so we can
+        # know when the wrapped command exits
+        if self.wrap_cmd:
+            dst_string = "'%s' (port %s)" % (" ".join(self.wrap_cmd), self.target_port)
+        elif self.unix_target:
+            dst_string = self.unix_target
+        else:
+            dst_string = "%s:%s" % (self.target_host, self.target_port)
+
+        if self.target_cfg:
+            msg = "  - proxying from %s:%s to targets in %s" % (
+                self.listen_host, self.listen_port, self.target_cfg)
+        else:
+            msg = "  - proxying from %s:%s to %s" % (
+                self.listen_host, self.listen_port, dst_string)
+
+        if self.ssl_target:
+            msg += " (using SSL)"
+
+        self.msg("%s", msg)
+
+        if self.wrap_cmd:
+            self.run_wrap_cmd()
+
+    def poll(self):
+        # If we are wrapping a command, check it's status
+
+        if self.wrap_cmd and self.cmd:
+            ret = self.cmd.poll()
+            if ret != None:
+                self.vmsg("Wrapped command exited (or daemon). Returned %s" % ret)
+                self.cmd = None
+
+        if self.wrap_cmd and self.cmd == None:
+            # Response to wrapped command being gone
+            if self.wrap_mode == "ignore":
+                pass
+            elif self.wrap_mode == "exit":
+                sys.exit(ret)
+            elif self.wrap_mode == "respawn":
+                now = time.time()
+                avg = sum(self.wrap_times)/len(self.wrap_times)
+                if (now - avg) < 10:
+                    # 3 times in the last 10 seconds
+                    if self.spawn_message:
+                        self.warn("Command respawning too fast")
+                        self.spawn_message = False
+                else:
+                    self.run_wrap_cmd()
 
 
 def _subprocess_setup():
@@ -301,14 +299,28 @@ def _subprocess_setup():
     signal.signal(signal.SIGPIPE, signal.SIG_DFL)
 
 
+def logger_init():
+    logger = logging.getLogger(WebSocketProxy.log_prefix)
+    logger.propagate = False
+    logger.setLevel(logging.INFO)
+    h = logging.StreamHandler()
+    h.setLevel(logging.DEBUG)
+    h.setFormatter(logging.Formatter("%(message)s"))
+    logger.addHandler(h)
+
+
 def websockify_init():
+    logger_init()
+
     usage = "\n    %prog [options]"
     usage += " [source_addr:]source_port [target_addr:target_port]"
     usage += "\n    %prog [options]"
     usage += " [source_addr:]source_port -- WRAP_COMMAND_LINE"
     parser = optparse.OptionParser(usage=usage)
     parser.add_option("--verbose", "-v", action="store_true",
-            help="verbose messages and per frame traffic")
+            help="verbose messages")
+    parser.add_option("--traffic", action="store_true",
+            help="per frame traffic")
     parser.add_option("--record",
             help="record sessions to FILE.[session_number]", metavar="FILE")
     parser.add_option("--daemon", "-D",
@@ -345,8 +357,13 @@ def websockify_init():
             help="Configuration file containing valid targets "
             "in the form 'token: host:port' or, alternatively, a "
             "directory containing configuration files of this form")
+    parser.add_option("--libserver", action="store_true",
+            help="use Python library SocketServer engine")
     (opts, args) = parser.parse_args()
 
+    if opts.verbose:
+        logging.getLogger(WebSocketProxy.log_prefix).setLevel(logging.DEBUG)
+
     # Sanity checks
     if len(args) < 2 and not (opts.target_cfg or opts.unix_target):
         parser.error("Too few arguments")
@@ -385,9 +402,70 @@ def websockify_init():
         try:    opts.target_port = int(opts.target_port)
         except: parser.error("Error parsing target port")
 
+    # Transform to absolute path as daemon may chdir
+    if opts.target_cfg:
+        opts.target_cfg = os.path.abspath(opts.target_cfg)
+
     # Create and start the WebSockets proxy
-    server = WebSocketProxy(**opts.__dict__)
-    server.start_server()
+    libserver = opts.libserver
+    del opts.libserver
+    if libserver:
+        # Use standard Python SocketServer framework
+        server = LibProxyServer(**opts.__dict__)
+        server.serve_forever()
+    else:
+        # Use internal service framework
+        server = WebSocketProxy(**opts.__dict__)
+        server.start_server()
+
+
+class LibProxyServer(ForkingMixIn, HTTPServer):
+    """
+    Just like WebSocketProxy, but uses standard Python SocketServer
+    framework.
+    """
+
+    def __init__(self, RequestHandlerClass=ProxyRequestHandler, **kwargs):
+        # Save off proxy specific options
+        self.target_host    = kwargs.pop('target_host', None)
+        self.target_port    = kwargs.pop('target_port', None)
+        self.wrap_cmd       = kwargs.pop('wrap_cmd', None)
+        self.wrap_mode      = kwargs.pop('wrap_mode', None)
+        self.unix_target    = kwargs.pop('unix_target', None)
+        self.ssl_target     = kwargs.pop('ssl_target', None)
+        self.target_cfg     = kwargs.pop('target_cfg', None)
+        self.daemon = False
+        self.target_cfg = None
+
+        # Server configuration
+        listen_host    = kwargs.pop('listen_host', '')
+        listen_port    = kwargs.pop('listen_port', None)
+        web            = kwargs.pop('web', '')
+
+        # Configuration affecting base request handler
+        self.only_upgrade   = not web
+        self.verbose   = kwargs.pop('verbose', False)
+        record = kwargs.pop('record', '')
+        if record:
+            self.record = os.path.abspath(record)
+        self.run_once  = kwargs.pop('run_once', False)
+        self.handler_id = 0
+
+        for arg in kwargs.keys():
+            print("warning: option %s ignored when using --libserver" % arg)
+
+        if web:
+            os.chdir(web)
+            
+        HTTPServer.__init__(self, (listen_host, listen_port), 
+                            RequestHandlerClass)
+
+
+    def process_request(self, request, client_address):
+        """Override process_request to implement a counter"""
+        self.handler_id += 1
+        ForkingMixIn.process_request(self, request, client_address)
+
 
 if __name__ == '__main__':
     websockify_init()