def _get_read_size(self, sock, recv_buffer_size, up):
if self._overhead == 0:
return recv_buffer_size
buffer_size = len(sock.recv(recv_buffer_size, socket.MSG_PEEK))
if up:
buffer_size = min(buffer_size, self._recv_u_max_size)
self._recv_u_max_size = min(self._recv_u_max_size + self._tcp_mss - self._overhead, BUF_SIZE)
else:
buffer_size = min(buffer_size, self._recv_d_max_size)
self._recv_d_max_size = min(self._recv_d_max_size + self._tcp_mss - self._overhead, BUF_SIZE)
if buffer_size == recv_buffer_size:
return buffer_size
frame_size = self._tcp_mss - self._overhead
if buffer_size > frame_size:
buffer_size = int(buffer_size / frame_size) * frame_size
return buffer_size
python类MSG_PEEK的实例源码
def recv(self, bufsiz, flags=None):
"""
Receive data on the connection. NOTE: If you get one of the WantRead,
WantWrite or WantX509Lookup exceptions on this, you have to call the
method again with the SAME buffer.
:param bufsiz: The maximum number of bytes to read
:param flags: (optional) The only supported flag is ``MSG_PEEK``,
all other flags are ignored.
:return: The string read from the Connection
"""
buf = _ffi.new("char[]", bufsiz)
if flags is not None and flags & socket.MSG_PEEK:
result = _lib.SSL_peek(self._ssl, buf, bufsiz)
else:
result = _lib.SSL_read(self._ssl, buf, bufsiz)
self._raise_ssl_error(self._ssl, result)
return _ffi.buffer(buf, result)[:]
def recv(self, bufsiz, flags=None):
"""
Receive data on the connection. NOTE: If you get one of the WantRead,
WantWrite or WantX509Lookup exceptions on this, you have to call the
method again with the SAME buffer.
:param bufsiz: The maximum number of bytes to read
:param flags: (optional) The only supported flag is ``MSG_PEEK``,
all other flags are ignored.
:return: The string read from the Connection
"""
buf = _ffi.new("char[]", bufsiz)
if flags is not None and flags & socket.MSG_PEEK:
result = _lib.SSL_peek(self._ssl, buf, bufsiz)
else:
result = _lib.SSL_read(self._ssl, buf, bufsiz)
self._raise_ssl_error(self._ssl, result)
return _ffi.buffer(buf, result)[:]
def handle_tcp_default(sk, dstport):
# Attempt to guess protocol according to what the client sends
data = ''
try:
rlist, _, _ = select.select([sk], [], [], 30)
if len(rlist) != 0:
data = sk.recv(20, socket.MSG_PEEK)
except Exception as err:
#print(traceback.format_exc())
pass
if data[:3] in SSL_CLIENT_HELLO_SIGNATURES:
print colored("Guessing this is a SSL/TLS connection, attempting to handshake.", 'red', attrs=['bold'])
handle_tcp_hexdump_ssl(sk, dstport)
elif data.startswith("GET "):
handle_tcp_http(sk, dstport)
elif data.startswith("CONNECT "):
handle_tcp_httpproxy(sk, dstport)
else:
handle_tcp_hexdump(sk, dstport)
sk.close()
# UDP DISPATCHER
def recv(self, bufsiz, flags=None):
"""
Receive data on the connection.
:param bufsiz: The maximum number of bytes to read
:param flags: (optional) The only supported flag is ``MSG_PEEK``,
all other flags are ignored.
:return: The string read from the Connection
"""
buf = _ffi.new("char[]", bufsiz)
if flags is not None and flags & socket.MSG_PEEK:
result = _lib.SSL_peek(self._ssl, buf, bufsiz)
else:
result = _lib.SSL_read(self._ssl, buf, bufsiz)
self._raise_ssl_error(self._ssl, result)
return _ffi.buffer(buf, result)[:]
def handle_one_request(self):
if not self.disable_transport_ssl and self.scheme == 'http':
leadbyte = self.connection.recv(1, socket.MSG_PEEK)
if leadbyte in ('\x80', '\x16'):
server_name = ''
if leadbyte == '\x16':
for _ in xrange(2):
leaddata = self.connection.recv(1024, socket.MSG_PEEK)
if is_clienthello(leaddata):
try:
server_name = extract_sni_name(leaddata)
finally:
break
try:
certfile = CertUtil.get_cert(server_name or 'www.google.com')
ssl_sock = ssl.wrap_socket(self.connection, ssl_version=self.ssl_version, keyfile=certfile, certfile=certfile, server_side=True)
except StandardError as e:
if e.args[0] not in (errno.ECONNABORTED, errno.ECONNRESET):
logging.exception('ssl.wrap_socket(self.connection=%r) failed: %s', self.connection, e)
return
self.connection = ssl_sock
self.rfile = self.connection.makefile('rb', self.bufsize)
self.wfile = self.connection.makefile('wb', 0)
self.scheme = 'https'
return BaseHTTPServer.BaseHTTPRequestHandler.handle_one_request(self)
def recv(self, bufsiz, flags=None):
"""
Receive data on the connection. NOTE: If you get one of the WantRead,
WantWrite or WantX509Lookup exceptions on this, you have to call the
method again with the SAME buffer.
:param bufsiz: The maximum number of bytes to read
:param flags: (optional) The only supported flag is ``MSG_PEEK``,
all other flags are ignored.
:return: The string read from the Connection
"""
buf = _ffi.new("char[]", bufsiz)
if flags is not None and flags & socket.MSG_PEEK:
result = _lib.SSL_peek(self._ssl, buf, bufsiz)
else:
result = _lib.SSL_read(self._ssl, buf, bufsiz)
self._raise_ssl_error(self._ssl, result)
return _ffi.buffer(buf, result)[:]
def recv(self, bufsiz, flags=None):
"""
Receive data on the connection. NOTE: If you get one of the WantRead,
WantWrite or WantX509Lookup exceptions on this, you have to call the
method again with the SAME buffer.
:param bufsiz: The maximum number of bytes to read
:param flags: (optional) The only supported flag is ``MSG_PEEK``,
all other flags are ignored.
:return: The string read from the Connection
"""
buf = _ffi.new("char[]", bufsiz)
if flags is not None and flags & socket.MSG_PEEK:
result = _lib.SSL_peek(self._ssl, buf, bufsiz)
else:
result = _lib.SSL_read(self._ssl, buf, bufsiz)
self._raise_ssl_error(self._ssl, result)
return _ffi.buffer(buf, result)[:]
def recv(self, bufsiz, flags=None):
"""
Receive data on the connection.
:param bufsiz: The maximum number of bytes to read
:param flags: (optional) The only supported flag is ``MSG_PEEK``,
all other flags are ignored.
:return: The string read from the Connection
"""
buf = _no_zero_allocator("char[]", bufsiz)
if flags is not None and flags & socket.MSG_PEEK:
result = _lib.SSL_peek(self._ssl, buf, bufsiz)
else:
result = _lib.SSL_read(self._ssl, buf, bufsiz)
self._raise_ssl_error(self._ssl, result)
return _ffi.buffer(buf, result)[:]
def recv(self, bufsiz, flags=None):
"""
Receive data on the connection.
:param bufsiz: The maximum number of bytes to read
:param flags: (optional) The only supported flag is ``MSG_PEEK``,
all other flags are ignored.
:return: The string read from the Connection
"""
buf = _no_zero_allocator("char[]", bufsiz)
if flags is not None and flags & socket.MSG_PEEK:
result = _lib.SSL_peek(self._ssl, buf, bufsiz)
else:
result = _lib.SSL_read(self._ssl, buf, bufsiz)
self._raise_ssl_error(self._ssl, result)
return _ffi.buffer(buf, result)[:]
def _get_read_size(self, sock, recv_buffer_size, up):
if self._overhead == 0:
return recv_buffer_size
buffer_size = len(sock.recv(recv_buffer_size, socket.MSG_PEEK))
frame_size = self._tcp_mss - self._overhead
if up:
buffer_size = min(buffer_size, self._recv_u_max_size)
self._recv_u_max_size = min(self._recv_u_max_size + frame_size, BUF_SIZE)
else:
buffer_size = min(buffer_size, self._recv_d_max_size)
self._recv_d_max_size = min(self._recv_d_max_size + frame_size, BUF_SIZE)
if buffer_size == recv_buffer_size:
return buffer_size
if buffer_size > frame_size:
buffer_size = int(buffer_size / frame_size) * frame_size
return buffer_size
def get_ssl_version(sock):
# Seth behaves differently depeding on the TLS protocol
# https://bugs.python.org/issue31453
# This is an ugly hack (as if the rest of this wasn't...)
versions = [
ssl.PROTOCOL_TLSv1,
ssl.PROTOCOL_TLSv1_1,
ssl.PROTOCOL_TLSv1_2,
]
firstbytes = sock.recv(16, socket.MSG_PEEK)
try:
return versions[firstbytes[10]-1]
except IndexError:
print("Unexpected SSL version: %s" % hexlify(firstbytes))
return versions[-1]
# def launch_rdp_client():
# time.sleep(1)
# p = subprocess.Popen(
# ["xfreerdp",
# "/v:%s:%d" % (args.bind_ip, consts.RELAY_PORT),
# "/u:%s\\%s" % (domain, user),
# ],
# )
def handle_one_request(self):
if not self.disable_transport_ssl and self.scheme == 'http':
leadbyte = self.connection.recv(1, socket.MSG_PEEK)
if leadbyte in ('\x80', '\x16'):
server_name = ''
if leadbyte == '\x16':
for _ in xrange(2):
leaddata = self.connection.recv(1024, socket.MSG_PEEK)
if is_clienthello(leaddata):
try:
server_name = extract_sni_name(leaddata)
finally:
break
try:
certfile = CertUtil.get_cert(server_name or 'www.google.com')
ssl_sock = ssl.wrap_socket(self.connection, ssl_version=self.ssl_version, keyfile=certfile, certfile=certfile, server_side=True)
except StandardError as e:
if e.args[0] not in (errno.ECONNABORTED, errno.ECONNRESET):
logging.exception('ssl.wrap_socket(self.connection=%r) failed: %s', self.connection, e)
return
self.connection = ssl_sock
self.rfile = self.connection.makefile('rb', self.bufsize)
self.wfile = self.connection.makefile('wb', 0)
self.scheme = 'https'
return BaseHTTPServer.BaseHTTPRequestHandler.handle_one_request(self)
def recv(self, bufsiz, flags=None):
"""
Receive data on the connection. NOTE: If you get one of the WantRead,
WantWrite or WantX509Lookup exceptions on this, you have to call the
method again with the SAME buffer.
:param bufsiz: The maximum number of bytes to read
:param flags: (optional) The only supported flag is ``MSG_PEEK``,
all other flags are ignored.
:return: The string read from the Connection
"""
buf = _ffi.new("char[]", bufsiz)
if flags is not None and flags & socket.MSG_PEEK:
result = _lib.SSL_peek(self._ssl, buf, bufsiz)
else:
result = _lib.SSL_read(self._ssl, buf, bufsiz)
self._raise_ssl_error(self._ssl, result)
return _ffi.buffer(buf, result)[:]
def run(self):
"""
Synchronously start the server in the current thread, blocking indefinitely.
"""
try:
try:
while self.socket.fileno() > 0:
r, w, x = select.select([self.socket], [], [], 1)
if r:
connection, address = self.socket.accept()
logging.info('sshim.Server accepted connection from %s:%d', *address)
#if connection.recv(1, socket.MSG_PEEK):
self.handler(self, (connection, address))
except (select.error, socket.error) as exception:
if hasattr(exception, 'errno'):
if exception.errno != errno.EBADF:
raise
else:
(code, message) = exception.args
if code != errno.EBADF:
raise
except:
self.exceptions.put_nowait(sys.exc_info())
raise
def _get_read_size(self, sock, recv_buffer_size, up):
if self._overhead == 0:
return recv_buffer_size
buffer_size = len(sock.recv(recv_buffer_size, socket.MSG_PEEK))
frame_size = self._tcp_mss - self._overhead
if up:
buffer_size = min(buffer_size, self._recv_u_max_size)
self._recv_u_max_size = min(self._recv_u_max_size + frame_size, BUF_SIZE)
else:
buffer_size = min(buffer_size, self._recv_d_max_size)
self._recv_d_max_size = min(self._recv_d_max_size + frame_size, BUF_SIZE)
if buffer_size == recv_buffer_size:
return buffer_size
if buffer_size > frame_size:
buffer_size = int(buffer_size / frame_size) * frame_size
return buffer_size
def recv(self, bufsiz, flags=None):
"""
Receive data on the connection. NOTE: If you get one of the WantRead,
WantWrite or WantX509Lookup exceptions on this, you have to call the
method again with the SAME buffer.
:param bufsiz: The maximum number of bytes to read
:param flags: (optional) The only supported flag is ``MSG_PEEK``,
all other flags are ignored.
:return: The string read from the Connection
"""
buf = _ffi.new("char[]", bufsiz)
if flags is not None and flags & socket.MSG_PEEK:
result = _lib.SSL_peek(self._ssl, buf, bufsiz)
else:
result = _lib.SSL_read(self._ssl, buf, bufsiz)
self._raise_ssl_error(self._ssl, result)
return _ffi.buffer(buf, result)[:]
def _get_read_size(self, sock, recv_buffer_size, up):
if self._overhead == 0:
return recv_buffer_size
buffer_size = len(sock.recv(recv_buffer_size, socket.MSG_PEEK))
frame_size = self._tcp_mss - self._overhead
if up:
buffer_size = min(buffer_size, self._recv_u_max_size)
self._recv_u_max_size = min(self._recv_u_max_size + frame_size, BUF_SIZE)
else:
buffer_size = min(buffer_size, self._recv_d_max_size)
self._recv_d_max_size = min(self._recv_d_max_size + frame_size, BUF_SIZE)
if buffer_size == recv_buffer_size:
return buffer_size
if buffer_size > frame_size:
buffer_size = int(buffer_size / frame_size) * frame_size
return buffer_size
def _Dynamic_Receive(self, request, response):
state = self._LookupSocket(request.socket_descriptor())
with state.mutex:
state.SetTimeout(request.timeout_seconds())
flags = 0
if request.flags() & remote_socket_service_pb.ReceiveRequest.MSG_PEEK:
flags |= socket.MSG_PEEK
received_from = None
if state.protocol == socket.SOCK_DGRAM:
data, received_from = state.sock.recvfrom(request.data_size(), flags)
else:
data = state.sock.recv(request.data_size(), flags)
response.set_data(data)
if received_from:
self._AddressPortTupleToProto(state.family, received_from,
response.mutable_received_from())
def _get_read_size(self, sock, recv_buffer_size, up):
if self._overhead == 0:
return recv_buffer_size
buffer_size = len(sock.recv(recv_buffer_size, socket.MSG_PEEK))
if up:
buffer_size = min(buffer_size, self._recv_u_max_size)
self._recv_u_max_size = min(self._recv_u_max_size + self._tcp_mss - self._overhead, BUF_SIZE)
else:
buffer_size = min(buffer_size, self._recv_d_max_size)
self._recv_d_max_size = min(self._recv_d_max_size + self._tcp_mss - self._overhead, BUF_SIZE)
if buffer_size == recv_buffer_size:
return buffer_size
frame_size = self._tcp_mss - self._overhead
if buffer_size > frame_size:
buffer_size = int(buffer_size / frame_size) * frame_size
return buffer_size
def recv(self):
message = ""
length2b, addr = self.comms_socket.recvfrom(2, socket.MSG_PEEK)
if len(length2b) == 0:
if self.serverorclient:
common.internal_print("WTF? Client lost. Closing down thread.", -1)
else:
common.internal_print("WTF? Server lost. Closing down.", -1)
return ("", None)
if len(length2b) != 2:
return ("", None)
length = struct.unpack(">H", length2b)[0]+2
message, addr = self.comms_socket.recvfrom(length, socket.MSG_TRUNC)
if (length != len(message)):
common.internal_print("Error length mismatch", -1)
return ("", None)
common.internal_print("UDP read: {0}".format(len(message)-2), 0, self.verbosity, common.DEBUG)
return message[2:], addr
def handle_one_request(self):
if not self.disable_transport_ssl and self.scheme == 'http':
leadbyte = self.connection.recv(1, socket.MSG_PEEK)
if leadbyte in ('\x80', '\x16'):
server_name = ''
if leadbyte == '\x16':
for _ in xrange(2):
leaddata = self.connection.recv(1024, socket.MSG_PEEK)
if is_clienthello(leaddata):
try:
server_name = extract_sni_name(leaddata)
finally:
break
try:
certfile = CertUtil.get_cert(server_name or 'www.google.com')
ssl_sock = ssl.wrap_socket(self.connection, ssl_version=self.ssl_version, keyfile=certfile, certfile=certfile, server_side=True)
except StandardError as e:
if e.args[0] not in (errno.ECONNABORTED, errno.ECONNRESET):
logging.exception('ssl.wrap_socket(self.connection=%r) failed: %s', self.connection, e)
return
self.connection = ssl_sock
self.rfile = self.connection.makefile('rb', self.bufsize)
self.wfile = self.connection.makefile('wb', 0)
self.scheme = 'https'
return BaseHTTPServer.BaseHTTPRequestHandler.handle_one_request(self)
def handle_one_request(self):
if not self.disable_transport_ssl and self.scheme == 'http':
leadbyte = self.connection.recv(1, socket.MSG_PEEK)
if leadbyte in ('\x80', '\x16'):
server_name = ''
if leadbyte == '\x16':
for _ in xrange(2):
leaddata = self.connection.recv(1024, socket.MSG_PEEK)
if is_clienthello(leaddata):
try:
server_name = extract_sni_name(leaddata)
finally:
break
try:
certfile = CertUtil.get_cert(server_name or 'www.google.com')
ssl_sock = ssl.wrap_socket(self.connection, ssl_version=self.ssl_version, keyfile=certfile, certfile=certfile, server_side=True)
except StandardError as e:
if e.args[0] not in (errno.ECONNABORTED, errno.ECONNRESET):
logging.exception('ssl.wrap_socket(self.connection=%r) failed: %s', self.connection, e)
return
self.connection = ssl_sock
self.rfile = self.connection.makefile('rb', self.bufsize)
self.wfile = self.connection.makefile('wb', 0)
self.scheme = 'https'
return BaseHTTPServer.BaseHTTPRequestHandler.handle_one_request(self)
def handle_one_request(self):
if not self.disable_transport_ssl and self.scheme == 'http':
leadbyte = self.connection.recv(1, socket.MSG_PEEK)
if leadbyte in ('\x80', '\x16'):
server_name = ''
if leadbyte == '\x16':
for _ in xrange(2):
leaddata = self.connection.recv(1024, socket.MSG_PEEK)
if is_clienthello(leaddata):
try:
server_name = extract_sni_name(leaddata)
finally:
break
try:
certfile = CertUtil.get_cert(server_name or 'www.google.com')
ssl_sock = ssl.wrap_socket(self.connection, ssl_version=self.ssl_version, keyfile=certfile, certfile=certfile, server_side=True)
except StandardError as e:
if e.args[0] not in (errno.ECONNABORTED, errno.ECONNRESET):
logging.exception('ssl.wrap_socket(self.connection=%r) failed: %s', self.connection, e)
return
self.connection = ssl_sock
self.rfile = self.connection.makefile('rb', self.bufsize)
self.wfile = self.connection.makefile('wb', 0)
self.scheme = 'https'
return BaseHTTPServer.BaseHTTPRequestHandler.handle_one_request(self)
def _get_read_size(self, sock, recv_buffer_size, up):
if self._overhead == 0:
return recv_buffer_size
buffer_size = len(sock.recv(recv_buffer_size, socket.MSG_PEEK))
frame_size = self._tcp_mss - self._overhead
if up:
buffer_size = min(buffer_size, self._recv_u_max_size)
self._recv_u_max_size = min(self._recv_u_max_size + frame_size, BUF_SIZE)
else:
buffer_size = min(buffer_size, self._recv_d_max_size)
self._recv_d_max_size = min(self._recv_d_max_size + frame_size, BUF_SIZE)
if buffer_size == recv_buffer_size:
return buffer_size
if buffer_size > frame_size:
buffer_size = int(buffer_size / frame_size) * frame_size
return buffer_size
def request(self, buf):
try:
self.sock.send(buf)
except SSL.Error as exc:
raise_from(Error("SSL Error"), exc)
else:
try:
#peek_bytes = self.sock.recv(8, socket.MSG_PEEK) # peeky no worky?!
peek_bytes = self.sock.recv(8)
except SSL.WantReadError as exc:
# SSL timeout does not work properly. If no data is available from server,
# we'll get this error
pass
except SSL.Error as exc:
raise
#raise_from(Error("SSL Error"), exc)
else:
(ver, type_, length) = struct.unpack('>HHL', peek_bytes)
return bytearray(peek_bytes + self.sock.recv(length))
def response(self):
try:
peek_bytes = self.sock.recv(8, socket.MSG_PEEK)
except SSL.Error as exc:
raise_from(Error("SSL Error"), exc)
else:
(ver, type_, length) = struct.unpack('>HHL', peek_bytes)
return bytearray(peek_bytes + self.sock.recv(length))
def detect_peek_tls(self, sock):
if sock.socket_ssl:
raise Exception("SSL Detection for ssl socket ..whut!")
TLS_VERSIONS = {
# SSL
'\x00\x02':"SSL_2_0",
'\x03\x00':"SSL_3_0",
# TLS
'\x03\x01':"TLS_1_0",
'\x03\x02':"TLS_1_1",
'\x03\x03':"TLS_1_2",
'\x03\x04':"TLS_1_3",
}
TLS_CONTENT_TYPE_HANDSHAKE = '\x16'
SSLv2_PREAMBLE = 0x80
SSLv2_CONTENT_TYPE_CLIENT_HELLO ='\x01'
peek_bytes = sock.recv(5, socket.MSG_PEEK)
if not len(peek_bytes)==5:
return
# detect sslv2, sslv3, tls: one symbol is one byte; T .. type
# L .. length
# V .. version
# 01234
# detect sslv2 LLTVV T=0x01 ... MessageType.client_hello; L high bit set.
# sslv3 TVVLL
# tls TVVLL T=0x16 ... ContentType.Handshake
v = None
if ord(peek_bytes[0]) & SSLv2_PREAMBLE \
and peek_bytes[2]==SSLv2_CONTENT_TYPE_CLIENT_HELLO \
and peek_bytes[3:3+2] in TLS_VERSIONS.keys():
v = TLS_VERSIONS.get(peek_bytes[3:3+2])
logger.info("ProtocolDetect: SSL23/TLS version: %s"%v)
elif peek_bytes[0] == TLS_CONTENT_TYPE_HANDSHAKE \
and peek_bytes[1:1+2] in TLS_VERSIONS.keys():
v = TLS_VERSIONS.get(peek_bytes[1:1+2])
logger.info("ProtocolDetect: TLS version: %s"%v)
return v
def recv_into(self, buffer, nbytes=None, flags=None):
"""
Receive data on the connection and store the data into a buffer rather
than creating a new string.
:param buffer: The buffer to copy into.
:param nbytes: (optional) The maximum number of bytes to read into the
buffer. If not present, defaults to the size of the buffer. If
larger than the size of the buffer, is reduced to the size of the
buffer.
:param flags: (optional) The only supported flag is ``MSG_PEEK``,
all other flags are ignored.
:return: The number of bytes read into the buffer.
"""
if nbytes is None:
nbytes = len(buffer)
else:
nbytes = min(nbytes, len(buffer))
# We need to create a temporary buffer. This is annoying, it would be
# better if we could pass memoryviews straight into the SSL_read call,
# but right now we can't. Revisit this if CFFI gets that ability.
buf = _ffi.new("char[]", nbytes)
if flags is not None and flags & socket.MSG_PEEK:
result = _lib.SSL_peek(self._ssl, buf, nbytes)
else:
result = _lib.SSL_read(self._ssl, buf, nbytes)
self._raise_ssl_error(self._ssl, result)
# This strange line is all to avoid a memory copy. The buffer protocol
# should allow us to assign a CFFI buffer to the LHS of this line, but
# on CPython 3.3+ that segfaults. As a workaround, we can temporarily
# wrap it in a memoryview, except on Python 2.6 which doesn't have a
# memoryview type.
try:
buffer[:result] = memoryview(_ffi.buffer(buf, result))
except NameError:
buffer[:result] = _ffi.buffer(buf, result)
return result
def recv_into(self, buffer, nbytes=None, flags=None):
"""
Receive data on the connection and store the data into a buffer rather
than creating a new string.
:param buffer: The buffer to copy into.
:param nbytes: (optional) The maximum number of bytes to read into the
buffer. If not present, defaults to the size of the buffer. If
larger than the size of the buffer, is reduced to the size of the
buffer.
:param flags: (optional) The only supported flag is ``MSG_PEEK``,
all other flags are ignored.
:return: The number of bytes read into the buffer.
"""
if nbytes is None:
nbytes = len(buffer)
else:
nbytes = min(nbytes, len(buffer))
# We need to create a temporary buffer. This is annoying, it would be
# better if we could pass memoryviews straight into the SSL_read call,
# but right now we can't. Revisit this if CFFI gets that ability.
buf = _ffi.new("char[]", nbytes)
if flags is not None and flags & socket.MSG_PEEK:
result = _lib.SSL_peek(self._ssl, buf, nbytes)
else:
result = _lib.SSL_read(self._ssl, buf, nbytes)
self._raise_ssl_error(self._ssl, result)
# This strange line is all to avoid a memory copy. The buffer protocol
# should allow us to assign a CFFI buffer to the LHS of this line, but
# on CPython 3.3+ that segfaults. As a workaround, we can temporarily
# wrap it in a memoryview, except on Python 2.6 which doesn't have a
# memoryview type.
try:
buffer[:result] = memoryview(_ffi.buffer(buf, result))
except NameError:
buffer[:result] = _ffi.buffer(buf, result)
return result
