xref: /freebsd/contrib/ntp/sntp/libevent/buffer.c (revision 079171874c9bf263b69e3af10784ad2bcd1fe699)
1 /*
2  * Copyright (c) 2002-2007 Niels Provos <provos@citi.umich.edu>
3  * Copyright (c) 2007-2012 Niels Provos and Nick Mathewson
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 3. The name of the author may not be used to endorse or promote products
14  *    derived from this software without specific prior written permission.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26  */
27 
28 #include "event2/event-config.h"
29 #include "evconfig-private.h"
30 
31 #ifdef _WIN32
32 #include <winsock2.h>
33 #include <windows.h>
34 #include <io.h>
35 #endif
36 
37 #ifdef EVENT__HAVE_VASPRINTF
38 /* If we have vasprintf, we need to define _GNU_SOURCE before we include
39  * stdio.h.  This comes from evconfig-private.h.
40  */
41 #endif
42 
43 #include <sys/types.h>
44 
45 #ifdef EVENT__HAVE_SYS_TIME_H
46 #include <sys/time.h>
47 #endif
48 
49 #ifdef EVENT__HAVE_SYS_SOCKET_H
50 #include <sys/socket.h>
51 #endif
52 
53 #ifdef EVENT__HAVE_SYS_UIO_H
54 #include <sys/uio.h>
55 #endif
56 
57 #ifdef EVENT__HAVE_SYS_IOCTL_H
58 #include <sys/ioctl.h>
59 #endif
60 
61 #ifdef EVENT__HAVE_SYS_MMAN_H
62 #include <sys/mman.h>
63 #endif
64 
65 #ifdef EVENT__HAVE_SYS_SENDFILE_H
66 #include <sys/sendfile.h>
67 #endif
68 #ifdef EVENT__HAVE_SYS_STAT_H
69 #include <sys/stat.h>
70 #endif
71 
72 
73 #include <errno.h>
74 #include <stdio.h>
75 #include <stdlib.h>
76 #include <string.h>
77 #ifdef EVENT__HAVE_STDARG_H
78 #include <stdarg.h>
79 #endif
80 #ifdef EVENT__HAVE_UNISTD_H
81 #include <unistd.h>
82 #endif
83 #include <limits.h>
84 
85 #include "event2/event.h"
86 #include "event2/buffer.h"
87 #include "event2/buffer_compat.h"
88 #include "event2/bufferevent.h"
89 #include "event2/bufferevent_compat.h"
90 #include "event2/bufferevent_struct.h"
91 #include "event2/thread.h"
92 #include "log-internal.h"
93 #include "mm-internal.h"
94 #include "util-internal.h"
95 #include "evthread-internal.h"
96 #include "evbuffer-internal.h"
97 #include "bufferevent-internal.h"
98 
99 /* some systems do not have MAP_FAILED */
100 #ifndef MAP_FAILED
101 #define MAP_FAILED	((void *)-1)
102 #endif
103 
104 /* send file support */
105 #if defined(EVENT__HAVE_SYS_SENDFILE_H) && defined(EVENT__HAVE_SENDFILE) && defined(__linux__)
106 #define USE_SENDFILE		1
107 #define SENDFILE_IS_LINUX	1
108 #elif defined(EVENT__HAVE_SENDFILE) && defined(__FreeBSD__)
109 #define USE_SENDFILE		1
110 #define SENDFILE_IS_FREEBSD	1
111 #elif defined(EVENT__HAVE_SENDFILE) && defined(__APPLE__)
112 #define USE_SENDFILE		1
113 #define SENDFILE_IS_MACOSX	1
114 #elif defined(EVENT__HAVE_SENDFILE) && defined(__sun__) && defined(__svr4__)
115 #define USE_SENDFILE		1
116 #define SENDFILE_IS_SOLARIS	1
117 #endif
118 
119 /* Mask of user-selectable callback flags. */
120 #define EVBUFFER_CB_USER_FLAGS	    0xffff
121 /* Mask of all internal-use-only flags. */
122 #define EVBUFFER_CB_INTERNAL_FLAGS  0xffff0000
123 
124 /* Flag set if the callback is using the cb_obsolete function pointer  */
125 #define EVBUFFER_CB_OBSOLETE	       0x00040000
126 
127 /* evbuffer_chain support */
128 #define CHAIN_SPACE_PTR(ch) ((ch)->buffer + (ch)->misalign + (ch)->off)
129 #define CHAIN_SPACE_LEN(ch) ((ch)->flags & EVBUFFER_IMMUTABLE ? \
130 	    0 : (ch)->buffer_len - ((ch)->misalign + (ch)->off))
131 
132 #define CHAIN_PINNED(ch)  (((ch)->flags & EVBUFFER_MEM_PINNED_ANY) != 0)
133 #define CHAIN_PINNED_R(ch)  (((ch)->flags & EVBUFFER_MEM_PINNED_R) != 0)
134 
135 /* evbuffer_ptr support */
136 #define PTR_NOT_FOUND(ptr) do {			\
137 	(ptr)->pos = -1;					\
138 	(ptr)->internal_.chain = NULL;		\
139 	(ptr)->internal_.pos_in_chain = 0;	\
140 } while (0)
141 
142 static void evbuffer_chain_align(struct evbuffer_chain *chain);
143 static int evbuffer_chain_should_realign(struct evbuffer_chain *chain,
144     size_t datalen);
145 static void evbuffer_deferred_callback(struct event_callback *cb, void *arg);
146 static int evbuffer_ptr_memcmp(const struct evbuffer *buf,
147     const struct evbuffer_ptr *pos, const char *mem, size_t len);
148 static struct evbuffer_chain *evbuffer_expand_singlechain(struct evbuffer *buf,
149     size_t datlen);
150 static int evbuffer_ptr_subtract(struct evbuffer *buf, struct evbuffer_ptr *pos,
151     size_t howfar);
152 static int evbuffer_file_segment_materialize(struct evbuffer_file_segment *seg);
153 static inline void evbuffer_chain_incref(struct evbuffer_chain *chain);
154 
155 static struct evbuffer_chain *
156 evbuffer_chain_new(size_t size)
157 {
158 	struct evbuffer_chain *chain;
159 	size_t to_alloc;
160 
161 	if (size > EVBUFFER_CHAIN_MAX - EVBUFFER_CHAIN_SIZE)
162 		return (NULL);
163 
164 	size += EVBUFFER_CHAIN_SIZE;
165 
166 	/* get the next largest memory that can hold the buffer */
167 	if (size < EVBUFFER_CHAIN_MAX / 2) {
168 		to_alloc = MIN_BUFFER_SIZE;
169 		while (to_alloc < size) {
170 			to_alloc <<= 1;
171 		}
172 	} else {
173 		to_alloc = size;
174 	}
175 
176 	/* we get everything in one chunk */
177 	if ((chain = mm_malloc(to_alloc)) == NULL)
178 		return (NULL);
179 
180 	memset(chain, 0, EVBUFFER_CHAIN_SIZE);
181 
182 	chain->buffer_len = to_alloc - EVBUFFER_CHAIN_SIZE;
183 
184 	/* this way we can manipulate the buffer to different addresses,
185 	 * which is required for mmap for example.
186 	 */
187 	chain->buffer = EVBUFFER_CHAIN_EXTRA(u_char, chain);
188 
189 	chain->refcnt = 1;
190 
191 	return (chain);
192 }
193 
194 static inline void
195 evbuffer_chain_free(struct evbuffer_chain *chain)
196 {
197 	EVUTIL_ASSERT(chain->refcnt > 0);
198 	if (--chain->refcnt > 0) {
199 		/* chain is still referenced by other chains */
200 		return;
201 	}
202 
203 	if (CHAIN_PINNED(chain)) {
204 		/* will get freed once no longer dangling */
205 		chain->refcnt++;
206 		chain->flags |= EVBUFFER_DANGLING;
207 		return;
208 	}
209 
210 	/* safe to release chain, it's either a referencing
211 	 * chain or all references to it have been freed */
212 	if (chain->flags & EVBUFFER_REFERENCE) {
213 		struct evbuffer_chain_reference *info =
214 		    EVBUFFER_CHAIN_EXTRA(
215 			    struct evbuffer_chain_reference,
216 			    chain);
217 		if (info->cleanupfn)
218 			(*info->cleanupfn)(chain->buffer,
219 			    chain->buffer_len,
220 			    info->extra);
221 	}
222 	if (chain->flags & EVBUFFER_FILESEGMENT) {
223 		struct evbuffer_chain_file_segment *info =
224 		    EVBUFFER_CHAIN_EXTRA(
225 			    struct evbuffer_chain_file_segment,
226 			    chain);
227 		if (info->segment) {
228 #ifdef _WIN32
229 			if (info->segment->is_mapping)
230 				UnmapViewOfFile(chain->buffer);
231 #endif
232 			evbuffer_file_segment_free(info->segment);
233 		}
234 	}
235 	if (chain->flags & EVBUFFER_MULTICAST) {
236 		struct evbuffer_multicast_parent *info =
237 		    EVBUFFER_CHAIN_EXTRA(
238 			    struct evbuffer_multicast_parent,
239 			    chain);
240 		/* referencing chain is being freed, decrease
241 		 * refcounts of source chain and associated
242 		 * evbuffer (which get freed once both reach
243 		 * zero) */
244 		EVUTIL_ASSERT(info->source != NULL);
245 		EVUTIL_ASSERT(info->parent != NULL);
246 		EVBUFFER_LOCK(info->source);
247 		evbuffer_chain_free(info->parent);
248 		evbuffer_decref_and_unlock_(info->source);
249 	}
250 
251 	mm_free(chain);
252 }
253 
254 static void
255 evbuffer_free_all_chains(struct evbuffer_chain *chain)
256 {
257 	struct evbuffer_chain *next;
258 	for (; chain; chain = next) {
259 		next = chain->next;
260 		evbuffer_chain_free(chain);
261 	}
262 }
263 
264 #ifndef NDEBUG
265 static int
266 evbuffer_chains_all_empty(struct evbuffer_chain *chain)
267 {
268 	for (; chain; chain = chain->next) {
269 		if (chain->off)
270 			return 0;
271 	}
272 	return 1;
273 }
274 #else
275 /* The definition is needed for EVUTIL_ASSERT, which uses sizeof to avoid
276 "unused variable" warnings. */
277 static inline int evbuffer_chains_all_empty(struct evbuffer_chain *chain) {
278 	return 1;
279 }
280 #endif
281 
282 /* Free all trailing chains in 'buf' that are neither pinned nor empty, prior
283  * to replacing them all with a new chain.  Return a pointer to the place
284  * where the new chain will go.
285  *
286  * Internal; requires lock.  The caller must fix up buf->last and buf->first
287  * as needed; they might have been freed.
288  */
289 static struct evbuffer_chain **
290 evbuffer_free_trailing_empty_chains(struct evbuffer *buf)
291 {
292 	struct evbuffer_chain **ch = buf->last_with_datap;
293 	/* Find the first victim chain.  It might be *last_with_datap */
294 	while ((*ch) && ((*ch)->off != 0 || CHAIN_PINNED(*ch)))
295 		ch = &(*ch)->next;
296 	if (*ch) {
297 		EVUTIL_ASSERT(evbuffer_chains_all_empty(*ch));
298 		evbuffer_free_all_chains(*ch);
299 		*ch = NULL;
300 	}
301 	return ch;
302 }
303 
304 /* Add a single chain 'chain' to the end of 'buf', freeing trailing empty
305  * chains as necessary.  Requires lock.  Does not schedule callbacks.
306  */
307 static void
308 evbuffer_chain_insert(struct evbuffer *buf,
309     struct evbuffer_chain *chain)
310 {
311 	ASSERT_EVBUFFER_LOCKED(buf);
312 	if (*buf->last_with_datap == NULL) {
313 		/* There are no chains data on the buffer at all. */
314 		EVUTIL_ASSERT(buf->last_with_datap == &buf->first);
315 		EVUTIL_ASSERT(buf->first == NULL);
316 		buf->first = buf->last = chain;
317 	} else {
318 		struct evbuffer_chain **chp;
319 		chp = evbuffer_free_trailing_empty_chains(buf);
320 		*chp = chain;
321 		if (chain->off)
322 			buf->last_with_datap = chp;
323 		buf->last = chain;
324 	}
325 	buf->total_len += chain->off;
326 }
327 
328 static inline struct evbuffer_chain *
329 evbuffer_chain_insert_new(struct evbuffer *buf, size_t datlen)
330 {
331 	struct evbuffer_chain *chain;
332 	if ((chain = evbuffer_chain_new(datlen)) == NULL)
333 		return NULL;
334 	evbuffer_chain_insert(buf, chain);
335 	return chain;
336 }
337 
338 void
339 evbuffer_chain_pin_(struct evbuffer_chain *chain, unsigned flag)
340 {
341 	EVUTIL_ASSERT((chain->flags & flag) == 0);
342 	chain->flags |= flag;
343 }
344 
345 void
346 evbuffer_chain_unpin_(struct evbuffer_chain *chain, unsigned flag)
347 {
348 	EVUTIL_ASSERT((chain->flags & flag) != 0);
349 	chain->flags &= ~flag;
350 	if (chain->flags & EVBUFFER_DANGLING)
351 		evbuffer_chain_free(chain);
352 }
353 
354 static inline void
355 evbuffer_chain_incref(struct evbuffer_chain *chain)
356 {
357     ++chain->refcnt;
358 }
359 
360 struct evbuffer *
361 evbuffer_new(void)
362 {
363 	struct evbuffer *buffer;
364 
365 	buffer = mm_calloc(1, sizeof(struct evbuffer));
366 	if (buffer == NULL)
367 		return (NULL);
368 
369 	LIST_INIT(&buffer->callbacks);
370 	buffer->refcnt = 1;
371 	buffer->last_with_datap = &buffer->first;
372 
373 	return (buffer);
374 }
375 
376 int
377 evbuffer_set_flags(struct evbuffer *buf, ev_uint64_t flags)
378 {
379 	EVBUFFER_LOCK(buf);
380 	buf->flags |= (ev_uint32_t)flags;
381 	EVBUFFER_UNLOCK(buf);
382 	return 0;
383 }
384 
385 int
386 evbuffer_clear_flags(struct evbuffer *buf, ev_uint64_t flags)
387 {
388 	EVBUFFER_LOCK(buf);
389 	buf->flags &= ~(ev_uint32_t)flags;
390 	EVBUFFER_UNLOCK(buf);
391 	return 0;
392 }
393 
394 void
395 evbuffer_incref_(struct evbuffer *buf)
396 {
397 	EVBUFFER_LOCK(buf);
398 	++buf->refcnt;
399 	EVBUFFER_UNLOCK(buf);
400 }
401 
402 void
403 evbuffer_incref_and_lock_(struct evbuffer *buf)
404 {
405 	EVBUFFER_LOCK(buf);
406 	++buf->refcnt;
407 }
408 
409 int
410 evbuffer_defer_callbacks(struct evbuffer *buffer, struct event_base *base)
411 {
412 	EVBUFFER_LOCK(buffer);
413 	buffer->cb_queue = base;
414 	buffer->deferred_cbs = 1;
415 	event_deferred_cb_init_(&buffer->deferred,
416 	    event_base_get_npriorities(base) / 2,
417 	    evbuffer_deferred_callback, buffer);
418 	EVBUFFER_UNLOCK(buffer);
419 	return 0;
420 }
421 
422 int
423 evbuffer_enable_locking(struct evbuffer *buf, void *lock)
424 {
425 #ifdef EVENT__DISABLE_THREAD_SUPPORT
426 	return -1;
427 #else
428 	if (buf->lock)
429 		return -1;
430 
431 	if (!lock) {
432 		EVTHREAD_ALLOC_LOCK(lock, EVTHREAD_LOCKTYPE_RECURSIVE);
433 		if (!lock)
434 			return -1;
435 		buf->lock = lock;
436 		buf->own_lock = 1;
437 	} else {
438 		buf->lock = lock;
439 		buf->own_lock = 0;
440 	}
441 
442 	return 0;
443 #endif
444 }
445 
446 void
447 evbuffer_set_parent_(struct evbuffer *buf, struct bufferevent *bev)
448 {
449 	EVBUFFER_LOCK(buf);
450 	buf->parent = bev;
451 	EVBUFFER_UNLOCK(buf);
452 }
453 
454 static void
455 evbuffer_run_callbacks(struct evbuffer *buffer, int running_deferred)
456 {
457 	struct evbuffer_cb_entry *cbent, *next;
458 	struct evbuffer_cb_info info;
459 	size_t new_size;
460 	ev_uint32_t mask, masked_val;
461 	int clear = 1;
462 
463 	if (running_deferred) {
464 		mask = EVBUFFER_CB_NODEFER|EVBUFFER_CB_ENABLED;
465 		masked_val = EVBUFFER_CB_ENABLED;
466 	} else if (buffer->deferred_cbs) {
467 		mask = EVBUFFER_CB_NODEFER|EVBUFFER_CB_ENABLED;
468 		masked_val = EVBUFFER_CB_NODEFER|EVBUFFER_CB_ENABLED;
469 		/* Don't zero-out n_add/n_del, since the deferred callbacks
470 		   will want to see them. */
471 		clear = 0;
472 	} else {
473 		mask = EVBUFFER_CB_ENABLED;
474 		masked_val = EVBUFFER_CB_ENABLED;
475 	}
476 
477 	ASSERT_EVBUFFER_LOCKED(buffer);
478 
479 	if (LIST_EMPTY(&buffer->callbacks)) {
480 		buffer->n_add_for_cb = buffer->n_del_for_cb = 0;
481 		return;
482 	}
483 	if (buffer->n_add_for_cb == 0 && buffer->n_del_for_cb == 0)
484 		return;
485 
486 	new_size = buffer->total_len;
487 	info.orig_size = new_size + buffer->n_del_for_cb - buffer->n_add_for_cb;
488 	info.n_added = buffer->n_add_for_cb;
489 	info.n_deleted = buffer->n_del_for_cb;
490 	if (clear) {
491 		buffer->n_add_for_cb = 0;
492 		buffer->n_del_for_cb = 0;
493 	}
494 	for (cbent = LIST_FIRST(&buffer->callbacks);
495 	     cbent != LIST_END(&buffer->callbacks);
496 	     cbent = next) {
497 		/* Get the 'next' pointer now in case this callback decides
498 		 * to remove itself or something. */
499 		next = LIST_NEXT(cbent, next);
500 
501 		if ((cbent->flags & mask) != masked_val)
502 			continue;
503 
504 		if ((cbent->flags & EVBUFFER_CB_OBSOLETE))
505 			cbent->cb.cb_obsolete(buffer,
506 			    info.orig_size, new_size, cbent->cbarg);
507 		else
508 			cbent->cb.cb_func(buffer, &info, cbent->cbarg);
509 	}
510 }
511 
512 void
513 evbuffer_invoke_callbacks_(struct evbuffer *buffer)
514 {
515 	if (LIST_EMPTY(&buffer->callbacks)) {
516 		buffer->n_add_for_cb = buffer->n_del_for_cb = 0;
517 		return;
518 	}
519 
520 	if (buffer->deferred_cbs) {
521 		if (event_deferred_cb_schedule_(buffer->cb_queue, &buffer->deferred)) {
522 			evbuffer_incref_and_lock_(buffer);
523 			if (buffer->parent)
524 				bufferevent_incref_(buffer->parent);
525 		}
526 		EVBUFFER_UNLOCK(buffer);
527 	}
528 
529 	evbuffer_run_callbacks(buffer, 0);
530 }
531 
532 static void
533 evbuffer_deferred_callback(struct event_callback *cb, void *arg)
534 {
535 	struct bufferevent *parent = NULL;
536 	struct evbuffer *buffer = arg;
537 
538 	/* XXXX It would be better to run these callbacks without holding the
539 	 * lock */
540 	EVBUFFER_LOCK(buffer);
541 	parent = buffer->parent;
542 	evbuffer_run_callbacks(buffer, 1);
543 	evbuffer_decref_and_unlock_(buffer);
544 	if (parent)
545 		bufferevent_decref_(parent);
546 }
547 
548 static void
549 evbuffer_remove_all_callbacks(struct evbuffer *buffer)
550 {
551 	struct evbuffer_cb_entry *cbent;
552 
553 	while ((cbent = LIST_FIRST(&buffer->callbacks))) {
554 		LIST_REMOVE(cbent, next);
555 		mm_free(cbent);
556 	}
557 }
558 
559 void
560 evbuffer_decref_and_unlock_(struct evbuffer *buffer)
561 {
562 	struct evbuffer_chain *chain, *next;
563 	ASSERT_EVBUFFER_LOCKED(buffer);
564 
565 	EVUTIL_ASSERT(buffer->refcnt > 0);
566 
567 	if (--buffer->refcnt > 0) {
568 		EVBUFFER_UNLOCK(buffer);
569 		return;
570 	}
571 
572 	for (chain = buffer->first; chain != NULL; chain = next) {
573 		next = chain->next;
574 		evbuffer_chain_free(chain);
575 	}
576 	evbuffer_remove_all_callbacks(buffer);
577 	if (buffer->deferred_cbs)
578 		event_deferred_cb_cancel_(buffer->cb_queue, &buffer->deferred);
579 
580 	EVBUFFER_UNLOCK(buffer);
581 	if (buffer->own_lock)
582 		EVTHREAD_FREE_LOCK(buffer->lock, EVTHREAD_LOCKTYPE_RECURSIVE);
583 	mm_free(buffer);
584 }
585 
586 void
587 evbuffer_free(struct evbuffer *buffer)
588 {
589 	EVBUFFER_LOCK(buffer);
590 	evbuffer_decref_and_unlock_(buffer);
591 }
592 
593 void
594 evbuffer_lock(struct evbuffer *buf)
595 {
596 	EVBUFFER_LOCK(buf);
597 }
598 
599 void
600 evbuffer_unlock(struct evbuffer *buf)
601 {
602 	EVBUFFER_UNLOCK(buf);
603 }
604 
605 size_t
606 evbuffer_get_length(const struct evbuffer *buffer)
607 {
608 	size_t result;
609 
610 	EVBUFFER_LOCK(buffer);
611 
612 	result = (buffer->total_len);
613 
614 	EVBUFFER_UNLOCK(buffer);
615 
616 	return result;
617 }
618 
619 size_t
620 evbuffer_get_contiguous_space(const struct evbuffer *buf)
621 {
622 	struct evbuffer_chain *chain;
623 	size_t result;
624 
625 	EVBUFFER_LOCK(buf);
626 	chain = buf->first;
627 	result = (chain != NULL ? chain->off : 0);
628 	EVBUFFER_UNLOCK(buf);
629 
630 	return result;
631 }
632 
633 size_t
634 evbuffer_add_iovec(struct evbuffer * buf, struct evbuffer_iovec * vec, int n_vec) {
635 	int n;
636 	size_t res;
637 	size_t to_alloc;
638 
639 	EVBUFFER_LOCK(buf);
640 
641 	res = to_alloc = 0;
642 
643 	for (n = 0; n < n_vec; n++) {
644 		to_alloc += vec[n].iov_len;
645 	}
646 
647 	if (evbuffer_expand_fast_(buf, to_alloc, 2) < 0) {
648 		goto done;
649 	}
650 
651 	for (n = 0; n < n_vec; n++) {
652 		/* XXX each 'add' call here does a bunch of setup that's
653 		 * obviated by evbuffer_expand_fast_, and some cleanup that we
654 		 * would like to do only once.  Instead we should just extract
655 		 * the part of the code that's needed. */
656 
657 		if (evbuffer_add(buf, vec[n].iov_base, vec[n].iov_len) < 0) {
658 			goto done;
659 		}
660 
661 		res += vec[n].iov_len;
662 	}
663 
664 done:
665     EVBUFFER_UNLOCK(buf);
666     return res;
667 }
668 
669 int
670 evbuffer_reserve_space(struct evbuffer *buf, ev_ssize_t size,
671     struct evbuffer_iovec *vec, int n_vecs)
672 {
673 	struct evbuffer_chain *chain, **chainp;
674 	int n = -1;
675 
676 	EVBUFFER_LOCK(buf);
677 	if (buf->freeze_end)
678 		goto done;
679 	if (n_vecs < 1)
680 		goto done;
681 	if (n_vecs == 1) {
682 		if ((chain = evbuffer_expand_singlechain(buf, size)) == NULL)
683 			goto done;
684 
685 		vec[0].iov_base = CHAIN_SPACE_PTR(chain);
686 		vec[0].iov_len = (size_t) CHAIN_SPACE_LEN(chain);
687 		EVUTIL_ASSERT(size<0 || (size_t)vec[0].iov_len >= (size_t)size);
688 		n = 1;
689 	} else {
690 		if (evbuffer_expand_fast_(buf, size, n_vecs)<0)
691 			goto done;
692 		n = evbuffer_read_setup_vecs_(buf, size, vec, n_vecs,
693 				&chainp, 0);
694 	}
695 
696 done:
697 	EVBUFFER_UNLOCK(buf);
698 	return n;
699 
700 }
701 
702 static int
703 advance_last_with_data(struct evbuffer *buf)
704 {
705 	int n = 0;
706 	ASSERT_EVBUFFER_LOCKED(buf);
707 
708 	if (!*buf->last_with_datap)
709 		return 0;
710 
711 	while ((*buf->last_with_datap)->next && (*buf->last_with_datap)->next->off) {
712 		buf->last_with_datap = &(*buf->last_with_datap)->next;
713 		++n;
714 	}
715 	return n;
716 }
717 
718 int
719 evbuffer_commit_space(struct evbuffer *buf,
720     struct evbuffer_iovec *vec, int n_vecs)
721 {
722 	struct evbuffer_chain *chain, **firstchainp, **chainp;
723 	int result = -1;
724 	size_t added = 0;
725 	int i;
726 
727 	EVBUFFER_LOCK(buf);
728 
729 	if (buf->freeze_end)
730 		goto done;
731 	if (n_vecs == 0) {
732 		result = 0;
733 		goto done;
734 	} else if (n_vecs == 1 &&
735 	    (buf->last && vec[0].iov_base == (void*)CHAIN_SPACE_PTR(buf->last))) {
736 		/* The user only got or used one chain; it might not
737 		 * be the first one with space in it. */
738 		if ((size_t)vec[0].iov_len > (size_t)CHAIN_SPACE_LEN(buf->last))
739 			goto done;
740 		buf->last->off += vec[0].iov_len;
741 		added = vec[0].iov_len;
742 		if (added)
743 			advance_last_with_data(buf);
744 		goto okay;
745 	}
746 
747 	/* Advance 'firstchain' to the first chain with space in it. */
748 	firstchainp = buf->last_with_datap;
749 	if (!*firstchainp)
750 		goto done;
751 	if (CHAIN_SPACE_LEN(*firstchainp) == 0) {
752 		firstchainp = &(*firstchainp)->next;
753 	}
754 
755 	chain = *firstchainp;
756 	/* pass 1: make sure that the pointers and lengths of vecs[] are in
757 	 * bounds before we try to commit anything. */
758 	for (i=0; i<n_vecs; ++i) {
759 		if (!chain)
760 			goto done;
761 		if (vec[i].iov_base != (void*)CHAIN_SPACE_PTR(chain) ||
762 		    (size_t)vec[i].iov_len > CHAIN_SPACE_LEN(chain))
763 			goto done;
764 		chain = chain->next;
765 	}
766 	/* pass 2: actually adjust all the chains. */
767 	chainp = firstchainp;
768 	for (i=0; i<n_vecs; ++i) {
769 		(*chainp)->off += vec[i].iov_len;
770 		added += vec[i].iov_len;
771 		if (vec[i].iov_len) {
772 			buf->last_with_datap = chainp;
773 		}
774 		chainp = &(*chainp)->next;
775 	}
776 
777 okay:
778 	buf->total_len += added;
779 	buf->n_add_for_cb += added;
780 	result = 0;
781 	evbuffer_invoke_callbacks_(buf);
782 
783 done:
784 	EVBUFFER_UNLOCK(buf);
785 	return result;
786 }
787 
788 static inline int
789 HAS_PINNED_R(struct evbuffer *buf)
790 {
791 	return (buf->last && CHAIN_PINNED_R(buf->last));
792 }
793 
794 static inline void
795 ZERO_CHAIN(struct evbuffer *dst)
796 {
797 	ASSERT_EVBUFFER_LOCKED(dst);
798 	dst->first = NULL;
799 	dst->last = NULL;
800 	dst->last_with_datap = &(dst)->first;
801 	dst->total_len = 0;
802 }
803 
804 /* Prepares the contents of src to be moved to another buffer by removing
805  * read-pinned chains. The first pinned chain is saved in first, and the
806  * last in last. If src has no read-pinned chains, first and last are set
807  * to NULL. */
808 static int
809 PRESERVE_PINNED(struct evbuffer *src, struct evbuffer_chain **first,
810 		struct evbuffer_chain **last)
811 {
812 	struct evbuffer_chain *chain, **pinned;
813 
814 	ASSERT_EVBUFFER_LOCKED(src);
815 
816 	if (!HAS_PINNED_R(src)) {
817 		*first = *last = NULL;
818 		return 0;
819 	}
820 
821 	pinned = src->last_with_datap;
822 	if (!CHAIN_PINNED_R(*pinned))
823 		pinned = &(*pinned)->next;
824 	EVUTIL_ASSERT(CHAIN_PINNED_R(*pinned));
825 	chain = *first = *pinned;
826 	*last = src->last;
827 
828 	/* If there's data in the first pinned chain, we need to allocate
829 	 * a new chain and copy the data over. */
830 	if (chain->off) {
831 		struct evbuffer_chain *tmp;
832 
833 		EVUTIL_ASSERT(pinned == src->last_with_datap);
834 		tmp = evbuffer_chain_new(chain->off);
835 		if (!tmp)
836 			return -1;
837 		memcpy(tmp->buffer, chain->buffer + chain->misalign,
838 			chain->off);
839 		tmp->off = chain->off;
840 		*src->last_with_datap = tmp;
841 		src->last = tmp;
842 		chain->misalign += chain->off;
843 		chain->off = 0;
844 	} else {
845 		src->last = *src->last_with_datap;
846 		*pinned = NULL;
847 	}
848 
849 	return 0;
850 }
851 
852 static inline void
853 RESTORE_PINNED(struct evbuffer *src, struct evbuffer_chain *pinned,
854 		struct evbuffer_chain *last)
855 {
856 	ASSERT_EVBUFFER_LOCKED(src);
857 
858 	if (!pinned) {
859 		ZERO_CHAIN(src);
860 		return;
861 	}
862 
863 	src->first = pinned;
864 	src->last = last;
865 	src->last_with_datap = &src->first;
866 	src->total_len = 0;
867 }
868 
869 static inline void
870 COPY_CHAIN(struct evbuffer *dst, struct evbuffer *src)
871 {
872 	ASSERT_EVBUFFER_LOCKED(dst);
873 	ASSERT_EVBUFFER_LOCKED(src);
874 	dst->first = src->first;
875 	if (src->last_with_datap == &src->first)
876 		dst->last_with_datap = &dst->first;
877 	else
878 		dst->last_with_datap = src->last_with_datap;
879 	dst->last = src->last;
880 	dst->total_len = src->total_len;
881 }
882 
883 static void
884 APPEND_CHAIN(struct evbuffer *dst, struct evbuffer *src)
885 {
886 	ASSERT_EVBUFFER_LOCKED(dst);
887 	ASSERT_EVBUFFER_LOCKED(src);
888 	dst->last->next = src->first;
889 	if (src->last_with_datap == &src->first)
890 		dst->last_with_datap = &dst->last->next;
891 	else
892 		dst->last_with_datap = src->last_with_datap;
893 	dst->last = src->last;
894 	dst->total_len += src->total_len;
895 }
896 
897 static inline void
898 APPEND_CHAIN_MULTICAST(struct evbuffer *dst, struct evbuffer *src)
899 {
900 	struct evbuffer_chain *tmp;
901 	struct evbuffer_chain *chain = src->first;
902 	struct evbuffer_multicast_parent *extra;
903 
904 	ASSERT_EVBUFFER_LOCKED(dst);
905 	ASSERT_EVBUFFER_LOCKED(src);
906 
907 	for (; chain; chain = chain->next) {
908 		if (!chain->off || chain->flags & EVBUFFER_DANGLING) {
909 			/* skip empty chains */
910 			continue;
911 		}
912 
913 		tmp = evbuffer_chain_new(sizeof(struct evbuffer_multicast_parent));
914 		if (!tmp) {
915 			event_warn("%s: out of memory", __func__);
916 			return;
917 		}
918 		extra = EVBUFFER_CHAIN_EXTRA(struct evbuffer_multicast_parent, tmp);
919 		/* reference evbuffer containing source chain so it
920 		 * doesn't get released while the chain is still
921 		 * being referenced to */
922 		evbuffer_incref_(src);
923 		extra->source = src;
924 		/* reference source chain which now becomes immutable */
925 		evbuffer_chain_incref(chain);
926 		extra->parent = chain;
927 		chain->flags |= EVBUFFER_IMMUTABLE;
928 		tmp->buffer_len = chain->buffer_len;
929 		tmp->misalign = chain->misalign;
930 		tmp->off = chain->off;
931 		tmp->flags |= EVBUFFER_MULTICAST|EVBUFFER_IMMUTABLE;
932 		tmp->buffer = chain->buffer;
933 		evbuffer_chain_insert(dst, tmp);
934 	}
935 }
936 
937 static void
938 PREPEND_CHAIN(struct evbuffer *dst, struct evbuffer *src)
939 {
940 	ASSERT_EVBUFFER_LOCKED(dst);
941 	ASSERT_EVBUFFER_LOCKED(src);
942 	src->last->next = dst->first;
943 	dst->first = src->first;
944 	dst->total_len += src->total_len;
945 	if (*dst->last_with_datap == NULL) {
946 		if (src->last_with_datap == &(src)->first)
947 			dst->last_with_datap = &dst->first;
948 		else
949 			dst->last_with_datap = src->last_with_datap;
950 	} else if (dst->last_with_datap == &dst->first) {
951 		dst->last_with_datap = &src->last->next;
952 	}
953 }
954 
955 int
956 evbuffer_add_buffer(struct evbuffer *outbuf, struct evbuffer *inbuf)
957 {
958 	struct evbuffer_chain *pinned, *last;
959 	size_t in_total_len, out_total_len;
960 	int result = 0;
961 
962 	EVBUFFER_LOCK2(inbuf, outbuf);
963 	in_total_len = inbuf->total_len;
964 	out_total_len = outbuf->total_len;
965 
966 	if (in_total_len == 0 || outbuf == inbuf)
967 		goto done;
968 
969 	if (outbuf->freeze_end || inbuf->freeze_start) {
970 		result = -1;
971 		goto done;
972 	}
973 
974 	if (PRESERVE_PINNED(inbuf, &pinned, &last) < 0) {
975 		result = -1;
976 		goto done;
977 	}
978 
979 	if (out_total_len == 0) {
980 		/* There might be an empty chain at the start of outbuf; free
981 		 * it. */
982 		evbuffer_free_all_chains(outbuf->first);
983 		COPY_CHAIN(outbuf, inbuf);
984 	} else {
985 		APPEND_CHAIN(outbuf, inbuf);
986 	}
987 
988 	RESTORE_PINNED(inbuf, pinned, last);
989 
990 	inbuf->n_del_for_cb += in_total_len;
991 	outbuf->n_add_for_cb += in_total_len;
992 
993 	evbuffer_invoke_callbacks_(inbuf);
994 	evbuffer_invoke_callbacks_(outbuf);
995 
996 done:
997 	EVBUFFER_UNLOCK2(inbuf, outbuf);
998 	return result;
999 }
1000 
1001 int
1002 evbuffer_add_buffer_reference(struct evbuffer *outbuf, struct evbuffer *inbuf)
1003 {
1004 	size_t in_total_len, out_total_len;
1005 	struct evbuffer_chain *chain;
1006 	int result = 0;
1007 
1008 	EVBUFFER_LOCK2(inbuf, outbuf);
1009 	in_total_len = inbuf->total_len;
1010 	out_total_len = outbuf->total_len;
1011 	chain = inbuf->first;
1012 
1013 	if (in_total_len == 0)
1014 		goto done;
1015 
1016 	if (outbuf->freeze_end || outbuf == inbuf) {
1017 		result = -1;
1018 		goto done;
1019 	}
1020 
1021 	for (; chain; chain = chain->next) {
1022 		if ((chain->flags & (EVBUFFER_FILESEGMENT|EVBUFFER_SENDFILE|EVBUFFER_MULTICAST)) != 0) {
1023 			/* chain type can not be referenced */
1024 			result = -1;
1025 			goto done;
1026 		}
1027 	}
1028 
1029 	if (out_total_len == 0) {
1030 		/* There might be an empty chain at the start of outbuf; free
1031 		 * it. */
1032 		evbuffer_free_all_chains(outbuf->first);
1033 	}
1034 	APPEND_CHAIN_MULTICAST(outbuf, inbuf);
1035 
1036 	outbuf->n_add_for_cb += in_total_len;
1037 	evbuffer_invoke_callbacks_(outbuf);
1038 
1039 done:
1040 	EVBUFFER_UNLOCK2(inbuf, outbuf);
1041 	return result;
1042 }
1043 
1044 int
1045 evbuffer_prepend_buffer(struct evbuffer *outbuf, struct evbuffer *inbuf)
1046 {
1047 	struct evbuffer_chain *pinned, *last;
1048 	size_t in_total_len, out_total_len;
1049 	int result = 0;
1050 
1051 	EVBUFFER_LOCK2(inbuf, outbuf);
1052 
1053 	in_total_len = inbuf->total_len;
1054 	out_total_len = outbuf->total_len;
1055 
1056 	if (!in_total_len || inbuf == outbuf)
1057 		goto done;
1058 
1059 	if (outbuf->freeze_start || inbuf->freeze_start) {
1060 		result = -1;
1061 		goto done;
1062 	}
1063 
1064 	if (PRESERVE_PINNED(inbuf, &pinned, &last) < 0) {
1065 		result = -1;
1066 		goto done;
1067 	}
1068 
1069 	if (out_total_len == 0) {
1070 		/* There might be an empty chain at the start of outbuf; free
1071 		 * it. */
1072 		evbuffer_free_all_chains(outbuf->first);
1073 		COPY_CHAIN(outbuf, inbuf);
1074 	} else {
1075 		PREPEND_CHAIN(outbuf, inbuf);
1076 	}
1077 
1078 	RESTORE_PINNED(inbuf, pinned, last);
1079 
1080 	inbuf->n_del_for_cb += in_total_len;
1081 	outbuf->n_add_for_cb += in_total_len;
1082 
1083 	evbuffer_invoke_callbacks_(inbuf);
1084 	evbuffer_invoke_callbacks_(outbuf);
1085 done:
1086 	EVBUFFER_UNLOCK2(inbuf, outbuf);
1087 	return result;
1088 }
1089 
1090 int
1091 evbuffer_drain(struct evbuffer *buf, size_t len)
1092 {
1093 	struct evbuffer_chain *chain, *next;
1094 	size_t remaining, old_len;
1095 	int result = 0;
1096 
1097 	EVBUFFER_LOCK(buf);
1098 	old_len = buf->total_len;
1099 
1100 	if (old_len == 0)
1101 		goto done;
1102 
1103 	if (buf->freeze_start) {
1104 		result = -1;
1105 		goto done;
1106 	}
1107 
1108 	if (len >= old_len && !HAS_PINNED_R(buf)) {
1109 		len = old_len;
1110 		for (chain = buf->first; chain != NULL; chain = next) {
1111 			next = chain->next;
1112 			evbuffer_chain_free(chain);
1113 		}
1114 
1115 		ZERO_CHAIN(buf);
1116 	} else {
1117 		if (len >= old_len)
1118 			len = old_len;
1119 
1120 		buf->total_len -= len;
1121 		remaining = len;
1122 		for (chain = buf->first;
1123 		     remaining >= chain->off;
1124 		     chain = next) {
1125 			next = chain->next;
1126 			remaining -= chain->off;
1127 
1128 			if (chain == *buf->last_with_datap) {
1129 				buf->last_with_datap = &buf->first;
1130 			}
1131 			if (&chain->next == buf->last_with_datap)
1132 				buf->last_with_datap = &buf->first;
1133 
1134 			if (CHAIN_PINNED_R(chain)) {
1135 				EVUTIL_ASSERT(remaining == 0);
1136 				chain->misalign += chain->off;
1137 				chain->off = 0;
1138 				break;
1139 			} else
1140 				evbuffer_chain_free(chain);
1141 		}
1142 
1143 		buf->first = chain;
1144 		EVUTIL_ASSERT(chain && remaining <= chain->off);
1145 		chain->misalign += remaining;
1146 		chain->off -= remaining;
1147 	}
1148 
1149 	buf->n_del_for_cb += len;
1150 	/* Tell someone about changes in this buffer */
1151 	evbuffer_invoke_callbacks_(buf);
1152 
1153 done:
1154 	EVBUFFER_UNLOCK(buf);
1155 	return result;
1156 }
1157 
1158 /* Reads data from an event buffer and drains the bytes read */
1159 int
1160 evbuffer_remove(struct evbuffer *buf, void *data_out, size_t datlen)
1161 {
1162 	ev_ssize_t n;
1163 	EVBUFFER_LOCK(buf);
1164 	n = evbuffer_copyout_from(buf, NULL, data_out, datlen);
1165 	if (n > 0) {
1166 		if (evbuffer_drain(buf, n)<0)
1167 			n = -1;
1168 	}
1169 	EVBUFFER_UNLOCK(buf);
1170 	return (int)n;
1171 }
1172 
1173 ev_ssize_t
1174 evbuffer_copyout(struct evbuffer *buf, void *data_out, size_t datlen)
1175 {
1176 	return evbuffer_copyout_from(buf, NULL, data_out, datlen);
1177 }
1178 
1179 ev_ssize_t
1180 evbuffer_copyout_from(struct evbuffer *buf, const struct evbuffer_ptr *pos,
1181     void *data_out, size_t datlen)
1182 {
1183 	/*XXX fails badly on sendfile case. */
1184 	struct evbuffer_chain *chain;
1185 	char *data = data_out;
1186 	size_t nread;
1187 	ev_ssize_t result = 0;
1188 	size_t pos_in_chain;
1189 
1190 	EVBUFFER_LOCK(buf);
1191 
1192 	if (pos) {
1193 		if (datlen > (size_t)(EV_SSIZE_MAX - pos->pos)) {
1194 			result = -1;
1195 			goto done;
1196 		}
1197 		chain = pos->internal_.chain;
1198 		pos_in_chain = pos->internal_.pos_in_chain;
1199 		if (datlen + pos->pos > buf->total_len)
1200 			datlen = buf->total_len - pos->pos;
1201 	} else {
1202 		chain = buf->first;
1203 		pos_in_chain = 0;
1204 		if (datlen > buf->total_len)
1205 			datlen = buf->total_len;
1206 	}
1207 
1208 
1209 	if (datlen == 0)
1210 		goto done;
1211 
1212 	if (buf->freeze_start) {
1213 		result = -1;
1214 		goto done;
1215 	}
1216 
1217 	nread = datlen;
1218 
1219 	while (datlen && datlen >= chain->off - pos_in_chain) {
1220 		size_t copylen = chain->off - pos_in_chain;
1221 		memcpy(data,
1222 		    chain->buffer + chain->misalign + pos_in_chain,
1223 		    copylen);
1224 		data += copylen;
1225 		datlen -= copylen;
1226 
1227 		chain = chain->next;
1228 		pos_in_chain = 0;
1229 		EVUTIL_ASSERT(chain || datlen==0);
1230 	}
1231 
1232 	if (datlen) {
1233 		EVUTIL_ASSERT(chain);
1234 		EVUTIL_ASSERT(datlen+pos_in_chain <= chain->off);
1235 
1236 		memcpy(data, chain->buffer + chain->misalign + pos_in_chain,
1237 		    datlen);
1238 	}
1239 
1240 	result = nread;
1241 done:
1242 	EVBUFFER_UNLOCK(buf);
1243 	return result;
1244 }
1245 
1246 /* reads data from the src buffer to the dst buffer, avoids memcpy as
1247  * possible. */
1248 /*  XXXX should return ev_ssize_t */
1249 int
1250 evbuffer_remove_buffer(struct evbuffer *src, struct evbuffer *dst,
1251     size_t datlen)
1252 {
1253 	/*XXX We should have an option to force this to be zero-copy.*/
1254 
1255 	/*XXX can fail badly on sendfile case. */
1256 	struct evbuffer_chain *chain, *previous;
1257 	size_t nread = 0;
1258 	int result;
1259 
1260 	EVBUFFER_LOCK2(src, dst);
1261 
1262 	chain = previous = src->first;
1263 
1264 	if (datlen == 0 || dst == src) {
1265 		result = 0;
1266 		goto done;
1267 	}
1268 
1269 	if (dst->freeze_end || src->freeze_start) {
1270 		result = -1;
1271 		goto done;
1272 	}
1273 
1274 	/* short-cut if there is no more data buffered */
1275 	if (datlen >= src->total_len) {
1276 		datlen = src->total_len;
1277 		evbuffer_add_buffer(dst, src);
1278 		result = (int)datlen; /*XXXX should return ev_ssize_t*/
1279 		goto done;
1280 	}
1281 
1282 	/* removes chains if possible */
1283 	while (chain->off <= datlen) {
1284 		/* We can't remove the last with data from src unless we
1285 		 * remove all chains, in which case we would have done the if
1286 		 * block above */
1287 		EVUTIL_ASSERT(chain != *src->last_with_datap);
1288 		nread += chain->off;
1289 		datlen -= chain->off;
1290 		previous = chain;
1291 		if (src->last_with_datap == &chain->next)
1292 			src->last_with_datap = &src->first;
1293 		chain = chain->next;
1294 	}
1295 
1296 	if (nread) {
1297 		/* we can remove the chain */
1298 		struct evbuffer_chain **chp;
1299 		chp = evbuffer_free_trailing_empty_chains(dst);
1300 
1301 		if (dst->first == NULL) {
1302 			dst->first = src->first;
1303 		} else {
1304 			*chp = src->first;
1305 		}
1306 		dst->last = previous;
1307 		previous->next = NULL;
1308 		src->first = chain;
1309 		advance_last_with_data(dst);
1310 
1311 		dst->total_len += nread;
1312 		dst->n_add_for_cb += nread;
1313 	}
1314 
1315 	/* we know that there is more data in the src buffer than
1316 	 * we want to read, so we manually drain the chain */
1317 	evbuffer_add(dst, chain->buffer + chain->misalign, datlen);
1318 	chain->misalign += datlen;
1319 	chain->off -= datlen;
1320 	nread += datlen;
1321 
1322 	/* You might think we would want to increment dst->n_add_for_cb
1323 	 * here too.  But evbuffer_add above already took care of that.
1324 	 */
1325 	src->total_len -= nread;
1326 	src->n_del_for_cb += nread;
1327 
1328 	if (nread) {
1329 		evbuffer_invoke_callbacks_(dst);
1330 		evbuffer_invoke_callbacks_(src);
1331 	}
1332 	result = (int)nread;/*XXXX should change return type */
1333 
1334 done:
1335 	EVBUFFER_UNLOCK2(src, dst);
1336 	return result;
1337 }
1338 
1339 unsigned char *
1340 evbuffer_pullup(struct evbuffer *buf, ev_ssize_t size)
1341 {
1342 	struct evbuffer_chain *chain, *next, *tmp, *last_with_data;
1343 	unsigned char *buffer, *result = NULL;
1344 	ev_ssize_t remaining;
1345 	int removed_last_with_data = 0;
1346 	int removed_last_with_datap = 0;
1347 
1348 	EVBUFFER_LOCK(buf);
1349 
1350 	chain = buf->first;
1351 
1352 	if (size < 0)
1353 		size = buf->total_len;
1354 	/* if size > buf->total_len, we cannot guarantee to the user that she
1355 	 * is going to have a long enough buffer afterwards; so we return
1356 	 * NULL */
1357 	if (size == 0 || (size_t)size > buf->total_len)
1358 		goto done;
1359 
1360 	/* No need to pull up anything; the first size bytes are
1361 	 * already here. */
1362 	if (chain->off >= (size_t)size) {
1363 		result = chain->buffer + chain->misalign;
1364 		goto done;
1365 	}
1366 
1367 	/* Make sure that none of the chains we need to copy from is pinned. */
1368 	remaining = size - chain->off;
1369 	EVUTIL_ASSERT(remaining >= 0);
1370 	for (tmp=chain->next; tmp; tmp=tmp->next) {
1371 		if (CHAIN_PINNED(tmp))
1372 			goto done;
1373 		if (tmp->off >= (size_t)remaining)
1374 			break;
1375 		remaining -= tmp->off;
1376 	}
1377 
1378 	if (CHAIN_PINNED(chain)) {
1379 		size_t old_off = chain->off;
1380 		if (CHAIN_SPACE_LEN(chain) < size - chain->off) {
1381 			/* not enough room at end of chunk. */
1382 			goto done;
1383 		}
1384 		buffer = CHAIN_SPACE_PTR(chain);
1385 		tmp = chain;
1386 		tmp->off = size;
1387 		size -= old_off;
1388 		chain = chain->next;
1389 	} else if (chain->buffer_len - chain->misalign >= (size_t)size) {
1390 		/* already have enough space in the first chain */
1391 		size_t old_off = chain->off;
1392 		buffer = chain->buffer + chain->misalign + chain->off;
1393 		tmp = chain;
1394 		tmp->off = size;
1395 		size -= old_off;
1396 		chain = chain->next;
1397 	} else {
1398 		if ((tmp = evbuffer_chain_new(size)) == NULL) {
1399 			event_warn("%s: out of memory", __func__);
1400 			goto done;
1401 		}
1402 		buffer = tmp->buffer;
1403 		tmp->off = size;
1404 		buf->first = tmp;
1405 	}
1406 
1407 	/* TODO(niels): deal with buffers that point to NULL like sendfile */
1408 
1409 	/* Copy and free every chunk that will be entirely pulled into tmp */
1410 	last_with_data = *buf->last_with_datap;
1411 	for (; chain != NULL && (size_t)size >= chain->off; chain = next) {
1412 		next = chain->next;
1413 
1414 		memcpy(buffer, chain->buffer + chain->misalign, chain->off);
1415 		size -= chain->off;
1416 		buffer += chain->off;
1417 		if (chain == last_with_data)
1418 			removed_last_with_data = 1;
1419 		if (&chain->next == buf->last_with_datap)
1420 			removed_last_with_datap = 1;
1421 
1422 		evbuffer_chain_free(chain);
1423 	}
1424 
1425 	if (chain != NULL) {
1426 		memcpy(buffer, chain->buffer + chain->misalign, size);
1427 		chain->misalign += size;
1428 		chain->off -= size;
1429 	} else {
1430 		buf->last = tmp;
1431 	}
1432 
1433 	tmp->next = chain;
1434 
1435 	if (removed_last_with_data) {
1436 		buf->last_with_datap = &buf->first;
1437 	} else if (removed_last_with_datap) {
1438 		if (buf->first->next && buf->first->next->off)
1439 			buf->last_with_datap = &buf->first->next;
1440 		else
1441 			buf->last_with_datap = &buf->first;
1442 	}
1443 
1444 	result = (tmp->buffer + tmp->misalign);
1445 
1446 done:
1447 	EVBUFFER_UNLOCK(buf);
1448 	return result;
1449 }
1450 
1451 /*
1452  * Reads a line terminated by either '\r\n', '\n\r' or '\r' or '\n'.
1453  * The returned buffer needs to be freed by the called.
1454  */
1455 char *
1456 evbuffer_readline(struct evbuffer *buffer)
1457 {
1458 	return evbuffer_readln(buffer, NULL, EVBUFFER_EOL_ANY);
1459 }
1460 
1461 static inline ev_ssize_t
1462 evbuffer_strchr(struct evbuffer_ptr *it, const char chr)
1463 {
1464 	struct evbuffer_chain *chain = it->internal_.chain;
1465 	size_t i = it->internal_.pos_in_chain;
1466 	while (chain != NULL) {
1467 		char *buffer = (char *)chain->buffer + chain->misalign;
1468 		char *cp = memchr(buffer+i, chr, chain->off-i);
1469 		if (cp) {
1470 			it->internal_.chain = chain;
1471 			it->internal_.pos_in_chain = cp - buffer;
1472 			it->pos += (cp - buffer - i);
1473 			return it->pos;
1474 		}
1475 		it->pos += chain->off - i;
1476 		i = 0;
1477 		chain = chain->next;
1478 	}
1479 
1480 	return (-1);
1481 }
1482 
1483 static inline char *
1484 find_eol_char(char *s, size_t len)
1485 {
1486 #define CHUNK_SZ 128
1487 	/* Lots of benchmarking found this approach to be faster in practice
1488 	 * than doing two memchrs over the whole buffer, doin a memchr on each
1489 	 * char of the buffer, or trying to emulate memchr by hand. */
1490 	char *s_end, *cr, *lf;
1491 	s_end = s+len;
1492 	while (s < s_end) {
1493 		size_t chunk = (s + CHUNK_SZ < s_end) ? CHUNK_SZ : (s_end - s);
1494 		cr = memchr(s, '\r', chunk);
1495 		lf = memchr(s, '\n', chunk);
1496 		if (cr) {
1497 			if (lf && lf < cr)
1498 				return lf;
1499 			return cr;
1500 		} else if (lf) {
1501 			return lf;
1502 		}
1503 		s += CHUNK_SZ;
1504 	}
1505 
1506 	return NULL;
1507 #undef CHUNK_SZ
1508 }
1509 
1510 static ev_ssize_t
1511 evbuffer_find_eol_char(struct evbuffer_ptr *it)
1512 {
1513 	struct evbuffer_chain *chain = it->internal_.chain;
1514 	size_t i = it->internal_.pos_in_chain;
1515 	while (chain != NULL) {
1516 		char *buffer = (char *)chain->buffer + chain->misalign;
1517 		char *cp = find_eol_char(buffer+i, chain->off-i);
1518 		if (cp) {
1519 			it->internal_.chain = chain;
1520 			it->internal_.pos_in_chain = cp - buffer;
1521 			it->pos += (cp - buffer) - i;
1522 			return it->pos;
1523 		}
1524 		it->pos += chain->off - i;
1525 		i = 0;
1526 		chain = chain->next;
1527 	}
1528 
1529 	return (-1);
1530 }
1531 
1532 static inline int
1533 evbuffer_strspn(
1534 	struct evbuffer_ptr *ptr, const char *chrset)
1535 {
1536 	int count = 0;
1537 	struct evbuffer_chain *chain = ptr->internal_.chain;
1538 	size_t i = ptr->internal_.pos_in_chain;
1539 
1540 	if (!chain)
1541 		return 0;
1542 
1543 	while (1) {
1544 		char *buffer = (char *)chain->buffer + chain->misalign;
1545 		for (; i < chain->off; ++i) {
1546 			const char *p = chrset;
1547 			while (*p) {
1548 				if (buffer[i] == *p++)
1549 					goto next;
1550 			}
1551 			ptr->internal_.chain = chain;
1552 			ptr->internal_.pos_in_chain = i;
1553 			ptr->pos += count;
1554 			return count;
1555 		next:
1556 			++count;
1557 		}
1558 		i = 0;
1559 
1560 		if (! chain->next) {
1561 			ptr->internal_.chain = chain;
1562 			ptr->internal_.pos_in_chain = i;
1563 			ptr->pos += count;
1564 			return count;
1565 		}
1566 
1567 		chain = chain->next;
1568 	}
1569 }
1570 
1571 
1572 static inline int
1573 evbuffer_getchr(struct evbuffer_ptr *it)
1574 {
1575 	struct evbuffer_chain *chain = it->internal_.chain;
1576 	size_t off = it->internal_.pos_in_chain;
1577 
1578 	if (chain == NULL)
1579 		return -1;
1580 
1581 	return (unsigned char)chain->buffer[chain->misalign + off];
1582 }
1583 
1584 struct evbuffer_ptr
1585 evbuffer_search_eol(struct evbuffer *buffer,
1586     struct evbuffer_ptr *start, size_t *eol_len_out,
1587     enum evbuffer_eol_style eol_style)
1588 {
1589 	struct evbuffer_ptr it, it2;
1590 	size_t extra_drain = 0;
1591 	int ok = 0;
1592 
1593 	/* Avoid locking in trivial edge cases */
1594 	if (start && start->internal_.chain == NULL) {
1595 		PTR_NOT_FOUND(&it);
1596 		if (eol_len_out)
1597 			*eol_len_out = extra_drain;
1598 		return it;
1599 	}
1600 
1601 	EVBUFFER_LOCK(buffer);
1602 
1603 	if (start) {
1604 		memcpy(&it, start, sizeof(it));
1605 	} else {
1606 		it.pos = 0;
1607 		it.internal_.chain = buffer->first;
1608 		it.internal_.pos_in_chain = 0;
1609 	}
1610 
1611 	/* the eol_style determines our first stop character and how many
1612 	 * characters we are going to drain afterwards. */
1613 	switch (eol_style) {
1614 	case EVBUFFER_EOL_ANY:
1615 		if (evbuffer_find_eol_char(&it) < 0)
1616 			goto done;
1617 		memcpy(&it2, &it, sizeof(it));
1618 		extra_drain = evbuffer_strspn(&it2, "\r\n");
1619 		break;
1620 	case EVBUFFER_EOL_CRLF_STRICT: {
1621 		it = evbuffer_search(buffer, "\r\n", 2, &it);
1622 		if (it.pos < 0)
1623 			goto done;
1624 		extra_drain = 2;
1625 		break;
1626 	}
1627 	case EVBUFFER_EOL_CRLF: {
1628 		ev_ssize_t start_pos = it.pos;
1629 		/* Look for a LF ... */
1630 		if (evbuffer_strchr(&it, '\n') < 0)
1631 			goto done;
1632 		extra_drain = 1;
1633 		/* ... optionally preceeded by a CR. */
1634 		if (it.pos == start_pos)
1635 			break; /* If the first character is \n, don't back up */
1636 		/* This potentially does an extra linear walk over the first
1637 		 * few chains.  Probably, that's not too expensive unless you
1638 		 * have a really pathological setup. */
1639 		memcpy(&it2, &it, sizeof(it));
1640 		if (evbuffer_ptr_subtract(buffer, &it2, 1)<0)
1641 			break;
1642 		if (evbuffer_getchr(&it2) == '\r') {
1643 			memcpy(&it, &it2, sizeof(it));
1644 			extra_drain = 2;
1645 		}
1646 		break;
1647 	}
1648 	case EVBUFFER_EOL_LF:
1649 		if (evbuffer_strchr(&it, '\n') < 0)
1650 			goto done;
1651 		extra_drain = 1;
1652 		break;
1653 	case EVBUFFER_EOL_NUL:
1654 		if (evbuffer_strchr(&it, '\0') < 0)
1655 			goto done;
1656 		extra_drain = 1;
1657 		break;
1658 	default:
1659 		goto done;
1660 	}
1661 
1662 	ok = 1;
1663 done:
1664 	EVBUFFER_UNLOCK(buffer);
1665 
1666 	if (!ok)
1667 		PTR_NOT_FOUND(&it);
1668 	if (eol_len_out)
1669 		*eol_len_out = extra_drain;
1670 
1671 	return it;
1672 }
1673 
1674 char *
1675 evbuffer_readln(struct evbuffer *buffer, size_t *n_read_out,
1676 		enum evbuffer_eol_style eol_style)
1677 {
1678 	struct evbuffer_ptr it;
1679 	char *line;
1680 	size_t n_to_copy=0, extra_drain=0;
1681 	char *result = NULL;
1682 
1683 	EVBUFFER_LOCK(buffer);
1684 
1685 	if (buffer->freeze_start) {
1686 		goto done;
1687 	}
1688 
1689 	it = evbuffer_search_eol(buffer, NULL, &extra_drain, eol_style);
1690 	if (it.pos < 0)
1691 		goto done;
1692 	n_to_copy = it.pos;
1693 
1694 	if ((line = mm_malloc(n_to_copy+1)) == NULL) {
1695 		event_warn("%s: out of memory", __func__);
1696 		goto done;
1697 	}
1698 
1699 	evbuffer_remove(buffer, line, n_to_copy);
1700 	line[n_to_copy] = '\0';
1701 
1702 	evbuffer_drain(buffer, extra_drain);
1703 	result = line;
1704 done:
1705 	EVBUFFER_UNLOCK(buffer);
1706 
1707 	if (n_read_out)
1708 		*n_read_out = result ? n_to_copy : 0;
1709 
1710 	return result;
1711 }
1712 
1713 #define EVBUFFER_CHAIN_MAX_AUTO_SIZE 4096
1714 
1715 /* Adds data to an event buffer */
1716 
1717 int
1718 evbuffer_add(struct evbuffer *buf, const void *data_in, size_t datlen)
1719 {
1720 	struct evbuffer_chain *chain, *tmp;
1721 	const unsigned char *data = data_in;
1722 	size_t remain, to_alloc;
1723 	int result = -1;
1724 
1725 	EVBUFFER_LOCK(buf);
1726 
1727 	if (buf->freeze_end) {
1728 		goto done;
1729 	}
1730 	/* Prevent buf->total_len overflow */
1731 	if (datlen > EV_SIZE_MAX - buf->total_len) {
1732 		goto done;
1733 	}
1734 
1735 	chain = buf->last;
1736 
1737 	/* If there are no chains allocated for this buffer, allocate one
1738 	 * big enough to hold all the data. */
1739 	if (chain == NULL) {
1740 		chain = evbuffer_chain_new(datlen);
1741 		if (!chain)
1742 			goto done;
1743 		evbuffer_chain_insert(buf, chain);
1744 	}
1745 
1746 	if ((chain->flags & EVBUFFER_IMMUTABLE) == 0) {
1747 		/* Always true for mutable buffers */
1748 		EVUTIL_ASSERT(chain->misalign >= 0 &&
1749 		    (ev_uint64_t)chain->misalign <= EVBUFFER_CHAIN_MAX);
1750 		remain = chain->buffer_len - (size_t)chain->misalign - chain->off;
1751 		if (remain >= datlen) {
1752 			/* there's enough space to hold all the data in the
1753 			 * current last chain */
1754 			memcpy(chain->buffer + chain->misalign + chain->off,
1755 			    data, datlen);
1756 			chain->off += datlen;
1757 			buf->total_len += datlen;
1758 			buf->n_add_for_cb += datlen;
1759 			goto out;
1760 		} else if (!CHAIN_PINNED(chain) &&
1761 		    evbuffer_chain_should_realign(chain, datlen)) {
1762 			/* we can fit the data into the misalignment */
1763 			evbuffer_chain_align(chain);
1764 
1765 			memcpy(chain->buffer + chain->off, data, datlen);
1766 			chain->off += datlen;
1767 			buf->total_len += datlen;
1768 			buf->n_add_for_cb += datlen;
1769 			goto out;
1770 		}
1771 	} else {
1772 		/* we cannot write any data to the last chain */
1773 		remain = 0;
1774 	}
1775 
1776 	/* we need to add another chain */
1777 	to_alloc = chain->buffer_len;
1778 	if (to_alloc <= EVBUFFER_CHAIN_MAX_AUTO_SIZE/2)
1779 		to_alloc <<= 1;
1780 	if (datlen > to_alloc)
1781 		to_alloc = datlen;
1782 	tmp = evbuffer_chain_new(to_alloc);
1783 	if (tmp == NULL)
1784 		goto done;
1785 
1786 	if (remain) {
1787 		memcpy(chain->buffer + chain->misalign + chain->off,
1788 		    data, remain);
1789 		chain->off += remain;
1790 		buf->total_len += remain;
1791 		buf->n_add_for_cb += remain;
1792 	}
1793 
1794 	data += remain;
1795 	datlen -= remain;
1796 
1797 	memcpy(tmp->buffer, data, datlen);
1798 	tmp->off = datlen;
1799 	evbuffer_chain_insert(buf, tmp);
1800 	buf->n_add_for_cb += datlen;
1801 
1802 out:
1803 	evbuffer_invoke_callbacks_(buf);
1804 	result = 0;
1805 done:
1806 	EVBUFFER_UNLOCK(buf);
1807 	return result;
1808 }
1809 
1810 int
1811 evbuffer_prepend(struct evbuffer *buf, const void *data, size_t datlen)
1812 {
1813 	struct evbuffer_chain *chain, *tmp;
1814 	int result = -1;
1815 
1816 	EVBUFFER_LOCK(buf);
1817 
1818 	if (buf->freeze_start) {
1819 		goto done;
1820 	}
1821 	if (datlen > EV_SIZE_MAX - buf->total_len) {
1822 		goto done;
1823 	}
1824 
1825 	chain = buf->first;
1826 
1827 	if (chain == NULL) {
1828 		chain = evbuffer_chain_new(datlen);
1829 		if (!chain)
1830 			goto done;
1831 		evbuffer_chain_insert(buf, chain);
1832 	}
1833 
1834 	/* we cannot touch immutable buffers */
1835 	if ((chain->flags & EVBUFFER_IMMUTABLE) == 0) {
1836 		/* Always true for mutable buffers */
1837 		EVUTIL_ASSERT(chain->misalign >= 0 &&
1838 		    (ev_uint64_t)chain->misalign <= EVBUFFER_CHAIN_MAX);
1839 
1840 		/* If this chain is empty, we can treat it as
1841 		 * 'empty at the beginning' rather than 'empty at the end' */
1842 		if (chain->off == 0)
1843 			chain->misalign = chain->buffer_len;
1844 
1845 		if ((size_t)chain->misalign >= datlen) {
1846 			/* we have enough space to fit everything */
1847 			memcpy(chain->buffer + chain->misalign - datlen,
1848 			    data, datlen);
1849 			chain->off += datlen;
1850 			chain->misalign -= datlen;
1851 			buf->total_len += datlen;
1852 			buf->n_add_for_cb += datlen;
1853 			goto out;
1854 		} else if (chain->misalign) {
1855 			/* we can only fit some of the data. */
1856 			memcpy(chain->buffer,
1857 			    (char*)data + datlen - chain->misalign,
1858 			    (size_t)chain->misalign);
1859 			chain->off += (size_t)chain->misalign;
1860 			buf->total_len += (size_t)chain->misalign;
1861 			buf->n_add_for_cb += (size_t)chain->misalign;
1862 			datlen -= (size_t)chain->misalign;
1863 			chain->misalign = 0;
1864 		}
1865 	}
1866 
1867 	/* we need to add another chain */
1868 	if ((tmp = evbuffer_chain_new(datlen)) == NULL)
1869 		goto done;
1870 	buf->first = tmp;
1871 	if (buf->last_with_datap == &buf->first)
1872 		buf->last_with_datap = &tmp->next;
1873 
1874 	tmp->next = chain;
1875 
1876 	tmp->off = datlen;
1877 	EVUTIL_ASSERT(datlen <= tmp->buffer_len);
1878 	tmp->misalign = tmp->buffer_len - datlen;
1879 
1880 	memcpy(tmp->buffer + tmp->misalign, data, datlen);
1881 	buf->total_len += datlen;
1882 	buf->n_add_for_cb += (size_t)chain->misalign;
1883 
1884 out:
1885 	evbuffer_invoke_callbacks_(buf);
1886 	result = 0;
1887 done:
1888 	EVBUFFER_UNLOCK(buf);
1889 	return result;
1890 }
1891 
1892 /** Helper: realigns the memory in chain->buffer so that misalign is 0. */
1893 static void
1894 evbuffer_chain_align(struct evbuffer_chain *chain)
1895 {
1896 	EVUTIL_ASSERT(!(chain->flags & EVBUFFER_IMMUTABLE));
1897 	EVUTIL_ASSERT(!(chain->flags & EVBUFFER_MEM_PINNED_ANY));
1898 	memmove(chain->buffer, chain->buffer + chain->misalign, chain->off);
1899 	chain->misalign = 0;
1900 }
1901 
1902 #define MAX_TO_COPY_IN_EXPAND 4096
1903 #define MAX_TO_REALIGN_IN_EXPAND 2048
1904 
1905 /** Helper: return true iff we should realign chain to fit datalen bytes of
1906     data in it. */
1907 static int
1908 evbuffer_chain_should_realign(struct evbuffer_chain *chain,
1909     size_t datlen)
1910 {
1911 	return chain->buffer_len - chain->off >= datlen &&
1912 	    (chain->off < chain->buffer_len / 2) &&
1913 	    (chain->off <= MAX_TO_REALIGN_IN_EXPAND);
1914 }
1915 
1916 /* Expands the available space in the event buffer to at least datlen, all in
1917  * a single chunk.  Return that chunk. */
1918 static struct evbuffer_chain *
1919 evbuffer_expand_singlechain(struct evbuffer *buf, size_t datlen)
1920 {
1921 	struct evbuffer_chain *chain, **chainp;
1922 	struct evbuffer_chain *result = NULL;
1923 	ASSERT_EVBUFFER_LOCKED(buf);
1924 
1925 	chainp = buf->last_with_datap;
1926 
1927 	/* XXX If *chainp is no longer writeable, but has enough space in its
1928 	 * misalign, this might be a bad idea: we could still use *chainp, not
1929 	 * (*chainp)->next. */
1930 	if (*chainp && CHAIN_SPACE_LEN(*chainp) == 0)
1931 		chainp = &(*chainp)->next;
1932 
1933 	/* 'chain' now points to the first chain with writable space (if any)
1934 	 * We will either use it, realign it, replace it, or resize it. */
1935 	chain = *chainp;
1936 
1937 	if (chain == NULL ||
1938 	    (chain->flags & (EVBUFFER_IMMUTABLE|EVBUFFER_MEM_PINNED_ANY))) {
1939 		/* We can't use the last_with_data chain at all.  Just add a
1940 		 * new one that's big enough. */
1941 		goto insert_new;
1942 	}
1943 
1944 	/* If we can fit all the data, then we don't have to do anything */
1945 	if (CHAIN_SPACE_LEN(chain) >= datlen) {
1946 		result = chain;
1947 		goto ok;
1948 	}
1949 
1950 	/* If the chain is completely empty, just replace it by adding a new
1951 	 * empty chain. */
1952 	if (chain->off == 0) {
1953 		goto insert_new;
1954 	}
1955 
1956 	/* If the misalignment plus the remaining space fulfills our data
1957 	 * needs, we could just force an alignment to happen.  Afterwards, we
1958 	 * have enough space.  But only do this if we're saving a lot of space
1959 	 * and not moving too much data.  Otherwise the space savings are
1960 	 * probably offset by the time lost in copying.
1961 	 */
1962 	if (evbuffer_chain_should_realign(chain, datlen)) {
1963 		evbuffer_chain_align(chain);
1964 		result = chain;
1965 		goto ok;
1966 	}
1967 
1968 	/* At this point, we can either resize the last chunk with space in
1969 	 * it, use the next chunk after it, or   If we add a new chunk, we waste
1970 	 * CHAIN_SPACE_LEN(chain) bytes in the former last chunk.  If we
1971 	 * resize, we have to copy chain->off bytes.
1972 	 */
1973 
1974 	/* Would expanding this chunk be affordable and worthwhile? */
1975 	if (CHAIN_SPACE_LEN(chain) < chain->buffer_len / 8 ||
1976 	    chain->off > MAX_TO_COPY_IN_EXPAND ||
1977 	    (datlen < EVBUFFER_CHAIN_MAX &&
1978 		EVBUFFER_CHAIN_MAX - datlen >= chain->off)) {
1979 		/* It's not worth resizing this chain. Can the next one be
1980 		 * used? */
1981 		if (chain->next && CHAIN_SPACE_LEN(chain->next) >= datlen) {
1982 			/* Yes, we can just use the next chain (which should
1983 			 * be empty. */
1984 			result = chain->next;
1985 			goto ok;
1986 		} else {
1987 			/* No; append a new chain (which will free all
1988 			 * terminal empty chains.) */
1989 			goto insert_new;
1990 		}
1991 	} else {
1992 		/* Okay, we're going to try to resize this chain: Not doing so
1993 		 * would waste at least 1/8 of its current allocation, and we
1994 		 * can do so without having to copy more than
1995 		 * MAX_TO_COPY_IN_EXPAND bytes. */
1996 		/* figure out how much space we need */
1997 		size_t length = chain->off + datlen;
1998 		struct evbuffer_chain *tmp = evbuffer_chain_new(length);
1999 		if (tmp == NULL)
2000 			goto err;
2001 
2002 		/* copy the data over that we had so far */
2003 		tmp->off = chain->off;
2004 		memcpy(tmp->buffer, chain->buffer + chain->misalign,
2005 		    chain->off);
2006 		/* fix up the list */
2007 		EVUTIL_ASSERT(*chainp == chain);
2008 		result = *chainp = tmp;
2009 
2010 		if (buf->last == chain)
2011 			buf->last = tmp;
2012 
2013 		tmp->next = chain->next;
2014 		evbuffer_chain_free(chain);
2015 		goto ok;
2016 	}
2017 
2018 insert_new:
2019 	result = evbuffer_chain_insert_new(buf, datlen);
2020 	if (!result)
2021 		goto err;
2022 ok:
2023 	EVUTIL_ASSERT(result);
2024 	EVUTIL_ASSERT(CHAIN_SPACE_LEN(result) >= datlen);
2025 err:
2026 	return result;
2027 }
2028 
2029 /* Make sure that datlen bytes are available for writing in the last n
2030  * chains.  Never copies or moves data. */
2031 int
2032 evbuffer_expand_fast_(struct evbuffer *buf, size_t datlen, int n)
2033 {
2034 	struct evbuffer_chain *chain = buf->last, *tmp, *next;
2035 	size_t avail;
2036 	int used;
2037 
2038 	ASSERT_EVBUFFER_LOCKED(buf);
2039 	EVUTIL_ASSERT(n >= 2);
2040 
2041 	if (chain == NULL || (chain->flags & EVBUFFER_IMMUTABLE)) {
2042 		/* There is no last chunk, or we can't touch the last chunk.
2043 		 * Just add a new chunk. */
2044 		chain = evbuffer_chain_new(datlen);
2045 		if (chain == NULL)
2046 			return (-1);
2047 
2048 		evbuffer_chain_insert(buf, chain);
2049 		return (0);
2050 	}
2051 
2052 	used = 0; /* number of chains we're using space in. */
2053 	avail = 0; /* how much space they have. */
2054 	/* How many bytes can we stick at the end of buffer as it is?  Iterate
2055 	 * over the chains at the end of the buffer, tring to see how much
2056 	 * space we have in the first n. */
2057 	for (chain = *buf->last_with_datap; chain; chain = chain->next) {
2058 		if (chain->off) {
2059 			size_t space = (size_t) CHAIN_SPACE_LEN(chain);
2060 			EVUTIL_ASSERT(chain == *buf->last_with_datap);
2061 			if (space) {
2062 				avail += space;
2063 				++used;
2064 			}
2065 		} else {
2066 			/* No data in chain; realign it. */
2067 			chain->misalign = 0;
2068 			avail += chain->buffer_len;
2069 			++used;
2070 		}
2071 		if (avail >= datlen) {
2072 			/* There is already enough space.  Just return */
2073 			return (0);
2074 		}
2075 		if (used == n)
2076 			break;
2077 	}
2078 
2079 	/* There wasn't enough space in the first n chains with space in
2080 	 * them. Either add a new chain with enough space, or replace all
2081 	 * empty chains with one that has enough space, depending on n. */
2082 	if (used < n) {
2083 		/* The loop ran off the end of the chains before it hit n
2084 		 * chains; we can add another. */
2085 		EVUTIL_ASSERT(chain == NULL);
2086 
2087 		tmp = evbuffer_chain_new(datlen - avail);
2088 		if (tmp == NULL)
2089 			return (-1);
2090 
2091 		buf->last->next = tmp;
2092 		buf->last = tmp;
2093 		/* (we would only set last_with_data if we added the first
2094 		 * chain. But if the buffer had no chains, we would have
2095 		 * just allocated a new chain earlier) */
2096 		return (0);
2097 	} else {
2098 		/* Nuke _all_ the empty chains. */
2099 		int rmv_all = 0; /* True iff we removed last_with_data. */
2100 		chain = *buf->last_with_datap;
2101 		if (!chain->off) {
2102 			EVUTIL_ASSERT(chain == buf->first);
2103 			rmv_all = 1;
2104 			avail = 0;
2105 		} else {
2106 			/* can't overflow, since only mutable chains have
2107 			 * huge misaligns. */
2108 			avail = (size_t) CHAIN_SPACE_LEN(chain);
2109 			chain = chain->next;
2110 		}
2111 
2112 
2113 		for (; chain; chain = next) {
2114 			next = chain->next;
2115 			EVUTIL_ASSERT(chain->off == 0);
2116 			evbuffer_chain_free(chain);
2117 		}
2118 		EVUTIL_ASSERT(datlen >= avail);
2119 		tmp = evbuffer_chain_new(datlen - avail);
2120 		if (tmp == NULL) {
2121 			if (rmv_all) {
2122 				ZERO_CHAIN(buf);
2123 			} else {
2124 				buf->last = *buf->last_with_datap;
2125 				(*buf->last_with_datap)->next = NULL;
2126 			}
2127 			return (-1);
2128 		}
2129 
2130 		if (rmv_all) {
2131 			buf->first = buf->last = tmp;
2132 			buf->last_with_datap = &buf->first;
2133 		} else {
2134 			(*buf->last_with_datap)->next = tmp;
2135 			buf->last = tmp;
2136 		}
2137 		return (0);
2138 	}
2139 }
2140 
2141 int
2142 evbuffer_expand(struct evbuffer *buf, size_t datlen)
2143 {
2144 	struct evbuffer_chain *chain;
2145 
2146 	EVBUFFER_LOCK(buf);
2147 	chain = evbuffer_expand_singlechain(buf, datlen);
2148 	EVBUFFER_UNLOCK(buf);
2149 	return chain ? 0 : -1;
2150 }
2151 
2152 /*
2153  * Reads data from a file descriptor into a buffer.
2154  */
2155 
2156 #if defined(EVENT__HAVE_SYS_UIO_H) || defined(_WIN32)
2157 #define USE_IOVEC_IMPL
2158 #endif
2159 
2160 #ifdef USE_IOVEC_IMPL
2161 
2162 #ifdef EVENT__HAVE_SYS_UIO_H
2163 /* number of iovec we use for writev, fragmentation is going to determine
2164  * how much we end up writing */
2165 
2166 #define DEFAULT_WRITE_IOVEC 128
2167 
2168 #if defined(UIO_MAXIOV) && UIO_MAXIOV < DEFAULT_WRITE_IOVEC
2169 #define NUM_WRITE_IOVEC UIO_MAXIOV
2170 #elif defined(IOV_MAX) && IOV_MAX < DEFAULT_WRITE_IOVEC
2171 #define NUM_WRITE_IOVEC IOV_MAX
2172 #else
2173 #define NUM_WRITE_IOVEC DEFAULT_WRITE_IOVEC
2174 #endif
2175 
2176 #define IOV_TYPE struct iovec
2177 #define IOV_PTR_FIELD iov_base
2178 #define IOV_LEN_FIELD iov_len
2179 #define IOV_LEN_TYPE size_t
2180 #else
2181 #define NUM_WRITE_IOVEC 16
2182 #define IOV_TYPE WSABUF
2183 #define IOV_PTR_FIELD buf
2184 #define IOV_LEN_FIELD len
2185 #define IOV_LEN_TYPE unsigned long
2186 #endif
2187 #endif
2188 #define NUM_READ_IOVEC 4
2189 
2190 #define EVBUFFER_MAX_READ	4096
2191 
2192 /** Helper function to figure out which space to use for reading data into
2193     an evbuffer.  Internal use only.
2194 
2195     @param buf The buffer to read into
2196     @param howmuch How much we want to read.
2197     @param vecs An array of two or more iovecs or WSABUFs.
2198     @param n_vecs_avail The length of vecs
2199     @param chainp A pointer to a variable to hold the first chain we're
2200       reading into.
2201     @param exact Boolean: if true, we do not provide more than 'howmuch'
2202       space in the vectors, even if more space is available.
2203     @return The number of buffers we're using.
2204  */
2205 int
2206 evbuffer_read_setup_vecs_(struct evbuffer *buf, ev_ssize_t howmuch,
2207     struct evbuffer_iovec *vecs, int n_vecs_avail,
2208     struct evbuffer_chain ***chainp, int exact)
2209 {
2210 	struct evbuffer_chain *chain;
2211 	struct evbuffer_chain **firstchainp;
2212 	size_t so_far;
2213 	int i;
2214 	ASSERT_EVBUFFER_LOCKED(buf);
2215 
2216 	if (howmuch < 0)
2217 		return -1;
2218 
2219 	so_far = 0;
2220 	/* Let firstchain be the first chain with any space on it */
2221 	firstchainp = buf->last_with_datap;
2222 	if (CHAIN_SPACE_LEN(*firstchainp) == 0) {
2223 		firstchainp = &(*firstchainp)->next;
2224 	}
2225 
2226 	chain = *firstchainp;
2227 	for (i = 0; i < n_vecs_avail && so_far < (size_t)howmuch; ++i) {
2228 		size_t avail = (size_t) CHAIN_SPACE_LEN(chain);
2229 		if (avail > (howmuch - so_far) && exact)
2230 			avail = howmuch - so_far;
2231 		vecs[i].iov_base = CHAIN_SPACE_PTR(chain);
2232 		vecs[i].iov_len = avail;
2233 		so_far += avail;
2234 		chain = chain->next;
2235 	}
2236 
2237 	*chainp = firstchainp;
2238 	return i;
2239 }
2240 
2241 static int
2242 get_n_bytes_readable_on_socket(evutil_socket_t fd)
2243 {
2244 #if defined(FIONREAD) && defined(_WIN32)
2245 	unsigned long lng = EVBUFFER_MAX_READ;
2246 	if (ioctlsocket(fd, FIONREAD, &lng) < 0)
2247 		return -1;
2248 	/* Can overflow, but mostly harmlessly. XXXX */
2249 	return (int)lng;
2250 #elif defined(FIONREAD)
2251 	int n = EVBUFFER_MAX_READ;
2252 	if (ioctl(fd, FIONREAD, &n) < 0)
2253 		return -1;
2254 	return n;
2255 #else
2256 	return EVBUFFER_MAX_READ;
2257 #endif
2258 }
2259 
2260 /* TODO(niels): should this function return ev_ssize_t and take ev_ssize_t
2261  * as howmuch? */
2262 int
2263 evbuffer_read(struct evbuffer *buf, evutil_socket_t fd, int howmuch)
2264 {
2265 	struct evbuffer_chain **chainp;
2266 	int n;
2267 	int result;
2268 
2269 #ifdef USE_IOVEC_IMPL
2270 	int nvecs, i, remaining;
2271 #else
2272 	struct evbuffer_chain *chain;
2273 	unsigned char *p;
2274 #endif
2275 
2276 	EVBUFFER_LOCK(buf);
2277 
2278 	if (buf->freeze_end) {
2279 		result = -1;
2280 		goto done;
2281 	}
2282 
2283 	n = get_n_bytes_readable_on_socket(fd);
2284 	if (n <= 0 || n > EVBUFFER_MAX_READ)
2285 		n = EVBUFFER_MAX_READ;
2286 	if (howmuch < 0 || howmuch > n)
2287 		howmuch = n;
2288 
2289 #ifdef USE_IOVEC_IMPL
2290 	/* Since we can use iovecs, we're willing to use the last
2291 	 * NUM_READ_IOVEC chains. */
2292 	if (evbuffer_expand_fast_(buf, howmuch, NUM_READ_IOVEC) == -1) {
2293 		result = -1;
2294 		goto done;
2295 	} else {
2296 		IOV_TYPE vecs[NUM_READ_IOVEC];
2297 #ifdef EVBUFFER_IOVEC_IS_NATIVE_
2298 		nvecs = evbuffer_read_setup_vecs_(buf, howmuch, vecs,
2299 		    NUM_READ_IOVEC, &chainp, 1);
2300 #else
2301 		/* We aren't using the native struct iovec.  Therefore,
2302 		   we are on win32. */
2303 		struct evbuffer_iovec ev_vecs[NUM_READ_IOVEC];
2304 		nvecs = evbuffer_read_setup_vecs_(buf, howmuch, ev_vecs, 2,
2305 		    &chainp, 1);
2306 
2307 		for (i=0; i < nvecs; ++i)
2308 			WSABUF_FROM_EVBUFFER_IOV(&vecs[i], &ev_vecs[i]);
2309 #endif
2310 
2311 #ifdef _WIN32
2312 		{
2313 			DWORD bytesRead;
2314 			DWORD flags=0;
2315 			if (WSARecv(fd, vecs, nvecs, &bytesRead, &flags, NULL, NULL)) {
2316 				/* The read failed. It might be a close,
2317 				 * or it might be an error. */
2318 				if (WSAGetLastError() == WSAECONNABORTED)
2319 					n = 0;
2320 				else
2321 					n = -1;
2322 			} else
2323 				n = bytesRead;
2324 		}
2325 #else
2326 		n = readv(fd, vecs, nvecs);
2327 #endif
2328 	}
2329 
2330 #else /*!USE_IOVEC_IMPL*/
2331 	/* If we don't have FIONREAD, we might waste some space here */
2332 	/* XXX we _will_ waste some space here if there is any space left
2333 	 * over on buf->last. */
2334 	if ((chain = evbuffer_expand_singlechain(buf, howmuch)) == NULL) {
2335 		result = -1;
2336 		goto done;
2337 	}
2338 
2339 	/* We can append new data at this point */
2340 	p = chain->buffer + chain->misalign + chain->off;
2341 
2342 #ifndef _WIN32
2343 	n = read(fd, p, howmuch);
2344 #else
2345 	n = recv(fd, p, howmuch, 0);
2346 #endif
2347 #endif /* USE_IOVEC_IMPL */
2348 
2349 	if (n == -1) {
2350 		result = -1;
2351 		goto done;
2352 	}
2353 	if (n == 0) {
2354 		result = 0;
2355 		goto done;
2356 	}
2357 
2358 #ifdef USE_IOVEC_IMPL
2359 	remaining = n;
2360 	for (i=0; i < nvecs; ++i) {
2361 		/* can't overflow, since only mutable chains have
2362 		 * huge misaligns. */
2363 		size_t space = (size_t) CHAIN_SPACE_LEN(*chainp);
2364 		/* XXXX This is a kludge that can waste space in perverse
2365 		 * situations. */
2366 		if (space > EVBUFFER_CHAIN_MAX)
2367 			space = EVBUFFER_CHAIN_MAX;
2368 		if ((ev_ssize_t)space < remaining) {
2369 			(*chainp)->off += space;
2370 			remaining -= (int)space;
2371 		} else {
2372 			(*chainp)->off += remaining;
2373 			buf->last_with_datap = chainp;
2374 			break;
2375 		}
2376 		chainp = &(*chainp)->next;
2377 	}
2378 #else
2379 	chain->off += n;
2380 	advance_last_with_data(buf);
2381 #endif
2382 	buf->total_len += n;
2383 	buf->n_add_for_cb += n;
2384 
2385 	/* Tell someone about changes in this buffer */
2386 	evbuffer_invoke_callbacks_(buf);
2387 	result = n;
2388 done:
2389 	EVBUFFER_UNLOCK(buf);
2390 	return result;
2391 }
2392 
2393 #ifdef USE_IOVEC_IMPL
2394 static inline int
2395 evbuffer_write_iovec(struct evbuffer *buffer, evutil_socket_t fd,
2396     ev_ssize_t howmuch)
2397 {
2398 	IOV_TYPE iov[NUM_WRITE_IOVEC];
2399 	struct evbuffer_chain *chain = buffer->first;
2400 	int n, i = 0;
2401 
2402 	if (howmuch < 0)
2403 		return -1;
2404 
2405 	ASSERT_EVBUFFER_LOCKED(buffer);
2406 	/* XXX make this top out at some maximal data length?  if the
2407 	 * buffer has (say) 1MB in it, split over 128 chains, there's
2408 	 * no way it all gets written in one go. */
2409 	while (chain != NULL && i < NUM_WRITE_IOVEC && howmuch) {
2410 #ifdef USE_SENDFILE
2411 		/* we cannot write the file info via writev */
2412 		if (chain->flags & EVBUFFER_SENDFILE)
2413 			break;
2414 #endif
2415 		iov[i].IOV_PTR_FIELD = (void *) (chain->buffer + chain->misalign);
2416 		if ((size_t)howmuch >= chain->off) {
2417 			/* XXXcould be problematic when windows supports mmap*/
2418 			iov[i++].IOV_LEN_FIELD = (IOV_LEN_TYPE)chain->off;
2419 			howmuch -= chain->off;
2420 		} else {
2421 			/* XXXcould be problematic when windows supports mmap*/
2422 			iov[i++].IOV_LEN_FIELD = (IOV_LEN_TYPE)howmuch;
2423 			break;
2424 		}
2425 		chain = chain->next;
2426 	}
2427 	if (! i)
2428 		return 0;
2429 
2430 #ifdef _WIN32
2431 	{
2432 		DWORD bytesSent;
2433 		if (WSASend(fd, iov, i, &bytesSent, 0, NULL, NULL))
2434 			n = -1;
2435 		else
2436 			n = bytesSent;
2437 	}
2438 #else
2439 	n = writev(fd, iov, i);
2440 #endif
2441 	return (n);
2442 }
2443 #endif
2444 
2445 #ifdef USE_SENDFILE
2446 static inline int
2447 evbuffer_write_sendfile(struct evbuffer *buffer, evutil_socket_t dest_fd,
2448     ev_ssize_t howmuch)
2449 {
2450 	struct evbuffer_chain *chain = buffer->first;
2451 	struct evbuffer_chain_file_segment *info =
2452 	    EVBUFFER_CHAIN_EXTRA(struct evbuffer_chain_file_segment,
2453 		chain);
2454 	const int source_fd = info->segment->fd;
2455 #if defined(SENDFILE_IS_MACOSX) || defined(SENDFILE_IS_FREEBSD)
2456 	int res;
2457 	ev_off_t len = chain->off;
2458 #elif defined(SENDFILE_IS_LINUX) || defined(SENDFILE_IS_SOLARIS)
2459 	ev_ssize_t res;
2460 	ev_off_t offset = chain->misalign;
2461 #endif
2462 
2463 	ASSERT_EVBUFFER_LOCKED(buffer);
2464 
2465 #if defined(SENDFILE_IS_MACOSX)
2466 	res = sendfile(source_fd, dest_fd, chain->misalign, &len, NULL, 0);
2467 	if (res == -1 && !EVUTIL_ERR_RW_RETRIABLE(errno))
2468 		return (-1);
2469 
2470 	return (len);
2471 #elif defined(SENDFILE_IS_FREEBSD)
2472 	res = sendfile(source_fd, dest_fd, chain->misalign, chain->off, NULL, &len, 0);
2473 	if (res == -1 && !EVUTIL_ERR_RW_RETRIABLE(errno))
2474 		return (-1);
2475 
2476 	return (len);
2477 #elif defined(SENDFILE_IS_LINUX)
2478 	/* TODO(niels): implement splice */
2479 	res = sendfile(dest_fd, source_fd, &offset, chain->off);
2480 	if (res == -1 && EVUTIL_ERR_RW_RETRIABLE(errno)) {
2481 		/* if this is EAGAIN or EINTR return 0; otherwise, -1 */
2482 		return (0);
2483 	}
2484 	return (res);
2485 #elif defined(SENDFILE_IS_SOLARIS)
2486 	{
2487 		const off_t offset_orig = offset;
2488 		res = sendfile(dest_fd, source_fd, &offset, chain->off);
2489 		if (res == -1 && EVUTIL_ERR_RW_RETRIABLE(errno)) {
2490 			if (offset - offset_orig)
2491 				return offset - offset_orig;
2492 			/* if this is EAGAIN or EINTR and no bytes were
2493 			 * written, return 0 */
2494 			return (0);
2495 		}
2496 		return (res);
2497 	}
2498 #endif
2499 }
2500 #endif
2501 
2502 int
2503 evbuffer_write_atmost(struct evbuffer *buffer, evutil_socket_t fd,
2504     ev_ssize_t howmuch)
2505 {
2506 	int n = -1;
2507 
2508 	EVBUFFER_LOCK(buffer);
2509 
2510 	if (buffer->freeze_start) {
2511 		goto done;
2512 	}
2513 
2514 	if (howmuch < 0 || (size_t)howmuch > buffer->total_len)
2515 		howmuch = buffer->total_len;
2516 
2517 	if (howmuch > 0) {
2518 #ifdef USE_SENDFILE
2519 		struct evbuffer_chain *chain = buffer->first;
2520 		if (chain != NULL && (chain->flags & EVBUFFER_SENDFILE))
2521 			n = evbuffer_write_sendfile(buffer, fd, howmuch);
2522 		else {
2523 #endif
2524 #ifdef USE_IOVEC_IMPL
2525 		n = evbuffer_write_iovec(buffer, fd, howmuch);
2526 #elif defined(_WIN32)
2527 		/* XXX(nickm) Don't disable this code until we know if
2528 		 * the WSARecv code above works. */
2529 		void *p = evbuffer_pullup(buffer, howmuch);
2530 		EVUTIL_ASSERT(p || !howmuch);
2531 		n = send(fd, p, howmuch, 0);
2532 #else
2533 		void *p = evbuffer_pullup(buffer, howmuch);
2534 		EVUTIL_ASSERT(p || !howmuch);
2535 		n = write(fd, p, howmuch);
2536 #endif
2537 #ifdef USE_SENDFILE
2538 		}
2539 #endif
2540 	}
2541 
2542 	if (n > 0)
2543 		evbuffer_drain(buffer, n);
2544 
2545 done:
2546 	EVBUFFER_UNLOCK(buffer);
2547 	return (n);
2548 }
2549 
2550 int
2551 evbuffer_write(struct evbuffer *buffer, evutil_socket_t fd)
2552 {
2553 	return evbuffer_write_atmost(buffer, fd, -1);
2554 }
2555 
2556 unsigned char *
2557 evbuffer_find(struct evbuffer *buffer, const unsigned char *what, size_t len)
2558 {
2559 	unsigned char *search;
2560 	struct evbuffer_ptr ptr;
2561 
2562 	EVBUFFER_LOCK(buffer);
2563 
2564 	ptr = evbuffer_search(buffer, (const char *)what, len, NULL);
2565 	if (ptr.pos < 0) {
2566 		search = NULL;
2567 	} else {
2568 		search = evbuffer_pullup(buffer, ptr.pos + len);
2569 		if (search)
2570 			search += ptr.pos;
2571 	}
2572 	EVBUFFER_UNLOCK(buffer);
2573 	return search;
2574 }
2575 
2576 /* Subract <b>howfar</b> from the position of <b>pos</b> within
2577  * <b>buf</b>. Returns 0 on success, -1 on failure.
2578  *
2579  * This isn't exposed yet, because of potential inefficiency issues.
2580  * Maybe it should be. */
2581 static int
2582 evbuffer_ptr_subtract(struct evbuffer *buf, struct evbuffer_ptr *pos,
2583     size_t howfar)
2584 {
2585 	if (pos->pos < 0)
2586 		return -1;
2587 	if (howfar > (size_t)pos->pos)
2588 		return -1;
2589 	if (pos->internal_.chain && howfar <= pos->internal_.pos_in_chain) {
2590 		pos->internal_.pos_in_chain -= howfar;
2591 		pos->pos -= howfar;
2592 		return 0;
2593 	} else {
2594 		const size_t newpos = pos->pos - howfar;
2595 		/* Here's the inefficient part: it walks over the
2596 		 * chains until we hit newpos. */
2597 		return evbuffer_ptr_set(buf, pos, newpos, EVBUFFER_PTR_SET);
2598 	}
2599 }
2600 
2601 int
2602 evbuffer_ptr_set(struct evbuffer *buf, struct evbuffer_ptr *pos,
2603     size_t position, enum evbuffer_ptr_how how)
2604 {
2605 	size_t left = position;
2606 	struct evbuffer_chain *chain = NULL;
2607 	int result = 0;
2608 
2609 	EVBUFFER_LOCK(buf);
2610 
2611 	switch (how) {
2612 	case EVBUFFER_PTR_SET:
2613 		chain = buf->first;
2614 		pos->pos = position;
2615 		position = 0;
2616 		break;
2617 	case EVBUFFER_PTR_ADD:
2618 		/* this avoids iterating over all previous chains if
2619 		   we just want to advance the position */
2620 		if (pos->pos < 0 || EV_SIZE_MAX - position < (size_t)pos->pos) {
2621 			EVBUFFER_UNLOCK(buf);
2622 			return -1;
2623 		}
2624 		chain = pos->internal_.chain;
2625 		pos->pos += position;
2626 		position = pos->internal_.pos_in_chain;
2627 		break;
2628 	}
2629 
2630 	EVUTIL_ASSERT(EV_SIZE_MAX - left >= position);
2631 	while (chain && position + left >= chain->off) {
2632 		left -= chain->off - position;
2633 		chain = chain->next;
2634 		position = 0;
2635 	}
2636 	if (chain) {
2637 		pos->internal_.chain = chain;
2638 		pos->internal_.pos_in_chain = position + left;
2639 	} else if (left == 0) {
2640 		/* The first byte in the (nonexistent) chain after the last chain */
2641 		pos->internal_.chain = NULL;
2642 		pos->internal_.pos_in_chain = 0;
2643 	} else {
2644 		PTR_NOT_FOUND(pos);
2645 		result = -1;
2646 	}
2647 
2648 	EVBUFFER_UNLOCK(buf);
2649 
2650 	return result;
2651 }
2652 
2653 /**
2654    Compare the bytes in buf at position pos to the len bytes in mem.  Return
2655    less than 0, 0, or greater than 0 as memcmp.
2656  */
2657 static int
2658 evbuffer_ptr_memcmp(const struct evbuffer *buf, const struct evbuffer_ptr *pos,
2659     const char *mem, size_t len)
2660 {
2661 	struct evbuffer_chain *chain;
2662 	size_t position;
2663 	int r;
2664 
2665 	ASSERT_EVBUFFER_LOCKED(buf);
2666 
2667 	if (pos->pos < 0 ||
2668 	    EV_SIZE_MAX - len < (size_t)pos->pos ||
2669 	    pos->pos + len > buf->total_len)
2670 		return -1;
2671 
2672 	chain = pos->internal_.chain;
2673 	position = pos->internal_.pos_in_chain;
2674 	while (len && chain) {
2675 		size_t n_comparable;
2676 		if (len + position > chain->off)
2677 			n_comparable = chain->off - position;
2678 		else
2679 			n_comparable = len;
2680 		r = memcmp(chain->buffer + chain->misalign + position, mem,
2681 		    n_comparable);
2682 		if (r)
2683 			return r;
2684 		mem += n_comparable;
2685 		len -= n_comparable;
2686 		position = 0;
2687 		chain = chain->next;
2688 	}
2689 
2690 	return 0;
2691 }
2692 
2693 struct evbuffer_ptr
2694 evbuffer_search(struct evbuffer *buffer, const char *what, size_t len, const struct evbuffer_ptr *start)
2695 {
2696 	return evbuffer_search_range(buffer, what, len, start, NULL);
2697 }
2698 
2699 struct evbuffer_ptr
2700 evbuffer_search_range(struct evbuffer *buffer, const char *what, size_t len, const struct evbuffer_ptr *start, const struct evbuffer_ptr *end)
2701 {
2702 	struct evbuffer_ptr pos;
2703 	struct evbuffer_chain *chain, *last_chain = NULL;
2704 	const unsigned char *p;
2705 	char first;
2706 
2707 	EVBUFFER_LOCK(buffer);
2708 
2709 	if (start) {
2710 		memcpy(&pos, start, sizeof(pos));
2711 		chain = pos.internal_.chain;
2712 	} else {
2713 		pos.pos = 0;
2714 		chain = pos.internal_.chain = buffer->first;
2715 		pos.internal_.pos_in_chain = 0;
2716 	}
2717 
2718 	if (end)
2719 		last_chain = end->internal_.chain;
2720 
2721 	if (!len || len > EV_SSIZE_MAX)
2722 		goto done;
2723 
2724 	first = what[0];
2725 
2726 	while (chain) {
2727 		const unsigned char *start_at =
2728 		    chain->buffer + chain->misalign +
2729 		    pos.internal_.pos_in_chain;
2730 		p = memchr(start_at, first,
2731 		    chain->off - pos.internal_.pos_in_chain);
2732 		if (p) {
2733 			pos.pos += p - start_at;
2734 			pos.internal_.pos_in_chain += p - start_at;
2735 			if (!evbuffer_ptr_memcmp(buffer, &pos, what, len)) {
2736 				if (end && pos.pos + (ev_ssize_t)len > end->pos)
2737 					goto not_found;
2738 				else
2739 					goto done;
2740 			}
2741 			++pos.pos;
2742 			++pos.internal_.pos_in_chain;
2743 			if (pos.internal_.pos_in_chain == chain->off) {
2744 				chain = pos.internal_.chain = chain->next;
2745 				pos.internal_.pos_in_chain = 0;
2746 			}
2747 		} else {
2748 			if (chain == last_chain)
2749 				goto not_found;
2750 			pos.pos += chain->off - pos.internal_.pos_in_chain;
2751 			chain = pos.internal_.chain = chain->next;
2752 			pos.internal_.pos_in_chain = 0;
2753 		}
2754 	}
2755 
2756 not_found:
2757 	PTR_NOT_FOUND(&pos);
2758 done:
2759 	EVBUFFER_UNLOCK(buffer);
2760 	return pos;
2761 }
2762 
2763 int
2764 evbuffer_peek(struct evbuffer *buffer, ev_ssize_t len,
2765     struct evbuffer_ptr *start_at,
2766     struct evbuffer_iovec *vec, int n_vec)
2767 {
2768 	struct evbuffer_chain *chain;
2769 	int idx = 0;
2770 	ev_ssize_t len_so_far = 0;
2771 
2772 	/* Avoid locking in trivial edge cases */
2773 	if (start_at && start_at->internal_.chain == NULL)
2774 		return 0;
2775 
2776 	EVBUFFER_LOCK(buffer);
2777 
2778 	if (start_at) {
2779 		chain = start_at->internal_.chain;
2780 		len_so_far = chain->off
2781 		    - start_at->internal_.pos_in_chain;
2782 		idx = 1;
2783 		if (n_vec > 0) {
2784 			vec[0].iov_base = chain->buffer + chain->misalign
2785 			    + start_at->internal_.pos_in_chain;
2786 			vec[0].iov_len = len_so_far;
2787 		}
2788 		chain = chain->next;
2789 	} else {
2790 		chain = buffer->first;
2791 	}
2792 
2793 	if (n_vec == 0 && len < 0) {
2794 		/* If no vectors are provided and they asked for "everything",
2795 		 * pretend they asked for the actual available amount. */
2796 		len = buffer->total_len;
2797 		if (start_at) {
2798 			len -= start_at->pos;
2799 		}
2800 	}
2801 
2802 	while (chain) {
2803 		if (len >= 0 && len_so_far >= len)
2804 			break;
2805 		if (idx<n_vec) {
2806 			vec[idx].iov_base = chain->buffer + chain->misalign;
2807 			vec[idx].iov_len = chain->off;
2808 		} else if (len<0) {
2809 			break;
2810 		}
2811 		++idx;
2812 		len_so_far += chain->off;
2813 		chain = chain->next;
2814 	}
2815 
2816 	EVBUFFER_UNLOCK(buffer);
2817 
2818 	return idx;
2819 }
2820 
2821 
2822 int
2823 evbuffer_add_vprintf(struct evbuffer *buf, const char *fmt, va_list ap)
2824 {
2825 	char *buffer;
2826 	size_t space;
2827 	int sz, result = -1;
2828 	va_list aq;
2829 	struct evbuffer_chain *chain;
2830 
2831 
2832 	EVBUFFER_LOCK(buf);
2833 
2834 	if (buf->freeze_end) {
2835 		goto done;
2836 	}
2837 
2838 	/* make sure that at least some space is available */
2839 	if ((chain = evbuffer_expand_singlechain(buf, 64)) == NULL)
2840 		goto done;
2841 
2842 	for (;;) {
2843 #if 0
2844 		size_t used = chain->misalign + chain->off;
2845 		buffer = (char *)chain->buffer + chain->misalign + chain->off;
2846 		EVUTIL_ASSERT(chain->buffer_len >= used);
2847 		space = chain->buffer_len - used;
2848 #endif
2849 		buffer = (char*) CHAIN_SPACE_PTR(chain);
2850 		space = (size_t) CHAIN_SPACE_LEN(chain);
2851 
2852 #ifndef va_copy
2853 #define	va_copy(dst, src)	memcpy(&(dst), &(src), sizeof(va_list))
2854 #endif
2855 		va_copy(aq, ap);
2856 
2857 		sz = evutil_vsnprintf(buffer, space, fmt, aq);
2858 
2859 		va_end(aq);
2860 
2861 		if (sz < 0)
2862 			goto done;
2863 		if (INT_MAX >= EVBUFFER_CHAIN_MAX &&
2864 		    (size_t)sz >= EVBUFFER_CHAIN_MAX)
2865 			goto done;
2866 		if ((size_t)sz < space) {
2867 			chain->off += sz;
2868 			buf->total_len += sz;
2869 			buf->n_add_for_cb += sz;
2870 
2871 			advance_last_with_data(buf);
2872 			evbuffer_invoke_callbacks_(buf);
2873 			result = sz;
2874 			goto done;
2875 		}
2876 		if ((chain = evbuffer_expand_singlechain(buf, sz + 1)) == NULL)
2877 			goto done;
2878 	}
2879 	/* NOTREACHED */
2880 
2881 done:
2882 	EVBUFFER_UNLOCK(buf);
2883 	return result;
2884 }
2885 
2886 int
2887 evbuffer_add_printf(struct evbuffer *buf, const char *fmt, ...)
2888 {
2889 	int res = -1;
2890 	va_list ap;
2891 
2892 	va_start(ap, fmt);
2893 	res = evbuffer_add_vprintf(buf, fmt, ap);
2894 	va_end(ap);
2895 
2896 	return (res);
2897 }
2898 
2899 int
2900 evbuffer_add_reference(struct evbuffer *outbuf,
2901     const void *data, size_t datlen,
2902     evbuffer_ref_cleanup_cb cleanupfn, void *extra)
2903 {
2904 	struct evbuffer_chain *chain;
2905 	struct evbuffer_chain_reference *info;
2906 	int result = -1;
2907 
2908 	chain = evbuffer_chain_new(sizeof(struct evbuffer_chain_reference));
2909 	if (!chain)
2910 		return (-1);
2911 	chain->flags |= EVBUFFER_REFERENCE | EVBUFFER_IMMUTABLE;
2912 	chain->buffer = (u_char *)data;
2913 	chain->buffer_len = datlen;
2914 	chain->off = datlen;
2915 
2916 	info = EVBUFFER_CHAIN_EXTRA(struct evbuffer_chain_reference, chain);
2917 	info->cleanupfn = cleanupfn;
2918 	info->extra = extra;
2919 
2920 	EVBUFFER_LOCK(outbuf);
2921 	if (outbuf->freeze_end) {
2922 		/* don't call chain_free; we do not want to actually invoke
2923 		 * the cleanup function */
2924 		mm_free(chain);
2925 		goto done;
2926 	}
2927 	evbuffer_chain_insert(outbuf, chain);
2928 	outbuf->n_add_for_cb += datlen;
2929 
2930 	evbuffer_invoke_callbacks_(outbuf);
2931 
2932 	result = 0;
2933 done:
2934 	EVBUFFER_UNLOCK(outbuf);
2935 
2936 	return result;
2937 }
2938 
2939 /* TODO(niels): we may want to add to automagically convert to mmap, in
2940  * case evbuffer_remove() or evbuffer_pullup() are being used.
2941  */
2942 struct evbuffer_file_segment *
2943 evbuffer_file_segment_new(
2944 	int fd, ev_off_t offset, ev_off_t length, unsigned flags)
2945 {
2946 	struct evbuffer_file_segment *seg =
2947 	    mm_calloc(sizeof(struct evbuffer_file_segment), 1);
2948 	if (!seg)
2949 		return NULL;
2950 	seg->refcnt = 1;
2951 	seg->fd = fd;
2952 	seg->flags = flags;
2953 	seg->file_offset = offset;
2954 	seg->cleanup_cb = NULL;
2955 	seg->cleanup_cb_arg = NULL;
2956 #ifdef _WIN32
2957 #ifndef lseek
2958 #define lseek _lseeki64
2959 #endif
2960 #ifndef fstat
2961 #define fstat _fstat
2962 #endif
2963 #ifndef stat
2964 #define stat _stat
2965 #endif
2966 #endif
2967 	if (length == -1) {
2968 		struct stat st;
2969 		if (fstat(fd, &st) < 0)
2970 			goto err;
2971 		length = st.st_size;
2972 	}
2973 	seg->length = length;
2974 
2975 	if (offset < 0 || length < 0 ||
2976 	    ((ev_uint64_t)length > EVBUFFER_CHAIN_MAX) ||
2977 	    (ev_uint64_t)offset > (ev_uint64_t)(EVBUFFER_CHAIN_MAX - length))
2978 		goto err;
2979 
2980 #if defined(USE_SENDFILE)
2981 	if (!(flags & EVBUF_FS_DISABLE_SENDFILE)) {
2982 		seg->can_sendfile = 1;
2983 		goto done;
2984 	}
2985 #endif
2986 
2987 	if (evbuffer_file_segment_materialize(seg)<0)
2988 		goto err;
2989 
2990 #if defined(USE_SENDFILE)
2991 done:
2992 #endif
2993 	if (!(flags & EVBUF_FS_DISABLE_LOCKING)) {
2994 		EVTHREAD_ALLOC_LOCK(seg->lock, 0);
2995 	}
2996 	return seg;
2997 err:
2998 	mm_free(seg);
2999 	return NULL;
3000 }
3001 
3002 #ifdef EVENT__HAVE_MMAP
3003 static long
3004 get_page_size(void)
3005 {
3006 #ifdef SC_PAGE_SIZE
3007 	return sysconf(SC_PAGE_SIZE);
3008 #elif defined(_SC_PAGE_SIZE)
3009 	return sysconf(_SC_PAGE_SIZE);
3010 #else
3011 	return 1;
3012 #endif
3013 }
3014 #endif
3015 
3016 /* DOCDOC */
3017 /* Requires lock */
3018 static int
3019 evbuffer_file_segment_materialize(struct evbuffer_file_segment *seg)
3020 {
3021 	const unsigned flags = seg->flags;
3022 	const int fd = seg->fd;
3023 	const ev_off_t length = seg->length;
3024 	const ev_off_t offset = seg->file_offset;
3025 
3026 	if (seg->contents)
3027 		return 0; /* already materialized */
3028 
3029 #if defined(EVENT__HAVE_MMAP)
3030 	if (!(flags & EVBUF_FS_DISABLE_MMAP)) {
3031 		off_t offset_rounded = 0, offset_leftover = 0;
3032 		void *mapped;
3033 		if (offset) {
3034 			/* mmap implementations don't generally like us
3035 			 * to have an offset that isn't a round  */
3036 			long page_size = get_page_size();
3037 			if (page_size == -1)
3038 				goto err;
3039 			offset_leftover = offset % page_size;
3040 			offset_rounded = offset - offset_leftover;
3041 		}
3042 		mapped = mmap(NULL, length + offset_leftover,
3043 		    PROT_READ,
3044 #ifdef MAP_NOCACHE
3045 		    MAP_NOCACHE | /* ??? */
3046 #endif
3047 #ifdef MAP_FILE
3048 		    MAP_FILE |
3049 #endif
3050 		    MAP_PRIVATE,
3051 		    fd, offset_rounded);
3052 		if (mapped == MAP_FAILED) {
3053 			event_warn("%s: mmap(%d, %d, %zu) failed",
3054 			    __func__, fd, 0, (size_t)(offset + length));
3055 		} else {
3056 			seg->mapping = mapped;
3057 			seg->contents = (char*)mapped+offset_leftover;
3058 			seg->mmap_offset = 0;
3059 			seg->is_mapping = 1;
3060 			goto done;
3061 		}
3062 	}
3063 #endif
3064 #ifdef _WIN32
3065 	if (!(flags & EVBUF_FS_DISABLE_MMAP)) {
3066 		intptr_t h = _get_osfhandle(fd);
3067 		HANDLE m;
3068 		ev_uint64_t total_size = length+offset;
3069 		if ((HANDLE)h == INVALID_HANDLE_VALUE)
3070 			goto err;
3071 		m = CreateFileMapping((HANDLE)h, NULL, PAGE_READONLY,
3072 		    (total_size >> 32), total_size & 0xfffffffful,
3073 		    NULL);
3074 		if (m != INVALID_HANDLE_VALUE) { /* Does h leak? */
3075 			seg->mapping_handle = m;
3076 			seg->mmap_offset = offset;
3077 			seg->is_mapping = 1;
3078 			goto done;
3079 		}
3080 	}
3081 #endif
3082 	{
3083 		ev_off_t start_pos = lseek(fd, 0, SEEK_CUR), pos;
3084 		ev_off_t read_so_far = 0;
3085 		char *mem;
3086 		int e;
3087 		ev_ssize_t n = 0;
3088 		if (!(mem = mm_malloc(length)))
3089 			goto err;
3090 		if (start_pos < 0) {
3091 			mm_free(mem);
3092 			goto err;
3093 		}
3094 		if (lseek(fd, offset, SEEK_SET) < 0) {
3095 			mm_free(mem);
3096 			goto err;
3097 		}
3098 		while (read_so_far < length) {
3099 			n = read(fd, mem+read_so_far, length-read_so_far);
3100 			if (n <= 0)
3101 				break;
3102 			read_so_far += n;
3103 		}
3104 
3105 		e = errno;
3106 		pos = lseek(fd, start_pos, SEEK_SET);
3107 		if (n < 0 || (n == 0 && length > read_so_far)) {
3108 			mm_free(mem);
3109 			errno = e;
3110 			goto err;
3111 		} else if (pos < 0) {
3112 			mm_free(mem);
3113 			goto err;
3114 		}
3115 
3116 		seg->contents = mem;
3117 	}
3118 
3119 done:
3120 	return 0;
3121 err:
3122 	return -1;
3123 }
3124 
3125 void evbuffer_file_segment_add_cleanup_cb(struct evbuffer_file_segment *seg,
3126 	evbuffer_file_segment_cleanup_cb cb, void* arg)
3127 {
3128 	EVUTIL_ASSERT(seg->refcnt > 0);
3129 	seg->cleanup_cb = cb;
3130 	seg->cleanup_cb_arg = arg;
3131 }
3132 
3133 void
3134 evbuffer_file_segment_free(struct evbuffer_file_segment *seg)
3135 {
3136 	int refcnt;
3137 	EVLOCK_LOCK(seg->lock, 0);
3138 	refcnt = --seg->refcnt;
3139 	EVLOCK_UNLOCK(seg->lock, 0);
3140 	if (refcnt > 0)
3141 		return;
3142 	EVUTIL_ASSERT(refcnt == 0);
3143 
3144 	if (seg->is_mapping) {
3145 #ifdef _WIN32
3146 		CloseHandle(seg->mapping_handle);
3147 #elif defined (EVENT__HAVE_MMAP)
3148 		off_t offset_leftover;
3149 		offset_leftover = seg->file_offset % get_page_size();
3150 		if (munmap(seg->mapping, seg->length + offset_leftover) == -1)
3151 			event_warn("%s: munmap failed", __func__);
3152 #endif
3153 	} else if (seg->contents) {
3154 		mm_free(seg->contents);
3155 	}
3156 
3157 	if ((seg->flags & EVBUF_FS_CLOSE_ON_FREE) && seg->fd >= 0) {
3158 		close(seg->fd);
3159 	}
3160 
3161 	if (seg->cleanup_cb) {
3162 		(*seg->cleanup_cb)((struct evbuffer_file_segment const*)seg,
3163 		    seg->flags, seg->cleanup_cb_arg);
3164 		seg->cleanup_cb = NULL;
3165 		seg->cleanup_cb_arg = NULL;
3166 	}
3167 
3168 	EVTHREAD_FREE_LOCK(seg->lock, 0);
3169 	mm_free(seg);
3170 }
3171 
3172 int
3173 evbuffer_add_file_segment(struct evbuffer *buf,
3174     struct evbuffer_file_segment *seg, ev_off_t offset, ev_off_t length)
3175 {
3176 	struct evbuffer_chain *chain;
3177 	struct evbuffer_chain_file_segment *extra;
3178 	int can_use_sendfile = 0;
3179 
3180 	EVBUFFER_LOCK(buf);
3181 	EVLOCK_LOCK(seg->lock, 0);
3182 	if (buf->flags & EVBUFFER_FLAG_DRAINS_TO_FD) {
3183 		can_use_sendfile = 1;
3184 	} else {
3185 		if (!seg->contents) {
3186 			if (evbuffer_file_segment_materialize(seg)<0) {
3187 				EVLOCK_UNLOCK(seg->lock, 0);
3188 				EVBUFFER_UNLOCK(buf);
3189 				return -1;
3190 			}
3191 		}
3192 	}
3193 	++seg->refcnt;
3194 	EVLOCK_UNLOCK(seg->lock, 0);
3195 
3196 	if (buf->freeze_end)
3197 		goto err;
3198 
3199 	if (length < 0) {
3200 		if (offset > seg->length)
3201 			goto err;
3202 		length = seg->length - offset;
3203 	}
3204 
3205 	/* Can we actually add this? */
3206 	if (offset+length > seg->length)
3207 		goto err;
3208 
3209 	chain = evbuffer_chain_new(sizeof(struct evbuffer_chain_file_segment));
3210 	if (!chain)
3211 		goto err;
3212 	extra = EVBUFFER_CHAIN_EXTRA(struct evbuffer_chain_file_segment, chain);
3213 
3214 	chain->flags |= EVBUFFER_IMMUTABLE|EVBUFFER_FILESEGMENT;
3215 	if (can_use_sendfile && seg->can_sendfile) {
3216 		chain->flags |= EVBUFFER_SENDFILE;
3217 		chain->misalign = seg->file_offset + offset;
3218 		chain->off = length;
3219 		chain->buffer_len = chain->misalign + length;
3220 	} else if (seg->is_mapping) {
3221 #ifdef _WIN32
3222 		ev_uint64_t total_offset = seg->mmap_offset+offset;
3223 		ev_uint64_t offset_rounded=0, offset_remaining=0;
3224 		LPVOID data;
3225 		if (total_offset) {
3226 			SYSTEM_INFO si;
3227 			memset(&si, 0, sizeof(si)); /* cargo cult */
3228 			GetSystemInfo(&si);
3229 			offset_remaining = total_offset % si.dwAllocationGranularity;
3230 			offset_rounded = total_offset - offset_remaining;
3231 		}
3232 		data = MapViewOfFile(
3233 			seg->mapping_handle,
3234 			FILE_MAP_READ,
3235 			offset_rounded >> 32,
3236 			offset_rounded & 0xfffffffful,
3237 			length + offset_remaining);
3238 		if (data == NULL) {
3239 			mm_free(chain);
3240 			goto err;
3241 		}
3242 		chain->buffer = (unsigned char*) data;
3243 		chain->buffer_len = length+offset_remaining;
3244 		chain->misalign = offset_remaining;
3245 		chain->off = length;
3246 #else
3247 		chain->buffer = (unsigned char*)(seg->contents + offset);
3248 		chain->buffer_len = length;
3249 		chain->off = length;
3250 #endif
3251 	} else {
3252 		chain->buffer = (unsigned char*)(seg->contents + offset);
3253 		chain->buffer_len = length;
3254 		chain->off = length;
3255 	}
3256 
3257 	extra->segment = seg;
3258 	buf->n_add_for_cb += length;
3259 	evbuffer_chain_insert(buf, chain);
3260 
3261 	evbuffer_invoke_callbacks_(buf);
3262 
3263 	EVBUFFER_UNLOCK(buf);
3264 
3265 	return 0;
3266 err:
3267 	EVBUFFER_UNLOCK(buf);
3268 	evbuffer_file_segment_free(seg); /* Lowers the refcount */
3269 	return -1;
3270 }
3271 
3272 int
3273 evbuffer_add_file(struct evbuffer *buf, int fd, ev_off_t offset, ev_off_t length)
3274 {
3275 	struct evbuffer_file_segment *seg;
3276 	unsigned flags = EVBUF_FS_CLOSE_ON_FREE;
3277 	int r;
3278 
3279 	seg = evbuffer_file_segment_new(fd, offset, length, flags);
3280 	if (!seg)
3281 		return -1;
3282 	r = evbuffer_add_file_segment(buf, seg, 0, length);
3283 	if (r == 0)
3284 		evbuffer_file_segment_free(seg);
3285 	return r;
3286 }
3287 
3288 void
3289 evbuffer_setcb(struct evbuffer *buffer, evbuffer_cb cb, void *cbarg)
3290 {
3291 	EVBUFFER_LOCK(buffer);
3292 
3293 	if (!LIST_EMPTY(&buffer->callbacks))
3294 		evbuffer_remove_all_callbacks(buffer);
3295 
3296 	if (cb) {
3297 		struct evbuffer_cb_entry *ent =
3298 		    evbuffer_add_cb(buffer, NULL, cbarg);
3299 		ent->cb.cb_obsolete = cb;
3300 		ent->flags |= EVBUFFER_CB_OBSOLETE;
3301 	}
3302 	EVBUFFER_UNLOCK(buffer);
3303 }
3304 
3305 struct evbuffer_cb_entry *
3306 evbuffer_add_cb(struct evbuffer *buffer, evbuffer_cb_func cb, void *cbarg)
3307 {
3308 	struct evbuffer_cb_entry *e;
3309 	if (! (e = mm_calloc(1, sizeof(struct evbuffer_cb_entry))))
3310 		return NULL;
3311 	EVBUFFER_LOCK(buffer);
3312 	e->cb.cb_func = cb;
3313 	e->cbarg = cbarg;
3314 	e->flags = EVBUFFER_CB_ENABLED;
3315 	LIST_INSERT_HEAD(&buffer->callbacks, e, next);
3316 	EVBUFFER_UNLOCK(buffer);
3317 	return e;
3318 }
3319 
3320 int
3321 evbuffer_remove_cb_entry(struct evbuffer *buffer,
3322 			 struct evbuffer_cb_entry *ent)
3323 {
3324 	EVBUFFER_LOCK(buffer);
3325 	LIST_REMOVE(ent, next);
3326 	EVBUFFER_UNLOCK(buffer);
3327 	mm_free(ent);
3328 	return 0;
3329 }
3330 
3331 int
3332 evbuffer_remove_cb(struct evbuffer *buffer, evbuffer_cb_func cb, void *cbarg)
3333 {
3334 	struct evbuffer_cb_entry *cbent;
3335 	int result = -1;
3336 	EVBUFFER_LOCK(buffer);
3337 	LIST_FOREACH(cbent, &buffer->callbacks, next) {
3338 		if (cb == cbent->cb.cb_func && cbarg == cbent->cbarg) {
3339 			result = evbuffer_remove_cb_entry(buffer, cbent);
3340 			goto done;
3341 		}
3342 	}
3343 done:
3344 	EVBUFFER_UNLOCK(buffer);
3345 	return result;
3346 }
3347 
3348 int
3349 evbuffer_cb_set_flags(struct evbuffer *buffer,
3350 		      struct evbuffer_cb_entry *cb, ev_uint32_t flags)
3351 {
3352 	/* the user isn't allowed to mess with these. */
3353 	flags &= ~EVBUFFER_CB_INTERNAL_FLAGS;
3354 	EVBUFFER_LOCK(buffer);
3355 	cb->flags |= flags;
3356 	EVBUFFER_UNLOCK(buffer);
3357 	return 0;
3358 }
3359 
3360 int
3361 evbuffer_cb_clear_flags(struct evbuffer *buffer,
3362 		      struct evbuffer_cb_entry *cb, ev_uint32_t flags)
3363 {
3364 	/* the user isn't allowed to mess with these. */
3365 	flags &= ~EVBUFFER_CB_INTERNAL_FLAGS;
3366 	EVBUFFER_LOCK(buffer);
3367 	cb->flags &= ~flags;
3368 	EVBUFFER_UNLOCK(buffer);
3369 	return 0;
3370 }
3371 
3372 int
3373 evbuffer_freeze(struct evbuffer *buffer, int start)
3374 {
3375 	EVBUFFER_LOCK(buffer);
3376 	if (start)
3377 		buffer->freeze_start = 1;
3378 	else
3379 		buffer->freeze_end = 1;
3380 	EVBUFFER_UNLOCK(buffer);
3381 	return 0;
3382 }
3383 
3384 int
3385 evbuffer_unfreeze(struct evbuffer *buffer, int start)
3386 {
3387 	EVBUFFER_LOCK(buffer);
3388 	if (start)
3389 		buffer->freeze_start = 0;
3390 	else
3391 		buffer->freeze_end = 0;
3392 	EVBUFFER_UNLOCK(buffer);
3393 	return 0;
3394 }
3395 
3396 #if 0
3397 void
3398 evbuffer_cb_suspend(struct evbuffer *buffer, struct evbuffer_cb_entry *cb)
3399 {
3400 	if (!(cb->flags & EVBUFFER_CB_SUSPENDED)) {
3401 		cb->size_before_suspend = evbuffer_get_length(buffer);
3402 		cb->flags |= EVBUFFER_CB_SUSPENDED;
3403 	}
3404 }
3405 
3406 void
3407 evbuffer_cb_unsuspend(struct evbuffer *buffer, struct evbuffer_cb_entry *cb)
3408 {
3409 	if ((cb->flags & EVBUFFER_CB_SUSPENDED)) {
3410 		unsigned call = (cb->flags & EVBUFFER_CB_CALL_ON_UNSUSPEND);
3411 		size_t sz = cb->size_before_suspend;
3412 		cb->flags &= ~(EVBUFFER_CB_SUSPENDED|
3413 			       EVBUFFER_CB_CALL_ON_UNSUSPEND);
3414 		cb->size_before_suspend = 0;
3415 		if (call && (cb->flags & EVBUFFER_CB_ENABLED)) {
3416 			cb->cb(buffer, sz, evbuffer_get_length(buffer), cb->cbarg);
3417 		}
3418 	}
3419 }
3420 #endif
3421 
3422 int
3423 evbuffer_get_callbacks_(struct evbuffer *buffer, struct event_callback **cbs,
3424     int max_cbs)
3425 {
3426 	int r = 0;
3427 	EVBUFFER_LOCK(buffer);
3428 	if (buffer->deferred_cbs) {
3429 		if (max_cbs < 1) {
3430 			r = -1;
3431 			goto done;
3432 		}
3433 		cbs[0] = &buffer->deferred;
3434 		r = 1;
3435 	}
3436 done:
3437 	EVBUFFER_UNLOCK(buffer);
3438 	return r;
3439 }
3440