add function to start spi transaction from isr

Previously security eFuses were only burnt if the flash was not encrypted
yet.
To enhance robustness of the security eFuse settings their correct setup
should be verified on each bootup. Else it would be possible for an
already encrypted ESP to be reflashed with firmware containing updated,
more restrictive eFuse settings without them ever being applied.
Additionally this change enables easy, secure use of ESPs with host sidee
flash preencryption. Flash preencryption by the host computer performing
the programming procedure can speed up the programming process by a great
deal since the flash no longer needs to be read, erased and written again
by the bootloader self-encryption routines. Additionally it avoids
bricking of ESPs through interruption of the self-ecnryption procedure.
Without this change the host would have to set up all fuses in the ESP
correctly by itself, duplicating the fuse configuration code already
present in the bootloader and creating additional maintenance burden for
the host software if anything about the fuse setup logic changes.
This commit changes the security eFuse configuration logic to always burn
any configured security eFuses on bootup, regardless of current flash
encryption status.

components/bootloader_support/src/bootloader_utility.c

@@ -717,7 +717,25 @@ static void load_image(const esp_image_metadata_t *image_data)
      */
     ESP_LOGI(TAG, "Checking flash encryption...");
     bool flash_encryption_enabled = esp_flash_encrypt_state();
-    if (!flash_encryption_enabled) {
+    if (flash_encryption_enabled) {
+#if BOOTLOADER_BUILD
+        /* Ensure security eFuses are burnt */
+        esp_efuse_batch_write_begin();
+        esp_err_t err = esp_flash_encryption_enable_secure_features();
+        if (err != ESP_OK) {
+            ESP_LOGE(TAG, "Error setting security eFuses (err=0x%x).", err);
+            esp_efuse_batch_write_cancel();
+            return;
+        }
+
+        err = esp_efuse_batch_write_commit();
+        if (err != ESP_OK) {
+            ESP_LOGE(TAG, "Error programming security eFuses (err=0x%x).", err);
+            return;
+        }
+        ESP_LOGI(TAG, "Security eFuses are burnt");
+#endif // BOOTLOADER_BUILD
+    } else {
 #ifdef CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED
         ESP_LOGE(TAG, "flash encryption is not enabled, and SECURE_FLASH_REQUIRE_ALREADY_ENABLED is set, refusing to boot.");
         return;

components/esp-tls/esp_tls.c

@@ -129,7 +129,7 @@ static ssize_t tcp_read(esp_tls_t *tls, char *data, size_t datalen)
 
 static ssize_t tcp_write(esp_tls_t *tls, const char *data, size_t datalen)
 {
-    return send(tls->sockfd, data, datalen, 0);
+    return send(tls->sockfd, data, datalen, MSG_MORE);
 }
 
 ssize_t esp_tls_conn_read(esp_tls_t *tls, void  *data, size_t datalen)

components/esp-tls/esp_tls_mbedtls.c

@@ -694,6 +694,7 @@ static esp_err_t set_server_config(esp_tls_cfg_server_t *cfg, esp_tls_t *tls)
         if (esp_ret != ESP_OK) {
             return esp_ret;
         }
+        mbedtls_ssl_conf_authmode(&tls->conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
     } else {
 #ifdef CONFIG_ESP_TLS_SERVER_MIN_AUTH_MODE_OPTIONAL
         mbedtls_ssl_conf_authmode(&tls->conf, MBEDTLS_SSL_VERIFY_OPTIONAL);

components/esp_driver_spi/include/driver/spi_master.h

@@ -407,6 +407,9 @@ int spi_get_freq_limit(bool gpio_is_used, int input_delay_ns);
  */
 esp_err_t spi_bus_get_max_transaction_len(spi_host_device_t host_id, size_t *max_bytes);
 
+intr_handle_t spi_bus_get_intr(spi_host_device_t host);
+void spi_dma_reset_start(spi_device_handle_t handle);
+
 #ifdef __cplusplus
 }
 #endif

components/esp_driver_spi/src/gpspi/spi_master.c

@@ -722,6 +722,22 @@ static void SPI_MASTER_ISR_ATTR spi_bus_intr_disable(void *host)
 #define spi_dma_start(chan, addr)   gdma_start(chan, (intptr_t)(addr))
 #endif
 
+void SPI_MASTER_ISR_ATTR spi_dma_reset_start(spi_device_handle_t handle){
+    spi_host_t *host = handle->host;
+    spi_hal_context_t *hal = &(host->hal);
+
+    const spi_dma_ctx_t *dma_ctx = host->dma_ctx;
+
+    spi_dma_reset(dma_ctx->rx_dma_chan);
+    spi_hal_hw_prepare_rx(hal->hw);
+    spi_dma_start(dma_ctx->rx_dma_chan, dma_ctx->dmadesc_rx);
+
+
+    spi_dma_reset(dma_ctx->tx_dma_chan);
+    spi_hal_hw_prepare_tx(hal->hw);
+    spi_dma_start(dma_ctx->tx_dma_chan, dma_ctx->dmadesc_tx);
+}
+
 static void SPI_MASTER_ISR_ATTR s_spi_dma_prepare_data(spi_host_t *host, spi_hal_context_t *hal, const spi_hal_dev_config_t *dev, const spi_hal_trans_config_t *trans)
 {
     const spi_dma_ctx_t *dma_ctx = host->dma_ctx;
@@ -1511,6 +1527,10 @@ esp_err_t spi_bus_get_max_transaction_len(spi_host_device_t host_id, size_t *max
     return ESP_OK;
 }
 
+intr_handle_t spi_bus_get_intr(spi_host_device_t host) {
+    return bus_driver_ctx[host]->intr;
+}
+
 #if SOC_SPI_SCT_SUPPORTED
 
 /*-----------------------------------------------------------

components/esp_http_client/esp_http_client.c

@@ -274,7 +274,8 @@ static int http_on_header_value(http_parser *parser, const char *at, size_t leng
     } else if (strcasecmp(client->current_header_key, "Transfer-Encoding") == 0
                && memcmp(at, "chunked", length) == 0) {
         client->response->is_chunked = true;
-    } else if (strcasecmp(client->current_header_key, "WWW-Authenticate") == 0) {
+    } else if (strcasecmp(client->current_header_key, "WWW-Authenticate") == 0 ||
+               strcasecmp(client->current_header_key, "X-WWW-Authenticate") == 0) {
         HTTP_RET_ON_FALSE_DBG(http_utils_append_string(&client->auth_header, at, length), -1, TAG, "Failed to append string");
     }
     HTTP_RET_ON_FALSE_DBG(http_utils_append_string(&client->current_header_value, at, length), -1, TAG, "Failed to append string");
@@ -1378,7 +1379,7 @@ int esp_http_client_read(esp_http_client_handle_t client, char *buffer, int len)
 esp_err_t esp_http_client_perform(esp_http_client_handle_t client)
 {
     esp_err_t err;
-    do {
+    //do {
         if (client->process_again) {
             esp_http_client_prepare(client);
         }
@@ -1486,8 +1487,9 @@ esp_err_t esp_http_client_perform(esp_http_client_handle_t client)
                 default:
                 break;
         }
-    } while (client->process_again);
-    return ESP_OK;
+    //} while (client->process_again);
+    //return ESP_OK;
+    return client->process_again ? ESP_ERR_HTTP_EAGAIN : ESP_OK;
 }
 
 int64_t esp_http_client_fetch_headers(esp_http_client_handle_t client)

components/esp_http_server/src/httpd_txrx.c

@@ -56,7 +56,7 @@ int httpd_send(httpd_req_t *r, const char *buf, size_t buf_len)
     }
 
     struct httpd_req_aux *ra = r->aux;
-    int ret = ra->sd->send_fn(ra->sd->handle, ra->sd->fd, buf, buf_len, 0);
+    int ret = ra->sd->send_fn(ra->sd->handle, ra->sd->fd, buf, buf_len, MSG_MORE);
     if (ret < 0) {
         ESP_LOGD(TAG, LOG_FMT("error in send_fn"));
         return ret;
@@ -70,7 +70,7 @@ static esp_err_t httpd_send_all(httpd_req_t *r, const char *buf, size_t buf_len)
     int ret;
 
     while (buf_len > 0) {
-        ret = ra->sd->send_fn(ra->sd->handle, ra->sd->fd, buf, buf_len, 0);
+        ret = ra->sd->send_fn(ra->sd->handle, ra->sd->fd, buf, buf_len, MSG_MORE);
         if (ret < 0) {
             ESP_LOGD(TAG, LOG_FMT("error in send_fn"));
             return ESP_FAIL;

components/esp_http_server/src/httpd_uri.c

@@ -300,10 +300,31 @@ esp_err_t httpd_uri(struct httpd_data *hd)
 
     /* If URI with method not found, respond with error code */
     if (uri == NULL) {
+
         switch (err) {
             case HTTPD_404_NOT_FOUND:
-                ESP_LOGW(TAG, LOG_FMT("URI '%s' not found"), req->uri);
+            {
+                char ipstr[INET6_ADDRSTRLEN] = "UNKNOWN";
+
+                const int sockfd = httpd_req_to_sockfd(req);
+
+                if (sockfd < 0)
+                    ESP_LOGW(TAG, "httpd_req_to_sockfd() failed with %i", sockfd);
+                else
+                {
+                    struct sockaddr_in6 addr;   // esp_http_server uses IPv6 addressing
+                    socklen_t addr_size = sizeof(addr);
+                    const int result = getpeername(sockfd, (struct sockaddr *)&addr, &addr_size);
+
+                    if (result < 0)
+                        ESP_LOGW(TAG, "getpeername() failed with %i", result);
+                    else
+                        inet_ntop(AF_INET, &addr.sin6_addr.un.u32_addr[3], ipstr, sizeof(ipstr));
+                }
+
+                ESP_LOGW(TAG, LOG_FMT("URI '%s' not found for %s"), req->uri, ipstr);
                 return httpd_req_handle_err(req, HTTPD_404_NOT_FOUND);
+            }
             case HTTPD_405_METHOD_NOT_ALLOWED:
                 ESP_LOGW(TAG, LOG_FMT("Method '%d' not allowed for URI '%s'"),
                          req->method, req->uri);

components/esp_http_server/src/httpd_ws.c

@@ -445,14 +445,14 @@ esp_err_t httpd_ws_send_frame_async(httpd_handle_t hd, int fd, httpd_ws_frame_t
     }
 
     /* Send off header */
-    if (sess->send_fn(hd, fd, (const char *)header_buf, tx_len, 0) < 0) {
+    if (sess->send_fn(hd, fd, (const char *)header_buf, tx_len, MSG_MORE) < 0) {
         ESP_LOGW(TAG, LOG_FMT("Failed to send WS header"));
         return ESP_FAIL;
     }
 
     /* Send off payload */
     if(frame->len > 0 && frame->payload != NULL) {
-        if (sess->send_fn(hd, fd, (const char *)frame->payload, frame->len, 0) < 0) {
+        if (sess->send_fn(hd, fd, (const char *)frame->payload, frame->len, MSG_MORE) < 0) {
             ESP_LOGW(TAG, LOG_FMT("Failed to send WS payload"));
             return ESP_FAIL;
         }

components/esp_netif/include/esp_netif_ppp.h

@@ -8,6 +8,8 @@
 #ifndef _ESP_NETIF_PPP_H_
 #define _ESP_NETIF_PPP_H_
 
+#include "esp_netif_types.h"
+
 #ifdef __cplusplus
 extern "C" {
 #endif

components/esp_system/include/esp_debug_helpers.h

@@ -18,9 +18,6 @@ extern "C" {
 #include "esp_err.h"
 #include "esp_cpu.h"
 
-#include "freertos/FreeRTOS.h"
-#include "freertos/task.h"
-
 /*
  * @brief   Structure used for backtracing
  *
@@ -132,8 +129,6 @@ esp_err_t esp_backtrace_print(int depth);
  */
 esp_err_t esp_backtrace_print_all_tasks(int depth);
 
-esp_err_t esp_backtrace_print_task(TaskHandle_t pxTask, int depth, bool panic);
-
 /**
  * @brief Set a watchpoint to break/panic when a certain memory range is accessed.
  * Superseded by esp_cpu_set_watchpoint in esp_cpu.h.

components/esp_system/port/arch/xtensa/debug_helpers.c

@@ -250,70 +250,3 @@ ipc_err:
 malloc_err:
     return ret;
 }
-
-esp_err_t esp_backtrace_print_task(TaskHandle_t pxTask, int depth, bool panic)
-{
-    esp_err_t ret = ESP_OK;
-    TaskSnapshot_t task_snapshot;
-    cur_task_backtrace_ctrl_t ctrl = {0};
-
-    // Suspend the scheduler to prevent task switching
-    vTaskSuspend(pxTask);
-
-    /*
-    Initialize backtracing for this core:
-
-    - Flush current core's register windows back onto current task's stack using esp_backtrace_get_start()
-    - Get starting frame for backtracing (starting frame is the caller of this function) using esp_backtrace_get_start()
-    - Save the starting frame details into the control block
-    */
-    BaseType_t core_id = xPortGetCoreID();  // Get core ID now that task switching is disabled
-    ctrl.cur_tasks[core_id].task_hdl = xTaskGetCurrentTaskHandle();
-    esp_backtrace_get_start(&ctrl.cur_tasks[core_id].starting_pc,
-                            &ctrl.cur_tasks[core_id].starting_sp,
-                            &ctrl.cur_tasks[core_id].next_pc);
-
-    vTaskGetSnapshot(pxTask, &task_snapshot);
-
-    // Print the backtrace of the task
-    bool cur_running = false;
-    TaskHandle_t task_hdl = (TaskHandle_t) task_snapshot.pxTCB;
-    esp_backtrace_frame_t stk_frame = {0};
-
-    // Check if the task is one of the currently running tasks
-    for (BaseType_t core_id = 0; core_id < configNUMBER_OF_CORES; core_id++) {
-        if (task_hdl == ctrl.cur_tasks[core_id].task_hdl) {
-            cur_running = true;
-            break;
-        }
-    }
-    // Initialize the starting backtrace frame of the task
-    if (cur_running) {
-        /*
-        Setting the starting backtrace frame for currently running tasks is different. We cannot
-        use the current frame of each running task as the starting frame (due to the possibility
-        of the SP changing). Thus, each currently running task will have initialized their callers
-        as the starting frame for backtracing, which is saved inside the
-        cur_task_backtrace_ctrl_t block.
-        */
-        stk_frame.pc = ctrl.cur_tasks[core_id].starting_pc;
-        stk_frame.sp = ctrl.cur_tasks[core_id].starting_sp;
-        stk_frame.next_pc = ctrl.cur_tasks[core_id].next_pc;
-    } else {
-        // Set the starting backtrace frame using the task's saved stack pointer
-        XtExcFrame* exc_frame = (XtExcFrame*) task_snapshot.pxTopOfStack;
-        stk_frame.pc = exc_frame->pc;
-        stk_frame.sp = exc_frame->a1;
-        stk_frame.next_pc = exc_frame->a0;
-    }
-    // Print backtrace
-    esp_err_t bt_ret = esp_backtrace_print_from_frame(depth, &stk_frame, panic);
-    if (bt_ret != ESP_OK) {
-        ret = bt_ret;
-    }
-
-    // Resume the scheduler to allow task switching again
-    vTaskResume(pxTask);
-
-    return ret;
-}

components/esp_system/task_wdt/task_wdt.c

@@ -819,10 +819,7 @@ esp_err_t esp_task_wdt_print_triggered_tasks(task_wdt_msg_handler msg_handler, v
                 msg_handler(opaque, name);
                 msg_handler(opaque, cpu);
             }
-
-            esp_backtrace_print_task(entry->task_handle, 100, true);
         }
     }
-
     return ESP_OK;
 }

components/lwip/include/apps/esp_sntp.h

@@ -49,11 +49,11 @@ extern "C" {
 #define esp_sntp_get_sync_interval sntp_get_sync_interval
 #define esp_sntp_restart sntp_restart
 
-#ifndef SNTP_OPMODE_POLL
+//#ifndef SNTP_OPMODE_POLL
 #define SNTP_OPMODE_POLL ESP_SNTP_OPMODE_POLL
-#else
-#warning "Defined!"
-#endif /* SNTP_OPMODE_POLL */
+//#else
+//#warning "Defined!"
+//#endif /* SNTP_OPMODE_POLL */
 
 /// SNTP time update mode
 typedef enum {
@@ -245,39 +245,39 @@ void esp_sntp_servermode_dhcp(bool enable);
  * @brief if not build within lwip, provide translating inlines,
  * that will warn about thread safety
  */
-static inline __attribute__((deprecated("use esp_sntp_setoperatingmode() instead")))
+inline __attribute__((deprecated("use esp_sntp_setoperatingmode() instead")))
 void sntp_setoperatingmode(u8_t operating_mode)
 {
     esp_sntp_setoperatingmode((esp_sntp_operatingmode_t)operating_mode);
 }
 
-static inline __attribute__((deprecated("use esp_sntp_servermode_dhcp() instead")))
+#if LWIP_DHCP_GET_NTP_SRV
+inline __attribute__((deprecated("use esp_sntp_servermode_dhcp() instead")))
 void sntp_servermode_dhcp(int set_servers_from_dhcp)
 {
-#if LWIP_DHCP_GET_NTP_SRV
     esp_sntp_servermode_dhcp(set_servers_from_dhcp);
-#endif
 }
+#endif
 
-static inline __attribute__((deprecated("use esp_sntp_setservername() instead")))
+inline __attribute__((deprecated("use esp_sntp_setservername() instead")))
 void sntp_setservername(u8_t idx, const char *server)
 {
     esp_sntp_setservername(idx, server);
 }
 
-static inline __attribute__((deprecated("use esp_sntp_init() instead")))
+inline __attribute__((deprecated("use esp_sntp_init() instead")))
 void sntp_init(void)
 {
     esp_sntp_init();
 }
 
-static inline __attribute__((deprecated("use esp_sntp_getservername() instead")))
+inline __attribute__((deprecated("use esp_sntp_getservername() instead")))
 const char *sntp_getservername(u8_t idx)
 {
     return esp_sntp_getservername(idx);
 }
 
-static inline __attribute__((deprecated("use esp_sntp_getserver() instead")))
+inline __attribute__((deprecated("use esp_sntp_getserver() instead")))
 const ip_addr_t* sntp_getserver(u8_t idx)
 {
     return esp_sntp_getserver(idx);

components/soc/esp32/register/soc/emac_ext_struct.h

@@ -11,7 +11,7 @@ extern "C" {
 
 #include <stdint.h>
 
-typedef struct emac_ext_dev_s {
+typedef volatile struct emac_ext_dev_s {
     volatile union {
         struct {
             uint32_t div_num : 4;

components/tcp_transport/include/esp_transport_ws.h

@@ -17,6 +17,11 @@ extern "C" {
 // Features supported
 #define ESP_TRANSPORT_WS_STORE_RESPONSE_HEADERS     1
 
+// this define will also be used for optimized websocket sends with the
+// optimized version to prepend the required space for the websocket
+// header
+#define MAX_WEBSOCKET_HEADER_SIZE   16
+
 typedef enum ws_transport_opcodes {
     WS_TRANSPORT_OPCODES_CONT =  0x00,
     WS_TRANSPORT_OPCODES_TEXT =  0x01,
@@ -157,6 +162,37 @@ esp_err_t esp_transport_ws_set_config(esp_transport_handle_t t, const esp_transp
  */
 int esp_transport_ws_send_raw(esp_transport_handle_t t, ws_transport_opcodes_t opcode, const char *b, int len, int timeout_ms);
 
+/**
+ * @brief               Sends websocket raw message with custom opcode and payload in a optimized way
+ *
+ * This method is similar to esp_transport_ws_send_raw(), but
+ * it assumes, that the first MAX_WEBSOCKET_HEADER_SIZE bytes
+ * of the buffer should not be sent and should rather be used
+ * for the required websocket header itself. This is done to
+ * have a single TCP packet for header and payload and to avoid
+ * copying and allocating additional resources. The first
+ * MAX_WEBSOCKET_HEADER_SIZE bytes should not be initialized in
+ * any specific way, and the return value (length) will also
+ * include the MAX_WEBSOCKET_HEADER_SIZE byte extra buffer.
+ *
+ * Note that generic esp_transport_write for ws handle sends
+ * binary massages by default if size is > 0 and
+ * ping message if message size is set to 0.
+ * This API is provided to support explicit messages with arbitrary opcode,
+ * should it be PING, PONG or TEXT message with arbitrary data.
+ *
+ * @param[in]  t           Websocket transport handle
+ * @param[in]  opcode      ws operation code
+ * @param[in]  buffer      The buffer
+ * @param[in]  len         The length
+ * @param[in]  timeout_ms  The timeout milliseconds (-1 indicates block forever)
+ *
+ * @return
+ *  - Number of bytes was written
+ *  - (-1) if there are any errors, should check errno
+ */
+int esp_transport_ws_send_raw_optimized(esp_transport_handle_t t, ws_transport_opcodes_t opcode, const char *b, int len, int timeout_ms);
+
 /**
  * @brief               Returns websocket fin flag for last received data
  *

components/tcp_transport/transport_ssl.c

@@ -249,7 +249,7 @@ static int tcp_write(esp_transport_handle_t t, const char *buffer, int len, int
         ESP_LOGW(TAG, "Poll timeout or error, errno=%s, fd=%d, timeout_ms=%d", strerror(errno), ssl->sockfd, timeout_ms);
         return poll;
     }
-    int ret = send(ssl->sockfd, (const unsigned char *) buffer, len, 0);
+    int ret = send(ssl->sockfd, (const unsigned char *) buffer, len, MSG_MORE);
     if (ret < 0) {
         ESP_LOGE(TAG, "tcp_write error, errno=%s", strerror(errno));
         esp_transport_capture_errno(t, errno);

components/tcp_transport/transport_ws.c

@@ -37,6 +37,7 @@ static const char *TAG = "transport_ws";
 #define WS_SIZE16                   126
 #define WS_SIZE64                   127
 #define MAX_WEBSOCKET_HEADER_SIZE   16
+#define WS_RESPONSE_OK              101
 #define WS_TRANSPORT_MAX_CONTROL_FRAME_BUFFER_LEN 125
 
 // HTTP status codes for redirection as described in RFC 9110.
@@ -449,6 +450,92 @@ static int _ws_write(esp_transport_handle_t t, int opcode, int mask_flag, const
     return ret;
 }
 
+// This method is similar to _ws_write() but it assumes, that the first 16 bytes of the buffer should not be sent and
+// should rather be used for the required websocket header itself. This is done to have a single TCP packet for header
+// and payload and to avoid copying and allocating additional resources. The first 16 bytes should not be initialized
+// in any specific way, and the return value (length) will also include the 16 byte extra buffer.
+static int _ws_write_optimized(esp_transport_handle_t t, int opcode, int mask_flag, const char *b, int len, int timeout_ms)
+{
+    assert(len >= MAX_WEBSOCKET_HEADER_SIZE);
+
+    transport_ws_t *ws = esp_transport_get_context_data(t);
+    char *buffer = (char *)b;
+    char *ws_header;
+//    char *mask;
+    int header_len = 0; //, i;
+
+    int poll_write;
+    if ((poll_write = esp_transport_poll_write(ws->parent, timeout_ms)) <= 0) {
+        ESP_LOGE(TAG, "Error transport_poll_write %i", poll_write);
+        return poll_write;
+    }
+
+    int len2 = len - MAX_WEBSOCKET_HEADER_SIZE;
+    if (len2 <= 125) {
+        ws_header = buffer+MAX_WEBSOCKET_HEADER_SIZE-2-4;
+        ws_header[header_len++] = opcode;
+        ws_header[header_len++] = (uint8_t)(len2 | mask_flag);
+    } else if (len2 < 65536) {
+        ws_header = buffer+MAX_WEBSOCKET_HEADER_SIZE-4-4;
+        ws_header[header_len++] = opcode;
+        ws_header[header_len++] = WS_SIZE16 | mask_flag;
+        ws_header[header_len++] = (uint8_t)(len2 >> 8);
+        ws_header[header_len++] = (uint8_t)(len2 & 0xFF);
+    } else {
+        ws_header = buffer+MAX_WEBSOCKET_HEADER_SIZE-10-4;
+        ws_header[header_len++] = opcode;
+        ws_header[header_len++] = WS_SIZE64 | mask_flag;
+        /* Support maximum 4 bytes length */
+        ws_header[header_len++] = 0; //(uint8_t)((len >> 56) & 0xFF);
+        ws_header[header_len++] = 0; //(uint8_t)((len >> 48) & 0xFF);
+        ws_header[header_len++] = 0; //(uint8_t)((len >> 40) & 0xFF);
+        ws_header[header_len++] = 0; //(uint8_t)((len >> 32) & 0xFF);
+        ws_header[header_len++] = (uint8_t)((len2 >> 24) & 0xFF);
+        ws_header[header_len++] = (uint8_t)((len2 >> 16) & 0xFF);
+        ws_header[header_len++] = (uint8_t)((len2 >> 8) & 0xFF);
+        ws_header[header_len++] = (uint8_t)((len2 >> 0) & 0xFF);
+    }
+
+    if (mask_flag) {
+        ws_header[header_len++] = 0;
+        ws_header[header_len++] = 0;
+        ws_header[header_len++] = 0;
+        ws_header[header_len++] = 0;
+//        mask = &ws_header[header_len];
+//        mask = 0;
+//        ssize_t rc;
+//        if ((rc = getrandom(ws_header + header_len, 4, 0)) < 0) {
+//            ESP_LOGD(TAG, "getrandom() returned %zd", rc);
+//            return -1;
+//        }
+//        header_len += 4;
+
+//        for (i = MAX_WEBSOCKET_HEADER_SIZE; i < len; ++i) {
+//            buffer[i] = (buffer[i] ^ mask[i % 4]);
+//        }
+    }
+
+//    if (esp_transport_write(ws->parent, ws_header, len - MAX_WEBSOCKET_HEADER_SIZE + header_len, timeout_ms) != header_len) {
+//        ESP_LOGE(TAG, "Error write header");
+//        return -1;
+//    }
+//    if (len == 0) {
+//        return 0;
+//    }
+
+    int ret = esp_transport_write(ws->parent, ws_header, len - MAX_WEBSOCKET_HEADER_SIZE + header_len, timeout_ms);
+//    ESP_LOGI(TAG, "len=%d header_len=%d total_size=%d sent=%d", len, header_len, len - MAX_WEBSOCKET_HEADER_SIZE + header_len, ret);
+    // in case of masked transport we have to revert back to the original data, as ws layer
+    // does not create its own copy of data to be sent
+    if (mask_flag) {
+//        mask = &ws_header[header_len - 4];
+//        for (i = 0; i < len; ++i) {
+//            buffer[i] = (buffer[i] ^ mask[i % 4]);
+//        }
+    }
+    return ret + (ws_header - buffer);
+}
+
 int esp_transport_ws_send_raw(esp_transport_handle_t t, ws_transport_opcodes_t opcode, const char *b, int len, int timeout_ms)
 {
     uint8_t op_code = ws_get_bin_opcode(opcode);
@@ -460,6 +547,17 @@ int esp_transport_ws_send_raw(esp_transport_handle_t t, ws_transport_opcodes_t o
     return _ws_write(t, op_code, WS_MASK, b, len, timeout_ms);
 }
 
+int esp_transport_ws_send_raw_optimized(esp_transport_handle_t t, ws_transport_opcodes_t opcode, const char *b, int len, int timeout_ms)
+{
+    uint8_t op_code = ws_get_bin_opcode(opcode);
+    if (t == NULL) {
+        ESP_LOGE(TAG, "Transport must be a valid ws handle");
+        return ESP_ERR_INVALID_ARG;
+    }
+    ESP_LOGD(TAG, "Sending raw ws message with opcode %d", op_code);
+    return _ws_write_optimized(t, op_code, WS_MASK, b, len, timeout_ms);
+}
+
 static int ws_write(esp_transport_handle_t t, const char *b, int len, int timeout_ms)
 {
     if (len == 0) {