aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* util.pubsub: Signal that 'persistent-items' is unsupported when disabledKim Alvefur2021-07-223-5/+7
| | | | | | XEP-0060 says that this the way to indicate that 'persistent-items' is unsupported, but doesn't explicitly say if it being disabled in the node configuration also counts as unsupported.
* mod_pep: Remove use of RLU cache when persist_items was set to falseKim Alvefur2021-07-211-8/+3
| | | | | | | | This behavior came from some confusion over the meaning of persist_items. The correct behavior is that items are only stored when it is set to true. When set to false, the service becomes a "pure" publish-subscribe service, where items are forgotten immediately after broadcasting.
* util.pubsub: Fix behavior of persist_items disabledKim Alvefur2021-07-222-7/+41
| | | | | | | | | | | | | When set to 'false' there is no need for a persistence interface at all, since items are not persisted after being broadcast. Had started wondering if maybe the behavior was wrong, after reading parts of XEP-0060 that pointed in that direction. Some discussion of this can be found in logs of xmpp:xsf@muc.xmpp.org?join from around 2021-07-20 Thanks to Ralph for confirming.
* mod_pubsub: Explicitly enable persistence by default to preserve behaviorKim Alvefur2021-07-213-2/+5
| | | | | | Since nodes were always persistent according to the XEP-0060 definition. Whether data is stored in memory or on disk was not what this setting was meant for.
* util.pubsub: Handle absence of node data interfaceKim Alvefur2021-07-211-17/+32
| | | | | | | | This is in preparation for fixing the behavior of 'persist_items', which was misunderstood at some point. In mod_pep it toggles between persistent storage and in-memory storage, while the correct behavior would be to toggle whether published items are stored at all or forgotten after being broadcast.
* mod_pubsub: Remove publisher field when not exposing publisherKim Alvefur2021-07-251-1/+3
| | | | | The publisher is already there on the item when the broadcaster gets it, so it needs to do the opposite thing.
* mod_pubsub: Normalize 'publisher' JIDKim Alvefur2021-07-251-2/+2
| | | | | | | | | | | | | All the XEP-0060 examples have the publisher attribute set to a bare JID, but the text does allow it to be the full JID. Since mod_pubsub is more likely used for open nodes that anyone can subscribe to it makes sense to not leak the full JIDs. This is also disabled by defaults. In mod_pep on the other hand it might make sense to have the full JID since that data is more likely to be broadcast to contacts which are already somewhat trusted.
* scansion tests: Enable 'expose_publisher' since we test for itKim Alvefur2021-07-251-0/+1
|
* mod_pubsub: Respect 'expose publisher' setting in item retrievalKim Alvefur2021-07-252-1/+9
|
* mod_pubsub: Fix inclusion of publisher (fixes #1399)Kim Alvefur2019-05-016-17/+20
|
* Merge 0.11->trunkKim Alvefur2021-07-232-58/+84
|\
| * MUC: Fix logic for access to affiliation lists0.11.10Kim Alvefur2021-07-222-58/+84
| | | | | | | | | | | | Fixes https://prosody.im/security/advisory_20210722/ Backs out 4d7b925652d9
* | MUC: Skip adding to history when it's set to zeroKim Alvefur2021-07-191-0/+4
| | | | | | | | | | Optimizes away all the processing on every message in case the end-result is zero history.
* | net.resolvers.service: Only do DANE with secure SRV recordsKim Alvefur2021-07-181-0/+4
| | | | | | | | | | | | If this seems backwards, that' because it is but the API isn't really designed to easily pass along details from each resolution step onto the next.
* | core.certmanager: Support 'use_dane' setting to enable DANE supportKim Alvefur2021-07-181-0/+2
| | | | | | | | | | | | Removes the need to enable DANE with two separate settings. Previously you had to also set `ssl = { dane = true }` to activate DANE support in LuaSec and OpenSSL.
* | Revert 926d53af9a7a: Restore DANE supportKim Alvefur2021-07-182-4/+6
| | | | | | | | | | Previous commit adds a workaround, so this doesn't mutate global state anymore, only per-connection 'extra' state as originally intended.
* | mod_s2s: Clone 'extra' data to let resolvers add more to itKim Alvefur2021-07-181-1/+5
| | | | | | | | | | | | | | This way 'extra' is unique for each connect() instance, making it safer to mutate it, while inheriting the global settings. See 926d53af9a7a for some more context.
* | editorconfig: We use tabsKim Alvefur2021-07-181-0/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | This lets various supporting editors know what indentation style should be used for files in the repo. See https://editorconfig.org/ Coding style for Lua files is described in `doc/coding_style.md` The 3-space indentation in `configure` comes from its LuaRocks inheritance. `doc/doap.xml` is normalized with `xmllint` which spits out 2-space indentation.
* | mod_s2s: Handle measurement where the local host is unknownKim Alvefur2021-07-181-1/+1
| | | | | | | | | | This could happen with Dialback-only connections or others that were missing the stream 'to' attribute.
* | mod_s2s: Guard against missing 'to' on incoming streamKim Alvefur2021-07-181-1/+1
| | | | | | | | | | | | | | | | | | | | Given an incoming <stream:stream from="example.com"> this line would have mistakenly reported the 'from' as the local host. Neither are technically required and may be missing, especially on connections used only for Dialback. Outgoing connections initiated by Prosody always have 'from_host' and 'to_host', so it is safer to check it this way.
* | net.server_epoll: Fix traceback-causing typoKim Alvefur2021-07-181-1/+1
| | | | | | | | | | | | | | Caused "attempt to index a string value (local 'data')", but only if keep_buffers is set to false, which is not the default. Introduced in 917eca7be82b
* | net.server_epoll: Ensure timeouts match epoll flagsKim Alvefur2021-07-171-0/+6
| | | | | | | | | | Read and write timeouts should usually match whether we want to read or write.
* | net.server_epoll: Skip reset of read timeout when not readingKim Alvefur2021-07-171-1/+2
| | | | | | | | Should avoid rare but needless timer interactions
* | net.server_epoll: Reduce timer churn during TLS handshakeKim Alvefur2021-07-171-1/+1
| | | | | | | | | | Instead of removing and readding the timer, keep it and adjust it instead. Should reduce garbage production a bit.
* | net.server_epoll: Use only fatal "write" timeout during TLS negotiationKim Alvefur2021-07-161-3/+3
| | | | | | | | | | | | | | Only real difference between the read and write timeouts is that the former has a callback that allows the higher levels to keep the connection alive, while hitting the later is immediately fatal. We want the later behavior for TLS negotiation.
* | net.server_epoll: Optimize concatenation of exactly 2 buffer chunksKim Alvefur2021-07-161-1/+3
| | | | | | | | | | | | Saves a function call. I forget if I measured this kind of thing but IIRC infix concatenation is faster than a function call up to some number of items, but let's stop at 2 here.
* | net.server_epoll: Avoid allocating a buffer table for single writesKim Alvefur2021-07-161-11/+20
| | | | | | | | | | | | | | writebuffer is now string | { string } Saves the allocation of a buffer table until the second write, which could be rare, especially with opportunistic writes.
* | net.server_epoll: Optionally let go of buffersKim Alvefur2021-07-161-5/+17
| | | | | | | | | | Reusing an already existing buffer table would reduce garbage, but keeping it while idle is a waste.
* | net.server_epoll: Propagate returns from opportunistic writesKim Alvefur2021-07-161-3/+4
| | | | | | | | | | So that if a write ends up writing directly to the socket, it gets the actual return value
* | net.server_epoll: Set minimum wait time to 1ms, matching epollKim Alvefur2021-07-151-1/+1
| | | | | | | | | | | | | | | | | | | | A timeout value less than 0.001 gets turned into zero on the C side, so epoll_wait() returns instantly and essentially busy-loops up to 1ms, e.g. when a timer event ends up scheduled (0, 0.001)ms into the future. Unsure if this has much effect in practice, but it may waste a small amount of CPU time. How much would depend on how often this ends up happening and how fast the CPU gets trough main loop iterations.
* | prosodyctl: Add a note about checking the order of listed commandsKim Alvefur2021-07-151-1/+1
| | | | | | | | Should Plugin really be first? What order makes the most sense?
* | prosodyctl: Add cert to command listingKim Alvefur2021-07-151-1/+3
| | | | | | | | | | This hides a whole bunch of subcommands tho, maybe those should be explicitly listed?
* | prosodyctl: Add 'shell' to command listingKim Alvefur2021-07-151-1/+2
| |
* | prosodyctl: Add 'check' to command listing (fixes #1622)Kim Alvefur2021-05-301-0/+10
| | | | | | | | | | Along with infrastructure for the other commands that live in external modules.
* | net.server_epoll: Add setting for disabling the Nagle algorithmKim Alvefur2021-07-141-0/+6
| | | | | | | | Nagle increases latency and is the bane of all networking!
* | net.server_epoll: Support setting keepalive idle timeKim Alvefur2021-07-141-0/+3
| | | | | | | | | | | | | | Activated by setting config.tcp_keepalive to a number, in seconds. Defaults to 2h. Depends on LuaSocket support for this option.
* | net.server_epoll: Add way to enable TCP keeplives on all connectionsKim Alvefur2021-07-141-1/+6
| | | | | | | | | | | | In case one wishes to enable this for all connections, not just c2s (not Direct TLS ones, because LuaSec) and s2s. Unclear what use these are, since they kick in after 2 hours of idle time.
* | net.server_epoll: Add an (empty) method for setting socket optionsKim Alvefur2021-07-141-0/+6
| |
* | net.server_epoll: Log failures to set socket optionsKim Alvefur2021-07-141-2/+8
| | | | | | | | | | | | | | | | | | Good to know if it fails, especially since the return value doesn't seem to be checked anywhere. Since LuaSec-wrapped sockets don't expose the setoption method, this will likely show when mod_c2s tries to enable keepalives on direct tls connections.
* | mod_s2s: Don't close connections on reloadKim Alvefur2021-07-141-0/+1
| |
* | mod_s2s: Close connections attached to a host being deactivatedKim Alvefur2021-07-141-0/+8
| | | | | | | | | | | | Couldn't use those with the host being deactivated. Problem: This kicks in on reload, which isn't needed.
* | mod_s2s: Vary log level by remote stream errorKim Alvefur2021-07-141-1/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | Increases log level for stream conditions that could indicate a problem on our end, especially programming errors like invalid XML, or the remote server saying that our certificate is invalid, since these should be investigated. Non-issues like closing of idle streams are lowered to debug since it's mostly noise. Other issues left at info are mostly about changes to the remote server, e.g. complete or partial shutdown.
* | tools/jabberd14sql2prosody: Tweak wording in commentsKim Alvefur2021-07-131-2/+2
| |
* | tools/xep227toprosody: Tweak wording in commentsKim Alvefur2021-07-131-2/+2
| |
* | mod_dialback: Tweak wording in a commentKim Alvefur2021-07-131-1/+1
| |
* | mod_s2s: Remove connection timeout once it's no longer neededKim Alvefur2021-07-131-1/+12
| | | | | | | | | | | | Reduces the number of left-over timers to handle after many s2s connections were started, leaving only the ones related to incomplete connections.
* | net.server_epoll: Call onconnect immediately after TLS handshake completionKim Alvefur2021-07-131-1/+2
| | | | | | | | | | | | Skips a roundtrip through the main loop in case client-first data is available already, if not then :onreadable() will set the appropriate timeout.
* | net.server_epoll: Refactor immediate TLS handshake startKim Alvefur2021-07-131-6/+5
| |
* | net.server_epoll: Keep socket registered in epoll trough TLS wrappingKim Alvefur2021-07-131-2/+1
| | | | | | | | | | There's the theory that the socket isn't the same before/after wrap(), but since epoll operates on FD numbers this shouldn't matter.
* | net.server_epoll: Use TLS handshake timeout after initiating handshakeKim Alvefur2021-07-131-1/+3
| | | | | | | | The :init() method sets a different timeout than the TLS related methods.