aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Merge 0.11->trunkKim Alvefur2021-07-232-58/+84
|\
| * MUC: Fix logic for access to affiliation lists0.11.10Kim Alvefur2021-07-222-58/+84
| | | | | | | | | | | | Fixes https://prosody.im/security/advisory_20210722/ Backs out 4d7b925652d9
* | MUC: Skip adding to history when it's set to zeroKim Alvefur2021-07-191-0/+4
| | | | | | | | | | Optimizes away all the processing on every message in case the end-result is zero history.
* | net.resolvers.service: Only do DANE with secure SRV recordsKim Alvefur2021-07-181-0/+4
| | | | | | | | | | | | If this seems backwards, that' because it is but the API isn't really designed to easily pass along details from each resolution step onto the next.
* | core.certmanager: Support 'use_dane' setting to enable DANE supportKim Alvefur2021-07-181-0/+2
| | | | | | | | | | | | Removes the need to enable DANE with two separate settings. Previously you had to also set `ssl = { dane = true }` to activate DANE support in LuaSec and OpenSSL.
* | Revert 926d53af9a7a: Restore DANE supportKim Alvefur2021-07-182-4/+6
| | | | | | | | | | Previous commit adds a workaround, so this doesn't mutate global state anymore, only per-connection 'extra' state as originally intended.
* | mod_s2s: Clone 'extra' data to let resolvers add more to itKim Alvefur2021-07-181-1/+5
| | | | | | | | | | | | | | This way 'extra' is unique for each connect() instance, making it safer to mutate it, while inheriting the global settings. See 926d53af9a7a for some more context.
* | editorconfig: We use tabsKim Alvefur2021-07-181-0/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | This lets various supporting editors know what indentation style should be used for files in the repo. See https://editorconfig.org/ Coding style for Lua files is described in `doc/coding_style.md` The 3-space indentation in `configure` comes from its LuaRocks inheritance. `doc/doap.xml` is normalized with `xmllint` which spits out 2-space indentation.
* | mod_s2s: Handle measurement where the local host is unknownKim Alvefur2021-07-181-1/+1
| | | | | | | | | | This could happen with Dialback-only connections or others that were missing the stream 'to' attribute.
* | mod_s2s: Guard against missing 'to' on incoming streamKim Alvefur2021-07-181-1/+1
| | | | | | | | | | | | | | | | | | | | Given an incoming <stream:stream from="example.com"> this line would have mistakenly reported the 'from' as the local host. Neither are technically required and may be missing, especially on connections used only for Dialback. Outgoing connections initiated by Prosody always have 'from_host' and 'to_host', so it is safer to check it this way.
* | net.server_epoll: Fix traceback-causing typoKim Alvefur2021-07-181-1/+1
| | | | | | | | | | | | | | Caused "attempt to index a string value (local 'data')", but only if keep_buffers is set to false, which is not the default. Introduced in 917eca7be82b
* | net.server_epoll: Ensure timeouts match epoll flagsKim Alvefur2021-07-171-0/+6
| | | | | | | | | | Read and write timeouts should usually match whether we want to read or write.
* | net.server_epoll: Skip reset of read timeout when not readingKim Alvefur2021-07-171-1/+2
| | | | | | | | Should avoid rare but needless timer interactions
* | net.server_epoll: Reduce timer churn during TLS handshakeKim Alvefur2021-07-171-1/+1
| | | | | | | | | | Instead of removing and readding the timer, keep it and adjust it instead. Should reduce garbage production a bit.
* | net.server_epoll: Use only fatal "write" timeout during TLS negotiationKim Alvefur2021-07-161-3/+3
| | | | | | | | | | | | | | Only real difference between the read and write timeouts is that the former has a callback that allows the higher levels to keep the connection alive, while hitting the later is immediately fatal. We want the later behavior for TLS negotiation.
* | net.server_epoll: Optimize concatenation of exactly 2 buffer chunksKim Alvefur2021-07-161-1/+3
| | | | | | | | | | | | Saves a function call. I forget if I measured this kind of thing but IIRC infix concatenation is faster than a function call up to some number of items, but let's stop at 2 here.
* | net.server_epoll: Avoid allocating a buffer table for single writesKim Alvefur2021-07-161-11/+20
| | | | | | | | | | | | | | writebuffer is now string | { string } Saves the allocation of a buffer table until the second write, which could be rare, especially with opportunistic writes.
* | net.server_epoll: Optionally let go of buffersKim Alvefur2021-07-161-5/+17
| | | | | | | | | | Reusing an already existing buffer table would reduce garbage, but keeping it while idle is a waste.
* | net.server_epoll: Propagate returns from opportunistic writesKim Alvefur2021-07-161-3/+4
| | | | | | | | | | So that if a write ends up writing directly to the socket, it gets the actual return value
* | net.server_epoll: Set minimum wait time to 1ms, matching epollKim Alvefur2021-07-151-1/+1
| | | | | | | | | | | | | | | | | | | | A timeout value less than 0.001 gets turned into zero on the C side, so epoll_wait() returns instantly and essentially busy-loops up to 1ms, e.g. when a timer event ends up scheduled (0, 0.001)ms into the future. Unsure if this has much effect in practice, but it may waste a small amount of CPU time. How much would depend on how often this ends up happening and how fast the CPU gets trough main loop iterations.
* | prosodyctl: Add a note about checking the order of listed commandsKim Alvefur2021-07-151-1/+1
| | | | | | | | Should Plugin really be first? What order makes the most sense?
* | prosodyctl: Add cert to command listingKim Alvefur2021-07-151-1/+3
| | | | | | | | | | This hides a whole bunch of subcommands tho, maybe those should be explicitly listed?
* | prosodyctl: Add 'shell' to command listingKim Alvefur2021-07-151-1/+2
| |
* | prosodyctl: Add 'check' to command listing (fixes #1622)Kim Alvefur2021-05-301-0/+10
| | | | | | | | | | Along with infrastructure for the other commands that live in external modules.
* | net.server_epoll: Add setting for disabling the Nagle algorithmKim Alvefur2021-07-141-0/+6
| | | | | | | | Nagle increases latency and is the bane of all networking!
* | net.server_epoll: Support setting keepalive idle timeKim Alvefur2021-07-141-0/+3
| | | | | | | | | | | | | | Activated by setting config.tcp_keepalive to a number, in seconds. Defaults to 2h. Depends on LuaSocket support for this option.
* | net.server_epoll: Add way to enable TCP keeplives on all connectionsKim Alvefur2021-07-141-1/+6
| | | | | | | | | | | | In case one wishes to enable this for all connections, not just c2s (not Direct TLS ones, because LuaSec) and s2s. Unclear what use these are, since they kick in after 2 hours of idle time.
* | net.server_epoll: Add an (empty) method for setting socket optionsKim Alvefur2021-07-141-0/+6
| |
* | net.server_epoll: Log failures to set socket optionsKim Alvefur2021-07-141-2/+8
| | | | | | | | | | | | | | | | | | Good to know if it fails, especially since the return value doesn't seem to be checked anywhere. Since LuaSec-wrapped sockets don't expose the setoption method, this will likely show when mod_c2s tries to enable keepalives on direct tls connections.
* | mod_s2s: Don't close connections on reloadKim Alvefur2021-07-141-0/+1
| |
* | mod_s2s: Close connections attached to a host being deactivatedKim Alvefur2021-07-141-0/+8
| | | | | | | | | | | | Couldn't use those with the host being deactivated. Problem: This kicks in on reload, which isn't needed.
* | mod_s2s: Vary log level by remote stream errorKim Alvefur2021-07-141-1/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | Increases log level for stream conditions that could indicate a problem on our end, especially programming errors like invalid XML, or the remote server saying that our certificate is invalid, since these should be investigated. Non-issues like closing of idle streams are lowered to debug since it's mostly noise. Other issues left at info are mostly about changes to the remote server, e.g. complete or partial shutdown.
* | tools/jabberd14sql2prosody: Tweak wording in commentsKim Alvefur2021-07-131-2/+2
| |
* | tools/xep227toprosody: Tweak wording in commentsKim Alvefur2021-07-131-2/+2
| |
* | mod_dialback: Tweak wording in a commentKim Alvefur2021-07-131-1/+1
| |
* | mod_s2s: Remove connection timeout once it's no longer neededKim Alvefur2021-07-131-1/+12
| | | | | | | | | | | | Reduces the number of left-over timers to handle after many s2s connections were started, leaving only the ones related to incomplete connections.
* | net.server_epoll: Call onconnect immediately after TLS handshake completionKim Alvefur2021-07-131-1/+2
| | | | | | | | | | | | Skips a roundtrip through the main loop in case client-first data is available already, if not then :onreadable() will set the appropriate timeout.
* | net.server_epoll: Refactor immediate TLS handshake startKim Alvefur2021-07-131-6/+5
| |
* | net.server_epoll: Keep socket registered in epoll trough TLS wrappingKim Alvefur2021-07-131-2/+1
| | | | | | | | | | There's the theory that the socket isn't the same before/after wrap(), but since epoll operates on FD numbers this shouldn't matter.
* | net.server_epoll: Use TLS handshake timeout after initiating handshakeKim Alvefur2021-07-131-1/+3
| | | | | | | | The :init() method sets a different timeout than the TLS related methods.
* | net.server_epoll: Start TLS handshake immediately on newly accepted connectionsKim Alvefur2021-07-131-0/+1
| | | | | | | | | | | | Since TLS is a client-first protocol there is a chance that the ClientHello message is available already. TLS Fast Open and/or the TCP_DEFER_ACCEPT socket option would increase that chance.
* | net.server_epoll: Factor out TLS initialization into a methodKim Alvefur2021-07-131-45/+51
| | | | | | | | | | | | | | | | | | | | | | So there's :startls(), :inittls() and :tlshandshake() :starttls() prepares for plain -> TLS upgrade and ensures that the (unencrypted) write buffer is drained before proceeding. :inittls() wraps the connection and does things like SNI, DANE etc. :tlshandshake() steps the TLS negotiation forward until it completes
* | net.server_epoll: Fix typoKim Alvefur2021-07-131-1/+1
| |
* | mod_s2s: Log debug message on attempted close of an connectionless sessionKim Alvefur2021-07-111-0/+1
| | | | | | | | | | | | This should probably never happen, but probably does anyways. A debug message would show the truth of the matter.
* | mod_s2s: Drop level of indentation by inverting a condition and early returnKim Alvefur2021-07-111-59/+61
| | | | | | | | | | Nicer to get rid of a conditional that covers such a large portion of a pretty big function.
* | mod_s2s: Use module API to fire eventsKim Alvefur2021-07-111-9/+8
| | | | | | | | | | These direct accesses are probably more optimized, but weird when the module API has methods for these things.
* | scansion tests: Allow specifying network settings via environment variableKim Alvefur2021-07-111-2/+1
| | | | | | | | | | | | | | Allows testing e.g. opportunistic writes or other settings easily in CI or otherwise without editing the config file. make integration-test PROSODY_NETWORK_SETTINGS='{"opportunistic_writes":true}'
* | scansion tests: Allow specifying network backend via environment variableKim Alvefur2021-07-111-1/+1
| | | | | | | | | | | | | | To make it easier to test select and event without having to edit the config file, e.g. in CI. make integration-test PROSODY_NETWORK_BACKEND=event
* | net.server_epoll: Prevent stack overflow of opportunistic writesKim Alvefur2021-07-111-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | net.http.files serving a big enough file on a fast enough connection with opportunistic_writes enabled could trigger a stack overflow through repeatedly serving more data that immediately gets sent, draining the buffer and triggering more data to be sent. This also blocked the server on a single task until completion or an error. This change prevents nested opportunistic writes, which should prevent the stack overflow, at the cost of reduced download speed, but this is unlikely to be noticeable outside of Gbit networks. Speed at the cost of blocking other processing is not worth it, especially with the risk of stack overflow.
* | mod_http_errors: Set status code 200 from root pageKim Alvefur2021-07-091-0/+1
| | | | | | | | It isn't quite an error.