| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes #1757
These places seem to have been left since e62025f949f9
The logic around expected_h in should_ack() misbehaved, always comparing
with 0 + unacked instead of acked + unacked.
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| | |
This is now done in net.unbound itself
Turning it back on in the config may still cause the problem of entries
there masking the DNS values.
|
| | |
| |
| |
| | |
For consistency and easier correlation of session events.
|
| | |
| |
| |
| |
| | |
Those lines are long and the risk of mistakes if another one needs to be
added seems high, but lower when factored out like this.
|
| | |
| |
| |
| | |
Tells you if you make a typo like "gropchat" or so
|
| | |
| |
| |
| | |
Gets you nice error messages if you make a typo in with error_reply()
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is a Linux(?) socket option that delays the accept signal until
there is data available to read. E.g. with HTTP this might mean that a
whole request can be handled without going back trough another turn of
the main loop, and an initial client <stream> can be responded to.
This may have effects on latency and resource use, as the server does
not need to allocate resources until really needed.
|
| | |
| |
| |
| |
| | |
Since it provides some protection and error handling in the form of
logging.
|
| | |
| |
| |
| | |
Reduces the side effects of wrapsocket()
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Requires a patch to LuaSocket adding this socket option,
https://github.com/lunarmodules/luasocket/pull/378
sysctl tweaks
net.ipv4.tcp_fastopen=3
net.ipv4.tcp_fastopen_blackhole_timeout_sec = 0
net.ipv4.tcp_fastopen_key=$(</proc/sys/kernel/random/uuid)
Disabled by default since it an advanced performance tweak unlikely to
be needed by most servers.
|
| |\| |
|
| | |
| |
| |
| | |
This error is an error, therefore it should be at the error level
|
| | |
| |
| |
| |
| | |
This mirrors the behaviour with net.dns and avoids the initialization
issue in #1737
|
| |\| |
|
| | |
| |
| |
| |
| |
| | |
Answers my recurring question of
> Using cert "certs/example.com.crt" from index
... for what?
|
| |\| |
|
| | |
| |
| |
| |
| |
| | |
Due to the dummy statistics provider (see core.statsmanager line 250)
having a metatable that allows infinite indexing where everything is
always the same table, which end up in suf() in the concatenation line.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Setting the .smacks field enables code paths that expects the queue to
be present. The queue is initialized in wrap_session_out(). With
opportunistic writes enabled this happens immediately on .sends2s(), so
the sending <enable> must happen before OR after these two lines, not in
the middle.
|
| | |
| |
| |
| |
| | |
This previously was considered an error because the module API Teal spec
did not document a return value from module:add_timer()
|
| | |
| |
| |
| | |
Since it's used in mod_cron
|
| |\| |
|
| | | |
|
| | | |
|
| | | |
|
| |\| |
|
| | |
| |
| |
| |
| |
| | |
Fixes #1753
Not known to be used anywhere
|
| | |
| |
| |
| | |
Example values from RFC 6901
|
| | |
| |
| |
| |
| |
| | |
This would mainly be error stanzas.
Good to have some trace of when handling of them are finished.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The check for the type attr was lost in 11765f0605ec leading to attempts
to create error replies for error stanzas, which util.stanza rejects.
Tested by sending
<message to="reject.badxmpp.eu" type="error"><error/></message>
which produced a traceback previously.
|
| |\| |
|
| | |
| |
| |
| | |
Fixes #1752
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| | |
The type checks, they do nothing!
Observed: Tasks that were supposed to run weekly or daily were running
each hour.
|
| | |
| |
| |
| |
| | |
Rationale: It seems unlikely that someone who has not configured any
TURN service runs 'prosodyctl check turn' expecting this to be okay.
|
| | |
| |
| |
| |
| | |
server_select is used in e.g. storagemanager tests, and some of the CI
runners are lacking LuaSec, which resulted in failures.
|
| | |
| |
| |
| |
| |
| | |
We at some point decided that it was okay to have a hard dependency the
TLS library. Especially here since this module is meant to contain all
LuaSec specifics.
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The 'global' property should reflect whether the module API instance
represents the global context or a VirtualHost or Component context.
However the module:context() method did not override this, leading the
property of the previous module shining trough, leading to bugs in code
relying on the 'global' property.
See also #1736
|
| | |
| |
| |
| | |
In case the network backend needs it for outgoing SNI or something.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This may be necessary if the session.conn object is not exchanged by the
network backend when establishing TLS. In that case, the starttls method
will always exist and thus that is not a good indicator for offering
TLS.
However, the secure bit already tells us that TLS has been established
or is not to be established on the connection, so we use that instead.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This now requires that the network backend exposes a tls_builder
function, which essentially wraps the former util.sslconfig.new()
function, passing a factory to create the eventual SSL context.
That allows a net.server backend to pick whatever it likes as SSL
context factory, as long as it understands the config table passed by
the SSL config builder. Heck, a backend could even mock and replace the
entire SSL config builder API.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For this, various accessor functions are now provided directly on the
sockets, which reach down into the LuaSec implementation to obtain the
information.
While this may seem of little gain at first, it hides the implementation
detail of the LuaSec+LuaSocket combination that the actual socket and
the TLS layer are separate objects.
The net gain here is that an alternative implementation does not have to
emulate that specific implementation detail and "only" has to expose
LuaSec-compatible data structures on the new functions.
|
| |\| |
|
| | |
| |
| |
| |
| |
| | |
The second return value is (not insensibly) assumed to be an error. Instead of
returning a value there in the success case, copy the positional arguments
into the existing opts table.
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
convenience
This is the same as the input table (which is mutated during processing), but
if that table was created on the fly, such as by packing `...` it's convenient
if it also gets returned from the parse function.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This change ensures we have positively verified the certificates of the server
we are connecting to before marking the session as authenticated. It protects
against situations where the verify-or-close stage of the connection was
interrupted (e.g. due to an uncaught error).
Thanks to Zash for discovery and testing.
|
