aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* | tools/jabberd14sql2prosody: Tweak wording in commentsKim Alvefur2021-07-131-2/+2
| |
* | tools/xep227toprosody: Tweak wording in commentsKim Alvefur2021-07-131-2/+2
| |
* | mod_dialback: Tweak wording in a commentKim Alvefur2021-07-131-1/+1
| |
* | mod_s2s: Remove connection timeout once it's no longer neededKim Alvefur2021-07-131-1/+12
| | | | | | | | | | | | Reduces the number of left-over timers to handle after many s2s connections were started, leaving only the ones related to incomplete connections.
* | net.server_epoll: Call onconnect immediately after TLS handshake completionKim Alvefur2021-07-131-1/+2
| | | | | | | | | | | | Skips a roundtrip through the main loop in case client-first data is available already, if not then :onreadable() will set the appropriate timeout.
* | net.server_epoll: Refactor immediate TLS handshake startKim Alvefur2021-07-131-6/+5
| |
* | net.server_epoll: Keep socket registered in epoll trough TLS wrappingKim Alvefur2021-07-131-2/+1
| | | | | | | | | | There's the theory that the socket isn't the same before/after wrap(), but since epoll operates on FD numbers this shouldn't matter.
* | net.server_epoll: Use TLS handshake timeout after initiating handshakeKim Alvefur2021-07-131-1/+3
| | | | | | | | The :init() method sets a different timeout than the TLS related methods.
* | net.server_epoll: Start TLS handshake immediately on newly accepted connectionsKim Alvefur2021-07-131-0/+1
| | | | | | | | | | | | Since TLS is a client-first protocol there is a chance that the ClientHello message is available already. TLS Fast Open and/or the TCP_DEFER_ACCEPT socket option would increase that chance.
* | net.server_epoll: Factor out TLS initialization into a methodKim Alvefur2021-07-131-45/+51
| | | | | | | | | | | | | | | | | | | | | | So there's :startls(), :inittls() and :tlshandshake() :starttls() prepares for plain -> TLS upgrade and ensures that the (unencrypted) write buffer is drained before proceeding. :inittls() wraps the connection and does things like SNI, DANE etc. :tlshandshake() steps the TLS negotiation forward until it completes
* | net.server_epoll: Fix typoKim Alvefur2021-07-131-1/+1
| |
* | mod_s2s: Log debug message on attempted close of an connectionless sessionKim Alvefur2021-07-111-0/+1
| | | | | | | | | | | | This should probably never happen, but probably does anyways. A debug message would show the truth of the matter.
* | mod_s2s: Drop level of indentation by inverting a condition and early returnKim Alvefur2021-07-111-59/+61
| | | | | | | | | | Nicer to get rid of a conditional that covers such a large portion of a pretty big function.
* | mod_s2s: Use module API to fire eventsKim Alvefur2021-07-111-9/+8
| | | | | | | | | | These direct accesses are probably more optimized, but weird when the module API has methods for these things.
* | scansion tests: Allow specifying network settings via environment variableKim Alvefur2021-07-111-2/+1
| | | | | | | | | | | | | | Allows testing e.g. opportunistic writes or other settings easily in CI or otherwise without editing the config file. make integration-test PROSODY_NETWORK_SETTINGS='{"opportunistic_writes":true}'
* | scansion tests: Allow specifying network backend via environment variableKim Alvefur2021-07-111-1/+1
| | | | | | | | | | | | | | To make it easier to test select and event without having to edit the config file, e.g. in CI. make integration-test PROSODY_NETWORK_BACKEND=event
* | net.server_epoll: Prevent stack overflow of opportunistic writesKim Alvefur2021-07-111-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | net.http.files serving a big enough file on a fast enough connection with opportunistic_writes enabled could trigger a stack overflow through repeatedly serving more data that immediately gets sent, draining the buffer and triggering more data to be sent. This also blocked the server on a single task until completion or an error. This change prevents nested opportunistic writes, which should prevent the stack overflow, at the cost of reduced download speed, but this is unlikely to be noticeable outside of Gbit networks. Speed at the cost of blocking other processing is not worth it, especially with the risk of stack overflow.
* | mod_http_errors: Set status code 200 from root pageKim Alvefur2021-07-091-0/+1
| | | | | | | | It isn't quite an error.
* | mod_http_errors: Add a Prosody logo to root pageKim Alvefur2021-07-091-0/+10
| |
* | mod_http_errors: Allow adding icons on error pagesKim Alvefur2021-07-091-1/+1
| |
* | net.http: Send entire HTTP request header as one writeKim Alvefur2021-07-081-5/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When opportunistic writes are enabled this reduces the number of syscalls and TCP packets sent on the wire. Experiments with TCP Fast Open made this even more obvious. That table trick probably wasn't as efficient. Lua generates bytecode for a table with zero array slots and space for two entries in the hash part, plus code to set [2] and [4]. I didn't verify but I suspect it would have had to resize the table when setting [1] and [3], although probably only once. Concatenating the strings directly in Lua is easier to read and involves no extra table or function call.
* | net.server_epoll: Immediately attempt to read from newly accepted connectionsKim Alvefur2021-07-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | This may speed up client-first protocols (e.g. XMPP, HTTP and TLS) when the first client data already arrived by the time we accept() it. If LuaSocket supported TCP_DEFER_ACCEPT we could use that to further increase the chance that there's already data to handle. In case no data has arrived, no harm should be done, :onreadable would simply set the read timeout and we'll get back to it once there is something to handle.
* | net.server_epoll: Separate handling of new incoming and outgoing connectionsKim Alvefur2021-07-081-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | The :init method is more suited for new outgoing connections, which is why it uses the connect_timeout setting. Depending on whether a newly accepted connection is to a Direct TLS port or not, it should be handled differently, and was already. The :starttls method sets up timeouts on its own, so the one set in :init was not needed. Newly accepted plain TCP connections don't need a write timeout set, a read timeout is enough.
* | net.server_epoll: Ensure timeout after closingKim Alvefur2020-10-311-0/+1
| | | | | | | | | | | | This should make sure that if there's data left to be written when closing a connection, there's also a timeout so that it doesn't wait forever.
* | core.loggingmanager: Disable pretty printing when not connected to a ttyKim Alvefur2021-07-041-1/+1
| | | | | | | | Things can behave unexpectedly when fed ANSI escape codes.
* | util.pposix: Bind isatty(3)Kim Alvefur2021-07-042-0/+11
| | | | | | | | | | Useful for disabling certain behavior, ANSI colors etc when not connected to a terminal.
* | util.prosodyctl.check: Normalize away trailing dot in some messages tooKim Alvefur2021-07-041-8/+13
| |
* | util.prosodyctl.check: Normalize potential to form without trailing '.'Kim Alvefur2021-07-041-0/+2
| | | | | | | | | | | | In some cases you might end up with both 'xmpp.example.com' and 'xmpp.example.com.', which are the same thing so no point in doing the same checks twice.
* | util.prosodyctl.check: Point out if A/AAAA exists despite disabled IPvXKim Alvefur2021-07-041-0/+10
| | | | | | | | | | | | Clients would try to connect and receive an error or timeout, increasing the time it takes to establish a connection. Probably not what you want. If you really want IPv6 or IPv4 disabled, best remove the A or AAAA record.
* | util.prosodyctl.check: Warn if both use_ipv4 and use_ipv6 are set to falseKim Alvefur2021-07-041-0/+6
| | | | | | | | Why would you do this?!
* | util.prosodyctl.check: Silence IP protocol mismatches when disabledKim Alvefur2021-07-041-2/+4
| | | | | | | | | | If you set 'use_ipv4 = false' then you probably don't care much for the host not resolving to the IPv4 address, and same with 'use_ipv6'.
* | Merge 0.11->trunkKim Alvefur2021-07-031-1/+1
|\|
| * util.ip: Fix netmask for link-local address rangeKim Alvefur2021-07-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | This may have mistakenly caused link-local addresses to be considered global. May have caused mod_s2s and prosodyctl check dns to behave incorrectly on networks using link-local IPv4 addresses. By my guesstimate, these are extremely rare. Probably minimal impact beyond a bit longer to establish s2s and some possible confusion from prosodyctl check dns results. Ref RFC 3927
* | util.format: Escape ASCII control characters also in extra argumentsKim Alvefur2021-07-031-1/+1
| |
* | util.format: Allow newlines but ensure following lines are indentedKim Alvefur2021-07-031-1/+1
| | | | | | | | | | This should a) prevent injection of text that looks like legitimate log lines and b) not mangle tracebacks.
* | util.format: Fix missing backslash in patternKim Alvefur2021-07-031-1/+1
| | | | | | | | | | Made the pattern match a longer range than intended, but with no effect since those characters are not present in the 'control_symbols' table.
* | util.prosodyctl.check: Reload unbound to ensure hosts.txt is ignoredKim Alvefur2021-07-031-1/+3
| | | | | | | | | | | | If unbound was initialized prior to this then the config change here wouldn't apply, and it will again think that 127.0.1.1 has been found in DNS.
* | util.format: Change formatting of nil values to avoid looking like XMLKim Alvefur2021-06-292-6/+6
| |
* | core.loggingmanager: Pretty-print logged XML snippets in consoleKim Alvefur2021-06-291-3/+7
| | | | | | | | | | This replaces an earlier method in a private extension that logged pretty-printed XML, which broke due to the escaping added in util.format
* | util.stanza: Export pretty printing functionKim Alvefur2021-06-292-1/+4
| |
* | core.loggingmanager: Support passing log messages trough a filterKim Alvefur2021-06-291-2/+5
| | | | | | | | This will be used by the console logger for pretty printing.
* | util.stanza: Simplify and make pretty-printing look nicerKim Alvefur2020-11-071-29/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | | I've had this color theme in a local debug module for some time and I quite like it. The colors are from the XMPP logo. Removes extra XML serialization implementation in favor of the standard one. Also removes recursive str=str..more string building. The new two-level gsub has the accumulator in C space so shouldn't be too bad. The inner gsub calls use no callback, so should be fast and not create all that much garbage. No serious benchmarking has been done, but who cares if it looks nice?
* | util.stanza: Remove Windows "support" (disabling ANSI color pretty printing)Kim Alvefur2020-11-071-11/+2
| | | | | | | | | | | | Always enable pretty printing if util.termcolours is available util.termcolours can be nooped out to disable pretty printing.
* | util.format: Escape ASCII control characters in outputKim Alvefur2021-06-152-1/+21
| | | | | | | | | | | | | | This should offer some protection against doing evil things to terminals. Doesn't protect against pure broken UTF-8 garbage however. See #734
* | util.dbuffer: Fix bugs, remove multi-char support (more complex than first ↵Matthew Wild2021-06-292-24/+3
| | | | | | | | | | | | | | | | | | thought) Character sequences could be split across chunk boundaries. Would require a bunch of code to make that work reliably. Only apply front_consumed on first chunk, and adjust buffer_pos accordingly.
* | util.dbuffer: Add read_until() methodMatthew Wild2021-06-292-0/+58
| |
* | util.prosodyctl.check: Collect options from all global pluginsKim Alvefur2021-05-271-0/+45
| |
* | util.prosodyctl.check: Format, sort option listings into canonical formKim Alvefur2021-05-271-8/+34
| | | | | | | | | | Makes merges and diffs easier to read and deal with, especially when using tools to gather options from the codebase.
* | mod_admin_adhoc: Log who performs administrative actionsKim Alvefur2021-06-271-13/+25
| | | | | | | | Goal is to have some accountability for these privileged actions.
* | mod_admin_adhoc: Delete "Get User Password" commandKim Alvefur2021-06-271-36/+0
| | | | | | | | | | | | | | | | | | This doesn't really make sense today. It doesn't even work with mod_auth_internal_hashed, which should be the default. And even with a supporting authentication module, why would we just hand out the password? One use case may be to recover a forgotten password. While not yet included with Prosody, there are better ways to handle forgotten passwords, usually by resetting them to a new password.