| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
Attempt to fix a bug where connections are somehow closed twice, leading
to bad things happening elsewhere.
With LuaSec, closed connections are generally already too closed to
write anything to anyway since it does not support unidirectional
shutdown.
|
|
|
|
| |
Added in f0b2c026e542 and not sure why
|
|
|
|
|
|
|
| |
Prevent Bad Things from happening when the buffer gets full.
This of course opens up the possibility of intentionally killing
connections by sending much stuff, which need to be mitigated with rate
limits elsewhere.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Problem: The string slice operations when a lot of data gets buffered
ends up being expensive and memory-consuming. We have util.dbuffer for
precisely this kind of thing.
I want to keep the behavior of writebuffer being upgraded from nil to a
string to full buffer since the last step involves three table
allocations, where the previous buffer method only used one. Avoiding
those allocations for simple writes like white space keep alive feels
like it would keep memory churn down.
This work was started in 2020
|
|
|
|
|
|
|
|
|
|
| |
Allows creating listening sockets and accepting client connections
before Prosody starts.
This is unlike normal Prosody dynamic resource management, where ports
may added and removed at any time, and the ports defined by the config.
Weird things happen if these are closed (e.g. due to reload) so here we
prevent closing and ensure sockets are reused when opened again.
|
|
|
|
| |
To aid in tracking down signalfd-related problems
|
|
|
|
| |
To make any such failures noticeable
|
| |
|
|
|
|
|
|
| |
Handling signal events the same way as all other events makes sense and
seems safer than the signal handling just jumping around in C and
messing with Lua states.
|
|
|
|
| |
Unclear why this would be done, but an error is not great.
|
|
|
|
| |
Should skip a syscall for each write when using epoll.
|
| |
|
|
|
|
|
|
|
| |
Main difference is that timers are not checked unconditionally before
each poll, only when running out of previous poll results (hidden by
util.poll). This removes a final poll at shutdown that usually delays
the 'not quitting' condition check by one second.
|
|
|
|
|
| |
This isn't actually used in Prosody, so no value in complicating the
real main loop because of it
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Brings back SCRAM-SHA-*-PLUS from its hiatus brought on by the earlier
channel binding method being undefined for TLS 1.3, and the increasing
deployment of TLS 1.3.
See 1bfd238e05ad and #1542
Requires future version of LuaSec, once support for this key material
export method is merged.
See https://github.com/brunoos/luasec/pull/187
|
|
|
|
|
|
|
| |
return foo and foo() crops multiple return values to a single one, so
any second return values etc were last, mostly error details.
Introduced in 7e9ebdc75ce4
|
|
|
|
|
|
|
|
|
|
| |
This is a Linux(?) socket option that delays the accept signal until
there is data available to read. E.g. with HTTP this might mean that a
whole request can be handled without going back trough another turn of
the main loop, and an initial client <stream> can be responded to.
This may have effects on latency and resource use, as the server does
not need to allocate resources until really needed.
|
|
|
|
|
| |
Since it provides some protection and error handling in the form of
logging.
|
|
|
|
| |
Reduces the side effects of wrapsocket()
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Requires a patch to LuaSocket adding this socket option,
https://github.com/lunarmodules/luasocket/pull/378
sysctl tweaks
net.ipv4.tcp_fastopen=3
net.ipv4.tcp_fastopen_blackhole_timeout_sec = 0
net.ipv4.tcp_fastopen_key=$(</proc/sys/kernel/random/uuid)
Disabled by default since it an advanced performance tweak unlikely to
be needed by most servers.
|
|
|
|
|
|
|
|
|
|
|
| |
This now requires that the network backend exposes a tls_builder
function, which essentially wraps the former util.sslconfig.new()
function, passing a factory to create the eventual SSL context.
That allows a net.server backend to pick whatever it likes as SSL
context factory, as long as it understands the config table passed by
the SSL config builder. Heck, a backend could even mock and replace the
entire SSL config builder API.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For this, various accessor functions are now provided directly on the
sockets, which reach down into the LuaSec implementation to obtain the
information.
While this may seem of little gain at first, it hides the implementation
detail of the LuaSec+LuaSocket combination that the actual socket and
the TLS layer are separate objects.
The net gain here is that an alternative implementation does not have to
emulate that specific implementation detail and "only" has to expose
LuaSec-compatible data structures on the new functions.
|
| |
|
|
|
|
|
| |
Modules using ids for logging should not need the now pretty large
medium one.
|
|
|
|
|
|
|
|
|
|
| |
With opportunistic writes enabled, writes can return what :onwritable()
returns, thus :onwritable() should return something sensible at each
spot.
Should prevent whatever caused
> Error writing to connection: (nil)
Tho this was probably harmless
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the connection is closed by the peer, any buffered data is given a
last chance to be sent (see f27b9319e0da). If the connection is Really
closed, no attempt to write will occur, instead epoll will raise the
error flag and :onreadable() will be invoked again, where it will try to
:close() again for the same reason, thus looping until the connection
somehow gets destroyed.
By clearing the _connected flag, the second time it passes :onreadable()
it should go directly to :destroy(), breaking the loop.
Thanks Link Mauve for reporting
|
|
|
|
|
|
|
|
|
|
| |
ff4e34c448a4 broke the way net.http.server streams downloads from disk
because it made writes from the ondrain callback no longer reset the
want-write flag, causing the download to halt.
Writes from the predrain handler still must not trigger anything but
additions to the buffer, since it is about to do all the socket writing
already.
|
|
|
|
|
|
| |
Opportunistic writes sure do complicate things. This is especially
intended to avoid opportunistic_writes from within the onpredrain
callback.
|
|
|
|
|
|
|
| |
Should call timers less frequently when many sockets are waiting for
processing. May help under heavy load.
Requested by Ge0rG
|
|
|
|
|
|
|
|
|
|
| |
This is not a pretty way to signal this... but it is the current API
interface:inittls() is a new code path which did not go past the point
in interface:starttls() where it set starttls to false, leading mod_tls
to offer starttls on direct TLS connections
Thanks Martin for discovering.
|
|
|
|
|
|
| |
The intent is to ensure 'ondisconnect' only gets called once, while
giving buffered outgoing data a last chance to be delivered via the
:close() path in case the connection was only shutdown in one direction.
|
|
|
|
|
|
|
|
| |
Before 22825cb5dcd8 connection attempts that failed (e.g. connection
refused) would be immediately destroyed. After, it would schedule
another write cycle and then report 'ondisconnect' again when failing.
Thanks Martin for reporting
|
|\ |
|
| |
| |
| |
| | |
Should ensure shutdown even if sockets somehow take a very long to get closed.
|
| |
| |
| |
| |
| | |
This should ensure that sockets get closed even if they are added after
the quit signal. Otherwise they may keep the server alive.
|
| |
| |
| |
| | |
Seems to have happened in 6427e2642976, probably because of Meld
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Instead try to write any remaining buffered data. If the write attempt
also fails with "closed" then there's nothing we can do and the socket
is gone.
This reverts what appears to be a mistakenly included part of c8aa66595072
Thanks jonas’ for noticing
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously it was unclear whether "client port" was the port that the
client connected to, or from. I hereby declare that the client port is
the source port and the server port is the destination port.
Incoming and outgoing connections can be distinguished by looking at
the_server reference, which only incoming connections have.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In a case like this the timer would not be readded:
addtimer(1, function(t, id)
stop(id)
return 1
end);
|
|\| |
|
| |
| |
| |
| |
| |
| |
| | |
Likely affected rescheduling but have no reports of this.
After readding a timer, it would have been issued a new id. Rescheduling
would use the previous id, thus not working.
|
| |
| |
| |
| | |
Thanks tmolitor
|
| |
| |
| |
| |
| |
| | |
Only relevant because a "dirty" connection (with incoming data in
LuaSocket's buffer) does not count as "readable" according to epoll, so
special care needs to be taken to keep on processing it.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Allows sneaking in things in the write buffer just before it's sent to
the network stack. For example ack requests, compression flushes or
other things that make sense to send after stanzas or other things.
This ensures any additional trailing data sent is included in the same
write, and possibly the same TCP packet. Other methods used such as
timers or nextTick might not have the same effect as it depends on
scheduling.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Should prevent further opportunistic write attempts after the kernel
buffers are full and stops accepting writes.
When combined with `keep_buffers = false` it should stop it from
repeatedly recreating the buffer table and concatenating it back into a
string when there's a lot to write.
|
| |
| |
| |
| |
| |
| |
| | |
Caused "attempt to index a string value (local 'data')", but only if
keep_buffers is set to false, which is not the default.
Introduced in 917eca7be82b
|
| |
| |
| |
| |
| | |
Read and write timeouts should usually match whether we want to read or
write.
|
| |
| |
| |
| | |
Should avoid rare but needless timer interactions
|
| |
| |
| |
| |
| | |
Instead of removing and readding the timer, keep it and adjust it
instead. Should reduce garbage production a bit.
|
| |
| |
| |
| |
| |
| |
| | |
Only real difference between the read and write timeouts is that the
former has a callback that allows the higher levels to keep the
connection alive, while hitting the later is immediately fatal. We want
the later behavior for TLS negotiation.
|