aboutsummaryrefslogtreecommitdiffstats
path: root/net
Commit message (Collapse)AuthorAgeFilesLines
* net.server_epoll: Add way to enable TCP keeplives on all connectionsKim Alvefur2021-07-141-1/+6
| | | | | | In case one wishes to enable this for all connections, not just c2s (not Direct TLS ones, because LuaSec) and s2s. Unclear what use these are, since they kick in after 2 hours of idle time.
* net.server_epoll: Add an (empty) method for setting socket optionsKim Alvefur2021-07-141-0/+6
|
* net.server_epoll: Log failures to set socket optionsKim Alvefur2021-07-141-2/+8
| | | | | | | | | Good to know if it fails, especially since the return value doesn't seem to be checked anywhere. Since LuaSec-wrapped sockets don't expose the setoption method, this will likely show when mod_c2s tries to enable keepalives on direct tls connections.
* net.server_epoll: Call onconnect immediately after TLS handshake completionKim Alvefur2021-07-131-1/+2
| | | | | | Skips a roundtrip through the main loop in case client-first data is available already, if not then :onreadable() will set the appropriate timeout.
* net.server_epoll: Refactor immediate TLS handshake startKim Alvefur2021-07-131-6/+5
|
* net.server_epoll: Keep socket registered in epoll trough TLS wrappingKim Alvefur2021-07-131-2/+1
| | | | | There's the theory that the socket isn't the same before/after wrap(), but since epoll operates on FD numbers this shouldn't matter.
* net.server_epoll: Use TLS handshake timeout after initiating handshakeKim Alvefur2021-07-131-1/+3
| | | | The :init() method sets a different timeout than the TLS related methods.
* net.server_epoll: Start TLS handshake immediately on newly accepted connectionsKim Alvefur2021-07-131-0/+1
| | | | | | Since TLS is a client-first protocol there is a chance that the ClientHello message is available already. TLS Fast Open and/or the TCP_DEFER_ACCEPT socket option would increase that chance.
* net.server_epoll: Factor out TLS initialization into a methodKim Alvefur2021-07-131-45/+51
| | | | | | | | | | | So there's :startls(), :inittls() and :tlshandshake() :starttls() prepares for plain -> TLS upgrade and ensures that the (unencrypted) write buffer is drained before proceeding. :inittls() wraps the connection and does things like SNI, DANE etc. :tlshandshake() steps the TLS negotiation forward until it completes
* net.server_epoll: Fix typoKim Alvefur2021-07-131-1/+1
|
* net.server_epoll: Prevent stack overflow of opportunistic writesKim Alvefur2021-07-111-1/+3
| | | | | | | | | | | | | | net.http.files serving a big enough file on a fast enough connection with opportunistic_writes enabled could trigger a stack overflow through repeatedly serving more data that immediately gets sent, draining the buffer and triggering more data to be sent. This also blocked the server on a single task until completion or an error. This change prevents nested opportunistic writes, which should prevent the stack overflow, at the cost of reduced download speed, but this is unlikely to be noticeable outside of Gbit networks. Speed at the cost of blocking other processing is not worth it, especially with the risk of stack overflow.
* net.http: Send entire HTTP request header as one writeKim Alvefur2021-07-081-5/+3
| | | | | | | | | | | | | | When opportunistic writes are enabled this reduces the number of syscalls and TCP packets sent on the wire. Experiments with TCP Fast Open made this even more obvious. That table trick probably wasn't as efficient. Lua generates bytecode for a table with zero array slots and space for two entries in the hash part, plus code to set [2] and [4]. I didn't verify but I suspect it would have had to resize the table when setting [1] and [3], although probably only once. Concatenating the strings directly in Lua is easier to read and involves no extra table or function call.
* net.server_epoll: Immediately attempt to read from newly accepted connectionsKim Alvefur2021-07-081-1/+1
| | | | | | | | | | | | This may speed up client-first protocols (e.g. XMPP, HTTP and TLS) when the first client data already arrived by the time we accept() it. If LuaSocket supported TCP_DEFER_ACCEPT we could use that to further increase the chance that there's already data to handle. In case no data has arrived, no harm should be done, :onreadable would simply set the read timeout and we'll get back to it once there is something to handle.
* net.server_epoll: Separate handling of new incoming and outgoing connectionsKim Alvefur2021-07-081-2/+6
| | | | | | | | | | | | The :init method is more suited for new outgoing connections, which is why it uses the connect_timeout setting. Depending on whether a newly accepted connection is to a Direct TLS port or not, it should be handled differently, and was already. The :starttls method sets up timeouts on its own, so the one set in :init was not needed. Newly accepted plain TCP connections don't need a write timeout set, a read timeout is enough.
* net.server_epoll: Ensure timeout after closingKim Alvefur2020-10-311-0/+1
| | | | | | This should make sure that if there's data left to be written when closing a connection, there's also a timeout so that it doesn't wait forever.
* net.server_epoll: Add missing method for changing TLS contextKim Alvefur2021-06-101-0/+4
| | | | | Supported by the other net.server implementations already, but not used anywhere in Prosody.
* net.server_epoll: Fix reporting of socket connect timeoutKim Alvefur2021-06-071-0/+2
| | | | | | | | | | | | | | | | | | | If the underlying TCP connection times out before the write timeout kicks in, end up here with err="timeout", which the following code treats as a minor issue. Then, due to epoll apparently returning the EPOLLOUT (writable) event too, we go on and try to write to the socket (commonly stream headers). This fails because the socket is closed, which becomes the error returned up the stack to the rest of Prosody. This also trips the 'onconnect' signal, which has effects on various things, such as the net.connect state machine. Probably undesirable effects. With this, we instead return "connection timeout", like server_event, and destroy the connection handle properly. And then nothing else happens because the connection has been destroyed.
* net.http.server: Split out method for sending only the headerKim Alvefur2021-04-241-2/+7
| | | | | Makes it easier to reuse, e.g. for SSE or websockets or other custom responses.
* net.server_epoll: Remove unnecessary luacheck annotationsKim Alvefur2021-04-011-3/+3
| | | | | Not sure why these were here to begin with, since it does use the 'self' argument and did so since they were added.
* net.resolvers.basic: Fix completion condition when IPv6 is disabledKim Alvefur2021-03-151-0/+2
| | | | | | | | | | Fixes mistake introduced in 5a71f14ab77c that made it so this ready() newer got called and thus it would be stuck waiting for it. Looks like the kind of thing that could have been introduced by a merge or rebase. Thanks MattJ
* net.resolvers.basic: Disable DANE for now, completely brokenKim Alvefur2021-03-031-5/+4
| | | | | Turns out 'extra' is, at least for mod_s2s, the same table for *all* connections.
* net.resolvers.basic: Don't enable DANE with zero TLSA recordsKim Alvefur2021-03-031-1/+1
| | | | Turns out it doesn't work with zero.
* net.connect: Add DANE supportKim Alvefur2021-03-021-1/+26
| | | | | | Disabled DANE by default, since it needs extra steps to be useful. The built-in DNS stub resolver does not support DNSSEC so having DANE enabled by default only leads to an extra wasted DNS request.
* net.server_epoll: Support for passing DANE TLSA data to LuaSec (0.8 needed)Kim Alvefur2019-09-291-0/+14
|
* net.http.server: Set request.ip so mod_http doesn't have toKim Alvefur2021-02-271-0/+2
| | | | | | | | Because it already sets request.secure, which depends on the connection, just like the IP, so it makes sense to do both in the same place. Dealing with proxies can be left to mod_http for now, but maybe it could move into some util some day?
* net.http.server: Don't pause early streaming uploadsKim Alvefur2021-02-131-1/+10
| | | | | | | Fixes that otherwise it would wait for the request to be done after receiving the head of the request, when it's meant to select a target for where to store the data, instead of waiting after receiving the request for when the request has been handled.
* net.http.server: Allow storing more than the parser in the sessionKim Alvefur2021-02-121-10/+11
| | | | Storing the async thread on the connection was weird.
* net.http.server: Enable async during HTTP request handling (fixes #1487)Kim Alvefur2020-07-121-28/+23
|
* net.unbound: Fix to initialize under prosodyctlKim Alvefur2021-01-211-0/+1
| | | | | Lazy initialization only worked for async queries, but prosodyctl check dns uses sync queries.
* Merge 0.11->trunkKim Alvefur2021-01-121-0/+5
|\
| * net.adns: Prevent empty packets from being sent on "connect" (fix #1619)Kim Alvefur2021-01-121-0/+5
| | | | | | | | Thanks Ge0rG for testing
| * net.server_epoll: Fix off-by-one in 2c559953ad41Kim Alvefur2021-01-101-1/+1
| | | | | | | | Thanks tmolitor
* | Merge 0.11->trunkKim Alvefur2021-01-081-2/+18
|\|
| * net.server_epoll: Ensure timers can't run more than once per tickKim Alvefur2021-01-081-2/+18
| | | | | | | | | | | | | | | | This makes sure that a timer that returns 0 (or less) does not prevent runtimers() from completing, as well as making sure a timer added with zero timeout from within a timer does not run until the next tick. Thanks tmolitor
* | net.unbound: Delay loading until server has started or first queryKim Alvefur2021-01-051-1/+4
| | | | | | | | | | Shouldn't need a DNS resolver until later anyways. Might even be sensible to only initialize if a query is actually attempted.
* | net.unbound: Move libunbound initialization into a functionKim Alvefur2021-01-051-4/+7
| | | | | | | | Prepare for lazy-loading it.
* | net.unbound: Allow tracing individual queries with a logger per queryKim Alvefur2021-01-051-6/+9
| |
* | net.unbound: Don't pass error as logger formatting stringKim Alvefur2021-01-051-1/+1
| | | | | | | | | | This could cause weirdness if the error contains formatting options, but should be reasonably safe with util.format
* | net.unbound: Log net.server interactionsKim Alvefur2021-01-051-0/+2
| | | | | | | | Noticed the potential need for this thanks to Ge0rG
* | net.server_epoll: Increase log level for error in callbackKim Alvefur2020-12-161-1/+1
| | | | | | | | It's an error, it should be logged at error level.
* | net.http.errors: Add error class for DNS resolution failures (thanks SouL)Matthew Wild2020-12-111-0/+4
| |
* | net.http: track time of request for debug/stats purposesMatthew Wild2020-12-091-0/+2
| |
* | net.adns: Reduce 'Exhausted all servers' message to warningMatthew Wild2020-12-081-1/+1
| | | | | | | | It happens often and generally doesn't require admin intervention.
* | net.http: Add support for streaming chunked/large responsesMatthew Wild2020-10-211-0/+18
| |
* | net.http.parser: Expose 'partial', 'chunked' and 'body_length' on packetsMatthew Wild2020-10-211-2/+15
| |
* | Merge 0.11->trunkMatthew Wild2020-10-151-23/+7
|\|
| * net.websocket.frames: Use C string XOR implementationKim Alvefur2020-10-141-23/+7
| |
* | Merge 0.11->trunkMatthew Wild2020-10-131-1/+4
|\|
| * net.http.server: Don't send Content-Length on 1xx/204 responses, per RFC ↵Matthew Wild2020-10-131-1/+4
| | | | | | | | (fixes #1596)
* | Merge 0.11->trunkKim Alvefur2020-10-121-3/+3
|\|