aboutsummaryrefslogtreecommitdiffstats
path: root/net
Commit message (Collapse)AuthorAgeFilesLines
* net.server_epoll: Prevent traceback when checking TLS after connection goneKim Alvefur2024-01-211-0/+5
| | | | Unclear why this would be done, but an error is not great.
* net.http.server: Fix whitespace-ignoring syntaxKim Alvefur2023-12-011-2/+2
|
* Merge 0.12->trunkKim Alvefur2023-12-011-1/+7
|\
| * net.http.parser: Reject overlarge header section earlierKim Alvefur2023-08-231-1/+7
| | | | | | | | This case would eventually be rejected by the buffer size limit.
* | net.http.server: Complete async waiter for non-persistent connectionsKim Alvefur2023-11-241-3/+2
| | | | | | | | | | | | | | | | | | Otherwise requests with Connection: close would be stuck in the async wait that starts after the handle_request() call. Together with the new async debugging, this makes the async thread stay in the set of waiting runners forever, where previously it would simply be garbage collected.
* | net.server_epoll: Avoid call to update socket watch flags when nothing changedKim Alvefur2023-11-211-0/+3
| | | | | | | | Should skip a syscall for each write when using epoll.
* | net.http: Set Connection header based on connection pool usageKim Alvefur2023-11-111-1/+8
| | | | | | | | Connection: keep-alive is implicit in HTTP/1.1 but explicit > implicit
* | net.http: Add simple connection poolingKim Alvefur2023-11-111-1/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This should speed up repeated requests to the same site by keeping their connections around and sending more requests on them. Sending multiple requests at the same time is not supported, instead a request started while another to the same authority is in progress would open a new one and the first one to complete would go back in the pool. This could be investigated in the future. Some http servers limit the number of requests per connection and this is not tested and could cause one request to fail, but hopefully it will close the connection and prevent it from being reused.
* | net.http.server: Fix typo in previous commitKim Alvefur2023-09-231-1/+1
| |
* | net.http.server: Support setting Content-Type of uncaught HTTP errorsKim Alvefur2023-09-221-1/+6
| | | | | | | | | | | | | | | | mod_http_errors normally sets the Content-Type header via the response object, which isn't available when handling these uncaught errors. Without a Content-Type header the browser is forced to guess, which may or may not result in something sensible.
* | net.websocket.frames: Remove completed TODOKim Alvefur2023-07-291-1/+0
| | | | | | | | The XOR is done in C since 4e5a2af9dd19
* | net.server: Handle loading from outside Prosody (e.g. Verse)Kim Alvefur2023-05-201-15/+20
| | | | | | | | | | server_select only depending on LuaSocket generally makes it more portable, so fall back to that if util.poll can't be found.
* | net.http.server: Return request ID in header to aid debuggingKim Alvefur2023-05-291-1/+1
| | | | | | | | Eases locating the request in logs
* | net.tls_luasec: Expose method for loading a certificateKim Alvefur2023-05-271-0/+1
| | | | | | | | | | Further isolates LuaSec from Prosody core, with the ultimate goal of allowing LuaSec to be replaced more easily.
* | net.certmanager: Move LuaSec feature detection to net.tls_luasecKim Alvefur2023-05-271-0/+24
| | | | | | | | | | Further isolates LuaSec from Prosody core, with the ultimate goal of allowing LuaSec to be replaced more easily.
* | net.http.server: Remove "Firing event" logs, use event logging insteadKim Alvefur2023-05-141-4/+0
| | | | | | | | | | | | | | | | Since these are noisy and we have the thing in util.helpers to log events fired. The new status line events are meant to replace these as they include more useful info.
* | net.http.server: Log request and response status linesKim Alvefur2023-05-141-0/+3
| | | | | | | | Points out the beginning and end of a request.
* | net.http.server: Assign each request its own log sourceKim Alvefur2023-05-141-5/+8
| |
* | net.http.server: Assign an ID to each request, shared with responseKim Alvefur2023-05-141-0/+3
| | | | | | | | | | Goal is improve tracking of individual HTTP requests throughout its life-cycle. Having a single ID to use in logging should help here.
* | net: Prefix module imports with prosody namespaceKim Alvefur2023-03-1720-108/+108
| |
* | Merge 0.12->trunkMatthew Wild2023-02-171-2/+3
|\|
| * net.http.parser: Fix off-by-one error in chunk parserMatthew Wild2023-02-171-2/+3
| |
* | Merge 0.12->trunkMatthew Wild2023-02-161-0/+4
|\|
| * net.http.server: Add new API to get HTTP request from a connectionMatthew Wild2023-02-161-0/+4
| | | | | | | | | | | | | | | | | | | | | | This information is sometimes necessary in the context where we have a connection that we know (or believe to be) associated with an incoming HTTP request. For example, it can be used to retrieve the IP address of a request (which may differ from the IP address of the connection, due to X-Forwarded-For and co). Thanks to the Jitsi team for highlighting this gap in the API.
* | Merge 0.12->trunkMatthew Wild2023-02-092-7/+12
|\|
| * net.http.parser: Improve handling of responses without content-lengthMatthew Wild2023-02-091-6/+11
| | | | | | | | | | | | This ensures that we support responses without a content-length header, and allow streaming them through the streaming handler interface. An example of such a response would be Server-Sent Events streams.
| * net.http: Add missing log parameterMatthew Wild2023-02-091-1/+1
| |
* | net.http.server: Close file handle earlierKim Alvefur2023-01-081-1/+1
| | | | | | | | | | Frees unneeded resources earlier, so they're not held on to while potentially sending the chunk trailer.
* | Merge 0.12->trunkKim Alvefur2023-01-081-1/+1
|\|
| * net.http.server: Fix #1789Kim Alvefur2023-01-081-1/+1
| | | | | | | | | | | | | | | | | | Unregistering the response before sending the trailer of the chunked transfer encoding prevents opportunistic writes from being invoked and running this code again when, which may cause an error when closing the file handle a second time. Normally the file size is known, so no chuck headers are sent.
* | net.server_epoll: Remove delay on last main loop iteration when quittingKim Alvefur2023-01-061-7/+8
| | | | | | | | | | | | | | Main difference is that timers are not checked unconditionally before each poll, only when running out of previous poll results (hidden by util.poll). This removes a final poll at shutdown that usually delays the 'not quitting' condition check by one second.
* | net.server_epoll: Factor out single main loop step into its own functionKim Alvefur2023-01-061-1/+26
| | | | | | | | | | This isn't actually used in Prosody, so no value in complicating the real main loop because of it
* | net.resolvers.basic: Record hostname coming from secure SRV recordsKim Alvefur2022-12-221-0/+2
| | | | | | | | Will be useful even later...
* | net.resolvers.service: Record DNSSEC security status of SRV recordsKim Alvefur2022-12-221-0/+3
| | | | | | | | Will be useful later.
* | net.resolvers.service: Fix reporting of Bogus DNSSEC resultsKim Alvefur2022-12-211-3/+6
| | | | | | | | | | | | | | | | | | The order of checks led to Bogus results being reported with a generic "unable to resolve service". This had no practical effects as such results are simply empty and the process would stop there. Tested by attempting to establish s2s with dnssec-bogus.sg and observing the error reply.
* | Revert unintentionally committed parts of 12bd40b8e105Kim Alvefur2022-12-211-8/+3
| |
* | mod_c2s,mod_s2s: Adapt to XEP-xxxx: Stream Limits AdvertisementKim Alvefur2022-10-201-3/+8
| | | | | | | | Thanks MattJ
* | net.connect: Clear TODO for Happy Eyeballs / RFC 8305, close #1246Kim Alvefur2022-08-191-1/+0
| | | | | | | | Gotta have the DOAP references!
* | various: Update IETF RFC URLs for tools.ietf.org transitionKim Alvefur2022-08-051-2/+2
| | | | | | | | | | | | See https://www.ietf.org/blog/finalizing-ietf-tools-transition/ Already done in various other places.
* | net.resolvers.basic: Add opt-out argument for DNSSEC security statusKim Alvefur2022-08-021-3/+5
| | | | | | | | | | | | | | This makes explicit which lookups can accept an unsigned response. Insecure (unsigned, as before DNSSEC) A and AAAA records can be used as security would come from TLS, but an insecure TLSA record is worthless.
* | mod_saslauth: Implement RFC 9266 'tls-exporter' channel binding (#1760)Kim Alvefur2022-06-011-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | Brings back SCRAM-SHA-*-PLUS from its hiatus brought on by the earlier channel binding method being undefined for TLS 1.3, and the increasing deployment of TLS 1.3. See 1bfd238e05ad and #1542 Requires future version of LuaSec, once support for this key material export method is merged. See https://github.com/brunoos/luasec/pull/187
* | compat: Remove handling of Lua 5.1 location of 'unpack' functionKim Alvefur2022-07-111-1/+1
| |
* | Merge 0.12->trunkKim Alvefur2022-06-191-11/+8
|\|
| * net.unbound: Merge luaunbound and prosody defaults in absence of user config ↵Kim Alvefur2022-06-191-11/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (fixes #1763) (thanks rgd) add_defaults() is supposed to merge 3 tables, the defaults in luaunbound, the defaults from prosody and any config from the prosody config file. In the case where no `unbound={}` has been in the config, it skips over the merge and returns only the prosody built-in defaults. This results in libunbound skipping reading resolv.conf and uses its default behavior of full recursive resolution. Prior to #1737 there were only two tables, the luaunbound defaults and the prosody config, where bypassing the merge and returning the former did the right thing.
* | net.http.codes: Refresh from registry, many refs now point to RFC9110Kim Alvefur2022-06-131-46/+46
| |
* | net.server: Fix multiple return valuesKim Alvefur2022-06-033-11/+26
| | | | | | | | | | | | | | return foo and foo() crops multiple return values to a single one, so any second return values etc were last, mostly error details. Introduced in 7e9ebdc75ce4
* | net.server_epoll: Add option to defer accept() until data availableKim Alvefur2022-05-151-0/+6
| | | | | | | | | | | | | | | | | | | | This is a Linux(?) socket option that delays the accept signal until there is data available to read. E.g. with HTTP this might mean that a whole request can be handled without going back trough another turn of the main loop, and an initial client <stream> can be responded to. This may have effects on latency and resource use, as the server does not need to allocate resources until really needed.
* | net.server_epoll: Wrap LuaSocket object earlier to reuse option setting methodKim Alvefur2021-07-161-2/+2
| | | | | | | | | | Since it provides some protection and error handling in the form of logging.
* | net.server_epoll: Move call to refresh remote IP address out of wrapperKim Alvefur2021-07-161-1/+3
| | | | | | | | Reduces the side effects of wrapsocket()
* | net.server_epoll: Add support for TCP Fast OpenKim Alvefur2021-07-081-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | Requires a patch to LuaSocket adding this socket option, https://github.com/lunarmodules/luasocket/pull/378 sysctl tweaks net.ipv4.tcp_fastopen=3 net.ipv4.tcp_fastopen_blackhole_timeout_sec = 0 net.ipv4.tcp_fastopen_key=$(</proc/sys/kernel/random/uuid) Disabled by default since it an advanced performance tweak unlikely to be needed by most servers.