| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
check WSAGetLastError() after socket operations return non-zero
Notably, MS winsock2 returns WSAEWOULDBLOCK instead of WSAEINPROGRESS
for connect() if socket is configured nonblocking
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
_WIN32 is sufficiently different -- *different*; not better -- that
isolating _WIN32 code is clearer than #ifdef _WIN32 in almost every
func in fdevent.c
_WIN32-specific fdevent_socket_* funcs
_WIN32 SOCKET fds must be closed with closesocket(), not close()
_WIN32 HANDLE_FLAG_INHERIT for FD_CLOEXEC
_WIN32 use _sopen_s() without _O_TEMPORARY
Use _sopen_s() without _O_TEMPORARY in fdevent_mkostemp().
_O_TEMPORARY would remove file once last handle to file is closed.
Temporary files in chunkqueue may be closed for large request/response
_WIN32 fdevent_rename() using MoveFileExA
_WIN32 rename() fails if the target file already exists.
Alternatives are MoveFileExA() or ReplaceFileA().
Both of the above fail if either oldfile or newfile are open, so
- not atomic
- may fail sporadically
|
| | |
|
| | |
|
| |
|
|
| |
(selective implementations; not complete)
|
| |
|
|
| |
Note: behavior under bash.exe might be different than under cmd.exe
|
| |
|
|
|
|
|
| |
no lstat()
no S_IFSOCK
no S_ISSOCK()
...
|
| | |
|
| |
|
|
| |
wrap fork() and kill()
|
| |
|
|
| |
skip optimistic client read if http version >= HTTP/2
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
adds two pointers to (request_st *) (cost: 16 bytes in 64-bit builds)
prepares for upcoming changes to mod_extforward to manage remote addr
per request for HTTP/2 requests, rather than remote addr per connection.
Modern load balancers often provide options to reuse connections for
*different* clients, and therefore mod_extforward might change the
remote addr per request.
x-ref:
"RFE: mod_extforward and multiplexed requests via HTTP/2"
https://redmine.lighttpd.net/issues/3192
"Evaluation of remote_addr for mod_maxminddb for multiplexed connections"
https://redmine.lighttpd.net/issues/3191
|
| |
|
|
| |
remove excess +1 per env string
|
| |
|
|
| |
remove issock flag; on _WIN32, select(), WSAPoll() work only on sockets
|
| | |
|
| |
|
|
|
| |
employ ck_calloc(), ck_malloc() shared code to slightly reduce code size
(centralize the ck_assert() to check that memory allocation succeeded)
|
| | |
|
| |
|
|
| |
employ ck_realloc_u32() shared code to slightly reduce code size
|
| |
|
|
|
|
| |
prefer to avoid tempfiles when streaming request body to fast backend
keeping up with reading request body as request body is received from
client
|
| |
|
|
|
|
|
|
| |
handle RDHUP as soon as RDHUP detected when collecting HTTP/1.1 chunked
request body (and when not streaming request body to backend)
x-ref:
https://github.com/lighttpd/lighttpd1.4/pull/115
|
| | |
|
| |
|
|
|
|
|
|
| |
reduce trace on Upgrade'd backend connection when ECONNRESET received,
which, for example, apparently might occur if a backend calls close()
on socket without first calling shutdown(fd, SHUT_WR) -- seen on Linux
kernel 5.16.15 where lighttpd received ECONNRESET when trying to read()
(instead of receiving EOF).
|
| |
|
|
|
|
|
| |
ensure socket ready for writing before checking connect() status
(sanity check in case request gets rescheduled for another reason
before the socket is ready for writing)
|
| |
|
|
|
|
| |
connect to backend (mod_cgi, mod_proxy, mod_sockproxy, mod_wstunnel)
for streaming request body without waiting for initial data in request
body. Useful for things like websockets when data starts on server-side
|
| |
|
|
| |
restart dead proc on connect error only if proc started by lighttpd
|
| | |
|
| |
|
|
|
| |
disable server.graceful-restart-bg if spawning gateway backends
via *.server "bin-path"
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
disable streaming response while processing "authorizer" mode
until "authorizer" response 200 OK from the backend is complete
(thx jefftharris)
x-ref:
"FastCGI authorizer hang with server.stream-response-body"
https://redmine.lighttpd.net/boards/2/topics/9969
"FastCGI authorizer hang with server.stream-response-body"
https://redmine.lighttpd.net/issues/3106
|
| |
|
|
|
| |
mark and temporarily defer event handling of backend events in order
to handle at same time as the associated front-end connection events
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
separate internal control for backend max_per_read
When not streaming, large reads will be flushed to temp files on disk.
When streaming, use a smaller buffer to help reduce memory usage.
When not streaming, attempt to read and empty kernel socket bufs.
(e.g. MAX_READ_LIMIT 256k)
When writing to sockets (or pipes) attempt to fill kernel socket bufs.
(e.g. MAX_WRITE_LIMIT 256k)
|
| |
|
|
| |
mark some core code with attributes malloc, returns nonnull
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
default backend "connect-timeout" to 8 seconds
Though this is is a behavior change where there previously was no
timeout, this is configurable by lighttpd.conf admin, and having a
default connection timeout of a fairly large value (8 seconds) puts
a (default) limit on resource usage waiting for socket connect().
x-ref:
"sockets disabled, out-of-fds with proxy module"
https://redmine.lighttpd.net/issues/3086
|
| | |
|
| |
|
|
|
|
|
| |
remove redundant waitpid() on each backend
(performed each second during periodic maintenance)
Doing so is redundant with handle_waitpid hook since lighttpd 1.4.46
|
| |
|
|
|
|
| |
reduce wait time in gw_spawn_connection() from 10ms down to 1ms.
That is still plenty of time to detect immediate execve()/clone()
failures.
|
| | |
|
| |
|
|
| |
clearer code: host->num_procs as num gw_proc in host->first linked list
|
| | |
|
| |
|
|
|
|
|
|
| |
If a system call returns EMFILE, then admin should increase
server.max-fds and check/increase rlimits for num files (ulimit -Hn)
Alternatively, the admin might decrease server.max-connections to limit
the number of connections served in parallel.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
merge connection_list_append() into connection_fdwaitqueue_append()
(not converted to singly-linked-list since fdwaitqueue is not expected
to be used during normal operation (except extreme overload condition),
so use allocated list of pointers (allocated when needed) instead of
adding ptr member to (every) allocated struct connection)
remove connections-glue.c
remove inclusion of connections.h by non-base files
|
| |
|
|
| |
clarify error message in gw_backend.c if connect() to unix socket fails
|
| |
|
|
|
|
|
|
|
|
|
|
| |
implement connect(), write(), read() timeouts on backends
"connect-timeout"
"write-timeout"
"read-timeout"
x-ref:
"sockets disabled, out-of-fds with proxy module"
https://redmine.lighttpd.net/issues/3086
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
cast away signedness warning in request_check_hostname()
mod_gnutls https_add_ssl_client_entries crts allocated if crt_size != 0
(which is already checked earlier in routine)
report from FaceBook Infer static analysis tool (https://fbinfer.com/)
- quiet dead store warnings
- check return != NULL from allocation funcs
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Most OS platforms have already provided solutions to
Y2038 32-bit signed time_t 5 - 10 years ago (or more!)
Notable exceptions are Linux i686 and FreeBSD i386.
Since 32-bit systems tend to be embedded systems,
and since many distros take years to pick up new software,
this commit aims to provide Y2038 mitigations for lighttpd
running on 32-bit systems with Y2038-unsafe 32-bit signed time_t
* Y2038: lighttpd 1.4.60 and later report Y2038 safety
$ lighttpd -V
+ Y2038 support # Y2038-SAFE
$ lighttpd -V
- Y2038 support (unsafe 32-bit signed time_t) # Y2038-UNSAFE
* Y2038: general platform info
* Y2038-SAFE: lighttpd 64-bit builds on platforms using 64-bit time_t
- all major 64-bit platforms (known to this author) use 64-bit time_t
* Y2038-SAFE: lighttpd 32-bit builds on platforms using 64-bit time_t
- Linux x32 ABI (different from i686)
- FreeBSD all 32-bit and 64-bit architectures *except* 32-bit i386
- NetBSD 6.0 (released Oct 2012) all 32-bit and 64-bit architectures
- OpenBSD 5.5 (released May 2014) all 32-bit and 64-bit architectures
- Microsoft Windows XP and Visual Studio 2005 (? unsure ?)
Another reference suggests Visual Studio 2015 defaults to 64-bit time_t
- MacOS 10.15 Catalina (released 2019) drops support for 32-bit apps
* Y2038-SAFE: lighttpd 32-bit builds on platforms using 32-bit unsigned time_t
- e.g. OpenVMS (unknown if lighttpd builds on this platform)
* Y2038-UNSAFE: lighttpd 32-bit builds on platforms using 32-bit signed time_t
- Linux 32-bit (including i686)
- glibc 32-bit library support not yet available for 64-bit time_t
- https://sourceware.org/glibc/wiki/Y2038ProofnessDesign
- Linux kernel 5.6 on 32-bit platforms does support 64-bit time_t
https://itsubuntu.com/linux-kernel-5-6-to-fix-the-year-2038-issue-unix-y2k/
- https://www.gnu.org/software/libc/manual/html_node/64_002dbit-time-symbol-handling.html
"Note: at this point, 64-bit time support in dual-time
configurations is work-in-progress, so for these
configurations, the public API only makes the 32-bit time
support available. In a later change, the public API will
allow user code to choose the time size for a given
compilation unit."
- compiling with -D_TIME_BITS=64 currently has no effect
- glibc recent (Jul 2021) mailing list discussion
- https://public-inbox.org/bug-gnulib/878s2ozq70.fsf@oldenburg.str.redhat.com/T/
- FreeBSD i386
- DragonFlyBSD 32-bit
* Y2038 mitigations attempted on Y2038-UNSAFE platforms (32-bit signed time_t)
* lighttpd prefers system monotonic clock instead of realtime clock
in places where realtime clock is not required
* lighttpd treats negative time_t values as after 19 Jan 2038 03:14:07 GMT
* (lighttpd presumes that lighttpd will not encounter dates before 1970
during normal operation.)
* lighttpd casts struct stat st.st_mtime (and st.st_*time) through uint64_t
to convert negative timestamps for comparisions with 64-bit timestamps
(treating negative timestamp values as after 19 Jan 2038 03:14:07 GMT)
* lighttpd provides unix_time64_t (int64_t) and
* lighttpd provides struct unix_timespec64 (unix_timespec64_t)
(struct timespec equivalent using unix_time64_t tv_sec member)
* lighttpd provides gmtime64_r() and localtime64_r() wrappers
for platforms 32-bit platforms using 32-bit time_t and
lighttpd temporarily shifts the year in order to use
gmtime_r() and localtime_r() (or gmtime() and localtime())
from standard libraries, before readjusting year and passing
struct tm to formatting functions such as strftime()
* lighttpd provides TIME64_CAST() macro to cast signed 32-bit time_t to
unsigned 32-bit and then to unix_time64_t
* Note: while lighttpd tries handle times past 19 Jan 2038 03:14:07 GMT
on 32-bit platforms using 32-bit signed time_t, underlying libraries and
underlying filesystems might not behave properly after 32-bit signed time_t
overflows (19 Jan 2038 03:14:08 GMT). If a given 32-bit OS does not work
properly using negative time_t values, then lighttpd likely will not work
properly on that system.
* Other references and blogs
- https://en.wikipedia.org/wiki/Year_2038_problem
- https://en.wikipedia.org/wiki/Time_formatting_and_storage_bugs
- http://www.lieberbiber.de/2017/03/14/a-look-at-the-year-20362038-problems-and-time-proofness-in-various-systems/
|
| |
|
|
|
| |
(mod_extforward recently changed to use buffer_move() to save addr
instead of swapping pointers)
|
