| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
match "map-host-response" with authority provided in (request) Host
for "-" in response map and when no other "map-host-request" mapped
request to a different authority. This is a bit friendlier for use
with bidirectional https-remap.
|
| |
|
|
| |
_WIN32 __declspec(dllexport) on mod_*_plugin_init()
|
| | |
|
| |
|
|
|
| |
employ ck_calloc(), ck_malloc() shared code to slightly reduce code size
(centralize the ck_assert() to check that memory allocation succeeded)
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
fix dummy Sec-WebSocket-Key value to remove excess '\n'
x-ref:
"Fix websocket HTTP/2 to HTTP/1.1 proxy"
https://github.com/lighttpd/lighttpd1.4/pull/123
github: closes #123
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for WebSockets over HTTP/2 to lighttpd core and to
mod_cgi w/ config: cgi.upgrade = "enable"
mod_proxy w/ config: proxy.header += ("upgrade" => "enable")
mod_wstunnel
HTTP/2 CONNECT extension defined in RFC8441 is translated to HTTP/1.1
'Upgrade: websocket' requests to mod_cgi or mod_proxy, and is handled
directly in mod_wstunnel.
x-ref:
WebSockets over HTTP/2
https://redmine.lighttpd.net/issues/3151
Bootstrapping WebSockets with HTTP/2
https://datatracker.ietf.org/doc/html/rfc8441
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
append to X-Forwarded-For
overwrite X-Host, X-Forwarded-Host, X-Forwarded-Proto
(with value that might be obtained from trusted downstream proxy
configured with mod_extforward)
(do not blindly pass through client-provided values, unless
mod_extforward has been configured to trust the downstream proxy)
(RFC 7239 Forwarded is a standardized header with structured format
and ought to be preferred over the legacy X-* headers, where available)
|
| |
|
|
|
|
| |
return 411 Length Required if mod_proxy configured to force HTTP/1.0
to backend and configured to stream request body, and client request
has a request body but did not provide Content-Length.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Existing behavior: mod_proxy *does not* forward Upgrade header
unless explicitly enabled in lighttpd.conf (default: not enabled)
(proxy.header += ("upgrade" => "enable"))
mod_cgi previously used to forward Upgrade request header, but would
remove Upgrade response header if cgi.upgrade was not explicitly enabled
(cgi.upgrade = "enable")
This patch thwarts h2c smuggling when lighttpd.conf has also been
explicitly configured to pass "Upgrade" request header
x-ref:
"h2c Smuggling: Request Smuggling Via HTTP/2 Cleartext (h2c)"
https://labs.bishopfox.com/tech-blog/h2c-smuggling-request-smuggling-via-http/2-cleartext-h2c
|
| |
|
|
|
| |
config_feature_bool()
config_feature_int()
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
separate internal control for backend max_per_read
When not streaming, large reads will be flushed to temp files on disk.
When streaming, use a smaller buffer to help reduce memory usage.
When not streaming, attempt to read and empty kernel socket bufs.
(e.g. MAX_READ_LIMIT 256k)
When writing to sockets (or pipes) attempt to fill kernel socket bufs.
(e.g. MAX_WRITE_LIMIT 256k)
|
| |
|
|
|
|
|
|
|
|
|
| |
- http_method_buf() returns (const buffer *)
- comment out unused get_http_status_name()
- inline func for http_append_method()
config processing requires a persistent buffer for method on the
off-chance that the config performed a capturing regex match in
$HTTP["method"] condition and used it later (e.g. in mod_rewrite)
(Prior behavior using r->tmp_buf was undefined in this case)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
reorder some code for better asm
proxy_set_Forwarded() sets multiple request headers, and does so prior
to walking all request headers to create request to backend. This is
done so that specific already-existing request headers from client are
overwritten (intentionally) in proxy_set_Forwarded().
Expect header is handled, but not expected since client-sent Expect
header is handled (and unset) in connection_handle_read_post_state()
|
| |
|
|
| |
proxy_response_headers() issue variable load slightly earlier
|
| |
|
|
|
| |
(mod_extforward recently changed to use buffer_move() to save addr
instead of swapping pointers)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit is a large set of code changes and results in removal of
hundreds, perhaps thousands, of CPU instructions, a portion of which
are on hot code paths.
Most (buffer *) used by lighttpd are not NULL, especially since buffers
were inlined into numerous larger structs such as request_st and chunk.
In the small number of instances where that is not the case, a NULL
check is often performed earlier in a function where that buffer is
later used with a buffer_* func. In the handful of cases that remained,
a NULL check was added, e.g. with r->http_host and r->conf.server_tag.
- check for empty strings at config time and set value to NULL if blank
string will be ignored at runtime; at runtime, simple pointer check
for NULL can be used to check for a value that has been set and is not
blank ("")
- use buffer_is_blank() instead of buffer_string_is_empty(),
and use buffer_is_unset() instead of buffer_is_empty(),
where buffer is known not to be NULL so that NULL check can be skipped
- use buffer_clen() instead of buffer_string_length() when buffer is
known not to be NULL (to avoid NULL check at runtime)
- use buffer_truncate() instead of buffer_string_set_length() to
truncate string, and use buffer_extend() to extend
Examples where buffer known not to be NULL:
- cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL
(though we might set it to NULL if buffer_is_blank(cpv->v.b))
- address of buffer is arg (&foo)
(compiler optimizer detects this in most, but not all, cases)
- buffer is checked for NULL earlier in func
- buffer is accessed in same scope without a NULL check (e.g. b->ptr)
internal behavior change:
callers must not pass a NULL buffer to some funcs.
- buffer_init_buffer() requires non-null args
- buffer_copy_buffer() requires non-null args
- buffer_append_string_buffer() requires non-null args
- buffer_string_space() requires non-null arg
|
| |
|
|
|
|
|
| |
send HTTP/1.0 request to backend if no Host header sent with request
(If Host header is present with an HTTP/1.0 request from client, then
lighttpd can still make an HTTP/1.1 request to backends)
|
| |
|
|
| |
reduces the number of round-trips into some frequently-called routines
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
optimize buffer_* primitives
Other than buffer_string_set_length(), reallocate with one power-2 step
in size (or use the requested size, if larger). This replaces the fixed
BUFFER_PIECE_SIZE round-up of only 64 bytes extension each reallocation,
which could lead to excessive reallocations in some scenarios.
buffer_extend() convenience routine to prep for batch append
(combines buffer_string_prepare_append() and buffer_commit())
mod_fastcgi, mod_scgi, mod_proxy and others now leverage buffer_extend()
mod_scgi directly performs little-endian encoding of short ints
http_response_write_header() optimizes writing response header,
leveraging buffer_extend()
modify mod_proxy to append line ends
similar to how it is done in http_response_write_header()
(removes one call to buffer_append_string_len())
|
| |
|
|
| |
When known, use HTTP_HEADER_* enum before string comparisons
|
| |
|
|
| |
fix sending of initial reqbody chunked to backend
|
| |
|
|
|
|
|
|
| |
compatibility option to force HTTP/1.0 requests to mod_proxy backend
proxy.header += ("force-http10" => "disable") (default)
If proxy.header is set (for any options), it overrides the global
server.feature-flags += ("proxy.force-http10" => "disable")
|
| |
|
|
|
|
|
|
|
|
| |
more consistent use of shared code config_plugin_value_tobool()
(thx tow-conf)
x-ref:
"The on/off keywords in boolean configuration options is inconsistent, which might be misleading and error-prone."
https://redmine.lighttpd.net/issues/3036
|
| |
|
|
|
|
| |
inline struct chunkqueue where always allocated in other structs
(memory locality)
|
| | |
|
| | |
|
| |
|
|
|
| |
do not forward Expect: 100-continue to backend
since we do not handle HTTP/1.1 100 Continue response
|
| |
|
|
|
| |
For prior behavior (HTTP/1.0 requests to backend), force HTTP/1.0 with:
server.feature-flags = ("proxy.force-http10" => "enable")
|
| |
|
|
| |
rename connection_reset to handle_request_reset
|
| |
|
|
|
|
|
|
|
|
| |
(expansion of buffer_string_lenth() inline function and CONST_BUF_LEN()
macro, which always check for NULL, appears to cause the analyzer to
believe that a pointer might be NULL in cases where it otherwise can
not be NULL)
x-ref:
http://clang-analyzer.llvm.org/faq.html
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
stream request body using HTTP/1.1 Transfer-Encoding: chunked
(Note: if backend proxy target does not support HTTP/1.1,
then do not use server.stream-request-body = 1 or 2)
If not streaming to backend, collect request body
(now supporting Transfer-Encoding: chunked from client
and then sending with Content-Length to backend)
x-ref:
"Lighty returns HTTP 411 Length Required with proxy and streaming requests/reponses body"
https://redmine.lighttpd.net/issues/3006
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NB: r->tmp_buf == srv->tmp_buf (pointer is copied for quicker access)
NB: request read and write chunkqueues currently point to connection
chunkqueues; per-request and per-connection chunkqueues are
not distinct from one another
con->read_queue == r->read_queue
con->write_queue == r->write_queue
NB: in the future, a separate connection config may be needed for
connection-level module hooks. Similarly, might need to have
per-request chunkqueues separate from per-connection chunkqueues.
Should probably also have a request_reset() which is distinct from
connection_reset().
|
| |
|
|
| |
store pointer to module in handler_module instead of con->mode id
|
| |
|
|
|
| |
NB: in the future, a separate plugin_ctx may be needed for
connection-level plugins to keep state across multiple requests
|
| | |
|
| | |
|
| |
|
|
|
|
| |
rename content_length to reqbody_length in request,
to more easily differentiate request body length
from response content_length
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
use global rather than passing around (server *) just for that
li_itostrn() and li_utostrn() return string length
(rather than requiring subsequent strlen() to find length)
|
| |
|
|
| |
(explicit (server *) not passed; available in con->srv)
|
| |
|
|
|
|
|
|
| |
convert all log_error_write() to log_error() and pass (log_error_st *)
use con->errh in preference to srv->errh (even though currently same)
avoid passing (server *) when previously used only for logging (errh)
|
| | |
|
| |
|
|
| |
(simpler for modules; less boilerplate to cut-n-paste)
|
| | |
|
