[multiple] employ ck_calloc, ck_malloc shared code

employ ck_calloc(), ck_malloc() shared code to slightly reduce code size
(centralize the ck_assert() to check that memory allocation succeeded)

[multiple] mark mod_*_plugin_init() funcs cold

[mod_proxy,mod_cgi] fix dummy Sec-WebSocket-Key

fix dummy Sec-WebSocket-Key value to remove excess '\n'

x-ref:
"Fix websocket HTTP/2 to HTTP/1.1 proxy"
https://github.com/lighttpd/lighttpd1.4/p

[mod_proxy,mod_cgi] fix dummy Sec-WebSocket-Key

fix dummy Sec-WebSocket-Key value to remove excess '\n'

x-ref:
"Fix websocket HTTP/2 to HTTP/1.1 proxy"
https://github.com/lighttpd/lighttpd1.4/pull/123

github: closes #123

show more ...

[multiple] rename status_counter -> plugin_stats

[multiple] use buffer_append_char()

[multiple] WebSockets over HTTP/2 (fixes #3151)

Add support for WebSockets over HTTP/2 to lighttpd core and to
mod_cgi w/ config: cgi.upgrade = "enable"
mod_proxy w/ config: proxy.head

[multiple] WebSockets over HTTP/2 (fixes #3151)

Add support for WebSockets over HTTP/2 to lighttpd core and to
mod_cgi w/ config: cgi.upgrade = "enable"
mod_proxy w/ config: proxy.header += ("upgrade" => "enable")
mod_wstunnel

HTTP/2 CONNECT extension defined in RFC8441 is translated to HTTP/1.1
'Upgrade: websocket' requests to mod_cgi or mod_proxy, and is handled
directly in mod_wstunnel.

x-ref:
WebSockets over HTTP/2
https://redmine.lighttpd.net/issues/3151
Bootstrapping WebSockets with HTTP/2
https://datatracker.ietf.org/doc/html/rfc8441

show more ...

[mod_proxy] adjust handling of legacy X-* headers

append to X-Forwarded-For

overwrite X-Host, X-Forwarded-Host, X-Forwarded-Proto
(with value that might be obtained from trusted downstream proxy
c

[mod_proxy] adjust handling of legacy X-* headers

append to X-Forwarded-For

overwrite X-Host, X-Forwarded-Host, X-Forwarded-Proto
(with value that might be obtained from trusted downstream proxy
configured with mod_extforward)
(do not blindly pass through client-provided values, unless
mod_extforward has been configured to trust the downstream proxy)

(RFC 7239 Forwarded is a standardized header with structured format
and ought to be preferred over the legacy X-* headers, where available)

show more ...

[mod_proxy] Length Req if proxy forcing HTTP/1.0

return 411 Length Required if mod_proxy configured to force HTTP/1.0
to backend and configured to stream request body, and client request
has a reque

[mod_proxy] Length Req if proxy forcing HTTP/1.0

return 411 Length Required if mod_proxy configured to force HTTP/1.0
to backend and configured to stream request body, and client request
has a request body but did not provide Content-Length.

show more ...

[core] thwart h2c smuggling when Upgrade enabled

Existing behavior: mod_proxy *does not* forward Upgrade header
unless explicitly enabled in lighttpd.conf (default: not enabled)
(proxy.header += (

[core] thwart h2c smuggling when Upgrade enabled

Existing behavior: mod_proxy *does not* forward Upgrade header
unless explicitly enabled in lighttpd.conf (default: not enabled)
(proxy.header += ("upgrade" => "enable"))

mod_cgi previously used to forward Upgrade request header, but would
remove Upgrade response header if cgi.upgrade was not explicitly enabled
(cgi.upgrade = "enable")

This patch thwarts h2c smuggling when lighttpd.conf has also been
explicitly configured to pass "Upgrade" request header

x-ref:
"h2c Smuggling: Request Smuggling Via HTTP/2 Cleartext (h2c)"
https://labs.bishopfox.com/tech-blog/h2c-smuggling-request-smuggling-via-http/2-cleartext-h2c

show more ...

[multiple] check feature flags funcs; code reuse

config_feature_bool()
config_feature_int()

[multiple] internal control for backend read bytes

separate internal control for backend max_per_read

When not streaming, large reads will be flushed to temp files on disk.
When streaming, use a sm

[multiple] internal control for backend read bytes

separate internal control for backend max_per_read

When not streaming, large reads will be flushed to temp files on disk.
When streaming, use a smaller buffer to help reduce memory usage.

When not streaming, attempt to read and empty kernel socket bufs.
(e.g. MAX_READ_LIMIT 256k)

When writing to sockets (or pipes) attempt to fill kernel socket bufs.
(e.g. MAX_WRITE_LIMIT 256k)

show more ...

[multiple] http_method_buf()

- http_method_buf() returns (const buffer *)
- comment out unused get_http_status_name()
- inline func for http_append_method()

config processing requires a persistent

[multiple] http_method_buf()

- http_method_buf() returns (const buffer *)
- comment out unused get_http_status_name()
- inline func for http_append_method()

config processing requires a persistent buffer for method on the
off-chance that the config performed a capturing regex match in
$HTTP["method"] condition and used it later (e.g. in mod_rewrite)
(Prior behavior using r->tmp_buf was undefined in this case)

show more ...

[core] proxy_create_env() tweaks

reorder some code for better asm

proxy_set_Forwarded() sets multiple request headers, and does so prior
to walking all request headers to create request to backend.

[core] proxy_create_env() tweaks

reorder some code for better asm

proxy_set_Forwarded() sets multiple request headers, and does so prior
to walking all request headers to create request to backend. This is
done so that specific already-existing request headers from client are
overwritten (intentionally) in proxy_set_Forwarded().

Expect header is handled, but not expected since client-sent Expect
header is handled (and unset) in connection_handle_read_post_state()

show more ...

[mod_proxy] proxy_response_headers load v earlier

proxy_response_headers() issue variable load slightly earlier

[multiple] inline struct in con->dst_addr_buf

(mod_extforward recently changed to use buffer_move() to save addr
instead of swapping pointers)

[multiple] reduce redundant NULL buffer checks

This commit is a large set of code changes and results in removal of
hundreds, perhaps thousands, of CPU instructions, a portion of which
are on hot co

[multiple] reduce redundant NULL buffer checks

This commit is a large set of code changes and results in removal of
hundreds, perhaps thousands, of CPU instructions, a portion of which
are on hot code paths.

Most (buffer *) used by lighttpd are not NULL, especially since buffers
were inlined into numerous larger structs such as request_st and chunk.

In the small number of instances where that is not the case, a NULL
check is often performed earlier in a function where that buffer is
later used with a buffer_* func. In the handful of cases that remained,
a NULL check was added, e.g. with r->http_host and r->conf.server_tag.

- check for empty strings at config time and set value to NULL if blank
string will be ignored at runtime; at runtime, simple pointer check
for NULL can be used to check for a value that has been set and is not
blank ("")
- use buffer_is_blank() instead of buffer_string_is_empty(),
and use buffer_is_unset() instead of buffer_is_empty(),
where buffer is known not to be NULL so that NULL check can be skipped
- use buffer_clen() instead of buffer_string_length() when buffer is
known not to be NULL (to avoid NULL check at runtime)
- use buffer_truncate() instead of buffer_string_set_length() to
truncate string, and use buffer_extend() to extend

Examples where buffer known not to be NULL:
- cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL
(though we might set it to NULL if buffer_is_blank(cpv->v.b))
- address of buffer is arg (&foo)
(compiler optimizer detects this in most, but not all, cases)
- buffer is checked for NULL earlier in func
- buffer is accessed in same scope without a NULL check (e.g. b->ptr)

internal behavior change:
callers must not pass a NULL buffer to some funcs.
- buffer_init_buffer() requires non-null args
- buffer_copy_buffer() requires non-null args
- buffer_append_string_buffer() requires non-null args
- buffer_string_space() requires non-null arg

show more ...

[mod_proxy] send HTTP/1.0 to backend if no Host

send HTTP/1.0 request to backend if no Host header sent with request

(If Host header is present with an HTTP/1.0 request from client, then
lighttpd

[mod_proxy] send HTTP/1.0 to backend if no Host

send HTTP/1.0 request to backend if no Host header sent with request

(If Host header is present with an HTTP/1.0 request from client, then
lighttpd can still make an HTTP/1.1 request to backends)

show more ...

[multiple] use buffer_append_* aggregates

reduces the number of round-trips into some frequently-called routines

[multiple] http_header APIs to reduce str copies

[multiple] optimize primitives, buffer_extend()

optimize buffer_* primitives

Other than buffer_string_set_length(), reallocate with one power-2 step
in size (or use the requested size, if larger).

[multiple] optimize primitives, buffer_extend()

optimize buffer_* primitives

Other than buffer_string_set_length(), reallocate with one power-2 step
in size (or use the requested size, if larger). This replaces the fixed
BUFFER_PIECE_SIZE round-up of only 64 bytes extension each reallocation,
which could lead to excessive reallocations in some scenarios.

buffer_extend() convenience routine to prep for batch append
(combines buffer_string_prepare_append() and buffer_commit())

mod_fastcgi, mod_scgi, mod_proxy and others now leverage buffer_extend()

mod_scgi directly performs little-endian encoding of short ints

http_response_write_header() optimizes writing response header,
leveraging buffer_extend()

modify mod_proxy to append line ends
similar to how it is done in http_response_write_header()
(removes one call to buffer_append_string_len())

show more ...

[multiple] use HTTP_HEADER_* enum before strcmp

When known, use HTTP_HEADER_* enum before string comparisons

[mod_proxy] fix sending of initial reqbody chunked

fix sending of initial reqbody chunked to backend

[mod_proxy] proxy.header = ("force-http10" => ...)

compatibility option to force HTTP/1.0 requests to mod_proxy backend
proxy.header += ("force-http10" => "disable") (default)

If proxy.header is s

[mod_proxy] proxy.header = ("force-http10" => ...)

compatibility option to force HTTP/1.0 requests to mod_proxy backend
proxy.header += ("force-http10" => "disable") (default)

If proxy.header is set (for any options), it overrides the global
server.feature-flags += ("proxy.force-http10" => "disable")

show more ...

[multiple] more forgiving config str to boolean (fixes #3036)

more consistent use of shared code config_plugin_value_tobool()

(thx tow-conf)

x-ref:
"The on/off keywords in boolean configuration

[multiple] more forgiving config str to boolean (fixes #3036)

more consistent use of shared code config_plugin_value_tobool()

(thx tow-conf)

x-ref:
"The on/off keywords in boolean configuration options is inconsistent, which might be misleading and error-prone."
https://redmine.lighttpd.net/issues/3036

show more ...

[multiple] inline chunkqueue where always alloc'd

inline struct chunkqueue where always allocated in other structs

(memory locality)