[core] pass fdn to fdevent_sched_close,_unregister

remove issock flag; on _WIN32, select(), WSAPoll() work only on sockets

[multiple] employ ck_calloc, ck_malloc shared code

employ ck_calloc(), ck_malloc() shared code to slightly reduce code size
(centralize the ck_assert() to check that memory allocation succeeded)

[multiple] employ ck_realloc_u32() shared code

employ ck_realloc_u32() shared code to slightly reduce code size

[core] keep sockets w/ server.graceful-restart-bg

always preserve sockets across graceful restart when
server.feature-flags += (server.graceful-restart-bg = "enabled")

[core] fix SIGUSR1 graceful restart w/ TLS (fixes #3164)

(thx oldium)

fix SIGUSR1 graceful restart with TLS sockets
(regression in lighttpd 1.4.65)

x-ref:
"Graceful restart starts sending 400 Ba

[core] fix SIGUSR1 graceful restart w/ TLS (fixes #3164)

(thx oldium)

fix SIGUSR1 graceful restart with TLS sockets
(regression in lighttpd 1.4.65)

x-ref:
"Graceful restart starts sending 400 Bad Request for SSL connection handshake"
https://redmine.lighttpd.net/issues/3164

show more ...

[core] avoid server.use-ipv6 warning after SIGUSR1

[core] reset internal flags after graceful restart

reset internal socket flags after graceful restart:
re-init srv->socket->sidx and srv_socket->is_ssl
after SIGUSR1 or systemd socket activation

[core] reset internal flags after graceful restart

reset internal socket flags after graceful restart:
re-init srv->socket->sidx and srv_socket->is_ssl
after SIGUSR1 or systemd socket activation

(thx jens-maus)

x-ref:
https://github.com/jens-maus/RaspberryMatic/pull/1847

show more ...

[multiple] use buffer_append_char()

[core] sketch support for abstract sockets

(experimental; untested)

Note: abstract sockets do not require filesystem access and can not be
protected using filesystem permissions; abstract sockets a

[core] sketch support for abstract sockets

(experimental; untested)

Note: abstract sockets do not require filesystem access and can not be
protected using filesystem permissions; abstract sockets are accessible
by any process in the same network namespace on the same machine.

Abstract sockets can be passed to lighttpd via systemd socket activation
mechanism, via xinetd, or any other process which creates an abstract
socket and passes it to lighttpd. Abstract sockets can also be
configured in lighttpd.conf using a backslash-escaped double-quoted
string, where CTL and chars with high bit set are backslash-escaped into
"\\xFF", with "\\x" followed by two-byte hex encoding (e.g. "FF") for
each escaped char, e.g. "\\x00abstract-socket"

show more ...

[multiple] limit scope of socket config options

warn if socket config options used only at startup are used outside
global scope or $SERVER["socket"] with '==' condition

[core] build fix for cygwin and lmingw

[core] fill in un.sun_path after accept() (fixes #3147)

(thx fstelzer)

x-ref:
"mod_proxy breaks X-Forwarded-For on requests via unix sockets"
https://redmine.lighttpd.net/issues/3147

[core] allow LISTEN_PID to be ppid if TRACEME (fixes #3137)

allow LISTEN_PID to be ppid (parent pid) if TRACEME set in environment
(e.g. for strace, gdb on Linux; valgrind starts lighttpd as LISTEN_

[core] allow LISTEN_PID to be ppid if TRACEME (fixes #3137)

allow LISTEN_PID to be ppid (parent pid) if TRACEME set in environment
(e.g. for strace, gdb on Linux; valgrind starts lighttpd as LISTEN_PID)

x-ref:
"TRACEME environment option in tests broken with LISTEN_PID"
https://redmine.lighttpd.net/issues/3137

show more ...

[multiple] remove buffer_init_buffer()

remove (minor) convenience func; easy to replace

Like buffer_init_string(), buffer_init_buffer() was used in only a few
places at startup or in cold funcs, so

[multiple] remove buffer_init_buffer()

remove (minor) convenience func; easy to replace

Like buffer_init_string(), buffer_init_buffer() was used in only a few
places at startup or in cold funcs, so better off removed from buffer.c

show more ...

[core] hide bsd_accept_filter code on OpenBSD (fixes #3131)

(thx devnexen)

OpenBSD does not provide SO_ACCEPTFILTER

(This patch shows a good example of why cuddled-else should be avoided)

x-ref:

[core] hide bsd_accept_filter code on OpenBSD (fixes #3131)

(thx devnexen)

OpenBSD does not provide SO_ACCEPTFILTER

(This patch shows a good example of why cuddled-else should be avoided)

x-ref:
"Remove unneeded connection bsd filter handling for OpenBSD"
https://redmine.lighttpd.net/issues/3131

show more ...

[core] quiet coverity warnings

[core] cfg server.bindhost after $SERVER["socket"]

init global config for server.bindhost and server.port after
initializing $SERVER["socket"] so that if bindhost and port matches
another $SERVER["s

[core] cfg server.bindhost after $SERVER["socket"]

init global config for server.bindhost and server.port after
initializing $SERVER["socket"] so that if bindhost and port matches
another $SERVER["socket"], the $SERVER["socket"] config is used,
as the $SERVER["socket"] config inherits from the global scope and
can the be overridden.

x-ref:
"Activate SSL with lighttpd on a Raspberry Pi"
https://stackoverflow.com/questions/68939760/activate-ssl-with-lighttpd-on-a-raspberry-pi

show more ...

[core] rename srv->max_conns -> srv->lim_conns

srv->lim_conns tracks remaining conns until limit is reached,
replacing (srv->max_conns - srv->conns.used)

srv->srvconf.max_conns is now updated at st

[core] rename srv->max_conns -> srv->lim_conns

srv->lim_conns tracks remaining conns until limit is reached,
replacing (srv->max_conns - srv->conns.used)

srv->srvconf.max_conns is now updated at startup, so
srv->srvconf.max_conns serves as srv->max_conns

show more ...

[multiple] reduce redundant NULL buffer checks

This commit is a large set of code changes and results in removal of
hundreds, perhaps thousands, of CPU instructions, a portion of which
are on hot co

[multiple] reduce redundant NULL buffer checks

This commit is a large set of code changes and results in removal of
hundreds, perhaps thousands, of CPU instructions, a portion of which
are on hot code paths.

Most (buffer *) used by lighttpd are not NULL, especially since buffers
were inlined into numerous larger structs such as request_st and chunk.

In the small number of instances where that is not the case, a NULL
check is often performed earlier in a function where that buffer is
later used with a buffer_* func. In the handful of cases that remained,
a NULL check was added, e.g. with r->http_host and r->conf.server_tag.

- check for empty strings at config time and set value to NULL if blank
string will be ignored at runtime; at runtime, simple pointer check
for NULL can be used to check for a value that has been set and is not
blank ("")
- use buffer_is_blank() instead of buffer_string_is_empty(),
and use buffer_is_unset() instead of buffer_is_empty(),
where buffer is known not to be NULL so that NULL check can be skipped
- use buffer_clen() instead of buffer_string_length() when buffer is
known not to be NULL (to avoid NULL check at runtime)
- use buffer_truncate() instead of buffer_string_set_length() to
truncate string, and use buffer_extend() to extend

Examples where buffer known not to be NULL:
- cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL
(though we might set it to NULL if buffer_is_blank(cpv->v.b))
- address of buffer is arg (&foo)
(compiler optimizer detects this in most, but not all, cases)
- buffer is checked for NULL earlier in func
- buffer is accessed in same scope without a NULL check (e.g. b->ptr)

internal behavior change:
callers must not pass a NULL buffer to some funcs.
- buffer_init_buffer() requires non-null args
- buffer_copy_buffer() requires non-null args
- buffer_append_string_buffer() requires non-null args
- buffer_string_space() requires non-null arg

show more ...

[core] accept in network_server_handle_fdevent()

merge connection_accept() into network_server_handle_fdevent()

(possible since connection_accepted() was split out from
connection_accept() a long

[core] accept in network_server_handle_fdevent()

merge connection_accept() into network_server_handle_fdevent()

(possible since connection_accepted() was split out from
connection_accept() a long time ago)

show more ...

[core] consistent inclusion of sys-time.h

[core] save parsed listen addrs at startup

save parsed listen addrs at startup for reuse at runtime

srv_socket->srv_token is normalized at startup and contains IP and port.
save offset to colon, if

[core] save parsed listen addrs at startup

save parsed listen addrs at startup for reuse at runtime

srv_socket->srv_token is normalized at startup and contains IP and port.
save offset to colon, if present, or else length of string (unix socket)

At runtime, srv_token_colon can be quickly used as length of IP string
(without port) or, if not length of string, offset of stringified port
following the colon.

show more ...

[core] allow '*' in "*:80" socket spec

[core] quiet coverity warning

add arbitrary limit of 4096 fds to accept via systemd socket activation
(through environment variables)

[core] fix crash at shutdown w/ certain config

If server.systemd-socket-activation = "enable" and one or more of the
sockets is not listed in lighttpd.conf, then when the server is shutting
down, a

[core] fix crash at shutdown w/ certain config

If server.systemd-socket-activation = "enable" and one or more of the
sockets is not listed in lighttpd.conf, then when the server is shutting
down, a buffer from the config file is free()d twice.

show more ...