[multiple] store ptrs to remote addr in request_st (#3192)

adds two pointers to (request_st *) (cost: 16 bytes in 64-bit builds)

prepares for upcoming changes to mod_extforward to manage remote add

[multiple] store ptrs to remote addr in request_st (#3192)

adds two pointers to (request_st *) (cost: 16 bytes in 64-bit builds)

prepares for upcoming changes to mod_extforward to manage remote addr
per request for HTTP/2 requests, rather than remote addr per connection.

Modern load balancers often provide options to reuse connections for
*different* clients, and therefore mod_extforward might change the
remote addr per request.

x-ref:
"RFE: mod_extforward and multiplexed requests via HTTP/2"
https://redmine.lighttpd.net/issues/3192
"Evaluation of remote_addr for mod_maxminddb for multiplexed connections"
https://redmine.lighttpd.net/issues/3191

show more ...

[multiple] employ ck_calloc, ck_malloc shared code

employ ck_calloc(), ck_malloc() shared code to slightly reduce code size
(centralize the ck_assert() to check that memory allocation succeeded)

[multiple] WebSockets over HTTP/2 (fixes #3151)

Add support for WebSockets over HTTP/2 to lighttpd core and to
mod_cgi w/ config: cgi.upgrade = "enable"
mod_proxy w/ config: proxy.head

[multiple] WebSockets over HTTP/2 (fixes #3151)

Add support for WebSockets over HTTP/2 to lighttpd core and to
mod_cgi w/ config: cgi.upgrade = "enable"
mod_proxy w/ config: proxy.header += ("upgrade" => "enable")
mod_wstunnel

HTTP/2 CONNECT extension defined in RFC8441 is translated to HTTP/1.1
'Upgrade: websocket' requests to mod_cgi or mod_proxy, and is handled
directly in mod_wstunnel.

x-ref:
WebSockets over HTTP/2
https://redmine.lighttpd.net/issues/3151
Bootstrapping WebSockets with HTTP/2
https://datatracker.ietf.org/doc/html/rfc8441

show more ...

[core] isolate plugins_*() funcs to main server

(future: might rename plugin.c -> plugins.c since the functions
contained within are all plugins_*())

[multiple] remove r->physical.etag

(no longer used; was used as temporary buffer)

[core] fix reqpool mem corruption in 1.4.62 (fixes #3118)

x-ref:
"Segfault after updating to version 1.4.62"
https://redmine.lighttpd.net/issues/3118
"Segfault on closing connections"
https:

[core] fix reqpool mem corruption in 1.4.62 (fixes #3118)

x-ref:
"Segfault after updating to version 1.4.62"
https://redmine.lighttpd.net/issues/3118
"Segfault on closing connections"
https://redmine.lighttpd.net/issues/3119

show more ...

[core] allocate pcre output vector on demand

allocate pcre output vector on demand for saved config captures
(similar to what is done in lighttpd for pcre2 support)

[core] pcre2 support (--with-pcre2)

x-ref:
"lighttpd: depends on obsolete pcre3 library"
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000063

[core] save config regex captures only if used

save config regex captures separately only if used by url.redirect
or url.rewrite replacement directives within the condition
(or for conditions contai

[core] save config regex captures only if used

save config regex captures separately only if used by url.redirect
or url.rewrite replacement directives within the condition
(or for conditions containing directives from any other module
which calls config_capture() for its directives during init)

keep pointer to match data (cond_match_t *) in r->cond_match[]
rather than cond_match_t to reduce data copying in h2_init_stream().
h2_init_stream() copies the results for already-evaluated conditions
to avoid re-evaluating connection-level conditions for each and every
stream. When conditions are reset, then the pointer in r->cond_match[]
is updated when the condition is re-evaluated. (This all assumes that
HTTP/2 connection-level conditions are not unset or re-evaluated once
HTTP/2 streams begin.)

show more ...

[core] clear request,connection pools every 64 sec (#3084)

x-ref:
"Memory fragmentation with HTTP/2 enabled"
https://redmine.lighttpd.net/issues/3084

[core] reset large path buffers from long URLs

[core] allocate initial request pool w/ srv->conns

allocate reusable h2 request pool when initial srv->conns pool allocated

[core] request_config_reset()

move configfile.c:config_reset_config()
to reqpool.c:request_config_reset()

[multiple] reduce redundant NULL buffer checks

This commit is a large set of code changes and results in removal of
hundreds, perhaps thousands, of CPU instructions, a portion of which
are on hot co

[multiple] reduce redundant NULL buffer checks

This commit is a large set of code changes and results in removal of
hundreds, perhaps thousands, of CPU instructions, a portion of which
are on hot code paths.

Most (buffer *) used by lighttpd are not NULL, especially since buffers
were inlined into numerous larger structs such as request_st and chunk.

In the small number of instances where that is not the case, a NULL
check is often performed earlier in a function where that buffer is
later used with a buffer_* func. In the handful of cases that remained,
a NULL check was added, e.g. with r->http_host and r->conf.server_tag.

- check for empty strings at config time and set value to NULL if blank
string will be ignored at runtime; at runtime, simple pointer check
for NULL can be used to check for a value that has been set and is not
blank ("")
- use buffer_is_blank() instead of buffer_string_is_empty(),
and use buffer_is_unset() instead of buffer_is_empty(),
where buffer is known not to be NULL so that NULL check can be skipped
- use buffer_clen() instead of buffer_string_length() when buffer is
known not to be NULL (to avoid NULL check at runtime)
- use buffer_truncate() instead of buffer_string_set_length() to
truncate string, and use buffer_extend() to extend

Examples where buffer known not to be NULL:
- cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL
(though we might set it to NULL if buffer_is_blank(cpv->v.b))
- address of buffer is arg (&foo)
(compiler optimizer detects this in most, but not all, cases)
- buffer is checked for NULL earlier in func
- buffer is accessed in same scope without a NULL check (e.g. b->ptr)

internal behavior change:
callers must not pass a NULL buffer to some funcs.
- buffer_init_buffer() requires non-null args
- buffer_copy_buffer() requires non-null args
- buffer_append_string_buffer() requires non-null args
- buffer_string_space() requires non-null arg

show more ...

[mod_auth] close HTTP/2 connection after bad pass

mitigation slows down brute force password attacks

x-ref:
"Possible feature: authentication brute force hardening"
https://redmine.lighttpd.net

[mod_auth] close HTTP/2 connection after bad pass

mitigation slows down brute force password attacks

x-ref:
"Possible feature: authentication brute force hardening"
https://redmine.lighttpd.net/boards/3/topics/8885

show more ...

[core] track Content-Length from backend (fixes #3046)

track Content-Length from backend in r->resp_body_scratchpad

x-ref:
"Failure on second request in http proxy backend"
https://redmine.ligh

[core] track Content-Length from backend (fixes #3046)

track Content-Length from backend in r->resp_body_scratchpad

x-ref:
"Failure on second request in http proxy backend"
https://redmine.lighttpd.net/issues/3046

show more ...

[multiple] inline chunkqueue where always alloc'd

inline struct chunkqueue where always allocated in other structs

(memory locality)

[core] keep pool of (request_st *) for HTTP/2

[core] request_acquire(), request_release()

continue code abstraction for (request_st *)

[core] connection transition to HTTP/2; incomplete

(experimental)

(basic framework with some stub functions; incomplete)
(subsequently incrementally updated using git rebase)

HTTP/2 via TLS ALPN e

[core] connection transition to HTTP/2; incomplete

(experimental)

(basic framework with some stub functions; incomplete)
(subsequently incrementally updated using git rebase)

HTTP/2 via TLS ALPN extension (TLS)
HTTP/2 via Upgrade: h2c (cleartext)
HTTP/2 via Prior Knowledge (cleartext)

server.feature-flags += ("server.h2proto" => "enable")
to enable HTTP/2
server.feature-flags += ("server.h2c" => "enable")
to enable upgrade to HTTP/2 over cleartext http

show more ...

[multiple] isolate more con code in connections.c

move code from connections-glue.c back into connections.c

move code from connections-glue.c to http-header-glue.c
rename connection_response_rese

[multiple] isolate more con code in connections.c

move code from connections-glue.c back into connections.c

move code from connections-glue.c to http-header-glue.c
rename connection_response_reset()
to http_response_reset()
rename connection_handle_read_post_error()
to http_response_reqbody_read_error()

show more ...

[core] reqpool.[ch] for (request_st *)

move request_init() request_reset() request_free() from connections.c