Commit Graph

108 Commits

Author SHA1 Message Date
Glenn Strauss 9211fb3d86 [mod_deflate] support Accept-Encoding: zstd 2021-01-12 18:29:20 -05:00
Glenn Strauss b700a8ca09 [multiple] etag.[ch] -> http_etag.[ch]; better imp
more efficient implementation of HTTP ETag generation and comparison

modify dekhash() to take hash value to allow for incremental hashing
2020-12-25 14:41:16 -05:00
Glenn Strauss 655453a195 [core] inet_ntop_cache -> sock_addr_cache
* rename inet_ntop_cache.[ch] to sock_addr_cache.[ch]
* reimplement as separate caches for IPv4 and IPv6
2020-12-24 20:05:01 -05:00
Glenn Strauss f8cc9fb915 [core] http_date.[ch] encapsulate HTTP-date parse
http_date.[ch] encapsulate HTTP-date parse/compare

(import from one of my development branches from 2015)
2020-12-24 16:13:20 -05:00
Glenn Strauss ce1d45ed82 [build] fix SCons build when building all TLS mods 2020-12-05 02:30:15 -05:00
Glenn Strauss 07622251b0 [build] option to use system-provided libxxhash
2020-10-29 19:30:45 -04:00
Glenn Strauss a1f6d1322a [build] mark dependencies on crypto lib for MD5()
(lighttpd base executable depends on crypto lib for rand functionality,
 so the crypto library was already being loaded -- no missing symbols)
2020-10-26 13:53:07 -04:00
Glenn Strauss c3a85c9bf5 [mod_wolfssl] standalone module
standalone module forked from mod_openssl
2020-10-11 12:19:26 -04:00
Glenn Strauss 5ec59999dd [build] modify build, includes for xxHash v0.8.0 2020-10-11 12:19:26 -04:00
Glenn Strauss 156e1da2ae [core] rename splaytree.[ch] to algo_splaytree.[ch] 2020-10-11 12:19:26 -04:00
Glenn Strauss 6c8160e5a4 [core] rename md5.[ch] to algo_md5.[ch] 2020-10-11 12:19:26 -04:00
Glenn Strauss 044c8e80e5 [core] use djbhash in gw_backend to choose host
djbhash() is faster and more cache-friendly than is crc32c()
2020-10-11 12:19:26 -04:00
Glenn Strauss 5a694281da [core] ls-hpack optimizations
  lighttpd does not require HTTP/1.1 output compat from HPACK decoder
  ("field-name: value\r\n")

define NDEBUG (in ls-hpack/lshpack.c)
  lighttpd spends upwards of 20% total lighttpd CPU time in HPACK
  encode/decode in h2load test on static file over cleartext (not TLS)
  Defining NDEBUG eliminates some asserts() and results in a small
  but measurable reduction in CPU usage
2020-10-11 12:19:26 -04:00
Glenn Strauss 70b1af0640 [core] link in ls-hpack (EXPERIMENTAL)
LiteSpeed ls-hpack v2.2.1

XXX: might be better to include this as a git submodule
but minor code changes were made here for portability:
- C99 flexible array members defined as a[] instead of a[0])
- pedantic compiler warnings (excess ';' and missing declarations)
- deletion of large tables from ls-hpack/huff-tables.h (code size)
2020-10-11 11:43:06 -04:00
Glenn Strauss 6eca864c5e [core] h2.[ch] with stub funcs (incomplete)
(subsequently incrementally updated using git rebase)

huge props and many thank yous to writers of testing tools used while
developing HTTP/2 support in lighttpd:

  h2spec - conformance testing tool for HTTP/2 implementation
  h2load - HTTP/2 benchmarking tool
  curl   - command line tool and library for transferring data with URLs
2020-10-11 11:43:02 -04:00
Glenn Strauss 4e4026703d [core] reqpool.[ch] for (request_st *)
move request_init() request_reset() request_free() from connections.c
2020-10-03 09:05:38 -04:00
Glenn Strauss f358f04bdc [build] SCons build mod_deflate w/ libm for brotli 2020-08-02 12:32:37 -04:00
Glenn Strauss bc5d4b3492 [mod_compress] remove mod_compress 2020-08-02 06:46:22 -04:00
Glenn Strauss 8d5e237c60 [mod_deflate] Brotli support
configuration option: ./configure --with-brotli
2020-08-02 06:46:22 -04:00
Glenn Strauss fed2ecae19 [mod_authn_dbi] authn backend employing DBI 2020-07-16 00:29:43 -04:00
Glenn Strauss e00deb5578 [mod_nss] NSS option for TLS (fixes #1218)


mod_nss supports most ssl.* config options supported by mod_openssl

  "alternate ssl backend"
2020-07-08 22:51:32 -04:00
Glenn Strauss bf4054f8ec [mod_gnutls] GnuTLS option for TLS (fixes #109)

mod_gnutls supports most ssl.* config options supported by mod_openssl

  "GnuTLS support for the mod_ssl"
2020-07-08 22:51:31 -04:00
Glenn Strauss cb753ec5b5 [mod_mbedtls] mbedTLS option for TLS

mod_mbedtls supports most ssl.* config options supported by mod_openssl

thx Ward Willats for the initial discussion and attempt in the comments
2020-07-08 22:51:31 -04:00
Glenn Strauss 0c64096555 [core] isolate data_config.c, vector.c
isolate data_config.c, vector.c to lighttpd executable, not modules
2020-02-24 11:15:32 -05:00
Glenn Strauss 62e97967ca [core] prefer uint32_t to size_t in base.h
even 2 billion is way larger than even extreme operating values
expected for the members in base.h

include some structs directly in struct server, rather than by ptr
2020-02-24 11:15:32 -05:00
Glenn Strauss 4ac239c401 [mod_maxminddb] MaxMind GeoIP2 support 2019-05-26 10:21:57 -04:00
Glenn Strauss 61e8d799f0 [scons] adjustment for static build under CentOS
  "Trying to compile under CentOS 6.10"
2019-05-04 13:48:22 -04:00
Glenn Strauss b9e2be50c9 [mod_auth] HTTP Auth Digest algorithm=SHA-256
(also support Digest algorithm=SHA-512-256 if library support present)

enable additional algorithms by configuring lighttpd.conf auth.require
with new optional keyword "algorithm" => "MD5|SHA-256"

default algorithm remains MD5 if "algorithm" not specified

Tested with: curl --digest -u "user:pass" ... (which supports SHA-256)

  "HTTP Digest Access Authentication"
2019-03-07 00:32:17 -05:00
Glenn Strauss a950ae15ca [build] SCons support for wolfSSL 2018-10-07 23:47:56 -04:00
Glenn Strauss d6bd929e5d [build] put request.c in common src
put request.c in common src for CMake, SCons, and meson builds
(request.c is already in common source list in
2018-09-29 22:09:58 -04:00
Glenn Strauss 2dbcfc9266 [core] inline status_counter routines 2018-09-23 18:01:58 -04:00
Glenn Strauss fc1ddbed33 [mod_sockproxy] add to build
2018-09-23 18:01:58 -04:00
Glenn Strauss df4812ec2e [mod_authn_pam] mod_auth PAM support (fixes #688)
  "auth via pam"
2018-09-23 18:01:58 -04:00
Glenn Strauss 3dd3cde902 [core] abstraction layer for HTTP header manip
convert existing calls to manip request/response headers
convert existing calls to manip environment array (often header-related)
2018-09-23 18:01:58 -04:00
Glenn Strauss 3eb7902e10 [core] server.http-parseopts URL normalization opt (fixes #1720)
server.http-parseopts = ( ... ) URL normalization options

Note: *not applied* to CONNECT method

Note: In a future release, URL normalization likely enabled by default
  (normalize URL, reject control chars, remove . and .. path segments)
  To prepare for this change, lighttpd.conf configurations should
  explicitly select desired behavior by enabling or disabling:
    server.http-parseopts = ( "url-normalize" => "enable", ... )
    server.http-parseopts = ( "url-normalize" => "disable" )

  "lighttpd ... compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data."
  "Rewrite/redirect rules and URL encoding"
2018-08-12 14:43:22 -04:00
Glenn Strauss a46bc4f5de [core] remove proc_open.[ch], reduce stdio.h use 2018-08-05 03:44:15 -04:00
Glenn Strauss c56b21084e [core] http_kv.[ch] method, status, version str
move method, status, version strings from keyvalue.[ch] to http_kv.[ch]
2018-08-05 03:44:15 -04:00
Stefan Bühler d102a7113f [scons] fix various python2/3 incompatibilities 2017-11-08 00:02:54 -05:00
Glenn Strauss d61714dd0d [mod_authn_sasl] SASL auth (new) (fixes #2275)

HTTP Basic authentication using saslauthd

server.modules += ( "mod_auth" )
server.modules += ( "mod_authn_sasl" )
auth.backend = "sasl"
auth.backend.sasl.opts = ( "pwcheck_method" => "saslauthd" ) # default

  "SASL auth like libapache2-mod-authn-sasl"
2017-11-05 20:11:07 -05:00
Glenn Strauss 142971a80c [core] consolidate backend network write handlers
network_write.[ch] isolates various write, writev, sendfile wrappers
2017-11-02 00:41:53 -04:00
Glenn Strauss 1367f60626 [core] isolate sock_addr manipulation 2017-10-29 01:23:19 -04:00
Stefan Bühler 2eb7287a98 [scons] don't screw env[LIBS]
- copy() when collecting dependencies for static module linking
- copy() when following operations append to it and we don't reset it to
  an empty list
- use autoadd = 0 for many functions to prevent modifying env[LIBS] in
  the first place
- append to env[LIBS] manually to make it explicit (fam and rt)
2017-10-28 22:41:32 -04:00
Stefan Bühler 2144cd2e39 [scons] link -static-libgcc instead of gcc_s 2017-10-28 22:41:32 -04:00
Stefan Bühler 68a92f2c3c [scons] don't link pthread twice in --whole-archive workaround 2017-10-28 22:41:32 -04:00
Stefan Bühler b8989bf2dd [scons] fix some lib dependencies
- mod_cml: doesn't need pcre
- mod_trigger_b4_dl: needs gdbm
- lighttpd: needs crypto and pcre
2017-10-28 22:41:32 -04:00
Stefan Bühler 21dfe350ae [scons] sort modules 2017-10-28 22:41:32 -04:00
Glenn Strauss 477534084a [mod_wstunnel] websocket tunnel to other protocol

decodes websockets and passes body back and forth from backend
(body could be known protocol such as JSON, or any custom protocol)

originally based off
2017-07-25 02:29:23 -04:00
Glenn Strauss 889db409dc [core] add public domain SHA1() if no crypto
add public domain SHA1() if not linking with crypto lib

obtained from
 * Originally written by Steve Reid <>
 * Modified by Aaron D. Gifford <>
 * The original unmodified version is available at:
2017-07-25 02:07:49 -04:00
Glenn Strauss 45b970e69b [core] shared code for socket backends
common codebase for socket backends, based off mod_fastcgi with
some features added for mod_proxy

(mostly intended to reduce code duplication and enhance code isolation)

mod_fastcgi and mod_scgi can now use fastcgi.balance and scgi.balance
  for similar behavior as proxy.balance, but the balancing is per-host
  and not per-proc.  proxy.balance is also per-host and not per-proc.

mod_proxy and mod_scgi can now use and, similar to

mod_fastcgi behavior change (affects only mod_status):
- statistics tags have been renamed from "fastcgi.*" to "gw.*"
  "fastcgi.backend.*"       -> "gw.backend.*"
  "" -> ""
  ("fastcgi.requests" remains "fastcgi.requests")
  ("proxy.requests" is new)
  ("scgi.requests" is new)

mod_scgi behavior change (likely minor):
- removed scgi_proclist_sort_down() and scgi_proclist_sort_up().
  procs now chosen based on load as measured by num socket connnections

modules using gw_backend.[ch] are currently still independent modules.
If it had been written as a single module with fastcgi, scgi, proxy
implementations, then there would have been a chance of breaking some
existing user configurations where module ordering made a difference
for which module handled a given request, though for most people, this
would have made no difference.

Details about mod_fastcgi code transformations:
unsigned int debug -> int debug
fastcgi_env member removed from plugin_config
renamed "fcgi" and "fastcgi" to "gw", and "FCGI" to "GW"
reorganize routines for high-level and lower-level interfaces
some lower-level internal interfaces changed to use host,proc,debug
  args rather than knowing about higher-level (app) hctx and plugin_data
tabs->spaces and reformatting
2017-07-23 19:02:00 -04:00
Glenn Strauss 9b9f445a7b [mod_proxy] move data_fastcgi into mod_proxy.c
(data_fastcgi is used only by mod_proxy at this point)
2017-07-15 22:42:15 -04:00