#
c31041b1 |
| 07-Jun-2024 |
Stefan Eissing |
connection: shutdown TLS (for FTP) better This adds connection shutdown infrastructure and first use for FTP. FTP data connections, when not encountering an error, are now shut down in a
connection: shutdown TLS (for FTP) better This adds connection shutdown infrastructure and first use for FTP. FTP data connections, when not encountering an error, are now shut down in a blocking way with a 2sec timeout. - add cfilter `Curl_cft_shutdown` callback - keep a shutdown start timestamp and timeout at connectdata - provide shutdown timeout default and member in `data->set.shutdowntimeout`. - provide methods for starting, interrogating and clearing shutdown timers - provide `Curl_conn_shutdown_blocking()` to shutdown the `sockindex` filter chain in a blocking way. Use that in FTP. - add `Curl_conn_cf_poll()` to wait for socket events during shutdown of a connection filter chain. This gets the monitoring sockets and events via the filters "adjust_pollset()" methods. This gives correct behaviour when shutting down a TLS connection through a HTTP/2 proxy. - Implement shutdown for all socket filters - for HTTP/2 and h2 proxying to send GOAWAY - for TLS backends to the best of their capabilities - for tcp socket filter to make a final, nonblocking receive to avoid unwanted RST states - add shutdown forwarding to happy eyeballers and https connect ballers when applicable. Closes #13904
show more ...
|
#
23fe1a52 |
| 01-Jun-2024 |
Andy Pan |
socketpair: add `eventfd` and use `SOCK_NONBLOCK` for `socketpair()` Currently, we use `pipe` for `wakeup_create`, which requires ***two*** file descriptors. Furthermore, given its compl
socketpair: add `eventfd` and use `SOCK_NONBLOCK` for `socketpair()` Currently, we use `pipe` for `wakeup_create`, which requires ***two*** file descriptors. Furthermore, given its complexity inside, `pipe` is a bit heavyweight for just a simple event wait/notify mechanism. `eventfd` would be a more suitable solution for this kind of scenario, kernel also advocates for developers to use `eventfd` instead of `pipe` in some simple use cases: Applications can use an eventfd file descriptor instead of a pipe (see pipe(2) in all cases where a pipe is used simply to signal events. The kernel overhead of an eventfd file descriptor is much lower than that of a pipe, and only one file descriptor is required (versus the two required for a pipe). This change adds the new backend of `eventfd` for `wakeup_create` and uses it where available, eliminating the overhead of `pipe`. Also, it optimizes the `wakeup_create` to eliminate the system calls that make file descriptors non-blocking by moving the logic of setting non-blocking flags on file descriptors to `socketpair.c` and using `SOCK_NONBLOCK` for `socketpair(2)`, `EFD_NONBLOCK` for `eventfd(2)`. Ref: https://man7.org/linux/man-pages/man7/pipe.7.html https://man7.org/linux/man-pages/man2/eventfd.2.html https://man7.org/linux/man-pages/man2/socketpair.2.html https://www.gnu.org/software/gnulib/manual/html_node/eventfd.html Closes #13874
show more ...
|
#
c6655f70 |
| 27-Mar-2024 |
Stefan Eissing |
http/2, http/3: decouple stream state from easy handle - add `Curl_hash_offt` as hashmap between a `curl_off_t` and an object. Use this in h2+h3 connection filters to associate `
http/2, http/3: decouple stream state from easy handle - add `Curl_hash_offt` as hashmap between a `curl_off_t` and an object. Use this in h2+h3 connection filters to associate `data->id` with the internal stream state. - changed implementations of all affected connection filters - removed `h2_ctx*` and `h3_ctx*` from `struct HTTP` and thus the easy handle - solves the problem of attaching "foreign protocol" easy handles during connection shutdown Test 1616 verifies the new hash functions. Closes #13204
show more ...
|
#
fcef00db |
| 08-Mar-2024 |
Stefan Eissing |
lib: keep conn IP information together new struct ip_quadruple for holding local/remote addr+port - used in data->info and conn and cf-socket.c - copy back and forth complete st
lib: keep conn IP information together new struct ip_quadruple for holding local/remote addr+port - used in data->info and conn and cf-socket.c - copy back and forth complete struct - add 'secondary' to conn - use secondary in reporting success for ftp 2nd connection Reported-by: DasKutti on github Fixes #13084 Closes #13090
show more ...
|
#
8706b680 |
| 13-Dec-2023 |
Stefan Eissing |
lib: eliminate `conn->cselect_bits` - use `data->state.dselect_bits` everywhere instead - remove `bool *comeback` parameter as non-zero `data->state.dselect_bits` will indicate tha
lib: eliminate `conn->cselect_bits` - use `data->state.dselect_bits` everywhere instead - remove `bool *comeback` parameter as non-zero `data->state.dselect_bits` will indicate that IO is incomplete. Closes #12512
show more ...
|
#
bc8509a7 |
| 07-Nov-2023 |
Sam James |
misc: fix -Walloc-size warnings GCC 14 introduces a new -Walloc-size included in -Wextra which gives: ``` src/tool_operate.c: In function ‘add_per_transfer’: src/tool_operat
misc: fix -Walloc-size warnings GCC 14 introduces a new -Walloc-size included in -Wextra which gives: ``` src/tool_operate.c: In function ‘add_per_transfer’: src/tool_operate.c:213:5: warning: allocation of insufficient size ‘1’ for type ‘struct per_transfer’ with size ‘480’ [-Walloc-size] 213 | p = calloc(sizeof(struct per_transfer), 1); | ^ src/var.c: In function ‘addvariable’: src/var.c:361:5: warning: allocation of insufficient size ‘1’ for type ‘struct var’ with size ‘32’ [-Walloc-size] 361 | p = calloc(sizeof(struct var), 1); | ^ ``` The calloc prototype is: ``` void *calloc(size_t nmemb, size_t size); ``` So, just swap the number of members and size arguments to match the prototype, as we're initialising 1 struct of size `sizeof(struct ...)`. GCC then sees we're not doing anything wrong. Closes #12292
show more ...
|
#
5d0b3eda |
| 02-Nov-2023 |
Stefan Eissing |
msh3: error when built with CURL_DISABLE_SOCKETPAIR set Reported-by: Gisle Vanem Closes #12252 Fixes #12213
|
#
bf0e278a |
| 26-Oct-2023 |
Stefan Eissing |
vtls: cleanup SSL config management - remove `Curl_ssl_get_config()`, no longer needed Closes #12204
|
#
47f5b1a3 |
| 04-Sep-2023 |
Stefan Eissing |
lib: introduce struct easy_poll_set for poll information Connection filter had a `get_select_socks()` method, inspired by the various `getsocks` functions involved during the lifetime of
lib: introduce struct easy_poll_set for poll information Connection filter had a `get_select_socks()` method, inspired by the various `getsocks` functions involved during the lifetime of a transfer. These, depending on transfer state (CONNECT/DO/DONE/ etc.), return sockets to monitor and flag if this shall be done for POLLIN and/or POLLOUT. Due to this design, sockets and flags could only be added, not removed. This led to problems in filters like HTTP/2 where flow control prohibits the sending of data until the peer increases the flow window. The general transfer loop wants to write, adds POLLOUT, the socket is writeable but no data can be written. This leads to cpu busy loops. To prevent that, HTTP/2 did set the `SEND_HOLD` flag of such a blocked transfer, so the transfer loop cedes further attempts. This works if only one such filter is involved. If a HTTP/2 transfer goes through a HTTP/2 proxy, two filters are setting/clearing this flag and may step on each other's toes. Connection filters `get_select_socks()` is replaced by `adjust_pollset()`. They get passed a `struct easy_pollset` that keeps up to `MAX_SOCKSPEREASYHANDLE` sockets and their `POLLIN|POLLOUT` flags. This struct is initialized in `multi_getsock()` by calling the various `getsocks()` implementations based on transfer state, as before. After protocol handlers/transfer loop have set the sockets and flags they want, the `easy_pollset` is *always* passed to the filters. Filters "higher" in the chain are called first, starting at the first not-yet-connection one. Each filter may add sockets and/or change flags. When all flags are removed, the socket itself is removed from the pollset. Example: * transfer wants to send, adds POLLOUT * http/2 filter has a flow control block, removes POLLOUT and adds POLLIN (it is waiting on a WINDOW_UPDATE from the server) * TLS filter is connected and changes nothing * h2-proxy filter also has a flow control block on its tunnel stream, removes POLLOUT and adds POLLIN also. * socket filter is connected and changes nothing * The resulting pollset is then mixed together with all other transfers and their pollsets, just as before. Use of `SEND_HOLD` is no longer necessary in the filters. All filters are adapted for the changed method. The handling in `multi.c` has been adjusted, but its state handling the the protocol handlers' `getsocks` method are untouched. The most affected filters are http/2, ngtcp2, quiche and h2-proxy. TLS filters needed to be adjusted for the connecting handshake read/write handling. No noticeable difference in performance was detected in local scorecard runs. Closes #11833
show more ...
|
#
e12b39e1 |
| 03-Aug-2023 |
Stefan Eissing |
trace: make tracing available in non-debug builds Add --trace-config to curl Add curl_global_trace() to libcurl Closes #11421
|
#
fd306e55 |
| 16-Jun-2023 |
Jay Satiro |
lib: fix some format specifiers - Use CURL_FORMAT_CURL_OFF_T where %zd was erroneously used for some curl_off_t variables. - Use %zu where %zd was erroneously used for some si
lib: fix some format specifiers - Use CURL_FORMAT_CURL_OFF_T where %zd was erroneously used for some curl_off_t variables. - Use %zu where %zd was erroneously used for some size_t variables. Prior to this change some of the Windows CI tests were failing because in Windows 32-bit targets have a 32-bit size_t and a 64-bit curl_off_t. When %zd was used for some curl_off_t variables then only the lower 32-bits was read and the upper 32-bits would be read for part or all of the next specifier. Fixes https://github.com/curl/curl/issues/11327 Closes https://github.com/curl/curl/pull/11321
show more ...
|
#
e024d566 |
| 23-May-2023 |
Stefan Eissing |
lib: add CURLINFO_CONN_ID and CURLINFO_XFER_ID - add an `id` long to Curl_easy, -1 on init - once added to a multi (or its own multi), it gets a non-negative number assigned by the
lib: add CURLINFO_CONN_ID and CURLINFO_XFER_ID - add an `id` long to Curl_easy, -1 on init - once added to a multi (or its own multi), it gets a non-negative number assigned by the connection cache - `id` is unique among all transfers using the same cache until reaching LONG_MAX where it will wrap around. So, not unique eternally. - CURLINFO_CONN_ID returns the connection id attached to data or, if none present, data->state.lastconnect_id - variables and type declared in tool for write out Closes #11185
show more ...
|
#
3f8fc257 |
| 09-May-2023 |
Viktor Szakats |
cmake: add support for "unity" builds Aka "jumbo" or "amalgamation" builds. It means to compile all sources per target as a single C source. This is experimental. You can enable
cmake: add support for "unity" builds Aka "jumbo" or "amalgamation" builds. It means to compile all sources per target as a single C source. This is experimental. You can enable it by passing `-DCMAKE_UNITY_BUILD=ON` to cmake. It requires CMake 3.16 or newer. It makes builds (much) faster, allows for better optimizations and tends to promote less ambiguous code. Also add a new AppVeyor CI job and convert an existing one to use "unity" mode (one MSVC, one MinGW), and enable it for one macOS CI job. Fix related issues: - add missing include guard to `easy_lock.h`. - rename static variables and functions (and a macro) with names reused across sources, or shadowed by local variables. - add an `#undef` after use. - add a missing `#undef` before use. - move internal definitions from `ftp.h` to `ftp.c`. - `curl_memory.h` fixes to make it work when included repeatedly. - stop building/linking curlx bits twice for a static-mode curl tool. These caused doubly defined symbols in unity builds. - silence missing extern declarations compiler warning for ` _CRT_glob`. - fix extern declarations for `tool_freq` and `tool_isVistaOrGreater`. - fix colliding static symbols in debug mode: `debugtime()` and `statename`. - rename `ssl_backend_data` structure to unique names for each TLS-backend, along with the `ssl_connect_data` struct member referencing them. This required adding casts for each access. - add workaround for missing `[P]UNICODE_STRING` types in certain Windows builds when compiling `lib/ldap.c`. To support "unity" builds, we had to enable `SCHANNEL_USE_BLACKLISTS` for Schannel (a Windows `schannel.h` option) _globally_. This caused an indirect inclusion of Windows `schannel.h` from `ldap.c` via `winldap.h` to have it enabled as well. This requires `[P]UNICODE_STRING` types, which is apperantly not defined automatically (as seen with both MSVS and mingw-w64). This patch includes `<subauth.h>` to fix it. Ref: https://github.com/curl/curl/runs/13987772013 Ref: https://dev.azure.com/daniel0244/curl/_build/results?buildId=15827&view=logs&jobId=2c9f582d-e278-56b6-4354-f38a4d851906&j=2c9f582d-e278-56b6-4354-f38a4d851906&t=90509b00-34fa-5a81-35d7-5ed9569d331c - tweak unity builds to compile `lib/memdebug.c` separately in memory trace builds to avoid PP confusion. - force-disable unity for test programs. - do not compile and link libcurl sources to libtests _twice_ when libcurl is built in static mode. KNOWN ISSUES: - running tests with unity builds may fail in cases. - some build configurations/env may not compile in unity mode. E.g.: https://ci.appveyor.com/project/curlorg/curl/builds/47230972/job/51wfesgnfuauwl8q#L250 Ref: https://github.com/libssh2/libssh2/issues/1034 Ref: https://cmake.org/cmake/help/latest/prop_tgt/UNITY_BUILD.html Ref: https://en.wikipedia.org/wiki/Unity_build Closes #11095
show more ...
|
#
77c9a984 |
| 18-May-2023 |
Emilio Cobos Álvarez |
http2: double http request parser max line length This works around #11138, by doubling the limit, and should be a relatively safe fix. Ideally the buffer would grow as needed a
http2: double http request parser max line length This works around #11138, by doubling the limit, and should be a relatively safe fix. Ideally the buffer would grow as needed and there would be no need for a limit? But that might be follow-up material. Fixes #11138 Closes #11139
show more ...
|
#
9ce7eee0 |
| 28-Apr-2023 |
Daniel Stenberg |
checksrc: find bad indentation in conditions without open brace If the previous line starts with if/while/for AND ends with a closed parenthesis and there's an equal number of open and c
checksrc: find bad indentation in conditions without open brace If the previous line starts with if/while/for AND ends with a closed parenthesis and there's an equal number of open and closed parentheses on that line, verify that this line is indented $indent more steps, if not a cpp line. Also adjust the fall-out from this fix. Closes #11054
show more ...
|
#
65f03e50 |
| 25-Apr-2023 |
Daniel Stenberg |
urldata: shrink *select_bits int => unsigned char - dselect_bits - cselect_bits ... are using less than 8 bits. Changed types and moved them towards the end of the structs t
urldata: shrink *select_bits int => unsigned char - dselect_bits - cselect_bits ... are using less than 8 bits. Changed types and moved them towards the end of the structs to fit better. Closes #11025
show more ...
|
#
3b7a8a25 |
| 24-Apr-2023 |
Stefan Eissing |
http3: expire unpaused transfers in all HTTP/3 backends Closes #11005
|
#
cab2d56e |
| 21-Apr-2023 |
Stefan Eissing |
h2/h3: replace `state.drain` counter with `state.dselect_bits` - `drain` was used by http/2 and http/3 implementations to indicate that the transfer requires send/recv independant from
h2/h3: replace `state.drain` counter with `state.dselect_bits` - `drain` was used by http/2 and http/3 implementations to indicate that the transfer requires send/recv independant from its socket poll state. Intended as a counter, it was used as bool flag only. - a similar mechanism exists on `connectdata->cselect_bits` where specific protocols can indicate something similar, only for the whole connection. - `cselect_bits` are cleard in transfer.c on use and, importantly, also set when the transfer loop expended its `maxloops` tries. `drain` was not cleared by transfer and the http2/3 implementations had to take care of that. - `dselect_bits` is cleared *and* set by the transfer loop. http2/3 does no longer clear it, only set when new events happen. This change unifies the handling of socket poll overrides, extending `cselect_bits` by a easy handle specific value and a common treatment in transfers. Closes #11005
show more ...
|
#
fc2f1e54 |
| 14-Apr-2023 |
Stefan Eissing |
http2: support HTTP/2 to forward proxies, non-tunneling - with `--proxy-http2` allow h2 ALPN negotiation to forward proxies - applies to http: requests against a https: proxy only,
http2: support HTTP/2 to forward proxies, non-tunneling - with `--proxy-http2` allow h2 ALPN negotiation to forward proxies - applies to http: requests against a https: proxy only, as https: requests will auto-tunnel - adding a HTTP/1 request parser in http1.c - removed h2h3.c - using new request parser in nghttp2 and all h3 backends - adding test 2603 for request parser - adding h2 proxy test cases to test_10_* scorecard.py: request scoring accidentally always run curl with '-v'. Removed that, expect double numbers. labeller: added http1.* and h2-proxy sources to detection Closes #10967
show more ...
|
#
be800a6c |
| 13-Apr-2023 |
Stefan Eissing |
http3: check stream_ctx more thoroughly in all backends - callbacks and filter methods might be invoked at unexpected times, e.g. when the transfer's stream_ctx has not been initialize
http3: check stream_ctx more thoroughly in all backends - callbacks and filter methods might be invoked at unexpected times, e.g. when the transfer's stream_ctx has not been initialized yet or, more likely, has already been taken down. - check for existance of stream_ctx in such places and return an error or silently succeed the call. Closes #10951
show more ...
|
#
632e0fbe |
| 06-Apr-2023 |
Stefan Eissing |
http2: move HTTP/2 stream vars into local context - remove NGHTTP2 members of `struct HTTP` - add `void *h2_ctx` to `struct HTTP` - add `void *h3_ctx` to `struct HTTP` - separate
http2: move HTTP/2 stream vars into local context - remove NGHTTP2 members of `struct HTTP` - add `void *h2_ctx` to `struct HTTP` - add `void *h3_ctx` to `struct HTTP` - separate h2/h3 pointers are needed for eyeballing - manage local stream_ctx in http implementations Closes #10877
show more ...
|
#
544abeea |
| 30-Mar-2023 |
Stefan Eissing |
http3: improvements across backends - ngtcp2: using bufq for recv stream data - internal stream_ctx instead of `struct HTTP` members for quiche, ngtcp2 and msh3 - no more QUIC
http3: improvements across backends - ngtcp2: using bufq for recv stream data - internal stream_ctx instead of `struct HTTP` members for quiche, ngtcp2 and msh3 - no more QUIC related members in `struct HTTP` - experimental use of recvmmsg(), disabled by default - testing on my old debian box shows no throughput improvements. - leaving it in, but disabled, for future revisit - vquic: common UDP receive code for ngtcp2 and quiche - vquic: common UDP send code for ngtcp2 and quiche - added pytest skips for known msh3 failures - fix unit2601 to survive torture testing - quiche: using latest `master` from quiche and enabling large download tests, now that key change is supported - fixing test_07_21 where retry handling of starting a stream was faulty - msh3: use bufq for recv buffering headers and data - msh3: replace fprintf debug logging with LOG_CF where possible - msh3: force QUIC expire timers on recv/send to have more than 1 request per second served Closes #10772
show more ...
|
#
7c5637b8 |
| 06-Mar-2023 |
Stefan Eissing |
url: fix logic in connection reuse to deny reuse on "unclean" connections - add parameter to `conn_is_alive()` cfilter method that returns if there is input data waiting on the connect
url: fix logic in connection reuse to deny reuse on "unclean" connections - add parameter to `conn_is_alive()` cfilter method that returns if there is input data waiting on the connection - refrain from re-using connnection from the cache that have input pending - adapt http/2 and http/3 alive checks to digest pending input to check the connection state - remove check_cxn method from openssl as that was just doing what the socket filter now does. - add tests for connection reuse with special server configs Closes #10690
show more ...
|
#
25741602 |
| 03-Mar-2023 |
Stefan Eissing |
connect: fix time_connect and time_appconnect timer statistics - time_connect was not updated when the overall connection failed, e.g. when SSL verification was unsuccessful, refs #106
connect: fix time_connect and time_appconnect timer statistics - time_connect was not updated when the overall connection failed, e.g. when SSL verification was unsuccessful, refs #10670 - rework gather those values to interrogate involved filters, also from all eyeballing attempts, to report the maximum of those values. - added 3 test cases in test_06 to check reported values on successful, partially failed and totally failed connections. Reported-by: Master Inspire Fixes #10670 Closes #10671
show more ...
|
#
67115824 |
| 01-Feb-2023 |
Stefan Eissing |
connections: introduce http/3 happy eyeballs New cfilter HTTP-CONNECT for h3/h2/http1.1 eyeballing. - filter is installed when `--http3` in the tool is used (or the equivalent CURL
connections: introduce http/3 happy eyeballs New cfilter HTTP-CONNECT for h3/h2/http1.1 eyeballing. - filter is installed when `--http3` in the tool is used (or the equivalent CURLOPT_ done in the library) - starts a QUIC/HTTP/3 connect right away. Should that not succeed after 100ms (subject to change), a parallel attempt is started for HTTP/2 and HTTP/1.1 via TCP - both attempts are subject to IPv6/IPv4 eyeballing, same as happens for other connections - tie timeout to the ip-version HAPPY_EYEBALLS_TIMEOUT - use a `soft` timeout at half the value. When the soft timeout expires, the HTTPS-CONNECT filter checks if the QUIC filter has received any data from the server. If not, it will start the HTTP/2 attempt. HTTP/3(ngtcp2) improvements. - setting call_data in all cfilter calls similar to http/2 and vtls filters for use in callback where no stream data is available. - returning CURLE_PARTIAL_FILE for prematurely terminated transfers - enabling pytest test_05 for h3 - shifting functionality to "connect" UDP sockets from ngtcp2 implementation into the udp socket cfilter. Because unconnected UDP sockets are weird. For example they error when adding to a pollset. HTTP/3(quiche) improvements. - fixed upload bug in quiche implementation, now passes 251 and pytest - error codes on stream RESET - improved debug logs - handling of DRAIN during connect - limiting pending event queue HTTP/2 cfilter improvements. - use LOG_CF macros for dynamic logging in debug build - fix CURLcode on RST streams to be CURLE_PARTIAL_FILE - enable pytest test_05 for h2 - fix upload pytests and improve parallel transfer performance. GOAWAY handling for ngtcp2/quiche - during connect, when the remote server refuses to accept new connections and closes immediately (so the local conn goes into DRAIN phase), the connection is torn down and a another attempt is made after a short grace period. This is the behaviour observed with nghttpx when we tell it to shut down gracefully. Tested in pytest test_03_02. TLS improvements - ALPN selection for SSL/SSL-PROXY filters in one vtls set of functions, replaces copy of logic in all tls backends. - standardized the infof logging of offered ALPNs - ALPN negotiated: have common function for all backends that sets alpn proprty and connection related things based on the negotiated protocol (or lack thereof). - new tests/tests-httpd/scorecard.py for testing h3/h2 protocol implementation. Invoke: python3 tests/tests-httpd/scorecard.py --help for usage. Improvements on gathering connect statistics and socket access. - new CF_CTRL_CONN_REPORT_STATS cfilter control for having cfilters report connection statistics. This is triggered when the connection has completely connected. - new void Curl_pgrsTimeWas(..) method to report a timer update with a timestamp of when it happend. This allows for updating timers "later", e.g. a connect statistic after full connectivity has been reached. - in case of HTTP eyeballing, the previous changes will update statistics only from the filter chain that "won" the eyeballing. - new cfilter query CF_QUERY_SOCKET for retrieving the socket used by a filter chain. Added methods Curl_conn_cf_get_socket() and Curl_conn_get_socket() for convenient use of this query. - Change VTLS backend to query their sub-filters for the socket when checks during the handshake are made. HTTP/3 documentation on how https eyeballing works. TLS improvements - ALPN selection for SSL/SSL-PROXY filters in one vtls set of functions, replaces copy of logic in all tls backends. - standardized the infof logging of offered ALPNs - ALPN negotiated: have common function for all backends that sets alpn proprty and connection related things based on the negotiated protocol (or lack thereof). Scorecard with Caddy. - configure can be run with `--with-test-caddy=path` to specify which caddy to use for testing - tests/tests-httpd/scorecard.py now measures download speeds with caddy pytest improvements - adding Makfile to clean gen dir - adding nghttpx rundir creation on start - checking httpd version 2.4.55 for test_05 cases where it is needed. Skipping with message if too old. - catch exception when checking for caddy existance on system. Closes #10349
show more ...
|