The downstream connection callback must only be invoked when the event
that SSL requests for the connection to make progress has actually
occured. Otherwise, the downstream callback might do nothing but
re-queue an unrelated event (e.g. in user_net_io_want_write), and the
event loop comes around instantly while making no progress. Track the
SSL-requested events separately and deliver the required downstream
event when they fire.
Sample strace:
epoll_wait(0, {{EPOLLIN, {u32=96, u64=96}}}, 91, 10000) = 1
: net_ssl_callback in state tls_st_need_write calls cb NET_EVENT_WRITE
: User writes data, OpenSSL tries to write data
write(96, <snip>..., 170) = -1 EAGAIN (Resource temporarily unavailable)
: handle_openssl_error requests NET_EVENT_WRITE
epoll_ctl(0, EPOLL_CTL_MOD, 96, {EPOLLOUT, {u32=96, u64=96}}) = 0
: User callback then requests NET_EVENT_READ|NET_EVENT_WRITE
epoll_ctl(0, EPOLL_CTL_MOD, 96, {EPOLLIN|EPOLLOUT, {u32=96, u64=96}}) =
: Data available for *reading*
epoll_wait(0, {{EPOLLIN, {u32=96, u64=96}}}, 91, 10000) = 1
: net_ssl_callback in state tls_st_need_write calls cb NET_EVENT_WRITE
: again...
the given amount of messages in the configured interval.
The previous behavior allowed n+2 messages in the interval, due to
two off by one comparison rules.
In addition, if flooding is detected then each new message after the flooding
is detected will reset the interval timer, which means the client
cannot send another message until the timeout interval expires.
This could essentially happen due to time drift,
high load, or the process being put in sleep for a while.
The reason is that recurring timers could be added to the same time slot
as the timeslot being handled.
Use file=/path/to/db to specify the database file where chat history should be stored. Other config variables are the same as those for mod_chat_history.
Code merged adapted and merged from Mimicmod's repository:
https://github.com/mimicmod/uhub.git
This used to be a linear search O(n), but is now done
as a red-black tree O(log n) instead.
These operations can be further opimized with a hash-table
which would acheive near constant time lookups.
- Added a list_remove_first() which is generally better than list_remove()
provided you want to remove the first element.
- Added a list_append_list() to append and move all nodes from one list to
another.
Previously you would have to do something like this:
for (type foo = (type) list_get_first(list); foo; foo = (type) list_get_next(list)
{
/* code */
}
Now, you can instead write this as:
LIST_FOREACH(type, foo, list,
{
/* code */
})
Basically, boilerplate stuff including the casting is gone.
This API provides transparent asynchronous DNS lookups
with both IPv4 and IPv6 support, and in addition will try
to connect to all addresses until one of them work.
This implements the "happy eyeballs" algorithm provided that the client supports IPv6
and that the DNS records provides both IPv6 and IPv4 addresses.
This caused the backends to return an error code, which
in turn ended the mainloop. However, several other things
also might occur in the main loop, such as DNS lookups which
come prior to creating any connections that in turn would be monitored.
The command resets the topic to the default as configured in uhub.conf.
"clear" wrongly implies that the topic will be emptied.
Also added a plugin description in plugins.conf.
for certain lookups.
The rb_tree will act as a general purpose key/value storage, and
also give a performance boost in the cases where the other
simple alternative would be to use a linked_list.
On average this should give on average O(log n) lookups, while the linked_list
would be O(n) at worst.
If a valid escape (\n, \s, or \\) is found, increment the pointer
marking the start of the next search so we don't start looking at the
escaped character. The old behaviour was a problem for messages
containing slashes -- the escaped slash would be looked at in the next
pass and so the following character would be treated as an escape,
causing the message to be dropped for having "an invalid ADC escape".
uhub did not have this security bug since the hub did not advertise support for the
UCMD extension, but the message was still correctly relayed as specified in the
protocol specification.
However, this commit adds support for the UCMD extension, but only to the extent
that uhub will advertise it and uhub will also drop any such CMD message
generated by a client and will (currently) never issues a CMD message by itself.
GnuTLS sends a handshake with SSL 3.0 (0x0300) in the outer packet, but
mentions TLS 1.2 (0x0303) in the Client Hello. There's no real need for
uhub to validate these fields, as OpenSSL should do that itself already.
Just use the version mentioned in Client Hello for logging output.
It's not called anywhere yet.
Also reorder some typedefs, rename the ip check functions and add
struct {hub,plugin}_user parameter to on_check_ip_late(). Not sure where
to insert a call to that...