mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-01-31 19:43:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
cosmopolitan/tool/net/redbean.c

7478 lines
217 KiB
C
Raw Normal View History

Make improvements - Emulator can now test the αcτµαlly pδrταblε εxεcµταblε bootloader - Whipped up a webserver named redbean. It services 150k requests per second on a single core. Bundling assets inside zip enables extremely fast serving for two reasons. The first is that zip central directory lookups go faster than stat() system calls. The second is that both zip and gzip content-encoding use DEFLATE, therefore, compressed responses can be served via the sendfile() system call which does an in-kernel copy directly from the zip executable structure. Also note that red bean zip executables can be deployed easily to all platforms, since these native executables work on Linux, Mac, BSD, and Windows. - Address sanitizer now works very well
2020-09-07 04:39:00 +00:00
/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│
vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi
Copyright 2020 Justine Alexandra Roberts Tunney
Change license
2020-12-28 01:18:44 +00:00
Permission to use, copy, modify, and/or distribute this software for
any purpose with or without fee is hereby granted, provided that the
above copyright notice and this permission notice appear in all copies.
Make improvements - Emulator can now test the αcτµαlly pδrταblε εxεcµταblε bootloader - Whipped up a webserver named redbean. It services 150k requests per second on a single core. Bundling assets inside zip enables extremely fast serving for two reasons. The first is that zip central directory lookups go faster than stat() system calls. The second is that both zip and gzip content-encoding use DEFLATE, therefore, compressed responses can be served via the sendfile() system call which does an in-kernel copy directly from the zip executable structure. Also note that red bean zip executables can be deployed easily to all platforms, since these native executables work on Linux, Mac, BSD, and Windows. - Address sanitizer now works very well
2020-09-07 04:39:00 +00:00
Change license
2020-12-28 01:18:44 +00:00
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
Make improvements - Emulator can now test the αcτµαlly pδrταblε εxεcµταblε bootloader - Whipped up a webserver named redbean. It services 150k requests per second on a single core. Bundling assets inside zip enables extremely fast serving for two reasons. The first is that zip central directory lookups go faster than stat() system calls. The second is that both zip and gzip content-encoding use DEFLATE, therefore, compressed responses can be served via the sendfile() system call which does an in-kernel copy directly from the zip executable structure. Also note that red bean zip executables can be deployed easily to all platforms, since these native executables work on Linux, Mac, BSD, and Windows. - Address sanitizer now works very well
2020-09-07 04:39:00 +00:00
*/
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
#include "libc/assert.h"
Use *NSYNC for POSIX threads locking APIs Condition variables, barriers, and r/w locks now work very well.
2022-09-11 18:02:07 +00:00
#include "libc/atomic.h"
Make improvements - Emulator can now test the αcτµαlly pδrταblε εxεcµταblε bootloader - Whipped up a webserver named redbean. It services 150k requests per second on a single core. Bundling assets inside zip enables extremely fast serving for two reasons. The first is that zip central directory lookups go faster than stat() system calls. The second is that both zip and gzip content-encoding use DEFLATE, therefore, compressed responses can be served via the sendfile() system call which does an in-kernel copy directly from the zip executable structure. Also note that red bean zip executables can be deployed easily to all platforms, since these native executables work on Linux, Mac, BSD, and Windows. - Address sanitizer now works very well
2020-09-07 04:39:00 +00:00
#include "libc/calls/calls.h"
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
#include "libc/calls/ioctl.h"
Rewrite Linux pledge() code so it can be a payload It's now possible to build our pledge() polyfill as a dynamic shared object that can be injected into a glibc executable using LD_PRELOAD
2022-08-08 18:41:08 +00:00
#include "libc/calls/pledge.h"
Reduce makefile dependencies by 10% The includes in libc/calls/calls.h have now been refactored so that functions with struct parameters are declared in libc/calls/struct/
2022-06-09 03:01:28 +00:00
#include "libc/calls/struct/dirent.h"
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
#include "libc/calls/struct/flock.h"
Fix some issues and do some code cleanup
2022-05-23 17:15:53 +00:00
#include "libc/calls/struct/iovec.h"
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
#include "libc/calls/struct/rusage.h"
Escape LaunchBrowser path This also fix a bug where CTRL-C'ing redbean on Linux would kill the browser process. It furthermore fixes a regression with the APE self repair process that happened in a recent change. See #158
2021-05-03 18:52:24 +00:00
#include "libc/calls/struct/sigaction.h"
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
#include "libc/calls/struct/sigset.h"
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
#include "libc/calls/struct/stat.h"
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
#include "libc/calls/struct/termios.h"
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
#include "libc/calls/struct/timespec.h"
Show crash reports on SIGSYS This will help make it easier to troubleshoot ABI breakages with on operating systems that, unlike Linux don't have ironclad guarantees to not break userspace.
2022-06-23 20:01:01 +00:00
#include "libc/dce.h"
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
#include "libc/dns/dns.h"
#include "libc/dns/hoststxt.h"
Improve some unicode functions
2021-05-05 14:25:39 +00:00
#include "libc/dos.h"
Improve pledge() usability and consistency - We now kill the program on violations like OpenBSD - We now print a message explaining which promise is needed - This change also fixes a linkage bug with thread local storage - Your sigaction() handlers should now be more thread safe A new `__pledge_mode` global has been introduced to make pledge() more customizable on Linux. For example: __attribute__((__constructor__)) static void init(void) { __pledge_mode = SECCOMP_RET_ERRNO | EPERM; } Can be used to restore our old permissive pledge() behavior.
2022-08-07 23:18:33 +00:00
#include "libc/errno.h"
Fold conv package into fmt Both packages had nearly identical dependency requirements, so merging them should help reduce the complexity of the build graph.
2020-12-09 23:04:54 +00:00
#include "libc/fmt/conv.h"
#include "libc/fmt/itoa.h"
Prevent Make from talking to public Internet This change introduces the nointernet() function which may be called to prevent a process and its descendants from communicating with publicly routable Internet addresses. GNU Make has been modified to always call this function. In the future Landlock Make will have a way to whitelist subnets to override this behavior, or disable it entirely. Support is available for Linux only. Our firewall does not require root access. Calling nointernet() will return control to the caller inside a new process that has a SECCOMP BPF filter installed, which traps network related system calls. Your original process then becomes a permanent ptrace() supervisor that monitors all processes and threads descending from the returned child. Whenever a networking system call happens the kernel will stop the process and wakes up the monitor, which then peeks into the child memory to read the sockaddr_in to determine if it's ok. The downside to doing this is that there can be only one supervisor at a time using ptrace() on a process. So this firewall won't be enabled if you run make under strace or inside gdb. It also makes testing tricky.
2022-08-12 12:17:06 +00:00
#include "libc/intrin/atomic.h"
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
#include "libc/intrin/bits.h"
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
#include "libc/intrin/bsr.h"
Prevent Make from talking to public Internet This change introduces the nointernet() function which may be called to prevent a process and its descendants from communicating with publicly routable Internet addresses. GNU Make has been modified to always call this function. In the future Landlock Make will have a way to whitelist subnets to override this behavior, or disable it entirely. Support is available for Linux only. Our firewall does not require root access. Calling nointernet() will return control to the caller inside a new process that has a SECCOMP BPF filter installed, which traps network related system calls. Your original process then becomes a permanent ptrace() supervisor that monitors all processes and threads descending from the returned child. Whenever a networking system call happens the kernel will stop the process and wakes up the monitor, which then peeks into the child memory to read the sockaddr_in to determine if it's ok. The downside to doing this is that there can be only one supervisor at a time using ptrace() on a process. So this firewall won't be enabled if you run make under strace or inside gdb. It also makes testing tricky.
2022-08-12 12:17:06 +00:00
#include "libc/intrin/likely.h"
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
#include "libc/intrin/nomultics.internal.h"
Prevent Make from talking to public Internet This change introduces the nointernet() function which may be called to prevent a process and its descendants from communicating with publicly routable Internet addresses. GNU Make has been modified to always call this function. In the future Landlock Make will have a way to whitelist subnets to override this behavior, or disable it entirely. Support is available for Linux only. Our firewall does not require root access. Calling nointernet() will return control to the caller inside a new process that has a SECCOMP BPF filter installed, which traps network related system calls. Your original process then becomes a permanent ptrace() supervisor that monitors all processes and threads descending from the returned child. Whenever a networking system call happens the kernel will stop the process and wakes up the monitor, which then peeks into the child memory to read the sockaddr_in to determine if it's ok. The downside to doing this is that there can be only one supervisor at a time using ptrace() on a process. So this firewall won't be enabled if you run make under strace or inside gdb. It also makes testing tricky.
2022-08-12 12:17:06 +00:00
#include "libc/intrin/safemacros.internal.h"
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
#include "libc/log/appendresourcereport.internal.h"
Make improvements - Emulator can now test the αcτµαlly pδrταblε εxεcµταblε bootloader - Whipped up a webserver named redbean. It services 150k requests per second on a single core. Bundling assets inside zip enables extremely fast serving for two reasons. The first is that zip central directory lookups go faster than stat() system calls. The second is that both zip and gzip content-encoding use DEFLATE, therefore, compressed responses can be served via the sendfile() system call which does an in-kernel copy directly from the zip executable structure. Also note that red bean zip executables can be deployed easily to all platforms, since these native executables work on Linux, Mac, BSD, and Windows. - Address sanitizer now works very well
2020-09-07 04:39:00 +00:00
#include "libc/log/check.h"
#include "libc/log/log.h"
Improve redbean plus code size optimizations This change turns symbol table compression back on using Puff, which noticeably reduces the size of programs like redbean and Python. The redbean web server receives some minor API additions for controlling things like SSL in addition to filling gaps in the documentation.
2022-05-29 15:14:55 +00:00
#include "libc/macros.internal.h"
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
#include "libc/math.h"
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
#include "libc/mem/alloca.h"
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
#include "libc/mem/gc.h"
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
#include "libc/mem/mem.h"
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
#include "libc/nexgen32e/crc32.h"
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
#include "libc/nexgen32e/nt2sysv.h"
Implement raw system call for redbean lua code You can now call functions like fork() from Lua and it'll work across all supported platforms, including Windows. This gives you a level of control of the system that Lua traditionally hasn't been able to have due to its focus on old portable stdio rather modern POSIX APIs. Demo code has been added to redbean-demo.com to show how it works. This change also modifies Lua so that integer literals with a leading zero will be interpreted as octal. That should help avoid shooting in the foot with POSIX APIs that frequently use octal mode bits. This change fixes a bug in opendir(".") on New Technology. Lastly, redbean will now serve crash reports to private network IPs. This is consistent with other frameworks. However that isn't served to public IPs unless the -E flag is passed to redbean at startup.
2022-04-13 15:49:17 +00:00
#include "libc/nexgen32e/rdtsc.h"
Ignore SIGSYS on BSD by default
2022-11-03 16:32:12 +00:00
#include "libc/nexgen32e/vendor.internal.h"
Fix some issues and do some code cleanup
2022-05-23 17:15:53 +00:00
#include "libc/nexgen32e/x86feature.h"
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
#include "libc/nt/enum/fileflagandattributes.h"
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
#include "libc/nt/thread.h"
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
#include "libc/runtime/clktck.h"
Improve redbean plus code size optimizations This change turns symbol table compression back on using Puff, which noticeably reduces the size of programs like redbean and Python. The redbean web server receives some minor API additions for controlling things like SSL in addition to filling gaps in the documentation.
2022-05-29 15:14:55 +00:00
#include "libc/runtime/internal.h"
Fix Landlock Make so it can read pattern rule vars It turned out that specifying all SRCS and INCS as dependencies on the pattern rules for all headers, caused `make` memory usage to skyrocket from 40mb ot 160mb. This change also reduces the build graph another 4%.
2022-08-14 00:20:50 +00:00
#include "libc/runtime/memtrack.internal.h"
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
#include "libc/runtime/runtime.h"
Improve memory safety This commit makes numerous refinements to cosmopolitan memory handling. The default stack size has been reduced from 2mb to 128kb. A new macro is now provided so you can easily reconfigure the stack size to be any value you want. Work around the breaking change by adding to your main: STATIC_STACK_SIZE(0x00200000); // 2mb stack If you're not sure how much stack you need, then you can use: STATIC_YOINK("stack_usage_logging"); After which you can `sort -nr o/$MODE/stack.log`. Based on the unit test suite, nothing in the Cosmopolitan repository (except for Python) needs a stack size greater than 30kb. There are also new macros for detecting the size and address of the stack at runtime, e.g. GetStackAddr(). We also now support sigaltstack() so if you want to see nice looking crash reports whenever a stack overflow happens, you can put this in main(): ShowCrashReports(); Under `make MODE=dbg` and `make MODE=asan` the unit testing framework will now automatically print backtraces of memory allocations when things like memory leaks happen. Bugs are now fixed in ASAN global variable overrun detection. The memtrack and asan runtimes also handle edge cases now. The new tools helped to identify a few memory leaks, which are fixed by this change. This change should fix an issue reported in #288 with ARG_MAX limits. Fixing this doubled the performance of MKDEPS.COM and AR.COM yet again.
2021-10-14 00:27:13 +00:00
#include "libc/runtime/stack.h"
Refactor out some duplicated code
2021-08-14 13:17:56 +00:00
#include "libc/sock/goodsocket.internal.h"
Make improvements - Emulator can now test the αcτµαlly pδrταblε εxεcµταblε bootloader - Whipped up a webserver named redbean. It services 150k requests per second on a single core. Bundling assets inside zip enables extremely fast serving for two reasons. The first is that zip central directory lookups go faster than stat() system calls. The second is that both zip and gzip content-encoding use DEFLATE, therefore, compressed responses can be served via the sendfile() system call which does an in-kernel copy directly from the zip executable structure. Also note that red bean zip executables can be deployed easily to all platforms, since these native executables work on Linux, Mac, BSD, and Windows. - Address sanitizer now works very well
2020-09-07 04:39:00 +00:00
#include "libc/sock/sock.h"
Prove that Makefile is fully defined The whole repository is now buildable with GNU Make Landlock sandboxing. This proves that no Makefile targets exist which touch files other than their declared prerequisites. In order to do this, we had to: 1. Stop code morphing GCC output in package.com and instead run a newly introduced FIXUPOBJ.COM command after GCC invocations. 2. Disable all the crumby Python unit tests that do things like create files in the current directory, or rename() files between folders. This ended up being a lot of tests, but most of them are still ok. 3. Introduce an .UNSANDBOXED variable to GNU Make to disable Landlock. We currently only do this for things like `make tags`. 4. This change deletes some GNU Make code that was preventing the execve() optimization from working. This means it should no longer be necessary in most cases for command invocations to be indirected through the cocmd interpreter. 5. Missing dependencies had to be declared in certain places, in cases where they couldn't be automatically determined by MKDEPS.COM 6. The libcxx header situation has finally been tamed. One of the things that makes this difficult is MKDEPS.COM only wants to consider the first 64kb of a file, in order to go fast. But libcxx likes to have #include lines buried after huge documentation. 7. An .UNVEIL variable has been introduced to GNU Make just in case we ever wish to explicitly specify additional things that need to be whitelisted which aren't strictly prerequisites. This works in a manner similar to the recently introduced .EXTRA_PREREQS feature. There's now a new build/bootstrap/make.com prebuilt binary available. It should no longer be possible to write invalid Makefile code.
2022-08-06 10:51:50 +00:00
#include "libc/sock/struct/pollfd.h"
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
#include "libc/sock/struct/sockaddr.h"
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
#include "libc/stdio/append.h"
Make redbean SSL more tunable This change enables SSL compression. It significantly reduces the network load of the testing infrastructure, for free, since this revision didn't need to change any runit protocol code. However we turn it off by default in redbean since no browsers support it. It turns out that some TLSv1.0 clients (e.g. curl command on RHEL5) will send an SSLv2-style ClientHello. These types of clients are usually ten+ years old and were designed to interop with servers ten years older than them. Your redbean is now able to interop with these clients even though redbean doesn't actually support SSLv2 or SSLv3. Please note that the -B flag may be passed to disable this along with TLSv1.0, TLSv1.1, 3DES, &c The following Lua APIs have been added to redbean: - ProgramSslCompression(bool) - ProgramSslCiphersuite(name:str) - ProgramSslPresharedKey(key:str,identity:str) Lastly the DHE ciphersuites have been enabled. IANA recommends DHE and with old clients like RHEL5 it's the only perfect forward secrecy they implement.
2021-08-09 14:00:23 +00:00
#include "libc/stdio/hex.internal.h"
Prevent Make from talking to public Internet This change introduces the nointernet() function which may be called to prevent a process and its descendants from communicating with publicly routable Internet addresses. GNU Make has been modified to always call this function. In the future Landlock Make will have a way to whitelist subnets to override this behavior, or disable it entirely. Support is available for Linux only. Our firewall does not require root access. Calling nointernet() will return control to the caller inside a new process that has a SECCOMP BPF filter installed, which traps network related system calls. Your original process then becomes a permanent ptrace() supervisor that monitors all processes and threads descending from the returned child. Whenever a networking system call happens the kernel will stop the process and wakes up the monitor, which then peeks into the child memory to read the sockaddr_in to determine if it's ok. The downside to doing this is that there can be only one supervisor at a time using ptrace() on a process. So this firewall won't be enabled if you run make under strace or inside gdb. It also makes testing tricky.
2022-08-12 12:17:06 +00:00
#include "libc/stdio/rand.h"
Bump redbean to 2.0.9
2022-07-09 12:49:19 +00:00
#include "libc/stdio/stdio.h"
Refactor out some duplicated code
2021-08-14 13:17:56 +00:00
#include "libc/str/slice.h"
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
#include "libc/str/str.h"
Make more compatibility improvements
2022-09-06 14:04:13 +00:00
#include "libc/str/strwidth.h"
Make improvements - Emulator can now test the αcτµαlly pδrταblε εxεcµταblε bootloader - Whipped up a webserver named redbean. It services 150k requests per second on a single core. Bundling assets inside zip enables extremely fast serving for two reasons. The first is that zip central directory lookups go faster than stat() system calls. The second is that both zip and gzip content-encoding use DEFLATE, therefore, compressed responses can be served via the sendfile() system call which does an in-kernel copy directly from the zip executable structure. Also note that red bean zip executables can be deployed easily to all platforms, since these native executables work on Linux, Mac, BSD, and Windows. - Address sanitizer now works very well
2020-09-07 04:39:00 +00:00
#include "libc/sysv/consts/af.h"
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
#include "libc/sysv/consts/clock.h"
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
#include "libc/sysv/consts/clone.h"
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
#include "libc/sysv/consts/dt.h"
Make improvements - Emulator can now test the αcτµαlly pδrταblε εxεcµταblε bootloader - Whipped up a webserver named redbean. It services 150k requests per second on a single core. Bundling assets inside zip enables extremely fast serving for two reasons. The first is that zip central directory lookups go faster than stat() system calls. The second is that both zip and gzip content-encoding use DEFLATE, therefore, compressed responses can be served via the sendfile() system call which does an in-kernel copy directly from the zip executable structure. Also note that red bean zip executables can be deployed easily to all platforms, since these native executables work on Linux, Mac, BSD, and Windows. - Address sanitizer now works very well
2020-09-07 04:39:00 +00:00
#include "libc/sysv/consts/ex.h"
#include "libc/sysv/consts/exit.h"
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
#include "libc/sysv/consts/f.h"
Make improvements - Emulator can now test the αcτµαlly pδrταblε εxεcµταblε bootloader - Whipped up a webserver named redbean. It services 150k requests per second on a single core. Bundling assets inside zip enables extremely fast serving for two reasons. The first is that zip central directory lookups go faster than stat() system calls. The second is that both zip and gzip content-encoding use DEFLATE, therefore, compressed responses can be served via the sendfile() system call which does an in-kernel copy directly from the zip executable structure. Also note that red bean zip executables can be deployed easily to all platforms, since these native executables work on Linux, Mac, BSD, and Windows. - Address sanitizer now works very well
2020-09-07 04:39:00 +00:00
#include "libc/sysv/consts/inaddr.h"
#include "libc/sysv/consts/ipproto.h"
Improve redbean plus code size optimizations This change turns symbol table compression back on using Puff, which noticeably reduces the size of programs like redbean and Python. The redbean web server receives some minor API additions for controlling things like SSL in addition to filling gaps in the documentation.
2022-05-29 15:14:55 +00:00
#include "libc/sysv/consts/madv.h"
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
#include "libc/sysv/consts/map.h"
#include "libc/sysv/consts/o.h"
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
#include "libc/sysv/consts/poll.h"
Fix bugs and add security features to redbean - Fix a regression with the previous change that broke redbean - Add chroot(), resource limit, seccomp, and other stuff to redbean - Write lots and lots of documentation - Iron out more system call issues
2022-04-18 07:01:26 +00:00
#include "libc/sysv/consts/pr.h"
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
#include "libc/sysv/consts/prot.h"
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
#include "libc/sysv/consts/rusage.h"
Reduce makefile dependencies by 10% The includes in libc/calls/calls.h have now been refactored so that functions with struct parameters are declared in libc/calls/struct/
2022-06-09 03:01:28 +00:00
#include "libc/sysv/consts/s.h"
Let ctrl-c interrupt lua server pages in repl mode
2022-05-14 18:47:16 +00:00
#include "libc/sysv/consts/sa.h"
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
#include "libc/sysv/consts/sig.h"
Make improvements - Emulator can now test the αcτµαlly pδrταblε εxεcµταblε bootloader - Whipped up a webserver named redbean. It services 150k requests per second on a single core. Bundling assets inside zip enables extremely fast serving for two reasons. The first is that zip central directory lookups go faster than stat() system calls. The second is that both zip and gzip content-encoding use DEFLATE, therefore, compressed responses can be served via the sendfile() system call which does an in-kernel copy directly from the zip executable structure. Also note that red bean zip executables can be deployed easily to all platforms, since these native executables work on Linux, Mac, BSD, and Windows. - Address sanitizer now works very well
2020-09-07 04:39:00 +00:00
#include "libc/sysv/consts/sock.h"
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
#include "libc/sysv/consts/termios.h"
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
#include "libc/sysv/consts/timer.h"
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
#include "libc/sysv/consts/w.h"
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
#include "libc/sysv/errfuns.h"
Make _Thread_local work across platforms We now rewrite the binary image at runtime on Windows and XNU to change mov %fs:0,%reg instructions to use %gs instead. There's also simpler threading API introduced by this change and it's called _spawn() and _join(), which has replaced most clone() usage.
2022-07-10 11:01:17 +00:00
#include "libc/thread/spawn.h"
Use *NSYNC for POSIX threads locking APIs Condition variables, barriers, and r/w locks now work very well.
2022-09-11 18:02:07 +00:00
#include "libc/thread/thread.h"
#include "libc/thread/tls.h"
Make improvements - Emulator can now test the αcτµαlly pδrταblε εxεcµταblε bootloader - Whipped up a webserver named redbean. It services 150k requests per second on a single core. Bundling assets inside zip enables extremely fast serving for two reasons. The first is that zip central directory lookups go faster than stat() system calls. The second is that both zip and gzip content-encoding use DEFLATE, therefore, compressed responses can be served via the sendfile() system call which does an in-kernel copy directly from the zip executable structure. Also note that red bean zip executables can be deployed easily to all platforms, since these native executables work on Linux, Mac, BSD, and Windows. - Address sanitizer now works very well
2020-09-07 04:39:00 +00:00
#include "libc/x/x.h"
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
#include "libc/x/xasprintf.h"
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
#include "libc/zip.h"
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
#include "net/http/escape.h"
Make improvements - Emulator can now test the αcτµαlly pδrταblε εxεcµταblε bootloader - Whipped up a webserver named redbean. It services 150k requests per second on a single core. Bundling assets inside zip enables extremely fast serving for two reasons. The first is that zip central directory lookups go faster than stat() system calls. The second is that both zip and gzip content-encoding use DEFLATE, therefore, compressed responses can be served via the sendfile() system call which does an in-kernel copy directly from the zip executable structure. Also note that red bean zip executables can be deployed easily to all platforms, since these native executables work on Linux, Mac, BSD, and Windows. - Address sanitizer now works very well
2020-09-07 04:39:00 +00:00
#include "net/http/http.h"
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
#include "net/http/ip.h"
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
#include "net/http/tokenbucket.h"
Improve redbean method=get parameter handling
2022-09-20 02:23:24 +00:00
#include "net/http/url.h"
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
#include "net/https/https.h"
Make improvements - Emulator can now test the αcτµαlly pδrταblε εxεcµταblε bootloader - Whipped up a webserver named redbean. It services 150k requests per second on a single core. Bundling assets inside zip enables extremely fast serving for two reasons. The first is that zip central directory lookups go faster than stat() system calls. The second is that both zip and gzip content-encoding use DEFLATE, therefore, compressed responses can be served via the sendfile() system call which does an in-kernel copy directly from the zip executable structure. Also note that red bean zip executables can be deployed easily to all platforms, since these native executables work on Linux, Mac, BSD, and Windows. - Address sanitizer now works very well
2020-09-07 04:39:00 +00:00
#include "third_party/getopt/getopt.h"
Trim down redbean a little bit This makes redbean.c a little less long. It also reduces the size of redbean-original.com from being 333K to 213K.
2022-03-22 02:31:03 +00:00
#include "third_party/lua/cosmo.h"
Add preliminary lua support to redbean This change only implements enough Lua support to send a Hello World response. The redbean executable size increases from ~128kb to 260kb and the requests per second decreases from 1000k to 600k. That's the fastest it can go and that's extremely impressive compared to Python See #97
2021-03-22 00:27:53 +00:00
#include "third_party/lua/lauxlib.h"
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
#include "third_party/lua/lrepl.h"
Add preliminary lua support to redbean This change only implements enough Lua support to send a Hello World response. The redbean executable size increases from ~128kb to 260kb and the requests per second decreases from 1000k to 600k. That's the fastest it can go and that's extremely impressive compared to Python See #97
2021-03-22 00:27:53 +00:00
#include "third_party/lua/lualib.h"
Make fixes and improvements - Polyfill UTIME_OMIT on XNU - Refactor Lua build code so it's better - Add unix module to lua.com (Discord request) - Add unix.utimensat() and unix.futimens() to redbean - Avoid creating double slash path in linenoise (#428) - Remove double slashes in NT paths automatically (#428) - Make strerror() smarter about showing NT errors (#428) Fixes #428
2022-06-18 08:10:29 +00:00
#include "third_party/lua/lunix.h"
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
#include "third_party/mbedtls/ctr_drbg.h"
#include "third_party/mbedtls/debug.h"
Update curl example to support ssl / https Now that we know our SSL client works, and that it's able to verify certificates, the next step will be adding it as an API to redbean. See #97
2021-07-06 20:39:18 +00:00
#include "third_party/mbedtls/iana.h"
Use re-entrant locks on stdio
2022-05-22 15:13:13 +00:00
#include "third_party/mbedtls/net_sockets.h"
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
#include "third_party/mbedtls/oid.h"
#include "third_party/mbedtls/san.h"
#include "third_party/mbedtls/ssl.h"
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
#include "third_party/mbedtls/ssl_ticket.h"
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
#include "third_party/mbedtls/x509.h"
#include "third_party/mbedtls/x509_crt.h"
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
#include "third_party/zlib/zlib.h"
Add `/.args` feature to Redbean/Lua/SQLite/Python/QuickJS You now have some ability to truly make an executable yours, by adding a `.args` file to the root of the zip structure. If this is specified, then you'll be overriding the default CLI args. This will be a great feature for folks who want to distribute their own apps, using the interpreter executable, but have the executable appears to be just your app rather than being the interpreter.
2022-05-12 18:01:58 +00:00
#include "tool/args/args.h"
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
#include "tool/build/lib/case.h"
Add tcp syn packet fingerprinting to redbean This change also fixes bugs in enoprotoopt reporting with setsockopt and getsockopt error returns.
2022-07-17 09:40:39 +00:00
#include "tool/net/lfinger.h"
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
#include "tool/net/lfuncs.h"
Implement new JSON parser for redbean
2022-07-09 18:44:19 +00:00
#include "tool/net/ljson.h"
Make improvements - Introduce path module to redbean - Fix glitch with linenoise printing extra line on eof - Introduce closefrom() and close_range() system calls - Make file descriptor closing more secure in pledge.com
2022-07-20 22:13:39 +00:00
#include "tool/net/lpath.h"
Add more raw system calls to redbean We now have execve, setitimer, sigaction, sigsuspend, and sigprocmask.
2022-04-13 21:43:42 +00:00
#include "tool/net/luacheck.h"
Add seccomp bpf sandboxing to redbean It's now possible to pass the `-S` or `-SS` flags to sandbox redbean worker proecsses after they've been forked. The first `-S` flag is intended to be a permissive builtin policy that limits system calls to only that which the various parts of redbean serving need. The second `-SS` flag is intended to be more restrictive, preventing things like the Lua extensions you download off the web from using the HTTP client or sockets APIs. In upcoming changes you'll be able to implement your own Berkeley Packet Filter sandbox programs and load them via Lua.
2022-04-18 15:54:42 +00:00
#include "tool/net/sandbox.h"
Make improvements - Emulator can now test the αcτµαlly pδrταblε εxεcµταblε bootloader - Whipped up a webserver named redbean. It services 150k requests per second on a single core. Bundling assets inside zip enables extremely fast serving for two reasons. The first is that zip central directory lookups go faster than stat() system calls. The second is that both zip and gzip content-encoding use DEFLATE, therefore, compressed responses can be served via the sendfile() system call which does an in-kernel copy directly from the zip executable structure. Also note that red bean zip executables can be deployed easily to all platforms, since these native executables work on Linux, Mac, BSD, and Windows. - Address sanitizer now works very well
2020-09-07 04:39:00 +00:00
Improve memory safety This commit makes numerous refinements to cosmopolitan memory handling. The default stack size has been reduced from 2mb to 128kb. A new macro is now provided so you can easily reconfigure the stack size to be any value you want. Work around the breaking change by adding to your main: STATIC_STACK_SIZE(0x00200000); // 2mb stack If you're not sure how much stack you need, then you can use: STATIC_YOINK("stack_usage_logging"); After which you can `sort -nr o/$MODE/stack.log`. Based on the unit test suite, nothing in the Cosmopolitan repository (except for Python) needs a stack size greater than 30kb. There are also new macros for detecting the size and address of the stack at runtime, e.g. GetStackAddr(). We also now support sigaltstack() so if you want to see nice looking crash reports whenever a stack overflow happens, you can put this in main(): ShowCrashReports(); Under `make MODE=dbg` and `make MODE=asan` the unit testing framework will now automatically print backtraces of memory allocations when things like memory leaks happen. Bugs are now fixed in ASAN global variable overrun detection. The memtrack and asan runtimes also handle edge cases now. The new tools helped to identify a few memory leaks, which are fixed by this change. This change should fix an issue reported in #288 with ARG_MAX limits. Fixing this doubled the performance of MKDEPS.COM and AR.COM yet again.
2021-10-14 00:27:13 +00:00
STATIC_STACK_SIZE(0x40000);
Fix some issues with zipos and redbean - redbean.com -D /zip/dir/ now works, for pure fun - possibly fixed bug with redbean serving empty files - zipos stat() mode now indicates directories on windows See #372
2022-03-21 14:34:19 +00:00
STATIC_YOINK("zip_uri_support");
Show crash reports on SIGSYS This will help make it easier to troubleshoot ABI breakages with on operating systems that, unlike Linux don't have ironclad guarantees to not break userspace.
2022-06-23 20:01:01 +00:00
#if !IsTiny()
STATIC_YOINK("ShowCrashReportsEarly");
#endif
Improve memory safety This commit makes numerous refinements to cosmopolitan memory handling. The default stack size has been reduced from 2mb to 128kb. A new macro is now provided so you can easily reconfigure the stack size to be any value you want. Work around the breaking change by adding to your main: STATIC_STACK_SIZE(0x00200000); // 2mb stack If you're not sure how much stack you need, then you can use: STATIC_YOINK("stack_usage_logging"); After which you can `sort -nr o/$MODE/stack.log`. Based on the unit test suite, nothing in the Cosmopolitan repository (except for Python) needs a stack size greater than 30kb. There are also new macros for detecting the size and address of the stack at runtime, e.g. GetStackAddr(). We also now support sigaltstack() so if you want to see nice looking crash reports whenever a stack overflow happens, you can put this in main(): ShowCrashReports(); Under `make MODE=dbg` and `make MODE=asan` the unit testing framework will now automatically print backtraces of memory allocations when things like memory leaks happen. Bugs are now fixed in ASAN global variable overrun detection. The memtrack and asan runtimes also handle edge cases now. The new tools helped to identify a few memory leaks, which are fixed by this change. This change should fix an issue reported in #288 with ARG_MAX limits. Fixing this doubled the performance of MKDEPS.COM and AR.COM yet again.
2021-10-14 00:27:13 +00:00
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
/**
* @fileoverview redbean - single-file distributable web server
*
* redbean makes it possible to share web applications that run offline
* as a single-file αcτµαlly pδrταblε εxεcµταblε zip archive which
* contains your assets. All you need to do is download the redbean.com
* program below, change the filename to .zip, add your content in a zip
* editing tool, and then change the extension back to .com.
*
* redbean can serve 1 million+ gzip encoded responses per second on a
* cheap personal computer. That performance is thanks to zip and gzip
* using the same compression format, which enables kernelspace copies.
* Another reason redbean goes fast is that it's a tiny static binary,
* which makes fork memory paging nearly free.
*
* redbean is also easy to modify to suit your own needs. The program
* itself is written as a single .c file. It embeds the Lua programming
* language and SQLite which let you write dynamic pages.
*/
#ifndef REDBEAN
#define REDBEAN "redbean"
#endif
Release redbean v2.2
2022-11-02 16:52:54 +00:00
#define VERSION 0x020200
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
#define HASH_LOAD_FACTOR /* 1. / */ 4
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
#define MONITOR_MICROS 150000
Fix bugs and make improvements - Get clone() working on FreeBSD - Increase some Python build quotas - Add more atomic builtins to chibicc - Fix ASAN poisoning of alloca() memory - Make MODE= mandatory link path tinier - Improve the examples folder a little bit - Start working on some more resource limits - Make the linenoise auto-complete UI as good as GNU readline - Update compile.com, avoiding AVX codegen on non-AVX systems - Make sure empty path to syscalls like opendir raises ENOENT - Correctly polyfill ENOENT vs. ENOTDIR on the New Technology - Port bestline's paredit features to //third_party/linenoise - Remove workarounds for RHEL 5.0 bugs that were fixed in 5.1
2022-04-20 16:56:53 +00:00
#define READ(F, P, N) readv(F, &(struct iovec){P, N}, 1)
#define WRITE(F, P, N) writev(F, &(struct iovec){P, N}, 1)
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
#define LockInc(P) asm volatile("lock incq\t%0" : "=m"(*(P)))
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
#define LockDec(P) asm volatile("lock decq\t%0" : "=m"(*(P)))
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
#define AppendCrlf(P) mempcpy(P, "\r\n", 2)
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
#define HasHeader(H) (!!cpm.msg.headers[H].a)
#define HeaderData(H) (inbuf.p + cpm.msg.headers[H].a)
#define HeaderLength(H) (cpm.msg.headers[H].b - cpm.msg.headers[H].a)
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
#define HeaderEqualCase(H, S) \
SlicesEqualCase(S, strlen(S), HeaderData(H), HeaderLength(H))
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
Make more threading improvements - ASAN memory morgue is now lockless - Make C11 atomics header more portable - Rewrote pthread keys support to be lockless - Simplify Python's unicode table unpacking code - Make crash report write(2) closer to being atomic - Make it possible to strace/ftrace a single thread - ASAN now checks nul-terminated strings fast and properly - Windows fork() now restores TLS memory of calling thread
2022-11-02 05:36:03 +00:00
#define TRACE_BEGIN \
do { \
if (!IsTiny()) { \
if (funtrace) { \
ftrace_enabled(+1); \
} \
if (systrace) { \
strace_enabled(+1); \
} \
} \
Polish redbean serialization
2022-04-29 13:06:23 +00:00
} while (0)
Make more threading improvements - ASAN memory morgue is now lockless - Make C11 atomics header more portable - Rewrote pthread keys support to be lockless - Simplify Python's unicode table unpacking code - Make crash report write(2) closer to being atomic - Make it possible to strace/ftrace a single thread - ASAN now checks nul-terminated strings fast and properly - Windows fork() now restores TLS memory of calling thread
2022-11-02 05:36:03 +00:00
#define TRACE_END \
do { \
if (!IsTiny()) { \
if (funtrace) { \
ftrace_enabled(-1); \
} \
if (systrace) { \
strace_enabled(-1); \
} \
} \
Polish redbean serialization
2022-04-29 13:06:23 +00:00
} while (0)
Add redbean -I flag for launching browser It's now possible with any redbean (including redbean-original) to launch the system web browser without having to use the Lua API. For example, you can create an args file: echo -I/ >.args zip redbean-original.com .args That will white-label redbean so it launches a specific page when you double-click on the executable. See https://github.com/jart/cosmopolitan/discussions/472
2022-07-17 13:11:13 +00:00
// letters not used: INOQYnoqwxy
Fix bugs and add security features to redbean - Fix a regression with the previous change that broke redbean - Add chroot(), resource limit, seccomp, and other stuff to redbean - Write lots and lots of documentation - Iron out more system call issues
2022-04-18 07:01:26 +00:00
// digits not used: 0123456789
Fix GitHub actions Our build was flaking due to ETXTBSY errors running multiple redbean instances in parallel. This is due to the StoreAsset() support which seems to cause enough problems it's worth making a *breaking change* turning it off by default for now. There's a new -* flag, to restore redbean's old self-modifying behavior.
2022-07-09 08:18:55 +00:00
// puncts not used: !"#$&'()+,-./;<=>@[\]^_`{|}~
Add redbean -I flag for launching browser It's now possible with any redbean (including redbean-original) to launch the system web browser without having to use the Lua API. For example, you can create an args file: echo -I/ >.args zip redbean-original.com .args That will white-label redbean so it launches a specific page when you double-click on the executable. See https://github.com/jart/cosmopolitan/discussions/472
2022-07-17 13:11:13 +00:00
#define GETOPTS \
"*%BEJSVXZabdfghijkmsuvzA:C:D:F:G:H:K:L:M:P:R:T:U:W:c:e:l:p:r:t:w:"
Make improvements - Add GetCpuCount() API to redbean - Add unix.gmtime() API to redbean - Add unix.readlink() API to redbean - Add unix.localtime() API to redbean - Perfect the new redbean UNIX module APIs - Integrate with Linux clock_gettime() vDSO - Run Lua garbage collector when malloc() fails - Fix another regression quirk with linenoise repl - Fix GetProgramExecutableName() for systemwide installs - Fix a build flake with test/libc/mem/test.mk SRCS list
2022-04-26 04:16:05 +00:00
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
static const uint8_t kGzipHeader[] = {
0x1F, // MAGNUM
0x8B, // MAGNUM
0x08, // CM: DEFLATE
0x00, // FLG: NONE
0x00, // MTIME: NONE
0x00, //
0x00, //
0x00, //
0x00, // XFL
kZipOsUnix, // OS
};
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
static const char *const kIndexPaths[] = {
#ifndef STATIC
"index.lua",
#endif
"index.html",
};
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
static const char *const kAlpn[] = {
"http/1.1",
NULL,
};
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
struct Buffer {
Improve performance of printf functions
2021-04-24 20:58:34 +00:00
size_t n, c;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
char *p;
};
Make slight SSL performance improvements
2021-07-09 04:54:21 +00:00
struct TlsBio {
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
int fd, c;
Make slight SSL performance improvements
2021-07-09 04:54:21 +00:00
unsigned a, b;
unsigned char t[4000];
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
unsigned char u[1430];
Make slight SSL performance improvements
2021-07-09 04:54:21 +00:00
};
Add support for serving directly from filesystem You can now pass `-D directory` to redbean which will serve assets from the local filesystem. This is useful for development since it allows us to skip needing to shut down the server and run InfoZIP when testing an iteration of a lua server page script. See #97
2021-03-28 14:54:21 +00:00
struct Strings {
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
size_t n, c;
struct String {
size_t n;
const char *s;
} * p;
Add support for serving directly from filesystem You can now pass `-D directory` to redbean which will serve assets from the local filesystem. This is useful for development since it allows us to skip needing to shut down the server and run InfoZIP when testing an iteration of a lua server page script. See #97
2021-03-28 14:54:21 +00:00
};
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
struct DeflateGenerator {
int t;
void *b;
size_t i;
uint32_t c;
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
uint32_t z;
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
z_stream s;
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
struct Asset *a;
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
};
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
static struct Ips {
size_t n;
uint32_t *p;
} ips;
static struct Ports {
size_t n;
uint16_t *p;
} ports;
static struct Servers {
size_t n;
struct Server {
int fd;
struct sockaddr_in addr;
} * p;
} servers;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
static struct Freelist {
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
size_t n, c;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
void **p;
} freelist;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
static struct Unmaplist {
size_t n, c;
struct Unmap {
int f;
void *p;
size_t n;
} * p;
} unmaplist;
Make redbean SSL more tunable This change enables SSL compression. It significantly reduces the network load of the testing infrastructure, for free, since this revision didn't need to change any runit protocol code. However we turn it off by default in redbean since no browsers support it. It turns out that some TLSv1.0 clients (e.g. curl command on RHEL5) will send an SSLv2-style ClientHello. These types of clients are usually ten+ years old and were designed to interop with servers ten years older than them. Your redbean is now able to interop with these clients even though redbean doesn't actually support SSLv2 or SSLv3. Please note that the -B flag may be passed to disable this along with TLSv1.0, TLSv1.1, 3DES, &c The following Lua APIs have been added to redbean: - ProgramSslCompression(bool) - ProgramSslCiphersuite(name:str) - ProgramSslPresharedKey(key:str,identity:str) Lastly the DHE ciphersuites have been enabled. IANA recommends DHE and with old clients like RHEL5 it's the only perfect forward secrecy they implement.
2021-08-09 14:00:23 +00:00
static struct Psks {
size_t n;
struct Psk {
char *key;
size_t key_len;
char *identity;
size_t identity_len;
char *s;
} * p;
} psks;
static struct Suites {
size_t n;
uint16_t *p;
} suites;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
static struct Certs {
size_t n;
Refactor out some duplicated code
2021-08-14 13:17:56 +00:00
struct Cert *p;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
} certs;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
static struct Redirects {
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
size_t n;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
struct Redirect {
Have redbean show zip listing as default / handler If an "index.lua" or "index.html" doesn't exist in zip file or the filesystem, and no redirects have been defined for it either, then redbean will render a listing of the zip central directory content only if the request uri points to the root path.
2021-03-29 08:22:49 +00:00
int code;
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
struct String path;
struct String location;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
} * p;
} redirects;
static struct Assets {
uint32_t n;
struct Asset {
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
bool istext;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
uint32_t hash;
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
uint64_t cf;
uint64_t lf;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
int64_t lastmodified;
char *lastmodifiedstr;
Add support for serving directly from filesystem You can now pass `-D directory` to redbean which will serve assets from the local filesystem. This is useful for development since it allows us to skip needing to shut down the server and run InfoZIP when testing an iteration of a lua server page script. See #97
2021-03-28 14:54:21 +00:00
struct File {
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
struct String path;
Add support for serving directly from filesystem You can now pass `-D directory` to redbean which will serve assets from the local filesystem. This is useful for development since it allows us to skip needing to shut down the server and run InfoZIP when testing an iteration of a lua server page script. See #97
2021-03-28 14:54:21 +00:00
struct stat st;
} * file;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
} * p;
} assets;
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
static struct TrustedIps {
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
size_t n;
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
struct TrustedIp {
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
uint32_t ip;
uint32_t mask;
} * p;
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
} trustedips;
struct TokenBucket {
signed char cidr;
signed char reject;
signed char ignore;
signed char ban;
struct timespec replenish;
union {
atomic_schar *b;
atomic_uint_fast64_t *w;
};
} tokenbucket;
struct Blackhole {
struct sockaddr_un addr;
int fd;
} blackhole;
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
Have redbean show zip listing as default / handler If an "index.lua" or "index.html" doesn't exist in zip file or the filesystem, and no redirects have been defined for it either, then redbean will render a listing of the zip central directory content only if the request uri points to the root path.
2021-03-29 08:22:49 +00:00
static struct Shared {
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
int workers;
Avoid long double timestamps in redbean
2022-08-06 02:24:05 +00:00
struct timespec nowish;
struct timespec lastreindex;
struct timespec lastmeltdown;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
char currentdate[32];
struct rusage server;
struct rusage children;
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
struct Counters {
#define C(x) long x;
#include "tool/net/counters.inc"
#undef C
} c;
Clean up some of the threading code
2022-09-08 18:54:56 +00:00
pthread_spinlock_t montermlock;
Have redbean show zip listing as default / handler If an "index.lua" or "index.html" doesn't exist in zip file or the filesystem, and no redirects have been defined for it either, then redbean will render a listing of the zip central directory content only if the request uri points to the root path.
2021-03-29 08:22:49 +00:00
} * shared;
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
static const char kCounterNames[] =
#define C(x) #x "\0"
#include "tool/net/counters.inc"
#undef C
;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
typedef ssize_t (*reader_f)(int, void *, size_t);
typedef ssize_t (*writer_f)(int, struct iovec *, int);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
struct ClearedPerMessage {
bool istext;
bool branded;
bool hascontenttype;
bool gotcachecontrol;
bool gotxcontenttypeoptions;
int frags;
int statuscode;
int isyielding;
char *outbuf;
char *content;
Update redbean GetResponseBody to take response compression into account (#561)
2022-08-22 05:26:41 +00:00
size_t gzipped;
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
size_t contentlength;
char *luaheaderp;
const char *referrerpolicy;
size_t msgsize;
ssize_t (*generator)(struct iovec[3]);
struct Strings loops;
struct HttpMessage msg;
} cpm;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
static bool suiteb;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
static bool killed;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
static bool zombied;
Improve redbean plus code size optimizations This change turns symbol table compression back on using Puff, which noticeably reduces the size of programs like redbean and Python. The redbean web server receives some minor API additions for controlling things like SSL in addition to filling gaps in the documentation.
2022-05-29 15:14:55 +00:00
static bool usingssl;
Improve performance of printf functions
2021-04-24 20:58:34 +00:00
static bool funtrace;
Fix bugs and add security features to redbean - Fix a regression with the previous change that broke redbean - Add chroot(), resource limit, seccomp, and other stuff to redbean - Write lots and lots of documentation - Iron out more system call issues
2022-04-18 07:01:26 +00:00
static bool systrace;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
static bool meltdown;
Make some systemic improvements - add vdso dump utility - tests now log stack usage - rename g_ftrace to __ftrace - make internal spinlocks go faster - add conformant c11 atomics library - function tracing now logs stack usage - make function call tracing thread safe - add -X unsecure (no ssl) mode to redbean - munmap() has more consistent behavior now - pacify fsync() calls on python unit tests - make --strace flag work better in redbean - start minimizing and documenting compiler flags
2022-05-18 23:41:29 +00:00
static bool unsecure;
Improve redbean plus code size optimizations This change turns symbol table compression back on using Puff, which noticeably reduces the size of programs like redbean and Python. The redbean web server receives some minor API additions for controlling things like SSL in addition to filling gaps in the documentation.
2022-05-29 15:14:55 +00:00
static bool norsagen;
Fix redbean zip central directory lookup This regression snuck in at some point. It resulted in the program sometimes failing to load when the zip content was changed.
2021-02-27 18:47:19 +00:00
static bool printport;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
static bool daemonize;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
static bool logrusage;
Transcode ISO-8859-1 in HTTP headers If we keep making changes like this, redbean might not be a toy anymore. Additional steps are also being taken now to prevent ANSI control codes sent by the client from slipping into logs.
2021-03-28 07:10:17 +00:00
static bool logbodies;
Improve redbean plus code size optimizations This change turns symbol table compression back on using Puff, which noticeably reduces the size of programs like redbean and Python. The redbean web server receives some minor API additions for controlling things like SSL in addition to filling gaps in the documentation.
2022-05-29 15:14:55 +00:00
static bool requiressl;
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
static bool isterminal;
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
static bool sslcliused;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
static bool loglatency;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
static bool terminated;
static bool uniprocess;
static bool invalidated;
static bool logmessages;
Add state assertions to redbean Lua APIs Many of the API functions provided by redbean are only appropriate to call in certain contexts, such as request handling or .init.lua, etc. For example, Fetch can't be called from the global scope of .init.lua because SSL hasn't been configured yet. Earlier if this happened then redbean would crash, which was confusing. What we'll do now is show a friendly error message. See #97 This change also undocuments redbean ssl compression support since it seems to be causing a flake in the testing infrastructure.
2021-08-09 21:45:52 +00:00
static bool isinitialized;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
static bool checkedmethod;
Redbean SSL identification (#360) * Let Fetch() be used earlier in initialization * Have ssl log messages show cert name * Introduce GetSslIdentity Lua API
2022-03-15 00:11:05 +00:00
static bool sslinitialized;
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
static bool sslfetchverify;
Fix GitHub actions Our build was flaking due to ETXTBSY errors running multiple redbean instances in parallel. This is due to the StoreAsset() support which seems to cause enough problems it's worth making a *breaking change* turning it off by default for now. There's a new -* flag, to restore redbean's old self-modifying behavior.
2022-07-09 08:18:55 +00:00
static bool selfmodifiable;
Improve redbean - Improve serialization - Add Benchmark() API to redbean - Refactor UNIX API to be assert() friendly - Make the redbean Lua REPL print data structures - Fix recent regressions in linenoise reverse search - Add -i flag so redbean can be a language interpreter
2022-04-25 15:30:14 +00:00
static bool interpretermode;
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
static bool sslclientverify;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
static bool connectionclose;
Add redbean OnLogLatency hook (#495)
2022-07-19 03:17:14 +00:00
static bool hasonloglatency;
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
static bool hasonworkerstop;
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
static bool isexitingworker;
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
static bool hasonworkerstart;
Implement raw system call for redbean lua code You can now call functions like fork() from Lua and it'll work across all supported platforms, including Windows. This gives you a level of control of the system that Lua traditionally hasn't been able to have due to its focus on old portable stdio rather modern POSIX APIs. Demo code has been added to redbean-demo.com to show how it works. This change also modifies Lua so that integer literals with a leading zero will be interpreted as octal. That should help avoid shooting in the foot with POSIX APIs that frequently use octal mode bits. This change fixes a bug in opendir(".") on New Technology. Lastly, redbean will now serve crash reports to private network IPs. This is consistent with other frameworks. However that isn't served to public IPs unless the -E flag is passed to redbean at startup.
2022-04-13 15:49:17 +00:00
static bool leakcrashreports;
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
static bool hasonhttprequest;
Add state assertions to redbean Lua APIs Many of the API functions provided by redbean are only appropriate to call in certain contexts, such as request handling or .init.lua, etc. For example, Fetch can't be called from the global scope of .init.lua because SSL hasn't been configured yet. Earlier if this happened then redbean would crash, which was confusing. What we'll do now is show a friendly error message. See #97 This change also undocuments redbean ssl compression support since it seems to be causing a flake in the testing infrastructure.
2021-08-09 21:45:52 +00:00
static bool ishandlingrequest;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
static bool listeningonport443;
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
static bool hasonprocesscreate;
static bool hasonprocessdestroy;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
static bool loggednetworkorigin;
Add state assertions to redbean Lua APIs Many of the API functions provided by redbean are only appropriate to call in certain contexts, such as request handling or .init.lua, etc. For example, Fetch can't be called from the global scope of .init.lua because SSL hasn't been configured yet. Earlier if this happened then redbean would crash, which was confusing. What we'll do now is show a friendly error message. See #97 This change also undocuments redbean ssl compression support since it seems to be causing a flake in the testing infrastructure.
2021-08-09 21:45:52 +00:00
static bool ishandlingconnection;
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
static bool hasonclientconnection;
Use *NSYNC for POSIX threads locking APIs Condition variables, barriers, and r/w locks now work very well.
2022-09-11 18:02:07 +00:00
static atomic_bool terminatemonitor;
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
static bool evadedragnetsurveillance;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
static int zfd;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
static int gmtoff;
static int client;
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
static int mainpid;
Add seccomp bpf sandboxing to redbean It's now possible to pass the `-S` or `-SS` flags to sandbox redbean worker proecsses after they've been forked. The first `-S` flag is intended to be a permissive builtin policy that limits system calls to only that which the various parts of redbean serving need. The second `-SS` flag is intended to be more restrictive, preventing things like the Lua extensions you download off the web from using the HTTP client or sockets APIs. In upcoming changes you'll be able to implement your own Berkeley Packet Filter sandbox programs and load them via Lua.
2022-04-18 15:54:42 +00:00
static int sandboxed;
Make improvements to redbean - Fix Content-Type inference when file extension has number - Remove shoddy Class A granular IP classiifcation - Have setuid() and setgid() take effect w/o daemonization - Make GetParams() return empty table instead of nil - Change SetLogLevel(int) to only apply to one message - Make SetLogLevel(int) good enough to be access_log off - Introduce ProgramUid(int) which is same as -U INT - Introduce ProgramGid(int) which is same as -G INT - Introduce ProgramLogPath(str) which is same as -L PATH - Introduce ProgramDirectory(str) which is same as -D PATH - Introduce ProgramLogBodies(bool) which is same as -b - Introduce ProgramLogMessages(bool) which is same as -m
2021-07-08 22:56:23 +00:00
static int changeuid;
static int changegid;
Add max worker processing to redbean (#520) * Add max worker processing * Introduce ProgramMaxWorkers() API
2022-08-05 22:21:27 +00:00
static int maxworkers;
Improve signals and memory protection - Document sigaction() - Simplify New Technology fork() code - Testing and many bug fixes for mprotect() - Distribute Intel Xed ILD in the amalgamation - Turn Xed enums into defines to avoid DWARF bloat - Improve polyfilling of SA_SIGINFO on BSDs and fix bugs - setpgid(getpid(), getpid()) on Windows will ignore CTRL-C - Work around issues relating to NT mappings being executable - Permit automatic executable stack override via `ape_stack_pf`
2022-04-13 05:11:00 +00:00
static int shutdownsig;
Redbean SSL identification (#360) * Let Fetch() be used earlier in initialization * Have ssl log messages show cert name * Introduce GetSslIdentity Lua API
2022-03-15 00:11:05 +00:00
static int sslpskindex;
Make improvements to redbean - Fix Content-Type inference when file extension has number - Remove shoddy Class A granular IP classiifcation - Have setuid() and setgid() take effect w/o daemonization - Make GetParams() return empty table instead of nil - Change SetLogLevel(int) to only apply to one message - Make SetLogLevel(int) good enough to be access_log off - Introduce ProgramUid(int) which is same as -U INT - Introduce ProgramGid(int) which is same as -G INT - Introduce ProgramLogPath(str) which is same as -L PATH - Introduce ProgramDirectory(str) which is same as -D PATH - Introduce ProgramLogBodies(bool) which is same as -b - Introduce ProgramLogMessages(bool) which is same as -m
2021-07-08 22:56:23 +00:00
static int oldloglevel;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
static int messageshandled;
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
static int sslticketlifetime;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
static uint32_t clientaddrsize;
Add support for serving directly from filesystem You can now pass `-D directory` to redbean which will serve assets from the local filesystem. This is useful for development since it allows us to skip needing to shut down the server and run InfoZIP when testing an iteration of a lua server page script. See #97
2021-03-28 14:54:21 +00:00
static size_t zsize;
Add more raw system calls to redbean We now have execve, setitimer, sigaction, sigsuspend, and sigprocmask.
2022-04-13 21:43:42 +00:00
static lua_State *GL;
static lua_State *YL;
Transcode ISO-8859-1 in HTTP headers If we keep making changes like this, redbean might not be a toy anymore. Additional steps are also being taken now to prevent ANSI control codes sent by the client from slipping into logs.
2021-03-28 07:10:17 +00:00
static uint8_t *zmap;
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
static uint8_t *zbase;
Add live reindexing to redbean when zip changes
2021-05-02 18:50:43 +00:00
static uint8_t *zcdir;
Support POST parameters in redbean server pages See #97
2021-03-27 14:29:55 +00:00
static size_t hdrsize;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
static size_t amtread;
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
static char *replstack;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
static reader_f reader;
static writer_f writer;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
static char *extrahdrs;
Add live reindexing to redbean when zip changes
2021-05-02 18:50:43 +00:00
static const char *zpath;
Have redbean show zip listing as default / handler If an "index.lua" or "index.html" doesn't exist in zip file or the filesystem, and no redirects have been defined for it either, then redbean will render a listing of the zip central directory content only if the request uri points to the root path.
2021-03-29 08:22:49 +00:00
static const char *brand;
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
static char *monitorstack;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
static char gzip_footer[8];
Improve system calls - Wrap clock_getres() - Wrap sched_setscheduler() - Make sleep() api conformant - Polyfill sleep() using select() - Improve clock_gettime() polyfill - Make nanosleep() POSIX conformant - Slightly improve some DNS functions - Further strengthen pledge() sandboxing - Improve rounding of timeval / timespec - Allow layering of pledge() calls on Linux - Polyfill sched_yield() using select() on XNU - Delete more system constants we probably don't need
2022-07-08 13:29:24 +00:00
static long maxpayloadsize;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
static const char *pidpath;
static const char *logpath;
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
static uint32_t *interfaces;
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
static const char *histpath;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
static struct pollfd *polls;
Add chunked transfer decoding to redbean
2021-07-05 08:03:45 +00:00
static size_t payloadlength;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
static int64_t cacheseconds;
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
static const char *monitortty;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
static const char *serverheader;
Enable serving zip directory entries
2021-03-29 09:39:20 +00:00
static struct Strings stagedirs;
static struct Strings hidepaths;
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
static const char *launchbrowser;
Add MapContentType to redbean (#566)
2022-08-23 05:02:58 +00:00
static const char ctIdx = 'c'; // a pseudo variable to get address of
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
Make _Thread_local work across platforms We now rewrite the binary image at runtime on Windows and XNU to change mov %fs:0,%reg instructions to use %gs instead. There's also simpler threading API introduced by this change and it's called _spawn() and _join(), which has replaced most clone() usage.
2022-07-10 11:01:17 +00:00
static struct spawn replth;
static struct spawn monitorth;
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
static struct Buffer inbuf_actual;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
static struct Buffer inbuf;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
static struct Buffer oldin;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
static struct Buffer hdrbuf;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
static struct timeval timeout;
static struct Buffer effectivepath;
Avoid long double timestamps in redbean
2022-08-06 02:24:05 +00:00
static struct timespec heartbeatinterval;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
static struct Url url;
Add live reindexing to redbean when zip changes
2021-05-02 18:50:43 +00:00
static struct stat zst;
Avoid long double timestamps in redbean
2022-08-06 02:24:05 +00:00
static struct timespec startread;
static struct timespec lastrefresh;
static struct timespec startserver;
static struct timespec startrequest;
static struct timespec lastheartbeat;
static struct timespec startconnection;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
static struct sockaddr_in clientaddr;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
static struct sockaddr_in *serveraddr;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
static mbedtls_ssl_config conf;
static mbedtls_ssl_context ssl;
static mbedtls_ctr_drbg_context rng;
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
static mbedtls_ssl_ticket_context ssltick;
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
static mbedtls_ssl_config confcli;
static mbedtls_ssl_context sslcli;
static mbedtls_ctr_drbg_context rngcli;
Make slight SSL performance improvements
2021-07-09 04:54:21 +00:00
static struct TlsBio g_bio;
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
static char slashpath[PATH_MAX];
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
static struct DeflateGenerator dg;
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
static char *Route(const char *, size_t, const char *, size_t);
static char *RouteHost(const char *, size_t, const char *, size_t);
static char *RoutePath(const char *, size_t);
static char *HandleAsset(struct Asset *, const char *, size_t);
static char *ServeAsset(struct Asset *, const char *, size_t);
static char *SetStatus(unsigned, const char *);
Redbean SSL identification (#360) * Let Fetch() be used earlier in initialization * Have ssl log messages show cert name * Introduce GetSslIdentity Lua API
2022-03-15 00:11:05 +00:00
static void TlsInit(void);
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
static void OnChld(void) {
zombied = true;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
}
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
static void OnUsr1(void) {
invalidated = true;
}
static void OnUsr2(void) {
meltdown = true;
}
Improve signals and memory protection - Document sigaction() - Simplify New Technology fork() code - Testing and many bug fixes for mprotect() - Distribute Intel Xed ILD in the amalgamation - Turn Xed enums into defines to avoid DWARF bloat - Improve polyfilling of SA_SIGINFO on BSDs and fix bugs - setpgid(getpid(), getpid()) on Windows will ignore CTRL-C - Work around issues relating to NT mappings being executable - Permit automatic executable stack override via `ape_stack_pf`
2022-04-13 05:11:00 +00:00
static void OnTerm(int sig) {
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
if (!terminated) {
Improve signals and memory protection - Document sigaction() - Simplify New Technology fork() code - Testing and many bug fixes for mprotect() - Distribute Intel Xed ILD in the amalgamation - Turn Xed enums into defines to avoid DWARF bloat - Improve polyfilling of SA_SIGINFO on BSDs and fix bugs - setpgid(getpid(), getpid()) on Windows will ignore CTRL-C - Work around issues relating to NT mappings being executable - Permit automatic executable stack override via `ape_stack_pf`
2022-04-13 05:11:00 +00:00
shutdownsig = sig;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
terminated = true;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
} else {
killed = true;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
}
}
Improve signals and memory protection - Document sigaction() - Simplify New Technology fork() code - Testing and many bug fixes for mprotect() - Distribute Intel Xed ILD in the amalgamation - Turn Xed enums into defines to avoid DWARF bloat - Improve polyfilling of SA_SIGINFO on BSDs and fix bugs - setpgid(getpid(), getpid()) on Windows will ignore CTRL-C - Work around issues relating to NT mappings being executable - Permit automatic executable stack override via `ape_stack_pf`
2022-04-13 05:11:00 +00:00
static void OnInt(int sig) {
OnTerm(sig);
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
}
Improve signals and memory protection - Document sigaction() - Simplify New Technology fork() code - Testing and many bug fixes for mprotect() - Distribute Intel Xed ILD in the amalgamation - Turn Xed enums into defines to avoid DWARF bloat - Improve polyfilling of SA_SIGINFO on BSDs and fix bugs - setpgid(getpid(), getpid()) on Windows will ignore CTRL-C - Work around issues relating to NT mappings being executable - Permit automatic executable stack override via `ape_stack_pf`
2022-04-13 05:11:00 +00:00
static void OnHup(int sig) {
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
if (daemonize) {
OnUsr1();
} else {
Improve signals and memory protection - Document sigaction() - Simplify New Technology fork() code - Testing and many bug fixes for mprotect() - Distribute Intel Xed ILD in the amalgamation - Turn Xed enums into defines to avoid DWARF bloat - Improve polyfilling of SA_SIGINFO on BSDs and fix bugs - setpgid(getpid(), getpid()) on Windows will ignore CTRL-C - Work around issues relating to NT mappings being executable - Permit automatic executable stack override via `ape_stack_pf`
2022-04-13 05:11:00 +00:00
OnTerm(sig);
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
}
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
static void Free(void *p) {
free(*(void **)p);
*(void **)p = 0;
}
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
static long ParseInt(const char *s) {
return strtol(s, 0, 0);
}
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
static void *FreeLater(void *p) {
if (p) {
if (++freelist.n > freelist.c) {
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
freelist.c = freelist.n + (freelist.n >> 1);
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
freelist.p = xrealloc(freelist.p, freelist.c * sizeof(*freelist.p));
}
freelist.p[freelist.n - 1] = p;
}
return p;
}
static void UnmapLater(int f, void *p, size_t n) {
if (++unmaplist.n > unmaplist.c) {
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
unmaplist.c = unmaplist.n + (unmaplist.n >> 1);
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
unmaplist.p = xrealloc(unmaplist.p, unmaplist.c * sizeof(*unmaplist.p));
}
unmaplist.p[unmaplist.n - 1].f = f;
unmaplist.p[unmaplist.n - 1].p = p;
unmaplist.p[unmaplist.n - 1].n = n;
}
static void CollectGarbage(void) {
Make improvements to redbean - Fix Content-Type inference when file extension has number - Remove shoddy Class A granular IP classiifcation - Have setuid() and setgid() take effect w/o daemonization - Make GetParams() return empty table instead of nil - Change SetLogLevel(int) to only apply to one message - Make SetLogLevel(int) good enough to be access_log off - Introduce ProgramUid(int) which is same as -U INT - Introduce ProgramGid(int) which is same as -G INT - Introduce ProgramLogPath(str) which is same as -L PATH - Introduce ProgramDirectory(str) which is same as -D PATH - Introduce ProgramLogBodies(bool) which is same as -b - Introduce ProgramLogMessages(bool) which is same as -m
2021-07-08 22:56:23 +00:00
__log_level = oldloglevel;
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
DestroyHttpMessage(&cpm.msg);
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
while (freelist.n) {
free(freelist.p[--freelist.n]);
}
while (unmaplist.n) {
--unmaplist.n;
LOGIFNEG1(munmap(unmaplist.p[unmaplist.n].p, unmaplist.p[unmaplist.n].n));
LOGIFNEG1(close(unmaplist.p[unmaplist.n].f));
}
}
static void UseOutput(void) {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.content = FreeLater(cpm.outbuf);
cpm.contentlength = appendz(cpm.outbuf).i;
cpm.outbuf = 0;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
}
static void DropOutput(void) {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
FreeLater(cpm.outbuf);
cpm.outbuf = 0;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
}
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
static char *MergePaths(const char *p, size_t n, const char *q, size_t m,
size_t *z) {
char *r;
if (n && p[n - 1] == '/') --n;
if (m && q[0] == '/') ++q, --m;
r = xmalloc(n + 1 + m + 1);
mempcpy(mempcpy(mempcpy(mempcpy(r, p, n), "/", 1), q, m), "", 1);
if (z) *z = n + 1 + m;
return r;
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
}
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
static long FindRedirect(const char *s, size_t n) {
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
int c, m, l, r, z;
l = 0;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
r = redirects.n - 1;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
while (l <= r) {
m = (l + r) >> 1;
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
c = CompareSlices(redirects.p[m].path.s, redirects.p[m].path.n, s, n);
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
if (c < 0) {
l = m + 1;
} else if (c > 0) {
r = m - 1;
} else {
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
return m;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
}
}
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
return -1;
}
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
static mbedtls_x509_crt *GetTrustedCertificate(mbedtls_x509_name *name) {
size_t i;
for (i = 0; i < certs.n; ++i) {
if (certs.p[i].cert &&
!mbedtls_x509_name_cmp(name, &certs.p[i].cert->subject)) {
return certs.p[i].cert;
}
}
return 0;
}
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
static void UseCertificate(mbedtls_ssl_config *c, struct Cert *kp,
const char *role) {
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
VERBOSEF("(ssl) using %s certificate %`'s for HTTPS %s",
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
mbedtls_pk_get_name(&kp->cert->pk),
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
_gc(FormatX509Name(&kp->cert->subject)), role);
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
CHECK_EQ(0, mbedtls_ssl_conf_own_cert(c, kp->cert, kp->key));
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
}
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
static void AppendCert(mbedtls_x509_crt *cert, mbedtls_pk_context *key) {
certs.p = realloc(certs.p, ++certs.n * sizeof(*certs.p));
certs.p[certs.n - 1].cert = cert;
certs.p[certs.n - 1].key = key;
}
Fix chained certificate loading
2021-07-09 00:28:44 +00:00
static void InternCertificate(mbedtls_x509_crt *cert, mbedtls_x509_crt *prev) {
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
int r;
size_t i;
if (cert->next) InternCertificate(cert->next, cert);
Fix chained certificate loading
2021-07-09 00:28:44 +00:00
if (prev) {
if (mbedtls_x509_crt_check_parent(prev, cert, 1)) {
Decentralize Python native module linkage We can now link even smaller Python binaries. For example, the hello.com program in the Python build directory is a compiled linked executable of hello.py which just prints hello world. Using decentralized sections, we can make that binary 1.9mb in size (noting that python.com is 6.3 megs!) This works for nontrivial programs too. For example, say we want an APE binary that's equivalent to python.com -m http.server. Our makefile now builds such a binary using the new launcher and it's only 3.2mb in size since Python sources get turned into ELF objects, which tell our linker that we need things like native hashing algorithm code.
2021-09-07 18:40:11 +00:00
DEBUGF("(ssl) unbundling %`'s from %`'s",
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
_gc(FormatX509Name(&prev->subject)),
_gc(FormatX509Name(&cert->subject)));
Fix chained certificate loading
2021-07-09 00:28:44 +00:00
prev->next = 0;
} else if ((r = mbedtls_x509_crt_check_signature(prev, cert, 0))) {
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
WARNF("(ssl) invalid signature for %`'s -> %`'s (-0x%04x)",
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
_gc(FormatX509Name(&prev->subject)),
_gc(FormatX509Name(&cert->subject)), -r);
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
}
}
if (mbedtls_x509_time_is_past(&cert->valid_to)) {
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
WARNF("(ssl) certificate %`'s is expired",
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
_gc(FormatX509Name(&cert->subject)));
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
} else if (mbedtls_x509_time_is_future(&cert->valid_from)) {
Redbean SSL identification (#360) * Let Fetch() be used earlier in initialization * Have ssl log messages show cert name * Introduce GetSslIdentity Lua API
2022-03-15 00:11:05 +00:00
WARNF("(ssl) certificate %`'s is from the future",
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
_gc(FormatX509Name(&cert->subject)));
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
}
for (i = 0; i < certs.n; ++i) {
if (!certs.p[i].cert && certs.p[i].key &&
!mbedtls_pk_check_pair(&cert->pk, certs.p[i].key)) {
certs.p[i].cert = cert;
return;
}
}
LogCertificate("loaded certificate", cert);
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
if (!cert->next && !IsSelfSigned(cert) && cert->max_pathlen) {
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
for (i = 0; i < certs.n; ++i) {
if (!certs.p[i].cert) continue;
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
if (mbedtls_pk_can_do(&cert->pk, certs.p[i].cert->sig_pk) &&
!mbedtls_x509_crt_check_parent(cert, certs.p[i].cert, 1) &&
!IsSelfSigned(certs.p[i].cert)) {
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
if (ChainCertificate(cert, certs.p[i].cert)) break;
}
}
}
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
if (!IsSelfSigned(cert)) {
for (i = 0; i < certs.n; ++i) {
if (!certs.p[i].cert) continue;
if (certs.p[i].cert->next) continue;
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
if (certs.p[i].cert->max_pathlen &&
mbedtls_pk_can_do(&certs.p[i].cert->pk, cert->sig_pk) &&
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
!mbedtls_x509_crt_check_parent(certs.p[i].cert, cert, 1)) {
ChainCertificate(certs.p[i].cert, cert);
}
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
}
}
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
AppendCert(cert, 0);
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
}
static void ProgramCertificate(const char *p, size_t n) {
int rc;
unsigned char *waqapi;
mbedtls_x509_crt *cert;
waqapi = malloc(n + 1);
memcpy(waqapi, p, n);
waqapi[n] = 0;
cert = calloc(1, sizeof(mbedtls_x509_crt));
rc = mbedtls_x509_crt_parse(cert, waqapi, n + 1);
mbedtls_platform_zeroize(waqapi, n);
free(waqapi);
if (rc < 0) {
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
WARNF("(ssl) failed to load certificate (grep -0x%04x)", rc);
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
return;
} else if (rc > 0) {
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
VERBOSEF("(ssl) certificate bundle partially loaded");
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
}
InternCertificate(cert, 0);
}
static void ProgramPrivateKey(const char *p, size_t n) {
int rc;
size_t i;
unsigned char *waqapi;
mbedtls_pk_context *key;
waqapi = malloc(n + 1);
memcpy(waqapi, p, n);
waqapi[n] = 0;
key = calloc(1, sizeof(mbedtls_pk_context));
rc = mbedtls_pk_parse_key(key, waqapi, n + 1, 0, 0);
mbedtls_platform_zeroize(waqapi, n);
free(waqapi);
Update FATALF to exit without stack trace (#452)
2022-06-27 04:25:02 +00:00
if (rc != 0) FATALF("(ssl) error: load key (grep -0x%04x)", -rc);
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
for (i = 0; i < certs.n; ++i) {
if (certs.p[i].cert && !certs.p[i].key &&
!mbedtls_pk_check_pair(&certs.p[i].cert->pk, key)) {
certs.p[i].key = key;
return;
}
}
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
VERBOSEF("(ssl) loaded private key");
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
AppendCert(0, key);
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
}
static void ProgramFile(const char *path, void program(const char *, size_t)) {
char *p;
size_t n;
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
DEBUGF("(srvr) ProgramFile(%`'s)", path);
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
if ((p = xslurp(path, &n))) {
program(p, n);
mbedtls_platform_zeroize(p, n);
free(p);
} else {
Update FATALF to exit without stack trace (#452)
2022-06-27 04:25:02 +00:00
FATALF("(srvr) error: failed to read file %`'s", path);
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
}
}
static void ProgramPort(long port) {
if (!(0 <= port && port <= 65535)) {
Update FATALF to exit without stack trace (#452)
2022-06-27 04:25:02 +00:00
FATALF("(cfg) error: bad port: %d", port);
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
}
if (port == 443) listeningonport443 = true;
ports.p = realloc(ports.p, ++ports.n * sizeof(*ports.p));
ports.p[ports.n - 1] = port;
}
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
static void ProgramMaxPayloadSize(long x) {
maxpayloadsize = MAX(1450, x);
}
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
static void ProgramSslTicketLifetime(long x) {
sslticketlifetime = x;
}
Make redbean tinier Under MODE=tiny or MODE=tinylinux we now go back to using my homebrew version of DEFLATE decompression which is 10x smaller but 10x slower than Chromium Zlib. In tiny mode we also disable compressed responses howewver redbean will still serve precompressed responses. This change also removes a few other dependencies like strftime() and getaddrinfo() which means you can't say `-l localhost` in tiny mode, you have to say something like `-l 127.0.0.1`. m=tinylinux make -j8 MODE=$m o/$m/tool/net/redbean-original.com ls -hal o/$m/tool/net/redbean-original.com This change reduces the above size from 191.4 to 150.9 kb.
2021-07-04 19:21:29 +00:00
static void ProgramAddr(const char *addr) {
Release redbean 2.0.7
2022-06-24 00:59:35 +00:00
ssize_t rc;
int64_t ip;
if ((ip = ParseIp(addr, -1)) == -1) {
if (!IsTiny()) {
struct addrinfo *ai = NULL;
struct addrinfo hint = {AI_NUMERICSERV, AF_INET, SOCK_STREAM,
IPPROTO_TCP};
if ((rc = getaddrinfo(addr, "0", &hint, &ai)) != EAI_SUCCESS) {
Update FATALF to exit without stack trace (#452)
2022-06-27 04:25:02 +00:00
FATALF("(cfg) error: bad addr: %s (EAI_%s)", addr, gai_strerror(rc));
Release redbean 2.0.7
2022-06-24 00:59:35 +00:00
}
ip = ntohl(ai->ai_addr4->sin_addr.s_addr);
freeaddrinfo(ai);
} else {
Update FATALF to exit without stack trace (#452)
2022-06-27 04:25:02 +00:00
FATALF("(cfg) error: ProgramAddr() needs an IP in MODE=tiny: %s", addr);
Release redbean 2.0.7
2022-06-24 00:59:35 +00:00
}
Make redbean tinier Under MODE=tiny or MODE=tinylinux we now go back to using my homebrew version of DEFLATE decompression which is 10x smaller but 10x slower than Chromium Zlib. In tiny mode we also disable compressed responses howewver redbean will still serve precompressed responses. This change also removes a few other dependencies like strftime() and getaddrinfo() which means you can't say `-l localhost` in tiny mode, you have to say something like `-l 127.0.0.1`. m=tinylinux make -j8 MODE=$m o/$m/tool/net/redbean-original.com ls -hal o/$m/tool/net/redbean-original.com This change reduces the above size from 191.4 to 150.9 kb.
2021-07-04 19:21:29 +00:00
}
ips.p = realloc(ips.p, ++ips.n * sizeof(*ips.p));
ips.p[ips.n - 1] = ip;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
}
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
static void ProgramRedirect(int code, const char *sp, size_t sn, const char *dp,
size_t dn) {
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
long i, j;
struct Redirect r;
Have redbean show zip listing as default / handler If an "index.lua" or "index.html" doesn't exist in zip file or the filesystem, and no redirects have been defined for it either, then redbean will render a listing of the zip central directory content only if the request uri points to the root path.
2021-03-29 08:22:49 +00:00
if (code && code != 301 && code != 302 && code != 307 && code != 308) {
Update FATALF to exit without stack trace (#452)
2022-06-27 04:25:02 +00:00
FATALF("(cfg) error: unsupported redirect code %d", code);
Have redbean show zip listing as default / handler If an "index.lua" or "index.html" doesn't exist in zip file or the filesystem, and no redirects have been defined for it either, then redbean will render a listing of the zip central directory content only if the request uri points to the root path.
2021-03-29 08:22:49 +00:00
}
Improve redbean docs (#249) - Add Location to ProgramHeader exclusions - Add ProgramHeader documentation - Update ProgramRedirect to check location validity
2021-08-19 16:34:50 +00:00
if (!(FreeLater(EncodeHttpHeaderValue(dp, dn, 0)))) {
Update FATALF to exit without stack trace (#452)
2022-06-27 04:25:02 +00:00
FATALF("(cfg) error: invalid location %s", dp);
Improve redbean docs (#249) - Add Location to ProgramHeader exclusions - Add ProgramHeader documentation - Update ProgramRedirect to check location validity
2021-08-19 16:34:50 +00:00
}
Have redbean show zip listing as default / handler If an "index.lua" or "index.html" doesn't exist in zip file or the filesystem, and no redirects have been defined for it either, then redbean will render a listing of the zip central directory content only if the request uri points to the root path.
2021-03-29 08:22:49 +00:00
r.code = code;
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
r.path.s = sp;
r.path.n = sn;
r.location.s = dp;
r.location.n = dn;
if ((i = FindRedirect(r.path.s, r.path.n)) != -1) {
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
redirects.p[i] = r;
} else {
i = redirects.n;
redirects.p = xrealloc(redirects.p, (i + 1) * sizeof(*redirects.p));
Parse Content-Range with missing right hand side Fixes #144
2021-04-02 01:51:12 +00:00
for (j = i; j; --j) {
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
if (CompareSlices(r.path.s, r.path.n, redirects.p[j - 1].path.s,
redirects.p[j - 1].path.n) < 0) {
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
redirects.p[j] = redirects.p[j - 1];
} else {
break;
}
}
redirects.p[j] = r;
++redirects.n;
}
Make improvements - Emulator can now test the αcτµαlly pδrταblε εxεcµταblε bootloader - Whipped up a webserver named redbean. It services 150k requests per second on a single core. Bundling assets inside zip enables extremely fast serving for two reasons. The first is that zip central directory lookups go faster than stat() system calls. The second is that both zip and gzip content-encoding use DEFLATE, therefore, compressed responses can be served via the sendfile() system call which does an in-kernel copy directly from the zip executable structure. Also note that red bean zip executables can be deployed easily to all platforms, since these native executables work on Linux, Mac, BSD, and Windows. - Address sanitizer now works very well
2020-09-07 04:39:00 +00:00
}
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
static void ProgramRedirectArg(int code, const char *s) {
size_t n;
Have redbean show zip listing as default / handler If an "index.lua" or "index.html" doesn't exist in zip file or the filesystem, and no redirects have been defined for it either, then redbean will render a listing of the zip central directory content only if the request uri points to the root path.
2021-03-29 08:22:49 +00:00
const char *p;
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
n = strlen(s);
if (!(p = memchr(s, '=', n))) {
Update FATALF to exit without stack trace (#452)
2022-06-27 04:25:02 +00:00
FATALF("(cfg) error: redirect arg missing '='");
Have redbean show zip listing as default / handler If an "index.lua" or "index.html" doesn't exist in zip file or the filesystem, and no redirects have been defined for it either, then redbean will render a listing of the zip central directory content only if the request uri points to the root path.
2021-03-29 08:22:49 +00:00
}
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
ProgramRedirect(code, s, p - s, p + 1, n - (p - s + 1));
Have redbean show zip listing as default / handler If an "index.lua" or "index.html" doesn't exist in zip file or the filesystem, and no redirects have been defined for it either, then redbean will render a listing of the zip central directory content only if the request uri points to the root path.
2021-03-29 08:22:49 +00:00
}
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
static void ProgramTrustedIp(uint32_t ip, int cidr) {
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
uint32_t mask;
mask = 0xffffffffu << (32 - cidr);
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
trustedips.p = xrealloc(trustedips.p, ++trustedips.n * sizeof(*trustedips.p));
trustedips.p[trustedips.n - 1].ip = ip;
trustedips.p[trustedips.n - 1].mask = mask;
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
}
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
static bool IsTrustedIp(uint32_t ip) {
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
int i;
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
uint32_t *p;
if (interfaces) {
for (p = interfaces; *p; ++p) {
Make some more fixes to prod
2022-10-19 20:10:00 +00:00
if (ip == *p && !IsTestnetIp(ip)) {
DEBUGF("(token) ip is trusted because it's %s", "a local interface");
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
return true;
}
}
}
if (trustedips.n) {
for (i = 0; i < trustedips.n; ++i) {
if ((ip & trustedips.p[i].mask) == trustedips.p[i].ip) {
Make some more fixes to prod
2022-10-19 20:10:00 +00:00
DEBUGF("(token) ip is trusted because it's %s", "whitelisted");
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
return true;
}
}
return false;
Make some more fixes to prod
2022-10-19 20:10:00 +00:00
} else if (IsPrivateIp(ip) && !IsTestnetIp(ip)) {
DEBUGF("(token) ip is trusted because it's %s", "private");
return true;
} else if (IsLoopbackIp(ip)) {
DEBUGF("(token) ip is trusted because it's %s", "loopback");
return true;
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
} else {
Make some more fixes to prod
2022-10-19 20:10:00 +00:00
return false;
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
}
}
Reduce build latency and fix old cpu bugs
2021-08-05 21:43:53 +00:00
static void DescribeAddress(char buf[40], uint32_t addr, uint16_t port) {
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
char *p;
const char *s;
p = buf;
Add atomics to chibicc This change also fixes #434 and makes the chibicc assembler better.
2022-06-20 10:08:00 +00:00
p = FormatUint32(p, (addr & 0xFF000000) >> 030), *p++ = '.';
p = FormatUint32(p, (addr & 0x00FF0000) >> 020), *p++ = '.';
p = FormatUint32(p, (addr & 0x0000FF00) >> 010), *p++ = '.';
p = FormatUint32(p, (addr & 0x000000FF) >> 000), *p++ = ':';
p = FormatUint32(p, port);
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
*p = '\0';
assert(p - buf < 40);
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
}
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
static inline int GetServerAddr(uint32_t *ip, uint16_t *port) {
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
*ip = ntohl(serveraddr->sin_addr.s_addr);
if (port) *port = ntohs(serveraddr->sin_port);
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
return 0;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
}
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
static inline int GetClientAddr(uint32_t *ip, uint16_t *port) {
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
*ip = ntohl(clientaddr.sin_addr.s_addr);
if (port) *port = ntohs(clientaddr.sin_port);
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
return 0;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
}
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
static inline int GetRemoteAddr(uint32_t *ip, uint16_t *port) {
char str[40];
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
GetClientAddr(ip, port);
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
if (HasHeader(kHttpXForwardedFor)) {
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
if (IsTrustedIp(*ip)) {
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
if (ParseForwarded(HeaderData(kHttpXForwardedFor),
HeaderLength(kHttpXForwardedFor), ip, port) == -1) {
VERBOSEF("could not parse x-forwarded-for %`'.*s len=%ld",
HeaderLength(kHttpXForwardedFor),
HeaderData(kHttpXForwardedFor),
HeaderLength(kHttpXForwardedFor));
return -1;
}
} else {
WARNF(
"%hhu.%hhu.%hhu.%hhu isn't authorized to send x-forwarded-for %`'.*s",
*ip >> 24, *ip >> 16, *ip >> 8, *ip, HeaderLength(kHttpXForwardedFor),
HeaderData(kHttpXForwardedFor));
}
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
}
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
return 0;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
}
static char *DescribeClient(void) {
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
char str[40];
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
uint16_t port;
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
uint32_t client;
static char description[128];
GetClientAddr(&client, &port);
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
if (HasHeader(kHttpXForwardedFor) && IsTrustedIp(client)) {
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
DescribeAddress(str, client, port);
snprintf(description, sizeof(description), "%'.*s via %s",
HeaderLength(kHttpXForwardedFor), HeaderData(kHttpXForwardedFor),
str);
} else {
DescribeAddress(description, client, port);
}
return description;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
}
static char *DescribeServer(void) {
uint32_t ip;
uint16_t port;
Reduce build latency and fix old cpu bugs
2021-08-05 21:43:53 +00:00
static char serveraddrstr[40];
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
GetServerAddr(&ip, &port);
DescribeAddress(serveraddrstr, ip, port);
return serveraddrstr;
Make improvements - Emulator can now test the αcτµαlly pδrταblε εxεcµταblε bootloader - Whipped up a webserver named redbean. It services 150k requests per second on a single core. Bundling assets inside zip enables extremely fast serving for two reasons. The first is that zip central directory lookups go faster than stat() system calls. The second is that both zip and gzip content-encoding use DEFLATE, therefore, compressed responses can be served via the sendfile() system call which does an in-kernel copy directly from the zip executable structure. Also note that red bean zip executables can be deployed easily to all platforms, since these native executables work on Linux, Mac, BSD, and Windows. - Address sanitizer now works very well
2020-09-07 04:39:00 +00:00
}
Have redbean show zip listing as default / handler If an "index.lua" or "index.html" doesn't exist in zip file or the filesystem, and no redirects have been defined for it either, then redbean will render a listing of the zip central directory content only if the request uri points to the root path.
2021-03-29 08:22:49 +00:00
static void ProgramBrand(const char *s) {
Improve some unicode functions
2021-05-05 14:25:39 +00:00
char *p;
Have redbean show zip listing as default / handler If an "index.lua" or "index.html" doesn't exist in zip file or the filesystem, and no redirects have been defined for it either, then redbean will render a listing of the zip central directory content only if the request uri points to the root path.
2021-03-29 08:22:49 +00:00
free(brand);
free(serverheader);
Improve some unicode functions
2021-05-05 14:25:39 +00:00
if (!(p = EncodeHttpHeaderValue(s, -1, 0))) {
Update FATALF to exit without stack trace (#452)
2022-06-27 04:25:02 +00:00
FATALF("(cfg) error: brand isn't latin1 encodable: %`'s", s);
Have redbean show zip listing as default / handler If an "index.lua" or "index.html" doesn't exist in zip file or the filesystem, and no redirects have been defined for it either, then redbean will render a listing of the zip central directory content only if the request uri points to the root path.
2021-03-29 08:22:49 +00:00
}
Improve some unicode functions
2021-05-05 14:25:39 +00:00
brand = strdup(s);
serverheader = xasprintf("Server: %s\r\n", p);
free(p);
Have redbean show zip listing as default / handler If an "index.lua" or "index.html" doesn't exist in zip file or the filesystem, and no redirects have been defined for it either, then redbean will render a listing of the zip central directory content only if the request uri points to the root path.
2021-03-29 08:22:49 +00:00
}
Make improvements to redbean - Fix Content-Type inference when file extension has number - Remove shoddy Class A granular IP classiifcation - Have setuid() and setgid() take effect w/o daemonization - Make GetParams() return empty table instead of nil - Change SetLogLevel(int) to only apply to one message - Make SetLogLevel(int) good enough to be access_log off - Introduce ProgramUid(int) which is same as -U INT - Introduce ProgramGid(int) which is same as -G INT - Introduce ProgramLogPath(str) which is same as -L PATH - Introduce ProgramDirectory(str) which is same as -D PATH - Introduce ProgramLogBodies(bool) which is same as -b - Introduce ProgramLogMessages(bool) which is same as -m
2021-07-08 22:56:23 +00:00
static void ProgramUid(long x) {
changeuid = x;
}
static void ProgramGid(long x) {
changegid = x;
}
Improve error messages for consistency (#297)
2021-10-25 21:44:04 +00:00
#define MINTIMEOUT 10
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
static void ProgramTimeout(long ms) {
ldiv_t d;
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
if (ms < 0) {
timeout.tv_sec = ms; /* -(keepalive seconds) */
timeout.tv_usec = 0;
} else {
Improve error messages for consistency (#297)
2021-10-25 21:44:04 +00:00
if (ms < MINTIMEOUT) {
Update FATALF to exit without stack trace (#452)
2022-06-27 04:25:02 +00:00
FATALF("(cfg) error: timeout needs to be %dms or greater", MINTIMEOUT);
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
}
d = ldiv(ms, 1000);
timeout.tv_sec = d.quot;
timeout.tv_usec = d.rem * 1000;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
}
}
Have redbean show zip listing as default / handler If an "index.lua" or "index.html" doesn't exist in zip file or the filesystem, and no redirects have been defined for it either, then redbean will render a listing of the zip central directory content only if the request uri points to the root path.
2021-03-29 08:22:49 +00:00
static void ProgramCache(long x) {
cacheseconds = x;
}
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
static void SetDefaults(void) {
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
ProgramBrand(_gc(xasprintf("%s/%hhd.%hhd.%hhd", REDBEAN, VERSION >> 020,
VERSION >> 010, VERSION >> 000)));
Change default redbean log level to info A new -s flag has been added to increase silence. This change is intended to make it a little less weird opening the redbean binary directly from the browser and seeing an empty terminal window.
2021-05-01 12:28:15 +00:00
__log_level = kLogInfo;
Fix bugs and make improvements - Fix regression with `%lu` - Added some more headers witnessed in the wild - Added `-M INT` option to redbean to tune max payload size - Work around InfoZIP 256 character limit on comment line size
2021-05-01 12:11:35 +00:00
maxpayloadsize = 64 * 1024;
Have redbean show zip listing as default / handler If an "index.lua" or "index.html" doesn't exist in zip file or the filesystem, and no redirects have been defined for it either, then redbean will render a listing of the zip central directory content only if the request uri points to the root path.
2021-03-29 08:22:49 +00:00
ProgramCache(-1);
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
ProgramTimeout(60 * 1000);
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
ProgramSslTicketLifetime(24 * 60 * 60);
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
sslfetchverify = true;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
static void AddString(struct Strings *l, const char *s, size_t n) {
if (++l->n > l->c) {
l->c = l->n + (l->n >> 1);
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
l->p = realloc(l->p, l->c * sizeof(*l->p));
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
}
l->p[l->n - 1].s = s;
l->p[l->n - 1].n = n;
Enable serving zip directory entries
2021-03-29 09:39:20 +00:00
}
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
static bool HasString(struct Strings *l, const char *s, size_t n) {
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
size_t i;
for (i = 0; i < l->n; ++i) {
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
if (SlicesEqual(l->p[i].s, l->p[i].n, s, n)) {
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
return true;
}
}
return false;
}
Make improvements to redbean - Fix Content-Type inference when file extension has number - Remove shoddy Class A granular IP classiifcation - Have setuid() and setgid() take effect w/o daemonization - Make GetParams() return empty table instead of nil - Change SetLogLevel(int) to only apply to one message - Make SetLogLevel(int) good enough to be access_log off - Introduce ProgramUid(int) which is same as -U INT - Introduce ProgramGid(int) which is same as -G INT - Introduce ProgramLogPath(str) which is same as -L PATH - Introduce ProgramDirectory(str) which is same as -D PATH - Introduce ProgramLogBodies(bool) which is same as -b - Introduce ProgramLogMessages(bool) which is same as -m
2021-07-08 22:56:23 +00:00
static void ProgramDirectory(const char *path) {
char *s;
size_t n;
redbean: allow symlinks for -D path (#372) Previously ProgramDirectory called isdirectory which returns false for symlinks. instead just check directory with stat, and allow user to pass `-D /tmp/foo/`, where /tmp/foo might be a symlink.
2022-03-21 12:43:49 +00:00
struct stat st;
Fix some issues with zipos and redbean - redbean.com -D /zip/dir/ now works, for pure fun - possibly fixed bug with redbean serving empty files - zipos stat() mode now indicates directories on windows See #372
2022-03-21 14:34:19 +00:00
if (stat(path, &st) == -1 || !S_ISDIR(st.st_mode)) {
Update FATALF to exit without stack trace (#452)
2022-06-27 04:25:02 +00:00
FATALF("(cfg) error: not a directory: %`'s", path);
redbean: allow symlinks for -D path (#372) Previously ProgramDirectory called isdirectory which returns false for symlinks. instead just check directory with stat, and allow user to pass `-D /tmp/foo/`, where /tmp/foo might be a symlink.
2022-03-21 12:43:49 +00:00
}
Make improvements to redbean - Fix Content-Type inference when file extension has number - Remove shoddy Class A granular IP classiifcation - Have setuid() and setgid() take effect w/o daemonization - Make GetParams() return empty table instead of nil - Change SetLogLevel(int) to only apply to one message - Make SetLogLevel(int) good enough to be access_log off - Introduce ProgramUid(int) which is same as -U INT - Introduce ProgramGid(int) which is same as -G INT - Introduce ProgramLogPath(str) which is same as -L PATH - Introduce ProgramDirectory(str) which is same as -D PATH - Introduce ProgramLogBodies(bool) which is same as -b - Introduce ProgramLogMessages(bool) which is same as -m
2021-07-08 22:56:23 +00:00
s = strdup(path);
n = strlen(s);
redbean: allow symlinks for -D path (#372) Previously ProgramDirectory called isdirectory which returns false for symlinks. instead just check directory with stat, and allow user to pass `-D /tmp/foo/`, where /tmp/foo might be a symlink.
2022-03-21 12:43:49 +00:00
INFOF("(cfg) program directory: %s", s);
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
AddString(&stagedirs, s, n);
Add support for serving directly from filesystem You can now pass `-D directory` to redbean which will serve assets from the local filesystem. This is useful for development since it allows us to skip needing to shut down the server and run InfoZIP when testing an iteration of a lua server page script. See #97
2021-03-28 14:54:21 +00:00
}
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
static void ProgramHeader(const char *s) {
char *p, *v, *h;
if ((p = strchr(s, ':')) && IsValidHttpToken(s, p - s) &&
(v = EncodeLatin1(p + 1, -1, 0, kControlC0 | kControlC1 | kControlWs))) {
switch (GetHttpHeader(s, p - s)) {
case kHttpDate:
case kHttpConnection:
case kHttpContentLength:
case kHttpContentEncoding:
case kHttpContentRange:
Improve redbean docs (#249) - Add Location to ProgramHeader exclusions - Add ProgramHeader documentation - Update ProgramRedirect to check location validity
2021-08-19 16:34:50 +00:00
case kHttpLocation:
Update FATALF to exit without stack trace (#452)
2022-06-27 04:25:02 +00:00
FATALF("(cfg) error: can't program header: %`'s", s);
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
case kHttpServer:
ProgramBrand(p + 1);
break;
default:
p = xasprintf("%s%.*s:%s\r\n", extrahdrs ? extrahdrs : "", p - s, s, v);
free(extrahdrs);
extrahdrs = p;
break;
}
free(v);
} else {
Update FATALF to exit without stack trace (#452)
2022-06-27 04:25:02 +00:00
FATALF("(cfg) error: illegal header: %`'s", s);
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
}
}
Make improvements to redbean - Fix Content-Type inference when file extension has number - Remove shoddy Class A granular IP classiifcation - Have setuid() and setgid() take effect w/o daemonization - Make GetParams() return empty table instead of nil - Change SetLogLevel(int) to only apply to one message - Make SetLogLevel(int) good enough to be access_log off - Introduce ProgramUid(int) which is same as -U INT - Introduce ProgramGid(int) which is same as -G INT - Introduce ProgramLogPath(str) which is same as -L PATH - Introduce ProgramDirectory(str) which is same as -D PATH - Introduce ProgramLogBodies(bool) which is same as -b - Introduce ProgramLogMessages(bool) which is same as -m
2021-07-08 22:56:23 +00:00
static void ProgramLogPath(const char *s) {
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
int fd;
Make improvements to redbean - Fix Content-Type inference when file extension has number - Remove shoddy Class A granular IP classiifcation - Have setuid() and setgid() take effect w/o daemonization - Make GetParams() return empty table instead of nil - Change SetLogLevel(int) to only apply to one message - Make SetLogLevel(int) good enough to be access_log off - Introduce ProgramUid(int) which is same as -U INT - Introduce ProgramGid(int) which is same as -G INT - Introduce ProgramLogPath(str) which is same as -L PATH - Introduce ProgramDirectory(str) which is same as -D PATH - Introduce ProgramLogBodies(bool) which is same as -b - Introduce ProgramLogMessages(bool) which is same as -m
2021-07-08 22:56:23 +00:00
logpath = strdup(s);
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
fd = open(logpath, O_APPEND | O_WRONLY | O_CREAT, 0640);
if (fd == -1) {
WARNF("(srvr) open(%`'s) failed: %m", logpath);
return;
}
if (fd != 2) {
dup2(fd, 2);
close(fd);
}
Make improvements to redbean - Fix Content-Type inference when file extension has number - Remove shoddy Class A granular IP classiifcation - Have setuid() and setgid() take effect w/o daemonization - Make GetParams() return empty table instead of nil - Change SetLogLevel(int) to only apply to one message - Make SetLogLevel(int) good enough to be access_log off - Introduce ProgramUid(int) which is same as -U INT - Introduce ProgramGid(int) which is same as -G INT - Introduce ProgramLogPath(str) which is same as -L PATH - Introduce ProgramDirectory(str) which is same as -D PATH - Introduce ProgramLogBodies(bool) which is same as -b - Introduce ProgramLogMessages(bool) which is same as -m
2021-07-08 22:56:23 +00:00
}
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
static void ProgramPidPath(const char *s) {
pidpath = strdup(s);
}
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
static bool IsServerFd(int fd) {
size_t i;
for (i = 0; i < servers.n; ++i) {
if (servers.p[i].fd == fd) {
return true;
}
}
return false;
}
Make improvements to redbean - Fix Content-Type inference when file extension has number - Remove shoddy Class A granular IP classiifcation - Have setuid() and setgid() take effect w/o daemonization - Make GetParams() return empty table instead of nil - Change SetLogLevel(int) to only apply to one message - Make SetLogLevel(int) good enough to be access_log off - Introduce ProgramUid(int) which is same as -U INT - Introduce ProgramGid(int) which is same as -G INT - Introduce ProgramLogPath(str) which is same as -L PATH - Introduce ProgramDirectory(str) which is same as -D PATH - Introduce ProgramLogBodies(bool) which is same as -b - Introduce ProgramLogMessages(bool) which is same as -m
2021-07-08 22:56:23 +00:00
static void ChangeUser(void) {
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
if (changegid) {
if (setgid(changegid)) {
Redbean report write lock failure (#450) This change updates redbean to report a non-writable path when using StoreAsset, instead of crashing the worker.
2022-06-27 04:16:13 +00:00
FATALF("(cfg) setgid() failed: %m");
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
}
}
// order matters
if (changeuid) {
if (setuid(changeuid)) {
Redbean report write lock failure (#450) This change updates redbean to report a non-writable path when using StoreAsset, instead of crashing the worker.
2022-06-27 04:16:13 +00:00
FATALF("(cfg) setuid() failed: %m");
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
}
}
Make improvements to redbean - Fix Content-Type inference when file extension has number - Remove shoddy Class A granular IP classiifcation - Have setuid() and setgid() take effect w/o daemonization - Make GetParams() return empty table instead of nil - Change SetLogLevel(int) to only apply to one message - Make SetLogLevel(int) good enough to be access_log off - Introduce ProgramUid(int) which is same as -U INT - Introduce ProgramGid(int) which is same as -G INT - Introduce ProgramLogPath(str) which is same as -L PATH - Introduce ProgramDirectory(str) which is same as -D PATH - Introduce ProgramLogBodies(bool) which is same as -b - Introduce ProgramLogMessages(bool) which is same as -m
2021-07-08 22:56:23 +00:00
}
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
static void Daemonize(void) {
Improve Redbean shutdown (#506) * Update redbean shutdown to call OnServerStop when all shutdown/logging is done * Move closing file descriptors during daemonization earlier This should fix using opened file descriptors, for example, SQLite DB files and redbean itself when StoreAsset is used. Fixes #182. * Move opening logs earlier to capture logs from Listen and .init.lua * Move pidpath handling outside of daemonize, as it can be used independently
2022-07-24 01:58:31 +00:00
if (fork() > 0) exit(0);
Fix redbean daemonization Fixes #94
2021-03-02 08:38:11 +00:00
setsid();
Improve Redbean shutdown (#506) * Update redbean shutdown to call OnServerStop when all shutdown/logging is done * Move closing file descriptors during daemonization earlier This should fix using opened file descriptors, for example, SQLite DB files and redbean itself when StoreAsset is used. Fixes #182. * Move opening logs earlier to capture logs from Listen and .init.lua * Move pidpath handling outside of daemonize, as it can be used independently
2022-07-24 01:58:31 +00:00
if (fork() > 0) _exit(0);
Fix redbean daemonization Fixes #94
2021-03-02 08:38:11 +00:00
umask(0);
Make improvements - Emulator can now test the αcτµαlly pδrταblε εxεcµταblε bootloader - Whipped up a webserver named redbean. It services 150k requests per second on a single core. Bundling assets inside zip enables extremely fast serving for two reasons. The first is that zip central directory lookups go faster than stat() system calls. The second is that both zip and gzip content-encoding use DEFLATE, therefore, compressed responses can be served via the sendfile() system call which does an in-kernel copy directly from the zip executable structure. Also note that red bean zip executables can be deployed easily to all platforms, since these native executables work on Linux, Mac, BSD, and Windows. - Address sanitizer now works very well
2020-09-07 04:39:00 +00:00
}
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
static void LogLuaError(char *hook, char *err) {
ERRORF("(lua) failed to run %s: %s", hook, err);
}
Add more raw system calls to redbean We now have execve, setitimer, sigaction, sigsuspend, and sigprocmask.
2022-04-13 21:43:42 +00:00
static bool LuaEvalCode(const char *code) {
Redbean StoreAsset fix and lua cli (#326) * Fix StoreAsset update for existing assets in redbean * Add lua code execution and asset storage from redbean command line
2022-03-05 02:47:15 +00:00
lua_State *L = GL;
int status = luaL_loadstring(L, code);
Redbean stream yield implementation (#370) * Simplify handling of coroutine state * Update redbean to allow yielding from Lua to support streaming * Add stack checks for Lua resume calls in redbean
2022-03-22 01:07:30 +00:00
if (status != LUA_OK || LuaCallWithTrace(L, 0, 0, NULL) != LUA_OK) {
Redbean StoreAsset fix and lua cli (#326) * Fix StoreAsset update for existing assets in redbean * Add lua code execution and asset storage from redbean command line
2022-03-05 02:47:15 +00:00
LogLuaError("lua code", lua_tostring(L, -1));
Redbean stream yield implementation (#370) * Simplify handling of coroutine state * Update redbean to allow yielding from Lua to support streaming * Add stack checks for Lua resume calls in redbean
2022-03-22 01:07:30 +00:00
lua_pop(L, 1); // pop error
Redbean StoreAsset fix and lua cli (#326) * Fix StoreAsset update for existing assets in redbean * Add lua code execution and asset storage from redbean command line
2022-03-05 02:47:15 +00:00
return false;
}
Fix reporting of Lua stack items from various hook calls (#395) Some hooks can be called after OnHttpRequest, which may leave an anchored item on stack, so this have to be taken into account to avoid spurious reports.
2022-04-28 04:57:52 +00:00
AssertLuaStackIsAt(L, 0);
Redbean StoreAsset fix and lua cli (#326) * Fix StoreAsset update for existing assets in redbean * Add lua code execution and asset storage from redbean command line
2022-03-05 02:47:15 +00:00
return true;
}
Add more raw system calls to redbean We now have execve, setitimer, sigaction, sigsuspend, and sigprocmask.
2022-04-13 21:43:42 +00:00
static bool LuaEvalFile(const char *path) {
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
char *f = _gc(xslurp(path, 0));
Fix redbean to check for file read result when -F option is used (#569)
2022-08-24 03:54:51 +00:00
if (!f) FATALF("(cfg) error: failed to read file %`'s", path);
return LuaEvalCode(f);
Add more raw system calls to redbean We now have execve, setitimer, sigaction, sigsuspend, and sigprocmask.
2022-04-13 21:43:42 +00:00
}
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
static bool LuaOnClientConnection(void) {
Add OnServerListen hook to configure listen() (#459)
2022-07-08 14:17:25 +00:00
bool dropit = false;
Trim down redbean a little bit This makes redbean.c a little less long. It also reduces the size of redbean-original.com from being 333K to 213K.
2022-03-22 02:31:03 +00:00
#ifndef STATIC
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
uint32_t ip, serverip;
uint16_t port, serverport;
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
lua_State *L = GL;
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
lua_getglobal(L, "OnClientConnection");
GetClientAddr(&ip, &port);
GetServerAddr(&serverip, &serverport);
Fix type signature of new Lua hooks (#239)
2021-08-12 07:15:39 +00:00
lua_pushinteger(L, ip);
lua_pushinteger(L, port);
lua_pushinteger(L, serverip);
lua_pushinteger(L, serverport);
Redbean stream yield implementation (#370) * Simplify handling of coroutine state * Update redbean to allow yielding from Lua to support streaming * Add stack checks for Lua resume calls in redbean
2022-03-22 01:07:30 +00:00
if (LuaCallWithTrace(L, 4, 1, NULL) == LUA_OK) {
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
dropit = lua_toboolean(L, -1);
} else {
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
LogLuaError("OnClientConnection", lua_tostring(L, -1));
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
}
Reset Lua stack to drop unused returned values (#382) Since some Lua code may return values that will be left on stack, they need to be removed to avoid growing the stack unnecessarily.
2022-04-09 19:36:05 +00:00
lua_pop(L, 1); // pop result or error
Fix reporting of Lua stack items from various hook calls (#395) Some hooks can be called after OnHttpRequest, which may leave an anchored item on stack, so this have to be taken into account to avoid spurious reports.
2022-04-28 04:57:52 +00:00
AssertLuaStackIsAt(L, 0);
Trim down redbean a little bit This makes redbean.c a little less long. It also reduces the size of redbean-original.com from being 333K to 213K.
2022-03-22 02:31:03 +00:00
#endif
Add OnServerListen hook to configure listen() (#459)
2022-07-08 14:17:25 +00:00
return dropit;
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
}
Add redbean OnLogLatency hook (#495)
2022-07-19 03:17:14 +00:00
static void LuaOnLogLatency(long reqtime, long contime) {
#ifndef STATIC
lua_State *L = GL;
int n = lua_gettop(L);
lua_getglobal(L, "OnLogLatency");
lua_pushinteger(L, reqtime);
lua_pushinteger(L, contime);
if (LuaCallWithTrace(L, 2, 0, NULL) != LUA_OK) {
LogLuaError("OnLogLatency", lua_tostring(L, -1));
lua_pop(L, 1); // pop error
}
AssertLuaStackIsAt(L, n);
#endif
}
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
static void LuaOnProcessCreate(int pid) {
Trim down redbean a little bit This makes redbean.c a little less long. It also reduces the size of redbean-original.com from being 333K to 213K.
2022-03-22 02:31:03 +00:00
#ifndef STATIC
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
uint32_t ip, serverip;
uint16_t port, serverport;
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
lua_State *L = GL;
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
lua_getglobal(L, "OnProcessCreate");
GetClientAddr(&ip, &port);
GetServerAddr(&serverip, &serverport);
Fix type signature of new Lua hooks (#239)
2021-08-12 07:15:39 +00:00
lua_pushinteger(L, pid);
lua_pushinteger(L, ip);
lua_pushinteger(L, port);
lua_pushinteger(L, serverip);
lua_pushinteger(L, serverport);
Redbean stream yield implementation (#370) * Simplify handling of coroutine state * Update redbean to allow yielding from Lua to support streaming * Add stack checks for Lua resume calls in redbean
2022-03-22 01:07:30 +00:00
if (LuaCallWithTrace(L, 5, 0, NULL) != LUA_OK) {
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
LogLuaError("OnProcessCreate", lua_tostring(L, -1));
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
lua_pop(L, 1); // pop error
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
}
Fix reporting of Lua stack items from various hook calls (#395) Some hooks can be called after OnHttpRequest, which may leave an anchored item on stack, so this have to be taken into account to avoid spurious reports.
2022-04-28 04:57:52 +00:00
AssertLuaStackIsAt(L, 0);
Trim down redbean a little bit This makes redbean.c a little less long. It also reduces the size of redbean-original.com from being 333K to 213K.
2022-03-22 02:31:03 +00:00
#endif
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
}
Add OnServerListen hook to configure listen() (#459)
2022-07-08 14:17:25 +00:00
static bool LuaOnServerListen(int fd, uint32_t ip, uint16_t port) {
bool nouse = false;
#ifndef STATIC
lua_State *L = GL;
lua_getglobal(L, "OnServerListen");
lua_pushinteger(L, fd);
lua_pushinteger(L, ip);
lua_pushinteger(L, port);
if (LuaCallWithTrace(L, 3, 1, NULL) == LUA_OK) {
nouse = lua_toboolean(L, -1);
} else {
LogLuaError("OnServerListen", lua_tostring(L, -1));
}
lua_pop(L, 1); // pop result or error
AssertLuaStackIsAt(L, 0);
#endif
return nouse;
}
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
static void LuaOnProcessDestroy(int pid) {
Trim down redbean a little bit This makes redbean.c a little less long. It also reduces the size of redbean-original.com from being 333K to 213K.
2022-03-22 02:31:03 +00:00
#ifndef STATIC
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
lua_State *L = GL;
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
lua_getglobal(L, "OnProcessDestroy");
Fix type signature of new Lua hooks (#239)
2021-08-12 07:15:39 +00:00
lua_pushinteger(L, pid);
Redbean stream yield implementation (#370) * Simplify handling of coroutine state * Update redbean to allow yielding from Lua to support streaming * Add stack checks for Lua resume calls in redbean
2022-03-22 01:07:30 +00:00
if (LuaCallWithTrace(L, 1, 0, NULL) != LUA_OK) {
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
LogLuaError("OnProcessDestroy", lua_tostring(L, -1));
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
lua_pop(L, 1); // pop error
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
}
Fix reporting of Lua stack items from various hook calls (#395) Some hooks can be called after OnHttpRequest, which may leave an anchored item on stack, so this have to be taken into account to avoid spurious reports.
2022-04-28 04:57:52 +00:00
AssertLuaStackIsAt(L, 0);
Trim down redbean a little bit This makes redbean.c a little less long. It also reduces the size of redbean-original.com from being 333K to 213K.
2022-03-22 02:31:03 +00:00
#endif
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
}
static inline bool IsHookDefined(const char *s) {
#ifndef STATIC
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
lua_State *L = GL;
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
bool res = !!lua_getglobal(L, s);
lua_pop(L, 1);
return res;
#else
return false;
#endif
}
static void CallSimpleHook(const char *s) {
Trim down redbean a little bit This makes redbean.c a little less long. It also reduces the size of redbean-original.com from being 333K to 213K.
2022-03-22 02:31:03 +00:00
#ifndef STATIC
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
lua_State *L = GL;
Fix reporting of Lua stack items from various hook calls (#395) Some hooks can be called after OnHttpRequest, which may leave an anchored item on stack, so this have to be taken into account to avoid spurious reports.
2022-04-28 04:57:52 +00:00
int n = lua_gettop(L);
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
lua_getglobal(L, s);
Redbean stream yield implementation (#370) * Simplify handling of coroutine state * Update redbean to allow yielding from Lua to support streaming * Add stack checks for Lua resume calls in redbean
2022-03-22 01:07:30 +00:00
if (LuaCallWithTrace(L, 0, 0, NULL) != LUA_OK) {
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
LogLuaError(s, lua_tostring(L, -1));
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
lua_pop(L, 1); // pop error
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
}
Fix reporting of Lua stack items from various hook calls (#395) Some hooks can be called after OnHttpRequest, which may leave an anchored item on stack, so this have to be taken into account to avoid spurious reports.
2022-04-28 04:57:52 +00:00
AssertLuaStackIsAt(L, n);
Trim down redbean a little bit This makes redbean.c a little less long. It also reduces the size of redbean-original.com from being 333K to 213K.
2022-03-22 02:31:03 +00:00
#endif
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
}
static void CallSimpleHookIfDefined(const char *s) {
if (IsHookDefined(s)) {
CallSimpleHook(s);
}
}
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
static void ReportWorkerExit(int pid, int ws) {
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
int workers;
Make some systemic improvements - add vdso dump utility - tests now log stack usage - rename g_ftrace to __ftrace - make internal spinlocks go faster - add conformant c11 atomics library - function tracing now logs stack usage - make function call tracing thread safe - add -X unsecure (no ssl) mode to redbean - munmap() has more consistent behavior now - pacify fsync() calls on python unit tests - make --strace flag work better in redbean - start minimizing and documenting compiler flags
2022-05-18 23:41:29 +00:00
workers = atomic_fetch_sub(&shared->workers, 1) - 1;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
if (WIFEXITED(ws)) {
if (WEXITSTATUS(ws)) {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.failedchildren);
Decentralize Python native module linkage We can now link even smaller Python binaries. For example, the hello.com program in the Python build directory is a compiled linked executable of hello.py which just prints hello world. Using decentralized sections, we can make that binary 1.9mb in size (noting that python.com is 6.3 megs!) This works for nontrivial programs too. For example, say we want an APE binary that's equivalent to python.com -m http.server. Our makefile now builds such a binary using the new launcher and it's only 3.2mb in size since Python sources get turned into ELF objects, which tell our linker that we need things like native hashing algorithm code.
2021-09-07 18:40:11 +00:00
WARNF("(stat) %d exited with %d (%,d workers remain)", pid,
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
WEXITSTATUS(ws), workers);
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
} else {
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
DEBUGF("(stat) %d exited (%,d workers remain)", pid, workers);
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
} else {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.terminatedchildren);
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
WARNF("(stat) %d terminated with %s (%,d workers remain)", pid,
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
strsignal(WTERMSIG(ws)), workers);
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
}
}
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
static void ReportWorkerResources(int pid, struct rusage *ru) {
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
char *s, *b = 0;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
if (logrusage || LOGGABLE(kLogDebug)) {
Improve redbean - Improve serialization - Add Benchmark() API to redbean - Refactor UNIX API to be assert() friendly - Make the redbean Lua REPL print data structures - Fix recent regressions in linenoise reverse search - Add -i flag so redbean can be a language interpreter
2022-04-25 15:30:14 +00:00
AppendResourceReport(&b, ru, "\n");
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
if (b) {
if ((s = IndentLines(b, appendz(b).i - 1, 0, 1))) {
Improve redbean - Improve serialization - Add Benchmark() API to redbean - Refactor UNIX API to be assert() friendly - Make the redbean Lua REPL print data structures - Fix recent regressions in linenoise reverse search - Add -i flag so redbean can be a language interpreter
2022-04-25 15:30:14 +00:00
LOGF(kLogDebug, "(stat) resource report for pid %d\n%s", pid, s);
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
free(s);
}
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
free(b);
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
}
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
}
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
static void HandleWorkerExit(int pid, int ws, struct rusage *ru) {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.connectionshandled);
Improve cancellations, randomness, and time - Exhaustively document cancellation points - Rename SIGCANCEL to SIGTHR just like BSDs - Further improve POSIX thread cancellations - Ensure asynchronous cancellations work correctly - Elevate the quality of getrandom() and getentropy() - Make futexes cancel correctly on OpenBSD 6.x and 7.x - Add reboot.com and shutdown.com to examples directory - Remove underscore prefix from awesome timespec_*() APIs - Create assertions that help verify our cancellation points - Remove bad timespec APIs (cmp generalizes eq/ne/gt/gte/lt/lte)
2022-11-06 02:49:41 +00:00
rusage_add(&shared->children, ru);
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
ReportWorkerExit(pid, ws);
ReportWorkerResources(pid, ru);
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
if (hasonprocessdestroy) {
LuaOnProcessDestroy(pid);
}
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
}
Improve signals and memory protection - Document sigaction() - Simplify New Technology fork() code - Testing and many bug fixes for mprotect() - Distribute Intel Xed ILD in the amalgamation - Turn Xed enums into defines to avoid DWARF bloat - Improve polyfilling of SA_SIGINFO on BSDs and fix bugs - setpgid(getpid(), getpid()) on Windows will ignore CTRL-C - Work around issues relating to NT mappings being executable - Permit automatic executable stack override via `ape_stack_pf`
2022-04-13 05:11:00 +00:00
static void KillGroupImpl(int sig) {
LOGIFNEG1(kill(0, sig));
}
static void KillGroup(void) {
Improve synchronization - Fix bugs in kDos2Errno definition - malloc() should now be thread safe - Fix bug in rollup.com header generator - Fix open(O_APPEND) on the New Technology - Fix select() on the New Technology and test it - Work towards refactoring i/o for thread safety - Socket reads and writes on NT now poll for signals - Work towards i/o completion ports on the New Technology - Make read() and write() intermittently check for signals - Blinkenlights keyboard i/o so much better on NT w/ poll() - You can now poll() files and sockets at the same time on NT - Fix bug in appendr() that manifests with dlmalloc footers off
2022-04-15 06:39:48 +00:00
KillGroupImpl(SIGTERM);
Improve signals and memory protection - Document sigaction() - Simplify New Technology fork() code - Testing and many bug fixes for mprotect() - Distribute Intel Xed ILD in the amalgamation - Turn Xed enums into defines to avoid DWARF bloat - Improve polyfilling of SA_SIGINFO on BSDs and fix bugs - setpgid(getpid(), getpid()) on Windows will ignore CTRL-C - Work around issues relating to NT mappings being executable - Permit automatic executable stack override via `ape_stack_pf`
2022-04-13 05:11:00 +00:00
}
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
static void WaitAll(void) {
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
int ws, pid;
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
struct rusage ru;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
for (;;) {
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
if ((pid = wait4(-1, &ws, 0, &ru)) != -1) {
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
HandleWorkerExit(pid, ws, &ru);
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
} else {
Polish recent changes and make improvements - Simulate SIGPIPE on Windows NT - Fix commandv() regression on Windows NT - Fix sigprocmask() strace bug on OpenBSD - Add many more system calls to --strace logging - Make errno state more pristine in redbean strace
2022-03-19 10:37:00 +00:00
if (errno == ECHILD) {
errno = 0;
break;
}
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
if (errno == EINTR) {
if (killed) {
Have redbean show zip listing as default / handler If an "index.lua" or "index.html" doesn't exist in zip file or the filesystem, and no redirects have been defined for it either, then redbean will render a listing of the zip central directory content only if the request uri points to the root path.
2021-03-29 08:22:49 +00:00
killed = false;
terminated = false;
Redbean report write lock failure (#450) This change updates redbean to report a non-writable path when using StoreAsset, instead of crashing the worker.
2022-06-27 04:16:13 +00:00
WARNF("(srvr) server shall terminate harder");
Improve signals and memory protection - Document sigaction() - Simplify New Technology fork() code - Testing and many bug fixes for mprotect() - Distribute Intel Xed ILD in the amalgamation - Turn Xed enums into defines to avoid DWARF bloat - Improve polyfilling of SA_SIGINFO on BSDs and fix bugs - setpgid(getpid(), getpid()) on Windows will ignore CTRL-C - Work around issues relating to NT mappings being executable - Permit automatic executable stack override via `ape_stack_pf`
2022-04-13 05:11:00 +00:00
KillGroup();
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
Polish recent changes and make improvements - Simulate SIGPIPE on Windows NT - Fix commandv() regression on Windows NT - Fix sigprocmask() strace bug on OpenBSD - Add many more system calls to --strace logging - Make errno state more pristine in redbean strace
2022-03-19 10:37:00 +00:00
errno = 0;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
continue;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
}
Improve error messages for consistency (#297)
2021-10-25 21:44:04 +00:00
DIEF("(srvr) wait error: %m");
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
}
}
}
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
static void ReapZombies(void) {
int ws, pid;
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
struct rusage ru;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
do {
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
zombied = false;
if ((pid = wait4(-1, &ws, WNOHANG, &ru)) != -1) {
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
if (pid) {
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
HandleWorkerExit(pid, ws, &ru);
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
} else {
break;
}
} else {
Polish recent changes and make improvements - Simulate SIGPIPE on Windows NT - Fix commandv() regression on Windows NT - Fix sigprocmask() strace bug on OpenBSD - Add many more system calls to --strace logging - Make errno state more pristine in redbean strace
2022-03-19 10:37:00 +00:00
if (errno == ECHILD) {
errno = 0;
break;
}
if (errno == EINTR) {
errno = 0;
continue;
}
Improve error messages for consistency (#297)
2021-10-25 21:44:04 +00:00
DIEF("(srvr) wait error: %m");
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
} while (!terminated);
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
}
Add support for symbol table in .com files This change fixes minor bugs and adds a feature, which lets us store the ELF symbol table, inside the ZIP directory. We use the path /zip/.symtab which can be safely removed using a zip editing tool, to make the binary smaller after compilation. This supplements the existing method of using a separate .com.dbg file, which is still supported. The intent is people don't always know that it's a good idea to download the debug file. It's not great having someone's first experience be a crash report, that only has numbers rather than symbols. This will help fix that!
2022-03-23 13:31:55 +00:00
static ssize_t ReadAll(int fd, char *p, size_t n) {
Fix some issues with zipos and redbean - redbean.com -D /zip/dir/ now works, for pure fun - possibly fixed bug with redbean serving empty files - zipos stat() mode now indicates directories on windows See #372
2022-03-21 14:34:19 +00:00
ssize_t rc;
size_t i, got;
for (i = 0; i < n;) {
Fix bugs and make improvements - Get clone() working on FreeBSD - Increase some Python build quotas - Add more atomic builtins to chibicc - Fix ASAN poisoning of alloca() memory - Make MODE= mandatory link path tinier - Improve the examples folder a little bit - Start working on some more resource limits - Make the linenoise auto-complete UI as good as GNU readline - Update compile.com, avoiding AVX codegen on non-AVX systems - Make sure empty path to syscalls like opendir raises ENOENT - Correctly polyfill ENOENT vs. ENOTDIR on the New Technology - Port bestline's paredit features to //third_party/linenoise - Remove workarounds for RHEL 5.0 bugs that were fixed in 5.1
2022-04-20 16:56:53 +00:00
rc = READ(fd, p + i, n - i);
Fix some issues with zipos and redbean - redbean.com -D /zip/dir/ now works, for pure fun - possibly fixed bug with redbean serving empty files - zipos stat() mode now indicates directories on windows See #372
2022-03-21 14:34:19 +00:00
if (rc != -1) {
got = rc;
i += got;
} else if (errno != EINTR) {
WARNF("(file) read error: %m");
return -1;
}
}
return i;
}
Avoid long double timestamps in redbean
2022-08-06 02:24:05 +00:00
static bool IsTakingTooLong(void) {
Improve cancellations, randomness, and time - Exhaustively document cancellation points - Rename SIGCANCEL to SIGTHR just like BSDs - Further improve POSIX thread cancellations - Ensure asynchronous cancellations work correctly - Elevate the quality of getrandom() and getentropy() - Make futexes cancel correctly on OpenBSD 6.x and 7.x - Add reboot.com and shutdown.com to examples directory - Remove underscore prefix from awesome timespec_*() APIs - Create assertions that help verify our cancellation points - Remove bad timespec APIs (cmp generalizes eq/ne/gt/gte/lt/lte)
2022-11-06 02:49:41 +00:00
return meltdown && timespec_cmp(timespec_sub(timespec_real(), startread),
(struct timespec){2}) >= 0;
Avoid long double timestamps in redbean
2022-08-06 02:24:05 +00:00
}
Improve some unicode functions
2021-05-05 14:25:39 +00:00
static ssize_t WritevAll(int fd, struct iovec *iov, int iovlen) {
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
int i;
Make improvements - Emulator can now test the αcτµαlly pδrταblε εxεcµταblε bootloader - Whipped up a webserver named redbean. It services 150k requests per second on a single core. Bundling assets inside zip enables extremely fast serving for two reasons. The first is that zip central directory lookups go faster than stat() system calls. The second is that both zip and gzip content-encoding use DEFLATE, therefore, compressed responses can be served via the sendfile() system call which does an in-kernel copy directly from the zip executable structure. Also note that red bean zip executables can be deployed easily to all platforms, since these native executables work on Linux, Mac, BSD, and Windows. - Address sanitizer now works very well
2020-09-07 04:39:00 +00:00
ssize_t rc;
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
size_t wrote, total;
i = 0;
total = 0;
Make improvements - Emulator can now test the αcτµαlly pδrταblε εxεcµταblε bootloader - Whipped up a webserver named redbean. It services 150k requests per second on a single core. Bundling assets inside zip enables extremely fast serving for two reasons. The first is that zip central directory lookups go faster than stat() system calls. The second is that both zip and gzip content-encoding use DEFLATE, therefore, compressed responses can be served via the sendfile() system call which does an in-kernel copy directly from the zip executable structure. Also note that red bean zip executables can be deployed easily to all platforms, since these native executables work on Linux, Mac, BSD, and Windows. - Address sanitizer now works very well
2020-09-07 04:39:00 +00:00
do {
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
if (i) {
while (i < iovlen && !iov[i].iov_len) ++i;
if (i == iovlen) break;
}
if ((rc = writev(fd, iov + i, iovlen - i)) != -1) {
Make improvements - Emulator can now test the αcτµαlly pδrταblε εxεcµταblε bootloader - Whipped up a webserver named redbean. It services 150k requests per second on a single core. Bundling assets inside zip enables extremely fast serving for two reasons. The first is that zip central directory lookups go faster than stat() system calls. The second is that both zip and gzip content-encoding use DEFLATE, therefore, compressed responses can be served via the sendfile() system call which does an in-kernel copy directly from the zip executable structure. Also note that red bean zip executables can be deployed easily to all platforms, since these native executables work on Linux, Mac, BSD, and Windows. - Address sanitizer now works very well
2020-09-07 04:39:00 +00:00
wrote = rc;
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
total += wrote;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
do {
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
if (wrote >= iov[i].iov_len) {
wrote -= iov[i++].iov_len;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
} else {
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
iov[i].iov_base = (char *)iov[i].iov_base + wrote;
iov[i].iov_len -= wrote;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
wrote = 0;
}
} while (wrote);
} else if (errno == EINTR) {
Polish recent changes and make improvements - Simulate SIGPIPE on Windows NT - Fix commandv() regression on Windows NT - Fix sigprocmask() strace bug on OpenBSD - Add many more system calls to --strace logging - Make errno state more pristine in redbean strace
2022-03-19 10:37:00 +00:00
errno = 0;
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.writeinterruputs);
Avoid long double timestamps in redbean
2022-08-06 02:24:05 +00:00
if (killed || IsTakingTooLong()) {
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
return total ? total : -1;
Add support for serving directly from filesystem You can now pass `-D directory` to redbean which will serve assets from the local filesystem. This is useful for development since it allows us to skip needing to shut down the server and run InfoZIP when testing an iteration of a lua server page script. See #97
2021-03-28 14:54:21 +00:00
}
Make improvements - Emulator can now test the αcτµαlly pδrταblε εxεcµταblε bootloader - Whipped up a webserver named redbean. It services 150k requests per second on a single core. Bundling assets inside zip enables extremely fast serving for two reasons. The first is that zip central directory lookups go faster than stat() system calls. The second is that both zip and gzip content-encoding use DEFLATE, therefore, compressed responses can be served via the sendfile() system call which does an in-kernel copy directly from the zip executable structure. Also note that red bean zip executables can be deployed easily to all platforms, since these native executables work on Linux, Mac, BSD, and Windows. - Address sanitizer now works very well
2020-09-07 04:39:00 +00:00
} else {
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
return total ? total : -1;
Make improvements - Emulator can now test the αcτµαlly pδrταblε εxεcµταblε bootloader - Whipped up a webserver named redbean. It services 150k requests per second on a single core. Bundling assets inside zip enables extremely fast serving for two reasons. The first is that zip central directory lookups go faster than stat() system calls. The second is that both zip and gzip content-encoding use DEFLATE, therefore, compressed responses can be served via the sendfile() system call which does an in-kernel copy directly from the zip executable structure. Also note that red bean zip executables can be deployed easily to all platforms, since these native executables work on Linux, Mac, BSD, and Windows. - Address sanitizer now works very well
2020-09-07 04:39:00 +00:00
}
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
} while (i < iovlen);
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
return total;
Make improvements - Emulator can now test the αcτµαlly pδrταblε εxεcµταblε bootloader - Whipped up a webserver named redbean. It services 150k requests per second on a single core. Bundling assets inside zip enables extremely fast serving for two reasons. The first is that zip central directory lookups go faster than stat() system calls. The second is that both zip and gzip content-encoding use DEFLATE, therefore, compressed responses can be served via the sendfile() system call which does an in-kernel copy directly from the zip executable structure. Also note that red bean zip executables can be deployed easily to all platforms, since these native executables work on Linux, Mac, BSD, and Windows. - Address sanitizer now works very well
2020-09-07 04:39:00 +00:00
}
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
static int TlsFlush(struct TlsBio *bio, const unsigned char *buf, size_t len) {
struct iovec v[2];
if (len || bio->c > 0) {
v[0].iov_base = bio->u;
v[0].iov_len = MAX(0, bio->c);
v[1].iov_base = buf;
v[1].iov_len = len;
if (WritevAll(bio->fd, v, 2) != -1) {
if (bio->c > 0) bio->c = 0;
} else if (errno == EINTR) {
Polish recent changes and make improvements - Simulate SIGPIPE on Windows NT - Fix commandv() regression on Windows NT - Fix sigprocmask() strace bug on OpenBSD - Add many more system calls to --strace logging - Make errno state more pristine in redbean strace
2022-03-19 10:37:00 +00:00
errno = 0;
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
return MBEDTLS_ERR_NET_CONN_RESET;
} else if (errno == EAGAIN) {
Polish recent changes and make improvements - Simulate SIGPIPE on Windows NT - Fix commandv() regression on Windows NT - Fix sigprocmask() strace bug on OpenBSD - Add many more system calls to --strace logging - Make errno state more pristine in redbean strace
2022-03-19 10:37:00 +00:00
errno = 0;
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
return MBEDTLS_ERR_SSL_TIMEOUT;
} else if (errno == EPIPE || errno == ECONNRESET || errno == ENETRESET) {
return MBEDTLS_ERR_NET_CONN_RESET;
} else {
Improve error messages for consistency (#297)
2021-10-25 21:44:04 +00:00
WARNF("(ssl) TlsSend error: %m");
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
return MBEDTLS_ERR_NET_SEND_FAILED;
}
}
return 0;
}
static int TlsSend(void *ctx, const unsigned char *buf, size_t len) {
int rc;
struct iovec v[2];
struct TlsBio *bio = ctx;
if (bio->c >= 0 && bio->c + len <= sizeof(bio->u)) {
memcpy(bio->u + bio->c, buf, len);
bio->c += len;
return len;
}
if ((rc = TlsFlush(bio, buf, len)) < 0) return rc;
return len;
}
Make slight SSL performance improvements
2021-07-09 04:54:21 +00:00
static int TlsRecvImpl(void *ctx, unsigned char *p, size_t n, uint32_t o) {
int r;
ssize_t s;
struct iovec v[2];
struct TlsBio *bio = ctx;
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
if ((r = TlsFlush(bio, 0, 0)) < 0) return r;
Make slight SSL performance improvements
2021-07-09 04:54:21 +00:00
if (bio->a < bio->b) {
r = MIN(n, bio->b - bio->a);
memcpy(p, bio->t + bio->a, r);
if ((bio->a += r) == bio->b) bio->a = bio->b = 0;
return r;
}
v[0].iov_base = p;
v[0].iov_len = n;
v[1].iov_base = bio->t;
v[1].iov_len = sizeof(bio->t);
while ((r = readv(bio->fd, v, 2)) == -1) {
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
if (errno == EINTR) {
Polish recent changes and make improvements - Simulate SIGPIPE on Windows NT - Fix commandv() regression on Windows NT - Fix sigprocmask() strace bug on OpenBSD - Add many more system calls to --strace logging - Make errno state more pristine in redbean strace
2022-03-19 10:37:00 +00:00
errno = 0;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
return MBEDTLS_ERR_SSL_WANT_READ;
} else if (errno == EAGAIN) {
Polish recent changes and make improvements - Simulate SIGPIPE on Windows NT - Fix commandv() regression on Windows NT - Fix sigprocmask() strace bug on OpenBSD - Add many more system calls to --strace logging - Make errno state more pristine in redbean strace
2022-03-19 10:37:00 +00:00
errno = 0;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
return MBEDTLS_ERR_SSL_TIMEOUT;
} else if (errno == EPIPE || errno == ECONNRESET || errno == ENETRESET) {
return MBEDTLS_ERR_NET_CONN_RESET;
} else {
Improve error messages for consistency (#297)
2021-10-25 21:44:04 +00:00
WARNF("(ssl) tls read() error: %m");
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
return MBEDTLS_ERR_NET_RECV_FAILED;
}
}
Make slight SSL performance improvements
2021-07-09 04:54:21 +00:00
if (r > n) bio->b = r - n;
return MIN(n, r);
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
}
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
static int TlsRecv(void *ctx, unsigned char *buf, size_t len, uint32_t tmo) {
int rc;
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
struct TlsBio *bio = ctx;
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
if (oldin.n) {
rc = MIN(oldin.n, len);
memcpy(buf, oldin.p, rc);
oldin.p += rc;
oldin.n -= rc;
return rc;
}
return TlsRecvImpl(ctx, buf, len, tmo);
}
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
static ssize_t SslRead(int fd, void *buf, size_t size) {
int rc;
rc = mbedtls_ssl_read(&ssl, buf, size);
if (!rc) {
errno = ECONNRESET;
rc = -1;
} else if (rc < 0) {
if (rc == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) {
rc = 0;
} else if (rc == MBEDTLS_ERR_NET_CONN_RESET ||
rc == MBEDTLS_ERR_SSL_TIMEOUT) {
errno = ECONNRESET;
rc = -1;
} else if (rc == MBEDTLS_ERR_SSL_WANT_READ) {
errno = EINTR;
rc = -1;
Polish recent changes and make improvements - Simulate SIGPIPE on Windows NT - Fix commandv() regression on Windows NT - Fix sigprocmask() strace bug on OpenBSD - Add many more system calls to --strace logging - Make errno state more pristine in redbean strace
2022-03-19 10:37:00 +00:00
errno = 0;
Improve dependency generation for libcxx headers This change also updates redbean to have more informative error messages based on the ones that are actually showing up in production.
2022-05-17 18:38:35 +00:00
} else if (rc == MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE) {
WARNF("(ssl) %s SslRead error -0x%04x (%s)", DescribeClient(), -rc,
"fatal alert message");
errno = EIO;
rc = -1;
} else if (rc == MBEDTLS_ERR_SSL_INVALID_RECORD) {
WARNF("(ssl) %s SslRead error -0x%04x (%s)", DescribeClient(), -rc,
"invalid record");
errno = EIO;
rc = -1;
} else if (rc == MBEDTLS_ERR_SSL_INVALID_MAC) {
WARNF("(ssl) %s SslRead error -0x%04x (%s)", DescribeClient(), -rc,
"hmac verification failed");
errno = EIO;
rc = -1;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
} else {
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
WARNF("(ssl) %s SslRead error -0x%04x", DescribeClient(), -rc);
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
errno = EIO;
rc = -1;
}
}
return rc;
}
static ssize_t SslWrite(int fd, struct iovec *iov, int iovlen) {
int i;
size_t n;
ssize_t rc;
const unsigned char *p;
for (i = 0; i < iovlen; ++i) {
p = iov[i].iov_base;
n = iov[i].iov_len;
while (n) {
if ((rc = mbedtls_ssl_write(&ssl, p, n)) > 0) {
p += rc;
n -= rc;
Improve dependency generation for libcxx headers This change also updates redbean to have more informative error messages based on the ones that are actually showing up in production.
2022-05-17 18:38:35 +00:00
} else if (rc == MBEDTLS_ERR_NET_CONN_RESET) {
errno = ECONNRESET;
return -1;
} else if (rc == MBEDTLS_ERR_SSL_TIMEOUT) {
errno = ETIMEDOUT;
return -1;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
} else {
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
WARNF("(ssl) %s SslWrite error -0x%04x", DescribeClient(), -rc);
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
errno = EIO;
return -1;
}
}
}
return 0;
}
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
static void NotifyClose(void) {
#ifndef UNSECURE
Improve redbean plus code size optimizations This change turns symbol table compression back on using Puff, which noticeably reduces the size of programs like redbean and Python. The redbean web server receives some minor API additions for controlling things like SSL in addition to filling gaps in the documentation.
2022-05-29 15:14:55 +00:00
if (usingssl) {
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
DEBUGF("(ssl) SSL notifying close");
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
mbedtls_ssl_close_notify(&ssl);
}
#endif
}
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
static void WipeSigningKeys(void) {
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
size_t i;
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
if (uniprocess) return;
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
for (i = 0; i < certs.n; ++i) {
if (!certs.p[i].key) continue;
if (!certs.p[i].cert) continue;
if (!certs.p[i].cert->ca_istrue) continue;
mbedtls_pk_free(certs.p[i].key);
Fix redbean certificate free error This fixes a regression from a change a few weeks ago in git commit af645fcbec26f6b228703e048e58e32ffb01cda1 which caused certificates to not be free()'d correctly if the certificates are chained. dlmalloc() should have printed an error in most build modes. ASAN caught it too.
2022-04-06 17:53:17 +00:00
Free(&certs.p[i].key);
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
}
}
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
static void PsksDestroy(void) {
Make redbean SSL more tunable This change enables SSL compression. It significantly reduces the network load of the testing infrastructure, for free, since this revision didn't need to change any runit protocol code. However we turn it off by default in redbean since no browsers support it. It turns out that some TLSv1.0 clients (e.g. curl command on RHEL5) will send an SSLv2-style ClientHello. These types of clients are usually ten+ years old and were designed to interop with servers ten years older than them. Your redbean is now able to interop with these clients even though redbean doesn't actually support SSLv2 or SSLv3. Please note that the -B flag may be passed to disable this along with TLSv1.0, TLSv1.1, 3DES, &c The following Lua APIs have been added to redbean: - ProgramSslCompression(bool) - ProgramSslCiphersuite(name:str) - ProgramSslPresharedKey(key:str,identity:str) Lastly the DHE ciphersuites have been enabled. IANA recommends DHE and with old clients like RHEL5 it's the only perfect forward secrecy they implement.
2021-08-09 14:00:23 +00:00
size_t i;
for (i = 0; i < psks.n; ++i) {
mbedtls_platform_zeroize(psks.p[i].key, psks.p[i].key_len);
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
free(psks.p[i].key);
free(psks.p[i].identity);
}
Free(&psks.p);
psks.n = 0;
}
static void CertsDestroy(void) {
size_t i;
Fix redbean certificate free error This fixes a regression from a change a few weeks ago in git commit af645fcbec26f6b228703e048e58e32ffb01cda1 which caused certificates to not be free()'d correctly if the certificates are chained. dlmalloc() should have printed an error in most build modes. ASAN caught it too.
2022-04-06 17:53:17 +00:00
// break up certificate chains to prevent double free
for (i = 0; i < certs.n; ++i) {
if (certs.p[i].cert) {
certs.p[i].cert->next = 0;
}
}
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
for (i = 0; i < certs.n; ++i) {
mbedtls_x509_crt_free(certs.p[i].cert);
free(certs.p[i].cert);
mbedtls_pk_free(certs.p[i].key);
free(certs.p[i].key);
Make redbean SSL more tunable This change enables SSL compression. It significantly reduces the network load of the testing infrastructure, for free, since this revision didn't need to change any runit protocol code. However we turn it off by default in redbean since no browsers support it. It turns out that some TLSv1.0 clients (e.g. curl command on RHEL5) will send an SSLv2-style ClientHello. These types of clients are usually ten+ years old and were designed to interop with servers ten years older than them. Your redbean is now able to interop with these clients even though redbean doesn't actually support SSLv2 or SSLv3. Please note that the -B flag may be passed to disable this along with TLSv1.0, TLSv1.1, 3DES, &c The following Lua APIs have been added to redbean: - ProgramSslCompression(bool) - ProgramSslCiphersuite(name:str) - ProgramSslPresharedKey(key:str,identity:str) Lastly the DHE ciphersuites have been enabled. IANA recommends DHE and with old clients like RHEL5 it's the only perfect forward secrecy they implement.
2021-08-09 14:00:23 +00:00
}
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
Free(&certs.p);
certs.n = 0;
}
static void WipeServingKeys(void) {
size_t i;
if (uniprocess) return;
mbedtls_ssl_ticket_free(&ssltick);
mbedtls_ssl_key_cert_free(conf.key_cert), conf.key_cert = 0;
CertsDestroy();
PsksDestroy();
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
}
Trim down redbean a little bit This makes redbean.c a little less long. It also reduces the size of redbean-original.com from being 333K to 213K.
2022-03-22 02:31:03 +00:00
static bool CertHasCommonName(const mbedtls_x509_crt *cert, const void *s,
size_t n) {
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
const mbedtls_x509_name *name;
for (name = &cert->subject; name; name = name->next) {
if (!MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &name->oid)) {
Refactor out some duplicated code
2021-08-14 13:17:56 +00:00
if (SlicesEqualCase(s, n, name->val.p, name->val.len)) {
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
return true;
}
break;
}
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
}
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
return false;
}
static bool TlsRouteFind(mbedtls_pk_type_t type, mbedtls_ssl_context *ssl,
const unsigned char *host, size_t size, int64_t ip) {
int i;
for (i = 0; i < certs.n; ++i) {
Refactor out some duplicated code
2021-08-14 13:17:56 +00:00
if (IsServerCert(certs.p + i, type) &&
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
(((certs.p[i].cert->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) &&
(ip == -1 ? CertHasHost(certs.p[i].cert, host, size)
: CertHasIp(certs.p[i].cert, ip))) ||
CertHasCommonName(certs.p[i].cert, host, size))) {
CHECK_EQ(
0, mbedtls_ssl_set_hs_own_cert(ssl, certs.p[i].cert, certs.p[i].key));
Decentralize Python native module linkage We can now link even smaller Python binaries. For example, the hello.com program in the Python build directory is a compiled linked executable of hello.py which just prints hello world. Using decentralized sections, we can make that binary 1.9mb in size (noting that python.com is 6.3 megs!) This works for nontrivial programs too. For example, say we want an APE binary that's equivalent to python.com -m http.server. Our makefile now builds such a binary using the new launcher and it's only 3.2mb in size since Python sources get turned into ELF objects, which tell our linker that we need things like native hashing algorithm code.
2021-09-07 18:40:11 +00:00
DEBUGF("(ssl) TlsRoute(%s, %`'.*s) %s %`'s", mbedtls_pk_type_name(type),
size, host, mbedtls_pk_get_name(&certs.p[i].cert->pk),
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
_gc(FormatX509Name(&certs.p[i].cert->subject)));
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
return true;
}
}
return false;
}
static bool TlsRouteFirst(mbedtls_pk_type_t type, mbedtls_ssl_context *ssl) {
int i;
for (i = 0; i < certs.n; ++i) {
Refactor out some duplicated code
2021-08-14 13:17:56 +00:00
if (IsServerCert(certs.p + i, type)) {
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
CHECK_EQ(
0, mbedtls_ssl_set_hs_own_cert(ssl, certs.p[i].cert, certs.p[i].key));
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
DEBUGF("(ssl) TlsRoute(%s) %s %`'s", mbedtls_pk_type_name(type),
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
mbedtls_pk_get_name(&certs.p[i].cert->pk),
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
_gc(FormatX509Name(&certs.p[i].cert->subject)));
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
return true;
}
}
return false;
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
}
static int TlsRoute(void *ctx, mbedtls_ssl_context *ssl,
const unsigned char *host, size_t size) {
int64_t ip;
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
bool ok1, ok2;
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
ip = ParseIp((const char *)host, size);
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
ok1 = TlsRouteFind(MBEDTLS_PK_ECKEY, ssl, host, size, ip);
ok2 = TlsRouteFind(MBEDTLS_PK_RSA, ssl, host, size, ip);
if (!ok1 && !ok2) {
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
WARNF("(ssl) TlsRoute(%`'.*s) not found", size, host);
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
ok1 = TlsRouteFirst(MBEDTLS_PK_ECKEY, ssl);
ok2 = TlsRouteFirst(MBEDTLS_PK_RSA, ssl);
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
}
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
return ok1 || ok2 ? 0 : -1;
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
}
Make redbean SSL more tunable This change enables SSL compression. It significantly reduces the network load of the testing infrastructure, for free, since this revision didn't need to change any runit protocol code. However we turn it off by default in redbean since no browsers support it. It turns out that some TLSv1.0 clients (e.g. curl command on RHEL5) will send an SSLv2-style ClientHello. These types of clients are usually ten+ years old and were designed to interop with servers ten years older than them. Your redbean is now able to interop with these clients even though redbean doesn't actually support SSLv2 or SSLv3. Please note that the -B flag may be passed to disable this along with TLSv1.0, TLSv1.1, 3DES, &c The following Lua APIs have been added to redbean: - ProgramSslCompression(bool) - ProgramSslCiphersuite(name:str) - ProgramSslPresharedKey(key:str,identity:str) Lastly the DHE ciphersuites have been enabled. IANA recommends DHE and with old clients like RHEL5 it's the only perfect forward secrecy they implement.
2021-08-09 14:00:23 +00:00
static int TlsRoutePsk(void *ctx, mbedtls_ssl_context *ssl,
const unsigned char *identity, size_t identity_len) {
size_t i;
for (i = 0; i < psks.n; ++i) {
if (SlicesEqual((void *)identity, identity_len, psks.p[i].identity,
psks.p[i].identity_len)) {
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
DEBUGF("(ssl) TlsRoutePsk(%`'.*s)", identity_len, identity);
Make redbean SSL more tunable This change enables SSL compression. It significantly reduces the network load of the testing infrastructure, for free, since this revision didn't need to change any runit protocol code. However we turn it off by default in redbean since no browsers support it. It turns out that some TLSv1.0 clients (e.g. curl command on RHEL5) will send an SSLv2-style ClientHello. These types of clients are usually ten+ years old and were designed to interop with servers ten years older than them. Your redbean is now able to interop with these clients even though redbean doesn't actually support SSLv2 or SSLv3. Please note that the -B flag may be passed to disable this along with TLSv1.0, TLSv1.1, 3DES, &c The following Lua APIs have been added to redbean: - ProgramSslCompression(bool) - ProgramSslCiphersuite(name:str) - ProgramSslPresharedKey(key:str,identity:str) Lastly the DHE ciphersuites have been enabled. IANA recommends DHE and with old clients like RHEL5 it's the only perfect forward secrecy they implement.
2021-08-09 14:00:23 +00:00
mbedtls_ssl_set_hs_psk(ssl, psks.p[i].key, psks.p[i].key_len);
Redbean SSL identification (#360) * Let Fetch() be used earlier in initialization * Have ssl log messages show cert name * Introduce GetSslIdentity Lua API
2022-03-15 00:11:05 +00:00
// keep track of selected psk to report its identity
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
sslpskindex = i + 1; // use index+1 to check against 0 (when not set)
Make redbean SSL more tunable This change enables SSL compression. It significantly reduces the network load of the testing infrastructure, for free, since this revision didn't need to change any runit protocol code. However we turn it off by default in redbean since no browsers support it. It turns out that some TLSv1.0 clients (e.g. curl command on RHEL5) will send an SSLv2-style ClientHello. These types of clients are usually ten+ years old and were designed to interop with servers ten years older than them. Your redbean is now able to interop with these clients even though redbean doesn't actually support SSLv2 or SSLv3. Please note that the -B flag may be passed to disable this along with TLSv1.0, TLSv1.1, 3DES, &c The following Lua APIs have been added to redbean: - ProgramSslCompression(bool) - ProgramSslCiphersuite(name:str) - ProgramSslPresharedKey(key:str,identity:str) Lastly the DHE ciphersuites have been enabled. IANA recommends DHE and with old clients like RHEL5 it's the only perfect forward secrecy they implement.
2021-08-09 14:00:23 +00:00
return 0;
}
}
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
WARNF("(ssl) TlsRoutePsk(%`'.*s) not found", identity_len, identity);
Make redbean SSL more tunable This change enables SSL compression. It significantly reduces the network load of the testing infrastructure, for free, since this revision didn't need to change any runit protocol code. However we turn it off by default in redbean since no browsers support it. It turns out that some TLSv1.0 clients (e.g. curl command on RHEL5) will send an SSLv2-style ClientHello. These types of clients are usually ten+ years old and were designed to interop with servers ten years older than them. Your redbean is now able to interop with these clients even though redbean doesn't actually support SSLv2 or SSLv3. Please note that the -B flag may be passed to disable this along with TLSv1.0, TLSv1.1, 3DES, &c The following Lua APIs have been added to redbean: - ProgramSslCompression(bool) - ProgramSslCiphersuite(name:str) - ProgramSslPresharedKey(key:str,identity:str) Lastly the DHE ciphersuites have been enabled. IANA recommends DHE and with old clients like RHEL5 it's the only perfect forward secrecy they implement.
2021-08-09 14:00:23 +00:00
return -1;
}
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
static bool TlsSetup(void) {
int r;
oldin.p = inbuf.p;
oldin.n = amtread;
inbuf.p += amtread;
inbuf.n -= amtread;
inbuf.c = amtread;
amtread = 0;
Make slight SSL performance improvements
2021-07-09 04:54:21 +00:00
g_bio.fd = client;
g_bio.a = 0;
g_bio.b = 0;
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
g_bio.c = 0;
Redbean SSL identification (#360) * Let Fetch() be used earlier in initialization * Have ssl log messages show cert name * Introduce GetSslIdentity Lua API
2022-03-15 00:11:05 +00:00
sslpskindex = 0;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
for (;;) {
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
if (!(r = mbedtls_ssl_handshake(&ssl)) && TlsFlush(&g_bio, 0, 0) != -1) {
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
LockInc(&shared->c.sslhandshakes);
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
g_bio.c = -1;
Improve redbean plus code size optimizations This change turns symbol table compression back on using Puff, which noticeably reduces the size of programs like redbean and Python. The redbean web server receives some minor API additions for controlling things like SSL in addition to filling gaps in the documentation.
2022-05-29 15:14:55 +00:00
usingssl = true;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
reader = SslRead;
writer = SslWrite;
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
WipeServingKeys();
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
VERBOSEF("(ssl) shaken %s %s %s%s %s", DescribeClient(),
Make redbean SSL more tunable This change enables SSL compression. It significantly reduces the network load of the testing infrastructure, for free, since this revision didn't need to change any runit protocol code. However we turn it off by default in redbean since no browsers support it. It turns out that some TLSv1.0 clients (e.g. curl command on RHEL5) will send an SSLv2-style ClientHello. These types of clients are usually ten+ years old and were designed to interop with servers ten years older than them. Your redbean is now able to interop with these clients even though redbean doesn't actually support SSLv2 or SSLv3. Please note that the -B flag may be passed to disable this along with TLSv1.0, TLSv1.1, 3DES, &c The following Lua APIs have been added to redbean: - ProgramSslCompression(bool) - ProgramSslCiphersuite(name:str) - ProgramSslPresharedKey(key:str,identity:str) Lastly the DHE ciphersuites have been enabled. IANA recommends DHE and with old clients like RHEL5 it's the only perfect forward secrecy they implement.
2021-08-09 14:00:23 +00:00
mbedtls_ssl_get_ciphersuite(&ssl), mbedtls_ssl_get_version(&ssl),
ssl.session->compression ? " COMPRESSED" : "",
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
ssl.curve ? ssl.curve->name : "uncurved");
DEBUGF("(ssl) client ciphersuite preference was %s",
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
_gc(FormatSslClientCiphers(&ssl)));
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
return true;
} else if (r == MBEDTLS_ERR_SSL_WANT_READ) {
LockInc(&shared->c.handshakeinterrupts);
Avoid long double timestamps in redbean
2022-08-06 02:24:05 +00:00
if (terminated || killed || IsTakingTooLong()) {
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
return false;
}
} else {
LockInc(&shared->c.sslhandshakefails);
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
mbedtls_ssl_session_reset(&ssl);
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
switch (r) {
case MBEDTLS_ERR_SSL_CONN_EOF:
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
DEBUGF("(ssl) %s SSL handshake EOF", DescribeClient());
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
return false;
case MBEDTLS_ERR_NET_CONN_RESET:
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
DEBUGF("(ssl) %s SSL handshake reset", DescribeClient());
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
return false;
case MBEDTLS_ERR_SSL_TIMEOUT:
LockInc(&shared->c.ssltimeouts);
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
DEBUGF("(ssl) %s %s", DescribeClient(), "ssltimeouts");
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
return false;
case MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN:
LockInc(&shared->c.sslnociphers);
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
WARNF("(ssl) %s %s %s", DescribeClient(), "sslnociphers",
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
_gc(FormatSslClientCiphers(&ssl)));
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
return false;
case MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE:
LockInc(&shared->c.sslcantciphers);
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
WARNF("(ssl) %s %s %s", DescribeClient(), "sslcantciphers",
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
_gc(FormatSslClientCiphers(&ssl)));
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
return false;
Correct minor issues with recent SSL change
2021-06-24 22:22:24 +00:00
case MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION:
LockInc(&shared->c.sslnoversion);
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
WARNF("(ssl) %s %s %s", DescribeClient(), "sslnoversion",
mbedtls_ssl_get_version(&ssl));
Correct minor issues with recent SSL change
2021-06-24 22:22:24 +00:00
return false;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
case MBEDTLS_ERR_SSL_INVALID_MAC:
LockInc(&shared->c.sslshakemacs);
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
WARNF("(ssl) %s %s", DescribeClient(), "sslshakemacs");
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
return false;
case MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE:
LockInc(&shared->c.sslnoclientcert);
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
WARNF("(ssl) %s %s", DescribeClient(), "sslnoclientcert");
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
NotifyClose();
return false;
case MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:
LockInc(&shared->c.sslverifyfailed);
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
WARNF("(ssl) %s SSL %s", DescribeClient(),
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
_gc(DescribeSslVerifyFailure(
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
ssl.session_negotiate->verify_result)));
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
return false;
case MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE:
switch (ssl.fatal_alert) {
case MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN:
LockInc(&shared->c.sslunknowncert);
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
DEBUGF("(ssl) %s %s", DescribeClient(), "sslunknowncert");
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
return false;
case MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA:
LockInc(&shared->c.sslunknownca);
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
DEBUGF("(ssl) %s %s", DescribeClient(), "sslunknownca");
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
return false;
default:
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
WARNF("(ssl) %s SSL shakealert %s", DescribeClient(),
Update curl example to support ssl / https Now that we know our SSL client works, and that it's able to verify certificates, the next step will be adding it as an API to redbean. See #97
2021-07-06 20:39:18 +00:00
GetAlertDescription(ssl.fatal_alert));
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
return false;
}
default:
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
WARNF("(ssl) %s SSL handshake failed -0x%04x", DescribeClient(), -r);
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
return false;
}
}
}
}
static void ConfigureCertificate(mbedtls_x509write_cert *cw, struct Cert *ca,
int usage, int type) {
int r;
const char *s;
bool isduplicate;
size_t i, j, k, nsan;
struct HostsTxt *htxt;
struct mbedtls_san *san;
const mbedtls_x509_name *xname;
char *name, *subject, *issuer, notbefore[16], notafter[16], hbuf[256];
san = 0;
nsan = 0;
name = 0;
htxt = GetHostsTxt();
strcpy(hbuf, "localhost");
gethostname(hbuf, sizeof(hbuf));
for (i = 0; i < htxt->entries.i; ++i) {
for (j = 0; j < ips.n; ++j) {
if (ips.p[j] == READ32BE(htxt->entries.p[i].ip)) {
isduplicate = false;
s = htxt->strings.p + htxt->entries.p[i].name;
if (!name) name = s;
for (k = 0; k < nsan; ++k) {
if (san[k].tag == MBEDTLS_X509_SAN_DNS_NAME &&
!strcasecmp(s, san[k].val)) {
isduplicate = true;
break;
}
}
if (!isduplicate) {
Handle wildcard certificates in redbean
2022-06-11 04:51:46 +00:00
san = realloc(san, (nsan += 2) * sizeof(*san));
san[nsan - 2].tag = MBEDTLS_X509_SAN_DNS_NAME;
san[nsan - 2].val = s;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
san[nsan - 1].tag = MBEDTLS_X509_SAN_DNS_NAME;
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
san[nsan - 1].val = _gc(xasprintf("*.%s", s));
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
}
}
}
}
for (i = 0; i < ips.n; ++i) {
san = realloc(san, ++nsan * sizeof(*san));
san[nsan - 1].tag = MBEDTLS_X509_SAN_IP_ADDRESS;
san[nsan - 1].ip4 = ips.p[i];
}
ChooseCertificateLifetime(notbefore, notafter);
subject = xasprintf("CN=%s", name ? name : hbuf);
if (ca) {
issuer = calloc(1, 1000);
CHECK_GT(mbedtls_x509_dn_gets(issuer, 1000, &ca->cert->subject), 0);
} else {
issuer = strdup(subject);
}
if ((r = mbedtls_x509write_crt_set_subject_alternative_name(cw, san, nsan)) ||
(r = mbedtls_x509write_crt_set_validity(cw, notbefore, notafter)) ||
(r = mbedtls_x509write_crt_set_basic_constraints(cw, false, -1)) ||
Refactor out some duplicated code
2021-08-14 13:17:56 +00:00
#if defined(MBEDTLS_SHA1_C)
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
(r = mbedtls_x509write_crt_set_subject_key_identifier(cw)) ||
(r = mbedtls_x509write_crt_set_authority_key_identifier(cw)) ||
Refactor out some duplicated code
2021-08-14 13:17:56 +00:00
#endif
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
(r = mbedtls_x509write_crt_set_key_usage(cw, usage)) ||
(r = mbedtls_x509write_crt_set_ext_key_usage(cw, type)) ||
(r = mbedtls_x509write_crt_set_subject_name(cw, subject)) ||
(r = mbedtls_x509write_crt_set_issuer_name(cw, issuer))) {
Update FATALF to exit without stack trace (#452)
2022-06-27 04:25:02 +00:00
FATALF("(ssl) configure certificate (grep -0x%04x)", -r);
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
}
free(subject);
free(issuer);
free(san);
}
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
static struct Cert GetKeySigningKey(void) {
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
size_t i;
for (i = 0; i < certs.n; ++i) {
if (!certs.p[i].key) continue;
if (!certs.p[i].cert) continue;
if (!certs.p[i].cert->ca_istrue) continue;
if (mbedtls_x509_crt_check_key_usage(certs.p[i].cert,
MBEDTLS_X509_KU_KEY_CERT_SIGN)) {
continue;
}
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
return certs.p[i];
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
}
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
return (struct Cert){0};
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
}
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
static struct Cert GenerateEcpCertificate(struct Cert *ca) {
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
mbedtls_pk_context *key;
Refactor out some duplicated code
2021-08-14 13:17:56 +00:00
mbedtls_md_type_t md_alg;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
mbedtls_x509write_cert wcert;
Refactor out some duplicated code
2021-08-14 13:17:56 +00:00
md_alg = suiteb ? MBEDTLS_MD_SHA384 : MBEDTLS_MD_SHA256;
key = InitializeKey(ca, &wcert, md_alg, MBEDTLS_PK_ECKEY);
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
CHECK_EQ(0, mbedtls_ecp_gen_key(
suiteb ? MBEDTLS_ECP_DP_SECP384R1 : MBEDTLS_ECP_DP_SECP256R1,
Make numerous improvements - Python static hello world now 1.8mb - Python static fully loaded now 10mb - Python HTTPS client now uses MbedTLS - Python REPL now completes import stmts - Increase stack size for Python for now - Begin synthesizing posixpath and ntpath - Restore Python \N{UNICODE NAME} support - Restore Python NFKD symbol normalization - Add optimized code path for Intel SHA-NI - Get more Python unit tests passing faster - Get Python help() pagination working on NT - Python hashlib now supports MbedTLS PBKDF2 - Make memcpy/memmove/memcmp/bcmp/etc. faster - Add Mersenne Twister and Vigna to LIBC_RAND - Provide privileged __printf() for error code - Fix zipos opendir() so that it reports ENOTDIR - Add basic chmod() implementation for Windows NT - Add Cosmo's best functions to Python cosmo module - Pin function trace indent depth to that of caller - Show memory diagram on invalid access in MODE=dbg - Differentiate stack overflow on crash in MODE=dbg - Add stb_truetype and tools for analyzing font files - Upgrade to UNICODE 13 and reduce its binary footprint - COMPILE.COM now logs resource usage of build commands - Start implementing basic poll() support on bare metal - Set getauxval(AT_EXECFN) to GetModuleFileName() on NT - Add descriptions to strerror() in non-TINY build modes - Add COUNTBRANCH() macro to help with micro-optimizations - Make error / backtrace / asan / memory code more unbreakable - Add fast perfect C implementation of μ-Law and a-Law audio codecs - Make strtol() functions consistent with other libc implementations - Improve Linenoise implementation (see also github.com/jart/bestline) - COMPILE.COM now suppresses stdout/stderr of successful build commands
2021-09-28 05:58:51 +00:00
mbedtls_pk_ec(*key), GenerateHardRandom, 0));
GenerateCertificateSerial(&wcert);
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
ConfigureCertificate(&wcert, ca, MBEDTLS_X509_KU_DIGITAL_SIGNATURE,
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER |
MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT);
Make numerous improvements - Python static hello world now 1.8mb - Python static fully loaded now 10mb - Python HTTPS client now uses MbedTLS - Python REPL now completes import stmts - Increase stack size for Python for now - Begin synthesizing posixpath and ntpath - Restore Python \N{UNICODE NAME} support - Restore Python NFKD symbol normalization - Add optimized code path for Intel SHA-NI - Get more Python unit tests passing faster - Get Python help() pagination working on NT - Python hashlib now supports MbedTLS PBKDF2 - Make memcpy/memmove/memcmp/bcmp/etc. faster - Add Mersenne Twister and Vigna to LIBC_RAND - Provide privileged __printf() for error code - Fix zipos opendir() so that it reports ENOTDIR - Add basic chmod() implementation for Windows NT - Add Cosmo's best functions to Python cosmo module - Pin function trace indent depth to that of caller - Show memory diagram on invalid access in MODE=dbg - Differentiate stack overflow on crash in MODE=dbg - Add stb_truetype and tools for analyzing font files - Upgrade to UNICODE 13 and reduce its binary footprint - COMPILE.COM now logs resource usage of build commands - Start implementing basic poll() support on bare metal - Set getauxval(AT_EXECFN) to GetModuleFileName() on NT - Add descriptions to strerror() in non-TINY build modes - Add COUNTBRANCH() macro to help with micro-optimizations - Make error / backtrace / asan / memory code more unbreakable - Add fast perfect C implementation of μ-Law and a-Law audio codecs - Make strtol() functions consistent with other libc implementations - Improve Linenoise implementation (see also github.com/jart/bestline) - COMPILE.COM now suppresses stdout/stderr of successful build commands
2021-09-28 05:58:51 +00:00
return FinishCertificate(ca, &wcert, key);
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
}
Correct minor issues with recent SSL change
2021-06-24 22:22:24 +00:00
static struct Cert GenerateRsaCertificate(struct Cert *ca) {
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
mbedtls_pk_context *key;
Refactor out some duplicated code
2021-08-14 13:17:56 +00:00
mbedtls_md_type_t md_alg;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
mbedtls_x509write_cert wcert;
Refactor out some duplicated code
2021-08-14 13:17:56 +00:00
md_alg = suiteb ? MBEDTLS_MD_SHA384 : MBEDTLS_MD_SHA256;
key = InitializeKey(ca, &wcert, md_alg, MBEDTLS_PK_RSA);
Make numerous improvements - Python static hello world now 1.8mb - Python static fully loaded now 10mb - Python HTTPS client now uses MbedTLS - Python REPL now completes import stmts - Increase stack size for Python for now - Begin synthesizing posixpath and ntpath - Restore Python \N{UNICODE NAME} support - Restore Python NFKD symbol normalization - Add optimized code path for Intel SHA-NI - Get more Python unit tests passing faster - Get Python help() pagination working on NT - Python hashlib now supports MbedTLS PBKDF2 - Make memcpy/memmove/memcmp/bcmp/etc. faster - Add Mersenne Twister and Vigna to LIBC_RAND - Provide privileged __printf() for error code - Fix zipos opendir() so that it reports ENOTDIR - Add basic chmod() implementation for Windows NT - Add Cosmo's best functions to Python cosmo module - Pin function trace indent depth to that of caller - Show memory diagram on invalid access in MODE=dbg - Differentiate stack overflow on crash in MODE=dbg - Add stb_truetype and tools for analyzing font files - Upgrade to UNICODE 13 and reduce its binary footprint - COMPILE.COM now logs resource usage of build commands - Start implementing basic poll() support on bare metal - Set getauxval(AT_EXECFN) to GetModuleFileName() on NT - Add descriptions to strerror() in non-TINY build modes - Add COUNTBRANCH() macro to help with micro-optimizations - Make error / backtrace / asan / memory code more unbreakable - Add fast perfect C implementation of μ-Law and a-Law audio codecs - Make strtol() functions consistent with other libc implementations - Improve Linenoise implementation (see also github.com/jart/bestline) - COMPILE.COM now suppresses stdout/stderr of successful build commands
2021-09-28 05:58:51 +00:00
CHECK_EQ(0, mbedtls_rsa_gen_key(mbedtls_pk_rsa(*key), GenerateHardRandom, 0,
suiteb ? 4096 : 2048, 65537));
GenerateCertificateSerial(&wcert);
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
ConfigureCertificate(
&wcert, ca,
MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_KEY_ENCIPHERMENT,
MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER |
MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT);
Make numerous improvements - Python static hello world now 1.8mb - Python static fully loaded now 10mb - Python HTTPS client now uses MbedTLS - Python REPL now completes import stmts - Increase stack size for Python for now - Begin synthesizing posixpath and ntpath - Restore Python \N{UNICODE NAME} support - Restore Python NFKD symbol normalization - Add optimized code path for Intel SHA-NI - Get more Python unit tests passing faster - Get Python help() pagination working on NT - Python hashlib now supports MbedTLS PBKDF2 - Make memcpy/memmove/memcmp/bcmp/etc. faster - Add Mersenne Twister and Vigna to LIBC_RAND - Provide privileged __printf() for error code - Fix zipos opendir() so that it reports ENOTDIR - Add basic chmod() implementation for Windows NT - Add Cosmo's best functions to Python cosmo module - Pin function trace indent depth to that of caller - Show memory diagram on invalid access in MODE=dbg - Differentiate stack overflow on crash in MODE=dbg - Add stb_truetype and tools for analyzing font files - Upgrade to UNICODE 13 and reduce its binary footprint - COMPILE.COM now logs resource usage of build commands - Start implementing basic poll() support on bare metal - Set getauxval(AT_EXECFN) to GetModuleFileName() on NT - Add descriptions to strerror() in non-TINY build modes - Add COUNTBRANCH() macro to help with micro-optimizations - Make error / backtrace / asan / memory code more unbreakable - Add fast perfect C implementation of μ-Law and a-Law audio codecs - Make strtol() functions consistent with other libc implementations - Improve Linenoise implementation (see also github.com/jart/bestline) - COMPILE.COM now suppresses stdout/stderr of successful build commands
2021-09-28 05:58:51 +00:00
return FinishCertificate(ca, &wcert, key);
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
}
static void LoadCertificates(void) {
size_t i;
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
struct Cert ksk, ecp, rsa;
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
bool havecert, haveclientcert;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
havecert = false;
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
haveclientcert = false;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
for (i = 0; i < certs.n; ++i) {
if (certs.p[i].key && certs.p[i].cert && !certs.p[i].cert->ca_istrue &&
!mbedtls_x509_crt_check_key_usage(certs.p[i].cert,
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
MBEDTLS_X509_KU_DIGITAL_SIGNATURE)) {
if (!mbedtls_x509_crt_check_extended_key_usage(
certs.p[i].cert, MBEDTLS_OID_SERVER_AUTH,
MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH))) {
LogCertificate("using server certificate", certs.p[i].cert);
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
UseCertificate(&conf, certs.p + i, "server");
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
havecert = true;
}
if (!mbedtls_x509_crt_check_extended_key_usage(
certs.p[i].cert, MBEDTLS_OID_CLIENT_AUTH,
MBEDTLS_OID_SIZE(MBEDTLS_OID_CLIENT_AUTH))) {
LogCertificate("using client certificate", certs.p[i].cert);
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
UseCertificate(&confcli, certs.p + i, "client");
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
haveclientcert = true;
}
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
}
}
Make redbean SSL more tunable This change enables SSL compression. It significantly reduces the network load of the testing infrastructure, for free, since this revision didn't need to change any runit protocol code. However we turn it off by default in redbean since no browsers support it. It turns out that some TLSv1.0 clients (e.g. curl command on RHEL5) will send an SSLv2-style ClientHello. These types of clients are usually ten+ years old and were designed to interop with servers ten years older than them. Your redbean is now able to interop with these clients even though redbean doesn't actually support SSLv2 or SSLv3. Please note that the -B flag may be passed to disable this along with TLSv1.0, TLSv1.1, 3DES, &c The following Lua APIs have been added to redbean: - ProgramSslCompression(bool) - ProgramSslCiphersuite(name:str) - ProgramSslPresharedKey(key:str,identity:str) Lastly the DHE ciphersuites have been enabled. IANA recommends DHE and with old clients like RHEL5 it's the only perfect forward secrecy they implement.
2021-08-09 14:00:23 +00:00
if (!havecert && (!psks.n || ksk.key)) {
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
if ((ksk = GetKeySigningKey()).key) {
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
DEBUGF("(ssl) generating ssl certificates using %`'s",
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
_gc(FormatX509Name(&ksk.cert->subject)));
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
} else {
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
VERBOSEF("(ssl) could not find non-CA SSL certificate key pair with"
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
" -addext keyUsage=digitalSignature"
" -addext extendedKeyUsage=serverAuth");
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
VERBOSEF("(ssl) could not find CA key signing key pair with"
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
" -addext keyUsage=keyCertSign");
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
VERBOSEF("(ssl) generating self-signed ssl certificates");
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
}
#ifdef MBEDTLS_ECP_C
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
ecp = GenerateEcpCertificate(ksk.key ? &ksk : 0);
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
if (!havecert) UseCertificate(&conf, &ecp, "server");
Improve redbean plus code size optimizations This change turns symbol table compression back on using Puff, which noticeably reduces the size of programs like redbean and Python. The redbean web server receives some minor API additions for controlling things like SSL in addition to filling gaps in the documentation.
2022-05-29 15:14:55 +00:00
if (!haveclientcert && ksk.key) {
UseCertificate(&confcli, &ecp, "client");
}
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
AppendCert(ecp.cert, ecp.key);
Correct minor issues with recent SSL change
2021-06-24 22:22:24 +00:00
#endif
#ifdef MBEDTLS_RSA_C
Improve redbean plus code size optimizations This change turns symbol table compression back on using Puff, which noticeably reduces the size of programs like redbean and Python. The redbean web server receives some minor API additions for controlling things like SSL in addition to filling gaps in the documentation.
2022-05-29 15:14:55 +00:00
if (!norsagen) {
rsa = GenerateRsaCertificate(ksk.key ? &ksk : 0);
if (!havecert) UseCertificate(&conf, &rsa, "server");
if (!haveclientcert && ksk.key) {
UseCertificate(&confcli, &rsa, "client");
}
AppendCert(rsa.cert, rsa.key);
}
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
#endif
}
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
WipeSigningKeys();
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
}
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
static bool ClientAcceptsGzip(void) {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
return cpm.msg.version >= 10 && /* RFC1945 § 3.5 */
HeaderHas(&cpm.msg, inbuf.p, kHttpAcceptEncoding, "gzip", 4);
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
char *FormatUnixHttpDateTime(char *s, int64_t t) {
struct tm tm;
gmtime_r(&t, &tm);
FormatHttpDateTime(s, &tm);
return s;
}
Avoid long double timestamps in redbean
2022-08-06 02:24:05 +00:00
static void UpdateCurrentDate(struct timespec now) {
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
int64_t t;
struct tm tm;
Avoid long double timestamps in redbean
2022-08-06 02:24:05 +00:00
t = now.tv_sec;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
shared->nowish = now;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
gmtime_r(&t, &tm);
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
FormatHttpDateTime(shared->currentdate, &tm);
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
static int64_t GetGmtOffset(int64_t t) {
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
struct tm tm;
localtime_r(&t, &tm);
return tm.tm_gmtoff;
}
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
forceinline bool IsCompressed(struct Asset *a) {
Add support for serving directly from filesystem You can now pass `-D directory` to redbean which will serve assets from the local filesystem. This is useful for development since it allows us to skip needing to shut down the server and run InfoZIP when testing an iteration of a lua server page script. See #97
2021-03-28 14:54:21 +00:00
return !a->file &&
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
ZIP_LFILE_COMPRESSIONMETHOD(zbase + a->lf) == kZipCompressionDeflate;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
}
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
forceinline int GetMode(struct Asset *a) {
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
return a->file ? a->file->st.st_mode : GetZipCfileMode(zbase + a->cf);
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
}
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
forceinline bool IsCompressionMethodSupported(int method) {
Have redbean show zip listing as default / handler If an "index.lua" or "index.html" doesn't exist in zip file or the filesystem, and no redirects have been defined for it either, then redbean will render a listing of the zip central directory content only if the request uri points to the root path.
2021-03-29 08:22:49 +00:00
return method == kZipCompressionNone || method == kZipCompressionDeflate;
}
Improve some unicode functions
2021-05-05 14:25:39 +00:00
static inline unsigned Hash(const void *p, unsigned long n) {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
unsigned h, i;
for (h = i = 0; i < n; i++) {
h += ((unsigned char *)p)[i];
h *= 0x9e3779b1;
}
return MAX(1, h);
}
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
static void FreeAssets(void) {
size_t i;
for (i = 0; i < assets.n; ++i) {
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
Free(&assets.p[i].lastmodifiedstr);
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
}
Free(&assets.p);
assets.n = 0;
}
static void FreeStrings(struct Strings *l) {
size_t i;
for (i = 0; i < l->n; ++i) {
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
Free(&l->p[i].s);
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
}
Free(&l->p);
l->n = 0;
}
Support POST parameters in redbean server pages See #97
2021-03-27 14:29:55 +00:00
static void IndexAssets(void) {
Reduce number of disk seeks in redbean
2021-05-03 08:21:50 +00:00
uint64_t cf;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
struct Asset *p;
Refactor out some duplicated code
2021-08-14 13:17:56 +00:00
struct timespec lm;
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
uint32_t i, n, m, step, hash;
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
DEBUGF("(zip) indexing assets (inode %#lx)", zst.st_ino);
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
FreeAssets();
Support POST parameters in redbean server pages See #97
2021-03-27 14:29:55 +00:00
CHECK_GE(HASH_LOAD_FACTOR, 2);
Add live reindexing to redbean when zip changes
2021-05-02 18:50:43 +00:00
CHECK(READ32LE(zcdir) == kZipCdir64HdrMagic ||
READ32LE(zcdir) == kZipCdirHdrMagic);
n = GetZipCdirRecords(zcdir);
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
m = _roundup2pow(MAX(1, n) * HASH_LOAD_FACTOR);
Support POST parameters in redbean server pages See #97
2021-03-27 14:29:55 +00:00
p = xcalloc(m, sizeof(struct Asset));
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
for (cf = GetZipCdirOffset(zcdir); n--; cf += ZIP_CFILE_HDRSIZE(zbase + cf)) {
CHECK_EQ(kZipCfileHdrMagic, ZIP_CFILE_MAGIC(zbase + cf));
if (!IsCompressionMethodSupported(
ZIP_CFILE_COMPRESSIONMETHOD(zbase + cf))) {
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
WARNF("(zip) don't understand zip compression method %d used by %`'.*s",
Decentralize Python native module linkage We can now link even smaller Python binaries. For example, the hello.com program in the Python build directory is a compiled linked executable of hello.py which just prints hello world. Using decentralized sections, we can make that binary 1.9mb in size (noting that python.com is 6.3 megs!) This works for nontrivial programs too. For example, say we want an APE binary that's equivalent to python.com -m http.server. Our makefile now builds such a binary using the new launcher and it's only 3.2mb in size since Python sources get turned into ELF objects, which tell our linker that we need things like native hashing algorithm code.
2021-09-07 18:40:11 +00:00
ZIP_CFILE_COMPRESSIONMETHOD(zbase + cf),
ZIP_CFILE_NAMESIZE(zbase + cf), ZIP_CFILE_NAME(zbase + cf));
Have redbean show zip listing as default / handler If an "index.lua" or "index.html" doesn't exist in zip file or the filesystem, and no redirects have been defined for it either, then redbean will render a listing of the zip central directory content only if the request uri points to the root path.
2021-03-29 08:22:49 +00:00
continue;
}
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
hash = Hash(ZIP_CFILE_NAME(zbase + cf), ZIP_CFILE_NAMESIZE(zbase + cf));
Support POST parameters in redbean server pages See #97
2021-03-27 14:29:55 +00:00
step = 0;
do {
i = (hash + (step * (step + 1)) >> 1) & (m - 1);
++step;
} while (p[i].hash);
Refactor out some duplicated code
2021-08-14 13:17:56 +00:00
GetZipCfileTimestamps(zbase + cf, &lm, 0, 0, gmtoff);
Support POST parameters in redbean server pages See #97
2021-03-27 14:29:55 +00:00
p[i].hash = hash;
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
p[i].cf = cf;
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
p[i].lf = GetZipCfileOffset(zbase + cf);
p[i].istext = !!(ZIP_CFILE_INTERNALATTRIBUTES(zbase + cf) & kZipIattrText);
Refactor out some duplicated code
2021-08-14 13:17:56 +00:00
p[i].lastmodified = lm.tv_sec;
p[i].lastmodifiedstr = FormatUnixHttpDateTime(xmalloc(30), lm.tv_sec);
Support POST parameters in redbean server pages See #97
2021-03-27 14:29:55 +00:00
}
assets.p = p;
assets.n = m;
}
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
static bool OpenZip(bool force) {
int fd;
size_t n;
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
struct stat st;
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
uint8_t *m, *b, *d, *p;
if (stat(zpath, &st) != -1) {
if (force || st.st_ino != zst.st_ino || st.st_size > zst.st_size) {
if (st.st_ino == zst.st_ino) {
fd = zfd;
} else if ((fd = open(zpath, O_RDWR)) == -1) {
Improve error messages for consistency (#297)
2021-10-25 21:44:04 +00:00
WARNF("(zip) open() error: %m");
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
return false;
}
if ((m = mmap(0, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0)) !=
MAP_FAILED) {
n = st.st_size;
Add MODE=optlinux build mode (#141)
2021-10-15 02:36:49 +00:00
if ((p = FindEmbeddedApe(m, n))) {
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
b = p;
n -= p - m;
} else {
b = m;
}
if ((d = GetZipCdir(b, n))) {
if (zmap) {
LOGIFNEG1(munmap(zmap, zbase + zsize - zmap));
}
zmap = m;
zbase = b;
zsize = n;
zcdir = d;
DCHECK(IsZipCdir32(zbase, zsize, zcdir - zbase) ||
IsZipCdir64(zbase, zsize, zcdir - zbase));
memcpy(&zst, &st, sizeof(st));
IndexAssets();
return true;
} else {
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
WARNF("(zip) couldn't locate central directory");
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
}
} else {
Improve error messages for consistency (#297)
2021-10-25 21:44:04 +00:00
WARNF("(zip) mmap() error: %m");
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
}
}
} else {
Make some last minute production changes
2022-10-19 17:00:29 +00:00
// avoid noise if we setuid to user who can't see executable
if (errno == EACCES) {
VERBOSEF("(zip) stat(%`'s) error: %m", zpath);
} else {
WARNF("(zip) stat(%`'s) error: %m", zpath);
}
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
}
return false;
}
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
static struct Asset *GetAssetZip(const char *path, size_t pathlen) {
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
uint32_t i, step, hash;
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
if (pathlen > 1 && path[0] == '/') ++path, --pathlen;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
hash = Hash(path, pathlen);
for (step = 0;; ++step) {
i = (hash + (step * (step + 1)) >> 1) & (assets.n - 1);
if (!assets.p[i].hash) return NULL;
if (hash == assets.p[i].hash &&
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
pathlen == ZIP_CFILE_NAMESIZE(zbase + assets.p[i].cf) &&
memcmp(path, ZIP_CFILE_NAME(zbase + assets.p[i].cf), pathlen) == 0) {
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
return &assets.p[i];
}
}
}
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
static struct Asset *GetAssetFile(const char *path, size_t pathlen) {
Add support for serving directly from filesystem You can now pass `-D directory` to redbean which will serve assets from the local filesystem. This is useful for development since it allows us to skip needing to shut down the server and run InfoZIP when testing an iteration of a lua server page script. See #97
2021-03-28 14:54:21 +00:00
size_t i;
struct Asset *a;
if (stagedirs.n) {
a = FreeLater(xcalloc(1, sizeof(struct Asset)));
a->file = FreeLater(xmalloc(sizeof(struct File)));
for (i = 0; i < stagedirs.n; ++i) {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.stats);
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
a->file->path.s = FreeLater(MergePaths(stagedirs.p[i].s, stagedirs.p[i].n,
path, pathlen, &a->file->path.n));
if (stat(a->file->path.s, &a->file->st) != -1) {
Add support for serving directly from filesystem You can now pass `-D directory` to redbean which will serve assets from the local filesystem. This is useful for development since it allows us to skip needing to shut down the server and run InfoZIP when testing an iteration of a lua server page script. See #97
2021-03-28 14:54:21 +00:00
a->lastmodifiedstr = FormatUnixHttpDateTime(
FreeLater(xmalloc(30)),
(a->lastmodified = a->file->st.st_mtim.tv_sec));
return a;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
} else {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.statfails);
Add support for serving directly from filesystem You can now pass `-D directory` to redbean which will serve assets from the local filesystem. This is useful for development since it allows us to skip needing to shut down the server and run InfoZIP when testing an iteration of a lua server page script. See #97
2021-03-28 14:54:21 +00:00
}
}
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
Add support for serving directly from filesystem You can now pass `-D directory` to redbean which will serve assets from the local filesystem. This is useful for development since it allows us to skip needing to shut down the server and run InfoZIP when testing an iteration of a lua server page script. See #97
2021-03-28 14:54:21 +00:00
return NULL;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
static struct Asset *GetAsset(const char *path, size_t pathlen) {
char *path2;
Add support for serving directly from filesystem You can now pass `-D directory` to redbean which will serve assets from the local filesystem. This is useful for development since it allows us to skip needing to shut down the server and run InfoZIP when testing an iteration of a lua server page script. See #97
2021-03-28 14:54:21 +00:00
struct Asset *a;
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
if (!(a = GetAssetFile(path, pathlen))) {
if (!(a = GetAssetZip(path, pathlen))) {
Improve performance of printf functions
2021-04-24 20:58:34 +00:00
if (pathlen > 1 && path[pathlen - 1] != '/' &&
pathlen + 1 <= sizeof(slashpath)) {
memcpy(mempcpy(slashpath, path, pathlen), "/", 1);
a = GetAssetZip(slashpath, pathlen + 1);
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
}
}
Add support for serving directly from filesystem You can now pass `-D directory` to redbean which will serve assets from the local filesystem. This is useful for development since it allows us to skip needing to shut down the server and run InfoZIP when testing an iteration of a lua server page script. See #97
2021-03-28 14:54:21 +00:00
}
return a;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
static char *AppendHeader(char *p, const char *k, const char *v) {
Transcode ISO-8859-1 in HTTP headers If we keep making changes like this, redbean might not be a toy anymore. Additional steps are also being taken now to prevent ANSI control codes sent by the client from slipping into logs.
2021-03-28 07:10:17 +00:00
if (!v) return p;
Perform some minor code cleanup
2021-04-06 19:46:52 +00:00
return AppendCrlf(stpcpy(stpcpy(stpcpy(p, k), ": "), v));
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
}
static char *AppendContentType(char *p, const char *ct) {
Perform some minor code cleanup
2021-04-06 19:46:52 +00:00
p = stpcpy(p, "Content-Type: ");
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
p = stpcpy(p, ct);
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
if ((cpm.istext = _startswith(ct, "text/"))) {
Restore Referer-Policy and wrap up MbedTLS changes redbean will now set Referer-Policy to no-referrer-when-downgrade on text/html responses by default. There's better explanations on the bits of security redbean is offering. In short, it's 128+ for modern clients and 112+ for legacy. If the -B flag is used then it's 192+ for modern and 150+ for non-EC.
2021-08-04 05:42:17 +00:00
if (!strchr(ct + 5, ';')) {
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
p = stpcpy(p, "; charset=utf-8");
}
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
if (!cpm.referrerpolicy && _startswith(ct + 5, "html")) {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.referrerpolicy = "no-referrer-when-downgrade";
Restore Referer-Policy and wrap up MbedTLS changes redbean will now set Referer-Policy to no-referrer-when-downgrade on text/html responses by default. There's better explanations on the bits of security redbean is offering. In short, it's 128+ for modern clients and 112+ for legacy. If the -B flag is used then it's 192+ for modern and 150+ for non-EC.
2021-08-04 05:42:17 +00:00
}
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
}
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.hascontenttype = true;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
return AppendCrlf(p);
}
static char *AppendExpires(char *p, int64_t t) {
struct tm tm;
gmtime_r(&t, &tm);
Perform some minor code cleanup
2021-04-06 19:46:52 +00:00
p = stpcpy(p, "Expires: ");
Add support for serving directly from filesystem You can now pass `-D directory` to redbean which will serve assets from the local filesystem. This is useful for development since it allows us to skip needing to shut down the server and run InfoZIP when testing an iteration of a lua server page script. See #97
2021-03-28 14:54:21 +00:00
p = FormatHttpDateTime(p, &tm);
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
return AppendCrlf(p);
}
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
static char *AppendCache(char *p, int64_t seconds) {
if (seconds < 0) return p;
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
p = stpcpy(p, "Cache-Control: max-age=");
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
p = FormatUint64(p, seconds);
Improve http caching in redbean
2022-06-17 09:44:03 +00:00
if (!seconds) {
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
p = stpcpy(p, ", no-store");
Improve http caching in redbean
2022-06-17 09:44:03 +00:00
} else {
p = stpcpy(p, ", must-revalidate");
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
}
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
p = AppendCrlf(p);
Avoid long double timestamps in redbean
2022-08-06 02:24:05 +00:00
return AppendExpires(p, shared->nowish.tv_sec + seconds);
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
}
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
static inline char *AppendContentLength(char *p, size_t n) {
Perform some minor code cleanup
2021-04-06 19:46:52 +00:00
p = stpcpy(p, "Content-Length: ");
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
p = FormatUint64(p, n);
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
return AppendCrlf(p);
}
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
static char *AppendContentRange(char *p, long a, long b, long c) {
Perform some minor code cleanup
2021-04-06 19:46:52 +00:00
p = stpcpy(p, "Content-Range: bytes ");
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
if (a >= 0 && b > 0) {
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
p = FormatUint64(p, a);
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
*p++ = '-';
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
p = FormatUint64(p, a + b - 1);
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
} else {
*p++ = '*';
}
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
*p++ = '/';
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
p = FormatUint64(p, c);
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
return AppendCrlf(p);
}
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
static bool Inflate(void *dp, size_t dn, const void *sp, size_t sn) {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.inflates);
Improve redbean plus code size optimizations This change turns symbol table compression back on using Puff, which noticeably reduces the size of programs like redbean and Python. The redbean web server receives some minor API additions for controlling things like SSL in addition to filling gaps in the documentation.
2022-05-29 15:14:55 +00:00
return !__inflate(dp, dn, sp, sn);
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
}
static bool Verify(void *data, size_t size, uint32_t crc) {
uint32_t got;
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.verifies);
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
if (crc == (got = crc32_z(0, data, size))) {
return true;
} else {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.thiscorruption);
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
WARNF("(zip) corrupt zip file at %`'.*s had crc 0x%08x but expected 0x%08x",
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.msg.uri.b - cpm.msg.uri.a, inbuf.p + cpm.msg.uri.a, got, crc);
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
return false;
Make improvements - Emulator can now test the αcτµαlly pδrταblε εxεcµταblε bootloader - Whipped up a webserver named redbean. It services 150k requests per second on a single core. Bundling assets inside zip enables extremely fast serving for two reasons. The first is that zip central directory lookups go faster than stat() system calls. The second is that both zip and gzip content-encoding use DEFLATE, therefore, compressed responses can be served via the sendfile() system call which does an in-kernel copy directly from the zip executable structure. Also note that red bean zip executables can be deployed easily to all platforms, since these native executables work on Linux, Mac, BSD, and Windows. - Address sanitizer now works very well
2020-09-07 04:39:00 +00:00
}
}
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
static void *Deflate(const void *data, size_t size, size_t *out_size) {
void *res;
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
z_stream zs = {0};
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.deflates);
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
CHECK_EQ(Z_OK, deflateInit2(&zs, 4, Z_DEFLATED, -MAX_WBITS, DEF_MEM_LEVEL,
Z_DEFAULT_STRATEGY));
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
zs.next_in = data;
zs.avail_in = size;
zs.avail_out = compressBound(size);
zs.next_out = res = xmalloc(zs.avail_out);
CHECK_EQ(Z_STREAM_END, deflate(&zs, Z_FINISH));
CHECK_EQ(Z_OK, deflateEnd(&zs));
*out_size = zs.total_out;
return xrealloc(res, zs.total_out);
}
static void *LoadAsset(struct Asset *a, size_t *out_size) {
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
int mode;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
size_t size;
uint8_t *data;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
if (S_ISDIR(GetMode(a))) {
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
WARNF("(srvr) can't load directory");
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
return NULL;
}
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
if (!a->file) {
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
size = GetZipLfileUncompressedSize(zbase + a->lf);
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
if (size == SIZE_MAX || !(data = malloc(size + 1))) return NULL;
if (IsCompressed(a)) {
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
if (!Inflate(data, size, ZIP_LFILE_CONTENT(zbase + a->lf),
GetZipCfileCompressedSize(zbase + a->cf))) {
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
free(data);
return NULL;
}
} else {
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
memcpy(data, ZIP_LFILE_CONTENT(zbase + a->lf), size);
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
}
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
if (!Verify(data, size, ZIP_LFILE_CRC32(zbase + a->lf))) {
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
free(data);
return NULL;
}
data[size] = '\0';
if (out_size) *out_size = size;
return data;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
} else {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.slurps);
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
return xslurp(a->file->path.s, out_size);
}
}
Add seccomp bpf sandboxing to redbean It's now possible to pass the `-S` or `-SS` flags to sandbox redbean worker proecsses after they've been forked. The first `-S` flag is intended to be a permissive builtin policy that limits system calls to only that which the various parts of redbean serving need. The second `-SS` flag is intended to be more restrictive, preventing things like the Lua extensions you download off the web from using the HTTP client or sockets APIs. In upcoming changes you'll be able to implement your own Berkeley Packet Filter sandbox programs and load them via Lua.
2022-04-18 15:54:42 +00:00
static wontreturn void PrintUsage(int fd, int rc) {
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
size_t n;
const char *p;
struct Asset *a;
Add seccomp bpf sandboxing to redbean It's now possible to pass the `-S` or `-SS` flags to sandbox redbean worker proecsses after they've been forked. The first `-S` flag is intended to be a permissive builtin policy that limits system calls to only that which the various parts of redbean serving need. The second `-SS` flag is intended to be more restrictive, preventing things like the Lua extensions you download off the web from using the HTTP client or sockets APIs. In upcoming changes you'll be able to implement your own Berkeley Packet Filter sandbox programs and load them via Lua.
2022-04-18 15:54:42 +00:00
if (!(a = GetAssetZip("/help.txt", 9)) || !(p = LoadAsset(a, &n))) {
fprintf(stderr, "error: /help.txt is not a zip asset\n");
exit(1);
}
Bump redbean to 2.0.9
2022-07-09 12:49:19 +00:00
if (IsTiny()) {
write(fd, p, strlen(p));
} else {
__paginate(fd, p);
}
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
exit(rc);
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
}
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
static void AppendLogo(void) {
size_t n;
char *p, *q;
struct Asset *a;
if ((a = GetAsset("/redbean.png", 12)) && (p = LoadAsset(a, &n))) {
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
if ((q = EncodeBase64(p, n, &n))) {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
appends(&cpm.outbuf, "<img alt=\"[logo]\" src=\"data:image/png;base64,");
appendd(&cpm.outbuf, q, n);
appends(&cpm.outbuf, "\">\r\n");
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
free(q);
}
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
free(p);
}
}
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
static ssize_t Send(struct iovec *iov, int iovlen) {
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
ssize_t rc;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
if ((rc = writer(client, iov, iovlen)) == -1) {
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
if (errno == ECONNRESET) {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.writeresets);
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
DEBUGF("(rsp) %s write reset", DescribeClient());
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
} else if (errno == EAGAIN) {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.writetimeouts);
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
WARNF("(rsp) %s write timeout", DescribeClient());
Polish recent changes and make improvements - Simulate SIGPIPE on Windows NT - Fix commandv() regression on Windows NT - Fix sigprocmask() strace bug on OpenBSD - Add many more system calls to --strace logging - Make errno state more pristine in redbean strace
2022-03-19 10:37:00 +00:00
errno = 0;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
} else {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.writeerrors);
Reduce redbean logging for EBADF (#461) This may happen on explicitly closed client connections, so reduce the logging level similar to other errors.
2022-07-08 14:14:50 +00:00
if (errno == EBADF) { // don't warn on close/bad fd
DEBUGF("(rsp) %s write badf", DescribeClient());
} else {
WARNF("(rsp) %s write error: %m", DescribeClient());
}
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
connectionclose = true;
}
return rc;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
}
Make redbean SSL more tunable This change enables SSL compression. It significantly reduces the network load of the testing infrastructure, for free, since this revision didn't need to change any runit protocol code. However we turn it off by default in redbean since no browsers support it. It turns out that some TLSv1.0 clients (e.g. curl command on RHEL5) will send an SSLv2-style ClientHello. These types of clients are usually ten+ years old and were designed to interop with servers ten years older than them. Your redbean is now able to interop with these clients even though redbean doesn't actually support SSLv2 or SSLv3. Please note that the -B flag may be passed to disable this along with TLSv1.0, TLSv1.1, 3DES, &c The following Lua APIs have been added to redbean: - ProgramSslCompression(bool) - ProgramSslCiphersuite(name:str) - ProgramSslPresharedKey(key:str,identity:str) Lastly the DHE ciphersuites have been enabled. IANA recommends DHE and with old clients like RHEL5 it's the only perfect forward secrecy they implement.
2021-08-09 14:00:23 +00:00
static bool IsSslCompressed(void) {
Improve redbean plus code size optimizations This change turns symbol table compression back on using Puff, which noticeably reduces the size of programs like redbean and Python. The redbean web server receives some minor API additions for controlling things like SSL in addition to filling gaps in the documentation.
2022-05-29 15:14:55 +00:00
return usingssl && ssl.session->compression;
Make redbean SSL more tunable This change enables SSL compression. It significantly reduces the network load of the testing infrastructure, for free, since this revision didn't need to change any runit protocol code. However we turn it off by default in redbean since no browsers support it. It turns out that some TLSv1.0 clients (e.g. curl command on RHEL5) will send an SSLv2-style ClientHello. These types of clients are usually ten+ years old and were designed to interop with servers ten years older than them. Your redbean is now able to interop with these clients even though redbean doesn't actually support SSLv2 or SSLv3. Please note that the -B flag may be passed to disable this along with TLSv1.0, TLSv1.1, 3DES, &c The following Lua APIs have been added to redbean: - ProgramSslCompression(bool) - ProgramSslCiphersuite(name:str) - ProgramSslPresharedKey(key:str,identity:str) Lastly the DHE ciphersuites have been enabled. IANA recommends DHE and with old clients like RHEL5 it's the only perfect forward secrecy they implement.
2021-08-09 14:00:23 +00:00
}
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
static char *CommitOutput(char *p) {
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
uint32_t crc;
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
size_t outbuflen;
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (!cpm.contentlength) {
outbuflen = appendz(cpm.outbuf).i;
if (cpm.istext && outbuflen >= 100) {
Make redbean SSL more tunable This change enables SSL compression. It significantly reduces the network load of the testing infrastructure, for free, since this revision didn't need to change any runit protocol code. However we turn it off by default in redbean since no browsers support it. It turns out that some TLSv1.0 clients (e.g. curl command on RHEL5) will send an SSLv2-style ClientHello. These types of clients are usually ten+ years old and were designed to interop with servers ten years older than them. Your redbean is now able to interop with these clients even though redbean doesn't actually support SSLv2 or SSLv3. Please note that the -B flag may be passed to disable this along with TLSv1.0, TLSv1.1, 3DES, &c The following Lua APIs have been added to redbean: - ProgramSslCompression(bool) - ProgramSslCiphersuite(name:str) - ProgramSslPresharedKey(key:str,identity:str) Lastly the DHE ciphersuites have been enabled. IANA recommends DHE and with old clients like RHEL5 it's the only perfect forward secrecy they implement.
2021-08-09 14:00:23 +00:00
if (!IsTiny() && !IsSslCompressed()) {
p = stpcpy(p, "Vary: Accept-Encoding\r\n");
}
if (!IsTiny() && !IsSslCompressed() && ClientAcceptsGzip()) {
Update redbean GetResponseBody to take response compression into account (#561)
2022-08-22 05:26:41 +00:00
cpm.gzipped = outbuflen;
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
crc = crc32_z(0, cpm.outbuf, outbuflen);
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
WRITE32LE(gzip_footer + 0, crc);
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
WRITE32LE(gzip_footer + 4, outbuflen);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.content =
FreeLater(Deflate(cpm.outbuf, outbuflen, &cpm.contentlength));
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
DropOutput();
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
} else {
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
UseOutput();
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
}
Add support for serving directly from filesystem You can now pass `-D directory` to redbean which will serve assets from the local filesystem. This is useful for development since it allows us to skip needing to shut down the server and run InfoZIP when testing an iteration of a lua server page script. See #97
2021-03-28 14:54:21 +00:00
} else {
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
UseOutput();
Add support for serving directly from filesystem You can now pass `-D directory` to redbean which will serve assets from the local filesystem. This is useful for development since it allows us to skip needing to shut down the server and run InfoZIP when testing an iteration of a lua server page script. See #97
2021-03-28 14:54:21 +00:00
}
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
} else {
DropOutput();
}
return p;
}
Undiamond Python headers This change gets the Python codebase into a state where it conforms to the conventions of this codebase. It's now possible to include headers from Python, without worrying about ordering. Python has traditionally solved that problem by "diamonding" everything in Python.h, but that's problematic since it means any change to any Python header invalidates all the build artifacts. Lastly it makes tooling not work. Since it is hard to explain to Emacs when I press C-c C-h to add an import line it shouldn't add the header that actually defines the symbol, and instead do follow the nonstandard Python convention. Progress has been made on letting Python load source code from the zip executable structure via the standard C library APIs. System calss now recognizes zip!FILENAME alternative URIs as equivalent to zip:FILENAME since Python uses colon as its delimiter. Some progress has been made on embedding the notice license terms into the Python object code. This is easier said than done since Python has an extremely complicated ownership story. - Some termios APIs have been added - Implement rewinddir() dirstream API - GetCpuCount() API added to Cosmopolitan Libc - More bugs in Cosmopolitan Libc have been fixed - zipobj.com now has flags for mangling the path - Fixed bug a priori with sendfile() on certain BSDs - Polyfill F_DUPFD and F_DUPFD_CLOEXEC across platforms - FIOCLEX / FIONCLEX now polyfilled for fast O_CLOEXEC changes - APE now supports a hybrid solution to no-self-modify for builds - Many BSD-only magnums added, e.g. O_SEARCH, O_SHLOCK, SF_NODISKIO
2021-08-12 07:42:14 +00:00
static char *ServeDefaultErrorPage(char *p, unsigned code, const char *reason,
const char *details) {
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
p = AppendContentType(p, "text/html; charset=ISO-8859-1");
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
reason = FreeLater(EscapeHtml(reason, -1, 0));
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
appends(&cpm.outbuf, "\
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
<!doctype html>\r\n\
<title>");
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
appendf(&cpm.outbuf, "%d %s", code, reason);
appends(&cpm.outbuf, "\
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
</title>\r\n\
<style>\r\n\
html { color: #111; font-family: sans-serif; }\r\n\
img { vertical-align: middle; }\r\n\
</style>\r\n\
<h1>\r\n");
AppendLogo();
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
appendf(&cpm.outbuf, "%d %s\r\n", code, reason);
appends(&cpm.outbuf, "</h1>\r\n");
Update redbean to show Lua stack traces (#237) - Update redbean to include stack trace in Lua errors - Extend Lua in redbean to include stack trace in all logged errors - Update default error page in redbean with error details (when allowed) - Prepend `@` to Lua paths in redbean to recognize them as paths in error messages - Replace GetClientAddr with GetRemoteAddr to avoid backtrace leak in proxy scenarios - Fix typo in GetRemoteAddr documentation
2021-08-12 06:27:39 +00:00
if (details) {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
appendf(&cpm.outbuf, "<pre>%s</pre>\r\n",
Undiamond Python headers This change gets the Python codebase into a state where it conforms to the conventions of this codebase. It's now possible to include headers from Python, without worrying about ordering. Python has traditionally solved that problem by "diamonding" everything in Python.h, but that's problematic since it means any change to any Python header invalidates all the build artifacts. Lastly it makes tooling not work. Since it is hard to explain to Emacs when I press C-c C-h to add an import line it shouldn't add the header that actually defines the symbol, and instead do follow the nonstandard Python convention. Progress has been made on letting Python load source code from the zip executable structure via the standard C library APIs. System calss now recognizes zip!FILENAME alternative URIs as equivalent to zip:FILENAME since Python uses colon as its delimiter. Some progress has been made on embedding the notice license terms into the Python object code. This is easier said than done since Python has an extremely complicated ownership story. - Some termios APIs have been added - Implement rewinddir() dirstream API - GetCpuCount() API added to Cosmopolitan Libc - More bugs in Cosmopolitan Libc have been fixed - zipobj.com now has flags for mangling the path - Fixed bug a priori with sendfile() on certain BSDs - Polyfill F_DUPFD and F_DUPFD_CLOEXEC across platforms - FIOCLEX / FIONCLEX now polyfilled for fast O_CLOEXEC changes - APE now supports a hybrid solution to no-self-modify for builds - Many BSD-only magnums added, e.g. O_SEARCH, O_SHLOCK, SF_NODISKIO
2021-08-12 07:42:14 +00:00
FreeLater(EscapeHtml(details, -1, 0)));
Update redbean to show Lua stack traces (#237) - Update redbean to include stack trace in Lua errors - Extend Lua in redbean to include stack trace in all logged errors - Update default error page in redbean with error details (when allowed) - Prepend `@` to Lua paths in redbean to recognize them as paths in error messages - Replace GetClientAddr with GetRemoteAddr to avoid backtrace leak in proxy scenarios - Fix typo in GetRemoteAddr documentation
2021-08-12 06:27:39 +00:00
}
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
UseOutput();
return p;
}
Undiamond Python headers This change gets the Python codebase into a state where it conforms to the conventions of this codebase. It's now possible to include headers from Python, without worrying about ordering. Python has traditionally solved that problem by "diamonding" everything in Python.h, but that's problematic since it means any change to any Python header invalidates all the build artifacts. Lastly it makes tooling not work. Since it is hard to explain to Emacs when I press C-c C-h to add an import line it shouldn't add the header that actually defines the symbol, and instead do follow the nonstandard Python convention. Progress has been made on letting Python load source code from the zip executable structure via the standard C library APIs. System calss now recognizes zip!FILENAME alternative URIs as equivalent to zip:FILENAME since Python uses colon as its delimiter. Some progress has been made on embedding the notice license terms into the Python object code. This is easier said than done since Python has an extremely complicated ownership story. - Some termios APIs have been added - Implement rewinddir() dirstream API - GetCpuCount() API added to Cosmopolitan Libc - More bugs in Cosmopolitan Libc have been fixed - zipobj.com now has flags for mangling the path - Fixed bug a priori with sendfile() on certain BSDs - Polyfill F_DUPFD and F_DUPFD_CLOEXEC across platforms - FIOCLEX / FIONCLEX now polyfilled for fast O_CLOEXEC changes - APE now supports a hybrid solution to no-self-modify for builds - Many BSD-only magnums added, e.g. O_SEARCH, O_SHLOCK, SF_NODISKIO
2021-08-12 07:42:14 +00:00
static char *ServeErrorImpl(unsigned code, const char *reason,
const char *details) {
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
size_t n;
char *p, *s;
struct Asset *a;
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.errors);
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
DropOutput();
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
p = SetStatus(code, reason);
s = xasprintf("/%d.html", code);
a = GetAsset(s, strlen(s));
free(s);
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
if (!a) {
Update redbean to show Lua stack traces (#237) - Update redbean to include stack trace in Lua errors - Extend Lua in redbean to include stack trace in all logged errors - Update default error page in redbean with error details (when allowed) - Prepend `@` to Lua paths in redbean to recognize them as paths in error messages - Replace GetClientAddr with GetRemoteAddr to avoid backtrace leak in proxy scenarios - Fix typo in GetRemoteAddr documentation
2021-08-12 06:27:39 +00:00
return ServeDefaultErrorPage(p, code, reason, details);
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
} else if (a->file) {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.slurps);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.content = FreeLater(xslurp(a->file->path.s, &cpm.contentlength));
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
return AppendContentType(p, "text/html; charset=utf-8");
} else {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.content = (char *)ZIP_LFILE_CONTENT(zbase + a->lf);
cpm.contentlength = GetZipCfileCompressedSize(zbase + a->cf);
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
if (IsCompressed(a)) {
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
n = GetZipLfileUncompressedSize(zbase + a->lf);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if ((s = FreeLater(malloc(n))) &&
Inflate(s, n, cpm.content, cpm.contentlength)) {
cpm.content = s;
cpm.contentlength = n;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
} else {
Update redbean to show Lua stack traces (#237) - Update redbean to include stack trace in Lua errors - Extend Lua in redbean to include stack trace in all logged errors - Update default error page in redbean with error details (when allowed) - Prepend `@` to Lua paths in redbean to recognize them as paths in error messages - Replace GetClientAddr with GetRemoteAddr to avoid backtrace leak in proxy scenarios - Fix typo in GetRemoteAddr documentation
2021-08-12 06:27:39 +00:00
return ServeDefaultErrorPage(p, code, reason, details);
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
}
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (Verify(cpm.content, cpm.contentlength,
ZIP_LFILE_CRC32(zbase + a->lf))) {
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
return AppendContentType(p, "text/html; charset=utf-8");
} else {
Update redbean to show Lua stack traces (#237) - Update redbean to include stack trace in Lua errors - Extend Lua in redbean to include stack trace in all logged errors - Update default error page in redbean with error details (when allowed) - Prepend `@` to Lua paths in redbean to recognize them as paths in error messages - Replace GetClientAddr with GetRemoteAddr to avoid backtrace leak in proxy scenarios - Fix typo in GetRemoteAddr documentation
2021-08-12 06:27:39 +00:00
return ServeDefaultErrorPage(p, code, reason, details);
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
}
}
}
Undiamond Python headers This change gets the Python codebase into a state where it conforms to the conventions of this codebase. It's now possible to include headers from Python, without worrying about ordering. Python has traditionally solved that problem by "diamonding" everything in Python.h, but that's problematic since it means any change to any Python header invalidates all the build artifacts. Lastly it makes tooling not work. Since it is hard to explain to Emacs when I press C-c C-h to add an import line it shouldn't add the header that actually defines the symbol, and instead do follow the nonstandard Python convention. Progress has been made on letting Python load source code from the zip executable structure via the standard C library APIs. System calss now recognizes zip!FILENAME alternative URIs as equivalent to zip:FILENAME since Python uses colon as its delimiter. Some progress has been made on embedding the notice license terms into the Python object code. This is easier said than done since Python has an extremely complicated ownership story. - Some termios APIs have been added - Implement rewinddir() dirstream API - GetCpuCount() API added to Cosmopolitan Libc - More bugs in Cosmopolitan Libc have been fixed - zipobj.com now has flags for mangling the path - Fixed bug a priori with sendfile() on certain BSDs - Polyfill F_DUPFD and F_DUPFD_CLOEXEC across platforms - FIOCLEX / FIONCLEX now polyfilled for fast O_CLOEXEC changes - APE now supports a hybrid solution to no-self-modify for builds - Many BSD-only magnums added, e.g. O_SEARCH, O_SHLOCK, SF_NODISKIO
2021-08-12 07:42:14 +00:00
static char *ServeErrorWithDetail(unsigned code, const char *reason,
const char *details) {
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
ERRORF("(srvr) server error: %d %s", code, reason);
Update redbean to show Lua stack traces (#237) - Update redbean to include stack trace in Lua errors - Extend Lua in redbean to include stack trace in all logged errors - Update default error page in redbean with error details (when allowed) - Prepend `@` to Lua paths in redbean to recognize them as paths in error messages - Replace GetClientAddr with GetRemoteAddr to avoid backtrace leak in proxy scenarios - Fix typo in GetRemoteAddr documentation
2021-08-12 06:27:39 +00:00
return ServeErrorImpl(code, reason, details);
}
static char *ServeError(unsigned code, const char *reason) {
return ServeErrorWithDetail(code, reason, NULL);
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
}
static char *ServeFailure(unsigned code, const char *reason) {
Decentralize Python native module linkage We can now link even smaller Python binaries. For example, the hello.com program in the Python build directory is a compiled linked executable of hello.py which just prints hello world. Using decentralized sections, we can make that binary 1.9mb in size (noting that python.com is 6.3 megs!) This works for nontrivial programs too. For example, say we want an APE binary that's equivalent to python.com -m http.server. Our makefile now builds such a binary using the new launcher and it's only 3.2mb in size since Python sources get turned into ELF objects, which tell our linker that we need things like native hashing algorithm code.
2021-09-07 18:40:11 +00:00
ERRORF("(srvr) failure: %d %s %s HTTP%02d %.*s %`'.*s %`'.*s %`'.*s %`'.*s",
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
code, reason, DescribeClient(), cpm.msg.version,
cpm.msg.xmethod.b - cpm.msg.xmethod.a, inbuf.p + cpm.msg.xmethod.a,
HeaderLength(kHttpHost), HeaderData(kHttpHost),
cpm.msg.uri.b - cpm.msg.uri.a, inbuf.p + cpm.msg.uri.a,
HeaderLength(kHttpReferer), HeaderData(kHttpReferer),
HeaderLength(kHttpUserAgent), HeaderData(kHttpUserAgent));
Update redbean to show Lua stack traces (#237) - Update redbean to include stack trace in Lua errors - Extend Lua in redbean to include stack trace in all logged errors - Update default error page in redbean with error details (when allowed) - Prepend `@` to Lua paths in redbean to recognize them as paths in error messages - Replace GetClientAddr with GetRemoteAddr to avoid backtrace leak in proxy scenarios - Fix typo in GetRemoteAddr documentation
2021-08-12 06:27:39 +00:00
return ServeErrorImpl(code, reason, NULL);
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
}
Redbean stream yield implementation (#370) * Simplify handling of coroutine state * Update redbean to allow yielding from Lua to support streaming * Add stack checks for Lua resume calls in redbean
2022-03-22 01:07:30 +00:00
static ssize_t YieldGenerator(struct iovec v[3]) {
int nresults, status;
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (cpm.isyielding > 1) {
Redbean stream yield implementation (#370) * Simplify handling of coroutine state * Update redbean to allow yielding from Lua to support streaming * Add stack checks for Lua resume calls in redbean
2022-03-22 01:07:30 +00:00
do {
if (!YL || lua_status(YL) != LUA_YIELD) return 0; // done yielding
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.contentlength = 0;
Redbean stream yield implementation (#370) * Simplify handling of coroutine state * Update redbean to allow yielding from Lua to support streaming * Add stack checks for Lua resume calls in redbean
2022-03-22 01:07:30 +00:00
status = lua_resume(YL, NULL, 0, &nresults);
if (status != LUA_OK && status != LUA_YIELD) {
LogLuaError("resume", lua_tostring(YL, -1));
lua_pop(YL, 1);
return -1;
}
lua_pop(YL, nresults);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (!cpm.contentlength) UseOutput();
Redbean stream yield implementation (#370) * Simplify handling of coroutine state * Update redbean to allow yielding from Lua to support streaming * Add stack checks for Lua resume calls in redbean
2022-03-22 01:07:30 +00:00
// continue yielding if nothing to return to keep generator running
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
} while (!cpm.contentlength);
Redbean stream yield implementation (#370) * Simplify handling of coroutine state * Update redbean to allow yielding from Lua to support streaming * Add stack checks for Lua resume calls in redbean
2022-03-22 01:07:30 +00:00
}
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
DEBUGF("(lua) yielded with %ld bytes generated", cpm.contentlength);
cpm.isyielding++;
v[0].iov_base = cpm.content;
v[0].iov_len = cpm.contentlength;
return cpm.contentlength;
Redbean stream yield implementation (#370) * Simplify handling of coroutine state * Update redbean to allow yielding from Lua to support streaming * Add stack checks for Lua resume calls in redbean
2022-03-22 01:07:30 +00:00
}
Let ctrl-c interrupt lua server pages in repl mode
2022-05-14 18:47:16 +00:00
static void OnLuaServerPageCtrlc(int i) {
lua_sigint(GL, i);
}
Redbean stream yield implementation (#370) * Simplify handling of coroutine state * Update redbean to allow yielding from Lua to support streaming * Add stack checks for Lua resume calls in redbean
2022-03-22 01:07:30 +00:00
static int LuaCallWithYield(lua_State *L) {
int status;
// since yield may happen in OnHttpRequest and in ServeLua,
// need to fully restart the yield generator;
// the second set of headers is not going to be sent
Let ctrl-c interrupt lua server pages in repl mode
2022-05-14 18:47:16 +00:00
struct sigaction sa, saold;
Redbean stream yield implementation (#370) * Simplify handling of coroutine state * Update redbean to allow yielding from Lua to support streaming * Add stack checks for Lua resume calls in redbean
2022-03-22 01:07:30 +00:00
lua_State *co = lua_newthread(L);
Let ctrl-c interrupt lua server pages in repl mode
2022-05-14 18:47:16 +00:00
if (__replmode) {
sa.sa_flags = SA_RESETHAND;
sa.sa_handler = OnLuaServerPageCtrlc;
sigemptyset(&sa.sa_mask);
sigaction(SIGINT, &sa, &saold);
}
status = LuaCallWithTrace(L, 0, 0, co);
if (__replmode) {
sigaction(SIGINT, &saold, 0);
}
if (status == LUA_YIELD) {
Fix memory deallocation while yielding in redbean. (#384) The yielded coroutine was removed from the stack too early, leaving it not being anchored, which led to memory freed prematurely.
2022-04-15 01:13:53 +00:00
CHECK_GT(lua_gettop(L), 0); // make sure that coroutine is anchored
Redbean stream yield implementation (#370) * Simplify handling of coroutine state * Update redbean to allow yielding from Lua to support streaming * Add stack checks for Lua resume calls in redbean
2022-03-22 01:07:30 +00:00
YL = co;
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.generator = YieldGenerator;
if (!cpm.isyielding) cpm.isyielding = 1;
cpm.istext = false; // reset istext flag to avoid zipping yielded chunk
Redbean stream yield implementation (#370) * Simplify handling of coroutine state * Update redbean to allow yielding from Lua to support streaming * Add stack checks for Lua resume calls in redbean
2022-03-22 01:07:30 +00:00
status = LUA_OK;
}
return status;
}
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
static ssize_t DeflateGenerator(struct iovec v[3]) {
int i, rc;
size_t no;
void *res;
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
int level;
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
i = 0;
if (!dg.t) {
v[0].iov_base = kGzipHeader;
v[0].iov_len = sizeof(kGzipHeader);
++dg.t;
++i;
} else if (dg.t == 3) {
return 0;
}
if (dg.t != 2) {
CHECK_EQ(0, dg.s.avail_in);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
dg.s.next_in = (void *)(cpm.content + dg.i);
dg.s.avail_in = MIN(dg.z, cpm.contentlength - dg.i);
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
dg.c = crc32_z(dg.c, dg.s.next_in, dg.s.avail_in);
dg.i += dg.s.avail_in;
}
dg.s.next_out = dg.b;
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
dg.s.avail_out = dg.z;
no = dg.s.avail_in;
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
rc = deflate(&dg.s, dg.i < cpm.contentlength ? Z_SYNC_FLUSH : Z_FINISH);
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
if (rc != Z_OK && rc != Z_STREAM_END) {
Decentralize Python native module linkage We can now link even smaller Python binaries. For example, the hello.com program in the Python build directory is a compiled linked executable of hello.py which just prints hello world. Using decentralized sections, we can make that binary 1.9mb in size (noting that python.com is 6.3 megs!) This works for nontrivial programs too. For example, say we want an APE binary that's equivalent to python.com -m http.server. Our makefile now builds such a binary using the new launcher and it's only 3.2mb in size since Python sources get turned into ELF objects, which tell our linker that we need things like native hashing algorithm code.
2021-09-07 18:40:11 +00:00
DIEF("(zip) deflate()→%d oldin:%,zu/%,zu in:%,zu/%,zu out:%,zu/%,zu", rc,
no, dg.z, dg.s.avail_in, dg.z, dg.s.avail_out, dg.z);
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
} else {
Decentralize Python native module linkage We can now link even smaller Python binaries. For example, the hello.com program in the Python build directory is a compiled linked executable of hello.py which just prints hello world. Using decentralized sections, we can make that binary 1.9mb in size (noting that python.com is 6.3 megs!) This works for nontrivial programs too. For example, say we want an APE binary that's equivalent to python.com -m http.server. Our makefile now builds such a binary using the new launcher and it's only 3.2mb in size since Python sources get turned into ELF objects, which tell our linker that we need things like native hashing algorithm code.
2021-09-07 18:40:11 +00:00
NOISEF("(zip) deflate()→%d oldin:%,zu/%,zu in:%,zu/%,zu out:%,zu/%,zu", rc,
no, dg.z, dg.s.avail_in, dg.z, dg.s.avail_out, dg.z);
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
}
no = dg.z - dg.s.avail_out;
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
if (no) {
v[i].iov_base = dg.b;
v[i].iov_len = no;
++i;
}
if (rc == Z_OK) {
CHECK_GT(no, 0);
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
if (dg.s.avail_out) {
dg.t = 1;
} else {
dg.t = 2;
}
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
} else if (rc == Z_STREAM_END) {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
CHECK_EQ(cpm.contentlength, dg.i);
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
CHECK_EQ(Z_OK, deflateEnd(&dg.s));
WRITE32LE(gzip_footer + 0, dg.c);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
WRITE32LE(gzip_footer + 4, cpm.contentlength);
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
v[i].iov_base = gzip_footer;
v[i].iov_len = sizeof(gzip_footer);
dg.t = 3;
}
return v[0].iov_len + v[1].iov_len + v[2].iov_len;
}
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
static char *ServeAssetCompressed(struct Asset *a) {
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
char *p;
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
uint32_t crc;
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
LockInc(&shared->c.deflates);
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.compressedresponses);
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
DEBUGF("(srvr) ServeAssetCompressed()");
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
dg.t = 0;
dg.i = 0;
dg.c = 0;
Improve redbean plus code size optimizations This change turns symbol table compression back on using Puff, which noticeably reduces the size of programs like redbean and Python. The redbean web server receives some minor API additions for controlling things like SSL in addition to filling gaps in the documentation.
2022-05-29 15:14:55 +00:00
if (usingssl) {
Rename rand64() to _rand64()
2022-10-10 11:12:06 +00:00
dg.z = 512 + (_rand64() & 1023);
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
} else {
dg.z = 65536;
}
Update redbean GetResponseBody to take response compression into account (#561)
2022-08-22 05:26:41 +00:00
cpm.gzipped = -1; // signal generator usage with the exact size unknown
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.generator = DeflateGenerator;
Make numerous improvements - Python static hello world now 1.8mb - Python static fully loaded now 10mb - Python HTTPS client now uses MbedTLS - Python REPL now completes import stmts - Increase stack size for Python for now - Begin synthesizing posixpath and ntpath - Restore Python \N{UNICODE NAME} support - Restore Python NFKD symbol normalization - Add optimized code path for Intel SHA-NI - Get more Python unit tests passing faster - Get Python help() pagination working on NT - Python hashlib now supports MbedTLS PBKDF2 - Make memcpy/memmove/memcmp/bcmp/etc. faster - Add Mersenne Twister and Vigna to LIBC_RAND - Provide privileged __printf() for error code - Fix zipos opendir() so that it reports ENOTDIR - Add basic chmod() implementation for Windows NT - Add Cosmo's best functions to Python cosmo module - Pin function trace indent depth to that of caller - Show memory diagram on invalid access in MODE=dbg - Differentiate stack overflow on crash in MODE=dbg - Add stb_truetype and tools for analyzing font files - Upgrade to UNICODE 13 and reduce its binary footprint - COMPILE.COM now logs resource usage of build commands - Start implementing basic poll() support on bare metal - Set getauxval(AT_EXECFN) to GetModuleFileName() on NT - Add descriptions to strerror() in non-TINY build modes - Add COUNTBRANCH() macro to help with micro-optimizations - Make error / backtrace / asan / memory code more unbreakable - Add fast perfect C implementation of μ-Law and a-Law audio codecs - Make strtol() functions consistent with other libc implementations - Improve Linenoise implementation (see also github.com/jart/bestline) - COMPILE.COM now suppresses stdout/stderr of successful build commands
2021-09-28 05:58:51 +00:00
bzero(&dg.s, sizeof(dg.s));
CHECK_EQ(Z_OK, deflateInit2(&dg.s, 4, Z_DEFLATED, -MAX_WBITS, DEF_MEM_LEVEL,
Z_DEFAULT_STRATEGY));
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
dg.b = FreeLater(malloc(dg.z));
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
p = SetStatus(200, "OK");
p = stpcpy(p, "Content-Encoding: gzip\r\n");
return p;
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
}
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
static ssize_t InflateGenerator(struct iovec v[3]) {
int i, rc;
size_t no;
void *res;
i = 0;
if (!dg.t) {
++dg.t;
} else if (dg.t == 3) {
return 0;
}
if (dg.t != 2) {
CHECK_EQ(0, dg.s.avail_in);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
dg.s.next_in = (void *)(cpm.content + dg.i);
dg.s.avail_in = MIN(dg.z, cpm.contentlength - dg.i);
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
dg.i += dg.s.avail_in;
}
dg.s.next_out = dg.b;
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
dg.s.avail_out = dg.z;
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
rc = inflate(&dg.s, Z_NO_FLUSH);
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
if (rc != Z_OK && rc != Z_STREAM_END) DIEF("(zip) inflate()→%d", rc);
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
no = dg.z - dg.s.avail_out;
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
if (no) {
v[i].iov_base = dg.b;
v[i].iov_len = no;
dg.c = crc32_z(dg.c, dg.b, no);
++i;
}
if (rc == Z_OK) {
CHECK_GT(no, 0);
dg.t = dg.s.avail_out ? 1 : 2;
} else if (rc == Z_STREAM_END) {
CHECK_EQ(Z_OK, inflateEnd(&dg.s));
CHECK_EQ(ZIP_CFILE_CRC32(zbase + dg.a->cf), dg.c);
dg.t = 3;
}
return v[0].iov_len + v[1].iov_len + v[2].iov_len;
}
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
static char *ServeAssetDecompressed(struct Asset *a) {
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
char *p;
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
size_t size;
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
uint32_t crc;
LockInc(&shared->c.inflates);
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.decompressedresponses);
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
size = GetZipCfileUncompressedSize(zbase + a->cf);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
DEBUGF("(srvr) ServeAssetDecompressed(%ld)→%ld", cpm.contentlength, size);
if (cpm.msg.method == kHttpHead) {
cpm.content = 0;
cpm.contentlength = size;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
return SetStatus(200, "OK");
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
} else if (!IsTiny()) {
dg.t = 0;
dg.i = 0;
dg.c = 0;
dg.a = a;
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
dg.z = 65536;
CHECK_EQ(Z_OK, inflateInit2(&dg.s, -MAX_WBITS));
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.generator = InflateGenerator;
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
dg.b = FreeLater(malloc(dg.z));
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
return SetStatus(200, "OK");
} else if ((p = FreeLater(malloc(size))) &&
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
Inflate(p, size, cpm.content, cpm.contentlength) &&
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
Verify(p, size, ZIP_CFILE_CRC32(zbase + a->cf))) {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.content = p;
cpm.contentlength = size;
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
return SetStatus(200, "OK");
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
} else {
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
return ServeError(500, "Internal Server Error");
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
}
}
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
static inline char *ServeAssetIdentity(struct Asset *a, const char *ct) {
LockInc(&shared->c.identityresponses);
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
DEBUGF("(srvr) ServeAssetIdentity(%`'s)", ct);
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
return SetStatus(200, "OK");
}
static inline char *ServeAssetPrecompressed(struct Asset *a) {
size_t size;
uint32_t crc;
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
DEBUGF("(srvr) ServeAssetPrecompressed()");
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.precompressedresponses);
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
crc = ZIP_CFILE_CRC32(zbase + a->cf);
size = GetZipCfileUncompressedSize(zbase + a->cf);
Update redbean GetResponseBody to take response compression into account (#561)
2022-08-22 05:26:41 +00:00
cpm.gzipped = size;
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
WRITE32LE(gzip_footer + 0, crc);
WRITE32LE(gzip_footer + 4, size);
return SetStatus(200, "OK");
}
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
static char *ServeAssetRange(struct Asset *a) {
char *p;
long rangestart, rangelength;
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
DEBUGF("(srvr) ServeAssetRange()");
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
if (ParseHttpRange(HeaderData(kHttpRange), HeaderLength(kHttpRange),
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.contentlength, &rangestart, &rangelength) &&
rangestart >= 0 && rangelength >= 0 && rangestart < cpm.contentlength &&
rangestart + rangelength <= cpm.contentlength) {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.partialresponses);
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
p = SetStatus(206, "Partial Content");
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
p = AppendContentRange(p, rangestart, rangelength, cpm.contentlength);
cpm.content += rangestart;
cpm.contentlength = rangelength;
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
return p;
} else {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.badranges);
Decentralize Python native module linkage We can now link even smaller Python binaries. For example, the hello.com program in the Python build directory is a compiled linked executable of hello.py which just prints hello world. Using decentralized sections, we can make that binary 1.9mb in size (noting that python.com is 6.3 megs!) This works for nontrivial programs too. For example, say we want an APE binary that's equivalent to python.com -m http.server. Our makefile now builds such a binary using the new launcher and it's only 3.2mb in size since Python sources get turned into ELF objects, which tell our linker that we need things like native hashing algorithm code.
2021-09-07 18:40:11 +00:00
WARNF("(client) bad range %`'.*s", HeaderLength(kHttpRange),
HeaderData(kHttpRange));
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
p = SetStatus(416, "Range Not Satisfiable");
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
p = AppendContentRange(p, -1, -1, cpm.contentlength);
cpm.content = "";
cpm.contentlength = 0;
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
return p;
}
}
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
static char *GetAssetPath(uint8_t *zcf, size_t *out_size) {
Enable serving zip directory entries
2021-03-29 09:39:20 +00:00
char *p1, *p2;
size_t n1, n2;
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
p1 = ZIP_CFILE_NAME(zcf);
n1 = ZIP_CFILE_NAMESIZE(zcf);
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
p2 = xmalloc(1 + n1 + 1);
Enable serving zip directory entries
2021-03-29 09:39:20 +00:00
n2 = 1 + n1 + 1;
p2[0] = '/';
memcpy(p2 + 1, p1, n1);
p2[1 + n1] = '\0';
if (out_size) *out_size = 1 + n1;
return p2;
}
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
static bool IsHiddenPath(const char *s, size_t n) {
Enable serving zip directory entries
2021-03-29 09:39:20 +00:00
size_t i;
for (i = 0; i < hidepaths.n; ++i) {
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
if (n >= hidepaths.p[i].n &&
!memcmp(s, hidepaths.p[i].s, hidepaths.p[i].n)) {
Enable serving zip directory entries
2021-03-29 09:39:20 +00:00
return true;
}
}
return false;
}
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
static char *GetBasicAuthorization(size_t *z) {
size_t n;
const char *p, *q;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
struct HttpSlice *g;
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
g = cpm.msg.headers + (HasHeader(kHttpProxyAuthorization)
? kHttpProxyAuthorization
: kHttpAuthorization);
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
p = inbuf.p + g->a;
n = g->b - g->a;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
if ((q = memchr(p, ' ', n)) && SlicesEqualCase(p, q - p, "Basic", 5)) {
return DecodeBase64(q + 1, n - (q + 1 - p), z);
} else {
return NULL;
}
}
Escape LaunchBrowser path This also fix a bug where CTRL-C'ing redbean on Linux would kill the browser process. It furthermore fixes a regression with the APE self repair process that happened in a recent change. See #158
2021-05-03 18:52:24 +00:00
static const char *GetSystemUrlLauncherCommand(void) {
Added LaunchBrowser API (#153) You can now add LaunchBrowser() to .init.lua which will ask redbean to open your website in the local desktop browser when the server is launched.
2021-04-18 14:24:36 +00:00
if (IsWindows()) {
Escape LaunchBrowser path This also fix a bug where CTRL-C'ing redbean on Linux would kill the browser process. It furthermore fixes a regression with the APE self repair process that happened in a recent change. See #158
2021-05-03 18:52:24 +00:00
return "explorer";
Added LaunchBrowser API (#153) You can now add LaunchBrowser() to .init.lua which will ask redbean to open your website in the local desktop browser when the server is launched.
2021-04-18 14:24:36 +00:00
} else if (IsXnu()) {
Escape LaunchBrowser path This also fix a bug where CTRL-C'ing redbean on Linux would kill the browser process. It furthermore fixes a regression with the APE self repair process that happened in a recent change. See #158
2021-05-03 18:52:24 +00:00
return "open";
Added LaunchBrowser API (#153) You can now add LaunchBrowser() to .init.lua which will ask redbean to open your website in the local desktop browser when the server is launched.
2021-04-18 14:24:36 +00:00
} else {
Escape LaunchBrowser path This also fix a bug where CTRL-C'ing redbean on Linux would kill the browser process. It furthermore fixes a regression with the APE self repair process that happened in a recent change. See #158
2021-05-03 18:52:24 +00:00
return "xdg-open";
Added LaunchBrowser API (#153) You can now add LaunchBrowser() to .init.lua which will ask redbean to open your website in the local desktop browser when the server is launched.
2021-04-18 14:24:36 +00:00
}
Escape LaunchBrowser path This also fix a bug where CTRL-C'ing redbean on Linux would kill the browser process. It furthermore fixes a regression with the APE self repair process that happened in a recent change. See #158
2021-05-03 18:52:24 +00:00
}
static void LaunchBrowser(const char *path) {
int pid, ws;
struct in_addr addr;
const char *u, *prog;
sigset_t chldmask, savemask;
struct sigaction ignore, saveint, savequit;
Fix redbean browser launch before server starts (#359)
2022-03-05 01:41:19 +00:00
uint16_t port = 80;
Escape LaunchBrowser path This also fix a bug where CTRL-C'ing redbean on Linux would kill the browser process. It furthermore fixes a regression with the APE self repair process that happened in a recent change. See #158
2021-05-03 18:52:24 +00:00
path = firstnonnull(path, "/");
Fix redbean browser launch before server starts (#359)
2022-03-05 01:41:19 +00:00
// use the first server address if there is at least one server
if (servers.n) {
addr = servers.p[0].addr.sin_addr;
port = ntohs(servers.p[0].addr.sin_port);
}
// assign a loopback address if no server or unknown server address
if (!servers.n || !addr.s_addr) addr.s_addr = htonl(INADDR_LOOPBACK);
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
if (*path != '/') path = _gc(xasprintf("/%s", path));
if ((prog = commandv(GetSystemUrlLauncherCommand(), _gc(malloc(PATH_MAX)),
Make improvements - Add rusage to redbean Lua API - Add more redbean documentation - Add pledge() to redbean Lua API - Polyfill OpenBSD pledge() for Linux - Increase PATH_MAX limit to 1024 characters - Untrack sibling processes after fork() on Windows
2022-04-28 16:42:36 +00:00
PATH_MAX))) {
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
u = _gc(xasprintf("http://%s:%d%s", inet_ntoa(addr), port, path));
Improve error messages for consistency (#297)
2021-10-25 21:44:04 +00:00
DEBUGF("(srvr) opening browser with command %`'s %s", prog, u);
Escape LaunchBrowser path This also fix a bug where CTRL-C'ing redbean on Linux would kill the browser process. It furthermore fixes a regression with the APE self repair process that happened in a recent change. See #158
2021-05-03 18:52:24 +00:00
ignore.sa_flags = 0;
ignore.sa_handler = SIG_IGN;
sigemptyset(&ignore.sa_mask);
sigaction(SIGINT, &ignore, &saveint);
sigaction(SIGQUIT, &ignore, &savequit);
sigemptyset(&chldmask);
sigaddset(&chldmask, SIGCHLD);
sigprocmask(SIG_BLOCK, &chldmask, &savemask);
CHECK_NE(-1, (pid = fork()));
if (!pid) {
Fix bugs and make improvements - Get clone() working on FreeBSD - Increase some Python build quotas - Add more atomic builtins to chibicc - Fix ASAN poisoning of alloca() memory - Make MODE= mandatory link path tinier - Improve the examples folder a little bit - Start working on some more resource limits - Make the linenoise auto-complete UI as good as GNU readline - Update compile.com, avoiding AVX codegen on non-AVX systems - Make sure empty path to syscalls like opendir raises ENOENT - Correctly polyfill ENOENT vs. ENOTDIR on the New Technology - Port bestline's paredit features to //third_party/linenoise - Remove workarounds for RHEL 5.0 bugs that were fixed in 5.1
2022-04-20 16:56:53 +00:00
setpgrp(); // ctrl-c'ing redbean shouldn't kill browser
Escape LaunchBrowser path This also fix a bug where CTRL-C'ing redbean on Linux would kill the browser process. It furthermore fixes a regression with the APE self repair process that happened in a recent change. See #158
2021-05-03 18:52:24 +00:00
sigaction(SIGINT, &saveint, 0);
sigaction(SIGQUIT, &savequit, 0);
sigprocmask(SIG_SETMASK, &savemask, 0);
execv(prog, (char *const[]){prog, u, 0});
Polyfill SIGCHLD on the New Technology redbean will now cleanup child processes properly. New accounting information is available too, such as page faults and memory usage. The way it works is Cosmopolitan Libc samples the process collection on entry into read() and poll() to see if SIGCHLD needs to be raised. This change also fixes an issue with chibicc /tmp cleanup. There was also a regression in MODE=dbg because STL needed ASAN runtime support.
2022-03-23 04:04:08 +00:00
_Exit(127);
Escape LaunchBrowser path This also fix a bug where CTRL-C'ing redbean on Linux would kill the browser process. It furthermore fixes a regression with the APE self repair process that happened in a recent change. See #158
2021-05-03 18:52:24 +00:00
}
while (wait4(pid, &ws, 0, 0) == -1) {
CHECK_EQ(EINTR, errno);
Polish recent changes and make improvements - Simulate SIGPIPE on Windows NT - Fix commandv() regression on Windows NT - Fix sigprocmask() strace bug on OpenBSD - Add many more system calls to --strace logging - Make errno state more pristine in redbean strace
2022-03-19 10:37:00 +00:00
errno = 0;
Escape LaunchBrowser path This also fix a bug where CTRL-C'ing redbean on Linux would kill the browser process. It furthermore fixes a regression with the APE self repair process that happened in a recent change. See #158
2021-05-03 18:52:24 +00:00
}
sigaction(SIGINT, &saveint, 0);
sigaction(SIGQUIT, &savequit, 0);
sigprocmask(SIG_SETMASK, &savemask, 0);
if (!(WIFEXITED(ws) && WEXITSTATUS(ws) == 0)) {
Improve error messages for consistency (#297)
2021-10-25 21:44:04 +00:00
WARNF("(srvr) command %`'s exited with %d", GetSystemUrlLauncherCommand(),
Escape LaunchBrowser path This also fix a bug where CTRL-C'ing redbean on Linux would kill the browser process. It furthermore fixes a regression with the APE self repair process that happened in a recent change. See #158
2021-05-03 18:52:24 +00:00
WIFEXITED(ws) ? WEXITSTATUS(ws) : 128 + WEXITSTATUS(ws));
}
} else {
Improve error messages for consistency (#297)
2021-10-25 21:44:04 +00:00
WARNF("(srvr) can't launch browser because %`'s isn't installed",
Escape LaunchBrowser path This also fix a bug where CTRL-C'ing redbean on Linux would kill the browser process. It furthermore fixes a regression with the APE self repair process that happened in a recent change. See #158
2021-05-03 18:52:24 +00:00
GetSystemUrlLauncherCommand());
Added Parameter to LaunchBrowser to set path (#158)
2021-05-03 17:55:21 +00:00
}
Added LaunchBrowser API (#153) You can now add LaunchBrowser() to .init.lua which will ask redbean to open your website in the local desktop browser when the server is launched.
2021-04-18 14:24:36 +00:00
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
static char *BadMethod(void) {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.badmethods);
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
return stpcpy(ServeError(405, "Method Not Allowed"), "Allow: GET, HEAD\r\n");
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
static int GetDecimalWidth(long x) {
Improve memory safety This commit makes numerous refinements to cosmopolitan memory handling. The default stack size has been reduced from 2mb to 128kb. A new macro is now provided so you can easily reconfigure the stack size to be any value you want. Work around the breaking change by adding to your main: STATIC_STACK_SIZE(0x00200000); // 2mb stack If you're not sure how much stack you need, then you can use: STATIC_YOINK("stack_usage_logging"); After which you can `sort -nr o/$MODE/stack.log`. Based on the unit test suite, nothing in the Cosmopolitan repository (except for Python) needs a stack size greater than 30kb. There are also new macros for detecting the size and address of the stack at runtime, e.g. GetStackAddr(). We also now support sigaltstack() so if you want to see nice looking crash reports whenever a stack overflow happens, you can put this in main(): ShowCrashReports(); Under `make MODE=dbg` and `make MODE=asan` the unit testing framework will now automatically print backtraces of memory allocations when things like memory leaks happen. Bugs are now fixed in ASAN global variable overrun detection. The memtrack and asan runtimes also handle edge cases now. The new tools helped to identify a few memory leaks, which are fixed by this change. This change should fix an issue reported in #288 with ARG_MAX limits. Fixing this doubled the performance of MKDEPS.COM and AR.COM yet again.
2021-10-14 00:27:13 +00:00
return LengthInt64Thousands(x);
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
static int GetOctalWidth(int x) {
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
return !x ? 1 : x < 8 ? 2 : 1 + _bsr(x) / 3;
Support POST parameters in redbean server pages See #97
2021-03-27 14:29:55 +00:00
}
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
static const char *DescribeCompressionRatio(char rb[8], uint8_t *zcf) {
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
long percent;
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
if (ZIP_CFILE_COMPRESSIONMETHOD(zcf) == kZipCompressionNone) {
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
return "n/a";
} else {
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
percent = lround(100 - (double)GetZipCfileCompressedSize(zcf) /
GetZipCfileUncompressedSize(zcf) * 100);
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
sprintf(rb, "%ld%%", MIN(999, MAX(-999, percent)));
return rb;
}
Support POST parameters in redbean server pages See #97
2021-03-27 14:29:55 +00:00
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
static char *ServeListing(void) {
long x;
ldiv_t y;
int w[3];
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
uint8_t *zcf;
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
struct tm tm;
const char *and;
struct rusage ru;
char *p, *q, *path;
Refactor out some duplicated code
2021-08-14 13:17:56 +00:00
struct timespec lastmod;
Make redbean tinier Under MODE=tiny or MODE=tinylinux we now go back to using my homebrew version of DEFLATE decompression which is 10x smaller but 10x slower than Chromium Zlib. In tiny mode we also disable compressed responses howewver redbean will still serve precompressed responses. This change also removes a few other dependencies like strftime() and getaddrinfo() which means you can't say `-l localhost` in tiny mode, you have to say something like `-l 127.0.0.1`. m=tinylinux make -j8 MODE=$m o/$m/tool/net/redbean-original.com ls -hal o/$m/tool/net/redbean-original.com This change reduces the above size from 191.4 to 150.9 kb.
2021-07-04 19:21:29 +00:00
char rb[8], tb[20], *rp[6];
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
size_t i, n, pathlen, rn[6];
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.listingrequests);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (cpm.msg.method != kHttpGet && cpm.msg.method != kHttpHead)
return BadMethod();
appends(&cpm.outbuf, "\
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
<!doctype html>\r\n\
<meta charset=\"utf-8\">\r\n\
<title>redbean zip listing</title>\r\n\
<style>\r\n\
html { color: #111; font-family: sans-serif; }\r\n\
a { text-decoration: none; }\r\n\
Set up http://redbean.justine.lol/ demo server
2021-04-25 02:49:49 +00:00
pre a:hover { color: #00e; border-bottom: 1px solid #ccc; }\r\n\
h1 a { color: #111; }\r\n\
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
img { vertical-align: middle; }\r\n\
footer { color: #555; font-size: 10pt; }\r\n\
td { padding-right: 3em; }\r\n\
Set up http://redbean.justine.lol/ demo server
2021-04-25 02:49:49 +00:00
.eocdcomment { max-width: 800px; color: #333; font-size: 11pt; }\r\n\
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
</style>\r\n\
<header><h1>\r\n");
AppendLogo();
rp[0] = EscapeHtml(brand, -1, &rn[0]);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
appendd(&cpm.outbuf, rp[0], rn[0]);
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
free(rp[0]);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
appendf(&cpm.outbuf,
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
"</h1>\r\n"
"<div class=\"eocdcomment\">%.*s</div>\r\n"
"<hr>\r\n"
"</header>\r\n"
"<pre>\r\n",
strnlen(GetZipCdirComment(zcdir), GetZipCdirCommentSize(zcdir)),
GetZipCdirComment(zcdir));
Make numerous improvements - Python static hello world now 1.8mb - Python static fully loaded now 10mb - Python HTTPS client now uses MbedTLS - Python REPL now completes import stmts - Increase stack size for Python for now - Begin synthesizing posixpath and ntpath - Restore Python \N{UNICODE NAME} support - Restore Python NFKD symbol normalization - Add optimized code path for Intel SHA-NI - Get more Python unit tests passing faster - Get Python help() pagination working on NT - Python hashlib now supports MbedTLS PBKDF2 - Make memcpy/memmove/memcmp/bcmp/etc. faster - Add Mersenne Twister and Vigna to LIBC_RAND - Provide privileged __printf() for error code - Fix zipos opendir() so that it reports ENOTDIR - Add basic chmod() implementation for Windows NT - Add Cosmo's best functions to Python cosmo module - Pin function trace indent depth to that of caller - Show memory diagram on invalid access in MODE=dbg - Differentiate stack overflow on crash in MODE=dbg - Add stb_truetype and tools for analyzing font files - Upgrade to UNICODE 13 and reduce its binary footprint - COMPILE.COM now logs resource usage of build commands - Start implementing basic poll() support on bare metal - Set getauxval(AT_EXECFN) to GetModuleFileName() on NT - Add descriptions to strerror() in non-TINY build modes - Add COUNTBRANCH() macro to help with micro-optimizations - Make error / backtrace / asan / memory code more unbreakable - Add fast perfect C implementation of μ-Law and a-Law audio codecs - Make strtol() functions consistent with other libc implementations - Improve Linenoise implementation (see also github.com/jart/bestline) - COMPILE.COM now suppresses stdout/stderr of successful build commands
2021-09-28 05:58:51 +00:00
bzero(w, sizeof(w));
Add live reindexing to redbean when zip changes
2021-05-02 18:50:43 +00:00
n = GetZipCdirRecords(zcdir);
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
for (zcf = zbase + GetZipCdirOffset(zcdir); n--;
zcf += ZIP_CFILE_HDRSIZE(zcf)) {
CHECK_EQ(kZipCfileHdrMagic, ZIP_CFILE_MAGIC(zcf));
path = GetAssetPath(zcf, &pathlen);
if (!IsHiddenPath(path, pathlen)) {
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
w[0] = min(80, max(w[0], strwidth(path, 0) + 2));
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
w[1] = max(w[1], GetOctalWidth(GetZipCfileMode(zcf)));
w[2] = max(w[2], GetDecimalWidth(GetZipCfileUncompressedSize(zcf)));
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
}
free(path);
}
Add live reindexing to redbean when zip changes
2021-05-02 18:50:43 +00:00
n = GetZipCdirRecords(zcdir);
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
for (zcf = zbase + GetZipCdirOffset(zcdir); n--;
zcf += ZIP_CFILE_HDRSIZE(zcf)) {
CHECK_EQ(kZipCfileHdrMagic, ZIP_CFILE_MAGIC(zcf));
path = GetAssetPath(zcf, &pathlen);
if (!IsHiddenPath(path, pathlen)) {
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
rp[0] = VisualizeControlCodes(path, pathlen, &rn[0]);
rp[1] = EscapePath(path, pathlen, &rn[1]);
rp[2] = EscapeHtml(rp[1], rn[1], &rn[2]);
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
rp[3] = VisualizeControlCodes(
ZIP_CFILE_COMMENT(zcf),
strnlen(ZIP_CFILE_COMMENT(zcf), ZIP_CFILE_COMMENTSIZE(zcf)), &rn[3]);
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
rp[4] = EscapeHtml(rp[0], rn[0], &rn[4]);
Refactor out some duplicated code
2021-08-14 13:17:56 +00:00
GetZipCfileTimestamps(zcf, &lastmod, 0, 0, gmtoff);
localtime_r(&lastmod.tv_sec, &tm);
Make redbean tinier Under MODE=tiny or MODE=tinylinux we now go back to using my homebrew version of DEFLATE decompression which is 10x smaller but 10x slower than Chromium Zlib. In tiny mode we also disable compressed responses howewver redbean will still serve precompressed responses. This change also removes a few other dependencies like strftime() and getaddrinfo() which means you can't say `-l localhost` in tiny mode, you have to say something like `-l 127.0.0.1`. m=tinylinux make -j8 MODE=$m o/$m/tool/net/redbean-original.com ls -hal o/$m/tool/net/redbean-original.com This change reduces the above size from 191.4 to 150.9 kb.
2021-07-04 19:21:29 +00:00
iso8601(tb, &tm);
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
if (IsCompressionMethodSupported(ZIP_CFILE_COMPRESSIONMETHOD(zcf)) &&
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
IsAcceptablePath(path, pathlen)) {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
appendf(&cpm.outbuf,
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
"<a href=\"%.*s\">%-*.*s</a> %s %0*o %4s %,*ld %'s\r\n",
rn[2], rp[2], w[0], rn[4], rp[4], tb, w[1],
GetZipCfileMode(zcf), DescribeCompressionRatio(rb, zcf), w[2],
GetZipCfileUncompressedSize(zcf), rp[3]);
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
} else {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
appendf(&cpm.outbuf, "%-*.*s %s %0*o %4s %,*ld %'s\r\n", w[0], rn[4],
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
rp[4], tb, w[1], GetZipCfileMode(zcf),
DescribeCompressionRatio(rb, zcf), w[2],
GetZipCfileUncompressedSize(zcf), rp[3]);
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
free(rp[4]);
free(rp[3]);
free(rp[2]);
free(rp[1]);
free(rp[0]);
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
free(path);
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
appends(&cpm.outbuf, "\
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
</pre><footer><hr>\r\n\
<table border=\"0\"><tr>\r\n\
<td valign=\"top\">\r\n\
<a href=\"/statusz\">/statusz</a>\r\n\
");
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
if (shared->c.connectionshandled) {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
appends(&cpm.outbuf, "says your redbean<br>\r\n");
AppendResourceReport(&cpm.outbuf, &shared->children, "<br>\r\n");
Set up http://redbean.justine.lol/ demo server
2021-04-25 02:49:49 +00:00
}
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
appends(&cpm.outbuf, "<td valign=\"top\">\r\n");
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
and = "";
Improve cancellations, randomness, and time - Exhaustively document cancellation points - Rename SIGCANCEL to SIGTHR just like BSDs - Further improve POSIX thread cancellations - Ensure asynchronous cancellations work correctly - Elevate the quality of getrandom() and getentropy() - Make futexes cancel correctly on OpenBSD 6.x and 7.x - Add reboot.com and shutdown.com to examples directory - Remove underscore prefix from awesome timespec_*() APIs - Create assertions that help verify our cancellation points - Remove bad timespec APIs (cmp generalizes eq/ne/gt/gte/lt/lte)
2022-11-06 02:49:41 +00:00
x = timespec_sub(timespec_real(), startserver).tv_sec;
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
y = ldiv(x, 24L * 60 * 60);
if (y.quot) {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
appendf(&cpm.outbuf, "%,ld day%s ", y.quot, y.quot == 1 ? "" : "s");
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
and = "and ";
}
y = ldiv(y.rem, 60 * 60);
if (y.quot) {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
appendf(&cpm.outbuf, "%,ld hour%s ", y.quot, y.quot == 1 ? "" : "s");
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
and = "and ";
}
y = ldiv(y.rem, 60);
if (y.quot) {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
appendf(&cpm.outbuf, "%,ld minute%s ", y.quot, y.quot == 1 ? "" : "s");
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
and = "and ";
}
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
appendf(&cpm.outbuf, "%s%,ld second%s of operation<br>\r\n", and, y.rem,
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
y.rem == 1 ? "" : "s");
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
x = shared->c.messageshandled;
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
appendf(&cpm.outbuf, "%,ld message%s handled<br>\r\n", x, x == 1 ? "" : "s");
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
x = shared->c.connectionshandled;
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
appendf(&cpm.outbuf, "%,ld connection%s handled<br>\r\n", x,
x == 1 ? "" : "s");
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
x = shared->workers;
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
appendf(&cpm.outbuf, "%,ld connection%s active<br>\r\n", x,
x == 1 ? "" : "s");
appends(&cpm.outbuf, "</table>\r\n");
appends(&cpm.outbuf, "</footer>\r\n");
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
p = SetStatus(200, "OK");
p = AppendContentType(p, "text/html");
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (cpm.msg.version >= 11) {
Improve generation of redbean static headers This change fixes an issue where Cache-Control could be outputted twice when Lua code calls SetHeader() from OnHttpRequest().
2022-06-15 05:01:13 +00:00
p = stpcpy(p, "Cache-Control: no-store\r\n");
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
return CommitOutput(p);
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
static const char *MergeNames(const char *a, const char *b) {
Make minor improvements
2021-05-16 04:53:26 +00:00
return FreeLater(xasprintf("%s.%s", a, b));
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
static void AppendLong1(const char *a, long x) {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (x) appendf(&cpm.outbuf, "%s: %ld\r\n", a, x);
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
static void AppendLong2(const char *a, const char *b, long x) {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (x) appendf(&cpm.outbuf, "%s.%s: %ld\r\n", a, b, x);
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
static void AppendTimeval(const char *a, struct timeval *tv) {
AppendLong2(a, "tv_sec", tv->tv_sec);
AppendLong2(a, "tv_usec", tv->tv_usec);
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
static void AppendRusage(const char *a, struct rusage *ru) {
AppendTimeval(MergeNames(a, "ru_utime"), &ru->ru_utime);
AppendTimeval(MergeNames(a, "ru_stime"), &ru->ru_stime);
AppendLong2(a, "ru_maxrss", ru->ru_maxrss);
AppendLong2(a, "ru_ixrss", ru->ru_ixrss);
AppendLong2(a, "ru_idrss", ru->ru_idrss);
AppendLong2(a, "ru_isrss", ru->ru_isrss);
AppendLong2(a, "ru_minflt", ru->ru_minflt);
AppendLong2(a, "ru_majflt", ru->ru_majflt);
AppendLong2(a, "ru_nswap", ru->ru_nswap);
AppendLong2(a, "ru_inblock", ru->ru_inblock);
AppendLong2(a, "ru_oublock", ru->ru_oublock);
AppendLong2(a, "ru_msgsnd", ru->ru_msgsnd);
AppendLong2(a, "ru_msgrcv", ru->ru_msgrcv);
AppendLong2(a, "ru_nsignals", ru->ru_nsignals);
AppendLong2(a, "ru_nvcsw", ru->ru_nvcsw);
AppendLong2(a, "ru_nivcsw", ru->ru_nivcsw);
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
}
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
static void ServeCounters(void) {
const long *c;
const char *s;
for (c = (const long *)&shared->c, s = kCounterNames; *s;
++c, s += strlen(s) + 1) {
AppendLong1(s, *c);
}
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
static char *ServeStatusz(void) {
char *p;
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.statuszrequests);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (cpm.msg.method != kHttpGet && cpm.msg.method != kHttpHead) {
return BadMethod();
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
AppendLong1("pid", getpid());
AppendLong1("ppid", getppid());
Improve cancellations, randomness, and time - Exhaustively document cancellation points - Rename SIGCANCEL to SIGTHR just like BSDs - Further improve POSIX thread cancellations - Ensure asynchronous cancellations work correctly - Elevate the quality of getrandom() and getentropy() - Make futexes cancel correctly on OpenBSD 6.x and 7.x - Add reboot.com and shutdown.com to examples directory - Remove underscore prefix from awesome timespec_*() APIs - Create assertions that help verify our cancellation points - Remove bad timespec APIs (cmp generalizes eq/ne/gt/gte/lt/lte)
2022-11-06 02:49:41 +00:00
AppendLong1("now", timespec_real().tv_sec);
Avoid long double timestamps in redbean
2022-08-06 02:24:05 +00:00
AppendLong1("nowish", shared->nowish.tv_sec);
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
AppendLong1("gmtoff", gmtoff);
AppendLong1("CLK_TCK", CLK_TCK);
Avoid long double timestamps in redbean
2022-08-06 02:24:05 +00:00
AppendLong1("startserver", startserver.tv_sec);
AppendLong1("lastmeltdown", shared->lastmeltdown.tv_sec);
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
AppendLong1("workers", shared->workers);
AppendLong1("assets.n", assets.n);
Improve Redbean Lua memory (#241) - Update redbean Lua to check there is enough stack to use - Add explicit Lua gc pass after each message is processed - Add Lua memory reporting to redbean
2021-08-13 09:11:49 +00:00
#ifndef STATIC
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
lua_State *L = GL;
Revert explicit Lua GC pass (#241)
2021-08-13 10:06:23 +00:00
AppendLong1("lua.memory",
lua_gc(L, LUA_GCCOUNT) * 1024 + lua_gc(L, LUA_GCCOUNTB));
Improve Redbean Lua memory (#241) - Update redbean Lua to check there is enough stack to use - Add explicit Lua gc pass after each message is processed - Add Lua memory reporting to redbean
2021-08-13 09:11:49 +00:00
#endif
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
ServeCounters();
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
AppendRusage("server", &shared->server);
AppendRusage("children", &shared->children);
p = SetStatus(200, "OK");
p = AppendContentType(p, "text/plain");
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (cpm.msg.version >= 11) {
Improve generation of redbean static headers This change fixes an issue where Cache-Control could be outputted twice when Lua code calls SetHeader() from OnHttpRequest().
2022-06-15 05:01:13 +00:00
p = stpcpy(p, "Cache-Control: no-store\r\n");
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
return CommitOutput(p);
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
static char *RedirectSlash(void) {
Update redbean to include params in slash redirect (#604)
2022-09-09 02:14:54 +00:00
size_t n, i;
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
char *p, *e;
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.redirects);
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
p = SetStatus(307, "Temporary Redirect");
p = stpcpy(p, "Location: ");
e = EscapePath(url.path.p, url.path.n, &n);
p = mempcpy(p, e, n);
Update redbean to include params in slash redirect (#604)
2022-09-09 02:14:54 +00:00
p = stpcpy(p, "/");
for (i = 0; i < url.params.n; ++i) {
p = stpcpy(p, i == 0 ? "?" : "&");
p = mempcpy(p, url.params.p[i].key.p, url.params.p[i].key.n);
if (url.params.p[i].val.p) {
p = stpcpy(p, "=");
p = mempcpy(p, url.params.p[i].val.p, url.params.p[i].val.n);
}
}
p = stpcpy(p, "\r\n");
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
free(e);
return p;
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
static char *ServeIndex(const char *path, size_t pathlen) {
size_t i, n;
char *p, *q;
Make trivial code size enhancements
2021-05-17 01:22:39 +00:00
for (p = 0, i = 0; !p && i < ARRAYLEN(kIndexPaths); ++i) {
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
q = MergePaths(path, pathlen, kIndexPaths[i], strlen(kIndexPaths[i]), &n);
p = RoutePath(q, n);
free(q);
}
return p;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
static char *GetLuaResponse(void) {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
return cpm.luaheaderp ? cpm.luaheaderp : SetStatus(200, "OK");
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
}
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
static bool ShouldServeCrashReportDetails(void) {
Implement raw system call for redbean lua code You can now call functions like fork() from Lua and it'll work across all supported platforms, including Windows. This gives you a level of control of the system that Lua traditionally hasn't been able to have due to its focus on old portable stdio rather modern POSIX APIs. Demo code has been added to redbean-demo.com to show how it works. This change also modifies Lua so that integer literals with a leading zero will be interpreted as octal. That should help avoid shooting in the foot with POSIX APIs that frequently use octal mode bits. This change fixes a bug in opendir(".") on New Technology. Lastly, redbean will now serve crash reports to private network IPs. This is consistent with other frameworks. However that isn't served to public IPs unless the -E flag is passed to redbean at startup.
2022-04-13 15:49:17 +00:00
uint32_t ip;
uint16_t port;
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
if (leakcrashreports) {
return true;
} else {
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
return !GetRemoteAddr(&ip, &port) && (IsLoopbackIp(ip) || IsPrivateIp(ip));
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
}
Implement raw system call for redbean lua code You can now call functions like fork() from Lua and it'll work across all supported platforms, including Windows. This gives you a level of control of the system that Lua traditionally hasn't been able to have due to its focus on old portable stdio rather modern POSIX APIs. Demo code has been added to redbean-demo.com to show how it works. This change also modifies Lua so that integer literals with a leading zero will be interpreted as octal. That should help avoid shooting in the foot with POSIX APIs that frequently use octal mode bits. This change fixes a bug in opendir(".") on New Technology. Lastly, redbean will now serve crash reports to private network IPs. This is consistent with other frameworks. However that isn't served to public IPs unless the -E flag is passed to redbean at startup.
2022-04-13 15:49:17 +00:00
}
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
static char *LuaOnHttpRequest(void) {
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
char *error;
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
lua_State *L = GL;
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
effectivepath.p = url.path.p;
effectivepath.n = url.path.n;
Fix memory deallocation while yielding in redbean. (#384) The yielded coroutine was removed from the stack too early, leaving it not being anchored, which led to memory freed prematurely.
2022-04-15 01:13:53 +00:00
lua_settop(L, 0); // clear Lua stack, as it needs to start fresh
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
lua_getglobal(L, "OnHttpRequest");
Redbean stream yield implementation (#370) * Simplify handling of coroutine state * Update redbean to allow yielding from Lua to support streaming * Add stack checks for Lua resume calls in redbean
2022-03-22 01:07:30 +00:00
if (LuaCallWithYield(L) == LUA_OK) {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
return CommitOutput(GetLuaResponse());
} else {
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
LogLuaError("OnHttpRequest", lua_tostring(L, -1));
Implement raw system call for redbean lua code You can now call functions like fork() from Lua and it'll work across all supported platforms, including Windows. This gives you a level of control of the system that Lua traditionally hasn't been able to have due to its focus on old portable stdio rather modern POSIX APIs. Demo code has been added to redbean-demo.com to show how it works. This change also modifies Lua so that integer literals with a leading zero will be interpreted as octal. That should help avoid shooting in the foot with POSIX APIs that frequently use octal mode bits. This change fixes a bug in opendir(".") on New Technology. Lastly, redbean will now serve crash reports to private network IPs. This is consistent with other frameworks. However that isn't served to public IPs unless the -E flag is passed to redbean at startup.
2022-04-13 15:49:17 +00:00
error = ServeErrorWithDetail(
500, "Internal Server Error",
ShouldServeCrashReportDetails() ? lua_tostring(L, -1) : NULL);
Redbean stream yield implementation (#370) * Simplify handling of coroutine state * Update redbean to allow yielding from Lua to support streaming * Add stack checks for Lua resume calls in redbean
2022-03-22 01:07:30 +00:00
lua_pop(L, 1); // pop error
Update redbean to show Lua stack traces (#237) - Update redbean to include stack trace in Lua errors - Extend Lua in redbean to include stack trace in all logged errors - Update default error page in redbean with error details (when allowed) - Prepend `@` to Lua paths in redbean to recognize them as paths in error messages - Replace GetClientAddr with GetRemoteAddr to avoid backtrace leak in proxy scenarios - Fix typo in GetRemoteAddr documentation
2021-08-12 06:27:39 +00:00
return error;
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
}
}
static char *ServeLua(struct Asset *a, const char *s, size_t n) {
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
char *code;
Add Lua compiler Redbean Lua Server Pages may now be stored in the zip as byte code. This can improve performance, since redbean currently doesn't cache byte code but it might be more useful for anyone wanting to create a closed source redbean. The .lua extension should be used for byte code files. Lua will tell them apart based on a magic number at the start of the file. This change also improves some Lua error reporting conditions. See #97
2021-08-09 20:09:14 +00:00
size_t codelen;
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
lua_State *L = GL;
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.dynamicrequests);
effectivepath.p = s;
effectivepath.n = n;
Add Lua compiler Redbean Lua Server Pages may now be stored in the zip as byte code. This can improve performance, since redbean currently doesn't cache byte code but it might be more useful for anyone wanting to create a closed source redbean. The .lua extension should be used for byte code files. Lua will tell them apart based on a magic number at the start of the file. This change also improves some Lua error reporting conditions. See #97
2021-08-09 20:09:14 +00:00
if ((code = FreeLater(LoadAsset(a, &codelen)))) {
Undiamond Python headers This change gets the Python codebase into a state where it conforms to the conventions of this codebase. It's now possible to include headers from Python, without worrying about ordering. Python has traditionally solved that problem by "diamonding" everything in Python.h, but that's problematic since it means any change to any Python header invalidates all the build artifacts. Lastly it makes tooling not work. Since it is hard to explain to Emacs when I press C-c C-h to add an import line it shouldn't add the header that actually defines the symbol, and instead do follow the nonstandard Python convention. Progress has been made on letting Python load source code from the zip executable structure via the standard C library APIs. System calss now recognizes zip!FILENAME alternative URIs as equivalent to zip:FILENAME since Python uses colon as its delimiter. Some progress has been made on embedding the notice license terms into the Python object code. This is easier said than done since Python has an extremely complicated ownership story. - Some termios APIs have been added - Implement rewinddir() dirstream API - GetCpuCount() API added to Cosmopolitan Libc - More bugs in Cosmopolitan Libc have been fixed - zipobj.com now has flags for mangling the path - Fixed bug a priori with sendfile() on certain BSDs - Polyfill F_DUPFD and F_DUPFD_CLOEXEC across platforms - FIOCLEX / FIONCLEX now polyfilled for fast O_CLOEXEC changes - APE now supports a hybrid solution to no-self-modify for builds - Many BSD-only magnums added, e.g. O_SEARCH, O_SHLOCK, SF_NODISKIO
2021-08-12 07:42:14 +00:00
int status =
luaL_loadbuffer(L, code, codelen,
FreeLater(xasprintf("@%s", FreeLater(strndup(s, n)))));
Redbean stream yield implementation (#370) * Simplify handling of coroutine state * Update redbean to allow yielding from Lua to support streaming * Add stack checks for Lua resume calls in redbean
2022-03-22 01:07:30 +00:00
if (status == LUA_OK && LuaCallWithYield(L) == LUA_OK) {
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
return CommitOutput(GetLuaResponse());
} else {
Update redbean to show Lua stack traces (#237) - Update redbean to include stack trace in Lua errors - Extend Lua in redbean to include stack trace in all logged errors - Update default error page in redbean with error details (when allowed) - Prepend `@` to Lua paths in redbean to recognize them as paths in error messages - Replace GetClientAddr with GetRemoteAddr to avoid backtrace leak in proxy scenarios - Fix typo in GetRemoteAddr documentation
2021-08-12 06:27:39 +00:00
char *error;
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
LogLuaError("lua code", lua_tostring(L, -1));
Implement raw system call for redbean lua code You can now call functions like fork() from Lua and it'll work across all supported platforms, including Windows. This gives you a level of control of the system that Lua traditionally hasn't been able to have due to its focus on old portable stdio rather modern POSIX APIs. Demo code has been added to redbean-demo.com to show how it works. This change also modifies Lua so that integer literals with a leading zero will be interpreted as octal. That should help avoid shooting in the foot with POSIX APIs that frequently use octal mode bits. This change fixes a bug in opendir(".") on New Technology. Lastly, redbean will now serve crash reports to private network IPs. This is consistent with other frameworks. However that isn't served to public IPs unless the -E flag is passed to redbean at startup.
2022-04-13 15:49:17 +00:00
error = ServeErrorWithDetail(
500, "Internal Server Error",
ShouldServeCrashReportDetails() ? lua_tostring(L, -1) : NULL);
Redbean stream yield implementation (#370) * Simplify handling of coroutine state * Update redbean to allow yielding from Lua to support streaming * Add stack checks for Lua resume calls in redbean
2022-03-22 01:07:30 +00:00
lua_pop(L, 1); // pop error
Update redbean to show Lua stack traces (#237) - Update redbean to include stack trace in Lua errors - Extend Lua in redbean to include stack trace in all logged errors - Update default error page in redbean with error details (when allowed) - Prepend `@` to Lua paths in redbean to recognize them as paths in error messages - Replace GetClientAddr with GetRemoteAddr to avoid backtrace leak in proxy scenarios - Fix typo in GetRemoteAddr documentation
2021-08-12 06:27:39 +00:00
return error;
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
}
}
return ServeError(500, "Internal Server Error");
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
static char *HandleRedirect(struct Redirect *r) {
int code;
struct Asset *a;
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
if (!r->code && (a = GetAsset(r->location.s, r->location.n))) {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.rewrites);
Redbean fix redirect (#294) * Fix redbean crash during redirect in debug logging mode * Add reset for redirect loop check in redbean Route Without this reset a combination of RoutePath() and Route() calls could return "508 loop detected", since RoutePath could be called twice for the same redirected path. The protection against looping is still there, as it can only loop inside the Route() call (as it always serves something). * Update redbean redirect message for clarity
2021-10-25 21:04:57 +00:00
DEBUGF("(rsp) internal redirect to %`'s", r->location.s);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (!HasString(&cpm.loops, r->location.s, r->location.n)) {
AddString(&cpm.loops, r->location.s, r->location.n);
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
return RoutePath(r->location.s, r->location.n);
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
} else {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.loops);
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
return SetStatus(508, "Loop Detected");
}
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
} else if (cpm.msg.version < 10) {
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
return ServeError(505, "HTTP Version Not Supported");
} else {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.redirects);
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
code = r->code;
if (!code) code = 307;
Redbean fix redirect (#294) * Fix redbean crash during redirect in debug logging mode * Add reset for redirect loop check in redbean Route Without this reset a combination of RoutePath() and Route() calls could return "508 loop detected", since RoutePath could be called twice for the same redirected path. The protection against looping is still there, as it can only loop inside the Route() call (as it always serves something). * Update redbean redirect message for clarity
2021-10-25 21:04:57 +00:00
DEBUGF("(rsp) %d redirect to %`'s", code, r->location.s);
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
return AppendHeader(
SetStatus(code, GetHttpReason(code)), "Location",
FreeLater(EncodeHttpHeaderValue(r->location.s, r->location.n, 0)));
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
}
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
static char *HandleFolder(const char *path, size_t pathlen) {
char *p;
if (url.path.n && url.path.p[url.path.n - 1] != '/' &&
SlicesEqual(path, pathlen, url.path.p, url.path.n)) {
return RedirectSlash();
}
if ((p = ServeIndex(path, pathlen))) {
return p;
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
} else {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.forbiddens);
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
WARNF("(srvr) directory %`'.*s lacks index page", pathlen, path);
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
return ServeError(403, "Forbidden");
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
}
}
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
static bool Reindex(void) {
if (OpenZip(false)) {
LockInc(&shared->c.reindexes);
return true;
} else {
return false;
}
Add live reindexing to redbean when zip changes
2021-05-02 18:50:43 +00:00
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
static const char *LuaCheckPath(lua_State *L, int idx, size_t *pathlen) {
const char *path;
if (lua_isnoneornil(L, idx)) {
path = url.path.p;
*pathlen = url.path.n;
} else {
path = luaL_checklstring(L, idx, pathlen);
if (!IsReasonablePath(path, *pathlen)) {
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
WARNF("(srvr) bad path %`'.*s", *pathlen, path);
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
luaL_argerror(L, idx, "bad path");
unreachable;
}
}
return path;
}
static const char *LuaCheckHost(lua_State *L, int idx, size_t *hostlen) {
const char *host;
if (lua_isnoneornil(L, idx)) {
host = url.host.p;
*hostlen = url.host.n;
} else {
host = luaL_checklstring(L, idx, hostlen);
if (!IsAcceptableHost(host, *hostlen)) {
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
WARNF("(srvr) bad host %`'.*s", *hostlen, host);
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
luaL_argerror(L, idx, "bad host");
unreachable;
}
}
return host;
}
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
static void OnlyCallFromInitLua(lua_State *L, const char *api) {
Fix regression caused by state assertions change
2021-08-10 18:36:17 +00:00
if (isinitialized) {
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
luaL_error(L, "%s() should be called %s", api,
"from the global scope of .init.lua");
Add state assertions to redbean Lua APIs Many of the API functions provided by redbean are only appropriate to call in certain contexts, such as request handling or .init.lua, etc. For example, Fetch can't be called from the global scope of .init.lua because SSL hasn't been configured yet. Earlier if this happened then redbean would crash, which was confusing. What we'll do now is show a friendly error message. See #97 This change also undocuments redbean ssl compression support since it seems to be causing a flake in the testing infrastructure.
2021-08-09 21:45:52 +00:00
unreachable;
}
}
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
static void OnlyCallFromMainProcess(lua_State *L, const char *api) {
if (__isworker) {
luaL_error(L, "%s() should be called %s", api,
"from .init.lua or the repl");
Add state assertions to redbean Lua APIs Many of the API functions provided by redbean are only appropriate to call in certain contexts, such as request handling or .init.lua, etc. For example, Fetch can't be called from the global scope of .init.lua because SSL hasn't been configured yet. Earlier if this happened then redbean would crash, which was confusing. What we'll do now is show a friendly error message. See #97 This change also undocuments redbean ssl compression support since it seems to be causing a flake in the testing infrastructure.
2021-08-09 21:45:52 +00:00
unreachable;
}
}
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
static void OnlyCallDuringConnection(lua_State *L, const char *api) {
Add state assertions to redbean Lua APIs Many of the API functions provided by redbean are only appropriate to call in certain contexts, such as request handling or .init.lua, etc. For example, Fetch can't be called from the global scope of .init.lua because SSL hasn't been configured yet. Earlier if this happened then redbean would crash, which was confusing. What we'll do now is show a friendly error message. See #97 This change also undocuments redbean ssl compression support since it seems to be causing a flake in the testing infrastructure.
2021-08-09 21:45:52 +00:00
if (!ishandlingconnection) {
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
luaL_error(L, "%s() can only be called ", api,
"while handling a connection");
Add state assertions to redbean Lua APIs Many of the API functions provided by redbean are only appropriate to call in certain contexts, such as request handling or .init.lua, etc. For example, Fetch can't be called from the global scope of .init.lua because SSL hasn't been configured yet. Earlier if this happened then redbean would crash, which was confusing. What we'll do now is show a friendly error message. See #97 This change also undocuments redbean ssl compression support since it seems to be causing a flake in the testing infrastructure.
2021-08-09 21:45:52 +00:00
unreachable;
}
}
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
static void OnlyCallDuringRequest(lua_State *L, const char *api) {
Add state assertions to redbean Lua APIs Many of the API functions provided by redbean are only appropriate to call in certain contexts, such as request handling or .init.lua, etc. For example, Fetch can't be called from the global scope of .init.lua because SSL hasn't been configured yet. Earlier if this happened then redbean would crash, which was confusing. What we'll do now is show a friendly error message. See #97 This change also undocuments redbean ssl compression support since it seems to be causing a flake in the testing infrastructure.
2021-08-09 21:45:52 +00:00
if (!ishandlingrequest) {
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
luaL_error(L, "%s() can only be called %s", api,
"while handling a request");
Add state assertions to redbean Lua APIs Many of the API functions provided by redbean are only appropriate to call in certain contexts, such as request handling or .init.lua, etc. For example, Fetch can't be called from the global scope of .init.lua because SSL hasn't been configured yet. Earlier if this happened then redbean would crash, which was confusing. What we'll do now is show a friendly error message. See #97 This change also undocuments redbean ssl compression support since it seems to be causing a flake in the testing infrastructure.
2021-08-09 21:45:52 +00:00
unreachable;
}
}
static int LuaServe(lua_State *L, const char *api, char *impl(void)) {
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringRequest(L, api);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.luaheaderp = impl();
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
return 0;
}
Add state assertions to redbean Lua APIs Many of the API functions provided by redbean are only appropriate to call in certain contexts, such as request handling or .init.lua, etc. For example, Fetch can't be called from the global scope of .init.lua because SSL hasn't been configured yet. Earlier if this happened then redbean would crash, which was confusing. What we'll do now is show a friendly error message. See #97 This change also undocuments redbean ssl compression support since it seems to be causing a flake in the testing infrastructure.
2021-08-09 21:45:52 +00:00
static int LuaServeListing(lua_State *L) {
return LuaServe(L, "ServeListing", ServeListing);
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
static int LuaServeStatusz(lua_State *L) {
Add state assertions to redbean Lua APIs Many of the API functions provided by redbean are only appropriate to call in certain contexts, such as request handling or .init.lua, etc. For example, Fetch can't be called from the global scope of .init.lua because SSL hasn't been configured yet. Earlier if this happened then redbean would crash, which was confusing. What we'll do now is show a friendly error message. See #97 This change also undocuments redbean ssl compression support since it seems to be causing a flake in the testing infrastructure.
2021-08-09 21:45:52 +00:00
return LuaServe(L, "ServeStatusz", ServeStatusz);
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
}
static int LuaServeAsset(lua_State *L) {
size_t pathlen;
struct Asset *a;
const char *path;
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringRequest(L, "ServeAsset");
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
path = LuaCheckPath(L, 1, &pathlen);
if ((a = GetAsset(path, pathlen)) && !S_ISDIR(GetMode(a))) {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.luaheaderp = ServeAsset(a, path, pathlen);
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
lua_pushboolean(L, true);
} else {
lua_pushboolean(L, false);
}
return 1;
}
static int LuaServeIndex(lua_State *L) {
size_t pathlen;
const char *path;
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringRequest(L, "ServeIndex");
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
path = LuaCheckPath(L, 1, &pathlen);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
lua_pushboolean(L, !!(cpm.luaheaderp = ServeIndex(path, pathlen)));
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
return 1;
}
Add ServeRedirect function to redbean Lua (#246)
2021-08-17 21:26:33 +00:00
static int LuaServeRedirect(lua_State *L) {
size_t loclen;
const char *location, *eval;
int code;
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringRequest(L, "ServeRedirect");
Add ServeRedirect function to redbean Lua (#246)
2021-08-17 21:26:33 +00:00
code = luaL_checkinteger(L, 1);
if (!(300 <= code && code <= 399)) {
luaL_argerror(L, 1, "bad status code");
unreachable;
}
location = luaL_checklstring(L, 2, &loclen);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (cpm.msg.version < 10) {
Add ServeRedirect function to redbean Lua (#246)
2021-08-17 21:26:33 +00:00
(void)ServeError(505, "HTTP Version Not Supported");
lua_pushboolean(L, false);
} else {
if (!(eval = EncodeHttpHeaderValue(location, loclen, 0))) {
luaL_argerror(L, 2, "invalid location");
unreachable;
}
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
VERBOSEF("(rsp) %d redirect to %`'s", code, location);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.luaheaderp =
Improve ZIP filesystem and change its prefix The ZIP filesystem has a breaking change. You now need to use /zip/ to open() / opendir() / etc. assets within the ZIP structure of your APE binary, instead of the previous convention of using zip: or zip! URIs. This is needed because Python likes to use absolute paths, and having ZIP paths encoded like URIs simply broke too many things. Many more system calls have been updated to be able to operate on ZIP files and file descriptors. In particular fcntl() and ioctl() since Python would do things like ask if a ZIP file is a terminal and get confused when the old implementation mistakenly said yes, because the fastest way to guarantee native file descriptors is to dup(2). This change also improves the async signal safety of zipos and ensures it doesn't maintain any open file descriptors beyond that which the user has opened. This change makes a lot of progress towards adding magic numbers that are specific to platforms other than Linux. The philosophy here is that, if you use an operating system like FreeBSD, then you should be able to take advantage of FreeBSD exclusive features, even if we don't polyfill them on other platforms. For example, you can now open() a file with the O_VERIFY flag. If your program runs on other platforms, then Cosmo will automatically set O_VERIFY to zero. This lets you safely use it without the need for #ifdef or ifstatements which detract from readability. One of the blindspots of the ASAN memory hardening we use to offer Rust like assurances has always been that memory passed to the kernel via system calls (e.g. writev) can't be checked automatically since the kernel wasn't built with MODE=asan. This change makes more progress ensuring that each system call will verify the soundness of memory before it's passed to the kernel. The code for doing these checks is fast, particularly for buffers, where it can verify 64 bytes a cycle. - Correct O_LOOP definition on NT - Introduce program_executable_name - Add ASAN guards to more system calls - Improve termios compatibility with BSDs - Fix bug in Windows auxiliary value encoding - Add BSD and XNU specific errnos and open flags - Add check to ensure build doesn't talk to internet
2021-08-22 08:04:18 +00:00
AppendHeader(SetStatus(code, GetHttpReason(code)), "Location", eval);
Add ServeRedirect function to redbean Lua (#246)
2021-08-17 21:26:33 +00:00
free(eval);
lua_pushboolean(L, true);
}
return 1;
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
static int LuaRoutePath(lua_State *L) {
size_t pathlen;
const char *path;
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringRequest(L, "RoutePath");
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
path = LuaCheckPath(L, 1, &pathlen);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
lua_pushboolean(L, !!(cpm.luaheaderp = RoutePath(path, pathlen)));
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
return 1;
}
static int LuaRouteHost(lua_State *L) {
size_t hostlen, pathlen;
const char *host, *path;
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringRequest(L, "RouteHost");
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
host = LuaCheckHost(L, 1, &hostlen);
path = LuaCheckPath(L, 2, &pathlen);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
lua_pushboolean(L,
!!(cpm.luaheaderp = RouteHost(host, hostlen, path, pathlen)));
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
return 1;
}
static int LuaRoute(lua_State *L) {
size_t hostlen, pathlen;
const char *host, *path;
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringRequest(L, "Route");
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
host = LuaCheckHost(L, 1, &hostlen);
path = LuaCheckPath(L, 2, &pathlen);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
lua_pushboolean(L, !!(cpm.luaheaderp = Route(host, hostlen, path, pathlen)));
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
return 1;
}
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
static int LuaProgramTrustedIp(lua_State *L) {
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
lua_Integer ip, cidr;
uint32_t ip32, imask;
ip = luaL_checkinteger(L, 1);
cidr = luaL_optinteger(L, 2, 32);
if (!(0 <= ip && ip <= 0xffffffff)) {
luaL_argerror(L, 1, "ip out of range");
unreachable;
}
if (!(0 <= cidr && cidr <= 32)) {
luaL_argerror(L, 2, "cidr should be 0 .. 32");
unreachable;
}
ip32 = ip;
imask = ~(0xffffffffu << (32 - cidr));
if (ip32 & imask) {
luaL_argerror(L, 1,
"ip address isn't the network address; "
"it has bits masked by the cidr");
unreachable;
}
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
ProgramTrustedIp(ip, cidr);
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
return 0;
}
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
static int LuaIsTrusted(lua_State *L) {
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
lua_Integer ip;
ip = luaL_checkinteger(L, 1);
if (!(0 <= ip && ip <= 0xffffffff)) {
luaL_argerror(L, 1, "ip out of range");
unreachable;
}
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
lua_pushboolean(L, IsTrustedIp(ip));
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
return 1;
}
Make minor improvements
2021-05-16 04:53:26 +00:00
static int LuaRespond(lua_State *L, char *R(unsigned, const char *)) {
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
char *p;
int code;
size_t reasonlen;
const char *reason;
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringRequest(L, "Respond");
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
code = luaL_checkinteger(L, 1);
if (!(100 <= code && code <= 999)) {
luaL_argerror(L, 1, "bad status code");
unreachable;
}
if (lua_isnoneornil(L, 2)) {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.luaheaderp = R(code, GetHttpReason(code));
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
} else {
reason = lua_tolstring(L, 2, &reasonlen);
Redbean getstatus and more (#308) * Add GetBody() Lua API to redbean. This improves consistency with RFC 7230 terminology and should be favored over the old GetPayload function. * Add GetStatus() API to redbean. This is useful to get status after it's changed/set by Redbean, for example if 505 or 508 is set when ServeRedirect is called. * Introduce GetAssetComment() API to redbean. This function should be favored over the old name GetComment(). * Introduce IsLoopbackClient() API to redbean * Limit redbean reason to 128 chars when set instead of reporting an error
2021-11-12 23:00:41 +00:00
if ((p = EncodeHttpHeaderValue(reason, MIN(reasonlen, 128), 0))) {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.luaheaderp = R(code, p);
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
free(p);
} else {
luaL_argerror(L, 2, "invalid");
unreachable;
}
}
return 0;
}
static int LuaSetStatus(lua_State *L) {
return LuaRespond(L, SetStatus);
}
Redbean getstatus and more (#308) * Add GetBody() Lua API to redbean. This improves consistency with RFC 7230 terminology and should be favored over the old GetPayload function. * Add GetStatus() API to redbean. This is useful to get status after it's changed/set by Redbean, for example if 505 or 508 is set when ServeRedirect is called. * Introduce GetAssetComment() API to redbean. This function should be favored over the old name GetComment(). * Introduce IsLoopbackClient() API to redbean * Limit redbean reason to 128 chars when set instead of reporting an error
2021-11-12 23:00:41 +00:00
static int LuaGetStatus(lua_State *L) {
OnlyCallDuringRequest(L, "GetStatus");
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (!cpm.statuscode) {
Redbean getstatus and more (#308) * Add GetBody() Lua API to redbean. This improves consistency with RFC 7230 terminology and should be favored over the old GetPayload function. * Add GetStatus() API to redbean. This is useful to get status after it's changed/set by Redbean, for example if 505 or 508 is set when ServeRedirect is called. * Introduce GetAssetComment() API to redbean. This function should be favored over the old name GetComment(). * Introduce IsLoopbackClient() API to redbean * Limit redbean reason to 128 chars when set instead of reporting an error
2021-11-12 23:00:41 +00:00
lua_pushnil(L);
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
} else {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
lua_pushinteger(L, cpm.statuscode);
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
}
Redbean getstatus and more (#308) * Add GetBody() Lua API to redbean. This improves consistency with RFC 7230 terminology and should be favored over the old GetPayload function. * Add GetStatus() API to redbean. This is useful to get status after it's changed/set by Redbean, for example if 505 or 508 is set when ServeRedirect is called. * Introduce GetAssetComment() API to redbean. This function should be favored over the old name GetComment(). * Introduce IsLoopbackClient() API to redbean * Limit redbean reason to 128 chars when set instead of reporting an error
2021-11-12 23:00:41 +00:00
return 1;
}
Redbean SSL identification (#360) * Let Fetch() be used earlier in initialization * Have ssl log messages show cert name * Introduce GetSslIdentity Lua API
2022-03-15 00:11:05 +00:00
static int LuaGetSslIdentity(lua_State *L) {
const mbedtls_x509_crt *cert;
OnlyCallDuringRequest(L, "GetSslIdentity");
Improve redbean plus code size optimizations This change turns symbol table compression back on using Puff, which noticeably reduces the size of programs like redbean and Python. The redbean web server receives some minor API additions for controlling things like SSL in addition to filling gaps in the documentation.
2022-05-29 15:14:55 +00:00
if (!usingssl) {
Redbean SSL identification (#360) * Let Fetch() be used earlier in initialization * Have ssl log messages show cert name * Introduce GetSslIdentity Lua API
2022-03-15 00:11:05 +00:00
lua_pushnil(L);
} else {
if (sslpskindex) {
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
CHECK((sslpskindex - 1) >= 0 && (sslpskindex - 1) < psks.n);
lua_pushlstring(L, psks.p[sslpskindex - 1].identity,
psks.p[sslpskindex - 1].identity_len);
Redbean SSL identification (#360) * Let Fetch() be used earlier in initialization * Have ssl log messages show cert name * Introduce GetSslIdentity Lua API
2022-03-15 00:11:05 +00:00
} else {
cert = mbedtls_ssl_get_peer_cert(&ssl);
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
lua_pushstring(L, cert ? _gc(FormatX509Name(&cert->subject)) : "");
Redbean SSL identification (#360) * Let Fetch() be used earlier in initialization * Have ssl log messages show cert name * Introduce GetSslIdentity Lua API
2022-03-15 00:11:05 +00:00
}
}
return 1;
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
static int LuaServeError(lua_State *L) {
return LuaRespond(L, ServeError);
}
static int LuaLoadAsset(lua_State *L) {
void *data;
struct Asset *a;
const char *path;
size_t size, pathlen;
path = LuaCheckPath(L, 1, &pathlen);
if ((a = GetAsset(path, pathlen))) {
if (!a->file && !IsCompressed(a)) {
/* fast path: this avoids extra copy */
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
data = ZIP_LFILE_CONTENT(zbase + a->lf);
size = GetZipLfileUncompressedSize(zbase + a->lf);
if (Verify(data, size, ZIP_LFILE_CRC32(zbase + a->lf))) {
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
lua_pushlstring(L, data, size);
return 1;
}
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
// any error from Verify has already been reported
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
} else if ((data = LoadAsset(a, &size))) {
lua_pushlstring(L, data, size);
free(data);
return 1;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
} else {
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
WARNF("(srvr) could not load asset: %`'.*s", pathlen, path);
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
}
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
} else {
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
WARNF("(srvr) could not find asset: %`'.*s", pathlen, path);
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
}
return 0;
}
Let redbean use its own ZIP EXE as NoSQL database
2021-05-03 20:06:43 +00:00
static void GetDosLocalTime(int64_t utcunixts, uint16_t *out_time,
uint16_t *out_date) {
struct tm tm;
CHECK_NOTNULL(localtime_r(&utcunixts, &tm));
*out_time = DOS_TIME(tm.tm_hour, tm.tm_min, tm.tm_sec);
*out_date = DOS_DATE(tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday + 1);
}
Add storing folders in redbean from CLI (#366)
2022-03-15 00:19:31 +00:00
static void StoreAsset(char *path, size_t pathlen, char *data, size_t datalen,
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
int mode) {
Let redbean use its own ZIP EXE as NoSQL database
2021-05-03 20:06:43 +00:00
int64_t ft;
Add storing folders in redbean from CLI (#366)
2022-03-15 00:19:31 +00:00
int i;
Let redbean use its own ZIP EXE as NoSQL database
2021-05-03 20:06:43 +00:00
uint32_t crc;
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
char *comp, *p;
Avoid long double timestamps in redbean
2022-08-06 02:24:05 +00:00
struct timespec now;
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
struct Asset *a;
struct iovec v[13];
uint8_t *cdir, era;
Add storing folders in redbean from CLI (#366)
2022-03-15 00:19:31 +00:00
const char *use;
Let redbean use its own ZIP EXE as NoSQL database
2021-05-03 20:06:43 +00:00
uint16_t gflags, iattrs, mtime, mdate, dosmode, method, disk;
Add storing folders in redbean from CLI (#366)
2022-03-15 00:19:31 +00:00
size_t oldcdirsize, oldcdiroffset, records, cdiroffset, cdirsize, complen,
uselen;
Let redbean use its own ZIP EXE as NoSQL database
2021-05-03 20:06:43 +00:00
if (IsOpenbsd() || IsNetbsd() || IsWindows()) {
Update FATALF to exit without stack trace (#452)
2022-06-27 04:25:02 +00:00
FATALF("(cfg) StoreAsset() not available on Windows/NetBSD/OpenBSD yet");
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
}
Redbean report write lock failure (#450) This change updates redbean to report a non-writable path when using StoreAsset, instead of crashing the worker.
2022-06-27 04:16:13 +00:00
INFOF("(srvr) storing asset %`'s", path);
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
disk = gflags = iattrs = 0;
Introduce --strace flag for system call tracing This is similar to the --ftrace (c function call trace) flag, except it's less noisy since it only logs system calls to stderr. Having this flag is valuable because (1) system call tracing tells us a lot about the behavior of complex programs and (2) it's usually very hard to get system call tracing on various operating systems, e.g. strace, ktrace, dtruss, truss, nttrace, etc. Especially on Apple platforms where even with the special boot trick, debuggers still aren't guaranteed to work. make -j8 o//examples o//examples/hello.com --strace This is enabled by default in MODE=, MODE=opt, and MODE=dbg. In MODE=dbg extra information will be printed. make -j8 MODE=dbg o/dbg/examples o/dbg/examples/hello.com --strace |& less This change also changes: - Rename IsText() → _istext() - Rename IsUtf8() → _isutf8() - Fix madvise() on Windows NT - Fix empty string case of inet_ntop() - vfork() wrapper now saves and restores errno - Update xsigaction() to yoink syscall support
2022-03-19 01:07:28 +00:00
if (_isutf8(path, pathlen)) gflags |= kZipGflagUtf8;
if (_istext(data, datalen)) iattrs |= kZipIattrText;
Let redbean use its own ZIP EXE as NoSQL database
2021-05-03 20:06:43 +00:00
crc = crc32_z(0, data, datalen);
if (datalen < 100) {
method = kZipCompressionNone;
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
comp = 0;
Let redbean use its own ZIP EXE as NoSQL database
2021-05-03 20:06:43 +00:00
use = data;
uselen = datalen;
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
era = kZipEra1989;
Let redbean use its own ZIP EXE as NoSQL database
2021-05-03 20:06:43 +00:00
} else {
comp = Deflate(data, datalen, &complen);
if (complen < datalen) {
method = kZipCompressionDeflate;
use = comp;
uselen = complen;
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
era = kZipEra1993;
Let redbean use its own ZIP EXE as NoSQL database
2021-05-03 20:06:43 +00:00
} else {
method = kZipCompressionNone;
use = data;
uselen = datalen;
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
era = kZipEra1989;
Let redbean use its own ZIP EXE as NoSQL database
2021-05-03 20:06:43 +00:00
}
}
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
//////////////////////////////////////////////////////////////////////////////
Redbean report write lock failure (#450) This change updates redbean to report a non-writable path when using StoreAsset, instead of crashing the worker.
2022-06-27 04:16:13 +00:00
if (-1 == fcntl(zfd, F_SETLKW, &(struct flock){F_WRLCK})) {
Redbean fix listen leak (#470) * Fix release of resources allocated to skipped sockets * Update log messages for consistency
2022-07-09 19:16:44 +00:00
WARNF("(srvr) can't place write lock on file descriptor %d: %s", zfd,
Strengthen the pledge() polyfill
2022-06-27 20:01:58 +00:00
strerror(errno));
Redbean report write lock failure (#450) This change updates redbean to report a non-writable path when using StoreAsset, instead of crashing the worker.
2022-06-27 04:16:13 +00:00
return;
}
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
OpenZip(false);
Improve cancellations, randomness, and time - Exhaustively document cancellation points - Rename SIGCANCEL to SIGTHR just like BSDs - Further improve POSIX thread cancellations - Ensure asynchronous cancellations work correctly - Elevate the quality of getrandom() and getentropy() - Make futexes cancel correctly on OpenBSD 6.x and 7.x - Add reboot.com and shutdown.com to examples directory - Remove underscore prefix from awesome timespec_*() APIs - Create assertions that help verify our cancellation points - Remove bad timespec APIs (cmp generalizes eq/ne/gt/gte/lt/lte)
2022-11-06 02:49:41 +00:00
now = timespec_real();
Add storing folders in redbean from CLI (#366)
2022-03-15 00:19:31 +00:00
a = GetAssetZip(path, pathlen);
if (!mode) mode = a ? GetMode(a) : 0644;
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
if (!(mode & S_IFMT)) mode |= S_IFREG;
if (pathlen > 1 && path[0] == '/') ++path, --pathlen;
Let redbean use its own ZIP EXE as NoSQL database
2021-05-03 20:06:43 +00:00
dosmode = !(mode & 0200) ? kNtFileAttributeReadonly : 0;
Avoid long double timestamps in redbean
2022-08-06 02:24:05 +00:00
ft = (now.tv_sec + MODERNITYSECONDS) * HECTONANOSECONDS;
GetDosLocalTime(now.tv_sec, &mtime, &mdate);
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
// local file header
if (uselen >= 0xffffffff || datalen >= 0xffffffff) {
era = kZipEra2001;
v[2].iov_base = p = alloca((v[2].iov_len = 2 + 2 + 8 + 8));
p = WRITE16LE(p, kZipExtraZip64);
p = WRITE16LE(p, 8 + 8);
p = WRITE64LE(p, uselen);
p = WRITE64LE(p, datalen);
} else {
v[2].iov_len = 0;
v[2].iov_base = 0;
}
v[0].iov_base = p = alloca((v[0].iov_len = kZipLfileHdrMinSize));
Let redbean use its own ZIP EXE as NoSQL database
2021-05-03 20:06:43 +00:00
p = WRITE32LE(p, kZipLfileHdrMagic);
*p++ = era;
*p++ = kZipOsDos;
p = WRITE16LE(p, gflags);
p = WRITE16LE(p, method);
p = WRITE16LE(p, mtime);
p = WRITE16LE(p, mdate);
p = WRITE32LE(p, crc);
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
p = WRITE32LE(p, MIN(uselen, 0xffffffff));
p = WRITE32LE(p, MIN(datalen, 0xffffffff));
Let redbean use its own ZIP EXE as NoSQL database
2021-05-03 20:06:43 +00:00
p = WRITE16LE(p, pathlen);
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
p = WRITE16LE(p, v[2].iov_len);
v[1].iov_len = pathlen;
v[1].iov_base = path;
// file data
Fix redbean StoreAsset w/ Deflate (#258)
2021-08-25 12:43:26 +00:00
v[3].iov_len = uselen;
v[3].iov_base = use;
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
// old central directory entries
oldcdirsize = GetZipCdirSize(zcdir);
oldcdiroffset = GetZipCdirOffset(zcdir);
if (a) {
Redbean StoreAsset fix and lua cli (#326) * Fix StoreAsset update for existing assets in redbean * Add lua code execution and asset storage from redbean command line
2022-03-05 02:47:15 +00:00
// to remove an existing asset,
// first copy the central directory part before its record
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
v[4].iov_base = zbase + oldcdiroffset;
v[4].iov_len = a->cf - oldcdiroffset;
Redbean StoreAsset fix and lua cli (#326) * Fix StoreAsset update for existing assets in redbean * Add lua code execution and asset storage from redbean command line
2022-03-05 02:47:15 +00:00
// and then the rest of the central directory
v[5].iov_base = zbase + oldcdiroffset +
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
(v[4].iov_len + ZIP_CFILE_HDRSIZE(zbase + a->cf));
v[5].iov_len =
oldcdirsize - (v[4].iov_len + ZIP_CFILE_HDRSIZE(zbase + a->cf));
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
} else {
v[4].iov_base = zbase + oldcdiroffset;
v[4].iov_len = oldcdirsize;
v[5].iov_base = 0;
v[5].iov_len = 0;
}
// new central directory entry
if (uselen >= 0xffffffff || datalen >= 0xffffffff || zsize >= 0xffffffff) {
v[8].iov_base = p = alloca((v[8].iov_len = 2 + 2 + 8 + 8 + 8));
p = WRITE16LE(p, kZipExtraZip64);
p = WRITE16LE(p, 8 + 8 + 8);
p = WRITE64LE(p, uselen);
p = WRITE64LE(p, datalen);
p = WRITE64LE(p, zsize);
} else {
v[8].iov_len = 0;
v[8].iov_base = 0;
}
v[9].iov_base = p = alloca((v[9].iov_len = 2 + 2 + 4 + 2 + 2 + 8 + 8 + 8));
p = WRITE16LE(p, kZipExtraNtfs);
p = WRITE16LE(p, 4 + 2 + 2 + 8 + 8 + 8);
p = WRITE32LE(p, 0);
p = WRITE16LE(p, 1);
p = WRITE16LE(p, 8 + 8 + 8);
p = WRITE64LE(p, ft);
p = WRITE64LE(p, ft);
p = WRITE64LE(p, ft);
v[6].iov_base = p = alloca((v[6].iov_len = kZipCfileHdrMinSize));
Let redbean use its own ZIP EXE as NoSQL database
2021-05-03 20:06:43 +00:00
p = WRITE32LE(p, kZipCfileHdrMagic);
*p++ = kZipCosmopolitanVersion;
*p++ = kZipOsUnix;
*p++ = era;
*p++ = kZipOsDos;
p = WRITE16LE(p, gflags);
p = WRITE16LE(p, method);
p = WRITE16LE(p, mtime);
p = WRITE16LE(p, mdate);
p = WRITE32LE(p, crc);
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
p = WRITE32LE(p, MIN(uselen, 0xffffffff));
p = WRITE32LE(p, MIN(datalen, 0xffffffff));
Let redbean use its own ZIP EXE as NoSQL database
2021-05-03 20:06:43 +00:00
p = WRITE16LE(p, pathlen);
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
p = WRITE16LE(p, v[8].iov_len + v[9].iov_len);
Let redbean use its own ZIP EXE as NoSQL database
2021-05-03 20:06:43 +00:00
p = WRITE16LE(p, 0);
p = WRITE16LE(p, disk);
p = WRITE16LE(p, iattrs);
p = WRITE16LE(p, dosmode);
p = WRITE16LE(p, mode);
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
p = WRITE32LE(p, MIN(zsize, 0xffffffff));
v[7].iov_len = pathlen;
v[7].iov_base = path;
// zip64 end of central directory
cdiroffset =
zsize + v[0].iov_len + v[1].iov_len + v[2].iov_len + v[3].iov_len;
cdirsize = v[4].iov_len + v[5].iov_len + v[6].iov_len + v[7].iov_len +
v[8].iov_len + v[9].iov_len;
records = GetZipCdirRecords(zcdir) + !a;
if (records >= 0xffff || cdiroffset >= 0xffffffff || cdirsize >= 0xffffffff) {
v[10].iov_base = p =
alloca((v[10].iov_len = kZipCdir64HdrMinSize + kZipCdir64LocatorSize));
p = WRITE32LE(p, kZipCdir64HdrMagic);
p = WRITE64LE(p, 2 + 2 + 4 + 4 + 8 + 8 + 8 + 8);
p = WRITE16LE(p, kZipCosmopolitanVersion);
p = WRITE16LE(p, kZipEra2001);
p = WRITE32LE(p, disk);
p = WRITE32LE(p, disk);
p = WRITE64LE(p, records);
p = WRITE64LE(p, records);
p = WRITE64LE(p, cdirsize);
p = WRITE64LE(p, cdiroffset);
p = WRITE32LE(p, kZipCdir64LocatorMagic);
p = WRITE32LE(p, disk);
p = WRITE64LE(p, cdiroffset + cdirsize);
p = WRITE32LE(p, disk);
} else {
v[10].iov_len = 0;
v[10].iov_base = 0;
}
// end of central directory
v[12].iov_base = GetZipCdirComment(zcdir);
v[12].iov_len = GetZipCdirCommentSize(zcdir);
v[11].iov_base = p = alloca((v[11].iov_len = kZipCdirHdrMinSize));
Let redbean use its own ZIP EXE as NoSQL database
2021-05-03 20:06:43 +00:00
p = WRITE32LE(p, kZipCdirHdrMagic);
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
p = WRITE16LE(p, disk);
p = WRITE16LE(p, disk);
p = WRITE16LE(p, MIN(records, 0xffff));
p = WRITE16LE(p, MIN(records, 0xffff));
p = WRITE32LE(p, MIN(cdirsize, 0xffffffff));
p = WRITE32LE(p, MIN(cdiroffset, 0xffffffff));
p = WRITE16LE(p, v[12].iov_len);
CHECK_NE(-1, lseek(zfd, zbase + zsize - zmap, SEEK_SET));
CHECK_NE(-1, WritevAll(zfd, v, 13));
CHECK_NE(-1, fcntl(zfd, F_SETLK, &(struct flock){F_UNLCK}));
//////////////////////////////////////////////////////////////////////////////
OpenZip(false);
Let redbean use its own ZIP EXE as NoSQL database
2021-05-03 20:06:43 +00:00
free(comp);
Add storing folders in redbean from CLI (#366)
2022-03-15 00:19:31 +00:00
}
static void StoreFile(char *path) {
char *p;
Make improvements to redbean (#373) * Allow ProgramUniprocess to be set on Windows * Add closing p tag to Maxmind example * Enable using symlinked directories with redbean -A flag * Rename gc in redbean for consistency * Improve StoreFile by adding checks and skipping ./ in stored path * Add freeing memory in redbean LuaEncodeUrl Ref #366
2022-03-21 10:20:09 +00:00
size_t plen, tlen;
Add storing folders in redbean from CLI (#366)
2022-03-15 00:19:31 +00:00
struct stat st;
Make improvements to redbean (#373) * Allow ProgramUniprocess to be set on Windows * Add closing p tag to Maxmind example * Enable using symlinked directories with redbean -A flag * Rename gc in redbean for consistency * Improve StoreFile by adding checks and skipping ./ in stored path * Add freeing memory in redbean LuaEncodeUrl Ref #366
2022-03-21 10:20:09 +00:00
char *target = path;
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
if (_startswith(target, "./")) target += 2;
Make improvements to redbean (#373) * Allow ProgramUniprocess to be set on Windows * Add closing p tag to Maxmind example * Enable using symlinked directories with redbean -A flag * Rename gc in redbean for consistency * Improve StoreFile by adding checks and skipping ./ in stored path * Add freeing memory in redbean LuaEncodeUrl Ref #366
2022-03-21 10:20:09 +00:00
tlen = strlen(target);
if (!IsReasonablePath(target, tlen))
Update FATALF to exit without stack trace (#452)
2022-06-27 04:25:02 +00:00
FATALF("(cfg) error: can't store %`'s: contains '.' or '..' segments",
Strengthen the pledge() polyfill
2022-06-27 20:01:58 +00:00
target);
Update FATALF to exit without stack trace (#452)
2022-06-27 04:25:02 +00:00
if (lstat(path, &st) == -1) FATALF("(cfg) error: can't stat %`'s: %m", path);
Fix some issues with zipos and redbean - redbean.com -D /zip/dir/ now works, for pure fun - possibly fixed bug with redbean serving empty files - zipos stat() mode now indicates directories on windows See #372
2022-03-21 14:34:19 +00:00
if (!(p = xslurp(path, &plen)))
Update FATALF to exit without stack trace (#452)
2022-06-27 04:25:02 +00:00
FATALF("(cfg) error: can't read %`'s: %m", path);
Make improvements to redbean (#373) * Allow ProgramUniprocess to be set on Windows * Add closing p tag to Maxmind example * Enable using symlinked directories with redbean -A flag * Rename gc in redbean for consistency * Improve StoreFile by adding checks and skipping ./ in stored path * Add freeing memory in redbean LuaEncodeUrl Ref #366
2022-03-21 10:20:09 +00:00
StoreAsset(target, tlen, p, plen, st.st_mode & 0777);
free(p);
Add storing folders in redbean from CLI (#366)
2022-03-15 00:19:31 +00:00
}
static void StorePath(const char *dirpath) {
DIR *d;
char *path;
struct dirent *e;
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
if (!isdirectory(dirpath) && !_endswith(dirpath, "/"))
Make improvements to redbean (#373) * Allow ProgramUniprocess to be set on Windows * Add closing p tag to Maxmind example * Enable using symlinked directories with redbean -A flag * Rename gc in redbean for consistency * Improve StoreFile by adding checks and skipping ./ in stored path * Add freeing memory in redbean LuaEncodeUrl Ref #366
2022-03-21 10:20:09 +00:00
return StoreFile(dirpath);
Update FATALF to exit without stack trace (#452)
2022-06-27 04:25:02 +00:00
if (!(d = opendir(dirpath))) FATALF("(cfg) error: can't open %`'s", dirpath);
Add storing folders in redbean from CLI (#366)
2022-03-15 00:19:31 +00:00
while ((e = readdir(d))) {
if (strcmp(e->d_name, ".") == 0) continue;
if (strcmp(e->d_name, "..") == 0) continue;
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
path = _gc(xjoinpaths(dirpath, e->d_name));
Add storing folders in redbean from CLI (#366)
2022-03-15 00:19:31 +00:00
if (e->d_type == DT_DIR) {
StorePath(path);
} else {
StoreFile(path);
}
}
closedir(d);
}
static int LuaStoreAsset(lua_State *L) {
const char *path, *data;
size_t pathlen, datalen;
int mode;
path = LuaCheckPath(L, 1, &pathlen);
if (pathlen > 0xffff) {
return luaL_argerror(L, 1, "path too long");
}
data = luaL_checklstring(L, 2, &datalen);
mode = luaL_optinteger(L, 3, 0);
StoreAsset(path, pathlen, data, datalen, mode);
Let redbean use its own ZIP EXE as NoSQL database
2021-05-03 20:06:43 +00:00
return 0;
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
}
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
static void ReseedRng(mbedtls_ctr_drbg_context *r, const char *s) {
#ifndef UNSECURE
Make some systemic improvements - add vdso dump utility - tests now log stack usage - rename g_ftrace to __ftrace - make internal spinlocks go faster - add conformant c11 atomics library - function tracing now logs stack usage - make function call tracing thread safe - add -X unsecure (no ssl) mode to redbean - munmap() has more consistent behavior now - pacify fsync() calls on python unit tests - make --strace flag work better in redbean - start minimizing and documenting compiler flags
2022-05-18 23:41:29 +00:00
if (unsecure) return;
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
CHECK_EQ(0, mbedtls_ctr_drbg_reseed(r, (void *)s, strlen(s)));
#endif
}
static void LogMessage(const char *d, const char *s, size_t n) {
size_t n2, n3;
char *s2, *s3;
Make improvements to redbean - Fix Content-Type inference when file extension has number - Remove shoddy Class A granular IP classiifcation - Have setuid() and setgid() take effect w/o daemonization - Make GetParams() return empty table instead of nil - Change SetLogLevel(int) to only apply to one message - Make SetLogLevel(int) good enough to be access_log off - Introduce ProgramUid(int) which is same as -U INT - Introduce ProgramGid(int) which is same as -G INT - Introduce ProgramLogPath(str) which is same as -L PATH - Introduce ProgramDirectory(str) which is same as -D PATH - Introduce ProgramLogBodies(bool) which is same as -b - Introduce ProgramLogMessages(bool) which is same as -m
2021-07-08 22:56:23 +00:00
if (!LOGGABLE(kLogInfo)) return;
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
while (n && (s[n - 1] == '\r' || s[n - 1] == '\n')) --n;
if ((s2 = DecodeLatin1(s, n, &n2))) {
if ((s3 = IndentLines(s2, n2, &n3, 1))) {
Add seccomp bpf sandboxing to redbean It's now possible to pass the `-S` or `-SS` flags to sandbox redbean worker proecsses after they've been forked. The first `-S` flag is intended to be a permissive builtin policy that limits system calls to only that which the various parts of redbean serving need. The second `-SS` flag is intended to be more restrictive, preventing things like the Lua extensions you download off the web from using the HTTP client or sockets APIs. In upcoming changes you'll be able to implement your own Berkeley Packet Filter sandbox programs and load them via Lua.
2022-04-18 15:54:42 +00:00
INFOF("(stat) %s %,ld byte message\r\n%.*s", d, n, n3, s3);
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
free(s3);
}
free(s2);
}
}
static void LogBody(const char *d, const char *s, size_t n) {
char *s2, *s3;
size_t n2, n3;
if (!n) return;
Make improvements to redbean - Fix Content-Type inference when file extension has number - Remove shoddy Class A granular IP classiifcation - Have setuid() and setgid() take effect w/o daemonization - Make GetParams() return empty table instead of nil - Change SetLogLevel(int) to only apply to one message - Make SetLogLevel(int) good enough to be access_log off - Introduce ProgramUid(int) which is same as -U INT - Introduce ProgramGid(int) which is same as -G INT - Introduce ProgramLogPath(str) which is same as -L PATH - Introduce ProgramDirectory(str) which is same as -D PATH - Introduce ProgramLogBodies(bool) which is same as -b - Introduce ProgramLogMessages(bool) which is same as -m
2021-07-08 22:56:23 +00:00
if (!LOGGABLE(kLogInfo)) return;
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
while (n && (s[n - 1] == '\r' || s[n - 1] == '\n')) --n;
if ((s2 = VisualizeControlCodes(s, n, &n2))) {
if ((s3 = IndentLines(s2, n2, &n3, 1))) {
Add seccomp bpf sandboxing to redbean It's now possible to pass the `-S` or `-SS` flags to sandbox redbean worker proecsses after they've been forked. The first `-S` flag is intended to be a permissive builtin policy that limits system calls to only that which the various parts of redbean serving need. The second `-SS` flag is intended to be more restrictive, preventing things like the Lua extensions you download off the web from using the HTTP client or sockets APIs. In upcoming changes you'll be able to implement your own Berkeley Packet Filter sandbox programs and load them via Lua.
2022-04-18 15:54:42 +00:00
INFOF("(stat) %s %,ld byte payload\r\n%.*s", d, n, n3, s3);
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
free(s3);
}
free(s2);
}
}
Improve redbean fetch() (#460) * Updated Fetch to return `nil,error` on errors * Fix localhost connect when only IP address is specified
2022-07-08 14:13:51 +00:00
static int LuaNilError(lua_State *L, const char *fmt, ...) {
va_list argp;
va_start(argp, fmt);
lua_pushnil(L);
lua_pushvfstring(L, fmt, argp);
va_end(argp);
return 2;
}
static int LuaNilTlsError(lua_State *L, const char *s, int r) {
return LuaNilError(L, "tls %s failed (%s %s)", s,
IsTiny() ? "grep" : GetTlsError(r),
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
_gc(xasprintf("-0x%04x", -r)));
Improve redbean fetch() (#460) * Updated Fetch to return `nil,error` on errors * Fix localhost connect when only IP address is specified
2022-07-08 14:13:51 +00:00
}
Fix regression in Fetch()
2022-08-22 01:06:28 +00:00
#include "tool/net/fetch.inc"
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
static int LuaGetDate(lua_State *L) {
Avoid long double timestamps in redbean
2022-08-06 02:24:05 +00:00
lua_pushinteger(L, shared->nowish.tv_sec);
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
return 1;
}
Add GetRedbeanVersion & rename GetVersion (#219) - Add GetRedbeanVersion() to redbean (#97) - Rename GetVersion to GetHttpVersion() for consistency (#97) - Update Content-Length format to use a proper size modifier (#97, #218)
2021-08-02 21:46:43 +00:00
static int LuaGetHttpVersion(lua_State *L) {
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringRequest(L, "GetHttpVersion");
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
lua_pushinteger(L, cpm.msg.version);
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
return 1;
}
Add GetRedbeanVersion & rename GetVersion (#219) - Add GetRedbeanVersion() to redbean (#97) - Rename GetVersion to GetHttpVersion() for consistency (#97) - Update Content-Length format to use a proper size modifier (#97, #218)
2021-08-02 21:46:43 +00:00
static int LuaGetRedbeanVersion(lua_State *L) {
lua_pushinteger(L, VERSION);
return 1;
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
static int LuaGetMethod(lua_State *L) {
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringRequest(L, "GetMethod");
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (cpm.msg.method) {
lua_pushstring(L, kHttpMethod[cpm.msg.method]);
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
} else {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
lua_pushlstring(L, inbuf.p + cpm.msg.xmethod.a,
cpm.msg.xmethod.b - cpm.msg.xmethod.a);
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
}
return 1;
}
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
static int LuaGetAddr(lua_State *L, int GetAddr(uint32_t *, uint16_t *)) {
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
uint32_t ip;
uint16_t port;
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
if (!GetAddr(&ip, &port)) {
lua_pushinteger(L, ip);
lua_pushinteger(L, port);
return 2;
} else {
lua_pushnil(L);
return 1;
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
}
static int LuaGetServerAddr(lua_State *L) {
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringConnection(L, "GetServerAddr");
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
return LuaGetAddr(L, GetServerAddr);
}
static int LuaGetClientAddr(lua_State *L) {
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringConnection(L, "GetClientAddr");
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
return LuaGetAddr(L, GetClientAddr);
}
static int LuaGetRemoteAddr(lua_State *L) {
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringRequest(L, "GetRemoteAddr");
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
return LuaGetAddr(L, GetRemoteAddr);
}
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
static int LuaLog(lua_State *L) {
int level, line;
lua_Debug ar;
const char *msg, *module;
level = luaL_checkinteger(L, 1);
if (LOGGABLE(level)) {
msg = luaL_checkstring(L, 2);
if (lua_getstack(L, 1, &ar) && lua_getinfo(L, "Sl", &ar)) {
module = ar.short_src;
line = ar.currentline;
} else {
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
module = _gc(strndup(effectivepath.p, effectivepath.n));
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
line = -1;
}
flogf(level, module, line, NULL, "%s", msg);
}
return 0;
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
}
Add pretty printing to redbean serializers
2022-07-22 17:10:33 +00:00
static int LuaEncodeSmth(lua_State *L, int Encoder(lua_State *, char **, int,
struct EncoderConfig)) {
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
char *p = 0;
Improve Lua and JSON serialization
2022-07-13 06:31:06 +00:00
int useoutput = false;
Add pretty printing to redbean serializers
2022-07-22 17:10:33 +00:00
struct EncoderConfig conf = {
.maxdepth = 64,
.sorted = true,
.pretty = false,
.indent = " ",
};
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
if (lua_istable(L, 2)) {
lua_settop(L, 2); // discard any extra arguments
lua_getfield(L, 2, "useoutput");
// ignore useoutput outside of request handling
Make improvements - Add hierarchical auto-completion to redbean's repl - Fetch latest localtime() and strftime() from Eggert - Shave a few milliseconds off redbean start latency - Fix redbean repl with multi-line statements - Make the Lua unix module code more elegant - Harden Lua data structure serialization
2022-04-27 12:39:39 +00:00
if (ishandlingrequest && lua_isboolean(L, -1)) {
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
useoutput = lua_toboolean(L, -1);
Make improvements - Add hierarchical auto-completion to redbean's repl - Fetch latest localtime() and strftime() from Eggert - Shave a few milliseconds off redbean start latency - Fix redbean repl with multi-line statements - Make the Lua unix module code more elegant - Harden Lua data structure serialization
2022-04-27 12:39:39 +00:00
}
Add pretty printing to redbean serializers
2022-07-22 17:10:33 +00:00
lua_getfield(L, 2, "maxdepth");
if (!lua_isnoneornil(L, -1)) {
lua_Integer n = lua_tointeger(L, -1);
n = MAX(0, MIN(n, SHRT_MAX));
conf.maxdepth = n;
}
Improve Lua and JSON serialization
2022-07-13 06:31:06 +00:00
lua_getfield(L, 2, "sorted");
Add pretty printing to redbean serializers
2022-07-22 17:10:33 +00:00
if (!lua_isnoneornil(L, -1)) {
conf.sorted = lua_toboolean(L, -1);
}
lua_getfield(L, 2, "pretty");
if (!lua_isnoneornil(L, -1)) {
conf.pretty = lua_toboolean(L, -1);
lua_getfield(L, 2, "indent");
if (!lua_isnoneornil(L, -1)) {
conf.indent = luaL_checkstring(L, -1);
}
}
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
}
lua_settop(L, 1); // keep the passed argument on top
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (Encoder(L, useoutput ? &cpm.outbuf : &p, -1, conf) == -1) {
Make redbean serialization deterministic
2022-07-09 11:09:51 +00:00
free(p);
return 2;
}
if (useoutput) {
lua_pushboolean(L, true);
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
} else {
lua_pushstring(L, p);
free(p);
}
Redbean getstatus and more (#308) * Add GetBody() Lua API to redbean. This improves consistency with RFC 7230 terminology and should be favored over the old GetPayload function. * Add GetStatus() API to redbean. This is useful to get status after it's changed/set by Redbean, for example if 505 or 508 is set when ServeRedirect is called. * Introduce GetAssetComment() API to redbean. This function should be favored over the old name GetComment(). * Introduce IsLoopbackClient() API to redbean * Limit redbean reason to 128 chars when set instead of reporting an error
2021-11-12 23:00:41 +00:00
return 1;
}
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
static int LuaEncodeJson(lua_State *L) {
return LuaEncodeSmth(L, LuaEncodeJsonData);
Implement raw system call for redbean lua code You can now call functions like fork() from Lua and it'll work across all supported platforms, including Windows. This gives you a level of control of the system that Lua traditionally hasn't been able to have due to its focus on old portable stdio rather modern POSIX APIs. Demo code has been added to redbean-demo.com to show how it works. This change also modifies Lua so that integer literals with a leading zero will be interpreted as octal. That should help avoid shooting in the foot with POSIX APIs that frequently use octal mode bits. This change fixes a bug in opendir(".") on New Technology. Lastly, redbean will now serve crash reports to private network IPs. This is consistent with other frameworks. However that isn't served to public IPs unless the -E flag is passed to redbean at startup.
2022-04-13 15:49:17 +00:00
}
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
static int LuaEncodeLua(lua_State *L) {
return LuaEncodeSmth(L, LuaEncodeLuaData);
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
}
Rename ParseJson() to DecodeJson() for consistency
2022-07-10 00:34:41 +00:00
static int LuaDecodeJson(lua_State *L) {
Implement new JSON parser for redbean
2022-07-09 18:44:19 +00:00
size_t n;
const char *p;
Further improve JSON serialization
2022-07-12 06:06:49 +00:00
struct DecodeJson r;
Implement new JSON parser for redbean
2022-07-09 18:44:19 +00:00
p = luaL_checklstring(L, 1, &n);
Further improve JSON serialization
2022-07-12 06:06:49 +00:00
r = DecodeJson(L, p, n);
if (UNLIKELY(!r.rc)) {
lua_pushnil(L);
lua_pushstring(L, "unexpected eof");
return 2;
}
if (UNLIKELY(r.rc == -1)) {
lua_pushnil(L);
lua_pushstring(L, r.p);
return 2;
}
r = DecodeJson(L, r.p, n - (r.p - p));
if (UNLIKELY(r.rc)) {
lua_pushnil(L);
lua_pushstring(L, "junk after expression");
return 2;
}
return 1;
Implement new JSON parser for redbean
2022-07-09 18:44:19 +00:00
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
static int LuaGetUrl(lua_State *L) {
char *p;
size_t n;
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringRequest(L, "GetUrl");
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
p = EncodeUrl(&url, &n);
lua_pushlstring(L, p, n);
free(p);
return 1;
}
static int LuaGetScheme(lua_State *L) {
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringRequest(L, "GetScheme");
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
LuaPushUrlView(L, &url.scheme);
return 1;
}
static int LuaGetPath(lua_State *L) {
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringRequest(L, "GetPath");
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
LuaPushUrlView(L, &url.path);
return 1;
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
}
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
static int LuaGetEffectivePath(lua_State *L) {
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringRequest(L, "GetEffectivePath");
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
lua_pushlstring(L, effectivepath.p, effectivepath.n);
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
return 1;
}
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
static int LuaGetFragment(lua_State *L) {
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringRequest(L, "GetFragment");
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
LuaPushUrlView(L, &url.fragment);
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
return 1;
}
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
static int LuaGetUser(lua_State *L) {
size_t n;
const char *p, *q;
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringRequest(L, "GetUser");
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
if (url.user.p) {
LuaPushUrlView(L, &url.user);
} else if ((p = GetBasicAuthorization(&n))) {
if (!(q = memchr(p, ':', n))) q = p + n;
lua_pushlstring(L, p, q - p);
free(p);
} else {
lua_pushnil(L);
}
return 1;
}
static int LuaGetPass(lua_State *L) {
size_t n;
const char *p, *q;
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringRequest(L, "GetPass");
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
if (url.user.p) {
LuaPushUrlView(L, &url.pass);
} else if ((p = GetBasicAuthorization(&n))) {
if ((q = memchr(p, ':', n))) {
lua_pushlstring(L, q + 1, p + n - (q + 1));
} else {
lua_pushnil(L);
}
free(p);
} else {
lua_pushnil(L);
}
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
return 1;
}
static int LuaGetHost(lua_State *L) {
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
char b[16];
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringRequest(L, "GetHost");
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
if (url.host.n) {
lua_pushlstring(L, url.host.p, url.host.n);
} else {
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
inet_ntop(AF_INET, &serveraddr->sin_addr.s_addr, b, sizeof(b));
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
lua_pushstring(L, b);
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
}
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
return 1;
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
}
static int LuaGetPort(lua_State *L) {
int i, x = 0;
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringRequest(L, "GetPort");
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
for (i = 0; i < url.port.n; ++i) x = url.port.p[i] - '0' + x * 10;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
if (!x) x = ntohs(serveraddr->sin_port);
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
lua_pushinteger(L, x);
return 1;
}
Redbean getstatus and more (#308) * Add GetBody() Lua API to redbean. This improves consistency with RFC 7230 terminology and should be favored over the old GetPayload function. * Add GetStatus() API to redbean. This is useful to get status after it's changed/set by Redbean, for example if 505 or 508 is set when ServeRedirect is called. * Introduce GetAssetComment() API to redbean. This function should be favored over the old name GetComment(). * Introduce IsLoopbackClient() API to redbean * Limit redbean reason to 128 chars when set instead of reporting an error
2021-11-12 23:00:41 +00:00
static int LuaGetBody(lua_State *L) {
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
OnlyCallDuringRequest(L, "GetBody");
Add chunked transfer decoding to redbean
2021-07-05 08:03:45 +00:00
lua_pushlstring(L, inbuf.p + hdrsize, payloadlength);
Support POST parameters in redbean server pages See #97
2021-03-27 14:29:55 +00:00
return 1;
}
Add GetResponseBody to redbean (#502) * Add GetResponseBody to redbean to get access to generated response * Update GetStatus to return status code set by redbean itself (outside of Lua code)
2022-07-22 18:22:39 +00:00
static int LuaGetResponseBody(lua_State *L) {
Update redbean GetResponseBody to take response compression into account (#561)
2022-08-22 05:26:41 +00:00
char *s = "";
// response can be gzipped (>0), text (=0), or generator (<0)
Release redbean 2.0.18
2022-09-04 13:57:59 +00:00
int size = cpm.gzipped > 0 ? cpm.gzipped // original size
: cpm.gzipped == 0 ? cpm.contentlength
: 0;
Add GetResponseBody to redbean (#502) * Add GetResponseBody to redbean to get access to generated response * Update GetStatus to return status code set by redbean itself (outside of Lua code)
2022-07-22 18:22:39 +00:00
OnlyCallDuringRequest(L, "GetResponseBody");
Update redbean GetResponseBody to take response compression into account (#561)
2022-08-22 05:26:41 +00:00
if (cpm.gzipped > 0 &&
Release redbean 2.0.18
2022-09-04 13:57:59 +00:00
(!(s = FreeLater(malloc(cpm.gzipped))) ||
!Inflate(s, cpm.gzipped, cpm.content, cpm.contentlength))) {
Update redbean GetResponseBody to take response compression into account (#561)
2022-08-22 05:26:41 +00:00
return LuaNilError(L, "failed to decompress response");
}
Release redbean 2.0.18
2022-09-04 13:57:59 +00:00
lua_pushlstring(L,
cpm.gzipped > 0 ? s // return decompressed
: cpm.gzipped == 0 ? cpm.content
: "",
size);
Add GetResponseBody to redbean (#502) * Add GetResponseBody to redbean to get access to generated response * Update GetStatus to return status code set by redbean itself (outside of Lua code)
2022-07-22 18:22:39 +00:00
return 1;
}
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
static int LuaGetHeader(lua_State *L) {
int h;
Transcode ISO-8859-1 in HTTP headers If we keep making changes like this, redbean might not be a toy anymore. Additional steps are also being taken now to prevent ANSI control codes sent by the client from slipping into logs.
2021-03-28 07:10:17 +00:00
const char *key;
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
size_t i, keylen;
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringRequest(L, "GetHeader");
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
key = luaL_checklstring(L, 1, &keylen);
if ((h = GetHttpHeader(key, keylen)) != -1) {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (cpm.msg.headers[h].a) {
return LuaPushHeader(L, &cpm.msg, inbuf.p, h);
Support POST parameters in redbean server pages See #97
2021-03-27 14:29:55 +00:00
}
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
} else {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
for (i = 0; i < cpm.msg.xheaders.n; ++i) {
if (SlicesEqualCase(
key, keylen, inbuf.p + cpm.msg.xheaders.p[i].k.a,
cpm.msg.xheaders.p[i].k.b - cpm.msg.xheaders.p[i].k.a)) {
LuaPushLatin1(L, inbuf.p + cpm.msg.xheaders.p[i].v.a,
cpm.msg.xheaders.p[i].v.b - cpm.msg.xheaders.p[i].v.a);
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
return 1;
}
}
Support POST parameters in redbean server pages See #97
2021-03-27 14:29:55 +00:00
}
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
lua_pushnil(L);
Support POST parameters in redbean server pages See #97
2021-03-27 14:29:55 +00:00
return 1;
}
static int LuaGetHeaders(lua_State *L) {
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringRequest(L, "GetHeaders");
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
return LuaPushHeaders(L, &cpm.msg, inbuf.p);
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
static int LuaSetHeader(lua_State *L) {
Transcode ISO-8859-1 in HTTP headers If we keep making changes like this, redbean might not be a toy anymore. Additional steps are also being taken now to prevent ANSI control codes sent by the client from slipping into logs.
2021-03-28 07:10:17 +00:00
int h;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
ssize_t rc;
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
char *p, *q;
Transcode ISO-8859-1 in HTTP headers If we keep making changes like this, redbean might not be a toy anymore. Additional steps are also being taken now to prevent ANSI control codes sent by the client from slipping into logs.
2021-03-28 07:10:17 +00:00
const char *key, *val, *eval;
size_t i, keylen, vallen, evallen;
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringRequest(L, "SetHeader");
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
key = luaL_checklstring(L, 1, &keylen);
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
val = luaL_optlstring(L, 2, 0, &vallen);
if (!val) return 0;
Transcode ISO-8859-1 in HTTP headers If we keep making changes like this, redbean might not be a toy anymore. Additional steps are also being taken now to prevent ANSI control codes sent by the client from slipping into logs.
2021-03-28 07:10:17 +00:00
if ((h = GetHttpHeader(key, keylen)) == -1) {
if (!IsValidHttpToken(key, keylen)) {
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
luaL_argerror(L, 1, "invalid");
unreachable;
Transcode ISO-8859-1 in HTTP headers If we keep making changes like this, redbean might not be a toy anymore. Additional steps are also being taken now to prevent ANSI control codes sent by the client from slipping into logs.
2021-03-28 07:10:17 +00:00
}
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
Transcode ISO-8859-1 in HTTP headers If we keep making changes like this, redbean might not be a toy anymore. Additional steps are also being taken now to prevent ANSI control codes sent by the client from slipping into logs.
2021-03-28 07:10:17 +00:00
if (!(eval = EncodeHttpHeaderValue(val, vallen, &evallen))) {
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
luaL_argerror(L, 2, "invalid");
unreachable;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
p = GetLuaResponse();
while (p - hdrbuf.p + keylen + 2 + evallen + 2 + 512 > hdrbuf.n) {
hdrbuf.n += hdrbuf.n >> 1;
q = xrealloc(hdrbuf.p, hdrbuf.n);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.luaheaderp = p = q + (p - hdrbuf.p);
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
hdrbuf.p = q;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
Transcode ISO-8859-1 in HTTP headers If we keep making changes like this, redbean might not be a toy anymore. Additional steps are also being taken now to prevent ANSI control codes sent by the client from slipping into logs.
2021-03-28 07:10:17 +00:00
switch (h) {
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
case kHttpConnection:
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
connectionclose = SlicesEqualCase(eval, evallen, "close", 5);
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
break;
case kHttpContentType:
Transcode ISO-8859-1 in HTTP headers If we keep making changes like this, redbean might not be a toy anymore. Additional steps are also being taken now to prevent ANSI control codes sent by the client from slipping into logs.
2021-03-28 07:10:17 +00:00
p = AppendContentType(p, eval);
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
break;
Improve generation of redbean static headers This change fixes an issue where Cache-Control could be outputted twice when Lua code calls SetHeader() from OnHttpRequest().
2022-06-15 05:01:13 +00:00
case kHttpReferrerPolicy:
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.referrerpolicy = FreeLater(strdup(eval));
Improve generation of redbean static headers This change fixes an issue where Cache-Control could be outputted twice when Lua code calls SetHeader() from OnHttpRequest().
2022-06-15 05:01:13 +00:00
break;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
case kHttpServer:
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.branded = true;
Transcode ISO-8859-1 in HTTP headers If we keep making changes like this, redbean might not be a toy anymore. Additional steps are also being taken now to prevent ANSI control codes sent by the client from slipping into logs.
2021-03-28 07:10:17 +00:00
p = AppendHeader(p, "Server", eval);
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
break;
Improve generation of redbean static headers This change fixes an issue where Cache-Control could be outputted twice when Lua code calls SetHeader() from OnHttpRequest().
2022-06-15 05:01:13 +00:00
case kHttpExpires:
case kHttpCacheControl:
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.gotcachecontrol = true;
Improve generation of redbean static headers This change fixes an issue where Cache-Control could be outputted twice when Lua code calls SetHeader() from OnHttpRequest().
2022-06-15 05:01:13 +00:00
p = AppendHeader(p, key, eval);
break;
case kHttpXContentTypeOptions:
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.gotxcontenttypeoptions = true;
Improve generation of redbean static headers This change fixes an issue where Cache-Control could be outputted twice when Lua code calls SetHeader() from OnHttpRequest().
2022-06-15 05:01:13 +00:00
p = AppendHeader(p, key, eval);
Restore Referer-Policy and wrap up MbedTLS changes redbean will now set Referer-Policy to no-referrer-when-downgrade on text/html responses by default. There's better explanations on the bits of security redbean is offering. In short, it's 128+ for modern clients and 112+ for legacy. If the -B flag is used then it's 192+ for modern and 150+ for non-EC.
2021-08-04 05:42:17 +00:00
break;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
default:
Transcode ISO-8859-1 in HTTP headers If we keep making changes like this, redbean might not be a toy anymore. Additional steps are also being taken now to prevent ANSI control codes sent by the client from slipping into logs.
2021-03-28 07:10:17 +00:00
p = AppendHeader(p, key, eval);
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
break;
}
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.luaheaderp = p;
Transcode ISO-8859-1 in HTTP headers If we keep making changes like this, redbean might not be a toy anymore. Additional steps are also being taken now to prevent ANSI control codes sent by the client from slipping into logs.
2021-03-28 07:10:17 +00:00
free(eval);
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
return 0;
}
Add GetCookie to redbean Lua (#269)
2021-09-11 23:46:21 +00:00
static int LuaGetCookie(lua_State *L) {
char *cookie = 0, *cookietmpl, *cookieval;
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringRequest(L, "GetCookie");
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
cookietmpl = _gc(xasprintf(" %s=", luaL_checkstring(L, 1)));
Add GetCookie to redbean Lua (#269)
2021-09-11 23:46:21 +00:00
if (HasHeader(kHttpCookie)) {
appends(&cookie, " "); // prepend space to simplify cookie search
appendd(&cookie, HeaderData(kHttpCookie), HeaderLength(kHttpCookie));
}
if (cookie && (cookieval = strstr(cookie, cookietmpl))) {
cookieval += strlen(cookietmpl);
lua_pushlstring(L, cookieval, strchrnul(cookieval, ';') - cookieval);
} else {
lua_pushnil(L);
}
if (cookie) free(cookie);
return 1;
}
Add SetCookie method to redbean Lua (#265)
2021-09-04 09:12:12 +00:00
static int LuaSetCookie(lua_State *L) {
const char *key, *val;
size_t keylen, vallen;
char *expires, *samesite = "";
char *buf = 0;
bool ishostpref, issecurepref;
const char *hostpref = "__Host-";
const char *securepref = "__Secure-";
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringRequest(L, "SetCookie");
Add SetCookie method to redbean Lua (#265)
2021-09-04 09:12:12 +00:00
key = luaL_checklstring(L, 1, &keylen);
val = luaL_checklstring(L, 2, &vallen);
if (!IsValidHttpToken(key, keylen)) {
luaL_argerror(L, 1, "invalid");
unreachable;
}
if (!IsValidCookieValue(val, vallen)) {
luaL_argerror(L, 2, "invalid");
unreachable;
}
Decentralize Python native module linkage We can now link even smaller Python binaries. For example, the hello.com program in the Python build directory is a compiled linked executable of hello.py which just prints hello world. Using decentralized sections, we can make that binary 1.9mb in size (noting that python.com is 6.3 megs!) This works for nontrivial programs too. For example, say we want an APE binary that's equivalent to python.com -m http.server. Our makefile now builds such a binary using the new launcher and it's only 3.2mb in size since Python sources get turned into ELF objects, which tell our linker that we need things like native hashing algorithm code.
2021-09-07 18:40:11 +00:00
ishostpref = keylen > strlen(hostpref) &&
SlicesEqual(key, strlen(hostpref), hostpref, strlen(hostpref));
issecurepref =
keylen > strlen(securepref) &&
SlicesEqual(key, strlen(securepref), securepref, strlen(securepref));
Improve redbean plus code size optimizations This change turns symbol table compression back on using Puff, which noticeably reduces the size of programs like redbean and Python. The redbean web server receives some minor API additions for controlling things like SSL in addition to filling gaps in the documentation.
2022-05-29 15:14:55 +00:00
if ((ishostpref || issecurepref) && !usingssl) {
Make numerous improvements - Python static hello world now 1.8mb - Python static fully loaded now 10mb - Python HTTPS client now uses MbedTLS - Python REPL now completes import stmts - Increase stack size for Python for now - Begin synthesizing posixpath and ntpath - Restore Python \N{UNICODE NAME} support - Restore Python NFKD symbol normalization - Add optimized code path for Intel SHA-NI - Get more Python unit tests passing faster - Get Python help() pagination working on NT - Python hashlib now supports MbedTLS PBKDF2 - Make memcpy/memmove/memcmp/bcmp/etc. faster - Add Mersenne Twister and Vigna to LIBC_RAND - Provide privileged __printf() for error code - Fix zipos opendir() so that it reports ENOTDIR - Add basic chmod() implementation for Windows NT - Add Cosmo's best functions to Python cosmo module - Pin function trace indent depth to that of caller - Show memory diagram on invalid access in MODE=dbg - Differentiate stack overflow on crash in MODE=dbg - Add stb_truetype and tools for analyzing font files - Upgrade to UNICODE 13 and reduce its binary footprint - COMPILE.COM now logs resource usage of build commands - Start implementing basic poll() support on bare metal - Set getauxval(AT_EXECFN) to GetModuleFileName() on NT - Add descriptions to strerror() in non-TINY build modes - Add COUNTBRANCH() macro to help with micro-optimizations - Make error / backtrace / asan / memory code more unbreakable - Add fast perfect C implementation of μ-Law and a-Law audio codecs - Make strtol() functions consistent with other libc implementations - Improve Linenoise implementation (see also github.com/jart/bestline) - COMPILE.COM now suppresses stdout/stderr of successful build commands
2021-09-28 05:58:51 +00:00
luaL_argerror(
L, 1,
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
_gc(xasprintf("%s and %s prefixes require SSL", hostpref, securepref)));
Add SetCookie method to redbean Lua (#265)
2021-09-04 09:12:12 +00:00
unreachable;
}
appends(&buf, key);
appends(&buf, "=");
appends(&buf, val);
if (lua_istable(L, 3)) {
Decentralize Python native module linkage We can now link even smaller Python binaries. For example, the hello.com program in the Python build directory is a compiled linked executable of hello.py which just prints hello world. Using decentralized sections, we can make that binary 1.9mb in size (noting that python.com is 6.3 megs!) This works for nontrivial programs too. For example, say we want an APE binary that's equivalent to python.com -m http.server. Our makefile now builds such a binary using the new launcher and it's only 3.2mb in size since Python sources get turned into ELF objects, which tell our linker that we need things like native hashing algorithm code.
2021-09-07 18:40:11 +00:00
if (lua_getfield(L, 3, "expires") != LUA_TNIL ||
lua_getfield(L, 3, "Expires") != LUA_TNIL) {
Add SetCookie method to redbean Lua (#265)
2021-09-04 09:12:12 +00:00
if (lua_isnumber(L, -1)) {
Decentralize Python native module linkage We can now link even smaller Python binaries. For example, the hello.com program in the Python build directory is a compiled linked executable of hello.py which just prints hello world. Using decentralized sections, we can make that binary 1.9mb in size (noting that python.com is 6.3 megs!) This works for nontrivial programs too. For example, say we want an APE binary that's equivalent to python.com -m http.server. Our makefile now builds such a binary using the new launcher and it's only 3.2mb in size since Python sources get turned into ELF objects, which tell our linker that we need things like native hashing algorithm code.
2021-09-07 18:40:11 +00:00
expires =
FormatUnixHttpDateTime(FreeLater(xmalloc(30)), lua_tonumber(L, -1));
Add SetCookie method to redbean Lua (#265)
2021-09-04 09:12:12 +00:00
} else {
expires = lua_tostring(L, -1);
if (!ParseHttpDateTime(expires, -1)) {
luaL_argerror(L, 3, "invalid data format in Expires");
unreachable;
}
}
appends(&buf, "; Expires=");
appends(&buf, expires);
}
Decentralize Python native module linkage We can now link even smaller Python binaries. For example, the hello.com program in the Python build directory is a compiled linked executable of hello.py which just prints hello world. Using decentralized sections, we can make that binary 1.9mb in size (noting that python.com is 6.3 megs!) This works for nontrivial programs too. For example, say we want an APE binary that's equivalent to python.com -m http.server. Our makefile now builds such a binary using the new launcher and it's only 3.2mb in size since Python sources get turned into ELF objects, which tell our linker that we need things like native hashing algorithm code.
2021-09-07 18:40:11 +00:00
if ((lua_getfield(L, 3, "maxage") == LUA_TNUMBER ||
lua_getfield(L, 3, "MaxAge") == LUA_TNUMBER) &&
lua_isinteger(L, -1)) {
Add SetCookie method to redbean Lua (#265)
2021-09-04 09:12:12 +00:00
appends(&buf, "; Max-Age=");
appends(&buf, lua_tostring(L, -1));
}
Decentralize Python native module linkage We can now link even smaller Python binaries. For example, the hello.com program in the Python build directory is a compiled linked executable of hello.py which just prints hello world. Using decentralized sections, we can make that binary 1.9mb in size (noting that python.com is 6.3 megs!) This works for nontrivial programs too. For example, say we want an APE binary that's equivalent to python.com -m http.server. Our makefile now builds such a binary using the new launcher and it's only 3.2mb in size since Python sources get turned into ELF objects, which tell our linker that we need things like native hashing algorithm code.
2021-09-07 18:40:11 +00:00
if (lua_getfield(L, 3, "samesite") == LUA_TSTRING ||
lua_getfield(L, 3, "SameSite") == LUA_TSTRING) {
samesite = lua_tostring(L, -1); // also used in the Secure check
Add SetCookie method to redbean Lua (#265)
2021-09-04 09:12:12 +00:00
appends(&buf, "; SameSite=");
appends(&buf, samesite);
}
// Secure attribute is required for __Host and __Secure prefixes
// as well as for the SameSite=None
Decentralize Python native module linkage We can now link even smaller Python binaries. For example, the hello.com program in the Python build directory is a compiled linked executable of hello.py which just prints hello world. Using decentralized sections, we can make that binary 1.9mb in size (noting that python.com is 6.3 megs!) This works for nontrivial programs too. For example, say we want an APE binary that's equivalent to python.com -m http.server. Our makefile now builds such a binary using the new launcher and it's only 3.2mb in size since Python sources get turned into ELF objects, which tell our linker that we need things like native hashing algorithm code.
2021-09-07 18:40:11 +00:00
if (ishostpref || issecurepref || !strcmp(samesite, "None") ||
((lua_getfield(L, 3, "secure") == LUA_TBOOLEAN ||
lua_getfield(L, 3, "Secure") == LUA_TBOOLEAN) &&
lua_toboolean(L, -1))) {
Add SetCookie method to redbean Lua (#265)
2021-09-04 09:12:12 +00:00
appends(&buf, "; Secure");
}
Decentralize Python native module linkage We can now link even smaller Python binaries. For example, the hello.com program in the Python build directory is a compiled linked executable of hello.py which just prints hello world. Using decentralized sections, we can make that binary 1.9mb in size (noting that python.com is 6.3 megs!) This works for nontrivial programs too. For example, say we want an APE binary that's equivalent to python.com -m http.server. Our makefile now builds such a binary using the new launcher and it's only 3.2mb in size since Python sources get turned into ELF objects, which tell our linker that we need things like native hashing algorithm code.
2021-09-07 18:40:11 +00:00
if (!ishostpref && (lua_getfield(L, 3, "domain") == LUA_TSTRING ||
lua_getfield(L, 3, "Domain") == LUA_TSTRING)) {
Add SetCookie method to redbean Lua (#265)
2021-09-04 09:12:12 +00:00
appends(&buf, "; Domain=");
appends(&buf, lua_tostring(L, -1));
}
Decentralize Python native module linkage We can now link even smaller Python binaries. For example, the hello.com program in the Python build directory is a compiled linked executable of hello.py which just prints hello world. Using decentralized sections, we can make that binary 1.9mb in size (noting that python.com is 6.3 megs!) This works for nontrivial programs too. For example, say we want an APE binary that's equivalent to python.com -m http.server. Our makefile now builds such a binary using the new launcher and it's only 3.2mb in size since Python sources get turned into ELF objects, which tell our linker that we need things like native hashing algorithm code.
2021-09-07 18:40:11 +00:00
if (ishostpref || lua_getfield(L, 3, "path") == LUA_TSTRING ||
lua_getfield(L, 3, "Path") == LUA_TSTRING) {
Add SetCookie method to redbean Lua (#265)
2021-09-04 09:12:12 +00:00
appends(&buf, "; Path=");
appends(&buf, ishostpref ? "/" : lua_tostring(L, -1));
}
Decentralize Python native module linkage We can now link even smaller Python binaries. For example, the hello.com program in the Python build directory is a compiled linked executable of hello.py which just prints hello world. Using decentralized sections, we can make that binary 1.9mb in size (noting that python.com is 6.3 megs!) This works for nontrivial programs too. For example, say we want an APE binary that's equivalent to python.com -m http.server. Our makefile now builds such a binary using the new launcher and it's only 3.2mb in size since Python sources get turned into ELF objects, which tell our linker that we need things like native hashing algorithm code.
2021-09-07 18:40:11 +00:00
if ((lua_getfield(L, 3, "httponly") == LUA_TBOOLEAN ||
lua_getfield(L, 3, "HttpOnly") == LUA_TBOOLEAN) &&
lua_toboolean(L, -1)) {
Add SetCookie method to redbean Lua (#265)
2021-09-04 09:12:12 +00:00
appends(&buf, "; HttpOnly");
}
}
DEBUGF("(srvr) Set-Cookie: %s", buf);
Add GetCookie to redbean Lua (#269)
2021-09-11 23:46:21 +00:00
// empty the stack and push header name/value
Add SetCookie method to redbean Lua (#265)
2021-09-04 09:12:12 +00:00
lua_settop(L, 0);
lua_pushliteral(L, "Set-Cookie");
lua_pushstring(L, buf);
free(buf);
return LuaSetHeader(L);
}
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
static int LuaHasParam(lua_State *L) {
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
size_t i, n;
const char *s;
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringRequest(L, "HasParam");
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
s = luaL_checklstring(L, 1, &n);
for (i = 0; i < url.params.n; ++i) {
if (SlicesEqual(s, n, url.params.p[i].key.p, url.params.p[i].key.n)) {
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
lua_pushboolean(L, true);
return 1;
}
}
lua_pushboolean(L, false);
return 1;
}
static int LuaGetParam(lua_State *L) {
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
size_t i, n;
const char *s;
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringRequest(L, "GetParam");
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
s = luaL_checklstring(L, 1, &n);
for (i = 0; i < url.params.n; ++i) {
if (SlicesEqual(s, n, url.params.p[i].key.p, url.params.p[i].key.n)) {
if (url.params.p[i].val.p) {
lua_pushlstring(L, url.params.p[i].val.p, url.params.p[i].val.n);
return 1;
} else {
break;
}
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
}
lua_pushnil(L);
Add preliminary lua support to redbean This change only implements enough Lua support to send a Hello World response. The redbean executable size increases from ~128kb to 260kb and the requests per second decreases from 1000k to 600k. That's the fastest it can go and that's extremely impressive compared to Python See #97
2021-03-22 00:27:53 +00:00
return 1;
}
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
static int LuaGetParams(lua_State *L) {
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringRequest(L, "GetParams");
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
LuaPushUrlParams(L, &url.params);
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
return 1;
}
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
static int LuaWrite(lua_State *L) {
Add preliminary lua support to redbean This change only implements enough Lua support to send a Hello World response. The redbean executable size increases from ~128kb to 260kb and the requests per second decreases from 1000k to 600k. That's the fastest it can go and that's extremely impressive compared to Python See #97
2021-03-22 00:27:53 +00:00
size_t size;
const char *data;
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallDuringRequest(L, "Write");
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
if (!lua_isnil(L, 1)) {
data = luaL_checklstring(L, 1, &size);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
appendd(&cpm.outbuf, data, size);
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
}
Add preliminary lua support to redbean This change only implements enough Lua support to send a Hello World response. The redbean executable size increases from ~128kb to 260kb and the requests per second decreases from 1000k to 600k. That's the fastest it can go and that's extremely impressive compared to Python See #97
2021-03-22 00:27:53 +00:00
return 0;
}
Change noinline to dontinline (#312) We defined `noinline` as an abbreviation for the longer version `__attribute__((__noinline__))` which caused name clashes since third party codebases often write it as `__attribute__((noinline))`.
2021-11-12 23:12:18 +00:00
static dontinline int LuaProgramInt(lua_State *L, void P(long)) {
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
P(luaL_checkinteger(L, 1));
Have redbean show zip listing as default / handler If an "index.lua" or "index.html" doesn't exist in zip file or the filesystem, and no redirects have been defined for it either, then redbean will render a listing of the zip central directory content only if the request uri points to the root path.
2021-03-29 08:22:49 +00:00
return 0;
}
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
static int LuaProgramPort(lua_State *L) {
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallFromInitLua(L, "ProgramPort");
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
return LuaProgramInt(L, ProgramPort);
}
Have redbean show zip listing as default / handler If an "index.lua" or "index.html" doesn't exist in zip file or the filesystem, and no redirects have been defined for it either, then redbean will render a listing of the zip central directory content only if the request uri points to the root path.
2021-03-29 08:22:49 +00:00
static int LuaProgramCache(lua_State *L) {
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
OnlyCallFromMainProcess(L, "ProgramCache");
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
return LuaProgramInt(L, ProgramCache);
}
static int LuaProgramTimeout(lua_State *L) {
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallFromInitLua(L, "ProgramTimeout");
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
return LuaProgramInt(L, ProgramTimeout);
Have redbean show zip listing as default / handler If an "index.lua" or "index.html" doesn't exist in zip file or the filesystem, and no redirects have been defined for it either, then redbean will render a listing of the zip central directory content only if the request uri points to the root path.
2021-03-29 08:22:49 +00:00
}
Make improvements to redbean - Fix Content-Type inference when file extension has number - Remove shoddy Class A granular IP classiifcation - Have setuid() and setgid() take effect w/o daemonization - Make GetParams() return empty table instead of nil - Change SetLogLevel(int) to only apply to one message - Make SetLogLevel(int) good enough to be access_log off - Introduce ProgramUid(int) which is same as -U INT - Introduce ProgramGid(int) which is same as -G INT - Introduce ProgramLogPath(str) which is same as -L PATH - Introduce ProgramDirectory(str) which is same as -D PATH - Introduce ProgramLogBodies(bool) which is same as -b - Introduce ProgramLogMessages(bool) which is same as -m
2021-07-08 22:56:23 +00:00
static int LuaProgramUid(lua_State *L) {
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallFromInitLua(L, "ProgramUid");
Make improvements to redbean - Fix Content-Type inference when file extension has number - Remove shoddy Class A granular IP classiifcation - Have setuid() and setgid() take effect w/o daemonization - Make GetParams() return empty table instead of nil - Change SetLogLevel(int) to only apply to one message - Make SetLogLevel(int) good enough to be access_log off - Introduce ProgramUid(int) which is same as -U INT - Introduce ProgramGid(int) which is same as -G INT - Introduce ProgramLogPath(str) which is same as -L PATH - Introduce ProgramDirectory(str) which is same as -D PATH - Introduce ProgramLogBodies(bool) which is same as -b - Introduce ProgramLogMessages(bool) which is same as -m
2021-07-08 22:56:23 +00:00
return LuaProgramInt(L, ProgramUid);
}
static int LuaProgramGid(lua_State *L) {
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallFromInitLua(L, "ProgramGid");
Make improvements to redbean - Fix Content-Type inference when file extension has number - Remove shoddy Class A granular IP classiifcation - Have setuid() and setgid() take effect w/o daemonization - Make GetParams() return empty table instead of nil - Change SetLogLevel(int) to only apply to one message - Make SetLogLevel(int) good enough to be access_log off - Introduce ProgramUid(int) which is same as -U INT - Introduce ProgramGid(int) which is same as -G INT - Introduce ProgramLogPath(str) which is same as -L PATH - Introduce ProgramDirectory(str) which is same as -D PATH - Introduce ProgramLogBodies(bool) which is same as -b - Introduce ProgramLogMessages(bool) which is same as -m
2021-07-08 22:56:23 +00:00
return LuaProgramInt(L, ProgramGid);
}
Add ProgramMaxPayloadSize() API to Redbean This way we don't have to use the flag and can configure it using .init.lua instead.
2022-06-10 10:28:46 +00:00
static int LuaProgramMaxPayloadSize(lua_State *L) {
OnlyCallFromInitLua(L, "ProgramMaxPayloadSize");
return LuaProgramInt(L, ProgramMaxPayloadSize);
}
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
static int LuaGetClientFd(lua_State *L) {
OnlyCallDuringConnection(L, "GetClientFd");
lua_pushinteger(L, client);
return 1;
}
static int LuaIsClientUsingSsl(lua_State *L) {
OnlyCallDuringConnection(L, "IsClientUsingSsl");
Improve redbean plus code size optimizations This change turns symbol table compression back on using Puff, which noticeably reduces the size of programs like redbean and Python. The redbean web server receives some minor API additions for controlling things like SSL in addition to filling gaps in the documentation.
2022-05-29 15:14:55 +00:00
lua_pushboolean(L, usingssl);
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
return 1;
}
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
static int LuaProgramSslTicketLifetime(lua_State *L) {
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallFromInitLua(L, "ProgramSslTicketLifetime");
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
return LuaProgramInt(L, ProgramSslTicketLifetime);
}
Add ProgramUniprocess to redbean (#364)
2022-03-08 02:15:44 +00:00
static int LuaProgramUniprocess(lua_State *L) {
OnlyCallFromInitLua(L, "ProgramUniprocess");
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
if (!lua_isboolean(L, 1) && !lua_isnoneornil(L, 1)) {
Add ProgramUniprocess to redbean (#364)
2022-03-08 02:15:44 +00:00
return luaL_argerror(L, 1, "invalid uniprocess mode; boolean expected");
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
}
Add ProgramUniprocess to redbean (#364)
2022-03-08 02:15:44 +00:00
lua_pushboolean(L, uniprocess);
Make improvements to redbean (#373) * Allow ProgramUniprocess to be set on Windows * Add closing p tag to Maxmind example * Enable using symlinked directories with redbean -A flag * Rename gc in redbean for consistency * Improve StoreFile by adding checks and skipping ./ in stored path * Add freeing memory in redbean LuaEncodeUrl Ref #366
2022-03-21 10:20:09 +00:00
if (lua_isboolean(L, 1)) uniprocess = lua_toboolean(L, 1);
Add ProgramUniprocess to redbean (#364)
2022-03-08 02:15:44 +00:00
return 1;
}
Add OnServerHeartbeat to Redbean (#522)
2022-08-03 03:41:44 +00:00
static int LuaProgramHeartbeatInterval(lua_State *L) {
Avoid long double timestamps in redbean
2022-08-06 02:24:05 +00:00
int64_t millis;
Add OnServerHeartbeat to Redbean (#522)
2022-08-03 03:41:44 +00:00
OnlyCallFromMainProcess(L, "ProgramHeartbeatInterval");
Avoid long double timestamps in redbean
2022-08-06 02:24:05 +00:00
if (!lua_isnoneornil(L, 1)) {
millis = luaL_checkinteger(L, 1);
millis = MAX(100, millis);
Improve cancellations, randomness, and time - Exhaustively document cancellation points - Rename SIGCANCEL to SIGTHR just like BSDs - Further improve POSIX thread cancellations - Ensure asynchronous cancellations work correctly - Elevate the quality of getrandom() and getentropy() - Make futexes cancel correctly on OpenBSD 6.x and 7.x - Add reboot.com and shutdown.com to examples directory - Remove underscore prefix from awesome timespec_*() APIs - Create assertions that help verify our cancellation points - Remove bad timespec APIs (cmp generalizes eq/ne/gt/gte/lt/lte)
2022-11-06 02:49:41 +00:00
heartbeatinterval = timespec_frommillis(millis);
Add OnServerHeartbeat to Redbean (#522)
2022-08-03 03:41:44 +00:00
}
Improve cancellations, randomness, and time - Exhaustively document cancellation points - Rename SIGCANCEL to SIGTHR just like BSDs - Further improve POSIX thread cancellations - Ensure asynchronous cancellations work correctly - Elevate the quality of getrandom() and getentropy() - Make futexes cancel correctly on OpenBSD 6.x and 7.x - Add reboot.com and shutdown.com to examples directory - Remove underscore prefix from awesome timespec_*() APIs - Create assertions that help verify our cancellation points - Remove bad timespec APIs (cmp generalizes eq/ne/gt/gte/lt/lte)
2022-11-06 02:49:41 +00:00
lua_pushinteger(L, timespec_tomillis(heartbeatinterval));
Add OnServerHeartbeat to Redbean (#522)
2022-08-03 03:41:44 +00:00
return 1;
}
Add max worker processing to redbean (#520) * Add max worker processing * Introduce ProgramMaxWorkers() API
2022-08-05 22:21:27 +00:00
static int LuaProgramMaxWorkers(lua_State *L) {
OnlyCallFromMainProcess(L, "ProgramMaxWorkers");
if (!lua_isinteger(L, 1) && !lua_isnoneornil(L, 1)) {
return luaL_argerror(L, 1, "invalid number of workers; integer expected");
}
lua_pushinteger(L, maxworkers);
if (lua_isinteger(L, 1)) maxworkers = lua_tointeger(L, 1);
Enter meltdown mode if ProgramMaxWorkers triggers
2022-08-05 22:42:17 +00:00
maxworkers = MAX(maxworkers, 1);
Add max worker processing to redbean (#520) * Add max worker processing * Introduce ProgramMaxWorkers() API
2022-08-05 22:21:27 +00:00
return 1;
}
Release redbean 2.0.7
2022-06-24 00:59:35 +00:00
static int LuaProgramAddr(lua_State *L) {
uint32_t ip;
OnlyCallFromInitLua(L, "ProgramAddr");
if (lua_isinteger(L, 1)) {
ip = luaL_checkinteger(L, 1);
ips.p = realloc(ips.p, ++ips.n * sizeof(*ips.p));
ips.p[ips.n - 1] = ip;
} else {
ProgramAddr(luaL_checkstring(L, 1));
}
Have redbean show zip listing as default / handler If an "index.lua" or "index.html" doesn't exist in zip file or the filesystem, and no redirects have been defined for it either, then redbean will render a listing of the zip central directory content only if the request uri points to the root path.
2021-03-29 08:22:49 +00:00
return 0;
}
Release redbean 2.0.7
2022-06-24 00:59:35 +00:00
static dontinline int LuaProgramString(lua_State *L, void P(const char *)) {
P(luaL_checkstring(L, 1));
return 0;
Make improvements to redbean - Fix Content-Type inference when file extension has number - Remove shoddy Class A granular IP classiifcation - Have setuid() and setgid() take effect w/o daemonization - Make GetParams() return empty table instead of nil - Change SetLogLevel(int) to only apply to one message - Make SetLogLevel(int) good enough to be access_log off - Introduce ProgramUid(int) which is same as -U INT - Introduce ProgramGid(int) which is same as -G INT - Introduce ProgramLogPath(str) which is same as -L PATH - Introduce ProgramDirectory(str) which is same as -D PATH - Introduce ProgramLogBodies(bool) which is same as -b - Introduce ProgramLogMessages(bool) which is same as -m
2021-07-08 22:56:23 +00:00
}
static int LuaProgramBrand(lua_State *L) {
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
OnlyCallFromMainProcess(L, "ProgramBrand");
Make improvements to redbean - Fix Content-Type inference when file extension has number - Remove shoddy Class A granular IP classiifcation - Have setuid() and setgid() take effect w/o daemonization - Make GetParams() return empty table instead of nil - Change SetLogLevel(int) to only apply to one message - Make SetLogLevel(int) good enough to be access_log off - Introduce ProgramUid(int) which is same as -U INT - Introduce ProgramGid(int) which is same as -G INT - Introduce ProgramLogPath(str) which is same as -L PATH - Introduce ProgramDirectory(str) which is same as -D PATH - Introduce ProgramLogBodies(bool) which is same as -b - Introduce ProgramLogMessages(bool) which is same as -m
2021-07-08 22:56:23 +00:00
return LuaProgramString(L, ProgramBrand);
}
static int LuaProgramDirectory(lua_State *L) {
return LuaProgramString(L, ProgramDirectory);
}
static int LuaProgramLogPath(lua_State *L) {
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallFromInitLua(L, "ProgramLogPath");
Make improvements to redbean - Fix Content-Type inference when file extension has number - Remove shoddy Class A granular IP classiifcation - Have setuid() and setgid() take effect w/o daemonization - Make GetParams() return empty table instead of nil - Change SetLogLevel(int) to only apply to one message - Make SetLogLevel(int) good enough to be access_log off - Introduce ProgramUid(int) which is same as -U INT - Introduce ProgramGid(int) which is same as -G INT - Introduce ProgramLogPath(str) which is same as -L PATH - Introduce ProgramDirectory(str) which is same as -D PATH - Introduce ProgramLogBodies(bool) which is same as -b - Introduce ProgramLogMessages(bool) which is same as -m
2021-07-08 22:56:23 +00:00
return LuaProgramString(L, ProgramLogPath);
}
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
static int LuaProgramPidPath(lua_State *L) {
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallFromInitLua(L, "ProgramPidPath");
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
return LuaProgramString(L, ProgramPidPath);
}
Make redbean SSL more tunable This change enables SSL compression. It significantly reduces the network load of the testing infrastructure, for free, since this revision didn't need to change any runit protocol code. However we turn it off by default in redbean since no browsers support it. It turns out that some TLSv1.0 clients (e.g. curl command on RHEL5) will send an SSLv2-style ClientHello. These types of clients are usually ten+ years old and were designed to interop with servers ten years older than them. Your redbean is now able to interop with these clients even though redbean doesn't actually support SSLv2 or SSLv3. Please note that the -B flag may be passed to disable this along with TLSv1.0, TLSv1.1, 3DES, &c The following Lua APIs have been added to redbean: - ProgramSslCompression(bool) - ProgramSslCiphersuite(name:str) - ProgramSslPresharedKey(key:str,identity:str) Lastly the DHE ciphersuites have been enabled. IANA recommends DHE and with old clients like RHEL5 it's the only perfect forward secrecy they implement.
2021-08-09 14:00:23 +00:00
static int LuaProgramSslPresharedKey(lua_State *L) {
struct Psk psk;
size_t n1, n2, i;
const char *p1, *p2;
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
OnlyCallFromMainProcess(L, "ProgramSslPresharedKey");
Make redbean SSL more tunable This change enables SSL compression. It significantly reduces the network load of the testing infrastructure, for free, since this revision didn't need to change any runit protocol code. However we turn it off by default in redbean since no browsers support it. It turns out that some TLSv1.0 clients (e.g. curl command on RHEL5) will send an SSLv2-style ClientHello. These types of clients are usually ten+ years old and were designed to interop with servers ten years older than them. Your redbean is now able to interop with these clients even though redbean doesn't actually support SSLv2 or SSLv3. Please note that the -B flag may be passed to disable this along with TLSv1.0, TLSv1.1, 3DES, &c The following Lua APIs have been added to redbean: - ProgramSslCompression(bool) - ProgramSslCiphersuite(name:str) - ProgramSslPresharedKey(key:str,identity:str) Lastly the DHE ciphersuites have been enabled. IANA recommends DHE and with old clients like RHEL5 it's the only perfect forward secrecy they implement.
2021-08-09 14:00:23 +00:00
p1 = luaL_checklstring(L, 1, &n1);
p2 = luaL_checklstring(L, 2, &n2);
if (!n1 || n1 > MBEDTLS_PSK_MAX_LEN || !n2) {
luaL_argerror(L, 1, "bad preshared key length");
unreachable;
}
psk.key = memcpy(malloc(n1), p1, n1);
psk.key_len = n1;
psk.identity = memcpy(malloc(n2), p2, n2);
psk.identity_len = n2;
for (i = 0; i < psks.n; ++i) {
if (SlicesEqual(psk.identity, psk.identity_len, psks.p[i].identity,
psks.p[i].identity_len)) {
mbedtls_platform_zeroize(psks.p[i].key, psks.p[i].key_len);
free(psks.p[i].key);
free(psks.p[i].identity);
psks.p[i] = psk;
return 0;
}
}
psks.p = realloc(psks.p, ++psks.n * sizeof(*psks.p));
psks.p[psks.n - 1] = psk;
return 0;
}
static int LuaProgramSslCiphersuite(lua_State *L) {
mbedtls_ssl_ciphersuite_t *suite;
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
OnlyCallFromInitLua(L, "ProgramSslCiphersuite");
Make redbean SSL more tunable This change enables SSL compression. It significantly reduces the network load of the testing infrastructure, for free, since this revision didn't need to change any runit protocol code. However we turn it off by default in redbean since no browsers support it. It turns out that some TLSv1.0 clients (e.g. curl command on RHEL5) will send an SSLv2-style ClientHello. These types of clients are usually ten+ years old and were designed to interop with servers ten years older than them. Your redbean is now able to interop with these clients even though redbean doesn't actually support SSLv2 or SSLv3. Please note that the -B flag may be passed to disable this along with TLSv1.0, TLSv1.1, 3DES, &c The following Lua APIs have been added to redbean: - ProgramSslCompression(bool) - ProgramSslCiphersuite(name:str) - ProgramSslPresharedKey(key:str,identity:str) Lastly the DHE ciphersuites have been enabled. IANA recommends DHE and with old clients like RHEL5 it's the only perfect forward secrecy they implement.
2021-08-09 14:00:23 +00:00
if (!(suite = GetCipherSuite(luaL_checkstring(L, 1)))) {
luaL_argerror(L, 1, "unsupported or unknown ciphersuite");
unreachable;
}
suites.p = realloc(suites.p, (++suites.n + 1) * sizeof(*suites.p));
suites.p[suites.n - 1] = suite->id;
suites.p[suites.n - 0] = 0;
return 0;
}
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
static int LuaProgramPrivateKey(lua_State *L) {
size_t n;
const char *p;
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallFromInitLua(L, "ProgramPrivateKey");
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
p = luaL_checklstring(L, 1, &n);
ProgramPrivateKey(p, n);
return 0;
}
static int LuaProgramCertificate(lua_State *L) {
size_t n;
const char *p;
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallFromInitLua(L, "ProgramCertificate");
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
p = luaL_checklstring(L, 1, &n);
ProgramCertificate(p, n);
return 0;
}
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
static int LuaProgramHeader(lua_State *L) {
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
ProgramHeader(
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
_gc(xasprintf("%s: %s", luaL_checkstring(L, 1), luaL_checkstring(L, 2))));
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
return 0;
}
Have redbean show zip listing as default / handler If an "index.lua" or "index.html" doesn't exist in zip file or the filesystem, and no redirects have been defined for it either, then redbean will render a listing of the zip central directory content only if the request uri points to the root path.
2021-03-29 08:22:49 +00:00
static int LuaProgramRedirect(lua_State *L) {
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
int code;
const char *from, *to;
code = luaL_checkinteger(L, 1);
from = luaL_checkstring(L, 2);
to = luaL_checkstring(L, 3);
ProgramRedirect(code, strdup(from), strlen(from), strdup(to), strlen(to));
Have redbean show zip listing as default / handler If an "index.lua" or "index.html" doesn't exist in zip file or the filesystem, and no redirects have been defined for it either, then redbean will render a listing of the zip central directory content only if the request uri points to the root path.
2021-03-29 08:22:49 +00:00
return 0;
}
Change noinline to dontinline (#312) We defined `noinline` as an abbreviation for the longer version `__attribute__((__noinline__))` which caused name clashes since third party codebases often write it as `__attribute__((noinline))`.
2021-11-12 23:12:18 +00:00
static dontinline int LuaProgramBool(lua_State *L, bool *b) {
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
*b = lua_toboolean(L, 1);
return 0;
}
static int LuaProgramSslClientVerify(lua_State *L) {
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallFromInitLua(L, "ProgramSslClientVerify");
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
return LuaProgramBool(L, &sslclientverify);
}
Improve redbean plus code size optimizations This change turns symbol table compression back on using Puff, which noticeably reduces the size of programs like redbean and Python. The redbean web server receives some minor API additions for controlling things like SSL in addition to filling gaps in the documentation.
2022-05-29 15:14:55 +00:00
static int LuaProgramSslRequired(lua_State *L) {
OnlyCallFromInitLua(L, "ProgramSslRequired");
return LuaProgramBool(L, &requiressl);
}
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
static int LuaProgramSslFetchVerify(lua_State *L) {
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
OnlyCallFromMainProcess(L, "ProgramSslFetchVerify");
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
return LuaProgramBool(L, &sslfetchverify);
}
Redbean SSL identification (#360) * Let Fetch() be used earlier in initialization * Have ssl log messages show cert name * Introduce GetSslIdentity Lua API
2022-03-15 00:11:05 +00:00
static int LuaProgramSslInit(lua_State *L) {
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
OnlyCallFromInitLua(L, "SslInit");
Redbean SSL identification (#360) * Let Fetch() be used earlier in initialization * Have ssl log messages show cert name * Introduce GetSslIdentity Lua API
2022-03-15 00:11:05 +00:00
TlsInit();
return 0;
}
Make improvements to redbean - Fix Content-Type inference when file extension has number - Remove shoddy Class A granular IP classiifcation - Have setuid() and setgid() take effect w/o daemonization - Make GetParams() return empty table instead of nil - Change SetLogLevel(int) to only apply to one message - Make SetLogLevel(int) good enough to be access_log off - Introduce ProgramUid(int) which is same as -U INT - Introduce ProgramGid(int) which is same as -G INT - Introduce ProgramLogPath(str) which is same as -L PATH - Introduce ProgramDirectory(str) which is same as -D PATH - Introduce ProgramLogBodies(bool) which is same as -b - Introduce ProgramLogMessages(bool) which is same as -m
2021-07-08 22:56:23 +00:00
static int LuaProgramLogMessages(lua_State *L) {
return LuaProgramBool(L, &logmessages);
}
static int LuaProgramLogBodies(lua_State *L) {
return LuaProgramBool(L, &logbodies);
}
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
static int LuaEvadeDragnetSurveillance(lua_State *L) {
return LuaProgramBool(L, &evadedragnetsurveillance);
}
Enable serving zip directory entries
2021-03-29 09:39:20 +00:00
static int LuaHidePath(lua_State *L) {
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
size_t pathlen;
const char *path;
path = luaL_checklstring(L, 1, &pathlen);
Fix redbean hidden path bug
2021-06-10 15:55:04 +00:00
AddString(&hidepaths, memcpy(malloc(pathlen), path, pathlen), pathlen);
Enable serving zip directory entries
2021-03-29 09:39:20 +00:00
return 0;
}
static int LuaIsHiddenPath(lua_State *L) {
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
size_t n;
const char *s;
s = luaL_checklstring(L, 1, &n);
lua_pushboolean(L, IsHiddenPath(s, n));
Enable serving zip directory entries
2021-03-29 09:39:20 +00:00
return 1;
}
static int LuaGetZipPaths(lua_State *L) {
char *path;
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
uint8_t *zcf;
Extend GetZipPaths to accept an optional prefix (#320)
2021-11-12 23:28:05 +00:00
size_t i, n, pathlen, prefixlen;
char *prefix = luaL_optlstring(L, 1, "", &prefixlen);
Enable serving zip directory entries
2021-03-29 09:39:20 +00:00
lua_newtable(L);
i = 0;
Add live reindexing to redbean when zip changes
2021-05-02 18:50:43 +00:00
n = GetZipCdirRecords(zcdir);
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
for (zcf = zbase + GetZipCdirOffset(zcdir); n--;
zcf += ZIP_CFILE_HDRSIZE(zcf)) {
CHECK_EQ(kZipCfileHdrMagic, ZIP_CFILE_MAGIC(zcf));
path = GetAssetPath(zcf, &pathlen);
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
if (prefixlen == 0 || _startswith(path, prefix)) {
Extend GetZipPaths to accept an optional prefix (#320)
2021-11-12 23:28:05 +00:00
lua_pushlstring(L, path, pathlen);
lua_seti(L, -2, ++i);
}
Enable serving zip directory entries
2021-03-29 09:39:20 +00:00
free(path);
}
return 1;
}
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
static int LuaGetAssetMode(lua_State *L) {
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
size_t pathlen;
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
struct Asset *a;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
const char *path;
path = LuaCheckPath(L, 1, &pathlen);
if ((a = GetAsset(path, pathlen))) {
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
lua_pushinteger(L, GetMode(a));
} else {
lua_pushnil(L);
}
return 1;
}
Polish redbean APIs and docs (#446) * Remove undocumented ProgramSslCompression * Rename GetLastModified to GetAssetLastModified * Rename IsCompressed to IsAssetCompressed * Reorganize currently deprecated functions * Update sockopt documentation for clarity
2022-06-24 01:54:35 +00:00
static int LuaGetAssetLastModifiedTime(lua_State *L) {
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
size_t pathlen;
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
struct Asset *a;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
const char *path;
Refactor out some duplicated code
2021-08-14 13:17:56 +00:00
struct timespec lm;
int64_t zuluseconds;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
path = LuaCheckPath(L, 1, &pathlen);
if ((a = GetAsset(path, pathlen))) {
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
if (a->file) {
Refactor out some duplicated code
2021-08-14 13:17:56 +00:00
zuluseconds = a->file->st.st_mtim.tv_sec;
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
} else {
Refactor out some duplicated code
2021-08-14 13:17:56 +00:00
GetZipCfileTimestamps(zbase + a->cf, &lm, 0, 0, gmtoff);
zuluseconds = lm.tv_sec;
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
}
Refactor out some duplicated code
2021-08-14 13:17:56 +00:00
lua_pushinteger(L, zuluseconds);
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
} else {
lua_pushnil(L);
}
return 1;
}
static int LuaGetAssetSize(lua_State *L) {
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
size_t pathlen;
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
struct Asset *a;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
const char *path;
path = LuaCheckPath(L, 1, &pathlen);
if ((a = GetAsset(path, pathlen))) {
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
if (a->file) {
lua_pushinteger(L, a->file->st.st_size);
} else {
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
lua_pushinteger(L, GetZipLfileUncompressedSize(zbase + a->lf));
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
}
} else {
lua_pushnil(L);
}
return 1;
}
Polish redbean APIs and docs (#446) * Remove undocumented ProgramSslCompression * Rename GetLastModified to GetAssetLastModified * Rename IsCompressed to IsAssetCompressed * Reorganize currently deprecated functions * Update sockopt documentation for clarity
2022-06-24 01:54:35 +00:00
static int LuaIsAssetCompressed(lua_State *L) {
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
size_t pathlen;
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
struct Asset *a;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
const char *path;
path = LuaCheckPath(L, 1, &pathlen);
if ((a = GetAsset(path, pathlen))) {
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
lua_pushboolean(L, IsCompressed(a));
} else {
lua_pushnil(L);
}
return 1;
}
Make some more fixes to prod
2022-10-19 20:10:00 +00:00
static bool Blackhole(uint32_t ip) {
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
char buf[4];
Make some more fixes to prod
2022-10-19 20:10:00 +00:00
if (blackhole.fd <= 0) return false;
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
WRITE32BE(buf, ip);
Make some last minute production changes
2022-10-19 17:00:29 +00:00
if (sendto(blackhole.fd, &buf, 4, 0, (struct sockaddr *)&blackhole.addr,
Make some more fixes to prod
2022-10-19 20:10:00 +00:00
sizeof(blackhole.addr)) != -1) {
return true;
} else {
VERBOSEF("(token) sendto(%s) failed: %m", blackhole.addr.sun_path);
Make some last minute production changes
2022-10-19 17:00:29 +00:00
errno = 0;
Make some more fixes to prod
2022-10-19 20:10:00 +00:00
return false;
}
}
static int LuaBlackhole(lua_State *L) {
lua_Integer ip;
ip = luaL_checkinteger(L, 1);
if (!(0 <= ip && ip <= 0xffffffff)) {
luaL_argerror(L, 1, "ip out of range");
unreachable;
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
}
Make some more fixes to prod
2022-10-19 20:10:00 +00:00
lua_pushboolean(L, Blackhole(ip));
return 1;
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
}
wontreturn static void Replenisher(void) {
struct timespec ts;
Make some more fixes to prod
2022-10-19 20:10:00 +00:00
VERBOSEF("(token) replenish worker started");
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
signal(SIGINT, OnTerm);
signal(SIGHUP, OnTerm);
signal(SIGTERM, OnTerm);
signal(SIGUSR1, SIG_IGN); // make sure reload won't kill this
signal(SIGUSR2, SIG_IGN); // make sure meltdown won't kill this
Improve cancellations, randomness, and time - Exhaustively document cancellation points - Rename SIGCANCEL to SIGTHR just like BSDs - Further improve POSIX thread cancellations - Ensure asynchronous cancellations work correctly - Elevate the quality of getrandom() and getentropy() - Make futexes cancel correctly on OpenBSD 6.x and 7.x - Add reboot.com and shutdown.com to examples directory - Remove underscore prefix from awesome timespec_*() APIs - Create assertions that help verify our cancellation points - Remove bad timespec APIs (cmp generalizes eq/ne/gt/gte/lt/lte)
2022-11-06 02:49:41 +00:00
ts = timespec_real();
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
while (!terminated) {
if (clock_nanosleep(CLOCK_REALTIME, TIMER_ABSTIME, &ts, 0)) {
errno = 0;
continue;
}
ReplenishTokens(tokenbucket.w, (1ul << tokenbucket.cidr) / 8);
Improve cancellations, randomness, and time - Exhaustively document cancellation points - Rename SIGCANCEL to SIGTHR just like BSDs - Further improve POSIX thread cancellations - Ensure asynchronous cancellations work correctly - Elevate the quality of getrandom() and getentropy() - Make futexes cancel correctly on OpenBSD 6.x and 7.x - Add reboot.com and shutdown.com to examples directory - Remove underscore prefix from awesome timespec_*() APIs - Create assertions that help verify our cancellation points - Remove bad timespec APIs (cmp generalizes eq/ne/gt/gte/lt/lte)
2022-11-06 02:49:41 +00:00
ts = timespec_add(ts, tokenbucket.replenish);
Make some more fixes to prod
2022-10-19 20:10:00 +00:00
DEBUGF("(token) replenished tokens");
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
}
Make some more fixes to prod
2022-10-19 20:10:00 +00:00
VERBOSEF("(token) replenish worker exiting");
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
_Exit(0);
}
static int LuaAcquireToken(lua_State *L) {
uint32_t ip;
if (!tokenbucket.cidr) {
luaL_error(L, "ProgramTokenBucket() needs to be called first");
unreachable;
}
GetClientAddr(&ip, 0);
lua_pushinteger(L, AcquireToken(tokenbucket.b, luaL_optinteger(L, 1, ip),
tokenbucket.cidr));
return 1;
}
static int LuaCountTokens(lua_State *L) {
uint32_t ip;
if (!tokenbucket.cidr) {
luaL_error(L, "ProgramTokenBucket() needs to be called first");
unreachable;
}
GetClientAddr(&ip, 0);
lua_pushinteger(L, CountTokens(tokenbucket.b, luaL_optinteger(L, 1, ip),
tokenbucket.cidr));
return 1;
}
static int LuaProgramTokenBucket(lua_State *L) {
if (tokenbucket.cidr) {
luaL_error(L, "ProgramTokenBucket() can only be called once");
unreachable;
}
lua_Number replenish = luaL_optnumber(L, 1, 1); // per second
lua_Integer cidr = luaL_optinteger(L, 2, 24);
lua_Integer reject = luaL_optinteger(L, 3, 30);
lua_Integer ignore = luaL_optinteger(L, 4, MIN(reject / 2, 15));
lua_Integer ban = luaL_optinteger(L, 5, MIN(ignore / 10, 1));
if (!(1 / 3600. <= replenish && replenish <= 1e6)) {
luaL_argerror(L, 1, "require 1/3600 <= replenish <= 1e6");
unreachable;
}
if (!(8 <= cidr && cidr <= 32)) {
luaL_argerror(L, 2, "require 8 <= cidr <= 32");
unreachable;
}
if (!(-1 <= reject && reject <= 126)) {
luaL_argerror(L, 3, "require -1 <= reject <= 126");
unreachable;
}
if (!(-1 <= ignore && ignore <= 126)) {
luaL_argerror(L, 4, "require -1 <= ignore <= 126");
unreachable;
}
if (!(-1 <= ban && ban <= 126)) {
luaL_argerror(L, 5, "require -1 <= ban <= 126");
unreachable;
}
if (!(ignore <= reject)) {
luaL_argerror(L, 4, "require ignore <= reject");
unreachable;
}
if (!(ban <= ignore)) {
luaL_argerror(L, 5, "require ban <= ignore");
unreachable;
}
Make some more fixes to prod
2022-10-19 20:10:00 +00:00
INFOF("(token) deploying %,ld buckets "
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
"(one for every %ld ips) "
"each holding 127 tokens which "
"replenish %g times per second, "
"reject at %d tokens, "
"ignore at %d tokens, and "
"ban at %d tokens",
1L << cidr, //
4294967296 / (1L << cidr), //
replenish, //
reject, //
ignore, //
ban);
if (ignore == -1) ignore = -128;
if (ban == -1) ban = -128;
if (ban >= 0 && (IsLinux() || IsBsd())) {
Make some last minute production changes
2022-10-19 17:00:29 +00:00
uint32_t testip = 0;
blackhole.addr.sun_family = AF_UNIX;
strlcpy(blackhole.addr.sun_path, "/var/run/blackhole.sock",
sizeof(blackhole.addr.sun_path));
if ((blackhole.fd = socket(AF_UNIX, SOCK_DGRAM | SOCK_NONBLOCK, 0)) == -1) {
Make some more fixes to prod
2022-10-19 20:10:00 +00:00
WARNF("(token) socket(AF_UNIX) failed: %m");
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
ban = -1;
Make some last minute production changes
2022-10-19 17:00:29 +00:00
} else if (sendto(blackhole.fd, &testip, 4, 0,
(struct sockaddr *)&blackhole.addr,
sizeof(blackhole.addr)) == -1) {
Make some more fixes to prod
2022-10-19 20:10:00 +00:00
WARNF("(token) error: sendto(%`'s) failed: %m", blackhole.addr.sun_path);
WARNF("(token) redbean isn't able to protect your kernel from ddos");
WARNF("(token) please run the blackholed program; see our website!");
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
}
}
tokenbucket.b = _mapshared(ROUNDUP(1ul << cidr, FRAMESIZE));
memset(tokenbucket.b, 127, 1ul << cidr);
tokenbucket.cidr = cidr;
tokenbucket.reject = reject;
tokenbucket.ignore = ignore;
tokenbucket.ban = ban;
Improve cancellations, randomness, and time - Exhaustively document cancellation points - Rename SIGCANCEL to SIGTHR just like BSDs - Further improve POSIX thread cancellations - Ensure asynchronous cancellations work correctly - Elevate the quality of getrandom() and getentropy() - Make futexes cancel correctly on OpenBSD 6.x and 7.x - Add reboot.com and shutdown.com to examples directory - Remove underscore prefix from awesome timespec_*() APIs - Create assertions that help verify our cancellation points - Remove bad timespec APIs (cmp generalizes eq/ne/gt/gte/lt/lte)
2022-11-06 02:49:41 +00:00
tokenbucket.replenish = timespec_fromnanos(1 / replenish * 1e9);
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
int pid = fork();
_npassert(pid != -1);
if (!pid) Replenisher();
return 0;
}
Add MapContentType to redbean (#566)
2022-08-23 05:02:58 +00:00
static const char *GetContentTypeExt(const char *path, size_t n) {
char *r, *e;
int top;
lua_State *L = GL;
if ((r = FindContentType(path, n))) return r;
// extract the last .; use the entire path if none is present
if (e = strrchr(path, '.')) path = e + 1;
top = lua_gettop(L);
lua_pushlightuserdata(L, (void *)&ctIdx); // push address as unique key
CHECK_EQ(lua_gettable(L, LUA_REGISTRYINDEX), LUA_TTABLE);
lua_pushstring(L, path);
if (lua_gettable(L, -2) == LUA_TSTRING)
r = FreeLater(strdup(lua_tostring(L, -1)));
lua_settop(L, top);
return r;
}
Rename MapContentType to ProgramContentType (#570)
2022-08-24 16:35:17 +00:00
static int LuaProgramContentType(lua_State *L) {
Add MapContentType to redbean (#566)
2022-08-23 05:02:58 +00:00
const char *ext = luaL_checkstring(L, 1);
const char *ct;
int n = lua_gettop(L);
lua_pushlightuserdata(L, (void *)&ctIdx); // push address as unique key
CHECK_EQ(lua_gettable(L, LUA_REGISTRYINDEX), LUA_TTABLE);
if (n == 1) {
ext = FreeLater(xasprintf(".%s", ext));
if ((ct = GetContentTypeExt(ext, strlen(ext)))) {
lua_pushstring(L, ct);
} else {
lua_pushnil(L);
}
return 1;
} else {
ct = luaL_checkstring(L, 2);
lua_pushstring(L, ext);
lua_pushstring(L, ct);
lua_settable(L, -3); // table[ext] = ct
return 0;
}
}
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
static int LuaIsDaemon(lua_State *L) {
lua_pushboolean(L, daemonize);
return 1;
}
Redbean getstatus and more (#308) * Add GetBody() Lua API to redbean. This improves consistency with RFC 7230 terminology and should be favored over the old GetPayload function. * Add GetStatus() API to redbean. This is useful to get status after it's changed/set by Redbean, for example if 505 or 508 is set when ServeRedirect is called. * Introduce GetAssetComment() API to redbean. This function should be favored over the old name GetComment(). * Introduce IsLoopbackClient() API to redbean * Limit redbean reason to 128 chars when set instead of reporting an error
2021-11-12 23:00:41 +00:00
static int LuaGetAssetComment(lua_State *L) {
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
struct Asset *a;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
const char *path;
size_t pathlen, m;
path = LuaCheckPath(L, 1, &pathlen);
if ((a = GetAssetZip(path, pathlen)) &&
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
(m = strnlen(ZIP_CFILE_COMMENT(zbase + a->cf),
ZIP_CFILE_COMMENTSIZE(zbase + a->cf)))) {
lua_pushlstring(L, ZIP_CFILE_COMMENT(zbase + a->cf), m);
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
} else {
lua_pushnil(L);
}
return 1;
}
Added LaunchBrowser API (#153) You can now add LaunchBrowser() to .init.lua which will ask redbean to open your website in the local desktop browser when the server is launched.
2021-04-18 14:24:36 +00:00
static int LuaLaunchBrowser(lua_State *L) {
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
OnlyCallFromInitLua(L, "LaunchBrowser");
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
launchbrowser = strdup(luaL_optstring(L, 1, "/"));
return 0;
Added LaunchBrowser API (#153) You can now add LaunchBrowser() to .init.lua which will ask redbean to open your website in the local desktop browser when the server is launched.
2021-04-18 14:24:36 +00:00
}
Redbean StoreAsset fix and lua cli (#326) * Fix StoreAsset update for existing assets in redbean * Add lua code execution and asset storage from redbean command line
2022-03-05 02:47:15 +00:00
static bool LuaRunAsset(const char *path, bool mandatory) {
Let ctrl-c interrupt lua server pages in repl mode
2022-05-14 18:47:16 +00:00
int status;
Make major improvements to stdio Buffering now has optimal performance, bugs have been fixed, and some missing apis have been introduced. This implementation is also now more production worthy since it's less brittle now in terms of system errors. That's going to help redbean since lua i/o is all based on stdio. See #97
2021-03-27 05:31:41 +00:00
struct Asset *a;
const char *code;
Add Lua compiler Redbean Lua Server Pages may now be stored in the zip as byte code. This can improve performance, since redbean currently doesn't cache byte code but it might be more useful for anyone wanting to create a closed source redbean. The .lua extension should be used for byte code files. Lua will tell them apart based on a magic number at the start of the file. This change also improves some Lua error reporting conditions. See #97
2021-08-09 20:09:14 +00:00
size_t pathlen, codelen;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
pathlen = strlen(path);
if ((a = GetAsset(path, pathlen))) {
Update redbean to show Lua stack traces (#237) - Update redbean to include stack trace in Lua errors - Extend Lua in redbean to include stack trace in all logged errors - Update default error page in redbean with error details (when allowed) - Prepend `@` to Lua paths in redbean to recognize them as paths in error messages - Replace GetClientAddr with GetRemoteAddr to avoid backtrace leak in proxy scenarios - Fix typo in GetRemoteAddr documentation
2021-08-12 06:27:39 +00:00
if ((code = FreeLater(LoadAsset(a, &codelen)))) {
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
lua_State *L = GL;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
effectivepath.p = path;
effectivepath.n = pathlen;
Redbean StoreAsset fix and lua cli (#326) * Fix StoreAsset update for existing assets in redbean * Add lua code execution and asset storage from redbean command line
2022-03-05 02:47:15 +00:00
DEBUGF("(lua) LuaRunAsset(%`'s)", path);
Strengthen the pledge() polyfill
2022-06-27 20:01:58 +00:00
status = luaL_loadbuffer(
L, code, codelen,
Improve redbean ZeroBrane integration (#451)
2022-06-27 04:13:53 +00:00
FreeLater(xasprintf("@%s%s", a->file ? "" : "/zip", path)));
Redbean stream yield implementation (#370) * Simplify handling of coroutine state * Update redbean to allow yielding from Lua to support streaming * Add stack checks for Lua resume calls in redbean
2022-03-22 01:07:30 +00:00
if (status != LUA_OK || LuaCallWithTrace(L, 0, 0, NULL) != LUA_OK) {
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
LogLuaError("lua code", lua_tostring(L, -1));
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
lua_pop(L, 1); // pop error
Update redbean to show Lua stack traces (#237) - Update redbean to include stack trace in Lua errors - Extend Lua in redbean to include stack trace in all logged errors - Update default error page in redbean with error details (when allowed) - Prepend `@` to Lua paths in redbean to recognize them as paths in error messages - Replace GetClientAddr with GetRemoteAddr to avoid backtrace leak in proxy scenarios - Fix typo in GetRemoteAddr documentation
2021-08-12 06:27:39 +00:00
if (mandatory) exit(1);
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
}
Make major improvements to stdio Buffering now has optimal performance, bugs have been fixed, and some missing apis have been introduced. This implementation is also now more production worthy since it's less brittle now in terms of system errors. That's going to help redbean since lua i/o is all based on stdio. See #97
2021-03-27 05:31:41 +00:00
}
}
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
return !!a;
Make major improvements to stdio Buffering now has optimal performance, bugs have been fixed, and some missing apis have been introduced. This implementation is also now more production worthy since it's less brittle now in terms of system errors. That's going to help redbean since lua i/o is all based on stdio. See #97
2021-03-27 05:31:41 +00:00
}
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
// <SORTED>
// list of functions that can't be run from the repl
static const char *const kDontAutoComplete[] = {
Add Deflate() / Inflate() to redbean and fix bugs The Compress() and Uncompress() APIs were a mistake. The functions themselves work fine, but it's a design blemish and does superfluous work. Since they were only introduced in the last few weeks, they're now deprecated and references to them have been scrubbed from the website and other documentation. Please use the new APIs since the old APIs will be removed at some point in the future. This change introduces automated Lua unit tests for the Redbean APIs. There's a few functions that were broken which have now been fixed, e.g. Underlong() and Decimate().
2022-07-08 16:47:04 +00:00
"Compress", // deprecated
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
"GetBody", //
"GetClientAddr", //
"GetClientFd", //
Polish redbean APIs and docs (#446) * Remove undocumented ProgramSslCompression * Rename GetLastModified to GetAssetLastModified * Rename IsCompressed to IsAssetCompressed * Reorganize currently deprecated functions * Update sockopt documentation for clarity
2022-06-24 01:54:35 +00:00
"GetComment", // deprecated
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
"GetCookie", //
"GetEffectivePath", //
"GetFragment", //
"GetHeader", //
"GetHeaders", //
"GetHost", //
"GetHttpVersion", //
Polish redbean APIs and docs (#446) * Remove undocumented ProgramSslCompression * Rename GetLastModified to GetAssetLastModified * Rename IsCompressed to IsAssetCompressed * Reorganize currently deprecated functions * Update sockopt documentation for clarity
2022-06-24 01:54:35 +00:00
"GetLastModifiedTime", // deprecated
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
"GetMethod", //
"GetParam", //
"GetParams", //
"GetPass", //
"GetPath", //
Polish redbean APIs and docs (#446) * Remove undocumented ProgramSslCompression * Rename GetLastModified to GetAssetLastModified * Rename IsCompressed to IsAssetCompressed * Reorganize currently deprecated functions * Update sockopt documentation for clarity
2022-06-24 01:54:35 +00:00
"GetPayload", // deprecated
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
"GetPort", //
"GetRemoteAddr", //
Add GetResponseBody to redbean (#502) * Add GetResponseBody to redbean to get access to generated response * Update GetStatus to return status code set by redbean itself (outside of Lua code)
2022-07-22 18:22:39 +00:00
"GetResponseBody", //
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
"GetScheme", //
"GetServerAddr", //
"GetSslIdentity", //
"GetStatus", //
"GetUrl", //
"GetUser", //
Polish redbean APIs and docs (#446) * Remove undocumented ProgramSslCompression * Rename GetLastModified to GetAssetLastModified * Rename IsCompressed to IsAssetCompressed * Reorganize currently deprecated functions * Update sockopt documentation for clarity
2022-06-24 01:54:35 +00:00
"GetVersion", // deprecated
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
"HasParam", //
"IsClientUsingSsl", //
Polish redbean APIs and docs (#446) * Remove undocumented ProgramSslCompression * Rename GetLastModified to GetAssetLastModified * Rename IsCompressed to IsAssetCompressed * Reorganize currently deprecated functions * Update sockopt documentation for clarity
2022-06-24 01:54:35 +00:00
"IsCompressed", // deprecated
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
"LaunchBrowser", //
Add ProgramMaxPayloadSize() API to Redbean This way we don't have to use the flag and can configure it using .init.lua instead.
2022-06-10 10:28:46 +00:00
"LuaProgramSslRequired", // TODO
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
"ProgramAddr", // TODO
"ProgramBrand", //
"ProgramCertificate", // TODO
"ProgramGid", //
"ProgramLogPath", // TODO
Add ProgramMaxPayloadSize() API to Redbean This way we don't have to use the flag and can configure it using .init.lua instead.
2022-06-10 10:28:46 +00:00
"ProgramMaxPayloadSize", // TODO
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
"ProgramPidPath", // TODO
"ProgramPort", // TODO
"ProgramPrivateKey", // TODO
"ProgramSslCiphersuite", // TODO
"ProgramSslClientVerify", // TODO
"ProgramSslTicketLifetime", //
"ProgramTimeout", // TODO
"ProgramUid", //
"ProgramUniprocess", //
"Respond", //
"Route", //
"RouteHost", //
"RoutePath", //
"ServeAsset", //
"ServeIndex", //
"ServeListing", //
"ServeRedirect", //
"ServeStatusz", //
"SetCookie", //
"SetHeader", //
"SslInit", // TODO
Add Deflate() / Inflate() to redbean and fix bugs The Compress() and Uncompress() APIs were a mistake. The functions themselves work fine, but it's a design blemish and does superfluous work. Since they were only introduced in the last few weeks, they're now deprecated and references to them have been scrubbed from the website and other documentation. Please use the new APIs since the old APIs will be removed at some point in the future. This change introduces automated Lua unit tests for the Redbean APIs. There's a few functions that were broken which have now been fixed, e.g. Underlong() and Decimate().
2022-07-08 16:47:04 +00:00
"Uncompress", // deprecated
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
"Write", //
};
// </SORTED>
Implement raw system call for redbean lua code You can now call functions like fork() from Lua and it'll work across all supported platforms, including Windows. This gives you a level of control of the system that Lua traditionally hasn't been able to have due to its focus on old portable stdio rather modern POSIX APIs. Demo code has been added to redbean-demo.com to show how it works. This change also modifies Lua so that integer literals with a leading zero will be interpreted as octal. That should help avoid shooting in the foot with POSIX APIs that frequently use octal mode bits. This change fixes a bug in opendir(".") on New Technology. Lastly, redbean will now serve crash reports to private network IPs. This is consistent with other frameworks. However that isn't served to public IPs unless the -E flag is passed to redbean at startup.
2022-04-13 15:49:17 +00:00
Add preliminary lua support to redbean This change only implements enough Lua support to send a Hello World response. The redbean executable size increases from ~128kb to 260kb and the requests per second decreases from 1000k to 600k. That's the fastest it can go and that's extremely impressive compared to Python See #97
2021-03-22 00:27:53 +00:00
static const luaL_Reg kLuaFuncs[] = {
Do some work on redbean - Rewrite Slurp() API to be like string.sub() - Introduce a new Barf() API for creating files - Update Redbean `-S` sandbox flag to do unveiling
2022-07-23 03:44:24 +00:00
{"Barf", LuaBarf}, //
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
{"Benchmark", LuaBenchmark}, //
{"Bsf", LuaBsf}, //
{"Bsr", LuaBsr}, //
{"CategorizeIp", LuaCategorizeIp}, //
{"Compress", LuaCompress}, //
{"Crc32", LuaCrc32}, //
{"Crc32c", LuaCrc32c}, //
{"Decimate", LuaDecimate}, //
{"DecodeBase64", LuaDecodeBase64}, //
Rename ParseJson() to DecodeJson() for consistency
2022-07-10 00:34:41 +00:00
{"DecodeJson", LuaDecodeJson}, //
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
{"DecodeLatin1", LuaDecodeLatin1}, //
Add Deflate() / Inflate() to redbean and fix bugs The Compress() and Uncompress() APIs were a mistake. The functions themselves work fine, but it's a design blemish and does superfluous work. Since they were only introduced in the last few weeks, they're now deprecated and references to them have been scrubbed from the website and other documentation. Please use the new APIs since the old APIs will be removed at some point in the future. This change introduces automated Lua unit tests for the Redbean APIs. There's a few functions that were broken which have now been fixed, e.g. Underlong() and Decimate().
2022-07-08 16:47:04 +00:00
{"Deflate", LuaDeflate}, //
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
{"EncodeBase64", LuaEncodeBase64}, //
{"EncodeJson", LuaEncodeJson}, //
{"EncodeLatin1", LuaEncodeLatin1}, //
{"EncodeLua", LuaEncodeLua}, //
{"EncodeUrl", LuaEncodeUrl}, //
{"EscapeFragment", LuaEscapeFragment}, //
{"EscapeHost", LuaEscapeHost}, //
{"EscapeHtml", LuaEscapeHtml}, //
{"EscapeIp", LuaEscapeIp}, //
{"EscapeLiteral", LuaEscapeLiteral}, //
{"EscapeParam", LuaEscapeParam}, //
{"EscapePass", LuaEscapePass}, //
{"EscapePath", LuaEscapePath}, //
{"EscapeSegment", LuaEscapeSegment}, //
{"EscapeUser", LuaEscapeUser}, //
{"Fetch", LuaFetch}, //
{"FormatHttpDateTime", LuaFormatHttpDateTime}, //
{"FormatIp", LuaFormatIp}, //
{"GetAssetComment", LuaGetAssetComment}, //
Polish redbean APIs and docs (#446) * Remove undocumented ProgramSslCompression * Rename GetLastModified to GetAssetLastModified * Rename IsCompressed to IsAssetCompressed * Reorganize currently deprecated functions * Update sockopt documentation for clarity
2022-06-24 01:54:35 +00:00
{"GetAssetLastModifiedTime", LuaGetAssetLastModifiedTime}, //
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
{"GetAssetMode", LuaGetAssetMode}, //
{"GetAssetSize", LuaGetAssetSize}, //
{"GetBody", LuaGetBody}, //
{"GetClientAddr", LuaGetClientAddr}, //
{"GetClientFd", LuaGetClientFd}, //
{"GetCookie", LuaGetCookie}, //
{"GetCpuCore", LuaGetCpuCore}, //
{"GetCpuCount", LuaGetCpuCount}, //
{"GetCpuNode", LuaGetCpuNode}, //
{"GetCryptoHash", LuaGetCryptoHash}, //
{"GetDate", LuaGetDate}, //
{"GetEffectivePath", LuaGetEffectivePath}, //
{"GetFragment", LuaGetFragment}, //
{"GetHeader", LuaGetHeader}, //
{"GetHeaders", LuaGetHeaders}, //
{"GetHost", LuaGetHost}, //
{"GetHostOs", LuaGetHostOs}, //
{"GetHttpReason", LuaGetHttpReason}, //
{"GetHttpVersion", LuaGetHttpVersion}, //
{"GetLogLevel", LuaGetLogLevel}, //
{"GetMethod", LuaGetMethod}, //
{"GetMonospaceWidth", LuaGetMonospaceWidth}, //
{"GetParam", LuaGetParam}, //
{"GetParams", LuaGetParams}, //
{"GetPass", LuaGetPass}, //
{"GetPath", LuaGetPath}, //
{"GetPort", LuaGetPort}, //
{"GetRandomBytes", LuaGetRandomBytes}, //
{"GetRedbeanVersion", LuaGetRedbeanVersion}, //
{"GetRemoteAddr", LuaGetRemoteAddr}, //
Add GetResponseBody to redbean (#502) * Add GetResponseBody to redbean to get access to generated response * Update GetStatus to return status code set by redbean itself (outside of Lua code)
2022-07-22 18:22:39 +00:00
{"GetResponseBody", LuaGetResponseBody}, //
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
{"GetScheme", LuaGetScheme}, //
{"GetServerAddr", LuaGetServerAddr}, //
{"GetStatus", LuaGetStatus}, //
{"GetTime", LuaGetTime}, //
{"GetUrl", LuaGetUrl}, //
{"GetUser", LuaGetUser}, //
{"GetZipPaths", LuaGetZipPaths}, //
{"HasControlCodes", LuaHasControlCodes}, //
{"HasParam", LuaHasParam}, //
{"HidePath", LuaHidePath}, //
{"IndentLines", LuaIndentLines}, //
Add Deflate() / Inflate() to redbean and fix bugs The Compress() and Uncompress() APIs were a mistake. The functions themselves work fine, but it's a design blemish and does superfluous work. Since they were only introduced in the last few weeks, they're now deprecated and references to them have been scrubbed from the website and other documentation. Please use the new APIs since the old APIs will be removed at some point in the future. This change introduces automated Lua unit tests for the Redbean APIs. There's a few functions that were broken which have now been fixed, e.g. Underlong() and Decimate().
2022-07-08 16:47:04 +00:00
{"Inflate", LuaInflate}, //
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
{"IsAcceptableHost", LuaIsAcceptableHost}, //
{"IsAcceptablePath", LuaIsAcceptablePath}, //
{"IsAcceptablePort", LuaIsAcceptablePort}, //
{"IsAssetCompressed", LuaIsAssetCompressed}, //
Add Deflate() / Inflate() to redbean and fix bugs The Compress() and Uncompress() APIs were a mistake. The functions themselves work fine, but it's a design blemish and does superfluous work. Since they were only introduced in the last few weeks, they're now deprecated and references to them have been scrubbed from the website and other documentation. Please use the new APIs since the old APIs will be removed at some point in the future. This change introduces automated Lua unit tests for the Redbean APIs. There's a few functions that were broken which have now been fixed, e.g. Underlong() and Decimate().
2022-07-08 16:47:04 +00:00
{"IsClientUsingSsl", LuaIsClientUsingSsl}, //
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
{"IsDaemon", LuaIsDaemon}, //
{"IsHeaderRepeatable", LuaIsHeaderRepeatable}, //
{"IsHiddenPath", LuaIsHiddenPath}, //
{"IsLoopbackIp", LuaIsLoopbackIp}, //
{"IsPrivateIp", LuaIsPrivateIp}, //
{"IsPublicIp", LuaIsPublicIp}, //
{"IsReasonablePath", LuaIsReasonablePath}, //
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
{"IsTrustedIp", LuaIsTrusted}, // undocumented
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
{"IsValidHttpToken", LuaIsValidHttpToken}, //
{"LaunchBrowser", LuaLaunchBrowser}, //
{"Lemur64", LuaLemur64}, //
{"LoadAsset", LuaLoadAsset}, //
{"Log", LuaLog}, //
{"Md5", LuaMd5}, //
{"MeasureEntropy", LuaMeasureEntropy}, //
{"ParseHost", LuaParseHost}, //
{"ParseHttpDateTime", LuaParseHttpDateTime}, //
{"ParseIp", LuaParseIp}, //
{"ParseParams", LuaParseParams}, //
{"ParseUrl", LuaParseUrl}, //
{"Popcnt", LuaPopcnt}, //
{"ProgramAddr", LuaProgramAddr}, //
{"ProgramBrand", LuaProgramBrand}, //
{"ProgramCache", LuaProgramCache}, //
Rename MapContentType to ProgramContentType (#570)
2022-08-24 16:35:17 +00:00
{"ProgramContentType", LuaProgramContentType}, //
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
{"ProgramDirectory", LuaProgramDirectory}, //
{"ProgramGid", LuaProgramGid}, //
{"ProgramHeader", LuaProgramHeader}, //
Add OnServerHeartbeat to Redbean (#522)
2022-08-03 03:41:44 +00:00
{"ProgramHeartbeatInterval", LuaProgramHeartbeatInterval}, //
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
{"ProgramLogBodies", LuaProgramLogBodies}, //
{"ProgramLogMessages", LuaProgramLogMessages}, //
{"ProgramLogPath", LuaProgramLogPath}, //
{"ProgramMaxPayloadSize", LuaProgramMaxPayloadSize}, //
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
{"ProgramMaxWorkers", LuaProgramMaxWorkers}, //
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
{"ProgramPidPath", LuaProgramPidPath}, //
{"ProgramPort", LuaProgramPort}, //
{"ProgramRedirect", LuaProgramRedirect}, //
{"ProgramTimeout", LuaProgramTimeout}, //
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
{"ProgramTrustedIp", LuaProgramTrustedIp}, // undocumented
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
{"ProgramUid", LuaProgramUid}, //
{"ProgramUniprocess", LuaProgramUniprocess}, //
{"Rand64", LuaRand64}, //
{"Rdrand", LuaRdrand}, //
{"Rdseed", LuaRdseed}, //
{"Rdtsc", LuaRdtsc}, //
{"ResolveIp", LuaResolveIp}, //
{"Route", LuaRoute}, //
{"RouteHost", LuaRouteHost}, //
{"RoutePath", LuaRoutePath}, //
{"ServeAsset", LuaServeAsset}, //
{"ServeError", LuaServeError}, //
{"ServeIndex", LuaServeIndex}, //
{"ServeListing", LuaServeListing}, //
{"ServeRedirect", LuaServeRedirect}, //
{"ServeStatusz", LuaServeStatusz}, //
{"SetCookie", LuaSetCookie}, //
{"SetHeader", LuaSetHeader}, //
{"SetLogLevel", LuaSetLogLevel}, //
{"SetStatus", LuaSetStatus}, //
{"Sha1", LuaSha1}, //
{"Sha224", LuaSha224}, //
{"Sha256", LuaSha256}, //
{"Sha384", LuaSha384}, //
{"Sha512", LuaSha512}, //
{"Sleep", LuaSleep}, //
{"Slurp", LuaSlurp}, //
{"StoreAsset", LuaStoreAsset}, //
{"Uncompress", LuaUncompress}, //
{"Underlong", LuaUnderlong}, //
{"VisualizeControlCodes", LuaVisualizeControlCodes}, //
{"Write", LuaWrite}, //
{"bin", LuaBin}, //
{"hex", LuaHex}, //
{"oct", LuaOct}, //
Trim down redbean a little bit This makes redbean.c a little less long. It also reduces the size of redbean-original.com from being 333K to 213K.
2022-03-22 02:31:03 +00:00
#ifndef UNSECURE
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
{"AcquireToken", LuaAcquireToken}, //
Make some more fixes to prod
2022-10-19 20:10:00 +00:00
{"Blackhole", LuaBlackhole}, // undocumented
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
{"CountTokens", LuaCountTokens}, //
Trim down redbean a little bit This makes redbean.c a little less long. It also reduces the size of redbean-original.com from being 333K to 213K.
2022-03-22 02:31:03 +00:00
{"EvadeDragnetSurveillance", LuaEvadeDragnetSurveillance}, //
Redbean SSL identification (#360) * Let Fetch() be used earlier in initialization * Have ssl log messages show cert name * Introduce GetSslIdentity Lua API
2022-03-15 00:11:05 +00:00
{"GetSslIdentity", LuaGetSslIdentity}, //
Improve redbean plus code size optimizations This change turns symbol table compression back on using Puff, which noticeably reduces the size of programs like redbean and Python. The redbean web server receives some minor API additions for controlling things like SSL in addition to filling gaps in the documentation.
2022-05-29 15:14:55 +00:00
{"ProgramCertificate", LuaProgramCertificate}, //
{"ProgramPrivateKey", LuaProgramPrivateKey}, //
Make redbean SSL more tunable This change enables SSL compression. It significantly reduces the network load of the testing infrastructure, for free, since this revision didn't need to change any runit protocol code. However we turn it off by default in redbean since no browsers support it. It turns out that some TLSv1.0 clients (e.g. curl command on RHEL5) will send an SSLv2-style ClientHello. These types of clients are usually ten+ years old and were designed to interop with servers ten years older than them. Your redbean is now able to interop with these clients even though redbean doesn't actually support SSLv2 or SSLv3. Please note that the -B flag may be passed to disable this along with TLSv1.0, TLSv1.1, 3DES, &c The following Lua APIs have been added to redbean: - ProgramSslCompression(bool) - ProgramSslCiphersuite(name:str) - ProgramSslPresharedKey(key:str,identity:str) Lastly the DHE ciphersuites have been enabled. IANA recommends DHE and with old clients like RHEL5 it's the only perfect forward secrecy they implement.
2021-08-09 14:00:23 +00:00
{"ProgramSslCiphersuite", LuaProgramSslCiphersuite}, //
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
{"ProgramSslClientVerify", LuaProgramSslClientVerify}, //
{"ProgramSslFetchVerify", LuaProgramSslFetchVerify}, //
Trim down redbean a little bit This makes redbean.c a little less long. It also reduces the size of redbean-original.com from being 333K to 213K.
2022-03-22 02:31:03 +00:00
{"ProgramSslInit", LuaProgramSslInit}, //
Make redbean SSL more tunable This change enables SSL compression. It significantly reduces the network load of the testing infrastructure, for free, since this revision didn't need to change any runit protocol code. However we turn it off by default in redbean since no browsers support it. It turns out that some TLSv1.0 clients (e.g. curl command on RHEL5) will send an SSLv2-style ClientHello. These types of clients are usually ten+ years old and were designed to interop with servers ten years older than them. Your redbean is now able to interop with these clients even though redbean doesn't actually support SSLv2 or SSLv3. Please note that the -B flag may be passed to disable this along with TLSv1.0, TLSv1.1, 3DES, &c The following Lua APIs have been added to redbean: - ProgramSslCompression(bool) - ProgramSslCiphersuite(name:str) - ProgramSslPresharedKey(key:str,identity:str) Lastly the DHE ciphersuites have been enabled. IANA recommends DHE and with old clients like RHEL5 it's the only perfect forward secrecy they implement.
2021-08-09 14:00:23 +00:00
{"ProgramSslPresharedKey", LuaProgramSslPresharedKey}, //
Improve redbean plus code size optimizations This change turns symbol table compression back on using Puff, which noticeably reduces the size of programs like redbean and Python. The redbean web server receives some minor API additions for controlling things like SSL in addition to filling gaps in the documentation.
2022-05-29 15:14:55 +00:00
{"ProgramSslRequired", LuaProgramSslRequired}, //
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
{"ProgramSslTicketLifetime", LuaProgramSslTicketLifetime}, //
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
{"ProgramTokenBucket", LuaProgramTokenBucket}, //
Trim down redbean a little bit This makes redbean.c a little less long. It also reduces the size of redbean-original.com from being 333K to 213K.
2022-03-22 02:31:03 +00:00
#endif
Polish redbean APIs and docs (#446) * Remove undocumented ProgramSslCompression * Rename GetLastModified to GetAssetLastModified * Rename IsCompressed to IsAssetCompressed * Reorganize currently deprecated functions * Update sockopt documentation for clarity
2022-06-24 01:54:35 +00:00
// deprecated
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
{"GetPayload", LuaGetBody}, //
{"GetComment", LuaGetAssetComment}, //
{"GetVersion", LuaGetHttpVersion}, //
{"IsCompressed", LuaIsAssetCompressed}, //
{"GetLastModifiedTime", LuaGetAssetLastModifiedTime}, //
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
};
static const luaL_Reg kLuaLibs[] = {
Improve redbean plus code size optimizations This change turns symbol table compression back on using Puff, which noticeably reduces the size of programs like redbean and Python. The redbean web server receives some minor API additions for controlling things like SSL in addition to filling gaps in the documentation.
2022-05-29 15:14:55 +00:00
{"argon2", luaopen_argon2}, //
Fix redbean regression from previous commit
2022-06-19 07:59:07 +00:00
{"lsqlite3", luaopen_lsqlite3}, //
{"maxmind", LuaMaxmind}, //
Add tcp syn packet fingerprinting to redbean This change also fixes bugs in enoprotoopt reporting with setsockopt and getsockopt error returns.
2022-07-17 09:40:39 +00:00
{"finger", LuaFinger}, //
Make improvements - Introduce path module to redbean - Fix glitch with linenoise printing extra line on eof - Introduce closefrom() and close_range() system calls - Make file descriptor closing more secure in pledge.com
2022-07-20 22:13:39 +00:00
{"path", LuaPath}, //
Fix redbean regression from previous commit
2022-06-19 07:59:07 +00:00
{"re", LuaRe}, //
{"unix", LuaUnix}, //
Add preliminary lua support to redbean This change only implements enough Lua support to send a Hello World response. The redbean executable size increases from ~128kb to 260kb and the requests per second decreases from 1000k to 600k. That's the fastest it can go and that's extremely impressive compared to Python See #97
2021-03-22 00:27:53 +00:00
};
Have redbean show zip listing as default / handler If an "index.lua" or "index.html" doesn't exist in zip file or the filesystem, and no redirects have been defined for it either, then redbean will render a listing of the zip central directory content only if the request uri points to the root path.
2021-03-29 08:22:49 +00:00
static void LuaSetArgv(lua_State *L) {
Improve redbean - Improve serialization - Add Benchmark() API to redbean - Refactor UNIX API to be assert() friendly - Make the redbean Lua REPL print data structures - Fix recent regressions in linenoise reverse search - Add -i flag so redbean can be a language interpreter
2022-04-25 15:30:14 +00:00
int i, j = -1;
Support POST parameters in redbean server pages See #97
2021-03-27 14:29:55 +00:00
lua_newtable(L);
Improve redbean - Improve serialization - Add Benchmark() API to redbean - Refactor UNIX API to be assert() friendly - Make the redbean Lua REPL print data structures - Fix recent regressions in linenoise reverse search - Add -i flag so redbean can be a language interpreter
2022-04-25 15:30:14 +00:00
lua_pushstring(L, __argv[0]);
lua_seti(L, -2, j++);
if (!interpretermode) {
lua_pushstring(L, "/zip/.init.lua");
lua_seti(L, -2, j++);
}
Support POST parameters in redbean server pages See #97
2021-03-27 14:29:55 +00:00
for (i = optind; i < __argc; ++i) {
lua_pushstring(L, __argv[i]);
Improve redbean - Improve serialization - Add Benchmark() API to redbean - Refactor UNIX API to be assert() friendly - Make the redbean Lua REPL print data structures - Fix recent regressions in linenoise reverse search - Add -i flag so redbean can be a language interpreter
2022-04-25 15:30:14 +00:00
lua_seti(L, -2, j++);
Support POST parameters in redbean server pages See #97
2021-03-27 14:29:55 +00:00
}
Improve redbean - Improve serialization - Add Benchmark() API to redbean - Refactor UNIX API to be assert() friendly - Make the redbean Lua REPL print data structures - Fix recent regressions in linenoise reverse search - Add -i flag so redbean can be a language interpreter
2022-04-25 15:30:14 +00:00
lua_pushvalue(L, -1);
lua_setglobal(L, "argv"); // deprecated
lua_setglobal(L, "arg");
Support POST parameters in redbean server pages See #97
2021-03-27 14:29:55 +00:00
}
Have redbean show zip listing as default / handler If an "index.lua" or "index.html" doesn't exist in zip file or the filesystem, and no redirects have been defined for it either, then redbean will render a listing of the zip central directory content only if the request uri points to the root path.
2021-03-29 08:22:49 +00:00
static void LuaSetConstant(lua_State *L, const char *s, long x) {
lua_pushinteger(L, x);
lua_setglobal(L, s);
}
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
static char *GetDefaultLuaPath(void) {
char *s;
size_t i;
for (s = 0, i = 0; i < stagedirs.n; ++i) {
appendf(&s, "%s/.lua/?.lua;%s/.lua/?/init.lua;", stagedirs.p[i].s,
stagedirs.p[i].s);
}
Improve ZIP filesystem and change its prefix The ZIP filesystem has a breaking change. You now need to use /zip/ to open() / opendir() / etc. assets within the ZIP structure of your APE binary, instead of the previous convention of using zip: or zip! URIs. This is needed because Python likes to use absolute paths, and having ZIP paths encoded like URIs simply broke too many things. Many more system calls have been updated to be able to operate on ZIP files and file descriptors. In particular fcntl() and ioctl() since Python would do things like ask if a ZIP file is a terminal and get confused when the old implementation mistakenly said yes, because the fastest way to guarantee native file descriptors is to dup(2). This change also improves the async signal safety of zipos and ensures it doesn't maintain any open file descriptors beyond that which the user has opened. This change makes a lot of progress towards adding magic numbers that are specific to platforms other than Linux. The philosophy here is that, if you use an operating system like FreeBSD, then you should be able to take advantage of FreeBSD exclusive features, even if we don't polyfill them on other platforms. For example, you can now open() a file with the O_VERIFY flag. If your program runs on other platforms, then Cosmo will automatically set O_VERIFY to zero. This lets you safely use it without the need for #ifdef or ifstatements which detract from readability. One of the blindspots of the ASAN memory hardening we use to offer Rust like assurances has always been that memory passed to the kernel via system calls (e.g. writev) can't be checked automatically since the kernel wasn't built with MODE=asan. This change makes more progress ensuring that each system call will verify the soundness of memory before it's passed to the kernel. The code for doing these checks is fast, particularly for buffers, where it can verify 64 bytes a cycle. - Correct O_LOOP definition on NT - Introduce program_executable_name - Add ASAN guards to more system calls - Improve termios compatibility with BSDs - Fix bug in Windows auxiliary value encoding - Add BSD and XNU specific errnos and open flags - Add check to ensure build doesn't talk to internet
2021-08-22 08:04:18 +00:00
appends(&s, "/zip/.lua/?.lua;/zip/.lua/?/init.lua");
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
return s;
}
Redbean StoreAsset fix and lua cli (#326) * Fix StoreAsset update for existing assets in redbean * Add lua code execution and asset storage from redbean command line
2022-03-05 02:47:15 +00:00
static void LuaStart(void) {
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
#ifndef STATIC
Add preliminary lua support to redbean This change only implements enough Lua support to send a Hello World response. The redbean executable size increases from ~128kb to 260kb and the requests per second decreases from 1000k to 600k. That's the fastest it can go and that's extremely impressive compared to Python See #97
2021-03-22 00:27:53 +00:00
size_t i;
Redbean fix lua panic (#300) * Fix Lua panic in redbean when calling request/connection functions from .init.lua The error calls were triggered appropriately, but used the global Lua state instead of the current Lua state (within protected call), which triggered Lua panic. This executes the error in the proper context. * Rename global Lua state object to make its (mis-)usage easier to detect
2021-10-25 21:54:56 +00:00
lua_State *L = GL = luaL_newstate();
Fix bugs and make improvements to redbean - Abort if .init.lua fails - Refactor redbean to use new append library - Use first certificate if SNI routing fails - Use function/data sections when building Lua - Don't use self-signed auto-generated cert for client - Add -D staging dirs to redbean lua module default path
2021-08-06 21:12:11 +00:00
g_lua_path_default = GetDefaultLuaPath();
Make major improvements to stdio Buffering now has optimal performance, bugs have been fixed, and some missing apis have been introduced. This implementation is also now more production worthy since it's less brittle now in terms of system errors. That's going to help redbean since lua i/o is all based on stdio. See #97
2021-03-27 05:31:41 +00:00
luaL_openlibs(L);
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
for (i = 0; i < ARRAYLEN(kLuaLibs); ++i) {
luaL_requiref(L, kLuaLibs[i].name, kLuaLibs[i].func, 1);
lua_pop(L, 1);
}
Add preliminary lua support to redbean This change only implements enough Lua support to send a Hello World response. The redbean executable size increases from ~128kb to 260kb and the requests per second decreases from 1000k to 600k. That's the fastest it can go and that's extremely impressive compared to Python See #97
2021-03-22 00:27:53 +00:00
for (i = 0; i < ARRAYLEN(kLuaFuncs); ++i) {
lua_pushcfunction(L, kLuaFuncs[i].func);
lua_setglobal(L, kLuaFuncs[i].name);
}
Have redbean show zip listing as default / handler If an "index.lua" or "index.html" doesn't exist in zip file or the filesystem, and no redirects have been defined for it either, then redbean will render a listing of the zip central directory content only if the request uri points to the root path.
2021-03-29 08:22:49 +00:00
LuaSetConstant(L, "kLogDebug", kLogDebug);
LuaSetConstant(L, "kLogVerbose", kLogVerbose);
LuaSetConstant(L, "kLogInfo", kLogInfo);
LuaSetConstant(L, "kLogWarn", kLogWarn);
LuaSetConstant(L, "kLogError", kLogError);
LuaSetConstant(L, "kLogFatal", kLogFatal);
Improve redbean method=get parameter handling
2022-09-20 02:23:24 +00:00
LuaSetConstant(L, "kUrlPlus", kUrlPlus);
LuaSetConstant(L, "kUrlLatin1", kUrlLatin1);
Add MapContentType to redbean (#566)
2022-08-23 05:02:58 +00:00
// create a list of custom content types
lua_pushlightuserdata(L, (void *)&ctIdx); // push address as unique key
lua_newtable(L);
lua_settable(L, LUA_REGISTRYINDEX); // registry[&ctIdx] = {}
Redbean StoreAsset fix and lua cli (#326) * Fix StoreAsset update for existing assets in redbean * Add lua code execution and asset storage from redbean command line
2022-03-05 02:47:15 +00:00
#endif
}
Improve redbean - Improve serialization - Add Benchmark() API to redbean - Refactor UNIX API to be assert() friendly - Make the redbean Lua REPL print data structures - Fix recent regressions in linenoise reverse search - Add -i flag so redbean can be a language interpreter
2022-04-25 15:30:14 +00:00
static bool ShouldAutocomplete(const char *s) {
int c, m, l, r;
l = 0;
r = ARRAYLEN(kDontAutoComplete) - 1;
while (l <= r) {
m = (l + r) >> 1;
c = strcmp(kDontAutoComplete[m], s);
if (c < 0) {
l = m + 1;
} else if (c > 0) {
r = m - 1;
} else {
return false;
}
}
return true;
}
static void HandleCompletions(const char *p, linenoiseCompletions *c) {
size_t i, j;
for (j = i = 0; i < c->len; ++i) {
if (ShouldAutocomplete(c->cvec[i])) {
c->cvec[j++] = c->cvec[i];
} else {
free(c->cvec[i]);
}
}
c->len = j;
}
static void LuaPrint(lua_State *L) {
int i, n;
char *b = 0;
const char *s;
n = lua_gettop(L);
Update redbean lua example code
2022-04-25 16:31:28 +00:00
if (n > 0) {
for (i = 1; i <= n; i++) {
if (i > 1) appendw(&b, '\t');
Add pretty printing to redbean serializers
2022-07-22 17:10:33 +00:00
struct EncoderConfig conf = {
.maxdepth = 64,
.sorted = true,
.pretty = true,
.indent = " ",
};
LuaEncodeLuaData(L, &b, i, conf);
Update redbean lua example code
2022-04-25 16:31:28 +00:00
}
appendw(&b, '\n');
WRITE(1, b, appendz(b).i);
free(b);
Improve redbean - Improve serialization - Add Benchmark() API to redbean - Refactor UNIX API to be assert() friendly - Make the redbean Lua REPL print data structures - Fix recent regressions in linenoise reverse search - Add -i flag so redbean can be a language interpreter
2022-04-25 15:30:14 +00:00
}
}
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
static void EnableRawMode(void) {
if (lua_repl_isterminal) {
Make more threading improvements - ASAN memory morgue is now lockless - Make C11 atomics header more portable - Rewrote pthread keys support to be lockless - Simplify Python's unicode table unpacking code - Make crash report write(2) closer to being atomic - Make it possible to strace/ftrace a single thread - ASAN now checks nul-terminated strings fast and properly - Windows fork() now restores TLS memory of calling thread
2022-11-02 05:36:03 +00:00
strace_enabled(-1);
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
linenoiseEnableRawMode(0);
Make more threading improvements - ASAN memory morgue is now lockless - Make C11 atomics header more portable - Rewrote pthread keys support to be lockless - Simplify Python's unicode table unpacking code - Make crash report write(2) closer to being atomic - Make it possible to strace/ftrace a single thread - ASAN now checks nul-terminated strings fast and properly - Windows fork() now restores TLS memory of calling thread
2022-11-02 05:36:03 +00:00
strace_enabled(+1);
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
}
}
static void DisableRawMode(void) {
Make more threading improvements - ASAN memory morgue is now lockless - Make C11 atomics header more portable - Rewrote pthread keys support to be lockless - Simplify Python's unicode table unpacking code - Make crash report write(2) closer to being atomic - Make it possible to strace/ftrace a single thread - ASAN now checks nul-terminated strings fast and properly - Windows fork() now restores TLS memory of calling thread
2022-11-02 05:36:03 +00:00
strace_enabled(-1);
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
linenoiseDisableRawMode();
Make more threading improvements - ASAN memory morgue is now lockless - Make C11 atomics header more portable - Rewrote pthread keys support to be lockless - Simplify Python's unicode table unpacking code - Make crash report write(2) closer to being atomic - Make it possible to strace/ftrace a single thread - ASAN now checks nul-terminated strings fast and properly - Windows fork() now restores TLS memory of calling thread
2022-11-02 05:36:03 +00:00
strace_enabled(+1);
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
}
Add Deflate() / Inflate() to redbean and fix bugs The Compress() and Uncompress() APIs were a mistake. The functions themselves work fine, but it's a design blemish and does superfluous work. Since they were only introduced in the last few weeks, they're now deprecated and references to them have been scrubbed from the website and other documentation. Please use the new APIs since the old APIs will be removed at some point in the future. This change introduces automated Lua unit tests for the Redbean APIs. There's a few functions that were broken which have now been fixed, e.g. Underlong() and Decimate().
2022-07-08 16:47:04 +00:00
static int LuaInterpreter(lua_State *L) {
Improve redbean - Improve serialization - Add Benchmark() API to redbean - Refactor UNIX API to be assert() friendly - Make the redbean Lua REPL print data structures - Fix recent regressions in linenoise reverse search - Add -i flag so redbean can be a language interpreter
2022-04-25 15:30:14 +00:00
int i, n, sig, status;
const char *script;
if (optind < __argc) {
script = __argv[optind];
if (!strcmp(script, "-")) script = 0;
if ((status = luaL_loadfile(L, script)) == LUA_OK) {
lua_getglobal(L, "arg");
n = luaL_len(L, -1);
luaL_checkstack(L, n + 3, "too many script args");
for (i = 1; i <= n; i++) lua_rawgeti(L, -i, i);
lua_remove(L, -i); // remove arg table from stack
Polish redbean serialization
2022-04-29 13:06:23 +00:00
TRACE_BEGIN;
Improve redbean - Improve serialization - Add Benchmark() API to redbean - Refactor UNIX API to be assert() friendly - Make the redbean Lua REPL print data structures - Fix recent regressions in linenoise reverse search - Add -i flag so redbean can be a language interpreter
2022-04-25 15:30:14 +00:00
status = lua_runchunk(L, n, LUA_MULTRET);
Polish redbean serialization
2022-04-29 13:06:23 +00:00
TRACE_END;
Improve redbean - Improve serialization - Add Benchmark() API to redbean - Refactor UNIX API to be assert() friendly - Make the redbean Lua REPL print data structures - Fix recent regressions in linenoise reverse search - Add -i flag so redbean can be a language interpreter
2022-04-25 15:30:14 +00:00
}
Add Deflate() / Inflate() to redbean and fix bugs The Compress() and Uncompress() APIs were a mistake. The functions themselves work fine, but it's a design blemish and does superfluous work. Since they were only introduced in the last few weeks, they're now deprecated and references to them have been scrubbed from the website and other documentation. Please use the new APIs since the old APIs will be removed at some point in the future. This change introduces automated Lua unit tests for the Redbean APIs. There's a few functions that were broken which have now been fixed, e.g. Underlong() and Decimate().
2022-07-08 16:47:04 +00:00
return lua_report(L, status);
Improve redbean - Improve serialization - Add Benchmark() API to redbean - Refactor UNIX API to be assert() friendly - Make the redbean Lua REPL print data structures - Fix recent regressions in linenoise reverse search - Add -i flag so redbean can be a language interpreter
2022-04-25 15:30:14 +00:00
} else {
lua_repl_blocking = true;
lua_repl_completions_callback = HandleCompletions;
lua_initrepl(GL, "redbean");
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
EnableRawMode();
Improve redbean - Improve serialization - Add Benchmark() API to redbean - Refactor UNIX API to be assert() friendly - Make the redbean Lua REPL print data structures - Fix recent regressions in linenoise reverse search - Add -i flag so redbean can be a language interpreter
2022-04-25 15:30:14 +00:00
for (;;) {
status = lua_loadline(L);
if (status == -1) break; // eof
if (status == -2) {
if (errno == EINTR) {
if ((sig = linenoiseGetInterrupt())) {
Let ctrl-c interrupt lua server pages in repl mode
2022-05-14 18:47:16 +00:00
kill(0, sig);
Improve redbean - Improve serialization - Add Benchmark() API to redbean - Refactor UNIX API to be assert() friendly - Make the redbean Lua REPL print data structures - Fix recent regressions in linenoise reverse search - Add -i flag so redbean can be a language interpreter
2022-04-25 15:30:14 +00:00
}
}
fprintf(stderr, "i/o error: %m\n");
exit(1);
}
if (status == LUA_OK) {
Polish redbean serialization
2022-04-29 13:06:23 +00:00
TRACE_BEGIN;
Improve redbean - Improve serialization - Add Benchmark() API to redbean - Refactor UNIX API to be assert() friendly - Make the redbean Lua REPL print data structures - Fix recent regressions in linenoise reverse search - Add -i flag so redbean can be a language interpreter
2022-04-25 15:30:14 +00:00
status = lua_runchunk(GL, 0, LUA_MULTRET);
Polish redbean serialization
2022-04-29 13:06:23 +00:00
TRACE_END;
Improve redbean - Improve serialization - Add Benchmark() API to redbean - Refactor UNIX API to be assert() friendly - Make the redbean Lua REPL print data structures - Fix recent regressions in linenoise reverse search - Add -i flag so redbean can be a language interpreter
2022-04-25 15:30:14 +00:00
}
if (status == LUA_OK) {
LuaPrint(GL);
} else {
lua_report(GL, status);
}
}
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
DisableRawMode();
Improve redbean - Improve serialization - Add Benchmark() API to redbean - Refactor UNIX API to be assert() friendly - Make the redbean Lua REPL print data structures - Fix recent regressions in linenoise reverse search - Add -i flag so redbean can be a language interpreter
2022-04-25 15:30:14 +00:00
lua_freerepl();
lua_settop(GL, 0); // clear stack
if ((sig = linenoiseGetInterrupt())) {
raise(sig);
}
Add Deflate() / Inflate() to redbean and fix bugs The Compress() and Uncompress() APIs were a mistake. The functions themselves work fine, but it's a design blemish and does superfluous work. Since they were only introduced in the last few weeks, they're now deprecated and references to them have been scrubbed from the website and other documentation. Please use the new APIs since the old APIs will be removed at some point in the future. This change introduces automated Lua unit tests for the Redbean APIs. There's a few functions that were broken which have now been fixed, e.g. Underlong() and Decimate().
2022-07-08 16:47:04 +00:00
return status;
Improve redbean - Improve serialization - Add Benchmark() API to redbean - Refactor UNIX API to be assert() friendly - Make the redbean Lua REPL print data structures - Fix recent regressions in linenoise reverse search - Add -i flag so redbean can be a language interpreter
2022-04-25 15:30:14 +00:00
}
}
Make redbean serialization deterministic
2022-07-09 11:09:51 +00:00
static void LuaDestroy(void) {
#ifndef STATIC
lua_State *L = GL;
lua_close(L);
free(g_lua_path_default);
#endif
}
static void MemDestroy(void) {
FreeAssets();
CollectGarbage();
inbuf.p = 0, inbuf.n = 0, inbuf.c = 0;
Free(&inbuf_actual.p), inbuf_actual.n = inbuf_actual.c = 0;
Free(&unmaplist.p), unmaplist.n = unmaplist.c = 0;
Free(&freelist.p), freelist.n = freelist.c = 0;
Free(&hdrbuf.p), hdrbuf.n = hdrbuf.c = 0;
Free(&servers.p), servers.n = 0;
Free(&ports.p), ports.n = 0;
Free(&ips.p), ips.n = 0;
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
Free(&cpm.outbuf);
Make redbean serialization deterministic
2022-07-09 11:09:51 +00:00
FreeStrings(&stagedirs);
FreeStrings(&hidepaths);
Free(&launchbrowser);
Free(&serverheader);
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
Free(&trustedips.p);
Free(&interfaces);
Make redbean serialization deterministic
2022-07-09 11:09:51 +00:00
Free(&extrahdrs);
Free(&pidpath);
Free(&logpath);
Free(&brand);
Free(&polls);
}
Redbean StoreAsset fix and lua cli (#326) * Fix StoreAsset update for existing assets in redbean * Add lua code execution and asset storage from redbean command line
2022-03-05 02:47:15 +00:00
static void LuaInit(void) {
#ifndef STATIC
lua_State *L = GL;
LuaSetArgv(L);
Improve redbean - Improve serialization - Add Benchmark() API to redbean - Refactor UNIX API to be assert() friendly - Make the redbean Lua REPL print data structures - Fix recent regressions in linenoise reverse search - Add -i flag so redbean can be a language interpreter
2022-04-25 15:30:14 +00:00
if (interpretermode) {
Write more redbean unit tests - Fix DescribeSigset() - Introduce new unix.rmrf() API - Fix redbean sigaction() doc example code - Fix unix.sigaction() w/ more than two args - Improve redbean re module API (non-breaking) - Enhance Lua with Python string multiplication - Make third parameter of unix.socket() default to 0
2022-07-09 06:06:46 +00:00
int rc = LuaInterpreter(L);
Make redbean serialization deterministic
2022-07-09 11:09:51 +00:00
LuaDestroy();
MemDestroy();
Write more redbean unit tests - Fix DescribeSigset() - Introduce new unix.rmrf() API - Fix redbean sigaction() doc example code - Fix unix.sigaction() w/ more than two args - Improve redbean re module API (non-breaking) - Enhance Lua with Python string multiplication - Make third parameter of unix.socket() default to 0
2022-07-09 06:06:46 +00:00
if (IsModeDbg()) {
CheckForMemoryLeaks();
}
exit(rc);
Improve redbean - Improve serialization - Add Benchmark() API to redbean - Refactor UNIX API to be assert() friendly - Make the redbean Lua REPL print data structures - Fix recent regressions in linenoise reverse search - Add -i flag so redbean can be a language interpreter
2022-04-25 15:30:14 +00:00
}
Redbean StoreAsset fix and lua cli (#326) * Fix StoreAsset update for existing assets in redbean * Add lua code execution and asset storage from redbean command line
2022-03-05 02:47:15 +00:00
if (LuaRunAsset("/.init.lua", true)) {
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
hasonhttprequest = IsHookDefined("OnHttpRequest");
hasonclientconnection = IsHookDefined("OnClientConnection");
hasonprocesscreate = IsHookDefined("OnProcessCreate");
hasonprocessdestroy = IsHookDefined("OnProcessDestroy");
hasonworkerstart = IsHookDefined("OnWorkerStart");
hasonworkerstop = IsHookDefined("OnWorkerStop");
Add redbean OnLogLatency hook (#495)
2022-07-19 03:17:14 +00:00
hasonloglatency = IsHookDefined("OnLogLatency");
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
} else {
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
DEBUGF("(srvr) no /.init.lua defined");
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
}
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
#endif
Make major improvements to stdio Buffering now has optimal performance, bugs have been fixed, and some missing apis have been introduced. This implementation is also now more production worthy since it's less brittle now in terms of system errors. That's going to help redbean since lua i/o is all based on stdio. See #97
2021-03-27 05:31:41 +00:00
}
static void LuaReload(void) {
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
#ifndef STATIC
Redbean StoreAsset fix and lua cli (#326) * Fix StoreAsset update for existing assets in redbean * Add lua code execution and asset storage from redbean command line
2022-03-05 02:47:15 +00:00
if (!LuaRunAsset("/.reload.lua", false)) {
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
DEBUGF("(srvr) no /.reload.lua defined");
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
}
#endif
}
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
static const char *DescribeClose(void) {
if (killed) return "killed";
if (meltdown) return "meltdown";
if (terminated) return "terminated";
Reduce redbean logging for EBADF (#461) This may happen on explicitly closed client connections, so reduce the logging level similar to other errors.
2022-07-08 14:14:50 +00:00
if (connectionclose) return "connection closed";
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
return "destroyed";
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
}
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
static void LogClose(const char *reason) {
if (amtread || meltdown || killed) {
LockInc(&shared->c.fumbles);
Improve logger API (#262) This breaking change improves naming consistency. - Rename LOGF to INFOF - Rename recently introduced ANYF to LOGF - Remove V* log calls, as they are not being used
2021-09-04 04:14:26 +00:00
INFOF("(stat) %s %s with %,ld unprocessed and %,d handled (%,d workers)",
DescribeClient(), reason, amtread, messageshandled, shared->workers);
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
} else {
Support thread local storage
2022-05-16 20:20:08 +00:00
DEBUGF("(stat) %s %s with %,d messages handled", DescribeClient(), reason,
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
messageshandled);
Add live reindexing to redbean when zip changes
2021-05-02 18:50:43 +00:00
}
Add preliminary lua support to redbean This change only implements enough Lua support to send a Hello World response. The redbean executable size increases from ~128kb to 260kb and the requests per second decreases from 1000k to 600k. That's the fastest it can go and that's extremely impressive compared to Python See #97
2021-03-22 00:27:53 +00:00
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
static ssize_t SendString(const char *s) {
size_t n;
ssize_t rc;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
struct iovec iov;
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
n = strlen(s);
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
iov.iov_base = s;
iov.iov_len = n;
Make improvements to redbean - Fix Content-Type inference when file extension has number - Remove shoddy Class A granular IP classiifcation - Have setuid() and setgid() take effect w/o daemonization - Make GetParams() return empty table instead of nil - Change SetLogLevel(int) to only apply to one message - Make SetLogLevel(int) good enough to be access_log off - Introduce ProgramUid(int) which is same as -U INT - Introduce ProgramGid(int) which is same as -G INT - Introduce ProgramLogPath(str) which is same as -L PATH - Introduce ProgramDirectory(str) which is same as -D PATH - Introduce ProgramLogBodies(bool) which is same as -b - Introduce ProgramLogMessages(bool) which is same as -m
2021-07-08 22:56:23 +00:00
if (logmessages) {
LogMessage("sending", s, n);
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
for (;;) {
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
if ((rc = writer(client, &iov, 1)) != -1 || errno != EINTR) {
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
return rc;
Have redbean show zip listing as default / handler If an "index.lua" or "index.html" doesn't exist in zip file or the filesystem, and no redirects have been defined for it either, then redbean will render a listing of the zip central directory content only if the request uri points to the root path.
2021-03-29 08:22:49 +00:00
}
Polish recent changes and make improvements - Simulate SIGPIPE on Windows NT - Fix commandv() regression on Windows NT - Fix sigprocmask() strace bug on OpenBSD - Add many more system calls to --strace logging - Make errno state more pristine in redbean strace
2022-03-19 10:37:00 +00:00
errno = 0;
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
}
static ssize_t SendContinue(void) {
return SendString("\
HTTP/1.1 100 Continue\r\n\
\r\n");
}
static ssize_t SendTimeout(void) {
return SendString("\
HTTP/1.1 408 Request Timeout\r\n\
Connection: close\r\n\
Content-Length: 0\r\n\
\r\n");
}
static ssize_t SendServiceUnavailable(void) {
return SendString("\
HTTP/1.1 503 Service Unavailable\r\n\
Connection: close\r\n\
Content-Length: 0\r\n\
\r\n");
}
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
static ssize_t SendTooManyRequests(void) {
return SendString("\
HTTP/1.1 429 Too Many Requests\r\n\
Connection: close\r\n\
Content-Type: text/plain\r\n\
Content-Length: 22\r\n\
\r\n\
429 Too Many Requests\n");
}
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
static void EnterMeltdownMode(void) {
Improve cancellations, randomness, and time - Exhaustively document cancellation points - Rename SIGCANCEL to SIGTHR just like BSDs - Further improve POSIX thread cancellations - Ensure asynchronous cancellations work correctly - Elevate the quality of getrandom() and getentropy() - Make futexes cancel correctly on OpenBSD 6.x and 7.x - Add reboot.com and shutdown.com to examples directory - Remove underscore prefix from awesome timespec_*() APIs - Create assertions that help verify our cancellation points - Remove bad timespec APIs (cmp generalizes eq/ne/gt/gte/lt/lte)
2022-11-06 02:49:41 +00:00
if (timespec_cmp(timespec_sub(timespec_real(), shared->lastmeltdown),
(struct timespec){1}) < 0) {
Avoid long double timestamps in redbean
2022-08-06 02:24:05 +00:00
return;
Improve cancellations, randomness, and time - Exhaustively document cancellation points - Rename SIGCANCEL to SIGTHR just like BSDs - Further improve POSIX thread cancellations - Ensure asynchronous cancellations work correctly - Elevate the quality of getrandom() and getentropy() - Make futexes cancel correctly on OpenBSD 6.x and 7.x - Add reboot.com and shutdown.com to examples directory - Remove underscore prefix from awesome timespec_*() APIs - Create assertions that help verify our cancellation points - Remove bad timespec APIs (cmp generalizes eq/ne/gt/gte/lt/lte)
2022-11-06 02:49:41 +00:00
}
Redbean report write lock failure (#450) This change updates redbean to report a non-writable path when using StoreAsset, instead of crashing the worker.
2022-06-27 04:16:13 +00:00
WARNF("(srvr) server is melting down (%,d workers)", shared->workers);
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LOGIFNEG1(kill(0, SIGUSR2));
Improve cancellations, randomness, and time - Exhaustively document cancellation points - Rename SIGCANCEL to SIGTHR just like BSDs - Further improve POSIX thread cancellations - Ensure asynchronous cancellations work correctly - Elevate the quality of getrandom() and getentropy() - Make futexes cancel correctly on OpenBSD 6.x and 7.x - Add reboot.com and shutdown.com to examples directory - Remove underscore prefix from awesome timespec_*() APIs - Create assertions that help verify our cancellation points - Remove bad timespec APIs (cmp generalizes eq/ne/gt/gte/lt/lte)
2022-11-06 02:49:41 +00:00
shared->lastmeltdown = timespec_real();
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
++shared->c.meltdowns;
}
static char *HandlePayloadDisconnect(void) {
LockInc(&shared->c.payloaddisconnects);
LogClose("payload disconnect");
return ServeFailure(400, "Bad Request"); /* XXX */
}
static char *HandlePayloadDrop(void) {
LockInc(&shared->c.dropped);
LogClose(DescribeClose());
return ServeFailure(503, "Service Unavailable");
}
static char *HandleBadContentLength(void) {
LockInc(&shared->c.badlengths);
return ServeFailure(400, "Bad Content Length");
}
static char *HandleLengthRequired(void) {
LockInc(&shared->c.missinglengths);
return ServeFailure(411, "Length Required");
}
static char *HandleVersionNotSupported(void) {
LockInc(&shared->c.http12);
return ServeFailure(505, "HTTP Version Not Supported");
}
static char *HandleConnectRefused(void) {
LockInc(&shared->c.connectsrefused);
return ServeFailure(501, "Not Implemented");
}
static char *HandleExpectFailed(void) {
LockInc(&shared->c.expectsrefused);
return ServeFailure(417, "Expectation Failed");
}
static char *HandleHugePayload(void) {
LockInc(&shared->c.hugepayloads);
return ServeFailure(413, "Payload Too Large");
}
static char *HandlePayloadSlowloris(void) {
LockInc(&shared->c.slowloris);
LogClose("payload slowloris");
return ServeFailure(408, "Request Timeout");
}
Add chunked transfer decoding to redbean
2021-07-05 08:03:45 +00:00
static char *HandleTransferRefused(void) {
LockInc(&shared->c.transfersrefused);
return ServeFailure(501, "Not Implemented");
}
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
static char *HandleMapFailed(struct Asset *a, int fd) {
LockInc(&shared->c.mapfails);
Improve error messages for consistency (#297)
2021-10-25 21:44:04 +00:00
WARNF("(srvr) mmap(%`'s) error: %m", a->file->path);
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
close(fd);
return ServeError(500, "Internal Server Error");
}
Improve dependency generation for libcxx headers This change also updates redbean to have more informative error messages based on the ones that are actually showing up in production.
2022-05-17 18:38:35 +00:00
static void LogAcceptError(const char *s) {
Make some systemic improvements - add vdso dump utility - tests now log stack usage - rename g_ftrace to __ftrace - make internal spinlocks go faster - add conformant c11 atomics library - function tracing now logs stack usage - make function call tracing thread safe - add -X unsecure (no ssl) mode to redbean - munmap() has more consistent behavior now - pacify fsync() calls on python unit tests - make --strace flag work better in redbean - start minimizing and documenting compiler flags
2022-05-18 23:41:29 +00:00
LockInc(&shared->c.accepterrors);
Improve dependency generation for libcxx headers This change also updates redbean to have more informative error messages based on the ones that are actually showing up in production.
2022-05-17 18:38:35 +00:00
WARNF("(srvr) %s accept error: %s", DescribeServer(), s);
}
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
static char *HandleOpenFail(struct Asset *a) {
LockInc(&shared->c.openfails);
Improve error messages for consistency (#297)
2021-10-25 21:44:04 +00:00
WARNF("(srvr) open(%`'s) error: %m", a->file->path);
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
if (errno == ENFILE) {
LockInc(&shared->c.enfiles);
return ServeError(503, "Service Unavailable");
} else if (errno == EMFILE) {
LockInc(&shared->c.emfiles);
return ServeError(503, "Service Unavailable");
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
} else {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
return ServeError(500, "Internal Server Error");
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
}
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
static char *HandlePayloadReadError(void) {
if (errno == ECONNRESET) {
LockInc(&shared->c.readresets);
LogClose("payload reset");
return ServeFailure(400, "Bad Request"); /* XXX */
} else if (errno == EAGAIN || errno == EWOULDBLOCK) {
LockInc(&shared->c.readtimeouts);
LogClose("payload read timeout");
return ServeFailure(408, "Request Timeout");
} else {
LockInc(&shared->c.readerrors);
Improve error messages for consistency (#297)
2021-10-25 21:44:04 +00:00
INFOF("(clnt) %s payload read error: %m", DescribeClient());
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
return ServeFailure(500, "Internal Server Error");
}
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
}
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
static void HandleForkFailure(void) {
LockInc(&shared->c.forkerrors);
LockInc(&shared->c.dropped);
EnterMeltdownMode();
SendServiceUnavailable();
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
close(client);
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
WARNF("(srvr) too many processes: %m");
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
}
static void HandleFrag(size_t got) {
LockInc(&shared->c.frags);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (++cpm.frags == 32) {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
SendTimeout();
LogClose("slowloris");
LockInc(&shared->c.slowloris);
return;
} else {
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
DEBUGF("(stat) %s fragged msg added %,ld bytes to %,ld byte buffer",
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
DescribeClient(), amtread, got);
}
}
static void HandleReload(void) {
LockInc(&shared->c.reloads);
Reindex();
LuaReload();
}
static void HandleHeartbeat(void) {
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
size_t i;
sigset_t mask;
Improve cancellations, randomness, and time - Exhaustively document cancellation points - Rename SIGCANCEL to SIGTHR just like BSDs - Further improve POSIX thread cancellations - Ensure asynchronous cancellations work correctly - Elevate the quality of getrandom() and getentropy() - Make futexes cancel correctly on OpenBSD 6.x and 7.x - Add reboot.com and shutdown.com to examples directory - Remove underscore prefix from awesome timespec_*() APIs - Create assertions that help verify our cancellation points - Remove bad timespec APIs (cmp generalizes eq/ne/gt/gte/lt/lte)
2022-11-06 02:49:41 +00:00
UpdateCurrentDate(timespec_real());
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
Reindex();
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
getrusage(RUSAGE_SELF, &shared->server);
#ifndef STATIC
Remove .heartbeat.lua from redbean (#554) It's been replaced by `OnServerHeartbeat`.
2022-08-20 08:31:58 +00:00
CallSimpleHookIfDefined("OnServerHeartbeat");
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
CollectGarbage();
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
#endif
Fix bugs and add security features to redbean - Fix a regression with the previous change that broke redbean - Add chroot(), resource limit, seccomp, and other stuff to redbean - Write lots and lots of documentation - Iron out more system call issues
2022-04-18 07:01:26 +00:00
for (i = 1; i < servers.n; ++i) {
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
if (polls[i].fd < 0) {
polls[i].fd = -polls[i].fd;
}
}
Have redbean show zip listing as default / handler If an "index.lua" or "index.html" doesn't exist in zip file or the filesystem, and no redirects have been defined for it either, then redbean will render a listing of the zip central directory content only if the request uri points to the root path.
2021-03-29 08:22:49 +00:00
}
Improve generation of redbean static headers This change fixes an issue where Cache-Control could be outputted twice when Lua code calls SetHeader() from OnHttpRequest().
2022-06-15 05:01:13 +00:00
// returns 0 on success or response on error
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
static char *OpenAsset(struct Asset *a) {
int fd;
void *data;
size_t size;
Fix some issues with zipos and redbean - redbean.com -D /zip/dir/ now works, for pure fun - possibly fixed bug with redbean serving empty files - zipos stat() mode now indicates directories on windows See #372
2022-03-21 14:34:19 +00:00
struct stat *st;
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
if (a->file->st.st_size) {
size = a->file->st.st_size;
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (cpm.msg.method == kHttpHead) {
cpm.content = 0;
cpm.contentlength = size;
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
} else {
OpenAgain:
if ((fd = open(a->file->path.s, O_RDONLY)) != -1) {
data = mmap(0, size, PROT_READ, MAP_PRIVATE, fd, 0);
if (data != MAP_FAILED) {
LockInc(&shared->c.maps);
UnmapLater(fd, data, size);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.content = data;
cpm.contentlength = size;
Fix some issues with zipos and redbean - redbean.com -D /zip/dir/ now works, for pure fun - possibly fixed bug with redbean serving empty files - zipos stat() mode now indicates directories on windows See #372
2022-03-21 14:34:19 +00:00
} else if ((st = _gc(malloc(sizeof(struct stat)))) &&
fstat(fd, st) != -1 && (data = malloc(st->st_size))) {
/* probably empty file or zipos handle */
LockInc(&shared->c.slurps);
FreeLater(data);
if (ReadAll(fd, data, st->st_size) != -1) {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.content = data;
cpm.contentlength = st->st_size;
Fix some issues with zipos and redbean - redbean.com -D /zip/dir/ now works, for pure fun - possibly fixed bug with redbean serving empty files - zipos stat() mode now indicates directories on windows See #372
2022-03-21 14:34:19 +00:00
close(fd);
} else {
return HandleMapFailed(a, fd);
}
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
} else {
return HandleMapFailed(a, fd);
}
} else if (errno == EINTR) {
Polish recent changes and make improvements - Simulate SIGPIPE on Windows NT - Fix commandv() regression on Windows NT - Fix sigprocmask() strace bug on OpenBSD - Add many more system calls to --strace logging - Make errno state more pristine in redbean strace
2022-03-19 10:37:00 +00:00
errno = 0;
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
goto OpenAgain;
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
} else {
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
return HandleOpenFail(a);
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
}
}
} else {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.content = "";
cpm.contentlength = 0;
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
}
return 0;
}
static char *ServeServerOptions(void) {
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
char *p;
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.serveroptions);
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
p = SetStatus(200, "OK");
#ifdef STATIC
p = stpcpy(p, "Allow: GET, HEAD, OPTIONS\r\n");
#else
p = stpcpy(p, "Accept: */*\r\n"
Fix bugs and make improvements - Fix regression with `%lu` - Added some more headers witnessed in the wild - Added `-M INT` option to redbean to tune max payload size - Work around InfoZIP 256 character limit on comment line size
2021-05-01 12:11:35 +00:00
"Accept-Charset: utf-8,ISO-8859-1;q=0.7,*;q=0.5\r\n"
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
"Allow: GET, HEAD, POST, PUT, DELETE, OPTIONS\r\n");
#endif
return p;
}
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
Add chunked transfer decoding to redbean
2021-07-05 08:03:45 +00:00
static void SendContinueIfNeeded(void) {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (cpm.msg.version >= 11 && HeaderEqualCase(kHttpExpect, "100-continue")) {
Add chunked transfer decoding to redbean
2021-07-05 08:03:45 +00:00
LockInc(&shared->c.continues);
SendContinue();
}
}
static char *ReadMore(void) {
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
size_t got;
ssize_t rc;
Add chunked transfer decoding to redbean
2021-07-05 08:03:45 +00:00
LockInc(&shared->c.frags);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (++cpm.frags == 64) return HandlePayloadSlowloris();
Add chunked transfer decoding to redbean
2021-07-05 08:03:45 +00:00
if ((rc = reader(client, inbuf.p + amtread, inbuf.n - amtread)) != -1) {
if (!(got = rc)) return HandlePayloadDisconnect();
amtread += got;
} else if (errno == EINTR) {
LockInc(&shared->c.readinterrupts);
Avoid long double timestamps in redbean
2022-08-06 02:24:05 +00:00
if (killed || ((meltdown || terminated) &&
Improve cancellations, randomness, and time - Exhaustively document cancellation points - Rename SIGCANCEL to SIGTHR just like BSDs - Further improve POSIX thread cancellations - Ensure asynchronous cancellations work correctly - Elevate the quality of getrandom() and getentropy() - Make futexes cancel correctly on OpenBSD 6.x and 7.x - Add reboot.com and shutdown.com to examples directory - Remove underscore prefix from awesome timespec_*() APIs - Create assertions that help verify our cancellation points - Remove bad timespec APIs (cmp generalizes eq/ne/gt/gte/lt/lte)
2022-11-06 02:49:41 +00:00
timespec_cmp(timespec_sub(timespec_real(), startread),
(struct timespec){1}) >= 0)) {
Add chunked transfer decoding to redbean
2021-07-05 08:03:45 +00:00
return HandlePayloadDrop();
}
} else {
return HandlePayloadReadError();
}
return NULL;
}
static char *SynchronizeLength(void) {
char *p;
if (hdrsize + payloadlength > amtread) {
if (hdrsize + payloadlength > inbuf.n) return HandleHugePayload();
SendContinueIfNeeded();
while (amtread < hdrsize + payloadlength) {
if ((p = ReadMore())) return p;
}
}
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.msgsize = hdrsize + payloadlength;
Add chunked transfer decoding to redbean
2021-07-05 08:03:45 +00:00
return NULL;
}
static char *SynchronizeChunked(void) {
char *p;
ssize_t transferlength;
struct HttpUnchunker u = {0};
SendContinueIfNeeded();
while (!(transferlength = Unchunk(&u, inbuf.p + hdrsize, amtread - hdrsize,
&payloadlength))) {
if ((p = ReadMore())) return p;
}
if (transferlength == -1) return HandleHugePayload();
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.msgsize = hdrsize + transferlength;
Add chunked transfer decoding to redbean
2021-07-05 08:03:45 +00:00
return NULL;
}
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
static char *SynchronizeStream(void) {
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
int64_t cl;
Add chunked transfer decoding to redbean
2021-07-05 08:03:45 +00:00
if (HasHeader(kHttpTransferEncoding) &&
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
!HeaderEqualCase(kHttpTransferEncoding, "identity")) {
if (HeaderEqualCase(kHttpTransferEncoding, "chunked")) {
Add chunked transfer decoding to redbean
2021-07-05 08:03:45 +00:00
return SynchronizeChunked();
} else {
return HandleTransferRefused();
}
} else if (HasHeader(kHttpContentLength)) {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
if ((cl = ParseContentLength(HeaderData(kHttpContentLength),
Add chunked transfer decoding to redbean
2021-07-05 08:03:45 +00:00
HeaderLength(kHttpContentLength))) != -1) {
payloadlength = cl;
return SynchronizeLength();
} else {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
return HandleBadContentLength();
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
}
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
} else if (cpm.msg.method == kHttpPost || cpm.msg.method == kHttpPut) {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
return HandleLengthRequired();
} else {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.msgsize = hdrsize;
Add chunked transfer decoding to redbean
2021-07-05 08:03:45 +00:00
payloadlength = 0;
return NULL;
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
}
}
static void ParseRequestParameters(void) {
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
uint32_t ip;
Improve redbean method=get parameter handling
2022-09-20 02:23:24 +00:00
FreeLater(ParseUrl(inbuf.p + cpm.msg.uri.a, cpm.msg.uri.b - cpm.msg.uri.a,
&url, kUrlPlus | kUrlLatin1));
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
if (!url.host.p) {
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
if (HasHeader(kHttpXForwardedHost) && //
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
!GetRemoteAddr(&ip, 0) && IsTrustedIp(ip)) {
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
FreeLater(ParseHost(HeaderData(kHttpXForwardedHost),
HeaderLength(kHttpXForwardedHost), &url));
} else if (HasHeader(kHttpHost)) {
FreeLater(
ParseHost(HeaderData(kHttpHost), HeaderLength(kHttpHost), &url));
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
} else {
FreeLater(ParseHost(DescribeServer(), -1, &url));
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
}
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
} else if (!url.path.n) {
url.path.p = "/";
url.path.n = 1;
}
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
if (!url.scheme.n) {
Improve redbean plus code size optimizations This change turns symbol table compression back on using Puff, which noticeably reduces the size of programs like redbean and Python. The redbean web server receives some minor API additions for controlling things like SSL in addition to filling gaps in the documentation.
2022-05-29 15:14:55 +00:00
if (usingssl) {
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
url.scheme.p = "https";
url.scheme.n = 5;
} else {
url.scheme.p = "http";
url.scheme.n = 4;
}
}
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
}
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
static bool HasAtMostThisElement(int h, const char *s) {
size_t i, n;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
struct HttpHeader *x;
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
if (HasHeader(h)) {
n = strlen(s);
Add chunked transfer decoding to redbean
2021-07-05 08:03:45 +00:00
if (!SlicesEqualCase(s, n, HeaderData(h), HeaderLength(h))) {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
return false;
}
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
for (i = 0; i < cpm.msg.xheaders.n; ++i) {
x = cpm.msg.xheaders.p + i;
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
if (GetHttpHeader(inbuf.p + x->k.a, x->k.b - x->k.a) == h &&
!SlicesEqualCase(inbuf.p + x->v.a, x->v.b - x->v.a, s, n)) {
return false;
}
}
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
return true;
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
}
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
static char *HandleRequest(void) {
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
char *p;
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (cpm.msg.version == 11) {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.http11);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
} else if (cpm.msg.version < 10) {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.http09);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
} else if (cpm.msg.version == 10) {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.http10);
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
} else {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
return HandleVersionNotSupported();
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
}
if ((p = SynchronizeStream())) return p;
Add chunked transfer decoding to redbean
2021-07-05 08:03:45 +00:00
if (logbodies) LogBody("received", inbuf.p + hdrsize, payloadlength);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (cpm.msg.version < 11 || HeaderEqualCase(kHttpConnection, "close")) {
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
connectionclose = true;
}
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (cpm.msg.method == kHttpOptions &&
SlicesEqual(inbuf.p + cpm.msg.uri.a, cpm.msg.uri.b - cpm.msg.uri.a, "*",
1)) {
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
return ServeServerOptions();
}
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (cpm.msg.method == kHttpConnect) {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
return HandleConnectRefused();
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
}
if (!HasAtMostThisElement(kHttpExpect, "100-continue")) {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
return HandleExpectFailed();
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
}
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
ParseRequestParameters();
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
if (!url.host.n || !url.path.n || url.path.p[0] != '/' ||
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
!IsAcceptablePath(url.path.p, url.path.n) ||
!IsAcceptableHost(url.host.p, url.host.n) ||
!IsAcceptablePort(url.port.p, url.port.n)) {
Make chacha20 go faster
2021-07-05 21:03:50 +00:00
free(url.params.p);
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.urisrefused);
Make trivial code size enhancements
2021-05-17 01:22:39 +00:00
return ServeFailure(400, "Bad URI");
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
}
Improve logger API (#262) This breaking change improves naming consistency. - Rename LOGF to INFOF - Rename recently introduced ANYF to LOGF - Remove V* log calls, as they are not being used
2021-09-04 04:14:26 +00:00
INFOF("(req) received %s HTTP%02d %.*s %s %`'.*s %`'.*s", DescribeClient(),
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.msg.version, cpm.msg.xmethod.b - cpm.msg.xmethod.a,
inbuf.p + cpm.msg.xmethod.a, FreeLater(EncodeUrl(&url, 0)),
HeaderLength(kHttpReferer), HeaderData(kHttpReferer),
HeaderLength(kHttpUserAgent), HeaderData(kHttpUserAgent));
Add chunked transfer decoding to redbean
2021-07-05 08:03:45 +00:00
if (HasHeader(kHttpContentType) &&
IsMimeType(HeaderData(kHttpContentType), HeaderLength(kHttpContentType),
"application/x-www-form-urlencoded")) {
FreeLater(ParseParams(inbuf.p + hdrsize, payloadlength, &url.params));
}
FreeLater(url.params.p);
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
#ifndef STATIC
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
if (hasonhttprequest) return LuaOnHttpRequest();
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
#endif
Support OnHttpRequest Lua callback If your redbean `/.init.lua` file defines a global callable named `OnHttpRequest` then redbean will delegate all serving control to your function. You may then restore the default serving paths, by calling the new `Route()`, `RouteHost()`, and `RoutePath()` APIs. Closes #150
2021-04-25 00:09:01 +00:00
return Route(url.host.p, url.host.n, url.path.p, url.path.n);
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
static char *Route(const char *host, size_t hostlen, const char *path,
size_t pathlen) {
char *p;
Redbean fix redirect (#294) * Fix redbean crash during redirect in debug logging mode * Add reset for redirect loop check in redbean Route Without this reset a combination of RoutePath() and Route() calls could return "508 loop detected", since RoutePath could be called twice for the same redirected path. The protection against looping is still there, as it can only loop inside the Route() call (as it always serves something). * Update redbean redirect message for clarity
2021-10-25 21:04:57 +00:00
// reset the redirect loop check, as it can only be looping inside
// this function (as it always serves something); otherwise
// successful RoutePath and Route may fail with "508 loop detected"
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.loops.n = 0;
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
if (hostlen && (p = RouteHost(host, hostlen, path, pathlen))) {
return p;
}
if (SlicesEqual(path, pathlen, "/", 1)) {
if ((p = ServeIndex("/", 1))) return p;
return ServeListing();
} else if ((p = RoutePath(path, pathlen))) {
return p;
} else if (SlicesEqual(path, pathlen, "/statusz", 8)) {
return ServeStatusz();
} else {
LockInc(&shared->c.notfounds);
return ServeError(404, "Not Found");
}
}
static char *RoutePath(const char *path, size_t pathlen) {
int m;
long r;
char *p;
struct Asset *a;
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
DEBUGF("(srvr) RoutePath(%`'.*s)", pathlen, path);
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
if ((a = GetAsset(path, pathlen))) {
Update docs on chmod permissions (#336) Closes #335
2022-03-08 02:13:49 +00:00
// only allow "read other" permissions for security
// and consistency with handling of "external" files
// in this and other webservers
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
if ((m = GetMode(a)) & 0004) {
if (!S_ISDIR(m)) {
return HandleAsset(a, path, pathlen);
} else {
return HandleFolder(path, pathlen);
}
} else {
LockInc(&shared->c.forbiddens);
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
WARNF("(srvr) asset %`'.*s %#o isn't readable", pathlen, path, m);
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
return ServeError(403, "Forbidden");
}
} else if ((r = FindRedirect(path, pathlen)) != -1) {
return HandleRedirect(redirects.p + r);
} else {
return NULL;
}
}
static char *RouteHost(const char *host, size_t hostlen, const char *path,
size_t pathlen) {
size_t hn, hm;
char *hp, *p, b[96];
if (hostlen) {
hn = 1 + hostlen + url.path.n;
hm = 3 + 1 + hn;
hp = hm <= sizeof(b) ? b : FreeLater(xmalloc(hm));
hp[0] = '/';
mempcpy(mempcpy(hp + 1, host, hostlen), path, pathlen);
if ((p = RoutePath(hp, hn))) return p;
if (!isdigit(host[0])) {
if (hostlen > 4 &&
READ32LE(host) == ('w' | 'w' << 8 | 'w' << 16 | '.' << 24)) {
mempcpy(mempcpy(hp + 1, host + 4, hostlen - 4), path, pathlen);
if ((p = RoutePath(hp, hn - 4))) return p;
} else {
mempcpy(mempcpy(mempcpy(hp + 1, "www.", 4), host, hostlen), path,
pathlen);
if ((p = RoutePath(hp, hn + 4))) return p;
}
}
}
return NULL;
}
static inline bool IsLua(struct Asset *a) {
size_t n;
const char *p;
Make redbean StoreAsset() work better - Better UBSAN error messages - POSIX Advisory Locks polyfills - Move redbean manual to /.help.txt - System call memory safety in ASAN mode - Character classification now does UNICODE
2021-05-14 12:36:58 +00:00
if (a->file && a->file->path.n >= 4 &&
READ32LE(a->file->path.s + a->file->path.n - 4) ==
('.' | 'l' << 8 | 'u' << 16 | 'a' << 24)) {
return true;
}
p = ZIP_CFILE_NAME(zbase + a->cf);
n = ZIP_CFILE_NAMESIZE(zbase + a->cf);
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
return n > 4 &&
READ32LE(p + n - 4) == ('.' | 'l' << 8 | 'u' << 16 | 'a' << 24);
}
static char *HandleAsset(struct Asset *a, const char *path, size_t pathlen) {
Improve generation of redbean static headers This change fixes an issue where Cache-Control could be outputted twice when Lua code calls SetHeader() from OnHttpRequest().
2022-06-15 05:01:13 +00:00
char *p;
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
#ifndef STATIC
if (IsLua(a)) return ServeLua(a, path, pathlen);
#endif
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (cpm.msg.method == kHttpGet || cpm.msg.method == kHttpHead) {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.staticrequests);
Improve generation of redbean static headers This change fixes an issue where Cache-Control could be outputted twice when Lua code calls SetHeader() from OnHttpRequest().
2022-06-15 05:01:13 +00:00
p = ServeAsset(a, path, pathlen);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (!cpm.gotxcontenttypeoptions) {
Improve generation of redbean static headers This change fixes an issue where Cache-Control could be outputted twice when Lua code calls SetHeader() from OnHttpRequest().
2022-06-15 05:01:13 +00:00
p = stpcpy(p, "X-Content-Type-Options: nosniff\r\n");
}
return p;
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
} else {
return BadMethod();
}
}
static const char *GetContentType(struct Asset *a, const char *path, size_t n) {
const char *r;
Add MapContentType to redbean (#566)
2022-08-23 05:02:58 +00:00
if (a->file && (r = GetContentTypeExt(a->file->path.s, a->file->path.n))) {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
return r;
}
return firstnonnull(
Add MapContentType to redbean (#566)
2022-08-23 05:02:58 +00:00
GetContentTypeExt(path, n),
firstnonnull(GetContentTypeExt(ZIP_CFILE_NAME(zbase + a->cf),
ZIP_CFILE_NAMESIZE(zbase + a->cf)),
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
a->istext ? "text/plain" : "application/octet-stream"));
}
Improve some unicode functions
2021-05-05 14:25:39 +00:00
static bool IsNotModified(struct Asset *a) {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (cpm.msg.version < 10) return false;
Improve some unicode functions
2021-05-05 14:25:39 +00:00
if (!HasHeader(kHttpIfModifiedSince)) return false;
Update redbean If-Modified-Since check to accept same timestamp (#562)
2022-08-22 05:03:30 +00:00
return a->lastmodified <=
Improve some unicode functions
2021-05-05 14:25:39 +00:00
ParseHttpDateTime(HeaderData(kHttpIfModifiedSince),
HeaderLength(kHttpIfModifiedSince));
}
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
static char *ServeAsset(struct Asset *a, const char *path, size_t pathlen) {
char *p;
uint32_t crc;
const char *ct;
ct = GetContentType(a, path, pathlen);
if (IsNotModified(a)) {
LockInc(&shared->c.notmodifieds);
p = SetStatus(304, "Not Modified");
} else {
if (!a->file) {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.content = (char *)ZIP_LFILE_CONTENT(zbase + a->lf);
cpm.contentlength = GetZipCfileCompressedSize(zbase + a->cf);
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
} else if ((p = OpenAsset(a))) {
return p;
}
if (IsCompressed(a)) {
if (ClientAcceptsGzip()) {
p = ServeAssetPrecompressed(a);
} else {
p = ServeAssetDecompressed(a);
}
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
} else if (cpm.msg.version >= 11 && HasHeader(kHttpRange)) {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
p = ServeAssetRange(a);
} else if (!a->file) {
LockInc(&shared->c.identityresponses);
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
DEBUGF("(zip) ServeAssetZipIdentity(%`'s)", ct);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (Verify(cpm.content, cpm.contentlength,
ZIP_LFILE_CRC32(zbase + a->lf))) {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
p = SetStatus(200, "OK");
} else {
return ServeError(500, "Internal Server Error");
}
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
} else if (!IsTiny() && cpm.msg.method != kHttpHead && !IsSslCompressed() &&
Make redbean SSL more tunable This change enables SSL compression. It significantly reduces the network load of the testing infrastructure, for free, since this revision didn't need to change any runit protocol code. However we turn it off by default in redbean since no browsers support it. It turns out that some TLSv1.0 clients (e.g. curl command on RHEL5) will send an SSLv2-style ClientHello. These types of clients are usually ten+ years old and were designed to interop with servers ten years older than them. Your redbean is now able to interop with these clients even though redbean doesn't actually support SSLv2 or SSLv3. Please note that the -B flag may be passed to disable this along with TLSv1.0, TLSv1.1, 3DES, &c The following Lua APIs have been added to redbean: - ProgramSslCompression(bool) - ProgramSslCiphersuite(name:str) - ProgramSslPresharedKey(key:str,identity:str) Lastly the DHE ciphersuites have been enabled. IANA recommends DHE and with old clients like RHEL5 it's the only perfect forward secrecy they implement.
2021-08-09 14:00:23 +00:00
ClientAcceptsGzip() &&
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
!(a->file &&
IsNoCompressExt(a->file->path.s, a->file->path.n)) &&
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
((cpm.contentlength >= 100 && _startswithi(ct, "text/")) ||
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
(cpm.contentlength >= 1000 &&
MeasureEntropy(cpm.content, 1000) < 7))) {
Fix some glitches in redbean This change includes a fix to Fetch() where an out of bounds memory read could happen, when the reverse proxied endpoint omits the content-length header. This caused a bunch of NUL chars to appear on TurfWar's /statusz since it wouldn't actually overrun the buffer, and if it did it would've been caught by MODE=asan builds.
2022-11-02 16:42:52 +00:00
VERBOSEF("serving compressed asset");
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
p = ServeAssetCompressed(a);
} else {
p = ServeAssetIdentity(a, ct);
}
}
p = AppendContentType(p, ct);
p = stpcpy(p, "Vary: Accept-Encoding\r\n");
p = AppendHeader(p, "Last-Modified", a->lastmodifiedstr);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (cpm.msg.version >= 11) {
if (!cpm.gotcachecontrol) {
Improve generation of redbean static headers This change fixes an issue where Cache-Control could be outputted twice when Lua code calls SetHeader() from OnHttpRequest().
2022-06-15 05:01:13 +00:00
p = AppendCache(p, cacheseconds);
}
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
if (!IsCompressed(a)) {
p = stpcpy(p, "Accept-Ranges: bytes\r\n");
}
}
return p;
}
static char *SetStatus(unsigned code, const char *reason) {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (cpm.msg.version == 10) {
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
if (code == 307) code = 302;
if (code == 308) code = 301;
}
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.statuscode = code;
cpm.hascontenttype = false;
Make redbean compress w/o explicit content-type (#671)
2022-11-02 06:15:20 +00:00
// reset, as the headers are reset
// istext is -1 by default to interpret as true when not set
cpm.istext = -1;
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.gotxcontenttypeoptions = 0;
cpm.gotcachecontrol = 0;
cpm.referrerpolicy = 0;
cpm.branded = 0;
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
stpcpy(hdrbuf.p, "HTTP/1.0 000 ");
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
hdrbuf.p[7] += cpm.msg.version & 1;
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
hdrbuf.p[9] += code / 100;
hdrbuf.p[10] += code / 10 % 10;
hdrbuf.p[11] += code % 10;
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
VERBOSEF("(rsp) %d %s", code, reason);
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
return AppendCrlf(stpcpy(hdrbuf.p + 13, reason));
}
static inline bool MustNotIncludeMessageBody(void) { /* RFC2616 § 4.4 */
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
return cpm.msg.method == kHttpHead ||
(100 <= cpm.statuscode && cpm.statuscode <= 199) ||
cpm.statuscode == 204 || cpm.statuscode == 304;
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
}
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
static bool TransmitResponse(char *p) {
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
int iovlen;
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
struct iovec iov[4];
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
long actualcontentlength;
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (cpm.msg.version >= 10) {
actualcontentlength = cpm.contentlength;
if (cpm.gzipped) {
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
actualcontentlength += sizeof(kGzipHeader) + sizeof(gzip_footer);
p = stpcpy(p, "Content-Encoding: gzip\r\n");
}
p = AppendContentLength(p, actualcontentlength);
p = AppendCrlf(p);
CHECK_LE(p - hdrbuf.p, hdrbuf.n);
if (logmessages) {
LogMessage("sending", hdrbuf.p, p - hdrbuf.p);
}
iov[0].iov_base = hdrbuf.p;
iov[0].iov_len = p - hdrbuf.p;
iovlen = 1;
if (!MustNotIncludeMessageBody()) {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (cpm.gzipped) {
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
iov[iovlen].iov_base = kGzipHeader;
iov[iovlen].iov_len = sizeof(kGzipHeader);
++iovlen;
}
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
iov[iovlen].iov_base = cpm.content;
iov[iovlen].iov_len = cpm.contentlength;
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
++iovlen;
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (cpm.gzipped) {
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
iov[iovlen].iov_base = gzip_footer;
iov[iovlen].iov_len = sizeof(gzip_footer);
++iovlen;
}
}
} else {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
iov[0].iov_base = cpm.content;
iov[0].iov_len = cpm.contentlength;
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
iovlen = 1;
}
Send(iov, iovlen);
LockInc(&shared->c.messageshandled);
++messageshandled;
return true;
}
static bool StreamResponse(char *p) {
int rc;
struct iovec iov[6];
char *s, chunkbuf[23];
assert(!MustNotIncludeMessageBody());
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (cpm.msg.version >= 11) {
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
p = stpcpy(p, "Transfer-Encoding: chunked\r\n");
} else {
assert(connectionclose);
}
p = AppendCrlf(p);
CHECK_LE(p - hdrbuf.p, hdrbuf.n);
if (logmessages) {
LogMessage("sending", hdrbuf.p, p - hdrbuf.p);
}
Make numerous improvements - Python static hello world now 1.8mb - Python static fully loaded now 10mb - Python HTTPS client now uses MbedTLS - Python REPL now completes import stmts - Increase stack size for Python for now - Begin synthesizing posixpath and ntpath - Restore Python \N{UNICODE NAME} support - Restore Python NFKD symbol normalization - Add optimized code path for Intel SHA-NI - Get more Python unit tests passing faster - Get Python help() pagination working on NT - Python hashlib now supports MbedTLS PBKDF2 - Make memcpy/memmove/memcmp/bcmp/etc. faster - Add Mersenne Twister and Vigna to LIBC_RAND - Provide privileged __printf() for error code - Fix zipos opendir() so that it reports ENOTDIR - Add basic chmod() implementation for Windows NT - Add Cosmo's best functions to Python cosmo module - Pin function trace indent depth to that of caller - Show memory diagram on invalid access in MODE=dbg - Differentiate stack overflow on crash in MODE=dbg - Add stb_truetype and tools for analyzing font files - Upgrade to UNICODE 13 and reduce its binary footprint - COMPILE.COM now logs resource usage of build commands - Start implementing basic poll() support on bare metal - Set getauxval(AT_EXECFN) to GetModuleFileName() on NT - Add descriptions to strerror() in non-TINY build modes - Add COUNTBRANCH() macro to help with micro-optimizations - Make error / backtrace / asan / memory code more unbreakable - Add fast perfect C implementation of μ-Law and a-Law audio codecs - Make strtol() functions consistent with other libc implementations - Improve Linenoise implementation (see also github.com/jart/bestline) - COMPILE.COM now suppresses stdout/stderr of successful build commands
2021-09-28 05:58:51 +00:00
bzero(iov, sizeof(iov));
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (cpm.msg.version >= 10) {
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
iov[0].iov_base = hdrbuf.p;
iov[0].iov_len = p - hdrbuf.p;
}
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (cpm.msg.version >= 11) {
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
iov[5].iov_base = "\r\n";
iov[5].iov_len = 2;
}
for (;;) {
iov[2].iov_base = 0;
iov[2].iov_len = 0;
iov[3].iov_base = 0;
iov[3].iov_len = 0;
iov[4].iov_base = 0;
iov[4].iov_len = 0;
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if ((rc = cpm.generator(iov + 2)) <= 0) break;
if (cpm.msg.version >= 11) {
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
s = chunkbuf;
s += uint64toarray_radix16(rc, s);
s = AppendCrlf(s);
iov[1].iov_base = chunkbuf;
iov[1].iov_len = s - chunkbuf;
}
if (Send(iov, 6) == -1) break;
iov[0].iov_base = 0;
iov[0].iov_len = 0;
}
if (rc != -1) {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (cpm.msg.version >= 11) {
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
iov[0].iov_base = "0\r\n\r\n";
iov[0].iov_len = 5;
Send(iov, 1);
}
} else {
connectionclose = true;
}
return true;
}
Polyfill SIGCHLD on the New Technology redbean will now cleanup child processes properly. New accounting information is available too, such as page faults and memory usage. The way it works is Cosmopolitan Libc samples the process collection on entry into read() and poll() to see if SIGCHLD needs to be raised. This change also fixes an issue with chibicc /tmp cleanup. There was also a regression in MODE=dbg because STL needed ASAN runtime support.
2022-03-23 04:04:08 +00:00
static bool HandleMessageActual(void) {
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
int rc;
Add redbean OnLogLatency hook (#495)
2022-07-19 03:17:14 +00:00
long reqtime, contime;
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
char *p;
Avoid long double timestamps in redbean
2022-08-06 02:24:05 +00:00
struct timespec now;
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if ((rc = ParseHttpMessage(&cpm.msg, inbuf.p, amtread)) != -1) {
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
if (!rc) return false;
Support POST parameters in redbean server pages See #97
2021-03-27 14:29:55 +00:00
hdrsize = rc;
Fix important bugs in redbean This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2022-09-17 08:37:33 +00:00
if (logmessages) {
LogMessage("received", inbuf.p, hdrsize);
}
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
p = HandleRequest();
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
} else {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.badmessages);
Parse Content-Range with missing right hand side Fixes #144
2021-04-02 01:51:12 +00:00
connectionclose = true;
Make redbean SSL more tunable This change enables SSL compression. It significantly reduces the network load of the testing infrastructure, for free, since this revision didn't need to change any runit protocol code. However we turn it off by default in redbean since no browsers support it. It turns out that some TLSv1.0 clients (e.g. curl command on RHEL5) will send an SSLv2-style ClientHello. These types of clients are usually ten+ years old and were designed to interop with servers ten years older than them. Your redbean is now able to interop with these clients even though redbean doesn't actually support SSLv2 or SSLv3. Please note that the -B flag may be passed to disable this along with TLSv1.0, TLSv1.1, 3DES, &c The following Lua APIs have been added to redbean: - ProgramSslCompression(bool) - ProgramSslCiphersuite(name:str) - ProgramSslPresharedKey(key:str,identity:str) Lastly the DHE ciphersuites have been enabled. IANA recommends DHE and with old clients like RHEL5 it's the only perfect forward secrecy they implement.
2021-08-09 14:00:23 +00:00
if ((p = DumpHexc(inbuf.p, MIN(amtread, 256), 0))) {
Improve logger API (#262) This breaking change improves naming consistency. - Rename LOGF to INFOF - Rename recently introduced ANYF to LOGF - Remove V* log calls, as they are not being used
2021-09-04 04:14:26 +00:00
INFOF("(clnt) %s sent garbage %s", DescribeClient(), p);
Make redbean SSL more tunable This change enables SSL compression. It significantly reduces the network load of the testing infrastructure, for free, since this revision didn't need to change any runit protocol code. However we turn it off by default in redbean since no browsers support it. It turns out that some TLSv1.0 clients (e.g. curl command on RHEL5) will send an SSLv2-style ClientHello. These types of clients are usually ten+ years old and were designed to interop with servers ten years older than them. Your redbean is now able to interop with these clients even though redbean doesn't actually support SSLv2 or SSLv3. Please note that the -B flag may be passed to disable this along with TLSv1.0, TLSv1.1, 3DES, &c The following Lua APIs have been added to redbean: - ProgramSslCompression(bool) - ProgramSslCiphersuite(name:str) - ProgramSslPresharedKey(key:str,identity:str) Lastly the DHE ciphersuites have been enabled. IANA recommends DHE and with old clients like RHEL5 it's the only perfect forward secrecy they implement.
2021-08-09 14:00:23 +00:00
}
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
return true;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (!cpm.msgsize) {
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
amtread = 0;
connectionclose = true;
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.synchronizationfailures);
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
DEBUGF("(clnt) could not synchronize message stream");
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
}
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (cpm.msg.version >= 10) {
Improve performance of printf functions
2021-04-24 20:58:34 +00:00
p = AppendCrlf(stpcpy(stpcpy(p, "Date: "), shared->currentdate));
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (!cpm.branded) p = stpcpy(p, serverheader);
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
if (extrahdrs) p = stpcpy(p, extrahdrs);
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
if (connectionclose) {
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
p = stpcpy(p, "Connection: close\r\n");
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
} else if (timeout.tv_sec < 0 && cpm.msg.version >= 11) {
Make more major improvements to redbean - POSIX regular expressions for Lua - Improved protocol parsing and encoding - Additional APIs for ZIP storage retrieval - Fix st_mode issue on NT for regular files - Generalized APIs for URL and Host handling - Worked out the kinks in resource resolution - Allow for custom error pages like /404.html
2021-04-21 02:14:21 +00:00
p = stpcpy(p, "Connection: keep-alive\r\n");
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
}
Fix double Content-Type after SetHeader (#327)
2022-03-05 02:44:39 +00:00
// keep content-type update *before* referrerpolicy
// https://datatracker.ietf.org/doc/html/rfc2616#section-7.2.1
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (!cpm.hascontenttype && cpm.contentlength > 0) {
Fix double Content-Type after SetHeader (#327)
2022-03-05 02:44:39 +00:00
p = AppendContentType(p, "text/html");
}
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (cpm.referrerpolicy) {
Restore Referer-Policy and wrap up MbedTLS changes redbean will now set Referer-Policy to no-referrer-when-downgrade on text/html responses by default. There's better explanations on the bits of security redbean is offering. In short, it's 128+ for modern clients and 112+ for legacy. If the -B flag is used then it's 192+ for modern and 150+ for non-EC.
2021-08-04 05:42:17 +00:00
p = stpcpy(p, "Referrer-Policy: ");
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
p = stpcpy(p, cpm.referrerpolicy);
Restore Referer-Policy and wrap up MbedTLS changes redbean will now set Referer-Policy to no-referrer-when-downgrade on text/html responses by default. There's better explanations on the bits of security redbean is offering. In short, it's 128+ for modern clients and 112+ for legacy. If the -B flag is used then it's 192+ for modern and 150+ for non-EC.
2021-08-04 05:42:17 +00:00
p = stpcpy(p, "\r\n");
}
Add redbean OnLogLatency hook (#495)
2022-07-19 03:17:14 +00:00
if (loglatency || LOGGABLE(kLogDebug) || hasonloglatency) {
Improve cancellations, randomness, and time - Exhaustively document cancellation points - Rename SIGCANCEL to SIGTHR just like BSDs - Further improve POSIX thread cancellations - Ensure asynchronous cancellations work correctly - Elevate the quality of getrandom() and getentropy() - Make futexes cancel correctly on OpenBSD 6.x and 7.x - Add reboot.com and shutdown.com to examples directory - Remove underscore prefix from awesome timespec_*() APIs - Create assertions that help verify our cancellation points - Remove bad timespec APIs (cmp generalizes eq/ne/gt/gte/lt/lte)
2022-11-06 02:49:41 +00:00
now = timespec_real();
reqtime = timespec_tomicros(timespec_sub(now, startrequest));
contime = timespec_tomicros(timespec_sub(now, startconnection));
Add redbean OnLogLatency hook (#495)
2022-07-19 03:17:14 +00:00
if (hasonloglatency) LuaOnLogLatency(reqtime, contime);
if (loglatency || LOGGABLE(kLogDebug))
LOGF(kLogDebug, "(stat) %`'.*s latency r: %,ldµs c: %,ldµs",
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
cpm.msg.uri.b - cpm.msg.uri.a, inbuf.p + cpm.msg.uri.a, reqtime,
contime);
Add state assertions to redbean Lua APIs Many of the API functions provided by redbean are only appropriate to call in certain contexts, such as request handling or .init.lua, etc. For example, Fetch can't be called from the global scope of .init.lua because SSL hasn't been configured yet. Earlier if this happened then redbean would crash, which was confusing. What we'll do now is show a friendly error message. See #97 This change also undocuments redbean ssl compression support since it seems to be causing a flake in the testing infrastructure.
2021-08-09 21:45:52 +00:00
}
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (!cpm.generator) {
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
return TransmitResponse(p);
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
} else {
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
return StreamResponse(p);
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
}
Make improvements - Emulator can now test the αcτµαlly pδrταblε εxεcµταblε bootloader - Whipped up a webserver named redbean. It services 150k requests per second on a single core. Bundling assets inside zip enables extremely fast serving for two reasons. The first is that zip central directory lookups go faster than stat() system calls. The second is that both zip and gzip content-encoding use DEFLATE, therefore, compressed responses can be served via the sendfile() system call which does an in-kernel copy directly from the zip executable structure. Also note that red bean zip executables can be deployed easily to all platforms, since these native executables work on Linux, Mac, BSD, and Windows. - Address sanitizer now works very well
2020-09-07 04:39:00 +00:00
}
Add state assertions to redbean Lua APIs Many of the API functions provided by redbean are only appropriate to call in certain contexts, such as request handling or .init.lua, etc. For example, Fetch can't be called from the global scope of .init.lua because SSL hasn't been configured yet. Earlier if this happened then redbean would crash, which was confusing. What we'll do now is show a friendly error message. See #97 This change also undocuments redbean ssl compression support since it seems to be causing a flake in the testing infrastructure.
2021-08-09 21:45:52 +00:00
static bool HandleMessage(void) {
bool r;
ishandlingrequest = true;
Polyfill SIGCHLD on the New Technology redbean will now cleanup child processes properly. New accounting information is available too, such as page faults and memory usage. The way it works is Cosmopolitan Libc samples the process collection on entry into read() and poll() to see if SIGCHLD needs to be raised. This change also fixes an issue with chibicc /tmp cleanup. There was also a regression in MODE=dbg because STL needed ASAN runtime support.
2022-03-23 04:04:08 +00:00
r = HandleMessageActual();
Add state assertions to redbean Lua APIs Many of the API functions provided by redbean are only appropriate to call in certain contexts, such as request handling or .init.lua, etc. For example, Fetch can't be called from the global scope of .init.lua because SSL hasn't been configured yet. Earlier if this happened then redbean would crash, which was confusing. What we'll do now is show a friendly error message. See #97 This change also undocuments redbean ssl compression support since it seems to be causing a flake in the testing infrastructure.
2021-08-09 21:45:52 +00:00
ishandlingrequest = false;
return r;
}
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
static void InitRequest(void) {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
assert(!cpm.outbuf);
bzero(&cpm, sizeof(cpm));
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
Make redbean SSL more tunable This change enables SSL compression. It significantly reduces the network load of the testing infrastructure, for free, since this revision didn't need to change any runit protocol code. However we turn it off by default in redbean since no browsers support it. It turns out that some TLSv1.0 clients (e.g. curl command on RHEL5) will send an SSLv2-style ClientHello. These types of clients are usually ten+ years old and were designed to interop with servers ten years older than them. Your redbean is now able to interop with these clients even though redbean doesn't actually support SSLv2 or SSLv3. Please note that the -B flag may be passed to disable this along with TLSv1.0, TLSv1.1, 3DES, &c The following Lua APIs have been added to redbean: - ProgramSslCompression(bool) - ProgramSslCiphersuite(name:str) - ProgramSslPresharedKey(key:str,identity:str) Lastly the DHE ciphersuites have been enabled. IANA recommends DHE and with old clients like RHEL5 it's the only perfect forward secrecy they implement.
2021-08-09 14:00:23 +00:00
static bool IsSsl(unsigned char c) {
if (c == 22) return true;
if (!(c & 128)) return false;
/* RHEL5 sends SSLv2 hello but supports TLS */
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
DEBUGF("(ssl) %s SSLv2 hello D:", DescribeClient());
Make redbean SSL more tunable This change enables SSL compression. It significantly reduces the network load of the testing infrastructure, for free, since this revision didn't need to change any runit protocol code. However we turn it off by default in redbean since no browsers support it. It turns out that some TLSv1.0 clients (e.g. curl command on RHEL5) will send an SSLv2-style ClientHello. These types of clients are usually ten+ years old and were designed to interop with servers ten years older than them. Your redbean is now able to interop with these clients even though redbean doesn't actually support SSLv2 or SSLv3. Please note that the -B flag may be passed to disable this along with TLSv1.0, TLSv1.1, 3DES, &c The following Lua APIs have been added to redbean: - ProgramSslCompression(bool) - ProgramSslCiphersuite(name:str) - ProgramSslPresharedKey(key:str,identity:str) Lastly the DHE ciphersuites have been enabled. IANA recommends DHE and with old clients like RHEL5 it's the only perfect forward secrecy they implement.
2021-08-09 14:00:23 +00:00
return true;
}
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
static void HandleMessages(void) {
Improve redbean plus code size optimizations This change turns symbol table compression back on using Puff, which noticeably reduces the size of programs like redbean and Python. The redbean web server receives some minor API additions for controlling things like SSL in addition to filling gaps in the documentation.
2022-05-29 15:14:55 +00:00
char *p;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
bool once;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
ssize_t rc;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
size_t got;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
for (once = false;;) {
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
InitRequest();
Improve cancellations, randomness, and time - Exhaustively document cancellation points - Rename SIGCANCEL to SIGTHR just like BSDs - Further improve POSIX thread cancellations - Ensure asynchronous cancellations work correctly - Elevate the quality of getrandom() and getentropy() - Make futexes cancel correctly on OpenBSD 6.x and 7.x - Add reboot.com and shutdown.com to examples directory - Remove underscore prefix from awesome timespec_*() APIs - Create assertions that help verify our cancellation points - Remove bad timespec APIs (cmp generalizes eq/ne/gt/gte/lt/lte)
2022-11-06 02:49:41 +00:00
startread = timespec_real();
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
for (;;) {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (!cpm.msg.i && amtread) {
Improve cancellations, randomness, and time - Exhaustively document cancellation points - Rename SIGCANCEL to SIGTHR just like BSDs - Further improve POSIX thread cancellations - Ensure asynchronous cancellations work correctly - Elevate the quality of getrandom() and getentropy() - Make futexes cancel correctly on OpenBSD 6.x and 7.x - Add reboot.com and shutdown.com to examples directory - Remove underscore prefix from awesome timespec_*() APIs - Create assertions that help verify our cancellation points - Remove bad timespec APIs (cmp generalizes eq/ne/gt/gte/lt/lte)
2022-11-06 02:49:41 +00:00
startrequest = timespec_real();
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
if (HandleMessage()) break;
}
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
if ((rc = reader(client, inbuf.p + amtread, inbuf.n - amtread)) != -1) {
Improve cancellations, randomness, and time - Exhaustively document cancellation points - Rename SIGCANCEL to SIGTHR just like BSDs - Further improve POSIX thread cancellations - Ensure asynchronous cancellations work correctly - Elevate the quality of getrandom() and getentropy() - Make futexes cancel correctly on OpenBSD 6.x and 7.x - Add reboot.com and shutdown.com to examples directory - Remove underscore prefix from awesome timespec_*() APIs - Create assertions that help verify our cancellation points - Remove bad timespec APIs (cmp generalizes eq/ne/gt/gte/lt/lte)
2022-11-06 02:49:41 +00:00
startrequest = timespec_real();
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
got = rc;
amtread += got;
if (amtread) {
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
#ifndef UNSECURE
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
if (!once) {
once = true;
Make some systemic improvements - add vdso dump utility - tests now log stack usage - rename g_ftrace to __ftrace - make internal spinlocks go faster - add conformant c11 atomics library - function tracing now logs stack usage - make function call tracing thread safe - add -X unsecure (no ssl) mode to redbean - munmap() has more consistent behavior now - pacify fsync() calls on python unit tests - make --strace flag work better in redbean - start minimizing and documenting compiler flags
2022-05-18 23:41:29 +00:00
if (!unsecure) {
if (IsSsl(inbuf.p[0])) {
if (TlsSetup()) {
continue;
} else {
return;
}
Improve redbean plus code size optimizations This change turns symbol table compression back on using Puff, which noticeably reduces the size of programs like redbean and Python. The redbean web server receives some minor API additions for controlling things like SSL in addition to filling gaps in the documentation.
2022-05-29 15:14:55 +00:00
} else if (requiressl) {
INFOF("(clnt) %s didn't send an ssl hello", DescribeClient());
return;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
} else {
Make some systemic improvements - add vdso dump utility - tests now log stack usage - rename g_ftrace to __ftrace - make internal spinlocks go faster - add conformant c11 atomics library - function tracing now logs stack usage - make function call tracing thread safe - add -X unsecure (no ssl) mode to redbean - munmap() has more consistent behavior now - pacify fsync() calls on python unit tests - make --strace flag work better in redbean - start minimizing and documenting compiler flags
2022-05-18 23:41:29 +00:00
WipeServingKeys();
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
}
}
}
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
#endif
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
DEBUGF("(stat) %s read %,zd bytes", DescribeClient(), got);
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
if (HandleMessage()) {
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
break;
} else if (got) {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
HandleFrag(got);
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
}
if (!got) {
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
NotifyClose();
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
LogClose("disconnect");
return;
}
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
} else if (errno == EINTR) {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.readinterrupts);
Polish recent changes and make improvements - Simulate SIGPIPE on Windows NT - Fix commandv() regression on Windows NT - Fix sigprocmask() strace bug on OpenBSD - Add many more system calls to --strace logging - Make errno state more pristine in redbean strace
2022-03-19 10:37:00 +00:00
errno = 0;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
} else if (errno == EAGAIN) {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.readtimeouts);
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
if (amtread) SendTimeout();
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
NotifyClose();
Reduce redbean logging for EBADF (#461) This may happen on explicitly closed client connections, so reduce the logging level similar to other errors.
2022-07-08 14:14:50 +00:00
LogClose("read timeout");
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
return;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
} else if (errno == ECONNRESET) {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.readresets);
Reduce redbean logging for EBADF (#461) This may happen on explicitly closed client connections, so reduce the logging level similar to other errors.
2022-07-08 14:14:50 +00:00
LogClose("read reset");
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
return;
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
} else {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.readerrors);
Reduce redbean logging for EBADF (#461) This may happen on explicitly closed client connections, so reduce the logging level similar to other errors.
2022-07-08 14:14:50 +00:00
if (errno == EBADF) { // don't warn on close/bad fd
LogClose("read badf");
} else {
WARNF("(clnt) %s read error: %m", DescribeClient());
}
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
return;
}
if (killed || (terminated && !amtread) ||
Avoid long double timestamps in redbean
2022-08-06 02:24:05 +00:00
(meltdown &&
Improve cancellations, randomness, and time - Exhaustively document cancellation points - Rename SIGCANCEL to SIGTHR just like BSDs - Further improve POSIX thread cancellations - Ensure asynchronous cancellations work correctly - Elevate the quality of getrandom() and getentropy() - Make futexes cancel correctly on OpenBSD 6.x and 7.x - Add reboot.com and shutdown.com to examples directory - Remove underscore prefix from awesome timespec_*() APIs - Create assertions that help verify our cancellation points - Remove bad timespec APIs (cmp generalizes eq/ne/gt/gte/lt/lte)
2022-11-06 02:49:41 +00:00
(!amtread || timespec_cmp(timespec_sub(timespec_real(), startread),
(struct timespec){1}) >= 0))) {
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
if (amtread) {
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.dropped);
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
SendServiceUnavailable();
}
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
NotifyClose();
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
LogClose(DescribeClose());
return;
}
Add live reindexing to redbean when zip changes
2021-05-02 18:50:43 +00:00
if (invalidated) {
HandleReload();
invalidated = false;
}
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
if (cpm.msgsize == amtread) {
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
amtread = 0;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
if (killed) {
LogClose(DescribeClose());
return;
} else if (connectionclose || terminated || meltdown) {
NotifyClose();
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
LogClose(DescribeClose());
return;
}
} else {
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
CHECK_LT(cpm.msgsize, amtread);
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
LockInc(&shared->c.pipelinedrequests);
Improve redbean memory locality Doing this improves message latency and throughput, since we're consolidating the 504 bytes of static memory which has the most churn into a single place.
2022-08-06 00:34:53 +00:00
DEBUGF("(stat) %,ld pipelinedrequest bytes", amtread - cpm.msgsize);
memmove(inbuf.p, inbuf.p + cpm.msgsize, amtread - cpm.msgsize);
amtread -= cpm.msgsize;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
if (killed) {
LogClose(DescribeClose());
return;
} else if (connectionclose) {
NotifyClose();
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
LogClose(DescribeClose());
return;
}
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
}
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
CollectGarbage();
Add live reindexing to redbean when zip changes
2021-05-02 18:50:43 +00:00
if (invalidated) {
HandleReload();
invalidated = false;
}
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
}
}
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
static void CloseServerFds(void) {
size_t i;
for (i = 0; i < servers.n; ++i) {
close(servers.p[i].fd);
}
}
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
static int ExitWorker(void) {
Add seccomp bpf sandboxing to redbean It's now possible to pass the `-S` or `-SS` flags to sandbox redbean worker proecsses after they've been forked. The first `-S` flag is intended to be a permissive builtin policy that limits system calls to only that which the various parts of redbean serving need. The second `-SS` flag is intended to be more restrictive, preventing things like the Lua extensions you download off the web from using the HTTP client or sockets APIs. In upcoming changes you'll be able to implement your own Berkeley Packet Filter sandbox programs and load them via Lua.
2022-04-18 15:54:42 +00:00
if (IsModeDbg() && !sandboxed) {
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
isexitingworker = true;
return eintr();
}
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
if (monitortty) {
terminatemonitor = true;
Make _Thread_local work across platforms We now rewrite the binary image at runtime on Windows and XNU to change mov %fs:0,%reg instructions to use %gs instead. There's also simpler threading API introduced by this change and it's called _spawn() and _join(), which has replaced most clone() usage.
2022-07-10 11:01:17 +00:00
_join(&monitorth);
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
}
Fix bugs and add security features to redbean - Fix a regression with the previous change that broke redbean - Add chroot(), resource limit, seccomp, and other stuff to redbean - Write lots and lots of documentation - Iron out more system call issues
2022-04-18 07:01:26 +00:00
_Exit(0);
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
}
Do some work on redbean - Rewrite Slurp() API to be like string.sub() - Introduce a new Barf() API for creating files - Update Redbean `-S` sandbox flag to do unveiling
2022-07-23 03:44:24 +00:00
static void UnveilRedbean(void) {
size_t i;
for (i = 0; i < stagedirs.n; ++i) {
unveil(stagedirs.p[i].s, "r");
}
unveil(0, 0);
}
Add seccomp bpf sandboxing to redbean It's now possible to pass the `-S` or `-SS` flags to sandbox redbean worker proecsses after they've been forked. The first `-S` flag is intended to be a permissive builtin policy that limits system calls to only that which the various parts of redbean serving need. The second `-SS` flag is intended to be more restrictive, preventing things like the Lua extensions you download off the web from using the HTTP client or sockets APIs. In upcoming changes you'll be able to implement your own Berkeley Packet Filter sandbox programs and load them via Lua.
2022-04-18 15:54:42 +00:00
static int EnableSandbox(void) {
Refactor pledge() to be more configurable The earlier iterations did too much guesswork when it came to things like stderr logging and syscall origin verification. This change will make things more conformant to existing practices. The __pledge_mode extension now can be configured in a better way. There's also a new `-q` flag added to pledge.com, e.g. o//tool/build/pledge.com -qv. ls Is a good way to disable warnings about `tty` access attempts.
2022-08-11 18:27:25 +00:00
__pledge_mode = PLEDGE_PENALTY_RETURN_EPERM | PLEDGE_STDERR_LOGGING;
Add seccomp bpf sandboxing to redbean It's now possible to pass the `-S` or `-SS` flags to sandbox redbean worker proecsses after they've been forked. The first `-S` flag is intended to be a permissive builtin policy that limits system calls to only that which the various parts of redbean serving need. The second `-SS` flag is intended to be more restrictive, preventing things like the Lua extensions you download off the web from using the HTTP client or sockets APIs. In upcoming changes you'll be able to implement your own Berkeley Packet Filter sandbox programs and load them via Lua.
2022-04-18 15:54:42 +00:00
switch (sandboxed) {
case 0:
return 0;
Bump redbean to 2.0.9
2022-07-09 12:49:19 +00:00
case 1: // -S
Add seccomp bpf sandboxing to redbean It's now possible to pass the `-S` or `-SS` flags to sandbox redbean worker proecsses after they've been forked. The first `-S` flag is intended to be a permissive builtin policy that limits system calls to only that which the various parts of redbean serving need. The second `-SS` flag is intended to be more restrictive, preventing things like the Lua extensions you download off the web from using the HTTP client or sockets APIs. In upcoming changes you'll be able to implement your own Berkeley Packet Filter sandbox programs and load them via Lua.
2022-04-18 15:54:42 +00:00
DEBUGF("(stat) applying '%s' sandbox policy", "online");
Do some work on redbean - Rewrite Slurp() API to be like string.sub() - Introduce a new Barf() API for creating files - Update Redbean `-S` sandbox flag to do unveiling
2022-07-23 03:44:24 +00:00
UnveilRedbean();
Improve pledge() usability and consistency - We now kill the program on violations like OpenBSD - We now print a message explaining which promise is needed - This change also fixes a linkage bug with thread local storage - Your sigaction() handlers should now be more thread safe A new `__pledge_mode` global has been introduced to make pledge() more customizable on Linux. For example: __attribute__((__constructor__)) static void init(void) { __pledge_mode = SECCOMP_RET_ERRNO | EPERM; } Can be used to restore our old permissive pledge() behavior.
2022-08-07 23:18:33 +00:00
return pledge("stdio rpath inet dns id", 0);
Bump redbean to 2.0.9
2022-07-09 12:49:19 +00:00
case 2: // -SS
Add seccomp bpf sandboxing to redbean It's now possible to pass the `-S` or `-SS` flags to sandbox redbean worker proecsses after they've been forked. The first `-S` flag is intended to be a permissive builtin policy that limits system calls to only that which the various parts of redbean serving need. The second `-SS` flag is intended to be more restrictive, preventing things like the Lua extensions you download off the web from using the HTTP client or sockets APIs. In upcoming changes you'll be able to implement your own Berkeley Packet Filter sandbox programs and load them via Lua.
2022-04-18 15:54:42 +00:00
DEBUGF("(stat) applying '%s' sandbox policy", "offline");
Do some work on redbean - Rewrite Slurp() API to be like string.sub() - Introduce a new Barf() API for creating files - Update Redbean `-S` sandbox flag to do unveiling
2022-07-23 03:44:24 +00:00
UnveilRedbean();
Improve pledge() usability and consistency - We now kill the program on violations like OpenBSD - We now print a message explaining which promise is needed - This change also fixes a linkage bug with thread local storage - Your sigaction() handlers should now be more thread safe A new `__pledge_mode` global has been introduced to make pledge() more customizable on Linux. For example: __attribute__((__constructor__)) static void init(void) { __pledge_mode = SECCOMP_RET_ERRNO | EPERM; } Can be used to restore our old permissive pledge() behavior.
2022-08-07 23:18:33 +00:00
return pledge("stdio rpath id", 0);
Bump redbean to 2.0.9
2022-07-09 12:49:19 +00:00
default: // -SSS
DEBUGF("(stat) applying '%s' sandbox policy", "contained");
Do some work on redbean - Rewrite Slurp() API to be like string.sub() - Introduce a new Barf() API for creating files - Update Redbean `-S` sandbox flag to do unveiling
2022-07-23 03:44:24 +00:00
UnveilRedbean();
Bump redbean to 2.0.9
2022-07-09 12:49:19 +00:00
return pledge("stdio", 0);
Add seccomp bpf sandboxing to redbean It's now possible to pass the `-S` or `-SS` flags to sandbox redbean worker proecsses after they've been forked. The first `-S` flag is intended to be a permissive builtin policy that limits system calls to only that which the various parts of redbean serving need. The second `-SS` flag is intended to be more restrictive, preventing things like the Lua extensions you download off the web from using the HTTP client or sockets APIs. In upcoming changes you'll be able to implement your own Berkeley Packet Filter sandbox programs and load them via Lua.
2022-04-18 15:54:42 +00:00
}
}
Make _Thread_local work across platforms We now rewrite the binary image at runtime on Windows and XNU to change mov %fs:0,%reg instructions to use %gs instead. There's also simpler threading API introduced by this change and it's called _spawn() and _join(), which has replaced most clone() usage.
2022-07-10 11:01:17 +00:00
static int MemoryMonitor(void *arg, int tid) {
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
static struct termios oldterm;
static int tty;
sigset_t ss;
bool done, ok;
size_t intervals;
struct winsize ws;
unsigned char rez;
struct termios term;
char *b, *addr, title[128];
struct MemoryInterval *mi, *mi2;
long i, j, k, n, x, y, pi, gen, pages;
int rc, id, color, color2, workers;
Make some systemic improvements - add vdso dump utility - tests now log stack usage - rename g_ftrace to __ftrace - make internal spinlocks go faster - add conformant c11 atomics library - function tracing now logs stack usage - make function call tracing thread safe - add -X unsecure (no ssl) mode to redbean - munmap() has more consistent behavior now - pacify fsync() calls on python unit tests - make --strace flag work better in redbean - start minimizing and documenting compiler flags
2022-05-18 23:41:29 +00:00
id = atomic_load_explicit(&shared->workers, memory_order_relaxed);
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
DEBUGF("(memv) started for pid %d on tid %d", getpid(), gettid());
sigemptyset(&ss);
sigaddset(&ss, SIGHUP);
sigaddset(&ss, SIGINT);
sigaddset(&ss, SIGQUIT);
sigaddset(&ss, SIGTERM);
sigaddset(&ss, SIGPIPE);
sigaddset(&ss, SIGUSR1);
sigaddset(&ss, SIGUSR2);
sigprocmask(SIG_BLOCK, &ss, 0);
Clean up some of the threading code
2022-09-08 18:54:56 +00:00
pthread_spin_lock(&shared->montermlock);
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
if (!id) {
if ((tty = open(monitortty, O_RDWR | O_NOCTTY)) != -1) {
ioctl(tty, TCGETS, &oldterm);
term = oldterm;
term.c_iflag &= ~(BRKINT | ICRNL | INPCK | ISTRIP | IXON);
term.c_lflag &= ~(ECHO | ICANON | IEXTEN | ISIG);
term.c_oflag |= OPOST | ONLCR;
term.c_iflag |= IUTF8;
term.c_cflag |= CS8;
term.c_cc[VMIN] = 1;
term.c_cc[VTIME] = 0;
ioctl(tty, TCSETS, &term);
WRITE(tty, "\e[?25l", 6);
}
}
Clean up some of the threading code
2022-09-08 18:54:56 +00:00
pthread_spin_unlock(&shared->montermlock);
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
if (tty != -1) {
Make fixes and improvements - Document more compiler flags - Expose new __print_maps() api - Better overflow checking in mmap() - Improve the shell example somewhat - Fix minor runtime bugs regarding stacks - Make kill() on fork()+execve()'d children work - Support CLONE_CHILD_CLEARTID for proper joining - Fix recent possible deadlock regression with --ftrace
2022-05-19 23:57:49 +00:00
for (gen = 0, mi = 0, b = 0; !terminatemonitor;) {
Make some systemic improvements - add vdso dump utility - tests now log stack usage - rename g_ftrace to __ftrace - make internal spinlocks go faster - add conformant c11 atomics library - function tracing now logs stack usage - make function call tracing thread safe - add -X unsecure (no ssl) mode to redbean - munmap() has more consistent behavior now - pacify fsync() calls on python unit tests - make --strace flag work better in redbean - start minimizing and documenting compiler flags
2022-05-18 23:41:29 +00:00
workers = atomic_load_explicit(&shared->workers, memory_order_relaxed);
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
if (id) id = MAX(1, MIN(id, workers));
if (!id && workers) {
usleep(50000);
continue;
}
++gen;
Make some systemic improvements - add vdso dump utility - tests now log stack usage - rename g_ftrace to __ftrace - make internal spinlocks go faster - add conformant c11 atomics library - function tracing now logs stack usage - make function call tracing thread safe - add -X unsecure (no ssl) mode to redbean - munmap() has more consistent behavior now - pacify fsync() calls on python unit tests - make --strace flag work better in redbean - start minimizing and documenting compiler flags
2022-05-18 23:41:29 +00:00
intervals = atomic_load_explicit(&_mmi.i, memory_order_relaxed);
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
if ((mi2 = realloc(mi, (intervals += 3) * sizeof(*mi)))) {
mi = mi2;
mi[0].x = (intptr_t)_base >> 16;
mi[0].size = _etext - _base;
Remove some old dead code from ftrace
2022-05-20 11:01:50 +00:00
mi[0].flags = 0;
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
mi[1].x = (intptr_t)_etext >> 16;
mi[1].size = _edata - _etext;
Remove some old dead code from ftrace
2022-05-20 11:01:50 +00:00
mi[1].flags = 0;
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
mi[2].x = (intptr_t)_edata >> 16;
mi[2].size = _end - _edata;
Remove some old dead code from ftrace
2022-05-20 11:01:50 +00:00
mi[2].flags = 0;
Make locks more reliable This change switches most of the core locks to be re-entrant, in order to reduce the chance of deadlocking code that does, clever things with asynchronous signal handlers. This change implements it it in pthreads so we're one step closer to having a standardized threading primitives
2022-06-11 08:59:26 +00:00
__mmi_lock();
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
if (_mmi.i == intervals - 3) {
memcpy(mi + 3, _mmi.p, _mmi.i * sizeof(*mi));
ok = true;
} else {
ok = false;
}
Make locks more reliable This change switches most of the core locks to be re-entrant, in order to reduce the chance of deadlocking code that does, clever things with asynchronous signal handlers. This change implements it it in pthreads so we're one step closer to having a standardized threading primitives
2022-06-11 08:59:26 +00:00
__mmi_unlock();
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
if (!ok) {
Make fixes and improvements - Document more compiler flags - Expose new __print_maps() api - Better overflow checking in mmap() - Improve the shell example somewhat - Fix minor runtime bugs regarding stacks - Make kill() on fork()+execve()'d children work - Support CLONE_CHILD_CLEARTID for proper joining - Fix recent possible deadlock regression with --ftrace
2022-05-19 23:57:49 +00:00
VERBOSEF("(memv) retrying due to contention on mmap table");
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
continue;
}
ws.ws_col = 80;
ws.ws_row = 40;
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
_getttysize(tty, &ws);
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
appendr(&b, 0);
appends(&b, "\e[H\e[1m");
for (pi = k = x = y = i = 0; i < intervals; ++i) {
addr = (char *)((int64_t)((uint64_t)mi[i].x << 32) >> 16);
color = 0;
appendf(&b, "\e[0m%lx", addr);
pages = (mi[i].size + PAGESIZE - 1) / PAGESIZE;
for (j = 0; j < pages; ++j) {
rc = mincore(addr + j * PAGESIZE, PAGESIZE, &rez);
if (!rc) {
if (rez & 1) {
Remove some old dead code from ftrace
2022-05-20 11:01:50 +00:00
if (mi[i].flags & MAP_SHARED) {
color2 = 105;
} else {
color2 = 42;
}
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
} else {
color2 = 41;
}
} else {
errno = 0;
color2 = 0;
}
if (color != color2) {
color = color2;
appendf(&b, "\e[%dm", color);
}
Remove some old dead code from ftrace
2022-05-20 11:01:50 +00:00
if (mi[i].flags & MAP_ANONYMOUS) {
appendw(&b, ' ');
} else {
appendw(&b, '/');
}
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
}
}
appendf(&b,
"\e[0m ID=%d PID=%d WS=%dx%d WORKERS=%d MODE=" MODE
" GEN=%ld\e[J",
id, getpid(), ws.ws_col, ws.ws_row, workers, gen);
Clean up some of the threading code
2022-09-08 18:54:56 +00:00
pthread_spin_lock(&shared->montermlock);
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
WRITE(tty, b, appendz(b).i);
appendr(&b, 0);
usleep(MONITOR_MICROS);
Clean up some of the threading code
2022-09-08 18:54:56 +00:00
pthread_spin_unlock(&shared->montermlock);
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
} else {
// running out of memory temporarily is a real possibility here
// the right thing to do, is stand aside and let lua try to fix
WARNF("(memv) we require more vespene gas");
usleep(MONITOR_MICROS);
}
}
if (!id) {
appendr(&b, 0);
appends(&b, "\e[H\e[J\e[?25h");
WRITE(tty, b, appendz(b).i);
ioctl(tty, TCSETS, &oldterm);
}
DEBUGF("(memv) exiting...");
close(tty);
free(mi);
free(b);
}
Make fixes and improvements - Document more compiler flags - Expose new __print_maps() api - Better overflow checking in mmap() - Improve the shell example somewhat - Fix minor runtime bugs regarding stacks - Make kill() on fork()+execve()'d children work - Support CLONE_CHILD_CLEARTID for proper joining - Fix recent possible deadlock regression with --ftrace
2022-05-19 23:57:49 +00:00
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
DEBUGF("(memv) done");
return 0;
}
Make fixes and improvements - Document more compiler flags - Expose new __print_maps() api - Better overflow checking in mmap() - Improve the shell example somewhat - Fix minor runtime bugs regarding stacks - Make kill() on fork()+execve()'d children work - Support CLONE_CHILD_CLEARTID for proper joining - Fix recent possible deadlock regression with --ftrace
2022-05-19 23:57:49 +00:00
static void MonitorMemory(void) {
Make _Thread_local work across platforms We now rewrite the binary image at runtime on Windows and XNU to change mov %fs:0,%reg instructions to use %gs instead. There's also simpler threading API introduced by this change and it's called _spawn() and _join(), which has replaced most clone() usage.
2022-07-10 11:01:17 +00:00
if (_spawn(MemoryMonitor, 0, &monitorth) == -1) {
WARNF("(memv) failed to start memory monitor %m");
Make fixes and improvements - Document more compiler flags - Expose new __print_maps() api - Better overflow checking in mmap() - Improve the shell example somewhat - Fix minor runtime bugs regarding stacks - Make kill() on fork()+execve()'d children work - Support CLONE_CHILD_CLEARTID for proper joining - Fix recent possible deadlock regression with --ftrace
2022-05-19 23:57:49 +00:00
}
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
}
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
static int HandleConnection(size_t i) {
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
uint32_t ip;
int pid, tok, rc = 0;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
clientaddrsize = sizeof(clientaddr);
Improve cosmo's conformance to libc-test This change addresses various open source compatibility issues, so that we pass 313/411 of the tests in https://github.com/jart/libc-test where earlier today we were passing about 30/411 of them, due to header toil. Please note that Glibc only passes 341/411 so 313 today is pretty good! - Make the conformance of libc/isystem/ headers nearly perfect - Import more of the remaining math library routines from Musl - Fix inconsistencies with type signatures of calls like umask - Write tests for getpriority/setpriority which work great now - conform to `struct sockaddr *` on remaining socket functions - Import a bunch of uninteresting stdlib functions e.g. rand48 - Introduce readdir_r, scandir, pthread_kill, sigsetjmp, etc.. Follow the instructions in our `tool/scripts/cosmocc` toolchain to run these tests yourself. You use `make CC=cosmocc` on the test repository
2022-10-11 00:52:41 +00:00
if ((client = accept4(servers.p[i].fd, (struct sockaddr *)&clientaddr,
&clientaddrsize, SOCK_CLOEXEC)) != -1) {
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
LockInc(&shared->c.accepts);
GetClientAddr(&ip, 0);
if (tokenbucket.cidr && tokenbucket.reject >= 0) {
Make some more fixes to prod
2022-10-19 20:10:00 +00:00
if (!IsTrustedIp(ip)) {
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
tok = AcquireToken(tokenbucket.b, ip, tokenbucket.cidr);
if (tok <= tokenbucket.ban && tokenbucket.ban >= 0) {
Make some more fixes to prod
2022-10-19 20:10:00 +00:00
WARNF("(token) banning %hhu.%hhu.%hhu.%hhu who only has %d tokens",
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
ip >> 24, ip >> 16, ip >> 8, ip, tok);
LockInc(&shared->c.bans);
Blackhole(ip);
close(client);
return 0;
} else if (tok <= tokenbucket.ignore && tokenbucket.ignore >= 0) {
Make some more fixes to prod
2022-10-19 20:10:00 +00:00
DEBUGF("(token) ignoring %hhu.%hhu.%hhu.%hhu who only has %d tokens",
ip >> 24, ip >> 16, ip >> 8, ip, tok);
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
LockInc(&shared->c.ignores);
close(client);
return 0;
} else if (tok < tokenbucket.reject) {
Make some more fixes to prod
2022-10-19 20:10:00 +00:00
WARNF("(token) rejecting %hhu.%hhu.%hhu.%hhu who only has %d tokens",
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
ip >> 24, ip >> 16, ip >> 8, ip, tok);
LockInc(&shared->c.rejects);
SendTooManyRequests();
close(client);
return 0;
Make some more fixes to prod
2022-10-19 20:10:00 +00:00
} else {
DEBUGF("(token) %hhu.%hhu.%hhu.%hhu has %d tokens", ip >> 24,
ip >> 16, ip >> 8, ip, tok - 1);
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
}
} else {
Make some more fixes to prod
2022-10-19 20:10:00 +00:00
DEBUGF("(token) won't acquire token for trusted ip %hhu.%hhu.%hhu.%hhu",
ip >> 24, ip >> 16, ip >> 8, ip);
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
}
Make some more fixes to prod
2022-10-19 20:10:00 +00:00
} else {
DEBUGF("(token) can't acquire accept() token for client");
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
}
Improve cancellations, randomness, and time - Exhaustively document cancellation points - Rename SIGCANCEL to SIGTHR just like BSDs - Further improve POSIX thread cancellations - Ensure asynchronous cancellations work correctly - Elevate the quality of getrandom() and getentropy() - Make futexes cancel correctly on OpenBSD 6.x and 7.x - Add reboot.com and shutdown.com to examples directory - Remove underscore prefix from awesome timespec_*() APIs - Create assertions that help verify our cancellation points - Remove bad timespec APIs (cmp generalizes eq/ne/gt/gte/lt/lte)
2022-11-06 02:49:41 +00:00
startconnection = timespec_real();
Enter meltdown mode if ProgramMaxWorkers triggers
2022-08-05 22:42:17 +00:00
if (UNLIKELY(maxworkers) && shared->workers >= maxworkers) {
EnterMeltdownMode();
SendServiceUnavailable();
close(client);
return 0;
}
Add seccomp bpf sandboxing to redbean It's now possible to pass the `-S` or `-SS` flags to sandbox redbean worker proecsses after they've been forked. The first `-S` flag is intended to be a permissive builtin policy that limits system calls to only that which the various parts of redbean serving need. The second `-SS` flag is intended to be more restrictive, preventing things like the Lua extensions you download off the web from using the HTTP client or sockets APIs. In upcoming changes you'll be able to implement your own Berkeley Packet Filter sandbox programs and load them via Lua.
2022-04-18 15:54:42 +00:00
VERBOSEF("(srvr) accept %s via %s", DescribeClient(), DescribeServer());
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
messageshandled = 0;
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
if (hasonclientconnection && LuaOnClientConnection()) {
close(client);
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
return 0;
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
}
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
if (uniprocess) {
pid = -1;
connectionclose = true;
} else {
switch ((pid = fork())) {
case 0:
Improve redbean plus code size optimizations This change turns symbol table compression back on using Puff, which noticeably reduces the size of programs like redbean and Python. The redbean web server receives some minor API additions for controlling things like SSL in addition to filling gaps in the documentation.
2022-05-29 15:14:55 +00:00
if (!IsTiny() && monitortty) {
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
MonitorMemory();
}
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
meltdown = false;
Add seccomp bpf sandboxing to redbean It's now possible to pass the `-S` or `-SS` flags to sandbox redbean worker proecsses after they've been forked. The first `-S` flag is intended to be a permissive builtin policy that limits system calls to only that which the various parts of redbean serving need. The second `-SS` flag is intended to be more restrictive, preventing things like the Lua extensions you download off the web from using the HTTP client or sockets APIs. In upcoming changes you'll be able to implement your own Berkeley Packet Filter sandbox programs and load them via Lua.
2022-04-18 15:54:42 +00:00
__isworker = true;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
connectionclose = false;
Polish redbean serialization
2022-04-29 13:06:23 +00:00
if (!IsTiny() && systrace) {
Make some more fixups
2022-06-12 16:37:17 +00:00
kStartTsc = rdtsc();
Improve performance of printf functions
2021-04-24 20:58:34 +00:00
}
Polish redbean serialization
2022-04-29 13:06:23 +00:00
TRACE_BEGIN;
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
if (sandboxed) {
CHECK_NE(-1, EnableSandbox());
}
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
if (hasonworkerstart) {
CallSimpleHook("OnWorkerStart");
}
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
break;
case -1:
Mold the redbean binary to minimize page faults This change brings page faults for precompressed static asset serving down from 27 to 20 (or fewer) after fork. This is more of an art than science. Hopefully Blinkenlights can visualize page faults soon.
2021-05-03 19:09:35 +00:00
HandleForkFailure();
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
return 0;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
default:
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
LockInc(&shared->workers);
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
close(client);
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
ReseedRng(&rng, "parent");
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
if (hasonprocesscreate) {
LuaOnProcessCreate(pid);
}
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
return 0;
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
}
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
}
Fix performance bottlenecks with nt fork redbean
2022-03-21 15:25:33 +00:00
if (!pid && !IsWindows()) {
CloseServerFds();
}
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
HandleMessages();
Improve cancellations, randomness, and time - Exhaustively document cancellation points - Rename SIGCANCEL to SIGTHR just like BSDs - Further improve POSIX thread cancellations - Ensure asynchronous cancellations work correctly - Elevate the quality of getrandom() and getentropy() - Make futexes cancel correctly on OpenBSD 6.x and 7.x - Add reboot.com and shutdown.com to examples directory - Remove underscore prefix from awesome timespec_*() APIs - Create assertions that help verify our cancellation points - Remove bad timespec APIs (cmp generalizes eq/ne/gt/gte/lt/lte)
2022-11-06 02:49:41 +00:00
DEBUGF("(stat) %s closing after %,ldµs", DescribeClient(),
timespec_tomicros(timespec_sub(timespec_real(), startconnection)));
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
if (!pid) {
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
if (hasonworkerstop) {
CallSimpleHook("OnWorkerStop");
}
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
rc = ExitWorker();
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
} else {
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
close(client);
oldin.p = 0;
oldin.n = 0;
if (inbuf.c) {
inbuf.p -= inbuf.c;
inbuf.n += inbuf.c;
inbuf.c = 0;
}
#ifndef UNSECURE
Improve redbean plus code size optimizations This change turns symbol table compression back on using Puff, which noticeably reduces the size of programs like redbean and Python. The redbean web server receives some minor API additions for controlling things like SSL in addition to filling gaps in the documentation.
2022-05-29 15:14:55 +00:00
if (usingssl) {
usingssl = false;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
reader = read;
writer = WritevAll;
mbedtls_ssl_session_reset(&ssl);
}
#endif
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
}
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
CollectGarbage();
Add /statusz page to redbean plus other enhancements redbean improvements: - Explicitly disable corking - Simulate Python regex API for Lua - Send warmup requests in main process on startup - Add Class-A granular IPv4 network classification - Add /statusz page so you can monitor your redbean's health - Fix regressions on OpenBSD/NetBSD caused by recent changes - Plug Authorization header into Lua GetUser and GetPass APIs - Recognize X-Forwarded-{For,Host} from local reverse proxies - Add many additional functions to redbean Lua server page API - Report resource usage of child processes on `/` listing page - Introduce `-a` flag for logging child process resource usage - Introduce `-t MILLIS` flag and `ProgramTimeout(ms)` init API - Introduce `-H "Header: value"` flag and `ProgramHeader(k,v)` API Cosmopolitan Libc improvements: - Make strerror() simpler - Make inet_pton() not depend on sscanf() - Fix OpenExecutable() which broke .data section earlier - Fix stdio in cases where it overflows kernel tty buffer - Fix bugs in crash reporting w/o .com.dbg binary present - Add polyfills for SO_LINGER, SO_RCVTIMEO, and SO_SNDTIMEO - Polyfill TCP_CORK on BSD and XNU using TCP_NOPUSH magnums New netcat clone in examples/nc.c: While testing some of the failure conditions for redbean, I noticed that BusyBox's `nc` command is pretty busted, if you use it as an interactive tool, rather than having it be part of a pipeline. Unfortunately this'll only work on UNIX since Windows doesn't let us poll on stdio and sockets at the same time because I don't think they want tools like this running on their platform. So if you want forbidden fruit, it's here so enjoy it
2021-04-23 17:45:19 +00:00
} else {
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
if (errno == EINTR || errno == EAGAIN) {
LockInc(&shared->c.acceptinterrupts);
} else if (errno == ENFILE) {
LockInc(&shared->c.enfiles);
Make some systemic improvements - add vdso dump utility - tests now log stack usage - rename g_ftrace to __ftrace - make internal spinlocks go faster - add conformant c11 atomics library - function tracing now logs stack usage - make function call tracing thread safe - add -X unsecure (no ssl) mode to redbean - munmap() has more consistent behavior now - pacify fsync() calls on python unit tests - make --strace flag work better in redbean - start minimizing and documenting compiler flags
2022-05-18 23:41:29 +00:00
LogAcceptError("enfile: too many open files");
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
meltdown = true;
} else if (errno == EMFILE) {
LockInc(&shared->c.emfiles);
Make some systemic improvements - add vdso dump utility - tests now log stack usage - rename g_ftrace to __ftrace - make internal spinlocks go faster - add conformant c11 atomics library - function tracing now logs stack usage - make function call tracing thread safe - add -X unsecure (no ssl) mode to redbean - munmap() has more consistent behavior now - pacify fsync() calls on python unit tests - make --strace flag work better in redbean - start minimizing and documenting compiler flags
2022-05-18 23:41:29 +00:00
LogAcceptError("emfile: ran out of open file quota");
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
meltdown = true;
} else if (errno == ENOMEM) {
LockInc(&shared->c.enomems);
Make some systemic improvements - add vdso dump utility - tests now log stack usage - rename g_ftrace to __ftrace - make internal spinlocks go faster - add conformant c11 atomics library - function tracing now logs stack usage - make function call tracing thread safe - add -X unsecure (no ssl) mode to redbean - munmap() has more consistent behavior now - pacify fsync() calls on python unit tests - make --strace flag work better in redbean - start minimizing and documenting compiler flags
2022-05-18 23:41:29 +00:00
LogAcceptError("enomem: ran out of memory");
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
meltdown = true;
} else if (errno == ENOBUFS) {
LockInc(&shared->c.enobufs);
Make some systemic improvements - add vdso dump utility - tests now log stack usage - rename g_ftrace to __ftrace - make internal spinlocks go faster - add conformant c11 atomics library - function tracing now logs stack usage - make function call tracing thread safe - add -X unsecure (no ssl) mode to redbean - munmap() has more consistent behavior now - pacify fsync() calls on python unit tests - make --strace flag work better in redbean - start minimizing and documenting compiler flags
2022-05-18 23:41:29 +00:00
LogAcceptError("enobuf: ran out of buffer");
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
meltdown = true;
} else if (errno == ENONET) {
LockInc(&shared->c.enonets);
Make some systemic improvements - add vdso dump utility - tests now log stack usage - rename g_ftrace to __ftrace - make internal spinlocks go faster - add conformant c11 atomics library - function tracing now logs stack usage - make function call tracing thread safe - add -X unsecure (no ssl) mode to redbean - munmap() has more consistent behavior now - pacify fsync() calls on python unit tests - make --strace flag work better in redbean - start minimizing and documenting compiler flags
2022-05-18 23:41:29 +00:00
LogAcceptError("enonet: network gone");
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
polls[i].fd = -polls[i].fd;
} else if (errno == ENETDOWN) {
LockInc(&shared->c.enetdowns);
Make some systemic improvements - add vdso dump utility - tests now log stack usage - rename g_ftrace to __ftrace - make internal spinlocks go faster - add conformant c11 atomics library - function tracing now logs stack usage - make function call tracing thread safe - add -X unsecure (no ssl) mode to redbean - munmap() has more consistent behavior now - pacify fsync() calls on python unit tests - make --strace flag work better in redbean - start minimizing and documenting compiler flags
2022-05-18 23:41:29 +00:00
LogAcceptError("enetdown: network down");
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
polls[i].fd = -polls[i].fd;
} else if (errno == ECONNABORTED) {
Make some systemic improvements - add vdso dump utility - tests now log stack usage - rename g_ftrace to __ftrace - make internal spinlocks go faster - add conformant c11 atomics library - function tracing now logs stack usage - make function call tracing thread safe - add -X unsecure (no ssl) mode to redbean - munmap() has more consistent behavior now - pacify fsync() calls on python unit tests - make --strace flag work better in redbean - start minimizing and documenting compiler flags
2022-05-18 23:41:29 +00:00
LockInc(&shared->c.accepterrors);
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
LockInc(&shared->c.acceptresets);
Improve dependency generation for libcxx headers This change also updates redbean to have more informative error messages based on the ones that are actually showing up in production.
2022-05-17 18:38:35 +00:00
WARNF("(srvr) %S accept error: %s", DescribeServer(),
Make some systemic improvements - add vdso dump utility - tests now log stack usage - rename g_ftrace to __ftrace - make internal spinlocks go faster - add conformant c11 atomics library - function tracing now logs stack usage - make function call tracing thread safe - add -X unsecure (no ssl) mode to redbean - munmap() has more consistent behavior now - pacify fsync() calls on python unit tests - make --strace flag work better in redbean - start minimizing and documenting compiler flags
2022-05-18 23:41:29 +00:00
"acceptreset: connection reset before accept");
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
} else if (errno == ENETUNREACH || errno == EHOSTUNREACH ||
errno == EOPNOTSUPP || errno == ENOPROTOOPT || errno == EPROTO) {
LockInc(&shared->c.accepterrors);
Make some systemic improvements - add vdso dump utility - tests now log stack usage - rename g_ftrace to __ftrace - make internal spinlocks go faster - add conformant c11 atomics library - function tracing now logs stack usage - make function call tracing thread safe - add -X unsecure (no ssl) mode to redbean - munmap() has more consistent behavior now - pacify fsync() calls on python unit tests - make --strace flag work better in redbean - start minimizing and documenting compiler flags
2022-05-18 23:41:29 +00:00
LockInc(&shared->c.acceptflakes);
Improve dependency generation for libcxx headers This change also updates redbean to have more informative error messages based on the ones that are actually showing up in production.
2022-05-17 18:38:35 +00:00
WARNF("(srvr) accept error: %s ephemeral accept error: %m",
DescribeServer());
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
} else {
DIEF("(srvr) %s accept error: %m", DescribeServer());
}
errno = 0;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
}
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
return rc;
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
}
Make build hermetic without shell scripts - Fix some minor issues in ar.com - Have execve() look for `ape` command - Rewrite NT paths using /c/ rather /??/c:/ - Replace broken GCC symlinks with .sym files - Rewrite $PATH environment variables on startup - Make $(APE_NO_MODIFY_SELF) the default bootloader - Add all build command dependencies to build/bootstrap - Get the repository mostly building from source on non-Linux
2022-05-25 18:31:08 +00:00
static void MakeExecutableModifiable(void) {
Make some systemic improvements - add vdso dump utility - tests now log stack usage - rename g_ftrace to __ftrace - make internal spinlocks go faster - add conformant c11 atomics library - function tracing now logs stack usage - make function call tracing thread safe - add -X unsecure (no ssl) mode to redbean - munmap() has more consistent behavior now - pacify fsync() calls on python unit tests - make --strace flag work better in redbean - start minimizing and documenting compiler flags
2022-05-18 23:41:29 +00:00
int ft;
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
size_t n;
extern char ape_rom_vaddr[] __attribute__((__weak__));
Rename LINUX to _HOSTLINUX etc. to reduce clashes (#655) Co-authored-by: tkchia <tkchia-cosmo@gmx.com>
2022-10-11 03:31:25 +00:00
if (!(SUPPORT_VECTOR & (_HOSTMETAL | _HOSTWINDOWS | _HOSTXNU))) return;
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
if (IsWindows()) return; // TODO
if (IsOpenbsd()) return; // TODO
if (IsNetbsd()) return; // TODO
Pay off more technical debt This makes breaking changes to add underscores to many non-standard function names provided by the c library. MODE=tiny is now tinier and we now use smaller locks that are better for tiny apps in this mode. Some headers have been renamed to be in the same folder as the build package, so it'll be easier to know which build dependency is needed. Certain old misguided interfaces have been removed. Intel intrinsics headers are now listed in libc/isystem (but not in the amalgamation) to help further improve open source compatibility. Header complexity has also been reduced. Lastly, more shell scripts are now available.
2022-09-13 06:10:38 +00:00
if (_endswith(zpath, ".com.dbg")) return;
Make build hermetic without shell scripts - Fix some minor issues in ar.com - Have execve() look for `ape` command - Rewrite NT paths using /c/ rather /??/c:/ - Replace broken GCC symlinks with .sym files - Rewrite $PATH environment variables on startup - Make $(APE_NO_MODIFY_SELF) the default bootloader - Add all build command dependencies to build/bootstrap - Get the repository mostly building from source on non-Linux
2022-05-25 18:31:08 +00:00
close(zfd);
Make more threading improvements - ASAN memory morgue is now lockless - Make C11 atomics header more portable - Rewrote pthread keys support to be lockless - Simplify Python's unicode table unpacking code - Make crash report write(2) closer to being atomic - Make it possible to strace/ftrace a single thread - ASAN now checks nul-terminated strings fast and properly - Windows fork() now restores TLS memory of calling thread
2022-11-02 05:36:03 +00:00
ft = ftrace_enabled(0);
Make build hermetic without shell scripts - Fix some minor issues in ar.com - Have execve() look for `ape` command - Rewrite NT paths using /c/ rather /??/c:/ - Replace broken GCC symlinks with .sym files - Rewrite $PATH environment variables on startup - Make $(APE_NO_MODIFY_SELF) the default bootloader - Add all build command dependencies to build/bootstrap - Get the repository mostly building from source on non-Linux
2022-05-25 18:31:08 +00:00
if ((zfd = OpenExecutable()) == -1) {
Redbean report write lock failure (#450) This change updates redbean to report a non-writable path when using StoreAsset, instead of crashing the worker.
2022-06-27 04:16:13 +00:00
WARNF("(srvr) can't open executable for modification: %m");
Make build hermetic without shell scripts - Fix some minor issues in ar.com - Have execve() look for `ape` command - Rewrite NT paths using /c/ rather /??/c:/ - Replace broken GCC symlinks with .sym files - Rewrite $PATH environment variables on startup - Make $(APE_NO_MODIFY_SELF) the default bootloader - Add all build command dependencies to build/bootstrap - Get the repository mostly building from source on non-Linux
2022-05-25 18:31:08 +00:00
}
if (ft > 0) {
__ftrace = 0;
ftrace_install();
Make more threading improvements - ASAN memory morgue is now lockless - Make C11 atomics header more portable - Rewrote pthread keys support to be lockless - Simplify Python's unicode table unpacking code - Make crash report write(2) closer to being atomic - Make it possible to strace/ftrace a single thread - ASAN now checks nul-terminated strings fast and properly - Windows fork() now restores TLS memory of calling thread
2022-11-02 05:36:03 +00:00
ftrace_enabled(ft);
Make major improvements to redbean and libraries The most exciting improvement is dynamic pages will soon be able to use the executable itself as an object store. it required a heroic technique for overcoming ETXTBSY restrictions which lets us open the executable in read/write mode, which means (1) wa can restore the APE header, and (2) we can potentially containerize redbean extension code so that modules you download for your redbean online will only impact your redbean. Here's a list of breaking changes to redbean: - Remove /tool/net/ prefix from magic ZIP paths - GetHeader() now returns NIL if header is absent Here's a list of fixes and enhancements to redbean: - Support 64-bit ZIP archives - Record User-Agent header in logs - Add twelve error handlers to accept() - Display octal st_mode on listing page - Show ZIP file comments on listing page - Restore APE MZ header on redbean startup - Track request count on redbean index page - Report server uptime on redbean index page - Don't bind server socket using SO_REUSEPORT - Fix #151 where Lua LoadAsset() could free twice - Report rusage accounting when workers exit w/ -vv - Use ZIP iattr field as text/plain vs. binary hint - Add ParseUrl() API for parsing things like a.href - Add ParseParams() API for parsing HTTP POST bodies - Add IsAcceptablePath() API for checking dots, etc. - Add IsValidHttpToken() API for validating sane ASCII - Add IsAcceptableHostPort() for validating HOST[:PORT] - Send 400 response to HTTP/1.1 requests without a Host - Send 403 response if ZIP or file isn't other readable - Add virtual hosting that tries prepending Host to path - Route requests based on Host in Request-URI if present - Host routing will attempt to remove or add the www. prefix - Sign-extend UNIX timestamps and don't adjust FileTime zone Here's some of the improvements made to Cosmopolitan Libc: - Fix ape.S indentation - Improve consts.sh magnums - Write pretty good URL parser - Improve rusage accounting apis - Bring mremap() closer to working - Added ZIP APIs which will change - Check for overflow in reallocarray() - Remove overly fancy linkage in strerror() - Fix GDB attach on crash w/ OpenBSD msyscall() - Make sigqueue() portable to most UNIX distros - Make integer serialization macros more elegant - Bring back 34x tprecode8to16() performance boost - Make malloc() more resilient to absurdly large sizes
2021-04-18 18:34:59 +00:00
}
}
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
static int HandleReadline(void) {
int status;
Make improvements - Add GetCpuCount() API to redbean - Add unix.gmtime() API to redbean - Add unix.readlink() API to redbean - Add unix.localtime() API to redbean - Perfect the new redbean UNIX module APIs - Integrate with Linux clock_gettime() vDSO - Run Lua garbage collector when malloc() fails - Fix another regression quirk with linenoise repl - Fix GetProgramExecutableName() for systemwide installs - Fix a build flake with test/libc/mem/test.mk SRCS list
2022-04-26 04:16:05 +00:00
lua_State *L = GL;
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
for (;;) {
Make improvements - Add GetCpuCount() API to redbean - Add unix.gmtime() API to redbean - Add unix.readlink() API to redbean - Add unix.localtime() API to redbean - Perfect the new redbean UNIX module APIs - Integrate with Linux clock_gettime() vDSO - Run Lua garbage collector when malloc() fails - Fix another regression quirk with linenoise repl - Fix GetProgramExecutableName() for systemwide installs - Fix a build flake with test/libc/mem/test.mk SRCS list
2022-04-26 04:16:05 +00:00
status = lua_loadline(L);
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
if (status < 0) {
if (status == -1) {
OnTerm(SIGHUP); // eof
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
VERBOSEF("(repl) eof");
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
return -1;
} else if (errno == EINTR) {
errno = 0;
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
VERBOSEF("(repl) interrupt");
Let ctrl-c interrupt lua server pages in repl mode
2022-05-14 18:47:16 +00:00
shutdownsig = SIGINT;
OnInt(SIGINT);
kill(0, SIGINT);
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
return -1;
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
} else if (errno == EAGAIN) {
errno = 0;
return 0;
} else {
Redbean report write lock failure (#450) This change updates redbean to report a non-writable path when using StoreAsset, instead of crashing the worker.
2022-06-27 04:16:13 +00:00
WARNF("(srvr) unexpected terminal error %d% m", status);
Make fixes and improvements - Document more compiler flags - Expose new __print_maps() api - Better overflow checking in mmap() - Improve the shell example somewhat - Fix minor runtime bugs regarding stacks - Make kill() on fork()+execve()'d children work - Support CLONE_CHILD_CLEARTID for proper joining - Fix recent possible deadlock regression with --ftrace
2022-05-19 23:57:49 +00:00
errno = 0;
return 0;
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
}
}
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
DisableRawMode();
Strengthen the pledge() polyfill
2022-06-27 20:01:58 +00:00
lua_repl_lock();
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
if (status == LUA_OK) {
Make improvements - Add GetCpuCount() API to redbean - Add unix.gmtime() API to redbean - Add unix.readlink() API to redbean - Add unix.localtime() API to redbean - Perfect the new redbean UNIX module APIs - Integrate with Linux clock_gettime() vDSO - Run Lua garbage collector when malloc() fails - Fix another regression quirk with linenoise repl - Fix GetProgramExecutableName() for systemwide installs - Fix a build flake with test/libc/mem/test.mk SRCS list
2022-04-26 04:16:05 +00:00
status = lua_runchunk(L, 0, LUA_MULTRET);
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
}
if (status == LUA_OK) {
Make improvements - Add GetCpuCount() API to redbean - Add unix.gmtime() API to redbean - Add unix.readlink() API to redbean - Add unix.localtime() API to redbean - Perfect the new redbean UNIX module APIs - Integrate with Linux clock_gettime() vDSO - Run Lua garbage collector when malloc() fails - Fix another regression quirk with linenoise repl - Fix GetProgramExecutableName() for systemwide installs - Fix a build flake with test/libc/mem/test.mk SRCS list
2022-04-26 04:16:05 +00:00
LuaPrint(L);
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
} else {
Make improvements - Add GetCpuCount() API to redbean - Add unix.gmtime() API to redbean - Add unix.readlink() API to redbean - Add unix.localtime() API to redbean - Perfect the new redbean UNIX module APIs - Integrate with Linux clock_gettime() vDSO - Run Lua garbage collector when malloc() fails - Fix another regression quirk with linenoise repl - Fix GetProgramExecutableName() for systemwide installs - Fix a build flake with test/libc/mem/test.mk SRCS list
2022-04-26 04:16:05 +00:00
lua_report(L, status);
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
}
Strengthen the pledge() polyfill
2022-06-27 20:01:58 +00:00
lua_repl_unlock();
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
EnableRawMode();
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
}
}
static int HandlePoll(int ms) {
int rc, nfds;
size_t pollid, serverid;
if ((nfds = poll(polls, 1 + servers.n, ms)) != -1) {
if (nfds) {
// handle pollid/o events
for (pollid = 0; pollid < 1 + servers.n; ++pollid) {
if (!polls[pollid].revents) continue;
if (polls[pollid].fd < 0) continue;
if (polls[pollid].fd) {
// handle listen socket
Strengthen the pledge() polyfill
2022-06-27 20:01:58 +00:00
lua_repl_lock();
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
serverid = pollid - 1;
assert(0 <= serverid && serverid < servers.n);
serveraddr = &servers.p[serverid].addr;
ishandlingconnection = true;
rc = HandleConnection(serverid);
ishandlingconnection = false;
Strengthen the pledge() polyfill
2022-06-27 20:01:58 +00:00
lua_repl_unlock();
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
if (rc == -1) return -1;
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
#ifndef STATIC
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
} else {
// handle standard input
rc = HandleReadline();
if (rc == -1) return rc;
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
#endif
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
}
}
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
#ifndef STATIC
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
} else if (__replmode) {
// handle refresh repl line
if (!IsWindows()) {
rc = HandleReadline();
if (rc < 0) return rc;
} else {
Make more threading improvements - ASAN memory morgue is now lockless - Make C11 atomics header more portable - Rewrote pthread keys support to be lockless - Simplify Python's unicode table unpacking code - Make crash report write(2) closer to being atomic - Make it possible to strace/ftrace a single thread - ASAN now checks nul-terminated strings fast and properly - Windows fork() now restores TLS memory of calling thread
2022-11-02 05:36:03 +00:00
strace_enabled(-1);
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
linenoiseRefreshLine(lua_repl_linenoise);
Make more threading improvements - ASAN memory morgue is now lockless - Make C11 atomics header more portable - Rewrote pthread keys support to be lockless - Simplify Python's unicode table unpacking code - Make crash report write(2) closer to being atomic - Make it possible to strace/ftrace a single thread - ASAN now checks nul-terminated strings fast and properly - Windows fork() now restores TLS memory of calling thread
2022-11-02 05:36:03 +00:00
strace_enabled(+1);
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
}
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
#endif
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
}
} else {
if (errno == EINTR || errno == EAGAIN) {
LockInc(&shared->c.pollinterrupts);
} else if (errno == ENOMEM) {
LockInc(&shared->c.enomems);
Improve dependency generation for libcxx headers This change also updates redbean to have more informative error messages based on the ones that are actually showing up in production.
2022-05-17 18:38:35 +00:00
WARNF("(srvr) poll error: ran out of memory");
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
meltdown = true;
} else {
DIEF("(srvr) poll error: %m");
}
errno = 0;
}
return 0;
}
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
static void Listen(void) {
char ipbuf[16];
size_t i, j, n;
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
uint32_t ip, port, addrsize, *ifp;
Add OnServerListen hook to configure listen() (#459)
2022-07-08 14:17:25 +00:00
bool hasonserverlisten = IsHookDefined("OnServerListen");
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
if (!ports.n) {
ProgramPort(8080);
}
if (!ips.n) {
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
if (interfaces && *interfaces) {
for (ifp = interfaces; *ifp; ++ifp) {
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
sprintf(ipbuf, "%hhu.%hhu.%hhu.%hhu", *ifp >> 24, *ifp >> 16, *ifp >> 8,
*ifp);
ProgramAddr(ipbuf);
}
} else {
ProgramAddr("0.0.0.0");
}
}
servers.p = malloc(ips.n * ports.n * sizeof(*servers.p));
for (n = i = 0; i < ips.n; ++i) {
for (j = 0; j < ports.n; ++j, ++n) {
Make numerous improvements - Python static hello world now 1.8mb - Python static fully loaded now 10mb - Python HTTPS client now uses MbedTLS - Python REPL now completes import stmts - Increase stack size for Python for now - Begin synthesizing posixpath and ntpath - Restore Python \N{UNICODE NAME} support - Restore Python NFKD symbol normalization - Add optimized code path for Intel SHA-NI - Get more Python unit tests passing faster - Get Python help() pagination working on NT - Python hashlib now supports MbedTLS PBKDF2 - Make memcpy/memmove/memcmp/bcmp/etc. faster - Add Mersenne Twister and Vigna to LIBC_RAND - Provide privileged __printf() for error code - Fix zipos opendir() so that it reports ENOTDIR - Add basic chmod() implementation for Windows NT - Add Cosmo's best functions to Python cosmo module - Pin function trace indent depth to that of caller - Show memory diagram on invalid access in MODE=dbg - Differentiate stack overflow on crash in MODE=dbg - Add stb_truetype and tools for analyzing font files - Upgrade to UNICODE 13 and reduce its binary footprint - COMPILE.COM now logs resource usage of build commands - Start implementing basic poll() support on bare metal - Set getauxval(AT_EXECFN) to GetModuleFileName() on NT - Add descriptions to strerror() in non-TINY build modes - Add COUNTBRANCH() macro to help with micro-optimizations - Make error / backtrace / asan / memory code more unbreakable - Add fast perfect C implementation of μ-Law and a-Law audio codecs - Make strtol() functions consistent with other libc implementations - Improve Linenoise implementation (see also github.com/jart/bestline) - COMPILE.COM now suppresses stdout/stderr of successful build commands
2021-09-28 05:58:51 +00:00
bzero(servers.p + n, sizeof(*servers.p));
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
servers.p[n].addr.sin_family = AF_INET;
servers.p[n].addr.sin_port = htons(ports.p[j]);
servers.p[n].addr.sin_addr.s_addr = htonl(ips.p[i]);
Refactor out some duplicated code
2021-08-14 13:17:56 +00:00
if ((servers.p[n].fd = GoodSocket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC,
IPPROTO_TCP, true, &timeout)) == -1) {
Redbean log improvements (#256) * Update log level for redbean messages for better log content * Add categories to redbean log messages * Reorganize Lua error logging for consistency * Replace perror logging with FATALF * Update server failure reporting to better identify response code * Replace `flogf` with DIEF logging for consistency
2021-08-22 22:01:52 +00:00
DIEF("(srvr) socket: %m");
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
}
Add OnServerListen hook to configure listen() (#459)
2022-07-08 14:17:25 +00:00
if (hasonserverlisten &&
LuaOnServerListen(servers.p[n].fd, ips.p[i], ports.p[j])) {
Redbean fix listen leak (#470) * Fix release of resources allocated to skipped sockets * Update log messages for consistency
2022-07-09 19:16:44 +00:00
close(servers.p[n].fd);
Add OnServerListen hook to configure listen() (#459)
2022-07-08 14:17:25 +00:00
n--; // skip this server instance
continue;
}
Improve cosmo's conformance to libc-test This change addresses various open source compatibility issues, so that we pass 313/411 of the tests in https://github.com/jart/libc-test where earlier today we were passing about 30/411 of them, due to header toil. Please note that Glibc only passes 341/411 so 313 today is pretty good! - Make the conformance of libc/isystem/ headers nearly perfect - Import more of the remaining math library routines from Musl - Fix inconsistencies with type signatures of calls like umask - Write tests for getpriority/setpriority which work great now - conform to `struct sockaddr *` on remaining socket functions - Import a bunch of uninteresting stdlib functions e.g. rand48 - Introduce readdir_r, scandir, pthread_kill, sigsetjmp, etc.. Follow the instructions in our `tool/scripts/cosmocc` toolchain to run these tests yourself. You use `make CC=cosmocc` on the test repository
2022-10-11 00:52:41 +00:00
if (bind(servers.p[n].fd, (struct sockaddr *)&servers.p[n].addr,
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
sizeof(servers.p[n].addr)) == -1) {
Fix redbean build Also ran clang-format on redbean.c See #312 and #321
2021-11-13 00:34:18 +00:00
DIEF("(srvr) bind error: %m: %hhu.%hhu.%hhu.%hhu:%hu", ips.p[i] >> 24,
ips.p[i] >> 16, ips.p[i] >> 8, ips.p[i], ports.p[j]);
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
}
if (listen(servers.p[n].fd, 10) == -1) {
Improve error messages for consistency (#297)
2021-10-25 21:44:04 +00:00
DIEF("(srvr) listen error: %m");
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
}
addrsize = sizeof(servers.p[n].addr);
Improve cosmo's conformance to libc-test This change addresses various open source compatibility issues, so that we pass 313/411 of the tests in https://github.com/jart/libc-test where earlier today we were passing about 30/411 of them, due to header toil. Please note that Glibc only passes 341/411 so 313 today is pretty good! - Make the conformance of libc/isystem/ headers nearly perfect - Import more of the remaining math library routines from Musl - Fix inconsistencies with type signatures of calls like umask - Write tests for getpriority/setpriority which work great now - conform to `struct sockaddr *` on remaining socket functions - Import a bunch of uninteresting stdlib functions e.g. rand48 - Introduce readdir_r, scandir, pthread_kill, sigsetjmp, etc.. Follow the instructions in our `tool/scripts/cosmocc` toolchain to run these tests yourself. You use `make CC=cosmocc` on the test repository
2022-10-11 00:52:41 +00:00
if (getsockname(servers.p[n].fd, (struct sockaddr *)&servers.p[n].addr,
&addrsize) == -1) {
Improve error messages for consistency (#297)
2021-10-25 21:44:04 +00:00
DIEF("(srvr) getsockname error: %m");
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
}
port = ntohs(servers.p[n].addr.sin_port);
ip = ntohl(servers.p[n].addr.sin_addr.s_addr);
if (ip == INADDR_ANY) ip = INADDR_LOOPBACK;
Decentralize Python native module linkage We can now link even smaller Python binaries. For example, the hello.com program in the Python build directory is a compiled linked executable of hello.py which just prints hello world. Using decentralized sections, we can make that binary 1.9mb in size (noting that python.com is 6.3 megs!) This works for nontrivial programs too. For example, say we want an APE binary that's equivalent to python.com -m http.server. Our makefile now builds such a binary using the new launcher and it's only 3.2mb in size since Python sources get turned into ELF objects, which tell our linker that we need things like native hashing algorithm code.
2021-09-07 18:40:11 +00:00
INFOF("(srvr) listen http://%hhu.%hhu.%hhu.%hhu:%d", ip >> 24, ip >> 16,
ip >> 8, ip, port);
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
if (printport && !ports.p[j]) {
Add seccomp bpf sandboxing to redbean It's now possible to pass the `-S` or `-SS` flags to sandbox redbean worker proecsses after they've been forked. The first `-S` flag is intended to be a permissive builtin policy that limits system calls to only that which the various parts of redbean serving need. The second `-SS` flag is intended to be more restrictive, preventing things like the Lua extensions you download off the web from using the HTTP client or sockets APIs. In upcoming changes you'll be able to implement your own Berkeley Packet Filter sandbox programs and load them via Lua.
2022-04-18 15:54:42 +00:00
printf("%d\r\n", port);
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
fflush(stdout);
}
}
}
Redbean fix listen leak (#470) * Fix release of resources allocated to skipped sockets * Update log messages for consistency
2022-07-09 19:16:44 +00:00
// shrink allocated memory in case some of the sockets were skipped
Bump redbean up to 2.0.10
2022-07-10 00:26:23 +00:00
if (n < ips.n * ports.n)
servers.p = realloc(servers.p, n * sizeof(*servers.p));
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
servers.n = n;
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
polls = malloc((1 + n) * sizeof(*polls));
polls[0].fd = -1;
polls[0].events = POLLIN;
polls[0].revents = 0;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
for (i = 0; i < n; ++i) {
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
polls[1 + i].fd = servers.p[i].fd;
polls[1 + i].events = POLLIN;
polls[1 + i].revents = 0;
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
}
}
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
static void HandleShutdown(void) {
CloseServerFds();
Improve signals and memory protection - Document sigaction() - Simplify New Technology fork() code - Testing and many bug fixes for mprotect() - Distribute Intel Xed ILD in the amalgamation - Turn Xed enums into defines to avoid DWARF bloat - Improve polyfilling of SA_SIGINFO on BSDs and fix bugs - setpgid(getpid(), getpid()) on Windows will ignore CTRL-C - Work around issues relating to NT mappings being executable - Permit automatic executable stack override via `ape_stack_pf`
2022-04-13 05:11:00 +00:00
INFOF("(srvr) received %s", strsignal(shutdownsig));
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
if (shutdownsig != SIGINT && shutdownsig != SIGQUIT) {
Improve signals and memory protection - Document sigaction() - Simplify New Technology fork() code - Testing and many bug fixes for mprotect() - Distribute Intel Xed ILD in the amalgamation - Turn Xed enums into defines to avoid DWARF bloat - Improve polyfilling of SA_SIGINFO on BSDs and fix bugs - setpgid(getpid(), getpid()) on Windows will ignore CTRL-C - Work around issues relating to NT mappings being executable - Permit automatic executable stack override via `ape_stack_pf`
2022-04-13 05:11:00 +00:00
if (!killed) terminated = false;
INFOF("(srvr) killing process group");
KillGroup();
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
}
WaitAll();
Improve Redbean shutdown (#506) * Update redbean shutdown to call OnServerStop when all shutdown/logging is done * Move closing file descriptors during daemonization earlier This should fix using opened file descriptors, for example, SQLite DB files and redbean itself when StoreAsset is used. Fixes #182. * Move opening logs earlier to capture logs from Listen and .init.lua * Move pidpath handling outside of daemonize, as it can be used independently
2022-07-24 01:58:31 +00:00
INFOF("(srvr) shutdown complete");
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
}
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
// this function coroutines with linenoise
Add .PLEDGE/.CPU/.MEMORY/etc. to Landlock Make 1.2
2022-08-15 03:16:44 +00:00
int EventLoop(int ms) {
Avoid long double timestamps in redbean
2022-08-06 02:24:05 +00:00
struct timespec t;
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
DEBUGF("(repl) event loop");
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
while (!terminated) {
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
errno = 0;
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
if (zombied) {
Strengthen the pledge() polyfill
2022-06-27 20:01:58 +00:00
lua_repl_lock();
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
ReapZombies();
Strengthen the pledge() polyfill
2022-06-27 20:01:58 +00:00
lua_repl_unlock();
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
} else if (invalidated) {
Strengthen the pledge() polyfill
2022-06-27 20:01:58 +00:00
lua_repl_lock();
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
HandleReload();
Strengthen the pledge() polyfill
2022-06-27 20:01:58 +00:00
lua_repl_unlock();
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
invalidated = false;
} else if (meltdown) {
Strengthen the pledge() polyfill
2022-06-27 20:01:58 +00:00
lua_repl_lock();
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
EnterMeltdownMode();
Strengthen the pledge() polyfill
2022-06-27 20:01:58 +00:00
lua_repl_unlock();
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
meltdown = false;
Improve cancellations, randomness, and time - Exhaustively document cancellation points - Rename SIGCANCEL to SIGTHR just like BSDs - Further improve POSIX thread cancellations - Ensure asynchronous cancellations work correctly - Elevate the quality of getrandom() and getentropy() - Make futexes cancel correctly on OpenBSD 6.x and 7.x - Add reboot.com and shutdown.com to examples directory - Remove underscore prefix from awesome timespec_*() APIs - Create assertions that help verify our cancellation points - Remove bad timespec APIs (cmp generalizes eq/ne/gt/gte/lt/lte)
2022-11-06 02:49:41 +00:00
} else if (timespec_cmp(timespec_sub((t = timespec_real()), lastheartbeat),
heartbeatinterval) >= 0) {
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
lastheartbeat = t;
HandleHeartbeat();
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
} else if (HandlePoll(ms) == -1) {
break;
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
}
}
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
return -1;
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
}
static void ReplEventLoop(void) {
Make improvements - Add GetCpuCount() API to redbean - Add unix.gmtime() API to redbean - Add unix.readlink() API to redbean - Add unix.localtime() API to redbean - Perfect the new redbean UNIX module APIs - Integrate with Linux clock_gettime() vDSO - Run Lua garbage collector when malloc() fails - Fix another regression quirk with linenoise repl - Fix GetProgramExecutableName() for systemwide installs - Fix a build flake with test/libc/mem/test.mk SRCS list
2022-04-26 04:16:05 +00:00
lua_State *L = GL;
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
DEBUGF("ReplEventLoop()");
Disable redbean repl on windows
2022-04-17 06:46:16 +00:00
polls[0].fd = 0;
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
lua_repl_completions_callback = HandleCompletions;
Make improvements - Add GetCpuCount() API to redbean - Add unix.gmtime() API to redbean - Add unix.readlink() API to redbean - Add unix.localtime() API to redbean - Perfect the new redbean UNIX module APIs - Integrate with Linux clock_gettime() vDSO - Run Lua garbage collector when malloc() fails - Fix another regression quirk with linenoise repl - Fix GetProgramExecutableName() for systemwide installs - Fix a build flake with test/libc/mem/test.mk SRCS list
2022-04-26 04:16:05 +00:00
lua_initrepl(L, "redbean");
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
EnableRawMode();
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
EventLoop(100);
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
DisableRawMode();
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
lua_freerepl();
Make improvements - Add GetCpuCount() API to redbean - Add unix.gmtime() API to redbean - Add unix.readlink() API to redbean - Add unix.localtime() API to redbean - Perfect the new redbean UNIX module APIs - Integrate with Linux clock_gettime() vDSO - Run Lua garbage collector when malloc() fails - Fix another regression quirk with linenoise repl - Fix GetProgramExecutableName() for systemwide installs - Fix a build flake with test/libc/mem/test.mk SRCS list
2022-04-26 04:16:05 +00:00
lua_settop(L, 0); // clear stack
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
polls[0].fd = -1;
}
Make _Thread_local work across platforms We now rewrite the binary image at runtime on Windows and XNU to change mov %fs:0,%reg instructions to use %gs instead. There's also simpler threading API introduced by this change and it's called _spawn() and _join(), which has replaced most clone() usage.
2022-07-10 11:01:17 +00:00
static int WindowsReplThread(void *arg, int tid) {
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
int sig;
Make improvements - Add GetCpuCount() API to redbean - Add unix.gmtime() API to redbean - Add unix.readlink() API to redbean - Add unix.localtime() API to redbean - Perfect the new redbean UNIX module APIs - Integrate with Linux clock_gettime() vDSO - Run Lua garbage collector when malloc() fails - Fix another regression quirk with linenoise repl - Fix GetProgramExecutableName() for systemwide installs - Fix a build flake with test/libc/mem/test.mk SRCS list
2022-04-26 04:16:05 +00:00
lua_State *L = GL;
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
DEBUGF("(repl) started windows thread");
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
lua_repl_blocking = true;
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
lua_repl_completions_callback = HandleCompletions;
Make improvements - Add GetCpuCount() API to redbean - Add unix.gmtime() API to redbean - Add unix.readlink() API to redbean - Add unix.localtime() API to redbean - Perfect the new redbean UNIX module APIs - Integrate with Linux clock_gettime() vDSO - Run Lua garbage collector when malloc() fails - Fix another regression quirk with linenoise repl - Fix GetProgramExecutableName() for systemwide installs - Fix a build flake with test/libc/mem/test.mk SRCS list
2022-04-26 04:16:05 +00:00
lua_initrepl(L, "redbean");
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
EnableRawMode();
while (!terminated) {
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
if (HandleReadline() == -1) {
break;
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
}
}
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
DisableRawMode();
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
lua_freerepl();
Strengthen the pledge() polyfill
2022-06-27 20:01:58 +00:00
lua_repl_lock();
Make improvements - Add GetCpuCount() API to redbean - Add unix.gmtime() API to redbean - Add unix.readlink() API to redbean - Add unix.localtime() API to redbean - Perfect the new redbean UNIX module APIs - Integrate with Linux clock_gettime() vDSO - Run Lua garbage collector when malloc() fails - Fix another regression quirk with linenoise repl - Fix GetProgramExecutableName() for systemwide installs - Fix a build flake with test/libc/mem/test.mk SRCS list
2022-04-26 04:16:05 +00:00
lua_settop(L, 0); // clear stack
Strengthen the pledge() polyfill
2022-06-27 20:01:58 +00:00
lua_repl_unlock();
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
if ((sig = linenoiseGetInterrupt())) {
raise(sig);
}
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
DEBUGF("(repl) terminating windows thread");
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
return 0;
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
}
Make improvements - Get threads working on NetBSD - Get threads working on OpenBSD - Fix Emacs config for Emacs v28 - Improve --strace logging of sigset_t - Improve --strace logging of struct stat - Improve memory safety of DescribeThing functions - Refactor auto stack allocation into LIBC_RUNTIME - Introduce shell.com example which works on Windows - Refactor __strace_thing into DescribeThing functions - Document the CHECK macros and improve them in NDEBUG mode - Rewrite MAP_STACK so it uses FreeBSD behavior across platforms - Deprecate and discourage the use of MAP_GROWSDOWN (it's weird)
2022-05-12 13:43:59 +00:00
static void InstallSignalHandler(int sig, void *handler) {
struct sigaction sa = {.sa_sigaction = handler};
CHECK_NE(-1, sigaction(sig, &sa, 0));
}
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
static void SigInit(void) {
Make improvements - Get threads working on NetBSD - Get threads working on OpenBSD - Fix Emacs config for Emacs v28 - Improve --strace logging of sigset_t - Improve --strace logging of struct stat - Improve memory safety of DescribeThing functions - Refactor auto stack allocation into LIBC_RUNTIME - Introduce shell.com example which works on Windows - Refactor __strace_thing into DescribeThing functions - Document the CHECK macros and improve them in NDEBUG mode - Rewrite MAP_STACK so it uses FreeBSD behavior across platforms - Deprecate and discourage the use of MAP_GROWSDOWN (it's weird)
2022-05-12 13:43:59 +00:00
InstallSignalHandler(SIGINT, OnInt);
InstallSignalHandler(SIGHUP, OnHup);
InstallSignalHandler(SIGTERM, OnTerm);
InstallSignalHandler(SIGCHLD, OnChld);
InstallSignalHandler(SIGUSR1, OnUsr1);
InstallSignalHandler(SIGUSR2, OnUsr2);
InstallSignalHandler(SIGPIPE, SIG_IGN);
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
}
static void TlsInit(void) {
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
#ifndef UNSECURE
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
int suite;
Make some systemic improvements - add vdso dump utility - tests now log stack usage - rename g_ftrace to __ftrace - make internal spinlocks go faster - add conformant c11 atomics library - function tracing now logs stack usage - make function call tracing thread safe - add -X unsecure (no ssl) mode to redbean - munmap() has more consistent behavior now - pacify fsync() calls on python unit tests - make --strace flag work better in redbean - start minimizing and documenting compiler flags
2022-05-18 23:41:29 +00:00
if (unsecure) return;
Redbean SSL identification (#360) * Let Fetch() be used earlier in initialization * Have ssl log messages show cert name * Introduce GetSslIdentity Lua API
2022-03-15 00:11:05 +00:00
Fix stdio regression This change fixes a nasty regression caused by 80b211e314512fc8dd77159ac162bcc13cd89c08 which deadlocked. This change also causes MbedTLS to prefer the ChaCha ciphersuite on older CPUs that don't have AES hardware instructions.
2022-05-19 07:34:15 +00:00
if (suiteb && !X86_HAVE(AES)) {
Redbean report write lock failure (#450) This change updates redbean to report a non-writable path when using StoreAsset, instead of crashing the worker.
2022-06-27 04:16:13 +00:00
WARNF("(srvr) requested suite b crypto, but aes-ni is not present");
Fix stdio regression This change fixes a nasty regression caused by 80b211e314512fc8dd77159ac162bcc13cd89c08 which deadlocked. This change also causes MbedTLS to prefer the ChaCha ciphersuite on older CPUs that don't have AES hardware instructions.
2022-05-19 07:34:15 +00:00
}
Redbean SSL identification (#360) * Let Fetch() be used earlier in initialization * Have ssl log messages show cert name * Introduce GetSslIdentity Lua API
2022-03-15 00:11:05 +00:00
if (!sslinitialized) {
InitializeRng(&rng);
InitializeRng(&rngcli);
suite = suiteb ? MBEDTLS_SSL_PRESET_SUITEB : MBEDTLS_SSL_PRESET_SUITEC;
mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_STREAM, suite);
mbedtls_ssl_config_defaults(&confcli, MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM, suite);
}
// the following setting can be re-applied even when SSL/TLS is initialized
Make redbean SSL more tunable This change enables SSL compression. It significantly reduces the network load of the testing infrastructure, for free, since this revision didn't need to change any runit protocol code. However we turn it off by default in redbean since no browsers support it. It turns out that some TLSv1.0 clients (e.g. curl command on RHEL5) will send an SSLv2-style ClientHello. These types of clients are usually ten+ years old and were designed to interop with servers ten years older than them. Your redbean is now able to interop with these clients even though redbean doesn't actually support SSLv2 or SSLv3. Please note that the -B flag may be passed to disable this along with TLSv1.0, TLSv1.1, 3DES, &c The following Lua APIs have been added to redbean: - ProgramSslCompression(bool) - ProgramSslCiphersuite(name:str) - ProgramSslPresharedKey(key:str,identity:str) Lastly the DHE ciphersuites have been enabled. IANA recommends DHE and with old clients like RHEL5 it's the only perfect forward secrecy they implement.
2021-08-09 14:00:23 +00:00
if (suites.n) {
mbedtls_ssl_conf_ciphersuites(&conf, suites.p);
mbedtls_ssl_conf_ciphersuites(&confcli, suites.p);
}
if (psks.n) {
mbedtls_ssl_conf_psk_cb(&conf, TlsRoutePsk, 0);
DCHECK_EQ(0,
mbedtls_ssl_conf_psk(&confcli, psks.p[0].key, psks.p[0].key_len,
psks.p[0].identity, psks.p[0].identity_len));
}
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
if (sslticketlifetime > 0) {
mbedtls_ssl_ticket_setup(&ssltick, mbedtls_ctr_drbg_random, &rng,
MBEDTLS_CIPHER_AES_256_GCM, sslticketlifetime);
mbedtls_ssl_conf_session_tickets_cb(&conf, mbedtls_ssl_ticket_write,
mbedtls_ssl_ticket_parse, &ssltick);
}
Redbean SSL identification (#360) * Let Fetch() be used earlier in initialization * Have ssl log messages show cert name * Introduce GetSslIdentity Lua API
2022-03-15 00:11:05 +00:00
if (sslinitialized) return;
sslinitialized = true;
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
LoadCertificates();
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
mbedtls_ssl_conf_sni(&conf, TlsRoute, 0);
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
mbedtls_ssl_conf_dbg(&conf, TlsDebug, 0);
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
mbedtls_ssl_conf_dbg(&confcli, TlsDebug, 0);
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &rng);
Add HTTP/HTTPS Fetch() API to redbean You can now say the following in your redbean Lua code: status,headers,payload = Fetch("https://foo.example") The following Lua APIs have been introduced: - Fetch(str) → str,{str:str},str - GetHttpReason(int) → str - GetHttpReason(int) → str - ProgramSslFetchVerify(bool) - ProgramSslClientVerify(bool) The following flags have been introduced: - `-j` enables client SSL verification - `-k` disables Fetch() SSL verification - `-t INT` may now be passed a negative value for keepalive Lua exceptions now invoke Cosmopolitan's garbage collector when unwinding the stack. So it's now safe to use _gc() w/ Lua 𝔱𝔥𝔯𝔬𝔴 See #97
2021-07-08 04:44:27 +00:00
mbedtls_ssl_conf_rng(&confcli, mbedtls_ctr_drbg_random, &rngcli);
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
if (sslclientverify) {
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
mbedtls_ssl_conf_ca_chain(&conf, GetSslRoots(), 0);
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED);
}
if (sslfetchverify) {
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
mbedtls_ssl_conf_ca_chain(&confcli, GetSslRoots(), 0);
Add SNI support to redbean and improve SSL perf This change makes SSL virtual hosting possible. You can now load multiple certificates for multiple domains and redbean will just figure out which one to use, even if you only have 1 ip address. You can also use a jumbo certificate that lists all your domains in the the subject alternative names. This change also makes performance improvements to MbedTLS. Here are some benchmarks vs. cc1920749eb81f346badaf55fbf79620cb718a55 BEFORE AFTER (microsecs) suite_ssl.com 2512881 191738 13.11x faster suite_pkparse.com 36291 3295 11.01x faster suite_x509parse.com 854669 120293 7.10x faster suite_pkwrite.com 6549 1265 5.18x faster suite_ecdsa.com 53347 18778 2.84x faster suite_pk.com 49051 18717 2.62x faster suite_ecdh.com 19535 9502 2.06x faster suite_shax.com 15848 7965 1.99x faster suite_rsa.com 353257 184828 1.91x faster suite_x509write.com 162646 85733 1.90x faster suite_ecp.com 20503 11050 1.86x faster suite_hmac_drbg.no_reseed.com 19528 11417 1.71x faster suite_hmac_drbg.nopr.com 12460 8010 1.56x faster suite_mpi.com 687124 442661 1.55x faster suite_hmac_drbg.pr.com 11890 7752 1.53x faster There aren't any special tricks to the performance imporvements. It's mostly due to code cleanup, assembly and intel instructions like mulx, adox, and adcx.
2021-07-19 21:55:20 +00:00
mbedtls_ssl_conf_authmode(&confcli, MBEDTLS_SSL_VERIFY_REQUIRED);
} else {
mbedtls_ssl_conf_authmode(&confcli, MBEDTLS_SSL_VERIFY_NONE);
}
Make slight SSL performance improvements
2021-07-09 04:54:21 +00:00
mbedtls_ssl_set_bio(&ssl, &g_bio, TlsSend, 0, TlsRecv);
Make redbean SSL more tunable This change enables SSL compression. It significantly reduces the network load of the testing infrastructure, for free, since this revision didn't need to change any runit protocol code. However we turn it off by default in redbean since no browsers support it. It turns out that some TLSv1.0 clients (e.g. curl command on RHEL5) will send an SSLv2-style ClientHello. These types of clients are usually ten+ years old and were designed to interop with servers ten years older than them. Your redbean is now able to interop with these clients even though redbean doesn't actually support SSLv2 or SSLv3. Please note that the -B flag may be passed to disable this along with TLSv1.0, TLSv1.1, 3DES, &c The following Lua APIs have been added to redbean: - ProgramSslCompression(bool) - ProgramSslCiphersuite(name:str) - ProgramSslPresharedKey(key:str,identity:str) Lastly the DHE ciphersuites have been enabled. IANA recommends DHE and with old clients like RHEL5 it's the only perfect forward secrecy they implement.
2021-08-09 14:00:23 +00:00
conf.disable_compression = confcli.disable_compression = true;
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
DCHECK_EQ(0, mbedtls_ssl_conf_alpn_protocols(&conf, kAlpn));
DCHECK_EQ(0, mbedtls_ssl_conf_alpn_protocols(&confcli, kAlpn));
DCHECK_EQ(0, mbedtls_ssl_setup(&ssl, &conf));
DCHECK_EQ(0, mbedtls_ssl_setup(&sslcli, &confcli));
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
#endif
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
}
static void TlsDestroy(void) {
#ifndef UNSECURE
Make some systemic improvements - add vdso dump utility - tests now log stack usage - rename g_ftrace to __ftrace - make internal spinlocks go faster - add conformant c11 atomics library - function tracing now logs stack usage - make function call tracing thread safe - add -X unsecure (no ssl) mode to redbean - munmap() has more consistent behavior now - pacify fsync() calls on python unit tests - make --strace flag work better in redbean - start minimizing and documenting compiler flags
2022-05-18 23:41:29 +00:00
if (unsecure) return;
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
mbedtls_ssl_free(&ssl);
mbedtls_ssl_free(&sslcli);
mbedtls_ctr_drbg_free(&rng);
mbedtls_ctr_drbg_free(&rngcli);
mbedtls_ssl_config_free(&conf);
mbedtls_ssl_config_free(&confcli);
Make SSL handshakes much faster This change boosts SSL handshake performance from 2,627 to ~10,000 per second which is the same level of performance as NGINX at establishing secure connections. That's impressive if we consider that redbean is a forking frontend application server. This was accomplished by: 1. Enabling either SSL session caching or SSL tickets. We choose to use tickets since they reduce network round trips too and that's a more important metric than wrk'ing localhost. 2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called function. It's called about 12,000 times during an SSL handshake since it's the basis of most arithmetic operations like addition and for some strange reason it was designed to make two needless copies in addition to calling malloc and free. That's now fixed. 3. Improving TLS output buffering during the SSL handshake only, so that only a single is write and read system call is needed until blocking on the ping pong. redbean will now do a better job wiping sensitive memory from a child process as soon as it's not needed. The nice thing about fork is it's much faster than reverse proxying so the goal is to use the different address spaces along with setuid() to minimize the risk that a server key will be compromised in the event that application code is hacked.
2021-07-12 06:17:47 +00:00
mbedtls_ssl_ticket_free(&ssltick);
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
CertsDestroy();
PsksDestroy();
Make redbean SSL more tunable This change enables SSL compression. It significantly reduces the network load of the testing infrastructure, for free, since this revision didn't need to change any runit protocol code. However we turn it off by default in redbean since no browsers support it. It turns out that some TLSv1.0 clients (e.g. curl command on RHEL5) will send an SSLv2-style ClientHello. These types of clients are usually ten+ years old and were designed to interop with servers ten years older than them. Your redbean is now able to interop with these clients even though redbean doesn't actually support SSLv2 or SSLv3. Please note that the -B flag may be passed to disable this along with TLSv1.0, TLSv1.1, 3DES, &c The following Lua APIs have been added to redbean: - ProgramSslCompression(bool) - ProgramSslCiphersuite(name:str) - ProgramSslPresharedKey(key:str,identity:str) Lastly the DHE ciphersuites have been enabled. IANA recommends DHE and with old clients like RHEL5 it's the only perfect forward secrecy they implement.
2021-08-09 14:00:23 +00:00
Free(&suites.p), suites.n = 0;
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
#endif
}
Add storing folders in redbean from CLI (#366)
2022-03-15 00:19:31 +00:00
static void GetOpts(int argc, char *argv[]) {
int opt;
bool storeasset = false;
Ignore SIGSYS on BSD by default
2022-11-03 16:32:12 +00:00
// only generate ecp cert under blinkenlights (rsa is slow)
norsagen = IsGenuineCosmo();
Fix bugs and add security features to redbean - Fix a regression with the previous change that broke redbean - Add chroot(), resource limit, seccomp, and other stuff to redbean - Write lots and lots of documentation - Iron out more system call issues
2022-04-18 07:01:26 +00:00
while ((opt = getopt(argc, argv, GETOPTS)) != -1) {
Add storing folders in redbean from CLI (#366)
2022-03-15 00:19:31 +00:00
switch (opt) {
Add seccomp bpf sandboxing to redbean It's now possible to pass the `-S` or `-SS` flags to sandbox redbean worker proecsses after they've been forked. The first `-S` flag is intended to be a permissive builtin policy that limits system calls to only that which the various parts of redbean serving need. The second `-SS` flag is intended to be more restrictive, preventing things like the Lua extensions you download off the web from using the HTTP client or sockets APIs. In upcoming changes you'll be able to implement your own Berkeley Packet Filter sandbox programs and load them via Lua.
2022-04-18 15:54:42 +00:00
CASE('S', ++sandboxed);
Add storing folders in redbean from CLI (#366)
2022-03-15 00:19:31 +00:00
CASE('v', ++__log_level);
CASE('s', --__log_level);
Make some systemic improvements - add vdso dump utility - tests now log stack usage - rename g_ftrace to __ftrace - make internal spinlocks go faster - add conformant c11 atomics library - function tracing now logs stack usage - make function call tracing thread safe - add -X unsecure (no ssl) mode to redbean - munmap() has more consistent behavior now - pacify fsync() calls on python unit tests - make --strace flag work better in redbean - start minimizing and documenting compiler flags
2022-05-18 23:41:29 +00:00
CASE('X', unsecure = true);
Improve redbean plus code size optimizations This change turns symbol table compression back on using Puff, which noticeably reduces the size of programs like redbean and Python. The redbean web server receives some minor API additions for controlling things like SSL in addition to filling gaps in the documentation.
2022-05-29 15:14:55 +00:00
CASE('%', norsagen = true);
Fix bugs and add security features to redbean - Fix a regression with the previous change that broke redbean - Add chroot(), resource limit, seccomp, and other stuff to redbean - Write lots and lots of documentation - Iron out more system call issues
2022-04-18 07:01:26 +00:00
CASE('Z', systrace = true);
Add storing folders in redbean from CLI (#366)
2022-03-15 00:19:31 +00:00
CASE('b', logbodies = true);
CASE('z', printport = true);
CASE('d', daemonize = true);
CASE('a', logrusage = true);
Improve redbean plus code size optimizations This change turns symbol table compression back on using Puff, which noticeably reduces the size of programs like redbean and Python. The redbean web server receives some minor API additions for controlling things like SSL in addition to filling gaps in the documentation.
2022-05-29 15:14:55 +00:00
CASE('J', requiressl = true);
Add storing folders in redbean from CLI (#366)
2022-03-15 00:19:31 +00:00
CASE('u', uniprocess = true);
CASE('g', loglatency = true);
CASE('m', logmessages = true);
Add redbean -I flag for launching browser It's now possible with any redbean (including redbean-original) to launch the system web browser without having to use the Lua API. For example, you can create an args file: echo -I/ >.args zip redbean-original.com .args That will white-label redbean so it launches a specific page when you double-click on the executable. See https://github.com/jart/cosmopolitan/discussions/472
2022-07-17 13:11:13 +00:00
CASE('w', launchbrowser = strdup(optarg));
Add storing folders in redbean from CLI (#366)
2022-03-15 00:19:31 +00:00
CASE('l', ProgramAddr(optarg));
CASE('H', ProgramHeader(optarg));
CASE('L', ProgramLogPath(optarg));
CASE('P', ProgramPidPath(optarg));
CASE('D', ProgramDirectory(optarg));
CASE('U', ProgramUid(atoi(optarg)));
CASE('G', ProgramGid(atoi(optarg)));
CASE('p', ProgramPort(ParseInt(optarg)));
CASE('R', ProgramRedirectArg(0, optarg));
CASE('c', ProgramCache(ParseInt(optarg)));
CASE('r', ProgramRedirectArg(307, optarg));
CASE('t', ProgramTimeout(ParseInt(optarg)));
Add seccomp bpf sandboxing to redbean It's now possible to pass the `-S` or `-SS` flags to sandbox redbean worker proecsses after they've been forked. The first `-S` flag is intended to be a permissive builtin policy that limits system calls to only that which the various parts of redbean serving need. The second `-SS` flag is intended to be more restrictive, preventing things like the Lua extensions you download off the web from using the HTTP client or sockets APIs. In upcoming changes you'll be able to implement your own Berkeley Packet Filter sandbox programs and load them via Lua.
2022-04-18 15:54:42 +00:00
CASE('h', PrintUsage(1, EXIT_SUCCESS));
Add storing folders in redbean from CLI (#366)
2022-03-15 00:19:31 +00:00
CASE('M', ProgramMaxPayloadSize(ParseInt(optarg)));
Improve redbean plus code size optimizations This change turns symbol table compression back on using Puff, which noticeably reduces the size of programs like redbean and Python. The redbean web server receives some minor API additions for controlling things like SSL in addition to filling gaps in the documentation.
2022-05-29 15:14:55 +00:00
#if !IsTiny()
CASE('W', monitortty = optarg);
Polish redbean serialization
2022-04-29 13:06:23 +00:00
case 'f':
funtrace = true;
if (ftrace_install() == -1) {
Redbean report write lock failure (#450) This change updates redbean to report a non-writable path when using StoreAsset, instead of crashing the worker.
2022-06-27 04:16:13 +00:00
WARNF("(srvr) ftrace failed to install %m");
Polish redbean serialization
2022-04-29 13:06:23 +00:00
}
break;
Bump redbean to 2.0.9
2022-07-09 12:49:19 +00:00
#endif
#ifndef STATIC
CASE('e', LuaEvalCode(optarg));
CASE('F', LuaEvalFile(optarg));
CASE('*', selfmodifiable = true);
CASE('i', interpretermode = true);
CASE('E', leakcrashreports = true);
Fix redbean -A asset storing flag
2022-08-05 22:04:13 +00:00
case 'A':
if (!storeasset) {
storeasset = true;
MakeExecutableModifiable();
}
StorePath(optarg);
break;
Bump redbean to 2.0.9
2022-07-09 12:49:19 +00:00
#endif
#ifndef UNSECURE
CASE('B', suiteb = true);
CASE('V', ++mbedtls_debug_threshold);
CASE('k', sslfetchverify = false);
CASE('j', sslclientverify = true);
CASE('T', ProgramSslTicketLifetime(ParseInt(optarg)));
CASE('C', ProgramFile(optarg, ProgramCertificate));
CASE('K', ProgramFile(optarg, ProgramPrivateKey));
#endif
Add storing folders in redbean from CLI (#366)
2022-03-15 00:19:31 +00:00
default:
Add seccomp bpf sandboxing to redbean It's now possible to pass the `-S` or `-SS` flags to sandbox redbean worker proecsses after they've been forked. The first `-S` flag is intended to be a permissive builtin policy that limits system calls to only that which the various parts of redbean serving need. The second `-SS` flag is intended to be more restrictive, preventing things like the Lua extensions you download off the web from using the HTTP client or sockets APIs. In upcoming changes you'll be able to implement your own Berkeley Packet Filter sandbox programs and load them via Lua.
2022-04-18 15:54:42 +00:00
PrintUsage(2, EX_USAGE);
Add storing folders in redbean from CLI (#366)
2022-03-15 00:19:31 +00:00
}
}
// if storing asset(s) is requested, don't need to continue
if (storeasset) exit(0);
}
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
void RedBean(int argc, char *argv[]) {
Improve Redbean shutdown (#506) * Update redbean shutdown to call OnServerStop when all shutdown/logging is done * Move closing file descriptors during daemonization earlier This should fix using opened file descriptors, for example, SQLite DB files and redbean itself when StoreAsset is used. Fixes #182. * Move opening logs earlier to capture logs from Listen and .init.lua * Move pidpath handling outside of daemonize, as it can be used independently
2022-07-24 01:58:31 +00:00
char ibuf[21];
int fd;
Make improvements - Add rusage to redbean Lua API - Add more redbean documentation - Add pledge() to redbean Lua API - Polyfill OpenBSD pledge() for Linux - Increase PATH_MAX limit to 1024 characters - Untrack sibling processes after fork() on Windows
2022-04-28 16:42:36 +00:00
if (IsLinux()) {
Explicitly disable Linux capabilities
2022-07-23 19:06:41 +00:00
// disable weird linux capabilities
for (int e = errno, i = 0;; ++i) {
if (prctl(PR_CAPBSET_DROP, i) == -1) {
errno = e;
break;
}
}
Make improvements - Add rusage to redbean Lua API - Add more redbean documentation - Add pledge() to redbean Lua API - Polyfill OpenBSD pledge() for Linux - Increase PATH_MAX limit to 1024 characters - Untrack sibling processes after fork() on Windows
2022-04-28 16:42:36 +00:00
// disable sneak privilege since we don't use them
// seccomp will fail later if this fails
prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
}
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
reader = read;
writer = WritevAll;
Improve cancellations, randomness, and time - Exhaustively document cancellation points - Rename SIGCANCEL to SIGTHR just like BSDs - Further improve POSIX thread cancellations - Ensure asynchronous cancellations work correctly - Elevate the quality of getrandom() and getentropy() - Make futexes cancel correctly on OpenBSD 6.x and 7.x - Add reboot.com and shutdown.com to examples directory - Remove underscore prefix from awesome timespec_*() APIs - Create assertions that help verify our cancellation points - Remove bad timespec APIs (cmp generalizes eq/ne/gt/gte/lt/lte)
2022-11-06 02:49:41 +00:00
gmtoff = GetGmtOffset((lastrefresh = startserver = timespec_real()).tv_sec);
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
mainpid = getpid();
Avoid long double timestamps in redbean
2022-08-06 02:24:05 +00:00
heartbeatinterval.tv_sec = 5;
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
CHECK_GT(CLK_TCK, 0);
CHECK_NE(MAP_FAILED,
(shared = mmap(NULL, ROUNDUP(sizeof(struct Shared), FRAMESIZE),
PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANONYMOUS,
-1, 0)));
Improve Redbean shutdown (#506) * Update redbean shutdown to call OnServerStop when all shutdown/logging is done * Move closing file descriptors during daemonization earlier This should fix using opened file descriptors, for example, SQLite DB files and redbean itself when StoreAsset is used. Fixes #182. * Move opening logs earlier to capture logs from Listen and .init.lua * Move pidpath handling outside of daemonize, as it can be used independently
2022-07-24 01:58:31 +00:00
if (daemonize) {
for (int i = 0; i < 256; ++i) {
Fix stderr being improperly closed during daemonization (#513) This may happen when ProgramLogPath is used after a file descriptor is already used by an earlier call (for example, to open an SQLite file).
2022-08-05 21:57:17 +00:00
close(i);
Improve Redbean shutdown (#506) * Update redbean shutdown to call OnServerStop when all shutdown/logging is done * Move closing file descriptors during daemonization earlier This should fix using opened file descriptors, for example, SQLite DB files and redbean itself when StoreAsset is used. Fixes #182. * Move opening logs earlier to capture logs from Listen and .init.lua * Move pidpath handling outside of daemonize, as it can be used independently
2022-07-24 01:58:31 +00:00
}
open("/dev/null", O_RDONLY);
open("/dev/null", O_WRONLY);
Fix stderr being improperly closed during daemonization (#513) This may happen when ProgramLogPath is used after a file descriptor is already used by an earlier call (for example, to open an SQLite file).
2022-08-05 21:57:17 +00:00
open("/dev/null", O_WRONLY);
Improve Redbean shutdown (#506) * Update redbean shutdown to call OnServerStop when all shutdown/logging is done * Move closing file descriptors during daemonization earlier This should fix using opened file descriptors, for example, SQLite DB files and redbean itself when StoreAsset is used. Fixes #182. * Move opening logs earlier to capture logs from Listen and .init.lua * Move pidpath handling outside of daemonize, as it can be used independently
2022-07-24 01:58:31 +00:00
}
Make improvements - Add GetCpuCount() API to redbean - Add unix.gmtime() API to redbean - Add unix.readlink() API to redbean - Add unix.localtime() API to redbean - Perfect the new redbean UNIX module APIs - Integrate with Linux clock_gettime() vDSO - Run Lua garbage collector when malloc() fails - Fix another regression quirk with linenoise repl - Fix GetProgramExecutableName() for systemwide installs - Fix a build flake with test/libc/mem/test.mk SRCS list
2022-04-26 04:16:05 +00:00
zpath = GetProgramExecutableName();
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
CHECK_NE(-1, (zfd = open(zpath, O_RDONLY)));
CHECK_NE(-1, fstat(zfd, &zst));
OpenZip(true);
SetDefaults();
Redbean StoreAsset fix and lua cli (#326) * Fix StoreAsset update for existing assets in redbean * Add lua code execution and asset storage from redbean command line
2022-03-05 02:47:15 +00:00
LuaStart();
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
GetOpts(argc, argv);
Make fixes and improvements - Invent iso8601us() for faster timestamps - Improve --strace descriptions of sigset_t - Rebuild the Landlock Make bootstrap binary - Introduce MODE=sysv for non-Windows builds - Permit OFD fcntl() locks under pledge(flock) - redbean can now protect your kernel from ddos - Have vfork() fallback to sys_fork() not fork() - Change kmalloc() to not die when out of memory - Improve documentation for some termios functions - Rewrite putenv() and friends to conform to POSIX - Fix linenoise + strace verbosity issue on Windows - Fix regressions in our ability to show backtraces - Change redbean SetHeader() to no-op if value is nil - Improve fcntl() so SQLite locks work in non-WAL mode - Remove some unnecessary work during fork() on Windows - Create redbean-based SSL reverse proxy for IPv4 TurfWar - Fix ape/apeinstall.sh warning when using non-bash shells - Add ProgramTrustedIp(), and IsTrustedIp() APIs to redbean - Support $PWD, $UID, $GID, and $EUID in command interpreter - Introduce experimental JTqFpD APE prefix for non-Windows builds - Invent blackhole daemon for firewalling IP addresses via UNIX named socket - Add ProgramTokenBucket(), AcquireToken(), and CountTokens() APIs to redbean
2022-10-17 18:02:04 +00:00
// this can fail with EPERM if we're running under pledge()
if (!interpretermode && !(interfaces = GetHostIps())) {
WARNF("(srvr) failed to query system network interface addresses: %m");
}
Bump redbean to 2.0.9
2022-07-09 12:49:19 +00:00
#ifndef STATIC
Fix GitHub actions Our build was flaking due to ETXTBSY errors running multiple redbean instances in parallel. This is due to the StoreAsset() support which seems to cause enough problems it's worth making a *breaking change* turning it off by default for now. There's a new -* flag, to restore redbean's old self-modifying behavior.
2022-07-09 08:18:55 +00:00
if (selfmodifiable) {
MakeExecutableModifiable();
}
Bump redbean to 2.0.9
2022-07-09 12:49:19 +00:00
#endif
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
LuaInit();
oldloglevel = __log_level;
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
if (uniprocess) {
shared->workers = 1;
}
Improve Redbean shutdown (#506) * Update redbean shutdown to call OnServerStop when all shutdown/logging is done * Move closing file descriptors during daemonization earlier This should fix using opened file descriptors, for example, SQLite DB files and redbean itself when StoreAsset is used. Fixes #182. * Move opening logs earlier to capture logs from Listen and .init.lua * Move pidpath handling outside of daemonize, as it can be used independently
2022-07-24 01:58:31 +00:00
if (daemonize) {
if (!logpath) ProgramLogPath("/dev/null");
dup2(2, 1);
}
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
SigInit();
Listen();
TlsInit();
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt
2021-06-24 19:31:26 +00:00
if (launchbrowser) {
LaunchBrowser(launchbrowser);
Fix redbean zip central directory lookup This regression snuck in at some point. It resulted in the program sometimes failing to load when the zip content was changed.
2021-02-27 18:47:19 +00:00
}
Reduce number of disk seeks in redbean
2021-05-03 08:21:50 +00:00
if (daemonize) {
Daemonize();
}
Improve Redbean shutdown (#506) * Update redbean shutdown to call OnServerStop when all shutdown/logging is done * Move closing file descriptors during daemonization earlier This should fix using opened file descriptors, for example, SQLite DB files and redbean itself when StoreAsset is used. Fixes #182. * Move opening logs earlier to capture logs from Listen and .init.lua * Move pidpath handling outside of daemonize, as it can be used independently
2022-07-24 01:58:31 +00:00
if (pidpath) {
fd = open(pidpath, O_CREAT | O_WRONLY, 0644);
WRITE(fd, ibuf, FormatInt32(ibuf, getpid()) - ibuf);
close(fd);
}
ChangeUser();
Improve cancellations, randomness, and time - Exhaustively document cancellation points - Rename SIGCANCEL to SIGTHR just like BSDs - Further improve POSIX thread cancellations - Ensure asynchronous cancellations work correctly - Elevate the quality of getrandom() and getentropy() - Make futexes cancel correctly on OpenBSD 6.x and 7.x - Add reboot.com and shutdown.com to examples directory - Remove underscore prefix from awesome timespec_*() APIs - Create assertions that help verify our cancellation points - Remove bad timespec APIs (cmp generalizes eq/ne/gt/gte/lt/lte)
2022-11-06 02:49:41 +00:00
UpdateCurrentDate(timespec_real());
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
CollectGarbage();
Make major improvements to redbean - lua server pages - lua http library - http v0.9 support - request uri parsing - fork failure recovery - accelerated redirects - http pipelining support - lenient message framing - html / uri / js escaping - fix shutdown signal handling
2021-03-25 09:21:13 +00:00
hdrbuf.n = 4 * 1024;
Reduce number of disk seeks in redbean
2021-05-03 08:21:50 +00:00
hdrbuf.p = xmalloc(hdrbuf.n);
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
inbuf_actual.n = maxpayloadsize;
inbuf_actual.p = xmalloc(inbuf_actual.n);
inbuf = inbuf_actual;
Add state assertions to redbean Lua APIs Many of the API functions provided by redbean are only appropriate to call in certain contexts, such as request handling or .init.lua, etc. For example, Fetch can't be called from the global scope of .init.lua because SSL hasn't been configured yet. Earlier if this happened then redbean would crash, which was confusing. What we'll do now is show a friendly error message. See #97 This change also undocuments redbean ssl compression support since it seems to be causing a flake in the testing infrastructure.
2021-08-09 21:45:52 +00:00
isinitialized = true;
Make improvements to redbean The following Lua APIs have been added: - IsDaemon() → bool - ProgramPidPath(str) The following Lua hooks have been added: - OnClientConnection(ip:int,port:int,serverip:int,serverport:int) → bool - OnProcessCreate(pid:int,ip:int,port:int,serverip:int,serverport:int) - OnProcessDestroy(pid:int) - OnServerStart() - OnServerStop() - OnWorkerStart() - OnWorkerStop() redbean now does a better job at applying gzip on the fly from the local filesystem, using a streaming chunked api with constant memory, which is useful for doing things like serving a 4gb text file off NFS, and having it start transmitting in milliseconds. redbean will also compute entropy on the beginnings of files to determine if compression is profitable. This change pays off technical debts relating to memory, such as relying on exit() to free() allocations. That's now mostly fixed so it should be easier now to spot memory leaks in malloc traces. This change also fixes bugs and makes improvements to our SSL support. Uniprocess mode failed handshakes are no longer an issue. Token Alpn is offered so curl -v looks less weird. Hybrid SSL certificate loading is now smarter about naming conflicts. Self-signed CA root anchors will no longer be delivered to the client during the handshake.
2021-07-10 22:02:03 +00:00
CallSimpleHookIfDefined("OnServerStart");
Improve redbean plus code size optimizations This change turns symbol table compression back on using Puff, which noticeably reduces the size of programs like redbean and Python. The redbean web server receives some minor API additions for controlling things like SSL in addition to filling gaps in the documentation.
2022-05-29 15:14:55 +00:00
if (!IsTiny()) {
if (monitortty && (daemonize || uniprocess)) {
monitortty = 0;
}
if (monitortty) {
MonitorMemory();
}
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
}
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
#ifdef STATIC
Improve cancellations, randomness, and time - Exhaustively document cancellation points - Rename SIGCANCEL to SIGTHR just like BSDs - Further improve POSIX thread cancellations - Ensure asynchronous cancellations work correctly - Elevate the quality of getrandom() and getentropy() - Make futexes cancel correctly on OpenBSD 6.x and 7.x - Add reboot.com and shutdown.com to examples directory - Remove underscore prefix from awesome timespec_*() APIs - Create assertions that help verify our cancellation points - Remove bad timespec APIs (cmp generalizes eq/ne/gt/gte/lt/lte)
2022-11-06 02:49:41 +00:00
EventLoop(timespec_tomillis(heartbeatinterval));
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
#else
Add seccomp bpf sandboxing to redbean It's now possible to pass the `-S` or `-SS` flags to sandbox redbean worker proecsses after they've been forked. The first `-S` flag is intended to be a permissive builtin policy that limits system calls to only that which the various parts of redbean serving need. The second `-SS` flag is intended to be more restrictive, preventing things like the Lua extensions you download off the web from using the HTTP client or sockets APIs. In upcoming changes you'll be able to implement your own Berkeley Packet Filter sandbox programs and load them via Lua.
2022-04-18 15:54:42 +00:00
GetHostsTxt(); // for effect
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
GetResolvConf(); // for effect
Make improvements - Expand redbean UNIX module - Expand redbean documentation - Ensure Lua copyright is embedded in binary - Increase the PATH_MAX limit especially on NT - Use column major sorting for linenoise completions - Fix some suboptimalities in redbean's new UNIX API - Figured out right flags for Multics newline in raw mode
2022-04-24 16:59:22 +00:00
if (daemonize || uniprocess || !linenoiseIsTerminal()) {
Improve cancellations, randomness, and time - Exhaustively document cancellation points - Rename SIGCANCEL to SIGTHR just like BSDs - Further improve POSIX thread cancellations - Ensure asynchronous cancellations work correctly - Elevate the quality of getrandom() and getentropy() - Make futexes cancel correctly on OpenBSD 6.x and 7.x - Add reboot.com and shutdown.com to examples directory - Remove underscore prefix from awesome timespec_*() APIs - Create assertions that help verify our cancellation points - Remove bad timespec APIs (cmp generalizes eq/ne/gt/gte/lt/lte)
2022-11-06 02:49:41 +00:00
EventLoop(timespec_tomillis(heartbeatinterval));
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
} else if (IsWindows()) {
Make _Thread_local work across platforms We now rewrite the binary image at runtime on Windows and XNU to change mov %fs:0,%reg instructions to use %gs instead. There's also simpler threading API introduced by this change and it's called _spawn() and _join(), which has replaced most clone() usage.
2022-07-10 11:01:17 +00:00
CHECK_NE(-1, _spawn(WindowsReplThread, 0, &replth));
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
EventLoop(100);
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
} else {
Do code cleanup use duff device linenoise i/o
2022-04-23 01:55:28 +00:00
ReplEventLoop();
Add lua repl interface to redbean You can now interact with the global web server state on the command line, which the web server is running. This supports Emacs shortcuts with history, readline parity, <tab> completions, plus hints. Enjoy!
2022-04-17 03:29:08 +00:00
}
#endif
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
if (!isexitingworker) {
if (!IsTiny()) {
Make _Thread_local work across platforms We now rewrite the binary image at runtime on Windows and XNU to change mov %fs:0,%reg instructions to use %gs instead. There's also simpler threading API introduced by this change and it's called _spawn() and _join(), which has replaced most clone() usage.
2022-07-10 11:01:17 +00:00
terminatemonitor = true;
_join(&monitorth);
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
}
#ifndef STATIC
Make _Thread_local work across platforms We now rewrite the binary image at runtime on Windows and XNU to change mov %fs:0,%reg instructions to use %gs instead. There's also simpler threading API introduced by this change and it's called _spawn() and _join(), which has replaced most clone() usage.
2022-07-10 11:01:17 +00:00
_join(&replth);
Make fixes and improvements - Introduce __assert_disable global - Improve strsignal() thread safety - Make system call tracing thread safe - Fix SO_RCVTIMEO / SO_SNDTIMEO on Windows - Refactor DescribeFoo() functions into one place - Fix fork() on Windows when TLS and MAP_STACK exist - Round upwards in setsockopt(SO_RCVTIMEO) on Windows - Disable futexes on OpenBSD which seem extremely broken - Implement a better kludge for monotonic time on Windows
2022-06-26 01:17:31 +00:00
#endif
Improve Redbean shutdown (#506) * Update redbean shutdown to call OnServerStop when all shutdown/logging is done * Move closing file descriptors during daemonization earlier This should fix using opened file descriptors, for example, SQLite DB files and redbean itself when StoreAsset is used. Fixes #182. * Move opening logs earlier to capture logs from Listen and .init.lua * Move pidpath handling outside of daemonize, as it can be used independently
2022-07-24 01:58:31 +00:00
HandleShutdown();
CallSimpleHookIfDefined("OnServerStop");
Add raw memory visualization tool to redbean This change introduces a `-W /dev/pts/1` flag to redbean. What it does is use the mincore() system call to create a dual-screen terminal display that lets you troubleshoot the virtual address space. This is useful since page faults are an important thing to consider when using a forking web server. Now we have a colorful visualization of which pages are going to fault and which ones are resident in memory. The memory monitor, if enabled, spawns as a thread that just outputs ANSI codes to the second terminal in a loop. In order to make this happen using the new clone() polyfill, stdio is now thread safe. This change also introduces some new demo pages to redbean. It also polishes the demos we already have, to look a bit nicer and more presentable for the upcoming release, with better explanations too.
2022-05-14 11:33:58 +00:00
}
Improve Redbean shutdown (#506) * Update redbean shutdown to call OnServerStop when all shutdown/logging is done * Move closing file descriptors during daemonization earlier This should fix using opened file descriptors, for example, SQLite DB files and redbean itself when StoreAsset is used. Fixes #182. * Move opening logs earlier to capture logs from Listen and .init.lua * Move pidpath handling outside of daemonize, as it can be used independently
2022-07-24 01:58:31 +00:00
if (!IsTiny()) {
LuaDestroy();
TlsDestroy();
MemDestroy();
Handle wildcard certificates in redbean
2022-06-11 04:51:46 +00:00
}
Add fixes performance and static web server
2020-10-06 06:11:49 +00:00
}
int main(int argc, char *argv[]) {
Add `/.args` feature to Redbean/Lua/SQLite/Python/QuickJS You now have some ability to truly make an executable yours, by adding a `.args` file to the root of the zip structure. If this is specified, then you'll be overriding the default CLI args. This will be a great feature for folks who want to distribute their own apps, using the interpreter executable, but have the executable appears to be just your app rather than being the interpreter.
2022-05-12 18:01:58 +00:00
LoadZipArgs(&argc, &argv);
Add live reindexing to redbean when zip changes
2021-05-02 18:50:43 +00:00
RedBean(argc, argv);
Bump redbean to 2.0.9
2022-07-09 12:49:19 +00:00
// try to detect memory leaks upon:
// 1. main process exit
// 2. unwound worker exit
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
if (IsModeDbg()) {
Bump redbean to 2.0.9
2022-07-09 12:49:19 +00:00
if (isexitingworker) {
if (IsWindows()) {
// TODO(jart): Get windows worker leak detector working again.
return 0;
CloseServerFds();
}
Make _Thread_local work across platforms We now rewrite the binary image at runtime on Windows and XNU to change mov %fs:0,%reg instructions to use %gs instead. There's also simpler threading API introduced by this change and it's called _spawn() and _join(), which has replaced most clone() usage.
2022-07-10 11:01:17 +00:00
_join(&replth);
linenoiseDisableRawMode();
linenoiseHistoryFree();
Bump redbean to 2.0.9
2022-07-09 12:49:19 +00:00
}
Make exciting improvements - Add Lua backtraces to redbean! - Wipe serving keys after redbean forks - Audit redbean to remove free via exit - Log SSL client ciphersuite preferences - Increase ASAN malloc() backtrace depth - Make GetSslRoots() behave as a singleton - Move leaks.c from LIBC_TESTLIB to LIBC_LOG - Add undocumented %n to printf() for newlines - Fix redbean memory leak reindexing inode change - Fix redbean memory leak with Fetch() DNS object - Restore original environ after __cxa_finalize() - Make backtrace always work after __cxa_finalize() - Introduce COUNTEXPR() diagnostic / benchmark tool - Fix a few more instances of errno being clobbered - Consolidate the ANSI color disabling internal APIs
2022-03-18 09:33:37 +00:00
CheckForMemoryLeaks();
}
Bump redbean to 2.0.9
2022-07-09 12:49:19 +00:00
Make improvements - Emulator can now test the αcτµαlly pδrταblε εxεcµταblε bootloader - Whipped up a webserver named redbean. It services 150k requests per second on a single core. Bundling assets inside zip enables extremely fast serving for two reasons. The first is that zip central directory lookups go faster than stat() system calls. The second is that both zip and gzip content-encoding use DEFLATE, therefore, compressed responses can be served via the sendfile() system call which does an in-kernel copy directly from the zip executable structure. Also note that red bean zip executables can be deployed easily to all platforms, since these native executables work on Linux, Mac, BSD, and Windows. - Address sanitizer now works very well
2020-09-07 04:39:00 +00:00
return 0;
}
Reference in a new issue Copy permalink