lighty.c.b64urldec validate and decode base64url
lighty.c.b64urlenc base64url encode, no padding
lighty.c.b64dec validate and decode base64
lighty.c.b64enc base64 encode, no padding
lighty.c.hexdec validate and decode hex str
lighty.c.hexenc uc; lc w/ lua s = s:lower()
lighty.c.xmlenc xml-encode/html-encode: <>&'\"`
lighty.c.urldec url-decode
lighty.c.urlenc url-encode
lighty.c.urldec_query url-decode query-string
lighty.c.urlenc_query url-encode query-string
lighty.c.urlenc_normalize url-encode normalization
lighty.c.fspath_simplify simplify fspath
Note: the "lighty.c.*" namespace is EXPERIMENTAL / UNSTABLE
In the future, these may be removed, altered, or moved to a different
namespace.
protect lighty table against mistaken modification
(lighty table is resused between script invocations)
detect if lighty.content[] is set by script (or if not set)
lighty.stat now returns a userdata object instead of a populated table.
The userdata object provides methods to access the (stat_cache_entry *)
stored in the userdata object. (This approach is often much faster than
populating the table of stat entries, as the fields get copied on demand
(upon use) into lua types.)
allow modification of request headers, with some limitations:
- lighttpd config conditions are not reset;
lua script must return lighty.RESTART_REQUEST to reprocess request
(if applicable to the running lighttpd config)
- lighttpd config request header policy is not applied;
lua script must not set unvalidated, untrusted, or non-normalized vals
- Host may not be unset
- Content-Length may not be modified
- some hop-by-hop (connection) level headers may not be modified
(e.g. Connection, Transfer-Encoding)
lighty.c.md("algo", "data")
lighty.c.hmac("algo", "secret", "data")
"algo" can be one of: "md5", "sha1", "sha256", "sha512"
(as long as lighttpd compiled w/ crypto lib supporting those algorithms)
lighty.c.digest_eq("digest1", "digest2")
- performs a timing-safe, case-insensitive comparison of two hex digests
- "digest1" and "digest2" are hex strings (of binary digests)
- returns boolean true or false
lighty.c.secret_eq("data1", "data2")
- performs a timing-safe comparison of two strings
(and attempts to hides differences in string lengths)
- "data1" and "data2" are strings
- returns boolean true or false
lighty.c.time()
- cached time(); seconds since 1 Jan 1970 00:00:00 GMT
(faster than os.time())
lighty.c.rand()
- generate pseudo-random number
Note: the "lighty.c.*" namespace is EXPERIMENTAL / UNSTABLE
In the future, these may be removed, altered, or moved to a different
namespace.
If a system call returns EMFILE, then admin should increase
server.max-fds and check/increase rlimits for num files (ulimit -Hn)
Alternatively, the admin might decrease server.max-connections to limit
the number of connections served in parallel.
merge connection_list_append() into connection_fdwaitqueue_append()
(not converted to singly-linked-list since fdwaitqueue is not expected
to be used during normal operation (except extreme overload condition),
so use allocated list of pointers (allocated when needed) instead of
adding ptr member to (every) allocated struct connection)
remove connections-glue.c
remove inclusion of connections.h by non-base files
avoids separate memory allocation for list of pointers
adds ability to check if con is already in joblist,
so do not re-add con if already in joblist
since con is checked if in joblist before being added to joblist,
there is no longer need for two lists and jobs can be processed
before poll() for to process new events
srv->lim_conns tracks remaining conns until limit is reached,
replacing (srv->max_conns - srv->conns.used)
srv->srvconf.max_conns is now updated at startup, so
srv->srvconf.max_conns serves as srv->max_conns
keep conns_pool of struct connection separate from conns list
and allocate conns list to srv->srvconf.max_conns size at startup
x-ref:
"Memory fragmentation with HTTP/2 enabled"
https://redmine.lighttpd.net/issues/3084
return HANDLER_FINISHED from http_response_read() if response finished,
whether due to reading EOF (prior behavior), or if Content-Length was
provided and we have finished reading Content-Length, or if a module
sets r->resp_body_finished for any other reason. This may save an
unnecessary poll() and read() to receive EOF when Content-Length has
already been read.
manage r->resp_body_scratchpad in new funcs
http_response_append_buffer()
http_response_append_mem()
rather than
http_chunk_decode_append_buffer()
http_chunk_decode_append_mem()
which now only decode chunked encoding, more apropos for the func names
mod_compress was removed in lighttpd 1.4.56, subsumed by mod_deflate.
distros may package mod_deflate separately from the lighttpd package.
However, existing configurations may reference mod_compress.
lighttpd maps the reference from mod_compress to mod_deflate,
but after a system is upgraded to lighttpd 1.4.56 or later,
mod_compress may have been removed, and mod_deflate -- which
might be a separate package -- might not be installed.
lighttpd will still issue error trace about the missing mod_deflate
modules, as well as about the unrecognized configuration directives
(compress.* or deflate.*), but this will no longer be a fatal error.
If mod_sockproxy -- or other connection-level handler -- has been set
on the request prior to mod_openssl processing TLS Client Hello, then
failure to match ALPN protocol is no longer treated as a TLS connection
setup error.
x-ref:
"sockproxy: Do not validate ALPN protocols"
https://redmine.lighttpd.net/issues/3081
Juliusz Sosinowicz