a1batross
/
kore
forked from mirrors/kore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
kore/src/kore.c

987 lines
20 KiB
C
Raw Normal View History

first commit
2013-04-17 22:34:27 +02:00
/*
bump copyright year.
2021-01-11 23:46:08 +01:00
* Copyright (c) 2013-2021 Joris Vink <joris@coders.se>
first commit
2013-04-17 22:34:27 +02:00
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
Stop client initiated TLS renegotiations completely.
2015-05-20 16:36:13 +02:00
#include <sys/types.h>
Massive rework of HTTP layer. This commit is a flag day, your old modules will almost certainly need to be updated in order to build properly with these changes. Summary of changes: - Offload HTTP bodies to disk if they are large (inspired by #100). (disabled by default) - The http_argument_get* macros now takes an explicit http_request parameter. - Kore will now throw 404 errors almost immediately after an HTTP request has come in instead of waiting until all data has arrived. API changes: - http_argument_get* macros now require an explicit http_request parameter. (no more magic invokations). - http_generic_404() is gone - http_populate_arguments() is gone - http_body_bytes() is gone - http_body_text() is gone - http_body_read() has been added - http_populate_post() has been added - http_populate_get() has been added - http_file_read() has been added - http_file_rewind() has been added - http_file_lookup() no longer takes name, fname, data and len parameters. - http_file_lookup() now returns a struct http_file pointer. - http_populate_multipart_form() no longer takes an secondary parameter. New configuration options: - http_body_disk_offload: Number of bytes after which Kore will offload the HTTP body to disk instead of retaining it in memory. If 0 this feature is disabled. (Default: 0) - http_body_disk_path: The path where Kore will store temporary HTTP body files. (this directory does not get created if http_body_disk_offload is 0). New example: The upload example has been added, demonstrating how to deal with file uploads from a multipart form.
2016-01-18 11:30:22 +01:00
#include <sys/stat.h>
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
#include <sys/un.h>
Massive rework of HTTP layer. This commit is a flag day, your old modules will almost certainly need to be updated in order to build properly with these changes. Summary of changes: - Offload HTTP bodies to disk if they are large (inspired by #100). (disabled by default) - The http_argument_get* macros now takes an explicit http_request parameter. - Kore will now throw 404 errors almost immediately after an HTTP request has come in instead of waiting until all data has arrived. API changes: - http_argument_get* macros now require an explicit http_request parameter. (no more magic invokations). - http_generic_404() is gone - http_populate_arguments() is gone - http_body_bytes() is gone - http_body_text() is gone - http_body_read() has been added - http_populate_post() has been added - http_populate_get() has been added - http_file_read() has been added - http_file_rewind() has been added - http_file_lookup() no longer takes name, fname, data and len parameters. - http_file_lookup() now returns a struct http_file pointer. - http_populate_multipart_form() no longer takes an secondary parameter. New configuration options: - http_body_disk_offload: Number of bytes after which Kore will offload the HTTP body to disk instead of retaining it in memory. If 0 this feature is disabled. (Default: 0) - http_body_disk_path: The path where Kore will store temporary HTTP body files. (this directory does not get created if http_body_disk_offload is 0). New example: The upload example has been added, demonstrating how to deal with file uploads from a multipart form.
2016-01-18 11:30:22 +01:00
first commit
2013-04-17 22:34:27 +02:00
#include <sys/socket.h>
Stop client initiated TLS renegotiations completely.
2015-05-20 16:36:13 +02:00
#include <sys/resource.h>
first commit
2013-04-17 22:34:27 +02:00
add kore_proctitle(). manipulates the argv+environ pointers to get a sensible process title under linux / darwin.
2019-03-29 16:24:14 +01:00
#include <libgen.h>
Add asynchronous subprocess support. This adds kore.proc to the python runtime allowing async processing handling: The kore.proc method takes the command to run and an optional timeout parameter in milliseconds. If the process did not exit normally after that amount of time a TimeoutError exception is raised. For instance: async def run(cmd): proc = kore.proc(cmd, 1000) try: await proc.send("hello") proc.close_stdin() except TimeoutError: proc.kill() retcode = await proc.reap() return retcode
2018-10-26 19:19:47 +02:00
#include <fcntl.h>
Add missing C library headers
2016-01-22 12:08:13 +01:00
#include <stdio.h>
add IPv6 support and support for multiple listeners.
2013-07-27 20:56:15 +02:00
#include <netdb.h>
allow sending SIGHUP to kore, which will then reload its content module
2013-05-03 00:04:06 +02:00
#include <signal.h>
first commit
2013-04-17 22:34:27 +02:00
#include "kore.h"
Massive rework of HTTP layer. This commit is a flag day, your old modules will almost certainly need to be updated in order to build properly with these changes. Summary of changes: - Offload HTTP bodies to disk if they are large (inspired by #100). (disabled by default) - The http_argument_get* macros now takes an explicit http_request parameter. - Kore will now throw 404 errors almost immediately after an HTTP request has come in instead of waiting until all data has arrived. API changes: - http_argument_get* macros now require an explicit http_request parameter. (no more magic invokations). - http_generic_404() is gone - http_populate_arguments() is gone - http_body_bytes() is gone - http_body_text() is gone - http_body_read() has been added - http_populate_post() has been added - http_populate_get() has been added - http_file_read() has been added - http_file_rewind() has been added - http_file_lookup() no longer takes name, fname, data and len parameters. - http_file_lookup() now returns a struct http_file pointer. - http_populate_multipart_form() no longer takes an secondary parameter. New configuration options: - http_body_disk_offload: Number of bytes after which Kore will offload the HTTP body to disk instead of retaining it in memory. If 0 this feature is disabled. (Default: 0) - http_body_disk_path: The path where Kore will store temporary HTTP body files. (this directory does not get created if http_body_disk_offload is 0). New example: The upload example has been added, demonstrating how to deal with file uploads from a multipart form.
2016-01-18 11:30:22 +01:00
#if !defined(KORE_NO_HTTP)
#include "http.h"
#endif
Add asynchronous libcurl support. This commit adds the CURL=1 build option. When enabled allows you to schedule CURL easy handles onto the Kore event loop. It also adds an easy to use HTTP client API that abstracts away the settings required from libcurl to make HTTP requests. Tied together with HTTP request state machines this means you can write fully asynchronous HTTP client requests in an easy way. Additionally this exposes that API to the Python code as well allowing you do to things like: client = kore.httpclient("https://kore.io") status, body = await client.get() Introduces 2 configuration options: - curl_recv_max Max incoming bytes for a response. - curl_timeout Timeout in seconds before a transfer is cancelled. This API also allows you to take the CURL easy handle and send emails with it, run FTP, etc. All asynchronously.
2019-04-24 00:10:47 +02:00
#if defined(KORE_USE_CURL)
#include "curl.h"
#endif
python pgsql changes. - decouple pgsql from the HTTP request allowing it to be used in other contexts as well (such as a task, etc). - change names to dbsetup() and dbquery(). eg: result = kore.dbquery("db", "select foo from bar")
2019-09-04 19:57:28 +02:00
#if defined(KORE_USE_PGSQL)
#include "pgsql.h"
#endif
Add initial python support. Based on work done by Stanislav Yudin.
2017-01-12 23:38:51 +01:00
#if defined(KORE_USE_PYTHON)
#include "python_api.h"
#endif
Add acmev2 (RFC8555) support to Kore. A new acme process is created that communicates with the acme servers. This process does not hold any of your private keys (no account keys, no domain keys etc). Whenever the acme process requires a signed payload it will ask the keymgr process to do the signing with the relevant keys. This process is also sandboxed with pledge+unveil on OpenBSD and seccomp syscall filtering on Linux. The implementation only supports the tls-alpn-01 challenge. This means that you do not need to open additional ports on your machine. http-01 and dns-01 are currently not supported (no wildcard support). A new configuration option "acme_provider" is available and can be set to the acme server its directory. By default this will point to the live letsencrypt environment: https://acme-v02.api.letsencrypt.org/directory The acme process can be controlled via the following config options: - acme_root (where the acme process will chroot/chdir into). - acme_runas (the user the acme process will run as). If none are set, the values from 'root' and 'runas' are taken. If you want to turn on acme for domains you do it as follows: domain kore.io { acme yes } You do not need to specify certkey/certfile anymore, if they are present still they will be overwritten by the acme system. The keymgr will store all certificates and keys under its root (keymgr_root), the account key is stored as "/account-key.pem" and all obtained certificates go under "certificates/<domain>/fullchain.pem" while keys go under "certificates/<domain>/key.pem". Kore will automatically renew certificates if they will expire in 7 days or less.
2019-11-06 19:33:53 +01:00
#if defined(KORE_USE_ACME)
#include "acme.h"
#endif
minor style
2018-04-13 16:05:59 +02:00
volatile sig_atomic_t sig_recv;
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
struct kore_server_list kore_servers;
add IPv6 support and support for multiple listeners.
2013-07-27 20:56:15 +02:00
u_int8_t nlisteners;
add kore_proctitle(). manipulates the argv+environ pointers to get a sensible process title under linux / darwin.
2019-03-29 16:24:14 +01:00
int kore_argc = 0;
refactor code quite a bit.
2013-06-26 11:18:32 +02:00
pid_t kore_pid = -1;
Add BSD kqueue(2) support. Compile with make bsd (or make linux for linux)
2013-06-17 23:39:17 +02:00
u_int16_t cpu_count = 1;
configuration files are now passed using the -c option. allow debug output when the -d flag is specified.
2013-06-05 08:55:07 +02:00
int kore_debug = 0;
Add -q flag. If specified Kore will run quietly and only log important messages.
2018-11-15 16:01:37 +01:00
int kore_quiet = 0;
Make runas behave similarly to chroot. Add new command line knob '-r', that disables runas similar to '-n', it's implied as well for kore command runs. Add default runas (nobody) user and chroot (/var/empty) path, if none are specified, fallback to these.
2015-05-18 21:34:39 +02:00
int skip_runas = 0;
Allow on-the-fly reloading of certificates/keys. This commit introduces the ability for the keymgr process to reload the certificates/keys for domains when receiving a SIGUSR1 signal. The keymgr receives 2 new configuration options: - keymgr_root_path The root path where the keymgr will live. If -n is not specified when the application starts the keymgr process will chroot into here. - keymgr_runas_user The user the keymgr will drop privileges towards if -r was not specified. All certfile and certkey configuration options are now relative to the keymgr_root_path configuration setting. The keymgr process will now also load the certificate for the domain (rather then the workers) and submit these to the worker processes so they can be reloaded when required. Worker processes will refuse connections until the TLS configuration for a given domain is completed (aka: the workers receive the certificate for that domain). Other changes: - client_certificates renamed to client_verify. - the chroot configuration option is now called root. - kore is a little more verbose if privsep options are missing. - filemaps are now relative to the root configuration option.
2018-07-11 09:44:29 +02:00
int skip_chroot = 0;
u_int8_t worker_count = 0;
add kore_proctitle(). manipulates the argv+environ pointers to get a sensible process title under linux / darwin.
2019-03-29 16:24:14 +01:00
char **kore_argv = NULL;
rename foreground to kore_foreground.
2021-01-11 23:35:16 +01:00
int kore_foreground = 0;
add kore_proctitle(). manipulates the argv+environ pointers to get a sensible process title under linux / darwin.
2019-03-29 16:24:14 +01:00
char *kore_progname = NULL;
Allow on-the-fly reloading of certificates/keys. This commit introduces the ability for the keymgr process to reload the certificates/keys for domains when receiving a SIGUSR1 signal. The keymgr receives 2 new configuration options: - keymgr_root_path The root path where the keymgr will live. If -n is not specified when the application starts the keymgr process will chroot into here. - keymgr_runas_user The user the keymgr will drop privileges towards if -r was not specified. All certfile and certkey configuration options are now relative to the keymgr_root_path configuration setting. The keymgr process will now also load the certificate for the domain (rather then the workers) and submit these to the worker processes so they can be reloaded when required. Worker processes will refuse connections until the TLS configuration for a given domain is completed (aka: the workers receive the certificate for that domain). Other changes: - client_certificates renamed to client_verify. - the chroot configuration option is now called root. - kore is a little more verbose if privsep options are missing. - filemaps are now relative to the root configuration option.
2018-07-11 09:44:29 +02:00
char *kore_root_path = NULL;
char *kore_runas_user = NULL;
Improve very heavy load handling. Introduces two new configuration knobs: * socket_backlog (backlog for listen(2)) * http_request_limit The second one is the most interesting one. Before, kore would iterate over all received HTTP requests in its queue before returning out of http_process(). Under heavy load this queue can cause Kore to spend a considerable amount of time iterating over said queue. With the http_request_limit, kore will process at MOST http_request_limit requests before returning back to the event loop. This means responses to processed requests are sent out much quicker and allows kore to handle any other incoming requests more gracefully.
2015-04-09 15:29:44 +02:00
u_int32_t kore_socket_backlog = 5000;
write main process pid to /var/run/kore.pid (changable in configuration)
2013-06-04 16:53:30 +02:00
char *kore_pidfile = KORE_PIDFILE_DEFAULT;
Default to only TLSv1.2 from now on. Add configuration setting tls_version to specify if you either want TLSv1.2 or TLSv1.0 or both. The configuration options ssl_cipher and ssl_dhparam have changed name to tls_cipher and tls_dhparam. There is no fallback so you might have to update your configs.
2015-05-06 10:59:43 +02:00
char *kore_tls_cipher_list = KORE_DEFAULT_CIPHER_LIST;
first commit
2013-04-17 22:34:27 +02:00
add kore_proctitle(). manipulates the argv+environ pointers to get a sensible process title under linux / darwin.
2019-03-29 16:24:14 +01:00
extern char **environ;
Allow "kore build" to produce single binaries. Producing single binaries can now be done with building with "kore build". To get started edit your build.conf and add the following directives: single_binary = yes kore_source = /path/to/kore optionally you can add kore_flavor to instruct how kore should be built: kore_flavor = NOTLS=1 When doing this your build.conf must also include the correct linking options as the linking is now done fully by kore build. The binary produced will include your configuration and takes over a few of kore its command line flags (such as -f, -n or -r).
2016-07-06 16:16:15 +02:00
extern char *__progname;
make native proctitle better. count how much space is available for a mangled process title only once, and use that as reference later.
2019-04-29 21:08:58 +02:00
static size_t proctitle_maxlen = 0;
Allow "kore build" to produce single binaries. Producing single binaries can now be done with building with "kore build". To get started edit your build.conf and add the following directives: single_binary = yes kore_source = /path/to/kore optionally you can add kore_flavor to instruct how kore should be built: kore_flavor = NOTLS=1 When doing this your build.conf must also include the correct linking options as the linking is now done fully by kore build. The binary produced will include your configuration and takes over a few of kore its command line flags (such as -f, -n or -r).
2016-07-06 16:16:15 +02:00
configuration files are now passed using the -c option. allow debug output when the -d flag is specified.
2013-06-05 08:55:07 +02:00
static void usage(void);
Add -v to dump out version and compiled in features
2014-07-04 09:25:18 +02:00
static void version(void);
Remove getopt() for KORE_SINGLE_BINARY. If KORE_SINGLE_BINARY is enabled, remove the getopt() call that Kore does itself. This way all arguments are passed to the kore_parent_configure() hook as-is allowing developers to more easily implement their own option handling.
2020-09-08 22:38:06 +02:00
refactor code quite a bit.
2013-06-26 11:18:32 +02:00
static void kore_write_kore_pid(void);
make native proctitle better. count how much space is available for a mangled process title only once, and use that as reference later.
2019-04-29 21:08:58 +02:00
static void kore_proctitle_setup(void);
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
static void kore_server_sslstart(void);
Add kore_parent_daemonized(). This is called for single binaries after the parent process has called daemon(). Also fix kore_parent_configure() for !single binaries.
2018-10-18 17:18:41 +02:00
static void kore_server_start(int, char *[]);
make sure we can still run normal apps even with PYTHON=1
2019-09-26 20:38:02 +02:00
static void kore_call_parent_configure(int, char **);
first commit
2013-04-17 22:34:27 +02:00
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
#if !defined(KORE_SINGLE_BINARY) && defined(KORE_USE_PYTHON)
make sure we can still run normal apps even with PYTHON=1
2019-09-26 20:38:02 +02:00
static const char *parent_config_hook = KORE_PYTHON_CONFIG_HOOK;
static const char *parent_teardown_hook = KORE_PYTHON_TEARDOWN_HOOK;
#else
static const char *parent_config_hook = KORE_CONFIG_HOOK;
static const char *parent_teardown_hook = KORE_TEARDOWN_HOOK;
#if defined(KORE_SINGLE_BINARY)
static const char *parent_daemonized_hook = KORE_DAEMONIZED_HOOK;
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
#endif
#endif
configuration files are now passed using the -c option. allow debug output when the -d flag is specified.
2013-06-05 08:55:07 +02:00
static void
usage(void)
{
Remove getopt() for KORE_SINGLE_BINARY. If KORE_SINGLE_BINARY is enabled, remove the getopt() call that Kore does itself. This way all arguments are passed to the kore_parent_configure() hook as-is allowing developers to more easily implement their own option handling.
2020-09-08 22:38:06 +02:00
#if defined(KORE_USE_PYTHON)
fix usage for python builds. while here, force a module or script as a cli argument and fix kodev run to pass the config if inside of a module.
2019-09-26 16:41:52 +02:00
printf("Usage: %s [options] [app | app.py]\n", __progname);
#else
printf("Usage: %s [options]\n", __progname);
#endif
update -h output a bit.
2018-04-02 18:20:57 +02:00
fix usage for python builds. while here, force a module or script as a cli argument and fix kodev run to pass the config if inside of a module.
2019-09-26 16:41:52 +02:00
printf("\n");
printf("Available options:\n");
Add kore_default_getopt(). This handles the default option parsing in Kore and should be called by single_binary=yes builds in kore_parent_configure() unless they want to handle their own argument parsing.
2020-10-08 13:51:50 +02:00
#if !defined(KORE_SINGLE_BINARY)
fix usage for python builds. while here, force a module or script as a cli argument and fix kodev run to pass the config if inside of a module.
2019-09-26 16:41:52 +02:00
printf("\t-c\tconfiguration to use\n");
Add kore_default_getopt(). This handles the default option parsing in Kore and should be called by single_binary=yes builds in kore_parent_configure() unless they want to handle their own argument parsing.
2020-10-08 13:51:50 +02:00
#endif
Allow "kore build" to produce single binaries. Producing single binaries can now be done with building with "kore build". To get started edit your build.conf and add the following directives: single_binary = yes kore_source = /path/to/kore optionally you can add kore_flavor to instruct how kore should be built: kore_flavor = NOTLS=1 When doing this your build.conf must also include the correct linking options as the linking is now done fully by kore build. The binary produced will include your configuration and takes over a few of kore its command line flags (such as -f, -n or -r).
2016-07-06 16:16:15 +02:00
#if defined(KORE_DEBUG)
fix usage for python builds. while here, force a module or script as a cli argument and fix kodev run to pass the config if inside of a module.
2019-09-26 16:41:52 +02:00
printf("\t-d\trun with debug on\n");
Allow "kore build" to produce single binaries. Producing single binaries can now be done with building with "kore build". To get started edit your build.conf and add the following directives: single_binary = yes kore_source = /path/to/kore optionally you can add kore_flavor to instruct how kore should be built: kore_flavor = NOTLS=1 When doing this your build.conf must also include the correct linking options as the linking is now done fully by kore build. The binary produced will include your configuration and takes over a few of kore its command line flags (such as -f, -n or -r).
2016-07-06 16:16:15 +02:00
#endif
fix usage for python builds. while here, force a module or script as a cli argument and fix kodev run to pass the config if inside of a module.
2019-09-26 16:41:52 +02:00
printf("\t-f\tstart in foreground\n");
printf("\t-h\tthis help text\n");
printf("\t-n\tdo not chroot\n");
printf("\t-q\tonly log errors\n");
printf("\t-r\tdo not drop privileges\n");
printf("\t-v\tdisplay %s build information\n", __progname);
Move orbit functionality into kore directly. Makes more sense and reads easier: kore create myapp kore build myapp kore run myapp Note that kore retains its cli options (if no command was given), meaning you can still start kore in the traditional way as well. The command options are simply to make development easier.
2014-08-01 13:59:47 +02:00
fix usage for python builds. while here, force a module or script as a cli argument and fix kodev run to pass the config if inside of a module.
2019-09-26 16:41:52 +02:00
printf("\nFind more information on https://kore.io\n");
update -h output a bit.
2018-04-02 18:20:57 +02:00
Allow "kore build" to produce single binaries. Producing single binaries can now be done with building with "kore build". To get started edit your build.conf and add the following directives: single_binary = yes kore_source = /path/to/kore optionally you can add kore_flavor to instruct how kore should be built: kore_flavor = NOTLS=1 When doing this your build.conf must also include the correct linking options as the linking is now done fully by kore build. The binary produced will include your configuration and takes over a few of kore its command line flags (such as -f, -n or -r).
2016-07-06 16:16:15 +02:00
exit(1);
configuration files are now passed using the -c option. allow debug output when the -d flag is specified.
2013-06-05 08:55:07 +02:00
}
Add -v to dump out version and compiled in features
2014-07-04 09:25:18 +02:00
static void
version(void)
{
Alter where the version number comes from. Now if we are a git repo we fetch the branch name and commitid to build the version string. If there is no git repo we'll look at the RELEASE file.
2018-06-19 19:05:55 +02:00
printf("%s ", kore_version);
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
#if defined(KORE_NO_HTTP)
printf("no-http ");
#endif
Add asynchronous libcurl support. This commit adds the CURL=1 build option. When enabled allows you to schedule CURL easy handles onto the Kore event loop. It also adds an easy to use HTTP client API that abstracts away the settings required from libcurl to make HTTP requests. Tied together with HTTP request state machines this means you can write fully asynchronous HTTP client requests in an easy way. Additionally this exposes that API to the Python code as well allowing you do to things like: client = kore.httpclient("https://kore.io") status, body = await client.get() Introduces 2 configuration options: - curl_recv_max Max incoming bytes for a response. - curl_timeout Timeout in seconds before a transfer is cancelled. This API also allows you to take the CURL easy handle and send emails with it, run FTP, etc. All asynchronously.
2019-04-24 00:10:47 +02:00
#if defined(KORE_USE_CURL)
Stop a python coro from getting stuck with httpclient. In cases where a request is immediately completed in libcurl its multi handle and no additional i/o is happening a coro can get stuck waiting to be run. Prevent this by lowering netwait from KORE_WAIT_INFINITE if there are pending python coroutines.
2019-10-22 17:06:32 +02:00
printf("curl-%s ", LIBCURL_VERSION);
Add asynchronous libcurl support. This commit adds the CURL=1 build option. When enabled allows you to schedule CURL easy handles onto the Kore event loop. It also adds an easy to use HTTP client API that abstracts away the settings required from libcurl to make HTTP requests. Tied together with HTTP request state machines this means you can write fully asynchronous HTTP client requests in an easy way. Additionally this exposes that API to the Python code as well allowing you do to things like: client = kore.httpclient("https://kore.io") status, body = await client.get() Introduces 2 configuration options: - curl_recv_max Max incoming bytes for a response. - curl_timeout Timeout in seconds before a transfer is cancelled. This API also allows you to take the CURL easy handle and send emails with it, run FTP, etc. All asynchronously.
2019-04-24 00:10:47 +02:00
#endif
Add -v to dump out version and compiled in features
2014-07-04 09:25:18 +02:00
#if defined(KORE_USE_PGSQL)
printf("pgsql ");
#endif
#if defined(KORE_USE_TASKS)
printf("tasks ");
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
#endif
#if defined(KORE_DEBUG)
printf("debug ");
Allow "kore build" to produce single binaries. Producing single binaries can now be done with building with "kore build". To get started edit your build.conf and add the following directives: single_binary = yes kore_source = /path/to/kore optionally you can add kore_flavor to instruct how kore should be built: kore_flavor = NOTLS=1 When doing this your build.conf must also include the correct linking options as the linking is now done fully by kore build. The binary produced will include your configuration and takes over a few of kore its command line flags (such as -f, -n or -r).
2016-07-06 16:16:15 +02:00
#endif
add python flavor string to -v
2017-01-25 22:21:30 +01:00
#if defined(KORE_USE_PYTHON)
Allow building with python3.8
2019-10-15 10:16:53 +02:00
printf("python-%s ", PY_VERSION);
Allow acme config via python api
2019-11-13 23:01:24 +01:00
#endif
#if defined(KORE_USE_ACME)
printf("acme ");
add python flavor string to -v
2017-01-25 22:21:30 +01:00
#endif
Add -v to dump out version and compiled in features
2014-07-04 09:25:18 +02:00
printf("\n");
exit(0);
}
first commit
2013-04-17 22:34:27 +02:00
int
main(int argc, char *argv[])
{
call to kore_parent_configure() before config.
2017-02-09 13:29:33 +01:00
struct kore_runtime_call *rcall;
Improve python experience. - If Kore is built with PYTHON=1 you can now specify the module that should be loaded on the command-line. eg: $ kore -frn myapp - Add skeleton generation for python applications to kodev. eg: $ kodev create -p myapp This should make it a whole lot easier to get started with kore python.
2019-06-12 23:35:43 +02:00
#if !defined(KORE_SINGLE_BINARY) && defined(KORE_USE_PYTHON)
struct stat st;
#endif
first commit
2013-04-17 22:34:27 +02:00
add kore_proctitle(). manipulates the argv+environ pointers to get a sensible process title under linux / darwin.
2019-03-29 16:24:14 +01:00
kore_argc = argc;
kore_argv = argv;
Move orbit functionality into kore directly. Makes more sense and reads easier: kore create myapp kore build myapp kore run myapp Note that kore retains its cli options (if no command was given), meaning you can still start kore in the traditional way as well. The command options are simply to make development easier.
2014-08-01 13:59:47 +02:00
Allow "kore build" to produce single binaries. Producing single binaries can now be done with building with "kore build". To get started edit your build.conf and add the following directives: single_binary = yes kore_source = /path/to/kore optionally you can add kore_flavor to instruct how kore should be built: kore_flavor = NOTLS=1 When doing this your build.conf must also include the correct linking options as the linking is now done fully by kore build. The binary produced will include your configuration and takes over a few of kore its command line flags (such as -f, -n or -r).
2016-07-06 16:16:15 +02:00
#if !defined(KORE_SINGLE_BINARY)
Add kore_default_getopt(). This handles the default option parsing in Kore and should be called by single_binary=yes builds in kore_parent_configure() unless they want to handle their own argument parsing.
2020-10-08 13:51:50 +02:00
kore_default_getopt(argc, argv);
Remove getopt() for KORE_SINGLE_BINARY. If KORE_SINGLE_BINARY is enabled, remove the getopt() call that Kore does itself. This way all arguments are passed to the kore_parent_configure() hook as-is allowing developers to more easily implement their own option handling.
2020-09-08 22:38:06 +02:00
#endif
configuration files are now passed using the -c option. allow debug output when the -d flag is specified.
2013-06-05 08:55:07 +02:00
add kore_proctitle(). manipulates the argv+environ pointers to get a sensible process title under linux / darwin.
2019-03-29 16:24:14 +01:00
kore_mem_init();
kore_progname = kore_strdup(argv[0]);
make native proctitle better. count how much space is available for a mangled process title only once, and use that as reference later.
2019-04-29 21:08:58 +02:00
kore_proctitle_setup();
add kore_proctitle(). manipulates the argv+environ pointers to get a sensible process title under linux / darwin.
2019-03-29 16:24:14 +01:00
Remove getopt() for KORE_SINGLE_BINARY. If KORE_SINGLE_BINARY is enabled, remove the getopt() call that Kore does itself. This way all arguments are passed to the kore_parent_configure() hook as-is allowing developers to more easily implement their own option handling.
2020-09-08 22:38:06 +02:00
#if !defined(KORE_SINGLE_BINARY)
configuration files are now passed using the -c option. allow debug output when the -d flag is specified.
2013-06-05 08:55:07 +02:00
argc -= optind;
argv += optind;
Remove getopt() for KORE_SINGLE_BINARY. If KORE_SINGLE_BINARY is enabled, remove the getopt() call that Kore does itself. This way all arguments are passed to the kore_parent_configure() hook as-is allowing developers to more easily implement their own option handling.
2020-09-08 22:38:06 +02:00
#endif
configuration files are now passed using the -c option. allow debug output when the -d flag is specified.
2013-06-05 08:55:07 +02:00
Improve python experience. - If Kore is built with PYTHON=1 you can now specify the module that should be loaded on the command-line. eg: $ kore -frn myapp - Add skeleton generation for python applications to kodev. eg: $ kodev create -p myapp This should make it a whole lot easier to get started with kore python.
2019-06-12 23:35:43 +02:00
#if !defined(KORE_SINGLE_BINARY) && defined(KORE_USE_PYTHON)
if (argc > 0) {
kore_pymodule = argv[0];
argc--;
argv++;
} else {
make sure we can still run normal apps even with PYTHON=1
2019-09-26 20:38:02 +02:00
kore_pymodule = NULL;
Improve python experience. - If Kore is built with PYTHON=1 you can now specify the module that should be loaded on the command-line. eg: $ kore -frn myapp - Add skeleton generation for python applications to kodev. eg: $ kodev create -p myapp This should make it a whole lot easier to get started with kore python.
2019-06-12 23:35:43 +02:00
}
make sure we can still run normal apps even with PYTHON=1
2019-09-26 20:38:02 +02:00
if (kore_pymodule) {
if (lstat(kore_pymodule, &st) == -1) {
fatal("failed to stat '%s': %s",
kore_pymodule, errno_s);
}
if (!S_ISDIR(st.st_mode) && !S_ISREG(st.st_mode))
fatal("%s: not a directory or file", kore_pymodule);
}
Improve python experience. - If Kore is built with PYTHON=1 you can now specify the module that should be loaded on the command-line. eg: $ kore -frn myapp - Add skeleton generation for python applications to kodev. eg: $ kodev create -p myapp This should make it a whole lot easier to get started with kore python.
2019-06-12 23:35:43 +02:00
#elif !defined(KORE_SINGLE_BINARY)
add little hint for kodev.
2017-02-22 20:09:11 +01:00
if (argc > 0)
typo
2018-07-07 13:34:58 +02:00
fatal("did you mean to run `kodev' instead?");
Change kore_parent_configure() for single binaries. This function now takes any remaining arguments passed on the command line after kore parsed its own. For C the new prototype looks like this: void kore_parent_configure(int argc, char **argv); For python code, kore will pass each argument to the function so you can do things like: def kore_parent_configure(arg1, arg2):
2018-04-09 12:51:20 +02:00
#endif
add little hint for kodev.
2017-02-22 20:09:11 +01:00
refactor code quite a bit.
2013-06-26 11:18:32 +02:00
kore_pid = getpid();
add IPv6 support and support for multiple listeners.
2013-07-27 20:56:15 +02:00
nlisteners = 0;
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
LIST_INIT(&kore_servers);
add IPv6 support and support for multiple listeners.
2013-07-27 20:56:15 +02:00
Add seccomp syscall filtering to kore. With this commit all Kore processes (minus the parent) are running under seccomp. The worker processes get the bare minimum allowed syscalls while each module like curl, pgsql, etc will add their own filters to allow what they require. New API functions: int kore_seccomp_filter(const char *name, void *filter, size_t len); Adds a filter into the seccomp system (must be called before seccomp is enabled). New helpful macro: define KORE_SYSCALL_ALLOW(name) Allow the syscall with a given name, should be used in a sock_filter data structure. New hooks: void kore_seccomp_hook(void); Called before seccomp is enabled, allows developers to add their own BPF filters into seccomp.
2019-09-25 14:25:49 +02:00
kore_platform_init();
Add fixed size memory pools and use them throughout Kore.
2013-07-15 10:13:36 +02:00
kore_log_init();
Add kore.sendmsg(object, worker=None) to the python api. This allows you to send Python objects that can be run through pickle to other worker processes. If your application implements koreapp.onmsg() you will be able to receive these objects.
2019-10-16 12:05:27 +02:00
kore_msg_init();
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
#if !defined(KORE_NO_HTTP)
Add filemaps. A filemap is a way of telling Kore to serve files from a directory much like a traditional webserver can do. Kore filemaps only handles files. Kore does not generate directory indexes or deal with non-regular files. The way files are sent to a client differs a bit per platform and build options: default: - mmap() backed file transfer due to TLS. NOTLS=1 - sendfile() under FreeBSD, macOS and Linux. - mmap() backed file for OpenBSD. The opened file descriptors/mmap'd regions are cached and reused when appropriate. If a file is no longer in use it will be closed and evicted from the cache after 30 seconds. New API's are available allowing developers to use these facilities via: void net_send_fileref(struct connection *, struct kore_fileref *); void http_response_fileref(struct http_request *, struct kore_fileref *); Kore will attempt to match media types based on file extensions. A few default types are built-in. Others can be added via the new "http_media_type" configuration directive.
2018-06-28 13:27:44 +02:00
http_parent_init();
Add asynchronous libcurl support. This commit adds the CURL=1 build option. When enabled allows you to schedule CURL easy handles onto the Kore event loop. It also adds an easy to use HTTP client API that abstracts away the settings required from libcurl to make HTTP requests. Tied together with HTTP request state machines this means you can write fully asynchronous HTTP client requests in an easy way. Additionally this exposes that API to the Python code as well allowing you do to things like: client = kore.httpclient("https://kore.io") status, body = await client.get() Introduces 2 configuration options: - curl_recv_max Max incoming bytes for a response. - curl_timeout Timeout in seconds before a transfer is cancelled. This API also allows you to take the CURL easy handle and send emails with it, run FTP, etc. All asynchronously.
2019-04-24 00:10:47 +02:00
#if defined(KORE_USE_CURL)
kore_curl_sysinit();
python pgsql changes. - decouple pgsql from the HTTP request allowing it to be used in other contexts as well (such as a task, etc). - change names to dbsetup() and dbquery(). eg: result = kore.dbquery("db", "select foo from bar")
2019-09-04 19:57:28 +02:00
#endif
#if defined(KORE_USE_PGSQL)
kore_pgsql_sys_init();
Add asynchronous libcurl support. This commit adds the CURL=1 build option. When enabled allows you to schedule CURL easy handles onto the Kore event loop. It also adds an easy to use HTTP client API that abstracts away the settings required from libcurl to make HTTP requests. Tied together with HTTP request state machines this means you can write fully asynchronous HTTP client requests in an easy way. Additionally this exposes that API to the Python code as well allowing you do to things like: client = kore.httpclient("https://kore.io") status, body = await client.get() Introduces 2 configuration options: - curl_recv_max Max incoming bytes for a response. - curl_timeout Timeout in seconds before a transfer is cancelled. This API also allows you to take the CURL easy handle and send emails with it, run FTP, etc. All asynchronously.
2019-04-24 00:10:47 +02:00
#endif
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
kore_auth_init();
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
kore_validator_init();
Add filemaps. A filemap is a way of telling Kore to serve files from a directory much like a traditional webserver can do. Kore filemaps only handles files. Kore does not generate directory indexes or deal with non-regular files. The way files are sent to a client differs a bit per platform and build options: default: - mmap() backed file transfer due to TLS. NOTLS=1 - sendfile() under FreeBSD, macOS and Linux. - mmap() backed file for OpenBSD. The opened file descriptors/mmap'd regions are cached and reused when appropriate. If a file is no longer in use it will be closed and evicted from the cache after 30 seconds. New API's are available allowing developers to use these facilities via: void net_send_fileref(struct connection *, struct kore_fileref *); void http_response_fileref(struct http_request *, struct kore_fileref *); Kore will attempt to match media types based on file extensions. A few default types are built-in. Others can be added via the new "http_media_type" configuration directive.
2018-06-28 13:27:44 +02:00
kore_filemap_init();
Add acmev2 (RFC8555) support to Kore. A new acme process is created that communicates with the acme servers. This process does not hold any of your private keys (no account keys, no domain keys etc). Whenever the acme process requires a signed payload it will ask the keymgr process to do the signing with the relevant keys. This process is also sandboxed with pledge+unveil on OpenBSD and seccomp syscall filtering on Linux. The implementation only supports the tls-alpn-01 challenge. This means that you do not need to open additional ports on your machine. http-01 and dns-01 are currently not supported (no wildcard support). A new configuration option "acme_provider" is available and can be set to the acme server its directory. By default this will point to the live letsencrypt environment: https://acme-v02.api.letsencrypt.org/directory The acme process can be controlled via the following config options: - acme_root (where the acme process will chroot/chdir into). - acme_runas (the user the acme process will run as). If none are set, the values from 'root' and 'runas' are taken. If you want to turn on acme for domains you do it as follows: domain kore.io { acme yes } You do not need to specify certkey/certfile anymore, if they are present still they will be overwritten by the acme system. The keymgr will store all certificates and keys under its root (keymgr_root), the account key is stored as "/account-key.pem" and all obtained certificates go under "certificates/<domain>/fullchain.pem" while keys go under "certificates/<domain>/key.pem". Kore will automatically renew certificates if they will expire in 7 days or less.
2019-11-06 19:33:53 +01:00
#endif
#if defined(KORE_USE_ACME)
kore_acme_init();
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
#endif
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
kore_domain_init();
Allow Kore to load multiple modules at once.
2013-12-15 01:11:56 +01:00
kore_module_init();
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
kore_server_sslstart();
- Better spread load between all worker processes. - Introduce own memory management system on top of malloc to keep track of all our allocations and free's. Later we should introduce a pooling mechanism for fixed size allocations (http_request comes to mind). - Introduce ssl_cipher in configuration. Memory usage is kind of high right now, but it seems its OpenSSL doing it rather then Kore.
2013-06-27 08:43:07 +02:00
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
#if !defined(KORE_SINGLE_BINARY) && !defined(KORE_USE_PYTHON)
Allow developers to pass the lib to load on the cli. When running in -f (foreground) you can now specify the library Kore needs to load on the command line: kore -fnc module.conf myapp.so This has the benefit that your configuration file no longer needs the load directive when hacking on your code. Note that you can still specify load in your config file regardless, if you so chose. All of this is being done in order to try and move away from the backwards way of getting up and running with Kore.
2014-07-31 17:15:51 +02:00
if (config_file == NULL)
usage();
Add filemaps. A filemap is a way of telling Kore to serve files from a directory much like a traditional webserver can do. Kore filemaps only handles files. Kore does not generate directory indexes or deal with non-regular files. The way files are sent to a client differs a bit per platform and build options: default: - mmap() backed file transfer due to TLS. NOTLS=1 - sendfile() under FreeBSD, macOS and Linux. - mmap() backed file for OpenBSD. The opened file descriptors/mmap'd regions are cached and reused when appropriate. If a file is no longer in use it will be closed and evicted from the cache after 30 seconds. New API's are available allowing developers to use these facilities via: void net_send_fileref(struct connection *, struct kore_fileref *); void http_response_fileref(struct http_request *, struct kore_fileref *); Kore will attempt to match media types based on file extensions. A few default types are built-in. Others can be added via the new "http_media_type" configuration directive.
2018-06-28 13:27:44 +02:00
#endif
Add initial python support. Based on work done by Stanislav Yudin.
2017-01-12 23:38:51 +01:00
kore_module_load(NULL, NULL, KORE_MODULE_NATIVE);
Add a kore_python_preinit() hook. This is called before the python initialization is completed and allows developers to inject their own built-in methods.
2018-11-12 09:01:05 +01:00
#if defined(KORE_USE_PYTHON)
kore_python_init();
Improve python experience. - If Kore is built with PYTHON=1 you can now specify the module that should be loaded on the command-line. eg: $ kore -frn myapp - Add skeleton generation for python applications to kodev. eg: $ kodev create -p myapp This should make it a whole lot easier to get started with kore python.
2019-06-12 23:35:43 +02:00
#if !defined(KORE_SINGLE_BINARY)
make sure we can still run normal apps even with PYTHON=1
2019-09-26 20:38:02 +02:00
if (kore_pymodule) {
kore_module_load(kore_pymodule, NULL, KORE_MODULE_PYTHON);
if (S_ISDIR(st.st_mode) && chdir(kore_pymodule) == -1)
fatal("chdir(%s): %s", kore_pymodule, errno_s);
} else {
/* swap back to non-python hooks. */
parent_config_hook = KORE_CONFIG_HOOK;
parent_teardown_hook = KORE_TEARDOWN_HOOK;
}
Improve python experience. - If Kore is built with PYTHON=1 you can now specify the module that should be loaded on the command-line. eg: $ kore -frn myapp - Add skeleton generation for python applications to kodev. eg: $ kodev create -p myapp This should make it a whole lot easier to get started with kore python.
2019-06-12 23:35:43 +02:00
#endif
Add a kore_python_preinit() hook. This is called before the python initialization is completed and allows developers to inject their own built-in methods.
2018-11-12 09:01:05 +01:00
#endif
make sure we can still run normal apps even with PYTHON=1
2019-09-26 20:38:02 +02:00
#if defined(KORE_SINGLE_BINARY)
kore_call_parent_configure(argc, argv);
#endif
#if defined(KORE_USE_PYTHON) && !defined(KORE_SINGLE_BINARY)
if (kore_pymodule)
kore_call_parent_configure(argc, argv);
Add kore_parent_daemonized(). This is called for single binaries after the parent process has called daemon(). Also fix kore_parent_configure() for !single binaries.
2018-10-18 17:18:41 +02:00
#endif
Allow developers to pass the lib to load on the cli. When running in -f (foreground) you can now specify the library Kore needs to load on the command line: kore -fnc module.conf myapp.so This has the benefit that your configuration file no longer needs the load directive when hacking on your code. Note that you can still specify load in your config file regardless, if you so chose. All of this is being done in order to try and move away from the backwards way of getting up and running with Kore.
2014-07-31 17:15:51 +02:00
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
kore_parse_config();
make sure we can still run normal apps even with PYTHON=1
2019-09-26 20:38:02 +02:00
#if !defined(KORE_SINGLE_BINARY)
alter python skeleton from kodev create -p. adds the kore.config.file setting (required a fix for -c) and the kore.config.deployment option is set to "development".
2019-09-26 19:58:13 +02:00
free(config_file);
make sure we can still run normal apps even with PYTHON=1
2019-09-26 20:38:02 +02:00
#endif
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
#if !defined(KORE_NO_HTTP)
Massive rework of HTTP layer. This commit is a flag day, your old modules will almost certainly need to be updated in order to build properly with these changes. Summary of changes: - Offload HTTP bodies to disk if they are large (inspired by #100). (disabled by default) - The http_argument_get* macros now takes an explicit http_request parameter. - Kore will now throw 404 errors almost immediately after an HTTP request has come in instead of waiting until all data has arrived. API changes: - http_argument_get* macros now require an explicit http_request parameter. (no more magic invokations). - http_generic_404() is gone - http_populate_arguments() is gone - http_body_bytes() is gone - http_body_text() is gone - http_body_read() has been added - http_populate_post() has been added - http_populate_get() has been added - http_file_read() has been added - http_file_rewind() has been added - http_file_lookup() no longer takes name, fname, data and len parameters. - http_file_lookup() now returns a struct http_file pointer. - http_populate_multipart_form() no longer takes an secondary parameter. New configuration options: - http_body_disk_offload: Number of bytes after which Kore will offload the HTTP body to disk instead of retaining it in memory. If 0 this feature is disabled. (Default: 0) - http_body_disk_path: The path where Kore will store temporary HTTP body files. (this directory does not get created if http_body_disk_offload is 0). New example: The upload example has been added, demonstrating how to deal with file uploads from a multipart form.
2016-01-18 11:30:22 +01:00
if (http_body_disk_offload > 0) {
if (mkdir(http_body_disk_path, 0700) == -1 && errno != EEXIST) {
printf("can't create http_body_disk_path '%s': %s\n",
http_body_disk_path, errno_s);
return (KORE_RESULT_ERROR);
}
}
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
#endif
add chroot and runas directives so we can chroot and drop privilegs properly
2013-05-04 22:18:27 +02:00
Use sigaction() for signals. Don't duplicate signal setup code between parent and worker processes.
2018-05-25 20:49:02 +02:00
kore_signal_setup();
Add kore_parent_daemonized(). This is called for single binaries after the parent process has called daemon(). Also fix kore_parent_configure() for !single binaries.
2018-10-18 17:18:41 +02:00
kore_server_start(argc, argv);
allow sending SIGHUP to kore, which will then reload its content module
2013-05-03 00:04:06 +02:00
Add -q flag. If specified Kore will run quietly and only log important messages.
2018-11-15 16:01:37 +01:00
if (!kore_quiet)
kore_log(LOG_NOTICE, "server shutting down");
Add a form of synchronization between what worker will be accepting new connections and which ones will not be notified for it. Fixes the thundering herd problem, and nicely spreads out load between all the workers equally. A configuration option (workers_max_connections) is available to tweak how many connections a worker will have before giving up the accept lock. Two ways are added to this commit for access locking: - Locking via semaphores. - Locking via GCC's builtin atomic methods. The default is running with semaphores disabled (OpenBSD cannot do sem_init() with pshared set to 1, which is required). If you want to use semaphores add KORE_USE_SEMAPHORES to CFLAGS, and -lpthread to LDFLAGS in the Makefile. Other fixes: - BSD: add a timeout to kevent(). - Merge kore_worker_wait together, linux knows waitpid() as well. - Send the correct SIGQUIT signal to workers instead of SIGINT. - Fix kore_time_ms(). - Log fatal worker messages in syslog. - Refactor code even more. - Do not free our own kore_worker structure.
2013-06-26 16:37:22 +02:00
kore_worker_shutdown();
Add kore_[parent|worker]_teardown(). If exists these functions are called when the worker is exiting and when right before the parent exists. Allows for cleanup code for applications if need to do cleanup on exit.
2018-10-23 21:46:34 +02:00
make sure we can still run normal apps even with PYTHON=1
2019-09-26 20:38:02 +02:00
rcall = kore_runtime_getcall(parent_teardown_hook);
Add kore_[parent|worker]_teardown(). If exists these functions are called when the worker is exiting and when right before the parent exists. Allows for cleanup code for applications if need to do cleanup on exit.
2018-10-23 21:46:34 +02:00
if (rcall != NULL) {
kore_runtime_execute(rcall);
kore_free(rcall);
}
if (unlink(kore_pidfile) == -1 && errno != ENOENT)
kore_log(LOG_NOTICE, "failed to remove pidfile (%s)", errno_s);
add IPv6 support and support for multiple listeners.
2013-07-27 20:56:15 +02:00
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
kore_server_cleanup();
Add -q flag. If specified Kore will run quietly and only log important messages.
2018-11-15 16:01:37 +01:00
if (!kore_quiet)
kore_log(LOG_NOTICE, "goodbye");
Separate private keys from worker processes. Kore will now isolate RSA private keys to a separate process (keymgr). Worker processes that require RSA signing for TLS connections will communicate with this keymgr process in order to do so. This behaviour cannot be disabled and is always turned on.
2016-06-08 13:55:14 +02:00
Add asynchronous pgsql query support to python. This commit adds the ability to use python "await" to suspend execution of your page handler until the query sent to postgresql has returned a result. This is built upon the existing asynchrous query framework Kore had. With this you can now write stuff like: async def page(req): result = await req.pgsql("db", "SELECT name FROM table"); req.response(200, json.dumps(result).encode("utf-8")) The above code will fire off a query and suspend itself so Kore can take care of business as usual until the query is successful at which point Kore will jump back into the handler and resume. This does not use threading, it's purely based on Python's excellent coroutines and generators and Kore its built-in pgsql support.
2017-02-06 11:42:53 +01:00
#if defined(KORE_USE_PYTHON)
kore_python_cleanup();
#endif
kore_mem_cleanup();
first commit
2013-04-17 22:34:27 +02:00
return (0);
}
Add kore_default_getopt(). This handles the default option parsing in Kore and should be called by single_binary=yes builds in kore_parent_configure() unless they want to handle their own argument parsing.
2020-10-08 13:51:50 +02:00
void
kore_default_getopt(int argc, char **argv)
{
int ch;
#if !defined(KORE_SINGLE_BINARY)
while ((ch = getopt(argc, argv, "c:dfhnqrv")) != -1) {
#else
while ((ch = getopt(argc, argv, "dfhnqrv")) != -1) {
#endif
switch (ch) {
#if !defined(KORE_SINGLE_BINARY)
case 'c':
free(config_file);
if ((config_file = strdup(optarg)) == NULL)
fatal("strdup");
break;
#endif
#if defined(KORE_DEBUG)
case 'd':
kore_debug = 1;
break;
#endif
case 'f':
rename foreground to kore_foreground.
2021-01-11 23:35:16 +01:00
kore_foreground = 1;
Add kore_default_getopt(). This handles the default option parsing in Kore and should be called by single_binary=yes builds in kore_parent_configure() unless they want to handle their own argument parsing.
2020-10-08 13:51:50 +02:00
break;
case 'h':
usage();
break;
case 'n':
skip_chroot = 1;
break;
case 'q':
kore_quiet = 1;
break;
case 'r':
skip_runas = 1;
break;
case 'v':
version();
break;
default:
usage();
}
}
}
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
int
Revert "Throw a handshake failure if we cannot find the given SNI hostname." This reverts commit afd418297550d3de0e133e8f5de0881ae31855ad.
2016-06-09 13:52:37 +02:00
kore_tls_sni_cb(SSL *ssl, int *ad, void *arg)
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
{
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
struct connection *c;
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
struct kore_domain *dom;
const char *sname;
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
if ((c = SSL_get_ex_data(ssl, 0)) == NULL)
fatal("no connection data in %s", __func__);
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
sname = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
Default to only TLSv1.2 from now on. Add configuration setting tls_version to specify if you either want TLSv1.2 or TLSv1.0 or both. The configuration options ssl_cipher and ssl_dhparam have changed name to tls_cipher and tls_dhparam. There is no fallback so you might have to update your configs.
2015-05-06 10:59:43 +02:00
kore_debug("kore_tls_sni_cb(): received host %s", sname);
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
TLS improvements. These changes improve the constraint kore had with client authentication and multiple domains. - Add kore_x509_subject_name() which will return a C string containing the x509 subject name in full (in utf8). - Log TLS errors if client authentication was turned on, will help debug issues with client authentication in the future. - If SNI was present in the TLS handshake, check it against the host specified in the HTTP request and send a 421 in case they mismatch. - Throw a 403 if client authentication was enabled but no client certificate was specified.
2019-11-19 11:09:24 +01:00
if (sname != NULL)
c->tls_sni = kore_strdup(sname);
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
if (sname != NULL &&
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
(dom = kore_domain_lookup(c->owner->server, sname)) != NULL) {
better log messages for TLS configuration missing.
2018-07-11 09:52:05 +02:00
if (dom->ssl_ctx == NULL) {
kore_log(LOG_NOTICE,
"TLS configuration for %s not complete",
dom->domain);
return (SSL_TLSEXT_ERR_NOACK);
}
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
kore_debug("kore_ssl_sni_cb(): Using %s CTX", sname);
SSL_set_SSL_CTX(ssl, dom->ssl_ctx);
Add support for client certificates
2013-12-14 16:31:07 +01:00
if (dom->cafile != NULL) {
SSL_set_verify(ssl, SSL_VERIFY_PEER |
SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
TLS improvements. These changes improve the constraint kore had with client authentication and multiple domains. - Add kore_x509_subject_name() which will return a C string containing the x509 subject name in full (in utf8). - Log TLS errors if client authentication was turned on, will help debug issues with client authentication in the future. - If SNI was present in the TLS handshake, check it against the host specified in the HTTP request and send a 421 in case they mismatch. - Throw a 403 if client authentication was enabled but no client certificate was specified.
2019-11-19 11:09:24 +01:00
c->flags |= CONN_LOG_TLS_FAILURE;
Add support for client certificates
2013-12-14 16:31:07 +01:00
} else {
SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL);
}
More ACME protocol improvements. - Make sure tls-alpn01 works even if the underlying SSL library ends up calling the ALPN callback *before* the SNI extension was parsed and the correct domain was selected. LibreSSL still does this, and older OpenSSL did too I believe, however OpenSSL grew a clue and always makes sure SNI is called first. Yes, TLS extensions have no fixed order but it still makes sense to notify applications using your library of the SNI extension first before anything else almost. Oh well.
2021-01-05 23:25:29 +01:00
#if defined(KORE_USE_ACME)
/*
* If ALPN callback was called before SNI was parsed we
* must make sure we swap to the correct certificate now.
*/
if (c->flags & CONN_TLS_ALPN_ACME_SEEN)
kore_acme_tls_challenge_use_cert(ssl, dom);
c->flags |= CONN_TLS_SNI_SEEN;
#endif
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
return (SSL_TLSEXT_ERR_OK);
Add BSD kqueue(2) support. Compile with make bsd (or make linux for linux)
2013-06-17 23:39:17 +02:00
}
Revert "Throw a handshake failure if we cannot find the given SNI hostname." This reverts commit afd418297550d3de0e133e8f5de0881ae31855ad.
2016-06-09 13:52:37 +02:00
return (SSL_TLSEXT_ERR_NOACK);
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
}
Stop client initiated TLS renegotiations completely.
2015-05-20 16:36:13 +02:00
void
kore_tls_info_callback(const SSL *ssl, int flags, int ret)
{
struct connection *c;
if (flags & SSL_CB_HANDSHAKE_START) {
if ((c = SSL_get_app_data(ssl)) == NULL)
fatal("no SSL_get_app_data");
Add support for TLS 1.3 via OpenSSL 1.1.1. This commit removes TLS 1.0 support no matter what OpenSSL you are linking against. Changes the value of tls_version from 1.2 to both. Meaning if you link with OpenSSL 1.1.1 you will get 1.2 + 1.3.
2018-10-29 20:38:58 +01:00
#if defined(TLS1_3_VERSION)
if (SSL_version(ssl) != TLS1_3_VERSION)
#endif
c->tls_reneg++;
Stop client initiated TLS renegotiations completely.
2015-05-20 16:36:13 +02:00
}
}
Add BSD kqueue(2) support. Compile with make bsd (or make linux for linux)
2013-06-17 23:39:17 +02:00
add IPv6 support and support for multiple listeners.
2013-07-27 20:56:15 +02:00
int
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
kore_server_bind(struct kore_server *srv, const char *ip, const char *port,
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
const char *ccb)
add IPv6 support and support for multiple listeners.
2013-07-27 20:56:15 +02:00
{
Add kore_sockopt(). Use it where we before were using setsockopt().
2017-02-22 22:23:30 +01:00
int r;
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
struct listener *l;
Allow Kore to function under DragonflyBSD. From David Carlier
2015-06-14 16:54:44 +02:00
struct addrinfo hints, *results;
add IPv6 support and support for multiple listeners.
2013-07-27 20:56:15 +02:00
unbreak DEBUG builds
2019-10-04 19:24:57 +02:00
kore_debug("kore_server_bind(%s, %s, %s)", srv->name, ip, port);
add IPv6 support and support for multiple listeners.
2013-07-27 20:56:15 +02:00
Allow Kore to function under DragonflyBSD. From David Carlier
2015-06-14 16:54:44 +02:00
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
hints.ai_flags = 0;
r = getaddrinfo(ip, port, &hints, &results);
add IPv6 support and support for multiple listeners.
2013-07-27 20:56:15 +02:00
if (r != 0)
fatal("getaddrinfo(%s): %s", ip, gai_strerror(r));
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
l = kore_listener_create(srv);
l->host = kore_strdup(ip);
l->port = kore_strdup(port);
kore_listener_init() returns KORE_RESULT_OK or KORE_RESULT_ERROR.
2019-12-13 09:14:26 +01:00
if (!kore_listener_init(l, results->ai_family, ccb)) {
add IPv6 support and support for multiple listeners.
2013-07-27 20:56:15 +02:00
freeaddrinfo(results);
return (KORE_RESULT_ERROR);
}
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
if (bind(l->fd, results->ai_addr, results->ai_addrlen) == -1) {
kore_listener_free(l);
add IPv6 support and support for multiple listeners.
2013-07-27 20:56:15 +02:00
freeaddrinfo(results);
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
kore_log(LOG_ERR, "bind(): %s", errno_s);
add IPv6 support and support for multiple listeners.
2013-07-27 20:56:15 +02:00
return (KORE_RESULT_ERROR);
}
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
freeaddrinfo(results);
if (listen(l->fd, kore_socket_backlog) == -1) {
kore_listener_free(l);
kore_log(LOG_ERR, "listen(): %s", errno_s);
add IPv6 support and support for multiple listeners.
2013-07-27 20:56:15 +02:00
return (KORE_RESULT_ERROR);
}
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
return (KORE_RESULT_OK);
}
int
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
kore_server_bind_unix(struct kore_server *srv, const char *path,
const char *ccb)
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
{
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
struct listener *l;
Add async/await support for socket i/o in python. This means you can now do things like: resp = await koresock.recv(1024) await koresock.send(resp) directly from page handlers if they are defined as async. Adds lots more to the python goo such as fatalx(), bind_unix(), task_create() and socket_wrap().
2018-10-15 20:18:54 +02:00
int len;
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
struct sockaddr_un sun;
Add async/await support for socket i/o in python. This means you can now do things like: resp = await koresock.recv(1024) await koresock.send(resp) directly from page handlers if they are defined as async. Adds lots more to the python goo such as fatalx(), bind_unix(), task_create() and socket_wrap().
2018-10-15 20:18:54 +02:00
socklen_t socklen;
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
memset(&sun, 0, sizeof(sun));
sun.sun_family = AF_UNIX;
Add async/await support for socket i/o in python. This means you can now do things like: resp = await koresock.recv(1024) await koresock.send(resp) directly from page handlers if they are defined as async. Adds lots more to the python goo such as fatalx(), bind_unix(), task_create() and socket_wrap().
2018-10-15 20:18:54 +02:00
len = snprintf(sun.sun_path, sizeof(sun.sun_path), "%s", path);
if (len == -1 || (size_t)len >= sizeof(sun.sun_path)) {
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
kore_log(LOG_ERR, "unix socket path '%s' too long", path);
add IPv6 support and support for multiple listeners.
2013-07-27 20:56:15 +02:00
return (KORE_RESULT_ERROR);
}
Add async/await support for socket i/o in python. This means you can now do things like: resp = await koresock.recv(1024) await koresock.send(resp) directly from page handlers if they are defined as async. Adds lots more to the python goo such as fatalx(), bind_unix(), task_create() and socket_wrap().
2018-10-15 20:18:54 +02:00
#if defined(__linux__)
if (sun.sun_path[0] == '@')
sun.sun_path[0] = '\0';
socklen = sizeof(sun.sun_family) + len;
Fix unix binds on BSD families.
2019-05-28 21:44:46 +02:00
#else
socklen = sizeof(sun);
#endif
Add async/await support for socket i/o in python. This means you can now do things like: resp = await koresock.recv(1024) await koresock.send(resp) directly from page handlers if they are defined as async. Adds lots more to the python goo such as fatalx(), bind_unix(), task_create() and socket_wrap().
2018-10-15 20:18:54 +02:00
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
l = kore_listener_create(srv);
l->host = kore_strdup(path);
kore_listener_init() returns KORE_RESULT_OK or KORE_RESULT_ERROR.
2019-12-13 09:14:26 +01:00
if (!kore_listener_init(l, AF_UNIX, ccb))
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
return (KORE_RESULT_ERROR);
Add async/await support for socket i/o in python. This means you can now do things like: resp = await koresock.recv(1024) await koresock.send(resp) directly from page handlers if they are defined as async. Adds lots more to the python goo such as fatalx(), bind_unix(), task_create() and socket_wrap().
2018-10-15 20:18:54 +02:00
if (bind(l->fd, (struct sockaddr *)&sun, socklen) == -1) {
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
kore_log(LOG_ERR, "bind: %s", errno_s);
kore_listener_free(l);
return (KORE_RESULT_ERROR);
}
add IPv6 support and support for multiple listeners.
2013-07-27 20:56:15 +02:00
Improve very heavy load handling. Introduces two new configuration knobs: * socket_backlog (backlog for listen(2)) * http_request_limit The second one is the most interesting one. Before, kore would iterate over all received HTTP requests in its queue before returning out of http_process(). Under heavy load this queue can cause Kore to spend a considerable amount of time iterating over said queue. With the http_request_limit, kore will process at MOST http_request_limit requests before returning back to the event loop. This means responses to processed requests are sent out much quicker and allows kore to handle any other incoming requests more gracefully.
2015-04-09 15:29:44 +02:00
if (listen(l->fd, kore_socket_backlog) == -1) {
Change kore_preload() and kore_onload(). Renamed both of them: kore_preload -> kore_parent_configure kore_onload -> kore_worker_configure These functions will now always be called if they are defined in any module regardless of your application being built as a single binary or not.
2017-02-01 17:12:11 +01:00
kore_log(LOG_ERR, "listen(): %s", errno_s);
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
kore_listener_free(l);
add IPv6 support and support for multiple listeners.
2013-07-27 20:56:15 +02:00
return (KORE_RESULT_ERROR);
}
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
return (KORE_RESULT_OK);
}
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
struct kore_server *
kore_server_create(const char *name)
{
struct kore_server *srv;
srv = kore_calloc(1, sizeof(struct kore_server));
srv->name = kore_strdup(name);
srv->tls = 1;
TAILQ_INIT(&srv->domains);
LIST_INIT(&srv->listeners);
LIST_INSERT_HEAD(&kore_servers, srv, list);
return (srv);
}
void
kore_server_finalize(struct kore_server *srv)
{
struct listener *l;
const char *proto;
if (kore_quiet)
return;
LIST_FOREACH(l, &srv->listeners, list) {
if (srv->tls)
proto = "https";
else
proto = "http";
if (l->family == AF_UNIX) {
kore_log(LOG_NOTICE, "%s serving %s on %s",
srv->name, proto, l->host);
} else {
kore_log(LOG_NOTICE, "%s serving %s on %s:%s",
srv->name, proto, l->host, l->port);
}
}
}
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
struct listener *
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
kore_listener_create(struct kore_server *server)
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
{
struct listener *l;
l = kore_calloc(1, sizeof(struct listener));
nlisteners++;
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
LIST_INSERT_HEAD(&server->listeners, l, list);
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
l->server = server;
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
l->fd = -1;
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
l->evt.type = KORE_TYPE_LISTENER;
l->evt.handle = kore_listener_accept;
return (l);
}
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
struct kore_server *
kore_server_lookup(const char *name)
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
{
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
struct kore_server *srv;
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
LIST_FOREACH(srv, &kore_servers, list) {
if (!strcmp(srv->name, name))
return (srv);
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
}
return (NULL);
}
int
kore_listener_init(struct listener *l, int family, const char *ccb)
{
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
switch (family) {
case AF_INET:
case AF_INET6:
case AF_UNIX:
break;
default:
fatal("unknown address family %d", family);
}
l->family = family;
Changes to the event loop inside of Kore. Now anyone can schedule events and get a callback to work as long as the user data structure that is added for the event begins with a kore_event data structure. All event state is now kept in that kore_event structure and renamed CONN_[READ|WRITE]_POSSIBLE to KORE_EVENT_[READ|WRITE].
2018-10-09 19:34:40 +02:00
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
if ((l->fd = socket(family, SOCK_STREAM, 0)) == -1) {
kore_listener_free(l);
kore_log(LOG_ERR, "socket(): %s", errno_s);
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
return (KORE_RESULT_ERROR);
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
}
Add asynchronous subprocess support. This adds kore.proc to the python runtime allowing async processing handling: The kore.proc method takes the command to run and an optional timeout parameter in milliseconds. If the process did not exit normally after that amount of time a TimeoutError exception is raised. For instance: async def run(cmd): proc = kore.proc(cmd, 1000) try: await proc.send("hello") proc.close_stdin() except TimeoutError: proc.kill() retcode = await proc.reap() return retcode
2018-10-26 19:19:47 +02:00
if (fcntl(l->fd, F_SETFD, FD_CLOEXEC) == -1) {
kore_listener_free(l);
kore_log(LOG_ERR, "fcntl(): %s", errno_s);
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
return (KORE_RESULT_ERROR);
Add asynchronous subprocess support. This adds kore.proc to the python runtime allowing async processing handling: The kore.proc method takes the command to run and an optional timeout parameter in milliseconds. If the process did not exit normally after that amount of time a TimeoutError exception is raised. For instance: async def run(cmd): proc = kore.proc(cmd, 1000) try: await proc.send("hello") proc.close_stdin() except TimeoutError: proc.kill() retcode = await proc.reap() return retcode
2018-10-26 19:19:47 +02:00
}
don't set nodelay on unix listener sockets
2018-10-07 21:21:37 +02:00
if (!kore_connection_nonblock(l->fd, family != AF_UNIX)) {
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
kore_listener_free(l);
kore_log(LOG_ERR, "kore_connection_nonblock(): %s", errno_s);
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
return (KORE_RESULT_ERROR);
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
}
if (!kore_sockopt(l->fd, SOL_SOCKET, SO_REUSEADDR)) {
kore_listener_free(l);
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
return (KORE_RESULT_ERROR);
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
}
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
if (ccb != NULL) {
Add initial python support. Based on work done by Stanislav Yudin.
2017-01-12 23:38:51 +01:00
if ((l->connect = kore_runtime_getcall(ccb)) == NULL) {
Change kore_preload() and kore_onload(). Renamed both of them: kore_preload -> kore_parent_configure kore_onload -> kore_worker_configure These functions will now always be called if they are defined in any module regardless of your application being built as a single binary or not.
2017-02-01 17:12:11 +01:00
kore_log(LOG_ERR, "no such callback: '%s'", ccb);
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
kore_listener_free(l);
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
return (KORE_RESULT_ERROR);
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
}
} else {
l->connect = NULL;
}
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
return (KORE_RESULT_OK);
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
}
Show the uri to the running kore instance in foreground mode
2014-08-01 20:00:09 +02:00
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
void
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
kore_server_free(struct kore_server *srv)
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
{
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
struct listener *l;
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
struct kore_domain *dom;
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
LIST_REMOVE(srv, list);
while ((dom = TAILQ_FIRST(&srv->domains)) != NULL)
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
kore_domain_free(dom);
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
while ((l = LIST_FIRST(&srv->listeners)) != NULL)
kore_listener_free(l);
kore_free(srv->name);
kore_free(srv);
}
void
kore_listener_free(struct listener *l)
{
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
LIST_REMOVE(l, list);
if (l->fd != -1)
close(l->fd);
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
kore_free(l->host);
kore_free(l->port);
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
kore_free(l);
add IPv6 support and support for multiple listeners.
2013-07-27 20:56:15 +02:00
}
Changes to the event loop inside of Kore. Now anyone can schedule events and get a callback to work as long as the user data structure that is added for the event begins with a kore_event data structure. All event state is now kept in that kore_event structure and renamed CONN_[READ|WRITE]_POSSIBLE to KORE_EVENT_[READ|WRITE].
2018-10-09 19:34:40 +02:00
void
kore_listener_accept(void *arg, int error)
{
struct connection *c;
struct listener *l = arg;
u_int32_t accepted;
if (error)
fatal("error on listening socket");
if (!(l->evt.flags & KORE_EVENT_READ))
return;
accepted = 0;
while (worker_active_connections < worker_max_connections) {
if (worker_accept_threshold != 0 &&
If we hit the accept threshold, unlock worker.
2018-10-22 09:01:05 +02:00
accepted >= worker_accept_threshold) {
kore_worker_make_busy();
Changes to the event loop inside of Kore. Now anyone can schedule events and get a callback to work as long as the user data structure that is added for the event begins with a kore_event data structure. All event state is now kept in that kore_event structure and renamed CONN_[READ|WRITE]_POSSIBLE to KORE_EVENT_[READ|WRITE].
2018-10-09 19:34:40 +02:00
break;
If we hit the accept threshold, unlock worker.
2018-10-22 09:01:05 +02:00
}
Changes to the event loop inside of Kore. Now anyone can schedule events and get a callback to work as long as the user data structure that is added for the event begins with a kore_event data structure. All event state is now kept in that kore_event structure and renamed CONN_[READ|WRITE]_POSSIBLE to KORE_EVENT_[READ|WRITE].
2018-10-09 19:34:40 +02:00
if (!kore_connection_accept(l, &c))
break;
if (c == NULL)
break;
accepted++;
kore_platform_event_all(c->fd, c);
}
}
Add kore_sockopt(). Use it where we before were using setsockopt().
2017-02-22 22:23:30 +01:00
int
kore_sockopt(int fd, int what, int opt)
{
int on;
on = 1;
if (setsockopt(fd, what, opt, (const char *)&on, sizeof(on)) == -1) {
kore_log(LOG_ERR, "setsockopt(): %s", errno_s);
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Use sigaction() for signals. Don't duplicate signal setup code between parent and worker processes.
2018-05-25 20:49:02 +02:00
void
kore_signal_setup(void)
{
struct sigaction sa;
sig_recv = 0;
memset(&sa, 0, sizeof(sa));
sa.sa_handler = kore_signal;
if (sigfillset(&sa.sa_mask) == -1)
fatal("sigfillset: %s", errno_s);
if (sigaction(SIGHUP, &sa, NULL) == -1)
fatal("sigaction: %s", errno_s);
if (sigaction(SIGQUIT, &sa, NULL) == -1)
fatal("sigaction: %s", errno_s);
if (sigaction(SIGTERM, &sa, NULL) == -1)
fatal("sigaction: %s", errno_s);
Allow on-the-fly reloading of certificates/keys. This commit introduces the ability for the keymgr process to reload the certificates/keys for domains when receiving a SIGUSR1 signal. The keymgr receives 2 new configuration options: - keymgr_root_path The root path where the keymgr will live. If -n is not specified when the application starts the keymgr process will chroot into here. - keymgr_runas_user The user the keymgr will drop privileges towards if -r was not specified. All certfile and certkey configuration options are now relative to the keymgr_root_path configuration setting. The keymgr process will now also load the certificate for the domain (rather then the workers) and submit these to the worker processes so they can be reloaded when required. Worker processes will refuse connections until the TLS configuration for a given domain is completed (aka: the workers receive the certificate for that domain). Other changes: - client_certificates renamed to client_verify. - the chroot configuration option is now called root. - kore is a little more verbose if privsep options are missing. - filemaps are now relative to the root configuration option.
2018-07-11 09:44:29 +02:00
if (sigaction(SIGUSR1, &sa, NULL) == -1)
fatal("sigaction: %s", errno_s);
Add asynchronous subprocess support. This adds kore.proc to the python runtime allowing async processing handling: The kore.proc method takes the command to run and an optional timeout parameter in milliseconds. If the process did not exit normally after that amount of time a TimeoutError exception is raised. For instance: async def run(cmd): proc = kore.proc(cmd, 1000) try: await proc.send("hello") proc.close_stdin() except TimeoutError: proc.kill() retcode = await proc.reap() return retcode
2018-10-26 19:19:47 +02:00
if (sigaction(SIGCHLD, &sa, NULL) == -1)
fatal("sigaction: %s", errno_s);
Use sigaction() for signals. Don't duplicate signal setup code between parent and worker processes.
2018-05-25 20:49:02 +02:00
rename foreground to kore_foreground.
2021-01-11 23:35:16 +01:00
if (kore_foreground) {
Use sigaction() for signals. Don't duplicate signal setup code between parent and worker processes.
2018-05-25 20:49:02 +02:00
if (sigaction(SIGINT, &sa, NULL) == -1)
fatal("sigaction: %s", errno_s);
} else {
(void)signal(SIGINT, SIG_IGN);
}
Add filemaps. A filemap is a way of telling Kore to serve files from a directory much like a traditional webserver can do. Kore filemaps only handles files. Kore does not generate directory indexes or deal with non-regular files. The way files are sent to a client differs a bit per platform and build options: default: - mmap() backed file transfer due to TLS. NOTLS=1 - sendfile() under FreeBSD, macOS and Linux. - mmap() backed file for OpenBSD. The opened file descriptors/mmap'd regions are cached and reused when appropriate. If a file is no longer in use it will be closed and evicted from the cache after 30 seconds. New API's are available allowing developers to use these facilities via: void net_send_fileref(struct connection *, struct kore_fileref *); void http_response_fileref(struct http_request *, struct kore_fileref *); Kore will attempt to match media types based on file extensions. A few default types are built-in. Others can be added via the new "http_media_type" configuration directive.
2018-06-28 13:27:44 +02:00
(void)signal(SIGPIPE, SIG_IGN);
Use sigaction() for signals. Don't duplicate signal setup code between parent and worker processes.
2018-05-25 20:49:02 +02:00
}
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
void
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
kore_server_closeall(void)
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
{
struct listener *l;
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
struct kore_server *srv;
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
LIST_FOREACH(srv, &kore_servers, list) {
LIST_FOREACH(l, &srv->listeners, list)
l->fd = -1;
}
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
}
Separate private keys from worker processes. Kore will now isolate RSA private keys to a separate process (keymgr). Worker processes that require RSA signing for TLS connections will communicate with this keymgr process in order to do so. This behaviour cannot be disabled and is always turned on.
2016-06-08 13:55:14 +02:00
void
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
kore_server_cleanup(void)
Separate private keys from worker processes. Kore will now isolate RSA private keys to a separate process (keymgr). Worker processes that require RSA signing for TLS connections will communicate with this keymgr process in order to do so. This behaviour cannot be disabled and is always turned on.
2016-06-08 13:55:14 +02:00
{
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
struct kore_server *srv;
Separate private keys from worker processes. Kore will now isolate RSA private keys to a separate process (keymgr). Worker processes that require RSA signing for TLS connections will communicate with this keymgr process in order to do so. This behaviour cannot be disabled and is always turned on.
2016-06-08 13:55:14 +02:00
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
while ((srv = LIST_FIRST(&kore_servers)) != NULL)
kore_server_free(srv);
Separate private keys from worker processes. Kore will now isolate RSA private keys to a separate process (keymgr). Worker processes that require RSA signing for TLS connections will communicate with this keymgr process in order to do so. This behaviour cannot be disabled and is always turned on.
2016-06-08 13:55:14 +02:00
}
refactor code quite a bit.
2013-06-26 11:18:32 +02:00
void
kore_signal(int sig)
{
sig_recv = sig;
}
Add kore_shutdown(). Allows workers to cleanly initiate a shutdown of the entire server process.
2018-10-23 19:49:42 +02:00
void
kore_shutdown(void)
{
if (worker != NULL) {
kore_msg_send(KORE_MSG_PARENT, KORE_MSG_SHUTDOWN, NULL, 0);
return;
}
fatal("kore_shutdown: called from parent");
}
add kore_proctitle(). manipulates the argv+environ pointers to get a sensible process title under linux / darwin.
2019-03-29 16:24:14 +01:00
void
kore_proctitle(const char *title)
{
make native proctitle better. count how much space is available for a mangled process title only once, and use that as reference later.
2019-04-29 21:08:58 +02:00
int len;
kore_argv[1] = NULL;
len = snprintf(kore_argv[0], proctitle_maxlen, "%s %s",
basename(kore_progname), title);
if (len == -1 || (size_t)len >= proctitle_maxlen)
fatal("proctitle '%s' too large", title);
memset(kore_argv[0] + len, 0, proctitle_maxlen - len);
}
static void
kore_proctitle_setup(void)
{
int i;
add kore_proctitle(). manipulates the argv+environ pointers to get a sensible process title under linux / darwin.
2019-03-29 16:24:14 +01:00
char *p;
make native proctitle better. count how much space is available for a mangled process title only once, and use that as reference later.
2019-04-29 21:08:58 +02:00
proctitle_maxlen = 0;
add kore_proctitle(). manipulates the argv+environ pointers to get a sensible process title under linux / darwin.
2019-03-29 16:24:14 +01:00
for (i = 0; environ[i] != NULL; i++) {
Use strdup() when munging environment pointers.
2019-08-27 13:12:44 +02:00
if ((p = strdup(environ[i])) == NULL)
fatal("strdup");
make native proctitle better. count how much space is available for a mangled process title only once, and use that as reference later.
2019-04-29 21:08:58 +02:00
proctitle_maxlen += strlen(environ[i]) + 1;
add kore_proctitle(). manipulates the argv+environ pointers to get a sensible process title under linux / darwin.
2019-03-29 16:24:14 +01:00
environ[i] = p;
}
for (i = 0; kore_argv[i] != NULL; i++)
make native proctitle better. count how much space is available for a mangled process title only once, and use that as reference later.
2019-04-29 21:08:58 +02:00
proctitle_maxlen += strlen(kore_argv[i]) + 1;
add kore_proctitle(). manipulates the argv+environ pointers to get a sensible process title under linux / darwin.
2019-03-29 16:24:14 +01:00
}
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
static void
kore_server_sslstart(void)
{
SSL_library_init();
SSL_load_error_strings();
Add BSD kqueue(2) support. Compile with make bsd (or make linux for linux)
2013-06-17 23:39:17 +02:00
}
refactor code quite a bit.
2013-06-26 11:18:32 +02:00
static void
Add kore_parent_daemonized(). This is called for single binaries after the parent process has called daemon(). Also fix kore_parent_configure() for !single binaries.
2018-10-18 17:18:41 +02:00
kore_server_start(int argc, char *argv[])
refactor code quite a bit.
2013-06-26 11:18:32 +02:00
{
Add initial python support. Based on work done by Stanislav Yudin.
2017-01-12 23:38:51 +01:00
u_int32_t tmp;
Do not add keymgr its msg fd if not started. Reshuffles the keymgr_active flag to keymgr.c and let it be figured out from inside kore_server_start() instead of the worker init code.
2019-10-07 10:31:35 +02:00
struct kore_server *srv;
rework timers so they fire more predictably. this change also stops python coroutines from waking up very late after their timeout has expired. in filerefs, don't prime the timer until we actually have something to expire, and kill the timer when the last ref drops.
2019-03-21 10:17:08 +01:00
u_int64_t netwait;
Add worker_death_policy setting. By default kore will restart worker processes if they terminate unexpected. However in certain scenarios you may want to bring down an entire kore instance if a worker process fails. By setting worker_death_policy to "terminate" the Kore server will completely stop if a worker exits unexpected.
2019-03-22 09:49:50 +01:00
int quit, last_sig;
make sure we can still run normal apps even with PYTHON=1
2019-09-26 20:38:02 +02:00
#if defined(KORE_SINGLE_BINARY)
hide rcall properly if needed
2019-09-26 16:05:01 +02:00
struct kore_runtime_call *rcall;
#endif
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
rename foreground to kore_foreground.
2021-01-11 23:35:16 +01:00
if (kore_foreground == 0) {
Add kore_parent_daemonized(). This is called for single binaries after the parent process has called daemon(). Also fix kore_parent_configure() for !single binaries.
2018-10-18 17:18:41 +02:00
if (daemon(1, 0) == -1)
fatal("cannot daemon(): %s", errno_s);
#if defined(KORE_SINGLE_BINARY)
make sure we can still run normal apps even with PYTHON=1
2019-09-26 20:38:02 +02:00
rcall = kore_runtime_getcall(parent_daemonized_hook);
Add kore_parent_daemonized(). This is called for single binaries after the parent process has called daemon(). Also fix kore_parent_configure() for !single binaries.
2018-10-18 17:18:41 +02:00
if (rcall != NULL) {
kore_runtime_execute(rcall);
kore_free(rcall);
}
#endif
}
refactor code quite a bit.
2013-06-26 11:18:32 +02:00
kore_pid = getpid();
always write the pidfile even in foreground
2017-02-22 20:38:07 +01:00
kore_write_kore_pid();
refactor code quite a bit.
2013-06-26 11:18:32 +02:00
Add -q flag. If specified Kore will run quietly and only log important messages.
2018-11-15 16:01:37 +01:00
if (!kore_quiet) {
kore_log(LOG_NOTICE, "%s is starting up", __progname);
Do not add keymgr its msg fd if not started. Reshuffles the keymgr_active flag to keymgr.c and let it be figured out from inside kore_server_start() instead of the worker init code.
2019-10-07 10:31:35 +02:00
#if defined(__linux__)
kore_log(LOG_NOTICE, "seccomp sandbox enabled");
#endif
Add pgsql_conn_max configuration parameter. Allows you to tune how many pgsql connections kore will make at one time.
2014-07-04 09:14:05 +02:00
#if defined(KORE_USE_PGSQL)
Add -q flag. If specified Kore will run quietly and only log important messages.
2018-11-15 16:01:37 +01:00
kore_log(LOG_NOTICE, "pgsql built-in enabled");
Add pgsql_conn_max configuration parameter. Allows you to tune how many pgsql connections kore will make at one time.
2014-07-04 09:14:05 +02:00
#endif
#if defined(KORE_USE_TASKS)
Add -q flag. If specified Kore will run quietly and only log important messages.
2018-11-15 16:01:37 +01:00
kore_log(LOG_NOTICE, "tasks built-in enabled");
Add pgsql_conn_max configuration parameter. Allows you to tune how many pgsql connections kore will make at one time.
2014-07-04 09:14:05 +02:00
#endif
JSONRPC If support compiled in log it at start
2016-07-11 08:12:23 +02:00
#if defined(KORE_USE_JSONRPC)
Add -q flag. If specified Kore will run quietly and only log important messages.
2018-11-15 16:01:37 +01:00
kore_log(LOG_NOTICE, "jsonrpc built-in enabled");
JSONRPC If support compiled in log it at start
2016-07-11 08:12:23 +02:00
#endif
like other flavors, log if python is enabled.
2017-02-09 13:38:09 +01:00
#if defined(KORE_USE_PYTHON)
Add -q flag. If specified Kore will run quietly and only log important messages.
2018-11-15 16:01:37 +01:00
kore_log(LOG_NOTICE, "python built-in enabled");
like other flavors, log if python is enabled.
2017-02-09 13:38:09 +01:00
#endif
Add -q flag. If specified Kore will run quietly and only log important messages.
2018-11-15 16:01:37 +01:00
}
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
#if !defined(KORE_SINGLE_BINARY) && !defined(KORE_USE_PYTHON)
make sure we can still run normal apps even with PYTHON=1
2019-09-26 20:38:02 +02:00
kore_call_parent_configure(argc, argv);
#endif
#if defined(KORE_USE_PYTHON) && !defined(KORE_SINGLE_BINARY)
if (kore_pymodule == NULL)
kore_call_parent_configure(argc, argv);
Slightly change kore_parent_configure() again. - Call it before loading configurations when built as single binaries. - Call it right before forking workers when built as a dso.
2017-02-09 13:36:08 +01:00
#endif
Do not add keymgr its msg fd if not started. Reshuffles the keymgr_active flag to keymgr.c and let it be figured out from inside kore_server_start() instead of the worker init code.
2019-10-07 10:31:35 +02:00
/* Check if keymgr will be active. */
LIST_FOREACH(srv, &kore_servers, list) {
if (srv->tls) {
keymgr_active = 1;
break;
}
}
add kore_proctitle(). manipulates the argv+environ pointers to get a sensible process title under linux / darwin.
2019-03-29 16:24:14 +01:00
kore_platform_proctitle("[parent]");
refactor code quite a bit.
2013-06-26 11:18:32 +02:00
kore_worker_init();
Add our messaging framework. With this framework apps can now send messages between worker processes. A new API function exists: int kore_msg_register(u_int8_t id, void (*cb)(const void *, u_int32_t); This API call allows your app to register a new message callback for a given ID. You can then send messages on this ID to other workers using: void kore_msg_send(u_int8_t id, void *data, u_int32_t length); This framework will interally be used for a few things such as allowing websocket data to broadcasted between all workers, adding unified caching and hopefully eventually moving the access log to this as well. Some internals have changed with this commit: * worker_clients has been called connections. * the parent now initializes the net, and event subsystems. * kore_worker_websocket_broadcast() is dead.
2015-06-22 21:13:32 +02:00
/* Set worker_max_connections for kore_connection_init(). */
tmp = worker_max_connections;
worker_max_connections = worker_count;
net_init();
kore_connection_init();
kore_platform_event_init();
kore_msg_parent_init();
Allow Kore to be started in foreground mode (-f) Sending SIGINT or Ctrl-c will reap all workers and exit again. Useful for development.
2014-07-31 13:27:04 +02:00
quit = 0;
Add our messaging framework. With this framework apps can now send messages between worker processes. A new API function exists: int kore_msg_register(u_int8_t id, void (*cb)(const void *, u_int32_t); This API call allows your app to register a new message callback for a given ID. You can then send messages on this ID to other workers using: void kore_msg_send(u_int8_t id, void *data, u_int32_t length); This framework will interally be used for a few things such as allowing websocket data to broadcasted between all workers, adding unified caching and hopefully eventually moving the access log to this as well. Some internals have changed with this commit: * worker_clients has been called connections. * the parent now initializes the net, and event subsystems. * kore_worker_websocket_broadcast() is dead.
2015-06-22 21:13:32 +02:00
worker_max_connections = tmp;
Allow on-the-fly reloading of certificates/keys. This commit introduces the ability for the keymgr process to reload the certificates/keys for domains when receiving a SIGUSR1 signal. The keymgr receives 2 new configuration options: - keymgr_root_path The root path where the keymgr will live. If -n is not specified when the application starts the keymgr process will chroot into here. - keymgr_runas_user The user the keymgr will drop privileges towards if -r was not specified. All certfile and certkey configuration options are now relative to the keymgr_root_path configuration setting. The keymgr process will now also load the certificate for the domain (rather then the workers) and submit these to the worker processes so they can be reloaded when required. Worker processes will refuse connections until the TLS configuration for a given domain is completed (aka: the workers receive the certificate for that domain). Other changes: - client_certificates renamed to client_verify. - the chroot configuration option is now called root. - kore is a little more verbose if privsep options are missing. - filemaps are now relative to the root configuration option.
2018-07-11 09:44:29 +02:00
Rework accesslog handling. Move away from the parent constantly hitting the disk for every accesslog the workers are sending. The workers will now write their own accesslogs to shared memory before the parent will pick those up. The parent will flush them to disk once every second or if they grow larger then 1MB. This removes the heavy penalty for having access logs turned on when you are dealing with a large volume of requests.
2018-12-22 09:25:00 +01:00
kore_timer_init();
wrap accesslog calls in !KORE_NO_HTTP.
2018-12-22 09:41:55 +01:00
#if !defined(KORE_NO_HTTP)
rework timers so they fire more predictably. this change also stops python coroutines from waking up very late after their timeout has expired. in filerefs, don't prime the timer until we actually have something to expire, and kill the timer when the last ref drops.
2019-03-21 10:17:08 +01:00
kore_timer_add(kore_accesslog_run, 100, NULL, 0);
wrap accesslog calls in !KORE_NO_HTTP.
2018-12-22 09:41:55 +01:00
#endif
Rework accesslog handling. Move away from the parent constantly hitting the disk for every accesslog the workers are sending. The workers will now write their own accesslogs to shared memory before the parent will pick those up. The parent will flush them to disk once every second or if they grow larger then 1MB. This removes the heavy penalty for having access logs turned on when you are dealing with a large volume of requests.
2018-12-22 09:25:00 +01:00
Add kore.sendmsg(object, worker=None) to the python api. This allows you to send Python objects that can be run through pickle to other worker processes. If your application implements koreapp.onmsg() you will be able to receive these objects.
2019-10-16 12:05:27 +02:00
#if defined(KORE_USE_PYTHON)
kore_msg_unregister(KORE_PYTHON_SEND_OBJ);
#endif
Allow Kore to be started in foreground mode (-f) Sending SIGINT or Ctrl-c will reap all workers and exit again. Useful for development.
2014-07-31 13:27:04 +02:00
while (quit != 1) {
Add a form of synchronization between what worker will be accepting new connections and which ones will not be notified for it. Fixes the thundering herd problem, and nicely spreads out load between all the workers equally. A configuration option (workers_max_connections) is available to tweak how many connections a worker will have before giving up the accept lock. Two ways are added to this commit for access locking: - Locking via semaphores. - Locking via GCC's builtin atomic methods. The default is running with semaphores disabled (OpenBSD cannot do sem_init() with pshared set to 1, which is required). If you want to use semaphores add KORE_USE_SEMAPHORES to CFLAGS, and -lpthread to LDFLAGS in the Makefile. Other fixes: - BSD: add a timeout to kevent(). - Merge kore_worker_wait together, linux knows waitpid() as well. - Send the correct SIGQUIT signal to workers instead of SIGINT. - Fix kore_time_ms(). - Log fatal worker messages in syslog. - Refactor code even more. - Do not free our own kore_worker structure.
2013-06-26 16:37:22 +02:00
if (sig_recv != 0) {
Add worker_death_policy setting. By default kore will restart worker processes if they terminate unexpected. However in certain scenarios you may want to bring down an entire kore instance if a worker process fails. By setting worker_death_policy to "terminate" the Kore server will completely stop if a worker exits unexpected.
2019-03-22 09:49:50 +01:00
last_sig = sig_recv;
Allow Kore to be started in foreground mode (-f) Sending SIGINT or Ctrl-c will reap all workers and exit again. Useful for development.
2014-07-31 13:27:04 +02:00
switch (sig_recv) {
case SIGHUP:
Add a form of synchronization between what worker will be accepting new connections and which ones will not be notified for it. Fixes the thundering herd problem, and nicely spreads out load between all the workers equally. A configuration option (workers_max_connections) is available to tweak how many connections a worker will have before giving up the accept lock. Two ways are added to this commit for access locking: - Locking via semaphores. - Locking via GCC's builtin atomic methods. The default is running with semaphores disabled (OpenBSD cannot do sem_init() with pshared set to 1, which is required). If you want to use semaphores add KORE_USE_SEMAPHORES to CFLAGS, and -lpthread to LDFLAGS in the Makefile. Other fixes: - BSD: add a timeout to kevent(). - Merge kore_worker_wait together, linux knows waitpid() as well. - Send the correct SIGQUIT signal to workers instead of SIGINT. - Fix kore_time_ms(). - Log fatal worker messages in syslog. - Refactor code even more. - Do not free our own kore_worker structure.
2013-06-26 16:37:22 +02:00
kore_worker_dispatch_signal(sig_recv);
Allow Kore to be started in foreground mode (-f) Sending SIGINT or Ctrl-c will reap all workers and exit again. Useful for development.
2014-07-31 13:27:04 +02:00
kore_module_reload(0);
break;
case SIGINT:
case SIGQUIT:
Let SIGTERM properly shutdown Kore as well.
2016-01-31 16:48:17 +01:00
case SIGTERM:
Allow Kore to be started in foreground mode (-f) Sending SIGINT or Ctrl-c will reap all workers and exit again. Useful for development.
2014-07-31 13:27:04 +02:00
quit = 1;
kore_worker_dispatch_signal(sig_recv);
continue;
Allow on-the-fly reloading of certificates/keys. This commit introduces the ability for the keymgr process to reload the certificates/keys for domains when receiving a SIGUSR1 signal. The keymgr receives 2 new configuration options: - keymgr_root_path The root path where the keymgr will live. If -n is not specified when the application starts the keymgr process will chroot into here. - keymgr_runas_user The user the keymgr will drop privileges towards if -r was not specified. All certfile and certkey configuration options are now relative to the keymgr_root_path configuration setting. The keymgr process will now also load the certificate for the domain (rather then the workers) and submit these to the worker processes so they can be reloaded when required. Worker processes will refuse connections until the TLS configuration for a given domain is completed (aka: the workers receive the certificate for that domain). Other changes: - client_certificates renamed to client_verify. - the chroot configuration option is now called root. - kore is a little more verbose if privsep options are missing. - filemaps are now relative to the root configuration option.
2018-07-11 09:44:29 +02:00
case SIGUSR1:
kore_worker_dispatch_signal(sig_recv);
break;
Add asynchronous subprocess support. This adds kore.proc to the python runtime allowing async processing handling: The kore.proc method takes the command to run and an optional timeout parameter in milliseconds. If the process did not exit normally after that amount of time a TimeoutError exception is raised. For instance: async def run(cmd): proc = kore.proc(cmd, 1000) try: await proc.send("hello") proc.close_stdin() except TimeoutError: proc.kill() retcode = await proc.reap() return retcode
2018-10-26 19:19:47 +02:00
case SIGCHLD:
Add worker_death_policy setting. By default kore will restart worker processes if they terminate unexpected. However in certain scenarios you may want to bring down an entire kore instance if a worker process fails. By setting worker_death_policy to "terminate" the Kore server will completely stop if a worker exits unexpected.
2019-03-22 09:49:50 +01:00
kore_worker_reap();
Add asynchronous subprocess support. This adds kore.proc to the python runtime allowing async processing handling: The kore.proc method takes the command to run and an optional timeout parameter in milliseconds. If the process did not exit normally after that amount of time a TimeoutError exception is raised. For instance: async def run(cmd): proc = kore.proc(cmd, 1000) try: await proc.send("hello") proc.close_stdin() except TimeoutError: proc.kill() retcode = await proc.reap() return retcode
2018-10-26 19:19:47 +02:00
break;
Allow Kore to be started in foreground mode (-f) Sending SIGINT or Ctrl-c will reap all workers and exit again. Useful for development.
2014-07-31 13:27:04 +02:00
default:
break;
Add a form of synchronization between what worker will be accepting new connections and which ones will not be notified for it. Fixes the thundering herd problem, and nicely spreads out load between all the workers equally. A configuration option (workers_max_connections) is available to tweak how many connections a worker will have before giving up the accept lock. Two ways are added to this commit for access locking: - Locking via semaphores. - Locking via GCC's builtin atomic methods. The default is running with semaphores disabled (OpenBSD cannot do sem_init() with pshared set to 1, which is required). If you want to use semaphores add KORE_USE_SEMAPHORES to CFLAGS, and -lpthread to LDFLAGS in the Makefile. Other fixes: - BSD: add a timeout to kevent(). - Merge kore_worker_wait together, linux knows waitpid() as well. - Send the correct SIGQUIT signal to workers instead of SIGINT. - Fix kore_time_ms(). - Log fatal worker messages in syslog. - Refactor code even more. - Do not free our own kore_worker structure.
2013-06-26 16:37:22 +02:00
}
Allow Kore to be started in foreground mode (-f) Sending SIGINT or Ctrl-c will reap all workers and exit again. Useful for development.
2014-07-31 13:27:04 +02:00
Add worker_death_policy setting. By default kore will restart worker processes if they terminate unexpected. However in certain scenarios you may want to bring down an entire kore instance if a worker process fails. By setting worker_death_policy to "terminate" the Kore server will completely stop if a worker exits unexpected.
2019-03-22 09:49:50 +01:00
if (sig_recv == last_sig)
sig_recv = 0;
else
continue;
Add a form of synchronization between what worker will be accepting new connections and which ones will not be notified for it. Fixes the thundering herd problem, and nicely spreads out load between all the workers equally. A configuration option (workers_max_connections) is available to tweak how many connections a worker will have before giving up the accept lock. Two ways are added to this commit for access locking: - Locking via semaphores. - Locking via GCC's builtin atomic methods. The default is running with semaphores disabled (OpenBSD cannot do sem_init() with pshared set to 1, which is required). If you want to use semaphores add KORE_USE_SEMAPHORES to CFLAGS, and -lpthread to LDFLAGS in the Makefile. Other fixes: - BSD: add a timeout to kevent(). - Merge kore_worker_wait together, linux knows waitpid() as well. - Send the correct SIGQUIT signal to workers instead of SIGINT. - Fix kore_time_ms(). - Log fatal worker messages in syslog. - Refactor code even more. - Do not free our own kore_worker structure.
2013-06-26 16:37:22 +02:00
}
rework timers so they fire more predictably. this change also stops python coroutines from waking up very late after their timeout has expired. in filerefs, don't prime the timer until we actually have something to expire, and kill the timer when the last ref drops.
2019-03-21 10:17:08 +01:00
netwait = kore_timer_next_run(kore_time_ms());
Rework accesslog handling. Move away from the parent constantly hitting the disk for every accesslog the workers are sending. The workers will now write their own accesslogs to shared memory before the parent will pick those up. The parent will flush them to disk once every second or if they grow larger then 1MB. This removes the heavy penalty for having access logs turned on when you are dealing with a large volume of requests.
2018-12-22 09:25:00 +01:00
kore_platform_event_wait(netwait);
Add our messaging framework. With this framework apps can now send messages between worker processes. A new API function exists: int kore_msg_register(u_int8_t id, void (*cb)(const void *, u_int32_t); This API call allows your app to register a new message callback for a given ID. You can then send messages on this ID to other workers using: void kore_msg_send(u_int8_t id, void *data, u_int32_t length); This framework will interally be used for a few things such as allowing websocket data to broadcasted between all workers, adding unified caching and hopefully eventually moving the access log to this as well. Some internals have changed with this commit: * worker_clients has been called connections. * the parent now initializes the net, and event subsystems. * kore_worker_websocket_broadcast() is dead.
2015-06-22 21:13:32 +02:00
kore_connection_prune(KORE_CONNECTION_PRUNE_DISCONNECT);
rework timers so they fire more predictably. this change also stops python coroutines from waking up very late after their timeout has expired. in filerefs, don't prime the timer until we actually have something to expire, and kill the timer when the last ref drops.
2019-03-21 10:17:08 +01:00
kore_timer_run(kore_time_ms());
Add a form of synchronization between what worker will be accepting new connections and which ones will not be notified for it. Fixes the thundering herd problem, and nicely spreads out load between all the workers equally. A configuration option (workers_max_connections) is available to tweak how many connections a worker will have before giving up the accept lock. Two ways are added to this commit for access locking: - Locking via semaphores. - Locking via GCC's builtin atomic methods. The default is running with semaphores disabled (OpenBSD cannot do sem_init() with pshared set to 1, which is required). If you want to use semaphores add KORE_USE_SEMAPHORES to CFLAGS, and -lpthread to LDFLAGS in the Makefile. Other fixes: - BSD: add a timeout to kevent(). - Merge kore_worker_wait together, linux knows waitpid() as well. - Send the correct SIGQUIT signal to workers instead of SIGINT. - Fix kore_time_ms(). - Log fatal worker messages in syslog. - Refactor code even more. - Do not free our own kore_worker structure.
2013-06-26 16:37:22 +02:00
}
Add resource management as part of the kore shutdown process.
2015-12-29 20:39:39 +01:00
wrap accesslog calls in !KORE_NO_HTTP.
2018-12-22 09:41:55 +01:00
#if !defined(KORE_NO_HTTP)
rework timers so they fire more predictably. this change also stops python coroutines from waking up very late after their timeout has expired. in filerefs, don't prime the timer until we actually have something to expire, and kill the timer when the last ref drops.
2019-03-21 10:17:08 +01:00
kore_accesslog_gather(NULL, kore_time_ms(), 1);
wrap accesslog calls in !KORE_NO_HTTP.
2018-12-22 09:41:55 +01:00
#endif
Rework accesslog handling. Move away from the parent constantly hitting the disk for every accesslog the workers are sending. The workers will now write their own accesslogs to shared memory before the parent will pick those up. The parent will flush them to disk once every second or if they grow larger then 1MB. This removes the heavy penalty for having access logs turned on when you are dealing with a large volume of requests.
2018-12-22 09:25:00 +01:00
rename *_fini to *_cleanup
2016-01-04 22:40:14 +01:00
kore_platform_event_cleanup();
kore_connection_cleanup();
Formatting and unbreaking NOHTTP builds.
2016-02-01 20:02:02 +01:00
kore_domain_cleanup();
rename *_fini to *_cleanup
2016-01-04 22:40:14 +01:00
net_cleanup();
refactor code quite a bit.
2013-06-26 11:18:32 +02:00
}
Add BSD kqueue(2) support. Compile with make bsd (or make linux for linux)
2013-06-17 23:39:17 +02:00
static void
refactor code quite a bit.
2013-06-26 11:18:32 +02:00
kore_write_kore_pid(void)
write main process pid to /var/run/kore.pid (changable in configuration)
2013-06-04 16:53:30 +02:00
{
FILE *fp;
if ((fp = fopen(kore_pidfile, "w+")) == NULL) {
Allow developers to pass the lib to load on the cli. When running in -f (foreground) you can now specify the library Kore needs to load on the command line: kore -fnc module.conf myapp.so This has the benefit that your configuration file no longer needs the load directive when hacking on your code. Note that you can still specify load in your config file regardless, if you so chose. All of this is being done in order to try and move away from the backwards way of getting up and running with Kore.
2014-07-31 17:15:51 +02:00
printf("warning: couldn't write pid to %s (%s)\n",
kore_pidfile, errno_s);
write main process pid to /var/run/kore.pid (changable in configuration)
2013-06-04 16:53:30 +02:00
} else {
refactor code quite a bit.
2013-06-26 11:18:32 +02:00
fprintf(fp, "%d\n", kore_pid);
write main process pid to /var/run/kore.pid (changable in configuration)
2013-06-04 16:53:30 +02:00
fclose(fp);
}
}
make sure we can still run normal apps even with PYTHON=1
2019-09-26 20:38:02 +02:00
static void
kore_call_parent_configure(int argc, char **argv)
{
struct kore_runtime_call *rcall;
rcall = kore_runtime_getcall(parent_config_hook);
if (rcall != NULL) {
kore_runtime_configure(rcall, argc, argv);
kore_free(rcall);
}
}