This is work in progress. It current lacks a number of features
that we would like to have, but most of them are relatively easy
now that most of the work has been done:
1) Support for caching based on timestamps, like curl ("not modified")
2) IPv6 support
3) HTTP redirects (with limit)
4) Timeouts for connect and reads (15 / 45 for curl atm)
5) HTTP downgrades
6) Chunked transfer encoding
7) Verify openssl hostname check
8) SNI
9) Ideally some progressbar for large transfers such as the geoip db
(for cURL too by the way)
And.. finally we should use this stuff from the modulemanager so we
don't have duplicate code.
as it REQUESTS to rehash the server, but it may not be done immediately.
And making it void makes sure nobody relies on some sort of return
value which will differ between with vs without remote includes.
Also get rid of sig and loop.rehash_save_sig, as a NULL client
already indicates the same (or at least does so now).
not used by 3rd party authors):
* conf_start() -> config_read_start()
* conf_check_complete() -> is_config_read_finished()
* load_conf() -> config_read_file()
* config_test() -> config_test_blocks()
* config_run() -> config_run_blocks()
* init_conf() -> config_test()
* run_configuration() -> config_run()
This so things look like:
if (config_read_start() < 0)
exit(-1);
while (!is_config_read_finished())
; // do something
if (config_test(1) == 0)
config_run();
always compiled in, both regardless of cURL support or not.
Obviously the cURL functions are not available without cURL and there
are now some #ifdef USE_LIBCURL in url.c
This also fixes the current build to work without cURL
asynchronous on start, which is achieved by this 1st commit.
For this to work, the init_conf() stuff has been split to an
earlier call to conf_start() and then a loop where you can
check for conf_check_complete().
This means init_conf() no longer calls load_conf, as that
is moved to conf_start() and conf_check_complete().
Thus, init_conf() is now only called when all includes are in the
linked list 'conf_include'.
This is work in progress and breaks:
1) rehashes
2) compiling without curl
3) possibly cached remote includes
Without this, I think otherwise we need too many checks everywhere
for the IsMe() case. And this behavior matches me.direction which
also points to &me.
Then again, will doing it this way cause issues? We will see...
IP address in the message. We now use ip:port from the link block
if we failed to connect, and otherwise we use the ip from the
connection if the connection is established (also because it
can be a remote connection, not linked directly to us)
just like client->user is set if the client is a user.
Rename client->srvptr to client->uplink: this is the uplink that the client
is connected to. If the client is a user then it is set to the server that
the client is connected to, if the client is a server then it is set to the
server that the server is connected to (the.. tadah.. uplink).
For local clients it is always set to &me.
for fake lag calculations only (well, except for 1 corner case).
As said, modules should use the new function:
void add_fake_lag(Client *client, long msec)
logging. We already did so for the "timestamp" of the log message,
but now also do it in other log messages that have a timestamp,
such as "set_at" and "expire_at" in TKL entries.
This adds __attribute__((format(printf,X,Y))) to several functions.
It also adds checking only for the non-literal case to some functions
such as unreal_log/unreal_do_log.
This so we can more easily detect format string issues. Especially now with
the recoding of the logger and with possible future mistakes in this area
in UnrealIRCd 6 itself or in third party modules.
The check is currently disabled in these files, which are TODO items:
* src/send.c: still much work to do
* src/socket.c: due to report_error and report_baderror().
I want to get rid of these functions and integrate them
in the new logger anyway.
* src/serv.c: only disable for hunt_server()
if on OpenSSL 1.1.1 or later.
We trust OpenSSL 1.1.1 and later to be good enough to handle all
the reference counting and freeing nowadays, which is something that
was not done correctly in (much) older OpenSSL versions, leading
to crashes on one hand and on memory leaks on the other hand.
In OpenSSL 1.1.0 and earlier we do not rehash tls on simple "REHASH",
since that code has not been vetted. However, nobody should be
running those old OpenSSL versions anyway, since they are out of
official OpenSSL support.
set {
server-linking {
autoconnect-strategy parallel;
connect-timeout 10s;
handshake-timeout 20s;
}
}
Right now the only autoconnect-strategy is 'parallel', which is simply
the existing behavior since 4.x. A future commit will add other
strategies and may or may not change the default as well.
The bit that is working already is that you can now specify different
timeouts for the connect()/TLS_connect() call and for the rest of
the handshake (when the "SERVER" message is seen), this so the connect
timeout can be relatively short.
All this will be documented later in the wiki and release notes.
The new target type is called 'T' and we match against "name=value"
of each message tag (or just "name" if it is without value).
Example: SPAMFILTER ADD -simple T kill 0 this_is_a_test +typing=active
(No this is not a suggestion :D)
This probably won't be used much at all, but it is good to have the
option available in case there is some massive problem,
especially since more message tags may pop up sooner or later.
Caveat: this is actually a bit slow as we may have to check multiple
message tags for a single line.
If there are zero message-tag spamfilters then we will automatically
short-circuit and save all this CPU, which will be the most common case.
When connecting, use slightly different wording (and use it consistently):
"Trying to activate link with server xyz"
When the connection is lost before synced:
"Unable to link with server xyz"
When the connection is lost after fully synced (eg: minutes later):
"Lost server link to xyz"
Important small changes (other than text):
* Log ERRORs from remote servers to the log (previously only shown to ircops)
* Some link errors could have been previously suppressed due to
old code assuming other parts of the code would send or log the error
(this would be the case for an error when calling SSL/TLS write functions)
* More?