| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
This changes the backend (internal) HTTP API to provide a much more
sensible handler scheme, where the handlers are opaque objects and we
can allocate a handler for different types of tasks.
We've also added support serving up directories of static content, and
added code to validate that the directory serving is working as intended.
This is a key enabling step towards the public API.
|
| |
|
|
|
| |
fixes #210 Want NNG_OPT_TLS_* options for TLS transport
fixes #212 Eliminate a_endpt member of aio
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is useful to have support for validating that a peer *was*
verified, especially in the presence of optional validation.
We have added a property that does this, NNG_OPT_TLS_VERIFIED.
Further, all the old NNG_OPT_WSS_TLS_* property names have also been
renamed to generic NNG_OPT_TLS property names, which have been
moved to nng.h to facilitate reuse and sharing, with the comments
moved and corrected as well.
Finally, the man pages have been updated, with substantial
improvements to the nng_ws man page in particular.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds support for configuration of TLS websockets using the files
for keys, certificates, and CRLs. Significant changes to the websocket,
TLS, and HTTP layers were made here. We now expect TLS configuration to
be tied to the HTTP layer, and the HTTP code creates default configuration
objects based on the URL supplied. (HTTP dialers and listeners are now
created with a URL rather than a sockaddr, giving them access to the scheme
as well.)
We fixed several bugs affecting TLS validation, and added a test suite
that confirms that validation works as it should. We also fixed an orphaned
socket during HTTP negotiation, responsible for an occasional assertion
error if the http handshake does not complete successfully. Finally several
use-after-free races were closed.
TLS layer changes include reporting of handshake failures using newly
created "standard" error codes for peer authentication and cryptographic
failures.
The use of the '*' wild card in URLs at bind time is no longer supported
for websocket at least.
Documentation updates for all this are in place as well.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This refactor of the file API provides a simpler and easier to use
interface for our needs (and simpler to implement) in both the
ZeroTier transport and the HTTP/TLS file accesses. It also removes
some restrictions present on the old one, although it is still not
suitable for working with large files. (It will work, just be
very inefficient as the entire file must be loaded into memory.)
|
| | |
|
| |
|
|
|
|
| |
This also fixes a use-after-free bug in the HTTP framework, where the
handler could be deleted why callbacks were still using it. (We now
reference count the handlers.)
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes a problem where the websocket would only send one message,
then no others, due to not clearing the "frame" busy flag on completion
of the frame transmit.
We have also added a test that tries to send 10 messages back and
forth to make sure that we catch this kind of problem in the future.
Finally we've fixed some problems that were found when testing edge
cases around the protocol, which were responsible for invalid memory
accesses.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
First, httpbin.org was having some high latency (load) earlier today,
so we needed to bump the timeout up.
Next, this also uncovered a bug where our cancellation of http channels
was a bit dodgy. This is changed to be a bit more robust, separating the
"current" active http streams (for read or write) into separate tracking
variables variables. Also, now cancellation immediately calls the aio
finish for those -- there were assumptions elsewhere (expire timeouts)
that cancellation caused nni_aio_finish() to be called.
Finally there was a use after free bug in the websocket listener code
where the listener could be freed while still having outstanding streams
waiting to send the websocket reply.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This introduces the wss:// scheme, which is available and works like
the ws:// scheme if TLS is enabled in the library.
The library modularization is refactored somewhat, to make it easier
to use. There is now a single NNG_ENABLE_TLS that enables TLS support
under the hood.
This also adds a new option for the TLS transport, NNG_OPT_TLS_CONFIG
(and a similar one for WSS, NNG_OPT_TLS_WSS_CONFIG) that offer access
to the underlying TLS configuration object, which now has a public API
to go with it as well.
Note that it is also possible to use pure HTTPS using the *private*
API, which will be exposed in a public form soon.
|
| | |
|
| |
|
|
|
| |
This addresses a number of problems that were found on Windows,
including one bug that actually turned up in testing on POSIX.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a rather large changeset -- it fundamentally adds websocket
transport, but as part of this changeset we added a generic framework
for both HTTP and websocket. We also made some supporting changes to
the core, such as changing the way timeouts work for AIOs and adding
additional state keeping for AIOs, and adding a common framework for
deferred finalization (to avoid certain kinds of circular deadlocks
during resource cleanup). We also invented a new initialization framework
so that we can avoid wiring in knowledge about them into the master
initialization framework.
The HTTP framework is not yet complete, but it is good enough for simple
static serving and building additional services on top of -- including
websocket. We expect both websocket and HTTP support to evolve
considerably, and so these are not part of the public API yet.
Property support for the websocket transport (in particular address
properties) is still missing, as is support for TLS.
The websocket transport here is a bit more robust than the original
nanomsg implementation, as it supports multiple sockets listening at
the same port sharing the same HTTP server instance, discriminating
between them based on URI (and possibly the virtual host).
Websocket is enabled by default at present, and work to conditionalize
HTTP and websocket further (to minimize bloat) is still pending.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
The test suites run as root inside docker (?), so the files permission
test needs to be skipped.
Circle, like Travis, lacks support correct IPv6. I think this is because
of basic deficiency in Amazon's EC2 product. Come on Amazon, it's 2017,
you have to support IPv6!
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This introduces a new transport (compatible with the TLS
transport from mangos), using TLS v1.2.
To use the new transport, you must have the mbed TLS library
available on your system (Xenial libmbedtls-dev). You can use
version 2.x or newer -- 1.3.x and PolarSSL versions are not
supported.
You enable the TLS transport with -DNNG_TRANSPORT_TLS=ON in the CMake
configuration.
You must configure the server certificate by default, and this can only
be done using nng options. See the nng_tls man page for details.
This work is experimental, and was made possible by Capitar IT Group BV,
and Staysail Systems, Inc.
|
| |
|
|
| |
fixes #155 POSIX TCP & IPC could avoid a lot of context switches
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This makes all the protocols and transports optional. All
of them except ZeroTier are enabled by default, but you can
now disable them (remove from the build) with cmake options.
The test suite is modified so that tests still run as much
as they can, but skip over things caused by missing functionality
from the library (due to configuration).
Further, the constant definitions and prototypes for functions
that are specific to transports or protocols are moved into
appropriate headers, which should be included directly by
applications wishing to use these.
We have also added and improved documentation -- all of the
transports are documented, and several more man pages for
protocols have been added. (Req/Rep and Surveyor are still
missing.)
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
While here we added a test for the aio stuff, and cleaned up some dead
code for the old fd notifications. There were a few improvements to
shorten & clean code elsewhere, such as short-circuiting task wait
when the task has no callback.
The legacy sendmsg() and recvmsg() APIs are still in the socket core
until we convert the device code to use the aios.
|
| |
|
|
|
|
|
|
|
| |
This eliminates the "quasi-functional" notify API altogether.
The aio framework will be coming soon to replace it.
As a bonus, apps (legacy apps) that use the notification FDs
will see improved performance, since we don't have to context
switch to give them a notification.
|
| | |
|
| |
|
|
| |
I've added some tests to validate this too.
|
| |
|
|
|
|
| |
There is now a public nng_duration type. We have also updated the
zerotier work to work with the signed int64_t's that the latst ZeroTier
dev branch is using.
|
| |
|
|
| |
This also fixes a fence post error in the ephemeral state handling .
|
| |
|
|
|
|
|
|
|
|
|
| |
This includes converting the ZeroTier transport to use these.
The new API supports file creation, retrieval, and deletion. It
also supports directory methods for traversal, creation, and
deletion. It also has a few methods to obtain well-known directories
like $TMPDIR and $HOME.
A rich test suite for this functionality is added as well.
|
| |
|
|
|
|
|
|
| |
The NNG_OPT_SOCKNAME option is settable, to a limit of 64 bytes.
The NNG_OPT_DOMAIN is read-only, but changes to match the setting
of the NNG_OPT_RAW field. New applications should not use the
NNG_OPT_DOMAIN option -- it is provided solely for use with the
legacy NN_DOMAIN option in the compatibility layer.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We introduced richer, deeper tests for UDP functionality.
These tests uncovered a number of issues which this commit fixes.
The Windows IOCP code needs to support multiple aios on a single
nni_win_event. A redesign of the IOCP handling addresses that.
The POSIX UDP code also needed fixes; foremost among them is the
fact that the UDP file descriptor is not placed into non-blocking
mode, leading to potential hangs.
A number of race conditions and bugs along the implementation of
the above items were uncovered and fixed. To the best of our knowledge
the current code is bug-free.
|
| |
|
|
|
|
|
|
|
| |
Added TCP socket address properties on pipes.
This adds the plumbing for the various platform specifics, and
includes both v4 and v6 handling.
We've included a TCPv6 test as well.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We allow some properties to be set on endpoints after they are
started; transports now responsible for checking that. (The new
values will only apply to new connections of course!)
We added short-hand functions for pipe properties, and also added
uint64_t shorthands across the board.
The zerotier documentation got some updates (corrections). We have
also added a separate header now for the ZT stuff.
Also, dialers and listeners do not intermix anymore -- we test that
only a dialer can be used with setting dialer options, and likewise
for listeners.
|
| |
|
|
| |
Also add a generic property test function to trantest.
|
| | |
|
| |
|
|
|
|
|
| |
This implements the basic UDP functionality for Windows (required
for ZeroTier for example). We have also introduced a UDP test suite
to validate that this actually works. While here a few Windows
compilation warnings / nits were fixed.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This makes the APIs use string keys, and largely eliminates the use of
integer option IDs altogether. The underlying registration for options
is also now a bit richer, letting protcols and transports declare the
actual options they use, rather than calling down into each entry point
carte blanche and relying on ENOTSUP.
This code may not be as fast as the integers was, but it is more intuitive,
easier to extend, and is not on any hot code paths. (If you're diddling
options on a hot code path you're doing something wrong.)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The ZeroTier transport is experimental at this point, and not enabled
by default. It does not work with Windows yet (the Windows platform
needs UDP support first.)
Configure with -DNNG_ENABLE_ZEROTIER=yes -DNNG_ZEROTIER_SOUCE=<path>
The <path> must point to a dev branch of the ZeroTierOne source tree,
checked out, and built with a libzerotiercore.a in the top directory,
and a ZeroTierOne.h header located at include. The build will add
-lc++ to the compile, as the ZeroTier core functionality is written in
C++ and needs some runtime support (e.g. new, delete, etc.)
|
| |
|
|
|
|
| |
We fixed up the coverage flags for GNU C, but are not going to run
the C++ tests when doing coverage (they fail linking gcov for reasons
unknown.)
|
| |
|
|
|
|
| |
We send and receive 128k at a time. This validates that fragmentation
and reassembly in the ZeroTier transport work as intended. It also
is larger than any single TCP segment.
|
| |
|
|
|
|
|
|
|
|
| |
This fleshes most of the pipe API out, making it available to end user
code. It also adds a URL option that is independent of the address
options (which would be sockaddrs.)
Also, we are now setting the pipe for req/rep. The other protocols need
to have the same logic added to set the receive pipe on the message. (Pair
is already done.)
|
