Commit Graph

32432 Commits

Author SHA1 Message Date
Daniel Stenberg
4464c9f2c6
tool_writeout: bsearch the variable name
As the list of variable names grows, doing a simple loop to find the
name get increasingly worse. This switches to a bsearch.

Also: do a case sensitive check for the variable name. The names have
not been documented to be case insensitive and there is no point in
having them so.

Closes #13914
2024-06-10 23:12:05 +02:00
Stefan Eissing
374d178f14
multi: prepare multi_wait() for future shutdown usage
- new struct curl_pollfds and struct curl_waitfds
- add structs and methods to init/add/cleanup an array of pollfd and
  struct curl_waitfd. Use in multi_wait() and multi_waitfds() to
  populate the sets for polling.
- place USE_WINSOCK WSAEventSelect() setting into a separate loop over
  all collected pfds

Closes #13900
2024-06-10 13:11:05 +02:00
Stefan Eissing
c31041b17e
connection: shutdown TLS (for FTP) better
This adds connection shutdown infrastructure and first use for FTP. FTP
data connections, when not encountering an error, are now shut down in a
blocking way with a 2sec timeout.

    - add cfilter `Curl_cft_shutdown` callback
    - keep a shutdown start timestamp and timeout at connectdata
    - provide shutdown timeout default and member in
      `data->set.shutdowntimeout`.
    - provide methods for starting, interrogating and clearing
      shutdown timers
    - provide `Curl_conn_shutdown_blocking()` to shutdown the
      `sockindex` filter chain in a blocking way. Use that in FTP.
    - add `Curl_conn_cf_poll()` to wait for socket events during
      shutdown of a connection filter chain.
      This gets the monitoring sockets and events via the filters
      "adjust_pollset()" methods. This gives correct behaviour when
      shutting down a TLS connection through a HTTP/2 proxy.
    - Implement shutdown for all socket filters
      - for HTTP/2 and h2 proxying to send GOAWAY
      - for TLS backends to the best of their capabilities
      - for tcp socket filter to make a final, nonblocking
        receive to avoid unwanted RST states
    - add shutdown forwarding to happy eyeballers and
      https connect ballers when applicable.

Closes #13904
2024-06-10 13:08:12 +02:00
Daniel Stenberg
7d934267ab
CURLOPT_CONNECTTIMEOUT*: clarify, document the milliseond version
Provide an explanation in the CURLOPT_CONNECTTIMEOUT_MS page instead of
just referring to the non-MS version.

Closes #13905
2024-06-07 14:47:40 +02:00
Daniel Stenberg
9fb759f9a5
cmdline-opts: tidy up --ip-tos and --mptcp
To make them render nicer in the manpage and minor polish.

Closes #13906
2024-06-07 14:07:11 +02:00
Daniel Stenberg
be90943f1b
RELEASE-NOTES: synced 2024-06-07 11:08:46 +02:00
Dorian Craps
ab6d5442e8
curl: (on linux) add MPTCP support
Multipath TCP (MPTCP), standardized in RFC8684 [1], is a TCP extension
that enables a TCP connection to use different paths.

Multipath TCP has been used for several use cases. On smartphones, MPTCP
enables seamless handovers between cellular and Wi-Fi networks while
preserving established connections. This use-case is what pushed Apple
to use MPTCP since 2013 in multiple applications [2]. On dual-stack
hosts, Multipath TCP enables the TCP connection to automatically use the
best performing path, either IPv4 or IPv6. If one path fails, MPTCP
automatically uses the other path.

To benefit from MPTCP, both the client and the server have to support
it. Multipath TCP is a backward-compatible TCP extension that is enabled
by default on recent Linux distributions (Debian, Ubuntu, Redhat, ...).
Multipath TCP is included in the Linux kernel since version 5.6 [3]. To
use it on Linux, an application must explicitly enable it when creating
the socket. No need to change anything else in the application.

This attached patch adds an --mptcp option which allows the creation of
an MPTCP socket instead of TCP on Linux. If Multipath TCP is not
supported on the system, an error will be reported. It is important to
note that if the end server doesn't support MPTCP, the connection will
continue after a seamless fallback to TCP.

Link: https://www.rfc-editor.org/rfc/rfc8684.html [1]
Link: https://www.tessares.net/apples-mptcp-story-so-far/ [2]
Link: https://www.mptcp.dev [3]
Co-developed-by: Dorian Craps (@CrapsDorian) <doriancraps@gmail.com>
Co-developed-by: Olivier Bonaventure (@obonaventure) <Olivier.Bonaventure@uclouvain.be>
Co-developed-by: Matthieu Baerts (@matttbe) <matttbe@kernel.org>
Signed-off-by: Dorian Craps <dorian.craps@student.vinci.be>

Closes #13278
2024-06-07 10:54:19 +02:00
Orgad Shaneh
3c20ae08b9
curl: support IP Type of Service / Traffic Class: --ip-tos
Add --ip-tos option to the command line tool for setting TOS for IPv4 or
Traffic Class for IPv6.

Closes #13606
2024-06-07 10:48:40 +02:00
Andy Pan
f786fce914
socketpair: provide Curl_socketpair only when !CURL_DISABLE_SOCKETPAIR
Ref: https://curl.se/dev/log.cgi?id=20240605035856-3529577

Reported-by: Marcel Raad
Closes #13888
2024-06-07 10:47:15 +02:00
Daniel Stenberg
4e71f134e5
noproxy: test bad ipv6 net size first
No need to parse anything if the size is out of range.

Added some tests to this effect to test 1614.

Closes #13902
2024-06-07 00:22:59 +02:00
Daniel Stenberg
b9c2a56be2
managen: warn on excessively long help texts
Help texts at 49 characters or longer get a warning displayed because
they make --help output uglier and we should make an effort to keep the
help texts short and succinct.

The warning is only for display, it does not break the build. That is
left for the future if necessary.

I picked 49 because the longest current text is 48.

Closes #13895
2024-06-05 23:34:16 +02:00
Viktor Szakats
72abf7c13a
lib: tidy up types and casts
Cherry-picked from #13489
Closes #13862
2024-06-05 14:02:39 +02:00
Daniel Stenberg
ad837e9df8
cmdline-opts/ech.md: shorten the help text
To make --help look sensible again

Closes #13894
2024-06-05 13:58:48 +02:00
Daniel Stenberg
5bfd0cd9b8
cmdline-opts/_PROTOCOLS.md: mention WS(S)
Closes #13891
2024-06-05 12:53:29 +02:00
Viktor Szakats
dfbf2b7afa
GHA: disable TFTP and WebSockets tests in old-mingw-w64
Follow-up to 03bd16e533 #13860
Follow-up to def7d05382
2024-06-05 12:36:31 +02:00
Daniel Stenberg
5e2e470f20
cmdline-opts/fail.md: expand and clarify
Closes #13890
2024-06-05 11:00:46 +02:00
Daniel Stenberg
881e9a616f
doh-insecure.md: expand
Closes #13889
2024-06-05 10:59:48 +02:00
Daniel Stenberg
65651dc02b
cmdline: expand proxy option explanations
- do less references to other options
- provide more specific text about proxies
- added more see-also references

Closes #13887
2024-06-05 10:35:56 +02:00
Daniel Stenberg
6ceb23dc09
cmdline-opts: expand the parallel explanations
Closes #13886
2024-06-05 10:34:55 +02:00
Daniel Stenberg
4a25812ee1
RELEASE-NOTES: synced 2024-06-05 09:09:17 +02:00
Stefan Eissing
937ba94ed5
vtls: new io_need flags for poll handling
- decouple need to recv/send from negotiation state, we need
  this later in shutdown handling as well
- move ssl enums from urldata.h to vtls_int.h
- implement use of `connssl->io_need` in vtls.c. and all backends

Closes #13879
2024-06-05 09:03:38 +02:00
Daniel Stenberg
f75aa2857f
cfilters: make Curl_conn_connect always assign 'done'
It could return error without assigning it, and we have a caller in
multi.c that assumes it gets set.

Spotted by CodeSonar
Closes #13884
2024-06-05 08:51:14 +02:00
Daniel Stenberg
1313da9a1d
CURLOPT_INTERFACE.md: quote the less-than and larger-than
Fixes the warnings shown on stderr.

Follow-up from 3060557af7

Closes #13883
2024-06-05 08:44:58 +02:00
Daniel Stenberg
68680ba544
cmdline-opts/interface.md: expand the documentation
Explain the syntax it supports.

Closes #13882
2024-06-05 08:36:34 +02:00
Daniel Stenberg
b049388d47
url: allow DoH transfers to override max connection limit
When reaching the set maximum limit of allowed connections, allow a new
connection anyway if the transfer is created for the (internal) purpose
of doing a DoH name resolve. Otherwise, unrelated "normal" transfers can
starve out new DoH requests making it impossible to name resolve for new
transfers.

Bug: https://curl.se/mail/lib-2024-06/0001.html
Reported-by: kartatz
Closes #13880
2024-06-05 08:35:12 +02:00
Viktor Szakats
998b17ea7f
windows: fix UWP builds, add GHA job
Add new job to test building for UWP (aka `CURL_WINDOWS_APP`).

Fix fallouts when building for UWP:
- rand: do not use `BCryptGenRandom()`.
- cmake: disable using win32 LDAP.
- cmake: disable telnet.
- version_win32: fix code before declaration.
- schannel: disable `HAS_MANUAL_VERIFY_API`.
- schannel: disable `SSLSUPP_PINNEDPUBKEY`
  and make `schannel_checksum()` a stub.
  Ref: e178fbd40a #1429
- schannel: make `cert_get_name_string()` a failing stub.
- system_win32: make `Curl_win32_impersonating()` a failing stub.
- system_win32: try to fix `Curl_win32_init()` (untested).
- threads: fix to use `CreateThread()`.
- src: disable searching `PATH` for the CA bundle.
- src: disable bold text support and capability detection.
- src: disable `getfiletime()`/`setfiletime()`.
- tests: make `win32_load_system_library()` a failing stub.
- tests/server/util: make it compile.
- tests/server/sockfilt: make it compile.
- tests/lib3026: fix to use `CreateThread()`.

See individual commits for build error details.

Some of these fixes may have better solutions, and some may not work
as expected. The goal of this patch is to make curl build for UWP.

Closes #13870
2024-06-05 00:52:24 +02:00
Orgad Shaneh
3060557af7
socket: support binding to interface *AND* IP
Introduce new notation for CURLOPT_INTERFACE / --interface:
ifhost!<interface>!<host>

Binding to an interface doesn't set the address, and an interface can
have multiple addresses.

When binding to an address (without interface), the kernel is free to
choose the route, and it can route through any device that can access
the target address, not necessarily the one with the chosen address.

Moreover, it is possible for different interfaces to have the same IP
address, on which case we need to provide a way to be more specific.

Factor out the parsing part of interface option, and add unit tests:
1663.

Closes #13719
2024-06-04 23:47:54 +02:00
Andy Pan
23fe1a52dc
socketpair: add eventfd and use SOCK_NONBLOCK for socketpair()
Currently, we use `pipe` for `wakeup_create`, which requires ***two***
file descriptors. Furthermore, given its complexity inside, `pipe` is a
bit heavyweight for just a simple event wait/notify mechanism.

`eventfd` would be a more suitable solution for this kind of scenario,
kernel also advocates for developers to use `eventfd` instead of `pipe`
in some simple use cases:

    Applications can use an eventfd file descriptor instead of a pipe
    (see pipe(2) in all cases where a pipe is used simply to signal
    events. The kernel overhead of an eventfd file descriptor is much
    lower than that of a pipe, and only one file descriptor is required
    (versus the two required for a pipe).

This change adds the new backend of `eventfd` for `wakeup_create` and
uses it where available, eliminating the overhead of `pipe`. Also, it
optimizes the `wakeup_create` to eliminate the system calls that make
file descriptors non-blocking by moving the logic of setting
non-blocking flags on file descriptors to `socketpair.c` and using
`SOCK_NONBLOCK` for `socketpair(2)`, `EFD_NONBLOCK` for `eventfd(2)`.

Ref:
https://man7.org/linux/man-pages/man7/pipe.7.html
https://man7.org/linux/man-pages/man2/eventfd.2.html
https://man7.org/linux/man-pages/man2/socketpair.2.html
https://www.gnu.org/software/gnulib/manual/html_node/eventfd.html

Closes #13874
2024-06-04 23:45:36 +02:00
renovate[bot]
b71916b859
ci: update github/codeql-action digest to 2e230e8
Closes #13881
2024-06-04 23:23:05 +02:00
Jay Satiro
fd2315e5ae examples/threaded-ssl: remove locking callback code
- Remove the locking callback code that demonstrates how to meet
  requirements of threading libraries (mainly OpenSSL).

Locking callback code has not been needed for many years. According to
the documentation for OpenSSL and GnuTLS they are thread-safe by design,
assuming support for the underlying OS threading API is built-in.

Ref: https://github.com/curl/curl/pull/13850#issuecomment-2143538458

Closes https://github.com/curl/curl/pull/13851
2024-06-04 13:00:21 -04:00
Viktor Szakats
75f182ffb6
tests: delete redundant !MSDOS guard
This fix was supposed to be committed earlier, but ended up missing from
the final commit.

Follow-up to e9a7d4a1c8 #12376
Closes #13878
2024-06-04 18:47:18 +02:00
Viktor Szakats
83384669ef
lib: fix thread entry point to return DWORD on WinCE
We already do this in `tests/server/util.c`:
97e5e37cc8/tests/server/util.c (L604-L606)
and in `sockfilt.c`, `lib3026.c`.

Before this patch it returned `unsigned int`.

Closes #13877
2024-06-04 18:47:18 +02:00
Andy Pan
3392f0f97e
socket: use SOCK_NONBLOCK to eliminate extra system call
Every time function `cf_socket_open()` is called to create a socket,
`curlx_nonblock()` is called to make that socket non-blocking. And
`curlx_nonblock()` will cost us 1 or 2 system calls (2 for `fcntl()`, 1
for `ioctl()`, etc.), meanwhile, tucking `SOCK_NONBLOCK` and
`SOCK_CLOEXEC` into the `type` argument for `socket()` is widely
supported across UNIX-like OS: Linux, *BSD, Solaris, etc. With that
ability, we can save 1 or 2 system calls on each socket.

Another change in this PR is to eliminate the redundant
`curlx_nonblock()` call on the socket in `cf_udp_setup_quic()` as that
socket created by `cf_socket_open()` is already non-blocking.

Ref:
https://man7.org/linux/man-pages/man2/socket.2.html
https://man.freebsd.org/cgi/man.cgi?socket(2)
https://man.dragonflybsd.org/?command=socket&section=2
https://man.netbsd.org/socket.2
https://man.openbsd.org/socket
https://docs.oracle.com/cd/E88353_01/html/E37843/socket-3c.html
https://illumos.org/man/3SOCKET/socket
...

Closes #13855
2024-06-04 17:51:28 +02:00
Viktor Szakats
97e5e37cc8
GHA: show cmake error log in Windows and non-native workflows
CMake configure doesn't fail often, but when it does, it helps to see
its `CMakeFiles/CMakeConfigureLog.yaml` output. This file is present
since CMake v3.26:
  https://cmake.org/cmake/help/v3.26/manual/cmake-configure-log.7.html

(Older CMake versions save similar contend to
`CMakeFiles\CMakeOutput.log` and
`CMakeFiles\CMakeError.log`. This patch doesn't deal with that because
the workflows touched are all running a newer CMake.)

After this patch, we dump the content if cmake fails. Syncing this with
autotools, where we already did that.

Closes #13872
2024-06-04 11:54:32 +02:00
Viktor Szakats
23640dcf12
GHA: switch a Windows job to UCRT (gcc)
Cherry-picked from #13870
2024-06-04 11:20:23 +02:00
Viktor Szakats
dada6736df
curl-config: revert to backticks to support old target envs
Make an exception for `curl-config` because this script that may be
running on any target system, including old ones, e.g. SunOS 5.10.

Reported-by: Alejandro R. Sedeño
Ref: https://github.com/curl/curl/pull/13307#issuecomment-2146427358
Follow-up to fa69b41c77 #13307
Closes #13871
2024-06-04 10:13:21 +02:00
Stefan Eissing
5f9017d4e2
mbedtls: v3.6.0 workarounds
- add special sauce to disable unwanted peer verification by mbedtls
  when negotiating TLS v1.3
- add special sauce for MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET
  return code on *writing* TLS data. We assume the data had not been
  written and EAGAIN.
- return correct Curl error code when peer verification failed.
- disable test_08_05 with 50 HTTP/1.1 connections, as mbedtls reports a
  memory allocation failed during handshake.
- bump CI mbedtls version to 3.6.0

Fixes #13653
Closes #13838
2024-06-04 09:02:37 +02:00
Stefan Eissing
5dd8f13bfc
gnutls: support CA caching
- similar to openssl, use a shared 'credentials' instance
  among TLS connections with a plain configuration.
- different to openssl, a connection with a client certificate
  is not eligible to sharing.
- document CURLOPT_CA_CACHE_TIMEOUT in man page

Closes #13795
2024-06-04 08:17:55 +02:00
Dan Fandrich
4a7bb40dea tests: don't log buffer length in throwing away message
It's not available at that point, and it will be written in the
non-error case right afterward.
2024-06-03 22:21:09 -07:00
Dan Fandrich
bc21c505e4 tests: log "Throwing away" messages before throwing away
In case the read that follows hangs we'll get a clue as to what it was
doing.
2024-06-03 17:00:42 -07:00
Dan Fandrich
5b35dea6ef CI: reduce memory request for FreeBSD builds
Also, add a comment with link to the Cirrus credit page since it's not
easy to find otherwise.
2024-06-03 17:00:42 -07:00
Andy Pan
f51fa8f169
tcpkeepalive: support setting TCP keep-alive parameters on Solaris <11.4
Solaris didn't support TCP_KEEPIDLE and TCP_KEEPINTVL until 11.4,
before that it use TCP_KEEPALIVE_THRESHOLD and TCP_KEEPALIVE_ABORT_THRESHOLD
as the substitute. Therefore, for Solaris <11.4 we need to use this substitute
for setting TCP keep-alive parameters.

Ref:
https://docs.oracle.com/cd/E86824_01/html/E54777/tcp-7p.html
https://docs.oracle.com/cd/E88353_01/html/E37851/tcp-4p.html

Closes #13864
2024-06-03 23:04:05 +02:00
Daniel Stenberg
4edbd52267
KNOWN_BUGS: quiche: QUIC connection is draining
Closes #12037
Closes #13867
2024-06-03 10:46:10 +02:00
Daniel Stenberg
8e5c5c1724
KNOWN_BUGS: aws-sigv4 has problems with particular URLs
Closes #13058
Closes #13866
2024-06-03 10:45:24 +02:00
Daniel Stenberg
2a053ca801
KNOWN_BUGS: aws-sigv4 does not handle multipart/form-data correctly
Closes #13351
Closes #13866
2024-06-03 10:45:16 +02:00
Daniel Stenberg
6c31c65a8c
RELEASE-NOTES: synced 2024-06-03 10:43:06 +02:00
Viktor Szakats
fd149601cc
GHA: fix old mingw-w64 32-bit job
This toolchain resides in the `mingw32` directory. Make sure to
configure `PATH` accordingly.

Before this patch, it pointed to a non-existing `mingw64` directory,
making the job use the wrong compiler (gcc 12, 64-bit).

Follow-up to e838b341a0 #12927
Closes #13863
2024-06-03 01:34:04 +02:00
Daniel Stenberg
c61f753881
tool_cb_hdr: return error for failed header writes
By checking that fflush() works.

Reported-by: Sebastian Andersson
Fixes #13836
Closes #13859
2024-06-02 23:24:19 +02:00
Viktor Szakats
464282ddfb
GHA: bump all build jobs to nproc+1
- bump rest of the workflows (windows, macos, distrocheck).

- non-native virtualized envs have 2 CPUs, bump down accordingly.
  (for `vmactions/omnios-vm` it's just a guess.)

- bump all to nproc + 1.

Follow-up to e838b341a0 #12927
Closes #13807
2024-06-02 21:39:49 +02:00
Viktor Szakats
03bd16e533
GHA: disable MQTT and WebSocket tests in Windows jobs
Trying to figure out which category is causing the remaining hangs.

Follow-up to def7d05382
Closes #13860
2024-06-02 20:29:46 +02:00