-- General improvements:
- - Add a receive-buffer-size directive which can be used to
- set the size of the previously statically allocated buffer
- in handle_established_connection().
- Increasing the buffer size increases Privoxy's memory usage but
- can lower the number of context switches and thereby reduce the
- CPU usage and potentially increase the throughput.
- This is mostly relevant for fast network connections and
- large downloads that don't require filtering.
- Sponsored by: Robert Klemme
- - Add a listen-backlog directive which specifies the backlog
- value passed to listen().
- Sponsored by: Robert Klemme
- - Add an enable-accept-filter directive which allows to
- toggle accept filter support at run time when compiled
- with FEATURE_ACCEPT_FILTER support.
- It makes testing more convenient and now that it's
- optional we can emit an error message if enabling
- the accept filter fails.
- Sponsored by: Robert Klemme
- - Add a delay-response{} action.
- This is useful to tar pit JavaScript requests that
- are endlessly retried in case of blocks. It can also
- be used to simulate a slow Internet connection.
- Sponsored by: Robert Klemme
- - Add a 'trusted-cgi-referrer' directive.
- It allows to configure another page or site that can be used
- to reach sensitive CGI resources.
- Sponsored by: Robert Klemme
- - Add a --fuzz mode which exposes Privoxy internals to input
- from files or stdout.
- Mainly tested with American Fuzzy Lop. For details see:
- https://www.fabiankeil.de/talks/fuzzing-on-freebsd/
- This work was partially funded with donations and done
- as part of the Privoxy month in 2015.
- - Consistently use the U(ngreedy) flag in the 'img-reorder' filter.
- - listen_loop(): Reuse a single thread attribute object
- The object doesn't change and creating a new one for
- every thread is a waste of (CPU) time.
- Sponsored by: Robert Klemme
- - Free csp resources in the thread that belongs to the csp instead
- of the main thread which has enough on its plate already.
- Sponsored by: Robert Klemme
- - Improve 'socket timeout reached' message.
- Log the timeout that was triggered and downgrade the
- log level to LOG_LEVEL_CONNECT to reduce the log noise
- with common debug settings.
- The timeout isn't necessary the result of an error and
- usually merely indicates that Privoxy's socket timeout
- is lower than the relevant timeouts used by client and
- server.
- Sponsored by: Robert Klemme
- - Explicitly taint the server socket in case of CONNECT requests.
- This doesn't fix any known problems, but makes
- some log messages less confusing.
- - Let write_pid_file() terminate if the pid file can't be opened.
- Logging the issue at info level is unlikely to help.
- - log_error(): Reduce the mutex-protected area by not using a
- heap-allocated buffer that is shared between all threads.
- This increases performance and reduces the latency with
- verbose debug settings and multiple concurrent connections.
- Sponsored by: Robert Klemme
- - Let zalloc() use calloc() if it's available.
- In some situations using calloc() can be faster than
- malloc() + memset() and it should never be slower.
- In the real world the impact of this change is not
- expected to be noticeable.
- Sponsored by: Robert Klemme
- - Never use select() when poll() is available.
- On most platforms select() is limited by FD_SETSIZE while
- poll() is not. This was a scaling issue for multi-user setups.
- Using poll() has no downside other than the usual risk
- that code modifications may introduce new bugs that have
- yet to be found and fixed.
- At least in theory this commit could also reduce the latency
- when there are lots of connections and select() would use
- "bit fields in arrays of integers" to store file descriptors.
- Another side effect is that Privoxy no longer has to stop
- monitoring the client sockets when pipelined requests are
- waiting but can't be read yet.
- This code keeps the select()-based code behind ifdefs for
- now but hopefully it can be removed soonish to make the
- code more readable.
- Sponsored by: Robert Klemme
- - Add a 'reproducible-tarball-dist' target.
- It's currently separate from the "tarball-dist" target
- because it requires a tar implementation with mtree spec
- support.
- It's far from being perfect and does not enforce a
- reproducible mode, but it's better than nothing.
- - Use arc4random() if it's available.
- While Privoxy doesn't need high quality pseudo-random numbers
- there's no reason not to use them when we can and this silences
- a warning emitted by code checkers that can't tell whether or not
- the quality matters.
- - Show the FEATURE_EXTERNAL_FILTERS status on the status page.
- Better late than never. Previously a couple of tests weren't
- executed as Privoxy-Regression-Test couldn't detect that the
- FEATURE_EXTERNAL_FILTERS dependency was satisfied.
- - Ditch FEATURE_IMAGE_DETECT_MSIE.
- It's an obsolete workaround we inherited from Junkbuster
- and was already disabled by default.
- Users that feel the urge to work around issues with
- image requests coming from an Internet Explorer version
- from more than 15 years ago can still do this using tags.
- - Consistently use strdup_or_die() instead of strdup() in
- cases where allocation failures aren't expected.
- Using strdup_or_die() allows to remove a couple of explicit
- error checks which slightly reduces the size of the binary.
- - Insert a refresh tag into the /client-tags CGI page when
- serving it while a client-specific tag is temporarily enabled.
- This makes it less likely that the user ends up
- looking at tag state that is out of date.
- - Use absolute URLs in the client-tag forms.
- It's more consistent with the rest of the CGI page
- URLs and makes it more convenient to copy the forms
- to external pages.
- - cgi_error_disabled(): Use status code 403 and an appropriate response line
- - Use a dedicated CGI handler to deal with tag-toggle requests
- As a result the /client-tags page is now safe to reach without
- trusted Referer header which makes bookmarking or linking to
- it more convenient.
- Finally, refreshing the /client-tags page to show the
- current state can no longer unintentionally repeat the
- previous toggle request.
- - Don't add a "Connection" header for CONNECT requests.
- Explicitly sending "Connection: close" is not necessary and
- apparently it causes problems with some forwarding proxies
- that will close the connection prematurely.
- Reported by Marc Thomas.
- - Fix compiler warnings.