iodine 0.7.18 → 0.7.19

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 664ebf25c0cad461467cdb2af2b789d3a0897721566c015bff60b68768a7e3ad
-  data.tar.gz: cc31d5af68fd2a59dc8fa927af51c2228082f05ca7b69c2c4b31e1d208f88337
+  metadata.gz: a17af3bcb580a2154bb0114bf9a0e5d8bb7b361a58c217dc4b9aa471cc328401
+  data.tar.gz: 55498d33417433697f9deeb3d864f12af3cccdeb7c7f1a0cec6eb7a83ccc4a84
 SHA512:
-  metadata.gz: ae79cb205f288cb84b14d92f7b987f7e350f747c560e3a6e23cb3c1f1d43864234e75dd7f8b71f179f3cecfc8841c0f1da53a41995502c2c8c8c6945c248cc86
-  data.tar.gz: 705d7b0d312e1c3b7953cf503878a2c91a006cef1c7bf9612f83f8f3d97494208bdc8c2ef1a6a857839586525dcd3cbaa4e64758c597a5fd1d929a364f2b9b3c
+  metadata.gz: 3ed48224b228669f024c592708b805a0057ce53e11113693515ba953f6780bf1d8f6aeb448291b9e1c01a7495aa44a4d36fea90303996ff72aa9850a7bead669
+  data.tar.gz: bee740562fe189778db55c83c616db4509a16196abf44a8bf1d135432c0e4b99277fe4c91472a76f265d3d68c70f3ad680c6b54dd0254bd5d455f8f219560d93

data/CHANGELOG.md

@@ -6,6 +6,18 @@ Please notice that this change log contains changes for upcoming releases as wel
 
 ## Changes:
 
+#### Change log v.0.7.19
+
+**Deprecation**: (`iodine`) deprecated the CLI option `-tls-password`, use `-tls-pass` instead.
+
+**Security**: (`fio`) Slowloris mitigation is now part of the core library, where `FIO_SLOWLORIS_LIMIT` pending calls to `write` (currently 4,096 backlogged calls) will flag the connection as an attacker and close the connection. This protocol independent approach improves security.
+
+**Fix**: (`iodine`) log open file / socket limit per worker on startup.
+
+**Fix**: (`iodine`) application warm-up error was fixed. Deprecation warnings will still print for deprecated symbols loaded due to the warm-up sequence.
+
+**Update**: (`iodine`, `cli`) Support the environment variables `"WORKERS"` and `"THREADS"` out of the box (jury is out regarding `"PORT"` and `"ADDRESS"`, just use CLI for now).
+
 #### Change log v.0.7.18
 
 **Fix** (`pubsub`) fixed pub/sub for longer WebSocket messages. Issue where network byte ordering wasn't always respected and integer bit size was wrong for larger payloads. Credit to Marouane Elmidaoui (@moxgeek) for exposing the issue.

data/exe/iodine

@@ -47,13 +47,13 @@ module Iodine
         return app, opt
       end
 
-      def self.perform_warmup
+      def self.perform_warmup(app)
         # load anything marked with `autoload`, since autoload isn't thread safe nor fork friendly.
-        Iodine.run do
+        Iodine.on_state(:on_start) do
           Module.constants.each do |n|
             begin
               Object.const_get(n)
-            rescue Exception => _e
+            rescue StandardError => _e
             end
           end
           ::Rack::Builder.new(app) do |r|
@@ -67,7 +67,7 @@ module Iodine
 
       def self.call
         app, opt = get_app_opts
-        perform_warmup if Iodine::DEFAULT_SETTINGS[:warmup_]
+        perform_warmup(app) if Iodine::DEFAULT_SETTINGS[:warmup_]
         Iodine::Rack.run(app, opt)
       end
     end

data/ext/iodine/fio.c

@@ -76,6 +76,11 @@ Feel free to copy, use and enjoy according to the license provided.
 #define DEBUG_SPINLOCK 0
 #endif
 
+/* Slowloris mitigation  (must be less than 1<<16) */
+#ifndef FIO_SLOWLORIS_LIMIT
+#define FIO_SLOWLORIS_LIMIT (1 << 12)
+#endif
+
 #if !defined(__clang__) && !defined(__GNUC__)
 #define __thread _Thread_value
 #endif
@@ -148,14 +153,14 @@ typedef struct {
   fio_packet_s *packet;
   /** the last packet in the queue. */
   fio_packet_s **packet_last;
-  /** The number of pending packets that are in the queue. */
-  size_t packet_count;
   /* Data sent so far */
   size_t sent;
   /* fd protocol */
   fio_protocol_s *protocol;
   /* timer handler */
   time_t active;
+  /** The number of pending packets that are in the queue. */
+  uint16_t packet_count;
   /* timeout settings */
   uint8_t timeout;
   /* indicates that the fd should be considered scheduled (added to poll) */
@@ -2919,6 +2924,12 @@ ssize_t fio_flush(intptr_t uuid) {
   if (fio_trylock(&uuid_data(uuid).sock_lock))
     goto would_block;
 
+  if (uuid_data(uuid).packet_count >= FIO_SLOWLORIS_LIMIT) {
+    /* Slowloris attack assumed */
+    fio_unlock(&uuid_data(uuid).sock_lock);
+    uuid_data(uuid).close = 1;
+    goto closed;
+  }
   if (uuid_data(uuid).packet) {
     tmp = uuid_data(uuid).packet->write_func(fio_uuid2fd(uuid),
                                              uuid_data(uuid).packet);
@@ -6785,6 +6796,7 @@ void fio_mem_init(void) {}
 Memory Copying by 16 byte units
 ***************************************************************************** */
 
+/** used internally, only when memory addresses are known to be aligned */
 static inline void fio_memcpy(void *__restrict dest_, void *__restrict src_,
                               size_t units) {
 #if __SIZEOF_INT128__ == 9 /* a 128bit type exists... but tests favor 64bit */
@@ -7432,42 +7444,81 @@ void *realloc(void *ptr, size_t new_size) { return fio_realloc(ptr, new_size); }
 
 ***************************************************************************** */
 
-static inline void fio_random_data(fio_sha2_s *sha2) {
-  struct {
+/* tested for randomness using code from: http://xoshiro.di.unimi.it/hwd.php */
+uint64_t fio_rand64(void) {
+  /* modeled after xoroshiro128+, by David Blackman and Sebastiano Vigna */
+  static __thread uint64_t s[2]; /* random state */
+  static __thread uint16_t c;    /* seed counter */
+  const uint64_t P[] = {0x37701261ED6C16C7ULL, 0x764DBBB75F3B3E0DULL};
+  if (c++ == 0) {
+    /* re-seed state every 65,536 requests */
 #ifdef RUSAGE_SELF
     struct rusage rusage;
-#endif
+    getrusage(RUSAGE_SELF, &rusage);
+    s[0] = fio_risky_hash(&rusage, sizeof(rusage), s[0]);
+    s[1] = fio_risky_hash(&rusage, sizeof(rusage), s[0]);
+#else
     struct timespec clk;
-    time_t the_time;
-    uint64_t more[8];
-  } junk_data;
-#ifdef RUSAGE_SELF
-  getrusage(RUSAGE_SELF, &junk_data.rusage);
+    clock_gettime(CLOCK_REALTIME, &clk);
+    s[0] = fio_risky_hash(&clk, sizeof(clk), s[0]);
+    s[1] = fio_risky_hash(&clk, sizeof(clk), s[0]);
 #endif
-  clock_gettime(CLOCK_REALTIME, &junk_data.clk);
-  time(&junk_data.the_time);
-  fio_sha2_write(sha2, &junk_data, sizeof(junk_data));
-  fio_sha2_result(sha2);
-}
-
-uint64_t fio_rand64(void) {
-  fio_sha2_s sha2 = fio_sha2_init(SHA_512);
-  fio_random_data(&sha2);
-  return sha2.digest.i64[0];
+  }
+  s[0] += fio_lrot64(s[0], 33) * P[0];
+  s[1] += fio_lrot64(s[1], 33) * P[1];
+  return fio_lrot64(s[0], 31) + fio_lrot64(s[1], 29);
 }
 
-void fio_rand_bytes(void *target, size_t length) {
-  fio_sha2_s sha2 = fio_sha2_init(SHA_512);
-  fio_random_data(&sha2);
-
-  while (length >= 64) {
-    memcpy(target, sha2.digest.str, 64);
-    length -= 64;
-    target = (void *)((uintptr_t)target + 64);
-    fio_random_data(&sha2);
-  }
-  if (length) {
-    memcpy(target, sha2.digest.str, length);
+/* copies 64 bits of randomness (8 bytes) repeatedly... */
+void fio_rand_bytes(void *data_, size_t len) {
+  if (!data_ || !len)
+    return;
+  uint8_t *data = data_;
+  /* unroll 32 bytes / 256 bit writes */
+  for (size_t i = (len >> 5); i; --i) {
+    const uint64_t t0 = fio_rand64();
+    const uint64_t t1 = fio_rand64();
+    const uint64_t t2 = fio_rand64();
+    const uint64_t t3 = fio_rand64();
+    fio_u2str64(data, t0);
+    fio_u2str64(data + 8, t1);
+    fio_u2str64(data + 16, t2);
+    fio_u2str64(data + 24, t3);
+    data += 32;
+  }
+  uint64_t tmp;
+  /* 64 bit steps  */
+  switch (len & 24) {
+  case 24:
+    tmp = fio_rand64();
+    fio_u2str64(data + 16, tmp);
+  case 16: /* overflow */
+    tmp = fio_rand64();
+    fio_u2str64(data + 8, tmp);
+  case 8: /* overflow */
+    tmp = fio_rand64();
+    fio_u2str64(data, tmp);
+    data += len & 24;
+  }
+  if ((len & 7)) {
+    tmp = fio_rand64();
+    /* leftover bytes */
+    switch ((len & 7)) {
+    case 7: /* overflow */
+      data[6] = (tmp >> 8) & 0xFF;
+    case 6: /* overflow */
+      data[5] = (tmp >> 16) & 0xFF;
+    case 5: /* overflow */
+      data[4] = (tmp >> 24) & 0xFF;
+    case 4: /* overflow */
+      data[3] = (tmp >> 32) & 0xFF;
+    case 3: /* overflow */
+      data[2] = (tmp >> 40) & 0xFF;
+    case 2: /* overflow */
+      data[1] = (tmp >> 48) & 0xFF;
+    case 1: /* overflow */
+      data[0] = (tmp >> 56) & 0xFF;
+    }
   }
 }
 

data/ext/iodine/fio.h

@@ -110,7 +110,7 @@ Version and helper macros
 #define FIO_VERSION_MAJOR 0
 #define FIO_VERSION_MINOR 7
 #define FIO_VERSION_PATCH 0
-#define FIO_VERSION_BETA 7
+#define FIO_VERSION_BETA 8
 
 /* Automatically convert version data to a string constant - ignore these two */
 #define FIO_MACRO2STR_STEP2(macro) #macro
@@ -264,6 +264,8 @@ C++ extern start
 /* support C++ */
 #ifdef __cplusplus
 extern "C" {
+/* C++ keyword was deprecated */
+#define register
 #endif
 
 /* *****************************************************************************
@@ -2206,7 +2208,8 @@ FIO_FUNC inline uintptr_t fio_ct_if2(uintptr_t cond, uintptr_t a, uintptr_t b) {
    ((i) >> ((-(bits)) & ((sizeof((i)) << 3) - 1))))
 /** unknown size element - right rotation, inlined. */
 #define fio_rrot(i, bits)                                                      \
-  (((i) >> (bits)) | ((i) << ((-(bits)) & ((sizeof((i)) << 3) - 1))))
+  (((i) >> ((bits) & ((sizeof((i)) << 3) - 1))) |                              \
+   ((i) << ((-(bits)) & ((sizeof((i)) << 3) - 1))))
 
 /** Converts an unaligned network ordered byte stream to a 16 bit number. */
 #define fio_str2u16(c)                                                         \
@@ -2401,104 +2404,108 @@ uint8_t __attribute__((weak)) fio_hash_secret_marker2;
 Risky Hash (always available, even if using only the fio.h header)
 ***************************************************************************** */
 
-/**
- * Computes a facil.io Risky Hash, modeled after the amazing
- * [xxHash](https://github.com/Cyan4973/xxHash) (which has a BSD license)
- * and named "Risky Hash" because writing your own hashing function is a risky
- * business, full of pitfalls, hours of testing and security risks...
- *
- * Risky Hash isn't as battle tested as SipHash, but it did pass the
- * [SMHasher](https://github.com/rurban/smhasher) tests with wonderful results,
- * can be used for processing safe data and is easy (and short) to implement.
- */
-inline FIO_FUNC uintptr_t fio_risky_hash(const void *data_, size_t len,
-                                         uint64_t seed) {
-  /* The primes used by Risky Hash */
-  const uint64_t primes[] = {
-      0xFBBA3FA15B22113B, // 1111101110111010001111111010000101011011001000100001000100111011
-      0xAB137439982B86C9, // 1010101100010011011101000011100110011000001010111000011011001001
-  };
-  /* The consumption vectors initialized state */
-  uint64_t v[4] = {
-      seed ^ primes[1],
-      ~seed + primes[1],
-      fio_lrot64(seed, 17) ^ primes[1],
-      fio_lrot64(seed, 33) + primes[1],
-  };
+/* Risky Hash primes */
+#define RISKY_PRIME_0 0xFBBA3FA15B22113B
+#define RISKY_PRIME_1 0xAB137439982B86C9
 
-/* Risky Hash consumption round */
-#define fio_risky_consume(w, i)                                                \
-  v[i] ^= (w);                                                                 \
-  v[i] = fio_lrot64(v[i], 33) + (w);                                           \
-  v[i] *= primes[0];
-
-/* compilers could, hopefully, optimize this code for SIMD */
-#define fio_risky_consume256(w0, w1, w2, w3)                                   \
-  fio_risky_consume(w0, 0);                                                    \
-  fio_risky_consume(w1, 1);                                                    \
-  fio_risky_consume(w2, 2);                                                    \
-  fio_risky_consume(w3, 3);
+/* Risky Hash consumption round, accepts a state word s and an input word w */
+#define fio_risky_consume(v, w)                                                \
+  (v) += (w);                                                                  \
+  (v) = fio_lrot64((v), 33);                                                   \
+  (v) += (w);                                                                  \
+  (v) *= RISKY_PRIME_0;
 
+/*  Computes a facil.io Risky Hash. */
+FIO_FUNC inline uint64_t fio_risky_hash(const void *data_, size_t len,
+                                        uint64_t seed) {
   /* reading position */
   const uint8_t *data = (uint8_t *)data_;
 
-  /* consume 256bit blocks */
+  /* The consumption vectors initialized state */
+  register uint64_t v0 = seed ^ RISKY_PRIME_1;
+  register uint64_t v1 = ~seed + RISKY_PRIME_1;
+  register uint64_t v2 =
+      fio_lrot64(seed, 17) ^ ((~RISKY_PRIME_1) + RISKY_PRIME_0);
+  register uint64_t v3 = fio_lrot64(seed, 33) + (~RISKY_PRIME_1);
+
+  /* consume 256 bit blocks */
   for (size_t i = len >> 5; i; --i) {
-    fio_risky_consume256(fio_str2u64(data), fio_str2u64(data + 8),
-                         fio_str2u64(data + 16), fio_str2u64(data + 24));
+    fio_risky_consume(v0, fio_str2u64(data));
+    fio_risky_consume(v1, fio_str2u64(data + 8));
+    fio_risky_consume(v2, fio_str2u64(data + 16));
+    fio_risky_consume(v3, fio_str2u64(data + 24));
     data += 32;
   }
+
   /* Consume any remaining 64 bit words. */
   switch (len & 24) {
   case 24:
-    fio_risky_consume(fio_str2u64(data + 16), 2);
+    fio_risky_consume(v2, fio_str2u64(data + 16));
   case 16: /* overflow */
-    fio_risky_consume(fio_str2u64(data + 8), 1);
+    fio_risky_consume(v1, fio_str2u64(data + 8));
   case 8: /* overflow */
-    fio_risky_consume(fio_str2u64(data), 0);
+    fio_risky_consume(v0, fio_str2u64(data));
     data += len & 24;
   }
 
-  uintptr_t tmp = 0;
+  uint64_t tmp = 0;
   /* consume leftover bytes, if any */
   switch ((len & 7)) {
   case 7: /* overflow */
-    tmp |= ((uint64_t)data[6]) << 56;
+    tmp |= ((uint64_t)data[6]) << 8;
   case 6: /* overflow */
-    tmp |= ((uint64_t)data[5]) << 48;
+    tmp |= ((uint64_t)data[5]) << 16;
   case 5: /* overflow */
-    tmp |= ((uint64_t)data[4]) << 40;
+    tmp |= ((uint64_t)data[4]) << 24;
   case 4: /* overflow */
     tmp |= ((uint64_t)data[3]) << 32;
   case 3: /* overflow */
-    tmp |= ((uint64_t)data[2]) << 24;
+    tmp |= ((uint64_t)data[2]) << 40;
   case 2: /* overflow */
-    tmp |= ((uint64_t)data[1]) << 16;
+    tmp |= ((uint64_t)data[1]) << 48;
   case 1: /* overflow */
-    tmp |= ((uint64_t)data[0]) << 8;
-    fio_risky_consume(tmp, 3);
+    tmp |= ((uint64_t)data[0]) << 56;
+    /* ((len >> 3) & 3) is a 0...3 value indicating consumption vector */
+    switch ((len >> 3) & 3) {
+    case 3:
+      fio_risky_consume(v3, tmp);
+      break;
+    case 2:
+      fio_risky_consume(v2, tmp);
+      break;
+    case 1:
+      fio_risky_consume(v1, tmp);
+      break;
+    case 0:
+      fio_risky_consume(v0, tmp);
+      break;
+    }
   }
 
   /* merge and mix */
-  uint64_t result = fio_lrot64(v[0], 17) + fio_lrot64(v[1], 13) +
-                    fio_lrot64(v[2], 47) + fio_lrot64(v[3], 57);
+  uint64_t result = fio_lrot64(v0, 17) + fio_lrot64(v1, 13) +
+                    fio_lrot64(v2, 47) + fio_lrot64(v3, 57);
+
+  len ^= (len << 33);
   result += len;
-  result += v[0] * primes[1];
+
+  result += v0 * RISKY_PRIME_1;
   result ^= fio_lrot64(result, 13);
-  result += v[1] * primes[1];
+  result += v1 * RISKY_PRIME_1;
   result ^= fio_lrot64(result, 29);
-  result += v[2] * primes[1];
+  result += v2 * RISKY_PRIME_1;
   result ^= fio_lrot64(result, 33);
-  result += v[3] * primes[1];
+  result += v3 * RISKY_PRIME_1;
   result ^= fio_lrot64(result, 51);
 
   /* irreversible avalanche... I think */
-  result ^= (result >> 29) * primes[0];
+  result ^= (result >> 29) * RISKY_PRIME_0;
   return result;
+}
 
-#undef fio_risky_consume256
 #undef fio_risky_consume
-}
+#undef FIO_RISKY_PRIME_0
+#undef FIO_RISKY_PRIME_1
 
 /* *****************************************************************************
 SipHash

data/ext/iodine/http.c

@@ -166,6 +166,7 @@ int http_set_header2(http_s *r, fio_str_info_s n, fio_str_info_s v) {
   fiobj_free(tmp);
   return ret;
 }
+
 /**
  * Sets a response cookie, taking ownership of the value object, but NOT the
  * name object (so name objects could be reused in future responses).
@@ -189,102 +190,50 @@ int http_set_cookie(http_s *h, http_cookie_args_s cookie) {
   size_t len = 0;
   FIOBJ c = fiobj_str_buf(capa);
   fio_str_info_s t = fiobj_obj2cstr(c);
+
+#define copy_cookie_ch(ch_var)                                                 \
+  if (invalid_cookie_##ch_var##_char[(uint8_t)cookie.ch_var[tmp]]) {           \
+    if (!warn_illegal) {                                                       \
+      ++warn_illegal;                                                          \
+      FIO_LOG_WARNING("illegal char 0x%.2x in cookie " #ch_var " (in %s)\n"    \
+                      "         automatic %% encoding applied",                \
+                      cookie.ch_var[tmp], cookie.ch_var);                      \
+    }                                                                          \
+    t.data[len++] = '%';                                                       \
+    t.data[len++] = hex_chars[((uint8_t)cookie.ch_var[tmp] >> 4) & 0x0F];      \
+    t.data[len++] = hex_chars[(uint8_t)cookie.ch_var[tmp] & 0x0F];             \
+  } else {                                                                     \
+    t.data[len++] = cookie.ch_var[tmp];                                        \
+  }                                                                            \
+  tmp += 1;                                                                    \
+  if (capa <= len + 3) {                                                       \
+    capa += 32;                                                                \
+    fiobj_str_capa_assert(c, capa);                                            \
+    t = fiobj_obj2cstr(c);                                                     \
+  }
+
   if (cookie.name) {
+    size_t tmp = 0;
     if (cookie.name_len) {
-      size_t tmp = 0;
       while (tmp < cookie.name_len) {
-        if (invalid_cookie_name_char[(uint8_t)cookie.name[tmp]]) {
-          if (!warn_illegal) {
-            ++warn_illegal;
-            FIO_LOG_WARNING("illegal char 0x%.2x in cookie name (in %s)\n"
-                            "         automatic %% encoding applied",
-                            cookie.name[tmp], cookie.name);
-          }
-          t.data[len++] = '%';
-          t.data[len++] = hex_chars[(cookie.name[tmp] >> 4) & 0x0F];
-          t.data[len++] = hex_chars[cookie.name[tmp] & 0x0F];
-        } else {
-          t.data[len++] = cookie.name[tmp];
-        }
-        tmp += 1;
-        if (capa <= len + 3) {
-          capa += 32;
-          fiobj_str_capa_assert(c, capa);
-          t = fiobj_obj2cstr(c);
-        }
+        copy_cookie_ch(name);
       }
     } else {
-      size_t tmp = 0;
       while (cookie.name[tmp]) {
-        if (invalid_cookie_name_char[(uint8_t)cookie.name[tmp]]) {
-          if (!warn_illegal) {
-            ++warn_illegal;
-            FIO_LOG_WARNING("illegal char 0x%.2x in cookie name (in %s)\n"
-                            "         automatic %% encoding applied",
-                            cookie.name[tmp], cookie.name);
-          }
-          t.data[len++] = '%';
-          t.data[len++] = hex_chars[(cookie.name[tmp] >> 4) & 0x0F];
-          t.data[len++] = hex_chars[cookie.name[tmp] & 0x0F];
-        } else {
-          t.data[len++] = cookie.name[tmp];
-        }
-        tmp += 1;
-        if (capa <= len + 4) {
-          capa += 32;
-          fiobj_str_capa_assert(c, capa);
-          t = fiobj_obj2cstr(c);
-        }
+        copy_cookie_ch(name);
       }
     }
   }
   t.data[len++] = '=';
   if (cookie.value) {
+    size_t tmp = 0;
     if (cookie.value_len) {
-      size_t tmp = 0;
       while (tmp < cookie.value_len) {
-        if (invalid_cookie_value_char[(uint8_t)cookie.value[tmp]]) {
-          if (!warn_illegal) {
-            ++warn_illegal;
-            FIO_LOG_WARNING("illegal char 0x%.2x in cookie value (in %s)\n"
-                            "         automatic %% encoding applied",
-                            cookie.value[tmp], cookie.name);
-          }
-          t.data[len++] = '%';
-          t.data[len++] = hex_chars[(cookie.value[tmp] >> 4) & 0x0F];
-          t.data[len++] = hex_chars[cookie.value[tmp] & 0x0F];
-        } else {
-          t.data[len++] = cookie.value[tmp];
-        }
-        tmp += 1;
-        if (capa <= len + 3) {
-          capa += 32;
-          fiobj_str_capa_assert(c, capa);
-          t = fiobj_obj2cstr(c);
-        }
+        copy_cookie_ch(value);
       }
     } else {
-      size_t tmp = 0;
       while (cookie.value[tmp]) {
-        if (invalid_cookie_value_char[(uint8_t)cookie.value[tmp]]) {
-          if (!warn_illegal) {
-            ++warn_illegal;
-            FIO_LOG_WARNING("illegal char 0x%.2x in cookie value (in %s)\n"
-                            "         automatic %% encoding applied",
-                            cookie.value[tmp], cookie.name);
-          }
-          t.data[len++] = '%';
-          t.data[len++] = hex_chars[(cookie.value[tmp] >> 4) & 0x0F];
-          t.data[len++] = hex_chars[cookie.value[tmp] & 0x0F];
-        } else {
-          t.data[len++] = cookie.value[tmp];
-        }
-        tmp += 1;
-        if (capa <= len + 3) {
-          capa += 32;
-          fiobj_str_capa_assert(c, capa);
-          t = fiobj_obj2cstr(c);
-        }
+        copy_cookie_ch(value);
       }
     }
   } else
@@ -1058,8 +1007,8 @@ intptr_t http_connect FIO_IGNORE_MACRO(const char *url,
     errno = EINVAL;
     goto on_error;
   }
-  size_t len;
-  char *a = NULL, *p = NULL;
+  size_t len = 0, h_len = 0;
+  char *a = NULL, *p = NULL, *host = NULL;
   uint8_t is_websocket = 0;
   uint8_t is_secure = 0;
   FIOBJ path = FIOBJ_INVALID;
@@ -1094,7 +1043,8 @@ intptr_t http_connect FIO_IGNORE_MACRO(const char *url,
     }
     if (unix_address) {
       a = (char *)unix_address;
-      len = strlen(a);
+      h_len = len = strlen(a);
+      host = a;
     } else {
       if (!u.host.data) {
         FIO_LOG_ERROR("http_connect requires a valid address.");
@@ -1122,6 +1072,10 @@ intptr_t http_connect FIO_IGNORE_MACRO(const char *url,
         p[2] = 0;
       }
     }
+    if (u.host.data) {
+      host = u.host.data;
+      h_len = u.host.len;
+    }
   }
 
   /* set settings */
@@ -1146,8 +1100,9 @@ intptr_t http_connect FIO_IGNORE_MACRO(const char *url,
   h->path = path;
   settings->udata = h;
   settings->tls = arg_settings.tls;
-  http_set_header2(h, (fio_str_info_s){.data = (char *)"host", .len = 4},
-                   (fio_str_info_s){.data = a, .len = len});
+  if (host)
+    http_set_header2(h, (fio_str_info_s){.data = (char *)"host", .len = 4},
+                     (fio_str_info_s){.data = host, .len = h_len});
   intptr_t ret;
   if (is_websocket) {
     /* force HTTP/1.1 */
@@ -2496,42 +2451,53 @@ ssize_t http_decode_path_unsafe(char *dest, const char *url_data) {
 Lookup Tables / functions
 ***************************************************************************** */
 
+#define FIO_FORCE_MALLOC_TMP 1 /* use malloc for the mime registry */
 #define FIO_SET_NAME fio_mime_set
 #define FIO_SET_OBJ_TYPE FIOBJ
 #define FIO_SET_OBJ_COMPARE(o1, o2) (1)
+#define FIO_SET_OBJ_COPY(dest, o) (dest) = fiobj_dup((o))
 #define FIO_SET_OBJ_DESTROY(o) fiobj_free((o))
 
 #include <fio.h>
 
-static fio_mime_set_s mime_types = FIO_SET_INIT;
+static fio_mime_set_s fio_http_mime_types = FIO_SET_INIT;
 
 #define LONGEST_FILE_EXTENSION_LENGTH 15
 
 /** Registers a Mime-Type to be associated with the file extension. */
 void http_mimetype_register(char *file_ext, size_t file_ext_len,
                             FIOBJ mime_type_str) {
-  uintptr_t hash = fiobj_hash_string(file_ext, file_ext_len);
+  uintptr_t hash = FIO_HASH_FN(file_ext, file_ext_len, 0, 0);
   if (mime_type_str == FIOBJ_INVALID) {
-    fio_mime_set_remove(&mime_types, hash, FIOBJ_INVALID, NULL);
+    fio_mime_set_remove(&fio_http_mime_types, hash, FIOBJ_INVALID, NULL);
   } else {
     FIOBJ old = FIOBJ_INVALID;
-    fio_mime_set_overwrite(&mime_types, hash, mime_type_str, &old);
+    fio_mime_set_overwrite(&fio_http_mime_types, hash, mime_type_str, &old);
     if (old != FIOBJ_INVALID) {
       FIO_LOG_WARNING("mime-type collision: %.*s was %s, now %s",
                       (int)file_ext_len, file_ext, fiobj_obj2cstr(old).data,
                       fiobj_obj2cstr(mime_type_str).data);
       fiobj_free(old);
     }
+    fiobj_free(mime_type_str); /* move ownership to the registry */
   }
 }
 
+/** Registers a Mime-Type to be associated with the file extension. */
+void http_mimetype_stats(void) {
+  FIO_LOG_DEBUG("HTTP MIME hash storage count/capa: %zu / %zu",
+                fio_mime_set_count(&fio_http_mime_types),
+                fio_mime_set_capa(&fio_http_mime_types));
+}
+
 /**
  * Finds the mime-type associated with the file extension.
  *  Remember to call `fiobj_free`.
  */
 FIOBJ http_mimetype_find(char *file_ext, size_t file_ext_len) {
-  uintptr_t hash = fiobj_hash_string(file_ext, file_ext_len);
-  return fiobj_dup(fio_mime_set_find(&mime_types, hash, FIOBJ_INVALID));
+  uintptr_t hash = FIO_HASH_FN(file_ext, file_ext_len, 0, 0);
+  return fiobj_dup(
+      fio_mime_set_find(&fio_http_mime_types, hash, FIOBJ_INVALID));
 }
 
 /**
@@ -2574,7 +2540,7 @@ finish:
 
 /** Clears the Mime-Type registry (it will be empty afterthis call). */
 void http_mimetype_clear(void) {
-  fio_mime_set_free(&mime_types);
+  fio_mime_set_free(&fio_http_mime_types);
   fiobj_free(current_date);
   current_date = FIOBJ_INVALID;
   last_date_added = 0;

data/ext/iodine/http_internal.c

@@ -147,6 +147,8 @@ static __attribute__((constructor)) void http_lib_constructor(void) {
   fio_state_callback_add(FIO_CALL_AT_EXIT, http_lib_cleanup, NULL);
 }
 
+void http_mimetype_stats(void);
+
 static void http_lib_cleanup(void *ignr_) {
   (void)ignr_;
   http_mimetype_clear();
@@ -185,8 +187,11 @@ static void http_lib_cleanup(void *ignr_) {
   HTTPLIB_RESET(HTTP_HVALUE_WS_VERSION);
 
 #undef HTTPLIB_RESET
+  http_mimetype_stats();
 }
 
+void http_mimetype_stats(void);
+
 static void http_lib_init(void *ignr_) {
   (void)ignr_;
   if (HTTP_HEADER_ACCEPT_RANGES)
@@ -1268,4 +1273,5 @@ static void http_lib_init(void *ignr_) {
   REGISTER_MIME("zirz", "application/vnd.zul");
   REGISTER_MIME("zmm", "application/vnd.handheld-entertainment+xml");
 #undef REGISTER_MIME
+  http_mimetype_stats();
 }

data/ext/iodine/iodine.c

@@ -233,9 +233,11 @@ static void iodine_print_startup_message(iodine_start_params_s params) {
                " * Iodine %s\n * Ruby %s\n"
                " * facil.io " FIO_VERSION_STRING " (%s)\n"
                " * %d Workers X %d Threads per worker.\n"
+               " * Maximum %zu open files / sockets per worker.\n"
                " * Master (root) process: %d.\n",
                StringValueCStr(iodine_version), StringValueCStr(ruby_version),
-               fio_engine(), params.workers, params.threads, fio_parent_pid());
+               fio_engine(), params.workers, params.threads, fio_capa(),
+               fio_parent_pid());
   (void)params;
 }
 
@@ -391,8 +393,10 @@ static VALUE iodine_cli_parse(VALUE self) {
       FIO_CLI_STRING(
           "-tls-cert -cert the SSL/TLS public certificate file name."),
       FIO_CLI_STRING("-tls-key -key the SSL/TLS private key file name."),
-      FIO_CLI_STRING("-tls-password the password (if any) protecting the "
-                     "private key file."),
+      FIO_CLI_STRING(
+          "-tls-pass -tls-password the password (if any) protecting the "
+          "private key file."),
+      FIO_CLI_PRINT("\t\t-tls-password is deprecated, use -tls-pass"),
       FIO_CLI_PRINT_HEADER("Connecting Iodine to Redis:"),
       FIO_CLI_STRING(
           "-redis -r an optional Redis URL server address. Default: none."),
@@ -409,10 +413,18 @@ static VALUE iodine_cli_parse(VALUE self) {
     if (level > 0 && level < 100)
       FIO_LOG_LEVEL = level;
   }
-
+  if (!fio_cli_get("-w") && getenv("WEB_CONCURRENCY")) {
+    fio_cli_set("-w", getenv("WEB_CONCURRENCY"));
+  }
+  if (!fio_cli_get("-w") && getenv("WORKERS")) {
+    fio_cli_set("-w", getenv("WORKERS"));
+  }
   if (fio_cli_get("-w")) {
     iodine_workers_set(IodineModule, INT2NUM(fio_cli_get_i("-w")));
   }
+  if (!fio_cli_get("-t") && getenv("THREADS")) {
+    fio_cli_set("-t", getenv("THREADS"));
+  }
   if (fio_cli_get("-t")) {
     iodine_threads_set(IodineModule, INT2NUM(fio_cli_get_i("-t")));
   }
@@ -422,6 +434,9 @@ static VALUE iodine_cli_parse(VALUE self) {
   if (fio_cli_get_bool("-warmup")) {
     rb_hash_aset(defaults, ID2SYM(rb_intern("warmup_")), Qtrue);
   }
+  // if (!fio_cli_get("-b") && getenv("ADDRESS")) {
+  //   fio_cli_set("-b", getenv("ADDRESS"));
+  // }
   if (fio_cli_get("-b")) {
     if (fio_cli_get("-b")[0] == '/' ||
         (fio_cli_get("-b")[0] == '.' && fio_cli_get("-b")[1] == '/')) {
@@ -433,6 +448,10 @@ static VALUE iodine_cli_parse(VALUE self) {
             fio_cli_get("-p"));
       }
       fio_cli_set("-p", "0");
+    } else {
+      // if (!fio_cli_get("-p") && getenv("PORT")) {
+      //   fio_cli_set("-p", getenv("PORT"));
+      // }
     }
     rb_hash_aset(defaults, address_sym, rb_str_new_cstr(fio_cli_get("-b")));
   }
@@ -484,7 +503,7 @@ static VALUE iodine_cli_parse(VALUE self) {
     }
     if (fio_cli_get("-tls-key") && fio_cli_get("-tls-cert")) {
       fio_tls_cert_add(tls, NULL, fio_cli_get("-tls-cert"),
-                       fio_cli_get("-tls-key"), fio_cli_get("-tls-password"));
+                       fio_cli_get("-tls-key"), fio_cli_get("-tls-pass"));
     } else {
       if (!fio_cli_get_bool("-tls"))
         FIO_LOG_ERROR("TLS support requires both key and certificate."

data/ext/iodine/iodine_defer.c

@@ -240,17 +240,19 @@ static VALUE iodine_defer_run_after(VALUE self, VALUE milliseconds) {
   }
   return block;
 }
+
+// clang-format off
 /**
 Runs the required block after the specified number of milliseconds have passed.
 Time is counted only once Iodine started running (using {Iodine.start}).
 
 Accepts:
 
-milliseconds:: the number of milliseconds between event repetitions.
-
-repetitions:: the number of event repetitions. Defaults to 0 (never ending).
-
-block:: (required) a block is required, as otherwise there is nothing to
+|   |   |
+|---|---|
+| `:milliseconds` | the number of milliseconds between event repetitions.|
+| `:repetitions` | the number of event repetitions. Defaults to 0 (never ending).|
+| `:block` | (required) a block is required, as otherwise there is nothing to|
 perform.
 
 The event will repeat itself until the number of repetitions had been delpeted.
@@ -258,6 +260,7 @@ The event will repeat itself until the number of repetitions had been delpeted.
 Always returns a copy of the block object.
 */
 static VALUE iodine_defer_run_every(int argc, VALUE *argv, VALUE self) {
+  // clang-format on
   (void)(self);
   VALUE milliseconds, repetitions, block;
 
@@ -304,16 +307,18 @@ Sets a block of code to run when Iodine's core state is updated.
 
 The state event Symbol can be any of the following:
 
-:pre_start :: the block will be called once before starting up the IO reactor.
-:before_fork :: the block will be called before each time the IO reactor forks a new worker.
-:after_fork :: the block will be called after each fork (both in parent and workers).
-:enter_child :: the block will be called by a worker process right after forking.
-:enter_master :: the block will be called by the master process after spawning a worker (after forking).
-:on_start :: the block will be called every time a *worker* proceess starts. In single process mode, the master process is also a worker.
-:on_parent_crush :: the block will be called by each worker the moment it detects the master process crashed.
-:on_child_crush :: the block will be called by the parent (master) after a worker process crashed.
-:start_shutdown :: the block will be called before starting the shutdown sequence.
-:on_finish :: the block will be called just before finishing up (both on chlid and parent processes).
+|  |  |
+|---|---|
+| `:pre_start` | the block will be called once before starting up the IO reactor. |
+| `:before_fork` | the block will be called before each time the IO reactor forks a new worker. |
+| `:after_fork` | the block will be called after each fork (both in parent and workers). |
+| `:enter_child` | the block will be called by a worker process right after forking. |
+| `:enter_master` | the block will be called by the master process after spawning a worker (after forking). |
+| `:on_start` | the block will be called every time a *worker* proceess starts. In single process mode, the master process is also a worker. |
+| `:on_parent_crush` | the block will be called by each worker the moment it detects the master process crashed. |
+| `:on_child_crush` | the block will be called by the parent (master) after a worker process crashed. |
+| `:start_shutdown` | the block will be called before starting the shutdown sequence. |
+| `:on_finish` | the block will be called just before finishing up (both on chlid and parent processes). |
 
 Code runs in both the parent and the child.
 */

data/ext/iodine/websockets.c

@@ -87,8 +87,7 @@ struct buffer_s resize_ws_buffer(ws_s *owner, struct buffer_s buff) {
 }
 void free_ws_buffer(ws_s *owner, struct buffer_s buff) {
   (void)(owner);
-  if (buff.data)
-    free(buff.data);
+  free(buff.data);
 }
 
 #undef round_up_buffer_size

data/lib/iodine/version.rb

@@ -1,3 +1,3 @@
 module Iodine
-  VERSION = '0.7.18'.freeze
+  VERSION = '0.7.19'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: iodine
 version: !ruby/object:Gem::Version
-  version: 0.7.18
+  version: 0.7.19
 platform: ruby
 authors:
 - Boaz Segev
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-01-18 00:00:00.000000000 Z
+date: 2019-01-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -220,7 +220,7 @@ licenses:
 - MIT
 metadata:
   allowed_push_host: https://rubygems.org
-post_install_message: 'Thank you for installing Iodine 0.7.18.
+post_install_message: 'Thank you for installing Iodine 0.7.19.
 
 '
 rdoc_options: []
@@ -243,8 +243,7 @@ requirements:
 - Ruby >= 2.2.2 required for Rack 2.
 - Ruby >= 2.5.0 recommended.
 - TLS requires OpenSSL >= 1.1.0
-rubyforge_project: 
-rubygems_version: 2.7.7
+rubygems_version: 3.0.1
 signing_key: 
 specification_version: 4
 summary: iodine - a fast HTTP / Websocket Server with Pub/Sub support, optimized for