Unlimited settings were logged as huge numbers.
In two cases settings were logged via LOG_SYS (and as errors)
instead of LOG_INF.
Change-Id: I1da493c0126ecf9d2382956ac1e60e57988696ee
Reviewed-on: https://gerrit.libreoffice.org/44731
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
To be able to set the support key directly from the command line, and to show
the option, etc.
Change-Id: Iac93bc47a6f4b9d5a5ad0ac8b06bda978e01b760
Reviewed-on: https://gerrit.libreoffice.org/43098
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
Tested-by: Michael Meeks <michael.meeks@collabora.com>
The routine for handling the configuration for the max file size
limit, was wrongly using NOFILE. Now we handle both limits correctly.
Change-Id: Ie8b63617286f66af6d4eb1b35b9e4f4b28f3c2a6
Reviewed-on: https://gerrit.libreoffice.org/42803
Reviewed-by: Jan Holesovsky <kendy@collabora.com>
Tested-by: Jan Holesovsky <kendy@collabora.com>
Reviewed-on: https://gerrit.libreoffice.org/42811
Reviewed-by: Marco Cecchetti <mrcekets@gmail.com>
Tested-by: Marco Cecchetti <mrcekets@gmail.com>
Trying to combine the Poco's http server together with our polling loop leads
only to problem; so instead let's introduce a hook where we can do the WOPI
serving directly in the unit test.
Change-Id: Id3fec6ff93c3ad652aa4e0fc6309c5b7639728cb
Start killing documents when memory usage goes above threshold.
Also make it possible to close documents from admin instance.
In DocumentBroker::closeDocument, just set the _stop flag and wake
up the polling thread which will terminate the children, instead of
manually terminating the children.
Change-Id: Ie70e05b3fb6ea816a87b6dcfaed92cdddb94aa90
Changes protocol to use 'wid' instead of 'hash' everywhere. Wire-ids
are monotonically increasing integers that can be mapped to hash
values for all of the hash values and tiles we cache internally.
Change-Id: Ibcb25817bab0f453e93d52a6f99d3ff65059e47d
Seems to have no effect, so gone in
favor of RLIMIT_AS (virtual memeory).
Change-Id: I210879ec9285f420c9f9839cdabf45c42d865fb3
Reviewed-on: https://gerrit.libreoffice.org/38720
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
userextrainfo is a json array that contains
extra user-specific links.
Currently 'avatar' is assumed to hold the
image url for the user's avatar.
'mail' and other links can also be added.
Change-Id: I37c4c68bfa0b7ee659e017b4867dcb8cf5c2ca2f
Reviewed-on: https://gerrit.libreoffice.org/38120
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
The new password hash property is called secure_password in the config
file. `loolconfig` tool should be used to set the password hash in
appropriate format with desired salt length, password length, number of
iterations in PBKDF2.
To be backward compatible, plain-text password for admin-console in
config file is still accepted in case secure_password property is
missing from the config file.
Change-Id: If229999dac62856e368555c0242c4aa6f8061fba
Fixes the case when the client reconnects on idle
disconnection (because it never got the 'close: idle'
message).
Also, show informative message to users in this case
instead of grey screen.
Change-Id: Ia2e1f2ffefe6d35dd1552e7cc44e490aab86c600
Reviewed-on: https://gerrit.libreoffice.org/37891
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Jail paths are now generate from a PRNG
instead of using the PID of the kit process.
The PRN is converted to base-64 and used
as the directory name where a given
kit is jailed.
Change-Id: I8e4bc35d9ccdfdae0e542ab707c417cd29ad52f3
Reviewed-on: https://gerrit.libreoffice.org/37372
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Dung out overlapping return enumerations. Move more work into 'move'
callbacks at a safer time, etc.
Change-Id: I62ba5a35f12073b7b9c8de4674be9dae519a8aca
POST requests require the full request to be
left in the socket buffer to be parsed in full.
But GET requests, especially WS upgrade, must
have the request cleared from the socket, as
there is more data expected to be read after
the upgrade, which happens by the DocBroker
thread, so clearing the buffer must be done
before the upgrade.
This patch accomodates these two conflicting
cases and refactors the code slightly to
make it more structured and readable.
Change-Id: Ia7357a745a3900f986099ba14af2a0946023018b
Reviewed-on: https://gerrit.libreoffice.org/36873
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
This slows things down terribly, particularly the setting on the websocket
made tiles appearing one by one. Let's keep the possibility to zero the buffer
sizes for debugging, but hide that behind an env. variable (and in debug
builds only anyway).
Change-Id: Ie4d2cdb3c0ec3c50f1a2b4f9941a462ac4f2d196
This was a workaround to Poco's limitation
of requiring socket receiveFrame be given
preallocated buffer, which couldn't be
exceeded by a larger payload. This meant
the receiver had to know the maximum
payload in advance.
Since only the Kit uses Poco sockets,
and the Kit never receives large payloads,
this preamble is now obsolete.
100% (94/94) of old-style tests PASS.
Change-Id: I76776f89497409e5755e335a3e25553e91cf0876
Reviewed-on: https://gerrit.libreoffice.org/36037
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
With this every other client would be able to know about other client's
permission i.e whether they have opened the document as readonly. This
could be important eg: to hide the cursor overlay of readonly users in
the UI or to mark these users as readonly in the userlist.
Change-Id: I5dcb1b4e5a22c9b546d16b69b9216cc7653cff04
Pull the notification pieces out of SigUtil.cpp - not signal safe,
and invoked only from LOOLWSD anyway.
In a non-blocking world, the socket close notification sends are
instant - so more work required to count-down / timeout remaining
clients.
These are really GET requests that aren't
WebSocket upgrade. Should rename to something
less misleading.
Re-enabled testSlideShow which depended on this.
Change-Id: I52b7f67b650fcdcbae7c2bff020b756099263141
When the socket is closed the last WS frame
will not have any payload, just a frame.
In this case the socket should still fire
handleMessage so this frame could trigger
application logic, however in this case
ClientSession has nothing to do, so we skip it.
Change-Id: Ia2b13026e31460ffceb8f9d9cfa39d36fbc57146
There is no need to use `ps` here as reading
directly is trivial and has far less overhead.
Change-Id: I27d0432c1f3a9d35763d67fc445d8bd828f1b27e
Reviewed-on: https://gerrit.libreoffice.org/34052
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
We no longer tell the clinet "This is embarrassing..."
when we disconnect and unload an idle document. Instead,
the client UI remains greyed out so the user can resume
as if it was inactive (and reload the document in this case).
Also, we now always send the "close: " message prior
to shutting down a client websocket. This is more
reasonable and consistent when we intentionally disconnect,
so clients can rely on it to signal intent and give reason.
Otherwise, a disconnection without this application-level
message should be unexpected and is therefore reasonable
to show the "This is embarrassing..." message.
Change-Id: Ic7439bcc9267be155586ccd5d122e9fe60225516
A race condition between the client socket thread
and the idle-document cleanup caused segfault
on the websocket.
Now the ChildProcess object doesn't reset
the websocket on closing, rather on destruction.
Change-Id: I10d0dfb1ba677a65479df85b7a53de8c5f1b44c3
Each Kit process now reports its own PSS,
which is much more accurate as they share
a significant ratio of their pages with
one another.
Admin tracks the PSS values of the Kits
and reports to the console.
Change-Id: Ifa66d17749c224f0dc211db80c44f7c913f2d6c4
Reviewed-on: https://gerrit.libreoffice.org/33864
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Around 1.5x faster than Poco,
which first enumerates files into
a container, then iterates over
them and stats before unlinking.
Here we enumerate and unlink in
a single pass.
Change-Id: I79d1c0f1b5ec557ccc4f0e2ec7a0609051d8d212
Reviewed-on: https://gerrit.libreoffice.org/33680
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Now we don't get a situation where there would be a tremendous amount of
invalidates & tile render requests piled in the queue, so we can do it
deterministic again.
The only thing that could potentially pile in the queue are the keypresses
events sent from the clients, but that is a different problem anyway.
This reverts commit c326228774.
Change-Id: I98e199eab0187bf5f47ce322ac1b1b2e3b976b85
User input is batched together to reduce
overheads. This initial implementation
will batch all input of the same type
together.
Change-Id: Ia0069de9cf5acecf637941543267f86518c04640
Reviewed-on: https://gerrit.libreoffice.org/33422
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Throw when empty payload is enqueued
and return empty payload on get timeout
(instead of throwing).
Change-Id: Iab5df775caa46d5c212d0850645cda6cca16f20b
Reviewed-on: https://gerrit.libreoffice.org/33421
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Otherwise we are getting completely confused times - various processes start
at various times, so for one process the epoch start can be eg. 20 minutes
later than for the other.
Change-Id: I6d87e98682a5fcd0348a584cf66f7ffa5813ca66
The server tells the client the hash of each tile it sends (calculated
from the contents of the tile, not its PNG encoding). When the client
asks for a tile to be refreshed, it tells the server what the hash of
the existing tile is. If the server notices that the tile contents
hasn't actually changed, it doesn't PNG encode it and doesn't send it
to the client.
The intent is that this will reduce load on the server and also avoid
unnecessary tile traffic.
Change-Id: Ia06ca68655ea984ed4319f24f4470afda322eccf
If we are logging a message, we want to see the first line of it in
its entirety if possible. Especially now with more parameters being
added to tile messages, 120 was not enough to see the added
interesting ones.
Bin the silly test that used knowledge of what the limit is. We should
not test a coindidental arbitrary number that is not a documented part
of an API. If we want to test the default abbreviation functionality,
we need to at least make that default limit (now 500) public in
Protocol.hpp.
Change-Id: Iea59ba46e8331e2a839c792146f123fed9df2b82
This makes debugging much easier as one can
readily match WSD logs with a given test.
Change-Id: I8f2c83d67189038699af3f24dee205bc7efb5c28
Reviewed-on: https://gerrit.libreoffice.org/32860
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
As far as I see, we tend to use the same namespace name as the
basename of the corresponding include file, and this stuff is defined
in a file called Png.hpp.
Change-Id: Id859e13e94568abd9f1d5b4ef3bfbbb0c156db11
There is no way to let the user of document currently being
opened, in case of failure, know that disk is low on space.
We check the disk space when forking children after which we try
to alert all users but this would end up doing nothing for
current document because document broker is not registered at
this time (we iterate through doc brokers when alerting). Another
conditional disk check is performed just before opening the
document but this is performed only if last disk check was
performed greater than 60 seconds which would never be the case
because document open is always preceded by a child fork (when
rebalancing children).
Lets not cache the disk check when forking the children to
prevent above mentioned situation while still minimizing the
number of disk checks performed.
Change-Id: Id3add998f94e23f9f8c144f09e5efe9f0b63821c
Since we always need to set the thread-pool size
anyway, we cannot have 'unlimited' connections.
Actually, we never did, so that was misleading
in configure.ac anyway.
The current defaults are 20 connections and
10 documents, instead of the previous 1024
connections.
The reason for this "low" limit is to
enable unittesting these limits automatically
for the default configure.
There is also a lower-limit (needed by unittests
and internal technical requirements) of 3 connections
and 2 documents.
Change-Id: I6ccf3a607c50bb2a86bf1c0a16ebb6326ee34c7d
Reviewed-on: https://gerrit.libreoffice.org/32712
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
There should be no need to take a lock to
access it. However there were cases where it
wasn't thread-safe. Now we can remove unncessary
locking before invoking it.
Change-Id: I90d2c6940610a59aa6c749491ea85fb80b0acbcd
Reviewed-on: https://gerrit.libreoffice.org/32615
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
This is to replace assertion for non-fatal cases.
Change-Id: I6f8aedea52fb861309d0bc8f8f9cd43395da0805
Reviewed-on: https://gerrit.libreoffice.org/32550
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
and apply the nullptr plugin.
Lots of hacking in my LO tree required to make this work, will probably
end up needing to add an extra parameter to the LO side.
Change-Id: I02ae1dcdece9d9ddf05f7757f6696e3a5d7d1f14
Reviewed-on: https://gerrit.libreoffice.org/32339
Reviewed-by: Tor Lillqvist <tml@collabora.com>
Tested-by: Tor Lillqvist <tml@collabora.com>
If the socket is in error, SELECT_READ returns
immediatly as failure. In this case we sit
in a tight loop polling read over and over.
We now check for SELECT_ERROR when SElECT_READ
fails to properly close the socket and break.
When receiveFrame returns -1, we should first
check the flags for socket close, as that
is a legitimate case of returning -ve.
Change-Id: I7bbc948638a8395d28990ba92eddb9a1a9f1e6f2
Reviewed-on: https://gerrit.libreoffice.org/31932
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
This adds SenderQueue and a wrapper of messages to
send back to clients.
Currently no threading takes place, but the messages
are pumped through the queue nonetheless.
Change-Id: Id9997539c0a2a351cbf406f649c268dd3643e88e
Reviewed-on: https://gerrit.libreoffice.org/31883
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
It doesn't mean anything is wrong or that the connection would be in
some invalid or closed state, but just that we didn't actually receive
any "interesting" frame that could be handled in the caller.
Tiles no longer hog the queue ahead of all else.
We now give priority to callback events, so clients
get to know the document state sooner.
Since tiles take long to render, an equal time
is given to non-tiles (capped at 100ms).
Finally, Impress preview tiles are given
the lowest priority and rendered only when
the queue is drained.
Change-Id: I922c1e11200e5675f50d86b83baee1588cbbf66f
Reviewed-on: https://gerrit.libreoffice.org/31394
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
When we the pipe with wsd is closed we
assume wsd has died and we terminate too.
WSD can fork us anew, if it's still alive.
Change-Id: I669ed717db973b50498a6bc08e1fca59c6563443
Reviewed-on: https://gerrit.libreoffice.org/31337
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Setting 'n = -1;' helps to detect where the failure happened
when receiveFrame throws. At the bottom of the function we log
partially processed data by checking n (among others).
This reverts commit 752372a2b0.
Change-Id: I3294329c3d95b38d72c3fc824ab2eb7f2339adee
Reviewed-on: https://gerrit.libreoffice.org/31339
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
We need a fast and good (high avalanche properties)
hash function for the png caching to avoid collissions
(even in the very limited samples we have, since tiles
are likely to have patters, such as all 0's and all 1's
etc.).
Bob Jenkins's public domain SpookyV2 is used here.
It has great avalanache properties and is fast at
~3-bytes / cycle for large messages.
Only trailing whitespace was removed from original
sources and 4 tabs converted to spaces.
Change-Id: Ife57237321625c836d85c894d939fd04a8f577bb
Reviewed-on: https://gerrit.libreoffice.org/31292
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
When receiving large messages the dynamic socket buffer
is resized to accomodate the incoming large message.
This buffer was previously never reduced in size.
This is an obvious leak that is now avoided.
When the buffer grows beyond quadruple the default
size, it is shrunk back to the default. This gives
a decent balance between memory waste and unnecessary
resizing up and down after each large message received.
Change-Id: Ic3996c80e96592af6f12c4abd1dd737bdc07b814
Reviewed-on: https://gerrit.libreoffice.org/31287
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>
Messages larger than a certain size are preambled
with a 'nextmessage' message that hold the size
of the subsequent message.
This is a workaround to a limitation the Poco
WebSocket API where if the buffer size is
smaller than the received frame the socket
ends up in a bad state and must be closed.
Unfortunately the new API that avoids this
workaround is not yet released by Poco.
Here we minimize the need for 'nextmessage'
to truely large messages. The limit is now
raised from above 1KB to over 63KB.
We may raise this limit further, but that will
cost each socket that much dedicated buffer size.
Change-Id: I01e4c68cdbe67e413c04a9725152224a87ab8267
Reviewed-on: https://gerrit.libreoffice.org/31286
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
Tested-by: Ashod Nakashian <ashnakash@gmail.com>