Commit Graph

6093 Commits

Author SHA1 Message Date
Roman Arutyunyan
1602ae60e4 Stream: relaxed next upstream condition (ticket #1317).
When switching to a next upstream, some buffers could be stuck in the middle
of the filter chain.  A condition existed that raised an error when this
happened.  As it turned out, this condition prevented switching to a next
upstream if ssl preread was used with the TCP protocol (see the ticket).

In fact, the condition does not make sense for TCP, since after successful
connection to an upstream switching to another upstream never happens.  As for
UDP, the issue with stuck buffers is unlikely to happen, but is still possible.
Specifically, if a filter delays sending data to upstream.

The condition can be relaxed to only check the "buffered" bitmask of the
upstream connection.  The new condition is simpler and fixes the ticket issue
as well.  Additionally, the upstream_out chain is now reset for UDP prior to
connecting to a new upstream to prevent repeating the client data twice.
2017-09-11 15:32:31 +03:00
Maxim Dounin
d80e485863 Range filter: changed type for total length to off_t.
Total length of a response with multiple ranges can be larger than a size_t
variable can hold, so type changed to off_t.  Previously, an incorrect
Content-Length was returned when requesting more than 4G of ranges from
a large enough file on a 32-bit system.

An additional size_t variable introduced to calculate size of the boundary
header buffer, as off_t is not needed here and will require type casts on
win32.

Reported by Shuxin Yang,
http://mailman.nginx.org/pipermail/nginx/2017-July/054384.html.
2017-08-10 22:21:23 +03:00
Maxim Dounin
9b9f5466e5 Updated PCRE used for win32 builds. 2017-08-08 15:21:10 +03:00
Maxim Dounin
4f351d9b26 Core: fixed error message on setsockopt(SO_REUSEPORT) failure.
The error is fatal when configuring a new socket, so the ", ignored" part
is not appropriate and was removed.
2017-07-11 20:06:52 +03:00
Maxim Dounin
cff5182955 Core: disabled SO_REUSEPORT when testing config (ticket #1300).
When closing a socket with SO_REUSEPORT, Linux drops all connections waiting
in this socket's listen queue.  Previously, it was believed to only result
in connection resets when reconfiguring nginx to use smaller number of worker
processes.  It also results in connection resets during configuration
testing though.

Workaround is to avoid using SO_REUSEPORT when testing configuration.  It
should prevent listening sockets from being created if a conflicting socket
already exists, while still preserving detection of other possible errors.
It should also cover UDP sockets.

The only downside of this approach seems to be that a configuration testing
won't be able to properly report the case when nginx was compiled with
SO_REUSEPORT, but the kernel is not able to set it.  Such errors will be
reported on a real start instead.
2017-07-11 19:59:56 +03:00
Roman Arutyunyan
67635190b3 Fixed deferred accept with EPOLLRDHUP enabled (ticket #1278).
Previously, the read event of the accepted connection was marked ready, but not
available.  This made EPOLLRDHUP-related code (for example, in ngx_unix_recv())
expect more data from the socket, leading to unexpected behavior.

For example, if SSL, PROXY protocol and deferred accept were enabled on a listen
socket, the client connection was aborted due to unexpected return value of
c->recv().
2017-05-24 13:17:08 +03:00
Maxim Dounin
b97145ae6c Added missing "fall through" comments (ticket #1259).
Found by gcc7 (-Wimplicit-fallthrough).
2017-04-27 16:57:18 +03:00
Maxim Dounin
d9700ec65f Version bump. 2017-10-13 20:23:57 +03:00
Maxim Dounin
3d42fcd6d0 release-1.12.1 tag 2017-07-11 16:24:05 +03:00
Maxim Dounin
f1f2497e7a nginx-1.12.1-RELEASE 2017-07-11 16:24:04 +03:00
Maxim Dounin
455bd72951 Range filter: protect from total size overflows.
The overflow can be used to circumvent the restriction on total size of
ranges introduced in c2a91088b0c0 (1.1.2).  Additionally, overflow
allows producing ranges with negative start (such ranges can be created
by using a suffix, "bytes=-100"; normally this results in 200 due to
the total size check).  These can result in the following errors in logs:

[crit] ... pread() ... failed (22: Invalid argument)
[alert] ... sendfile() failed (22: Invalid argument)

When using cache, it can be also used to reveal cache file header.
It is believed that there are no other negative effects, at least with
standard nginx modules.

In theory, this can also result in memory disclosure and/or segmentation
faults if multiple ranges are allowed, and the response is returned in a
single in-memory buffer.  This never happens with standard nginx modules
though, as well as known 3rd party modules.

Fix is to properly protect from possible overflow when incrementing size.
2017-07-11 16:06:23 +03:00
Maxim Dounin
e372ca8121 Updated OpenSSL used for win32 builds. 2017-05-30 17:14:00 +03:00
Maxim Dounin
eaae85808a Version bump. 2017-07-11 16:19:05 +03:00
Maxim Dounin
31770abdc3 release-1.12.0 tag 2017-04-12 17:46:00 +03:00
Maxim Dounin
58cb5f75ef nginx-1.12.0-RELEASE 2017-04-12 17:46:00 +03:00
Maxim Dounin
e7a16a6c00 Stable branch. 2017-04-12 16:42:30 +03:00
Maxim Dounin
becdcaef00 release-1.11.13 tag 2017-04-04 18:01:57 +03:00
Maxim Dounin
3290884abb nginx-1.11.13-RELEASE 2017-04-04 18:01:57 +03:00
Piotr Sikora
ca1a5057e2 Upstream: allow recovery from "429 Too Many Requests" response.
This change adds "http_429" parameter to "proxy_next_upstream" for
retrying rate-limited requests, and to "proxy_cache_use_stale" for
serving stale cached responses after being rate-limited.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2017-03-24 02:48:03 -07:00
Piotr Sikora
c3ce606652 Added support for "429 Too Many Requests" response (RFC6585).
This change adds reason phrase in status line and pretty response body
when "429" status code is used in "return", "limit_conn_status" and/or
"limit_req_status" directives.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2017-03-24 02:48:03 -07:00
hucongcong
9ac9fe2f3e Fixed type. 2017-04-03 14:29:40 +08:00
Roman Arutyunyan
c31239ffb4 Slice filter: prevented slice redirection (ticket #1219).
When a slice subrequest was redirected to a new location, its context was lost.
After its completion, a new slice subrequest for the same slice was created.
This could lead to infinite loop.  Now the slice module makes sure each slice
subrequest starts output with the slice context available.
2017-03-31 21:47:56 +03:00
Roman Arutyunyan
8c9a66298c Slice filter: allowed at most one subrequest at a time.
Previously, if slice main request write handler was called while a slice
subrequest was running, a new subrequest for the same slice was started.
2017-03-28 14:03:57 +03:00
Maxim Dounin
5d5f0dcac4 Moved handling of wev->delayed to the connection event handler.
With post_action or subrequests, it is possible that the timer set for
wev->delayed will expire while the active subrequest write event handler
is not ready to handle this.  This results in request hangs as observed
with limit_rate / sendfile_max_chunk and post_action (ticket #776) or
subrequests (ticket #1228).

Moving the handling to the connection event handler fixes the hangs observed,
and also slightly simplifies the code.
2017-04-02 14:32:29 +03:00
Maxim Dounin
96e4e84ce2 Perl: fixed delaying subrequests.
Much like in limit_req, use the wev->delayed flag to ensure proper handling
and interoperability with limit_rate.
2017-04-02 14:32:28 +03:00
Maxim Dounin
fae6878f20 Limit req: fixed delaying subrequests.
Since limit_req uses connection's write event to delay request processing,
it can conflict with timers in other subrequests.  In particular, even
if applied to an active subrequest, it can break things if wev->delayed
is already set (due to limit_rate or sendfile_max_chunk), since after
limit_req finishes the wev->delayed flag will be set and no timer will be
active.

Fix is to use the wev->delayed flag in limit_req as well.  This ensures that
wev->delayed won't be set after limit_req finishes, and also ensures that
limit_req's timers will be properly handled by other subrequests if the one
delayed by limit_req is not active.
2017-04-02 14:32:26 +03:00
Piotr Sikora
679bd07b42 HTTP/2: style and typos.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2017-03-26 01:25:01 -07:00
Valentin Bartenev
0a5e969dd0 HTTP/2: fixed connection finalization.
All streams in connection must be finalized before the connection
itself can be finalized and all related memory is freed.  That's
not always possible on the current event loop iteration.

Thus when the last stream is finalized, it sets the special read
event handler ngx_http_v2_handle_connection_handler() and posts
the event.

Previously, this handler didn't check the connection state and
could call the regular event handler on a connection that was
already in finalization stage.  In the worst case that could
lead to a segmentation fault, since some data structures aren't
supposed to be used during connection finalization.  Particularly,
the waiting queue can contain already freed streams, so the
WINDOW_UPDATE frame received by that moment could trigger
accessing to these freed streams.

Now, the connection error flag is explicitly checked in
ngx_http_v2_handle_connection_handler().
2017-03-29 20:21:01 +03:00
Valentin Bartenev
e825598266 HTTP/2: fixed stream finalization.
In order to finalize stream the error flag is set on fake connection and
either "write" or "read" event handler is called.  The read events of fake
connections are always ready, but it's not the case with the write events.

When the ready flag isn't set, the error flag can be not checked in some
cases and as a result stream isn't finalized.  Now the ready flag is
explicilty set on write events for proper finalization in all cases.
2017-03-29 20:16:23 +03:00
Piotr Sikora
239e5ac063 HTTP/2: emit PROTOCOL_ERROR on padding errors.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2017-03-26 01:25:05 -07:00
Piotr Sikora
f2393f8fef HTTP/2: fix flow control with padded DATA frames.
Previously, flow control didn't account for padding in DATA frames,
which meant that its view of the world could drift from peer's view
by up to 256 bytes per received padded DATA frame, which could lead
to a deadlock.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2017-03-26 01:25:04 -07:00
Piotr Sikora
d2008dbc7d HTTP/2: fix $body_bytes_sent variable.
Previously, its value included payloads and frame headers of HEADERS
and CONTINUATION frames.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2017-03-26 01:25:03 -07:00
Piotr Sikora
1506e438cb HTTP/2: fix $bytes_sent variable.
Previously, its value accounted for payloads of HEADERS, CONTINUATION
and DATA frames, as well as frame headers of HEADERS and DATA frames,
but it didn't account for frame headers of CONTINUATION frames.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2017-03-26 01:25:02 -07:00
Maxim Dounin
1f76260583 Copy filter: wake up subrequests after aio operations.
Previously, connection write handler was called, resulting in wake up
of the active subrequest.  This change makes it possible to read data
in non-active subrequests as well.  For example, this allows SSI to
process instructions in non-active subrequests earlier and start
additional subrequests if needed, reducing overall response time.
2017-03-28 18:15:42 +03:00
Maxim Dounin
a450865b5a Threads: fixed request hang with aio_write and subrequests.
If the subrequest is already finalized, the handler set with aio_write
may still be used by sendfile in threads when using range requests
(see also e4c1f5b32868, and the original note in 9fd738b85fad).  Calling
already finalized subrequest's r->write_event_handler in practice
results in request hang in some cases.

Fix is to trigger connection event handler if the subrequest was already
finalized.
2017-03-28 18:15:41 +03:00
Maxim Dounin
ff33d9fa55 Simplified and improved sendfile() code on Linux.
The ngx_linux_sendfile() function is now used for both normal sendfile()
and sendfile in threads.  The ngx_linux_sendfile_thread() function was
modified to use the same interface as ngx_linux_sendfile(), and is simply
called from ngx_linux_sendfile() when threads are enabled.

Special return code NGX_DONE is used to indicate that a thread task was
posted and no further actions are needed.

If number of bytes sent is less that what we were sending, we now always
retry sending.  This is needed for sendfile() in threads as the number
of bytes we are sending might have been changed since the thread task
was posted.  And this is also needed for Linux 4.3+, as sendfile() might
be interrupted at any time and provides no indication if it was interrupted
or not (ticket #1174).
2017-03-28 18:15:39 +03:00
Sergey Kandaurov
9ad18e43ac Fixed ngx_open_cached_file() error handling.
If of.err is 0, it means that there was a memory allocation error
and no further logging and/or processing is needed.  The of.failed
string can be only accessed if of.err is not 0.
2017-03-28 14:21:38 +03:00
Ruslan Ermilov
eb017e75cf Core: set nginx_shared_zone name via ngx_str_set(). 2017-03-28 11:28:51 +03:00
Ruslan Ermilov
65f0ad22fa Use ngx_array_init() to initialize arrays. 2017-03-28 11:28:42 +03:00
Ruslan Ermilov
3d5cebe0f5 Version bump. 2017-03-28 11:28:36 +03:00
Maxim Dounin
1123d5c90a release-1.11.12 tag 2017-03-24 18:05:06 +03:00
Maxim Dounin
2338d12753 nginx-1.11.12-RELEASE 2017-03-24 18:05:05 +03:00
Maxim Dounin
77bac4d57c Fixed CPU hog while freeing hc->busy after e662cbf1b932 (1.11.11).
Reported by Richard Stanway,
http://mailman.nginx.org/pipermail/nginx/2017-March/053296.html.
2017-03-24 16:26:12 +03:00
Ruslan Ermilov
e81ad21fea Simplified code about duplicate root/alias directive. 2017-03-22 23:36:35 +03:00
Ruslan Ermilov
abc9d62b03 Unified error messages about duplicate directives. 2017-03-22 22:49:52 +03:00
Ruslan Ermilov
a10267126c Version bump. 2017-03-22 22:49:42 +03:00
Maxim Dounin
319649f6cd release-1.11.11 tag 2017-03-21 18:04:22 +03:00
Maxim Dounin
80c2df69b0 nginx-1.11.11-RELEASE 2017-03-21 18:04:22 +03:00
Maxim Dounin
55266daacb Added HTTP/2 to win32 builds. 2017-03-21 17:28:15 +03:00
Ruslan Ermilov
05f5a7325d Fixed a comment. 2017-03-17 12:09:31 +03:00