Commit Graph

8297 Commits

Author SHA1 Message Date
Maxim Dounin
b794465178 AIO operations now add timers (ticket #2162).
Each AIO (thread IO) operation being run is now accompanied with 1-minute
timer.  This timer prevents unexpected shutdown of the worker process while
an AIO operation is running, and logs an alert if the operation is running
for too long.

This fixes "open socket left" alerts during worker processes shutdown
due to pending AIO (or thread IO) operations while corresponding requests
have no timers.  In particular, such errors were observed while reading
cache headers (ticket #2162), and with worker_shutdown_timeout.
2024-01-29 10:31:37 +03:00
Maxim Dounin
cc4c3ee0a4 Silenced complaints about socket leaks on forced termination.
When graceful shutdown was requested, and then nginx was forced to
do fast shutdown, it used to (incorrectly) complain about open sockets
left in connections which weren't yet closed when fast shutdown
was requested.

Fix is to avoid complaining about open sockets when fast shutdown was
requested after graceful one.  Abnormal termination, if requested with
the WINCH signal, can still happen though.
2024-01-29 10:29:39 +03:00
Sergey Kandaurov
f255815f5d SSL: reasonable version for LibreSSL adjusted.
OPENSSL_VERSION_NUMBER is now redefined to 0x1010000fL for LibreSSL 3.5.0
and above.  Building with older LibreSSL versions, such as 2.8.0, may now
produce warnings (see cab37803ebb3) and may require appropriate compiler
options to suppress them.

Notably, this allows to start using SSL_get0_verified_chain() appeared
in OpenSSL 1.1.0 and LibreSSL 3.5.0, without additional macro tests.

Prodded by Ilya Shipitsin.
2023-12-25 21:15:48 +04:00
Sergey Kandaurov
d7923960a8 SSL: disabled renegotiation checks with LibreSSL.
Similar to 7356:e3ba4026c02d, as long as SSL_OP_NO_CLIENT_RENEGOTIATION
is defined, it is the library responsibility to prevent renegotiation.

Additionally, this allows to raise LibreSSL version used to redefine
OPENSSL_VERSION_NUMBER to 0x1010000fL, such that this won't result in
attempts to dereference SSL objects made opaque in LibreSSL 3.4.0.

Patch by Maxim Dounin.
2023-12-25 21:15:47 +04:00
J Carter
c0134ded9f Win32: extended ngx_random() range to 0x7fffffff.
rand() is used on win32. RAND_MAX is implementation defined. win32's is
0x7fff.

Existing uses of ngx_random() rely upon 0x7fffffff range provided by
POSIX implementations of random().
2023-12-09 08:38:14 +00:00
Sergey Kandaurov
5e74324284 QUIC: fixed format specifier after a6f79f044de5. 2023-12-16 03:40:01 +04:00
Sergey Kandaurov
386329d3cf QUIC: path aware in-flight bytes accounting.
On-packet acknowledgement is made path aware, as per RFC 9000, Section 9.4:
    Packets sent on the old path MUST NOT contribute to congestion control
    or RTT estimation for the new path.

To make this possible in a single congestion control context, the first packet
to be sent after the new path has been validated, which includes resetting the
congestion controller and RTT estimator, is now remembered in the connection.
Packets sent previously, such as on the old path, are not taken into account.

Note that although the packet number is saved per-connection, the added checks
affect application level packets only.  For non-application level packets,
which are only processed prior to the handshake is complete, the remembered
packet number remains set to zero.
2023-12-12 20:21:12 +04:00
Sergey Kandaurov
4ee2a48f3f QUIC: reset RTT estimator for the new path.
RTT is a property of the path, it must be reset on confirming a peer's
ownership of its new address.
2023-12-12 20:20:51 +04:00
Roman Arutyunyan
c1efb3a725 QUIC: path revalidation after expansion failure.
As per RFC 9000, Section 8.2.1:

    When an endpoint is unable to expand the datagram size to 1200 bytes due
    to the anti-amplification limit, the path MTU will not be validated.
    To ensure that the path MTU is large enough, the endpoint MUST perform a
    second path validation by sending a PATH_CHALLENGE frame in a datagram of
    at least 1200 bytes.
2023-11-29 10:58:21 +04:00
Roman Arutyunyan
209e8bc0c0 QUIC: ngx_quic_frame_t time fields cleanup.
The field "first" is removed.  It's unused since 909b989ec088.
The field "last" is renamed to "send_time".  It holds frame send time.
2023-11-30 15:03:06 +04:00
Roman Arutyunyan
ccca701dc6 QUIC: congestion control in ngx_quic_frame_sendto().
Previously ngx_quic_frame_sendto() ignored congestion control and did not
contribute to in_flight counter.

Now congestion control window is checked unless ignore_congestion flag is set.
Also, in_flight counter is incremented and the frame is stored in ctx->sent
queue if it's ack-eliciting.  This behavior is now similar to
ngx_quic_output_packet().
2023-11-29 21:41:29 +04:00
Roman Arutyunyan
0c0f340554 QUIC: ignore duplicate PATH_CHALLENGE frames.
According to RFC 9000, an endpoint SHOULD NOT send multiple PATH_CHALLENGE
frames in a single packet.  The change adds a check to enforce this claim to
optimize server behavior.  Previously each PATH_CHALLENGE always resulted in a
single response datagram being sent to client.  The effect of this was however
limited by QUIC flood protection.

Also, PATH_CHALLENGE is explicitly disabled in Initial and Handshake levels,
see RFC 9000, Table 3.  However, technically it may be sent by client in 0-RTT
over a new path without actual migration, even though the migration itself is
prohibited during handshake.  This allows client to coalesce multiple 0-RTT
packets each carrying a PATH_CHALLENGE and end up with multiple PATH_CHALLENGEs
per datagram.  This again leads to suboptimal behavior, see above.  Since the
purpose of sending PATH_CHALLENGE frames in 0-RTT is unclear, these frames are
now only allowed in 1-RTT.  For 0-RTT they are silently ignored.
2023-11-22 14:48:12 +04:00
Roman Arutyunyan
6c78bb9bb1 QUIC: fixed anti-amplification with explicit send.
Previously, when using ngx_quic_frame_sendto() to explicitly send a packet with
a single frame, anti-amplification limit was not properly enforced.  Even when
there was no quota left for the packet, it was sent anyway, but with no padding.
Now the packet is not sent at all.

This function is called to send PATH_CHALLENGE/PATH_RESPONSE, PMTUD and probe
packets.  For all these cases packet send is retried later in case the send was
not successful.
2023-11-22 14:52:21 +04:00
Roman Arutyunyan
0efe8db1d0 QUIC: avoid partial expansion of PATH_CHALLENGE/PATH_RESPONSE.
By default packets with these frames are expanded to 1200 bytes.  Previously,
if anti-amplification limit did not allow this expansion, it was limited to
whatever size was allowed.  However RFC 9000 clearly states no partial
expansion should happen in both cases.

    Section 8.2.1.  Initiating Path Validation:

    An endpoint MUST expand datagrams that contain a PATH_CHALLENGE frame
    to at least the smallest allowed maximum datagram size of 1200 bytes,
    unless the anti-amplification limit for the path does not permit
    sending a datagram of this size.

    Section 8.2.2. Path Validation Responses:

    An endpoint MUST expand datagrams that contain a PATH_RESPONSE frame
    to at least the smallest allowed maximum datagram size of 1200 bytes.
    ...
    However, an endpoint MUST NOT expand the datagram containing the
    PATH_RESPONSE if the resulting data exceeds the anti-amplification limit.
2023-11-29 18:13:25 +04:00
Vladimir Khomutov
d8fa024ef1 HTTP: uniform checks in ngx_http_alloc_large_header_buffer().
If URI is not fully parsed yet, some pointers are not set.  As a result,
the calculation of "new + (ptr - old)" expression is flawed.

According to C11, 6.5.6 Additive operators, p.9:

: When two pointers are subtracted, both shall point to elements
: of the same array object, or one past the last element of the
: array object

Since "ptr" is not set, subtraction leads to undefined behaviour, because
"ptr" and "old" are not in the same buffer (i.e. array objects).

Prodded by GCC undefined behaviour sanitizer.
2023-11-29 11:13:05 +03:00
Vladimir Khomutov
0db94ba96a HTTP: removed unused r->port_start and r->port_end.
Neither r->port_start nor r->port_end were ever used.

The r->port_end is set by the parser, though it was never used by
the following code (and was never usable, since not copied by the
ngx_http_alloc_large_header_buffer() without r->port_start set).
2023-11-28 12:57:14 +03:00
Sergey Kandaurov
f9a25736fd HTTP/3: added Huffman decoding error logging. 2023-11-14 15:26:02 +04:00
Sergey Kandaurov
6a4eb51f5e Adjusted Huffman coding debug logging, missed in 7977:336084ff943b.
Spotted by XingY Wang.
2023-11-14 14:50:03 +04:00
Vladimir Khomutov
a13ed7f5ed QUIC: improved packet and frames debug tracing.
Currently, packets generated by ngx_quic_frame_sendto() and
ngx_quic_send_early_cc() are not logged, thus making it hard
to read logs due to gaps appearing in packet numbers sequence.

At frames level, it is handy to see immediately packet number
in which they arrived or being sent.
2023-10-26 23:35:09 +03:00
Sergey Kandaurov
1f1bc17ba8 Version bump. 2023-10-27 01:29:28 +04:00
Maxim Dounin
eb62c7f629 release-1.25.3 tag 2023-10-24 16:46:47 +03:00
Maxim Dounin
b8fb83b8d2 nginx-1.25.3-RELEASE 2023-10-24 16:46:46 +03:00
Maxim Dounin
80a620a2f3 Updated OpenSSL and zlib used for win32 builds. 2023-10-23 21:50:26 +03:00
Sergey Kandaurov
b19bc2e0fa HTTP/2: fixed buffer management with HTTP/2 auto-detection.
As part of normal HTTP/2 processing, incomplete frames are saved in the
control state using a fixed size memcpy of NGX_HTTP_V2_STATE_BUFFER_SIZE.
For this matter, two state buffers are reserved in the HTTP/2 recv buffer.

As part of HTTP/2 auto-detection on plain TCP connections, initial data
is first read into a buffer specified by the client_header_buffer_size
directive that doesn't have state reservation.  Previously, this made it
possible to over-read the buffer as part of saving the state.

The fix is to read the available buffer size rather than a fixed size.
Although memcpy of a fixed size can produce a better optimized code,
handling of incomplete frames isn't a common execution path, so it was
sacrificed for the sake of simplicity of the fix.
2023-10-21 18:48:24 +04:00
Sergey Kandaurov
31620d1a89 QUIC: explicitly zero out unused keying material. 2023-10-20 18:05:07 +04:00
Sergey Kandaurov
b94f1fbee3 QUIC: removed key field from ngx_quic_secret_t.
It is made local as it is only needed now when creating crypto context.

BoringSSL lacks EVP interface for ChaCha20, providing instead
a function for one-shot encryption, thus hp is still preserved.

Based on a patch by Roman Arutyunyan.
2023-10-20 18:05:07 +04:00
Sergey Kandaurov
01bd8caceb QUIC: simplified ngx_quic_ciphers() API.
After conversion to reusable crypto ctx, now there's enough caller
context to remove the "level" argument from ngx_quic_ciphers().
2023-10-20 18:05:07 +04:00
Sergey Kandaurov
d15f8f2c85 QUIC: cleaned up now unused ngx_quic_ciphers() calls. 2023-10-20 18:05:07 +04:00
Sergey Kandaurov
4f60ee789e QUIC: reusing crypto contexts for header protection. 2023-10-20 18:05:07 +04:00
Sergey Kandaurov
52d50714eb QUIC: common code for crypto open and seal operations. 2023-10-20 18:05:07 +04:00
Sergey Kandaurov
80a695add8 QUIC: reusing crypto contexts for packet protection. 2023-10-20 18:05:07 +04:00
Sergey Kandaurov
885a02696e QUIC: renamed protection functions.
Now these functions have names ngx_quic_crypto_XXX():

  - ngx_quic_tls_open() -> ngx_quic_crypto_open()
  - ngx_quic_tls_seal() -> ngx_quic_crypto_seal()
  - ngx_quic_tls_hp() -> ngx_quic_crypto_hp()
2023-10-20 18:05:07 +04:00
Sergey Kandaurov
8e1217c46d QUIC: prevented generating ACK frames with discarded keys.
Previously it was possible to generate ACK frames using formally discarded
protection keys, in particular, when acknowledging a client Handshake packet
used to complete the TLS handshake and to discard handshake protection keys.
As it happens late in packet processing, it could be possible to generate ACK
frames after the keys were already discarded.

ACK frames are generated from ngx_quic_ack_packet(), either using a posted
push event, which envolves ngx_quic_generate_ack() as a part of the final
packet assembling, or directly in ngx_quic_ack_packet(), such as when there
is no room to add a new ACK range or when the received packet is out of order.
The added keys availability check is used to avoid generating late ACK frames
in both cases.
2023-10-20 18:05:07 +04:00
Sergey Kandaurov
fffd2823ba QUIC: added safety belt to prevent using discarded keys.
In addition to triggering alert, it ensures that such packets won't be sent.

With the previous change that marks server keys as discarded by zeroing the
key lengh, it is now an error to send packets with discarded keys.  OpenSSL
based stacks tolerate such behaviour because key length isn't used in packet
protection, but BoringSSL will raise the UNSUPPORTED_KEY_SIZE cipher error.
It won't be possible to use discarded keys with reused crypto contexts as it
happens in subsequent changes.
2023-10-20 18:05:07 +04:00
Sergey Kandaurov
cd5f4cd8d3 QUIC: split keys availability checks to read and write sides.
Keys may be released by TLS stack in different times, so it makes sense
to check this independently as well.  This allows to fine-tune what key
direction is used when checking keys availability.

When discarding, server keys are now marked in addition to client keys.
2023-08-31 19:54:10 +04:00
Maxim Dounin
c93cb45ae3 Core: changed ngx_queue_sort() to use merge sort.
This improves nginx startup times significantly when using very large number
of locations due to computational complexity of the sorting algorithm being
used: insertion sort is O(n*n) on average, while merge sort is O(n*log(n)).
In particular, in a test configuration with 20k locations total startup
time is reduced from 8 seconds to 0.9 seconds.

Prodded by Yusuke Nojima,
https://mailman.nginx.org/pipermail/nginx-devel/2023-September/NUL3Y2FPPFSHMPTFTL65KXSXNTX3NQMK.html
2023-10-18 04:30:11 +03:00
Maxim Dounin
284a0c7377 Core: fixed memory leak on configuration reload with PCRE2.
In ngx_regex_cleanup() allocator wasn't configured when calling
pcre2_compile_context_free() and pcre2_match_data_free(), resulting
in no ngx_free() call and leaked memory.  Fix is ensure that allocator
is configured for global allocations, so that ngx_free() is actually
called to free memory.

Additionally, ngx_regex_compile_context was cleared in
ngx_regex_module_init().  It should be either not cleared, so it will
be freed by ngx_regex_cleanup(), or properly freed.  Fix is to
not clear it, so ngx_regex_cleanup() will be able to free it.

Reported by ZhenZhong Wu,
https://mailman.nginx.org/pipermail/nginx-devel/2023-September/3Z5FIKUDRN2WBSL3JWTZJ7SXDA6YIWPB.html
2023-10-17 02:39:38 +03:00
Maxim Dounin
6ceef192e7 HTTP/2: per-iteration stream handling limit.
To ensure that attempts to flood servers with many streams are detected
early, a limit of no more than 2 * max_concurrent_streams new streams per one
event loop iteration was introduced.  This limit is applied even if
max_concurrent_streams is not yet reached - for example, if corresponding
streams are handled synchronously or reset.

Further, refused streams are now limited to maximum of max_concurrent_streams
and 100, similarly to priority_limit initial value, providing some tolerance
to clients trying to open several streams at the connection start, yet
low tolerance to flooding attempts.
2023-10-10 15:13:39 +03:00
Vladimir Khomutov
c37fdcdd1e QUIC: handle callback errors in compat.
The error may be triggered in add_handhshake_data() by incorrect transport
parameter sent by client.  The expected behaviour in this case is to close
connection complaining about incorrect parameter.  Currently the connection
just times out.
2023-09-22 19:23:57 +04:00
Roman Arutyunyan
027b681688 Modules compatibility: added QUIC to signature (ticket #2539).
Enabling QUIC changes ngx_connection_t layout, which is why it should be
added to the signature.
2023-09-13 17:48:15 +04:00
Roman Arutyunyan
196289ac18 QUIC: simplified setting close timer when closing connection.
Previously, the timer was never reset due to an explicit check.  The check was
added in 36b59521a41c as part of connection close simplification.  The reason
was to retain the earliest timeout.  However, the timeouts are all the same
while QUIC handshake is in progress and resetting the timer for the same value
has no performance implications.  After handshake completion there's only
application level.  The change removes the check.
2023-09-14 14:15:20 +04:00
Roman Arutyunyan
26e606a6bc HTTP/3: postponed session creation to init() callback.
Now the session object is assigned to c->data while ngx_http_connection_t
object is referenced by its http_connection field, similar to
ngx_http_v2_connection_t and ngx_http_request_t.

The change allows to eliminate v3_session field from ngx_http_connection_t.
The field was under NGX_HTTP_V3 macro, which was a source of binary
compatibility problems when nginx/module is build with/without HTTP/3 support.

Postponing is essential since c->data should retain the reference to
ngx_http_connection_t object throughout QUIC handshake, because SSL callbacks
ngx_http_ssl_servername() and ngx_http_ssl_alpn_select() rely on this.
2023-09-14 14:13:43 +04:00
Roman Arutyunyan
6ecf576e34 QUIC: do not call shutdown() when handshake is in progress.
Instead, when worker is shutting down and handshake is not yet completed,
connection is terminated immediately.

Previously the callback could be called while QUIC handshake was in progress
and, what's more important, before the init() callback.  Now it's postponed
after init().

This change is a preparation to postponing HTTP/3 session creation to init().
2023-09-21 19:32:38 +04:00
Roman Arutyunyan
ec37134416 HTTP/3: moved variable initialization. 2023-09-13 17:57:13 +04:00
Roman Arutyunyan
33dca88792 QUIC: "handshake_timeout" configuration parameter.
Previously QUIC did not have such parameter and handshake duration was
controlled by HTTP/3.  However that required creating and storing HTTP/3
session on first client datagram.  Apparently there's no convenient way to
store the session object until QUIC handshake is complete.  In the followup
patches session creation will be postponed to init() callback.
2023-09-13 17:59:37 +04:00
Sergey Kandaurov
b489ba83e9 QUIC: removed use of SSL_quic_read_level and SSL_quic_write_level.
As explained in BoringSSL change[1], levels were introduced in the original
QUIC API to draw a line between when keys are released and when are active.
In the new QUIC API they are released in separate calls when it's needed.
BoringSSL has then a consideration to remove levels API, hence the change.

If not available e.g. from a QUIC packet header, levels can be taken based on
keys availability.  The only real use of levels is to prevent using app keys
before they are active in QuicTLS that provides the old BoringSSL QUIC API,
it is replaced with an equivalent check of c->ssl->handshaked.

This change also removes OpenSSL compat shims since they are no longer used.
The only exception left is caching write level from the keylog callback in
the internal field which is a handy equivalent of checking keys availability.

[1] https://boringssl.googlesource.com/boringssl/+/1e859054
2023-09-01 20:31:46 +04:00
Sergey Kandaurov
0d6ea58ebb QUIC: refined sending CONNECTION_CLOSE in various packet types.
As per RFC 9000, section 10.2.3, to ensure that peer successfully removed
packet protection, CONNECTION_CLOSE can be sent in multiple packets using
different packet protection levels.

Now it is sent in all protection levels available.
This roughly corresponds to the following paragraph:

* Prior to confirming the handshake, a peer might be unable to process 1-RTT
  packets, so an endpoint SHOULD send a CONNECTION_CLOSE frame in both Handshake
  and 1-RTT packets.  A server SHOULD also send a CONNECTION_CLOSE frame in an
  Initial packet.

In practice, this change allows to avoid sending an Initial packet when we know
the client has handshake keys, by checking if we have discarded initial keys.
Also, this fixes sending CONNECTION_CLOSE when using QuicTLS with old QUIC API,
where TLS stack releases application read keys before handshake confirmation;
it is fixed by sending CONNECTION_CLOSE additionally in a Handshake packet.
2023-09-01 20:31:46 +04:00
Maxim Dounin
fa46a57199 Upstream: fixed handling of Status headers without reason-phrase.
Status header with an empty reason-phrase, such as "Status: 404 ", is
valid per CGI specification, but looses the trailing space during parsing.
Currently, this results in "HTTP/1.1 404" HTTP status line in the response,
which violates HTTP specification due to missing trailing space.

With this change, only the status code is used from such short Status
header lines, so nginx will generate status line itself, with the space
and appropriate reason phrase if available.

Reported at:
https://mailman.nginx.org/pipermail/nginx/2023-August/EX7G4JUUHJWJE5UOAZMO5UD6OJILCYGX.html
2023-08-31 22:59:17 +03:00
Roman Arutyunyan
ba30ff4c8d QUIC: ignore path validation socket error (ticket #2532).
Previously, a socket error on a path being validated resulted in validation
error and subsequent QUIC connection closure.  Now the error is ignored and
path validation proceeds as usual, with several retries and a timeout.

When validating the old path after an apparent migration, that path may already
be unavailable and sendmsg() may return an error, which should not result in
QUIC connection close.

When validating the new path, it's possible that the new client address is
spoofed (See RFC 9000, 9.3.2. On-Path Address Spoofing).  This address may
as well be unavailable and should not trigger QUIC connection closure.
2023-08-31 10:54:07 +04:00
Roman Arutyunyan
1bc204a3a5 QUIC: use last client dcid to receive initial packets.
Previously, original dcid was used to receive initial client packets in case
server initial response was lost.  However, last dcid should be used instead.
These two are the same unless retry is used.  In case of retry, client resends
initial packet with a new dcid, that is different from the original dcid.  If
server response is lost, the client resends this packet again with the same
dcid.  This is shown in RFC 9000, 7.3. Authenticating Connection IDs, Figure 8.

The issue manifested itself with creating multiple server sessions in response
to each post-retry client initial packet, if server response is lost.
2023-08-30 11:09:21 +04:00