Commit Graph

5790 Commits

Author SHA1 Message Date
Vladimir Homutov
74305af672 Stream: variables in proxy_pass and proxy_ssl_name. 2016-06-14 18:29:46 +03:00
Valentin Bartenev
a85edfeef6 HTTP/2: flushing of the SSL buffer in transition to the idle state.
It fixes potential connection leak if some unsent data was left in the SSL
buffer.  Particularly, that could happen when a client canceled the stream
after the HEADERS frame has already been created.  In this case no other
frames might be produced and the HEADERS frame alone didn't flush the buffer.
2016-07-19 20:34:17 +03:00
Valentin Bartenev
3c81c08cea HTTP/2: refactored ngx_http_v2_send_output_queue().
Now it returns NGX_AGAIN if there's still data to be sent.
2016-07-19 20:34:02 +03:00
Valentin Bartenev
3b2f54bc2e HTTP/2: fixed send timer handling.
Checking for return value of c->send_chain() isn't sufficient since there
are data can be left in the SSL buffer.  Now the wew->ready flag is used
instead.

In particular, this fixed a connection leak in cases when all streams were
closed, but there's still some data to be sent in the SSL buffer and the
client forgot about the connection.
2016-07-19 20:31:09 +03:00
Valentin Bartenev
ce6eb33d15 HTTP/2: avoid sending output queue if there's nothing to send.
Particularly this fixes alerts on OS X and NetBSD systems when HTTP/2 is
configured over plain TCP sockets.

On these systems calling writev() with no data leads to EINVAL errors
being logged as "writev() failed (22: Invalid argument) while processing
HTTP/2 connection".
2016-07-19 20:30:21 +03:00
Valentin Bartenev
da852aa468 HTTP/2: always handle streams in error state.
Previously, a stream could be closed by timeout if it was canceled
while its send window was exhausted.
2016-07-19 20:22:44 +03:00
Valentin Bartenev
19de85a4d7 HTTP/2: prevented output of the HEADERS frame for canceled streams.
It's useless to generate HEADERS if the stream has been canceled already.
2016-07-19 20:22:44 +03:00
Valentin Bartenev
ab5401d204 HTTP/2: always send GOAWAY while worker is shutting down.
Previously, if the worker process exited, GOAWAY was sent to connections in
idle state, but connections with active streams were closed without GOAWAY.
2016-07-19 20:22:44 +03:00
Valentin Bartenev
5c2dd3913a Events: support for EPOLLEXCLUSIVE.
This flag appeared in Linux 4.5 and is useful for avoiding thundering herd
problem.

The current Linux kernel implementation walks the list of exclusive waiters,
and queues an event to each epfd, until it finds the first waiter that has
threads blocked on it via epoll_wait().
2016-07-15 15:18:57 +03:00
Valentin Bartenev
b60534e0d8 Style: sorted epoll flags. 2016-07-15 15:18:57 +03:00
Valentin Bartenev
46dd747c9e Events: the "accept_mutex" directive is turned off by default.
Now it is believed that the accept mutex brings more harm than benefits.
Especially in various benchmarks it often results in situation where only
one worker grabs all connections.
2016-07-15 15:18:57 +03:00
Vladimir Homutov
6c2b086d0e Stream: split_clients module. 2016-07-12 17:34:52 +03:00
Vladimir Homutov
bb790f5d30 Stream: geo module. 2016-06-30 16:12:50 +03:00
Vladimir Homutov
4cf0e28483 Stream: geoip module. 2016-07-12 17:34:43 +03:00
Vladimir Homutov
e1308338a9 Stream: style. 2016-07-12 17:34:40 +03:00
Vladimir Homutov
4105225310 Stream: individual build options for modules. 2016-07-12 12:38:01 +03:00
Sergey Kandaurov
586ef968f9 HTTP/2: avoid left-shifting signed integer into the sign bit.
On non-aligned platforms, properly cast argument before left-shifting it in
ngx_http_v2_parse_uint32 that is used with u_char.  Otherwise it propagates
to int to hold the value and can step over the sign bit.  Usually, on known
compilers, this results in negation.  Furthermore, a subsequent store into a
wider type, that is ngx_uint_t on 64-bit platforms, results in sign-extension.

In practice, this can be observed in debug log as a very large exclusive bit
value, when client sent PRIORITY frame with exclusive bit set:

: *14 http2 PRIORITY frame sid:5 on 1 excl:8589934591 weight:17

Found with UndefinedBehaviorSanitizer.
2016-07-07 21:03:21 +03:00
Sergey Kandaurov
6299f5e914 Avoid left-shifting integers into the sign bit, which is undefined.
Found with UndefinedBehaviorSanitizer.
2016-07-07 21:02:28 +03:00
Piotr Sikora
678991a8f6 Configure: stop polluting NGX_ namespace.
While there, fix the only test that used alternative variable name.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-06-27 15:00:06 -07:00
Piotr Sikora
70f7141074 Configure: fix build with -Werror=old-style-definition.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-06-27 15:00:05 -07:00
Piotr Sikora
b3d891a47e Configure: fix build with -Werror=nonnull.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-06-27 15:00:04 -07:00
Piotr Sikora
f8c6a0800c Configure: fix build with -Werror=unused-but-set-variable.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-06-27 15:00:03 -07:00
Piotr Sikora
d8a2b25cb8 Configure: fix build with -Werror=unused-value.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-06-27 15:00:02 -07:00
Piotr Sikora
356ab319d3 Configure: style.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-06-27 15:00:01 -07:00
Piotr Sikora
22ed22e15e Configure: remove auto/lib/test, unused since nginx-0.1.2.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2015-10-23 18:21:33 -07:00
Vladimir Homutov
dea1e999b8 Stream: resolver. 2016-07-07 13:15:31 +03:00
Ruslan Ermilov
6810b9f148 Use NGX_MAX_PATH_LEVEL where appropriate.
The macro was unused since 0.7.44.
2016-07-06 13:22:29 +03:00
Ruslan Ermilov
5c4ca2ac80 Version bump. 2016-07-06 13:10:06 +03:00
Maxim Dounin
14889fc027 release-1.11.2 tag 2016-07-05 18:56:14 +03:00
Maxim Dounin
c8536d4ae7 nginx-1.11.2-RELEASE 2016-07-05 18:56:14 +03:00
Maxim Dounin
f629c1670d Updated PCRE used for win32 builds. 2016-07-05 18:30:56 +03:00
Roman Arutyunyan
a7c6f8c1d7 Stream: return module. 2016-05-18 22:08:49 +03:00
Vladimir Homutov
9721eae1f1 Stream: SSL-related variables. 2016-06-29 12:52:52 +03:00
Vladimir Homutov
cb635b7879 Stream: got rid of pseudo variables.
Stream limit_conn, upstream_hash and proxy modules now use complex values.
2016-06-29 12:46:12 +03:00
Vladimir Homutov
05db6ddfa1 Stream: map module. 2016-06-29 12:46:12 +03:00
Vladimir Homutov
d531cebb79 Stream: core module variables. 2016-06-14 18:28:14 +03:00
Vladimir Homutov
c31773ea60 Stream: variables and script.
This is a port of corresponding http code with unrelated features excluded.
2016-07-04 16:37:36 +03:00
Vladimir Homutov
db5a15d2f9 Stream: added preconfiguration step. 2016-06-15 15:10:24 +03:00
Roman Arutyunyan
c9dae918fd Sub filter: eliminate unnecessary buffering.
Previously, when a buffer was processed by the sub filter, its final bytes
could be buffered by the filter even if they don't match any pattern.
This happened because the Boyer-Moore algorithm, employed by the sub filter
since b9447fc457b4 (1.9.4), matches the last characters of patterns prior to
checking other characters.  If the last character is out of scope, initial
bytes of a potential match are buffered until the last character is available.

Now, after receiving a flush or recycled buffer, the filter performs
additional checks to reduce the number of buffered bytes.  The potential match
is checked against the initial parts of all patterns.  Non-matching bytes are
not buffered.  This improves processing of a chunked response from upstream
by sending the entire chunks without buffering unless a partial match is found
at the end of a chunk.
2016-07-02 15:59:53 +03:00
Roman Arutyunyan
ec70155755 Sub filter: introduced the ngx_http_sub_match() function.
No functional changes.
2016-07-02 15:59:52 +03:00
Maxim Dounin
c60b61a290 Internal md5 and sha1 implementations are now always used.
This reduces the number of moving parts in ABI compatibility checks.
Additionally, it also allows to use OpenSSL in FIPS mode while still
using md5 for non-security tasks.
2016-06-30 18:57:39 +03:00
Ruslan Ermilov
fb6c764921 Removed unused flag accept_context_updated from ngx_event_t.
Also, removed practically unused flag accept_context_updated from
ngx_connection_t.
2016-06-29 14:30:00 +03:00
Roman Arutyunyan
dcf3d20874 Style. 2016-06-27 18:42:29 +03:00
Piotr Sikora
e0b0fa6bf5 HTTP/2: style.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-06-22 13:47:54 -07:00
Roman Arutyunyan
a6048c0e1e Style. 2016-06-22 11:50:02 +03:00
Roman Arutyunyan
82c5230fd1 Stream: use ngx_pcalloc() in ngx_stream_proxy_bind(). 2016-06-22 11:50:02 +03:00
Roman Arutyunyan
9810fd06cb Fixed build on MSVC. 2016-06-20 15:11:50 +03:00
Roman Arutyunyan
4c03c80e12 Stream: set SO_REUSEADDR for UDP upstream sockets.
The option is only set if the socket is bound to a specific port to allow
several such sockets coexist at the same time.  This is required, for example,
when nginx acts as a transparent proxy and receives two datagrams from the same
client in a short time.

The feature is only implemented for Linux.
2016-06-20 12:48:47 +03:00
Roman Arutyunyan
05879309c1 Stream: support for $remote_port in proxy_bind.
The following two types of bind addresses are supported in addition to
$remote_addr and address literals:

- $remote_addr:$remote_port
- [$remote_addr]:$remote_port

In both cases client remote address with port is used in upstream socket bind.
2016-06-20 11:50:44 +03:00
Roman Arutyunyan
8cad1c015f Upstream: support for port in proxy_bind and friends. 2016-06-20 11:50:43 +03:00