Commit Graph

5790 Commits

Author SHA1 Message Date
Valentin Bartenev
c2a00bacac Dynamic modules: added dlsym() to configure test.
It appears that AddressSanitizer in GCC 5 intercepts dlopen() and dlclose()
but not dlsym().
2016-02-05 21:48:25 +03:00
Ruslan Ermilov
4814d78312 Dynamic modules: fixed a copy-n-paste error. 2016-02-05 14:02:54 +03:00
Maxim Dounin
97f59dda09 Dynamic modules.
The auto/module script is extended to understand ngx_module_link=DYNAMIC.
When set, it links the module as a shared object rather than statically
into nginx binary.  The module can later be loaded using the "load_module"
directive.

New auto/module parameter ngx_module_order allows to define module loading
order in complex cases.  By default the order is set based on ngx_module_type.

3rd party modules can be compiled dynamically using the --add-dynamic-module
configure option, which will preset ngx_module_link to "DYNAMIC" before
calling the module config script.

Win32 support is rudimentary, and only works when using MinGW gcc (which
is able to handle exports/imports automatically).

In collaboration with Ruslan Ermilov.
2016-02-04 20:25:29 +03:00
Maxim Dounin
0805ba14e7 Dynamic modules: auto/module script.
This script simplifies configuration of additional modules,
including 3rd party ones.  The script is extensible, and
will be used to introduce dynamic linking of modules in upcoming
changes.

3rd party module config scripts are called with ngx_module_link
preset to "ADDON" - this allows config scripts to call auto/module
without ngx_module_link explicitly defined, as well as testing if
new interface is in place if compatibility with older nginx versions
is desired.

In collaboration with Ruslan Ermilov.
2016-02-04 18:30:21 +03:00
Maxim Dounin
359803e457 Dynamic modules: introduced HTTP_INIT_FILTER_MODULES.
Additionally, HTTP_HEADERS_FILTER_MODULE now added to HTTP_FILTER_MODULES.
This avoids explict use of modules at the later stages, now only module
lists are used.  This will be needed in later patches.
2016-02-04 18:30:21 +03:00
Maxim Dounin
86cc342a26 Dynamic modules: dlopen() support. 2016-02-04 18:30:21 +03:00
Maxim Dounin
0f67d6355c Dynamic modules: changed ngx_modules to cycle->modules. 2016-02-04 18:30:21 +03:00
Maxim Dounin
7988334570 Dynamic modules: moved module-related stuff to separate files. 2016-02-04 18:30:21 +03:00
Valentin Bartenev
9add42c71e HTTP/2: fixed possible buffer overrun (ticket #893).
Due to greater priority of the unary plus operator over the ternary operator
the expression didn't work as expected.  That might result in one byte less
allocation than needed for the HEADERS frame buffer.
2016-02-04 18:01:04 +03:00
Valentin Bartenev
cb173ff672 HTTP/2: fixed padding handling in HEADERS frame with CONTINUATION. 2016-02-02 16:33:55 +03:00
Valentin Bartenev
8050277acf HTTP/2: fixed request length accounting.
Now it includes not only the received body size,
but the size of headers block as well.
2016-02-02 16:33:55 +03:00
Valentin Bartenev
405f4f99b4 HTTP/2: fixed excessive memory allocation for pool cleanup. 2016-02-02 16:33:55 +03:00
Valentin Bartenev
3351fbe481 HTTP/2: removed unused field from ngx_http_v2_stream_t. 2016-02-02 16:33:55 +03:00
Ruslan Ermilov
c6ed65ce7c Resolver: style.
Use the original query name in error and debug messages when
processing PTR responses.
2015-12-17 17:30:22 +03:00
Ruslan Ermilov
bf269cbc55 Resolver: improved PTR response processing.
The previous code only parsed the first answer, without checking its
type, and required a compressed RR name.

The new code checks the RR type, supports responses with multiple
answers, and doesn't require the RR name to be compressed.

This has a side effect in limited support of CNAME.  If a response
includes both CNAME and PTR RRs, like when recursion is enabled on
the server, PTR RR is handled.

Full CNAME support in PTR response is not implemented in this change.
2015-12-17 17:21:16 +03:00
Ruslan Ermilov
06806aa001 Resolver: style.
Renamed argument in ngx_resolver_process_a() for consistency.
2015-12-17 17:21:12 +03:00
Roman Arutyunyan
cbee15bb6c Resolver: free TCP buffers on resolver cleanup. 2016-02-02 13:42:55 +03:00
Ruslan Ermilov
625481f6f1 Resolver: fixed possible resource leak introduced in 5a16d40c63de.
Found by Coverity (CID 1351175).
2016-02-02 11:35:19 +03:00
Roman Arutyunyan
aa8fa81e42 Resolver: TCP support.
Resend DNS query over TCP once UDP response came truncated.
2016-01-28 15:28:20 +03:00
Roman Arutyunyan
c8c44f7478 Resolver: per-request DNS server balancer.
Previously, a global server balancer was used to assign the next DNS server to
send a query to.  That could lead to a non-uniform distribution of servers per
request.  A request could be assigned to the same dead server several times in a
row and wait longer for a valid server or even time out without being processed.

Now each query is sent to all servers sequentially in a circle until a
response is received or timeout expires.  Initial server for each request is
still globally balanced.
2016-01-28 15:28:20 +03:00
Roman Arutyunyan
1945fff7bf Resolver: renamed UDP-specific structures, fields and variables.
They will be used for TCP connections as well.
2016-01-28 15:28:20 +03:00
Roman Arutyunyan
52d3601155 Resolver: removed unused field from ngx_resolver_ctx_t. 2016-01-28 15:28:19 +03:00
Roman Arutyunyan
c541b82c21 Version bump. 2016-01-28 15:25:58 +03:00
Maxim Dounin
da75f5599d release-1.9.10 tag 2016-01-26 17:27:41 +03:00
Maxim Dounin
0269c7a312 nginx-1.9.10-RELEASE 2016-01-26 17:27:40 +03:00
Ruslan Ermilov
fe89d99796 Resolver: limited CNAME recursion.
Previously, the recursion was only limited for cached responses.
2016-01-26 16:47:14 +03:00
Roman Arutyunyan
a3d42258d9 Resolver: fixed use-after-free memory accesses with CNAME.
When several requests were waiting for a response, then after getting
a CNAME response only the last request's context had the name updated.
Contexts of other requests had the wrong name.  This name was used by
ngx_resolve_name_done() to find the node to remove the request context
from.  When the name was wrong, the request could not be properly
cancelled, its context was freed but stayed linked to the node's waiting
list.  This happened e.g. when the first request was aborted or timed
out before the resolving completed.  When it completed, this triggered
a use-after-free memory access by calling ctx->handler of already freed
request context.  The bug manifests itself by
"could not cancel <name> resolving" alerts in error_log.

When a request was responded with a CNAME, the request context kept
the pointer to the original node's rn->u.cname.  If the original node
expired before the resolving timed out or completed with an error,
this would trigger a use-after-free memory access via ctx->name in
ctx->handler().

The fix is to keep ctx->name unmodified.  The name from context
is no longer used by ngx_resolve_name_done().  Instead, we now keep
the pointer to resolver node to which this request is linked.
Keeping the original name intact also improves logging.
2016-01-26 16:46:59 +03:00
Roman Arutyunyan
b1a110e3a4 Resolver: changed the ngx_resolver_create_*_query() arguments.
No functional changes.

This is needed by the following change.
2016-01-26 16:46:48 +03:00
Ruslan Ermilov
4016e6b1da Resolver: fixed CNAME processing for several requests.
When several requests were waiting for a response, then after getting
a CNAME response only the last request was properly processed, while
others were left waiting.
2016-01-26 16:46:38 +03:00
Ruslan Ermilov
4b581a7c21 Resolver: fixed crashes in timeout handler.
If one or more requests were waiting for a response, then after
getting a CNAME response, the timeout event on the first request
remained active, pointing to the wrong node with an empty
rn->waiting list, and that could cause either null pointer
dereference or use-after-free memory access if this timeout
expired.

If several requests were waiting for a response, and the first
request terminated (e.g., due to client closing a connection),
other requests were left without a timeout and could potentially
wait indefinitely.

This is fixed by introducing per-request independent timeouts.
This change also reverts 954867a2f0a6 and 5004210e8c78.
2016-01-26 16:46:31 +03:00
Roman Arutyunyan
c44fd4e837 Resolver: fixed possible segmentation fault on DNS format error. 2016-01-26 16:46:18 +03:00
Valentin Bartenev
8a5df8c720 Request body: removed surplus assigment, no functional changes.
Setting rb->bufs to NULL is surplus after ngx_http_write_request_body()
has returned NGX_OK.
2016-01-12 19:19:07 +03:00
Maxim Dounin
d0bf684ab6 Core: worker_cpu_affinity auto.
If enabled, workers are bound to available CPUs, each worker to once CPU
in order.  If there are more workers than available CPUs, remaining are
bound in a loop, starting again from the first available CPU.

The optional mask parameter defines which CPUs are available for automatic
binding.

In collaboration with Vladimir Homutov.
2016-01-11 19:23:17 +03:00
Maxim Dounin
af647a3da2 Upstream: fixed changing method on X-Accel-Redirect.
Previously, only r->method was changed, resulting in handling of a request
as GET within nginx itself, but not in requests to proxied servers.

See http://mailman.nginx.org/pipermail/nginx/2015-December/049518.html.
2016-01-11 19:08:12 +03:00
Ruslan Ermilov
65af9b8be2 Year 2016. 2016-01-11 10:53:49 +03:00
Maxim Dounin
fda7d021ca Upstream: don't keep connections on early responses (ticket #669). 2015-12-17 16:39:15 +03:00
Maxim Dounin
9973e36944 Fixed PROXY protocol on IPv6 sockets (ticket #858). 2015-12-17 16:39:02 +03:00
Maxim Dounin
852a565be3 Version bump. 2015-12-17 16:38:51 +03:00
Ruslan Ermilov
cc3e3dda79 Fixed a typo. 2015-12-12 10:32:58 +03:00
Maxim Dounin
61fbf38887 release-1.9.9 tag 2015-12-09 17:47:21 +03:00
Maxim Dounin
8275c8a387 nginx-1.9.9-RELEASE 2015-12-09 17:47:20 +03:00
Ruslan Ermilov
5e7535df72 Fixed fastcgi_pass with UNIX socket and variables (ticket #855).
This was broken in a93345ee8f52 (1.9.8).
2015-12-09 16:26:59 +03:00
Ruslan Ermilov
fac1f23e5d Version bump. 2015-12-09 14:41:16 +03:00
Maxim Dounin
e359dc208e release-1.9.8 tag 2015-12-08 18:16:52 +03:00
Maxim Dounin
76cfdd0917 nginx-1.9.8-RELEASE 2015-12-08 18:16:51 +03:00
Roman Arutyunyan
56fda3265b Slice filter: terminate first slice with last_in_chain flag.
This flag makes sub filter flush buffered data and optimizes allocation in copy
filter.
2015-12-08 17:39:56 +03:00
Roman Arutyunyan
5c1f76f0e9 Slice filter: never run subrequests when main request is buffered.
With main request buffered, it's possible, that a slice subrequest will send
output before it.  For example, while main request is waiting for aio read to
complete, a slice subrequest can start an aio operation as well.  The order
in which aio callbacks are called is undetermined.
2015-12-08 17:39:56 +03:00
Sergey Kandaurov
79fcf261d0 SSL: fixed possible segfault on renegotiation (ticket #845).
Skip SSL_CTX_set_tlsext_servername_callback in case of renegotiation.
Do nothing in SNI callback as in this case it will be supplied with
request in c->data which isn't expected and doesn't work this way.

This was broken by b40af2fd1c16 (1.9.6) with OpenSSL master branch and LibreSSL.
2015-12-08 16:59:43 +03:00
Maxim Dounin
1be1e11335 Updated OpenSSL and PCRE used for win32 builds. 2015-12-07 20:09:34 +03:00
Maxim Dounin
0fd8e9faa4 Added slice module to win32 builds. 2015-12-07 20:08:13 +03:00