Commit Graph

7120 Commits

Author SHA1 Message Date
Roman Arutyunyan
cb0e3a2658 QUIC: handle client RESET_STREAM and STOP_SENDING.
For RESET_STREAM the c->read->error flag is set.
For STOP_SENDING the c->write->error flag is set.
2020-08-03 13:31:48 +03:00
Roman Arutyunyan
e97c50cdd6 QUIC: create streams for STREAM_DATA_BLOCKED and MAX_STREAM_DATA.
Creating client-initiated streams is moved from ngx_quic_handle_stream_frame()
to a separate function ngx_quic_create_client_stream().  This function is
responsible for creating streams with lower ids as well.

Also, simplified and fixed initial data buffering in
ngx_quic_handle_stream_frame().  It is now done before calling the initial
handler as the handler can destroy the stream.
2020-08-11 19:10:57 +03:00
Roman Arutyunyan
68c5d80ee5 QUIC: fixed ngx_http_test_reading() for QUIC streams.
Previously this function generated an error trying to figure out if client shut
down the write end of the connection.  The reason for this error was that a
QUIC stream has no socket descriptor.  However checking for eof is not the
right thing to do for an HTTP/3 QUIC stream since HTTP/3 clients are expected
to shut down the write end of the stream after sending the request.

Now the function handles QUIC streams separately.  It checks if c->read->error
is set.  The error flags for c->read and c->write are now set for all streams
when closing the QUIC connection instead of setting the pending_eof flag.
2020-08-11 10:41:39 +03:00
Sergey Kandaurov
e4ca695700 QUIC: fixed ACK Ranges processing.
According to quic-transport draft 29, section 19.3.1:

   The value of the Gap field establishes the largest packet number
   value for the subsequent ACK Range using the following formula:

      largest = previous_smallest - gap - 2

   Thus, given a largest packet number for the range, the smallest value
   is determined by the formula:

      smallest = largest - ack_range

While here, changed min/max to uint64_t for consistency.
2020-08-07 12:34:15 +03:00
Sergey Kandaurov
7d1a1fb6de QUIC: fixed possible use-after-free on stream cleanup.
A QUIC stream could be destroyed by handler while in ngx_quic_stream_input().
To detect this, ngx_quic_find_stream() is used to check that it still exists.

Previously, a stream id was passed to this routine off the frame structure.
In case of stream cleanup, it is freed along with other frames belonging to
the stream on cleanup.  Then, a cleanup handler reuses last frames to update
MAX_STREAMS and serve other purpose.  Thus, ngx_quic_find_stream() is passed
a reused frame with zeroed out part pointed by stream_id.  If a stream with
id 0x0 still exists, this leads to use-after-free.
2020-08-07 12:34:11 +03:00
Sergey Kandaurov
4ded4e3402 QUIC: fixed format specifiers and removed casts. 2020-07-28 18:54:20 +03:00
Sergey Kandaurov
c2e9b362ed QUIC: consistent Stream ID logging format. 2020-07-28 17:11:25 +03:00
Roman Arutyunyan
007a3996cc QUIC: added HTTP/3 directives list to README.
Also removed server push from TODO list.
2020-07-28 15:53:42 +03:00
Maxim Dounin
d2744ad26f FastCGI: fixed zero size buf alerts on extra data (ticket #2018).
After 05e42236e95b (1.19.1) responses with extra data might result in
zero size buffers being generated and "zero size buf" alerts in writer
(if f->rest happened to be 0 when processing additional stdout data).
2020-07-27 16:02:15 +03:00
balus
c3db6f729f Core: enclosed parameters of the ngx_buf.h macros in parentheses. 2020-07-27 13:21:51 +03:00
Sergey Kandaurov
4ee66b3f7b OCSP: fixed certificate reference leak. 2020-07-23 17:31:09 +03:00
Roman Arutyunyan
6d064c94e0 HTTP/3: server pushes.
New directives are added:
- http3_max_concurrent_pushes
- http3_push
- http3_push_preload
2020-07-23 13:41:24 +03:00
Roman Arutyunyan
77384356ce QUIC: limited the number of client-initiated streams.
The limits on active bidi and uni client streams are maintained at their
initial values initial_max_streams_bidi and initial_max_streams_uni by sending
a MAX_STREAMS frame upon each client stream closure.

Also, the following is changed for data arriving to non-existing streams:

- if a stream was already closed, such data is ignored
- when creating a new stream, all streams of the same type with lower ids are
  created too
2020-07-27 19:15:17 +03:00
Roman Arutyunyan
a1f7106bf7 QUIC: limited the number of server-initiated streams.
Also, ngx_quic_create_uni_stream() is replaced with
ngx_quic_open_stream() which is capable of creating a bidi stream.
2020-07-27 18:51:42 +03:00
Roman Arutyunyan
4dd43dfca7 Xslt: disabled ranges.
Previously, the document generated by the xslt filter was always fully sent
to client even if a range was requested and response status was 206 with
appropriate Content-Range.

The xslt module is unable to serve a range because of suspending the header
filter chain.  By the moment full response xml is buffered by the xslt filter,
range header filter is not called yet, but the range body filter has already
been called and did nothing.

The fix is to disable ranges by resetting the r->allow_ranges flag much like
the image filter that employs a similar technique.
2020-07-22 22:16:19 +03:00
Ruslan Ermilov
80daef96f1 Core: close PID file when writing fails.
Reported by Jinhua Tan.
2020-07-21 20:34:29 +03:00
Roman Arutyunyan
5e036a6bef HTTP/3: support $server_protocol variable.
Now it holds "HTTP/3.0".  Previously it was empty.
2020-07-14 16:52:44 +03:00
Roman Arutyunyan
c8a194b29a Style: moved function declarations to match usual code style.
Plus a few other minor style changes.
2020-07-23 11:40:10 +03:00
Roman Arutyunyan
f2368597c2 HTTP/3: renamed server configuration variables from v3cf to h3scf.
Now they are similar to HTTP/2 where they are called h2scf.
2020-07-23 13:12:01 +03:00
Roman Arutyunyan
47ed87f855 HTTP/3: renamed ngx_http_v3.c to ngx_http_v3_encode.c.
The file contains only encoding functions.
2020-07-13 12:38:08 +03:00
Roman Arutyunyan
6d7ddb5471 HTTP/3: encode frame ids with ngx_http_v3_encode_varlen_int().
Even though typically frame ids fit into a single byte, calling
ngx_http_v3_encode_varlen_int() adds to the code clarity.
2020-07-13 12:33:00 +03:00
Roman Arutyunyan
fc5a7234b4 HTTP/3: generate Location response header for absolute redirects. 2020-07-23 12:31:40 +03:00
Roman Arutyunyan
04b2a169a4 HTTP/3: header encoding functions. 2020-07-13 16:00:00 +03:00
Roman Arutyunyan
548d515fba QUIC: updated README to mention "quic" listen parameter. 2020-07-22 13:45:34 +03:00
Sergey Kandaurov
ca0b9871bc QUIC: fixed bulding perl module by reducing header pollution.
The ngx_http_perl_module module doesn't have a notion of including additional
search paths through --with-cc-opt, which results in compile error incomplete
type 'enum ssl_encryption_level_t' when building nginx without QUIC support.
The enum is visible from quic event headers and eventually pollutes ngx_core.h.

The fix is to limit including headers to compile units that are real consumers.
2020-07-22 14:48:49 +03:00
Roman Arutyunyan
5468904e3b SSL: fixed compilation without QUIC after 0d2b2664b41c. 2020-07-22 13:34:48 +03:00
Roman Arutyunyan
cdc0d61ea0 HTTP/3: do not call shutdown() for QUIC streams.
Previously, this triggered an alert "shutdown() failed" in error log.
2020-07-22 11:03:42 +03:00
Roman Arutyunyan
3073ad1381 QUIC: eliminated connection handler argument in ngx_quic_run().
Now c->listening->handler() is called instead.
2020-07-21 23:08:23 +03:00
Roman Arutyunyan
36f2873f6b QUIC: added "quic" listen parameter in Stream.
Also, introduced ngx_stream_quic_module.
2020-07-21 23:08:39 +03:00
Roman Arutyunyan
b813b9ec35 QUIC: added "quic" listen parameter.
The parameter allows processing HTTP/0.9-2 over QUIC.

Also, introduced ngx_http_quic_module and moved QUIC settings there
2020-07-21 23:09:22 +03:00
Roman Arutyunyan
a305de07e9 QUIC: do not verify the selected ALPN protocol.
The right protocol is selected by the HTTP code.  In the QUIC code only verify
that some protocol was selected and trigger an error otherwise.
2020-07-18 00:08:04 +03:00
Roman Arutyunyan
0f1478706d QUIC: fixed stream read event log.
Previously, the main connection log was there.  Now it's the stream connection
log.
2020-07-18 00:08:29 +03:00
Sergey Kandaurov
8d2d2c5f8f Fixed format specifiers. 2020-07-20 15:19:03 +03:00
Vladimir Homutov
91b6487d8d QUIC: added anti-amplification limit.
According to quic-transport draft 29, section 21.12.1.1:

   Prior to validation, endpoints are limited in what they are able to
   send.  During the handshake, a server cannot send more than three
   times the data it receives; clients that initiate new connections or
   migrate to a new network path are limited.
2020-07-16 16:36:02 +03:00
Vladimir Homutov
e05337214e QUIC: added limit of queued data.
The ngx_quic_queue_frame() functions puts a frame into send queue and
schedules a push timer to actually send data.

The patch adds tracking for data amount in the queue and sends data
immediately if amount of data exceeds limit.
2020-07-16 15:02:38 +03:00
Vladimir Homutov
a5fc86c2a2 QUIC: implemented probe timeout (PTO) calculation. 2020-07-16 16:05:44 +03:00
Vladimir Homutov
782a634e38 QUIC: reworked retransmission mechanism.
Instead of timer-based retransmissions with constant packet lifetime,
this patch implements ack-based loss detection and probe timeout
for the cases, when no ack is received, according to the quic-recovery
draft 29.
2020-07-13 17:31:29 +03:00
Vladimir Homutov
230882ba50 QUIC: reworked ngx_quic_send_frames() function.
Instead of returning NGX_DONE/NGX_OK, the function now itself moves
passed frames range into sent queue and sets PTO timer if required.
2020-07-15 15:10:17 +03:00
Vladimir Homutov
395ec44029 QUIC: renaming.
The c->quic->retransmit timer is now called "pto".
The ngx_quic_retransmit() function is renamed to "ngx_quic_detect_lost()".

This is a preparation for the following patches.
2020-07-13 10:07:15 +03:00
Vladimir Homutov
d7ab1bfb7c QUIC: caching c->quic in the ngx_quic_handle_ack_frame() function.
To minimize difference with the following changes.
2020-07-13 10:07:20 +03:00
Vladimir Homutov
732720f3ca QUIC: delay field of an ACK frame is now calculated. 2020-07-10 15:33:51 +03:00
Vladimir Homutov
32fd0a7b44 QUIC: added rtt estimation.
According to the quic-recovery 29, Section 5: Estimating the Round-Trip Time.

Currently, integer arithmetics is used, which loses sub-millisecond accuracy.
2020-07-16 15:44:06 +03:00
Sergey Kandaurov
2346ee29e1 Merged with the default branch. 2020-07-13 15:34:22 +03:00
Roman Arutyunyan
5cef7de7a1 Slice filter: clear original Accept-Ranges.
The slice filter allows ranges for the response by setting the r->allow_ranges
flag, which enables the range filter.  If the range was not requested, the
range filter adds an Accept-Ranges header to the response to signal the
support for ranges.

Previously, if an Accept-Ranges header was already present in the first slice
response, client received two copies of this header.  Now, the slice filter
removes the Accept-Ranges header from the response prior to setting the
r->allow_ranges flag.
2020-07-09 16:21:37 +03:00
Roman Arutyunyan
826fb0d45c Version bump. 2020-07-09 17:33:22 +03:00
Maxim Dounin
1b2f040a1f release-1.19.1 tag 2020-07-07 18:56:06 +03:00
Maxim Dounin
0f648f6875 nginx-1.19.1-RELEASE 2020-07-07 18:56:05 +03:00
Maxim Dounin
5348706fe6 gRPC: generate error when response size is wrong.
As long as the "Content-Length" header is given, we now make sure
it exactly matches the size of the response.  If it doesn't,
the response is considered malformed and must not be forwarded
(https://tools.ietf.org/html/rfc7540#section-8.1.2.6).  While it
is not really possible to "not forward" the response which is already
being forwarded, we generate an error instead, which is the closest
equivalent.

Previous behaviour was to pass everything to the client, but this
seems to be suboptimal and causes issues (ticket #1695).  Also this
directly contradicts HTTP/2 specification requirements.

Note that the new behaviour for the gRPC proxy is more strict than that
applied in other variants of proxying.  This is intentional, as HTTP/2
specification requires us to do so, while in other types of proxying
malformed responses from backends are well known and historically
tolerated.
2020-07-06 18:36:25 +03:00
Maxim Dounin
1194ba36a0 FastCGI: protection from responses with wrong length.
Previous behaviour was to pass everything to the client, but this
seems to be suboptimal and causes issues (ticket #1695).  Fix is to
drop extra data instead, as it naturally happens in most clients.

Additionally, we now also issue a warning if the response is too
short, and make sure the fact it is truncated is propagated to the
client.  The u->error flag is introduced to make it possible to
propagate the error to the client in case of unbuffered proxying.

For responses to HEAD requests there is an exception: we do allow
both responses without body and responses with body matching the
Content-Length header.
2020-07-06 18:36:23 +03:00
Maxim Dounin
dfcfcc5a88 Upstream: drop extra data sent by upstream.
Previous behaviour was to pass everything to the client, but this
seems to be suboptimal and causes issues (ticket #1695).  Fix is to
drop extra data instead, as it naturally happens in most clients.

This change covers generic buffered and unbuffered filters as used
in the scgi and uwsgi modules.  Appropriate input filter init
handlers are provided by the scgi and uwsgi modules to set corresponding
lengths.

Note that for responses to HEAD requests there is an exception:
we do allow any response length.  This is because responses to HEAD
requests might be actual full responses, and it is up to nginx
to remove the response body.  If caching is enabled, only full
responses matching the Content-Length header will be cached
(see b779728b180c).
2020-07-06 18:36:22 +03:00