Commit Graph

1627 Commits

Author SHA1 Message Date
Maxim Dounin
ffe21776fa Version bump. 2014-05-28 17:41:33 +04:00
Vladimir Homutov
21655ae097 Syslog: fixed message sending on win32. 2014-05-27 15:42:34 +04:00
Vladimir Homutov
8e82f06d3e Syslog: fixed possible resource leak and more verbose logging.
Found by Coverity (CID 1215646).
2014-05-26 23:34:44 +04:00
Vladimir Homutov
493b898ae9 Added syslog support for error_log and access_log directives. 2014-05-12 16:34:15 +04:00
Ruslan Ermilov
1736c180f4 Configure: the --build= option.
If set, its value is output in "nginx -v" and in the error log.
2014-05-20 16:10:07 +04:00
Ruslan Ermilov
9b92f59aef Core: use '\r' for CR and '\n' for LF definitions. 2014-05-14 22:26:05 +04:00
Maxim Dounin
aa28897b22 Core: improved ngx_conf_parse() error handling.
Previous code failed to properly restore cf->conf_file in case of
ngx_close_file() errors, potentially resulting in double free of
cf->conf_file->buffer->start.

Found by Coverity (CID 1087507).
2014-04-30 19:16:49 +04:00
Maxim Dounin
60169aa3a1 Core: fixed error handling in ngx_reopen_files().
Found by Coverity (CID 1087509).
2014-04-30 19:16:40 +04:00
Valentin Bartenev
58e26b88b7 Version bump. 2014-04-24 20:50:10 +04:00
Maxim Dounin
84785d8413 Version bump. 2014-04-18 20:12:53 +04:00
Valentin Bartenev
644a43ebd2 Version bump. 2014-04-08 20:11:31 +04:00
Maxim Dounin
8877284863 Core: fixed hash to actually try max_size.
Previously, maximum size of a hash table built was (max_size - 1).
2014-03-31 21:40:35 +04:00
Maxim Dounin
2a620ae109 Core: hash now ignores bucket_size if it hits max_size limit. 2014-03-31 21:40:31 +04:00
Maxim Dounin
23f6689846 Core: slab log_nomem flag.
The flag allows to suppress "ngx_slab_alloc() failed: no memory" messages
from a slab allocator, e.g., if an LRU expiration is used by a consumer
and allocation failures aren't fatal.

The flag is now used in the SSL session cache code, and in the limit_req
module.
2014-03-31 21:38:30 +04:00
Maxim Dounin
f9b027baab Version bump. 2014-03-18 22:05:05 +04:00
Roman Arutyunyan
0b5f329784 Added server-side support for PROXY protocol v1 (ticket #355).
Client address specified in the PROXY protocol header is now
saved in the $proxy_protocol_addr variable and can be used in
the realip module.

This is currently not implemented for mail.
2014-03-17 17:41:24 +04:00
Maxim Dounin
8800f0c42b Core: fixed wrong indices in listening sockets compare loops.
Proper use is "ls[i]" and "nls[n]".  Previous code used it wrong in
several places, likely due to cut-n-paste errors.
2014-03-07 15:17:38 +04:00
Sergey Kandaurov
bd3516e8d9 Fixed format specifier in logging of "c->number". 2014-03-06 18:25:59 +04:00
Roman Arutyunyan
a35c675e71 Version bump. 2014-03-04 23:38:31 +04:00
Ruslan Ermilov
8aa8365121 Core: allocate enough memory to hold IPv6 text address plus port. 2014-02-22 12:08:31 +04:00
Ruslan Ermilov
9ae40c5b54 Resolver: properly handle connect() failures.
If initial attempt to connect() the UDP socket failed, e.g.
due to network unreachable, no further attempts were made.
2014-02-20 17:27:09 +04:00
Piotr Sikora
ab3c0f9250 Use ngx_socket_errno where appropriate.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
2014-02-03 14:17:17 -08:00
Maxim Dounin
07aef702ee Version bump. 2014-02-05 18:51:30 +04:00
Maxim Dounin
7ac48da41d Core: added ngx_encode_base64url(). 2014-02-04 04:59:21 +04:00
Piotr Sikora
2e57e0609b Core: handle getsockopt(TCP_FASTOPEN) failures.
Linux returns EOPNOTSUPP for non-TCP sockets and ENOPROTOOPT for TCP
sockets, because getsockopt(TCP_FASTOPEN) is not implemented so far.

While there, lower the log level from ALERT to NOTICE to match other
getsockopt() failures.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
2014-01-30 14:58:21 -08:00
Maxim Dounin
c94c24b177 Fixed TCP_DEFER_ACCEPT handling (ticket #353).
Backed out 05a56ebb084a, as it turns out that kernel can return connections
without any delay if syncookies are used.  This basically means we can't
assume anything about connections returned with deferred accept set.

To solve original problem the 05a56ebb084a tried to solve, i.e. to don't
wait longer than needed if a connection was accepted after deferred accept
timeout, this patch changes a timeout set with setsockopt(TCP_DEFER_ACCEPT)
to 1 second, unconditionally.  This is believed to be enough for speed
improvements, and doesn't imply major changes to timeouts used.

Note that before 2.6.32 connections were dropped after a timeout.  Though
it is believed that 1s is still appropriate for kernels before 2.6.32,
as previously tcp_synack_retries controlled the actual timeout and 1s results
in more than 1 minute actual timeout by default.
2014-01-28 15:40:46 +04:00
Maxim Dounin
bb40c4ed2f Version bump. 2014-01-23 18:32:25 +04:00
Maxim Dounin
0bfb68eea0 Core: improved ngx_reset_pool() (ticket #490).
Previously pool->current wasn't moved back to pool, resulting in blocks
not used for further allocations if pool->current was already moved at the
time of ngx_reset_pool().  Additionally, to preserve logic of moving
pool->current, the p->d.failed counters are now properly cleared.  While
here, pool->chain is also cleared.

This change is essentially a nop with current code, but generally improves
things.
2014-01-17 06:24:53 +04:00
Valentin Bartenev
8c01a95d98 SPDY: body filter was replaced by c->send_chain() function.
It allows to use ngx_http_write_filter() and all its rate limiting logic.
2014-01-14 16:24:45 +04:00
Yichun Zhang
2e2c9dba16 Resolver: added support for domain names with a trailing dot. 2014-01-10 11:22:14 -08:00
Maxim Dounin
9a72030c25 Allowed up to two EBUSY errors from sendfile().
Fallback to synchronous sendfile() now only done on 3rd EBUSY without
any progress in a row.  Not falling back is believed to be better
in case of occasional EBUSY, though protection is still needed to
make sure there will be no infinite loop.
2014-01-04 03:31:58 +04:00
Ruslan Ermilov
bf800822df Fixed the first argument to getsockopt().
While here, always initialize the last argument.
2013-12-19 13:43:18 +04:00
Ruslan Ermilov
85e6d211d0 Resolver: use minimum TTL for caching (ticket #329). 2013-12-16 19:12:23 +04:00
Valentin Bartenev
bf3ff5bca7 Version bump. 2013-12-18 18:37:48 +04:00
Ruslan Ermilov
3fd727566a Resolver: lookups are case-insensitive. 2013-12-13 20:49:52 +04:00
Ruslan Ermilov
e0caf51711 The "ipv6=" boolean parameter of the "resolver" directive.
When set to "off", only IPv4 addresses will be resolved,
and no AAAA queries are ever sent.
2013-12-09 10:53:30 +04:00
Ruslan Ermilov
769eded732 Resolver: implemented IPv6 name to address resolving. 2013-12-09 10:53:28 +04:00
Ruslan Ermilov
809bee30b7 Resolver: implemented IPv6 address to name resolving. 2013-12-06 14:30:28 +04:00
Ruslan Ermilov
3aeefbcaea Changed resolver API to use ngx_addr_t. 2013-12-06 14:30:27 +04:00
Ruslan Ermilov
552e15ba1c Resolver: fixed indentation. 2013-12-13 19:22:44 +04:00
Ruslan Ermilov
efd0e0e177 Core: externalized ngx_cmp_sockaddr().
It's also extended with the "cmp_port" argument to indicate
whether ports should be compared as well, or only addresses.
2013-12-06 14:30:27 +04:00
Ruslan Ermilov
159486239f Resolver: fixes in PTR processing.
Verify that class of RR is "IN".
Verify that RR data length is non-zero.
2013-12-06 14:30:27 +04:00
Ruslan Ermilov
f57350cd86 Resolver: fixes in A processing.
Verify that class of RR is "IN".
Verify that RR data length is exactly four octets.
Correctly shift to the next RR if RR type is unknown.
2013-12-06 14:30:27 +04:00
Ruslan Ermilov
f3a271f3fd Resolver: fixed response processing.
Stricten response header checks: ensure that reserved bits are zeroes,
and that the opcode is "standard query".

Fixed the "zero-length domain name in DNS response" condition.
2013-12-06 14:30:27 +04:00
Ruslan Ermilov
23071835a3 Resolver: removed unnecessary casts. 2013-12-06 14:30:27 +04:00
Ruslan Ermilov
3d245d4792 Resolver: improved code readability.
Renamed ngx_resolver_query_t to ngx_resolver_hdr_t as it describes
the header that is common to DNS queries and answers.

Replaced the magic number 12 by the size of the header structure.

The other changes are self-explanatory.
2013-12-06 14:30:27 +04:00
Ruslan Ermilov
fa512fdb76 Fixed handling of UNIX-domain sockets.
When evaluating $local_port, $server_port, and $server_addr,
UNIX-domain sockets were mistakenly interpreted as IPv4 sockets.
2013-12-09 10:16:44 +04:00
Ruslan Ermilov
675e73e3bd Core: keep the length of the local sockaddr. 2013-12-09 10:14:51 +04:00
Mathew Rodley
84f5c2136e Added support for TCP_FASTOPEN supported in Linux >= 3.7.1.
---
 auto/unix                       | 12 ++++++++++++
 src/core/ngx_connection.c       | 32 ++++++++++++++++++++++++++++++++
 src/core/ngx_connection.h       |  4 ++++
 src/http/ngx_http.c             |  4 ++++
 src/http/ngx_http_core_module.c | 21 +++++++++++++++++++++
 src/http/ngx_http_core_module.h |  3 +++
 6 files changed, 76 insertions(+)
2013-12-03 22:07:03 +04:00
Maxim Dounin
6b7e88f36b Version bump. 2013-11-29 17:11:36 +04:00
Maxim Dounin
0eee3b0bc5 Core: handling of getsockopt(TCP_DEFER_ACCEPT) failures.
Recent Linux versions started to return EOPNOTSUPP to getsockopt() calls
on unix sockets, resulting in log pollution on binary upgrade.  Such errors
are silently ignored now.
2013-10-31 04:00:37 +04:00
Piotr Sikora
475832834b Core: apply missed options to sockets added during binary upgrade.
The accept_filter and deferred options were not applied to sockets
that were added to configuration during binary upgrade cycle.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
2013-10-24 14:18:37 -07:00
Sergey Kandaurov
5bf78d05a0 Version bump. 2013-10-02 11:50:56 +04:00
Maxim Dounin
e11584164f Added ngx_filename_cmp() with "/" sorted to the left.
This patch fixes incorrect handling of auto redirect in configurations
like:

    location /0  { }
    location /a- { }
    location /a/ { proxy_pass ... }

With previously used sorting, this resulted in the following locations
tree (as "-" is less than "/"):

        "/a-"
    "/0"    "/a/"

and a request to "/a" didn't match "/a/" with auto_redirect, as it
didn't traverse relevant tree node during lookup (it tested "/a-",
then "/0", and then falled back to null location).

To preserve locale use for non-ASCII characters on case-insensetive
systems, libc's tolower() used.
2013-09-23 19:37:13 +04:00
Markus Linnala
35e2bb0efb Core: fix misallocation at ngx_crypt_apr1 (ticket #412).
Found by using auth_basic.t from mdounin nginx-tests under valgrind.

==10470== Invalid write of size 1
==10470==    at 0x43603D: ngx_crypt_to64 (ngx_crypt.c:168)
==10470==    by 0x43648E: ngx_crypt (ngx_crypt.c:153)
==10470==    by 0x489D8B: ngx_http_auth_basic_crypt_handler (ngx_http_auth_basic_module.c:297)
==10470==    by 0x48A24A: ngx_http_auth_basic_handler (ngx_http_auth_basic_module.c:240)
==10470==    by 0x44EAB9: ngx_http_core_access_phase (ngx_http_core_module.c:1121)
==10470==    by 0x44A822: ngx_http_core_run_phases (ngx_http_core_module.c:895)
==10470==    by 0x44A932: ngx_http_handler (ngx_http_core_module.c:878)
==10470==    by 0x455EEF: ngx_http_process_request (ngx_http_request.c:1852)
==10470==    by 0x456527: ngx_http_process_request_headers (ngx_http_request.c:1283)
==10470==    by 0x456A91: ngx_http_process_request_line (ngx_http_request.c:964)
==10470==    by 0x457097: ngx_http_wait_request_handler (ngx_http_request.c:486)
==10470==    by 0x4411EE: ngx_epoll_process_events (ngx_epoll_module.c:691)
==10470==  Address 0x5866fab is 0 bytes after a block of size 27 alloc'd
==10470==    at 0x4A074CD: malloc (vg_replace_malloc.c:236)
==10470==    by 0x43B251: ngx_alloc (ngx_alloc.c:22)
==10470==    by 0x421B0D: ngx_malloc (ngx_palloc.c:119)
==10470==    by 0x421B65: ngx_pnalloc (ngx_palloc.c:147)
==10470==    by 0x436368: ngx_crypt (ngx_crypt.c:140)
==10470==    by 0x489D8B: ngx_http_auth_basic_crypt_handler (ngx_http_auth_basic_module.c:297)
==10470==    by 0x48A24A: ngx_http_auth_basic_handler (ngx_http_auth_basic_module.c:240)
==10470==    by 0x44EAB9: ngx_http_core_access_phase (ngx_http_core_module.c:1121)
==10470==    by 0x44A822: ngx_http_core_run_phases (ngx_http_core_module.c:895)
==10470==    by 0x44A932: ngx_http_handler (ngx_http_core_module.c:878)
==10470==    by 0x455EEF: ngx_http_process_request (ngx_http_request.c:1852)
==10470==    by 0x456527: ngx_http_process_request_headers (ngx_http_request.c:1283)
==10470==
2013-09-20 17:57:21 +03:00
Sergey Kandaurov
63b1baa7f1 Version bump. 2013-09-18 18:53:24 +04:00
Valentin Bartenev
db1532944c Improved check for duplicate path names in ngx_add_path().
The same path names with different "data" context should not be allowed.

In particular it rejects configurations like this:

    proxy_cache_path /var/cache/ keys_zone=one:10m max_size=1g inactive=5m;
    proxy_cache_path /var/cache/ keys_zone=two:20m max_size=4m inactive=30s;
2013-09-16 18:49:23 +04:00
Valentin Bartenev
eb10d8f71e Removed surplus initializations from ngx_conf_set_path_slot().
An instance of ngx_path_t is already zeroed by ngx_pcalloc().
2013-09-16 18:49:22 +04:00
Valentin Bartenev
f0fbcaf098 Use ngx_pcalloc() in ngx_conf_merge_path_value().
It initializes the "data" pointer of ngx_path_t that will be checked after
subsequent changes.
2013-09-16 18:49:10 +04:00
Maxim Dounin
2b0dba578f Handling of ngx_int_t != intptr_t case.
Casts between pointers and integers produce warnings on size mismatch.  To
silence them, cast to (u)intptr_t should be used.  Prevoiusly, casts to
ngx_(u)int_t were used in some cases, and several ngx_int_t expressions had
no casts.

As of now it's mostly style as ngx_int_t is defined as intptr_t.
2013-09-04 21:16:59 +04:00
Maxim Dounin
48d96ced6f Win32: MinGW GCC compatibility.
Several warnings silenced, notably (ngx_socket_t) -1 is now checked
on socket operations instead of -1, as ngx_socket_t is unsigned on win32
and gcc complains on comparison.

With this patch, it's now possible to compile nginx using mingw gcc,
with options we normally compile on win32.
2013-09-04 20:48:28 +04:00
Maxim Dounin
5b37852323 Win32: Open Watcom C compatibility fixes.
Precompiled headers are disabled as they lead to internal compiler errors
with long configure lines.  Couple of false positive warnings silenced.
Various win32 typedefs are adjusted to work with Open Watcom C 1.9 headers.

With this patch, it's now again possible to compile nginx using owc386,
with options we normally compile on win32 minus ipv6 and ssl.
2013-09-04 20:48:22 +04:00
Valentin Bartenev
42910391cd Disable symlinks: removed recursive call of ngx_file_o_path_info().
It is surplus.
2013-09-02 20:06:03 +04:00
Valentin Bartenev
7b37384140 Disable symlinks: use O_PATH to open path components.
It was introduced in Linux 2.6.39, glibc 2.14 and allows to obtain
file descriptors without actually opening files.  Thus made it possible
to traverse path with openat() syscalls without the need to have read
permissions for path components.  It is effectively emulates O_SEARCH
which is missing on Linux.

O_PATH is used in combination with O_RDONLY.  The last one is ignored
if O_PATH is used, but it allows nginx to not fail when it was built on
modern system (i.e. glibc 2.14+) and run with a kernel older than 2.6.39.
Then O_PATH is unknown to the kernel and ignored, while O_RDONLY is used.

Sadly, fstat() is not working with O_PATH descriptors till Linux 3.6.
As a workaround we fallback to fstatat() with the AT_EMPTY_PATH flag
that was introduced at the same time as O_PATH.
2013-09-02 08:07:59 +04:00
Maxim Dounin
e96092130c Version bump. 2013-08-28 02:34:21 +04:00
Maxim Dounin
92f0126269 Style improved after 12dd27b74117. 2013-08-20 21:33:43 +04:00
Maxim Dounin
e3cab76758 Backed out f1a91825730a and 7094bd12c1ff.
While ngx_get_full_name() might have a bit more descriptive arguments,
the ngx_conf_full_name() is generally easier to use when parsing
configuration and limits exposure of cycle->prefix / cycle->conf_prefix
details.
2013-08-20 21:11:19 +04:00
Sergey Kandaurov
e09741ba06 Format specifier fixes in error logging. 2013-08-20 20:47:16 +04:00
Valentin Bartenev
74dfd08957 API change: removed the ngx_conf_full_name() function.
The ngx_get_full_name() should be used instead.
2013-08-06 19:58:40 +04:00
Valentin Bartenev
d29d21bade Replaced ngx_conf_full_name() with ngx_get_full_name().
The ngx_get_full_name() function takes more readable arguments list.
2013-08-06 19:58:40 +04:00
Valentin Bartenev
3c5bd34771 Fixed memory leaks in the root and auth_basic_user_file directives.
If a relative path is set by variables, then the ngx_conf_full_name()
function was called while processing requests, which causes allocations
from the cycle pool.

A new function that takes pool as an argument was introduced.
2013-08-06 19:58:40 +04:00
Ruslan Ermilov
3693daa20f Core: guard use of AI_ADDRCONFIG.
Some systems (notably NetBSD and OpenBSD) lack AI_ADDRCONFIG support.

Reported by Piotr Sikora.
2013-08-05 13:44:56 +04:00
Maxim Dounin
4d1b08bb1c Fixed build with signed socklen_t and unix sockets.
This seems to be the case at least under Cygwin, where build was broken
by 05ba5bce31e0 (1.5.3).

Reported by Kevin Worthington,
http://mailman.nginx.org/pipermail/nginx/2013-August/040028.html.
2013-08-05 11:40:33 +04:00
Ruslan Ermilov
7c6971cff3 Core: only resolve address families configured on the local system.
This is done by passing AI_ADDRCONFIG to getaddrinfo().

On Linux, setting net.ipv6.conf.all.disable_ipv6 to 1 will now be
respected.

On FreeBSD, AI_ADDRCONFIG filtering is currently implemented by
attempting to create a datagram socket for the corresponding family,
which succeeds even if the system doesn't in fact have any addresses
of that family configured.  That is, if the system with IPv6 support
in the kernel doesn't have IPv6 addresses configured, AI_ADDRCONFIG
will filter out IPv6 only inside a jail without IPv6 addresses or
with IPv6 disabled.
2013-08-05 10:55:59 +04:00
Sergey Kandaurov
986d3a870d Version bump. 2013-07-31 18:35:57 +04:00
Ruslan Ermilov
02a077b827 On DragonFlyBSD, TCP_KEEPIDLE and TCP_KEEPINTVL are in msecs.
Based on a patch by Sepherosa Ziehau.
2013-07-25 12:46:03 +04:00
Ruslan Ermilov
690e2b33aa Style: reuse one int variable in ngx_configure_listening_sockets().
No functional changes.
2013-07-25 12:46:02 +04:00
Vladimir Homutov
d79c8abcaa Core: fixed possible use of an uninitialized variable.
The call to ngx_sock_ntop() in ngx_connection_local_sockaddr() might be
performed with the uninitialized "len" variable.  The fix is to initialize
variable to the size of corresponding socket address type.

The issue was introduced in commit 05ba5bce31e0.
2013-07-11 19:50:19 +04:00
Vladimir Homutov
af18946d76 Core: extended ngx_sock_ntop() with socklen parameter.
On Linux, sockaddr length is required to process unix socket addresses properly
due to unnamed sockets (which don't have sun_path set at all) and abstract
namespace sockets.
2013-07-11 16:07:25 +04:00
Gleb Smirnoff
050f74b751 Make macros safe. 2013-07-05 11:42:25 +04:00
Vladimir Homutov
dd3e13eef0 Core: consolidated log-related code.
The stderr redirection code is moved to ngx_log_redirect_stderr().
The opening of the default log code is moved to ngx_log_open_default().
2013-06-28 17:24:54 +04:00
Maxim Dounin
f41c91511d Version bump. 2013-07-02 20:05:49 +04:00
Vladimir Homutov
11ff177a9f Core: support several "error_log" directives.
When several "error_log" directives are specified in the same configuration
block, logs are written to all files with a matching log level.

All logs are stored in the singly-linked list that is sorted by log level in
the descending order.

Specific debug levels (NGX_LOG_DEBUG_HTTP,EVENT, etc.) are not supported
if several "error_log" directives are specified.  In this case all logs
will use debug level that has largest absolute value.
2013-06-20 20:47:39 +04:00
Ruslan Ermilov
02cc52554f Simplified ngx_list_create(). 2013-06-19 08:55:08 +04:00
Vladimir Homutov
aac7f7f464 Core: moved initialization of log level.
The cycle->new_log->log_level should only be initialized by ngx_init_cycle()
if no error logs were found in the configuration.  This move allows to get rid
of extra initialization in ngx_error_log().
2013-06-13 14:50:10 +04:00
Maxim Dounin
d37a0a2c7a Version bump. 2013-06-04 19:38:20 +04:00
Vladimir Homutov
26489b16e5 Core: fixed handling of "stderr" in error_log.
If "stderr" was specified in one of the "error_log" directives,
stderr is not redirected to the first error_log on startup,
configuration reload, and reopening log files.
2013-06-04 11:27:36 +04:00
Vladimir Homutov
9db2eddd8a Core: fixed stderr redirection on win32 in ngx_reopen_files().
On win32 stderr was not redirected into a file specified by "error_log"
while reopening files.  Fix is to use platform-independent functions to
work with stderr, as already used by ngx_init_cycle() and main() since
rev. d8316f307b6a.
2013-06-03 16:54:28 +04:00
Valentin Bartenev
c8702948db Core: strengthen configuration syntax checker.
It is now a syntax error if tokens passed to a custom configuration
handler are terminated by "{".

The following incorrect configuration is now properly rejected:

  map $v $v2 {
      a b {
      c d {
      e f {
  }
2013-05-23 20:30:27 +04:00
Piotr Sikora
c3d20f52d0 Style: remove unnecessary references to HTTP from non-HTTP modules.
No functional changes.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
2013-05-21 18:43:43 -07:00
Maxim Dounin
22c9e34b75 Version bump. 2013-05-11 18:43:28 +04:00
Ruslan Ermilov
8bc3ed7604 Version bump. 2013-04-29 18:06:58 +04:00
Maxim Dounin
39d9871bc8 Version bump. 2013-04-24 13:03:43 +00:00
Ruslan Ermilov
ba4f2702bc Version bump. 2013-04-18 14:16:44 +00:00
Maxim Dounin
c2bb76515b Version bump. 2013-03-27 15:15:34 +00:00
Valentin Bartenev
604e18fb2c Use NGX_FILE_ERROR for handling file operations errors.
On Win32 platforms 0 is used to indicate errors in file operations, so
comparing against -1 is not portable.

This was not much of an issue in patched code, since only ngx_fd_info() test
is actually reachable on Win32 and in worst case it might result in bogus
error log entry.

Patch by Piotr Sikora.
2013-03-25 15:49:11 +00:00
Ruslan Ermilov
64fe190fa0 Moved ngx_array_t definition from ngx_core.h to ngx_array.h. 2013-03-21 16:04:09 +00:00
Ruslan Ermilov
56fce56f4f Use NGX_DEFAULT_POOL_SIZE macro where appropriate. 2013-03-21 16:03:24 +00:00
Ruslan Ermilov
7b80e43389 Simplified ngx_array_create(). 2013-03-21 15:52:52 +00:00
Ruslan Ermilov
9e5f617d66 Core: fixed resource leak if binary upgrade fails due to no memory.
Found by Coverity (CID 992320).
2013-03-20 18:07:25 +00:00
Ruslan Ermilov
5a7661e581 Core: guard against failed allocation during binary upgrade.
Patch by Piotr Sikora.
2013-03-18 07:13:57 +00:00
Valentin Bartenev
bac0cb3bbd Status: introduced the "ngx_stat_waiting" counter.
And corresponding variable $connections_waiting was added.

Previously, waiting connections were counted as the difference between
active connections and the sum of reading and writing connections.
That made it impossible to count more than one request in one connection
as reading or writing (as is the case for SPDY).

Also, we no longer count connections in handshake state as waiting.
2013-03-15 20:00:49 +00:00
Valentin Bartenev
a32d3f8b6b Removed c->single_connection flag.
The c->single_connection was intended to be used as lock mechanism
to serialize modifications of request object from several threads
working with client and upstream connections.  The flag is redundant
since threads in nginx have never been used that way.
2013-03-07 18:07:16 +00:00
Valentin Bartenev
1e1b93b51f Version bump. 2013-03-07 17:07:04 +00:00
Valentin Bartenev
a98305e363 Version bump. 2013-02-19 17:45:12 +00:00
Maxim Dounin
a2b987e79f Added support for {SHA} passwords (ticket #50).
Note: use of {SHA} passwords is discouraged as {SHA} password scheme is
vulnerable to attacks using rainbow tables.  Use of {SSHA}, $apr1$ or
crypt() algorithms as supported by OS is recommended instead.

The {SHA} password scheme support is added to avoid the need of changing
the scheme recorded in password files from {SHA} to {SSHA} because such
a change hides security problem with {SHA} passwords.

Patch by Louis Opter, with minor changes.
2013-02-07 12:09:56 +00:00
Maxim Dounin
6cb9bbe71c Version bump. 2013-02-07 12:09:09 +00:00
Ruslan Ermilov
e493f9ad4e Version bump. 2013-01-17 09:55:36 +00:00
Ruslan Ermilov
a2a229193a Fixed "proxy_pass" with IP address and no port (ticket #276).
Upstreams created by "proxy_pass" with IP address and no port were
broken in 1.3.10, by not initializing port in u->sockaddr.

API change: ngx_parse_url() was modified to always initialize port
(in u->sockaddr and in u->port), even for the u->no_resolve case;
ngx_http_upstream() and ngx_http_upstream_add() were adopted.
2013-01-10 12:58:55 +00:00
Valentin Bartenev
ff2e304223 The data pointer in ngx_open_file_t objects must be initialized.
Uninitialized pointer may result in arbitrary segfaults if access_log is used
without buffer and without variables in file path.

Patch by Tatsuhiko Kubo (ticket #268).
2013-01-08 14:01:57 +00:00
Ruslan Ermilov
0a668faba4 Version bump. 2012-12-26 09:29:37 +00:00
Ruslan Ermilov
3d87688bc6 Geo: IPv6 support.
The "ranges" mode is still limited to IPv4 only.
2012-12-25 08:21:56 +00:00
Valentin Bartenev
a8ffed5751 Reopening log files code moved to a separate function.
The code refactored in a way to call custom handler that can do appropriate
cleanup work (if any), like flushing buffers, finishing compress streams,
finalizing connections to log daemon, etc..
2012-12-23 15:36:52 +00:00
Ruslan Ermilov
7c4068d349 Properly initialize "struct in6_addr" with zeroes. 2012-12-22 20:03:38 +00:00
Ruslan Ermilov
d03ea4d842 Fixed return type of internal function that allocates radix tree nodes. 2012-12-20 11:16:03 +00:00
Ruslan Ermilov
b8a90c6903 Implemented IPv6 support for URLs specified using domain names.
This includes "debug_connection", upstreams, "proxy_pass", etc.
(ticket #92)

To preserve compatibility, "listen" specified with a domain name
selects the first IPv4 address, if available.  If not available,
the first IPv6 address will be used (ticket #186).
2012-12-17 12:08:53 +00:00
Ruslan Ermilov
2f8c1b73b8 Fixed URL parsing code.
The URL parsing code is not expected to initialize port from default port
when in "no_resolve" mode.  This got broken in r4671 for the case of IPv6
literals.
2012-12-17 09:44:46 +00:00
Ruslan Ermilov
bbf7043fe7 Simplified URL parsing code.
Except for the "listen" directive, "*" specified as a hostname is
no longer treated specially.
2012-12-17 09:31:53 +00:00
Valentin Bartenev
fac3b341da Fixed handling of ngx_write_fd() and ngx_read_fd() errors.
The ngx_write_fd() and ngx_read_fd() functions return -1 in case of error,
so the incorrect comparison with NGX_FILE_ERROR (which is 0 on windows
platforms) might result in inaccurate error message in the error log.

Also the ngx_errno global variable is being set only if the returned value
is -1.
2012-12-14 15:24:24 +00:00
Ruslan Ermilov
f707bea0ee Fixed the NGX_SOCKADDR_STRLEN macro definition.
The ngx_sock_ntop() function, when told to print both address and port,
prints IPv6 address in square brackets, followed by colon and port.
2012-11-30 11:26:50 +00:00
Maxim Dounin
ea1ff4199d Version bump. 2012-11-29 23:13:18 +00:00
Ruslan Ermilov
a94a101c79 Core: don't reuse shared memory zone that changed ownership (ticket #210).
nginx doesn't allow the same shared memory zone to be used for different
purposes, but failed to check this on reconfiguration.  If a shared memory
zone was used for another purpose in the new configuration, nginx attempted
to reuse it and crashed.
2012-11-23 12:43:58 +00:00
Ruslan Ermilov
9f385870f6 Fixed location of debug message in ngx_shmtx_lock(). 2012-11-21 14:23:26 +00:00
Igor Sysoev
da130acfbe Fixed failure to start cache manager and cache loader processes
if there were more than 512 listening sockets in configuration.
2012-11-20 13:37:55 +00:00
Ruslan Ermilov
5a1d76c9f2 Version bump. 2012-11-16 07:49:41 +00:00
Maxim Dounin
7b3731862b Resolver: added missing memory allocation error handling. 2012-10-24 14:07:08 +00:00
Andrey Belov
f7b32c479d Core: the "auto" parameter of the "worker_processes" directive.
The parameter will set the number of worker processes to the
autodetected number of available CPU cores.
2012-10-23 09:08:41 +00:00
Maxim Dounin
f8cc8969d5 Version bump. 2012-10-03 15:22:18 +00:00
Maxim Dounin
74ad4494a6 OCSP stapling: loading OCSP responses.
This includes the ssl_stapling_responder directive (defaults to OCSP
responder set in certificate's AIA extension).

OCSP response for a given certificate is requested once we get at least
one connection with certificate_status extension in ClientHello, and
certificate status won't be sent in the connection in question.  This due
to limitations in the OpenSSL API (certificate status callback is blocking).

Note: SSL_CTX_use_certificate_chain_file() was reimplemented as it doesn't
allow to access the certificate loaded via SSL_CTX.
2012-10-01 12:47:55 +00:00
Maxim Dounin
6a0f47e079 Resolver: cached addresses are returned with random rotation now.
This ensures balancing when working with dynamically resolved upstream
servers with multiple addresses.

Based on patch by Anton Jouline.
2012-09-28 18:28:38 +00:00
Andrey Belov
8be233c8f2 Correct plural form for "path" in the whole source base. 2012-09-28 13:49:26 +00:00
Andrey Belov
b33a316883 Made sure to initialize the entire ngx_file_t structure.
Found by Coverity.
2012-09-28 13:15:11 +00:00
Maxim Dounin
f4473147e5 Version bump. 2012-09-26 15:52:06 +00:00
Ruslan Ermilov
9d6d33a561 Fixed overflow if ngx_slab_alloc() is called with very big "size" argument. 2012-08-30 15:09:21 +00:00
Ruslan Ermilov
da4ffd8955 Fixed the "include" directive.
The "include" directive should be able to include multiple files if
given a filename mask.  Fixed this to work for "include" directives
inside the "map" or "types" blocks.  The "include" directive inside
the "geo" block is still not fixed.
2012-08-28 13:31:01 +00:00
Ruslan Ermilov
43f6163063 Version bump. 2012-08-27 14:21:41 +00:00
Maxim Dounin
c22b87b2e4 Radix tree preallocation fix.
The preallocation size was calculated incorrectly and was always 8 due to
sizeof(ngx_radix_tree_t) accidentally used instead of sizeof(ngx_radix_node_t).
2012-08-18 23:17:58 +00:00
Maxim Dounin
89bd5f038a Crypt: fixed handling of corrupted SSHA entries in password file.
Found by Coverity.
2012-08-16 12:05:58 +00:00
Maxim Dounin
42a75bba53 Resolver: fixed possible memory leak in ngx_resolver_create().
Found by Coverity.
2012-08-06 10:48:09 +00:00
Ruslan Ermilov
8ed4929a26 Fixed the -p parameter handling.
Ensure that the path supplied always ends with a `/' except when empty.
An empty value now corresponds to the current directory instead of `/'.
2012-08-03 12:52:32 +00:00
Maxim Dounin
25197b3229 Fixed possible use of old cached times if runtime went backwards.
If ngx_time_sigsafe_update() updated only ngx_cached_err_log_time, and
then clock was adjusted backwards, the cached_time[slot].sec might
accidentally match current seconds on next ngx_time_update() call,
resulting in various cached times not being updated.

Fix is to clear the cached_time[slot].sec to explicitly mark cached times
are stale and need updating.
2012-08-03 09:10:39 +00:00
Maxim Dounin
d053bacb9c Added "const" to ngx_memcpy() with NGX_MEMCPY_LIMIT defined.
This fixes warning produced during compilation of the ngx_http_geoip_module
due to const qualifier being discarded.
2012-08-03 09:07:30 +00:00
Andrey Belov
1c42128e50 Reorder checks in ngx_shared_memory_add() for more consistent error messages. 2012-08-01 14:37:08 +00:00
Ruslan Ermilov
15ab0460ce Version bump. 2012-07-31 21:47:56 +00:00
Ruslan Ermilov
deaf22d220 Core: ipv6only is now on by default.
There is a general consensus that this change results in better
consistency between different operating systems and differently
tuned operating systems.

Note: this changes the width and meaning of the ipv6only field
of the ngx_listening_t structure.  3rd party modules that create
their own listening sockets might need fixing.
2012-07-30 12:27:06 +00:00
Ruslan Ermilov
1c31039d1e Improved diagnostics when a directive is specified in the wrong context. 2012-07-29 19:59:06 +00:00
Ruslan Ermilov
01f07bde7e Reduced the number of preprocessor directives. 2012-07-26 14:47:42 +00:00
Ruslan Ermilov
1efcca36cc Fixed compilation with -Wmissing-prototypes. 2012-07-24 15:09:54 +00:00
Ruslan Ermilov
e30a8f90fc Version bump. 2012-07-17 04:42:38 +00:00
Ruslan Ermilov
bbfc96c703 Fixed typo in a function name. 2012-07-03 13:06:40 +00:00
Ruslan Ermilov
56cb80834c Version bump. 2012-06-29 11:03:01 +00:00
Maxim Dounin
40a366c5a8 Fixed handling of conflicting wildcard server names.
With previous code wildcard names were added to hash even if conflict
was detected.  This resulted in identical names in hash and segfault
later in ngx_hash_wildcard_init().
2012-06-18 14:06:00 +00:00
Ruslan Ermilov
2c49af818b When "resolver" is configured with a domain name, only the first
resolved address was used.  Now all addresses will be used.
2012-06-18 12:46:05 +00:00
Ruslan Ermilov
da8bb22634 Fixed crash in ngx_resolver_cleanup_tree().
If sending a DNS request fails with an error (e.g., when mistakenly trying
to send it to a local IP broadcast), such a request is not deleted if there
are clients waiting on it.  However, it was still erroneously removed from
the queue.  Later ngx_resolver_cleanup_tree() attempted to remove it from
the queue again that resulted in a NULL pointer dereference.
2012-06-18 12:30:45 +00:00
Ruslan Ermilov
b9feaa8dd9 Version bump. 2012-06-18 11:07:44 +00:00
Ruslan Ermilov
ac7f704931 Support for IPv6 literals and an optional port in resolver. 2012-06-04 14:23:27 +00:00
Maxim Dounin
596226f6f7 Support for IPv6 literals in proxy_pass and so on. 2012-06-04 14:07:34 +00:00
Maxim Dounin
01f1e4d1dc Resolver: fixed format specification.
Patch by Yichun Zhang (agentzh).
2012-06-03 23:18:24 +00:00
Ruslan Ermilov
887f514e9f Code reduction (no functional changes). 2012-06-01 11:35:09 +00:00
Ruslan Ermilov
d2e005c39d Fixed potential null pointer dereference in ngx_resolver_create().
While here, improved error message.
2012-05-22 13:12:14 +00:00
Ruslan Ermilov
d230df40b2 Removed historical and now redundant syntax pre-checks in ngx_parse_url(). 2012-05-21 10:55:10 +00:00
Valentin Bartenev
1c168c7875 Fixed the ngx_regex.h header file compatibility with C++. 2012-05-17 13:47:04 +00:00
Ruslan Ermilov
6888516b2b Version bump. 2012-05-16 13:09:39 +00:00
Maxim Dounin
7d863c0181 Resolver: protection from duplicate responses.
If we already had CNAME in resolver node (i.e. rn->cnlen and rn->u.cname
set), and got additional response with A record, it resulted in rn->cnlen
set and rn->u.cname overwritten by rn->u.addr (or rn->u.addrs), causing
segmentation fault later in ngx_resolver_free_node() on an attempt to free
overwritten rn->u.cname.  The opposite (i.e. CNAME got after A) might cause
similar problems as well.
2012-05-14 09:13:45 +00:00
Ruslan Ermilov
487ba70126 Fixed segmentation fault in ngx_resolver_create_name_query().
If name passed for resolution was { 0, NULL } (e.g. as a result
of name server returning CNAME pointing to ".") pointer wrapped
to (void *) -1 resulting in segmentation fault on an attempt to
dereference it.

Reported by Lanshun Zhou.
2012-04-26 12:58:42 +00:00
Maxim Dounin
6ad02389c3 Version bump. 2012-04-26 11:20:29 +00:00
Maxim Dounin
d68dd358e1 Version bump. 2012-04-23 12:54:14 +00:00
Igor Sysoev
c7bb66a9a3 Fix of "%f" format handling.
ngx_sprintf("%.2f", 0.999) incorrectly resulted in "0.100" instead of "1.00".
2012-04-23 11:11:32 +00:00
Ruslan Ermilov
e9a7f4f5f6 Don't silently ignore the last line of configuration file that
consists solely of one unterminated token (inspired by #150).
2012-04-18 13:30:43 +00:00
Ruslan Ermilov
43d2b1c045 Fixed grammar in error messages. 2012-04-12 19:35:41 +00:00
Maxim Dounin
e6724ebe54 Version bump. 2012-04-12 16:34:59 +00:00
Ruslan Ermilov
3995395dcb Reduced the number of lines of code in ngx_inet_addr(). 2012-04-12 10:20:33 +00:00
Ruslan Ermilov
a5bb616af4 Improved readability of the code that produces bitmask from prefix.
In collaboration with Maxim Dounin.
2012-04-11 17:18:15 +00:00
Maxim Dounin
baa239c487 Fixed signed integer overflows in timer code (ticket #145).
Integer overflow is undefined behaviour in C and this indeed caused
problems on Solaris/SPARC (at least in some cases).  Fix is to
subtract unsigned integers instead, and then cast result to a signed
one, which is implementation-defined behaviour and used to work.

Strictly speaking, we should compare (unsigned) result with the maximum
value of the corresponding signed integer type instead, this will be
defined behaviour.  This will require much more changes though, and
considered to be overkill for now.
2012-04-06 23:46:09 +00:00
Andrey Belov
bd6d421816 Comment fixed. 2012-04-05 19:49:34 +00:00
Ruslan Ermilov
bffbbeb73f In ngx_ptocidr(), check that the supplied prefix length is within
the allowed range.
2012-04-03 08:22:00 +00:00
Ruslan Ermilov
47a04aaa27 Fixed spelling in multiline C comments. 2012-04-03 07:37:31 +00:00
Maxim Dounin
525e1f75e4 Version bump. 2012-04-02 21:28:31 +00:00
Maxim Dounin
e34ff16f67 Resolver: added missing sanity checking when creating name queries.
Found by Veracode.
2012-03-22 11:57:18 +00:00
Ruslan Ermilov
fbd32d4d19 worker_cpu_affinity: cleaned up Linux implementation, added FreeBSD support. 2012-03-21 13:58:51 +00:00
Maxim Dounin
d694ff7798 Version bump. 2012-03-15 17:43:54 +00:00
Maxim Dounin
ee187436af Whitespace fixes. 2012-03-05 18:09:06 +00:00
Maxim Dounin
382499aa1f Version bump. 2012-03-05 18:06:15 +00:00
Ruslan Ermilov
b74f8ffce4 Fixed spelling in single-line comments. 2012-02-28 11:31:05 +00:00
Maxim Dounin
7ca6c1ff78 Fix of rbtree lookup on hash collisions.
Previous code incorrectly assumed that nodes with identical keys are linked
together.  This might not be true after tree rebalance.

Patch by Lanshun Zhou.
2012-02-27 22:15:39 +00:00
Maxim Dounin
53d9677de4 Fixed null pointer dereference in resolver (ticket #91).
The cycle->new_log.file may not be set before config parsing finished if
there are no error_log directive defined at global level.  Fix is to
copy it after config parsing.

Patch by Roman Arutyunyan.
2012-02-27 16:57:02 +00:00
Valentin Bartenev
346791187f Disable symlinks: added the "from" parameter support to the open file cache. 2012-02-27 16:46:57 +00:00
Valentin Bartenev
86c5513ecb Disable symlinks: use O_SEARCH|O_DIRECTORY to open path components. 2012-02-21 15:10:13 +00:00
Valentin Bartenev
15b3173c5e Disable symlinks: don't allow creating or truncating a file via a symlink in
the last path component if "if_not_owner" parameter is used.

To prevent race condition we have to open a file before checking its owner and
there's no way to change access flags for already opened file descriptor, so
we disable symlinks for the last path component at all if flags allow creating
or truncating the file.
2012-02-21 15:04:41 +00:00
Valentin Bartenev
8c27e6429a Disable symlinks: cleanups once again.
In collaboration with Ruslan Ermilov.
2012-02-21 15:01:25 +00:00
Maxim Dounin
7ba66f42a0 Disable symlinks: added explicit cast of AT_FDCWD (ticket #111).
Solaris has AT_FDCWD defined to unsigned value, and comparison of a file
descriptor with it causes warnings in modern versions of gcc.  Explicitly
cast AT_FDCWD to ngx_fd_t to resolve these warnings.
2012-02-20 19:14:35 +00:00
Maxim Dounin
6bb86e3d58 Disable symlinks: error handling cleanup again. 2012-02-20 19:14:07 +00:00
Maxim Dounin
3c00e341ea Version bump. 2012-02-20 19:12:48 +00:00
Maxim Dounin
32b000bad7 Disable symlinks: fixed edge cases of path handling.
This includes non-absolute pathnames, multiple slashes and trailing
slashes.  In collaboration with Valentin Bartenev.
2012-02-15 12:18:55 +00:00
Maxim Dounin
04015a48ca Disable symlinks: cleanup error handling.
Notably this fixes NGX_INVALID_FILE/NGX_FILE_ERROR mess, and adds
logging of close() errors.  In collaboration with Valentin Bartenev.
2012-02-15 12:17:24 +00:00
Andrey Belov
bd1e719bf9 Added disable_symlinks directive.
To completely disable symlinks (disable_symlinks on)
we use openat(O_NOFOLLOW) for each path component
to avoid races.

To allow symlinks with the same owner (disable_symlinks if_not_owner),
use openat() (followed by fstat()) and fstatat(AT_SYMLINK_NOFOLLOW),
and then compare uids between fstat() and fstatat().

As there is a race between openat() and fstatat() we don't
know if openat() in fact opened symlink or not.  Therefore,
we have to compare uids even if fstatat() reports the opened
component isn't a symlink (as we don't know whether it was
symlink during openat() or not).

Default value is off, i.e. symlinks are allowed.
2012-02-13 16:29:04 +00:00
Andrey Belov
32c8df44d5 Changed ngx_open_and_stat_file() to use ngx_str_t.
No functional changes.
2012-02-13 16:16:45 +00:00
Maxim Dounin
9f38b20db5 Time parsing cleanup.
Nuke NGX_PARSE_LARGE_TIME, it's not used since 0.6.30.  The only error
ngx_parse_time() can currently return is NGX_ERROR, check it explicitly
and make sure to cast it to appropriate type (either time_t or ngx_msec_t)
to avoid signedness warnings on platforms with unsigned time_t (notably QNX).
2012-02-13 15:41:11 +00:00
Maxim Dounin
0f3d6715e7 Version bump. 2012-02-09 16:18:02 +00:00
Valentin Bartenev
fbf7a0a48a Fixed memory leak on HUP signal when PCRE JIT was used.
The PCRE JIT compiler uses mmap to allocate memory for its executable codes, so
we have to explicitly call the pcre_free_study() function to free this memory.
2012-01-30 12:53:57 +00:00
Valentin Bartenev
94992aa62e Fixed grammar in PCRE JIT error log message. 2012-01-24 10:20:42 +00:00
Maxim Konovalov
f8d59e33f3 Copyright updated. 2012-01-18 15:07:43 +00:00
Maxim Konovalov
4fb388107b Version bump. 2012-01-18 14:33:17 +00:00
Valentin Bartenev
363a0c53e7 Fixed division by zero exception in ngx_hash_init().
The ngx_hash_init() function did not expect call with zero elements count,
which caused FPE error on configs with an empty "types" block in http context
and "types_hash_max_size" > 10000.

Example configuration to reproduce:

  events { }

  http {
          types_hash_max_size 10001;
          types {}
          server {}
  }
2012-01-16 12:42:07 +00:00
Ruslan Ermilov
d55ce18c95 Changed ngx_log_debugN() macros to verify the number of arguments
when built with debugging.
2012-01-10 07:28:32 +00:00
Maxim Dounin
11f09dd07d Version bump. 2011-12-27 11:56:48 +00:00
Valentin Bartenev
bc5191c7bc Added support for regex study and PCRE JIT (ticket #41) optimizations on
configuration phase.
2011-12-26 13:10:36 +00:00
Maxim Dounin
afb7f22c03 Version bump. 2011-12-19 11:21:46 +00:00
Valentin Bartenev
5ee62edffe Removed unused function ngx_regex_capture_count().
The function has been unused since r3326.
2011-12-06 15:49:40 +00:00
Maxim Dounin
08f2256b29 Version bump. 2011-12-06 13:22:32 +00:00
Valentin Bartenev
92edf47ff9 Added the "so_keepalive=" parameter to the "listen" directive.
The "so_keepalive" directive in mail module was deprecated.

Thanks to Vsevolod Stakhov for initial work.
2011-12-05 08:06:15 +00:00
Maxim Dounin
b99492595c Version bump. 2011-11-29 17:25:31 +00:00
Maxim Dounin
a4484b1369 Added (void) as we intentionally ignore returned values.
Requested by Igor Sysoev.
2011-11-28 11:01:42 +00:00
Maxim Dounin
1b9b19d7e2 Added escaping of double quotes in ngx_escape_html().
Patch by Zaur Abasmirzoev.
2011-11-25 16:36:02 +00:00
Maxim Dounin
ddb7cd1c41 Fixed build without atomic operations. 2011-11-23 14:07:06 +00:00
Maxim Dounin
91ecc8f43c Added shmtx interface to forcibly unlock mutexes.
It is currently used from master process on abnormal worker termination to
unlock accept mutex (unlocking of accept mutex was broken in 1.0.2).  It is
expected to be used in the future to unlock other mutexes as well.

Shared mutex code was rewritten to make this possible in a safe way, i.e.
with a check if lock was actually held by the exited process.  We again use
pid to lock mutex, and use separate atomic variable for a count of processes
waiting in sem_wait().
2011-11-23 13:55:38 +00:00
Ruslan Ermilov
777879c832 Silenced a warning for some compilers. 2011-11-16 13:27:33 +00:00
Ruslan Ermilov
bec516bec9 Now nginx uses TTL of a DNS response when calculating cache validity.
Previously it used a hardcoded value of 300 seconds.  Also added the
"valid=" parameter to the "resolver" directive that can be used to
override the cache validity time.

Patch by Kirill A. Korinskiy with minor changes.
2011-11-16 13:11:39 +00:00
Maxim Dounin
2b24a67268 Fixed handling of SIGWINCH/NOACCEPT signal.
After first upgrade it was ignored since r4020 (1.1.1, 1.0.9) as
ngx_daemonized wasn't set.
2011-11-15 20:35:41 +00:00
Maxim Dounin
2fd9b49334 Version bump. 2011-11-15 20:33:37 +00:00
Igor Sysoev
07bb4ed971 Introduction of simple ngx_write_stderr() instead of ngx_log_stderr()
for output of ./configure options, etc., since ngx_log_stderr() output
length is limited by 2048 characters defined as NGX_MAX_ERROR_STR.
2011-11-14 14:59:00 +00:00
Maxim Dounin
80e3cba5fd Reverted incorrect change in internal md5 (part of r3928). 2011-11-14 13:38:02 +00:00
Igor Sysoev
eb499bab59 Fixed compression pointer processing in DNS response greater than 255 bytes.
Thanks to Ben Hawkes.
2011-11-09 13:54:07 +00:00
Igor Sysoev
0d03a44aab Version bump. 2011-11-01 15:10:46 +00:00
Ruslan Ermilov
f12d6ceb65 Fixed port range checking. 2011-10-25 13:48:43 +00:00
Igor Sysoev
620718102b Support of several servers in the "resolver" directive.
Patch by Kirill A. Korinskiy.
2011-10-24 16:09:05 +00:00
Igor Sysoev
ba71972b21 Using of junk value in slab allocator similar to modern FreeBSD values. 2011-10-24 15:50:19 +00:00
Igor Sysoev
efc6ecab82 malloc() debugging on MacOSX. 2011-10-24 15:46:48 +00:00
Igor Sysoev
b9c859e6d5 FreeBSD's MALLOC_OPTIONS must be set before any malloc() call.
The bug has been introduced in r3799.
2011-10-24 12:59:01 +00:00
Igor Sysoev
6242f77617 Version bump. 2011-10-17 15:39:59 +00:00
Maxim Dounin
ba76a89d4b Fixed utf8 decode (ticket #25).
Patch by Alexey Kuts.
2011-10-13 13:56:41 +00:00
Maxim Dounin
6226fe3512 Autoindex: escape '?' in file names.
For files with '?' in their names autoindex generated links with '?' not
escaped.  This resulted in effectively truncated links as '?' indicates
query string start.

This is an updated version of the patch originally posted at [1].  It
introduces generic NGX_ESCAPE_URI_COMPONENT which escapes everything but
unreserved characters as per RFC 3986.  This approach also renders unneeded
special colon processing (as colon is percent-encoded now), it's dropped
accordingly.

[1] http://nginx.org/pipermail/nginx-devel/2010-February/000112.html

Reported by Konstantin Leonov.
2011-10-11 17:56:51 +00:00
Igor Sysoev
3f34960fde Version bump. 2011-10-07 10:41:13 +00:00
Ruslan Ermilov
a610127fe3 Improved ngx_parse_time() code readability. 2011-10-07 08:03:16 +00:00
Igor Sysoev
ab0078a4c8 Version bump. 2011-10-05 13:13:25 +00:00
Ruslan Ermilov
a823c550e4 Replaced "can not" with "cannot" and "could not" in a bunch of places.
Fixed nearby grammar errors.
2011-09-19 14:48:29 +00:00
Maxim Dounin
d7c2673d3f API change: ngx_chain_update_chains() now requires pool.
The ngx_chain_update_chains() needs pool to free chain links used for buffers
with non-matching tags.  Providing one helps to reduce memory consumption
for long-lived requests.
2011-09-15 16:03:17 +00:00
Igor Sysoev
4a383594fb Version bump. 2011-09-14 15:20:01 +00:00
Igor Sysoev
9c5d25179c Fix of the previous commit: is_directio flag processing introduced in r4077
is still worthwhile.
2011-09-14 14:28:55 +00:00
Igor Sysoev
7ffb73c6b7 Bugfix: open_file_cache did not update file info on retest.
If file inode was not changed, cached file information was not updated
on retest.  As a result stale information might be cached forever if file
attributes was changed and/or file was extended.

This fix also makes obsolete r4077 change of is_directio flag handling,
since this flag is updated together with other file information.
2011-09-14 14:12:35 +00:00
Maxim Dounin
4f65a05d18 Bugfix: open_file_cache lost is_directio flag.
On file retest open_file_cache lost is_directio if file wasn't changed.
This caused unaligned operations under Linux to fail with EINVAL.
It wasn't noticeable with AIO though, as errors wasn't properly logged.
2011-09-05 16:36:19 +00:00
Igor Sysoev
3a73e50498 Version bump. 2011-09-05 16:26:51 +00:00
Igor Sysoev
631fa929d3 Version bump. 2011-08-23 14:22:34 +00:00
Maxim Dounin
ec8186c733 Move SO_ACCEPTFILTER and TCP_DEFER_ACCEPT checks into configure.
NetBSD 5.0+ has SO_ACCEPTFILTER support merged from FreeBSD, and having
accept filter check in FreeBSD-specific ngx_freebsd_config.h prevents it
from being used on NetBSD.  Therefore move the check into configure (and
do the same for Linux-specific TCP_DEFER_ACCEPT, just to be in line).
2011-08-21 11:37:37 +00:00
Maxim Dounin
65c32b255d Complain on invalid log levels.
Previously only first log level was required to be correct, while error_log
directive in fact accepts list of levels (e.g. one may specify "error_log ...
debug_core debug_http;").  This resulted in (avoidable) wierd behaviour on
missing semicolon after error_log directive, e.g.

    error_log /path/to/log info
    index index.php;

silently skipped index directive and it's arguments (trying to interpret
them as log levels without checking to be correct).
2011-08-18 21:48:13 +00:00
Igor Sysoev
dfd81a23b2 A new fix for the case when ssl_session_cache defined, but ssl is not
enabled in any server. The previous r1033 does not help when unused zone
becomes used after reconfiguration, so it is backed out.

The initial thought was to make SSL modules independed from SSL implementation
and to keep OpenSSL code dependance as much as in separate files.
2011-08-04 11:12:30 +00:00
Igor Sysoev
475a5dfcf1 bump version 2011-08-02 12:39:38 +00:00
Igor Sysoev
c2cafadfa5 elimination of reading cache files by cache loader 2011-07-24 19:46:53 +00:00
Igor Sysoev
b0b6bcedfc fix SSL connection issues on platforms with 32-bit off_t
patch by Maxim Dounin
2011-07-22 12:53:04 +00:00
Igor Sysoev
2551f4a55d bump version: 1.1.0 development version 2011-07-20 09:29:25 +00:00
Igor Sysoev
99f2b9e063 fix building by MSVC 2011-07-18 15:00:05 +00:00
Igor Sysoev
0a860a1c1d bump version 2011-06-27 15:34:44 +00:00
Igor Sysoev
36aadf7eba fix building on FreeBSD 6 or earlier against system md5 2011-05-27 13:30:53 +00:00
Igor Sysoev
e620fdac65 make built-in ngx_md5_update() interface consistent with other implemenations 2011-05-27 10:00:46 +00:00
Igor Sysoev
c4793b6505 fix building --without-http_auth_basic_module,
the bug has been introduced in r3923
2011-05-26 07:32:48 +00:00
Igor Sysoev
ce2229e2f7 bump version 2011-05-26 07:31:40 +00:00
Igor Sysoev
5dc5945ccf "$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
patch by Maxim Dounin
2011-05-16 14:54:50 +00:00
Igor Sysoev
dc336358ab bump version 2011-05-11 09:19:48 +00:00
Igor Sysoev
e2c8ad7122 use POSIX semaphores in shmtx instead of sched_yield()
number of spinlock spins are increased twice
2011-05-10 11:39:13 +00:00
Igor Sysoev
e691d94a39 bump version 2011-05-04 12:20:32 +00:00
Igor Sysoev
efde3eb92e fix building by gcc 4.6 without --with-debug 2011-04-23 17:25:06 +00:00
Igor Sysoev
c37192b537 style fix: remove trailing spaces 2011-04-23 13:11:17 +00:00
Igor Sysoev
ef1f33b0db Use more precise stat.st_blocks to account cache size on Unix
instead of file length rounded to a file system block size.
There is no similar way on Windows, so rounding to a cache->bsize is kept.
2011-04-22 10:06:43 +00:00
Igor Sysoev
b3451785fe an internal MD5 implemenation
patch by Maxim Dounin
2011-04-15 15:58:06 +00:00
Igor Sysoev
9813a1999c fix segfault in IPv6 parsing while processing invalid IPv4 address X.YYYY.Z
patch by Maxim Dounin
2011-04-15 13:50:27 +00:00
Igor Sysoev
42f1e1cb96 ngx_murmur_hash2() 2011-04-15 10:59:24 +00:00
Igor Sysoev
0bd0b2894c bump version 2011-04-15 10:58:44 +00:00
Igor Sysoev
d63104eea4 use memmove() in appropriate places 2011-04-12 08:02:46 +00:00
Igor Sysoev
f352259dd6 bump version 2011-04-07 09:08:52 +00:00
Igor Sysoev
4956ac5108 reuse keepalive connections if there are no free worker connections
patch by Maxim Dounin
2011-04-04 12:26:53 +00:00
Igor Sysoev
b8fb0a15a2 bump version 2011-04-04 09:46:00 +00:00
Igor Sysoev
c9d671cd81 $time_iso8601 log variable
patch by Michael Lustfield
2011-03-16 15:46:57 +00:00
Igor Sysoev
32c73df97a remove semicolon, because it is already in "nginx: " prefix 2011-02-21 11:47:28 +00:00
Igor Sysoev
2a526d4969 bump version 2011-02-21 10:03:28 +00:00
Igor Sysoev
d53c836214 fix u->one_addr handling in ngx_inet_resolve_host()
patch by Maxim Dounin
2011-02-17 15:01:16 +00:00
Igor Sysoev
ab54e21633 bump version 2011-01-27 12:43:11 +00:00
Igor Sysoev
dc61c0a153 bump version 2010-12-14 22:54:04 +00:00
Igor Sysoev
076ad1672b remove semicolon, because it is already in "nginx: " prefix 2010-12-11 10:59:26 +00:00
Igor Sysoev
5491139caf bump version 2010-12-06 14:40:40 +00:00
Igor Sysoev
86ffd9b10f bump version 2010-11-30 13:26:21 +00:00
Igor Sysoev
c219a6f7d0 bump version 2010-11-29 19:39:26 +00:00
Igor Sysoev
c19b848976 add "nginx: " prefix when logging to the stderr 2010-11-29 15:01:06 +00:00
Igor Sysoev
a979d9fb30 move ngx_strerror_init() at the very start 2010-11-29 15:00:02 +00:00
Igor Sysoev
7f31a2098d use copied strerror() messages and autoconfigured sys_nerr value 2010-11-25 11:04:03 +00:00
Igor Sysoev
601ca7cd6e bump version 2010-11-24 13:41:37 +00:00
Igor Sysoev
89eae52df8 file AIO read may be posted inside loop 2010-10-12 12:06:52 +00:00
Igor Sysoev
61d5e5e67f bump version 2010-10-04 13:50:09 +00:00
Igor Sysoev
a397c7faaa bump version 2010-09-28 06:46:58 +00:00
Igor Sysoev
49ac2b2b45 decrease resolver errors level to error 2010-09-27 11:23:45 +00:00
Igor Sysoev
8c70e67f7b worker_rlimit_core should be off_t 2010-09-15 15:24:21 +00:00
Igor Sysoev
c13a4098b7 bump version 2010-09-06 11:07:07 +00:00
Igor Sysoev
94e9aaa8ad new ngx_http_secure_link_module with secure_link, secure_link_md5, and
secure_link_expires
2010-09-02 14:37:16 +00:00
Igor Sysoev
2cb30f153f the -q switch 2010-09-02 13:43:02 +00:00
Igor Sysoev
f380df5e20 bump version 2010-08-25 12:30:08 +00:00
Igor Sysoev
6dd6aefaa7 bump version 2010-08-03 18:24:18 +00:00
Igor Sysoev
0e0e0af51b escape ";" in arguments 2010-07-30 13:25:19 +00:00
Igor Sysoev
6f2796af04 bump version 2010-07-29 08:10:22 +00:00
Igor Sysoev
1daef7d1b0 bump version 2010-07-19 15:27:06 +00:00
Igor Sysoev
e48f042f40 bump version 2010-07-14 11:09:56 +00:00
Igor Sysoev
a2e846242f bump version 2010-07-07 10:09:44 +00:00