Commit Graph

6679 Commits

Author SHA1 Message Date
Vladimir Homutov
6c2b086d0e Stream: split_clients module. 2016-07-12 17:34:52 +03:00
Vladimir Homutov
bb790f5d30 Stream: geo module. 2016-06-30 16:12:50 +03:00
Vladimir Homutov
4cf0e28483 Stream: geoip module. 2016-07-12 17:34:43 +03:00
Vladimir Homutov
e1308338a9 Stream: style. 2016-07-12 17:34:40 +03:00
Vladimir Homutov
4105225310 Stream: individual build options for modules. 2016-07-12 12:38:01 +03:00
Sergey Kandaurov
586ef968f9 HTTP/2: avoid left-shifting signed integer into the sign bit.
On non-aligned platforms, properly cast argument before left-shifting it in
ngx_http_v2_parse_uint32 that is used with u_char.  Otherwise it propagates
to int to hold the value and can step over the sign bit.  Usually, on known
compilers, this results in negation.  Furthermore, a subsequent store into a
wider type, that is ngx_uint_t on 64-bit platforms, results in sign-extension.

In practice, this can be observed in debug log as a very large exclusive bit
value, when client sent PRIORITY frame with exclusive bit set:

: *14 http2 PRIORITY frame sid:5 on 1 excl:8589934591 weight:17

Found with UndefinedBehaviorSanitizer.
2016-07-07 21:03:21 +03:00
Sergey Kandaurov
6299f5e914 Avoid left-shifting integers into the sign bit, which is undefined.
Found with UndefinedBehaviorSanitizer.
2016-07-07 21:02:28 +03:00
Piotr Sikora
678991a8f6 Configure: stop polluting NGX_ namespace.
While there, fix the only test that used alternative variable name.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-06-27 15:00:06 -07:00
Piotr Sikora
70f7141074 Configure: fix build with -Werror=old-style-definition.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-06-27 15:00:05 -07:00
Piotr Sikora
b3d891a47e Configure: fix build with -Werror=nonnull.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-06-27 15:00:04 -07:00
Piotr Sikora
f8c6a0800c Configure: fix build with -Werror=unused-but-set-variable.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-06-27 15:00:03 -07:00
Piotr Sikora
d8a2b25cb8 Configure: fix build with -Werror=unused-value.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-06-27 15:00:02 -07:00
Piotr Sikora
356ab319d3 Configure: style.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-06-27 15:00:01 -07:00
Piotr Sikora
22ed22e15e Configure: remove auto/lib/test, unused since nginx-0.1.2.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2015-10-23 18:21:33 -07:00
Vladimir Homutov
dea1e999b8 Stream: resolver. 2016-07-07 13:15:31 +03:00
Ruslan Ermilov
6810b9f148 Use NGX_MAX_PATH_LEVEL where appropriate.
The macro was unused since 0.7.44.
2016-07-06 13:22:29 +03:00
Ruslan Ermilov
5c4ca2ac80 Version bump. 2016-07-06 13:10:06 +03:00
Maxim Dounin
14889fc027 release-1.11.2 tag 2016-07-05 18:56:14 +03:00
Maxim Dounin
c8536d4ae7 nginx-1.11.2-RELEASE 2016-07-05 18:56:14 +03:00
Maxim Dounin
f629c1670d Updated PCRE used for win32 builds. 2016-07-05 18:30:56 +03:00
Roman Arutyunyan
a7c6f8c1d7 Stream: return module. 2016-05-18 22:08:49 +03:00
Vladimir Homutov
9721eae1f1 Stream: SSL-related variables. 2016-06-29 12:52:52 +03:00
Vladimir Homutov
cb635b7879 Stream: got rid of pseudo variables.
Stream limit_conn, upstream_hash and proxy modules now use complex values.
2016-06-29 12:46:12 +03:00
Vladimir Homutov
05db6ddfa1 Stream: map module. 2016-06-29 12:46:12 +03:00
Vladimir Homutov
d531cebb79 Stream: core module variables. 2016-06-14 18:28:14 +03:00
Vladimir Homutov
c31773ea60 Stream: variables and script.
This is a port of corresponding http code with unrelated features excluded.
2016-07-04 16:37:36 +03:00
Vladimir Homutov
db5a15d2f9 Stream: added preconfiguration step. 2016-06-15 15:10:24 +03:00
Roman Arutyunyan
c9dae918fd Sub filter: eliminate unnecessary buffering.
Previously, when a buffer was processed by the sub filter, its final bytes
could be buffered by the filter even if they don't match any pattern.
This happened because the Boyer-Moore algorithm, employed by the sub filter
since b9447fc457b4 (1.9.4), matches the last characters of patterns prior to
checking other characters.  If the last character is out of scope, initial
bytes of a potential match are buffered until the last character is available.

Now, after receiving a flush or recycled buffer, the filter performs
additional checks to reduce the number of buffered bytes.  The potential match
is checked against the initial parts of all patterns.  Non-matching bytes are
not buffered.  This improves processing of a chunked response from upstream
by sending the entire chunks without buffering unless a partial match is found
at the end of a chunk.
2016-07-02 15:59:53 +03:00
Roman Arutyunyan
ec70155755 Sub filter: introduced the ngx_http_sub_match() function.
No functional changes.
2016-07-02 15:59:52 +03:00
Maxim Dounin
c60b61a290 Internal md5 and sha1 implementations are now always used.
This reduces the number of moving parts in ABI compatibility checks.
Additionally, it also allows to use OpenSSL in FIPS mode while still
using md5 for non-security tasks.
2016-06-30 18:57:39 +03:00
Ruslan Ermilov
fb6c764921 Removed unused flag accept_context_updated from ngx_event_t.
Also, removed practically unused flag accept_context_updated from
ngx_connection_t.
2016-06-29 14:30:00 +03:00
Roman Arutyunyan
dcf3d20874 Style. 2016-06-27 18:42:29 +03:00
Piotr Sikora
e0b0fa6bf5 HTTP/2: style.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-06-22 13:47:54 -07:00
Roman Arutyunyan
a6048c0e1e Style. 2016-06-22 11:50:02 +03:00
Roman Arutyunyan
82c5230fd1 Stream: use ngx_pcalloc() in ngx_stream_proxy_bind(). 2016-06-22 11:50:02 +03:00
Roman Arutyunyan
9810fd06cb Fixed build on MSVC. 2016-06-20 15:11:50 +03:00
Roman Arutyunyan
4c03c80e12 Stream: set SO_REUSEADDR for UDP upstream sockets.
The option is only set if the socket is bound to a specific port to allow
several such sockets coexist at the same time.  This is required, for example,
when nginx acts as a transparent proxy and receives two datagrams from the same
client in a short time.

The feature is only implemented for Linux.
2016-06-20 12:48:47 +03:00
Roman Arutyunyan
05879309c1 Stream: support for $remote_port in proxy_bind.
The following two types of bind addresses are supported in addition to
$remote_addr and address literals:

- $remote_addr:$remote_port
- [$remote_addr]:$remote_port

In both cases client remote address with port is used in upstream socket bind.
2016-06-20 11:50:44 +03:00
Roman Arutyunyan
8cad1c015f Upstream: support for port in proxy_bind and friends. 2016-06-20 11:50:43 +03:00
Roman Arutyunyan
5b201ac31f Introduced ngx_inet_get_port() and ngx_inet_set_port() functions. 2016-06-20 11:50:39 +03:00
Andrei Belov
72d4e5d793 Set IP_BIND_ADDRESS_NO_PORT socket option for upstream sockets. 2016-06-20 10:41:17 +03:00
Tim Taubert
4f578bfcab SSL: ngx_ssl_ciphers() to set list of ciphers.
This patch moves various OpenSSL-specific function calls into the
OpenSSL module and introduces ngx_ssl_ciphers() to make nginx more
crypto-library-agnostic.
2016-06-15 21:05:30 +01:00
Valentin Bartenev
6e38998bac HTTP/2: fixed the "http request count is zero" alert.
When the stream is terminated the HEADERS frame can still wait in the output
queue.  This frame can't be removed and must be sent to the client anyway,
since HTTP/2 uses stateful compression for headers.  So in order to postpone
closing and freeing memory of such stream the special close stream handler
is set to the write event.  After the HEADERS frame is sent the write event
is called and the stream will be finally closed.

Some events like receiving a RST_STREAM can trigger the read handler of such
stream in closing state and cause unexpected processing that can result in
another attempt to finalize the request.  To prevent it the read handler is
now set to ngx_http_empty_handler.

Thanks to Amazon.
2016-06-16 20:55:11 +03:00
Valentin Bartenev
bf5f915a01 HTTP/2: avoid adding Content-Length for requests without body.
There is no reason to add the "Content-Length: 0" header to a proxied request
without body if the header isn't presented in the original request.

Thanks to Amazon.
2016-06-16 20:55:11 +03:00
Valentin Bartenev
cd2085be0c HTTP/2: prevented double termination of a stream.
According to RFC 7540, an endpoint should not send more than one RST_STREAM
frame for any stream.

Also, now all the data frames will be skipped while termination.
2016-06-16 20:55:11 +03:00
Valentin Bartenev
24d9b98900 HTTP/2: fixed a segfault while processing unbuffered upload.
The ngx_http_v2_finalize_connection() closes current stream, but that is an
invalid operation while processing unbuffered upload.  This results in access
to already freed memory, since the upstream module sets a cleanup handler that
also finalizes the request.
2016-06-16 20:55:11 +03:00
Maxim Dounin
ab8504b937 An internal SHA1 implementation. 2016-06-09 16:55:38 +03:00
Otto Kekäläinen
cb963abf03 Fixed spelling. 2016-06-08 08:27:41 +03:00
Valentin Bartenev
46336296e4 Fixed an error log message. 2016-06-07 17:44:20 +03:00
Sergey Kandaurov
5d9419704f Configure: revised GCC version processing.
Now GCC 6 and onwards will use -Wno-unused-parameter.
2016-06-07 12:15:56 +03:00