Commit Graph

5115 Commits

Author SHA1 Message Date
Maxim Dounin
a0015da906 Typo fixed. 2014-01-21 17:39:49 +04:00
Ruslan Ermilov
8b7fe56e95 Mail: fixed passing of IPv6 client address in XCLIENT. 2014-01-17 22:06:04 +04:00
Maxim Dounin
0bfb68eea0 Core: improved ngx_reset_pool() (ticket #490).
Previously pool->current wasn't moved back to pool, resulting in blocks
not used for further allocations if pool->current was already moved at the
time of ngx_reset_pool().  Additionally, to preserve logic of moving
pool->current, the p->d.failed counters are now properly cleared.  While
here, pool->chain is also cleared.

This change is essentially a nop with current code, but generally improves
things.
2014-01-17 06:24:53 +04:00
Valentin Bartenev
1ef5553644 SPDY: send output queue after processing of read event.
During the processing of input some control frames can be added to the queue.
And if there were no writing streams at the moment, these control frames might
be left unsent for a long time (or even forever).

This long delay is especially critical for PING replies since a client can
consider connection as broken and then resend exactly the same request over
a new connection, which is not safe in case of non-idempotent HTTP methods.
2014-01-15 17:16:38 +04:00
Valentin Bartenev
82a1ff31f9 SPDY: the SETTINGS frame should be allocated from sc->pool.
There is no reason to allocate it from connection pool that more like just
a bug especially since ngx_http_spdy_settings_frame_handler() already uses
sc->pool to free a chain.
2014-01-15 17:16:38 +04:00
Valentin Bartenev
b2b43ca50f SPDY: fixed possible uninitialized memory access.
The frame->stream pointer should always be initialized for control frames since
the check against it can be performed in ngx_http_spdy_filter_cleanup().
2014-01-15 17:16:38 +04:00
Valentin Bartenev
d143119e3c SPDY: fixed off_t/size_t type conversions on 32 bits platforms.
Parameters of ngx_http_spdy_filter_get_shadow() are changed from size_t to off_t
since the last call of the function may get size and offset from the rest of a
file buffer.  This fixes possible data loss rightfully complained by MSVC on 32
bits systems where off_t is 8 bytes long while size_t is only 4 bytes.

The other two type casts are needed just to suppress warnings about possible
data loss also complained by MSVC but false positive in these cases.
2014-01-15 13:23:31 +04:00
Valentin Bartenev
70c010167f SPDY: fixed build, broken by b7ee1bae0ffa.
False positive warning about the "cl" variable may be uninitialized in
the ngx_http_spdy_filter_get_data_frame() call was suppressed.

It is always initialized either in the "while" cycle or in the following
"if" condition since frame_size cannot be zero.
2014-01-15 01:44:52 +04:00
Valentin Bartenev
8323f317f6 SPDY: added the "spdy_chunk_size" directive. 2014-01-14 16:24:45 +04:00
Valentin Bartenev
b60700f9e9 SPDY: implemented buffers chain splitting.
It fixes "chain too big in spdy filter" alerts, and adds full support for rate
limiting of SPDY streams.
2014-01-14 16:24:45 +04:00
Valentin Bartenev
8c01a95d98 SPDY: body filter was replaced by c->send_chain() function.
It allows to use ngx_http_write_filter() and all its rate limiting logic.
2014-01-14 16:24:45 +04:00
Valentin Bartenev
3d5f501adc SPDY: fixed possible premature close of stream.
The "delayed" flag always should be set if there are unsent frames,
but this might not be the case if ngx_http_spdy_body_filter() was
called with NULL chain.

As a result, the "send_timeout" timer could be set on a stream in
ngx_http_writer().  And if the timeout occurred before all the stream
data has been sent, then the request was finalized with the "client
timed out" error.
2014-01-14 16:24:45 +04:00
Valentin Bartenev
1c56e18733 SPDY: refactored ngx_http_spdy_body_filter().
A local pointer to fake connection is introduced
to slightly reduce further patches.

No functional changes.
2014-01-14 16:24:45 +04:00
Valentin Bartenev
ac8bb7a9e5 SPDY: elimination of r->blocked counter usage for queuing frames.
It was used to prevent destroying of request object when there are unsent
frames in queue for the stream.  Since it was incremented for each frame
and is only 8 bits long, so it was not very hard to overflow the counter.

Now the stream->queued counter is checked instead.
2014-01-14 16:24:45 +04:00
Valentin Bartenev
6ddb578b22 SPDY: better name for flag that indicates incomplete frame state.
No functional changes.
2014-01-14 16:24:45 +04:00
Valentin Bartenev
00944562ac SPDY: better name for queued frames counter.
No functional changes.
2014-01-14 16:24:45 +04:00
Valentin Bartenev
df1d8f78ac SPDY: fixed format specifiers in logging. 2014-01-14 16:24:45 +04:00
Valentin Bartenev
53fa91dbe9 Year 2014. 2014-01-14 16:24:02 +04:00
Yichun Zhang
2e2c9dba16 Resolver: added support for domain names with a trailing dot. 2014-01-10 11:22:14 -08:00
Maxim Dounin
70b48a491a SSL: fixed ssl_verify_depth to take only one argument. 2014-01-14 15:56:40 +04:00
Dirkjan Bussink
58a240d773 SSL: ssl_session_tickets directive.
This adds support so it's possible to explicitly disable SSL Session
Tickets. In order to have good Forward Secrecy support either the
session ticket key has to be reloaded by using nginx' binary upgrade
process or using an external key file and reloading the configuration.
This directive adds another possibility to have good support by
disabling session tickets altogether.

If session tickets are enabled and the process lives for a long a time,
an attacker can grab the session ticket from the process and use that to
decrypt any traffic that occured during the entire lifetime of the
process.
2014-01-10 16:12:40 +01:00
Maxim Dounin
8f702a573a Fixed "zero size buf in output" alerts.
If a request had an empty request body (with Content-Length: 0), and there
were preread data available (e.g., due to a pipelined request in the buffer),
the "zero size buf in output" alert might be logged while proxying the
request to an upstream.

Similar alerts appeared with client_body_in_file_only if a request had an
empty request body.
2014-01-04 03:32:22 +04:00
Maxim Dounin
eb60e1e26d Win32: support for UTF-16 surrogate pairs (ticket #457). 2014-01-04 03:32:15 +04:00
Maxim Dounin
def37d254a Upstream: Cache-Control preferred over Expires.
Not really a strict check (as X-Accel-Expires might be ignored or
contain invalid value), but quite simple to implement and better
than what we have now.
2014-01-04 03:32:10 +04:00
Maxim Dounin
1029607ac9 Added per-process random seeding (ticket #456). 2014-01-04 03:32:06 +04:00
Maxim Dounin
9a72030c25 Allowed up to two EBUSY errors from sendfile().
Fallback to synchronous sendfile() now only done on 3rd EBUSY without
any progress in a row.  Not falling back is believed to be better
in case of occasional EBUSY, though protection is still needed to
make sure there will be no infinite loop.
2014-01-04 03:31:58 +04:00
Ruslan Ermilov
2539ce036f Fixed setting of content type in some cases.
This fixes content type set in stub_status and autoindex responses
to be usable in content type checks made by filter modules, such
as charset and sub filters.
2013-12-27 19:40:04 +04:00
Valentin Bartenev
2b1156d101 Style: removed surplus semicolons. 2013-12-27 18:47:42 +04:00
Valentin Bartenev
aa22dc707b SPDY: a bit smarter ngx_http_spdy_filter_get_data_frame().
There is no need to pass FLAG_FIN as a separate argument since it can always be
detected from the last_buf flag of the last frame buffer.

No functional changes.
2013-12-26 17:03:16 +04:00
Valentin Bartenev
df49024997 SPDY: refactored loop in ngx_http_spdy_body_filter().
No functional changes.
2013-12-26 17:03:16 +04:00
Valentin Bartenev
75dad742e5 SPDY: fixed possible request hang.
Processing events from upstream connection can result in sending queued frames
from other streams.  In this case such streams were not added to handling queue
and properly handled.

A global per connection flag was replaced by a per stream flag that indicates
currently sending stream while all other streams can be added to handling
queue.
2013-12-26 17:03:16 +04:00
Ruslan Ermilov
9b4a99cf5d Dav: emit a warning about unsafe URI. 2013-12-23 18:12:03 +04:00
Ruslan Ermilov
f7ff5e65d0 Teach ngx_http_parse_unsafe_uri() how to unescape URIs.
This fixes handling of escaped URIs in X-Accel-Redirect (ticket #316),
SSI (ticket #240), and DAV.
2013-12-23 18:12:00 +04:00
Ruslan Ermilov
336bcb22d1 Detect more unsafe URIs in ngx_http_parse_unsafe_uri().
The following URIs were considered safe: "..", "../foo", and "/foo/..".
2013-12-23 18:11:56 +04:00
Ruslan Ermilov
3f36c684a1 Upstream: keep $upstream_http_x_accel_redirect intact.
When processing the X-Accel-Redirect header, the value of the
$upstream_http_x_accel_redirect variable was also overwritten.
2013-12-23 18:11:46 +04:00
Ruslan Ermilov
bf800822df Fixed the first argument to getsockopt().
While here, always initialize the last argument.
2013-12-19 13:43:18 +04:00
Maxim Dounin
37b7de6df7 SSL: ssl_buffer_size directive. 2013-12-20 16:18:25 +04:00
Vladimir Homutov
c7a0b04665 Upstream: simplified peer selection loop in the "ip_hash" module.
Conditions for skipping ineligible peers are rewritten to make adding of new
conditions simpler and be in line with the "round_robin" and "least_conn"
modules.  No functional changes.
2013-12-09 13:43:27 +04:00
Ruslan Ermilov
85e6d211d0 Resolver: use minimum TTL for caching (ticket #329). 2013-12-16 19:12:23 +04:00
Maxim Dounin
b156dc9635 Typo fixed. 2013-12-19 13:50:23 +04:00
Valentin Bartenev
c8f3f9fa12 SPDY: use predefined constant for size of the Stream-ID field.
No functional changes.
2013-12-18 18:39:29 +04:00
Valentin Bartenev
bf3ff5bca7 Version bump. 2013-12-18 18:37:48 +04:00
Maxim Dounin
dd8c382ca2 release-1.5.8 tag 2013-12-17 17:46:26 +04:00
Maxim Dounin
c36c45d62b nginx-1.5.8-RELEASE 2013-12-17 17:46:26 +04:00
Ruslan Ermilov
3fd727566a Resolver: lookups are case-insensitive. 2013-12-13 20:49:52 +04:00
Ruslan Ermilov
e0caf51711 The "ipv6=" boolean parameter of the "resolver" directive.
When set to "off", only IPv4 addresses will be resolved,
and no AAAA queries are ever sent.
2013-12-09 10:53:30 +04:00
Ruslan Ermilov
769eded732 Resolver: implemented IPv6 name to address resolving. 2013-12-09 10:53:28 +04:00
Ruslan Ermilov
809bee30b7 Resolver: implemented IPv6 address to name resolving. 2013-12-06 14:30:28 +04:00
Ruslan Ermilov
3aeefbcaea Changed resolver API to use ngx_addr_t. 2013-12-06 14:30:27 +04:00
Ruslan Ermilov
552e15ba1c Resolver: fixed indentation. 2013-12-13 19:22:44 +04:00