Commit Graph

60 Commits

Author SHA1 Message Date
Vladimir Homutov
c4f31ccca1 QUIC: ngx_quic_bpf module.
The quic kernel bpf helper inspects packet payload for DCID, extracts key
and routes the packet into socket matching the key.

Due to reuseport feature, each worker owns a personal socket, which is
identified by the same key, used to create DCID.

BPF objects are locked in RAM and are subject to RLIMIT_MEMLOCK.
The "ulimit -l" command may be used to setup proper limits, if maps
cannot be created with EPERM or updated with ETOOLONG.
2020-12-25 15:01:15 +03:00
Vladimir Homutov
b20b58ca7d Core: added interface to linux bpf() system call.
It contains wrappers for operations with BPF maps and for loading BPF programs.
2020-12-15 15:23:07 +03:00
Sergey Kandaurov
d5c43bf51c Configure: fixed compiler warnings with "-Wall -Wextra". 2018-07-24 18:46:54 +03:00
Roman Arutyunyan
ce45ded2a8 Fixed capabilities version.
Previously, capset(2) was called with the 64-bit capabilities version
_LINUX_CAPABILITY_VERSION_3.  With this version Linux kernel expected two
copies of struct __user_cap_data_struct, while only one was submitted.  As a
result, random stack memory was accessed and random capabilities were requested
by the worker.  This sometimes caused capset() errors.  Now the 32-bit version
_LINUX_CAPABILITY_VERSION_1 is used instead.  This is OK since CAP_NET_RAW is
a 32-bit capability (CAP_NET_RAW = 13).
2017-12-19 19:00:27 +03:00
Roman Arutyunyan
0e92c213f5 Improved the capabilities feature detection.
Previously included file sys/capability.h mentioned in capset(2) man page,
belongs to the libcap-dev package, which may not be installed on some Linux
systems when compiling nginx.  This prevented the capabilities feature from
being detected and compiled on that systems.

Now linux/capability.h system header is included instead.  Since capset()
declaration is located in sys/capability.h, now capset() syscall is defined
explicitly in code using the SYS_capset constant, similarly to other
Linux-specific features in nginx.
2017-12-18 21:09:39 +03:00
Roman Arutyunyan
752f66bf7d Retain CAP_NET_RAW capability for transparent proxying.
The capability is retained automatically in unprivileged worker processes after
changing UID if transparent proxying is enabled at least once in nginx
configuration.

The feature is only available in Linux.
2017-12-13 20:40:53 +03:00
Maxim Dounin
529ce10058 Configure: sched_setaffinity() test moved to auto/unix.
The sched_setaffinity() function was introduced in DragonFly BSD 4.7,
so it is no longer Linux-specific.

Prodded by Sepherosa Ziehau.
2017-05-29 16:48:30 +03:00
Valentin Bartenev
5c2dd3913a Events: support for EPOLLEXCLUSIVE.
This flag appeared in Linux 4.5 and is useful for avoiding thundering herd
problem.

The current Linux kernel implementation walks the list of exclusive waiters,
and queues an event to each epfd, until it finds the first waiter that has
threads blocked on it via epoll_wait().
2016-07-15 15:18:57 +03:00
Piotr Sikora
f8c6a0800c Configure: fix build with -Werror=unused-but-set-variable.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-06-27 15:00:03 -07:00
Ruslan Ermilov
33b8e5bc06 Removed the obsolete rtsig module. 2015-04-23 14:17:40 +03:00
Valentin Bartenev
182a05b9d5 Events: support for EPOLLRDHUP (ticket #320).
Since Linux 2.6.17, epoll is able to report about peer half-closed connection
using special EPOLLRDHUP flag on a read event.
2013-07-12 14:51:07 +04:00
Valentin Bartenev
7b37384140 Disable symlinks: use O_PATH to open path components.
It was introduced in Linux 2.6.39, glibc 2.14 and allows to obtain
file descriptors without actually opening files.  Thus made it possible
to traverse path with openat() syscalls without the need to have read
permissions for path components.  It is effectively emulates O_SEARCH
which is missing on Linux.

O_PATH is used in combination with O_RDONLY.  The last one is ignored
if O_PATH is used, but it allows nginx to not fail when it was built on
modern system (i.e. glibc 2.14+) and run with a kernel older than 2.6.39.
Then O_PATH is unknown to the kernel and ignored, while O_RDONLY is used.

Sadly, fstat() is not working with O_PATH descriptors till Linux 3.6.
As a workaround we fallback to fstatat() with the AT_EMPTY_PATH flag
that was introduced at the same time as O_PATH.
2013-09-02 08:07:59 +04:00
Ruslan Ermilov
fbd32d4d19 worker_cpu_affinity: cleaned up Linux implementation, added FreeBSD support. 2012-03-21 13:58:51 +00:00
Ruslan Ermilov
4489fa8893 Fixed compilation warnings in configuration C tests.
Based on a patch by Piotr Sikora.
2012-03-15 20:39:38 +00:00
Maxim Konovalov
f8d59e33f3 Copyright updated. 2012-01-18 15:07:43 +00:00
Maxim Dounin
1a664a80a9 Configure: catch up with new Linux version numbering (ticket #5).
Catch up with new Linux version numbering scheme as announced at [1] and
suppress unrecognized versions to actually use default 0.

[1] https://lkml.org/lkml/2011/5/29/204
2011-08-13 15:15:50 +00:00
Igor Sysoev
c8832ccc1d posix_fadvise64() had been implemented in Linux 2.5.60 2009-11-03 16:29:47 +00:00
Igor Sysoev
ba1ff6e946 fix Linux "uname -r" version matching 2009-08-24 11:04:46 +00:00
Igor Sysoev
1290cf83af fix GNU strerror_r() detection, the bug has been inroduced in r2600 2009-04-24 09:38:48 +00:00
Igor Sysoev
c919d3178a autoconfigure crypt_r(): uclibc has no crypt_r() 2009-04-02 13:46:39 +00:00
Igor Sysoev
1be7419d10 ngx_fs_bsize() 2009-03-30 07:43:06 +00:00
Igor Sysoev
0f825e6440 fix Linux sendfile32() test broken in 0.3.36 2009-03-23 20:30:25 +00:00
Igor Sysoev
92d543deaa style fix 2009-03-23 20:26:33 +00:00
Igor Sysoev
bb46edaf67 use uname instead of often outdated header file 2008-03-11 16:29:18 +00:00
Igor Sysoev
2f0d79c896 use correct version: real hex numbers 2008-03-11 16:27:44 +00:00
Igor Sysoev
001a9cfa37 disable rtsig automatic building in post 2.6.18 Linux kernels 2008-03-10 14:35:21 +00:00
Igor Sysoev
d48d0d9f42 rtsig uses own poll code 2008-03-08 15:15:18 +00:00
Igor Sysoev
0ec09f9196 test PCRE in FreeBSD, Linux, and NetBSD 2006-11-27 11:07:09 +00:00
Igor Sysoev
6d16e1e1df nginx-0.3.36-RELEASE import
*) Feature: the ngx_http_addition_filter_module.

    *) Feature: the "proxy_pass" and "fastcgi_pass" directives may be used
       inside the "if" block.

    *) Feature: the "proxy_ignore_client_abort" and
       "fastcgi_ignore_client_abort" directives.

    *) Feature: the "$request_completion" variable.

    *) Feature: the ngx_http_perl_module supports the $r->request_method
       and $r->remote_addr.

    *) Feature: the ngx_http_ssi_module supports the "elif" command.

    *) Bugfix: the "\/" string in the expression of the "if" command of the
       ngx_http_ssi_module was treated incorrectly.

    *) Bugfix: in the regular expressions in the "if" command of the
       ngx_http_ssi_module.

    *) Bugfix: if the relative path was specified in the
       "client_body_temp_path", "proxy_temp_path", "fastcgi_temp_path", and
       "perl_modules" directives, then the directory was used relatively to
       a current path but not to a server prefix.
2006-04-05 13:40:54 +00:00
Igor Sysoev
43f279dc9c nginx-0.3.17-RELEASE import
*) Change: now on Linux configure checks the presence of epoll and
       sendfile64() in kernel.

    *) Feature: the "map" directive supports domain names in the
       ".domain.tld" form.

    *) Bugfix: the timeouts were not used in SSL handshake; the bug had
       appeared in 0.2.4.

    *) Bugfix: in the HTTPS protocol in the "proxy_pass" directive.

    *) Bugfix: when the HTTPS protocol was used in the "proxy_pass"
       directive the port 80 was used by default.
2005-12-18 16:02:44 +00:00
Igor Sysoev
d3283ff922 nginx-0.3.13-RELEASE import
*) Feature: the IMAP/POP3 proxy supports STARTTLS and STLS.

    *) Bugfix: the IMAP/POP3 proxy did not work with the select, poll, and
       /dev/poll methods.

    *) Bugfix: in SSI handling.

    *) Bugfix: now Solaris sendfilev() is not used to transfer the client
       request body to FastCGI-server via the unix domain socket.

    *) Bugfix: the "auth_basic" directive did not disable the
       authorization; the bug had appeared in 0.3.11.
2005-12-05 13:18:09 +00:00
Igor Sysoev
0e5dc5cff6 nginx-0.3.10-RELEASE import
*) Change: the "valid_referers" directive and the "$invalid_referer"
       variable were moved to the new ngx_http_referer_module from the
       ngx_http_rewrite_module.

    *) Change: the "$apache_bytes_sent" variable name was changed to
       "$body_bytes_sent".

    *) Feature: the "$sent_http_..." variables.

    *) Feature: the "if" directive supports the "=" and "!=" operations.

    *) Feature: the "proxy_pass" directive supports the HTTPS protocol.

    *) Feature: the "proxy_set_body" directive.

    *) Feature: the "post_action" directive.

    *) Feature: the ngx_http_empty_gif_module.

    *) Feature: the "worker_cpu_affinity" directive for Linux.

    *) Bugfix: the "rewrite" directive did not unescape URI part in
       redirect, now it is unescaped except the %00-%25 and %7F-%FF
       characters.

    *) Bugfix: nginx could not be built by the icc 9.0 compiler.

    *) Bugfix: if the SSI was enabled for zero size static file, then the
       chunked response was encoded incorrectly.
2005-11-15 13:30:52 +00:00
Igor Sysoev
c2068d08f0 nginx-0.3.3-RELEASE import
*) Change: the "bl" and "af" parameters of the "listen" directive was
       renamed to the "backlog" and "accept_filter".

    *) Feature: the "rcvbuf" and "sndbuf" parameters of the "listen"
       directive.

    *) Change: the "$msec" log parameter does not require now the
       additional the gettimeofday() system call.

    *) Feature: the -t switch now tests the "listen" directives.

    *) Bugfix: if the invalid address was specified in the "listen"
       directive, then after the -HUP signal nginx left an open socket in
       the CLOSED state.

    *) Bugfix: the mime type may be incorrectly set to default value for
       index file with variable in the name; the bug had appeared in 0.3.0.

    *) Feature: the "timer_resolution" directive.

    *) Feature: the millisecond "$upstream_response_time" log parameter.

    *) Bugfix: a temporary file with client request body now is removed
       just after the response header was transferred to a client.

    *) Bugfix: OpenSSL 0.9.6 compatibility.

    *) Bugfix: the SSL certificate and key file paths could not be relative.

    *) Bugfix: the "ssl_prefer_server_ciphers" directive did not work in
       the ngx_imap_ssl_module.

    *) Bugfix: the "ssl_protocols" directive allowed to specify the single
       protocol only.
2005-10-19 12:33:58 +00:00
Igor Sysoev
e31e90b3e1 nginx-0.1.32-RELEASE import
*) Bugfix: the arguments were omitted in the redirects, issued by the
       "rewrite" directive; the bug had appeared in 0.1.29.

    *) Feature: the "if" directive supports the captures in regular
       expressions.

    *) Feature: the "set" directive supports the variables and the captures
       of regular expressions.

    *) Feature: the "X-Accel-Redirect" response header line is supported in
       proxy and FastCGI mode.
2005-05-19 13:25:22 +00:00
Igor Sysoev
899b44eab2 nginx-0.1.29-RELEASE import
*) Feature: the ngx_http_ssi_module supports "include virtual" command.

    *) Feature: the ngx_http_ssi_module supports the condition command like
       'if expr="$NAME"' and "else" and "endif" commands. Only one nested
       level is supported.

    *) Feature: the ngx_http_ssi_module supports the DATE_LOCAL and
       DATE_GMT variables and "config timefmt" command.

    *) Feature: the "ssi_ignore_recycled_buffers" directive.

    *) Bugfix: the "echo" command did not show the default value for the
       empty QUERY_STRING variable.

    *) Change: the ngx_http_proxy_module was rewritten.

    *) Feature: the "proxy_redirect", "proxy_pass_request_headers",
       "proxy_pass_request_body", and "proxy_method" directives.

    *) Feature: the "proxy_set_header" directive. The "proxy_x_var" was
       canceled and must be replaced with the proxy_set_header directive.

    *) Change: the "proxy_preserve_host" is canceled and must be replaced
       with the "proxy_set_header Host $host" and the "proxy_redirect off"
       directives, the "proxy_set_header Host $host:$proxy_port" directive
       and the appropriate proxy_redirect directives.

    *) Change: the "proxy_set_x_real_ip" is canceled and must be replaced
       with the "proxy_set_header X-Real-IP $remote_addr" directive.

    *) Change: the "proxy_add_x_forwarded_for" is canceled and must be
       replaced with
       the "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for"
       directive.

    *) Change: the "proxy_set_x_url" is canceled and must be replaced with
       the "proxy_set_header X-URL http://$host:$server_port$request_uri"
       directive.

    *) Feature: the "fastcgi_param" directive.

    *) Change: the "fastcgi_root", "fastcgi_set_var" and "fastcgi_params"
       directive are canceled and must be replaced with the fastcgi_param
       directives.

    *) Feature: the "index" directive can use the variables.

    *) Feature: the "index" directive can be used at http and server levels.

    *) Change: the last index only in the "index" directive can be absolute.

    *) Feature: the "rewrite" directive can use the variables.

    *) Feature: the "internal" directive.

    *) Feature: the CONTENT_LENGTH, CONTENT_TYPE, REMOTE_PORT, SERVER_ADDR,
       SERVER_PORT, SERVER_PROTOCOL, DOCUMENT_ROOT, SERVER_NAME,
       REQUEST_METHOD, REQUEST_URI, and REMOTE_USER variables.

    *) Change: nginx now passes the invalid lines in a client request
       headers or a backend response header.

    *) Bugfix: if the backend did not transfer response for a long time and
       the "send_timeout" was less than "proxy_read_timeout", then nginx
       returned the 408 response.

    *) Bugfix: the segmentation fault was occurred if the backend sent an
       invalid line in response header; the bug had appeared in 0.1.26.

    *) Bugfix: the segmentation fault may occurred in FastCGI fault
       tolerance configuration.

    *) Bugfix: the "expires" directive did not remove the previous
       "Expires" and "Cache-Control" headers.

    *) Bugfix: nginx did not take into account trailing dot in "Host"
       header line.

    *) Bugfix: the ngx_http_auth_module did not work under Linux.

    *) Bugfix: the rewrite directive worked incorrectly, if the arguments
       were in a request.

    *) Bugfix: nginx could not be built on MacOS X.
2005-05-12 14:58:06 +00:00
Igor Sysoev
4d656dcd0b nginx-0.1.26-RELEASE import
*) Change: the invalid client header lines are now ignored and logged
       at the info level.

    *) Change: the server name is also logged in error log.

    *) Feature: the ngx_http_auth_basic_module module and the auth_basic
       and auth_basic_user_file directives.
2005-03-22 16:02:46 +00:00
Igor Sysoev
d039a2e193 nginx-0.1.21-RELEASE import
*) Bugfix: the ngx_http_stub_status_module showed incorrect statistics
       if "rtsig" method was used or if several worker process ran on SMP.

    *) Bugfix: nginx could not be built by the icc compiler on Linux or if
       the zlib-1.2.x library was building from sources.

    *) Bugfix: nginx could not be built on NetBSD 2.0.
2005-02-22 14:40:13 +00:00
Igor Sysoev
b1dfe478a0 nginx-0.1.13-RELEASE import
*) Feature: the server_names_hash and server_names_hash_threshold
       directives.

    *) Bugfix: the *.domain.tld names in the "server_name" directive did
       not work.

    *) Bugfix: the %request_length log parameter logged the incorrect
       length.
2004-12-21 12:30:30 +00:00
Igor Sysoev
42b12b34fa nginx-0.1.11-RELEASE import
*) Feature: the worker_priority directive.

    *) Change: both tcp_nopush and tcp_nodelay directives affect the
       transferred response.

    *) Bugfix: nginx did not call initgroups().
       Thanks to Andrew Sitnikov and Andrei Nigmatulin.

    *) Change: now the ngx_http_autoindex_module shows the file size in the
       bytes.

    *) Bugfix: the ngx_http_autoindex_module returned the 500 error if the
       broken symlink was in a directory.

    *) Bugfix: the files bigger than 4G could not be transferred using
       sendfile.

    *) Bugfix: if the backend was resolved to several backends and there
       was an error while the response waiting then process may got caught
       in an endless loop.

    *) Bugfix: the worker process may exit with the "unknown cycle" message
       when the /dev/poll method was used.

    *) Bugfix: "close() channel failed" errors.

    *) Bugfix: the autodetection of the "nobody" and "nogroup" groups.

    *) Bugfix: the send_lowat directive did not work on Linux.

    *) Bugfix: the segmentation fault occurred if there was no events
       section in configuration.

    *) Bugfix: nginx could not be built on OpenBSD.

    *) Bugfix: the double slashes in "://" in the URI were converted to
       ":/".
2004-12-02 18:40:46 +00:00
Igor Sysoev
f69060481e nginx-0.1.9-RELEASE import
*) Bugfix: the proxied request was sent without arguments if the
       request contains "//", "/./", "/../" or "%XX".

    *) Bugfix: the large compressed responses may be transferred not
       completely.

    *) Bugfix: the files bigger than 2G was not transferred on Linux that
       does not support sendfile64().

    *) Bugfix: while the build configuration on Linux the
       --with-poll_module parameter was required; the bug had appeared in
       0.1.8.
2004-11-25 16:17:31 +00:00
Igor Sysoev
d43bee8ee9 nginx-0.1.8-RELEASE import
*) Bugfix: in the ngx_http_autoindex_module if the long file names were
       in the listing.

    *) Feature: the "^~" modifier in the location directive.

    *) Feature: the proxy_max_temp_file_size directive.
2004-11-20 19:52:20 +00:00
Igor Sysoev
1b73583ba2 nginx-0.1.5-RELEASE import
*) Bugfix: on Solaris and Linux there may be too many "recvmsg()
       returned not enough data" alerts.

    *) Bugfix: there were the "writev() failed (22: Invalid argument)"
       errors on Solaris in proxy mode without sendfile. On other platforms
       that do not support sendfile at all the process got caught in an
       endless loop.

    *) Bugfix: segmentation fault on Solaris in proxy mode and using
       sendfile.

    *) Bugfix: segmentation fault on Solaris.

    *) Bugfix: on-line upgrade did not work on Linux.

    *) Bugfix: the ngx_http_autoindex_module module did not escape the
       spaces, the quotes, and the percent signs in the directory listing.

    *) Change: the decrease of the copy operations.

    *) Feature: the userid_p3p directive.
2004-11-11 14:07:14 +00:00
Igor Sysoev
c0edbcce58 nginx-0.1.2-RELEASE import
*) Feature: the --user=USER, --group=GROUP, and --with-ld-opt=OPTIONS
       options in configure.

    *) Feature: the server_name directive supports *.domain.tld.

    *) Bugfix: the portability improvements.

    *) Bugfix: if configuration file was set in command line, the
       reconfiguration was impossible; the bug had appeared in 0.1.1.

    *) Bugfix: proxy module may get caught in an endless loop when sendfile
       is not used.

    *) Bugfix: with sendfile the response was not recoded according to the
       charset module directives; the bug had appeared in 0.1.1.

    *) Bugfix: very seldom bug in the kqueue processing.

    *) Bugfix: the gzip module compressed the proxied responses that was
       already compressed.
2004-10-21 15:34:38 +00:00
Igor Sysoev
ff8da91784 nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright 2004-09-29 16:00:49 +00:00
Igor Sysoev
d09f7a1e9a nginx-0.0.7-2004-06-15-21:47:16 import 2004-06-15 17:47:16 +00:00
Igor Sysoev
87350f269d nginx-0.0.7-2004-06-15-11:55:11 import 2004-06-15 07:55:11 +00:00
Igor Sysoev
f07f63ae46 nginx-0.0.5-2004-06-11-20:58:33 import 2004-06-11 16:58:33 +00:00
Igor Sysoev
0ed19ccad1 nginx-0.0.4-2004-06-10-22:36:57 import 2004-06-10 18:36:57 +00:00
Igor Sysoev
6881bfb990 nginx-0.0.3-2004-03-30-10:27:36 import 2004-03-30 06:27:36 +00:00
Igor Sysoev
6bb889f442 nginx-0.0.2-2004-03-11-18:42:41 import 2004-03-11 15:42:41 +00:00