Commit Graph

694 Commits

Author SHA1 Message Date
Ruslan Ermilov
bd89c448b7 Removed NGX_OPENSSL_QUIC macro, NGX_QUIC is enough. 2021-09-14 12:09:13 +03:00
Ruslan Ermilov
7a45071cb6 Changed the OpenSSL QUIC support detection.
As was changed in 253cf267f95a.
2021-09-09 15:34:00 +03:00
Vladimir Homutov
e1fbbfaba6 QUIC: better ordering in auto/modules. 2021-08-05 11:13:29 +03:00
Vladimir Homutov
d895a831ae HTTP/3: got rid of HTTP/2 module dependency.
The Huffman encoder/decoder now can be built separately from HTTP/2 module.
2021-08-05 11:09:13 +03:00
Vladimir Homutov
c0764bc3e9 QUIC: added support for segmentation offloading.
To improve output performance, UDP segmentation offloading is used
if available.  If there is a significant amount of data in an output
queue and path is verified, QUIC packets are not sent one-by-one,
but instead are collected in a buffer, which is then passed to kernel
in a single sendmsg call, using UDP GSO.  Such method greatly decreases
number of system calls and thus system load.
2021-07-15 14:22:00 +03:00
Vladimir Homutov
46aa440c66 Core: the ngx_event_udp.h header file. 2021-07-12 16:40:57 +03:00
Roman Arutyunyan
9e05c357cc HTTP/3: moved session initialization to a separate file.
Previously it was in ngx_http_v3_streams.c, but it's unrelated to streams.
2021-05-05 15:15:48 +03:00
Roman Arutyunyan
de75c7e3e2 HTTP/3: separate header files for existing source files. 2021-05-05 15:09:23 +03:00
Vladimir Homutov
c4f5b50c47 QUIC: connection migration.
The patch adds proper transitions between multiple networking addresses that
can be used by a single quic connection. New networking paths are validated
using PATH_CHALLENGE/PATH_RESPONSE frames.
2021-04-29 15:35:02 +03:00
Vladimir Homutov
2fd1aac46d QUIC: separate files for SSL library interfaces. 2021-04-14 14:47:04 +03:00
Vladimir Homutov
e0b73cf6a2 QUIC: separate files for tokens related processing. 2021-04-13 14:41:52 +03:00
Vladimir Homutov
8df0b6bb2c QUIC: separate files for output and ack related processing. 2021-04-13 14:41:20 +03:00
Vladimir Homutov
9326156b8b QUIC: separate files for stream related processing. 2021-04-13 14:40:00 +03:00
Vladimir Homutov
87ca8c087a QUIC: separate files for frames related processing. 2021-04-13 14:38:46 +03:00
Vladimir Homutov
118775761c QUIC: separate files for connection id related processing. 2021-04-13 14:37:41 +03:00
Sergey Kandaurov
f29e48f7ee Merged with the default branch. 2021-04-16 19:35:55 +03:00
Maxim Dounin
ca9bf16f09 Configure: fixed --test-build-epoll on FreeBSD 13.
In FreeBSD 13, eventfd(2) was added, and this breaks build
with --test-build-epoll and without --with-file-aio.  Fix is
to move eventfd(2) detection to auto/os/linux, as it is used
only on Linux as a notification mechanism for epoll().
2021-04-05 20:14:16 +03:00
Vladimir Homutov
79b66760a1 QUIC: distinct files for connection migration.
The connection migration-related code from quic.c with dependencies is moved
into separate file.
2021-03-31 14:57:15 +03:00
Vladimir Homutov
bd90c0ab79 QUIC: separate header for ngx_quic_connection_t. 2021-03-31 14:56:16 +03:00
Sergey Kandaurov
02b52e4c0b Merged with the default branch. 2021-03-10 15:39:01 +03:00
Maxim Dounin
c2e22bcf32 Mail: realip module.
When configured with the "set_real_ip_from", it can set client's IP
address as visible in logs to the one obtained via the PROXY protocol.
2021-03-05 17:16:29 +03:00
Maxim Dounin
4c5a49ce4c Introduced strerrordesc_np() support.
The strerrordesc_np() function, introduced in glibc 2.32, provides an
async-signal-safe way to obtain error messages.  This makes it possible
to avoid copying error messages.
2021-03-01 20:00:45 +03:00
Maxim Dounin
71eb19da43 Improved maximum errno detection.
Previously, systems without sys_nerr (or _sys_nerr) were handled with an
assumption that errors start at 0 and continuous.  This is, however, not
something POSIX requires, and not true on some platforms.

Notably, on Linux, where sys_nerr is no longer available for newly linked
binaries starting with glibc 2.32, there are gaps in error list, which
used to stop us from properly detecting maximum errno.  Further, on
GNU/Hurd errors start at 0x40000001.

With this change, maximum errno detection is moved to the runtime code,
now able to ignore gaps, and also detects the first error if needed.
This fixes observed "Unknown error" messages as seen on Linux with
glibc 2.32 and on GNU/Hurd.
2021-03-01 20:00:43 +03:00
Ruslan Ermilov
1bb89914d7 Configure: marked top-level make targets as phony.
Reported by Thibault Nélis.
2021-02-20 12:44:26 +03:00
Vladimir Homutov
c4f31ccca1 QUIC: ngx_quic_bpf module.
The quic kernel bpf helper inspects packet payload for DCID, extracts key
and routes the packet into socket matching the key.

Due to reuseport feature, each worker owns a personal socket, which is
identified by the same key, used to create DCID.

BPF objects are locked in RAM and are subject to RLIMIT_MEMLOCK.
The "ulimit -l" command may be used to setup proper limits, if maps
cannot be created with EPERM or updated with ETOOLONG.
2020-12-25 15:01:15 +03:00
Vladimir Homutov
b20b58ca7d Core: added interface to linux bpf() system call.
It contains wrappers for operations with BPF maps and for loading BPF programs.
2020-12-15 15:23:07 +03:00
Vladimir Homutov
fb655007a1 QUIC: ngx_quic_module. 2020-12-25 14:18:51 +03:00
Vladimir Homutov
4952711097 QUIC: moved all quic sources into src/event/quic. 2020-12-25 14:01:28 +03:00
Roman Arutyunyan
4b440cbf97 HTTP/3: introduced ngx_http_v3_filter.
The filter is responsible for creating HTTP/3 response header and body.

The change removes differences to the default branch for
ngx_http_chunked_filter_module and ngx_http_header_filter_module.
2020-11-27 17:46:21 +00:00
Igor Ippolitov
7e1637a316 Core: "-e" command line option.
When installing or running from a non-root user it is sometimes required to
override default, compiled in error log path. There was no way to do this
without rebuilding the binary (ticket #147).

This patch introduced "-e" command line option which allows one to override
compiled in error log path.
2020-11-19 16:59:00 +00:00
Sergey Kandaurov
5a9a897d7b Merged with the default branch. 2020-11-24 17:19:40 +00:00
Maxim Dounin
23597e97f5 Configure: shared sources for addon modules.
Addon modules, both dynamic and static, can now use shared source files.
Shared sources result in only one make rule even if specified several
times in different modules.
2020-11-10 17:13:20 +03:00
Maxim Dounin
3030907f5f Configure: initialization of NGX_ADDON_SRCS. 2020-11-10 17:13:17 +03:00
Maxim Dounin
82a56ff85a Configure: style. 2020-11-10 17:13:14 +03:00
Sergey Kandaurov
88cb4d3ab0 Merged with the default branch. 2020-10-01 12:21:11 +01:00
Pavel Pautov
c85d6fec21 Stream: set module.
Adds 'set' directive to the stream server context.
2020-08-28 14:10:54 -07:00
Roman Arutyunyan
47ed87f855 HTTP/3: renamed ngx_http_v3.c to ngx_http_v3_encode.c.
The file contains only encoding functions.
2020-07-13 12:38:08 +03:00
Roman Arutyunyan
36f2873f6b QUIC: added "quic" listen parameter in Stream.
Also, introduced ngx_stream_quic_module.
2020-07-21 23:08:39 +03:00
Roman Arutyunyan
b813b9ec35 QUIC: added "quic" listen parameter.
The parameter allows processing HTTP/0.9-2 over QUIC.

Also, introduced ngx_http_quic_module and moved QUIC settings there
2020-07-21 23:09:22 +03:00
Sergey Kandaurov
0a11fdbb28 Compatibility with BoringSSL master branch.
Recently BoringSSL introduced SSL_set_quic_early_data_context()
that serves as an additional constrain to enable 0-RTT in QUIC.

Relevant changes:
 * https://boringssl.googlesource.com/boringssl/+/7c52299%5E!/
 * https://boringssl.googlesource.com/boringssl/+/8519432%5E!/
2020-06-01 19:53:13 +03:00
Sergey Kandaurov
1a6fc01fb8 Configure: fixed static compilation with OpenSSL 1.1.1 / BoringSSL.
See 7246:04ebf29eaf5b for details.
2020-05-01 13:02:30 +03:00
Sergey Kandaurov
b7b3aca704 Configure: unbreak with old OpenSSL, --with-http_v3_module added. 2020-04-30 15:47:43 +03:00
Roman Arutyunyan
01dc7445f0 Refactored HTTP/3 parser. 2020-03-18 13:46:35 +03:00
Vladimir Homutov
23dc6a68a4 Extracted transport part of the code into separate file.
All code dealing with serializing/deserializing
is moved int srv/event/ngx_event_quic_transport.c/h file.

All macros for dealing with data are internal to source file.

The header file exposes frame types and error codes.

The exported functions are currently packet header parsers and writers
and frames parser/writer.

The ngx_quic_header_t structure is updated with 'log' member. This avoids
passing extra argument to parsing functions that need to report errors.
2020-03-18 12:58:27 +03:00
Vladimir Homutov
d0ebfa4cb9 Split transport and crypto parts into separate files.
New files:
    src/event/ngx_event_quic_protection.h
    src/event/ngx_event_quic_protection.c

The protection.h header provides interface to the crypto part of the QUIC:

2 functions to initialize corresponding secrets:

ngx_quic_set_initial_secret()
ngx_quic_set_encryption_secret()

and 2 functions to deal with packet processing:

ngx_quic_encrypt()
ngx_quic_decrypt()

Also, structures representing secrets are defined there.

All functions require SSL connection and a pool, only crypto operations
inside, no access to nginx connections or events.

Currently pool->log is used for the logging (instead of original c->log).
2020-03-16 19:00:47 +03:00
Roman Arutyunyan
7739b6073b HTTP/3. 2020-03-13 19:36:33 +03:00
Sergey Kandaurov
812a0b69a0 QUIC add_handshake_data callback, varint routines. 2020-02-28 13:09:51 +03:00
Sergey Kandaurov
26ac1c73f0 Initial QUIC support in http. 2020-02-28 13:09:51 +03:00
Sergey Kandaurov
e92cb24f40 HTTP UDP layer, QUIC support autotest. 2020-02-28 13:09:51 +03:00
Maxim Dounin
fac4c7bdf5 Events: available bytes calculation via ioctl(FIONREAD).
This makes it possible to avoid looping for a long time while working
with a fast enough peer when data are added to the socket buffer faster
than we are able to read and process them (ticket #1431).  This is
basically what we already do on FreeBSD with kqueue, where information
about the number of bytes in the socket buffer is returned by
the kevent() call.

With other event methods rev->available is now set to -1 when the socket
is ready for reading.  Later in ngx_recv() and ngx_recv_chain(), if
full buffer is received, real number of bytes in the socket buffer is
retrieved using ioctl(FIONREAD).  Reading more than this number of bytes
ensures that even with edge-triggered event methods the event will be
triggered again, so it is safe to stop processing of the socket and
switch to other connections.

Using ioctl(FIONREAD) only after reading a full buffer is an optimization.
With this approach we only call ioctl(FIONREAD) when there are at least
two recv()/readv() calls.
2019-10-17 16:02:19 +03:00