Commit Graph

5229 Commits

Author SHA1 Message Date
Ruslan Ermilov
f8d10849ad Removed ngx_connection_t.lock. 2015-03-20 06:43:19 +03:00
Ruslan Ermilov
b6029a8a3f Removed unix ngx_threaded and related ngx_process_changes. 2015-03-20 06:43:19 +03:00
Ruslan Ermilov
d1ec868e32 Removed old pthread implementation. 2015-03-20 06:43:19 +03:00
Ruslan Ermilov
c84c19f5bf Removed old FreeBSD rfork() thread implementation. 2015-03-20 06:43:19 +03:00
Ruslan Ermilov
c34368715f Thread pools: silence warning on process exit.
Work around pthread_cond_destroy() and pthread_mutex_destroy() returning
EBUSY.  A proper solution would be to ensure all threads are terminated.
2015-03-19 23:20:18 +03:00
Ruslan Ermilov
afe1fcffaa Thread pools: fixed the waiting tasks accounting.
Behave like POSIX semaphores.  If N worker threads are waiting for tasks,
at least that number of tasks should be allowed to be put into the queue.
2015-03-19 13:00:48 +03:00
Ruslan Ermilov
20d07074e3 Thread pools: keep waiting tasks counter in ngx_thread_pool_t.
It's not needed for completed tasks queue.

No functional changes.
2015-03-19 23:19:35 +03:00
Xiaochen Wang
85048c0397 SPDY: fixed format specifier in logging. 2015-03-15 21:46:21 +08:00
Valentin Bartenev
7ed1a9681b Added support for offloading Linux sendfile() in thread pools. 2015-03-14 17:37:30 +03:00
Valentin Bartenev
a7ad493aa6 Added support for offloading read() in thread pools. 2015-03-14 17:37:25 +03:00
Ruslan Ermilov
547c8f601f Events: implemented eventport notification mechanism. 2015-03-14 17:37:21 +03:00
Valentin Bartenev
2b3c01e995 Events: implemented kqueue notification mechanism. 2015-03-14 17:37:16 +03:00
Valentin Bartenev
e10e7a4831 Events: implemented epoll notification mechanism. 2015-03-14 17:37:13 +03:00
Valentin Bartenev
305fc021db Thread pools implementation. 2015-03-14 17:37:07 +03:00
Ruslan Ermilov
08e05a4042 Configure: removed obsolete threads bits. 2015-03-13 19:08:27 +03:00
Ruslan Ermilov
83ba5ed2ec Renamed NGX_THREADS to NGX_OLD_THREADS because of deprecation.
It's mostly dead code and the original idea of worker threads has been rejected.
2015-03-04 18:26:25 +03:00
Ruslan Ermilov
b89e3bc034 Configure: fixed type max value detection.
The code tried to use suffixes for "long" and "long long" types, but
it never worked as intended due to the bug in the shell code.  Also,
the max value for any 64-bit type other than "long long" on platforms
with 32-bit "long" would be incorrect if the bug was fixed.

So instead of fixing the bug in the shell code, always use the "int"
constant for 32-bit types, and "long long" constant for 64-bit types.
2015-03-18 02:04:39 +03:00
Ruslan Ermilov
4fe0a09942 Overflow detection in ngx_http_parse_chunked(). 2015-03-17 00:26:27 +03:00
Ruslan Ermilov
514cdb190f Overflow detection in ngx_http_range_parse(). 2015-03-17 00:26:24 +03:00
Ruslan Ermilov
a43f1bcf6e Overflow detection in ngx_inet_addr(). 2015-03-17 00:26:22 +03:00
Ruslan Ermilov
3ad3f4ae0a Core: overflow detection in ngx_parse_time() (ticket #732). 2015-03-17 00:26:20 +03:00
Ruslan Ermilov
7943fd374a Refactored ngx_parse_time().
No functional changes.
2015-03-17 00:26:18 +03:00
Ruslan Ermilov
8167ce8537 Core: overflow detection in number parsing functions. 2015-03-17 00:26:15 +03:00
Ruslan Ermilov
309928b941 Core: expose maximum values of time_t and ngx_int_t.
These are needed to detect overflows.
2015-03-17 00:24:34 +03:00
Ruslan Ermilov
d81db90455 Configure: removed redundant auto/have call.
The auto/feature call above is enough to set NGX_HAVE_SENDFILE.
2015-03-13 16:43:01 +03:00
Ruslan Ermilov
db999274ec The "aio" directive parser made smarter.
It now prints meaningful warnings on all platforms.

No functional changes.
2015-03-13 16:42:52 +03:00
Ruslan Ermilov
bcd8123913 Events: fixed typo in the error message. 2015-03-12 23:03:03 +03:00
Ruslan Ermilov
067de7dde1 Deprecated "aio sendfile".
Specifying "sendfile on" along with "aio on" activates the
aio pre-loading mode for sendfile().
2015-03-12 20:06:04 +03:00
Ruslan Ermilov
5e5540f7dc Proxy: use an appropriate error on memory allocation failure. 2015-03-04 08:12:53 +03:00
Ruslan Ermilov
c238150a57 Style: moved ngx_http_ephemeral() macro to ngx_http_request.h. 2015-03-04 08:10:40 +03:00
Ruslan Ermilov
466b3b9250 Style: use %*s format, as in 68d21fd1dc64. 2015-03-04 08:05:38 +03:00
Valentin Bartenev
a9a01e0938 Log: use ngx_cpymem() in a couple of places, no functional changes. 2015-03-04 19:20:30 +03:00
Valentin Bartenev
2f3fb935b4 Upstream keepalive: drop ready flag on EAGAIN from recv(MSG_PEEK).
Keeping the ready flag in this case might results in missing notification of
broken connection until nginx tried to use it again.

While there, stale comment about stale event was removed since this function
is also can be called directly.
2015-03-03 17:48:57 +03:00
Ruslan Ermilov
b384247262 Events: simplified ngx_event_aio_t definition.
No functional changes.
2015-03-03 18:09:13 +03:00
Valentin Bartenev
ea881578a2 Refactored ngx_linux_sendfile_chain() even more.
The code that calls sendfile() was cut into a separate function.
This simplifies EINTR processing, yet is needed for the following
changes that add threads support.
2015-02-27 19:19:08 +03:00
Maxim Dounin
a0d543595d Style.
Noted by Ruslan Ermilov.
2015-03-03 01:15:21 +03:00
Maxim Dounin
14a93c5a15 Upstream: upstream argument in ngx_http_upstream_process_request().
In case of filter finalization, r->upstream might be changed during
the ngx_event_pipe() call.  Added an argument to preserve it while
calling the ngx_http_upstream_process_request() function.
2015-03-02 21:44:42 +03:00
Maxim Dounin
2b032e8df6 Upstream: avoid duplicate finalization.
A request may be already finalized when ngx_http_upstream_finalize_request()
is called, due to filter finalization: after filter finalization upstream
can be finalized via ngx_http_upstream_cleanup(), either from
ngx_http_terminate_request(), or because a new request was initiated
to an upstream.  Then the upstream code will see an error returned from
the filter chain and will call the ngx_http_upstream_finalize_request()
function again.

To prevent corruption of various upstream data in this situation, make sure
to do nothing but merely call ngx_http_finalize_request().

Prodded by Yichun Zhang, for details see the thread at
http://nginx.org/pipermail/nginx-devel/2015-February/006539.html.
2015-03-02 21:44:32 +03:00
Roman Arutyunyan
46a2236f22 SSL: reset ready flag if recv(MSG_PEEK) found no bytes in socket.
Previously, connection hung after calling ngx_http_ssl_handshake() with
rev->ready set and no bytes in socket to read.  It's possible in at least the
following cases:

 - when processing a connection with expired TCP_DEFER_ACCEPT on Linux
 - after parsing PROXY protocol header if it arrived in a separate TCP packet

Thanks to James Hamlin.
2015-03-02 21:15:46 +03:00
Roman Arutyunyan
f0b5f83378 Cache: do not inherit last_modified and etag from stale response.
When replacing a stale cache entry, its last_modified and etag could be
inherited from the old entry if the response code is not 200 or 206.  Moreover,
etag could be inherited with any response code if it's missing in the new
response.  As a result, the cache entry is left with invalid last_modified or
etag which could lead to broken revalidation.

For example, when a file is deleted from backend, its last_modified is copied to
the new 404 cache entry and is used later for revalidation.  Once the old file
appears again with its original timestamp, revalidation succeeds and the cached
404 response is sent to client instead of the file.

The problem appeared with etags in 44b9ab7752e3 (1.7.3) and affected
last_modified in 1573fc7875fa (1.7.9).
2015-03-02 19:47:13 +03:00
Roman Arutyunyan
bf7d76b943 Upstream hash: speedup consistent hash init.
Repeatedly calling ngx_http_upstream_add_chash_point() to create
the points array in sorted order, is O(n^2) to the total weight.
This can cause nginx startup and reconfigure to be substantially
delayed.  For example, when total weight is 1000, startup takes
5s on a modern laptop.

Replace this with a linear insertion followed by QuickSort and
duplicates removal.  Startup for total weight of 1000 reduces to 40ms.

Based on a patch by Wai Keen Woon.
2015-03-02 18:41:29 +03:00
Sergey Kandaurov
de3adad807 Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client.
Previously, the Auth-SSL-Verify header with the "NONE" value was always passed
to the auth_http script if verification of client certificates is disabled.
2015-02-27 16:28:31 +03:00
Maxim Dounin
faec547771 Mail: client SSL certificates support.
The "ssl_verify_client", "ssl_verify_depth", "ssl_client_certificate",
"ssl_trusted_certificate", and "ssl_crl" directives introduced to control
SSL client certificate verification in mail proxy module.

If there is a certificate, detail of the certificate are passed to
the auth_http script configured via Auth-SSL-Verify, Auth-SSL-Subject,
Auth-SSL-Issuer, Auth-SSL-Serial, Auth-SSL-Fingerprint headers.  If
the auth_http_pass_client_cert directive is set, client certificate
in PEM format will be passed in the Auth-SSL-Cert header (urlencoded).

If there is no required certificate provided during an SSL handshake
or certificate verification fails then a protocol-specific error is
returned after the SSL handshake and the connection is closed.

Based on previous work by Sven Peter, Franck Levionnois and Filipe Da Silva.
2015-02-25 17:48:05 +03:00
Maxim Dounin
78e1a8ed7f Mail: added Auth-SSL header to indicate SSL.
Based on a patch by Filipe da Silva.
2015-02-25 17:47:49 +03:00
Maxim Dounin
52c5ba0f37 Mail: fixed buffer allocation for CRLF after Auth-SMTP-* headers.
There were no buffer overruns in real life as there is extra space
allocated for the Auth-Login-Attempt counter.
2015-02-25 17:47:43 +03:00
Ruslan Ermilov
c2c9a1c03e SSL: account sent bytes in ngx_ssl_write(). 2015-02-24 23:52:47 +03:00
Maxim Dounin
7dd799357d Core: fixed potential buffer overrun when initializing hash.
Initial size as calculated from the number of elements may be bigger
than max_size.  If this happens, make sure to set size to max_size.

Reported by Chris West.
2015-02-24 18:37:14 +03:00
Ruslan Ermilov
a4ce770a89 Cache: reduced diffs to the plus version of nginx.
No functional changes.
2015-02-17 16:27:52 +03:00
Roman Arutyunyan
6337c1d185 Core: make ngx_connection_local_sockaddr() always assign address.
Previously, this function checked for connection local address existence
and returned error if it was missing.  Now a new address is assigned in this
case making it possible to call this function not only for accepted connections.
2015-02-17 14:26:44 +03:00
Sergey Kandaurov
7f3f7fec77 Configure: typo fixed. 2015-02-11 20:18:55 +03:00