mirror of
https://github.com/nginx/nginx.git
synced 2025-01-07 17:27:48 +08:00
c4f31ccca1
The quic kernel bpf helper inspects packet payload for DCID, extracts key and routes the packet into socket matching the key. Due to reuseport feature, each worker owns a personal socket, which is identified by the same key, used to create DCID. BPF objects are locked in RAM and are subject to RLIMIT_MEMLOCK. The "ulimit -l" command may be used to setup proper limits, if maps cannot be created with EPERM or updated with ETOOLONG.
275 lines
7.1 KiB
Plaintext
275 lines
7.1 KiB
Plaintext
|
|
# Copyright (C) Igor Sysoev
|
|
# Copyright (C) Nginx, Inc.
|
|
|
|
|
|
have=NGX_LINUX . auto/have_headers
|
|
|
|
CORE_INCS="$UNIX_INCS"
|
|
CORE_DEPS="$UNIX_DEPS $LINUX_DEPS"
|
|
CORE_SRCS="$UNIX_SRCS $LINUX_SRCS"
|
|
|
|
ngx_spacer='
|
|
'
|
|
|
|
cc_aux_flags="$CC_AUX_FLAGS"
|
|
CC_AUX_FLAGS="$cc_aux_flags -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64"
|
|
|
|
|
|
# Linux kernel version
|
|
|
|
version=$((`uname -r \
|
|
| sed -n -e 's/^\([0-9][0-9]*\)\.\([0-9][0-9]*\)\.\([0-9][0-9]*\).*/ \
|
|
\1*256*256+\2*256+\3/p' \
|
|
-e 's/^\([0-9][0-9]*\)\.\([0-9][0-9]*\).*/\1*256*256+\2*256/p'`))
|
|
|
|
version=${version:-0}
|
|
|
|
|
|
# posix_fadvise64() had been implemented in 2.5.60
|
|
|
|
if [ $version -lt 132412 ]; then
|
|
have=NGX_HAVE_POSIX_FADVISE . auto/nohave
|
|
fi
|
|
|
|
# epoll, EPOLLET version
|
|
|
|
ngx_feature="epoll"
|
|
ngx_feature_name="NGX_HAVE_EPOLL"
|
|
ngx_feature_run=yes
|
|
ngx_feature_incs="#include <sys/epoll.h>"
|
|
ngx_feature_path=
|
|
ngx_feature_libs=
|
|
ngx_feature_test="int efd = 0;
|
|
struct epoll_event ee;
|
|
ee.events = EPOLLIN|EPOLLOUT|EPOLLET;
|
|
ee.data.ptr = NULL;
|
|
(void) ee;
|
|
efd = epoll_create(100);
|
|
if (efd == -1) return 1;"
|
|
. auto/feature
|
|
|
|
if [ $ngx_found = yes ]; then
|
|
have=NGX_HAVE_CLEAR_EVENT . auto/have
|
|
CORE_SRCS="$CORE_SRCS $EPOLL_SRCS"
|
|
EVENT_MODULES="$EVENT_MODULES $EPOLL_MODULE"
|
|
EVENT_FOUND=YES
|
|
|
|
|
|
# EPOLLRDHUP appeared in Linux 2.6.17, glibc 2.8
|
|
|
|
ngx_feature="EPOLLRDHUP"
|
|
ngx_feature_name="NGX_HAVE_EPOLLRDHUP"
|
|
ngx_feature_run=no
|
|
ngx_feature_incs="#include <sys/epoll.h>"
|
|
ngx_feature_path=
|
|
ngx_feature_libs=
|
|
ngx_feature_test="int efd = 0, fd = 0;
|
|
struct epoll_event ee;
|
|
ee.events = EPOLLIN|EPOLLRDHUP|EPOLLET;
|
|
ee.data.ptr = NULL;
|
|
epoll_ctl(efd, EPOLL_CTL_ADD, fd, &ee)"
|
|
. auto/feature
|
|
|
|
|
|
# EPOLLEXCLUSIVE appeared in Linux 4.5, glibc 2.24
|
|
|
|
ngx_feature="EPOLLEXCLUSIVE"
|
|
ngx_feature_name="NGX_HAVE_EPOLLEXCLUSIVE"
|
|
ngx_feature_run=no
|
|
ngx_feature_incs="#include <sys/epoll.h>"
|
|
ngx_feature_path=
|
|
ngx_feature_libs=
|
|
ngx_feature_test="int efd = 0, fd = 0;
|
|
struct epoll_event ee;
|
|
ee.events = EPOLLIN|EPOLLEXCLUSIVE;
|
|
ee.data.ptr = NULL;
|
|
epoll_ctl(efd, EPOLL_CTL_ADD, fd, &ee)"
|
|
. auto/feature
|
|
fi
|
|
|
|
|
|
# O_PATH and AT_EMPTY_PATH were introduced in 2.6.39, glibc 2.14
|
|
|
|
ngx_feature="O_PATH"
|
|
ngx_feature_name="NGX_HAVE_O_PATH"
|
|
ngx_feature_run=no
|
|
ngx_feature_incs="#include <sys/types.h>
|
|
#include <sys/stat.h>
|
|
#include <fcntl.h>"
|
|
ngx_feature_path=
|
|
ngx_feature_libs=
|
|
ngx_feature_test="int fd; struct stat sb;
|
|
fd = openat(AT_FDCWD, \".\", O_PATH|O_DIRECTORY|O_NOFOLLOW);
|
|
if (fstatat(fd, \"\", &sb, AT_EMPTY_PATH) != 0) return 1"
|
|
. auto/feature
|
|
|
|
|
|
# sendfile()
|
|
|
|
CC_AUX_FLAGS="$cc_aux_flags -D_GNU_SOURCE"
|
|
ngx_feature="sendfile()"
|
|
ngx_feature_name="NGX_HAVE_SENDFILE"
|
|
ngx_feature_run=yes
|
|
ngx_feature_incs="#include <sys/sendfile.h>
|
|
#include <errno.h>"
|
|
ngx_feature_path=
|
|
ngx_feature_libs=
|
|
ngx_feature_test="int s = 0, fd = 1;
|
|
ssize_t n; off_t off = 0;
|
|
n = sendfile(s, fd, &off, 1);
|
|
if (n == -1 && errno == ENOSYS) return 1"
|
|
. auto/feature
|
|
|
|
if [ $ngx_found = yes ]; then
|
|
CORE_SRCS="$CORE_SRCS $LINUX_SENDFILE_SRCS"
|
|
fi
|
|
|
|
|
|
# sendfile64()
|
|
|
|
CC_AUX_FLAGS="$cc_aux_flags -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64"
|
|
ngx_feature="sendfile64()"
|
|
ngx_feature_name="NGX_HAVE_SENDFILE64"
|
|
ngx_feature_run=yes
|
|
ngx_feature_incs="#include <sys/sendfile.h>
|
|
#include <errno.h>"
|
|
ngx_feature_path=
|
|
ngx_feature_libs=
|
|
ngx_feature_test="int s = 0, fd = 1;
|
|
ssize_t n; off_t off = 0;
|
|
n = sendfile(s, fd, &off, 1);
|
|
if (n == -1 && errno == ENOSYS) return 1"
|
|
. auto/feature
|
|
|
|
|
|
ngx_include="sys/prctl.h"; . auto/include
|
|
|
|
# prctl(PR_SET_DUMPABLE)
|
|
|
|
ngx_feature="prctl(PR_SET_DUMPABLE)"
|
|
ngx_feature_name="NGX_HAVE_PR_SET_DUMPABLE"
|
|
ngx_feature_run=yes
|
|
ngx_feature_incs="#include <sys/prctl.h>"
|
|
ngx_feature_path=
|
|
ngx_feature_libs=
|
|
ngx_feature_test="if (prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) == -1) return 1"
|
|
. auto/feature
|
|
|
|
|
|
# prctl(PR_SET_KEEPCAPS)
|
|
|
|
ngx_feature="prctl(PR_SET_KEEPCAPS)"
|
|
ngx_feature_name="NGX_HAVE_PR_SET_KEEPCAPS"
|
|
ngx_feature_run=yes
|
|
ngx_feature_incs="#include <sys/prctl.h>"
|
|
ngx_feature_path=
|
|
ngx_feature_libs=
|
|
ngx_feature_test="if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1) return 1"
|
|
. auto/feature
|
|
|
|
|
|
# capabilities
|
|
|
|
ngx_feature="capabilities"
|
|
ngx_feature_name="NGX_HAVE_CAPABILITIES"
|
|
ngx_feature_run=no
|
|
ngx_feature_incs="#include <linux/capability.h>
|
|
#include <sys/syscall.h>"
|
|
ngx_feature_path=
|
|
ngx_feature_libs=
|
|
ngx_feature_test="struct __user_cap_data_struct data;
|
|
struct __user_cap_header_struct header;
|
|
|
|
header.version = _LINUX_CAPABILITY_VERSION_1;
|
|
data.effective = CAP_TO_MASK(CAP_NET_RAW);
|
|
data.permitted = 0;
|
|
|
|
(void) header;
|
|
(void) data;
|
|
(void) SYS_capset"
|
|
. auto/feature
|
|
|
|
|
|
# crypt_r()
|
|
|
|
ngx_feature="crypt_r()"
|
|
ngx_feature_name="NGX_HAVE_GNU_CRYPT_R"
|
|
ngx_feature_run=no
|
|
ngx_feature_incs="#include <crypt.h>"
|
|
ngx_feature_path=
|
|
ngx_feature_libs=-lcrypt
|
|
ngx_feature_test="struct crypt_data cd;
|
|
crypt_r(\"key\", \"salt\", &cd);"
|
|
. auto/feature
|
|
|
|
|
|
ngx_include="sys/vfs.h"; . auto/include
|
|
|
|
|
|
CC_AUX_FLAGS="$cc_aux_flags -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64"
|
|
|
|
|
|
# (E)BPF
|
|
|
|
ngx_feature="BPF support"
|
|
ngx_feature_name="NGX_HAVE_BPF"
|
|
ngx_feature_run=no
|
|
ngx_feature_incs="#include <linux/bpf.h>
|
|
#include <sys/syscall.h>"
|
|
ngx_feature_path=
|
|
ngx_feature_libs=
|
|
ngx_feature_test="
|
|
union bpf_attr attr = { 0 };
|
|
/* only declare BPF support if all required features found */
|
|
attr.map_flags = 0;
|
|
attr.map_type = BPF_MAP_TYPE_SOCKHASH;
|
|
syscall(__NR_bpf, 0, &attr, 0);"
|
|
|
|
. auto/feature
|
|
|
|
if [ $ngx_found = yes ]; then
|
|
BPF_FOUND=YES
|
|
|
|
CORE_SRCS="$CORE_SRCS src/core/ngx_bpf.c"
|
|
CORE_DEPS="$CORE_DEPS src/core/ngx_bpf.h"
|
|
fi
|
|
|
|
|
|
# SO_COOKIE socket option
|
|
|
|
ngx_feature="SO_COOKIE"
|
|
ngx_feature_name="NGX_HAVE_SO_COOKIE"
|
|
ngx_feature_run=no
|
|
ngx_feature_incs="#include <sys/socket.h>
|
|
#include <stdint.h>"
|
|
ngx_feature_path=
|
|
ngx_feature_libs=
|
|
ngx_feature_test="socklen_t optlen = sizeof(uint64_t);
|
|
uint64_t cookie;
|
|
getsockopt(0, SOL_SOCKET, SO_COOKIE, &cookie, &optlen)"
|
|
. auto/feature
|
|
|
|
if [ $ngx_found = yes ]; then
|
|
SO_COOKIE_FOUND=YES
|
|
have=NGX_HAVE_SO_COOKIE . auto/have
|
|
fi
|
|
|
|
|
|
# ngx_quic_bpf module uses sockhash to select socket from reuseport group,
|
|
# support appeared in Linux-5.7:
|
|
#
|
|
# commit: 9fed9000c5c6cacfcaaa48aff74818072ae294cc
|
|
# bpf: Allow selecting reuseport socket from a SOCKMAP/SOCKHASH
|
|
#
|
|
if [ $NGX_QUIC_BPF$BPF_FOUND = YESYES ]; then
|
|
echo $ngx_n "checking for kernel with reuseport/BPF support...$ngx_c"
|
|
if [ $version -lt 329472 ]; then
|
|
echo " not found (at least 5.7 is required)"
|
|
NGX_QUIC_BPF=NO
|
|
else
|
|
echo " found"
|
|
fi
|
|
fi
|
|
|