[PATCH] The "sort=" parameter of the "resolver" directive
src/core/ngx_resolver.c | 38 +- src/core/ngx_resolver.h | 5 + 2 files changed, 42 insertions(+), 1 deletions(-) # HG changeset patch # User Ruslan Ermilov # Date 1645589387 -10800 # Wed Feb 23 07:09:47 2022 +0300 # Node ID 8db4bbd67840e8bebb23f9c6d10c0f633552e616 # Parent 1c19779448db2309d607c74e2628ff98f84569ff The "sort=" parameter of the "resolver" directive. diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c --- a/src/core/ngx_resolver.c +++ b/src/core/ngx_resolver.c @@ -266,6 +266,27 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_ } #endif +if (ngx_strncmp(names[i].data, "sort=", 5) == 0) { + +if (ngx_strcasecmp([i].data[5], (u_char *) "ipv4") == 0) { +r->sort = NGX_RESOLVE_A_FIRST; + +#if (NGX_HAVE_INET6) +} else if (ngx_strcasecmp([i].data[5], (u_char *) "ipv6") + == 0) +{ +r->sort = NGX_RESOLVE__FIRST; +#endif + +} else { +ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "invalid parameter: %V", [i]); +return NULL; +} + +continue; +} + ngx_memzero(, sizeof(ngx_url_t)); u.url = names[i]; @@ -4253,7 +4274,22 @@ ngx_resolver_export(ngx_resolver_t *r, n } i = 0; -d = rotate ? ngx_random() % n : 0; + +if (r->sort == NGX_RESOLVE_A_FIRST) { +d = 0; + +#if (NGX_HAVE_INET6) +} else if (r->sort == NGX_RESOLVE__FIRST) { +d = rn->naddrs6; + +if (d == n) { +d = 0; +} +#endif + +} else { +d = rotate ? ngx_random() % n : 0; +} if (rn->naddrs) { j = rotate ? ngx_random() % rn->naddrs : 0; diff --git a/src/core/ngx_resolver.h b/src/core/ngx_resolver.h --- a/src/core/ngx_resolver.h +++ b/src/core/ngx_resolver.h @@ -36,6 +36,9 @@ #define NGX_RESOLVER_MAX_RECURSION50 +#define NGX_RESOLVE_A_FIRST 1 +#define NGX_RESOLVE__FIRST2 + typedef struct ngx_resolver_s ngx_resolver_t; @@ -185,6 +188,8 @@ struct ngx_resolver_s { ngx_queue_t addr6_expire_queue; #endif +ngx_uint_tsort; + time_tresend_timeout; time_ttcp_timeout; time_texpire; ___ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
Re: [PATCH] Add ipv4=off option in resolver like ipv6=off (ticket #1330)
On Wed, Feb 16, 2022 at 03:30:55PM +0300, Ruslan Ermilov wrote: > Hi Lukas, > > On Wed, Jan 19, 2022 at 07:47:44PM +0100, Lukas Lihotzki via nginx-devel > wrote: > > # HG changeset patch > > # User Lukas Lihotzki > > # Date 1642618053 -3600 > > # Wed Jan 19 19:47:33 2022 +0100 > > # Node ID e9f06dc2d6a4a1aa61c15009b84ceedcaf5983b2 > > # Parent aeab41dfd2606dd36cabbf01f1472726e27e8aea > > Add ipv4=off option in resolver like ipv6=off (ticket #1330). > > > > IPv6-only hosts (ticket #1330) and upstreams with IPv6 bind address > > (ticket #1535) need to disable resolving to IPv4 addresses. > > > > Ticket #1330 mentions ipv4=off is the proper fix. > > There's a number of problems in your patch. Please try this > one instead: > > # HG changeset patch > # User Ruslan Ermilov > # Date 1644873563 -10800 > # Tue Feb 15 00:19:23 2022 +0300 > # Node ID 5d2cb60a78dd32a10a0010ccff39974fd7605867 > # Parent 1add55d236522616ce34ffaa4dc697a76d3d41a4 > The "ipv4=" parameter of the "resolver" directive (ticket #2196). > > When set to "off", only IPv6 addresses will be resolved, and no > A queries are ever sent. > > diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c > --- a/src/core/ngx_resolver.c > +++ b/src/core/ngx_resolver.c > @@ -157,6 +157,8 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_ > cln->handler = ngx_resolver_cleanup; > cln->data = r; > > +r->ipv4 = 1; > + > ngx_rbtree_init(>name_rbtree, >name_sentinel, > ngx_resolver_rbtree_insert_value); > > @@ -225,6 +227,23 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_ > } > > #if (NGX_HAVE_INET6) > +if (ngx_strncmp(names[i].data, "ipv4=", 5) == 0) { > + > +if (ngx_strcmp([i].data[5], "on") == 0) { > +r->ipv4 = 1; > + > +} else if (ngx_strcmp([i].data[5], "off") == 0) { > +r->ipv4 = 0; > + > +} else { > +ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, > + "invalid parameter: %V", [i]); > +return NULL; > +} > + > +continue; > +} > + > if (ngx_strncmp(names[i].data, "ipv6=", 5) == 0) { > > if (ngx_strcmp([i].data[5], "on") == 0) { Addon to the patch: diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c --- a/src/core/ngx_resolver.c +++ b/src/core/ngx_resolver.c @@ -229,10 +229,12 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_ #if (NGX_HAVE_INET6) if (ngx_strncmp(names[i].data, "ipv4=", 5) == 0) { -if (ngx_strcmp([i].data[5], "on") == 0) { +if (ngx_strcasecmp([i].data[5], (u_char *) "on") == 0) { r->ipv4 = 1; -} else if (ngx_strcmp([i].data[5], "off") == 0) { +} else if (ngx_strcasecmp([i].data[5], (u_char *) "off") + == 0) +{ r->ipv4 = 0; } else { @@ -246,10 +248,12 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_ if (ngx_strncmp(names[i].data, "ipv6=", 5) == 0) { -if (ngx_strcmp([i].data[5], "on") == 0) { +if (ngx_strcasecmp([i].data[5], (u_char *) "on") == 0) { r->ipv6 = 1; -} else if (ngx_strcmp([i].data[5], "off") == 0) { +} else if (ngx_strcasecmp([i].data[5], (u_char *) "off") + == 0) +{ r->ipv6 = 0; } else { And a full updated patch: # HG changeset patch # User Ruslan Ermilov # Date 1645589317 -10800 # Wed Feb 23 07:08:37 2022 +0300 # Node ID 1c19779448db2309d607c74e2628ff98f84569ff # Parent 1add55d236522616ce34ffaa4dc697a76d3d41a4 The "ipv4=" parameter of the "resolver" directive (ticket #2196). When set to "off", only IPv6 addresses will be resolved, and no A queries are ever sent. diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c --- a/src/core/ngx_resolver.c +++ b/src/core/ngx_resolver.c @@ -157,6 +157,8 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_ cln->handler = ngx_resolver_cleanup; cln->data = r; +r->ipv4 = 1; + ngx_rbtree_init(>name_rbtree, >name_sentinel, ngx_resolver_rbtree_insert_value); @@ -225,12 +227,33 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_ } #if (NGX_HAVE_INET6) +if (ngx_strncmp(names[i].data, "ipv4=", 5) == 0) { + +if (ngx_strcasecmp([i].data[5], (u_char *) "on") == 0)
Re: [PATCH] Add ipv4=off option in resolver like ipv6=off (ticket #1330)
Hi Lukas, On Wed, Jan 19, 2022 at 07:47:44PM +0100, Lukas Lihotzki via nginx-devel wrote: > # HG changeset patch > # User Lukas Lihotzki > # Date 1642618053 -3600 > # Wed Jan 19 19:47:33 2022 +0100 > # Node ID e9f06dc2d6a4a1aa61c15009b84ceedcaf5983b2 > # Parent aeab41dfd2606dd36cabbf01f1472726e27e8aea > Add ipv4=off option in resolver like ipv6=off (ticket #1330). > > IPv6-only hosts (ticket #1330) and upstreams with IPv6 bind address > (ticket #1535) need to disable resolving to IPv4 addresses. > > Ticket #1330 mentions ipv4=off is the proper fix. There's a number of problems in your patch. Please try this one instead: # HG changeset patch # User Ruslan Ermilov # Date 1644873563 -10800 # Tue Feb 15 00:19:23 2022 +0300 # Node ID 5d2cb60a78dd32a10a0010ccff39974fd7605867 # Parent 1add55d236522616ce34ffaa4dc697a76d3d41a4 The "ipv4=" parameter of the "resolver" directive (ticket #2196). When set to "off", only IPv6 addresses will be resolved, and no A queries are ever sent. diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c --- a/src/core/ngx_resolver.c +++ b/src/core/ngx_resolver.c @@ -157,6 +157,8 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_ cln->handler = ngx_resolver_cleanup; cln->data = r; +r->ipv4 = 1; + ngx_rbtree_init(>name_rbtree, >name_sentinel, ngx_resolver_rbtree_insert_value); @@ -225,6 +227,23 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_ } #if (NGX_HAVE_INET6) +if (ngx_strncmp(names[i].data, "ipv4=", 5) == 0) { + +if (ngx_strcmp([i].data[5], "on") == 0) { +r->ipv4 = 1; + +} else if (ngx_strcmp([i].data[5], "off") == 0) { +r->ipv4 = 0; + +} else { +ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "invalid parameter: %V", [i]); +return NULL; +} + +continue; +} + if (ngx_strncmp(names[i].data, "ipv6=", 5) == 0) { if (ngx_strcmp([i].data[5], "on") == 0) { @@ -273,6 +292,14 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_ } } +#if (NGX_HAVE_INET6) +if (r->ipv4 + r->ipv6 == 0) { +ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "\"ipv4\" and \"ipv6\" cannot both be \"off\""); +return NULL; +} +#endif + if (n && r->connections.nelts == 0) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "no name servers defined"); return NULL; @@ -836,7 +863,7 @@ ngx_resolve_name_locked(ngx_resolver_t * r->last_connection = 0; } -rn->naddrs = (u_short) -1; +rn->naddrs = r->ipv4 ? (u_short) -1 : 0; rn->tcp = 0; #if (NGX_HAVE_INET6) rn->naddrs6 = r->ipv6 ? (u_short) -1 : 0; @@ -1263,7 +1290,7 @@ ngx_resolver_send_query(ngx_resolver_t * rec->log.action = "resolving"; } -if (rn->naddrs == (u_short) -1) { +if (rn->query && rn->naddrs == (u_short) -1) { rc = rn->tcp ? ngx_resolver_send_tcp_query(r, rec, rn->query, rn->qlen) : ngx_resolver_send_udp_query(r, rec, rn->query, rn->qlen); @@ -1764,10 +1791,13 @@ ngx_resolver_process_response(ngx_resolv q = ngx_queue_next(q)) { rn = ngx_queue_data(q, ngx_resolver_node_t, queue); -qident = (rn->query[0] << 8) + rn->query[1]; - -if (qident == ident) { -goto dns_error_name; + +if (rn->query) { +qident = (rn->query[0] << 8) + rn->query[1]; + +if (qident == ident) { +goto dns_error_name; +} } #if (NGX_HAVE_INET6) @@ -3644,7 +3674,7 @@ ngx_resolver_create_name_query(ngx_resol len = sizeof(ngx_resolver_hdr_t) + nlen + sizeof(ngx_resolver_qs_t); #if (NGX_HAVE_INET6) -p = ngx_resolver_alloc(r, r->ipv6 ? len * 2 : len); +p = ngx_resolver_alloc(r, len * (r->ipv4 + r->ipv6)); #else p = ngx_resolver_alloc(r, len); #endif @@ -3653,23 +3683,28 @@ ngx_resolver_create_name_query(ngx_resol } rn->qlen = (u_short) len; -rn->query = p; + +if (r->ipv4) { +rn->query = p; +} #if (NGX_HAVE_INET6) if (r->ipv6) { -rn->query6 = p + len; +rn->query6 = r->ipv4 ? (p + len) : p; } #endif query = (ngx_resolver_hdr_t *) p; -ident = ngx_random(); - -ngx_log_debug2(NGX_LOG_DEBUG_CORE, r->log, 0, - "resolve: \"%V\" A %i", name, ident & 0x); - -query->ident_hi = (u_char) ((ident >> 8) & 0xff); -query->ident
[nginx] Moved Huffman coding out of HTTP/2.
details: https://hg.nginx.org/nginx/rev/336084ff943b branches: changeset: 7977:336084ff943b user: Ruslan Ermilov date: Tue Dec 21 07:54:16 2021 +0300 description: Moved Huffman coding out of HTTP/2. ngx_http_v2_huff_decode.c and ngx_http_v2_huff_encode.c are renamed to ngx_http_huff_decode.c and ngx_http_huff_encode.c. diffstat: auto/modules| 7 +- auto/sources| 3 + src/http/modules/ngx_http_grpc_module.c |16 +- src/http/ngx_http.h | 8 + src/http/ngx_http_huff_decode.c | 2714 +++ src/http/ngx_http_huff_encode.c | 254 ++ src/http/v2/ngx_http_v2.c | 8 +- src/http/v2/ngx_http_v2.h | 6 - src/http/v2/ngx_http_v2_encode.c| 2 +- src/http/v2/ngx_http_v2_huff_decode.c | 2714 --- src/http/v2/ngx_http_v2_huff_encode.c | 254 -- 11 files changed, 2997 insertions(+), 2989 deletions(-) diffs (truncated from 6083 to 1000 lines): diff -r 76aea0ad78e5 -r 336084ff943b auto/modules --- a/auto/modules Mon Dec 20 20:02:48 2021 +0200 +++ b/auto/modules Tue Dec 21 07:54:16 2021 +0300 @@ -102,6 +102,11 @@ if [ $HTTP = YES ]; then fi +if [ $HTTP_V2 = YES ]; then +HTTP_SRCS="$HTTP_SRCS $HTTP_HUFF_SRCS" +fi + + # the module order is important # ngx_http_static_module # ngx_http_gzip_static_module @@ -414,8 +419,6 @@ if [ $HTTP = YES ]; then ngx_module_srcs="src/http/v2/ngx_http_v2.c \ src/http/v2/ngx_http_v2_table.c \ src/http/v2/ngx_http_v2_encode.c \ - src/http/v2/ngx_http_v2_huff_decode.c \ - src/http/v2/ngx_http_v2_huff_encode.c \ src/http/v2/ngx_http_v2_module.c" ngx_module_libs= ngx_module_link=$HTTP_V2 diff -r 76aea0ad78e5 -r 336084ff943b auto/sources --- a/auto/sources Mon Dec 20 20:02:48 2021 +0200 +++ b/auto/sources Tue Dec 21 07:54:16 2021 +0300 @@ -255,3 +255,6 @@ NGX_WIN32_RC="src/os/win32/nginx.rc" HTTP_FILE_CACHE_SRCS=src/http/ngx_http_file_cache.c + +HTTP_HUFF_SRCS="src/http/ngx_http_huff_decode.c +src/http/ngx_http_huff_encode.c" diff -r 76aea0ad78e5 -r 336084ff943b src/http/modules/ngx_http_grpc_module.c --- a/src/http/modules/ngx_http_grpc_module.c Mon Dec 20 20:02:48 2021 +0200 +++ b/src/http/modules/ngx_http_grpc_module.c Tue Dec 21 07:54:16 2021 +0300 @@ -3180,10 +3180,10 @@ ngx_http_grpc_parse_fragment(ngx_http_re ctx->field_rest -= size; if (ctx->field_huffman) { -if (ngx_http_v2_huff_decode(>field_state, p, size, ->field_end, -ctx->field_rest == 0, -r->connection->log) +if (ngx_http_huff_decode(>field_state, p, size, + >field_end, + ctx->field_rest == 0, + r->connection->log) != NGX_OK) { ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, @@ -3289,10 +3289,10 @@ ngx_http_grpc_parse_fragment(ngx_http_re ctx->field_rest -= size; if (ctx->field_huffman) { -if (ngx_http_v2_huff_decode(>field_state, p, size, ->field_end, -ctx->field_rest == 0, -r->connection->log) +if (ngx_http_huff_decode(>field_state, p, size, + >field_end, + ctx->field_rest == 0, + r->connection->log) != NGX_OK) { ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, diff -r 76aea0ad78e5 -r 336084ff943b src/http/ngx_http.h --- a/src/http/ngx_http.h Mon Dec 20 20:02:48 2021 +0200 +++ b/src/http/ngx_http.h Tue Dec 21 07:54:16 2021 +0300 @@ -167,6 +167,14 @@ ngx_uint_t ngx_http_degraded(ngx_http_r #endif +#if (NGX_HTTP_V2) +ngx_int_t ngx_http_huff_decode(u_char *state, u_char *src, size_t len, +u_char **dst, ngx_uint_t last, ngx_log_t *log); +size_t ngx_http_huff_encode(u_char *src, size_t len, u_char *dst, +ngx_uint_t lower); +#endif + + extern ngx_module_t ngx_http_module; extern ngx_str_t ngx_http_html_default_types[]; diff -r 76aea0ad78e5 -r 336084ff943b src/http/ngx_http_huff_decode.c --- /dev/null Thu Jan 01 00:00:00 1970 + +++ b/src/http/ngx_http_huff_decode.c
[nginx] Win32: use only preallocated memory in send/recv chain functions.
details: https://hg.nginx.org/nginx/rev/ecf2a9002b37 branches: changeset: 7887:ecf2a9002b37 user: Ruslan Ermilov date: Mon Jul 05 13:26:49 2021 +0300 description: Win32: use only preallocated memory in send/recv chain functions. The ngx_wsasend_chain() and ngx_wsarecv_chain() functions were modified to use only preallocated memory, and the number of preallocated wsabufs was increased to 64. diffstat: src/os/win32/ngx_wsarecv_chain.c | 6 +- src/os/win32/ngx_wsasend_chain.c | 26 +++--- 2 files changed, 20 insertions(+), 12 deletions(-) diffs (101 lines): diff -r 7f5e3595caff -r ecf2a9002b37 src/os/win32/ngx_wsarecv_chain.c --- a/src/os/win32/ngx_wsarecv_chain.c Mon Jul 05 13:09:23 2021 +0300 +++ b/src/os/win32/ngx_wsarecv_chain.c Mon Jul 05 13:26:49 2021 +0300 @@ -10,7 +10,7 @@ #include -#define NGX_WSABUFS 8 +#define NGX_WSABUFS 64 ssize_t @@ -57,6 +57,10 @@ ngx_wsarecv_chain(ngx_connection_t *c, n wsabuf->len += n; } else { +if (vec.nelts == vec.nalloc) { +break; +} + wsabuf = ngx_array_push(); if (wsabuf == NULL) { return NGX_ERROR; diff -r 7f5e3595caff -r ecf2a9002b37 src/os/win32/ngx_wsasend_chain.c --- a/src/os/win32/ngx_wsasend_chain.c Mon Jul 05 13:09:23 2021 +0300 +++ b/src/os/win32/ngx_wsasend_chain.c Mon Jul 05 13:26:49 2021 +0300 @@ -10,7 +10,7 @@ #include -#define NGX_WSABUFS 8 +#define NGX_WSABUFS 64 ngx_chain_t * @@ -47,7 +47,7 @@ ngx_wsasend_chain(ngx_connection_t *c, n vec.elts = wsabufs; vec.size = sizeof(WSABUF); -vec.nalloc = NGX_WSABUFS; +vec.nalloc = ngx_min(NGX_WSABUFS, ngx_max_wsabufs); vec.pool = c->pool; for ( ;; ) { @@ -59,10 +59,8 @@ ngx_wsasend_chain(ngx_connection_t *c, n /* create the WSABUF and coalesce the neighbouring bufs */ -for (cl = in; - cl && vec.nelts < ngx_max_wsabufs && send < limit; - cl = cl->next) -{ +for (cl = in; cl && send < limit; cl = cl->next) { + if (ngx_buf_special(cl->buf)) { continue; } @@ -77,6 +75,10 @@ ngx_wsasend_chain(ngx_connection_t *c, n wsabuf->len += cl->buf->last - cl->buf->pos; } else { +if (vec.nelts == vec.nalloc) { +break; +} + wsabuf = ngx_array_push(); if (wsabuf == NULL) { return NGX_CHAIN_ERROR; @@ -169,7 +171,7 @@ ngx_overlapped_wsasend_chain(ngx_connect vec.elts = wsabufs; vec.nelts = 0; vec.size = sizeof(WSABUF); -vec.nalloc = NGX_WSABUFS; +vec.nalloc = ngx_min(NGX_WSABUFS, ngx_max_wsabufs); vec.pool = c->pool; send = 0; @@ -178,10 +180,8 @@ ngx_overlapped_wsasend_chain(ngx_connect /* create the WSABUF and coalesce the neighbouring bufs */ -for (cl = in; - cl && vec.nelts < ngx_max_wsabufs && send < limit; - cl = cl->next) -{ +for (cl = in; cl && send < limit; cl = cl->next) { + if (ngx_buf_special(cl->buf)) { continue; } @@ -196,6 +196,10 @@ ngx_overlapped_wsasend_chain(ngx_connect wsabuf->len += cl->buf->last - cl->buf->pos; } else { +if (vec.nelts == vec.nalloc) { +break; +} + wsabuf = ngx_array_push(); if (wsabuf == NULL) { return NGX_CHAIN_ERROR; ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Use only preallocated memory in ngx_readv_chain() (ticket #1408).
details: https://hg.nginx.org/nginx/rev/7f5e3595caff branches: changeset: 7886:7f5e3595caff user: Ruslan Ermilov date: Mon Jul 05 13:09:23 2021 +0300 description: Use only preallocated memory in ngx_readv_chain() (ticket #1408). In d1bde5c3c5d2, the number of preallocated iovec's for ngx_readv_chain() was increased. Still, in some setups, the function might allocate memory for iovec's from a connection pool, which is only freed when closing the connection. The ngx_readv_chain() function was modified to use only preallocated memory, similarly to the ngx_writev_chain() change in 8e903522c17a. diffstat: src/os/unix/ngx_readv_chain.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diffs (12 lines): diff -r e0fdd75871e4 -r 7f5e3595caff src/os/unix/ngx_readv_chain.c --- a/src/os/unix/ngx_readv_chain.c Mon Jun 28 18:01:24 2021 +0300 +++ b/src/os/unix/ngx_readv_chain.c Mon Jul 05 13:09:23 2021 +0300 @@ -96,7 +96,7 @@ ngx_readv_chain(ngx_connection_t *c, ngx iov->iov_len += n; } else { -if (vec.nelts >= IOV_MAX) { +if (vec.nelts == vec.nalloc) { break; } ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Location header escaping in redirects (ticket #882).
details: https://hg.nginx.org/nginx/rev/1bde031b59ff branches: changeset: 7848:1bde031b59ff user: Ruslan Ermilov date: Mon May 24 21:55:20 2021 +0300 description: Location header escaping in redirects (ticket #882). The header is escaped in redirects based on request URI or location name (auto redirect). diffstat: src/http/modules/ngx_http_dav_module.c| 25 - src/http/modules/ngx_http_static_module.c | 17 +++-- src/http/ngx_http.c | 37 +++ src/http/ngx_http_core_module.c | 7 +++-- src/http/ngx_http_core_module.h | 1 + 5 files changed, 80 insertions(+), 7 deletions(-) diffs (187 lines): diff -r 1336a33cff33 -r 1bde031b59ff src/http/modules/ngx_http_dav_module.c --- a/src/http/modules/ngx_http_dav_module.cMon May 24 18:23:42 2021 +0300 +++ b/src/http/modules/ngx_http_dav_module.cMon May 24 21:55:20 2021 +0300 @@ -1072,6 +1072,10 @@ ngx_http_dav_error(ngx_log_t *log, ngx_e static ngx_int_t ngx_http_dav_location(ngx_http_request_t *r) { +u_char *p; +size_t len; +uintptr_t escape; + r->headers_out.location = ngx_list_push(>headers_out.headers); if (r->headers_out.location == NULL) { return NGX_ERROR; @@ -1079,7 +1083,26 @@ ngx_http_dav_location(ngx_http_request_t r->headers_out.location->hash = 1; ngx_str_set(>headers_out.location->key, "Location"); -r->headers_out.location->value = r->uri; + +escape = 2 * ngx_escape_uri(NULL, r->uri.data, r->uri.len, NGX_ESCAPE_URI); + +if (escape) { +len = r->uri.len + escape; + +p = ngx_pnalloc(r->pool, len); +if (p == NULL) { +ngx_http_clear_location(r); +return NGX_ERROR; +} + +r->headers_out.location->value.len = len; +r->headers_out.location->value.data = p; + +ngx_escape_uri(p, r->uri.data, r->uri.len, NGX_ESCAPE_URI); + +} else { +r->headers_out.location->value = r->uri; +} return NGX_OK; } diff -r 1336a33cff33 -r 1bde031b59ff src/http/modules/ngx_http_static_module.c --- a/src/http/modules/ngx_http_static_module.c Mon May 24 18:23:42 2021 +0300 +++ b/src/http/modules/ngx_http_static_module.c Mon May 24 21:55:20 2021 +0300 @@ -50,6 +50,7 @@ ngx_http_static_handler(ngx_http_request { u_char*last, *location; size_t root, len; +uintptr_t escape; ngx_str_t path; ngx_int_t rc; ngx_uint_t level; @@ -155,14 +156,18 @@ ngx_http_static_handler(ngx_http_request return NGX_HTTP_INTERNAL_SERVER_ERROR; } -len = r->uri.len + 1; +escape = 2 * ngx_escape_uri(NULL, r->uri.data, r->uri.len, +NGX_ESCAPE_URI); -if (!clcf->alias && r->args.len == 0) { +if (!clcf->alias && r->args.len == 0 && escape == 0) { +len = r->uri.len + 1; location = path.data + root; *last = '/'; } else { +len = r->uri.len + escape + 1; + if (r->args.len) { len += r->args.len + 1; } @@ -173,7 +178,13 @@ ngx_http_static_handler(ngx_http_request return NGX_HTTP_INTERNAL_SERVER_ERROR; } -last = ngx_copy(location, r->uri.data, r->uri.len); +if (escape) { +last = (u_char *) ngx_escape_uri(location, r->uri.data, + r->uri.len, NGX_ESCAPE_URI); + +} else { +last = ngx_copy(location, r->uri.data, r->uri.len); +} *last = '/'; diff -r 1336a33cff33 -r 1bde031b59ff src/http/ngx_http.c --- a/src/http/ngx_http.c Mon May 24 18:23:42 2021 +0300 +++ b/src/http/ngx_http.c Mon May 24 21:55:20 2021 +0300 @@ -37,6 +37,8 @@ static ngx_int_t ngx_http_init_locations ngx_http_core_srv_conf_t *cscf, ngx_http_core_loc_conf_t *pclcf); static ngx_int_t ngx_http_init_static_location_trees(ngx_conf_t *cf, ngx_http_core_loc_conf_t *pclcf); +static ngx_int_t ngx_http_escape_location_name(ngx_conf_t *cf, +ngx_http_core_loc_conf_t *clcf); static ngx_int_t ngx_http_cmp_locations(const ngx_queue_t *one, const ngx_queue_t *two); static ngx_int_t ngx_http_join_exact_locations(ngx_conf_t *cf, @@ -882,6 +884,41 @@ ngx_http_add_location(ngx_conf_t *cf, ng ngx_queue_insert_tail(*locations, >queue); +if (ngx_http_escape_location_name(cf, clcf) != NGX_OK) { +return NGX_ERROR; +} + +return NGX_OK; +} + + +static ngx_int_t +ngx_http_escape_location_name(ngx_conf_t *cf, ngx_http_core_loc
[nginx] Core: fixed comment about msie_refresh escaping.
details: https://hg.nginx.org/nginx/rev/5772da03faf8 branches: changeset: 7845:5772da03faf8 user: Ruslan Ermilov date: Wed May 19 16:24:13 2021 +0300 description: Core: fixed comment about msie_refresh escaping. After 12a656452ad1, the "%" character is no longer escaped by ngx_escape_uri(NGX_ESCAPE_REFRESH). diffstat: src/core/ngx_string.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diffs (12 lines): diff -r ec1071830799 -r 5772da03faf8 src/core/ngx_string.c --- a/src/core/ngx_string.c Wed May 19 03:13:31 2021 +0300 +++ b/src/core/ngx_string.c Wed May 19 16:24:13 2021 +0300 @@ -1573,7 +1573,7 @@ ngx_escape_uri(u_char *dst, u_char *src, 0x /* */ }; -/* " ", """, "%", "'", %00-%1F, %7F-%FF */ +/* " ", """, "'", %00-%1F, %7F-%FF */ static uint32_t refresh[] = { 0x, /* */ ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH] Stream: added config option for TCP_FASTOPEN
Hi, Thanks for the patch. A few comments and an updated patch below. On Wed, Apr 14, 2021 at 09:41:42PM -0700, Anbang Wen wrote: > # HG changeset patch > # User Anbang Wen > # Date 1618433103 25200 > # Wed Apr 14 13:45:03 2021 -0700 > # Node ID 495a4d1d58835f7a05b24fb1aad84027f43f90c9 > # Parent b56c45e3bd5029f98e1e847eebad75430e2cca27 > Stream: added config option for TCP_FASTOPEN > > This commit adds a "fastopen" option to stream module. The option > behaves exactly the same as the one in HTTP core module. > > diff -r b56c45e3bd50 -r 495a4d1d5883 src/stream/ngx_stream_core_module.c [...] > @@ -836,6 +840,19 @@ > continue; > } > > +#if (NGX_HAVE_TCP_FASTOPEN) > +if (ngx_strncmp(value[i].data, "fastopen=", 9) == 0) { > +ls->fastopen = ngx_atoi(value[i].data + 9, value[i].len - 9); Here, ls->bind should also be set. > +if (ls->fastopen == NGX_ERROR) { > +ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, > + "invalid fastopen \"%V\"", [i]); > +return NGX_CONF_ERROR; > +} > + > +continue; > +} > @@ -859,6 +876,10 @@ > if (ls->proxy_protocol) { > return "\"proxy_protocol\" parameter is incompatible with > \"udp\""; > } > + > + if (ls->fastopen >= 0) { Here I changed the comparison to -1 to match the initial value. I also relocated code inserts to match the http code better. # HG changeset patch # User Ruslan Ermilov # Date 1620909454 -10800 # Thu May 13 15:37:34 2021 +0300 # Node ID edb473720b4dcdb57acae615c21b1f9075d0c63f # Parent 9bb2b3dc5efe4099ce1f86da1ae3e846054836b1 Stream: the "fastopen" parameter of the "listen" directive. Based on a patch by Anbang Wen. diff --git a/src/stream/ngx_stream.c b/src/stream/ngx_stream.c --- a/src/stream/ngx_stream.c +++ b/src/stream/ngx_stream.c @@ -510,6 +510,10 @@ ngx_stream_optimize_servers(ngx_conf_t * ls->ipv6only = addr[i].opt.ipv6only; #endif +#if (NGX_HAVE_TCP_FASTOPEN) +ls->fastopen = addr[i].opt.fastopen; +#endif + #if (NGX_HAVE_REUSEPORT) ls->reuseport = addr[i].opt.reuseport; #endif diff --git a/src/stream/ngx_stream.h b/src/stream/ngx_stream.h --- a/src/stream/ngx_stream.h +++ b/src/stream/ngx_stream.h @@ -65,6 +65,9 @@ typedef struct { intbacklog; intrcvbuf; intsndbuf; +#if (NGX_HAVE_TCP_FASTOPEN) +intfastopen; +#endif inttype; } ngx_stream_listen_t; diff --git a/src/stream/ngx_stream_core_module.c b/src/stream/ngx_stream_core_module.c --- a/src/stream/ngx_stream_core_module.c +++ b/src/stream/ngx_stream_core_module.c @@ -615,6 +615,10 @@ ngx_stream_core_listen(ngx_conf_t *cf, n ls->type = SOCK_STREAM; ls->ctx = cf->ctx; +#if (NGX_HAVE_TCP_FASTOPEN) +ls->fastopen = -1; +#endif + #if (NGX_HAVE_INET6) ls->ipv6only = 1; #endif @@ -635,6 +639,21 @@ ngx_stream_core_listen(ngx_conf_t *cf, n continue; } +#if (NGX_HAVE_TCP_FASTOPEN) +if (ngx_strncmp(value[i].data, "fastopen=", 9) == 0) { +ls->fastopen = ngx_atoi(value[i].data + 9, value[i].len - 9); +ls->bind = 1; + +if (ls->fastopen == NGX_ERROR) { +ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "invalid fastopen \"%V\"", [i]); +return NGX_CONF_ERROR; +} + +continue; +} +#endif + if (ngx_strncmp(value[i].data, "backlog=", 8) == 0) { ls->backlog = ngx_atoi(value[i].data + 8, value[i].len - 8); ls->bind = 1; @@ -859,6 +878,12 @@ ngx_stream_core_listen(ngx_conf_t *cf, n if (ls->proxy_protocol) { return "\"proxy_protocol\" parameter is incompatible with \"udp\""; } + +#if (NGX_HAVE_TCP_FASTOPEN) +if (ls->fastopen != -1) { +return "\"fastopen\" parameter is incompatible with \"udp\""; +} +#endif } als = cmcf->listen.elts; ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: PATCH: Initialize 'ch' with 'ngx_memzero' to prevent the use of uninitialized bytes.
On Thu, Apr 15, 2021 at 08:59:16AM +, 囧 尼 wrote: > # HG changeset patch > # User Johnny Wang > # Date 1618472983 -28800 > # Thu Apr 15 15:49:43 2021 +0800 > # Node ID a5903fe55622e839906e9544c1a08a66c1e0cf91 > # Parent b56c45e3bd5029f98e1e847eebad75430e2cca27 > Initialize 'ch' with 'ngx_memzero' to prevent the use of uninitialized bytes. > > I found the following error when running nginx with valgrind: > > ==31539== Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised > byte(s) > ==31539== at 0x5047C50: __sendmsg_nocancel (in /lib64/libpthread-2.17.so) > ==31539== by 0x44A6F8: ngx_write_channel (ngx_channel.c:79) > ==31539== by 0x44C19A: ngx_pass_open_channel (ngx_process_cycle.c:481) > ==31539== by 0x44C21A: ngx_start_worker_processes (ngx_process_cycle.c:385) > ==31539== by 0x44E0BA: ngx_master_process_cycle (ngx_process_cycle.c:241) > ==31539== by 0x424719: main (nginx.c:386) > ==31539== Address 0x1ffefffabc is on thread 1's stack > ==31539== in frame #2, created by ngx_pass_open_channel > (ngx_process_cycle.c:455) > ==31539== > { > > Memcheck:Param > sendmsg(msg.msg_iov[0]) > fun:__sendmsg_nocancel > fun:ngx_write_channel > fun:ngx_pass_open_channel > fun:ngx_start_worker_processes > fun:ngx_master_process_cycle > fun:main > } > > diff -r b56c45e3bd50 -r a5903fe55622 src/os/unix/ngx_process_cycle.c > --- a/src/os/unix/ngx_process_cycle.c Tue Apr 13 18:13:59 2021 +0300 > +++ b/src/os/unix/ngx_process_cycle.c Thu Apr 15 15:49:43 2021 +0800 > @@ -398,6 +398,8 @@ > ngx_int_t i; > ngx_channel_t ch; > +ngx_memzero(, sizeof(ngx_channel_t)); > + > ch.command = NGX_CMD_OPEN_CHANNEL; > ch.pid = ngx_processes[ngx_process_slot].pid; > ch.slot = ngx_process_slot; > http://hg.nginx.org/nginx/rev/f2ff291bbdac ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Restored zeroing of ngx_channel_t in ngx_pass_open_channel().
details: https://hg.nginx.org/nginx/rev/f2ff291bbdac branches: changeset: 7830:f2ff291bbdac user: Ruslan Ermilov date: Thu Apr 22 16:12:52 2021 +0300 description: Restored zeroing of ngx_channel_t in ngx_pass_open_channel(). Due to structure's alignment, some uninitialized memory contents may have been passed between processes. Zeroing was removed in 0215ec9aaa8a. Reported by Johnny Wang. diffstat: src/os/unix/ngx_process_cycle.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diffs (12 lines): diff -r 2851e4c7de03 -r f2ff291bbdac src/os/unix/ngx_process_cycle.c --- a/src/os/unix/ngx_process_cycle.c Wed Apr 21 23:24:59 2021 +0300 +++ b/src/os/unix/ngx_process_cycle.c Thu Apr 22 16:12:52 2021 +0300 @@ -398,6 +398,8 @@ ngx_pass_open_channel(ngx_cycle_t *cycle ngx_int_t i; ngx_channel_t ch; +ngx_memzero(, sizeof(ngx_channel_t)); + ch.command = NGX_CMD_OPEN_CHANNEL; ch.pid = ngx_processes[ngx_process_slot].pid; ch.slot = ngx_process_slot; ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Removed "ch" argument from ngx_pass_open_channel().
details: https://hg.nginx.org/nginx/rev/0215ec9aaa8a branches: changeset: 7802:0215ec9aaa8a user: Ruslan Ermilov date: Thu Mar 11 09:58:45 2021 +0300 description: Removed "ch" argument from ngx_pass_open_channel(). diffstat: src/os/unix/ngx_process_cycle.c | 59 +--- 1 files changed, 19 insertions(+), 40 deletions(-) diffs (130 lines): diff -r 777373b5a169 -r 0215ec9aaa8a src/os/unix/ngx_process_cycle.c --- a/src/os/unix/ngx_process_cycle.c Thu Mar 11 04:46:26 2021 +0300 +++ b/src/os/unix/ngx_process_cycle.c Thu Mar 11 09:58:45 2021 +0300 @@ -15,7 +15,7 @@ static void ngx_start_worker_processes(n ngx_int_t type); static void ngx_start_cache_manager_processes(ngx_cycle_t *cycle, ngx_uint_t respawn); -static void ngx_pass_open_channel(ngx_cycle_t *cycle, ngx_channel_t *ch); +static void ngx_pass_open_channel(ngx_cycle_t *cycle); static void ngx_signal_worker_processes(ngx_cycle_t *cycle, int signo); static ngx_uint_t ngx_reap_children(ngx_cycle_t *cycle); static void ngx_master_process_exit(ngx_cycle_t *cycle); @@ -335,25 +335,16 @@ ngx_single_process_cycle(ngx_cycle_t *cy static void ngx_start_worker_processes(ngx_cycle_t *cycle, ngx_int_t n, ngx_int_t type) { -ngx_int_t i; -ngx_channel_t ch; +ngx_int_t i; ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "start worker processes"); -ngx_memzero(, sizeof(ngx_channel_t)); - -ch.command = NGX_CMD_OPEN_CHANNEL; - for (i = 0; i < n; i++) { ngx_spawn_process(cycle, ngx_worker_process_cycle, (void *) (intptr_t) i, "worker process", type); -ch.pid = ngx_processes[ngx_process_slot].pid; -ch.slot = ngx_process_slot; -ch.fd = ngx_processes[ngx_process_slot].channel[0]; - -ngx_pass_open_channel(cycle, ); +ngx_pass_open_channel(cycle); } } @@ -361,9 +352,8 @@ ngx_start_worker_processes(ngx_cycle_t * static void ngx_start_cache_manager_processes(ngx_cycle_t *cycle, ngx_uint_t respawn) { -ngx_uint_t i, manager, loader; -ngx_path_t **path; -ngx_channel_tch; +ngx_uint_ti, manager, loader; +ngx_path_t **path; manager = 0; loader = 0; @@ -388,14 +378,7 @@ ngx_start_cache_manager_processes(ngx_cy _cache_manager_ctx, "cache manager process", respawn ? NGX_PROCESS_JUST_RESPAWN : NGX_PROCESS_RESPAWN); -ngx_memzero(, sizeof(ngx_channel_t)); - -ch.command = NGX_CMD_OPEN_CHANNEL; -ch.pid = ngx_processes[ngx_process_slot].pid; -ch.slot = ngx_process_slot; -ch.fd = ngx_processes[ngx_process_slot].channel[0]; - -ngx_pass_open_channel(cycle, ); +ngx_pass_open_channel(cycle); if (loader == 0) { return; @@ -405,20 +388,21 @@ ngx_start_cache_manager_processes(ngx_cy _cache_loader_ctx, "cache loader process", respawn ? NGX_PROCESS_JUST_SPAWN : NGX_PROCESS_NORESPAWN); +ngx_pass_open_channel(cycle); +} + + +static void +ngx_pass_open_channel(ngx_cycle_t *cycle) +{ +ngx_int_t i; +ngx_channel_t ch; + ch.command = NGX_CMD_OPEN_CHANNEL; ch.pid = ngx_processes[ngx_process_slot].pid; ch.slot = ngx_process_slot; ch.fd = ngx_processes[ngx_process_slot].channel[0]; -ngx_pass_open_channel(cycle, ); -} - - -static void -ngx_pass_open_channel(ngx_cycle_t *cycle, ngx_channel_t *ch) -{ -ngx_int_t i; - for (i = 0; i < ngx_last_process; i++) { if (i == ngx_process_slot @@ -430,14 +414,14 @@ ngx_pass_open_channel(ngx_cycle_t *cycle ngx_log_debug6(NGX_LOG_DEBUG_CORE, cycle->log, 0, "pass channel s:%i pid:%P fd:%d to s:%i pid:%P fd:%d", - ch->slot, ch->pid, ch->fd, + ch.slot, ch.pid, ch.fd, i, ngx_processes[i].pid, ngx_processes[i].channel[0]); /* TODO: NGX_AGAIN */ ngx_write_channel(ngx_processes[i].channel[0], - ch, sizeof(ngx_channel_t), cycle->log); + , sizeof(ngx_channel_t), cycle->log); } } @@ -621,12 +605,7 @@ ngx_reap_children(ngx_cycle_t *cycle) } -ch.command = NGX_CMD_OPEN_CHANNEL; -ch.pid = ngx_processes[ngx_process_slot].pid; -ch.slot = ngx_process_slot; -ch.fd = ngx_processes[ngx_process_slot].channel[0]; - -ngx_pass_open_channel(cycle, ); +ngx_pass_open_channel(cycle); live = 1; ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Proxy: variables support in "proxy_cookie_flags" flags.
details: https://hg.nginx.org/nginx/rev/529b73f75d19 branches: changeset: 7786:529b73f75d19 user: Ruslan Ermilov date: Tue Mar 02 00:58:24 2021 +0300 description: Proxy: variables support in "proxy_cookie_flags" flags. diffstat: src/http/modules/ngx_http_proxy_module.c | 93 ++- 1 files changed, 65 insertions(+), 28 deletions(-) diffs (139 lines): diff -r c43a2e8fdf7e -r 529b73f75d19 src/http/modules/ngx_http_proxy_module.c --- a/src/http/modules/ngx_http_proxy_module.c Mon Mar 01 20:00:45 2021 +0300 +++ b/src/http/modules/ngx_http_proxy_module.c Tue Mar 02 00:58:24 2021 +0300 @@ -56,7 +56,7 @@ typedef struct { #endif } cookie; -ngx_uint_t flags; +ngx_array_tflags_values; ngx_uint_t regex; } ngx_http_proxy_cookie_flags_t; @@ -2916,12 +2916,14 @@ static ngx_int_t ngx_http_proxy_rewrite_cookie_flags(ngx_http_request_t *r, ngx_array_t *attrs, ngx_array_t *flags) { -ngx_str_t pattern; +ngx_str_t pattern, value; #if (NGX_PCRE) ngx_int_t rc; #endif -ngx_uint_t i; +ngx_uint_t i, m, f, nelts; ngx_keyval_t *attr; +ngx_conf_bitmask_t *mask; +ngx_http_complex_value_t *flags_values; ngx_http_proxy_cookie_flags_t *pcf; attr = attrs->elts; @@ -2965,7 +2967,47 @@ ngx_http_proxy_rewrite_cookie_flags(ngx_ return NGX_DECLINED; } -return ngx_http_proxy_edit_cookie_flags(r, attrs, pcf[i].flags); +nelts = pcf[i].flags_values.nelts; +flags_values = pcf[i].flags_values.elts; + +mask = ngx_http_proxy_cookie_flags_masks; +f = 0; + +for (i = 0; i < nelts; i++) { + +if (ngx_http_complex_value(r, _values[i], ) != NGX_OK) { +return NGX_ERROR; +} + +if (value.len == 0) { +continue; +} + +for (m = 0; mask[m].name.len != 0; m++) { + +if (mask[m].name.len != value.len +|| ngx_strncasecmp(mask[m].name.data, value.data, value.len) + != 0) +{ +continue; +} + +f |= mask[m].mask; + +break; +} + +if (mask[m].name.len == 0) { +ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "invalid proxy_cookie_flags flag \"%V\"", ); +} +} + +if (f == 0) { +return NGX_DECLINED; +} + +return ngx_http_proxy_edit_cookie_flags(r, attrs, f); } @@ -4514,8 +4556,8 @@ ngx_http_proxy_cookie_flags(ngx_conf_t * ngx_http_proxy_loc_conf_t *plcf = conf; ngx_str_t *value; -ngx_uint_t i, m; -ngx_conf_bitmask_t*mask; +ngx_uint_t i; +ngx_http_complex_value_t *cv; ngx_http_proxy_cookie_flags_t *pcf; ngx_http_compile_complex_value_t ccv; #if (NGX_PCRE) @@ -4599,32 +4641,27 @@ ngx_http_proxy_cookie_flags(ngx_conf_t * } } -mask = ngx_http_proxy_cookie_flags_masks; -pcf->flags = 0; +if (ngx_array_init(>flags_values, cf->pool, cf->args->nelts - 2, + sizeof(ngx_http_complex_value_t)) +!= NGX_OK) +{ +return NGX_CONF_ERROR; +} for (i = 2; i < cf->args->nelts; i++) { -for (m = 0; mask[m].name.len != 0; m++) { - -if (mask[m].name.len != value[i].len -|| ngx_strcasecmp(mask[m].name.data, value[i].data) != 0) -{ -continue; -} - -if (pcf->flags & mask[m].mask) { -ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, - "duplicate parameter \"%V\"", [i]); -return NGX_CONF_ERROR; -} - -pcf->flags |= mask[m].mask; - -break; + +cv = ngx_array_push(>flags_values); +if (cv == NULL) { +return NGX_CONF_ERROR; } -if (mask[m].name.len == 0) { -ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, - "invalid parameter \"%V\"", [i]); +ngx_memzero(, sizeof(ngx_http_compile_complex_value_t)); + +ccv.cf = cf; +ccv.value = [i]; +ccv.complex_value = cv; + +if (ngx_http_compile_complex_value() != NGX_OK) { return NGX_CONF_ERROR; } } ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Configure: marked top-level make targets as phony.
details: https://hg.nginx.org/nginx/rev/549b13cd793b branches: changeset: 7778:549b13cd793b user: Ruslan Ermilov date: Sat Feb 20 12:44:26 2021 +0300 description: Configure: marked top-level make targets as phony. Reported by Thibault Nélis. diffstat: auto/init| 2 ++ auto/install | 2 ++ 2 files changed, 4 insertions(+), 0 deletions(-) diffs (20 lines): diff -r 5ef14498edf7 -r 549b13cd793b auto/init --- a/auto/init Sat Feb 20 12:44:07 2021 +0300 +++ b/auto/init Sat Feb 20 12:44:26 2021 +0300 @@ -48,4 +48,6 @@ default: build clean: rm -rf Makefile $NGX_OBJS + +.PHONY:default clean END diff -r 5ef14498edf7 -r 549b13cd793b auto/install --- a/auto/install Sat Feb 20 12:44:07 2021 +0300 +++ b/auto/install Sat Feb 20 12:44:26 2021 +0300 @@ -215,4 +215,6 @@ upgrade: test -f $NGX_PID_PATH.oldbin kill -QUIT \`cat $NGX_PID_PATH.oldbin\` + +.PHONY:build install modules upgrade END ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Version bump.
details: https://hg.nginx.org/nginx/rev/5ef14498edf7 branches: changeset: :5ef14498edf7 user: Ruslan Ermilov date: Sat Feb 20 12:44:07 2021 +0300 description: Version bump. diffstat: src/core/nginx.h | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diffs (14 lines): diff -r f77ad78046dc -r 5ef14498edf7 src/core/nginx.h --- a/src/core/nginx.h Tue Feb 16 18:57:18 2021 +0300 +++ b/src/core/nginx.h Sat Feb 20 12:44:07 2021 +0300 @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1019007 -#define NGINX_VERSION "1.19.7" +#define nginx_version 1019008 +#define NGINX_VERSION "1.19.8" #define NGINX_VER "nginx/" NGINX_VERSION #ifdef NGX_BUILD ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] HTTP/2: lingering close changed to handle NGX_AGAIN.
details: https://hg.nginx.org/nginx/rev/519b55453c45 branches: changeset: 7765:519b55453c45 user: Ruslan Ermilov date: Mon Feb 01 16:42:50 2021 +0300 description: HTTP/2: lingering close changed to handle NGX_AGAIN. This part somehow slipped away from c5840ca2063d. While it is not expected to be needed in case of lingering close, it is good to keep it for correctness (see 2b5528023f6b). diffstat: src/http/v2/ngx_http_v2.c | 4 1 files changed, 4 insertions(+), 0 deletions(-) diffs (14 lines): diff -r ecc0ae881a25 -r 519b55453c45 src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c Tue Jan 26 12:39:28 2021 +0300 +++ b/src/http/v2/ngx_http_v2.c Mon Feb 01 16:42:50 2021 +0300 @@ -807,6 +807,10 @@ ngx_http_v2_lingering_close_handler(ngx_ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, "lingering read: %z", n); +if (n == NGX_AGAIN) { +break; +} + if (n == NGX_ERROR || n == 0) { ngx_http_close_connection(c); return; ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] SSL: fixed SSL shutdown on lingering close.
details: https://hg.nginx.org/nginx/rev/7efae6b4cfb0 branches: changeset: 7751:7efae6b4cfb0 user: Ruslan Ermilov date: Tue Dec 08 01:43:36 2020 +0300 description: SSL: fixed SSL shutdown on lingering close. Ensure c->recv is properly reset to ngx_recv if SSL_shutdown() blocks on writing. The bug had appeared in 554c6ae25ffc. diffstat: src/event/ngx_event_openssl.c | 4 src/http/ngx_http_request.c | 2 -- src/http/v2/ngx_http_v2.c | 2 -- 3 files changed, 4 insertions(+), 4 deletions(-) diffs (59 lines): diff -r 90cc7194e993 -r 7efae6b4cfb0 src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c Fri Nov 27 00:01:20 2020 +0300 +++ b/src/event/ngx_event_openssl.c Tue Dec 08 01:43:36 2020 +0300 @@ -2880,6 +2880,7 @@ ngx_ssl_shutdown(ngx_connection_t *c) SSL_free(c->ssl->connection); c->ssl = NULL; +c->recv = ngx_recv; return NGX_OK; } @@ -2925,6 +2926,7 @@ ngx_ssl_shutdown(ngx_connection_t *c) if (n == 1) { SSL_free(c->ssl->connection); c->ssl = NULL; +c->recv = ngx_recv; return NGX_OK; } @@ -2967,6 +2969,7 @@ ngx_ssl_shutdown(ngx_connection_t *c) if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) { SSL_free(c->ssl->connection); c->ssl = NULL; +c->recv = ngx_recv; return NGX_OK; } @@ -2977,6 +2980,7 @@ ngx_ssl_shutdown(ngx_connection_t *c) SSL_free(c->ssl->connection); c->ssl = NULL; +c->recv = ngx_recv; return NGX_ERROR; } diff -r 90cc7194e993 -r 7efae6b4cfb0 src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c Fri Nov 27 00:01:20 2020 +0300 +++ b/src/http/ngx_http_request.c Tue Dec 08 01:43:36 2020 +0300 @@ -3397,8 +3397,6 @@ ngx_http_set_lingering_close(ngx_connect c->ssl->handler = ngx_http_set_lingering_close; return; } - -c->recv = ngx_recv; } #endif diff -r 90cc7194e993 -r 7efae6b4cfb0 src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c Fri Nov 27 00:01:20 2020 +0300 +++ b/src/http/v2/ngx_http_v2.c Tue Dec 08 01:43:36 2020 +0300 @@ -739,8 +739,6 @@ ngx_http_v2_lingering_close(ngx_connecti c->ssl->handler = ngx_http_v2_lingering_close; return; } - -c->recv = ngx_recv; } #endif ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Upstream: excluded down servers from the next_upstream tries.
details: https://hg.nginx.org/nginx/rev/90cc7194e993 branches: changeset: 7750:90cc7194e993 user: Ruslan Ermilov date: Fri Nov 27 00:01:20 2020 +0300 description: Upstream: excluded down servers from the next_upstream tries. Previously, the number of next_upstream tries included servers marked as "down", resulting in "no live upstreams" with the code 502 instead of the code derived from an attempt to connect to the last tried "up" server (ticket #2096). diffstat: src/http/ngx_http_upstream_round_robin.c | 20 +--- src/http/ngx_http_upstream_round_robin.h | 1 + src/stream/ngx_stream_upstream_round_robin.c | 20 +--- src/stream/ngx_stream_upstream_round_robin.h | 1 + 4 files changed, 36 insertions(+), 6 deletions(-) diffs (208 lines): diff -r ac09a57ec50d -r 90cc7194e993 src/http/ngx_http_upstream_round_robin.c --- a/src/http/ngx_http_upstream_round_robin.c Thu Nov 26 23:46:59 2020 +0300 +++ b/src/http/ngx_http_upstream_round_robin.c Fri Nov 27 00:01:20 2020 +0300 @@ -10,8 +10,8 @@ #include -#define ngx_http_upstream_tries(p) ((p)->number \ -+ ((p)->next ? (p)->next->number : 0)) +#define ngx_http_upstream_tries(p) ((p)->tries\ ++ ((p)->next ? (p)->next->tries : 0)) static ngx_http_upstream_rr_peer_t *ngx_http_upstream_get_peer( @@ -32,7 +32,7 @@ ngx_http_upstream_init_round_robin(ngx_c ngx_http_upstream_srv_conf_t *us) { ngx_url_t u; -ngx_uint_t i, j, n, w; +ngx_uint_t i, j, n, w, t; ngx_http_upstream_server_t*server; ngx_http_upstream_rr_peer_t *peer, **peerp; ngx_http_upstream_rr_peers_t *peers, *backup; @@ -44,6 +44,7 @@ ngx_http_upstream_init_round_robin(ngx_c n = 0; w = 0; +t = 0; for (i = 0; i < us->servers->nelts; i++) { if (server[i].backup) { @@ -52,6 +53,10 @@ ngx_http_upstream_init_round_robin(ngx_c n += server[i].naddrs; w += server[i].naddrs * server[i].weight; + +if (!server[i].down) { +t += server[i].naddrs; +} } if (n == 0) { @@ -75,6 +80,7 @@ ngx_http_upstream_init_round_robin(ngx_c peers->number = n; peers->weighted = (w != n); peers->total_weight = w; +peers->tries = t; peers->name = >host; n = 0; @@ -110,6 +116,7 @@ ngx_http_upstream_init_round_robin(ngx_c n = 0; w = 0; +t = 0; for (i = 0; i < us->servers->nelts; i++) { if (!server[i].backup) { @@ -118,6 +125,10 @@ ngx_http_upstream_init_round_robin(ngx_c n += server[i].naddrs; w += server[i].naddrs * server[i].weight; + +if (!server[i].down) { +t += server[i].naddrs; +} } if (n == 0) { @@ -139,6 +150,7 @@ ngx_http_upstream_init_round_robin(ngx_c backup->number = n; backup->weighted = (w != n); backup->total_weight = w; +backup->tries = t; backup->name = >host; n = 0; @@ -214,6 +226,7 @@ ngx_http_upstream_init_round_robin(ngx_c peers->number = n; peers->weighted = 0; peers->total_weight = n; +peers->tries = n; peers->name = >host; peerp = >peer; @@ -332,6 +345,7 @@ ngx_http_upstream_create_round_robin_pee peers->single = (ur->naddrs == 1); peers->number = ur->naddrs; +peers->tries = ur->naddrs; peers->name = >host; if (ur->sockaddr) { diff -r ac09a57ec50d -r 90cc7194e993 src/http/ngx_http_upstream_round_robin.h --- a/src/http/ngx_http_upstream_round_robin.h Thu Nov 26 23:46:59 2020 +0300 +++ b/src/http/ngx_http_upstream_round_robin.h Fri Nov 27 00:01:20 2020 +0300 @@ -68,6 +68,7 @@ struct ngx_http_upstream_rr_peers_s { #endif ngx_uint_t total_weight; +ngx_uint_t tries; unsignedsingle:1; unsignedweighted:1; diff -r ac09a57ec50d -r 90cc7194e993 src/stream/ngx_stream_upstream_round_robin.c --- a/src/stream/ngx_stream_upstream_round_robin.c Thu Nov 26 23:46:59 2020 +0300 +++ b/src/stream/ngx_stream_upstream_round_robin.c Fri Nov 27 00:01:20 2020 +0300 @@ -10,8 +10,8 @@ #include -#define ngx_stream_upstream_tries(p) ((p)->number \ - + ((p)->next ? (p)->next->number : 0)) +#define ngx_stream_upstream_tries(p) ((p)->tries \ + + ((p)->next ? (p)->next->
[nginx] Version bump.
details: https://hg.nginx.org/nginx/rev/ac09a57ec50d branches: changeset: 7749:ac09a57ec50d user: Ruslan Ermilov date: Thu Nov 26 23:46:59 2020 +0300 description: Version bump. diffstat: src/core/nginx.h | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diffs (14 lines): diff -r 66a441bf669b -r ac09a57ec50d src/core/nginx.h --- a/src/core/nginx.h Tue Nov 24 18:06:34 2020 +0300 +++ b/src/core/nginx.h Thu Nov 26 23:46:59 2020 +0300 @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1019005 -#define NGINX_VERSION "1.19.5" +#define nginx_version 1019006 +#define NGINX_VERSION "1.19.6" #define NGINX_VER "nginx/" NGINX_VERSION #ifdef NGX_BUILD ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Removed dead code from ngx_http_set_keepalive().
details: https://hg.nginx.org/nginx/rev/ed17a2a95c8d branches: changeset: 7737:ed17a2a95c8d user: Ruslan Ermilov date: Fri Nov 06 23:44:47 2020 +0300 description: Removed dead code from ngx_http_set_keepalive(). The code removed became dead after 98f03cd8d6cc (0.8.14), circa when the request reference counting was introduced. diffstat: src/http/ngx_http_request.c | 7 --- 1 files changed, 0 insertions(+), 7 deletions(-) diffs (17 lines): diff -r a46fcf101cfc -r ed17a2a95c8d src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c Wed Oct 28 10:56:11 2020 +0300 +++ b/src/http/ngx_http_request.c Fri Nov 06 23:44:47 2020 +0300 @@ -3039,13 +3039,6 @@ ngx_http_set_keepalive(ngx_http_request_ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "set http keepalive handler"); -if (r->discard_body) { -r->write_event_handler = ngx_http_request_empty_handler; -r->lingering_time = ngx_time() + (time_t) (clcf->lingering_time / 1000); -ngx_add_timer(rev, clcf->lingering_timeout); -return; -} - c->log->action = "closing request"; hc = r->http_connection; ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] SSL: fixed non-working SSL shutdown on lingering close.
details: https://hg.nginx.org/nginx/rev/554c6ae25ffc branches: changeset: 7738:554c6ae25ffc user: Ruslan Ermilov date: Fri Nov 06 23:44:54 2020 +0300 description: SSL: fixed non-working SSL shutdown on lingering close. When doing lingering close, the socket was first shut down for writing, so SSL shutdown initiated after lingering close was not able to send the close_notify alerts (ticket #2056). The fix is to call ngx_ssl_shutdown() before shutting down the socket. diffstat: src/http/ngx_http_request.c | 39 +--- src/http/ngx_http_request_body.c | 1 + src/http/v2/ngx_http_v2.c| 42 +++ 3 files changed, 65 insertions(+), 17 deletions(-) diffs (185 lines): diff -r ed17a2a95c8d -r 554c6ae25ffc src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c Fri Nov 06 23:44:47 2020 +0300 +++ b/src/http/ngx_http_request.c Fri Nov 06 23:44:54 2020 +0300 @@ -49,7 +49,7 @@ static void ngx_http_request_finalizer(n static void ngx_http_set_keepalive(ngx_http_request_t *r); static void ngx_http_keepalive_handler(ngx_event_t *ev); -static void ngx_http_set_lingering_close(ngx_http_request_t *r); +static void ngx_http_set_lingering_close(ngx_connection_t *c); static void ngx_http_lingering_close_handler(ngx_event_t *ev); static ngx_int_t ngx_http_post_action(ngx_http_request_t *r); static void ngx_http_close_request(ngx_http_request_t *r, ngx_int_t error); @@ -2754,7 +2754,7 @@ ngx_http_finalize_connection(ngx_http_re || r->header_in->pos < r->header_in->last || r->connection->read->ready))) { -ngx_http_set_lingering_close(r); +ngx_http_set_lingering_close(r->connection); return; } @@ -3368,22 +3368,43 @@ ngx_http_keepalive_handler(ngx_event_t * static void -ngx_http_set_lingering_close(ngx_http_request_t *r) +ngx_http_set_lingering_close(ngx_connection_t *c) { ngx_event_t *rev, *wev; -ngx_connection_t *c; +ngx_http_request_t*r; ngx_http_core_loc_conf_t *clcf; -c = r->connection; +r = c->data; clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); +if (r->lingering_time == 0) { +r->lingering_time = ngx_time() + (time_t) (clcf->lingering_time / 1000); +} + +#if (NGX_HTTP_SSL) +if (c->ssl) { +ngx_int_t rc; + +rc = ngx_ssl_shutdown(c); + +if (rc == NGX_ERROR) { +ngx_http_close_request(r, 0); +return; +} + +if (rc == NGX_AGAIN) { +c->ssl->handler = ngx_http_set_lingering_close; +return; +} + +c->recv = ngx_recv; +} +#endif + rev = c->read; rev->handler = ngx_http_lingering_close_handler; -r->lingering_time = ngx_time() + (time_t) (clcf->lingering_time / 1000); -ngx_add_timer(rev, clcf->lingering_timeout); - if (ngx_handle_read_event(rev, 0) != NGX_OK) { ngx_http_close_request(r, 0); return; @@ -3406,6 +3427,8 @@ ngx_http_set_lingering_close(ngx_http_re return; } +ngx_add_timer(rev, clcf->lingering_timeout); + if (rev->ready) { ngx_http_lingering_close_handler(rev); } diff -r ed17a2a95c8d -r 554c6ae25ffc src/http/ngx_http_request_body.c --- a/src/http/ngx_http_request_body.c Fri Nov 06 23:44:47 2020 +0300 +++ b/src/http/ngx_http_request_body.c Fri Nov 06 23:44:54 2020 +0300 @@ -674,6 +674,7 @@ ngx_http_discarded_request_body_handler( if (rc == NGX_OK) { r->discard_body = 0; r->lingering_close = 0; +r->lingering_time = 0; ngx_http_finalize_request(r, NGX_DONE); return; } diff -r ed17a2a95c8d -r 554c6ae25ffc src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c Fri Nov 06 23:44:47 2020 +0300 +++ b/src/http/v2/ngx_http_v2.c Fri Nov 06 23:44:54 2020 +0300 @@ -60,7 +60,7 @@ typedef struct { static void ngx_http_v2_read_handler(ngx_event_t *rev); static void ngx_http_v2_write_handler(ngx_event_t *wev); static void ngx_http_v2_handle_connection(ngx_http_v2_connection_t *h2c); -static void ngx_http_v2_lingering_close(ngx_http_v2_connection_t *h2c); +static void ngx_http_v2_lingering_close(ngx_connection_t *c); static void ngx_http_v2_lingering_close_handler(ngx_event_t *rev); static u_char *ngx_http_v2_state_proxy_protocol(ngx_http_v2_connection_t *h2c, @@ -664,7 +664,7 @@ ngx_http_v2_handle_connection(ngx_http_v } if (h2c->goaway) { -ngx_http_v2_lingering_close(h2c); +ngx_http_v2_lingering_close(c); return; } @@ -703,13 +703,13 @@ ngx_http_v2_handle_connection(ngx_http_v static void -ngx_http_v2_lingering_close(ngx_http_v2_connection_t *h2c) +ngx_http_v2_lingering_close(ngx_connection_t *c) { ngx_event_t
[nginx] Cpp test: added stream.
details: https://hg.nginx.org/nginx/rev/f1e6f65ddfeb branches: changeset: 7727:f1e6f65ddfeb user: Ruslan Ermilov date: Tue Oct 13 07:44:09 2020 +0300 description: Cpp test: added stream. diffstat: src/misc/ngx_cpp_test_module.cpp | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diffs (12 lines): diff -r 559d19037984 -r f1e6f65ddfeb src/misc/ngx_cpp_test_module.cpp --- a/src/misc/ngx_cpp_test_module.cpp Thu Oct 08 17:44:34 2020 +0300 +++ b/src/misc/ngx_cpp_test_module.cpp Tue Oct 13 07:44:09 2020 +0300 @@ -14,6 +14,8 @@ extern "C" { #include #include #include + + #include } // nginx header files should go before other, because they define 64-bit off_t ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Proxy: changed interface of some internal functions.
details: https://hg.nginx.org/nginx/rev/5c7917292b29 branches: changeset: 7715:5c7917292b29 user: Ruslan Ermilov date: Sun Sep 27 23:21:10 2020 +0300 description: Proxy: changed interface of some internal functions. This is in preparation for the next change. Also, moved optimization from ngx_http_proxy_rewrite_regex_handler() to ngx_http_proxy_rewrite(). diffstat: src/http/modules/ngx_http_proxy_module.c | 66 +++ 1 files changed, 32 insertions(+), 34 deletions(-) diffs (178 lines): diff -r 8dbc9ee97998 -r 5c7917292b29 src/http/modules/ngx_http_proxy_module.c --- a/src/http/modules/ngx_http_proxy_module.c Sun Sep 27 23:21:09 2020 +0300 +++ b/src/http/modules/ngx_http_proxy_module.c Sun Sep 27 23:21:10 2020 +0300 @@ -18,7 +18,7 @@ typedef struct { typedef struct ngx_http_proxy_rewrite_s ngx_http_proxy_rewrite_t; typedef ngx_int_t (*ngx_http_proxy_rewrite_pt)(ngx_http_request_t *r, -ngx_table_elt_t *h, size_t prefix, size_t len, +ngx_str_t *value, size_t prefix, size_t len, ngx_http_proxy_rewrite_t *pr); struct ngx_http_proxy_rewrite_s { @@ -161,7 +161,7 @@ static ngx_int_t ngx_http_proxy_rewrite_ static ngx_int_t ngx_http_proxy_rewrite_cookie_value(ngx_http_request_t *r, ngx_table_elt_t *h, u_char *value, ngx_array_t *rewrites); static ngx_int_t ngx_http_proxy_rewrite(ngx_http_request_t *r, -ngx_table_elt_t *h, size_t prefix, size_t len, ngx_str_t *replacement); +ngx_str_t *value, size_t prefix, size_t len, ngx_str_t *replacement); static ngx_int_t ngx_http_proxy_add_variables(ngx_conf_t *cf); static void *ngx_http_proxy_create_main_conf(ngx_conf_t *cf); @@ -2584,7 +2584,7 @@ ngx_http_proxy_rewrite_redirect(ngx_http len = h->value.len - prefix; for (i = 0; i < plcf->redirects->nelts; i++) { -rc = pr[i].handler(r, h, prefix, len, [i]); +rc = pr[i].handler(r, >value, prefix, len, [i]); if (rc != NGX_DECLINED) { return rc; @@ -2669,7 +2669,7 @@ ngx_http_proxy_rewrite_cookie_value(ngx_ pr = rewrites->elts; for (i = 0; i < rewrites->nelts; i++) { -rc = pr[i].handler(r, h, prefix, len, [i]); +rc = pr[i].handler(r, >value, prefix, len, [i]); if (rc != NGX_DECLINED) { return rc; @@ -2681,8 +2681,8 @@ ngx_http_proxy_rewrite_cookie_value(ngx_ static ngx_int_t -ngx_http_proxy_rewrite_complex_handler(ngx_http_request_t *r, -ngx_table_elt_t *h, size_t prefix, size_t len, ngx_http_proxy_rewrite_t *pr) +ngx_http_proxy_rewrite_complex_handler(ngx_http_request_t *r, ngx_str_t *value, +size_t prefix, size_t len, ngx_http_proxy_rewrite_t *pr) { ngx_str_t pattern, replacement; @@ -2691,8 +2691,7 @@ ngx_http_proxy_rewrite_complex_handler(n } if (pattern.len > len -|| ngx_rstrncmp(h->value.data + prefix, pattern.data, -pattern.len) != 0) +|| ngx_rstrncmp(value->data + prefix, pattern.data, pattern.len) != 0) { return NGX_DECLINED; } @@ -2701,20 +2700,20 @@ ngx_http_proxy_rewrite_complex_handler(n return NGX_ERROR; } -return ngx_http_proxy_rewrite(r, h, prefix, pattern.len, ); +return ngx_http_proxy_rewrite(r, value, prefix, pattern.len, ); } #if (NGX_PCRE) static ngx_int_t -ngx_http_proxy_rewrite_regex_handler(ngx_http_request_t *r, ngx_table_elt_t *h, +ngx_http_proxy_rewrite_regex_handler(ngx_http_request_t *r, ngx_str_t *value, size_t prefix, size_t len, ngx_http_proxy_rewrite_t *pr) { ngx_str_t pattern, replacement; pattern.len = len; -pattern.data = h->value.data + prefix; +pattern.data = value->data + prefix; if (ngx_http_regex_exec(r, pr->pattern.regex, ) != NGX_OK) { return NGX_DECLINED; @@ -2724,20 +2723,15 @@ ngx_http_proxy_rewrite_regex_handler(ngx return NGX_ERROR; } -if (prefix == 0 && h->value.len == len) { -h->value = replacement; -return NGX_OK; -} - -return ngx_http_proxy_rewrite(r, h, prefix, len, ); +return ngx_http_proxy_rewrite(r, value, prefix, len, ); } #endif static ngx_int_t -ngx_http_proxy_rewrite_domain_handler(ngx_http_request_t *r, -ngx_table_elt_t *h, size_t prefix, size_t len, ngx_http_proxy_rewrite_t *pr) +ngx_http_proxy_rewrite_domain_handler(ngx_http_request_t *r, ngx_str_t *value, +size_t prefix, size_t len, ngx_http_proxy_rewrite_t *pr) { u_char *p; ngx_str_t pattern, replacement; @@ -2746,7 +2740,7 @@ ngx_http_proxy_rewrite_domain_handler(ng return NGX_ERROR; } -p = h->value.data + prefix; +p = value->data + prefix; if (p[0] == '.') { p++; @@ -2762,18 +2756,23 @@ ngx_http_proxy_rewrite_domain_handler(ng return NGX_ERROR; } -return ngx_http_proxy_rewrite(r, h, prefix, len, ); +return ngx_http_proxy_rewrite(r, value,
[nginx] Proxy: added the "proxy_cookie_flags" directive.
details: https://hg.nginx.org/nginx/rev/d6a5e14aa3e4 branches: changeset: 7716:d6a5e14aa3e4 user: Ruslan Ermilov date: Sun Sep 27 23:21:11 2020 +0300 description: Proxy: added the "proxy_cookie_flags" directive. diffstat: src/http/modules/ngx_http_proxy_module.c | 586 +- 1 files changed, 554 insertions(+), 32 deletions(-) diffs (725 lines): diff -r 5c7917292b29 -r d6a5e14aa3e4 src/http/modules/ngx_http_proxy_module.c --- a/src/http/modules/ngx_http_proxy_module.c Sun Sep 27 23:21:10 2020 +0300 +++ b/src/http/modules/ngx_http_proxy_module.c Sun Sep 27 23:21:11 2020 +0300 @@ -10,6 +10,19 @@ #include +#define NGX_HTTP_PROXY_COOKIE_SECURE 0x0001 +#define NGX_HTTP_PROXY_COOKIE_SECURE_ON0x0002 +#define NGX_HTTP_PROXY_COOKIE_SECURE_OFF 0x0004 +#define NGX_HTTP_PROXY_COOKIE_HTTPONLY 0x0008 +#define NGX_HTTP_PROXY_COOKIE_HTTPONLY_ON 0x0010 +#define NGX_HTTP_PROXY_COOKIE_HTTPONLY_OFF 0x0020 +#define NGX_HTTP_PROXY_COOKIE_SAMESITE 0x0040 +#define NGX_HTTP_PROXY_COOKIE_SAMESITE_STRICT 0x0080 +#define NGX_HTTP_PROXY_COOKIE_SAMESITE_LAX 0x0100 +#define NGX_HTTP_PROXY_COOKIE_SAMESITE_NONE0x0200 +#define NGX_HTTP_PROXY_COOKIE_SAMESITE_OFF 0x0400 + + typedef struct { ngx_array_tcaches; /* ngx_http_file_cache_t * */ } ngx_http_proxy_main_conf_t; @@ -36,6 +49,19 @@ struct ngx_http_proxy_rewrite_s { typedef struct { +union { +ngx_http_complex_value_t complex; +#if (NGX_PCRE) +ngx_http_regex_t *regex; +#endif +} cookie; + +ngx_uint_t flags; +ngx_uint_t regex; +} ngx_http_proxy_cookie_flags_t; + + +typedef struct { ngx_str_t key_start; ngx_str_t schema; ngx_str_t host_header; @@ -72,6 +98,7 @@ typedef struct { ngx_array_t *redirects; ngx_array_t *cookie_domains; ngx_array_t *cookie_paths; +ngx_array_t *cookie_flags; ngx_http_complex_value_t *method; ngx_str_t location; @@ -158,8 +185,14 @@ static ngx_int_t ngx_http_proxy_rewrite_ ngx_table_elt_t *h, size_t prefix); static ngx_int_t ngx_http_proxy_rewrite_cookie(ngx_http_request_t *r, ngx_table_elt_t *h); +static ngx_int_t ngx_http_proxy_parse_cookie(ngx_str_t *value, +ngx_array_t *attrs); static ngx_int_t ngx_http_proxy_rewrite_cookie_value(ngx_http_request_t *r, -ngx_table_elt_t *h, u_char *value, ngx_array_t *rewrites); +ngx_str_t *value, ngx_array_t *rewrites); +static ngx_int_t ngx_http_proxy_rewrite_cookie_flags(ngx_http_request_t *r, +ngx_array_t *attrs, ngx_array_t *flags); +static ngx_int_t ngx_http_proxy_edit_cookie_flags(ngx_http_request_t *r, +ngx_array_t *attrs, ngx_uint_t flags); static ngx_int_t ngx_http_proxy_rewrite(ngx_http_request_t *r, ngx_str_t *value, size_t prefix, size_t len, ngx_str_t *replacement); @@ -180,6 +213,8 @@ static char *ngx_http_proxy_cookie_domai void *conf); static char *ngx_http_proxy_cookie_path(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); +static char *ngx_http_proxy_cookie_flags(ngx_conf_t *cf, ngx_command_t *cmd, +void *conf); static char *ngx_http_proxy_store(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); #if (NGX_HTTP_CACHE) @@ -282,6 +317,13 @@ static ngx_command_t ngx_http_proxy_com 0, NULL }, +{ ngx_string("proxy_cookie_flags"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1234, + ngx_http_proxy_cookie_flags, + NGX_HTTP_LOC_CONF_OFFSET, + 0, + NULL }, + { ngx_string("proxy_store"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, ngx_http_proxy_store, @@ -845,6 +887,36 @@ static ngx_path_init_t ngx_http_proxy_t }; +static ngx_conf_bitmask_t ngx_http_proxy_cookie_flags_masks[] = { + +{ ngx_string("secure"), + NGX_HTTP_PROXY_COOKIE_SECURE|NGX_HTTP_PROXY_COOKIE_SECURE_ON }, + +{ ngx_string("nosecure"), + NGX_HTTP_PROXY_COOKIE_SECURE|NGX_HTTP_PROXY_COOKIE_SECURE_OFF }, + +{ ngx_string("httponly"), + NGX_HTTP_PROXY_COOKIE_HTTPONLY|NGX_HTTP_PROXY_COOKIE_HTTPONLY_ON }, + +{ ngx_string("nohttponly"), + NGX_HTTP_PROXY_COOKIE_HTTPONLY|NGX_HTTP_PROXY_COOKIE_HTTPONLY_OFF }, + +{ ngx_string("samesite=strict"), + NGX_HTTP_PROXY_COOKIE_SAMESITE|NGX_HTTP_PROXY_COOKIE_SAMESITE_STRICT }, + +{ ngx_string("samesite=lax"), + NGX_HTTP_PROXY_COOKIE_SAMESITE|NGX_HTTP_PROXY_COOKIE_SAMESITE_LAX }, + +{ ngx_string("samesite=none"), + NGX_HTTP_PROXY_COOKIE_SAMESITE|NGX_HTTP_PROXY_COOKIE_SAMESITE_NONE }, + +{ ngx_string("nosamesite"), + NGX_HTTP_PROXY
[nginx] Proxy: strengthen syntax checking for some directives.
details: https://hg.nginx.org/nginx/rev/8dbc9ee97998 branches: changeset: 7714:8dbc9ee97998 user: Ruslan Ermilov date: Sun Sep 27 23:21:09 2020 +0300 description: Proxy: strengthen syntax checking for some directives. The "false" parameter of the proxy_redirect directive is deprecated. Warning has been emitted since c2230102df6f (0.7.54). The "off" parameter of the proxy_redirect, proxy_cookie_domain, and proxy_cookie_path directives tells nginx not to inherit the configuration from the previous configuration level. Previously, after specifying the directive with the "off" parameter, any other directives were ignored, and syntax checking was disabled. The syntax was enforced to allow either one directive with the "off" parameter, or several directives with other parameters. Also, specifying "proxy_redirect default foo" no longer works like "proxy_redirect default". diffstat: src/http/modules/ngx_http_proxy_module.c | 34 +++ 1 files changed, 21 insertions(+), 13 deletions(-) diffs (87 lines): diff -r 45e9281c6c5b -r 8dbc9ee97998 src/http/modules/ngx_http_proxy_module.c --- a/src/http/modules/ngx_http_proxy_module.c Fri Aug 28 14:10:54 2020 -0700 +++ b/src/http/modules/ngx_http_proxy_module.c Sun Sep 27 23:21:09 2020 +0300 @@ -3766,7 +3766,7 @@ ngx_http_proxy_redirect(ngx_conf_t *cf, ngx_http_compile_complex_value_t ccv; if (plcf->redirect == 0) { -return NGX_CONF_OK; +return "is duplicate"; } plcf->redirect = 1; @@ -3775,16 +3775,12 @@ ngx_http_proxy_redirect(ngx_conf_t *cf, if (cf->args->nelts == 2) { if (ngx_strcmp(value[1].data, "off") == 0) { + +if (plcf->redirects) { +return "is duplicate"; +} + plcf->redirect = 0; -plcf->redirects = NULL; -return NGX_CONF_OK; -} - -if (ngx_strcmp(value[1].data, "false") == 0) { -ngx_conf_log_error(NGX_LOG_ERR, cf, 0, - "invalid parameter \"false\", use \"off\" instead"); -plcf->redirect = 0; -plcf->redirects = NULL; return NGX_CONF_OK; } @@ -3808,7 +3804,9 @@ ngx_http_proxy_redirect(ngx_conf_t *cf, return NGX_CONF_ERROR; } -if (ngx_strcmp(value[1].data, "default") == 0) { +if (cf->args->nelts == 2 +&& ngx_strcmp(value[1].data, "default") == 0) +{ if (plcf->proxy_lengths) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "\"proxy_redirect default\" cannot be used " @@ -3911,7 +3909,7 @@ ngx_http_proxy_cookie_domain(ngx_conf_t ngx_http_compile_complex_value_t ccv; if (plcf->cookie_domains == NULL) { -return NGX_CONF_OK; +return "is duplicate"; } value = cf->args->elts; @@ -3919,6 +3917,11 @@ ngx_http_proxy_cookie_domain(ngx_conf_t if (cf->args->nelts == 2) { if (ngx_strcmp(value[1].data, "off") == 0) { + +if (plcf->cookie_domains != NGX_CONF_UNSET_PTR) { +return "is duplicate"; +} + plcf->cookie_domains = NULL; return NGX_CONF_OK; } @@ -3998,7 +4001,7 @@ ngx_http_proxy_cookie_path(ngx_conf_t *c ngx_http_compile_complex_value_t ccv; if (plcf->cookie_paths == NULL) { -return NGX_CONF_OK; +return "is duplicate"; } value = cf->args->elts; @@ -4006,6 +4009,11 @@ ngx_http_proxy_cookie_path(ngx_conf_t *c if (cf->args->nelts == 2) { if (ngx_strcmp(value[1].data, "off") == 0) { + +if (plcf->cookie_paths != NGX_CONF_UNSET_PTR) { +return "is duplicate"; +} + plcf->cookie_paths = NULL; return NGX_CONF_OK; } ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Core: enclosed parameters of the ngx_buf.h macros in parentheses.
details: https://hg.nginx.org/nginx/rev/2f9214713666 branches: changeset: 7688:2f9214713666 user: balus date: Mon Jul 27 13:21:51 2020 +0300 description: Core: enclosed parameters of the ngx_buf.h macros in parentheses. diffstat: src/core/ngx_buf.h | 20 ++-- 1 files changed, 10 insertions(+), 10 deletions(-) diffs (43 lines): diff -r d752a2c76d49 -r 2f9214713666 src/core/ngx_buf.h --- a/src/core/ngx_buf.hThu Jul 23 17:31:09 2020 +0300 +++ b/src/core/ngx_buf.hMon Jul 27 13:21:51 2020 +0300 @@ -125,20 +125,20 @@ typedef struct { #define NGX_CHAIN_ERROR (ngx_chain_t *) NGX_ERROR -#define ngx_buf_in_memory(b)(b->temporary || b->memory || b->mmap) -#define ngx_buf_in_memory_only(b) (ngx_buf_in_memory(b) && !b->in_file) +#define ngx_buf_in_memory(b) ((b)->temporary || (b)->memory || (b)->mmap) +#define ngx_buf_in_memory_only(b) (ngx_buf_in_memory(b) && !(b)->in_file) #define ngx_buf_special(b) \ -((b->flush || b->last_buf || b->sync)\ - && !ngx_buf_in_memory(b) && !b->in_file) +(((b)->flush || (b)->last_buf || (b)->sync) \ + && !ngx_buf_in_memory(b) && !(b)->in_file) #define ngx_buf_sync_only(b) \ -(b->sync \ - && !ngx_buf_in_memory(b) && !b->in_file && !b->flush && !b->last_buf) +((b)->sync && !ngx_buf_in_memory(b) \ + && !(b)->in_file && !(b)->flush && !(b)->last_buf) #define ngx_buf_size(b) \ -(ngx_buf_in_memory(b) ? (off_t) (b->last - b->pos): \ -(b->file_last - b->file_pos)) +(ngx_buf_in_memory(b) ? (off_t) ((b)->last - (b)->pos): \ +((b)->file_last - (b)->file_pos)) ngx_buf_t *ngx_create_temp_buf(ngx_pool_t *pool, size_t size); ngx_chain_t *ngx_create_chain_of_bufs(ngx_pool_t *pool, ngx_bufs_t *bufs); @@ -149,8 +149,8 @@ ngx_chain_t *ngx_create_chain_of_bufs(ng ngx_chain_t *ngx_alloc_chain_link(ngx_pool_t *pool); #define ngx_free_chain(pool, cl) \ -cl->next = pool->chain; \ -pool->chain = cl +(cl)->next = (pool)->chain; \ +(pool)->chain = (cl) ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH] Core: enclosed parameters of macros in parentheses.
On Sat, Jul 18, 2020 at 08:09:30PM +0800, balus wrote: > # HG changeset patch > # User balus # Date 1595073121 -28800 > # Sat Jul 18 19:52:01 2020 +0800 > # Node ID 92d9878c0c7549345f0a144cd81a6b6d45f21fc6 > # Parent 32a343635b50662979975e1204417bb1fc7e1b1f > Core: enclosed parameters of macros in parentheses. I'm going to commit the following updated patch: # HG changeset patch # User balus # Date 1595399139 -10800 # Wed Jul 22 09:25:39 2020 +0300 # Node ID 827f61a45a12382773c4053e7858594c2ce611c0 # Parent 4f30f75dbdf33d6fae9e70086e0df5cbab7db027 Core: enclosed parameters of the ngx_buf.h macros in parentheses. diff --git a/src/core/ngx_buf.h b/src/core/ngx_buf.h --- a/src/core/ngx_buf.h +++ b/src/core/ngx_buf.h @@ -125,20 +125,20 @@ typedef struct { #define NGX_CHAIN_ERROR (ngx_chain_t *) NGX_ERROR -#define ngx_buf_in_memory(b)(b->temporary || b->memory || b->mmap) -#define ngx_buf_in_memory_only(b) (ngx_buf_in_memory(b) && !b->in_file) +#define ngx_buf_in_memory(b) ((b)->temporary || (b)->memory || (b)->mmap) +#define ngx_buf_in_memory_only(b) (ngx_buf_in_memory(b) && !(b)->in_file) #define ngx_buf_special(b) \ -((b->flush || b->last_buf || b->sync)\ - && !ngx_buf_in_memory(b) && !b->in_file) +(((b)->flush || (b)->last_buf || (b)->sync) \ + && !ngx_buf_in_memory(b) && !(b)->in_file) #define ngx_buf_sync_only(b) \ -(b->sync \ - && !ngx_buf_in_memory(b) && !b->in_file && !b->flush && !b->last_buf) +((b)->sync && !ngx_buf_in_memory(b) \ + && !(b)->in_file && !(b)->flush && !(b)->last_buf) #define ngx_buf_size(b) \ -(ngx_buf_in_memory(b) ? (off_t) (b->last - b->pos): \ -(b->file_last - b->file_pos)) +(ngx_buf_in_memory(b) ? (off_t) ((b)->last - (b)->pos): \ +((b)->file_last - (b)->file_pos)) ngx_buf_t *ngx_create_temp_buf(ngx_pool_t *pool, size_t size); ngx_chain_t *ngx_create_chain_of_bufs(ngx_pool_t *pool, ngx_bufs_t *bufs); @@ -149,8 +149,8 @@ ngx_chain_t *ngx_create_chain_of_bufs(ng ngx_chain_t *ngx_alloc_chain_link(ngx_pool_t *pool); #define ngx_free_chain(pool, cl) \ -cl->next = pool->chain; \ -pool->chain = cl +(cl)->next = (pool)->chain; \ +(pool)->chain = (cl) ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: Core: close pid file while writing it failed.
On Mon, Jun 22, 2020 at 06:09:14PM +0300, Ruslan Ermilov wrote: > On Thu, May 21, 2020 at 09:45:24PM +0800, Jim T wrote: > > Hello! > > > > As far as I understand it, `ngx_create_pidfile` is a function that works > > independently. There is no action to close the pid file externally, so we > > need to close the pid file when the writing it failed. There are also > > reports here https://github.com/nginx/nginx/pull/52. > > > > # HG changeset patch > > # User Jinhua Tan <312841...@qq.com> > > # Date 1590068494 -28800 > > # Thu May 21 21:41:34 2020 +0800 > > # Node ID 6084ea4d9a4d2ae32f3fc4e2e3b9032ab0b71e30 > > # Parent 3242f98298975e556a7e87130611ce84799fe935 > > Core: close pid file while writing it failed. > > > > diff -r 3242f9829897 -r 6084ea4d9a4d src/core/ngx_cycle.c > > --- a/src/core/ngx_cycle.c Wed May 20 12:24:05 2020 +0800 > > +++ b/src/core/ngx_cycle.c Thu May 21 21:41:34 2020 +0800 > > @@ -1036,6 +1036,12 @@ > > len = ngx_snprintf(pid, NGX_INT64_LEN + 2, "%P%N", ngx_pid) - pid; > > > > if (ngx_write_file(, pid, len, 0) == NGX_ERROR) { > > + > > +if (ngx_close_file(file.fd) == NGX_FILE_ERROR) { > > +ngx_log_error(NGX_LOG_ALERT, log, ngx_errno, > > + ngx_close_file_n " \"%s\" failed", > > file.name.data); > > +} > > + > > return NGX_ERROR; > > } > > } > > > > Thank you! > > How's this instead? > > diff --git a/src/core/ngx_cycle.c b/src/core/ngx_cycle.c > --- a/src/core/ngx_cycle.c > +++ b/src/core/ngx_cycle.c > @@ -1009,6 +1009,7 @@ ngx_int_t > ngx_create_pidfile(ngx_str_t *name, ngx_log_t *log) > { > size_t len; > +ngx_int_t rc; > ngx_uint_t create; > ngx_file_t file; > u_char pid[NGX_INT64_LEN + 2]; > @@ -1033,11 +1034,13 @@ ngx_create_pidfile(ngx_str_t *name, ngx_ > return NGX_ERROR; > } > > +rc = NGX_OK; > + > if (!ngx_test_config) { > len = ngx_snprintf(pid, NGX_INT64_LEN + 2, "%P%N", ngx_pid) - pid; > > if (ngx_write_file(, pid, len, 0) == NGX_ERROR) { > -return NGX_ERROR; > +rc = NGX_ERROR; > } > } > > @@ -1046,7 +1049,7 @@ ngx_create_pidfile(ngx_str_t *name, ngx_ >ngx_close_file_n " \"%s\" failed", file.name.data); > } > > -return NGX_OK; > +return rc; > } > > http://hg.nginx.org/nginx/rev/4f30f75dbdf3 ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Core: close PID file when writing fails.
details: https://hg.nginx.org/nginx/rev/4f30f75dbdf3 branches: changeset: 7685:4f30f75dbdf3 user: Ruslan Ermilov date: Tue Jul 21 20:34:29 2020 +0300 description: Core: close PID file when writing fails. Reported by Jinhua Tan. diffstat: src/core/ngx_cycle.c | 7 +-- 1 files changed, 5 insertions(+), 2 deletions(-) diffs (35 lines): diff -r 32a343635b50 -r 4f30f75dbdf3 src/core/ngx_cycle.c --- a/src/core/ngx_cycle.c Thu Jul 09 16:21:37 2020 +0300 +++ b/src/core/ngx_cycle.c Tue Jul 21 20:34:29 2020 +0300 @@ -1009,6 +1009,7 @@ ngx_int_t ngx_create_pidfile(ngx_str_t *name, ngx_log_t *log) { size_t len; +ngx_int_t rc; ngx_uint_t create; ngx_file_t file; u_char pid[NGX_INT64_LEN + 2]; @@ -1033,11 +1034,13 @@ ngx_create_pidfile(ngx_str_t *name, ngx_ return NGX_ERROR; } +rc = NGX_OK; + if (!ngx_test_config) { len = ngx_snprintf(pid, NGX_INT64_LEN + 2, "%P%N", ngx_pid) - pid; if (ngx_write_file(, pid, len, 0) == NGX_ERROR) { -return NGX_ERROR; +rc = NGX_ERROR; } } @@ -1046,7 +1049,7 @@ ngx_create_pidfile(ngx_str_t *name, ngx_ ngx_close_file_n " \"%s\" failed", file.name.data); } -return NGX_OK; +return rc; } ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] HTTP/2: lingering close after GOAWAY.
details: https://hg.nginx.org/nginx/rev/c5840ca2063d branches: changeset: 7673:c5840ca2063d user: Ruslan Ermilov date: Fri Jul 03 16:16:47 2020 +0300 description: HTTP/2: lingering close after GOAWAY. After sending the GOAWAY frame, a connection is now closed using the lingering close mechanism. This allows for the reliable delivery of the GOAWAY frames, while also fixing connection resets observed when http2_max_requests is reached (ticket #1250), or with graceful shutdown (ticket #1544), when some additional data from the client is received on a fully closed connection. For HTTP/2, the settings lingering_close, lingering_timeout, and lingering_time are taken from the "server" level. diffstat: src/http/v2/ngx_http_v2.c | 128 +++-- src/http/v2/ngx_http_v2.h |2 + 2 files changed, 124 insertions(+), 6 deletions(-) diffs (187 lines): diff -r 3dcb1aba894a -r c5840ca2063d src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c Mon Jun 29 17:15:51 2020 +0300 +++ b/src/http/v2/ngx_http_v2.c Fri Jul 03 16:16:47 2020 +0300 @@ -60,6 +60,8 @@ typedef struct { static void ngx_http_v2_read_handler(ngx_event_t *rev); static void ngx_http_v2_write_handler(ngx_event_t *wev); static void ngx_http_v2_handle_connection(ngx_http_v2_connection_t *h2c); +static void ngx_http_v2_lingering_close(ngx_http_v2_connection_t *h2c); +static void ngx_http_v2_lingering_close_handler(ngx_event_t *rev); static u_char *ngx_http_v2_state_proxy_protocol(ngx_http_v2_connection_t *h2c, u_char *pos, u_char *end); @@ -661,7 +663,7 @@ ngx_http_v2_handle_connection(ngx_http_v } if (h2c->goaway) { -ngx_http_close_connection(c); +ngx_http_v2_lingering_close(h2c); return; } @@ -699,6 +701,113 @@ ngx_http_v2_handle_connection(ngx_http_v } +static void +ngx_http_v2_lingering_close(ngx_http_v2_connection_t *h2c) +{ +ngx_event_t *rev, *wev; +ngx_connection_t *c; +ngx_http_core_loc_conf_t *clcf; + +c = h2c->connection; + +clcf = ngx_http_get_module_loc_conf(h2c->http_connection->conf_ctx, +ngx_http_core_module); + +if (clcf->lingering_close == NGX_HTTP_LINGERING_OFF) { +ngx_http_close_connection(c); +return; +} + +rev = c->read; +rev->handler = ngx_http_v2_lingering_close_handler; + +h2c->lingering_time = ngx_time() + (time_t) (clcf->lingering_time / 1000); +ngx_add_timer(rev, clcf->lingering_timeout); + +if (ngx_handle_read_event(rev, 0) != NGX_OK) { +ngx_http_close_connection(c); +return; +} + +wev = c->write; +wev->handler = ngx_http_empty_handler; + +if (wev->active && (ngx_event_flags & NGX_USE_LEVEL_EVENT)) { +if (ngx_del_event(wev, NGX_WRITE_EVENT, 0) != NGX_OK) { +ngx_http_close_connection(c); +return; +} +} + +if (ngx_shutdown_socket(c->fd, NGX_WRITE_SHUTDOWN) == -1) { +ngx_connection_error(c, ngx_socket_errno, + ngx_shutdown_socket_n " failed"); +ngx_http_close_connection(c); +return; +} + +if (rev->ready) { +ngx_http_v2_lingering_close_handler(rev); +} +} + + +static void +ngx_http_v2_lingering_close_handler(ngx_event_t *rev) +{ +ssize_tn; +ngx_msec_t timer; +ngx_connection_t *c; +ngx_http_core_loc_conf_t *clcf; +ngx_http_v2_connection_t *h2c; +u_char buffer[NGX_HTTP_LINGERING_BUFFER_SIZE]; + +c = rev->data; +h2c = c->data; + +ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, + "http2 lingering close handler"); + +if (rev->timedout) { +ngx_http_close_connection(c); +return; +} + +timer = (ngx_msec_t) h2c->lingering_time - (ngx_msec_t) ngx_time(); +if ((ngx_msec_int_t) timer <= 0) { +ngx_http_close_connection(c); +return; +} + +do { +n = c->recv(c, buffer, NGX_HTTP_LINGERING_BUFFER_SIZE); + +ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, "lingering read: %z", n); + +if (n == NGX_ERROR || n == 0) { +ngx_http_close_connection(c); +return; +} + +} while (rev->ready); + +if (ngx_handle_read_event(rev, 0) != NGX_OK) { +ngx_http_close_connection(c); +return; +} + +clcf = ngx_http_get_module_loc_conf(h2c->http_connection->conf_ctx, +ngx_http_core_module); +timer *= 1000; + +if (timer > clcf->lingering_timeout) { +timer = clcf->lingering_timeout; +} + +ngx_add_timer(rev, timer); +} + + static u_char * ngx_http_v2_state_proxy_protocol(ngx_http_v2_connection_t *h2c, u_char *pos,
Re: [PATCH] Fixed potential leak of temp pool.
On Mon, Jun 15, 2020 at 08:48:41AM +, Eran Kornblau wrote: > Hi > > Something I noticed today while looking at the code, it probably won't matter > to anyone ever... > But just sending for the sake of perfection :) > > Thanks! > > Eran Committed, thanks! https://hg.nginx.org/nginx/rev/7e0719fb528b > # HG changeset patch > # User erankor > # Date 1592207911 14400 > # Mon Jun 15 03:58:31 2020 -0400 > # Node ID 7037b11208c1be350c399bf0917b439fb5356d3b > # Parent cb27bda9557fede50b531a0b3b4db98b38cc937a > Fixed potential leak of temp pool. > > In case ngx_hash_add_key fails, need to goto failed instead of returning, so > that temp_pool will be destoryed. > > diff -r cb27bda9557f -r 7037b11208c1 src/http/ngx_http.c > --- a/src/http/ngx_http.c Mon Aug 07 06:10:34 2017 -0400 > +++ b/src/http/ngx_http.c Mon Jun 15 03:58:31 2020 -0400 > @@ -1466,14 +1466,14 @@ >NGX_HASH_WILDCARD_KEY); > > if (rc == NGX_ERROR) { > -return NGX_ERROR; > +goto failed; > } > > if (rc == NGX_DECLINED) { > ngx_log_error(NGX_LOG_EMERG, cf->log, 0, >"invalid server name or wildcard \"%V\" on %s", >[n].name, addr->opt.addr); > -return NGX_ERROR; > +goto failed; > } > > if (rc == NGX_BUSY) { > _______ > nginx-devel mailing list > nginx-devel@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel -- Ruslan Ermilov Assume stupidity not malice ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Fixed potential leak of temp pool.
details: https://hg.nginx.org/nginx/rev/7e0719fb528b branches: changeset: 7671:7e0719fb528b user: Eran Kornblau date: Mon Jun 15 03:58:31 2020 -0400 description: Fixed potential leak of temp pool. In case ngx_hash_add_key() fails, need to goto failed instead of returning, so that temp_pool will be destoryed. diffstat: src/http/ngx_http.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diffs (20 lines): diff -r ccb5ff87ab3e -r 7e0719fb528b src/http/ngx_http.c --- a/src/http/ngx_http.c Mon Jun 22 18:03:00 2020 +0300 +++ b/src/http/ngx_http.c Mon Jun 15 03:58:31 2020 -0400 @@ -1469,14 +1469,14 @@ ngx_http_server_names(ngx_conf_t *cf, ng NGX_HASH_WILDCARD_KEY); if (rc == NGX_ERROR) { -return NGX_ERROR; +goto failed; } if (rc == NGX_DECLINED) { ngx_log_error(NGX_LOG_EMERG, cf->log, 0, "invalid server name or wildcard \"%V\" on %V", [n].name, >opt.addr_text); -return NGX_ERROR; +goto failed; } if (rc == NGX_BUSY) { ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: Core: close pid file while writing it failed.
On Thu, May 21, 2020 at 09:45:24PM +0800, Jim T wrote: > Hello! > > As far as I understand it, `ngx_create_pidfile` is a function that works > independently. There is no action to close the pid file externally, so we > need to close the pid file when the writing it failed. There are also > reports here https://github.com/nginx/nginx/pull/52. > > # HG changeset patch > # User Jinhua Tan <312841...@qq.com> > # Date 1590068494 -28800 > # Thu May 21 21:41:34 2020 +0800 > # Node ID 6084ea4d9a4d2ae32f3fc4e2e3b9032ab0b71e30 > # Parent 3242f98298975e556a7e87130611ce84799fe935 > Core: close pid file while writing it failed. > > diff -r 3242f9829897 -r 6084ea4d9a4d src/core/ngx_cycle.c > --- a/src/core/ngx_cycle.c Wed May 20 12:24:05 2020 +0800 > +++ b/src/core/ngx_cycle.c Thu May 21 21:41:34 2020 +0800 > @@ -1036,6 +1036,12 @@ > len = ngx_snprintf(pid, NGX_INT64_LEN + 2, "%P%N", ngx_pid) - pid; > > if (ngx_write_file(, pid, len, 0) == NGX_ERROR) { > + > +if (ngx_close_file(file.fd) == NGX_FILE_ERROR) { > +ngx_log_error(NGX_LOG_ALERT, log, ngx_errno, > + ngx_close_file_n " \"%s\" failed", > file.name.data); > +} > + > return NGX_ERROR; > } > } > > Thank you! How's this instead? diff --git a/src/core/ngx_cycle.c b/src/core/ngx_cycle.c --- a/src/core/ngx_cycle.c +++ b/src/core/ngx_cycle.c @@ -1009,6 +1009,7 @@ ngx_int_t ngx_create_pidfile(ngx_str_t *name, ngx_log_t *log) { size_t len; +ngx_int_t rc; ngx_uint_t create; ngx_file_t file; u_char pid[NGX_INT64_LEN + 2]; @@ -1033,11 +1034,13 @@ ngx_create_pidfile(ngx_str_t *name, ngx_ return NGX_ERROR; } +rc = NGX_OK; + if (!ngx_test_config) { len = ngx_snprintf(pid, NGX_INT64_LEN + 2, "%P%N", ngx_pid) - pid; if (ngx_write_file(, pid, len, 0) == NGX_ERROR) { -return NGX_ERROR; +rc = NGX_ERROR; } } @@ -1046,7 +1049,7 @@ ngx_create_pidfile(ngx_str_t *name, ngx_ ngx_close_file_n " \"%s\" failed", file.name.data); } -return NGX_OK; +return rc; } ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH] Ensured SIGQUIT deletes listening UNIX socket files.
Hi there, On Mon, Apr 27, 2020 at 04:26:31PM -0700, Thibault Charbonnier wrote: > On 4/25/20 6:12 PM, Maxim Dounin wrote: > > A better approach might be to check parent's pid instead, much > > like we do when handling the changebin signal on unix (see > > src/os/unix/ngx_process.c). > > Great! Thanks for the suggestion. Below is a revised approach for the > patch (also attached to this email) which passes all of the test cases > listed in my previous test file at the start of this thread: > > # HG changeset patch > # User Thibault Charbonnier > # Date 1582764433 28800 > # Wed Feb 26 16:47:13 2020 -0800 > # Node ID 8d781bac6c4feebb2d1ea3f4e6df76d71f74e43b > # Parent 4f18393a1d51bce6103ea2f1b2587900f349ba3d > Ensured SIGQUIT deletes listening UNIX socket files. > > Prior to this patch, the SIGQUIT signal handling (graceful shutdown) did not > remove UNIX socket files since ngx_master_process_cycle reimplemented > listening > socket closings in lieu of using ngx_close_listening_sockets. > > Since ngx_master_process_exit will call the aforementioned > ngx_close_listening_sockets, we can remove the custom implementation and now > expect listening sockets to be closed properly by ngx_close_listening_sockets > instead. > > This fixes the trac issue #753 (https://trac.nginx.org/nginx/ticket/753). > > diff -r 4f18393a1d51 -r 8d781bac6c4f src/core/ngx_connection.c > --- a/src/core/ngx_connection.c Thu Feb 20 16:51:07 2020 +0300 > +++ b/src/core/ngx_connection.c Wed Feb 26 16:47:13 2020 -0800 > @@ -1070,7 +1070,8 @@ > > if (ls[i].sockaddr->sa_family == AF_UNIX > && ngx_process <= NGX_PROCESS_MASTER > -&& ngx_new_binary == 0) > +&& ngx_new_binary == 0 > +&& ngx_getppid() != ngx_parent) > { > u_char *name = ls[i].addr_text.data + sizeof("unix:") - 1; > > diff -r 4f18393a1d51 -r 8d781bac6c4f src/os/unix/ngx_process_cycle.c > --- a/src/os/unix/ngx_process_cycle.c Thu Feb 20 16:51:07 2020 +0300 > +++ b/src/os/unix/ngx_process_cycle.c Wed Feb 26 16:47:13 2020 -0800 > @@ -77,12 +77,11 @@ > u_char*p; > size_t size; > ngx_int_t i; > -ngx_uint_t n, sigio; > +ngx_uint_t sigio; > sigset_t set; > struct itimerval itv; > ngx_uint_t live; > ngx_msec_t delay; > -ngx_listening_t *ls; > ngx_core_conf_t *ccf; > > sigemptyset(); > @@ -205,16 +204,6 @@ > ngx_signal_worker_processes(cycle, > > ngx_signal_value(NGX_SHUTDOWN_SIGNAL)); > > -ls = cycle->listening.elts; > -for (n = 0; n < cycle->listening.nelts; n++) { > -if (ngx_close_socket(ls[n].fd) == -1) { > -ngx_log_error(NGX_LOG_EMERG, cycle->log, > ngx_socket_errno, > - ngx_close_socket_n " %V failed", > - [n].addr_text); > -} > -} > -cycle->listening.nelts = 0; > - > continue; > } > Thanks for your patch. Unfortunately, it would break removing of UNIX-domain socket files when nginx is run with "daemon off". It'd also add a regression that the master process will not remove the UNIX-domain socket files until after all worker processes have exited (this has been fixed in 0.1.40). The committed fixes: http://hg.nginx.org/nginx/rev/9c038f5e0464 http://hg.nginx.org/nginx/rev/7cbf6389194b ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Fixed SIGQUIT not removing listening UNIX sockets (closes #753).
details: https://hg.nginx.org/nginx/rev/7cbf6389194b branches: changeset: 7663:7cbf6389194b user: Ruslan Ermilov date: Mon Jun 01 22:31:23 2020 +0300 description: Fixed SIGQUIT not removing listening UNIX sockets (closes #753). Listening UNIX sockets were not removed on graceful shutdown, preventing the next runs. The fix is to replace the custom socket closing code in ngx_master_process_cycle() by the ngx_close_listening_sockets() call. diffstat: src/os/unix/ngx_process_cycle.c | 14 ++ 1 files changed, 2 insertions(+), 12 deletions(-) diffs (35 lines): diff -r 9c038f5e0464 -r 7cbf6389194b src/os/unix/ngx_process_cycle.c --- a/src/os/unix/ngx_process_cycle.c Mon Jun 01 20:19:27 2020 +0300 +++ b/src/os/unix/ngx_process_cycle.c Mon Jun 01 22:31:23 2020 +0300 @@ -77,12 +77,11 @@ ngx_master_process_cycle(ngx_cycle_t *cy u_char*p; size_t size; ngx_int_t i; -ngx_uint_t n, sigio; +ngx_uint_t sigio; sigset_t set; struct itimerval itv; ngx_uint_t live; ngx_msec_t delay; -ngx_listening_t *ls; ngx_core_conf_t *ccf; sigemptyset(); @@ -204,16 +203,7 @@ ngx_master_process_cycle(ngx_cycle_t *cy if (ngx_quit) { ngx_signal_worker_processes(cycle, ngx_signal_value(NGX_SHUTDOWN_SIGNAL)); - -ls = cycle->listening.elts; -for (n = 0; n < cycle->listening.nelts; n++) { -if (ngx_close_socket(ls[n].fd) == -1) { -ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_socket_errno, - ngx_close_socket_n " %V failed", - [n].addr_text); -} -} -cycle->listening.nelts = 0; +ngx_close_listening_sockets(cycle); continue; } ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Fixed removing of listening UNIX sockets when "changing binary".
details: https://hg.nginx.org/nginx/rev/9c038f5e0464 branches: changeset: 7662:9c038f5e0464 user: Ruslan Ermilov date: Mon Jun 01 20:19:27 2020 +0300 description: Fixed removing of listening UNIX sockets when "changing binary". When changing binary, sending a SIGTERM to the new binary's master process should not remove inherited UNIX sockets unless the old binary's master process has exited. diffstat: src/core/nginx.c | 1 + src/core/ngx_connection.c | 3 ++- src/core/ngx_cycle.c | 1 + 3 files changed, 4 insertions(+), 1 deletions(-) diffs (35 lines): diff -r 8cadaf7e7231 -r 9c038f5e0464 src/core/nginx.c --- a/src/core/nginx.c Tue May 26 19:17:11 2020 +0300 +++ b/src/core/nginx.c Mon Jun 01 20:19:27 2020 +0300 @@ -492,6 +492,7 @@ ngx_add_inherited_sockets(ngx_cycle_t *c ngx_memzero(ls, sizeof(ngx_listening_t)); ls->fd = (ngx_socket_t) s; +ls->inherited = 1; } } diff -r 8cadaf7e7231 -r 9c038f5e0464 src/core/ngx_connection.c --- a/src/core/ngx_connection.c Tue May 26 19:17:11 2020 +0300 +++ b/src/core/ngx_connection.c Mon Jun 01 20:19:27 2020 +0300 @@ -1070,7 +1070,8 @@ ngx_close_listening_sockets(ngx_cycle_t if (ls[i].sockaddr->sa_family == AF_UNIX && ngx_process <= NGX_PROCESS_MASTER -&& ngx_new_binary == 0) +&& ngx_new_binary == 0 +&& (!ls[i].inherited || ngx_getppid() != ngx_parent)) { u_char *name = ls[i].addr_text.data + sizeof("unix:") - 1; diff -r 8cadaf7e7231 -r 9c038f5e0464 src/core/ngx_cycle.c --- a/src/core/ngx_cycle.c Tue May 26 19:17:11 2020 +0300 +++ b/src/core/ngx_cycle.c Mon Jun 01 20:19:27 2020 +0300 @@ -520,6 +520,7 @@ ngx_init_cycle(ngx_cycle_t *old_cycle) == NGX_OK) { nls[n].fd = ls[i].fd; +nls[n].inherited = ls[i].inherited; nls[n].previous = [i]; ls[i].remain = 1; ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] gRPC: RST_STREAM(NO_ERROR) handling (ticket #1792).
details: https://hg.nginx.org/nginx/rev/2096b21fcd10 branches: changeset: 7646:2096b21fcd10 user: Ruslan Ermilov date: Thu Apr 23 15:10:24 2020 +0300 description: gRPC: RST_STREAM(NO_ERROR) handling (ticket #1792). As per https://tools.ietf.org/html/rfc7540#section-8.1, : A server can send a complete response prior to the client : sending an entire request if the response does not depend on : any portion of the request that has not been sent and : received. When this is true, a server MAY request that the : client abort transmission of a request without error by : sending a RST_STREAM with an error code of NO_ERROR after : sending a complete response (i.e., a frame with the : END_STREAM flag). Clients MUST NOT discard responses as a : result of receiving such a RST_STREAM, though clients can : always discard responses at their discretion for other : reasons. Previously, RST_STREAM(NO_ERROR) received from upstream after a frame with the END_STREAM flag was incorrectly treated as an error. Now, a single RST_STREAM(NO_ERROR) is properly handled. This fixes problems observed with modern grpc-c [1], as well as with the Go gRPC module. [1] https://github.com/grpc/grpc/pull/1661 diffstat: src/http/modules/ngx_http_grpc_module.c | 26 -- 1 files changed, 20 insertions(+), 6 deletions(-) diffs (57 lines): diff -r ed3a10cf88e8 -r 2096b21fcd10 src/http/modules/ngx_http_grpc_module.c --- a/src/http/modules/ngx_http_grpc_module.c Thu Apr 23 15:10:21 2020 +0300 +++ b/src/http/modules/ngx_http_grpc_module.c Thu Apr 23 15:10:24 2020 +0300 @@ -120,6 +120,7 @@ typedef struct { unsigned end_stream:1; unsigned done:1; unsigned status:1; +unsigned rst:1; ngx_http_request_t*request; @@ -1205,6 +1206,7 @@ ngx_http_grpc_reinit_request(ngx_http_re ctx->end_stream = 0; ctx->done = 0; ctx->status = 0; +ctx->rst = 0; ctx->connection = NULL; return NGX_OK; @@ -2088,7 +2090,9 @@ ngx_http_grpc_filter(void *data, ssize_t return NGX_ERROR; } -if (ctx->stream_id && ctx->done) { +if (ctx->stream_id && ctx->done +&& ctx->type != NGX_HTTP_V2_RST_STREAM_FRAME) +{ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "upstream sent frame for closed stream %ui", ctx->stream_id); @@ -2131,11 +2135,21 @@ ngx_http_grpc_filter(void *data, ssize_t return NGX_ERROR; } -ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, - "upstream rejected request with error %ui", - ctx->error); - -return NGX_ERROR; +if (ctx->error || !ctx->done) { +ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream rejected request with error %ui", + ctx->error); +return NGX_ERROR; +} + +if (ctx->rst) { +ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent frame for closed stream %ui", + ctx->stream_id); +return NGX_ERROR; +} + +ctx->rst = 1; } if (ctx->type == NGX_HTTP_V2_GOAWAY_FRAME) { ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] gRPC: WINDOW_UPDATE after END_STREAM handling (ticket #1797).
details: https://hg.nginx.org/nginx/rev/716eddd74bc2 branches: changeset: 7647:716eddd74bc2 user: Ruslan Ermilov date: Thu Apr 23 15:10:26 2020 +0300 description: gRPC: WINDOW_UPDATE after END_STREAM handling (ticket #1797). As per https://tools.ietf.org/html/rfc7540#section-6.9, WINDOW_UPDATE received after a frame with the END_STREAM flag should be handled and not treated as an error. diffstat: src/http/modules/ngx_http_grpc_module.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diffs (13 lines): diff -r 2096b21fcd10 -r 716eddd74bc2 src/http/modules/ngx_http_grpc_module.c --- a/src/http/modules/ngx_http_grpc_module.c Thu Apr 23 15:10:24 2020 +0300 +++ b/src/http/modules/ngx_http_grpc_module.c Thu Apr 23 15:10:26 2020 +0300 @@ -2091,7 +2091,8 @@ ngx_http_grpc_filter(void *data, ssize_t } if (ctx->stream_id && ctx->done -&& ctx->type != NGX_HTTP_V2_RST_STREAM_FRAME) +&& ctx->type != NGX_HTTP_V2_RST_STREAM_FRAME +&& ctx->type != NGX_HTTP_V2_WINDOW_UPDATE_FRAME) { ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "upstream sent frame for closed stream %ui", ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Version bump.
details: https://hg.nginx.org/nginx/rev/ed3a10cf88e8 branches: changeset: 7645:ed3a10cf88e8 user: Ruslan Ermilov date: Thu Apr 23 15:10:21 2020 +0300 description: Version bump. diffstat: src/core/nginx.h | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diffs (14 lines): diff -r 3a860f22c879 -r ed3a10cf88e8 src/core/nginx.h --- a/src/core/nginx.h Tue Apr 14 17:19:26 2020 +0300 +++ b/src/core/nginx.h Thu Apr 23 15:10:21 2020 +0300 @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1017010 -#define NGINX_VERSION "1.17.10" +#define nginx_version 1019000 +#define NGINX_VERSION "1.19.0" #define NGINX_VER "nginx/" NGINX_VERSION #ifdef NGX_BUILD ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] The new auth_delay directive for delaying unauthorized requests.
details: https://hg.nginx.org/nginx/rev/681b78a98a52 branches: changeset: 7638:681b78a98a52 user: Ruslan Ermilov date: Wed Apr 08 01:02:17 2020 +0300 description: The new auth_delay directive for delaying unauthorized requests. The request processing is delayed by a timer. Since nginx updates internal time once at the start of each event loop iteration, this normally ensures constant time delay, adding a mitigation from time-based attacks. A notable exception to this is the case when there are no additional events before the timer expires. To ensure constant-time processing in this case as well, we trigger an additional event loop iteration by posting a dummy event for the next event loop iteration. diffstat: src/http/ngx_http_core_module.c | 82 - src/http/ngx_http_core_module.h | 1 + 2 files changed, 82 insertions(+), 1 deletions(-) diffs (150 lines): diff -r 0cb942c1c1aa -r 681b78a98a52 src/http/ngx_http_core_module.c --- a/src/http/ngx_http_core_module.c Fri Mar 13 02:12:10 2020 +0300 +++ b/src/http/ngx_http_core_module.c Wed Apr 08 01:02:17 2020 +0300 @@ -21,6 +21,9 @@ typedef struct { #define NGX_HTTP_REQUEST_BODY_FILE_CLEAN 2 +static ngx_int_t ngx_http_core_auth_delay(ngx_http_request_t *r); +static void ngx_http_core_auth_delay_handler(ngx_http_request_t *r); + static ngx_int_t ngx_http_core_find_location(ngx_http_request_t *r); static ngx_int_t ngx_http_core_find_static_location(ngx_http_request_t *r, ngx_http_location_tree_node_t *node); @@ -520,6 +523,13 @@ static ngx_command_t ngx_http_core_comm offsetof(ngx_http_core_loc_conf_t, satisfy), _http_core_satisfy }, +{ ngx_string("auth_delay"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_conf_set_msec_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_core_loc_conf_t, auth_delay), + NULL }, + { ngx_string("internal"), NGX_HTTP_LOC_CONF|NGX_CONF_NOARGS, ngx_http_core_internal, @@ -1124,6 +1134,10 @@ ngx_http_core_access_phase(ngx_http_requ /* rc == NGX_ERROR || rc == NGX_HTTP_... */ +if (rc == NGX_HTTP_UNAUTHORIZED) { +return ngx_http_core_auth_delay(r); +} + ngx_http_finalize_request(r, rc); return NGX_OK; } @@ -1141,12 +1155,17 @@ ngx_http_core_post_access_phase(ngx_http access_code = r->access_code; if (access_code) { +r->access_code = 0; + if (access_code == NGX_HTTP_FORBIDDEN) { ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "access forbidden by rule"); } -r->access_code = 0; +if (access_code == NGX_HTTP_UNAUTHORIZED) { +return ngx_http_core_auth_delay(r); +} + ngx_http_finalize_request(r, access_code); return NGX_OK; } @@ -1156,6 +1175,65 @@ ngx_http_core_post_access_phase(ngx_http } +static ngx_int_t +ngx_http_core_auth_delay(ngx_http_request_t *r) +{ +ngx_http_core_loc_conf_t *clcf; + +clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); + +if (clcf->auth_delay == 0) { +ngx_http_finalize_request(r, NGX_HTTP_UNAUTHORIZED); +return NGX_OK; +} + +ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "delaying unauthorized request"); + +if (ngx_handle_read_event(r->connection->read, 0) != NGX_OK) { +return NGX_HTTP_INTERNAL_SERVER_ERROR; +} + +r->read_event_handler = ngx_http_test_reading; +r->write_event_handler = ngx_http_core_auth_delay_handler; + +r->connection->write->delayed = 1; +ngx_add_timer(r->connection->write, clcf->auth_delay); + +/* + * trigger an additional event loop iteration + * to ensure constant-time processing + */ + +ngx_post_event(r->connection->write, _posted_next_events); + +return NGX_OK; +} + + +static void +ngx_http_core_auth_delay_handler(ngx_http_request_t *r) +{ +ngx_event_t *wev; + +ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "auth delay handler"); + +wev = r->connection->write; + +if (wev->delayed) { + +if (ngx_handle_write_event(wev, 0) != NGX_OK) { +ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); +} + +return; +} + +ngx_http_finalize_request(r, NGX_HTTP_UNAUTHORIZED); +} + + ngx_int_t ngx_http_core_content_phase(ngx_http_request_t *r, ngx_http_phase_handler_t *ph) @@ -3394,6 +3472,7 @@ ngx_http_core_create_loc_conf(ngx_conf_t clcf->client_body_buffer_size = NGX_CONF_UNSET_SIZE; clcf->client_body_timeout = NGX_CONF_UNSET_MSEC; clcf->satisfy = NGX_CONF_UNSET_UINT; +clcf->auth_delay = NGX_CONF_UNSET_MSEC; clcf->if_modified_since = NGX
[nginx] Auth basic: explicitly zero out password buffer.
details: https://hg.nginx.org/nginx/rev/0cb942c1c1aa branches: changeset: 7637:0cb942c1c1aa user: Ruslan Ermilov date: Fri Mar 13 02:12:10 2020 +0300 description: Auth basic: explicitly zero out password buffer. diffstat: src/http/modules/ngx_http_auth_basic_module.c | 37 +- 1 files changed, 18 insertions(+), 19 deletions(-) diffs (91 lines): diff -r 2a9aeb3426c3 -r 0cb942c1c1aa src/http/modules/ngx_http_auth_basic_module.c --- a/src/http/modules/ngx_http_auth_basic_module.c Mon Mar 16 12:41:41 2020 +0300 +++ b/src/http/modules/ngx_http_auth_basic_module.c Fri Mar 13 02:12:10 2020 +0300 @@ -25,7 +25,6 @@ static ngx_int_t ngx_http_auth_basic_cry ngx_str_t *passwd, ngx_str_t *realm); static ngx_int_t ngx_http_auth_basic_set_realm(ngx_http_request_t *r, ngx_str_t *realm); -static void ngx_http_auth_basic_close(ngx_file_t *file); static void *ngx_http_auth_basic_create_loc_conf(ngx_conf_t *cf); static char *ngx_http_auth_basic_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child); @@ -177,8 +176,8 @@ ngx_http_auth_basic_handler(ngx_http_req offset); if (n == NGX_ERROR) { -ngx_http_auth_basic_close(); -return NGX_HTTP_INTERNAL_SERVER_ERROR; +rc = NGX_HTTP_INTERNAL_SERVER_ERROR; +goto cleanup; } if (n == 0) { @@ -219,12 +218,11 @@ ngx_http_auth_basic_handler(ngx_http_req if (buf[i] == LF || buf[i] == CR || buf[i] == ':') { buf[i] = '\0'; -ngx_http_auth_basic_close(); - pwd.len = i - passwd; pwd.data = [passwd]; -return ngx_http_auth_basic_crypt_handler(r, , ); +rc = ngx_http_auth_basic_crypt_handler(r, , ); +goto cleanup; } break; @@ -251,8 +249,6 @@ ngx_http_auth_basic_handler(ngx_http_req offset += n; } -ngx_http_auth_basic_close(); - if (state == sw_passwd) { pwd.len = i - passwd; pwd.data = ngx_pnalloc(r->pool, pwd.len + 1); @@ -262,14 +258,26 @@ ngx_http_auth_basic_handler(ngx_http_req ngx_cpystrn(pwd.data, [passwd], pwd.len + 1); -return ngx_http_auth_basic_crypt_handler(r, , ); +rc = ngx_http_auth_basic_crypt_handler(r, , ); +goto cleanup; } ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "user \"%V\" was not found in \"%s\"", >headers_in.user, user_file.data); -return ngx_http_auth_basic_set_realm(r, ); +rc = ngx_http_auth_basic_set_realm(r, ); + +cleanup: + +if (ngx_close_file(file.fd) == NGX_FILE_ERROR) { +ngx_log_error(NGX_LOG_ALERT, r->connection->log, ngx_errno, + ngx_close_file_n " \"%s\" failed", user_file.data); +} + +ngx_explicit_memzero(buf, NGX_HTTP_AUTH_BUF_SIZE); + +return rc; } @@ -338,15 +346,6 @@ ngx_http_auth_basic_set_realm(ngx_http_r return NGX_HTTP_UNAUTHORIZED; } -static void -ngx_http_auth_basic_close(ngx_file_t *file) -{ -if (ngx_close_file(file->fd) == NGX_FILE_ERROR) { -ngx_log_error(NGX_LOG_ALERT, file->log, ngx_errno, - ngx_close_file_n " \"%s\" failed", file->name.data); -} -} - static void * ngx_http_auth_basic_create_loc_conf(ngx_conf_t *cf) ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Version bump.
details: https://hg.nginx.org/nginx/rev/2a9aeb3426c3 branches: changeset: 7636:2a9aeb3426c3 user: Ruslan Ermilov date: Mon Mar 16 12:41:41 2020 +0300 description: Version bump. diffstat: src/core/nginx.h | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diffs (14 lines): diff -r 4eb606b4a5b5 -r 2a9aeb3426c3 src/core/nginx.h --- a/src/core/nginx.h Tue Mar 03 18:04:21 2020 +0300 +++ b/src/core/nginx.h Mon Mar 16 12:41:41 2020 +0300 @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1017009 -#define NGINX_VERSION "1.17.9" +#define nginx_version 1017010 +#define NGINX_VERSION "1.17.10" #define NGINX_VER "nginx/" NGINX_VERSION #ifdef NGX_BUILD ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH] Keep remote port unchanged if real address doesn't contain a port.
On Mon, Jan 20, 2020 at 08:27:42PM +0800, Zexuan Luo wrote: > # HG changeset patch > # User spacewander > # Date 1579523127 -28800 > # Mon Jan 20 20:25:27 2020 +0800 > # Branch ident > # Node ID 86dbfc59e9c01608244c4fdc0d9a87fd9d330648 > # Parent 4fb5603514f2d324c50cb7e12c6ed0dc8935de0f > Keep remote port unchanged if real address doesn't contain a port. > > Previously, when the request comes from a trusted address and it doesn't > contain > the port part, the $remote_port will be empty. > > This change has two advantages: > 1. no need to write your own fallback with $remote_port and > $realip_remote_port. > 2. the $remote_port in the existent code doesn't need to be changed. Preserving the port while changing the client address would be misleading. Also, it's been the behavior before realip learned how to change the client's port (1.11.0). Thus, it's believed that the current behavior is correct. ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] HTTP/2: removed ngx_debug_point() call.
details: https://hg.nginx.org/nginx/rev/8a7b59347401 branches: changeset: 7618:8a7b59347401 user: Daniil Bondarev date: Tue Jan 14 14:20:08 2020 +0300 description: HTTP/2: removed ngx_debug_point() call. With the recent change to prevent frames flood in d4448892a294, nginx will finalize the connection with NGX_HTTP_V2_INTERNAL_ERROR whenever flood is detected, causing nginx aborting or stopping if the debug_points directive is used in nginx config. diffstat: src/http/v2/ngx_http_v2.c | 4 1 files changed, 0 insertions(+), 4 deletions(-) diffs (14 lines): diff -r f1720934c45b -r 8a7b59347401 src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c Fri Dec 27 19:43:01 2019 +0300 +++ b/src/http/v2/ngx_http_v2.c Tue Jan 14 14:20:08 2020 +0300 @@ -2466,10 +2466,6 @@ ngx_http_v2_connection_error(ngx_http_v2 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, "http2 state connection error"); -if (err == NGX_HTTP_V2_INTERNAL_ERROR) { -ngx_debug_point(); -} - ngx_http_v2_finalize_connection(h2c, err); return NULL; ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: nginx - get value of the header - x_forwarded_for in Nginx module (Naxsi)
On Tue, Dec 24, 2019 at 08:00:26PM +0100, Marcin Kozlowski wrote: > Thanks. > > Works. For the reference, this is the code I used: > > ngx_uint_t n; > ngx_table_elt_t **h; > ngx_array_t a; > a = req->headers_in.x_forwarded_for; > n = a.nelts; > h = a.elts; > > > for (i = 0; i ngx_log_error(NGX_LOG_ERR, req->connection->log, > 0, "x_forwarded_for: %s", h[i]->value.data); > } > > BTW What would be the best practice in NGINX NASIX module or any other > module to load a file with hundreds entries of IPs (hashmap, or what > structure would be best?) which should be whitelisted later for comparison > in NASIX module logic. Those IP should never be blocked by NAXSI. > > When should I load this file in memory, in which component > /module/function/step? > > Links to some guides/sample code would be also appreciated. > > Thanks, http://nginx.org/en/docs/http/ngx_http_geo_module.html ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: nginx - get value of the header - x_forwarded_for in Nginx module (Naxsi)
On Mon, Dec 23, 2019 at 11:04:43PM +0100, Marcin Kozlowski wrote: > Hi List, > > How to get x_forwarded_for sent in the request in NGINX module (NAXSI in > particular): > > My attempt: > > ngx_log_error(NGX_LOG_ERR, req->connection->log, > 0, "test %s", (char *)req->headers_in.x_forwarded_for.elts); > > The bigger problem I am trying to solve with NAXSI is this: > > https://stackoverflow.com/questions/59453729/naxsi-blacklist-and-whitelist-setup-with-nginx > > I want to simply create a map and check if X-forwarded-for is on the > whitelist and if yes, always allow it. > > Above does not work. Prints garabge. Why it is (void *) ??? > > Debugging it: > > $1 = (ngx_http_request_t *) 0xa44df0 > (gdb) p req->headers_ > headers_in headers_out > (gdb) p req->headers_in > $2 = {headers = {last = 0xa44e60, part = {elts = 0xad4d10, nelts = 7, next > = 0x0}, size = 48, nalloc = 20, > pool = 0xa44da0}, host = 0xad4d10, connection = 0x0, if_modified_since > = 0x0, if_unmodified_since = 0x0, > if_match = 0x0, if_none_match = 0x0, user_agent = 0xad4d70, referer = > 0x0, content_length = 0x0, > content_range = 0x0, content_type = 0x0, range = 0x0, if_range = 0x0, > transfer_encoding = 0x0, te = 0x0, > expect = 0x0, upgrade = 0x0, accept_encoding = 0x0, via = 0x0, > authorization = 0x0, keep_alive = 0x0, > x_forwarded_for = {elts = 0xa45b98, nelts = 1, size = 8, nalloc = 1, pool > = 0xa44da0}, x_real_ip = 0x0, user = { > len = 0, data = 0x0}, passwd = {len = 0, data = 0x0}, cookies = {elts = > 0x0, nelts = 0, size = 0, nalloc = 0, > pool = 0x0}, server = {len = 32, data = 0xa449a9 "domain.com"}, > content_length_n = -1, > keep_alive_n = -1, connection_type = 2, chunked = 0, msie = 0, msie6 = 0, > opera = 0, gecko = 0, chrome = 0, > safari = 0, konqueror = 0} > (gdb) p req->headers_in.x_forwarded_for > $3 = {elts = 0xa45b98, nelts = 1, size = 8, nalloc = 1, pool = 0xa44da0} > (gdb) p req->headers_in.x_forwarded_for .elts > $4 = (void *) 0xa45b98 > (gdb) p req->headers_in.x_forwarded_for.elts > $5 = (void *) 0xa45b98 > > What structure is this? Linked List? Why the elts point to garbage, when I > know the Loadbalancer added the X-Forwarded-for header with value. It's an array of type ngx_table_elt_t, the number of elements is in "nelts". Please see the handler for the $http_x_forwarded_for variable in the ngx_http_variables.c on how to work with it. ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Update manpage, sort command line options.
details: https://hg.nginx.org/nginx/rev/4718a646187a branches: changeset: 7608:4718a646187a user: Sergey A. Osokin date: Mon Dec 23 18:56:21 2019 +0300 description: Update manpage, sort command line options. diffstat: docs/man/nginx.8 | 15 --- 1 files changed, 8 insertions(+), 7 deletions(-) diffs (49 lines): diff -r d0d6cf5031a3 -r 4718a646187a docs/man/nginx.8 --- a/docs/man/nginx.8 Mon Dec 23 15:45:46 2019 +0300 +++ b/docs/man/nginx.8 Mon Dec 23 18:56:21 2019 +0300 @@ -1,5 +1,5 @@ .\" -.\" Copyright (C) 2010 Sergey A. Osokin +.\" Copyright (C) 2010, 2019 Sergey A. Osokin .\" Copyright (C) Nginx, Inc. .\" All rights reserved. .\" @@ -25,7 +25,7 @@ .\" SUCH DAMAGE. .\" .\" -.Dd June 16, 2015 +.Dd December 5, 2019 .Dt NGINX 8 .Os .Sh NAME @@ -42,7 +42,8 @@ .Nm (pronounced .Dq engine x ) -is an HTTP and reverse proxy server, as well as a mail proxy server. +is an HTTP and reverse proxy server, a mail proxy server, and a generic +TCP/UDP proxy server. It is known for its high performance, stability, rich feature set, simple configuration, and low resource consumption. .Pp @@ -82,15 +83,15 @@ The following table shows the correspond .It Cm reload .Dv SIGHUP .El +.It Fl T +Same as +.Fl t , +but additionally dump configuration files to standard output. .It Fl t Do not run, just test the configuration file. .Nm checks the configuration file syntax and then tries to open files referenced in the configuration file. -.It Fl T -Same as -.Fl t , -but additionally dump configuration files to standard output. .It Fl V Print the .Nm ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Discard request body when redirecting to a URL via error_page.
details: https://hg.nginx.org/nginx/rev/d0d6cf5031a3 branches: changeset: 7607:d0d6cf5031a3 user: Ruslan Ermilov date: Mon Dec 23 15:45:46 2019 +0300 description: Discard request body when redirecting to a URL via error_page. Reported by Bert JW Regeer and Francisco Oca Gonzalez. diffstat: src/http/ngx_http_special_response.c | 6 ++ 1 files changed, 6 insertions(+), 0 deletions(-) diffs (16 lines): diff -r db8df9cd84c8 -r d0d6cf5031a3 src/http/ngx_http_special_response.c --- a/src/http/ngx_http_special_response.c Mon Dec 16 15:19:01 2019 +0300 +++ b/src/http/ngx_http_special_response.c Mon Dec 23 15:45:46 2019 +0300 @@ -623,6 +623,12 @@ ngx_http_send_error_page(ngx_http_reques return ngx_http_named_location(r, ); } +r->expect_tested = 1; + +if (ngx_http_discard_request_body(r) != NGX_OK) { +r->keepalive = 0; +} + location = ngx_list_push(>headers_out.headers); if (location == NULL) { ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Rewrite: disallow empty replacements.
details: https://hg.nginx.org/nginx/rev/db8df9cd84c8 branches: changeset: 7606:db8df9cd84c8 user: Ruslan Ermilov date: Mon Dec 16 15:19:01 2019 +0300 description: Rewrite: disallow empty replacements. While empty replacements were caught at run-time, parsing code of the "rewrite" directive expects that a minimum length of the "replacement" argument is 1. diffstat: src/http/modules/ngx_http_rewrite_module.c | 5 + 1 files changed, 5 insertions(+), 0 deletions(-) diffs (15 lines): diff -r 02a539522be4 -r db8df9cd84c8 src/http/modules/ngx_http_rewrite_module.c --- a/src/http/modules/ngx_http_rewrite_module.cMon Dec 16 15:19:01 2019 +0300 +++ b/src/http/modules/ngx_http_rewrite_module.cMon Dec 16 15:19:01 2019 +0300 @@ -318,6 +318,11 @@ value = cf->args->elts; +if (value[2].len == 0) { +ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "empty replacement"); +return NGX_CONF_ERROR; +} + ngx_memzero(, sizeof(ngx_regex_compile_t)); rc.pattern = value[1]; ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Tolerate '\0' in URI when mapping URI to path.
details: https://hg.nginx.org/nginx/rev/02a539522be4 branches: changeset: 7605:02a539522be4 user: Ruslan Ermilov date: Mon Dec 16 15:19:01 2019 +0300 description: Tolerate '\0' in URI when mapping URI to path. If a rewritten URI has the null character, only a part of URI was copied to a memory buffer allocated for path. In some setups this could be exploited to expose uninitialized memory via the Location header. diffstat: src/http/ngx_http_core_module.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diffs (13 lines): diff -r 7aa20af4ac00 -r 02a539522be4 src/http/ngx_http_core_module.c --- a/src/http/ngx_http_core_module.c Mon Dec 16 15:19:01 2019 +0300 +++ b/src/http/ngx_http_core_module.c Mon Dec 16 15:19:01 2019 +0300 @@ -1843,7 +1843,8 @@ } } -last = ngx_cpystrn(last, r->uri.data + alias, r->uri.len - alias + 1); +last = ngx_copy(last, r->uri.data + alias, r->uri.len - alias); +*last = '\0'; return last; } ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Rewrite: fixed segfault with rewritten URI and "alias".
details: https://hg.nginx.org/nginx/rev/7aa20af4ac00 branches: changeset: 7604:7aa20af4ac00 user: Ruslan Ermilov date: Mon Dec 16 15:19:01 2019 +0300 description: Rewrite: fixed segfault with rewritten URI and "alias". The "alias" directive cannot be used in the same location where URI was rewritten. This has been detected in the "rewrite ... break" case, but not when the standalone "break" directive was used. This change also fixes proxy_pass with URI component in a similar case: location /aaa/ { rewrite ^ /xxx/yyy; break; proxy_pass http://localhost:8080/bbb/; } Previously, the "/bbb/yyy" would be sent to a backend instead of "/xxx/yyy". And if location's prefix was longer than the rewritten URI, a segmentation fault might occur. diffstat: src/http/ngx_http_script.c | 9 - 1 files changed, 8 insertions(+), 1 deletions(-) diffs (19 lines): diff -r e55e28e6998f -r 7aa20af4ac00 src/http/ngx_http_script.c --- a/src/http/ngx_http_script.cMon Dec 16 15:19:01 2019 +0300 +++ b/src/http/ngx_http_script.cMon Dec 16 15:19:01 2019 +0300 @@ -1470,7 +1470,14 @@ void ngx_http_script_break_code(ngx_http_script_engine_t *e) { -e->request->uri_changed = 0; +ngx_http_request_t *r; + +r = e->request; + +if (r->uri_changed) { +r->valid_location = 0; +r->uri_changed = 0; +} e->ip = ngx_http_script_exit; } ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Fixed request finalization in ngx_http_index_handler().
details: https://hg.nginx.org/nginx/rev/e55e28e6998f branches: changeset: 7603:e55e28e6998f user: Ruslan Ermilov date: Mon Dec 16 15:19:01 2019 +0300 description: Fixed request finalization in ngx_http_index_handler(). Returning 500 instead of NGX_ERROR is preferable here because header has not yet been sent to the client. diffstat: src/http/modules/ngx_http_index_module.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diffs (12 lines): diff -r b399246ea45d -r e55e28e6998f src/http/modules/ngx_http_index_module.c --- a/src/http/modules/ngx_http_index_module.c Mon Dec 16 15:19:01 2019 +0300 +++ b/src/http/modules/ngx_http_index_module.c Mon Dec 16 15:19:01 2019 +0300 @@ -163,7 +163,7 @@ name = ngx_http_map_uri_to_path(r, , , reserve); if (name == NULL) { -return NGX_ERROR; +return NGX_HTTP_INTERNAL_SERVER_ERROR; } allocated = path.data + path.len - name; ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Saved some memory allocations.
details: https://hg.nginx.org/nginx/rev/b399246ea45d branches: changeset: 7602:b399246ea45d user: Ruslan Ermilov date: Mon Dec 16 15:19:01 2019 +0300 description: Saved some memory allocations. In configurations when "root" has variables, some modules unnecessarily allocated memory for the "Location" header value. diffstat: src/http/modules/ngx_http_dav_module.c| 31 +-- src/http/modules/ngx_http_static_module.c | 4 ++-- 2 files changed, 7 insertions(+), 28 deletions(-) diffs (84 lines): diff -r c1a7d3672653 -r b399246ea45d src/http/modules/ngx_http_dav_module.c --- a/src/http/modules/ngx_http_dav_module.cMon Dec 16 15:19:01 2019 +0300 +++ b/src/http/modules/ngx_http_dav_module.cMon Dec 16 15:19:01 2019 +0300 @@ -56,7 +56,7 @@ static ngx_int_t ngx_http_dav_depth(ngx_http_request_t *r, ngx_int_t dflt); static ngx_int_t ngx_http_dav_error(ngx_log_t *log, ngx_err_t err, ngx_int_t not_found, char *failed, u_char *path); -static ngx_int_t ngx_http_dav_location(ngx_http_request_t *r, u_char *path); +static ngx_int_t ngx_http_dav_location(ngx_http_request_t *r); static void *ngx_http_dav_create_loc_conf(ngx_conf_t *cf); static char *ngx_http_dav_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child); @@ -285,7 +285,7 @@ } if (status == NGX_HTTP_CREATED) { -if (ngx_http_dav_location(r, path.data) != NGX_OK) { +if (ngx_http_dav_location(r) != NGX_OK) { ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); return; } @@ -520,9 +520,7 @@ if (ngx_create_dir(path.data, ngx_dir_access(dlcf->access)) != NGX_FILE_ERROR) { -*(p - 1) = '/'; - -if (ngx_http_dav_location(r, path.data) != NGX_OK) { +if (ngx_http_dav_location(r) != NGX_OK) { return NGX_HTTP_INTERNAL_SERVER_ERROR; } @@ -1070,35 +1068,16 @@ static ngx_int_t -ngx_http_dav_location(ngx_http_request_t *r, u_char *path) +ngx_http_dav_location(ngx_http_request_t *r) { -u_char*location; -ngx_http_core_loc_conf_t *clcf; - r->headers_out.location = ngx_list_push(>headers_out.headers); if (r->headers_out.location == NULL) { return NGX_ERROR; } -clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); - -if (!clcf->alias && clcf->root_lengths == NULL) { -location = path + clcf->root.len; - -} else { -location = ngx_pnalloc(r->pool, r->uri.len); -if (location == NULL) { -ngx_http_clear_location(r); -return NGX_ERROR; -} - -ngx_memcpy(location, r->uri.data, r->uri.len); -} - r->headers_out.location->hash = 1; ngx_str_set(>headers_out.location->key, "Location"); -r->headers_out.location->value.len = r->uri.len; -r->headers_out.location->value.data = location; +r->headers_out.location->value = r->uri; return NGX_OK; } diff -r c1a7d3672653 -r b399246ea45d src/http/modules/ngx_http_static_module.c --- a/src/http/modules/ngx_http_static_module.c Mon Dec 16 15:19:01 2019 +0300 +++ b/src/http/modules/ngx_http_static_module.c Mon Dec 16 15:19:01 2019 +0300 @@ -157,8 +157,8 @@ len = r->uri.len + 1; -if (!clcf->alias && clcf->root_lengths == NULL && r->args.len == 0) { -location = path.data + clcf->root.len; +if (!clcf->alias && r->args.len == 0) { +location = path.data + root; *last = '/'; ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Dav: fixed Location in successful MKCOL response.
details: https://hg.nginx.org/nginx/rev/c1a7d3672653 branches: changeset: 7601:c1a7d3672653 user: Ruslan Ermilov date: Mon Dec 16 15:19:01 2019 +0300 description: Dav: fixed Location in successful MKCOL response. Instead of reducing URI length to not include the terminating '\0' character in 6ddaac3e0bf7, restore the terminating '/' character. diffstat: src/http/modules/ngx_http_dav_module.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diffs (20 lines): diff -r 3939483cd1b5 -r c1a7d3672653 src/http/modules/ngx_http_dav_module.c --- a/src/http/modules/ngx_http_dav_module.cThu Dec 05 19:38:06 2019 +0300 +++ b/src/http/modules/ngx_http_dav_module.cMon Dec 16 15:19:01 2019 +0300 @@ -513,7 +513,6 @@ } *(p - 1) = '\0'; -r->uri.len--; ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http mkcol path: \"%s\"", path.data); @@ -521,6 +520,8 @@ if (ngx_create_dir(path.data, ngx_dir_access(dlcf->access)) != NGX_FILE_ERROR) { +*(p - 1) = '/'; + if (ngx_http_dav_location(r, path.data) != NGX_OK) { return NGX_HTTP_INTERNAL_SERVER_ERROR; } ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: Fwd: 1.17.5 regression
On Wed, Dec 18, 2019 at 06:35:35PM +0100, Gábor Boskovits wrote: > Hello Maxim, > > Maxim Dounin ezt írta (időpont: 2019. dec. 18., > Sze, 18:24): > > > > Hello! > > > > On Mon, Dec 16, 2019 at 03:02:37PM +0100, Gábor Boskovits wrote: > > > > > On berlin.guix.gnu.org we observed a regression upon upgrading nginx > > > to 1.17.5. The problem was, when pipelining request to a proxy using > > > tls, we suddenly started to get 408 client timeouts, manifesting in > > > dropped connections. Currently we worked around the issue by > > > downgrading to 1.17.4. I have collected some information about the > > > problem here: > > > https://gitlab.com/g_bor/fix-nginx-tls > > > It contains the logs from the good and the bad version, a full nginx > > > config, some info about how nginx was built. I managed to bisect the > > > problem down to changeset 9d2ad2fb4423, which introduced the problem. > > > Any help in further debuggin this would be greatly appreciated. > > > > Thanks for the report, it indeed looks like a bug introduced > > in 9d2ad2fb4423. > > > > The problem is that c->read->handler is overwritted when switching > > to the next pipelined request, ngx_ssl_next_read_handler() is not > > called, and c->read->ready remains not set. I'll take a look how > > to fix it properly. > > Thanks for having a look. > > Please keep me updated when the fix gets applied. > > > > > Note well that a simpler workaround might be to build nginx with > > the --with-cc-opt="-DNGX_HAVE_FIONREAD=0" configure argument, this > > will disable the code in question on systems not using kqueue. > > > > Thanks for the information, we do not yet support any systems with kqueue yet, > so this might work temporarily. Maxim means e.g. Linux when he says "on systems not using kqueue". There's no such problem on systems with kqueue, e.g. FreeBSD. ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH] Update nginx(8) manual page
On Sun, Dec 01, 2019 at 04:41:23AM +0300, Sergey A. Osokin wrote: > # HG changeset patch > # User Sergey A. Osokin > # Date 1575163872 -10800 > # Sun Dec 01 04:31:12 2019 +0300 > # Node ID 477a78d1b14e415a80b6bfb3d829eb408f33f390 > # Parent d13eddd9e2529b4bc30dc00aad959bd10ced4c33 > Update nginx(8) manual page. > Sort the command line options. > > diff -r d13eddd9e252 -r 477a78d1b14e docs/man/nginx.8 > --- a/docs/man/nginx.8Tue Nov 19 17:18:58 2019 +0300 > +++ b/docs/man/nginx.8Sun Dec 01 04:31:12 2019 +0300 > @@ -1,5 +1,5 @@ > .\" > -.\" Copyright (C) 2010 Sergey A. Osokin > +.\" Copyright (C) 2010, 2019 Sergey A. Osokin > .\" Copyright (C) Nginx, Inc. > .\" All rights reserved. > .\" The document date should be updated. > @@ -42,9 +42,9 @@ > .Nm > (pronounced > .Dq engine x ) > -is an HTTP and reverse proxy server, as well as a mail proxy server. > -It is known for its high performance, stability, rich feature set, simple > -configuration, and low resource consumption. > +is an HTTP and reverse proxy server, a mail proxy server, and a generic > +TCP/UDP proxy server. It is known for its high performance, stability, > +rich feature set, simple configuration, and low resource consumption. Each new sentence should start on its own line. > .Pp > The options are as follows: > .Bl -tag -width ".Fl d Ar directives" > @@ -91,16 +91,16 @@ > Same as > .Fl t , > but additionally dump configuration files to standard output. > +.It Fl v > +Print the > +.Nm > +version. > .It Fl V > Print the > .Nm > version, compiler version, and > .Pa configure > script parameters. > -.It Fl v > -Print the > -.Nm > -version. > .El > .Sh SIGNALS > The master process of In ASCII, capital letters come first, and mdoc(7) follows the same sorting order. The correct fix would be to interchange -T with -t. # HG changeset patch # User Sergey A. Osokin # Date 1575543437 -10800 # Thu Dec 05 13:57:17 2019 +0300 # Node ID 5186ed8aa6330230205b69ba05ff449457b67410 # Parent 03bd76ca0fd8ce0628503a0a4cd453fbb206bafe Update manpage, sort command line options. diff --git a/docs/man/nginx.8 b/docs/man/nginx.8 --- a/docs/man/nginx.8 +++ b/docs/man/nginx.8 @@ -1,5 +1,5 @@ .\" -.\" Copyright (C) 2010 Sergey A. Osokin +.\" Copyright (C) 2010, 2019 Sergey A. Osokin .\" Copyright (C) Nginx, Inc. .\" All rights reserved. .\" @@ -25,7 +25,7 @@ .\" SUCH DAMAGE. .\" .\" -.Dd June 16, 2015 +.Dd December 5, 2019 .Dt NGINX 8 .Os .Sh NAME @@ -42,7 +42,8 @@ .Nm (pronounced .Dq engine x ) -is an HTTP and reverse proxy server, as well as a mail proxy server. +is an HTTP and reverse proxy server, a mail proxy server, and a generic +TCP/UDP proxy server. It is known for its high performance, stability, rich feature set, simple configuration, and low resource consumption. .Pp @@ -82,15 +83,15 @@ The following table shows the correspond .It Cm reload .Dv SIGHUP .El +.It Fl T +Same as +.Fl t , +but additionally dump configuration files to standard output. .It Fl t Do not run, just test the configuration file. .Nm checks the configuration file syntax and then tries to open files referenced in the configuration file. -.It Fl T -Same as -.Fl t , -but additionally dump configuration files to standard output. .It Fl V Print the .Nm ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] The "/." and "/.." at the end of URI should be normalized.
details: https://hg.nginx.org/nginx/rev/79bcbe7cd3f2 branches: changeset: 7578:79bcbe7cd3f2 user: Ruslan Ermilov date: Tue Oct 08 21:56:14 2019 +0300 description: The "/." and "/.." at the end of URI should be normalized. diffstat: src/http/ngx_http_parse.c | 38 -- 1 files changed, 32 insertions(+), 6 deletions(-) diffs (77 lines): diff -r 5a3426683251 -r 79bcbe7cd3f2 src/http/ngx_http_parse.c --- a/src/http/ngx_http_parse.c Tue Oct 08 21:56:14 2019 +0300 +++ b/src/http/ngx_http_parse.c Tue Oct 08 21:56:14 2019 +0300 @@ -1437,9 +1437,11 @@ ngx_http_parse_complex_uri(ngx_http_requ state = sw_quoted; break; case '?': +u--; r->args_start = p; goto args; case '#': +u--; goto done; case '+': r->plus_in_uri = 1; @@ -1467,7 +1469,8 @@ ngx_http_parse_complex_uri(ngx_http_requ case '\\': #endif case '/': -state = sw_slash; +case '?': +case '#': u -= 5; for ( ;; ) { if (u < r->uri.data) { @@ -1479,16 +1482,19 @@ ngx_http_parse_complex_uri(ngx_http_requ } u--; } +if (ch == '?') { +r->args_start = p; +goto args; +} +if (ch == '#') { +goto done; +} +state = sw_slash; break; case '%': quoted_state = state; state = sw_quoted; break; -case '?': -r->args_start = p; -goto args; -case '#': -goto done; case '+': r->plus_in_uri = 1; /* fall through */ @@ -1565,6 +1571,26 @@ ngx_http_parse_complex_uri(ngx_http_requ return NGX_HTTP_PARSE_INVALID_REQUEST; } +if (state == sw_dot) { +u--; + +} else if (state == sw_dot_dot) { +u -= 5; + +for ( ;; ) { +if (u < r->uri.data) { +return NGX_HTTP_PARSE_INVALID_REQUEST; +} + +if (*u == '/') { +u++; +break; +} + +u--; +} +} + done: r->uri.len = u - r->uri.data; ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Improved detection of broken percent encoding in URI.
details: https://hg.nginx.org/nginx/rev/5a3426683251 branches: changeset: 7577:5a3426683251 user: Ruslan Ermilov date: Tue Oct 08 21:56:14 2019 +0300 description: Improved detection of broken percent encoding in URI. diffstat: src/http/ngx_http_parse.c | 4 1 files changed, 4 insertions(+), 0 deletions(-) diffs (14 lines): diff -r 7fdcf308e0f0 -r 5a3426683251 src/http/ngx_http_parse.c --- a/src/http/ngx_http_parse.c Mon Sep 30 16:39:20 2019 +0300 +++ b/src/http/ngx_http_parse.c Tue Oct 08 21:56:14 2019 +0300 @@ -1561,6 +1561,10 @@ ngx_http_parse_complex_uri(ngx_http_requ } } +if (state == sw_quoted || state == sw_quoted_second) { +return NGX_HTTP_PARSE_INVALID_REQUEST; +} + done: r->uri.len = u - r->uri.data; ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] HTTP/2: fixed possible alert about left open socket on shutdown.
details: https://hg.nginx.org/nginx/rev/d6cf51af8a3d branches: changeset: 7570:d6cf51af8a3d user: Ruslan Ermilov date: Mon Sep 23 15:45:32 2019 +0300 description: HTTP/2: fixed possible alert about left open socket on shutdown. This could happen when graceful shutdown configured by worker_shutdown_timeout times out and is then followed by another timeout such as proxy_read_timeout. In this case, the HEADERS frame is added to the output queue, but attempt to send it fails (due to c->error forcibly set during graceful shutdown timeout). This triggers request finalization which attempts to close the stream. But the stream cannot be closed because there is a frame in the output queue, and the connection cannot be finalized. This leaves the connection open without any timer events leading to alert. The fix is to post write event when sending output queue fails on c->error. That will finalize the connection. diffstat: src/http/v2/ngx_http_v2.c | 7 +++ 1 files changed, 3 insertions(+), 4 deletions(-) diffs (19 lines): diff -r 80359395b345 -r d6cf51af8a3d src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c Wed Sep 18 20:28:12 2019 +0300 +++ b/src/http/v2/ngx_http_v2.c Mon Sep 23 15:45:32 2019 +0300 @@ -513,12 +513,11 @@ ngx_http_v2_send_output_queue(ngx_http_v ngx_http_core_loc_conf_t *clcf; c = h2c->connection; +wev = c->write; if (c->error) { -return NGX_ERROR; -} - -wev = c->write; +goto error; +} if (!wev->ready) { return NGX_AGAIN; ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] HTTP/2: fixed worker_shutdown_timeout.
details: https://hg.nginx.org/nginx/rev/ab5cac9d3f00 branches: changeset: 7571:ab5cac9d3f00 user: Ruslan Ermilov date: Mon Sep 23 15:45:36 2019 +0300 description: HTTP/2: fixed worker_shutdown_timeout. diffstat: src/http/v2/ngx_http_v2.c | 5 + 1 files changed, 5 insertions(+), 0 deletions(-) diffs (15 lines): diff -r d6cf51af8a3d -r ab5cac9d3f00 src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c Mon Sep 23 15:45:32 2019 +0300 +++ b/src/http/v2/ngx_http_v2.c Mon Sep 23 15:45:36 2019 +0300 @@ -354,6 +354,11 @@ ngx_http_v2_read_handler(ngx_event_t *re if (c->close) { c->close = 0; +if (c->error) { +ngx_http_v2_finalize_connection(h2c, 0); +return; +} + if (!h2c->goaway) { h2c->goaway = 1; ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] HTTP/2: close connection on zero WINDOW_UPDATE.
details: https://hg.nginx.org/nginx/rev/fd6dcc6f8a49 branches: changeset: 7565:fd6dcc6f8a49 user: Ruslan Ermilov date: Tue Sep 10 15:33:38 2019 +0300 description: HTTP/2: close connection on zero WINDOW_UPDATE. Don't waste server resources by sending RST_STREAM frames. Instead, reject WINDOW_UPDATE frames with invalid zero increment by closing connection with PROTOCOL_ERROR. diffstat: src/http/v2/ngx_http_v2.c | 38 -- 1 files changed, 4 insertions(+), 34 deletions(-) diffs (49 lines): diff -r 29b2dc731503 -r fd6dcc6f8a49 src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c Tue Sep 10 15:33:37 2019 +0300 +++ b/src/http/v2/ngx_http_v2.c Tue Sep 10 15:33:38 2019 +0300 @@ -2231,41 +2231,11 @@ ngx_http_v2_state_window_update(ngx_http h2c->state.sid, window); if (window == 0) { -if (h2c->state.sid == 0) { -ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, - "client sent WINDOW_UPDATE frame " - "with incorrect window increment 0"); - -return ngx_http_v2_connection_error(h2c, -NGX_HTTP_V2_PROTOCOL_ERROR); -} - ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, - "client sent WINDOW_UPDATE frame for stream %ui " - "with incorrect window increment 0", h2c->state.sid); - -node = ngx_http_v2_get_node_by_id(h2c, h2c->state.sid, 0); - -if (node && node->stream) { -if (ngx_http_v2_terminate_stream(h2c, node->stream, - NGX_HTTP_V2_PROTOCOL_ERROR) -== NGX_ERROR) -{ -return ngx_http_v2_connection_error(h2c, - NGX_HTTP_V2_INTERNAL_ERROR); -} - -} else { -if (ngx_http_v2_send_rst_stream(h2c, h2c->state.sid, -NGX_HTTP_V2_PROTOCOL_ERROR) -== NGX_ERROR) -{ -return ngx_http_v2_connection_error(h2c, - NGX_HTTP_V2_INTERNAL_ERROR); -} -} - -return ngx_http_v2_state_complete(h2c, pos, end); + "client sent WINDOW_UPDATE frame " + "with incorrect window increment 0"); + +return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_PROTOCOL_ERROR); } if (h2c->state.sid) { ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] HTTP/2: close connection on frames with self-dependency.
details: https://hg.nginx.org/nginx/rev/29b2dc731503 branches: changeset: 7564:29b2dc731503 user: Ruslan Ermilov date: Tue Sep 10 15:33:37 2019 +0300 description: HTTP/2: close connection on frames with self-dependency. Don't waste server resources by sending RST_STREAM frames. Instead, reject HEADERS and PRIORITY frames with self-dependency by closing connection with PROTOCOL_ERROR. diffstat: src/http/v2/ngx_http_v2.c | 40 +--- 1 files changed, 9 insertions(+), 31 deletions(-) diffs (64 lines): diff -r a7e8f953408e -r 29b2dc731503 src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c Wed Sep 04 13:33:51 2019 +0300 +++ b/src/http/v2/ngx_http_v2.c Tue Sep 10 15:33:37 2019 +0300 @@ -1107,6 +1107,14 @@ ngx_http_v2_state_headers(ngx_http_v2_co return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_PROTOCOL_ERROR); } +if (depend == h2c->state.sid) { +ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, + "client sent HEADERS frame for stream %ui " + "with incorrect dependency", h2c->state.sid); + +return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_PROTOCOL_ERROR); +} + h2c->last_sid = h2c->state.sid; h2c->state.pool = ngx_create_pool(1024, h2c->connection->log); @@ -1114,15 +1122,6 @@ ngx_http_v2_state_headers(ngx_http_v2_co return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_INTERNAL_ERROR); } -if (depend == h2c->state.sid) { -ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, - "client sent HEADERS frame for stream %ui " - "with incorrect dependency", h2c->state.sid); - -status = NGX_HTTP_V2_PROTOCOL_ERROR; -goto rst_stream; -} - h2scf = ngx_http_get_module_srv_conf(h2c->http_connection->conf_ctx, ngx_http_v2_module); @@ -1849,28 +1848,7 @@ ngx_http_v2_state_priority(ngx_http_v2_c "client sent PRIORITY frame for stream %ui " "with incorrect dependency", h2c->state.sid); -node = ngx_http_v2_get_node_by_id(h2c, h2c->state.sid, 0); - -if (node && node->stream) { -if (ngx_http_v2_terminate_stream(h2c, node->stream, - NGX_HTTP_V2_PROTOCOL_ERROR) -== NGX_ERROR) -{ -return ngx_http_v2_connection_error(h2c, - NGX_HTTP_V2_INTERNAL_ERROR); -} - -} else { -if (ngx_http_v2_send_rst_stream(h2c, h2c->state.sid, -NGX_HTTP_V2_PROTOCOL_ERROR) -== NGX_ERROR) -{ -return ngx_http_v2_connection_error(h2c, - NGX_HTTP_V2_INTERNAL_ERROR); -} -} - -return ngx_http_v2_state_complete(h2c, pos, end); +return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_PROTOCOL_ERROR); } node = ngx_http_v2_get_node_by_id(h2c, h2c->state.sid, 1); ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Added ngx_http_set_complex_value_size_slot().
details: https://hg.nginx.org/nginx/rev/b82162b8496a branches: changeset: 7503:b82162b8496a user: Ruslan Ermilov date: Wed Apr 24 16:38:51 2019 +0300 description: Added ngx_http_set_complex_value_size_slot(). If a complex value is expected to be of type size_t, and the compiled value is constant, the constant size_t value is remembered at compile time. The value is accessed through ngx_http_complex_value_size() which either returns the remembered constant or evaluates the expression and parses it as size_t. diffstat: src/http/ngx_http_script.c | 61 ++ src/http/ngx_http_script.h | 8 + src/stream/ngx_stream_script.c | 61 ++ src/stream/ngx_stream_script.h | 8 + 4 files changed, 138 insertions(+), 0 deletions(-) diffs (213 lines): diff -r b7a7c02aea3a -r b82162b8496a src/http/ngx_http_script.c --- a/src/http/ngx_http_script.cTue Apr 09 11:40:20 2019 +0300 +++ b/src/http/ngx_http_script.cWed Apr 24 16:38:51 2019 +0300 @@ -104,6 +104,37 @@ ngx_http_complex_value(ngx_http_request_ } +size_t +ngx_http_complex_value_size(ngx_http_request_t *r, +ngx_http_complex_value_t *val, size_t default_value) +{ +size_t size; +ngx_str_t value; + +if (val == NULL) { +return default_value; +} + +if (val->lengths == NULL) { +return val->u.size; +} + +if (ngx_http_complex_value(r, val, ) != NGX_OK) { +return default_value; +} + +size = ngx_parse_size(); + +if (size == (size_t) NGX_ERROR) { +ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "invalid size \"%V\"", ); +return default_value; +} + +return size; +} + + ngx_int_t ngx_http_compile_complex_value(ngx_http_compile_complex_value_t *ccv) { @@ -244,6 +275,36 @@ ngx_http_set_complex_value_slot(ngx_conf } +char * +ngx_http_set_complex_value_size_slot(ngx_conf_t *cf, ngx_command_t *cmd, +void *conf) +{ +char *p = conf; + +char *rv; +ngx_http_complex_value_t *cv; + +rv = ngx_http_set_complex_value_slot(cf, cmd, conf); + +if (rv != NGX_CONF_OK) { +return rv; +} + +cv = *(ngx_http_complex_value_t **) (p + cmd->offset); + +if (cv->lengths) { +return NGX_CONF_OK; +} + +cv->u.size = ngx_parse_size(>value); +if (cv->u.size == (size_t) NGX_ERROR) { +return "invalid value"; +} + +return NGX_CONF_OK; +} + + ngx_int_t ngx_http_test_predicates(ngx_http_request_t *r, ngx_array_t *predicates) { diff -r b7a7c02aea3a -r b82162b8496a src/http/ngx_http_script.h --- a/src/http/ngx_http_script.hTue Apr 09 11:40:20 2019 +0300 +++ b/src/http/ngx_http_script.hWed Apr 24 16:38:51 2019 +0300 @@ -68,6 +68,10 @@ typedef struct { ngx_uint_t *flushes; void *lengths; void *values; + +union { +size_t size; +} u; } ngx_http_complex_value_t; @@ -207,9 +211,13 @@ void ngx_http_script_flush_complex_value ngx_http_complex_value_t *val); ngx_int_t ngx_http_complex_value(ngx_http_request_t *r, ngx_http_complex_value_t *val, ngx_str_t *value); +size_t ngx_http_complex_value_size(ngx_http_request_t *r, +ngx_http_complex_value_t *val, size_t default_value); ngx_int_t ngx_http_compile_complex_value(ngx_http_compile_complex_value_t *ccv); char *ngx_http_set_complex_value_slot(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); +char *ngx_http_set_complex_value_size_slot(ngx_conf_t *cf, ngx_command_t *cmd, +void *conf); ngx_int_t ngx_http_test_predicates(ngx_http_request_t *r, diff -r b7a7c02aea3a -r b82162b8496a src/stream/ngx_stream_script.c --- a/src/stream/ngx_stream_script.cTue Apr 09 11:40:20 2019 +0300 +++ b/src/stream/ngx_stream_script.cWed Apr 24 16:38:51 2019 +0300 @@ -105,6 +105,37 @@ ngx_stream_complex_value(ngx_stream_sess } +size_t +ngx_stream_complex_value_size(ngx_stream_session_t *s, +ngx_stream_complex_value_t *val, size_t default_value) +{ +size_t size; +ngx_str_t value; + +if (val == NULL) { +return default_value; +} + +if (val->lengths == NULL) { +return val->u.size; +} + +if (ngx_stream_complex_value(s, val, ) != NGX_OK) { +return default_value; +} + +size = ngx_parse_size(); + +if (size == (size_t) NGX_ERROR) { +ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, + "invalid size \"%V\"", ); +return default_value; +} + +return size; +} + + ngx_int_t ngx_stream_compile_complex_value(ngx_stream_compile_complex_value_t *ccv) { @@ -246,6 +277,36 @@ ngx_stream_set_complex_value_slot(ngx_co } +char * +ngx_stream_set_complex_value_size_slot(
[nginx] Variables support in proxy_upload_rate and proxy_download_rate.
details: https://hg.nginx.org/nginx/rev/16a1adadf437 branches: changeset: 7505:16a1adadf437 user: Ruslan Ermilov date: Wed Apr 24 16:38:56 2019 +0300 description: Variables support in proxy_upload_rate and proxy_download_rate. diffstat: src/stream/ngx_stream_proxy_module.c | 31 ++- src/stream/ngx_stream_upstream.h | 3 +++ 2 files changed, 21 insertions(+), 13 deletions(-) diffs (109 lines): diff -r c19ca381b2e6 -r 16a1adadf437 src/stream/ngx_stream_proxy_module.c --- a/src/stream/ngx_stream_proxy_module.c Wed Apr 24 16:38:54 2019 +0300 +++ b/src/stream/ngx_stream_proxy_module.c Wed Apr 24 16:38:56 2019 +0300 @@ -24,8 +24,8 @@ typedef struct { ngx_msec_t timeout; ngx_msec_t next_upstream_timeout; size_t buffer_size; -size_t upload_rate; -size_t download_rate; +ngx_stream_complex_value_t *upload_rate; +ngx_stream_complex_value_t *download_rate; ngx_uint_t requests; ngx_uint_t responses; ngx_uint_t next_upstream_tries; @@ -184,14 +184,14 @@ static ngx_command_t ngx_stream_proxy_c { ngx_string("proxy_upload_rate"), NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, - ngx_conf_set_size_slot, + ngx_stream_set_complex_value_size_slot, NGX_STREAM_SRV_CONF_OFFSET, offsetof(ngx_stream_proxy_srv_conf_t, upload_rate), NULL }, { ngx_string("proxy_download_rate"), NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, - ngx_conf_set_size_slot, + ngx_stream_set_complex_value_size_slot, NGX_STREAM_SRV_CONF_OFFSET, offsetof(ngx_stream_proxy_srv_conf_t, download_rate), NULL }, @@ -895,6 +895,9 @@ ngx_stream_proxy_init_upstream(ngx_strea u->proxy_protocol = 0; } +u->upload_rate = ngx_stream_complex_value_size(s, pscf->upload_rate, 0); +u->download_rate = ngx_stream_complex_value_size(s, pscf->download_rate, 0); + u->connected = 1; pc->read->handler = ngx_stream_proxy_upstream_handler; @@ -1532,7 +1535,7 @@ ngx_stream_proxy_process(ngx_stream_sess src = pc; dst = c; b = >upstream_buf; -limit_rate = pscf->download_rate; +limit_rate = u->download_rate; received = >received; packets = >responses; out = >downstream_out; @@ -1544,7 +1547,7 @@ ngx_stream_proxy_process(ngx_stream_sess src = c; dst = pc; b = >downstream_buf; -limit_rate = pscf->upload_rate; +limit_rate = u->upload_rate; received = >received; packets = >requests; out = >upstream_out; @@ -1955,6 +1958,8 @@ ngx_stream_proxy_create_srv_conf(ngx_con * conf->ssl_certificate = { 0, NULL }; * conf->ssl_certificate_key = { 0, NULL }; * + * conf->upload_rate = NULL; + * conf->download_rate = NULL; * conf->ssl = NULL; * conf->upstream = NULL; * conf->upstream_value = NULL; @@ -1964,8 +1969,6 @@ ngx_stream_proxy_create_srv_conf(ngx_con conf->timeout = NGX_CONF_UNSET_MSEC; conf->next_upstream_timeout = NGX_CONF_UNSET_MSEC; conf->buffer_size = NGX_CONF_UNSET_SIZE; -conf->upload_rate = NGX_CONF_UNSET_SIZE; -conf->download_rate = NGX_CONF_UNSET_SIZE; conf->requests = NGX_CONF_UNSET_UINT; conf->responses = NGX_CONF_UNSET_UINT; conf->next_upstream_tries = NGX_CONF_UNSET_UINT; @@ -2005,11 +2008,13 @@ ngx_stream_proxy_merge_srv_conf(ngx_conf ngx_conf_merge_size_value(conf->buffer_size, prev->buffer_size, 16384); -ngx_conf_merge_size_value(conf->upload_rate, - prev->upload_rate, 0); - -ngx_conf_merge_size_value(conf->download_rate, - prev->download_rate, 0); +if (conf->upload_rate == NULL) { +conf->upload_rate = prev->upload_rate; +} + +if (conf->download_rate == NULL) { +conf->download_rate = prev->download_rate; +} ngx_conf_merge_uint_value(conf->requests, prev->requests, 0); diff -r c19ca381b2e6 -r 16a1adadf437 src/stream/ngx_stream_upstream.h --- a/src/stream/ngx_stream_upstream.h Wed Apr 24 16:38:54 2019 +0300 +++ b/src/stream/ngx_stream_upstream.h Wed Apr 24 16:38:56 2019 +0300 @@ -132,6 +132,9 @@ typedef struct { ngx_uint_t responses; ngx_msec_t start_time; +size_t upload_rate; +size_t download_rate; + ngx_str_t
[nginx] Variables support in limit_rate and limit_rate_after (ticket #293).
details: https://hg.nginx.org/nginx/rev/c19ca381b2e6 branches: changeset: 7504:c19ca381b2e6 user: Ruslan Ermilov date: Wed Apr 24 16:38:54 2019 +0300 description: Variables support in limit_rate and limit_rate_after (ticket #293). diffstat: src/http/ngx_http_core_module.c | 24 +++-- src/http/ngx_http_core_module.h | 5 +- src/http/ngx_http_request.h | 3 + src/http/ngx_http_upstream.c| 2 + src/http/ngx_http_variables.c | 55 +++- src/http/ngx_http_write_filter_module.c | 12 ++- 6 files changed, 57 insertions(+), 44 deletions(-) diffs (237 lines): diff -r b82162b8496a -r c19ca381b2e6 src/http/ngx_http_core_module.c --- a/src/http/ngx_http_core_module.c Wed Apr 24 16:38:51 2019 +0300 +++ b/src/http/ngx_http_core_module.c Wed Apr 24 16:38:54 2019 +0300 @@ -479,7 +479,7 @@ static ngx_command_t ngx_http_core_comm { ngx_string("limit_rate"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF |NGX_CONF_TAKE1, - ngx_conf_set_size_slot, + ngx_http_set_complex_value_size_slot, NGX_HTTP_LOC_CONF_OFFSET, offsetof(ngx_http_core_loc_conf_t, limit_rate), NULL }, @@ -487,7 +487,7 @@ static ngx_command_t ngx_http_core_comm { ngx_string("limit_rate_after"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF |NGX_CONF_TAKE1, - ngx_conf_set_size_slot, + ngx_http_set_complex_value_size_slot, NGX_HTTP_LOC_CONF_OFFSET, offsetof(ngx_http_core_loc_conf_t, limit_rate_after), NULL }, @@ -1281,10 +1281,6 @@ ngx_http_update_location_config(ngx_http r->connection->tcp_nopush = NGX_TCP_NOPUSH_DISABLED; } -if (r->limit_rate == 0) { -r->limit_rate = clcf->limit_rate; -} - if (clcf->handler) { r->content_handler = clcf->handler; } @@ -3387,6 +3383,8 @@ ngx_http_core_create_loc_conf(ngx_conf_t * clcf->exact_match = 0; * clcf->auto_redirect = 0; * clcf->alias = 0; + * clcf->limit_rate = NULL; + * clcf->limit_rate_after = NULL; * clcf->gzip_proxied = 0; * clcf->keepalive_disable = 0; */ @@ -3417,8 +3415,6 @@ ngx_http_core_create_loc_conf(ngx_conf_t clcf->send_timeout = NGX_CONF_UNSET_MSEC; clcf->send_lowat = NGX_CONF_UNSET_SIZE; clcf->postpone_output = NGX_CONF_UNSET_SIZE; -clcf->limit_rate = NGX_CONF_UNSET_SIZE; -clcf->limit_rate_after = NGX_CONF_UNSET_SIZE; clcf->keepalive_timeout = NGX_CONF_UNSET_MSEC; clcf->keepalive_header = NGX_CONF_UNSET; clcf->keepalive_requests = NGX_CONF_UNSET_UINT; @@ -3647,9 +3643,15 @@ ngx_http_core_merge_loc_conf(ngx_conf_t ngx_conf_merge_size_value(conf->send_lowat, prev->send_lowat, 0); ngx_conf_merge_size_value(conf->postpone_output, prev->postpone_output, 1460); -ngx_conf_merge_size_value(conf->limit_rate, prev->limit_rate, 0); -ngx_conf_merge_size_value(conf->limit_rate_after, prev->limit_rate_after, - 0); + +if (conf->limit_rate == NULL) { +conf->limit_rate = prev->limit_rate; +} + +if (conf->limit_rate_after == NULL) { +conf->limit_rate_after = prev->limit_rate_after; +} + ngx_conf_merge_msec_value(conf->keepalive_timeout, prev->keepalive_timeout, 75000); ngx_conf_merge_sec_value(conf->keepalive_header, diff -r b82162b8496a -r c19ca381b2e6 src/http/ngx_http_core_module.h --- a/src/http/ngx_http_core_module.h Wed Apr 24 16:38:51 2019 +0300 +++ b/src/http/ngx_http_core_module.h Wed Apr 24 16:38:54 2019 +0300 @@ -349,13 +349,14 @@ struct ngx_http_core_loc_conf_s { size_tclient_body_buffer_size; /* client_body_buffer_size */ size_tsend_lowat; /* send_lowat */ size_tpostpone_output; /* postpone_output */ -size_tlimit_rate; /* limit_rate */ -size_tlimit_rate_after;/* limit_rate_after */ size_tsendfile_max_chunk; /* sendfile_max_chunk */ size_tread_ahead; /* read_ahead */ size_tsubrequest_output_buffer_size; /* subrequest_output_buffer_size */ +ngx_http_complex_value_t *limit_rate; /* limit_rate */ +ngx_http_complex_value_t *limit_rate_after; /* limit_rate_after */ + ngx_msec_tclient_body_timeout; /* client_body_timeout */ ngx_msec_tsend_timeout;/* send_timeout */ ngx_msec_tkeepalive_timeout; /* keepalive_timeout */ diff -r b82162b8496a -r c19ca381b2e6 src/http/ngx_http_request.h --- a/src/http/ngx
Re: limit_rate_after support variables
On Mon, Feb 25, 2019 at 12:06:07PM +0100, Miroslav Nový wrote: > Hello, > how does it look with merge into the main branch? It's still under the review. Sorry. > Thank you for answer > Mira Novy > > po 10. 12. 2018 v 14:30 odesílatel Miroslav Novy > napsal: > > > Hello, > > your path is very good. I tested it and works fine for as. > > > > Reading complex value to the same local variable limit_rate was conflusing > > for me at first time. But it is correct :) > > > > if (r->limit_rate_after == 0 > > +&& clcf->limit_rate_after > > +&& ngx_http_complex_value_size(r, clcf->limit_rate_after, > > , > > + _rate) > > <--- > > + == NGX_OK) > > +{ > > +if (limit_rate != (size_t) NGX_ERROR) { > > +r->limit_rate_after = limit_rate; > > + > > +} else if (val.len) { > > > > Please, merge your path to master branch. > > > > Best regards > > M. Nový > > -- Ruslan Ermilov Assume stupidity not malice ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Use %s for errors returned from configuration parsing handlers.
details: https://hg.nginx.org/nginx/rev/d864ee67b5ae branches: changeset: 7451:d864ee67b5ae user: Ruslan Ermilov date: Tue Dec 25 15:26:58 2018 +0300 description: Use %s for errors returned from configuration parsing handlers. diffstat: src/core/ngx_conf_file.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diffs (12 lines): diff -r 2d9ab7717e23 -r d864ee67b5ae src/core/ngx_conf_file.c --- a/src/core/ngx_conf_file.c Wed Jan 30 19:28:27 2019 +0300 +++ b/src/core/ngx_conf_file.c Tue Dec 25 15:26:58 2018 +0300 @@ -310,7 +310,7 @@ ngx_conf_parse(ngx_conf_t *cf, ngx_str_t goto failed; } -ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, rv); +ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "%s", rv); goto failed; } ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH] Upstream: added $upstream_bytes_sent variable
https://hg.nginx.org/nginx/rev/e573d74299a0 ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Upstream: implemented $upstream_bytes_sent.
details: https://hg.nginx.org/nginx/rev/e573d74299a0 branches: changeset: 7429:e573d74299a0 user: Ruslan Ermilov date: Thu Dec 13 17:23:07 2018 +0300 description: Upstream: implemented $upstream_bytes_sent. diffstat: src/http/ngx_http_upstream.c | 15 +++ src/http/ngx_http_upstream.h | 1 + 2 files changed, 16 insertions(+), 0 deletions(-) diffs (57 lines): diff -r cbc5dee8d5d2 -r e573d74299a0 src/http/ngx_http_upstream.c --- a/src/http/ngx_http_upstream.c Tue Dec 11 19:41:22 2018 +0300 +++ b/src/http/ngx_http_upstream.c Thu Dec 13 17:23:07 2018 +0300 @@ -409,6 +409,10 @@ static ngx_http_variable_t ngx_http_ups ngx_http_upstream_response_length_variable, 1, NGX_HTTP_VAR_NOCACHEABLE, 0 }, +{ ngx_string("upstream_bytes_sent"), NULL, + ngx_http_upstream_response_length_variable, 2, + NGX_HTTP_VAR_NOCACHEABLE, 0 }, + #if (NGX_HTTP_CACHE) { ngx_string("upstream_cache_status"), NULL, @@ -4136,6 +4140,10 @@ ngx_http_upstream_next(ngx_http_request_ if (u->peer.sockaddr) { +if (u->peer.connection) { +u->state->bytes_sent = u->peer.connection->sent; +} + if (ft_type == NGX_HTTP_UPSTREAM_FT_HTTP_403 || ft_type == NGX_HTTP_UPSTREAM_FT_HTTP_404) { @@ -4319,6 +4327,10 @@ ngx_http_upstream_finalize_request(ngx_h - u->pipe->preread_size; u->state->response_length = u->pipe->read_length; } + +if (u->peer.connection) { +u->state->bytes_sent = u->peer.connection->sent; +} } u->finalize_request(r, rc); @@ -5502,6 +5514,9 @@ ngx_http_upstream_response_length_variab if (data == 1) { p = ngx_sprintf(p, "%O", state[i].bytes_received); +} else if (data == 2) { +p = ngx_sprintf(p, "%O", state[i].bytes_sent); + } else { p = ngx_sprintf(p, "%O", state[i].response_length); } diff -r cbc5dee8d5d2 -r e573d74299a0 src/http/ngx_http_upstream.h --- a/src/http/ngx_http_upstream.h Tue Dec 11 19:41:22 2018 +0300 +++ b/src/http/ngx_http_upstream.h Thu Dec 13 17:23:07 2018 +0300 @@ -64,6 +64,7 @@ typedef struct { ngx_msec_t queue_time; off_tresponse_length; off_tbytes_received; +off_tbytes_sent; ngx_str_t *peer; } ngx_http_upstream_state_t; ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: limit_rate_after support variables
On Wed, Nov 21, 2018 at 03:50:30PM +0100, Miroslav Novy wrote: > Hi Ruslan, > there is my fix to remove warning "using uninitialized variable". > > I have moved the reading value of limit_rate variable from function > ngx_http_update_location_config to function ngx_http_write_filter > because value is initialized later. > > Best regards > Miroslav Nový > > # HG changeset patch > # User Miroslav Nový > # Date 1542811768 0 > # Wed Nov 21 14:49:28 2018 + > # Node ID e2139cd62c7263dc182b11a847a6eaf2d9560a0d > # Parent 82eed7650622fd780dcd4a86661de7b80b44199c > Variables support in limit_rate and limit_rate_after fix > > Reading value of limit_rate variable moved to function > ngx_http_write_filter because in function > ngx_http_update_location_config is not inicialized yet. > > diff -r 82eed7650622 -r e2139cd62c72 src/http/ngx_http_core_module.c > --- a/src/http/ngx_http_core_module.c Wed Nov 21 10:40:01 2018 + > +++ b/src/http/ngx_http_core_module.c Wed Nov 21 14:49:28 2018 + > @@ -1212,8 +1212,6 @@ > void > ngx_http_update_location_config(ngx_http_request_t *r) > { > -size_t limit_rate; > -ngx_str_t val; > ngx_http_core_loc_conf_t *clcf; > > clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); > @@ -1283,20 +1281,6 @@ > r->connection->tcp_nopush = NGX_TCP_NOPUSH_DISABLED; > } > > -if (r->limit_rate == 0 > -&& clcf->limit_rate > -&& ngx_http_complex_value_size(r, clcf->limit_rate, , > _rate) > - == NGX_OK) > -{ > -if (limit_rate != (size_t) NGX_ERROR) { > -r->limit_rate = limit_rate; > - > -} else if (val.len) { > -ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, > - "invalid \"limit_rate\" value \"%V\"", ); > -} > -} > - > if (clcf->handler) { > r->content_handler = clcf->handler; > } > diff -r 82eed7650622 -r e2139cd62c72 src/http/ngx_http_write_filter_module.c > --- a/src/http/ngx_http_write_filter_module.c Wed Nov 21 10:40:01 2018 + > +++ b/src/http/ngx_http_write_filter_module.c Wed Nov 21 14:49:28 2018 + > @@ -48,7 +48,7 @@ > ngx_http_write_filter(ngx_http_request_t *r, ngx_chain_t *in) > { > off_t size, sent, nsent, limit; > -size_t limit_rate_after; > +ssize_tlimit_rate, limit_rate_after; > ngx_str_t val; > ngx_uint_t last, flush, sync; > ngx_msec_t delay; > @@ -220,6 +220,25 @@ > return NGX_ERROR; > } > > +if (r->limit_rate == 0 > + && clcf->limit_rate > + && ngx_http_complex_value_size(r, clcf->limit_rate, , > +_rate) > + == NGX_OK) > + { > + if (limit_rate_after != NGX_ERROR) { You're checking the wrong variable here. > + r->limit_rate = limit_rate; > + > + } else if (val.len) { > + ngx_log_error(NGX_LOG_ERR, c->log, 0, > + "invalid \"limit_rate\" value \"%V\"", > + ); > + } > + } > + > + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, "http limit rate \"%z\"", > + r->limit_rate); > + Unfortunately, moving it here from the write filter the way it's done breaks unbuffered proxying combined with limit_rate set. > if (r->limit_rate) { > if (r->limit_rate_after == 0 > && clcf->limit_rate_after > @@ -227,7 +246,7 @@ > _rate_after) > == NGX_OK) > { > -if (limit_rate_after != (size_t) NGX_ERROR) { > +if (limit_rate_after != NGX_ERROR) { > r->limit_rate_after = limit_rate_after; > > } else if (val.len) { Here's my take. I didn't change size_t vs. ssize_t as I believe it's okay the way I did it. # HG changeset patch # User Ruslan Ermilov # Date 1544099131 -10800 # Thu Dec 06 15:25:31 2018 +0300 # Node ID 1a8c0a959f636b5eea0a4f42711af08591c23a99 # Parent 2117637f64e981e0e14c3a4b0509252fefd8a78a Added ngx_http_set_complex_value_size_slot(). If a complex value is expected to be size_t, and the compiled value is constant, the constant size_t value is remembered at compile time. The value is accessed through ngx_http_complex_value_size() which either r
Re: [PATCH] Upstream: added $upstream_bytes_sent variable
On Thu, Nov 29, 2018 at 06:00:51PM +0300, Maxim Dounin wrote: > Hello! > > On Tue, Nov 27, 2018 at 02:34:10AM -0800, Piotr Sikora via nginx-devel wrote: > > > # HG changeset patch > > # User Piotr Sikora > > # Date 1494129075 25200 > > # Sat May 06 20:51:15 2017 -0700 > > # Node ID fafbb3ee41e5bb03bcfba73f7d4367b8ab7d36cc > > # Parent be5cb9c67c05ccaf22dab7abba78aa4c1545a8ee > > Upstream: added $upstream_bytes_sent variable. > > [...] > > Ruslan made a similar patch a while ago. It wasn't committed > since there were questions if such a variable is actually needed - > I think we are aware of at most one feature request for this: > > http://mailman.nginx.org/pipermail/nginx/2018-March/055940.html > > I've asked Ruslan to post his version of the patch (or, rather, a > patch series), please review. # HG changeset patch # User Ruslan Ermilov # Date 1543592116 -10800 # Fri Nov 30 18:35:16 2018 +0300 # Node ID 79c7b169816cdc63044838b03084c631c0d2f0a3 # Parent 5cff15dd07cd298e4eff44c04c2833066c217318 Upstream: style. Introduced local variable "c" in ngx_http_upstream_next() and ngx_http_upstream_finalize_request(). No functional changes. diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c --- a/src/http/ngx_http_upstream.c +++ b/src/http/ngx_http_upstream.c @@ -4128,8 +4128,9 @@ static void ngx_http_upstream_next(ngx_http_request_t *r, ngx_http_upstream_t *u, ngx_uint_t ft_type) { -ngx_msec_t timeout; -ngx_uint_t status, state; +ngx_msec_t timeout; +ngx_uint_t status, state; +ngx_connection_t *c; ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http next upstream, %xi", ft_type); @@ -4250,25 +4251,26 @@ ngx_http_upstream_next(ngx_http_request_ return; } -if (u->peer.connection) { +c = u->peer.connection; + +if (c) { ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, - "close http upstream connection: %d", - u->peer.connection->fd); + "close http upstream connection: %d", c->fd); #if (NGX_HTTP_SSL) -if (u->peer.connection->ssl) { -u->peer.connection->ssl->no_wait_shutdown = 1; -u->peer.connection->ssl->no_send_shutdown = 1; - -(void) ngx_ssl_shutdown(u->peer.connection); +if (c->ssl) { +c->ssl->no_wait_shutdown = 1; +c->ssl->no_send_shutdown = 1; + +(void) ngx_ssl_shutdown(c); } #endif -if (u->peer.connection->pool) { -ngx_destroy_pool(u->peer.connection->pool); -} - -ngx_close_connection(u->peer.connection); +if (c->pool) { +ngx_destroy_pool(c->pool); +} + +ngx_close_connection(c); u->peer.connection = NULL; } @@ -4292,7 +4294,8 @@ static void ngx_http_upstream_finalize_request(ngx_http_request_t *r, ngx_http_upstream_t *u, ngx_int_t rc) { -ngx_uint_t flush; +ngx_uint_t flush; +ngx_connection_t *c; ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "finalize http upstream request: %i", rc); @@ -4328,13 +4331,15 @@ ngx_http_upstream_finalize_request(ngx_h u->peer.sockaddr = NULL; } -if (u->peer.connection) { +c = u->peer.connection; + +if (c) { #if (NGX_HTTP_SSL) /* TODO: do not shutdown persistent connection */ -if (u->peer.connection->ssl) { +if (c->ssl) { /* * We send the "close notify" shutdown alert to the upstream only @@ -4342,21 +4347,20 @@ ngx_http_upstream_finalize_request(ngx_h * It is acceptable according to the TLS standard. */ -u->peer.connection->ssl->no_wait_shutdown = 1; - -(void) ngx_ssl_shutdown(u->peer.connection); +c->ssl->no_wait_shutdown = 1; + +(void) ngx_ssl_shutdown(c); } #endif ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, - "close http upstream connection: %d", - u->peer.connection->fd); - -if (u->peer.connection->pool) { -ngx_destroy_pool(u->peer.connection->pool); - } - -ngx_close_connection(u->peer.connection); + "close http upstream connection: %d", c->fd); + +if (c->pool) { +ngx_destroy_pool(c->pool); +} + +ngx_close_connection(c); } u->peer.connection = NULL; # HG changeset patch # User Ruslan Ermilov # Date 1543
Re: limit_rate_after support variables
On Sun, Nov 18, 2018 at 09:53:25PM +, Jaroslav Skřivan wrote: > Hi, > > I found this path > http://mailman.nginx.org/pipermail/nginx-devel/2018-October/011505.html > very useful in our environment. > > I would love to have it in upstream. What can I do in order to make it > happe? > > Thanks > > Kind regards, > Skřivan Jaroslav Please read the following: http://mailman.nginx.org/pipermail/nginx-devel/2018-November/011604.html Please also send your further replies to that thread instead, if possible. Thanks. ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: limit_rate_after support variables
Hi Miroslav, On Wed, Oct 17, 2018 at 12:49:13PM +0200, Miroslav Novy wrote: > Hello, > > I prepare patch on actual sources. Settings limit_rate and limit_rate_after > works good. Please make code review, our testing and merge to main branche. > Thank you > Miroslav Nový > > Example of configration: > location / { > root /var/www/default/; > index index.html index.htm; > > set $my_limit_rate 4k; > set $my_limit_rate_after 4m; > > limit_rate $my_limit_rate; > limit_rate_after $my_limit_rate_after; > > access_by_lua_block { > ngx.var.my_limit_rate = '2k' > ngx.var.my_limit_rate_after = '10m' > } > } As I wrote on August 29, the patch is pending a code review. The patch you submitted is garbled by your email client, is somewhat different from the patch I submitted, also the while patch series became a single patch. I've updated my version of the patch series. You can help with the code review and testing, if you like: # HG changeset patch # User Ruslan Ermilov # Date 1542721399 -10800 # Tue Nov 20 16:43:19 2018 +0300 # Node ID 9926926b9d63c8cc9779877cb6c0f5e64193f1a8 # Parent 650574a445058a0ed9e9a83c29183a7bc13e85ba Added post processing to ngx_http_set_complex_value_slot(). diff --git a/src/http/ngx_http_script.c b/src/http/ngx_http_script.c --- a/src/http/ngx_http_script.c +++ b/src/http/ngx_http_script.c @@ -214,6 +214,7 @@ ngx_http_set_complex_value_slot(ngx_conf char *p = conf; ngx_str_t *value; +ngx_conf_post_t*post; ngx_http_complex_value_t **cv; ngx_http_compile_complex_value_tccv; @@ -240,6 +241,11 @@ ngx_http_set_complex_value_slot(ngx_conf return NGX_CONF_ERROR; } +if (cmd->post) { +post = cmd->post; +return post->post_handler(cf, post, *cv); + } + return NGX_CONF_OK; } # HG changeset patch # User Ruslan Ermilov # Date 1542721408 -10800 # Tue Nov 20 16:43:28 2018 +0300 # Node ID cb171b06b70daa8ab230924eafa152fa28870cb5 # Parent 9926926b9d63c8cc9779877cb6c0f5e64193f1a8 Added size_t type support to ngx_http_set_complex_value_slot(). If a complex value is expected to be size_t, and the compiled value is constant, the ngx_http_complex_value_size_p post handler will remember the constant size_t value. The value is accessed through ngx_http_complex_value_size() which either returns the remembered constant or evaluates the expression and parses it as size_t. diff --git a/src/http/ngx_http_script.c b/src/http/ngx_http_script.c --- a/src/http/ngx_http_script.c +++ b/src/http/ngx_http_script.c @@ -10,6 +10,13 @@ #include +static char *ngx_http_complex_value_set_size(ngx_conf_t *cf, void *post, +void *data); + +ngx_conf_post_handler_pt ngx_http_complex_value_size_p = +ngx_http_complex_value_set_size; + + static ngx_int_t ngx_http_script_init_arrays(ngx_http_script_compile_t *sc); static ngx_int_t ngx_http_script_done(ngx_http_script_compile_t *sc); static ngx_int_t ngx_http_script_add_copy_code(ngx_http_script_compile_t *sc, @@ -105,6 +112,25 @@ ngx_http_complex_value(ngx_http_request_ ngx_int_t +ngx_http_complex_value_size(ngx_http_request_t *r, +ngx_http_complex_value_t *val, ngx_str_t *value, size_t *size) +{ +if (val->lengths == NULL) { +*size = val->u.size; +return NGX_OK; +} + +if (ngx_http_complex_value(r, val, value) != NGX_OK) { +return NGX_ERROR; +} + +*size = ngx_parse_size(value); + +return NGX_OK; +} + + +ngx_int_t ngx_http_compile_complex_value(ngx_http_compile_complex_value_t *ccv) { ngx_str_t *v; @@ -250,6 +276,24 @@ ngx_http_set_complex_value_slot(ngx_conf } +static char * +ngx_http_complex_value_set_size(ngx_conf_t *cf, void *post, void *data) +{ +ngx_http_complex_value_t *cv = data; + +if (cv->lengths) { +return NGX_CONF_OK; +} + +cv->u.size = ngx_parse_size(>value); +if (cv->u.size == (size_t) NGX_ERROR) { +return "invalid value"; +} + +return NGX_CONF_OK; +} + + ngx_int_t ngx_http_test_predicates(ngx_http_request_t *r, ngx_array_t *predicates) { diff --git a/src/http/ngx_http_script.h b/src/http/ngx_http_script.h --- a/src/http/ngx_http_script.h +++ b/src/http/ngx_http_script.h @@ -68,6 +68,10 @@ typedef struct { ngx_uint_t *flushes; void *lengths; void *values; + +union { +size_t size; +} u; } ngx_http_complex_value_t; @@ -207,6 +211,8 @@ void ngx_http_script_flush_complex_value ngx_http_complex_value_t *val); ngx_int_t ngx_http_complex_value(ngx_http_request_t *r, ngx_http_complex_value_t *val, ngx_str_t *value); +ngx_int_t ngx_http_complex_value_size(ngx_http_request_t *r, +
[nginx] Core: free shared memory on cycle initialization failure.
details: http://hg.nginx.org/nginx/rev/650574a44505 branches: changeset: 7394:650574a44505 user: Ruslan Ermilov date: Thu Nov 15 15:28:54 2018 +0300 description: Core: free shared memory on cycle initialization failure. diffstat: src/core/ngx_cycle.c | 64 1 files changed, 64 insertions(+), 0 deletions(-) diffs (81 lines): diff -r 4698cede59ff -r 650574a44505 src/core/ngx_cycle.c --- a/src/core/ngx_cycle.c Mon Nov 12 16:29:30 2018 +0300 +++ b/src/core/ngx_cycle.c Thu Nov 15 15:28:54 2018 +0300 @@ -843,6 +843,69 @@ failed: } } +/* free the newly created shared memory */ + +part = >shared_memory.part; +shm_zone = part->elts; + +for (i = 0; /* void */ ; i++) { + +if (i >= part->nelts) { +if (part->next == NULL) { +break; +} +part = part->next; +shm_zone = part->elts; +i = 0; +} + +if (shm_zone[i].shm.addr == NULL) { +continue; +} + +opart = _cycle->shared_memory.part; +oshm_zone = opart->elts; + +for (n = 0; /* void */ ; n++) { + +if (n >= opart->nelts) { +if (opart->next == NULL) { +break; +} +opart = opart->next; +oshm_zone = opart->elts; +n = 0; +} + +if (shm_zone[i].shm.name.len != oshm_zone[n].shm.name.len) { +continue; +} + +if (ngx_strncmp(shm_zone[i].shm.name.data, +oshm_zone[n].shm.name.data, +shm_zone[i].shm.name.len) +!= 0) +{ +continue; +} + +if (shm_zone[i].tag == oshm_zone[n].tag +&& shm_zone[i].shm.size == oshm_zone[n].shm.size +&& !shm_zone[i].noreuse) +{ +goto old_shm_zone_found; +} + +break; +} + +ngx_shm_free(_zone[i].shm); + +old_shm_zone_found: + +continue; +} + if (ngx_test_config) { ngx_destroy_cycle_pools(); return NULL; @@ -1274,6 +1337,7 @@ ngx_shared_memory_add(ngx_conf_t *cf, ng shm_zone->data = NULL; shm_zone->shm.log = cf->cycle->log; +shm_zone->shm.addr = NULL; shm_zone->shm.size = size; shm_zone->shm.name = *name; shm_zone->shm.exists = 0; ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Fixed off-by-one error in shared zone initialization.
details: http://hg.nginx.org/nginx/rev/7bf3c323cb6e branches: changeset: 7366:7bf3c323cb6e user: Ruslan Ermilov date: Tue Oct 02 13:32:52 2018 +0300 description: Fixed off-by-one error in shared zone initialization. On systems without atomic ops, not enough space was allocated for mutex's file name during shared zone initialization. diffstat: src/core/ngx_cycle.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diffs (13 lines): diff -r cd4fa2fab8d8 -r 7bf3c323cb6e src/core/ngx_cycle.c --- a/src/core/ngx_cycle.c Tue Sep 25 14:07:59 2018 +0300 +++ b/src/core/ngx_cycle.c Tue Oct 02 13:32:52 2018 +0300 @@ -921,7 +921,8 @@ ngx_init_zone_pool(ngx_cycle_t *cycle, n #else -file = ngx_pnalloc(cycle->pool, cycle->lock_file.len + zn->shm.name.len); +file = ngx_pnalloc(cycle->pool, + cycle->lock_file.len + zn->shm.name.len + 1); if (file == NULL) { return NGX_ERROR; } ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] SSL: fixed unlocked access to sess_id->len.
details: http://hg.nginx.org/nginx/rev/cd4fa2fab8d8 branches: changeset: 7365:cd4fa2fab8d8 user: Ruslan Ermilov date: Tue Sep 25 14:07:59 2018 +0300 description: SSL: fixed unlocked access to sess_id->len. diffstat: src/event/ngx_event_openssl.c | 7 +-- 1 files changed, 5 insertions(+), 2 deletions(-) diffs (28 lines): diff -r 5fa22beeaf11 -r cd4fa2fab8d8 src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c Thu Sep 27 13:05:39 2018 +0300 +++ b/src/event/ngx_event_openssl.c Tue Sep 25 14:07:59 2018 +0300 @@ -3146,6 +3146,7 @@ ngx_ssl_get_cached_session(ngx_ssl_conn_ const #endif u_char *p; +size_tslen; uint32_t hash; ngx_int_t rc; ngx_shm_zone_t *shm_zone; @@ -3201,12 +3202,14 @@ ngx_ssl_get_cached_session(ngx_ssl_conn_ if (rc == 0) { if (sess_id->expire > ngx_time()) { -ngx_memcpy(buf, sess_id->session, sess_id->len); +slen = sess_id->len; + +ngx_memcpy(buf, sess_id->session, slen); ngx_shmtx_unlock(>mutex); p = buf; -sess = d2i_SSL_SESSION(NULL, , sess_id->len); +sess = d2i_SSL_SESSION(NULL, , slen); return sess; } ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Version bump.
details: http://hg.nginx.org/nginx/rev/5fa22beeaf11 branches: changeset: 7364:5fa22beeaf11 user: Ruslan Ermilov date: Thu Sep 27 13:05:39 2018 +0300 description: Version bump. diffstat: src/core/nginx.h | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diffs (14 lines): diff -r dcd9303b0d73 -r 5fa22beeaf11 src/core/nginx.h --- a/src/core/nginx.h Tue Sep 25 18:11:39 2018 +0300 +++ b/src/core/nginx.h Thu Sep 27 13:05:39 2018 +0300 @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1015004 -#define NGINX_VERSION "1.15.4" +#define nginx_version 1015005 +#define NGINX_VERSION "1.15.5" #define NGINX_VER "nginx/" NGINX_VERSION #ifdef NGX_BUILD ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [nginx] Upstream: enable hash balancing method support parameter "backup".
On Mon, Sep 24, 2018 at 08:44:15AM +, Elza Scarlet wrote: > Dear Development Team, > > Thanks all of you make nginx so nice to use. We have a use case, we use hash > balancing method to increasing service's cache hit rate, but it doesn't > support "backup" parameter, which can be use to make doing online backup > server easier. After reading the source code, we found it's very easy to > support "backup" parameter when using hash balancing method, so we submit > this changes. Hope you can accept this changes. > > Kind regards, Scarlet Generally, hash methods don't support the "backup" parameter, but for those who need backup when falling back to round robin, there's a work around: put the "hash" directive after the "server" directives in the "upstream" block. ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: limit_rate_after support variables
On Tue, Aug 28, 2018 at 09:21:31AM +0200, Miroslav Novy wrote: > Hi, > thank you for your patch. I will look at it. Why did not you merge him to > repository? Because nobody indicated interest, nor has made a necessary code review. ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: limit_rate_after support variables
Hi, On Tue, Aug 14, 2018 at 10:22:14AM +0200, Miroslav Novy wrote: > # HG changeset patch > # User Miroslav Nový > # Date 1534234559 0 > # Tue Aug 14 08:15:59 2018 + > # Node ID 1a8327b50f7844cbe68226f54de60632189327f4 > # Parent 70c6b08973a02551612da4a4273757dc77c70ae2 > limit_rate_after support variables > > Example of use: > location / { > root /var/www/default/; > index index.html index.htm; > > set $my_limit_rate_after 2m; > > limit_rate_after $my_limit_rate_after; > limit_rate 2k; > > access_by_lua_block { > ngx.var.my_limit_rate_after = '10m' > } > > } > > diff -r 70c6b08973a0 -r 1a8327b50f78 src/http/ngx_http_core_module.c > --- a/src/http/ngx_http_core_module.c Fri Aug 10 21:54:46 2018 +0300 > +++ b/src/http/ngx_http_core_module.c Tue Aug 14 08:15:59 2018 + > @@ -487,7 +487,7 @@ > { ngx_string("limit_rate_after"), > > NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF > |NGX_CONF_TAKE1, > - ngx_conf_set_size_slot, > + ngx_http_set_complex_value_slot, >NGX_HTTP_LOC_CONF_OFFSET, >offsetof(ngx_http_core_loc_conf_t, limit_rate_after), >NULL }, > @@ -3364,6 +3364,7 @@ > * clcf->alias = 0; > * clcf->gzip_proxied = 0; > * clcf->keepalive_disable = 0; > + * clcf->limit_rate_after = NULL; > */ > > clcf->client_max_body_size = NGX_CONF_UNSET; > @@ -3393,7 +3394,6 @@ > clcf->send_lowat = NGX_CONF_UNSET_SIZE; > clcf->postpone_output = NGX_CONF_UNSET_SIZE; > clcf->limit_rate = NGX_CONF_UNSET_SIZE; > -clcf->limit_rate_after = NGX_CONF_UNSET_SIZE; > clcf->keepalive_timeout = NGX_CONF_UNSET_MSEC; > clcf->keepalive_header = NGX_CONF_UNSET; > clcf->keepalive_requests = NGX_CONF_UNSET_UINT; > @@ -3623,8 +3623,8 @@ > ngx_conf_merge_size_value(conf->postpone_output, prev->postpone_output, >1460); > ngx_conf_merge_size_value(conf->limit_rate, prev->limit_rate, 0); > -ngx_conf_merge_size_value(conf->limit_rate_after, > prev->limit_rate_after, > - 0); > +ngx_conf_merge_ptr_value(conf->limit_rate_after, > prev->limit_rate_after, > + NULL); This won't work because create_loc_conf() initialized clcf->limit_rate_after to NULL instead of NGX_CONF_UNSET_PTR. I suggest using a simple "== NULL" check here. > ngx_conf_merge_msec_value(conf->keepalive_timeout, >prev->keepalive_timeout, 75000); > ngx_conf_merge_sec_value(conf->keepalive_header, > diff -r 70c6b08973a0 -r 1a8327b50f78 src/http/ngx_http_core_module.h > --- a/src/http/ngx_http_core_module.h Fri Aug 10 21:54:46 2018 +0300 > +++ b/src/http/ngx_http_core_module.h Tue Aug 14 08:15:59 2018 + > @@ -351,7 +351,7 @@ > size_tsend_lowat; /* send_lowat */ > size_tpostpone_output; /* postpone_output */ > size_tlimit_rate; /* limit_rate */ > -size_tlimit_rate_after;/* limit_rate_after */ > +ngx_http_complex_value_t*limit_rate_after;/* > limit_rate_after */ > size_tsendfile_max_chunk; /* sendfile_max_chunk */ > size_tread_ahead; /* read_ahead */ > size_tsubrequest_output_buffer_size; > diff -r 70c6b08973a0 -r 1a8327b50f78 src/http/ngx_http_write_filter_module.c > --- a/src/http/ngx_http_write_filter_module.c Fri Aug 10 21:54:46 2018 +0300 > +++ b/src/http/ngx_http_write_filter_module.c Tue Aug 14 08:15:59 2018 + > @@ -220,7 +220,26 @@ > > if (r->limit_rate) { > if (r->limit_rate_after == 0) { > -r->limit_rate_after = clcf->limit_rate_after; > +r->limit_rate_after = 0; This assignment is pointless. > + > +if (clcf->limit_rate_after != NULL) { You can omit the "!= NULL" part of the check. > +ngx_str_t res; > +size_tst; There are style issues here, please see http://nginx.org/en/docs/dev/development_guide.html#code_style Also, I suggest renaming "st" to "s" here, and changing its type to ssize_t. > + > +if (ngx_http_complex_value(r, clcf->limit_rate_after, ) > +!= NGX_OK) > +{ > +return NGX_ERROR; > +} > + > +st = ngx_parse_size(); > +if (st != (size_t) NGX_ERROR) { > +
[nginx] Fixed invalid access to location defined as an empty string.
details: http://hg.nginx.org/nginx/rev/45e513c3540d branches: changeset: 7321:45e513c3540d user: Ruslan Ermilov date: Tue Jul 17 15:30:43 2018 +0300 description: Fixed invalid access to location defined as an empty string. diffstat: src/http/modules/ngx_http_fastcgi_module.c | 2 +- src/http/modules/ngx_http_grpc_module.c | 2 +- src/http/modules/ngx_http_memcached_module.c | 2 +- src/http/modules/ngx_http_proxy_module.c | 2 +- src/http/modules/ngx_http_scgi_module.c | 2 +- src/http/modules/ngx_http_uwsgi_module.c | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diffs (72 lines): diff -r 696df3ac27ac -r 45e513c3540d src/http/modules/ngx_http_fastcgi_module.c --- a/src/http/modules/ngx_http_fastcgi_module.cTue Jul 17 12:53:23 2018 +0300 +++ b/src/http/modules/ngx_http_fastcgi_module.cTue Jul 17 15:30:43 2018 +0300 @@ -3501,7 +3501,7 @@ ngx_http_fastcgi_pass(ngx_conf_t *cf, ng clcf->handler = ngx_http_fastcgi_handler; -if (clcf->name.data[clcf->name.len - 1] == '/') { +if (clcf->name.len && clcf->name.data[clcf->name.len - 1] == '/') { clcf->auto_redirect = 1; } diff -r 696df3ac27ac -r 45e513c3540d src/http/modules/ngx_http_grpc_module.c --- a/src/http/modules/ngx_http_grpc_module.c Tue Jul 17 12:53:23 2018 +0300 +++ b/src/http/modules/ngx_http_grpc_module.c Tue Jul 17 15:30:43 2018 +0300 @@ -4525,7 +4525,7 @@ ngx_http_grpc_pass(ngx_conf_t *cf, ngx_c clcf->handler = ngx_http_grpc_handler; -if (clcf->name.data[clcf->name.len - 1] == '/') { +if (clcf->name.len && clcf->name.data[clcf->name.len - 1] == '/') { clcf->auto_redirect = 1; } diff -r 696df3ac27ac -r 45e513c3540d src/http/modules/ngx_http_memcached_module.c --- a/src/http/modules/ngx_http_memcached_module.c Tue Jul 17 12:53:23 2018 +0300 +++ b/src/http/modules/ngx_http_memcached_module.c Tue Jul 17 15:30:43 2018 +0300 @@ -707,7 +707,7 @@ ngx_http_memcached_pass(ngx_conf_t *cf, clcf->handler = ngx_http_memcached_handler; -if (clcf->name.data[clcf->name.len - 1] == '/') { +if (clcf->name.len && clcf->name.data[clcf->name.len - 1] == '/') { clcf->auto_redirect = 1; } diff -r 696df3ac27ac -r 45e513c3540d src/http/modules/ngx_http_proxy_module.c --- a/src/http/modules/ngx_http_proxy_module.c Tue Jul 17 12:53:23 2018 +0300 +++ b/src/http/modules/ngx_http_proxy_module.c Tue Jul 17 15:30:43 2018 +0300 @@ -3580,7 +3580,7 @@ ngx_http_proxy_pass(ngx_conf_t *cf, ngx_ clcf->handler = ngx_http_proxy_handler; -if (clcf->name.data[clcf->name.len - 1] == '/') { +if (clcf->name.len && clcf->name.data[clcf->name.len - 1] == '/') { clcf->auto_redirect = 1; } diff -r 696df3ac27ac -r 45e513c3540d src/http/modules/ngx_http_scgi_module.c --- a/src/http/modules/ngx_http_scgi_module.c Tue Jul 17 12:53:23 2018 +0300 +++ b/src/http/modules/ngx_http_scgi_module.c Tue Jul 17 15:30:43 2018 +0300 @@ -1857,7 +1857,7 @@ ngx_http_scgi_pass(ngx_conf_t *cf, ngx_c return NGX_CONF_ERROR; } -if (clcf->name.data[clcf->name.len - 1] == '/') { +if (clcf->name.len && clcf->name.data[clcf->name.len - 1] == '/') { clcf->auto_redirect = 1; } diff -r 696df3ac27ac -r 45e513c3540d src/http/modules/ngx_http_uwsgi_module.c --- a/src/http/modules/ngx_http_uwsgi_module.c Tue Jul 17 12:53:23 2018 +0300 +++ b/src/http/modules/ngx_http_uwsgi_module.c Tue Jul 17 15:30:43 2018 +0300 @@ -2144,7 +2144,7 @@ ngx_http_uwsgi_pass(ngx_conf_t *cf, ngx_ return NGX_CONF_ERROR; } -if (clcf->name.data[clcf->name.len - 1] == '/') { +if (clcf->name.len && clcf->name.data[clcf->name.len - 1] == '/') { clcf->auto_redirect = 1; } ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Allow resetting connections closed by "return 444" (ticket #905).
details: http://hg.nginx.org/nginx/rev/e45f09198dab branches: changeset: 7313:e45f09198dab user: Ruslan Ermilov date: Thu Jul 12 12:50:20 2018 +0300 description: Allow resetting connections closed by "return 444" (ticket #905). If reset_timedout_connection is on, TCP connections closed by "return 444" will be reset instead of a normal close. diffstat: src/http/ngx_http_request.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diffs (11 lines): diff -r 54683f650cbd -r e45f09198dab src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c Thu Jul 05 22:21:14 2018 +0300 +++ b/src/http/ngx_http_request.c Thu Jul 12 12:50:20 2018 +0300 @@ -2353,6 +2353,7 @@ ngx_http_finalize_request(ngx_http_reque || rc == NGX_HTTP_NO_CONTENT) { if (rc == NGX_HTTP_CLOSE) { +c->timedout = 1; ngx_http_terminate_request(r, rc); return; } ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH] Core: remove unused FIOASYNC.
On Sun, Jul 08, 2018 at 11:36:45PM -0700, Ian Gudger wrote: > Any update on this? The original idea with SIGIO is to wake up master process from sigsuspend() when the message channel is ready for I/O. This feature is currently de-facto unused because if message writing fails, the message is lost and not resent. If this happens in ngx_signal_worker_processes(), the real signal is sent to the worker process as a backup option. If this happens when passing descriptors of inter-worker channels in ngx_pass_open_channel(), there is no backup, but this is not a problem as inter-worker channels aren't currently used. We decided not to commit this patch now because we have plans (https://trac.nginx.org/nginx/ticket/376) to pass descriptors of re-opened log files via the master-to-worker channels, but with reliable delivery (as opposed to the current use cases described above). While using poll() for this could be one of the options, the existing SIGIO mechanism is another one. > On Thu, Jun 28, 2018 at 4:47 AM Ruslan Ermilov wrote: > > > > On Thu, Jun 28, 2018 at 12:27:40PM +0300, Ruslan Ermilov wrote: > > > On Wed, Jun 27, 2018 at 01:40:26PM -0700, Ian Gudger wrote: > > > > Sorry, I understand now. > > > > > > > > Here is a new patch which removes that too: > > > > > > > > # HG changeset patch > > > > # User Ian Gudger > > > > # Date 1529449008 25200 > > > > # Tue Jun 19 15:56:48 2018 -0700 > > > > # Node ID 8fd0b85081a1cb91fa4495258bb5f9d3a6ef5785 > > > > # Parent 118885f7a5774962f1145693d9c26a4c199ca6ea > > > > Core: remove FIOASYNC as the SIGIOs it generated were ignored. > > > > > > > > FIOASYNC and F_SETOWN cause a pid or pgid to receive signals when a > > > > file is > > > > ready for IO. When using master process mode, this was setup, but the > > > > SIGIO > > > > signals were ignored. This has been the case since use of FIOASYNC was > > > > first > > > > added in eaf1f651cf86. Logic ignore the SIGIOs in a case where they > > > > unintentionally did something was added in 8abb88374c6c. > > > > > > > > diff --git a/src/os/unix/ngx_process.c b/src/os/unix/ngx_process.c > > > [...] > > > > @@ -433,8 +411,6 @@ ngx_signal_handler(int signo, siginfo_t > > > > > > > > case ngx_signal_value(NGX_RECONFIGURE_SIGNAL): > > > > case ngx_signal_value(NGX_CHANGEBIN_SIGNAL): > > > > -case SIGIO: > > > > -action = ", ignoring"; > > > > break; > > > > } > > > > > > On Wed, Jun 27, 2018 at 03:57:05PM +0300, Ruslan Ermilov wrote: > > > > Removing setting of an "action" variable looks like an error. > > > > > > No need to resend the patch. > > > > Here's a slightly cleaned up patch and commit log: > > > > # HG changeset patch > > # User Ian Gudger > > # Date 1529449008 25200 > > # Tue Jun 19 15:56:48 2018 -0700 > > # Node ID 9d24aafa6626f2915176e80e5279704af6f6d575 > > # Parent f2396ecf608bab9acc0545e3e53e36cc2cb9b2e6 > > Core: removed FIOASYNC as the SIGIOs it generated were ignored. > > > > FIOASYNC and F_SETOWN cause a pid or pgid to receive signals when a file is > > ready for I/O. When using master process mode, this was set up, but the > > SIGIO > > signals were ignored. This has been the case since use of FIOASYNC was > > first > > added in eaf1f651cf86. Logic to ignore the SIGIOs in a case where they > > unintentionally did something was added in 8abb88374c6c. > > > > diff --git a/src/os/unix/ngx_process.c b/src/os/unix/ngx_process.c > > --- a/src/os/unix/ngx_process.c > > +++ b/src/os/unix/ngx_process.c > > @@ -71,8 +71,6 @@ ngx_signal_t signals[] = { > > > > { SIGINT, "SIGINT", "", ngx_signal_handler }, > > > > -{ SIGIO, "SIGIO", "", ngx_signal_handler }, > > - > > { SIGCHLD, "SIGCHLD", "", ngx_signal_handler }, > > > > { SIGSYS, "SIGSYS, SIG_IGN", "", NULL }, > > @@ -87,7 +85,6 @@ ngx_pid_t > > ngx_spawn_process(ngx_cycle_t *cycle, ngx_spawn_proc_pt proc, void *data, > > char *name, ngx_int_t respawn) > > { > > -u_long on; > > ngx_pid_t pid; > > ngx_int_t s; > > > > @@ -142,21 +139,6 @@ ngx_spawn_process(ngx_cycle_t *cycle, ng > > return NGX_INVALID_PID; > > } > > &g
[nginx] Added FreeBSD support for "listen ... reuseport".
details: http://hg.nginx.org/nginx/rev/5c2ac36fcf56 branches: changeset: 7304:5c2ac36fcf56 user: Ruslan Ermilov date: Mon Jul 02 13:54:33 2018 +0300 description: Added FreeBSD support for "listen ... reuseport". diffstat: src/core/ngx_connection.c | 54 +++ 1 files changed, 54 insertions(+), 0 deletions(-) diffs (99 lines): diff -r 118885f7a577 -r 5c2ac36fcf56 src/core/ngx_connection.c --- a/src/core/ngx_connection.c Fri Jun 15 17:29:55 2018 +0300 +++ b/src/core/ngx_connection.c Mon Jul 02 13:54:33 2018 +0300 @@ -281,6 +281,22 @@ ngx_set_inherited_sockets(ngx_cycle_t *c reuseport = 0; olen = sizeof(int); +#ifdef SO_REUSEPORT_LB + +if (getsockopt(ls[i].fd, SOL_SOCKET, SO_REUSEPORT_LB, + (void *) , ) +== -1) +{ +ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_socket_errno, + "getsockopt(SO_REUSEPORT_LB) %V failed, ignored", + [i].addr_text); + +} else { +ls[i].reuseport = reuseport ? 1 : 0; +} + +#else + if (getsockopt(ls[i].fd, SOL_SOCKET, SO_REUSEPORT, (void *) , ) == -1) @@ -292,6 +308,7 @@ ngx_set_inherited_sockets(ngx_cycle_t *c } else { ls[i].reuseport = reuseport ? 1 : 0; } +#endif #endif @@ -430,6 +447,20 @@ ngx_open_listening_sockets(ngx_cycle_t * int reuseport = 1; +#ifdef SO_REUSEPORT_LB + +if (setsockopt(ls[i].fd, SOL_SOCKET, SO_REUSEPORT_LB, + (const void *) , sizeof(int)) +== -1) +{ +ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_socket_errno, + "setsockopt(SO_REUSEPORT_LB) %V failed, " + "ignored", + [i].addr_text); +} + +#else + if (setsockopt(ls[i].fd, SOL_SOCKET, SO_REUSEPORT, (const void *) , sizeof(int)) == -1) @@ -438,6 +469,7 @@ ngx_open_listening_sockets(ngx_cycle_t * "setsockopt(SO_REUSEPORT) %V failed, ignored", [i].addr_text); } +#endif ls[i].add_reuseport = 0; } @@ -488,6 +520,27 @@ ngx_open_listening_sockets(ngx_cycle_t * reuseport = 1; +#ifdef SO_REUSEPORT_LB + +if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT_LB, + (const void *) , sizeof(int)) +== -1) +{ +ngx_log_error(NGX_LOG_EMERG, log, ngx_socket_errno, + "setsockopt(SO_REUSEPORT_LB) %V failed", + [i].addr_text); + +if (ngx_close_socket(s) == -1) { +ngx_log_error(NGX_LOG_EMERG, log, ngx_socket_errno, + ngx_close_socket_n " %V failed", + [i].addr_text); +} + +return NGX_ERROR; +} + +#else + if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT, (const void *) , sizeof(int)) == -1) @@ -504,6 +557,7 @@ ngx_open_listening_sockets(ngx_cycle_t * return NGX_ERROR; } +#endif } #endif ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH] Core: remove unused FIOASYNC.
On Thu, Jun 28, 2018 at 12:27:40PM +0300, Ruslan Ermilov wrote: > On Wed, Jun 27, 2018 at 01:40:26PM -0700, Ian Gudger wrote: > > Sorry, I understand now. > > > > Here is a new patch which removes that too: > > > > # HG changeset patch > > # User Ian Gudger > > # Date 1529449008 25200 > > # Tue Jun 19 15:56:48 2018 -0700 > > # Node ID 8fd0b85081a1cb91fa4495258bb5f9d3a6ef5785 > > # Parent 118885f7a5774962f1145693d9c26a4c199ca6ea > > Core: remove FIOASYNC as the SIGIOs it generated were ignored. > > > > FIOASYNC and F_SETOWN cause a pid or pgid to receive signals when a file is > > ready for IO. When using master process mode, this was setup, but the SIGIO > > signals were ignored. This has been the case since use of FIOASYNC was first > > added in eaf1f651cf86. Logic ignore the SIGIOs in a case where they > > unintentionally did something was added in 8abb88374c6c. > > > > diff --git a/src/os/unix/ngx_process.c b/src/os/unix/ngx_process.c > [...] > > @@ -433,8 +411,6 @@ ngx_signal_handler(int signo, siginfo_t > > > > case ngx_signal_value(NGX_RECONFIGURE_SIGNAL): > > case ngx_signal_value(NGX_CHANGEBIN_SIGNAL): > > - case SIGIO: > > -action = ", ignoring"; > > break; > > } > > On Wed, Jun 27, 2018 at 03:57:05PM +0300, Ruslan Ermilov wrote: > > Removing setting of an "action" variable looks like an error. > > No need to resend the patch. Here's a slightly cleaned up patch and commit log: # HG changeset patch # User Ian Gudger # Date 1529449008 25200 # Tue Jun 19 15:56:48 2018 -0700 # Node ID 9d24aafa6626f2915176e80e5279704af6f6d575 # Parent f2396ecf608bab9acc0545e3e53e36cc2cb9b2e6 Core: removed FIOASYNC as the SIGIOs it generated were ignored. FIOASYNC and F_SETOWN cause a pid or pgid to receive signals when a file is ready for I/O. When using master process mode, this was set up, but the SIGIO signals were ignored. This has been the case since use of FIOASYNC was first added in eaf1f651cf86. Logic to ignore the SIGIOs in a case where they unintentionally did something was added in 8abb88374c6c. diff --git a/src/os/unix/ngx_process.c b/src/os/unix/ngx_process.c --- a/src/os/unix/ngx_process.c +++ b/src/os/unix/ngx_process.c @@ -71,8 +71,6 @@ ngx_signal_t signals[] = { { SIGINT, "SIGINT", "", ngx_signal_handler }, -{ SIGIO, "SIGIO", "", ngx_signal_handler }, - { SIGCHLD, "SIGCHLD", "", ngx_signal_handler }, { SIGSYS, "SIGSYS, SIG_IGN", "", NULL }, @@ -87,7 +85,6 @@ ngx_pid_t ngx_spawn_process(ngx_cycle_t *cycle, ngx_spawn_proc_pt proc, void *data, char *name, ngx_int_t respawn) { -u_long on; ngx_pid_t pid; ngx_int_t s; @@ -142,21 +139,6 @@ ngx_spawn_process(ngx_cycle_t *cycle, ng return NGX_INVALID_PID; } -on = 1; -if (ioctl(ngx_processes[s].channel[0], FIOASYNC, ) == -1) { -ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno, - "ioctl(FIOASYNC) failed while spawning \"%s\"", name); -ngx_close_channel(ngx_processes[s].channel, cycle->log); -return NGX_INVALID_PID; -} - -if (fcntl(ngx_processes[s].channel[0], F_SETOWN, ngx_pid) == -1) { -ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno, - "fcntl(F_SETOWN) failed while spawning \"%s\"", name); -ngx_close_channel(ngx_processes[s].channel, cycle->log); -return NGX_INVALID_PID; -} - if (fcntl(ngx_processes[s].channel[0], F_SETFD, FD_CLOEXEC) == -1) { ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno, "fcntl(FD_CLOEXEC) failed while spawning \"%s\"", @@ -394,10 +376,6 @@ ngx_signal_handler(int signo, siginfo_t ngx_sigalrm = 1; break; -case SIGIO: -ngx_sigio = 1; -break; - case SIGCHLD: ngx_reap = 1; break; @@ -433,7 +411,6 @@ ngx_signal_handler(int signo, siginfo_t case ngx_signal_value(NGX_RECONFIGURE_SIGNAL): case ngx_signal_value(NGX_CHANGEBIN_SIGNAL): -case SIGIO: action = ", ignoring"; break; } diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c --- a/src/os/unix/ngx_process_cycle.c +++ b/src/os/unix/ngx_process_cycle.c @@ -34,7 +34,6 @@ ngx_pid_t ngx_pid; ngx_pid_t ngx_parent; sig_atomic_t ngx_reap; -sig_atomic_t ngx_sigio; sig_atomic_t ngx_sigalrm; sig_atomic_t ngx_terminate; sig_atomic_t ngx_quit; @@ -77,7 +76,7
Re: [PATCH] Core: remove unused FIOASYNC.
On Wed, Jun 27, 2018 at 01:40:26PM -0700, Ian Gudger wrote: > Sorry, I understand now. > > Here is a new patch which removes that too: > > # HG changeset patch > # User Ian Gudger > # Date 1529449008 25200 > # Tue Jun 19 15:56:48 2018 -0700 > # Node ID 8fd0b85081a1cb91fa4495258bb5f9d3a6ef5785 > # Parent 118885f7a5774962f1145693d9c26a4c199ca6ea > Core: remove FIOASYNC as the SIGIOs it generated were ignored. > > FIOASYNC and F_SETOWN cause a pid or pgid to receive signals when a file is > ready for IO. When using master process mode, this was setup, but the SIGIO > signals were ignored. This has been the case since use of FIOASYNC was first > added in eaf1f651cf86. Logic ignore the SIGIOs in a case where they > unintentionally did something was added in 8abb88374c6c. > > diff --git a/src/os/unix/ngx_process.c b/src/os/unix/ngx_process.c [...] > @@ -433,8 +411,6 @@ ngx_signal_handler(int signo, siginfo_t > > case ngx_signal_value(NGX_RECONFIGURE_SIGNAL): > case ngx_signal_value(NGX_CHANGEBIN_SIGNAL): > -case SIGIO: > -action = ", ignoring"; > break; > } On Wed, Jun 27, 2018 at 03:57:05PM +0300, Ruslan Ermilov wrote: > Removing setting of an "action" variable looks like an error. No need to resend the patch. ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH] Core: remove unused FIOASYNC.
On Wed, Jun 27, 2018 at 10:09:47AM -0700, Ian Gudger wrote: > Actually, as far as I can tell, it never did anything other than cause > signals to be delivered that were promptly ignored. It appears to have > been added in eaf1f651cf86. I came to the same conclusion, but I'll double check with Igor before proceeding with removing this. > There are two things in ngx_master_process_cycle() with names related > to SIGIO. One is adding SIGIO to the set. That is removed in this > patch. The other is a variable named sigio, added in 8abb88374c6c. > > This variable does not appear to have anything to do with SIGIO > despite the name. It is indeed related, please see the explanation in the above mentioned commit here: http://hg.nginx.org/nginx/rev/8abb88374c6c What I was trying to say is that your patch needs to revert this change as well: diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c --- a/src/os/unix/ngx_process_cycle.c +++ b/src/os/unix/ngx_process_cycle.c @@ -77,7 +77,7 @@ ngx_master_process_cycle(ngx_cycle_t *cy u_char*p; size_t size; ngx_int_t i; -ngx_uint_t n, sigio; +ngx_uint_t n; sigset_t set; struct itimerval itv; ngx_uint_t live; @@ -134,13 +134,11 @@ ngx_master_process_cycle(ngx_cycle_t *cy ngx_new_binary = 0; delay = 0; -sigio = 0; live = 1; for ( ;; ) { if (delay) { if (ngx_sigalrm) { -sigio = 0; delay *= 2; ngx_sigalrm = 0; } @@ -165,8 +163,7 @@ ngx_master_process_cycle(ngx_cycle_t *cy ngx_time_update(); -ngx_log_debug1(NGX_LOG_DEBUG_EVENT, cycle->log, 0, - "wake up, sigio %i", sigio); +ngx_log_debug0(NGX_LOG_DEBUG_EVENT, cycle->log, 0, "wake up"); if (ngx_reap) { ngx_reap = 0; @@ -184,13 +181,6 @@ ngx_master_process_cycle(ngx_cycle_t *cy delay = 50; } -if (sigio) { -sigio--; -continue; -} - -sigio = ccf->worker_processes + 2 /* cache processes */; - if (delay > 1000) { ngx_signal_worker_processes(cycle, SIGKILL); } else { > I ran the tests with this patch and they all passed. Receiving signals > isn't free, so this patch may improve performance. Highly unlikely in this particular case. If you want, you can update your patch. > On Wed, Jun 27, 2018 at 5:57 AM Ruslan Ermilov wrote: > > > > On Mon, Jun 25, 2018 at 11:16:12AM -0700, Ian Gudger via nginx-devel wrote: > > > # HG changeset patch > > > # User Ian Gudger > > > # Date 1529449008 25200 > > > # Tue Jun 19 15:56:48 2018 -0700 > > > # Node ID 9427538acbc50142afbe91a11a1d4f907a00d257 > > > # Parent 118885f7a5774962f1145693d9c26a4c199ca6ea > > > Core: remove unused FIOASYNC. > > > > > > FIOASYNC, F_SETOWN and SIGIO seem to no longer serve any function. > > > > Can you decode your "seem to no longer server any function", please? > > > > > diff --git a/src/os/unix/ngx_process.c b/src/os/unix/ngx_process.c > > > --- a/src/os/unix/ngx_process.c > > > +++ b/src/os/unix/ngx_process.c > > > @@ -71,8 +71,6 @@ ngx_signal_t signals[] = { > > > > > > { SIGINT, "SIGINT", "", ngx_signal_handler }, > > > > > > -{ SIGIO, "SIGIO", "", ngx_signal_handler }, > > > - > > > { SIGCHLD, "SIGCHLD", "", ngx_signal_handler }, > > > > > > { SIGSYS, "SIGSYS, SIG_IGN", "", NULL }, > > > @@ -87,7 +85,6 @@ ngx_pid_t > > > ngx_spawn_process(ngx_cycle_t *cycle, ngx_spawn_proc_pt proc, void *data, > > > char *name, ngx_int_t respawn) > > > { > > > -u_long on; > > > ngx_pid_t pid; > > > ngx_int_t s; > > > > > > @@ -142,21 +139,6 @@ ngx_spawn_process(ngx_cycle_t *cycle, ng > > > return NGX_INVALID_PID; > > > } > > > > > > -on = 1; > > > -if (ioctl(ngx_processes[s].channel[0], FIOASYNC, ) == -1) { > > > -ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno, > > > - "ioctl(FIOASYNC) failed while spawning > > > \"%s\"", name); > > > -ngx_close_channel(ngx_processes[s].channel, cycle->log); > > > -return NGX_INVALID_PID; > > > -} > > > - > > > -if (fcnt
Re: [PATCH] Core: remove unused FIOASYNC.
On Mon, Jun 25, 2018 at 11:16:12AM -0700, Ian Gudger via nginx-devel wrote: > # HG changeset patch > # User Ian Gudger > # Date 1529449008 25200 > # Tue Jun 19 15:56:48 2018 -0700 > # Node ID 9427538acbc50142afbe91a11a1d4f907a00d257 > # Parent 118885f7a5774962f1145693d9c26a4c199ca6ea > Core: remove unused FIOASYNC. > > FIOASYNC, F_SETOWN and SIGIO seem to no longer serve any function. Can you decode your "seem to no longer server any function", please? > diff --git a/src/os/unix/ngx_process.c b/src/os/unix/ngx_process.c > --- a/src/os/unix/ngx_process.c > +++ b/src/os/unix/ngx_process.c > @@ -71,8 +71,6 @@ ngx_signal_t signals[] = { > > { SIGINT, "SIGINT", "", ngx_signal_handler }, > > -{ SIGIO, "SIGIO", "", ngx_signal_handler }, > - > { SIGCHLD, "SIGCHLD", "", ngx_signal_handler }, > > { SIGSYS, "SIGSYS, SIG_IGN", "", NULL }, > @@ -87,7 +85,6 @@ ngx_pid_t > ngx_spawn_process(ngx_cycle_t *cycle, ngx_spawn_proc_pt proc, void *data, > char *name, ngx_int_t respawn) > { > -u_long on; > ngx_pid_t pid; > ngx_int_t s; > > @@ -142,21 +139,6 @@ ngx_spawn_process(ngx_cycle_t *cycle, ng > return NGX_INVALID_PID; > } > > -on = 1; > -if (ioctl(ngx_processes[s].channel[0], FIOASYNC, ) == -1) { > -ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno, > - "ioctl(FIOASYNC) failed while spawning > \"%s\"", name); > -ngx_close_channel(ngx_processes[s].channel, cycle->log); > -return NGX_INVALID_PID; > -} > - > -if (fcntl(ngx_processes[s].channel[0], F_SETOWN, ngx_pid) == -1) { > -ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno, > - "fcntl(F_SETOWN) failed while spawning > \"%s\"", name); > -ngx_close_channel(ngx_processes[s].channel, cycle->log); > -return NGX_INVALID_PID; > -} > - > if (fcntl(ngx_processes[s].channel[0], F_SETFD, FD_CLOEXEC) == -1) { > ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno, >"fcntl(FD_CLOEXEC) failed while spawning \"%s\"", > @@ -394,10 +376,6 @@ ngx_signal_handler(int signo, siginfo_t > ngx_sigalrm = 1; > break; > > -case SIGIO: > -ngx_sigio = 1; > -break; > - > case SIGCHLD: > ngx_reap = 1; > break; > @@ -433,8 +411,6 @@ ngx_signal_handler(int signo, siginfo_t > > case ngx_signal_value(NGX_RECONFIGURE_SIGNAL): > case ngx_signal_value(NGX_CHANGEBIN_SIGNAL): > -case SIGIO: > -action = ", ignoring"; Removing setting of an "action" variable looks like an error. > break; > } > > diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c > --- a/src/os/unix/ngx_process_cycle.c > +++ b/src/os/unix/ngx_process_cycle.c > @@ -34,7 +34,6 @@ ngx_pid_t ngx_pid; > ngx_pid_t ngx_parent; > > sig_atomic_t ngx_reap; > -sig_atomic_t ngx_sigio; > sig_atomic_t ngx_sigalrm; > sig_atomic_t ngx_terminate; > sig_atomic_t ngx_quit; > @@ -88,7 +87,6 @@ ngx_master_process_cycle(ngx_cycle_t *cy > sigemptyset(); > sigaddset(, SIGCHLD); > sigaddset(, SIGALRM); > -sigaddset(, SIGIO); > sigaddset(, SIGINT); > sigaddset(, ngx_signal_value(NGX_RECONFIGURE_SIGNAL)); > sigaddset(, ngx_signal_value(NGX_REOPEN_SIGNAL)); > diff --git a/src/os/unix/ngx_process_cycle.h b/src/os/unix/ngx_process_cycle.h > --- a/src/os/unix/ngx_process_cycle.h > +++ b/src/os/unix/ngx_process_cycle.h > @@ -47,7 +47,6 @@ extern ngx_uint_t ngx_daemonized; > extern ngx_uint_t ngx_exiting; > > extern sig_atomic_tngx_reap; > -extern sig_atomic_tngx_sigio; > extern sig_atomic_tngx_sigalrm; > extern sig_atomic_tngx_quit; > extern sig_atomic_tngx_debug_quit; There's also a SIGIO related code in ngx_master_process_cycle(), added in 8abb88374c6c. ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Upstream: improved peer selection concurrency for hash and ip_hash.
details: http://hg.nginx.org/nginx/rev/ed599ea6c1f1 branches: changeset: 7300:ed599ea6c1f1 user: Ruslan Ermilov date: Thu Jun 14 07:03:50 2018 +0300 description: Upstream: improved peer selection concurrency for hash and ip_hash. diffstat: src/http/modules/ngx_http_upstream_hash_module.c| 8 +++- src/http/modules/ngx_http_upstream_ip_hash_module.c | 8 +++- src/stream/ngx_stream_upstream_hash_module.c| 8 +++- 3 files changed, 21 insertions(+), 3 deletions(-) diffs (138 lines): diff -r faf14dc9ab4d -r ed599ea6c1f1 src/http/modules/ngx_http_upstream_hash_module.c --- a/src/http/modules/ngx_http_upstream_hash_module.c Wed Jun 13 22:37:49 2018 +0300 +++ b/src/http/modules/ngx_http_upstream_hash_module.c Thu Jun 14 07:03:50 2018 +0300 @@ -176,7 +176,7 @@ ngx_http_upstream_get_hash_peer(ngx_peer ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, "get hash peer, try: %ui", pc->tries); -ngx_http_upstream_rr_peers_wlock(hp->rrp.peers); +ngx_http_upstream_rr_peers_rlock(hp->rrp.peers); if (hp->tries > 20 || hp->rrp.peers->single) { ngx_http_upstream_rr_peers_unlock(hp->rrp.peers); @@ -228,10 +228,13 @@ ngx_http_upstream_get_hash_peer(ngx_peer goto next; } +ngx_http_upstream_rr_peer_lock(hp->rrp.peers, peer); + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, pc->log, 0, "get hash peer, value:%uD, peer:%ui", hp->hash, p); if (peer->down) { +ngx_http_upstream_rr_peer_unlock(hp->rrp.peers, peer); goto next; } @@ -239,10 +242,12 @@ ngx_http_upstream_get_hash_peer(ngx_peer && peer->fails >= peer->max_fails && now - peer->checked <= peer->fail_timeout) { +ngx_http_upstream_rr_peer_unlock(hp->rrp.peers, peer); goto next; } if (peer->max_conns && peer->conns >= peer->max_conns) { +ngx_http_upstream_rr_peer_unlock(hp->rrp.peers, peer); goto next; } @@ -268,6 +273,7 @@ ngx_http_upstream_get_hash_peer(ngx_peer peer->checked = now; } +ngx_http_upstream_rr_peer_unlock(hp->rrp.peers, peer); ngx_http_upstream_rr_peers_unlock(hp->rrp.peers); hp->rrp.tried[n] |= m; diff -r faf14dc9ab4d -r ed599ea6c1f1 src/http/modules/ngx_http_upstream_ip_hash_module.c --- a/src/http/modules/ngx_http_upstream_ip_hash_module.c Wed Jun 13 22:37:49 2018 +0300 +++ b/src/http/modules/ngx_http_upstream_ip_hash_module.c Thu Jun 14 07:03:50 2018 +0300 @@ -161,7 +161,7 @@ ngx_http_upstream_get_ip_hash_peer(ngx_p /* TODO: cached */ -ngx_http_upstream_rr_peers_wlock(iphp->rrp.peers); +ngx_http_upstream_rr_peers_rlock(iphp->rrp.peers); if (iphp->tries > 20 || iphp->rrp.peers->single) { ngx_http_upstream_rr_peers_unlock(iphp->rrp.peers); @@ -201,7 +201,10 @@ ngx_http_upstream_get_ip_hash_peer(ngx_p ngx_log_debug2(NGX_LOG_DEBUG_HTTP, pc->log, 0, "get ip hash peer, hash: %ui %04XL", p, (uint64_t) m); +ngx_http_upstream_rr_peer_lock(iphp->rrp.peers, peer); + if (peer->down) { +ngx_http_upstream_rr_peer_unlock(iphp->rrp.peers, peer); goto next; } @@ -209,10 +212,12 @@ ngx_http_upstream_get_ip_hash_peer(ngx_p && peer->fails >= peer->max_fails && now - peer->checked <= peer->fail_timeout) { +ngx_http_upstream_rr_peer_unlock(iphp->rrp.peers, peer); goto next; } if (peer->max_conns && peer->conns >= peer->max_conns) { +ngx_http_upstream_rr_peer_unlock(iphp->rrp.peers, peer); goto next; } @@ -238,6 +243,7 @@ ngx_http_upstream_get_ip_hash_peer(ngx_p peer->checked = now; } +ngx_http_upstream_rr_peer_unlock(iphp->rrp.peers, peer); ngx_http_upstream_rr_peers_unlock(iphp->rrp.peers); iphp->rrp.tried[n] |= m; diff -r faf14dc9ab4d -r ed599ea6c1f1 src/stream/ngx_stream_upstream_hash_module.c --- a/src/stream/ngx_stream_upstream_hash_module.c Wed Jun 13 22:37:49 2018 +0300 +++ b/src/stream/ngx_stream_upstream_hash_module.c Thu Jun 14 07:03:50 2018 +0300 @@ -176,7 +176,7 @@ ngx_stream_upstream_get_hash_peer(ngx_pe ngx_log_debug1(NGX_LOG_DEBUG_STREAM, pc->log, 0, "get hash peer, try: %ui", pc->tries); -ngx_stream_upstream_rr_peers_wlock(hp->rrp.peers); +ngx_stream_upstream_rr_peers_rlock(hp->rrp.peers); if (hp->tries > 20 || hp->rrp.peers->single) { ngx_stream_upstream_rr_peers_unlock(hp->rrp.peers); @@ -227,10
Re: [nginx] Added r->schema.
On Fri, Jun 08, 2018 at 11:29:05AM +0800, 洪志道 wrote: > Hi. > > diff -r 8e6bb4e6045f src/http/ngx_http_variables.c > --- a/src/http/ngx_http_variables.c Thu Jun 07 20:04:22 2018 +0300 > +++ b/src/http/ngx_http_variables.c Thu Jun 07 12:20:05 2018 -0400 > @@ -1420,25 +1420,11 @@ > ngx_http_variable_scheme(ngx_http_request_t *r, > ngx_http_variable_value_t *v, uintptr_t data) > { > -#if (NGX_HTTP_SSL) > - > -if (r->connection->ssl) { > -v->len = sizeof("https") - 1; > -v->valid = 1; > -v->no_cacheable = 0; > -v->not_found = 0; > -v->data = (u_char *) "https"; > - > -return NGX_OK; > -} > - > -#endif > - > -v->len = sizeof("http") - 1; > v->valid = 1; > v->no_cacheable = 0; > v->not_found = 0; > -v->data = (u_char *) "http"; > +v->len = r->schema.len; > +v->data = r->schema.data; > > return NGX_OK; > } > > Thanks. A similar patch has already been considered and rejected: https://trac.nginx.org/nginx/ticket/1549#comment:5 See also https://trac.nginx.org/nginx/ticket/711. ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Removed extraneous check while processing request line.
details: http://hg.nginx.org/nginx/rev/21ad2af3262c branches: changeset: 7294:21ad2af3262c user: Ruslan Ermilov date: Thu Jun 07 19:53:43 2018 +0300 description: Removed extraneous check while processing request line. diffstat: src/http/ngx_http_request.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diffs (12 lines): diff -r d588987701f4 -r 21ad2af3262c src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c Thu Jun 07 11:47:10 2018 +0300 +++ b/src/http/ngx_http_request.c Thu Jun 07 19:53:43 2018 +0300 @@ -987,7 +987,7 @@ ngx_http_process_request_line(ngx_event_ return; } -if (r->host_start && r->host_end) { +if (r->host_end) { host.len = r->host_end - r->host_start; host.data = r->host_start; ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] HTTP/2: use scheme from original request for pushes (closes #1549).
details: http://hg.nginx.org/nginx/rev/8e6bb4e6045f branches: changeset: 7296:8e6bb4e6045f user: Ruslan Ermilov date: Thu Jun 07 20:04:22 2018 +0300 description: HTTP/2: use scheme from original request for pushes (closes #1549). Instead of the connection scheme, use scheme from the original request. This fixes pushes when SSL is terminated by a proxy server in front of nginx. diffstat: src/http/v2/ngx_http_v2.c | 15 ++- src/http/v2/ngx_http_v2_filter_module.c | 26 ++ 2 files changed, 20 insertions(+), 21 deletions(-) diffs (85 lines): diff -r 89430899c72a -r 8e6bb4e6045f src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c Thu Jun 07 20:01:41 2018 +0300 +++ b/src/http/v2/ngx_http_v2.c Thu Jun 07 20:04:22 2018 +0300 @@ -2616,15 +2616,12 @@ ngx_http_v2_push_stream(ngx_http_v2_stre r->method_name = ngx_http_core_get_method; r->method = NGX_HTTP_GET; -#if (NGX_HTTP_SSL) -if (fc->ssl) { -ngx_str_set(>schema, "https"); - -} else -#endif -{ -ngx_str_set(>schema, "http"); -} +r->schema.data = ngx_pstrdup(pool, >request->schema); +if (r->schema.data == NULL) { +goto close; +} + +r->schema.len = parent->request->schema.len; value.data = ngx_pstrdup(pool, path); if (value.data == NULL) { diff -r 89430899c72a -r 8e6bb4e6045f src/http/v2/ngx_http_v2_filter_module.c --- a/src/http/v2/ngx_http_v2_filter_module.c Thu Jun 07 20:01:41 2018 +0300 +++ b/src/http/v2/ngx_http_v2_filter_module.c Thu Jun 07 20:04:22 2018 +0300 @@ -944,15 +944,15 @@ ngx_http_v2_push_resource(ngx_http_reque ph = ngx_http_v2_push_headers; +len = ngx_max(r->schema.len, path->len); + if (binary[0].len) { -tmp = ngx_palloc(r->pool, path->len); +tmp = ngx_palloc(r->pool, len); if (tmp == NULL) { return NGX_ERROR; } } else { -len = path->len; - for (i = 0; i < NGX_HTTP_V2_PUSH_HEADERS; i++) { h = (ngx_table_elt_t **) ((char *) >headers_in + ph[i].offset); @@ -994,7 +994,7 @@ ngx_http_v2_push_resource(ngx_http_reque len = (h2c->table_update ? 1 : 0) + 1 + 1 + NGX_HTTP_V2_INT_OCTETS + path->len - + 1; + + 1 + NGX_HTTP_V2_INT_OCTETS + r->schema.len; for (i = 0; i < NGX_HTTP_V2_PUSH_HEADERS; i++) { len += binary[i].len; @@ -1025,18 +1025,20 @@ ngx_http_v2_push_resource(ngx_http_reque *pos++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_PATH_INDEX); pos = ngx_http_v2_write_value(pos, path->data, path->len, tmp); -#if (NGX_HTTP_SSL) -if (fc->ssl) { -ngx_log_debug0(NGX_LOG_DEBUG_HTTP, fc->log, 0, - "http2 push header: \":scheme: https\""); +ngx_log_debug1(NGX_LOG_DEBUG_HTTP, fc->log, 0, + "http2 push header: \":scheme: %V\"", >schema); + +if (r->schema.len == 5 && ngx_strncmp(r->schema.data, "https", 5) == 0) { *pos++ = ngx_http_v2_indexed(NGX_HTTP_V2_SCHEME_HTTPS_INDEX); -} else -#endif +} else if (r->schema.len == 4 + && ngx_strncmp(r->schema.data, "http", 4) == 0) { -ngx_log_debug0(NGX_LOG_DEBUG_HTTP, fc->log, 0, - "http2 push header: \":scheme: http\""); *pos++ = ngx_http_v2_indexed(NGX_HTTP_V2_SCHEME_HTTP_INDEX); + +} else { +*pos++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_SCHEME_HTTP_INDEX); +pos = ngx_http_v2_write_value(pos, r->schema.data, r->schema.len, tmp); } for (i = 0; i < NGX_HTTP_V2_PUSH_HEADERS; i++) { ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Added r->schema.
details: http://hg.nginx.org/nginx/rev/89430899c72a branches: changeset: 7295:89430899c72a user: Ruslan Ermilov date: Thu Jun 07 20:01:41 2018 +0300 description: Added r->schema. For HTTP/1, it keeps scheme from the absolute form of URI. For HTTP/2, the :scheme request pseudo-header field value. diffstat: src/http/ngx_http_core_module.c | 1 + src/http/ngx_http_request.c | 5 + src/http/ngx_http_request.h | 1 + src/http/v2/ngx_http_v2.c | 15 ++- 4 files changed, 13 insertions(+), 9 deletions(-) diffs (95 lines): diff -r 21ad2af3262c -r 89430899c72a src/http/ngx_http_core_module.c --- a/src/http/ngx_http_core_module.c Thu Jun 07 19:53:43 2018 +0300 +++ b/src/http/ngx_http_core_module.c Thu Jun 07 20:01:41 2018 +0300 @@ -2318,6 +2318,7 @@ ngx_http_subrequest(ngx_http_request_t * sr->unparsed_uri = r->unparsed_uri; sr->method_name = ngx_http_core_get_method; sr->http_protocol = r->http_protocol; +sr->schema = r->schema; ngx_http_set_exten(sr); diff -r 21ad2af3262c -r 89430899c72a src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c Thu Jun 07 19:53:43 2018 +0300 +++ b/src/http/ngx_http_request.c Thu Jun 07 20:01:41 2018 +0300 @@ -987,6 +987,11 @@ ngx_http_process_request_line(ngx_event_ return; } +if (r->schema_end) { +r->schema.len = r->schema_end - r->schema_start; +r->schema.data = r->schema_start; +} + if (r->host_end) { host.len = r->host_end - r->host_start; diff -r 21ad2af3262c -r 89430899c72a src/http/ngx_http_request.h --- a/src/http/ngx_http_request.h Thu Jun 07 19:53:43 2018 +0300 +++ b/src/http/ngx_http_request.h Thu Jun 07 20:01:41 2018 +0300 @@ -412,6 +412,7 @@ struct ngx_http_request_s { ngx_str_t method_name; ngx_str_t http_protocol; +ngx_str_t schema; ngx_chain_t *out; ngx_http_request_t *main; diff -r 21ad2af3262c -r 89430899c72a src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c Thu Jun 07 19:53:43 2018 +0300 +++ b/src/http/v2/ngx_http_v2.c Thu Jun 07 20:01:41 2018 +0300 @@ -2616,16 +2616,14 @@ ngx_http_v2_push_stream(ngx_http_v2_stre r->method_name = ngx_http_core_get_method; r->method = NGX_HTTP_GET; -r->schema_start = (u_char *) "https"; - #if (NGX_HTTP_SSL) if (fc->ssl) { -r->schema_end = r->schema_start + 5; +ngx_str_set(>schema, "https"); } else #endif { -r->schema_end = r->schema_start + 4; +ngx_str_set(>schema, "http"); } value.data = ngx_pstrdup(pool, path); @@ -3477,7 +3475,7 @@ ngx_http_v2_parse_scheme(ngx_http_reques u_char c, ch; ngx_uint_t i; -if (r->schema_start) { +if (r->schema.len) { ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, "client sent duplicate :scheme header"); @@ -3511,8 +3509,7 @@ ngx_http_v2_parse_scheme(ngx_http_reques return NGX_DECLINED; } -r->schema_start = value->data; -r->schema_end = value->data + value->len; +r->schema = *value; return NGX_OK; } @@ -3575,14 +3572,14 @@ ngx_http_v2_construct_request_line(ngx_h static const u_char ending[] = " HTTP/2.0"; if (r->method_name.len == 0 -|| r->schema_start == NULL +|| r->schema.len == 0 || r->unparsed_uri.len == 0) { if (r->method_name.len == 0) { ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, "client sent no :method header"); -} else if (r->schema_start == NULL) { +} else if (r->schema.len == 0) { ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, "client sent no :scheme header"); ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Allowed digits, '+', '-', and '.' in scheme names as per RFC 3986.
details: http://hg.nginx.org/nginx/rev/f9661f56c717 branches: changeset: 7292:f9661f56c717 user: Ruslan Ermilov date: Thu May 24 12:06:35 2018 +0300 description: Allowed digits, '+', '-', and '.' in scheme names as per RFC 3986. diffstat: src/http/ngx_http_parse.c | 5 + 1 files changed, 5 insertions(+), 0 deletions(-) diffs (15 lines): diff -r 3482c069e050 -r f9661f56c717 src/http/ngx_http_parse.c --- a/src/http/ngx_http_parse.c Wed Jun 06 13:31:05 2018 +0300 +++ b/src/http/ngx_http_parse.c Thu May 24 12:06:35 2018 +0300 @@ -307,6 +307,11 @@ ngx_http_parse_request_line(ngx_http_req break; } +if ((ch >= '0' && ch <= '9') || ch == '+' || ch == '-' || ch == '.') +{ +break; +} + switch (ch) { case ':': r->schema_end = p; ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] HTTP/2: validate client request scheme.
details: http://hg.nginx.org/nginx/rev/d588987701f4 branches: changeset: 7293:d588987701f4 user: Ruslan Ermilov date: Thu Jun 07 11:47:10 2018 +0300 description: HTTP/2: validate client request scheme. The scheme is validated as per RFC 3986, Section 3.1. diffstat: src/http/v2/ngx_http_v2.c | 23 +++ 1 files changed, 23 insertions(+), 0 deletions(-) diffs (40 lines): diff -r f9661f56c717 -r d588987701f4 src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c Thu May 24 12:06:35 2018 +0300 +++ b/src/http/v2/ngx_http_v2.c Thu Jun 07 11:47:10 2018 +0300 @@ -3474,6 +3474,9 @@ ngx_http_v2_parse_method(ngx_http_reques static ngx_int_t ngx_http_v2_parse_scheme(ngx_http_request_t *r, ngx_str_t *value) { +u_char c, ch; +ngx_uint_t i; + if (r->schema_start) { ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, "client sent duplicate :scheme header"); @@ -3488,6 +3491,26 @@ ngx_http_v2_parse_scheme(ngx_http_reques return NGX_DECLINED; } +for (i = 0; i < value->len; i++) { +ch = value->data[i]; + +c = (u_char) (ch | 0x20); +if (c >= 'a' && c <= 'z') { +continue; +} + +if (((ch >= '0' && ch <= '9') || ch == '+' || ch == '-' || ch == '.') +&& i > 0) +{ +continue; +} + +ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "client sent invalid :scheme header: \"%V\"", value); + +return NGX_DECLINED; +} + r->schema_start = value->data; r->schema_end = value->data + value->len; ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Core: fixed comment about ngx_current_msec after 81fae70d6cb8.
details: http://hg.nginx.org/nginx/rev/76e7e20cda05 branches: changeset: 7280:76e7e20cda05 user: Ruslan Ermilov date: Tue May 29 16:15:19 2018 +0300 description: Core: fixed comment about ngx_current_msec after 81fae70d6cb8. The value is no longer guaranteed to be based on milliseconds elapsed since Epoch. diffstat: src/core/ngx_times.h | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diffs (14 lines): diff -r f95de1361039 -r 76e7e20cda05 src/core/ngx_times.h --- a/src/core/ngx_times.h Tue May 29 11:47:32 2018 +0300 +++ b/src/core/ngx_times.h Tue May 29 16:15:19 2018 +0300 @@ -43,8 +43,8 @@ extern volatile ngx_str_tngx_cached_ extern volatile ngx_str_tngx_cached_syslog_time; /* - * milliseconds elapsed since epoch and truncated to ngx_msec_t, - * used in event timers + * milliseconds elapsed since some unspecified point in the past + * and truncated to ngx_msec_t, used in event timers */ extern volatile ngx_msec_t ngx_current_msec; ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Win32: fixed comment in ngx_gettimeofday() calculations.
details: http://hg.nginx.org/nginx/rev/f95de1361039 branches: changeset: 7279:f95de1361039 user: Ruslan Ermilov date: Tue May 29 11:47:32 2018 +0300 description: Win32: fixed comment in ngx_gettimeofday() calculations. diffstat: src/os/win32/ngx_time.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diffs (12 lines): diff -r eca3e054e978 -r f95de1361039 src/os/win32/ngx_time.c --- a/src/os/win32/ngx_time.c Wed May 23 16:38:16 2018 +0300 +++ b/src/os/win32/ngx_time.c Tue May 29 11:47:32 2018 +0300 @@ -23,7 +23,7 @@ ngx_gettimeofday(struct timeval *tp) * January 1, 1601 12:00 A.M. UTC. * * Between January 1, 1970 (Epoch) and January 1, 1601 there were - * 134744 days, + * 134774 days, * 11644473600 seconds or * 11644473600,000,000,0 100-nanosecond intervals. * ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Resolver: close UDP socket on error or incomplete send.
details: http://hg.nginx.org/nginx/rev/a90f7812de35 branches: changeset: 7276:a90f7812de35 user: Ruslan Ermilov <r...@nginx.com> date: Wed May 23 10:41:38 2018 +0300 description: Resolver: close UDP socket on error or incomplete send. diffstat: src/core/ngx_resolver.c | 11 +-- 1 files changed, 9 insertions(+), 2 deletions(-) diffs (28 lines): diff -r e15bf978447e -r a90f7812de35 src/core/ngx_resolver.c --- a/src/core/ngx_resolver.c Wed May 23 10:41:29 2018 +0300 +++ b/src/core/ngx_resolver.c Wed May 23 10:41:38 2018 +0300 @@ -1300,15 +1300,22 @@ ngx_resolver_send_udp_query(ngx_resolver n = ngx_send(rec->udp, query, qlen); if (n == NGX_ERROR) { -return NGX_ERROR; +goto failed; } if ((size_t) n != (size_t) qlen) { ngx_log_error(NGX_LOG_CRIT, >log, 0, "send() incomplete"); -return NGX_ERROR; +goto failed; } return NGX_OK; + +failed: + +ngx_close_connection(rec->udp); +rec->udp = NULL; + +return NGX_ERROR; } ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Resolver: style.
details: http://hg.nginx.org/nginx/rev/e15bf978447e branches: changeset: 7275:e15bf978447e user: Ruslan Ermilov <r...@nginx.com> date: Wed May 23 10:41:29 2018 +0300 description: Resolver: style. diffstat: src/core/ngx_resolver.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diffs (21 lines): diff -r 66aa2c1e82e6 -r e15bf978447e src/core/ngx_resolver.c --- a/src/core/ngx_resolver.c Mon May 21 23:11:27 2018 +0300 +++ b/src/core/ngx_resolver.c Wed May 23 10:41:29 2018 +0300 @@ -1299,7 +1299,7 @@ ngx_resolver_send_udp_query(ngx_resolver n = ngx_send(rec->udp, query, qlen); -if (n == -1) { +if (n == NGX_ERROR) { return NGX_ERROR; } @@ -4546,7 +4546,7 @@ ngx_tcp_connect(ngx_resolver_connection_ level = NGX_LOG_CRIT; } -ngx_log_error(level, c->log, err, "connect() to %V failed", +ngx_log_error(level, >log, err, "connect() to %V failed", >server); ngx_close_connection(c); ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: Is there a particular reason --with-compat isn't enabled by default?
On Wed, May 09, 2018 at 12:29:06PM -0400, Thomas Ward wrote: > In regards to several off-lists inquiries downstream about people trying > to add additional third party modules, I've gone and started seeking > justification for enabling --with-compat. > > Downstream in Ubuntu, I'm getting pushback in that the question of "Why > do we need to enable this, what does it add?". I'm trying to find that > justification for it, and the best I can find is Maxim's statements on a > 2016 email/forum thread about how it actually makes dynamic module > support truly work (in a nutshell). [1] > > Further, there's pushback about "Will package security updates and > patches change the module ABI on security fixes or bug fixes?". I don't > have a clear answer on this, and I had this question back when dynamic > module support was introduced, but never got a clear answer on this > point. It does beg consideration with regards to dynamic module support > whether a simple patch applied to the same exact NGINX version will > break ABI. The way we handle security patches and such downstream is we > apply patches to the existing NGINX version via `quilt`, which applies > the patch at build time. Whether this makes an ABI change or not I > couldn't say, so I'm hunting a response from you, the devs, to give me a > clear answer on this. > > So, for those who didn't read everything there's two questions here: > > (A) Other than making dynamic module support "work better", what does > --with-compat actually do behind the scenes (In a nutshell)? It enables some macros and alters some structures in a way that's compatible with NGINX Plus, built with the same option. Practically this means that checksums of module loadable objects will be identical between when using F/OSS sources and when using NGINX Plus sources. Searching for "NGX_COMPAT" throughout the F/OSS source code will give enough details. > (B) Will a simple patch that patches security issues or adds fixes to > something later on but doesn't change the core NGINX version numbering > change the module ABI in such a way that it'll break modules built > against nginx without that patch (assuming that --with-compat was added, > since it's apparently needed to make dynamic modules 'actually work') If a patch is simple, this is highly unlikely. For a patch to break the ABI, at least some externally visible structures should be changed in some backwards incompatible ways. ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel