value(conf->upstream.limit_rate,
> > + prev->upstream.limit_rate, NULL);
> >
> >
> > ngx_conf_merge_bufs_value(conf->upstream.bufs, prev->upstream.bufs,
> > diff -r f366007dd23a -r 98306e705015 s
details: https://hg.nginx.org/nginx/rev/f7d53c7f7014
branches:
changeset: 9248:f7d53c7f7014
user: Roman Arutyunyan
date: Thu May 23 19:15:38 2024 +0400
description:
Optimized chain link usage (ticket #2614).
Previously chain links could sometimes be dropped instead of being reused
have CUBIC in our roadmap.
BBR will be our next step after it, but no particular plans about it so far.
--
Roman Arutyunyan
___
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Hi,
Following an internal discussion with Sergey, here's an updated version of
the patch.
On Thu, May 23, 2024 at 01:42:24PM +0400, Roman Arutyunyan wrote:
> Hi,
>
> On Wed, May 22, 2024 at 06:14:26PM +0400, Roman Arutyunyan wrote:
> > Hi,
> >
> > Indeed there'
Hi,
On Wed, May 22, 2024 at 06:14:26PM +0400, Roman Arutyunyan wrote:
> Hi,
>
> Indeed there's a problem there. We have similar problems in other places as
> well. Attached is a patch that fixes all I could find.
>
> I did some testing for the sub_filter with the follow
----------
>
> Best regards,
> Sangmin
> ___
> nginx-devel mailing list
> nginx-devel@nginx.org
> https:/
.nginx.org/mailman/listinfo/nginx-devel
--
Roman Arutyunyan
___
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
details: https://hg.nginx.org/nginx/rev/89093b003fcb
branches:
changeset: 9246:89093b003fcb
user: Roman Arutyunyan
date: Fri May 03 20:26:05 2024 +0400
description:
Stream pass: disabled passing from or to udp.
Passing from udp was not possible for the most part due to preread
Hi,
On Fri, May 03, 2024 at 08:24:16PM +0400, Sergey Kandaurov wrote:
>
> > On 26 Apr 2024, at 15:15, Roman Arutyunyan wrote:
> >
> > # HG changeset patch
> > # User Roman Arutyunyan
> > # Date 1714057362 -14400
> > # Thu Apr 25 19:02:42 2024 +0
> -*last++ = ':';
> -
> pkey = ENGINE_load_private_key(engine, (char *) last, 0, 0);
>
> if (pkey == NULL) {
> ___
> nginx-devel mailing list
> nginx-devel@nginx.org
> https://mailman.nginx.org/mailman/li
Apr 23 17:11:14 2024 +0800
> @@ -304,6 +304,10 @@
> c->idle = 1;
> ngx_reusable_connection(c, 0);
>
> + if (ngx_exiting) {
> + c->close = 1;
> + }
> +
> if (c->buffer) {
> p = c->buffer->pos;
> end = c->buffer->last;
This solution allows reading an
uld not abort the request. Please check the
error log for the real reason why this is happening.
> On Fri, Apr 26, 2024 at 8:20 AM Roman Arutyunyan wrote:
> >
> > Hi,
> >
> > > On 25 Apr 2024, at 8:10 AM, Saint Michael wrote:
> > >
&
ctive (which is also the default)
explicitly enables skipping them, and this fact is reported in log.
Turn it off and those characters (dot in your case) will pass.
---
Roman Arutyunyan
a...@nginx.com
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
# HG changeset patch
# User Roman Arutyunyan
# Date 1714057362 -14400
# Thu Apr 25 19:02:42 2024 +0400
# Branch stable-1.26
# Node ID a60cd9c99efcc1204e6d395104beb39883308c93
# Parent cdf74ac25b47ec928b53aa82ccc1c3d288a2f81c
Stream pass: disabled passing from or to udp.
Passing from udp
;
> Many thanks,
> Alex
>
>
> ___
> nginx mailing list
> ng...@nginx.org <mailto:ng...@nginx.org>
> https://mailman.nginx.org/mailman/listinfo/nginx
Roman Arutyunyan
a...@nginx.com
___
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Hi,
> On 20 Apr 2024, at 6:12 PM, Marcin Wanat wrote:
>
> Hi,
>
> I discovered a patch for QUIC that enables the use of sendmmsg() with
> GSO, authored by Roman Arutyunyan:
>
> https://mailman.nginx.org/pipermail/nginx-devel/2023-July/4ZTXGDMY2LC4VRZRBNBXGULYHS
ith the introduction of ngx_stream_pass_module, you
can terminate TLS in one server and then switch to another server for access
control.
server {
listen 9000 ssl;
...
pass 127.0.0.1:9001;
}
server {
listen 127.0.0.1:9001;
# access control in access phase
...
}
---
> }
>
> …. много location
>
> }
>
> server {
> listen *:80;
> server_name some.local;
>
> …. много location
>
> }
>
> Best, VS
> _______
> ngin
Changes with nginx 1.26.023 Apr 2024
*) 1.26.x stable branch.
Roman Arutyunyan
a...@nginx.com
___
nginx-announce mailing list
nginx-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
Изменения в nginx 1.26.0 23.04.2024
*) Стабильная ветка 1.26.x.
Roman Arutyunyan
a...@nginx.com
___
nginx-ru-announce mailing list
nginx-ru-announce@nginx.org
https://mailman.nginx.org/mailman/listinfo
Изменения в nginx 1.26.0 23.04.2024
*) Стабильная ветка 1.26.x.
Roman Arutyunyan
a...@nginx.com
___
nginx-ru mailing list
nginx-ru@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-ru
Changes with nginx 1.26.023 Apr 2024
*) 1.26.x stable branch.
Roman Arutyunyan
a...@nginx.com
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
details: https://hg.nginx.org/nginx/rev/cdf74ac25b47
branches: stable-1.26
changeset: 9242:cdf74ac25b47
user: Roman Arutyunyan
date: Tue Apr 23 18:04:32 2024 +0400
description:
release-1.26.0 tag
diffstat:
.hgtags | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diffs (8
details: https://hg.nginx.org/nginx/rev/a58202a8c41b
branches: stable-1.26
changeset: 9241:a58202a8c41b
user: Roman Arutyunyan
date: Tue Apr 23 17:40:08 2024 +0400
description:
nginx-1.26.0-RELEASE
diffstat:
docs/xml/nginx/changes.xml | 14 ++
1 files changed, 14
details: https://hg.nginx.org/nginx/rev/52f427a4c97e
branches: stable-1.26
changeset: 9240:52f427a4c97e
user: Roman Arutyunyan
date: Tue Apr 23 17:31:41 2024 +0400
description:
Stable branch.
diffstat:
src/core/nginx.h | 4 ++--
1 files changed, 2 insertions(+), 2 deletions
Hi,
On Tue, Apr 23, 2024 at 05:14:54PM +0400, Sergey Kandaurov wrote:
>
> > On 22 Apr 2024, at 19:00, Sergey Kandaurov wrote:
> >
> > # HG changeset patch
> > # User Sergey Kandaurov
> > # Date 1713798017 -14400
> > # Mon Apr 22 19:00:17 2024 +0400
> > # Node ID
entails "directly" in "allows passing the accepted connection
> directly to any configured listening socket"?
In case of "pass" there's no proxying, hence zero overhead.
The connection is passed to the new listening socket li
Sikora.
*) Исправление: неожиданное закрытие соединения при использовании 0-RTT
в QUIC.
Спасибо Владимиру Хомутову.
Roman Arutyunyan
a...@nginx.com
___
nginx-ru-announce mailing list
nginx-ru-announce@nginx.org
https
Sikora.
*) Исправление: неожиданное закрытие соединения при использовании 0-RTT
в QUIC.
Спасибо Владимиру Хомутову.
Roman Arutyunyan
a...@nginx.com
___
nginx-ru mailing list
nginx-ru@nginx.org
https://mailman.nginx.org/mailman
rovements.
Thanks to Piotr Sikora.
*) Bugfix: unexpected connection closure while using 0-RTT in QUIC.
Thanks to Vladimir Khomutov.
Roman Arutyunyan
a...@nginx.com
___
nginx-announce mailing list
nginx-announce@nginx.org
https://
rovements.
Thanks to Piotr Sikora.
*) Bugfix: unexpected connection closure while using 0-RTT in QUIC.
Thanks to Vladimir Khomutov.
Roman Arutyunyan
a...@nginx.com
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
details: https://hg.nginx.org/nginx/rev/49dce50fad40
branches:
changeset: 9239:49dce50fad40
user: Roman Arutyunyan
date: Tue Apr 16 18:29:59 2024 +0400
description:
release-1.25.5 tag
diffstat:
.hgtags | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diffs (8 lines
details: https://hg.nginx.org/nginx/rev/8618e4d900cc
branches:
changeset: 9238:8618e4d900cc
user: Roman Arutyunyan
date: Tue Apr 16 18:27:50 2024 +0400
description:
nginx-1.25.5-RELEASE
diffstat:
docs/xml/nginx/changes.xml | 77 ++
1
details: https://hg.nginx.org/nginx/rev/9f84f2e49c62
branches:
changeset: 9237:9f84f2e49c62
user: Roman Arutyunyan
date: Thu Apr 11 11:37:30 2024 +0400
description:
Stream pass: limited the number of passes per connection.
Previously a cycle in pass configuration resulted in stack
Hi,
> On 10 Apr 2024, at 10:57 AM, Vladimir Homutov wrote:
>
> On Tue, Apr 09, 2024 at 03:02:21PM +0400, Roman Arutyunyan wrote:
>> Hello Vladimir,
>>
>> On Mon, Apr 08, 2024 at 03:03:27PM +0300, Vladimir Homutov via nginx-devel
>> wrote:
>>> On Fr
details: https://hg.nginx.org/nginx/rev/155c9093de9d
branches:
changeset: 9236:155c9093de9d
user: Vladimir Khomutov
date: Wed Apr 10 09:38:10 2024 +0300
description:
QUIC: fixed close timer processing with early data.
The ngx_quic_run() function uses qc->close timer to limit the
Hello Vladimir,
On Mon, Apr 08, 2024 at 03:03:27PM +0300, Vladimir Homutov via nginx-devel
wrote:
> On Fri, Sep 22, 2023 at 03:36:25PM +0000, Roman Arutyunyan wrote:
> > details: https://hg.nginx.org/nginx/rev/ad3d34ddfdcc
> > branches:
> > changeset: 9158:ad3d34ddfdcc
I like the idea of fixing address collisions between modules. However, the
patch does not fix the problem entirely and leaves
room for misconfigurations. IMHO we need to think how to properly fix this.
One way for fixing this is rejecting any overlapping listen addresses. We need
to evaluate how likely it is that reasonable
configurations will be restricted by this. It doesn't seem likely to me.
Roman Arutyunyan
a...@nginx.com
___
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Hi,
On Fri, Mar 22, 2024 at 06:41:12PM +0400, Sergey Kandaurov wrote:
> # HG changeset patch
> # User Sergey Kandaurov
> # Date 178390 -14400
> # Fri Mar 22 18:39:50 2024 +0400
> # Node ID 96ff3f8b7e508a345c18bb1e1071f248f1e5a75c
> # Parent 6317e21a15e083a215b52480b8ef473fdfe34158
>
Hi,
On Wed, Mar 13, 2024 at 09:08:43PM +0400, Sergey Kandaurov wrote:
> On Mon, Mar 11, 2024 at 04:44:15PM +0400, Roman Arutyunyan wrote:
> > Hi,
> >
> > On Wed, Mar 06, 2024 at 06:50:26PM +0400, Sergey Kandaurov wrote:
> > > On Thu, Feb 22, 2024 at 07:17:26PM
details: https://hg.nginx.org/nginx/rev/913518341c20
branches:
changeset: 9217:913518341c20
user: Roman Arutyunyan
date: Wed Feb 21 17:36:02 2024 +0400
description:
Stream: ngx_stream_pass_module.
The module allows to pass connections from Stream to other modules such as HTTP
details: https://hg.nginx.org/nginx/rev/e28b044908cb
branches:
changeset: 9216:e28b044908cb
user: Roman Arutyunyan
date: Thu Dec 14 21:58:39 2023 +0400
description:
Stream: virtual servers.
Server name is taken either from ngx_stream_ssl_module or
ngx_stream_ssl_preread_module
details: https://hg.nginx.org/nginx/rev/cf890df37bb6
branches:
changeset: 9215:cf890df37bb6
user: Roman Arutyunyan
date: Wed Dec 13 18:04:55 2023 +0400
description:
Stream: socket peek in preread phase.
Previously, preread buffer was always read out from socket, which made
details: https://hg.nginx.org/nginx/rev/d6f8a2c31cde
branches:
changeset: 9214:d6f8a2c31cde
user: Roman Arutyunyan
date: Thu Mar 21 17:06:21 2024 +0400
description:
Version bump.
diffstat:
src/core/nginx.h | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diffs (14
|| defined OPENSSL_IS_AWSLC
> \
> || defined LIBRESSL_VERSION_NUMBER
> \
> || NGX_QUIC_OPENSSL_COMPAT
> #define NGX_QUIC_BORINGSSL_API 1
> @@ -578,7 +579,7 @@
> return NGX_ERROR;
> }
>
> -#ifdef OPENSSL_IS_BORINGSSL
> +#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
> if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) {
> ngx_log_error(NGX_LOG_INFO, c->log, 0,
>"quic SSL_set_quic_early_data_context() failed");
It looks like this library is not super popular, but the patch is relatively
large. Also, compiling nginx with -DOPENSSL_IS_BORINGSSL should probably solve
the issue.
--
Roman Arutyunyan
___
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
+ngx_libc_crypt(ngx_pool_t *pool, u_char *key, u_char *salt, u_char
> **encrypted)
> +{
> +return NGX_ERROR;
> +}
> +
> #endif
>
> #endif /* NGX_CRYPT */
> ___
> nginx-devel mailing list
> nginx-devel@nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx-devel
--
Roman Arutyunyan
___
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
r need to explicitly
initialize fields to zero. Also, I think we need more details about the
uninitialized memory access. See updated patch.
--
Roman Arutyunyan
# HG changeset patch
# User Piotr Sikora
# Date 1710427040 -14400
# Thu Mar 14 18:37:20 2024 +0400
# Node ID bd1
ength "";
> > proxy_set_headerX-Original-URI $request_uri;
> > }
> >
> > location @error401 {
> > return 302 /login;
> > }
> >
> > #error_page 404
Hi,
On Wed, Mar 06, 2024 at 06:50:26PM +0400, Sergey Kandaurov wrote:
> On Thu, Feb 22, 2024 at 07:17:26PM +0400, Roman Arutyunyan wrote:
> > Hi,
> >
> > On Thu, Feb 22, 2024 at 01:59:25AM +, J Carter wrote:
> > > Hello Roman,
> > >
> > >
# HG changeset patch
# User Roman Arutyunyan
# Date 1707486707 -28800
# Fri Feb 09 21:51:47 2024 +0800
# Node ID 4584ba4b1d65a90f69201cecf1f1e650c1cbd87b
# Parent 5d28510b62bffba3187d7fe69baccd2d2da41a12
QUIC: input packet batching with recvmmsg().
diff --git a/auto/os/linux b/auto/os
# HG changeset patch
# User Roman Arutyunyan
# Date 1709833123 -28800
# Fri Mar 08 01:38:43 2024 +0800
# Node ID 5d28510b62bffba3187d7fe69baccd2d2da41a12
# Parent 2ed3f57dca0a664340bca2236c7d614902db4180
QUIC: output packet batching with sendmmsg().
diff --git a/auto/os/linux b/auto/os
, but the
testing is still ongoing.
--
Roman Arutyunyan
___
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
ngx_feature="PCRE library in /opt/homebrew/"
> +ngx_feature_path="/opt/homebrew/include"
> +
> +if [ $NGX_RPATH = YES ]; then
> +ngx_feature_libs="-R/opt/homebrew/lib -L/opt/homebrew/lib
&
Hi Maxim,
> On 6 Mar 2024, at 12:28 AM, Maxim Dounin wrote:
>
> Hello!
>
> On Mon, Mar 04, 2024 at 06:46:23PM +0400, Roman Arutyunyan wrote:
>
>> # HG changeset patch
>> # User Roman Arutyunyan
>> # Date 1709563405 -14400
>> # M
# HG changeset patch
# User Roman Arutyunyan
# Date 1709563405 -14400
# Mon Mar 04 18:43:25 2024 +0400
# Node ID 3b0be477ab7246caba4c5152286b8be520ee0418
# Parent 44da04c2d4db94ad4eefa84b299e07c5fa4a00b9
Fixed 413 custom error page for HTTP/2 and HTTP/3 (ticket #2609).
Previously
Hi,
On Wed, Feb 28, 2024 at 02:15:40PM +0400, Sergey Kandaurov wrote:
> On Wed, Feb 21, 2024 at 05:37:51PM +0400, Roman Arutyunyan wrote:
> > Hi,
> >
> > On Tue, Feb 13, 2024 at 02:46:35PM +0400, Sergey Kandaurov wrote:
> > >
> > > > On 10 N
w...@nginx.org
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of nginx-devel digest..."
> >
> >
> > Today's Topics:
> >
> >1. Re: Inquiry Regarding Handling of QUIC Connections During
> > Ngi
nt sockets using
--without-quic_client_sockets. Otherwise just apply the first 3 patches.
Here's a relevant trac ticket:
https://trac.nginx.org/nginx/ticket/2528
--
Roman Arutyunyan
___
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Hi,
On Thu, Feb 22, 2024 at 01:59:25AM +, J Carter wrote:
> Hello Roman,
>
> On Wed, 21 Feb 2024 17:29:52 +0400
> Roman Arutyunyan wrote:
>
> > Hi,
> >
>
> [...]
>
> > Checking whether the address used in PROXY writer is in fact the addre
Hi,
On Tue, Feb 13, 2024 at 02:46:35PM +0400, Sergey Kandaurov wrote:
>
> > On 10 Nov 2023, at 14:07, Roman Arutyunyan wrote:
> >
> > # HG changeset patch
> > # User Roman Arutyunyan
> > # Date 1699543504 -14400
> > # Thu N
Hi,
On Wed, Jan 24, 2024 at 12:03:06AM +0300, Maxim Dounin wrote:
> Hello!
>
> On Mon, Jan 22, 2024 at 07:48:01PM +0400, Roman Arutyunyan wrote:
>
> > Hi,
> >
> > On Mon, Jan 22, 2024 at 02:59:21PM +0300, Maxim Dounin wrote:
> > > Hello!
> > >
ssl.{a|so}. Those artifacts are usually
> > placed in a lib/ directory, not in separate ssl/ and crypto/
> > directories. (Two separate directories may be a BoringSSL-ism).
> >
> > So I believe the proper flag would be similar to:
> >
> > --with-ld-op
ve related parameters as per the nginx config
> above and also check on the OS's TCP tunable and i could not find any
> related settings which make NGINX to kill the TCP connection.
>
> Anyone encountering the same issues?
> ___
> nginx mailing list
> nginx@nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx
--
Roman Arutyunyan
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
but to open source
software and the Internet itself.
We wish you the best of luck and would be pleased to work with you again
in future.
--
Roman Arutyunyan
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
details: https://hg.nginx.org/nginx/rev/2ed3f57dca0a
branches:
changeset: 9208:2ed3f57dca0a
user: Roman Arutyunyan
date: Wed Feb 14 16:56:28 2024 +0400
description:
QUIC: fixed unsent MTU probe acknowledgement.
Previously if an MTU probe send failed early in ngx_quic_frame_sendto
Hi,
On Tue, Feb 13, 2024 at 04:54:24PM +0400, Sergey Kandaurov wrote:
>
> > On 9 Feb 2024, at 13:56, Roman Arutyunyan wrote:
> >
> > # HG changeset patch
> > # User Roman Arutyunyan
> > # Date 1707472496 -14400
> > # Fri F
/src/http/modules/ngx_http_ssl_module.c
As you see in ngx_http_ssl_servername() code, it already assumes that c->data
references a ngx_http_connection_t object, so can you.
> Regards,
> Gabriel
>
> On Wed, Feb 7, 2024 at 11:29 AM Roman Arutyunyan wrote:
>
> > Hi,
>
# HG changeset patch
# User Roman Arutyunyan
# Date 1707472496 -14400
# Fri Feb 09 13:54:56 2024 +0400
# Node ID 9b89f44ddd3637afc939e31de348c7986ae9e76d
# Parent 73eb75bee30f4aee66edfb500270dbb14710aafd
QUIC: fixed unsent MTU probe acknowledgement.
Previously if an MTU probe send failed
1 as well.
You need to know what's the current connection stage to tell this.
ngx_http_v3_init_session() is called right before initializing QUIC streams for
the session.
When exactly do you call your function?
[..]
--
Roman Arutyunyan
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
if (rc == NGX_DECLINED) {
> +return;
> +}
> +
> ngx_http_finalize_request(r, NGX_DONE);
> return;
> }
> ___
> nginx-devel mailing list
> nginx-devel@nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx-devel
The patch seems ok, but needs to be tested.
--
Roman Arutyunyan
___
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Hi,
On Mon, Jan 29, 2024 at 10:58:09AM +0300, Maxim Dounin wrote:
> Hello!
>
> On Fri, Jan 26, 2024 at 04:02:30PM +0400, Roman Arutyunyan wrote:
>
> > On Mon, Nov 27, 2023 at 05:50:24AM +0300, Maxim Dounin wrote:
> > > # HG changeset patch
> > > # User M
Hi,
On Mon, Nov 27, 2023 at 05:50:24AM +0300, Maxim Dounin wrote:
> # HG changeset patch
> # User Maxim Dounin
> # Date 1701049682 -10800
> # Mon Nov 27 04:48:02 2023 +0300
> # Node ID a5e39e9d1f4c84dcbe6a2f9e079372a3d63aef0b
> # Parent f366007dd23a6ce8e8427c1b3042781b618a2ade
> Fixed
thus
> increase nginx resource usage), and ideally in combination with properly
> configured clients:
[..]
I suggest a simpler patch which disables idle mode for HTTP keepalive
connections. Such connections will not be closed until one of the timeouts
(keepalive_timeout or worker_shutdown
Hi,
On Mon, Jan 22, 2024 at 02:59:21PM +0300, Maxim Dounin wrote:
> Hello!
>
> On Mon, Jan 22, 2024 at 02:49:54PM +0400, Roman Arutyunyan wrote:
>
> > # HG changeset patch
> > # User Roman Arutyunyan
> > # Date 1705916128 -14400
> > # Mon Jan
# HG changeset patch
# User Roman Arutyunyan
# Date 1705916128 -14400
# Mon Jan 22 13:35:28 2024 +0400
# Node ID 2f12c929527b2337c15ef99d3a4dc97819b61fbd
# Parent ee40e2b1d0833b46128a357fbc84c6e23be9be07
Avoiding mixed socket families in PROXY protocol v1 (ticket #2594).
When using realip
Hi,
On Thu, Jan 18, 2024 at 06:51:32PM +0400, Sergey Kandaurov wrote:
>
> > On 9 Jan 2024, at 19:39, Roman Arutyunyan wrote:
> >
> > Hi,
> >
> > On Fri, Dec 15, 2023 at 07:37:47PM +0400, Sergey Kandaurov wrote:
> >> # HG changeset patch
> >&
Hi,
On Thu, Jan 18, 2024 at 05:43:08PM +0400, Sergey Kandaurov wrote:
>
> > On 4 Jan 2024, at 20:03, Roman Arutyunyan wrote:
> >
> > Hi,
> >
> > On Wed, Dec 27, 2023 at 06:34:58PM +0400, Sergey Kandaurov wrote:
> >> On Wed, Dec 13, 2023 a
r(NGX_LOG_EMERG, cf, 0,
> + "invalid setfib \"%V\"", [i]);
> +return NGX_CONF_ERROR;
> +}
> +
> + continue;
> +}
> +#endif
> +
> #if (NGX_HAVE_TCP_FASTOPEN)
>
[i]);
> +#endif
> +continue;
> + }
> +
> if (ngx_strcmp(value[i].data, "deferred") == 0) {
> #if (NGX_HAVE_DEFERRED_ACCEPT && defined TCP_DEFER_ACCEPT)
> lsopt.deferred_accept = 1;
Again, for UDP this needs to be disabled.
Also, we need to check for similar parameters in http/quic.
--
Roman Arutyunyan
___
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
, "ipv6only=o", 10) == 0) {
> #if (NGX_HAVE_INET6 && defined IPV6_V6ONLY)
> if (ngx_strcmp([i].data[10], "n") == 0) {
We should trigger an error if this option (TCP_DEFER_ACCEPT) is set for UDP.
We have a block "if (lsopt.type == SOCK_DGRAM) {}" later in this function.
--
Roman Arutyunyan
___
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Hi,
On Fri, Dec 15, 2023 at 07:37:46PM +0400, Sergey Kandaurov wrote:
> # HG changeset patch
> # User Sergey Kandaurov
> # Date 1702648226 -14400
> # Fri Dec 15 17:50:26 2023 +0400
> # Node ID 4d90cb223fdb9e3e6c148726e36cec7835b2f0f8
> # Parent de11f5373157db6c1e22dbad2ab4014143a5e8f8
>
Hi,
On Fri, Dec 15, 2023 at 07:37:45PM +0400, Sergey Kandaurov wrote:
> # HG changeset patch
> # User Sergey Kandaurov
> # Date 1702647536 -14400
> # Fri Dec 15 17:38:56 2023 +0400
> # Node ID de11f5373157db6c1e22dbad2ab4014143a5e8f8
> # Parent cb377d36446e1ce22b71848a4a138564b2e38719
>
Hi,
On Fri, Dec 15, 2023 at 07:37:44PM +0400, Sergey Kandaurov wrote:
> # HG changeset patch
> # User Sergey Kandaurov
> # Date 1702646778 -14400
> # Fri Dec 15 17:26:18 2023 +0400
> # Node ID cb377d36446e1ce22b71848a4a138564b2e38719
> # Parent 763803589a36e3c67cbe39dd324b4e91fe57ecb7
>
rl
> 5 0.3% 91.6% 5 0.3% aesni_ctr32_encrypt_blocks
> 5 0.3% 91.8% 5 0.3% ngx_quic_alloc_buf
> 5 0.3% 92.1% 15 0.8% ngx_quic_handle_ack_frame_range
> 5 0.3% 92.4% 59 3.3% ngx_quic_handle_datagram
> 4 0.2% 92.6%
авимой со скоростью по протоколу HTTP/1.1?
kTLS не работает для HTTP/3. Шифрование QUIC-пакетов производится вручную в
коде nginx. Не очень понятно, как kTLS может помочь в случае QUIC, учитывая
сложность протокола.
--
Roman Arutyunyan
__
Hi,
On Wed, Dec 27, 2023 at 06:34:58PM +0400, Sergey Kandaurov wrote:
> On Wed, Dec 13, 2023 at 06:06:59PM +0400, Roman Arutyunyan wrote:
>
> > # HG changeset patch
> > # User Roman Arutyunyan
> > # Date 1702476295 -14400
> > # Wed Dec 13 18:
Hi,
On Fri, Dec 15, 2023 at 04:40:37PM +0400, Sergey Kandaurov wrote:
>
> > On 30 Nov 2023, at 15:05, Roman Arutyunyan wrote:
> >
> > # HG changeset patch
> > # User Roman Arutyunyan
> > # Date 1701241101 -14400
> > # Wed N
Hi,
On Tue, Dec 12, 2023 at 05:17:31PM +0400, Sergey Kandaurov wrote:
>
> > On 10 Nov 2023, at 14:07, Roman Arutyunyan wrote:
> >
> > # HG changeset patch
> > # User Roman Arutyunyan
> > # Date 1699456644 -14400
> > # Wed N
details: https://hg.nginx.org/nginx/rev/ce1ff81e9b92
branches:
changeset: 9193:ce1ff81e9b92
user: Roman Arutyunyan
date: Thu Nov 30 15:03:06 2023 +0400
description:
QUIC: ngx_quic_frame_t time fields cleanup.
The field "first" is removed. It's unused since 909b989ec088.
details: https://hg.nginx.org/nginx/rev/a6f79f044de5
branches:
changeset: 9194:a6f79f044de5
user: Roman Arutyunyan
date: Wed Nov 29 10:58:21 2023 +0400
description:
QUIC: path revalidation after expansion failure.
As per RFC 9000, Section 8.2.1:
When an endpoint is unable
details: https://hg.nginx.org/nginx/rev/efcdaa66df2e
branches:
changeset: 9192:efcdaa66df2e
user: Roman Arutyunyan
date: Wed Nov 29 21:41:29 2023 +0400
description:
QUIC: congestion control in ngx_quic_frame_sendto().
Previously ngx_quic_frame_sendto() ignored congestion control
details: https://hg.nginx.org/nginx/rev/618132842e7c
branches:
changeset: 9191:618132842e7c
user: Roman Arutyunyan
date: Wed Nov 22 14:48:12 2023 +0400
description:
QUIC: ignore duplicate PATH_CHALLENGE frames.
According to RFC 9000, an endpoint SHOULD NOT send multiple
details: https://hg.nginx.org/nginx/rev/3a67dd34b6cc
branches:
changeset: 9190:3a67dd34b6cc
user: Roman Arutyunyan
date: Wed Nov 22 14:52:21 2023 +0400
description:
QUIC: fixed anti-amplification with explicit send.
Previously, when using ngx_quic_frame_sendto() to explicitly send
details: https://hg.nginx.org/nginx/rev/fcec773dd249
branches:
changeset: 9189:fcec773dd249
user: Roman Arutyunyan
date: Wed Nov 29 18:13:25 2023 +0400
description:
QUIC: avoid partial expansion of PATH_CHALLENGE/PATH_RESPONSE.
By default packets with these frames are expanded
Hi,
On Mon, Dec 11, 2023 at 01:40:06PM +0400, Sergey Kandaurov wrote:
>
> > On 30 Nov 2023, at 15:05, Roman Arutyunyan wrote:
> >
> > Hi,
> >
> > A number of patches discussed previously.
> >
>
> A couple more patches to follow.
>
> Las
“unknown
> directive stream”?
> Does open source version of NGNX support stream directive? If yes, how to
> include it in the yocto build?
Stream support in nginx is enabled by "--with-stream" configuration option.
Apparently your nginx is now built without Stream support.
-
# HG changeset patch
# User Roman Arutyunyan
# Date 1701241101 -14400
# Wed Nov 29 10:58:21 2023 +0400
# Node ID 82fa5941af6fecb4fc7f0ac6308ae6c266d5e545
# Parent 4b7663d9146ce9baeb78fb57c3fed7368f25dae9
QUIC: path revalidation after expansion failure.
As per RFC 9000, Section 8.2.1
# HG changeset patch
# User Roman Arutyunyan
# Date 1701342186 -14400
# Thu Nov 30 15:03:06 2023 +0400
# Node ID 4b7663d9146ce9baeb78fb57c3fed7368f25dae9
# Parent f3632aaea9f59221fb77d88ccd9fb1aac114d5a3
QUIC: ngx_quic_frame_t time fields cleanup.
The field "first" is removed. I
# HG changeset patch
# User Roman Arutyunyan
# Date 1701279689 -14400
# Wed Nov 29 21:41:29 2023 +0400
# Node ID f3632aaea9f59221fb77d88ccd9fb1aac114d5a3
# Parent fcfe832f2590ad81fc74bc479e1b3ccf8c14683a
QUIC: congestion control in ngx_quic_frame_sendto().
Previously ngx_quic_frame_sendto
# HG changeset patch
# User Roman Arutyunyan
# Date 1700650092 -14400
# Wed Nov 22 14:48:12 2023 +0400
# Node ID fcfe832f2590ad81fc74bc479e1b3ccf8c14683a
# Parent 87290bcf25a6fc62448722f5a72327a30fdf31d9
QUIC: ignore duplicate PATH_CHALLENGE frames.
According to RFC 9000, an endpoint
1 - 100 of 908 matches
Mail list logo