Commit graph

5878 commits

Author SHA1 Message Date
Vladimir Homutov
32d39c0607 Stream: geo module. 2016-06-30 16:12:50 +03:00
Vladimir Homutov
8851ca2f7e Stream: geoip module. 2016-07-12 17:34:43 +03:00
Vladimir Homutov
7f22fe9ae8 Stream: style. 2016-07-12 17:34:40 +03:00
Vladimir Homutov
d54ac9788a Stream: individual build options for modules. 2016-07-12 12:38:01 +03:00
Sergey Kandaurov
10557c7585 HTTP/2: avoid left-shifting signed integer into the sign bit.
On non-aligned platforms, properly cast argument before left-shifting it in
ngx_http_v2_parse_uint32 that is used with u_char.  Otherwise it propagates
to int to hold the value and can step over the sign bit.  Usually, on known
compilers, this results in negation.  Furthermore, a subsequent store into a
wider type, that is ngx_uint_t on 64-bit platforms, results in sign-extension.

In practice, this can be observed in debug log as a very large exclusive bit
value, when client sent PRIORITY frame with exclusive bit set:

: *14 http2 PRIORITY frame sid:5 on 1 excl:8589934591 weight:17

Found with UndefinedBehaviorSanitizer.
2016-07-07 21:03:21 +03:00
Sergey Kandaurov
9d8d6ece82 Avoid left-shifting integers into the sign bit, which is undefined.
Found with UndefinedBehaviorSanitizer.
2016-07-07 21:02:28 +03:00
Piotr Sikora
3723e72808 Configure: stop polluting NGX_ namespace.
While there, fix the only test that used alternative variable name.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-06-27 15:00:06 -07:00
Piotr Sikora
aeeafbe0ca Configure: fix build with -Werror=old-style-definition.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-06-27 15:00:05 -07:00
Piotr Sikora
a6ba3b7fba Configure: fix build with -Werror=nonnull.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-06-27 15:00:04 -07:00
Piotr Sikora
ff5e8c8c33 Configure: fix build with -Werror=unused-but-set-variable.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-06-27 15:00:03 -07:00
Piotr Sikora
a76563bce2 Configure: fix build with -Werror=unused-value.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-06-27 15:00:02 -07:00
Piotr Sikora
86e8e88e65 Configure: style.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-06-27 15:00:01 -07:00
Piotr Sikora
854fcd66d9 Configure: remove auto/lib/test, unused since nginx-0.1.2.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2015-10-23 18:21:33 -07:00
Vladimir Homutov
adcc0ad031 Stream: resolver. 2016-07-07 13:15:31 +03:00
Ruslan Ermilov
81baf95438 Use NGX_MAX_PATH_LEVEL where appropriate.
The macro was unused since 0.7.44.
2016-07-06 13:22:29 +03:00
Ruslan Ermilov
5fc0f263df Version bump. 2016-07-06 13:10:06 +03:00
Maxim Dounin
9243b6b84b release-1.11.2 tag 2016-07-05 18:56:14 +03:00
Maxim Dounin
5d39f0b3af nginx-1.11.2-RELEASE 2016-07-05 18:56:14 +03:00
Maxim Dounin
8b9c183f79 Updated PCRE used for win32 builds. 2016-07-05 18:30:56 +03:00
Roman Arutyunyan
74839ea88f Stream: return module. 2016-05-18 22:08:49 +03:00
Vladimir Homutov
3ed8de06ec Stream: SSL-related variables. 2016-06-29 12:52:52 +03:00
Vladimir Homutov
4b910cbf87 Stream: got rid of pseudo variables.
Stream limit_conn, upstream_hash and proxy modules now use complex values.
2016-06-29 12:46:12 +03:00
Vladimir Homutov
34c207aecf Stream: map module. 2016-06-29 12:46:12 +03:00
Vladimir Homutov
c24ac32afc Stream: core module variables. 2016-06-14 18:28:14 +03:00
Vladimir Homutov
fe16c7379e Stream: variables and script.
This is a port of corresponding http code with unrelated features excluded.
2016-07-04 16:37:36 +03:00
Vladimir Homutov
e27d25e01a Stream: added preconfiguration step. 2016-06-15 15:10:24 +03:00
Roman Arutyunyan
a7eb242cb0 Sub filter: eliminate unnecessary buffering.
Previously, when a buffer was processed by the sub filter, its final bytes
could be buffered by the filter even if they don't match any pattern.
This happened because the Boyer-Moore algorithm, employed by the sub filter
since b9447fc457b4 (1.9.4), matches the last characters of patterns prior to
checking other characters.  If the last character is out of scope, initial
bytes of a potential match are buffered until the last character is available.

Now, after receiving a flush or recycled buffer, the filter performs
additional checks to reduce the number of buffered bytes.  The potential match
is checked against the initial parts of all patterns.  Non-matching bytes are
not buffered.  This improves processing of a chunked response from upstream
by sending the entire chunks without buffering unless a partial match is found
at the end of a chunk.
2016-07-02 15:59:53 +03:00
Roman Arutyunyan
b205bd123b Sub filter: introduced the ngx_http_sub_match() function.
No functional changes.
2016-07-02 15:59:52 +03:00
Maxim Dounin
44313caee5 Internal md5 and sha1 implementations are now always used.
This reduces the number of moving parts in ABI compatibility checks.
Additionally, it also allows to use OpenSSL in FIPS mode while still
using md5 for non-security tasks.
2016-06-30 18:57:39 +03:00
Ruslan Ermilov
583f6ef30b Removed unused flag accept_context_updated from ngx_event_t.
Also, removed practically unused flag accept_context_updated from
ngx_connection_t.
2016-06-29 14:30:00 +03:00
Roman Arutyunyan
9b1e38c9e8 Style. 2016-06-27 18:42:29 +03:00
Piotr Sikora
ec49a8e60b HTTP/2: style.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-06-22 13:47:54 -07:00
Roman Arutyunyan
c341996d38 Style. 2016-06-22 11:50:02 +03:00
Roman Arutyunyan
fef71e0df8 Stream: use ngx_pcalloc() in ngx_stream_proxy_bind(). 2016-06-22 11:50:02 +03:00
Roman Arutyunyan
ac2d83227d Fixed build on MSVC. 2016-06-20 15:11:50 +03:00
Roman Arutyunyan
feb8fe61ff Stream: set SO_REUSEADDR for UDP upstream sockets.
The option is only set if the socket is bound to a specific port to allow
several such sockets coexist at the same time.  This is required, for example,
when nginx acts as a transparent proxy and receives two datagrams from the same
client in a short time.

The feature is only implemented for Linux.
2016-06-20 12:48:47 +03:00
Roman Arutyunyan
0b9eadf910 Stream: support for $remote_port in proxy_bind.
The following two types of bind addresses are supported in addition to
$remote_addr and address literals:

- $remote_addr:$remote_port
- [$remote_addr]:$remote_port

In both cases client remote address with port is used in upstream socket bind.
2016-06-20 11:50:44 +03:00
Roman Arutyunyan
2c095694bc Upstream: support for port in proxy_bind and friends. 2016-06-20 11:50:43 +03:00
Roman Arutyunyan
2fd4cd0981 Introduced ngx_inet_get_port() and ngx_inet_set_port() functions. 2016-06-20 11:50:39 +03:00
Andrei Belov
83ff429bce Set IP_BIND_ADDRESS_NO_PORT socket option for upstream sockets. 2016-06-20 10:41:17 +03:00
Tim Taubert
522f7dd4d5 SSL: ngx_ssl_ciphers() to set list of ciphers.
This patch moves various OpenSSL-specific function calls into the
OpenSSL module and introduces ngx_ssl_ciphers() to make nginx more
crypto-library-agnostic.
2016-06-15 21:05:30 +01:00
Valentin Bartenev
b92bd1200f HTTP/2: fixed the "http request count is zero" alert.
When the stream is terminated the HEADERS frame can still wait in the output
queue.  This frame can't be removed and must be sent to the client anyway,
since HTTP/2 uses stateful compression for headers.  So in order to postpone
closing and freeing memory of such stream the special close stream handler
is set to the write event.  After the HEADERS frame is sent the write event
is called and the stream will be finally closed.

Some events like receiving a RST_STREAM can trigger the read handler of such
stream in closing state and cause unexpected processing that can result in
another attempt to finalize the request.  To prevent it the read handler is
now set to ngx_http_empty_handler.

Thanks to Amazon.
2016-06-16 20:55:11 +03:00
Valentin Bartenev
c47eba68e2 HTTP/2: avoid adding Content-Length for requests without body.
There is no reason to add the "Content-Length: 0" header to a proxied request
without body if the header isn't presented in the original request.

Thanks to Amazon.
2016-06-16 20:55:11 +03:00
Valentin Bartenev
fb76e75edb HTTP/2: prevented double termination of a stream.
According to RFC 7540, an endpoint should not send more than one RST_STREAM
frame for any stream.

Also, now all the data frames will be skipped while termination.
2016-06-16 20:55:11 +03:00
Valentin Bartenev
57a76ade8b HTTP/2: fixed a segfault while processing unbuffered upload.
The ngx_http_v2_finalize_connection() closes current stream, but that is an
invalid operation while processing unbuffered upload.  This results in access
to already freed memory, since the upstream module sets a cleanup handler that
also finalizes the request.
2016-06-16 20:55:11 +03:00
Maxim Dounin
c2e391c832 An internal SHA1 implementation. 2016-06-09 16:55:38 +03:00
Otto Kekäläinen
f66a37934a Fixed spelling. 2016-06-08 08:27:41 +03:00
Valentin Bartenev
da10c88894 Fixed an error log message. 2016-06-07 17:44:20 +03:00
Sergey Kandaurov
aa86ee53b5 Configure: revised GCC version processing.
Now GCC 6 and onwards will use -Wno-unused-parameter.
2016-06-07 12:15:56 +03:00
Sergey Kandaurov
32415c48a8 Version bump. 2016-06-07 12:26:34 +03:00