Commit graph

6086 commits

Author SHA1 Message Date
Roman Arutyunyan
8167db88c7 Set UDP datagram source address (ticket #1239).
Previously, the source IP address of a response UDP datagram could differ from
the original datagram destination address.  This could happen if the server UDP
socket is bound to a wildcard address and the network interface chosen to output
the response packet has a different default address than the destination address
of the original packet.  For example, if two addresses from the same network are
configured on an interface.

Now source address is set explicitly if a response is sent for a server UDP
socket bound to a wildcard address.
2017-04-11 16:41:53 +03:00
Sergey Kandaurov
0db51faece Core: removed extra ngx_alloc() and ngx_calloc() prototypes. 2017-04-18 13:01:19 +03:00
Sergey Kandaurov
d5b05f45bd Enabled IPV6_RECVPKTINFO / IPV6_PKTINFO on macOS.
This change allows setting the destination IPv6 address of a UDP datagram
received on a wildcard socket.
2017-04-17 14:42:12 +03:00
Simon Leblanc
0e74e20b79 Added support for the "308 Permanent Redirect" (ticket #877). 2017-04-11 03:13:46 +02:00
Vladimir Homutov
939e9f2c7c Mail: configurable socket buffer sizes.
The "rcvbuf" and "sndbuf" parameters are now supported by
the "listen" directive.
2017-04-03 17:30:34 +03:00
Vladimir Homutov
68e78a4274 Stream: configurable socket buffer sizes.
The "rcvbuf" and "sndbuf" parameters are now supported by
the "listen" directive.
2017-04-03 17:29:19 +03:00
Valentin Bartenev
1bda840e2c Core: improved JSON escaping.
Two-character representations are now used for \b, \f, \n, \r, and \t.
2017-04-12 22:47:57 +03:00
Ruslan Ermilov
3664dfc498 Use ngx_calloc_buf() where appropriate. 2017-04-12 22:21:04 +03:00
Ruslan Ermilov
150f18bf12 Version bump. 2017-04-12 22:14:24 +03:00
Maxim Dounin
98ac48b5df release-1.11.13 tag 2017-04-04 18:01:57 +03:00
Maxim Dounin
987c191009 nginx-1.11.13-RELEASE 2017-04-04 18:01:57 +03:00
Piotr Sikora
34fee6ab73 Upstream: allow recovery from "429 Too Many Requests" response.
This change adds "http_429" parameter to "proxy_next_upstream" for
retrying rate-limited requests, and to "proxy_cache_use_stale" for
serving stale cached responses after being rate-limited.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2017-03-24 02:48:03 -07:00
Piotr Sikora
b9af1d6bb9 Added support for "429 Too Many Requests" response (RFC6585).
This change adds reason phrase in status line and pretty response body
when "429" status code is used in "return", "limit_conn_status" and/or
"limit_req_status" directives.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2017-03-24 02:48:03 -07:00
hucongcong
6e1c9a3b2d Fixed type. 2017-04-03 14:29:40 +08:00
Roman Arutyunyan
8c04fa263b Slice filter: prevented slice redirection (ticket #1219).
When a slice subrequest was redirected to a new location, its context was lost.
After its completion, a new slice subrequest for the same slice was created.
This could lead to infinite loop.  Now the slice module makes sure each slice
subrequest starts output with the slice context available.
2017-03-31 21:47:56 +03:00
Roman Arutyunyan
f9f53a50b7 Slice filter: allowed at most one subrequest at a time.
Previously, if slice main request write handler was called while a slice
subrequest was running, a new subrequest for the same slice was started.
2017-03-28 14:03:57 +03:00
Maxim Dounin
63ab1ce549 Moved handling of wev->delayed to the connection event handler.
With post_action or subrequests, it is possible that the timer set for
wev->delayed will expire while the active subrequest write event handler
is not ready to handle this.  This results in request hangs as observed
with limit_rate / sendfile_max_chunk and post_action (ticket #776) or
subrequests (ticket #1228).

Moving the handling to the connection event handler fixes the hangs observed,
and also slightly simplifies the code.
2017-04-02 14:32:29 +03:00
Maxim Dounin
5611ad024e Perl: fixed delaying subrequests.
Much like in limit_req, use the wev->delayed flag to ensure proper handling
and interoperability with limit_rate.
2017-04-02 14:32:28 +03:00
Maxim Dounin
8a0dcc1b22 Limit req: fixed delaying subrequests.
Since limit_req uses connection's write event to delay request processing,
it can conflict with timers in other subrequests.  In particular, even
if applied to an active subrequest, it can break things if wev->delayed
is already set (due to limit_rate or sendfile_max_chunk), since after
limit_req finishes the wev->delayed flag will be set and no timer will be
active.

Fix is to use the wev->delayed flag in limit_req as well.  This ensures that
wev->delayed won't be set after limit_req finishes, and also ensures that
limit_req's timers will be properly handled by other subrequests if the one
delayed by limit_req is not active.
2017-04-02 14:32:26 +03:00
Piotr Sikora
fd5ed3f491 HTTP/2: style and typos.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2017-03-26 01:25:01 -07:00
Valentin Bartenev
d68fed3d6c HTTP/2: fixed connection finalization.
All streams in connection must be finalized before the connection
itself can be finalized and all related memory is freed.  That's
not always possible on the current event loop iteration.

Thus when the last stream is finalized, it sets the special read
event handler ngx_http_v2_handle_connection_handler() and posts
the event.

Previously, this handler didn't check the connection state and
could call the regular event handler on a connection that was
already in finalization stage.  In the worst case that could
lead to a segmentation fault, since some data structures aren't
supposed to be used during connection finalization.  Particularly,
the waiting queue can contain already freed streams, so the
WINDOW_UPDATE frame received by that moment could trigger
accessing to these freed streams.

Now, the connection error flag is explicitly checked in
ngx_http_v2_handle_connection_handler().
2017-03-29 20:21:01 +03:00
Valentin Bartenev
8af9495ae7 HTTP/2: fixed stream finalization.
In order to finalize stream the error flag is set on fake connection and
either "write" or "read" event handler is called.  The read events of fake
connections are always ready, but it's not the case with the write events.

When the ready flag isn't set, the error flag can be not checked in some
cases and as a result stream isn't finalized.  Now the ready flag is
explicilty set on write events for proper finalization in all cases.
2017-03-29 20:16:23 +03:00
Piotr Sikora
d24dd6f4e1 HTTP/2: emit PROTOCOL_ERROR on padding errors.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2017-03-26 01:25:05 -07:00
Piotr Sikora
07da7cf1a0 HTTP/2: fix flow control with padded DATA frames.
Previously, flow control didn't account for padding in DATA frames,
which meant that its view of the world could drift from peer's view
by up to 256 bytes per received padded DATA frame, which could lead
to a deadlock.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2017-03-26 01:25:04 -07:00
Piotr Sikora
8bd92cf07e HTTP/2: fix $body_bytes_sent variable.
Previously, its value included payloads and frame headers of HEADERS
and CONTINUATION frames.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2017-03-26 01:25:03 -07:00
Piotr Sikora
b0dcbb2896 HTTP/2: fix $bytes_sent variable.
Previously, its value accounted for payloads of HEADERS, CONTINUATION
and DATA frames, as well as frame headers of HEADERS and DATA frames,
but it didn't account for frame headers of CONTINUATION frames.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2017-03-26 01:25:02 -07:00
Maxim Dounin
83036f9570 Copy filter: wake up subrequests after aio operations.
Previously, connection write handler was called, resulting in wake up
of the active subrequest.  This change makes it possible to read data
in non-active subrequests as well.  For example, this allows SSI to
process instructions in non-active subrequests earlier and start
additional subrequests if needed, reducing overall response time.
2017-03-28 18:15:42 +03:00
Maxim Dounin
511a550664 Threads: fixed request hang with aio_write and subrequests.
If the subrequest is already finalized, the handler set with aio_write
may still be used by sendfile in threads when using range requests
(see also e4c1f5b32868, and the original note in 9fd738b85fad).  Calling
already finalized subrequest's r->write_event_handler in practice
results in request hang in some cases.

Fix is to trigger connection event handler if the subrequest was already
finalized.
2017-03-28 18:15:41 +03:00
Maxim Dounin
f967f27091 Simplified and improved sendfile() code on Linux.
The ngx_linux_sendfile() function is now used for both normal sendfile()
and sendfile in threads.  The ngx_linux_sendfile_thread() function was
modified to use the same interface as ngx_linux_sendfile(), and is simply
called from ngx_linux_sendfile() when threads are enabled.

Special return code NGX_DONE is used to indicate that a thread task was
posted and no further actions are needed.

If number of bytes sent is less that what we were sending, we now always
retry sending.  This is needed for sendfile() in threads as the number
of bytes we are sending might have been changed since the thread task
was posted.  And this is also needed for Linux 4.3+, as sendfile() might
be interrupted at any time and provides no indication if it was interrupted
or not (ticket #1174).
2017-03-28 18:15:39 +03:00
Sergey Kandaurov
6a7ab2b427 Fixed ngx_open_cached_file() error handling.
If of.err is 0, it means that there was a memory allocation error
and no further logging and/or processing is needed.  The of.failed
string can be only accessed if of.err is not 0.
2017-03-28 14:21:38 +03:00
Ruslan Ermilov
12e06ec490 Core: set nginx_shared_zone name via ngx_str_set(). 2017-03-28 11:28:51 +03:00
Ruslan Ermilov
334a8b5178 Use ngx_array_init() to initialize arrays. 2017-03-28 11:28:42 +03:00
Ruslan Ermilov
a771c53366 Version bump. 2017-03-28 11:28:36 +03:00
Maxim Dounin
cd2a80b487 release-1.11.12 tag 2017-03-24 18:05:06 +03:00
Maxim Dounin
db3209bf87 nginx-1.11.12-RELEASE 2017-03-24 18:05:05 +03:00
Maxim Dounin
40c97456ee Fixed CPU hog while freeing hc->busy after e662cbf1b932 (1.11.11).
Reported by Richard Stanway,
http://mailman.nginx.org/pipermail/nginx/2017-March/053296.html.
2017-03-24 16:26:12 +03:00
Ruslan Ermilov
38a18ae0bc Simplified code about duplicate root/alias directive. 2017-03-22 23:36:35 +03:00
Ruslan Ermilov
65e3bc0d89 Unified error messages about duplicate directives. 2017-03-22 22:49:52 +03:00
Ruslan Ermilov
43e1e85287 Version bump. 2017-03-22 22:49:42 +03:00
Maxim Dounin
13e7c2b590 release-1.11.11 tag 2017-03-21 18:04:22 +03:00
Maxim Dounin
4ca40b0f75 nginx-1.11.11-RELEASE 2017-03-21 18:04:22 +03:00
Maxim Dounin
87e3aab40c Added HTTP/2 to win32 builds. 2017-03-21 17:28:15 +03:00
Ruslan Ermilov
7422c3676c Fixed a comment. 2017-03-17 12:09:31 +03:00
Ruslan Ermilov
d232828eb4 Configure: fixed --without_http.
Instead of turning off some randomly selected http modules
when --without-http is specified, just don't process the
whole http modules section.
2017-03-16 20:38:31 +03:00
Ruslan Ermilov
16144fc5ac Configure: fixed build with --with-stream.
Some combinations of options might cause the builds with the
--with-stream option to break due to invalid value of the
STREAM_INCS make variable, e.g.

auto/configure \
    --with-stream \
    --with-http_perl_module=dynamic \
    --without-http_memcached_module \
    --without-http_empty_gif_module \
    --without-http_browser_module \
    --without-http_upstream_hash_module \
    --without-http_upstream_ip_hash_module \
    --without-http_upstream_least_conn_module \
    --without-http_upstream_keepalive_module \
    --without-http_upstream_zone_module \

Explicit initialization of ngx_module_libs and ngx_module_link
matches what we already do when processing mail modules, and
is also required after the next change.
2017-03-16 20:38:26 +03:00
Ruslan Ermilov
ee41c4d508 Added missing "static" specifier found by gcc -Wtraditional.
This has somehow escaped from fbdaad9b0e7b.
2017-03-16 19:01:05 +03:00
Maxim Dounin
7b60732b5d Style. 2017-03-07 18:51:17 +03:00
Maxim Dounin
2882ddcb95 Introduced worker_shutdown_timeout.
The directive configures a timeout to be used when gracefully shutting down
worker processes.  When the timer expires, nginx will try to close all
the connections currently open to facilitate shutdown.
2017-03-07 18:51:16 +03:00
Maxim Dounin
7e91d78604 Cancelable timers are now preserved if there are other timers.
There is no need to cancel timers early if there are other timers blocking
shutdown anyway.  Preserving such timers allows nginx to continue some
periodic work till the shutdown is actually possible.

With the new approach, timers with ev->cancelable are simply ignored when
checking if there are any timers left during shutdown.
2017-03-07 18:51:15 +03:00
Maxim Dounin
b9215e49d9 Core: introduced ngx_rbtree_next(). 2017-03-07 18:51:13 +03:00