|
[-]
[+]
|
Changed |
nginx.changes
|
|
|
|
[-]
[+]
|
Changed |
nginx.spec
^
|
|
|
|
[-]
[+]
|
Changed |
_service
^
|
| @@ -2,6 +2,6 @@
<service name="download_url">
<param name="host">nginx.org</param>
<param name="protocol">http</param>
- <param name="path">/download/nginx-1.14.2.tar.gz</param>
+ <param name="path">/download/nginx-1.16.1.tar.gz</param>
</service>
<service name="download_url"><param name="host">www.openssl.org</param><param name="protocol">https</param><param name="path">/source/openssl-1.1.1b.tar.gz</param></service></services>
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/CHANGES
^
|
| @@ -1,38 +1,99 @@
-Changes with nginx 1.14.2 04 Dec 2018
+Changes with nginx 1.16.1 13 Aug 2019
- *) Bugfix: nginx could not be built by gcc 8.1.
+ *) Security: when using HTTP/2 a client might cause excessive memory
+ consumption and CPU usage (CVE-2019-9511, CVE-2019-9513,
+ CVE-2019-9516).
- *) Bugfix: nginx could not be built on Fedora 28 Linux.
- *) Bugfix: in handling of client addresses when using unix domain listen
- sockets to work with datagrams on Linux.
+Changes with nginx 1.16.0 23 Apr 2019
- *) Change: the logging level of the "http request", "https proxy
- request", "unsupported protocol", "version too low", "no suitable key
- share", and "no suitable signature algorithm" SSL errors has been
- lowered from "crit" to "info".
+ *) 1.16.x stable branch.
- *) Bugfix: when using OpenSSL 1.1.0 or newer it was not possible to
- switch off "ssl_prefer_server_ciphers" in a virtual server if it was
- switched on in the default server.
- *) Bugfix: nginx could not be built with LibreSSL 2.8.0.
+Changes with nginx 1.15.12 16 Apr 2019
- *) Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL
- 1.1.1, the TLS 1.3 protocol was always enabled.
+ *) Bugfix: a segmentation fault might occur in a worker process if
+ variables were used in the "ssl_certificate" or "ssl_certificate_key"
+ directives and OCSP stapling was enabled.
- *) Bugfix: sending a disk-buffered request body to a gRPC backend might
- fail.
- *) Bugfix: connections with some gRPC backends might not be cached when
- using the "keepalive" directive.
+Changes with nginx 1.15.11 09 Apr 2019
+
+ *) Bugfix: in the "ssl_stapling_file" directive on Windows.
+
+
+Changes with nginx 1.15.10 26 Mar 2019
+
+ *) Change: when using a hostname in the "listen" directive nginx now
+ creates listening sockets for all addresses the hostname resolves to
+ (previously, only the first address was used).
+
+ *) Feature: port ranges in the "listen" directive.
+
+ *) Feature: loading of SSL certificates and secret keys from variables.
+
+ *) Workaround: the $ssl_server_name variable might be empty when using
+ OpenSSL 1.1.1.
+
+ *) Bugfix: nginx/Windows could not be built with Visual Studio 2015 or
+ newer; the bug had appeared in 1.15.9.
+
+
+Changes with nginx 1.15.9 26 Feb 2019
+
+ *) Feature: variables support in the "ssl_certificate" and
+ "ssl_certificate_key" directives.
+
+ *) Feature: the "poll" method is now available on Windows when using
+ Windows Vista or newer.
+
+ *) Bugfix: if the "select" method was used on Windows and an error
+ occurred while establishing a backend connection, nginx waited for
+ the connection establishment timeout to expire.
+
+ *) Bugfix: the "proxy_upload_rate" and "proxy_download_rate" directives
+ in the stream module worked incorrectly when proxying UDP datagrams.
+
+
+Changes with nginx 1.15.8 25 Dec 2018
+
+ *) Feature: the $upstream_bytes_sent variable.
+ Thanks to Piotr Sikora.
+
+ *) Feature: new directives in vim syntax highlighting scripts.
+ Thanks to Gena Makhomed.
+
+ *) Bugfix: in the "proxy_cache_background_update" directive.
+
+ *) Bugfix: in the "geo" directive when using unix domain listen sockets.
+
+ *) Workaround: the "ignoring stale global SSL error ... bad length"
+ alerts might appear in logs when using the "ssl_early_data" directive
+ with OpenSSL.
+
+ *) Bugfix: in nginx/Windows.
+
+ *) Bugfix: in the ngx_http_autoindex_module on 32-bit platforms.
+
+
+Changes with nginx 1.15.7 27 Nov 2018
+
+ *) Feature: the "proxy_requests" directive in the stream module.
+
+ *) Feature: the "delay" parameter of the "limit_req" directive.
+ Thanks to Vladislav Shabanov and Peter Shchuchkin.
+
+ *) Bugfix: memory leak on errors during reconfiguration.
+
+ *) Bugfix: in the $upstream_response_time, $upstream_connect_time, and
+ $upstream_header_time variables.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_mp4_module was used on 32-bit platforms.
-Changes with nginx 1.14.1 06 Nov 2018
+Changes with nginx 1.15.6 06 Nov 2018
*) Security: when using HTTP/2 a client might cause excessive memory
consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).
@@ -41,13 +102,162 @@
ngx_http_mp4_module might result in worker process memory disclosure
(CVE-2018-16845).
+ *) Feature: the "proxy_socket_keepalive", "fastcgi_socket_keepalive",
+ "grpc_socket_keepalive", "memcached_socket_keepalive",
+ "scgi_socket_keepalive", and "uwsgi_socket_keepalive" directives.
+
+ *) Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL
+ 1.1.1, the TLS 1.3 protocol was always enabled.
+
*) Bugfix: working with gRPC backends might result in excessive memory
consumption.
-Changes with nginx 1.14.0 17 Apr 2018
+Changes with nginx 1.15.5 02 Oct 2018
+
+ *) Bugfix: a segmentation fault might occur in a worker process when
+ using OpenSSL 1.1.0h or newer; the bug had appeared in 1.15.4.
+
+ *) Bugfix: of minor potential bugs.
+
+
+Changes with nginx 1.15.4 25 Sep 2018
+
+ *) Feature: now the "ssl_early_data" directive can be used with OpenSSL.
+
+ *) Bugfix: in the ngx_http_uwsgi_module.
+ Thanks to Chris Caputo.
+
+ *) Bugfix: connections with some gRPC backends might not be cached when
+ using the "keepalive" directive.
+
+ *) Bugfix: a socket leak might occur when using the "error_page"
+ directive to redirect early request processing errors, notably errors
+ with code 400.
+
+ *) Bugfix: the "return" directive did not change the response code when
+ returning errors if the request was redirected by the "error_page"
+ directive.
+
+ *) Bugfix: standard error pages and responses of the
+ ngx_http_autoindex_module module used the "bgcolor" attribute, and
+ might be displayed incorrectly when using custom color settings in
+ browsers.
+ Thanks to Nova DasSarma.
+
+ *) Change: the logging level of the "no suitable key share" and "no
+ suitable signature algorithm" SSL errors has been lowered from "crit"
+ to "info".
+
+
+Changes with nginx 1.15.3 28 Aug 2018
+
+ *) Feature: now TLSv1.3 can be used with BoringSSL.
+
+ *) Feature: the "ssl_early_data" directive, currently available with
+ BoringSSL.
+
+ *) Feature: the "keepalive_timeout" and "keepalive_requests" directives
+ in the "upstream" block.
+
+ *) Bugfix: the ngx_http_dav_module did not truncate destination file
+ when copying a file over an existing one with the COPY method.
+
+ *) Bugfix: the ngx_http_dav_module used zero access rights on the
+ destination file and did not preserve file modification time when
+ moving a file between different file systems with the MOVE method.
+
+ *) Bugfix: the ngx_http_dav_module used default access rights when
+ copying a file with the COPY method.
+
+ *) Workaround: some clients might not work when using HTTP/2; the bug
+ had appeared in 1.13.5.
+
+ *) Bugfix: nginx could not be built with LibreSSL 2.8.0.
+
+
+Changes with nginx 1.15.2 24 Jul 2018
+
+ *) Feature: the $ssl_preread_protocol variable in the
+ ngx_stream_ssl_preread_module.
+
+ *) Feature: now when using the "reset_timedout_connection" directive
+ nginx will reset connections being closed with the 444 code.
+
+ *) Change: a logging level of the "http request", "https proxy request",
+ "unsupported protocol", and "version too low" SSL errors has been
+ lowered from "crit" to "info".
+
+ *) Bugfix: DNS requests were not resent if initial sending of a request
+ failed.
+
+ *) Bugfix: the "reuseport" parameter of the "listen" directive was
+ ignored if the number of worker processes was specified after the
+ "listen" directive.
+
+ *) Bugfix: when using OpenSSL 1.1.0 or newer it was not possible to
+ switch off "ssl_prefer_server_ciphers" in a virtual server if it was
+ switched on in the default server.
+
+ *) Bugfix: SSL session reuse with upstream servers did not work with the
+ TLS 1.3 protocol.
+
+
+Changes with nginx 1.15.1 03 Jul 2018
+
+ *) Feature: the "random" directive inside the "upstream" block.
+
+ *) Feature: improved performance when using the "hash" and "ip_hash"
+ directives with the "zone" directive.
+
+ *) Feature: the "reuseport" parameter of the "listen" directive now uses
+ SO_REUSEPORT_LB on FreeBSD 12.
+
+ *) Bugfix: HTTP/2 server push did not work if SSL was terminated by a
+ proxy server in front of nginx.
+
+ *) Bugfix: the "tcp_nopush" directive was always used on backend
+ connections.
+
+ *) Bugfix: sending a disk-buffered request body to a gRPC backend might
+ fail.
+
+
+Changes with nginx 1.15.0 05 Jun 2018
+
+ *) Change: the "ssl" directive is deprecated; the "ssl" parameter of the
+ "listen" directive should be used instead.
+
+ *) Change: now nginx detects missing SSL certificates during
+ configuration testing when using the "ssl" parameter of the "listen"
+ directive.
+
+ *) Feature: now the stream module can handle multiple incoming UDP
+ datagrams from a client within a single session.
+
+ *) Bugfix: it was possible to specify an incorrect response code in the
+ "proxy_cache_valid" directive.
+
+ *) Bugfix: nginx could not be built by gcc 8.1.
+
+ *) Bugfix: logging to syslog stopped on local IP address changes.
+
+ *) Bugfix: nginx could not be built by clang with CUDA SDK installed;
+ the bug had appeared in 1.13.8.
+
+ *) Bugfix: "getsockopt(TCP_FASTOPEN) ... failed" messages might appear
+ in logs during binary upgrade when using unix domain listen sockets
+ on FreeBSD.
+
+ *) Bugfix: nginx could not be built on Fedora 28 Linux.
+
+ *) Bugfix: request processing rate might exceed configured rate when
+ using the "limit_req" directive.
+
+ *) Bugfix: in handling of client addresses when using unix domain listen
+ sockets to work with datagrams on Linux.
- *) 1.14.x stable branch.
+ *) Bugfix: in memory allocation error handling.
Changes with nginx 1.13.12 10 Apr 2018
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/CHANGES.ru
^
|
| @@ -1,39 +1,103 @@
-Изменения в nginx 1.14.2 04.12.2018
+Изменения в nginx 1.16.1 13.08.2019
- *) Исправление: nginx не собирался gcc 8.1.
+ *) Безопасность: при использовании HTTP/2 клиент мог вызвать чрезмерное
+ потребление памяти и ресурсов процессора (CVE-2019-9511,
+ CVE-2019-9513, CVE-2019-9516).
- *) Исправление: nginx не собирался на Fedora 28 Linux.
- *) Исправление: в обработке адресов клиентов при использовании unix
- domain listen-сокетов для работы с датаграммами на Linux.
+Изменения в nginx 1.16.0 23.04.2019
- *) Изменение: уровень логгирования ошибок SSL "http request", "https
- proxy request", "unsupported protocol", "version too low", "no
- suitable key share" и "no suitable signature algorithm" понижен с
- уровня crit до info.
+ *) Стабильная ветка 1.16.x.
- *) Исправление: при использовании OpenSSL 1.1.0 и новее директиву
- ssl_prefer_server_ciphers нельзя было выключить в виртуальном
- сервере, если она была включена в сервере по умолчанию.
- *) Исправление: nginx не собирался с LibreSSL 2.8.0.
+Изменения в nginx 1.15.12 16.04.2019
- *) Исправление: если nginx был собран с OpenSSL 1.1.0, а использовался с
- OpenSSL 1.1.1, протокол TLS 1.3 всегда был разрешён.
+ *) Исправление: в рабочем процессе мог произойти segmentation fault,
+ если в директивах ssl_certificate или ssl_certificate_key
+ использовались переменные и был включён OCSP stapling.
- *) Исправление: при отправке сохранённого на диск тела запроса на
- gRPC-бэкенд могли возникать ошибки.
- *) Исправление: соединения к некоторым gRPC-бэкендам могли не
- кэшироваться при использовании директивы keepalive.
+Изменения в nginx 1.15.11 09.04.2019
+
+ *) Исправление: в директиве ssl_stapling_file на Windows.
+
+
+Изменения в nginx 1.15.10 26.03.2019
+
+ *) Изменение: теперь при использовании имени хоста в директиве listen
+ nginx создаёт listen-сокеты для всех адресов, соответствующих этому
+ имени (ранее использовался только первый адрес).
+
+ *) Добавление: диапазоны портов в директиве listen.
+
+ *) Добавление: возможность загрузки SSL-сертификатов и секретных ключей
+ из переменных.
+
+ *) Изменение: переменная $ssl_server_name могла быть пустой при
+ использовании OpenSSL 1.1.1.
+
+ *) Исправление: nginx/Windows не собирался с Visual Studio 2015 и новее;
+ ошибка появилась в 1.15.9.
+
+
+Изменения в nginx 1.15.9 26.02.2019
+
+ *) Добавление: директивы ssl_certificate и ssl_certificate_key
+ поддерживают переменные.
+
+ *) Добавление: метод poll теперь доступен на Windows при использовании
+ Windows Vista и новее.
+
+ *) Исправление: если при использовании метода select на Windows
+ происходила ошибка при установлении соединения с бэкендом, nginx
+ ожидал истечения таймаута на установление соединения.
+
+ *) Исправление: директивы proxy_upload_rate и proxy_download_rate в
+ модуле stream работали некорректно при проксировании UDP-пакетов.
+
+
+Изменения в nginx 1.15.8 25.12.2018
+
+ *) Добавление: переменная $upstream_bytes_sent.
+ Спасибо Piotr Sikora.
+
+ *) Добавление: новые директивы в скриптах подсветки синтаксиса для vim.
+ Спасибо Геннадию Махомеду.
+
+ *) Исправление: в директиве proxy_cache_background_update.
+
+ *) Исправление: в директиве geo при использовании unix domain
+ listen-сокетов.
+
+ *) Изменение: при использовании директивы ssl_early_data с OpenSSL в
+ логах могли появляться сообщения "ignoring stale global SSL error ...
+ bad length".
+
+ *) Исправление: в nginx/Windows.
+
+ *) Исправление: в модуле ngx_http_autoindex_module на 32-битных
+ платформах.
+
+
+Изменения в nginx 1.15.7 27.11.2018
+
+ *) Добавление: директива proxy_requests в модуле stream.
+
+ *) Добавление: параметр "delay" директивы "limit_req".
+ Спасибо Владиславу Шабанову и Петру Щучкину.
+
+ *) Исправление: утечки памяти в случае ошибок при переконфигурации.
+
+ *) Исправление: в переменных $upstream_response_time,
+ $upstream_connect_time и $upstream_header_time.
*) Исправление: в рабочем процессе мог произойти segmentation fault,
если использовался модуль ngx_http_mp4_module на 32-битных
платформах.
-Изменения в nginx 1.14.1 06.11.2018
+Изменения в nginx 1.15.6 06.11.2018
*) Безопасность: при использовании HTTP/2 клиент мог вызвать чрезмерное
потреблению памяти (CVE-2018-16843) и ресурсов процессора
@@ -43,13 +107,165 @@
ngx_http_mp4_module содержимое памяти рабочего процесса могло быть
отправлено клиенту (CVE-2018-16845).
+ *) Добавление: директивы proxy_socket_keepalive,
+ fastcgi_socket_keepalive, grpc_socket_keepalive,
+ memcached_socket_keepalive, scgi_socket_keepalive и
+ uwsgi_socket_keepalive.
+
+ *) Исправление: если nginx был собран с OpenSSL 1.1.0, а использовался с
+ OpenSSL 1.1.1, протокол TLS 1.3 всегда был разрешён.
+
*) Исправление: при работе с gRPC-бэкендами могло расходоваться большое
количество памяти.
-Изменения в nginx 1.14.0 17.04.2018
+Изменения в nginx 1.15.5 02.10.2018
+
+ *) Исправление: при использовании OpenSSL 1.1.0h и новее в рабочем
+ процессе мог произойти segmentation fault; ошибка появилась в 1.15.4.
+
+ *) Исправление: незначительных потенциальных ошибок.
+
+
+Изменения в nginx 1.15.4 25.09.2018
+
+ *) Добавление: теперь директиву ssl_early_data можно использовать с
+ OpenSSL.
+
+ *) Исправление: в модуле ngx_http_uwsgi_module.
+ Спасибо Chris Caputo.
+
+ *) Исправление: соединения к некоторым gRPC-бэкендам могли не
+ кэшироваться при использовании директивы keepalive.
+
+ *) Исправление: при использовании директивы error_page для
+ перенаправления ошибок, возникающих на ранних этапах обработки
+ запроса, в частности ошибок с кодом 400, могла происходить утечка
+ сокетов.
+
+ *) Исправление: директива return при возврате ошибок не изменяла код
+ ответа, если запрос был перенаправлен с помощью директивы error_page.
+
+ *) Исправление: стандартные сообщения об ошибках и ответы модуля
+ ngx_http_autoindex_module содержали атрибут bgcolor, что могло
+ приводить к их некорректному отображению при использовании
+ пользовательских настроек цветов в браузерах.
+ Спасибо Nova DasSarma.
+
+ *) Изменение: уровень логгирования ошибок SSL "no suitable key share" и
+ "no suitable signature algorithm" понижен с уровня crit до info.
+
+
+Изменения в nginx 1.15.3 28.08.2018
+
+ *) Добавление: теперь TLSv1.3 можно использовать с BoringSSL.
+
+ *) Добавление: директива ssl_early_data, сейчас доступна при
+ использовании BoringSSL.
+
+ *) Добавление: директивы keepalive_timeout и keepalive_requests в блоке
+ upstream.
+
+ *) Исправление: модуль ngx_http_dav_module при копировании файла поверх
+ существующего файла с помощью метода COPY не обнулял целевой файл.
+
+ *) Исправление: модуль ngx_http_dav_module при перемещении файла между
+ файловыми системами с помощью метода MOVE устанавливал нулевые права
+ доступа на результирующий файл и не сохранял время изменения файла.
+
+ *) Исправление: модуль ngx_http_dav_module при копировании файла с
+ помощью метода COPY для результирующего файла использовал права
+ доступа по умолчанию.
+
+ *) Изменение: некоторые клиенты могли не работать при использовании
+ HTTP/2; ошибка появилась в 1.13.5.
+
+ *) Исправление: nginx не собирался с LibreSSL 2.8.0.
+
+
+Изменения в nginx 1.15.2 24.07.2018
+
+ *) Добавление: переменная $ssl_preread_protocol в модуле
+ ngx_stream_ssl_preread_module.
+
+ *) Добавление: теперь при использовании директивы
+ reset_timedout_connection nginx сбрасывает соединения, закрываемые с
+ кодом 444.
+
+ *) Изменение: уровень логгирования ошибок SSL "http request", "https
+ proxy request", "unsupported protocol" и "version too low" понижен с
+ уровня crit до info.
+
+ *) Исправление: запросы к DNS-серверу не отправлялись повторно, если при
+ первой попытке отправки происходила ошибка.
+
+ *) Исправление: параметр reuseport директивы listen игнорировался, если
+ количество рабочих процессов было задано после директивы listen.
+
+ *) Исправление: при использовании OpenSSL 1.1.0 и новее директиву
+ ssl_prefer_server_ciphers нельзя было выключить в виртуальном
+ сервере, если она была включена в сервере по умолчанию.
+
+ *) Исправление: повторное использование SSL-сессий к бэкендам не
+ работало с протоколом TLS 1.3.
+
+
+Изменения в nginx 1.15.1 03.07.2018
+
+ *) Добавление: директива random в блоке upstream.
+
+ *) Добавление: улучшена производительность при использовании директив
+ hash и ip_hash совместно с директивой zone.
+
+ *) Добавление: параметр reuseport директивы listen теперь использует
+ SO_REUSEPORT_LB на FreeBSD 12.
+
+ *) Исправление: HTTP/2 server push не работал, если SSL терминировался
+ прокси-сервером перед nginx'ом.
+
+ *) Исправление: директива tcp_nopush всегда использовалась для
+ соединений к бэкендам.
+
+ *) Исправление: при отправке сохранённого на диск тела запроса на
+ gRPC-бэкенд могли возникать ошибки.
+
+
+Изменения в nginx 1.15.0 05.06.2018
+
+ *) Изменение: директива "ssl" теперь считается устаревшей; вместо неё
+ следует использовать параметр ssl директивы listen.
+
+ *) Изменение: теперь при использовании директивы listen с параметром ssl
+ nginx определяет отсутствие SSL-сертификатов при тестировании
+ конфигурации.
+
+ *) Добавление: теперь модуль stream умеет обрабатывать несколько
+ входящих UDP-пакетов от клиента в рамках одной сессии.
+
+ *) Исправление: в директиве proxy_cache_valid можно было указать
+ некорректный код ответа.
+
+ *) Исправление: nginx не собирался gcc 8.1.
+
+ *) Исправление: логгирование в syslog останавливалось при изменении
+ локального IP-адреса.
+
+ *) Исправление: nginx не собирался компилятором clang, если был
+ установлен CUDA SDK; ошибка появилась в 1.13.8.
+
+ *) Исправление: при использовании unix domain listen-сокетов на FreeBSD
+ в процессе обновления исполняемого файла в логе могли появляться
+ сообщения "getsockopt(TCP_FASTOPEN) ... failed".
+
+ *) Исправление: nginx не собирался на Fedora 28 Linux.
+
+ *) Исправление: при использовании директивы limit_req заданная скорость
+ обработки запросов могла не соблюдаться.
+
+ *) Исправление: в обработке адресов клиентов при использовании unix
+ domain listen-сокетов для работы с датаграммами на Linux.
- *) Стабильная ветка 1.14.x.
+ *) Исправление: в обработке ошибок выделения памяти.
Изменения в nginx 1.13.12 10.04.2018
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/LICENSE
^
|
| @@ -1,6 +1,6 @@
/*
- * Copyright (C) 2002-2018 Igor Sysoev
- * Copyright (C) 2011-2018 Nginx, Inc.
+ * Copyright (C) 2002-2019 Igor Sysoev
+ * Copyright (C) 2011-2019 Nginx, Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/auto/cc/clang
^
|
| @@ -6,7 +6,8 @@
NGX_CLANG_VER=`$CC -v 2>&1 | grep 'version' 2>&1 \
- | sed -e 's/^.* version \(.*\)/\1/'`
+ | sed -n -e 's/^.*clang version \(.*\)/\1/p' \
+ -e 's/^.*LLVM version \(.*\)/\1/p'`
echo " + clang version: $NGX_CLANG_VER"
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/auto/cc/msvc
^
|
| @@ -108,7 +108,7 @@
# msvc under Wine issues
# C1902: Program database manager mismatch; please check your installation
if [ -z "$NGX_WINE" ]; then
- CFLAGS="$CFLAGS -Zi"
+ CFLAGS="$CFLAGS -Zi -Fd$NGX_OBJS/nginx.pdb"
CORE_LINK="$CORE_LINK -debug"
fi
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/auto/lib/google-perftools/conf
^
|
| @@ -9,7 +9,8 @@
ngx_feature_incs=
ngx_feature_path=
ngx_feature_libs="-lprofiler"
- ngx_feature_test="ProfilerStop()"
+ ngx_feature_test="void ProfilerStop(void);
+ ProfilerStop()"
. auto/feature
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/auto/lib/libgd/conf
^
|
| @@ -9,7 +9,8 @@
ngx_feature_incs="#include <gd.h>"
ngx_feature_path=
ngx_feature_libs="-lgd"
- ngx_feature_test="gdImagePtr img = gdImageCreateFromGifPtr(1, NULL);"
+ ngx_feature_test="gdImagePtr img = gdImageCreateFromGifPtr(1, NULL);
+ (void) img"
. auto/feature
@@ -76,7 +77,8 @@
ngx_feature="GD WebP support"
ngx_feature_name="NGX_HAVE_GD_WEBP"
- ngx_feature_test="gdImagePtr img = gdImageCreateFromWebpPtr(1, NULL);"
+ ngx_feature_test="gdImagePtr img = gdImageCreateFromWebpPtr(1, NULL);
+ (void) img"
. auto/feature
else
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/auto/lib/libxslt/conf
^
|
| @@ -16,8 +16,8 @@
ngx_feature_libs="-lxml2 -lxslt"
ngx_feature_test="xmlParserCtxtPtr ctxt = NULL;
xsltStylesheetPtr sheet = NULL;
- xmlDocPtr doc;
- doc = xmlParseChunk(ctxt, NULL, 0, 0);
+ xmlDocPtr doc = NULL;
+ xmlParseChunk(ctxt, NULL, 0, 0);
xsltApplyStylesheet(sheet, doc, NULL);"
. auto/feature
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/auto/make
^
|
| @@ -229,7 +229,7 @@
binary: $NGX_OBJS${ngx_dirsep}nginx$ngx_binext
$NGX_OBJS${ngx_dirsep}nginx$ngx_binext: $ngx_deps$ngx_spacer
- \$(LINK) $ngx_long_start$ngx_binout$NGX_OBJS${ngx_dirsep}nginx$ngx_long_cont$ngx_objs$ngx_libs$ngx_link$ngx_main_link
+ \$(LINK) $ngx_long_start$ngx_binout$NGX_OBJS${ngx_dirsep}nginx$ngx_binext$ngx_long_cont$ngx_objs$ngx_libs$ngx_link$ngx_main_link
$ngx_rcc
$ngx_long_end
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/auto/modules
^
|
| @@ -878,6 +878,17 @@
. auto/module
fi
+ if [ $HTTP_UPSTREAM_RANDOM = YES ]; then
+ ngx_module_name=ngx_http_upstream_random_module
+ ngx_module_incs=
+ ngx_module_deps=
+ ngx_module_srcs=src/http/modules/ngx_http_upstream_random_module.c
+ ngx_module_libs=
+ ngx_module_link=$HTTP_UPSTREAM_RANDOM
+
+ . auto/module
+ fi
+
if [ $HTTP_UPSTREAM_KEEPALIVE = YES ]; then
ngx_module_name=ngx_http_upstream_keepalive_module
ngx_module_incs=
@@ -1142,6 +1153,16 @@
. auto/module
fi
+
+ if [ $STREAM_UPSTREAM_RANDOM = YES ]; then
+ ngx_module_name=ngx_stream_upstream_random_module
+ ngx_module_deps=
+ ngx_module_srcs=src/stream/ngx_stream_upstream_random_module.c
+ ngx_module_libs=
+ ngx_module_link=$STREAM_UPSTREAM_RANDOM
+
+ . auto/module
+ fi
if [ $STREAM_UPSTREAM_ZONE = YES ]; then
have=NGX_STREAM_UPSTREAM_ZONE . auto/have
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/auto/options
^
|
| @@ -102,6 +102,7 @@
HTTP_UPSTREAM_HASH=YES
HTTP_UPSTREAM_IP_HASH=YES
HTTP_UPSTREAM_LEAST_CONN=YES
+HTTP_UPSTREAM_RANDOM=YES
HTTP_UPSTREAM_KEEPALIVE=YES
HTTP_UPSTREAM_ZONE=YES
@@ -126,6 +127,7 @@
STREAM_RETURN=YES
STREAM_UPSTREAM_HASH=YES
STREAM_UPSTREAM_LEAST_CONN=YES
+STREAM_UPSTREAM_RANDOM=YES
STREAM_UPSTREAM_ZONE=YES
STREAM_SSL_PREREAD=NO
@@ -273,6 +275,8 @@
--without-http_upstream_ip_hash_module) HTTP_UPSTREAM_IP_HASH=NO ;;
--without-http_upstream_least_conn_module)
HTTP_UPSTREAM_LEAST_CONN=NO ;;
+ --without-http_upstream_random_module)
+ HTTP_UPSTREAM_RANDOM=NO ;;
--without-http_upstream_keepalive_module) HTTP_UPSTREAM_KEEPALIVE=NO ;;
--without-http_upstream_zone_module) HTTP_UPSTREAM_ZONE=NO ;;
@@ -325,6 +329,8 @@
STREAM_UPSTREAM_HASH=NO ;;
--without-stream_upstream_least_conn_module)
STREAM_UPSTREAM_LEAST_CONN=NO ;;
+ --without-stream_upstream_random_module)
+ STREAM_UPSTREAM_RANDOM=NO ;;
--without-stream_upstream_zone_module)
STREAM_UPSTREAM_ZONE=NO ;;
@@ -485,6 +491,8 @@
disable ngx_http_upstream_ip_hash_module
--without-http_upstream_least_conn_module
disable ngx_http_upstream_least_conn_module
+ --without-http_upstream_random_module
+ disable ngx_http_upstream_random_module
--without-http_upstream_keepalive_module
disable ngx_http_upstream_keepalive_module
--without-http_upstream_zone_module
@@ -535,6 +543,8 @@
disable ngx_stream_upstream_hash_module
--without-stream_upstream_least_conn_module
disable ngx_stream_upstream_least_conn_module
+ --without-stream_upstream_random_module
+ disable ngx_stream_upstream_random_module
--without-stream_upstream_zone_module
disable ngx_stream_upstream_zone_module
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/auto/os/linux
^
|
| @@ -185,6 +185,8 @@
data.effective = CAP_TO_MASK(CAP_NET_RAW);
data.permitted = 0;
+ (void) header;
+ (void) data;
(void) SYS_capset"
. auto/feature
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/auto/os/win32
^
|
| @@ -11,6 +11,7 @@
OS_CONFIG="$WIN32_CONFIG"
NGX_ICONS="$NGX_WIN32_ICONS"
SELECT_SRCS=$WIN32_SELECT_SRCS
+POLL_SRCS=$WIN32_POLL_SRCS
ngx_pic_opt=
ngx_binext=".exe"
@@ -31,12 +32,7 @@
esac
EVENT_MODULES="$EVENT_MODULES $IOCP_MODULE"
-EVENT_FOUND=YES
-
-if [ $EVENT_SELECT = NO ]; then
- CORE_SRCS="$CORE_SRCS $SELECT_SRCS"
- EVENT_MODULES="$EVENT_MODULES $SELECT_MODULE"
-fi
+#EVENT_FOUND=YES
have=NGX_HAVE_INET6 . auto/have
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/auto/sources
^
|
| @@ -95,6 +95,7 @@
src/event/ngx_event_timer.c \
src/event/ngx_event_posted.c \
src/event/ngx_event_accept.c \
+ src/event/ngx_event_udp.c \
src/event/ngx_event_connect.c \
src/event/ngx_event_pipe.c"
@@ -105,6 +106,7 @@
POLL_MODULE=ngx_poll_module
POLL_SRCS=src/event/modules/ngx_poll_module.c
+WIN32_POLL_SRCS=src/event/modules/ngx_win32_poll_module.c
KQUEUE_MODULE=ngx_kqueue_module
KQUEUE_SRCS=src/event/modules/ngx_kqueue_module.c
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/conf/mime.types
^
|
| @@ -24,7 +24,9 @@
image/x-jng jng;
image/x-ms-bmp bmp;
- application/font-woff woff;
+ font/woff woff;
+ font/woff2 woff2;
+
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/contrib/vim/syntax/nginx.vim
^
|
| @@ -108,6 +108,7 @@
syn keyword ngxDirectiveError contained error_page
syn keyword ngxDirectiveError contained post_action
+syn keyword ngxDirectiveDeprecated contained limit_zone
syn keyword ngxDirectiveDeprecated contained proxy_downstream_buffer
syn keyword ngxDirectiveDeprecated contained proxy_upstream_buffer
syn keyword ngxDirectiveDeprecated contained spdy_chunk_size
@@ -118,6 +119,7 @@
syn keyword ngxDirectiveDeprecated contained spdy_recv_buffer_size
syn keyword ngxDirectiveDeprecated contained spdy_recv_timeout
syn keyword ngxDirectiveDeprecated contained spdy_streams_index_size
+syn keyword ngxDirectiveDeprecated contained ssl
syn keyword ngxDirectiveDeprecated contained upstream_conf
syn keyword ngxDirective contained absolute_redirect
@@ -136,6 +138,7 @@
syn keyword ngxDirective contained allow
syn keyword ngxDirective contained ancient_browser
syn keyword ngxDirective contained ancient_browser_value
+syn keyword ngxDirective contained api
syn keyword ngxDirective contained auth_basic
syn keyword ngxDirective contained auth_basic_user_file
syn keyword ngxDirective contained auth_http
@@ -143,7 +146,11 @@
syn keyword ngxDirective contained auth_http_pass_client_cert
syn keyword ngxDirective contained auth_http_timeout
syn keyword ngxDirective contained auth_jwt
+syn keyword ngxDirective contained auth_jwt_claim_set
+syn keyword ngxDirective contained auth_jwt_header_set
syn keyword ngxDirective contained auth_jwt_key_file
+syn keyword ngxDirective contained auth_jwt_key_request
+syn keyword ngxDirective contained auth_jwt_leeway
syn keyword ngxDirective contained auth_request
syn keyword ngxDirective contained auth_request_set
syn keyword ngxDirective contained autoindex
@@ -229,6 +236,7 @@
syn keyword ngxDirective contained fastcgi_request_buffering
syn keyword ngxDirective contained fastcgi_send_lowat
syn keyword ngxDirective contained fastcgi_send_timeout
+syn keyword ngxDirective contained fastcgi_socket_keepalive
syn keyword ngxDirective contained fastcgi_split_path_info
syn keyword ngxDirective contained fastcgi_store
syn keyword ngxDirective contained fastcgi_store_access
@@ -255,6 +263,7 @@
syn keyword ngxDirective contained grpc_read_timeout
syn keyword ngxDirective contained grpc_send_timeout
syn keyword ngxDirective contained grpc_set_header
+syn keyword ngxDirective contained grpc_socket_keepalive
syn keyword ngxDirective contained grpc_ssl_certificate
syn keyword ngxDirective contained grpc_ssl_certificate_key
syn keyword ngxDirective contained grpc_ssl_ciphers
@@ -330,6 +339,8 @@
syn keyword ngxDirective contained keepalive_disable
syn keyword ngxDirective contained keepalive_requests
syn keyword ngxDirective contained keepalive_timeout
+syn keyword ngxDirective contained keyval
+syn keyword ngxDirective contained keyval_zone
syn keyword ngxDirective contained kqueue_changes
syn keyword ngxDirective contained kqueue_events
syn keyword ngxDirective contained large_client_header_buffers
@@ -367,6 +378,7 @@
syn keyword ngxDirective contained memcached_next_upstream_tries
syn keyword ngxDirective contained memcached_read_timeout
syn keyword ngxDirective contained memcached_send_timeout
+syn keyword ngxDirective contained memcached_socket_keepalive
syn keyword ngxDirective contained merge_slashes
syn keyword ngxDirective contained min_delete_depth
syn keyword ngxDirective contained mirror
@@ -375,9 +387,9 @@
syn keyword ngxDirective contained modern_browser_value
syn keyword ngxDirective contained mp4
syn keyword ngxDirective contained mp4_buffer_size
-syn keyword ngxDirective contained mp4_max_buffer_size
syn keyword ngxDirective contained mp4_limit_rate
syn keyword ngxDirective contained mp4_limit_rate_after
+syn keyword ngxDirective contained mp4_max_buffer_size
syn keyword ngxDirective contained msie_padding
syn keyword ngxDirective contained msie_refresh
syn keyword ngxDirective contained multi_accept
@@ -456,11 +468,13 @@
syn keyword ngxDirective contained proxy_read_timeout
syn keyword ngxDirective contained proxy_redirect
syn keyword ngxDirective contained proxy_request_buffering
+syn keyword ngxDirective contained proxy_requests
syn keyword ngxDirective contained proxy_responses
syn keyword ngxDirective contained proxy_send_lowat
syn keyword ngxDirective contained proxy_send_timeout
syn keyword ngxDirective contained proxy_set_body
syn keyword ngxDirective contained proxy_set_header
+syn keyword ngxDirective contained proxy_socket_keepalive
syn keyword ngxDirective contained proxy_ssl
syn keyword ngxDirective contained proxy_ssl_certificate
syn keyword ngxDirective contained proxy_ssl_certificate_key
@@ -481,6 +495,7 @@
syn keyword ngxDirective contained proxy_timeout
syn keyword ngxDirective contained proxy_upload_rate
syn keyword ngxDirective contained queue
+syn keyword ngxDirective contained random
syn keyword ngxDirective contained random_index
syn keyword ngxDirective contained read_ahead
syn keyword ngxDirective contained real_ip_header
@@ -533,6 +548,7 @@
syn keyword ngxDirective contained scgi_read_timeout
syn keyword ngxDirective contained scgi_request_buffering
syn keyword ngxDirective contained scgi_send_timeout
+syn keyword ngxDirective contained scgi_socket_keepalive
syn keyword ngxDirective contained scgi_store
syn keyword ngxDirective contained scgi_store_access
syn keyword ngxDirective contained scgi_temp_file_write_size
@@ -565,7 +581,6 @@
syn keyword ngxDirective contained ssi_silent_errors
syn keyword ngxDirective contained ssi_types
syn keyword ngxDirective contained ssi_value_length
-syn keyword ngxDirective contained ssl
syn keyword ngxDirective contained ssl_buffer_size
syn keyword ngxDirective contained ssl_certificate
syn keyword ngxDirective contained ssl_certificate_key
@@ -573,6 +588,7 @@
syn keyword ngxDirective contained ssl_client_certificate
syn keyword ngxDirective contained ssl_crl
syn keyword ngxDirective contained ssl_dhparam
+syn keyword ngxDirective contained ssl_early_data
syn keyword ngxDirective contained ssl_ecdh_curve
syn keyword ngxDirective contained ssl_engine
syn keyword ngxDirective contained ssl_handshake_timeout
@@ -664,6 +680,7 @@
syn keyword ngxDirective contained uwsgi_read_timeout
syn keyword ngxDirective contained uwsgi_request_buffering
syn keyword ngxDirective contained uwsgi_send_timeout
+syn keyword ngxDirective contained uwsgi_socket_keepalive
syn keyword ngxDirective contained uwsgi_ssl_certificate
syn keyword ngxDirective contained uwsgi_ssl_certificate_key
syn keyword ngxDirective contained uwsgi_ssl_ciphers
@@ -701,6 +718,26 @@
syn keyword ngxDirective contained xslt_stylesheet
syn keyword ngxDirective contained xslt_types
syn keyword ngxDirective contained zone
+syn keyword ngxDirective contained zone_sync
+syn keyword ngxDirective contained zone_sync_buffers
+syn keyword ngxDirective contained zone_sync_connect_retry_interval
+syn keyword ngxDirective contained zone_sync_connect_timeout
+syn keyword ngxDirective contained zone_sync_interval
+syn keyword ngxDirective contained zone_sync_recv_buffer_size
+syn keyword ngxDirective contained zone_sync_server
+syn keyword ngxDirective contained zone_sync_ssl
+syn keyword ngxDirective contained zone_sync_ssl_certificate
+syn keyword ngxDirective contained zone_sync_ssl_certificate_key
+syn keyword ngxDirective contained zone_sync_ssl_ciphers
+syn keyword ngxDirective contained zone_sync_ssl_crl
+syn keyword ngxDirective contained zone_sync_ssl_name
+syn keyword ngxDirective contained zone_sync_ssl_password_file
+syn keyword ngxDirective contained zone_sync_ssl_protocols
+syn keyword ngxDirective contained zone_sync_ssl_server_name
+syn keyword ngxDirective contained zone_sync_ssl_trusted_certificate
+syn keyword ngxDirective contained zone_sync_ssl_verify
+syn keyword ngxDirective contained zone_sync_ssl_verify_depth
+syn keyword ngxDirective contained zone_sync_timeout
" 3rd party modules list taken from
" https://github.com/freebsd/freebsd-ports/blob/master/www/nginx-devel/Makefile
@@ -876,6 +913,8 @@
" NGINX WebDAV missing commands support (PROPFIND & OPTIONS)
" https://github.com/arut/nginx-dav-ext-module
+syn keyword ngxDirectiveThirdParty contained dav_ext_lock
+syn keyword ngxDirectiveThirdParty contained dav_ext_lock_zone
syn keyword ngxDirectiveThirdParty contained dav_ext_methods
" ngx_eval
@@ -895,6 +934,7 @@
syn keyword ngxDirectiveThirdParty contained fancyindex_exact_size
syn keyword ngxDirectiveThirdParty contained fancyindex_footer
syn keyword ngxDirectiveThirdParty contained fancyindex_header
+syn keyword ngxDirectiveThirdParty contained fancyindex_hide_parent_dir
syn keyword ngxDirectiveThirdParty contained fancyindex_hide_symlinks
syn keyword ngxDirectiveThirdParty contained fancyindex_ignore
syn keyword ngxDirectiveThirdParty contained fancyindex_localtime
@@ -937,8 +977,17 @@
" nchan
" https://github.com/slact/nchan
+syn keyword ngxDirectiveThirdParty contained nchan_access_control_allow_credentials
syn keyword ngxDirectiveThirdParty contained nchan_access_control_allow_origin
syn keyword ngxDirectiveThirdParty contained nchan_authorize_request
+syn keyword ngxDirectiveThirdParty contained nchan_benchmark
+syn keyword ngxDirectiveThirdParty contained nchan_benchmark_channels
+syn keyword ngxDirectiveThirdParty contained nchan_benchmark_message_padding_bytes
+syn keyword ngxDirectiveThirdParty contained nchan_benchmark_messages_per_channel_per_minute
+syn keyword ngxDirectiveThirdParty contained nchan_benchmark_publisher_distribution
+syn keyword ngxDirectiveThirdParty contained nchan_benchmark_subscriber_distribution
+syn keyword ngxDirectiveThirdParty contained nchan_benchmark_subscribers_per_channel
+syn keyword ngxDirectiveThirdParty contained nchan_benchmark_time
syn keyword ngxDirectiveThirdParty contained nchan_channel_event_string
syn keyword ngxDirectiveThirdParty contained nchan_channel_events_channel_id
syn keyword ngxDirectiveThirdParty contained nchan_channel_group
@@ -974,15 +1023,19 @@
syn keyword ngxDirectiveThirdParty contained nchan_pubsub
syn keyword ngxDirectiveThirdParty contained nchan_pubsub_channel_id
syn keyword ngxDirectiveThirdParty contained nchan_pubsub_location
+syn keyword ngxDirectiveThirdParty contained nchan_redis_connect_timeout
syn keyword ngxDirectiveThirdParty contained nchan_redis_fakesub_timer_interval
syn keyword ngxDirectiveThirdParty contained nchan_redis_idle_channel_cache_timeout
syn keyword ngxDirectiveThirdParty contained nchan_redis_namespace
+syn keyword ngxDirectiveThirdParty contained nchan_redis_nostore_fastpublish
+syn keyword ngxDirectiveThirdParty contained nchan_redis_optimize_target
syn keyword ngxDirectiveThirdParty contained nchan_redis_pass
syn keyword ngxDirectiveThirdParty contained nchan_redis_pass_inheritable
syn keyword ngxDirectiveThirdParty contained nchan_redis_ping_interval
syn keyword ngxDirectiveThirdParty contained nchan_redis_publish_msgpacked_max_size
syn keyword ngxDirectiveThirdParty contained nchan_redis_server
syn keyword ngxDirectiveThirdParty contained nchan_redis_storage_mode
+syn keyword ngxDirectiveThirdParty contained nchan_redis_subscribe_weights
syn keyword ngxDirectiveThirdParty contained nchan_redis_url
syn keyword ngxDirectiveThirdParty contained nchan_redis_wait_after_connecting
syn keyword ngxDirectiveThirdParty contained nchan_shared_memory_size
@@ -1280,6 +1333,7 @@
syn keyword ngxDirectiveThirdParty contained lua_package_path
syn keyword ngxDirectiveThirdParty contained lua_regex_cache_max_entries
syn keyword ngxDirectiveThirdParty contained lua_regex_match_limit
+syn keyword ngxDirectiveThirdParty contained lua_sa_restart
syn keyword ngxDirectiveThirdParty contained lua_shared_dict
syn keyword ngxDirectiveThirdParty contained lua_socket_buffer_size
syn keyword ngxDirectiveThirdParty contained lua_socket_connect_timeout
@@ -1355,9 +1409,15 @@
" https://www.phusionpassenger.com/library/config/nginx/reference/
syn keyword ngxDirectiveThirdParty contained passenger_abort_on_startup_error
syn keyword ngxDirectiveThirdParty contained passenger_abort_websockets_on_process_shutdown
+syn keyword ngxDirectiveThirdParty contained passenger_admin_panel_auth_type
+syn keyword ngxDirectiveThirdParty contained passenger_admin_panel_password
+syn keyword ngxDirectiveThirdParty contained passenger_admin_panel_url
+syn keyword ngxDirectiveThirdParty contained passenger_admin_panel_username
+syn keyword ngxDirectiveThirdParty contained passenger_anonymous_telemetry_proxy
syn keyword ngxDirectiveThirdParty contained passenger_app_env
syn keyword ngxDirectiveThirdParty contained passenger_app_file_descriptor_ulimit
syn keyword ngxDirectiveThirdParty contained passenger_app_group_name
+syn keyword ngxDirectiveThirdParty contained passenger_app_log_file
syn keyword ngxDirectiveThirdParty contained passenger_app_rights
syn keyword ngxDirectiveThirdParty contained passenger_app_root
syn keyword ngxDirectiveThirdParty contained passenger_app_type
@@ -1373,8 +1433,10 @@
syn keyword ngxDirectiveThirdParty contained passenger_debugger
syn keyword ngxDirectiveThirdParty contained passenger_default_group
syn keyword ngxDirectiveThirdParty contained passenger_default_user
+syn keyword ngxDirectiveThirdParty contained passenger_disable_anonymous_telemetry
syn keyword ngxDirectiveThirdParty contained passenger_disable_security_update_check
syn keyword ngxDirectiveThirdParty contained passenger_document_root
+syn keyword ngxDirectiveThirdParty contained passenger_dump_config_manifest
syn keyword ngxDirectiveThirdParty contained passenger_enabled
syn keyword ngxDirectiveThirdParty contained passenger_env_var
syn keyword ngxDirectiveThirdParty contained passenger_file_descriptor_log_file
@@ -1402,6 +1464,7 @@
syn keyword ngxDirectiveThirdParty contained passenger_memory_limit
syn keyword ngxDirectiveThirdParty contained passenger_meteor_app_settings
syn keyword ngxDirectiveThirdParty contained passenger_min_instances
+syn keyword ngxDirectiveThirdParty contained passenger_monitor_log_file
syn keyword ngxDirectiveThirdParty contained passenger_nodejs
syn keyword ngxDirectiveThirdParty contained passenger_pass_header
syn keyword ngxDirectiveThirdParty contained passenger_pool_idle_time
@@ -1778,6 +1841,8 @@
syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter_by_host
syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter_by_set_key
syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter_check_duplicate
+syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter_max_node
+syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_histogram_buckets
syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_limit
syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_limit_check_duplicate
syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_limit_traffic
@@ -1899,11 +1964,11 @@
" ngx_http_accounting_module
" https://github.com/Lax/ngx_http_accounting_module
-syn keyword ngxDirectiveThirdParty contained http_accounting
-syn keyword ngxDirectiveThirdParty contained http_accounting_id
-syn keyword ngxDirectiveThirdParty contained http_accounting_interval
-syn keyword ngxDirectiveThirdParty contained http_accounting_log
-syn keyword ngxDirectiveThirdParty contained http_accounting_perturb
+syn keyword ngxDirectiveThirdParty contained accounting
+syn keyword ngxDirectiveThirdParty contained accounting_id
+syn keyword ngxDirectiveThirdParty contained accounting_interval
+syn keyword ngxDirectiveThirdParty contained accounting_log
+syn keyword ngxDirectiveThirdParty contained accounting_perturb
" concatenating files in a given context: CSS and JS files usually
" https://github.com/alibaba/nginx-http-concat
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/html/50x.html
^
|
| @@ -15,7 +15,7 @@
<p>Sorry, the page you are looking for is currently unavailable.<br/>
Please try again later.</p>
<p>If you are the system administrator of this resource then you should check
-the <a href="http://nginx.org/r/error_log">error log</a> for details.</p>
+the error log for details.</p>
<p><em>Faithfully yours, nginx.</em></p>
</body>
</html>
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/core/nginx.h
^
|
| @@ -9,8 +9,8 @@
#define _NGINX_H_INCLUDED_
-#define nginx_version 1014002
-#define NGINX_VERSION "1.14.2"
+#define nginx_version 1016001
+#define NGINX_VERSION "1.16.1"
#define NGINX_VER "nginx/" NGINX_VERSION
#ifdef NGX_BUILD
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/core/ngx_buf.c
^
|
| @@ -137,6 +137,7 @@
while (in) {
cl = ngx_alloc_chain_link(pool);
if (cl == NULL) {
+ *ll = NULL;
return NGX_ERROR;
}
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/core/ngx_conf_file.c
^
|
| @@ -310,7 +310,7 @@
goto failed;
}
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, rv);
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "%s", rv);
goto failed;
}
@@ -656,13 +656,14 @@
}
if (last_space) {
- if (ch == ' ' || ch == '\t' || ch == CR || ch == LF) {
- continue;
- }
start = b->pos - 1;
start_line = cf->conf_file->line;
+ if (ch == ' ' || ch == '\t' || ch == CR || ch == LF) {
+ continue;
+ }
+
switch (ch) {
case ';':
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/core/ngx_connection.c
^
|
| @@ -72,6 +72,10 @@
ngx_memcpy(ls->addr_text.data, text, len);
+#if !(NGX_WIN32)
+ ngx_rbtree_init(&ls->rbtree, &ls->sentinel, ngx_udp_rbtree_insert_value);
+#endif
+
ls->fd = (ngx_socket_t) -1;
ls->type = SOCK_STREAM;
@@ -92,7 +96,7 @@
ngx_int_t
-ngx_clone_listening(ngx_conf_t *cf, ngx_listening_t *ls)
+ngx_clone_listening(ngx_cycle_t *cycle, ngx_listening_t *ls)
{
#if (NGX_HAVE_REUSEPORT)
@@ -100,20 +104,19 @@
ngx_core_conf_t *ccf;
ngx_listening_t ols;
- if (!ls->reuseport) {
+ if (!ls->reuseport || ls->worker != 0) {
return NGX_OK;
}
ols = *ls;
- ccf = (ngx_core_conf_t *) ngx_get_conf(cf->cycle->conf_ctx,
- ngx_core_module);
+ ccf = (ngx_core_conf_t *) ngx_get_conf(cycle->conf_ctx, ngx_core_module);
for (n = 1; n < ccf->worker_processes; n++) {
/* create a socket for each worker process */
- ls = ngx_array_push(&cf->cycle->listening);
+ ls = ngx_array_push(&cycle->listening);
if (ls == NULL) {
return NGX_ERROR;
}
@@ -277,6 +280,22 @@
reuseport = 0;
olen = sizeof(int);
+#ifdef SO_REUSEPORT_LB
+
+ if (getsockopt(ls[i].fd, SOL_SOCKET, SO_REUSEPORT_LB,
+ (void *) &reuseport, &olen)
+ == -1)
+ {
+ ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_socket_errno,
+ "getsockopt(SO_REUSEPORT_LB) %V failed, ignored",
+ &ls[i].addr_text);
+
+ } else {
+ ls[i].reuseport = reuseport ? 1 : 0;
+ }
+
+#else
+
if (getsockopt(ls[i].fd, SOL_SOCKET, SO_REUSEPORT,
(void *) &reuseport, &olen)
== -1)
@@ -288,6 +307,7 @@
} else {
ls[i].reuseport = reuseport ? 1 : 0;
}
+#endif
#endif
@@ -305,7 +325,9 @@
{
err = ngx_socket_errno;
- if (err != NGX_EOPNOTSUPP && err != NGX_ENOPROTOOPT) {
+ if (err != NGX_EOPNOTSUPP && err != NGX_ENOPROTOOPT
+ && err != NGX_EINVAL)
+ {
ngx_log_error(NGX_LOG_NOTICE, cycle->log, err,
"getsockopt(TCP_FASTOPEN) %V failed, ignored",
&ls[i].addr_text);
@@ -424,6 +446,20 @@
int reuseport = 1;
+#ifdef SO_REUSEPORT_LB
+
+ if (setsockopt(ls[i].fd, SOL_SOCKET, SO_REUSEPORT_LB,
+ (const void *) &reuseport, sizeof(int))
+ == -1)
+ {
+ ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_socket_errno,
+ "setsockopt(SO_REUSEPORT_LB) %V failed, "
+ "ignored",
+ &ls[i].addr_text);
+ }
+
+#else
+
if (setsockopt(ls[i].fd, SOL_SOCKET, SO_REUSEPORT,
(const void *) &reuseport, sizeof(int))
== -1)
@@ -432,6 +468,7 @@
"setsockopt(SO_REUSEPORT) %V failed, ignored",
&ls[i].addr_text);
}
+#endif
ls[i].add_reuseport = 0;
}
@@ -482,6 +519,27 @@
reuseport = 1;
+#ifdef SO_REUSEPORT_LB
+
+ if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT_LB,
+ (const void *) &reuseport, sizeof(int))
+ == -1)
+ {
+ ngx_log_error(NGX_LOG_EMERG, log, ngx_socket_errno,
+ "setsockopt(SO_REUSEPORT_LB) %V failed",
+ &ls[i].addr_text);
+
+ if (ngx_close_socket(s) == -1) {
+ ngx_log_error(NGX_LOG_EMERG, log, ngx_socket_errno,
+ ngx_close_socket_n " %V failed",
+ &ls[i].addr_text);
+ }
+
+ return NGX_ERROR;
+ }
+
+#else
+
if (setsockopt(s, SOL_SOCKET, SO_REUSEPORT,
(const void *) &reuseport, sizeof(int))
== -1)
@@ -498,6 +556,7 @@
return NGX_ERROR;
}
+#endif
}
#endif
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/core/ngx_connection.h
^
|
| @@ -51,6 +51,9 @@
ngx_listening_t *previous;
ngx_connection_t *connection;
+ ngx_rbtree_t rbtree;
+ ngx_rbtree_node_t sentinel;
+
ngx_uint_t worker;
unsigned open:1;
@@ -151,6 +154,8 @@
ngx_ssl_connection_t *ssl;
#endif
+ ngx_udp_connection_t *udp;
+
struct sockaddr *local_sockaddr;
socklen_t local_socklen;
@@ -205,7 +210,7 @@
ngx_listening_t *ngx_create_listening(ngx_conf_t *cf, struct sockaddr *sockaddr,
socklen_t socklen);
-ngx_int_t ngx_clone_listening(ngx_conf_t *cf, ngx_listening_t *ls);
+ngx_int_t ngx_clone_listening(ngx_cycle_t *cycle, ngx_listening_t *ls);
ngx_int_t ngx_set_inherited_sockets(ngx_cycle_t *cycle);
ngx_int_t ngx_open_listening_sockets(ngx_cycle_t *cycle);
void ngx_configure_listening_sockets(ngx_cycle_t *cycle);
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/core/ngx_core.h
^
|
| @@ -27,6 +27,7 @@
typedef struct ngx_thread_task_s ngx_thread_task_t;
typedef struct ngx_ssl_s ngx_ssl_t;
typedef struct ngx_ssl_connection_s ngx_ssl_connection_t;
+typedef struct ngx_udp_connection_s ngx_udp_connection_t;
typedef void (*ngx_event_handler_pt)(ngx_event_t *ev);
typedef void (*ngx_connection_handler_pt)(ngx_connection_t *c);
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/core/ngx_cycle.c
^
|
| @@ -843,6 +843,69 @@
}
}
+ /* free the newly created shared memory */
+
+ part = &cycle->shared_memory.part;
+ shm_zone = part->elts;
+
+ for (i = 0; /* void */ ; i++) {
+
+ if (i >= part->nelts) {
+ if (part->next == NULL) {
+ break;
+ }
+ part = part->next;
+ shm_zone = part->elts;
+ i = 0;
+ }
+
+ if (shm_zone[i].shm.addr == NULL) {
+ continue;
+ }
+
+ opart = &old_cycle->shared_memory.part;
+ oshm_zone = opart->elts;
+
+ for (n = 0; /* void */ ; n++) {
+
+ if (n >= opart->nelts) {
+ if (opart->next == NULL) {
+ break;
+ }
+ opart = opart->next;
+ oshm_zone = opart->elts;
+ n = 0;
+ }
+
+ if (shm_zone[i].shm.name.len != oshm_zone[n].shm.name.len) {
+ continue;
+ }
+
+ if (ngx_strncmp(shm_zone[i].shm.name.data,
+ oshm_zone[n].shm.name.data,
+ shm_zone[i].shm.name.len)
+ != 0)
+ {
+ continue;
+ }
+
+ if (shm_zone[i].tag == oshm_zone[n].tag
+ && shm_zone[i].shm.size == oshm_zone[n].shm.size
+ && !shm_zone[i].noreuse)
+ {
+ goto old_shm_zone_found;
+ }
+
+ break;
+ }
+
+ ngx_shm_free(&shm_zone[i].shm);
+
+ old_shm_zone_found:
+
+ continue;
+ }
+
if (ngx_test_config) {
ngx_destroy_cycle_pools(&conf);
return NULL;
@@ -921,7 +984,8 @@
#else
- file = ngx_pnalloc(cycle->pool, cycle->lock_file.len + zn->shm.name.len);
+ file = ngx_pnalloc(cycle->pool,
+ cycle->lock_file.len + zn->shm.name.len + 1);
if (file == NULL) {
return NGX_ERROR;
}
@@ -1273,6 +1337,7 @@
shm_zone->data = NULL;
shm_zone->shm.log = cf->cycle->log;
+ shm_zone->shm.addr = NULL;
shm_zone->shm.size = size;
shm_zone->shm.name = *name;
shm_zone->shm.exists = 0;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/core/ngx_file.c
^
|
| @@ -796,10 +796,12 @@
{
char *buf;
off_t size;
+ time_t time;
size_t len;
ssize_t n;
ngx_fd_t fd, nfd;
ngx_int_t rc;
+ ngx_uint_t access;
ngx_file_info_t fi;
rc = NGX_ERROR;
@@ -814,8 +816,10 @@
goto failed;
}
- if (cf->size != -1) {
+ if (cf->size != -1 && cf->access != 0 && cf->time != -1) {
size = cf->size;
+ access = cf->access;
+ time = cf->time;
} else {
if (ngx_fd_info(fd, &fi) == NGX_FILE_ERROR) {
@@ -825,7 +829,9 @@
goto failed;
}
- size = ngx_file_size(&fi);
+ size = (cf->size != -1) ? cf->size : ngx_file_size(&fi);
+ access = cf->access ? cf->access : ngx_file_access(&fi);
+ time = (cf->time != -1) ? cf->time : ngx_file_mtime(&fi);
}
len = cf->buf_size ? cf->buf_size : 65536;
@@ -839,8 +845,7 @@
goto failed;
}
- nfd = ngx_open_file(to, NGX_FILE_WRONLY, NGX_FILE_CREATE_OR_OPEN,
- cf->access);
+ nfd = ngx_open_file(to, NGX_FILE_WRONLY, NGX_FILE_TRUNCATE, access);
if (nfd == NGX_INVALID_FILE) {
ngx_log_error(NGX_LOG_CRIT, cf->log, ngx_errno,
@@ -887,12 +892,10 @@
size -= n;
}
- if (cf->time != -1) {
- if (ngx_set_file_time(to, nfd, cf->time) != NGX_OK) {
- ngx_log_error(NGX_LOG_ALERT, cf->log, ngx_errno,
- ngx_set_file_time_n " \"%s\" failed", to);
- goto failed;
- }
+ if (ngx_set_file_time(to, nfd, time) != NGX_OK) {
+ ngx_log_error(NGX_LOG_ALERT, cf->log, ngx_errno,
+ ngx_set_file_time_n " \"%s\" failed", to);
+ goto failed;
}
rc = NGX_OK;
@@ -1014,13 +1017,13 @@
file.len = tree->len + 1 + len;
- if (file.len + NGX_DIR_MASK_LEN > buf.len) {
+ if (file.len > buf.len) {
if (buf.len) {
ngx_free(buf.data);
}
- buf.len = tree->len + 1 + len + NGX_DIR_MASK_LEN;
+ buf.len = tree->len + 1 + len;
buf.data = ngx_alloc(buf.len + 1, ctx->log);
if (buf.data == NULL) {
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/core/ngx_inet.c
^
|
| @@ -12,6 +12,8 @@
static ngx_int_t ngx_parse_unix_domain_url(ngx_pool_t *pool, ngx_url_t *u);
static ngx_int_t ngx_parse_inet_url(ngx_pool_t *pool, ngx_url_t *u);
static ngx_int_t ngx_parse_inet6_url(ngx_pool_t *pool, ngx_url_t *u);
+static ngx_int_t ngx_inet_add_addr(ngx_pool_t *pool, ngx_url_t *u,
+ struct sockaddr *sockaddr, socklen_t socklen, ngx_uint_t total);
in_addr_t
@@ -780,13 +782,10 @@
static ngx_int_t
ngx_parse_inet_url(ngx_pool_t *pool, ngx_url_t *u)
{
- u_char *p, *host, *port, *last, *uri, *args;
- size_t len;
- ngx_int_t n;
- struct sockaddr_in *sin;
-#if (NGX_HAVE_INET6)
- struct sockaddr_in6 *sin6;
-#endif
+ u_char *host, *port, *last, *uri, *args, *dash;
+ size_t len;
+ ngx_int_t n;
+ struct sockaddr_in *sin;
u->socklen = sizeof(struct sockaddr_in);
sin = (struct sockaddr_in *) &u->sockaddr;
@@ -831,6 +830,25 @@
len = last - port;
+ if (u->listen) {
+ dash = ngx_strlchr(port, last, '-');
+
+ if (dash) {
+ dash++;
+
+ n = ngx_atoi(dash, last - dash);
+
+ if (n < 1 || n > 65535) {
+ u->err = "invalid port";
+ return NGX_ERROR;
+ }
+
+ u->last_port = (in_port_t) n;
+
+ len = dash - port - 1;
+ }
+ }
+
n = ngx_atoi(port, len);
if (n < 1 || n > 65535) {
@@ -838,10 +856,15 @@
return NGX_ERROR;
}
+ if (u->last_port && n > u->last_port) {
+ u->err = "invalid port range";
+ return NGX_ERROR;
+ }
+
u->port = (in_port_t) n;
sin->sin_port = htons((in_port_t) n);
- u->port_text.len = len;
+ u->port_text.len = last - port;
u->port_text.data = port;
last = port - 1;
@@ -853,31 +876,69 @@
/* test value as port only */
- n = ngx_atoi(host, last - host);
+ len = last - host;
+
+ dash = ngx_strlchr(host, last, '-');
+
+ if (dash) {
+ dash++;
+
+ n = ngx_atoi(dash, last - dash);
+
+ if (n == NGX_ERROR) {
+ goto no_port;
+ }
+
+ if (n < 1 || n > 65535) {
+ u->err = "invalid port";
+
+ } else {
+ u->last_port = (in_port_t) n;
+ }
+
+ len = dash - host - 1;
+ }
+
+ n = ngx_atoi(host, len);
if (n != NGX_ERROR) {
+ if (u->err) {
+ return NGX_ERROR;
+ }
+
if (n < 1 || n > 65535) {
u->err = "invalid port";
return NGX_ERROR;
}
+ if (u->last_port && n > u->last_port) {
+ u->err = "invalid port range";
+ return NGX_ERROR;
+ }
+
u->port = (in_port_t) n;
sin->sin_port = htons((in_port_t) n);
+ sin->sin_addr.s_addr = INADDR_ANY;
u->port_text.len = last - host;
u->port_text.data = host;
u->wildcard = 1;
- return NGX_OK;
+ return ngx_inet_add_addr(pool, u, &u->sockaddr.sockaddr,
+ u->socklen, 1);
}
}
}
+no_port:
+
+ u->err = NULL;
u->no_port = 1;
u->port = u->default_port;
sin->sin_port = htons(u->default_port);
+ u->last_port = 0;
}
len = last - host;
@@ -893,7 +954,7 @@
if (u->listen && len == 1 && *host == '*') {
sin->sin_addr.s_addr = INADDR_ANY;
u->wildcard = 1;
- return NGX_OK;
+ return ngx_inet_add_addr(pool, u, &u->sockaddr.sockaddr, u->socklen, 1);
}
sin->sin_addr.s_addr = ngx_inet_addr(host, len);
@@ -904,33 +965,7 @@
u->wildcard = 1;
}
- u->naddrs = 1;
-
- u->addrs = ngx_pcalloc(pool, sizeof(ngx_addr_t));
- if (u->addrs == NULL) {
- return NGX_ERROR;
- }
-
- sin = ngx_pcalloc(pool, sizeof(struct sockaddr_in));
- if (sin == NULL) {
- return NGX_ERROR;
- }
-
- ngx_memcpy(sin, &u->sockaddr, sizeof(struct sockaddr_in));
-
- u->addrs[0].sockaddr = (struct sockaddr *) sin;
- u->addrs[0].socklen = sizeof(struct sockaddr_in);
-
- p = ngx_pnalloc(pool, u->host.len + sizeof(":65535") - 1);
- if (p == NULL) {
- return NGX_ERROR;
- }
-
- u->addrs[0].name.len = ngx_sprintf(p, "%V:%d",
- &u->host, u->port) - p;
- u->addrs[0].name.data = p;
-
- return NGX_OK;
+ return ngx_inet_add_addr(pool, u, &u->sockaddr.sockaddr, u->socklen, 1);
}
if (u->no_resolve) {
@@ -944,29 +979,7 @@
u->family = u->addrs[0].sockaddr->sa_family;
u->socklen = u->addrs[0].socklen;
ngx_memcpy(&u->sockaddr, u->addrs[0].sockaddr, u->addrs[0].socklen);
-
- switch (u->family) {
-
-#if (NGX_HAVE_INET6)
- case AF_INET6:
- sin6 = (struct sockaddr_in6 *) &u->sockaddr;
-
- if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
- u->wildcard = 1;
- }
-
- break;
-#endif
-
- default: /* AF_INET */
- sin = (struct sockaddr_in *) &u->sockaddr;
-
- if (sin->sin_addr.s_addr == INADDR_ANY) {
- u->wildcard = 1;
- }
-
- break;
- }
+ u->wildcard = ngx_inet_wildcard(&u->sockaddr.sockaddr);
return NGX_OK;
}
@@ -976,7 +989,7 @@
ngx_parse_inet6_url(ngx_pool_t *pool, ngx_url_t *u)
{
#if (NGX_HAVE_INET6)
- u_char *p, *host, *port, *last, *uri;
+ u_char *p, *host, *port, *last, *uri, *dash;
size_t len;
ngx_int_t n;
struct sockaddr_in6 *sin6;
@@ -1022,6 +1035,25 @@
len = last - port;
+ if (u->listen) {
+ dash = ngx_strlchr(port, last, '-');
+
+ if (dash) {
+ dash++;
+
+ n = ngx_atoi(dash, last - dash);
+
+ if (n < 1 || n > 65535) {
+ u->err = "invalid port";
+ return NGX_ERROR;
+ }
+
+ u->last_port = (in_port_t) n;
+
+ len = dash - port - 1;
+ }
+ }
+
n = ngx_atoi(port, len);
if (n < 1 || n > 65535) {
@@ -1029,10 +1061,15 @@
return NGX_ERROR;
}
+ if (u->last_port && n > u->last_port) {
+ u->err = "invalid port range";
+ return NGX_ERROR;
+ }
+
u->port = (in_port_t) n;
sin6->sin6_port = htons((in_port_t) n);
- u->port_text.len = len;
+ u->port_text.len = last - port;
u->port_text.data = port;
} else {
@@ -1061,33 +1098,8 @@
}
u->family = AF_INET6;
- u->naddrs = 1;
-
- u->addrs = ngx_pcalloc(pool, sizeof(ngx_addr_t));
- if (u->addrs == NULL) {
- return NGX_ERROR;
- }
-
- sin6 = ngx_pcalloc(pool, sizeof(struct sockaddr_in6));
- if (sin6 == NULL) {
- return NGX_ERROR;
- }
-
- ngx_memcpy(sin6, &u->sockaddr, sizeof(struct sockaddr_in6));
-
- u->addrs[0].sockaddr = (struct sockaddr *) sin6;
- u->addrs[0].socklen = sizeof(struct sockaddr_in6);
-
- p = ngx_pnalloc(pool, u->host.len + sizeof(":65535") - 1);
- if (p == NULL) {
- return NGX_ERROR;
- }
- u->addrs[0].name.len = ngx_sprintf(p, "%V:%d",
- &u->host, u->port) - p;
- u->addrs[0].name.data = p;
-
- return NGX_OK;
+ return ngx_inet_add_addr(pool, u, &u->sockaddr.sockaddr, u->socklen, 1);
#else
@@ -1104,15 +1116,9 @@
ngx_int_t
ngx_inet_resolve_host(ngx_pool_t *pool, ngx_url_t *u)
{
- u_char *p, *host;
- size_t len;
- in_port_t port;
- ngx_uint_t i;
- struct addrinfo hints, *res, *rp;
- struct sockaddr_in *sin;
- struct sockaddr_in6 *sin6;
-
- port = htons(u->port);
+ u_char *host;
+ ngx_uint_t n;
+ struct addrinfo hints, *res, *rp;
host = ngx_alloc(u->host.len + 1, pool->log);
if (host == NULL) {
@@ -1136,7 +1142,7 @@
ngx_free(host);
- for (i = 0, rp = res; rp != NULL; rp = rp->ai_next) {
+ for (n = 0, rp = res; rp != NULL; rp = rp->ai_next) {
switch (rp->ai_family) {
@@ -1148,92 +1154,33 @@
continue;
}
- i++;
+ n++;
}
- if (i == 0) {
+ if (n == 0) {
u->err = "host not found";
goto failed;
}
/* MP: ngx_shared_palloc() */
- u->addrs = ngx_pcalloc(pool, i * sizeof(ngx_addr_t));
- if (u->addrs == NULL) {
- goto failed;
- }
-
- u->naddrs = i;
-
- i = 0;
-
- /* AF_INET addresses first */
-
for (rp = res; rp != NULL; rp = rp->ai_next) {
- if (rp->ai_family != AF_INET) {
- continue;
- }
-
- sin = ngx_pcalloc(pool, rp->ai_addrlen);
- if (sin == NULL) {
- goto failed;
- }
-
- ngx_memcpy(sin, rp->ai_addr, rp->ai_addrlen);
-
- sin->sin_port = port;
-
- u->addrs[i].sockaddr = (struct sockaddr *) sin;
- u->addrs[i].socklen = rp->ai_addrlen;
-
- len = NGX_INET_ADDRSTRLEN + sizeof(":65535") - 1;
-
- p = ngx_pnalloc(pool, len);
- if (p == NULL) {
- goto failed;
- }
-
- len = ngx_sock_ntop((struct sockaddr *) sin, rp->ai_addrlen, p, len, 1);
-
- u->addrs[i].name.len = len;
- u->addrs[i].name.data = p;
-
- i++;
- }
+ switch (rp->ai_family) {
- for (rp = res; rp != NULL; rp = rp->ai_next) {
+ case AF_INET:
+ case AF_INET6:
+ break;
- if (rp->ai_family != AF_INET6) {
+ default:
continue;
}
- sin6 = ngx_pcalloc(pool, rp->ai_addrlen);
- if (sin6 == NULL) {
- goto failed;
- }
-
- ngx_memcpy(sin6, rp->ai_addr, rp->ai_addrlen);
-
- sin6->sin6_port = port;
-
- u->addrs[i].sockaddr = (struct sockaddr *) sin6;
- u->addrs[i].socklen = rp->ai_addrlen;
-
- len = NGX_INET6_ADDRSTRLEN + sizeof("[]:65535") - 1;
-
- p = ngx_pnalloc(pool, len);
- if (p == NULL) {
+ if (ngx_inet_add_addr(pool, u, rp->ai_addr, rp->ai_addrlen, n)
+ != NGX_OK)
+ {
goto failed;
}
-
- len = ngx_sock_ntop((struct sockaddr *) sin6, rp->ai_addrlen, p,
- len, 1);
-
- u->addrs[i].name.len = len;
- u->addrs[i].name.data = p;
-
- i++;
}
freeaddrinfo(res);
@@ -1250,21 +1197,19 @@
ngx_int_t
ngx_inet_resolve_host(ngx_pool_t *pool, ngx_url_t *u)
{
- u_char *p, *host;
- size_t len;
- in_port_t port;
- in_addr_t in_addr;
- ngx_uint_t i;
+ u_char *host;
+ ngx_uint_t i, n;
struct hostent *h;
- struct sockaddr_in *sin;
+ struct sockaddr_in sin;
/* AF_INET only */
- port = htons(u->port);
+ ngx_memzero(&sin, sizeof(struct sockaddr_in));
- in_addr = ngx_inet_addr(u->host.data, u->host.len);
+ sin.sin_family = AF_INET;
+ sin.sin_addr.s_addr = ngx_inet_addr(u->host.data, u->host.len);
- if (in_addr == INADDR_NONE) {
+ if (sin.sin_addr.s_addr == INADDR_NONE) {
host = ngx_alloc(u->host.len + 1, pool->log);
if (host == NULL) {
return NGX_ERROR;
@@ -1281,83 +1226,99 @@
return NGX_ERROR;
}
- for (i = 0; h->h_addr_list[i] != NULL; i++) { /* void */ }
+ for (n = 0; h->h_addr_list[n] != NULL; n++) { /* void */ }
/* MP: ngx_shared_palloc() */
- u->addrs = ngx_pcalloc(pool, i * sizeof(ngx_addr_t));
- if (u->addrs == NULL) {
- return NGX_ERROR;
- }
-
- u->naddrs = i;
+ for (i = 0; i < n; i++) {
+ sin.sin_addr.s_addr = *(in_addr_t *) (h->h_addr_list[i]);
- for (i = 0; i < u->naddrs; i++) {
-
- sin = ngx_pcalloc(pool, sizeof(struct sockaddr_in));
- if (sin == NULL) {
+ if (ngx_inet_add_addr(pool, u, (struct sockaddr *) &sin,
+ sizeof(struct sockaddr_in), n)
+ != NGX_OK)
+ {
return NGX_ERROR;
}
+ }
- sin->sin_family = AF_INET;
- sin->sin_port = port;
- sin->sin_addr.s_addr = *(in_addr_t *) (h->h_addr_list[i]);
+ } else {
- u->addrs[i].sockaddr = (struct sockaddr *) sin;
- u->addrs[i].socklen = sizeof(struct sockaddr_in);
+ /* MP: ngx_shared_palloc() */
- len = NGX_INET_ADDRSTRLEN + sizeof(":65535") - 1;
+ if (ngx_inet_add_addr(pool, u, (struct sockaddr *) &sin,
+ sizeof(struct sockaddr_in), 1)
+ != NGX_OK)
+ {
+ return NGX_ERROR;
+ }
+ }
- p = ngx_pnalloc(pool, len);
- if (p == NULL) {
- return NGX_ERROR;
- }
+ return NGX_OK;
+}
- len = ngx_sock_ntop((struct sockaddr *) sin,
- sizeof(struct sockaddr_in), p, len, 1);
+#endif /* NGX_HAVE_GETADDRINFO && NGX_HAVE_INET6 */
- u->addrs[i].name.len = len;
- u->addrs[i].name.data = p;
- }
- } else {
+static ngx_int_t
+ngx_inet_add_addr(ngx_pool_t *pool, ngx_url_t *u, struct sockaddr *sockaddr,
+ socklen_t socklen, ngx_uint_t total)
+{
+ u_char *p;
+ size_t len;
+ ngx_uint_t i, nports;
+ ngx_addr_t *addr;
+ struct sockaddr *sa;
- /* MP: ngx_shared_palloc() */
+ nports = u->last_port ? u->last_port - u->port + 1 : 1;
- u->addrs = ngx_pcalloc(pool, sizeof(ngx_addr_t));
+ if (u->addrs == NULL) {
+ u->addrs = ngx_palloc(pool, total * nports * sizeof(ngx_addr_t));
if (u->addrs == NULL) {
return NGX_ERROR;
}
+ }
- sin = ngx_pcalloc(pool, sizeof(struct sockaddr_in));
- if (sin == NULL) {
+ for (i = 0; i < nports; i++) {
+ sa = ngx_pcalloc(pool, socklen);
+ if (sa == NULL) {
return NGX_ERROR;
}
- u->naddrs = 1;
+ ngx_memcpy(sa, sockaddr, socklen);
- sin->sin_family = AF_INET;
- sin->sin_port = port;
- sin->sin_addr.s_addr = in_addr;
+ ngx_inet_set_port(sa, u->port + i);
- u->addrs[0].sockaddr = (struct sockaddr *) sin;
- u->addrs[0].socklen = sizeof(struct sockaddr_in);
+ switch (sa->sa_family) {
+
+#if (NGX_HAVE_INET6)
+ case AF_INET6:
+ len = NGX_INET6_ADDRSTRLEN + sizeof("[]:65536") - 1;
+ break;
+#endif
- p = ngx_pnalloc(pool, u->host.len + sizeof(":65535") - 1);
+ default: /* AF_INET */
+ len = NGX_INET_ADDRSTRLEN + sizeof(":65535") - 1;
+ }
+
+ p = ngx_pnalloc(pool, len);
if (p == NULL) {
return NGX_ERROR;
}
- u->addrs[0].name.len = ngx_sprintf(p, "%V:%d",
- &u->host, ntohs(port)) - p;
- u->addrs[0].name.data = p;
+ len = ngx_sock_ntop(sa, socklen, p, len, 1);
+
+ addr = &u->addrs[u->naddrs++];
+
+ addr->sockaddr = sa;
+ addr->socklen = socklen;
+
+ addr->name.len = len;
+ addr->name.data = p;
}
return NGX_OK;
}
-#endif /* NGX_HAVE_GETADDRINFO && NGX_HAVE_INET6 */
-
ngx_int_t
ngx_cmp_sockaddr(struct sockaddr *sa1, socklen_t slen1,
@@ -1495,3 +1456,40 @@
break;
}
}
+
+
+ngx_uint_t
+ngx_inet_wildcard(struct sockaddr *sa)
+{
+ struct sockaddr_in *sin;
+#if (NGX_HAVE_INET6)
+ struct sockaddr_in6 *sin6;
+#endif
+
+ switch (sa->sa_family) {
+
+ case AF_INET:
+ sin = (struct sockaddr_in *) sa;
+
+ if (sin->sin_addr.s_addr == INADDR_ANY) {
+ return 1;
+ }
+
+ break;
+
+#if (NGX_HAVE_INET6)
+
+ case AF_INET6:
+ sin6 = (struct sockaddr_in6 *) sa;
+
+ if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
+ return 1;
+ }
+
+ break;
+
+#endif
+ }
+
+ return 0;
+}
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/core/ngx_inet.h
^
|
| @@ -86,6 +86,7 @@
in_port_t port;
in_port_t default_port;
+ in_port_t last_port;
int family;
unsigned listen:1;
@@ -125,6 +126,7 @@
struct sockaddr *sa2, socklen_t slen2, ngx_uint_t cmp_port);
in_port_t ngx_inet_get_port(struct sockaddr *sa);
void ngx_inet_set_port(struct sockaddr *sa, in_port_t port);
+ngx_uint_t ngx_inet_wildcard(struct sockaddr *sa);
#endif /* _NGX_INET_H_INCLUDED_ */
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/core/ngx_output_chain.c
^
|
| @@ -126,6 +126,26 @@
continue;
}
+ if (bsize < 0) {
+
+ ngx_log_error(NGX_LOG_ALERT, ctx->pool->log, 0,
+ "negative size buf in output "
+ "t:%d r:%d f:%d %p %p-%p %p %O-%O",
+ ctx->in->buf->temporary,
+ ctx->in->buf->recycled,
+ ctx->in->buf->in_file,
+ ctx->in->buf->start,
+ ctx->in->buf->pos,
+ ctx->in->buf->last,
+ ctx->in->buf->file,
+ ctx->in->buf->file_pos,
+ ctx->in->buf->file_last);
+
+ ngx_debug_point();
+
+ return NGX_ERROR;
+ }
+
if (ngx_output_chain_as_is(ctx, ctx->in->buf)) {
/* move the chain link to the output chain */
@@ -665,7 +685,6 @@
for (size = 0; in; in = in->next) {
-#if 1
if (ngx_buf_size(in->buf) == 0 && !ngx_buf_special(in->buf)) {
ngx_log_error(NGX_LOG_ALERT, ctx->pool->log, 0,
@@ -685,7 +704,26 @@
continue;
}
-#endif
+
+ if (ngx_buf_size(in->buf) < 0) {
+
+ ngx_log_error(NGX_LOG_ALERT, ctx->pool->log, 0,
+ "negative size buf in chain writer "
+ "t:%d r:%d f:%d %p %p-%p %p %O-%O",
+ in->buf->temporary,
+ in->buf->recycled,
+ in->buf->in_file,
+ in->buf->start,
+ in->buf->pos,
+ in->buf->last,
+ in->buf->file,
+ in->buf->file_pos,
+ in->buf->file_last);
+
+ ngx_debug_point();
+
+ return NGX_ERROR;
+ }
size += ngx_buf_size(in->buf);
@@ -709,7 +747,6 @@
for (cl = ctx->out; cl; cl = cl->next) {
-#if 1
if (ngx_buf_size(cl->buf) == 0 && !ngx_buf_special(cl->buf)) {
ngx_log_error(NGX_LOG_ALERT, ctx->pool->log, 0,
@@ -729,7 +766,26 @@
continue;
}
-#endif
+
+ if (ngx_buf_size(cl->buf) < 0) {
+
+ ngx_log_error(NGX_LOG_ALERT, ctx->pool->log, 0,
+ "negative size buf in chain writer "
+ "t:%d r:%d f:%d %p %p-%p %p %O-%O",
+ cl->buf->temporary,
+ cl->buf->recycled,
+ cl->buf->in_file,
+ cl->buf->start,
+ cl->buf->pos,
+ cl->buf->last,
+ cl->buf->file,
+ cl->buf->file_pos,
+ cl->buf->file_last);
+
+ ngx_debug_point();
+
+ return NGX_ERROR;
+ }
size += ngx_buf_size(cl->buf);
}
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/core/ngx_resolver.c
^
|
| @@ -141,25 +141,24 @@
ngx_pool_cleanup_t *cln;
ngx_resolver_connection_t *rec;
- cln = ngx_pool_cleanup_add(cf->pool, 0);
- if (cln == NULL) {
+ r = ngx_pcalloc(cf->pool, sizeof(ngx_resolver_t));
+ if (r == NULL) {
return NULL;
}
- cln->handler = ngx_resolver_cleanup;
-
- r = ngx_calloc(sizeof(ngx_resolver_t), cf->log);
- if (r == NULL) {
+ r->event = ngx_pcalloc(cf->pool, sizeof(ngx_event_t));
+ if (r->event == NULL) {
return NULL;
}
- cln->data = r;
-
- r->event = ngx_calloc(sizeof(ngx_event_t), cf->log);
- if (r->event == NULL) {
+ cln = ngx_pool_cleanup_add(cf->pool, 0);
+ if (cln == NULL) {
return NULL;
}
+ cln->handler = ngx_resolver_cleanup;
+ cln->data = r;
+
ngx_rbtree_init(&r->name_rbtree, &r->name_sentinel,
ngx_resolver_rbtree_insert_value);
@@ -276,6 +275,11 @@
}
}
+ if (n && r->connections.nelts == 0) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "no name servers defined");
+ return NULL;
+ }
+
return r;
}
@@ -288,52 +292,42 @@
ngx_uint_t i;
ngx_resolver_connection_t *rec;
- if (r) {
- ngx_log_debug0(NGX_LOG_DEBUG_CORE, ngx_cycle->log, 0,
- "cleanup resolver");
+ ngx_log_debug0(NGX_LOG_DEBUG_CORE, ngx_cycle->log, 0, "cleanup resolver");
- ngx_resolver_cleanup_tree(r, &r->name_rbtree);
+ ngx_resolver_cleanup_tree(r, &r->name_rbtree);
- ngx_resolver_cleanup_tree(r, &r->srv_rbtree);
+ ngx_resolver_cleanup_tree(r, &r->srv_rbtree);
- ngx_resolver_cleanup_tree(r, &r->addr_rbtree);
+ ngx_resolver_cleanup_tree(r, &r->addr_rbtree);
#if (NGX_HAVE_INET6)
- ngx_resolver_cleanup_tree(r, &r->addr6_rbtree);
+ ngx_resolver_cleanup_tree(r, &r->addr6_rbtree);
#endif
- if (r->event) {
- if (r->event->timer_set) {
- ngx_del_timer(r->event);
- }
-
- ngx_free(r->event);
- }
-
-
- rec = r->connections.elts;
+ if (r->event->timer_set) {
+ ngx_del_timer(r->event);
+ }
- for (i = 0; i < r->connections.nelts; i++) {
- if (rec[i].udp) {
- ngx_close_connection(rec[i].udp);
- }
+ rec = r->connections.elts;
- if (rec[i].tcp) {
- ngx_close_connection(rec[i].tcp);
- }
+ for (i = 0; i < r->connections.nelts; i++) {
+ if (rec[i].udp) {
+ ngx_close_connection(rec[i].udp);
+ }
- if (rec[i].read_buf) {
- ngx_resolver_free(r, rec[i].read_buf->start);
- ngx_resolver_free(r, rec[i].read_buf);
- }
+ if (rec[i].tcp) {
+ ngx_close_connection(rec[i].tcp);
+ }
- if (rec[i].write_buf) {
- ngx_resolver_free(r, rec[i].write_buf->start);
- ngx_resolver_free(r, rec[i].write_buf);
- }
+ if (rec[i].read_buf) {
+ ngx_resolver_free(r, rec[i].read_buf->start);
+ ngx_resolver_free(r, rec[i].read_buf);
}
- ngx_free(r);
+ if (rec[i].write_buf) {
+ ngx_resolver_free(r, rec[i].write_buf->start);
+ ngx_resolver_free(r, rec[i].write_buf);
+ }
}
}
@@ -853,7 +847,15 @@
rn->nsrvs = 0;
if (ngx_resolver_send_query(r, rn) != NGX_OK) {
- goto failed;
+
+ /* immediately retry once on failure */
+
+ rn->last_connection++;
+ if (rn->last_connection == r->connections.nelts) {
+ rn->last_connection = 0;
+ }
+
+ (void) ngx_resolver_send_query(r, rn);
}
if (ngx_resolver_set_timeout(r, ctx) != NGX_OK) {
@@ -1057,7 +1059,15 @@
rn->nsrvs = 0;
if (ngx_resolver_send_query(r, rn) != NGX_OK) {
- goto failed;
+
+ /* immediately retry once on failure */
+
+ rn->last_connection++;
+ if (rn->last_connection == r->connections.nelts) {
+ rn->last_connection = 0;
+ }
+
+ (void) ngx_resolver_send_query(r, rn);
}
if (ngx_resolver_set_timeout(r, ctx) != NGX_OK) {
@@ -1299,16 +1309,23 @@
n = ngx_send(rec->udp, query, qlen);
- if (n == -1) {
- return NGX_ERROR;
+ if (n == NGX_ERROR) {
+ goto failed;
}
if ((size_t) n != (size_t) qlen) {
ngx_log_error(NGX_LOG_CRIT, &rec->log, 0, "send() incomplete");
- return NGX_ERROR;
+ goto failed;
}
return NGX_OK;
+
+failed:
+
+ ngx_close_connection(rec->udp);
+ rec->udp = NULL;
+
+ return NGX_ERROR;
}
@@ -4249,7 +4266,15 @@
}
if (naddrs == 0) {
- ctx->state = NGX_RESOLVE_NXDOMAIN;
+ ctx->state = srvs[0].state;
+
+ for (i = 0; i < nsrvs; i++) {
+ if (srvs[i].state == NGX_RESOLVE_NXDOMAIN) {
+ ctx->state = NGX_RESOLVE_NXDOMAIN;
+ break;
+ }
+ }
+
ctx->valid = ngx_time() + (r->valid ? r->valid : 10);
ctx->handler(ctx);
@@ -4395,7 +4420,7 @@
if (c == NULL) {
if (ngx_close_socket(s) == -1) {
ngx_log_error(NGX_LOG_ALERT, &rec->log, ngx_socket_errno,
- ngx_close_socket_n "failed");
+ ngx_close_socket_n " failed");
}
return NGX_ERROR;
@@ -4481,7 +4506,7 @@
if (c == NULL) {
if (ngx_close_socket(s) == -1) {
ngx_log_error(NGX_LOG_ALERT, &rec->log, ngx_socket_errno,
- ngx_close_socket_n "failed");
+ ngx_close_socket_n " failed");
}
return NGX_ERROR;
@@ -4546,7 +4571,7 @@
level = NGX_LOG_CRIT;
}
- ngx_log_error(level, c->log, err, "connect() to %V failed",
+ ngx_log_error(level, &rec->log, err, "connect() to %V failed",
&rec->server);
ngx_close_connection(c);
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/core/ngx_slab.c
^
|
| @@ -635,10 +635,9 @@
goto fail;
}
- n = ((u_char *) p - pool->start) >> ngx_pagesize_shift;
size = slab & ~NGX_SLAB_PAGE_START;
- ngx_slab_free_pages(pool, &pool->pages[n], size);
+ ngx_slab_free_pages(pool, page, size);
ngx_slab_junk(p, size << ngx_pagesize_shift);
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/core/ngx_string.c
^
|
| @@ -1381,7 +1381,7 @@
continue;
}
- if (ngx_utf8_decode(&p, n) > 0x10ffff) {
+ if (ngx_utf8_decode(&p, last - p) > 0x10ffff) {
/* invalid UTF-8 */
return n;
}
@@ -2013,6 +2013,14 @@
}
+void
+ngx_explicit_memzero(void *buf, size_t n)
+{
+ ngx_memzero(buf, n);
+ ngx_memory_barrier();
+}
+
+
#if (NGX_MEMCPY_LIMIT)
void *
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/core/ngx_string.h
^
|
| @@ -88,6 +88,8 @@
#define ngx_memzero(buf, n) (void) memset(buf, 0, n)
#define ngx_memset(buf, c, n) (void) memset(buf, c, n)
+void ngx_explicit_memzero(void *buf, size_t n);
+
#if (NGX_MEMCPY_LIMIT)
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/core/ngx_syslog.c
^
|
| @@ -39,7 +39,8 @@
char *
ngx_syslog_process_conf(ngx_conf_t *cf, ngx_syslog_peer_t *peer)
{
- peer->pool = cf->pool;
+ ngx_pool_cleanup_t *cln;
+
peer->facility = NGX_CONF_UNSET_UINT;
peer->severity = NGX_CONF_UNSET_UINT;
@@ -67,6 +68,19 @@
peer->conn.fd = (ngx_socket_t) -1;
+ peer->conn.read = &ngx_syslog_dummy_event;
+ peer->conn.write = &ngx_syslog_dummy_event;
+
+ ngx_syslog_dummy_event.log = &ngx_syslog_dummy_log;
+
+ cln = ngx_pool_cleanup_add(cf->pool, 0);
+ if (cln == NULL) {
+ return NGX_CONF_ERROR;
+ }
+
+ cln->data = peer;
+ cln->handler = ngx_syslog_cleanup;
+
return NGX_CONF_OK;
}
@@ -289,9 +303,7 @@
n = ngx_os_io.send(&peer->conn, buf, len);
}
-#if (NGX_HAVE_UNIX_DOMAIN)
-
- if (n == NGX_ERROR && peer->server.sockaddr->sa_family == AF_UNIX) {
+ if (n == NGX_ERROR) {
if (ngx_close_socket(peer->conn.fd) == -1) {
ngx_log_error(NGX_LOG_ALERT, ngx_cycle->log, ngx_socket_errno,
@@ -301,8 +313,6 @@
peer->conn.fd = (ngx_socket_t) -1;
}
-#endif
-
return n;
}
@@ -310,13 +320,7 @@
static ngx_int_t
ngx_syslog_init_peer(ngx_syslog_peer_t *peer)
{
- ngx_socket_t fd;
- ngx_pool_cleanup_t *cln;
-
- peer->conn.read = &ngx_syslog_dummy_event;
- peer->conn.write = &ngx_syslog_dummy_event;
-
- ngx_syslog_dummy_event.log = &ngx_syslog_dummy_log;
+ ngx_socket_t fd;
fd = ngx_socket(peer->server.sockaddr->sa_family, SOCK_DGRAM, 0);
if (fd == (ngx_socket_t) -1) {
@@ -337,14 +341,6 @@
goto failed;
}
- cln = ngx_pool_cleanup_add(peer->pool, 0);
- if (cln == NULL) {
- goto failed;
- }
-
- cln->data = peer;
- cln->handler = ngx_syslog_cleanup;
-
peer->conn.fd = fd;
/* UDP sockets are always ready to write */
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/core/ngx_syslog.h
^
|
| @@ -9,7 +9,6 @@
typedef struct {
- ngx_pool_t *pool;
ngx_uint_t facility;
ngx_uint_t severity;
ngx_str_t tag;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/core/ngx_times.h
^
|
| @@ -43,8 +43,8 @@
extern volatile ngx_str_t ngx_cached_syslog_time;
/*
- * milliseconds elapsed since epoch and truncated to ngx_msec_t,
- * used in event timers
+ * milliseconds elapsed since some unspecified point in the past
+ * and truncated to ngx_msec_t, used in event timers
*/
extern volatile ngx_msec_t ngx_current_msec;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/event/modules/ngx_eventport_module.c
^
|
| @@ -250,9 +250,7 @@
ngx_memzero(&sev, sizeof(struct sigevent));
sev.sigev_notify = SIGEV_PORT;
-#if !(NGX_TEST_BUILD_EVENTPORT)
sev.sigev_value.sival_ptr = &pn;
-#endif
if (timer_create(CLOCK_REALTIME, &sev, &event_timer) == -1) {
ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/event/modules/ngx_poll_module.c
^
|
| @@ -84,7 +84,7 @@
}
if (event_list) {
- ngx_memcpy(list, event_list, sizeof(ngx_event_t *) * nevents);
+ ngx_memcpy(list, event_list, sizeof(struct pollfd) * nevents);
ngx_free(event_list);
}
|
|
[-]
[+]
|
Added |
_service:download_url:nginx-1.16.1.tar.gz/src/event/modules/ngx_win32_poll_module.c
^
|
| @@ -0,0 +1,435 @@
+
+/*
+ * Copyright (C) Igor Sysoev
+ * Copyright (C) Maxim Dounin
+ * Copyright (C) Nginx, Inc.
+ */
+
+
+#include <ngx_config.h>
+#include <ngx_core.h>
+#include <ngx_event.h>
+
+
+static ngx_int_t ngx_poll_init(ngx_cycle_t *cycle, ngx_msec_t timer);
+static void ngx_poll_done(ngx_cycle_t *cycle);
+static ngx_int_t ngx_poll_add_event(ngx_event_t *ev, ngx_int_t event,
+ ngx_uint_t flags);
+static ngx_int_t ngx_poll_del_event(ngx_event_t *ev, ngx_int_t event,
+ ngx_uint_t flags);
+static ngx_int_t ngx_poll_process_events(ngx_cycle_t *cycle, ngx_msec_t timer,
+ ngx_uint_t flags);
+static char *ngx_poll_init_conf(ngx_cycle_t *cycle, void *conf);
+
+
+static struct pollfd *event_list;
+static ngx_connection_t **event_index;
+static ngx_uint_t nevents;
+
+
+static ngx_str_t poll_name = ngx_string("poll");
+
+static ngx_event_module_t ngx_poll_module_ctx = {
+ &poll_name,
+ NULL, /* create configuration */
+ ngx_poll_init_conf, /* init configuration */
+
+ {
+ ngx_poll_add_event, /* add an event */
+ ngx_poll_del_event, /* delete an event */
+ ngx_poll_add_event, /* enable an event */
+ ngx_poll_del_event, /* disable an event */
+ NULL, /* add an connection */
+ NULL, /* delete an connection */
+ NULL, /* trigger a notify */
+ ngx_poll_process_events, /* process the events */
+ ngx_poll_init, /* init the events */
+ ngx_poll_done /* done the events */
+ }
+
+};
+
+ngx_module_t ngx_poll_module = {
+ NGX_MODULE_V1,
+ &ngx_poll_module_ctx, /* module context */
+ NULL, /* module directives */
+ NGX_EVENT_MODULE, /* module type */
+ NULL, /* init master */
+ NULL, /* init module */
+ NULL, /* init process */
+ NULL, /* init thread */
+ NULL, /* exit thread */
+ NULL, /* exit process */
+ NULL, /* exit master */
+ NGX_MODULE_V1_PADDING
+};
+
+
+
+static ngx_int_t
+ngx_poll_init(ngx_cycle_t *cycle, ngx_msec_t timer)
+{
+ struct pollfd *list;
+ ngx_connection_t **index;
+
+ if (event_list == NULL) {
+ nevents = 0;
+ }
+
+ if (ngx_process >= NGX_PROCESS_WORKER
+ || cycle->old_cycle == NULL
+ || cycle->old_cycle->connection_n < cycle->connection_n)
+ {
+ list = ngx_alloc(sizeof(struct pollfd) * cycle->connection_n,
+ cycle->log);
+ if (list == NULL) {
+ return NGX_ERROR;
+ }
+
+ if (event_list) {
+ ngx_memcpy(list, event_list, sizeof(struct pollfd) * nevents);
+ ngx_free(event_list);
+ }
+
+ event_list = list;
+
+ index = ngx_alloc(sizeof(ngx_connection_t *) * cycle->connection_n,
+ cycle->log);
+ if (index == NULL) {
+ return NGX_ERROR;
+ }
+
+ if (event_index) {
+ ngx_memcpy(index, event_index,
+ sizeof(ngx_connection_t *) * nevents);
+ ngx_free(event_index);
+ }
+
+ event_index = index;
+ }
+
+ ngx_io = ngx_os_io;
+
+ ngx_event_actions = ngx_poll_module_ctx.actions;
+
+ ngx_event_flags = NGX_USE_LEVEL_EVENT;
+
+ return NGX_OK;
+}
+
+
+static void
+ngx_poll_done(ngx_cycle_t *cycle)
+{
+ ngx_free(event_list);
+ ngx_free(event_index);
+
+ event_list = NULL;
+ event_index = NULL;
+}
+
+
+static ngx_int_t
+ngx_poll_add_event(ngx_event_t *ev, ngx_int_t event, ngx_uint_t flags)
+{
+ ngx_event_t *e;
+ ngx_connection_t *c;
+
+ c = ev->data;
+
+ ev->active = 1;
+
+ if (ev->index != NGX_INVALID_INDEX) {
+ ngx_log_error(NGX_LOG_ALERT, ev->log, 0,
+ "poll event fd:%d ev:%i is already set", c->fd, event);
+ return NGX_OK;
+ }
+
+ if (event == NGX_READ_EVENT) {
+ e = c->write;
+#if (NGX_READ_EVENT != POLLIN)
+ event = POLLIN;
+#endif
+
+ } else {
+ e = c->read;
+#if (NGX_WRITE_EVENT != POLLOUT)
+ event = POLLOUT;
+#endif
+ }
+
+ ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ev->log, 0,
+ "poll add event: fd:%d ev:%i", c->fd, event);
+
+ if (e == NULL || e->index == NGX_INVALID_INDEX) {
+
+ event_list[nevents].fd = c->fd;
+ event_list[nevents].events = (short) event;
+ event_list[nevents].revents = 0;
+
+ event_index[nevents] = c;
+
+ ev->index = nevents;
+ nevents++;
+
+ } else {
+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ev->log, 0,
+ "poll add index: %i", e->index);
+
+ event_list[e->index].events |= (short) event;
+ ev->index = e->index;
+ }
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_poll_del_event(ngx_event_t *ev, ngx_int_t event, ngx_uint_t flags)
+{
+ ngx_event_t *e;
+ ngx_connection_t *c;
+
+ c = ev->data;
+
+ ev->active = 0;
+
+ if (ev->index == NGX_INVALID_INDEX) {
+ ngx_log_error(NGX_LOG_ALERT, ev->log, 0,
+ "poll event fd:%d ev:%i is already deleted",
+ c->fd, event);
+ return NGX_OK;
+ }
+
+ if (event == NGX_READ_EVENT) {
+ e = c->write;
+#if (NGX_READ_EVENT != POLLIN)
+ event = POLLIN;
+#endif
+
+ } else {
+ e = c->read;
+#if (NGX_WRITE_EVENT != POLLOUT)
+ event = POLLOUT;
+#endif
+ }
+
+ ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ev->log, 0,
+ "poll del event: fd:%d ev:%i", c->fd, event);
+
+ if (e == NULL || e->index == NGX_INVALID_INDEX) {
+ nevents--;
+
+ if (ev->index < nevents) {
+
+ ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ev->log, 0,
+ "index: copy event %ui to %i", nevents, ev->index);
+
+ event_list[ev->index] = event_list[nevents];
+ event_index[ev->index] = event_index[nevents];
+
+ c = event_index[ev->index];
+
+ if (c->fd == (ngx_socket_t) -1) {
+ ngx_log_error(NGX_LOG_ALERT, ev->log, 0,
+ "unexpected last event");
+
+ } else {
+ if (c->read->index == nevents) {
+ c->read->index = ev->index;
+ }
+
+ if (c->write->index == nevents) {
+ c->write->index = ev->index;
+ }
+ }
+ }
+
+ } else {
+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ev->log, 0,
+ "poll del index: %i", e->index);
+
+ event_list[e->index].events &= (short) ~event;
+ }
+
+ ev->index = NGX_INVALID_INDEX;
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_poll_process_events(ngx_cycle_t *cycle, ngx_msec_t timer, ngx_uint_t flags)
+{
+ int ready, revents;
+ ngx_err_t err;
+ ngx_uint_t i, found;
+ ngx_event_t *ev;
+ ngx_queue_t *queue;
+ ngx_connection_t *c;
+
+ /* NGX_TIMER_INFINITE == INFTIM */
+
+#if (NGX_DEBUG0)
+ if (cycle->log->log_level & NGX_LOG_DEBUG_ALL) {
+ for (i = 0; i < nevents; i++) {
+ ngx_log_debug3(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
+ "poll: %ui: fd:%d ev:%04Xd",
+ i, event_list[i].fd, event_list[i].events);
+ }
+ }
+#endif
+
+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, cycle->log, 0, "poll timer: %M", timer);
+
+ ready = WSAPoll(event_list, (u_int) nevents, (int) timer);
+
+ err = (ready == -1) ? ngx_errno : 0;
+
+ if (flags & NGX_UPDATE_TIME || ngx_event_timer_alarm) {
+ ngx_time_update();
+ }
+
+ ngx_log_debug2(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
+ "poll ready %d of %ui", ready, nevents);
+
+ if (err) {
+ ngx_log_error(NGX_LOG_ALERT, cycle->log, err, "WSAPoll() failed");
+ return NGX_ERROR;
+ }
+
+ if (ready == 0) {
+ if (timer != NGX_TIMER_INFINITE) {
+ return NGX_OK;
+ }
+
+ ngx_log_error(NGX_LOG_ALERT, cycle->log, 0,
+ "WSAPoll() returned no events without timeout");
+ return NGX_ERROR;
+ }
+
+ for (i = 0; i < nevents && ready; i++) {
+
+ revents = event_list[i].revents;
+
+#if 1
+ ngx_log_debug4(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
+ "poll: %ui: fd:%d ev:%04Xd rev:%04Xd",
+ i, event_list[i].fd, event_list[i].events, revents);
+#else
+ if (revents) {
+ ngx_log_debug4(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
+ "poll: %ui: fd:%d ev:%04Xd rev:%04Xd",
+ i, event_list[i].fd, event_list[i].events, revents);
+ }
+#endif
+
+ if (revents & POLLNVAL) {
+ ngx_log_error(NGX_LOG_ALERT, cycle->log, 0,
+ "poll() error fd:%d ev:%04Xd rev:%04Xd",
+ event_list[i].fd, event_list[i].events, revents);
+ }
+
+ if (revents & ~(POLLIN|POLLOUT|POLLERR|POLLHUP|POLLNVAL)) {
+ ngx_log_error(NGX_LOG_ALERT, cycle->log, 0,
+ "strange poll() events fd:%d ev:%04Xd rev:%04Xd",
+ event_list[i].fd, event_list[i].events, revents);
+ }
+
+ if (event_list[i].fd == (ngx_socket_t) -1) {
+ /*
+ * the disabled event, a workaround for our possible bug,
+ * see the comment below
+ */
+ continue;
+ }
+
+ c = event_index[i];
+
+ if (c->fd == (ngx_socket_t) -1) {
+ ngx_log_error(NGX_LOG_ALERT, cycle->log, 0, "unexpected event");
+
+ /*
+ * it is certainly our fault and it should be investigated,
+ * in the meantime we disable this event to avoid a CPU spinning
+ */
+
+ if (i == nevents - 1) {
+ nevents--;
+ } else {
+ event_list[i].fd = (ngx_socket_t) -1;
+ }
+
+ continue;
+ }
+
+ if (revents & (POLLERR|POLLHUP|POLLNVAL)) {
+
+ /*
+ * if the error events were returned, add POLLIN and POLLOUT
+ * to handle the events at least in one active handler
+ */
+
+ revents |= POLLIN|POLLOUT;
+ }
+
+ found = 0;
+
+ if ((revents & POLLIN) && c->read->active) {
+ found = 1;
+
+ ev = c->read;
+ ev->ready = 1;
+
+ queue = ev->accept ? &ngx_posted_accept_events
+ : &ngx_posted_events;
+
+ ngx_post_event(ev, queue);
+ }
+
+ if ((revents & POLLOUT) && c->write->active) {
+ found = 1;
+
+ ev = c->write;
+ ev->ready = 1;
+
+ ngx_post_event(ev, &ngx_posted_events);
+ }
+
+ if (found) {
+ ready--;
+ continue;
+ }
+ }
+
+ if (ready != 0) {
+ ngx_log_error(NGX_LOG_ALERT, cycle->log, 0, "poll ready != events");
+ }
+
+ return NGX_OK;
+}
+
+
+static char *
+ngx_poll_init_conf(ngx_cycle_t *cycle, void *conf)
+{
+ ngx_event_conf_t *ecf;
+
+ ecf = ngx_event_get_conf(cycle->conf_ctx, ngx_event_core_module);
+
+ if (ecf->use != ngx_poll_module.ctx_index) {
+ return NGX_CONF_OK;
+ }
+
+#if (NGX_LOAD_WSAPOLL)
+
+ if (!ngx_have_wsapoll) {
+ ngx_log_error(NGX_LOG_EMERG, cycle->log, 0,
+ "poll is not available on this platform");
+ return NGX_CONF_ERROR;
+ }
+
+#endif
+
+ return NGX_CONF_OK;
+}
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/event/modules/ngx_win32_select_module.c
^
|
| @@ -26,6 +26,7 @@
static fd_set master_write_fd_set;
static fd_set work_read_fd_set;
static fd_set work_write_fd_set;
+static fd_set work_except_fd_set;
static ngx_uint_t max_read;
static ngx_uint_t max_write;
@@ -251,9 +252,11 @@
work_read_fd_set = master_read_fd_set;
work_write_fd_set = master_write_fd_set;
+ work_except_fd_set = master_write_fd_set;
if (max_read || max_write) {
- ready = select(0, &work_read_fd_set, &work_write_fd_set, NULL, tp);
+ ready = select(0, &work_read_fd_set, &work_write_fd_set,
+ &work_except_fd_set, tp);
} else {
@@ -306,14 +309,20 @@
if (ev->write) {
if (FD_ISSET(c->fd, &work_write_fd_set)) {
- found = 1;
+ found++;
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
"select write %d", c->fd);
}
+ if (FD_ISSET(c->fd, &work_except_fd_set)) {
+ found++;
+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
+ "select except %d", c->fd);
+ }
+
} else {
if (FD_ISSET(c->fd, &work_read_fd_set)) {
- found = 1;
+ found++;
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
"select read %d", c->fd);
}
@@ -327,7 +336,7 @@
ngx_post_event(ev, queue);
- nready++;
+ nready += found;
}
}
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/event/ngx_event.c
^
|
| @@ -410,12 +410,52 @@
static char *
ngx_event_init_conf(ngx_cycle_t *cycle, void *conf)
{
+#if (NGX_HAVE_REUSEPORT)
+ ngx_uint_t i;
+ ngx_listening_t *ls;
+#endif
+
if (ngx_get_conf(cycle->conf_ctx, ngx_events_module) == NULL) {
ngx_log_error(NGX_LOG_EMERG, cycle->log, 0,
"no \"events\" section in configuration");
return NGX_CONF_ERROR;
}
+ if (cycle->connection_n < cycle->listening.nelts + 1) {
+
+ /*
+ * there should be at least one connection for each listening
+ * socket, plus an additional connection for channel
+ */
+
+ ngx_log_error(NGX_LOG_EMERG, cycle->log, 0,
+ "%ui worker_connections are not enough "
+ "for %ui listening sockets",
+ cycle->connection_n, cycle->listening.nelts);
+
+ return NGX_CONF_ERROR;
+ }
+
+#if (NGX_HAVE_REUSEPORT)
+
+ ls = cycle->listening.elts;
+ for (i = 0; i < cycle->listening.nelts; i++) {
+
+ if (!ls[i].reuseport || ls[i].worker != 0) {
+ continue;
+ }
+
+ if (ngx_clone_listening(cycle, &ls[i]) != NGX_OK) {
+ return NGX_CONF_ERROR;
+ }
+
+ /* cloning may change cycle->listening.elts */
+
+ ls = cycle->listening.elts;
+ }
+
+#endif
+
return NGX_CONF_OK;
}
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/event/ngx_event.h
^
|
| @@ -499,16 +499,23 @@
#define ngx_event_get_conf(conf_ctx, module) \
- (*(ngx_get_conf(conf_ctx, ngx_events_module))) [module.ctx_index];
+ (*(ngx_get_conf(conf_ctx, ngx_events_module))) [module.ctx_index]
void ngx_event_accept(ngx_event_t *ev);
#if !(NGX_WIN32)
void ngx_event_recvmsg(ngx_event_t *ev);
+void ngx_udp_rbtree_insert_value(ngx_rbtree_node_t *temp,
+ ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel);
#endif
+void ngx_delete_udp_connection(void *data);
ngx_int_t ngx_trylock_accept_mutex(ngx_cycle_t *cycle);
+ngx_int_t ngx_enable_accept_events(ngx_cycle_t *cycle);
u_char *ngx_accept_log_error(ngx_log_t *log, u_char *buf, size_t len);
+#if (NGX_DEBUG)
+void ngx_debug_accepted_connection(ngx_event_conf_t *ecf, ngx_connection_t *c);
+#endif
void ngx_process_events_and_timers(ngx_cycle_t *cycle);
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/event/ngx_event_accept.c
^
|
| @@ -10,13 +10,8 @@
#include <ngx_event.h>
-static ngx_int_t ngx_enable_accept_events(ngx_cycle_t *cycle);
static ngx_int_t ngx_disable_accept_events(ngx_cycle_t *cycle, ngx_uint_t all);
static void ngx_close_accepted_connection(ngx_connection_t *c);
-#if (NGX_DEBUG)
-static void ngx_debug_accepted_connection(ngx_event_conf_t *ecf,
- ngx_connection_t *c);
-#endif
void
@@ -320,341 +315,6 @@
}
-#if !(NGX_WIN32)
-
-void
-ngx_event_recvmsg(ngx_event_t *ev)
-{
- ssize_t n;
- ngx_log_t *log;
- ngx_err_t err;
- ngx_event_t *rev, *wev;
- struct iovec iov[1];
- struct msghdr msg;
- ngx_sockaddr_t sa;
- ngx_listening_t *ls;
- ngx_event_conf_t *ecf;
- ngx_connection_t *c, *lc;
- static u_char buffer[65535];
-
-#if (NGX_HAVE_MSGHDR_MSG_CONTROL)
-
-#if (NGX_HAVE_IP_RECVDSTADDR)
- u_char msg_control[CMSG_SPACE(sizeof(struct in_addr))];
-#elif (NGX_HAVE_IP_PKTINFO)
- u_char msg_control[CMSG_SPACE(sizeof(struct in_pktinfo))];
-#endif
-
-#if (NGX_HAVE_INET6 && NGX_HAVE_IPV6_RECVPKTINFO)
- u_char msg_control6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
-#endif
-
-#endif
-
- if (ev->timedout) {
- if (ngx_enable_accept_events((ngx_cycle_t *) ngx_cycle) != NGX_OK) {
- return;
- }
-
- ev->timedout = 0;
- }
-
- ecf = ngx_event_get_conf(ngx_cycle->conf_ctx, ngx_event_core_module);
-
- if (!(ngx_event_flags & NGX_USE_KQUEUE_EVENT)) {
- ev->available = ecf->multi_accept;
- }
-
- lc = ev->data;
- ls = lc->listening;
- ev->ready = 0;
-
- ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ev->log, 0,
- "recvmsg on %V, ready: %d", &ls->addr_text, ev->available);
-
- do {
- ngx_memzero(&msg, sizeof(struct msghdr));
-
- iov[0].iov_base = (void *) buffer;
- iov[0].iov_len = sizeof(buffer);
-
- msg.msg_name = &sa;
- msg.msg_namelen = sizeof(ngx_sockaddr_t);
- msg.msg_iov = iov;
- msg.msg_iovlen = 1;
-
-#if (NGX_HAVE_MSGHDR_MSG_CONTROL)
-
- if (ls->wildcard) {
-
-#if (NGX_HAVE_IP_RECVDSTADDR || NGX_HAVE_IP_PKTINFO)
- if (ls->sockaddr->sa_family == AF_INET) {
- msg.msg_control = &msg_control;
- msg.msg_controllen = sizeof(msg_control);
- }
-#endif
-
-#if (NGX_HAVE_INET6 && NGX_HAVE_IPV6_RECVPKTINFO)
- if (ls->sockaddr->sa_family == AF_INET6) {
- msg.msg_control = &msg_control6;
- msg.msg_controllen = sizeof(msg_control6);
- }
-#endif
- }
-
-#endif
-
- n = recvmsg(lc->fd, &msg, 0);
-
- if (n == -1) {
- err = ngx_socket_errno;
-
- if (err == NGX_EAGAIN) {
- ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ev->log, err,
- "recvmsg() not ready");
- return;
- }
-
- ngx_log_error(NGX_LOG_ALERT, ev->log, err, "recvmsg() failed");
-
- return;
- }
-
-#if (NGX_STAT_STUB)
- (void) ngx_atomic_fetch_add(ngx_stat_accepted, 1);
-#endif
-
-#if (NGX_HAVE_MSGHDR_MSG_CONTROL)
- if (msg.msg_flags & (MSG_TRUNC|MSG_CTRUNC)) {
- ngx_log_error(NGX_LOG_ALERT, ev->log, 0,
- "recvmsg() truncated data");
- continue;
- }
-#endif
-
- ngx_accept_disabled = ngx_cycle->connection_n / 8
- - ngx_cycle->free_connection_n;
-
- c = ngx_get_connection(lc->fd, ev->log);
- if (c == NULL) {
- return;
- }
-
- c->shared = 1;
- c->type = SOCK_DGRAM;
- c->socklen = msg.msg_namelen;
-
- if (c->socklen > (socklen_t) sizeof(ngx_sockaddr_t)) {
- c->socklen = sizeof(ngx_sockaddr_t);
- }
-
- if (c->socklen == 0) {
-
- /*
- * on Linux recvmsg() returns zero msg_namelen
- * when receiving packets from unbound AF_UNIX sockets
- */
-
- c->socklen = sizeof(struct sockaddr);
- ngx_memzero(&sa, sizeof(struct sockaddr));
- sa.sockaddr.sa_family = ls->sockaddr->sa_family;
- }
-
-#if (NGX_STAT_STUB)
- (void) ngx_atomic_fetch_add(ngx_stat_active, 1);
-#endif
-
- c->pool = ngx_create_pool(ls->pool_size, ev->log);
- if (c->pool == NULL) {
- ngx_close_accepted_connection(c);
- return;
- }
-
- c->sockaddr = ngx_palloc(c->pool, c->socklen);
- if (c->sockaddr == NULL) {
- ngx_close_accepted_connection(c);
- return;
- }
-
- ngx_memcpy(c->sockaddr, msg.msg_name, c->socklen);
-
- log = ngx_palloc(c->pool, sizeof(ngx_log_t));
- if (log == NULL) {
- ngx_close_accepted_connection(c);
- return;
- }
-
- *log = ls->log;
-
- c->send = ngx_udp_send;
- c->send_chain = ngx_udp_send_chain;
-
- c->log = log;
- c->pool->log = log;
-
- c->listening = ls;
- c->local_sockaddr = ls->sockaddr;
- c->local_socklen = ls->socklen;
-
-#if (NGX_HAVE_MSGHDR_MSG_CONTROL)
-
- if (ls->wildcard) {
- struct cmsghdr *cmsg;
- struct sockaddr *sockaddr;
-
- sockaddr = ngx_palloc(c->pool, c->local_socklen);
- if (sockaddr == NULL) {
- ngx_close_accepted_connection(c);
- return;
- }
-
- ngx_memcpy(sockaddr, c->local_sockaddr, c->local_socklen);
- c->local_sockaddr = sockaddr;
-
- for (cmsg = CMSG_FIRSTHDR(&msg);
- cmsg != NULL;
- cmsg = CMSG_NXTHDR(&msg, cmsg))
- {
-
-#if (NGX_HAVE_IP_RECVDSTADDR)
-
- if (cmsg->cmsg_level == IPPROTO_IP
- && cmsg->cmsg_type == IP_RECVDSTADDR
- && sockaddr->sa_family == AF_INET)
- {
- struct in_addr *addr;
- struct sockaddr_in *sin;
-
- addr = (struct in_addr *) CMSG_DATA(cmsg);
- sin = (struct sockaddr_in *) sockaddr;
- sin->sin_addr = *addr;
-
- break;
- }
-
-#elif (NGX_HAVE_IP_PKTINFO)
-
- if (cmsg->cmsg_level == IPPROTO_IP
- && cmsg->cmsg_type == IP_PKTINFO
- && sockaddr->sa_family == AF_INET)
- {
- struct in_pktinfo *pkt;
- struct sockaddr_in *sin;
-
- pkt = (struct in_pktinfo *) CMSG_DATA(cmsg);
- sin = (struct sockaddr_in *) sockaddr;
- sin->sin_addr = pkt->ipi_addr;
-
- break;
- }
-
-#endif
-
-#if (NGX_HAVE_INET6 && NGX_HAVE_IPV6_RECVPKTINFO)
-
- if (cmsg->cmsg_level == IPPROTO_IPV6
- && cmsg->cmsg_type == IPV6_PKTINFO
- && sockaddr->sa_family == AF_INET6)
- {
- struct in6_pktinfo *pkt6;
- struct sockaddr_in6 *sin6;
-
- pkt6 = (struct in6_pktinfo *) CMSG_DATA(cmsg);
- sin6 = (struct sockaddr_in6 *) sockaddr;
- sin6->sin6_addr = pkt6->ipi6_addr;
-
- break;
- }
-
-#endif
-
- }
- }
-
-#endif
-
- c->buffer = ngx_create_temp_buf(c->pool, n);
- if (c->buffer == NULL) {
- ngx_close_accepted_connection(c);
- return;
- }
-
- c->buffer->last = ngx_cpymem(c->buffer->last, buffer, n);
-
- rev = c->read;
- wev = c->write;
-
- wev->ready = 1;
-
- rev->log = log;
- wev->log = log;
-
- /*
- * TODO: MT: - ngx_atomic_fetch_add()
- * or protection by critical section or light mutex
- *
- * TODO: MP: - allocated in a shared memory
- * - ngx_atomic_fetch_add()
- * or protection by critical section or light mutex
- */
-
- c->number = ngx_atomic_fetch_add(ngx_connection_counter, 1);
-
-#if (NGX_STAT_STUB)
- (void) ngx_atomic_fetch_add(ngx_stat_handled, 1);
-#endif
-
- if (ls->addr_ntop) {
- c->addr_text.data = ngx_pnalloc(c->pool, ls->addr_text_max_len);
- if (c->addr_text.data == NULL) {
- ngx_close_accepted_connection(c);
- return;
- }
-
- c->addr_text.len = ngx_sock_ntop(c->sockaddr, c->socklen,
- c->addr_text.data,
- ls->addr_text_max_len, 0);
- if (c->addr_text.len == 0) {
- ngx_close_accepted_connection(c);
- return;
- }
- }
-
-#if (NGX_DEBUG)
- {
- ngx_str_t addr;
- u_char text[NGX_SOCKADDR_STRLEN];
-
- ngx_debug_accepted_connection(ecf, c);
-
- if (log->log_level & NGX_LOG_DEBUG_EVENT) {
- addr.data = text;
- addr.len = ngx_sock_ntop(c->sockaddr, c->socklen, text,
- NGX_SOCKADDR_STRLEN, 1);
-
- ngx_log_debug4(NGX_LOG_DEBUG_EVENT, log, 0,
- "*%uA recvmsg: %V fd:%d n:%z",
- c->number, &addr, c->fd, n);
- }
-
- }
-#endif
-
- log->data = NULL;
- log->handler = NULL;
-
- ls->handler(c);
-
- if (ngx_event_flags & NGX_USE_KQUEUE_EVENT) {
- ev->available -= n;
- }
-
- } while (ev->available);
-}
-
-#endif
-
-
ngx_int_t
ngx_trylock_accept_mutex(ngx_cycle_t *cycle)
{
@@ -693,7 +353,7 @@
}
-static ngx_int_t
+ngx_int_t
ngx_enable_accept_events(ngx_cycle_t *cycle)
{
ngx_uint_t i;
@@ -768,7 +428,7 @@
fd = c->fd;
c->fd = (ngx_socket_t) -1;
- if (!c->shared && ngx_close_socket(fd) == -1) {
+ if (ngx_close_socket(fd) == -1) {
ngx_log_error(NGX_LOG_ALERT, c->log, ngx_socket_errno,
ngx_close_socket_n " failed");
}
@@ -793,7 +453,7 @@
#if (NGX_DEBUG)
-static void
+void
ngx_debug_accepted_connection(ngx_event_conf_t *ecf, ngx_connection_t *c)
{
struct sockaddr_in *sin;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/event/ngx_event_connect.c
^
|
| @@ -20,7 +20,7 @@
ngx_int_t
ngx_event_connect_peer(ngx_peer_connection_t *pc)
{
- int rc, type;
+ int rc, type, value;
#if (NGX_HAVE_IP_BIND_ADDRESS_NO_PORT || NGX_LINUX)
in_port_t port;
#endif
@@ -55,7 +55,7 @@
if (c == NULL) {
if (ngx_close_socket(s) == -1) {
ngx_log_error(NGX_LOG_ALERT, pc->log, ngx_socket_errno,
- ngx_close_socket_n "failed");
+ ngx_close_socket_n " failed");
}
return NGX_ERROR;
@@ -73,6 +73,18 @@
}
}
+ if (pc->so_keepalive) {
+ value = 1;
+
+ if (setsockopt(s, SOL_SOCKET, SO_KEEPALIVE,
+ (const void *) &value, sizeof(int))
+ == -1)
+ {
+ ngx_log_error(NGX_LOG_ALERT, pc->log, ngx_socket_errno,
+ "setsockopt(SO_KEEPALIVE) failed, ignored");
+ }
+ }
+
if (ngx_nonblocking(s) == -1) {
ngx_log_error(NGX_LOG_ALERT, pc->log, ngx_socket_errno,
ngx_nonblocking_n " failed");
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/event/ngx_event_connect.h
^
|
| @@ -62,6 +62,8 @@
unsigned cached:1;
unsigned transparent:1;
+ unsigned so_keepalive:1;
+ unsigned down:1;
/* ngx_connection_log_error_e */
unsigned log_error:2;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/event/ngx_event_openssl.c
^
|
| @@ -18,15 +18,35 @@
} ngx_openssl_conf_t;
+static X509 *ngx_ssl_load_certificate(ngx_pool_t *pool, char **err,
+ ngx_str_t *cert, STACK_OF(X509) **chain);
+static EVP_PKEY *ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err,
+ ngx_str_t *key, ngx_array_t *passwords);
static int ngx_ssl_password_callback(char *buf, int size, int rwflag,
void *userdata);
static int ngx_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store);
static void ngx_ssl_info_callback(const ngx_ssl_conn_t *ssl_conn, int where,
int ret);
static void ngx_ssl_passwords_cleanup(void *data);
+static int ngx_ssl_new_client_session(ngx_ssl_conn_t *ssl_conn,
+ ngx_ssl_session_t *sess);
+#ifdef SSL_READ_EARLY_DATA_SUCCESS
+static ngx_int_t ngx_ssl_try_early_data(ngx_connection_t *c);
+#endif
+#if (NGX_DEBUG)
+static void ngx_ssl_handshake_log(ngx_connection_t *c);
+#endif
static void ngx_ssl_handshake_handler(ngx_event_t *ev);
+#ifdef SSL_READ_EARLY_DATA_SUCCESS
+static ssize_t ngx_ssl_recv_early(ngx_connection_t *c, u_char *buf,
+ size_t size);
+#endif
static ngx_int_t ngx_ssl_handle_recv(ngx_connection_t *c, int n);
static void ngx_ssl_write_handler(ngx_event_t *wev);
+#ifdef SSL_READ_EARLY_DATA_SUCCESS
+static ssize_t ngx_ssl_write_early(ngx_connection_t *c, u_char *data,
+ size_t size);
+#endif
static void ngx_ssl_read_handler(ngx_event_t *rev);
static void ngx_ssl_shutdown_handler(ngx_event_t *ev);
static void ngx_ssl_connection_error(ngx_connection_t *c, int sslerr,
@@ -34,8 +54,7 @@
static void ngx_ssl_clear_error(ngx_log_t *log);
static ngx_int_t ngx_ssl_session_id_context(ngx_ssl_t *ssl,
- ngx_str_t *sess_ctx);
-ngx_int_t ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone, void *data);
+ ngx_str_t *sess_ctx, ngx_array_t *certificates);
static int ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn,
ngx_ssl_session_t *sess);
static ngx_ssl_session_t *ngx_ssl_get_cached_session(ngx_ssl_conn_t *ssl_conn,
@@ -53,6 +72,7 @@
static int ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn,
unsigned char *name, unsigned char *iv, EVP_CIPHER_CTX *ectx,
HMAC_CTX *hctx, int enc);
+static void ngx_ssl_session_ticket_keys_cleanup(void *data);
#endif
#ifndef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
@@ -344,6 +364,14 @@
SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION);
#endif
+#ifdef SSL_OP_NO_ANTI_REPLAY
+ SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_ANTI_REPLAY);
+#endif
+
+#ifdef SSL_OP_NO_CLIENT_RENEGOTIATION
+ SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_CLIENT_RENEGOTIATION);
+#endif
+
#ifdef SSL_MODE_RELEASE_BUFFERS
SSL_CTX_set_mode(ssl->ctx, SSL_MODE_RELEASE_BUFFERS);
#endif
@@ -387,34 +415,19 @@
ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
ngx_str_t *key, ngx_array_t *passwords)
{
- BIO *bio;
- X509 *x509;
- u_long n;
- ngx_str_t *pwd;
- ngx_uint_t tries;
-
- if (ngx_conf_full_name(cf->cycle, cert, 1) != NGX_OK) {
- return NGX_ERROR;
- }
+ char *err;
+ X509 *x509;
+ EVP_PKEY *pkey;
+ STACK_OF(X509) *chain;
- /*
- * we can't use SSL_CTX_use_certificate_chain_file() as it doesn't
- * allow to access certificate later from SSL_CTX, so we reimplement
- * it here
- */
-
- bio = BIO_new_file((char *) cert->data, "r");
- if (bio == NULL) {
- ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
- "BIO_new_file(\"%s\") failed", cert->data);
- return NGX_ERROR;
- }
-
- x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
+ x509 = ngx_ssl_load_certificate(cf->pool, &err, cert, &chain);
if (x509 == NULL) {
- ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
- "PEM_read_bio_X509_AUX(\"%s\") failed", cert->data);
- BIO_free(bio);
+ if (err != NULL) {
+ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
+ "cannot load certificate \"%s\": %s",
+ cert->data, err);
+ }
+
return NGX_ERROR;
}
@@ -422,7 +435,7 @@
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
"SSL_CTX_use_certificate(\"%s\") failed", cert->data);
X509_free(x509);
- BIO_free(bio);
+ sk_X509_pop_free(chain, X509_free);
return NGX_ERROR;
}
@@ -431,7 +444,7 @@
{
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "X509_set_ex_data() failed");
X509_free(x509);
- BIO_free(bio);
+ sk_X509_pop_free(chain, X509_free);
return NGX_ERROR;
}
@@ -441,26 +454,211 @@
{
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "X509_set_ex_data() failed");
X509_free(x509);
- BIO_free(bio);
+ sk_X509_pop_free(chain, X509_free);
return NGX_ERROR;
}
- if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_certificate_index, x509)
- == 0)
- {
+ if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_certificate_index, x509) == 0) {
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
"SSL_CTX_set_ex_data() failed");
X509_free(x509);
- BIO_free(bio);
+ sk_X509_pop_free(chain, X509_free);
+ return NGX_ERROR;
+ }
+
+ /*
+ * Note that x509 is not freed here, but will be instead freed in
+ * ngx_ssl_cleanup_ctx(). This is because we need to preserve all
+ * certificates to be able to iterate all of them through exdata
+ * (ngx_ssl_certificate_index, ngx_ssl_next_certificate_index),
+ * while OpenSSL can free a certificate if it is replaced with another
+ * certificate of the same type.
+ */
+
+#ifdef SSL_CTX_set0_chain
+
+ if (SSL_CTX_set0_chain(ssl->ctx, chain) == 0) {
+ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
+ "SSL_CTX_set0_chain(\"%s\") failed", cert->data);
+ sk_X509_pop_free(chain, X509_free);
+ return NGX_ERROR;
+ }
+
+#else
+ {
+ int n;
+
+ /* SSL_CTX_set0_chain() is only available in OpenSSL 1.0.2+ */
+
+ n = sk_X509_num(chain);
+
+ while (n--) {
+ x509 = sk_X509_shift(chain);
+
+ if (SSL_CTX_add_extra_chain_cert(ssl->ctx, x509) == 0) {
+ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
+ "SSL_CTX_add_extra_chain_cert(\"%s\") failed",
+ cert->data);
+ sk_X509_pop_free(chain, X509_free);
+ return NGX_ERROR;
+ }
+ }
+
+ sk_X509_free(chain);
+ }
+#endif
+
+ pkey = ngx_ssl_load_certificate_key(cf->pool, &err, key, passwords);
+ if (pkey == NULL) {
+ if (err != NULL) {
+ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
+ "cannot load certificate key \"%s\": %s",
+ key->data, err);
+ }
+
+ return NGX_ERROR;
+ }
+
+ if (SSL_CTX_use_PrivateKey(ssl->ctx, pkey) == 0) {
+ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
+ "SSL_CTX_use_PrivateKey(\"%s\") failed", key->data);
+ EVP_PKEY_free(pkey);
+ return NGX_ERROR;
+ }
+
+ EVP_PKEY_free(pkey);
+
+ return NGX_OK;
+}
+
+
+ngx_int_t
+ngx_ssl_connection_certificate(ngx_connection_t *c, ngx_pool_t *pool,
+ ngx_str_t *cert, ngx_str_t *key, ngx_array_t *passwords)
+{
+ char *err;
+ X509 *x509;
+ EVP_PKEY *pkey;
+ STACK_OF(X509) *chain;
+
+ x509 = ngx_ssl_load_certificate(pool, &err, cert, &chain);
+ if (x509 == NULL) {
+ if (err != NULL) {
+ ngx_ssl_error(NGX_LOG_ERR, c->log, 0,
+ "cannot load certificate \"%s\": %s",
+ cert->data, err);
+ }
+
+ return NGX_ERROR;
+ }
+
+ if (SSL_use_certificate(c->ssl->connection, x509) == 0) {
+ ngx_ssl_error(NGX_LOG_ERR, c->log, 0,
+ "SSL_use_certificate(\"%s\") failed", cert->data);
+ X509_free(x509);
+ sk_X509_pop_free(chain, X509_free);
+ return NGX_ERROR;
+ }
+
+ X509_free(x509);
+
+#ifdef SSL_set0_chain
+
+ /*
+ * SSL_set0_chain() is only available in OpenSSL 1.0.2+,
+ * but this function is only called via certificate callback,
+ * which is only available in OpenSSL 1.0.2+ as well
+ */
+
+ if (SSL_set0_chain(c->ssl->connection, chain) == 0) {
+ ngx_ssl_error(NGX_LOG_ERR, c->log, 0,
+ "SSL_set0_chain(\"%s\") failed", cert->data);
+ sk_X509_pop_free(chain, X509_free);
+ return NGX_ERROR;
+ }
+
+#endif
+
+ pkey = ngx_ssl_load_certificate_key(pool, &err, key, passwords);
+ if (pkey == NULL) {
+ if (err != NULL) {
+ ngx_ssl_error(NGX_LOG_ERR, c->log, 0,
+ "cannot load certificate key \"%s\": %s",
+ key->data, err);
+ }
+
+ return NGX_ERROR;
+ }
+
+ if (SSL_use_PrivateKey(c->ssl->connection, pkey) == 0) {
+ ngx_ssl_error(NGX_LOG_ERR, c->log, 0,
+ "SSL_use_PrivateKey(\"%s\") failed", key->data);
+ EVP_PKEY_free(pkey);
return NGX_ERROR;
}
- /* read rest of the chain */
+ EVP_PKEY_free(pkey);
+
+ return NGX_OK;
+}
+
+
+static X509 *
+ngx_ssl_load_certificate(ngx_pool_t *pool, char **err, ngx_str_t *cert,
+ STACK_OF(X509) **chain)
+{
+ BIO *bio;
+ X509 *x509, *temp;
+ u_long n;
+
+ if (ngx_strncmp(cert->data, "data:", sizeof("data:") - 1) == 0) {
+
+ bio = BIO_new_mem_buf(cert->data + sizeof("data:") - 1,
+ cert->len - (sizeof("data:") - 1));
+ if (bio == NULL) {
+ *err = "BIO_new_mem_buf() failed";
+ return NULL;
+ }
+
+ } else {
+
+ if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix, cert)
+ != NGX_OK)
+ {
+ *err = NULL;
+ return NULL;
+ }
+
+ bio = BIO_new_file((char *) cert->data, "r");
+ if (bio == NULL) {
+ *err = "BIO_new_file() failed";
+ return NULL;
+ }
+ }
+
+ /* certificate itself */
+
+ x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
+ if (x509 == NULL) {
+ *err = "PEM_read_bio_X509_AUX() failed";
+ BIO_free(bio);
+ return NULL;
+ }
+
+ /* rest of the chain */
+
+ *chain = sk_X509_new_null();
+ if (*chain == NULL) {
+ *err = "sk_X509_new_null() failed";
+ BIO_free(bio);
+ X509_free(x509);
+ return NULL;
+ }
for ( ;; ) {
- x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
- if (x509 == NULL) {
+ temp = PEM_read_bio_X509(bio, NULL, NULL, NULL);
+ if (temp == NULL) {
n = ERR_peek_last_error();
if (ERR_GET_LIB(n) == ERR_LIB_PEM
@@ -473,58 +671,51 @@
/* some real error */
- ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
- "PEM_read_bio_X509(\"%s\") failed", cert->data);
+ *err = "PEM_read_bio_X509() failed";
BIO_free(bio);
- return NGX_ERROR;
- }
-
-#ifdef SSL_CTRL_CHAIN_CERT
-
- /*
- * SSL_CTX_add0_chain_cert() is needed to add chain to
- * a particular certificate when multiple certificates are used;
- * only available in OpenSSL 1.0.2+
- */
-
- if (SSL_CTX_add0_chain_cert(ssl->ctx, x509) == 0) {
- ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
- "SSL_CTX_add0_chain_cert(\"%s\") failed",
- cert->data);
X509_free(x509);
- BIO_free(bio);
- return NGX_ERROR;
+ sk_X509_pop_free(*chain, X509_free);
+ return NULL;
}
-#else
- if (SSL_CTX_add_extra_chain_cert(ssl->ctx, x509) == 0) {
- ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
- "SSL_CTX_add_extra_chain_cert(\"%s\") failed",
- cert->data);
- X509_free(x509);
+ if (sk_X509_push(*chain, temp) == 0) {
+ *err = "sk_X509_push() failed";
BIO_free(bio);
- return NGX_ERROR;
+ X509_free(x509);
+ sk_X509_pop_free(*chain, X509_free);
+ return NULL;
}
-#endif
}
BIO_free(bio);
+ return x509;
+}
+
+
+static EVP_PKEY *
+ngx_ssl_load_certificate_key(ngx_pool_t *pool, char **err,
+ ngx_str_t *key, ngx_array_t *passwords)
+{
+ BIO *bio;
+ EVP_PKEY *pkey;
+ ngx_str_t *pwd;
+ ngx_uint_t tries;
+ pem_password_cb *cb;
+
if (ngx_strncmp(key->data, "engine:", sizeof("engine:") - 1) == 0) {
#ifndef OPENSSL_NO_ENGINE
- u_char *p, *last;
- ENGINE *engine;
- EVP_PKEY *pkey;
+ u_char *p, *last;
+ ENGINE *engine;
p = key->data + sizeof("engine:") - 1;
last = (u_char *) ngx_strchr(p, ':');
if (last == NULL) {
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "invalid syntax in \"%V\"", key);
- return NGX_ERROR;
+ *err = "invalid syntax";
+ return NULL;
}
*last = '\0';
@@ -532,9 +723,8 @@
engine = ENGINE_by_id((char *) p);
if (engine == NULL) {
- ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
- "ENGINE_by_id(\"%s\") failed", p);
- return NGX_ERROR;
+ *err = "ENGINE_by_id() failed";
+ return NULL;
}
*last++ = ':';
@@ -542,76 +732,81 @@
pkey = ENGINE_load_private_key(engine, (char *) last, 0, 0);
if (pkey == NULL) {
- ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
- "ENGINE_load_private_key(\"%s\") failed", last);
+ *err = "ENGINE_load_private_key() failed";
ENGINE_free(engine);
- return NGX_ERROR;
+ return NULL;
}
ENGINE_free(engine);
- if (SSL_CTX_use_PrivateKey(ssl->ctx, pkey) == 0) {
- ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
- "SSL_CTX_use_PrivateKey(\"%s\") failed", last);
- EVP_PKEY_free(pkey);
- return NGX_ERROR;
- }
-
- EVP_PKEY_free(pkey);
-
- return NGX_OK;
+ return pkey;
#else
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "loading \"engine:...\" certificate keys "
- "is not supported");
- return NGX_ERROR;
+ *err = "loading \"engine:...\" certificate keys is not supported";
+ return NULL;
#endif
}
- if (ngx_conf_full_name(cf->cycle, key, 1) != NGX_OK) {
- return NGX_ERROR;
+ if (ngx_strncmp(key->data, "data:", sizeof("data:") - 1) == 0) {
+
+ bio = BIO_new_mem_buf(key->data + sizeof("data:") - 1,
+ key->len - (sizeof("data:") - 1));
+ if (bio == NULL) {
+ *err = "BIO_new_mem_buf() failed";
+ return NULL;
+ }
+
+ } else {
+
+ if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix, key)
+ != NGX_OK)
+ {
+ *err = NULL;
+ return NULL;
+ }
+
+ bio = BIO_new_file((char *) key->data, "r");
+ if (bio == NULL) {
+ *err = "BIO_new_file() failed";
+ return NULL;
+ }
}
if (passwords) {
tries = passwords->nelts;
pwd = passwords->elts;
-
- SSL_CTX_set_default_passwd_cb(ssl->ctx, ngx_ssl_password_callback);
- SSL_CTX_set_default_passwd_cb_userdata(ssl->ctx, pwd);
+ cb = ngx_ssl_password_callback;
} else {
tries = 1;
-#if (NGX_SUPPRESS_WARN)
pwd = NULL;
-#endif
+ cb = NULL;
}
for ( ;; ) {
- if (SSL_CTX_use_PrivateKey_file(ssl->ctx, (char *) key->data,
- SSL_FILETYPE_PEM)
- != 0)
- {
+ pkey = PEM_read_bio_PrivateKey(bio, NULL, cb, pwd);
+ if (pkey != NULL) {
break;
}
- if (--tries) {
+ if (tries-- > 1) {
ERR_clear_error();
- SSL_CTX_set_default_passwd_cb_userdata(ssl->ctx, ++pwd);
+ (void) BIO_reset(bio);
+ pwd++;
continue;
}
- ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
- "SSL_CTX_use_PrivateKey_file(\"%s\") failed", key->data);
- return NGX_ERROR;
+ *err = "PEM_read_bio_PrivateKey() failed";
+ BIO_free(bio);
+ return NULL;
}
- SSL_CTX_set_default_passwd_cb(ssl->ctx, NULL);
+ BIO_free(bio);
- return NGX_OK;
+ return pkey;
}
@@ -626,6 +821,10 @@
return 0;
}
+ if (pwd == NULL) {
+ return 0;
+ }
+
if (pwd->len > (size_t) size) {
ngx_log_error(NGX_LOG_ERR, ngx_cycle->log, 0,
"password is truncated to %d bytes", size);
@@ -847,6 +1046,8 @@
BIO *rbio, *wbio;
ngx_connection_t *c;
+#ifndef SSL_OP_NO_RENEGOTIATION
+
if ((where & SSL_CB_HANDSHAKE_START)
&& SSL_is_server((ngx_ssl_conn_t *) ssl_conn))
{
@@ -858,6 +1059,8 @@
}
}
+#endif
+
if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
@@ -923,10 +1126,13 @@
return NULL;
}
- cln = ngx_pool_cleanup_add(cf->temp_pool, 0);
passwords = ngx_array_create(cf->temp_pool, 4, sizeof(ngx_str_t));
+ if (passwords == NULL) {
+ return NULL;
+ }
- if (cln == NULL || passwords == NULL) {
+ cln = ngx_pool_cleanup_add(cf->temp_pool, 0);
+ if (cln == NULL) {
return NULL;
}
@@ -1028,12 +1234,75 @@
ngx_close_file_n " \"%s\" failed", file->data);
}
- ngx_memzero(buf, NGX_SSL_PASSWORD_BUFFER_SIZE);
+ ngx_explicit_memzero(buf, NGX_SSL_PASSWORD_BUFFER_SIZE);
return passwords;
}
+ngx_array_t *
+ngx_ssl_preserve_passwords(ngx_conf_t *cf, ngx_array_t *passwords)
+{
+ ngx_str_t *opwd, *pwd;
+ ngx_uint_t i;
+ ngx_array_t *pwds;
+ ngx_pool_cleanup_t *cln;
+ static ngx_array_t empty_passwords;
+
+ if (passwords == NULL) {
+
+ /*
+ * If there are no passwords, an empty array is used
+ * to make sure OpenSSL's default password callback
+ * won't block on reading from stdin.
+ */
+
+ return &empty_passwords;
+ }
+
+ /*
+ * Passwords are normally allocated from the temporary pool
+ * and cleared after parsing configuration. To be used at
+ * runtime they have to be copied to the configuration pool.
+ */
+
+ pwds = ngx_array_create(cf->pool, passwords->nelts, sizeof(ngx_str_t));
+ if (pwds == NULL) {
+ return NULL;
+ }
+
+ cln = ngx_pool_cleanup_add(cf->pool, 0);
+ if (cln == NULL) {
+ return NULL;
+ }
+
+ cln->handler = ngx_ssl_passwords_cleanup;
+ cln->data = pwds;
+
+ opwd = passwords->elts;
+
+ for (i = 0; i < passwords->nelts; i++) {
+
+ pwd = ngx_array_push(pwds);
+ if (pwd == NULL) {
+ return NULL;
+ }
+
+ pwd->len = opwd[i].len;
+ pwd->data = ngx_pnalloc(cf->pool, pwd->len);
+
+ if (pwd->data == NULL) {
+ pwds->nelts--;
+ return NULL;
+ }
+
+ ngx_memcpy(pwd->data, opwd[i].data, opwd[i].len);
+ }
+
+ return pwds;
+}
+
+
static void
ngx_ssl_passwords_cleanup(void *data)
{
@@ -1045,7 +1314,7 @@
pwd = passwords->elts;
for (i = 0; i < passwords->nelts; i++) {
- ngx_memzero(pwd[i].data, pwd[i].len);
+ ngx_explicit_memzero(pwd[i].data, pwd[i].len);
}
}
@@ -1173,13 +1442,78 @@
ngx_int_t
-ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags)
+ngx_ssl_early_data(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable)
{
- ngx_ssl_connection_t *sc;
-
- sc = ngx_pcalloc(c->pool, sizeof(ngx_ssl_connection_t));
- if (sc == NULL) {
- return NGX_ERROR;
+ if (!enable) {
+ return NGX_OK;
+ }
+
+#ifdef SSL_ERROR_EARLY_DATA_REJECTED
+
+ /* BoringSSL */
+
+ SSL_CTX_set_early_data_enabled(ssl->ctx, 1);
+
+#elif defined SSL_READ_EARLY_DATA_SUCCESS
+
+ /* OpenSSL */
+
+ SSL_CTX_set_max_early_data(ssl->ctx, NGX_SSL_BUFSIZE);
+
+#else
+ ngx_log_error(NGX_LOG_WARN, ssl->log, 0,
+ "\"ssl_early_data\" is not supported on this platform, "
+ "ignored");
+#endif
+
+ return NGX_OK;
+}
+
+
+ngx_int_t
+ngx_ssl_client_session_cache(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable)
+{
+ if (!enable) {
+ return NGX_OK;
+ }
+
+ SSL_CTX_set_session_cache_mode(ssl->ctx,
+ SSL_SESS_CACHE_CLIENT
+ |SSL_SESS_CACHE_NO_INTERNAL);
+
+ SSL_CTX_sess_set_new_cb(ssl->ctx, ngx_ssl_new_client_session);
+
+ return NGX_OK;
+}
+
+
+static int
+ngx_ssl_new_client_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess)
+{
+ ngx_connection_t *c;
+
+ c = ngx_ssl_get_connection(ssl_conn);
+
+ if (c->ssl->save_session) {
+ c->ssl->session = sess;
+
+ c->ssl->save_session(c);
+
+ c->ssl->session = NULL;
+ }
+
+ return 0;
+}
+
+
+ngx_int_t
+ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags)
+{
+ ngx_ssl_connection_t *sc;
+
+ sc = ngx_pcalloc(c->pool, sizeof(ngx_ssl_connection_t));
+ if (sc == NULL) {
+ return NGX_ERROR;
}
sc->buffer = ((flags & NGX_SSL_BUFFER) != 0);
@@ -1187,6 +1521,12 @@
sc->session_ctx = ssl->ctx;
+#ifdef SSL_READ_EARLY_DATA_SUCCESS
+ if (SSL_CTX_get_max_early_data(ssl->ctx)) {
+ sc->try_early_data = 1;
+ }
+#endif
+
sc->connection = SSL_new(ssl->ctx);
if (sc->connection == NULL) {
@@ -1204,6 +1544,10 @@
} else {
SSL_set_accept_state(sc->connection);
+
+#ifdef SSL_OP_NO_RENEGOTIATION
+ SSL_set_options(sc->connection, SSL_OP_NO_RENEGOTIATION);
+#endif
}
if (SSL_set_ex_data(sc->connection, ngx_ssl_connection_index, c) == 0) {
@@ -1217,6 +1561,31 @@
}
+ngx_ssl_session_t *
+ngx_ssl_get_session(ngx_connection_t *c)
+{
+#ifdef TLS1_3_VERSION
+ if (c->ssl->session) {
+ SSL_SESSION_up_ref(c->ssl->session);
+ return c->ssl->session;
+ }
+#endif
+
+ return SSL_get1_session(c->ssl->connection);
+}
+
+
+ngx_ssl_session_t *
+ngx_ssl_get0_session(ngx_connection_t *c)
+{
+ if (c->ssl->session) {
+ return c->ssl->session;
+ }
+
+ return SSL_get0_session(c->ssl->connection);
+}
+
+
ngx_int_t
ngx_ssl_set_session(ngx_connection_t *c, ngx_ssl_session_t *session)
{
@@ -1237,6 +1606,12 @@
int n, sslerr;
ngx_err_t err;
+#ifdef SSL_READ_EARLY_DATA_SUCCESS
+ if (c->ssl->try_early_data) {
+ return ngx_ssl_try_early_data(c);
+ }
+#endif
+
ngx_ssl_clear_error(c->log);
n = SSL_do_handshake(c->ssl->connection);
@@ -1254,73 +1629,145 @@
}
#if (NGX_DEBUG)
- {
- char buf[129], *s, *d;
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
- const
+ ngx_ssl_handshake_log(c);
#endif
- SSL_CIPHER *cipher;
- cipher = SSL_get_current_cipher(c->ssl->connection);
+ c->ssl->handshaked = 1;
- if (cipher) {
- SSL_CIPHER_description(cipher, &buf[1], 128);
+ c->recv = ngx_ssl_recv;
+ c->send = ngx_ssl_write;
+ c->recv_chain = ngx_ssl_recv_chain;
+ c->send_chain = ngx_ssl_send_chain;
- for (s = &buf[1], d = buf; *s; s++) {
- if (*s == ' ' && *d == ' ') {
- continue;
- }
+#ifndef SSL_OP_NO_RENEGOTIATION
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
- if (*s == LF || *s == CR) {
- continue;
- }
+ /* initial handshake done, disable renegotiation (CVE-2009-3555) */
+ if (c->ssl->connection->s3 && SSL_is_server(c->ssl->connection)) {
+ c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
+ }
- *++d = *s;
- }
+#endif
+#endif
+#endif
- if (*d != ' ') {
- d++;
- }
+ return NGX_OK;
+ }
- *d = '\0';
+ sslerr = SSL_get_error(c->ssl->connection, n);
- ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
- "SSL: %s, cipher: \"%s\"",
- SSL_get_version(c->ssl->connection), &buf[1]);
+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr);
- if (SSL_session_reused(c->ssl->connection)) {
- ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
- "SSL reused session");
- }
+ if (sslerr == SSL_ERROR_WANT_READ) {
+ c->read->ready = 0;
+ c->read->handler = ngx_ssl_handshake_handler;
+ c->write->handler = ngx_ssl_handshake_handler;
- } else {
- ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
- "SSL no shared ciphers");
+ if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ return NGX_AGAIN;
+ }
+
+ if (sslerr == SSL_ERROR_WANT_WRITE) {
+ c->write->ready = 0;
+ c->read->handler = ngx_ssl_handshake_handler;
+ c->write->handler = ngx_ssl_handshake_handler;
+
+ if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ return NGX_AGAIN;
+ }
+
+ err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
+
+ c->ssl->no_wait_shutdown = 1;
+ c->ssl->no_send_shutdown = 1;
+ c->read->eof = 1;
+
+ if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) {
+ ngx_connection_error(c, err,
+ "peer closed connection in SSL handshake");
+
+ return NGX_ERROR;
+ }
+
+ c->read->error = 1;
+
+ ngx_ssl_connection_error(c, sslerr, err, "SSL_do_handshake() failed");
+
+ return NGX_ERROR;
+}
+
+
+#ifdef SSL_READ_EARLY_DATA_SUCCESS
+
+static ngx_int_t
+ngx_ssl_try_early_data(ngx_connection_t *c)
+{
+ int n, sslerr;
+ u_char buf;
+ size_t readbytes;
+ ngx_err_t err;
+
+ ngx_ssl_clear_error(c->log);
+
+ readbytes = 0;
+
+ n = SSL_read_early_data(c->ssl->connection, &buf, 1, &readbytes);
+
+ ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
+ "SSL_read_early_data: %d, %uz", n, readbytes);
+
+ if (n == SSL_READ_EARLY_DATA_FINISH) {
+ c->ssl->try_early_data = 0;
+ return ngx_ssl_handshake(c);
+ }
+
+ if (n == SSL_READ_EARLY_DATA_SUCCESS) {
+
+ if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
+ return NGX_ERROR;
}
+
+ if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
+ return NGX_ERROR;
}
+
+#if (NGX_DEBUG)
+ ngx_ssl_handshake_log(c);
#endif
+ c->ssl->try_early_data = 0;
+
+ c->ssl->early_buf = buf;
+ c->ssl->early_preread = 1;
+
c->ssl->handshaked = 1;
+ c->ssl->in_early = 1;
c->recv = ngx_ssl_recv;
c->send = ngx_ssl_write;
c->recv_chain = ngx_ssl_recv_chain;
c->send_chain = ngx_ssl_send_chain;
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-#ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
-
- /* initial handshake done, disable renegotiation (CVE-2009-3555) */
- if (c->ssl->connection->s3 && SSL_is_server(c->ssl->connection)) {
- c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
- }
-
-#endif
-#endif
-
return NGX_OK;
}
+ /* SSL_READ_EARLY_DATA_ERROR */
+
sslerr = SSL_get_error(c->ssl->connection, n);
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr);
@@ -1372,11 +1819,65 @@
c->read->error = 1;
- ngx_ssl_connection_error(c, sslerr, err, "SSL_do_handshake() failed");
+ ngx_ssl_connection_error(c, sslerr, err, "SSL_read_early_data() failed");
return NGX_ERROR;
}
+#endif
+
+
+#if (NGX_DEBUG)
+
+static void
+ngx_ssl_handshake_log(ngx_connection_t *c)
+{
+ char buf[129], *s, *d;
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+ const
+#endif
+ SSL_CIPHER *cipher;
+
+ cipher = SSL_get_current_cipher(c->ssl->connection);
+
+ if (cipher) {
+ SSL_CIPHER_description(cipher, &buf[1], 128);
+
+ for (s = &buf[1], d = buf; *s; s++) {
+ if (*s == ' ' && *d == ' ') {
+ continue;
+ }
+
+ if (*s == LF || *s == CR) {
+ continue;
+ }
+
+ *++d = *s;
+ }
+
+ if (*d != ' ') {
+ d++;
+ }
+
+ *d = '\0';
+
+ ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
+ "SSL: %s, cipher: \"%s\"",
+ SSL_get_version(c->ssl->connection), &buf[1]);
+
+ if (SSL_session_reused(c->ssl->connection)) {
+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
+ "SSL reused session");
+ }
+
+ } else {
+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
+ "SSL no shared ciphers");
+ }
+}
+
+#endif
+
static void
ngx_ssl_handshake_handler(ngx_event_t *ev)
@@ -1446,24 +1947,111 @@
continue;
}
- if (bytes) {
+ if (bytes) {
+
+ if (n == 0 || n == NGX_ERROR) {
+ c->read->ready = 1;
+ }
+
+ return bytes;
+ }
+
+ return n;
+ }
+}
+
+
+ssize_t
+ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size)
+{
+ int n, bytes;
+
+#ifdef SSL_READ_EARLY_DATA_SUCCESS
+ if (c->ssl->in_early) {
+ return ngx_ssl_recv_early(c, buf, size);
+ }
+#endif
+
+ if (c->ssl->last == NGX_ERROR) {
+ c->read->error = 1;
+ return NGX_ERROR;
+ }
+
+ if (c->ssl->last == NGX_DONE) {
+ c->read->ready = 0;
+ c->read->eof = 1;
+ return 0;
+ }
+
+ bytes = 0;
+
+ ngx_ssl_clear_error(c->log);
+
+ /*
+ * SSL_read() may return data in parts, so try to read
+ * until SSL_read() would return no data
+ */
+
+ for ( ;; ) {
+
+ n = SSL_read(c->ssl->connection, buf, size);
+
+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_read: %d", n);
+
+ if (n > 0) {
+ bytes += n;
+ }
+
+ c->ssl->last = ngx_ssl_handle_recv(c, n);
+
+ if (c->ssl->last == NGX_OK) {
+
+ size -= n;
+
+ if (size == 0) {
+ c->read->ready = 1;
+ return bytes;
+ }
+
+ buf += n;
+
+ continue;
+ }
+
+ if (bytes) {
+ if (c->ssl->last != NGX_AGAIN) {
+ c->read->ready = 1;
+ }
+
+ return bytes;
+ }
+
+ switch (c->ssl->last) {
+
+ case NGX_DONE:
+ c->read->ready = 0;
+ c->read->eof = 1;
+ return 0;
+
+ case NGX_ERROR:
+ c->read->error = 1;
- if (n == 0 || n == NGX_ERROR) {
- c->read->ready = 1;
- }
+ /* fall through */
- return bytes;
+ case NGX_AGAIN:
+ return c->ssl->last;
}
-
- return n;
}
}
-ssize_t
-ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size)
+#ifdef SSL_READ_EARLY_DATA_SUCCESS
+
+static ssize_t
+ngx_ssl_recv_early(ngx_connection_t *c, u_char *buf, size_t size)
{
- int n, bytes;
+ int n, bytes;
+ size_t readbytes;
if (c->ssl->last == NGX_ERROR) {
c->read->error = 1;
@@ -1480,37 +2068,75 @@
ngx_ssl_clear_error(c->log);
+ if (c->ssl->early_preread) {
+
+ if (size == 0) {
+ c->read->ready = 0;
+ c->read->eof = 1;
+ return 0;
+ }
+
+ *buf = c->ssl->early_buf;
+
+ c->ssl->early_preread = 0;
+
+ bytes = 1;
+ size -= 1;
+ buf += 1;
+ }
+
+ if (c->ssl->write_blocked) {
+ return NGX_AGAIN;
+ }
+
/*
- * SSL_read() may return data in parts, so try to read
- * until SSL_read() would return no data
+ * SSL_read_early_data() may return data in parts, so try to read
+ * until SSL_read_early_data() would return no data
*/
for ( ;; ) {
- n = SSL_read(c->ssl->connection, buf, size);
+ readbytes = 0;
- ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_read: %d", n);
+ n = SSL_read_early_data(c->ssl->connection, buf, size, &readbytes);
- if (n > 0) {
- bytes += n;
- }
+ ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
+ "SSL_read_early_data: %d, %uz", n, readbytes);
- c->ssl->last = ngx_ssl_handle_recv(c, n);
+ if (n == SSL_READ_EARLY_DATA_SUCCESS) {
- if (c->ssl->last == NGX_OK) {
+ c->ssl->last = ngx_ssl_handle_recv(c, 1);
- size -= n;
+ bytes += readbytes;
+ size -= readbytes;
if (size == 0) {
c->read->ready = 1;
return bytes;
}
- buf += n;
+ buf += readbytes;
continue;
}
+ if (n == SSL_READ_EARLY_DATA_FINISH) {
+
+ c->ssl->last = ngx_ssl_handle_recv(c, 1);
+ c->ssl->in_early = 0;
+
+ if (bytes) {
+ c->read->ready = 1;
+ return bytes;
+ }
+
+ return ngx_ssl_recv(c, buf, size);
+ }
+
+ /* SSL_READ_EARLY_DATA_ERROR */
+
+ c->ssl->last = ngx_ssl_handle_recv(c, 0);
+
if (bytes) {
if (c->ssl->last != NGX_AGAIN) {
c->read->ready = 1;
@@ -1537,6 +2163,8 @@
}
}
+#endif
+
static ngx_int_t
ngx_ssl_handle_recv(ngx_connection_t *c, int n)
@@ -1544,6 +2172,8 @@
int sslerr;
ngx_err_t err;
+#ifndef SSL_OP_NO_RENEGOTIATION
+
if (c->ssl->renegotiation) {
/*
* disable renegotiation (CVE-2009-3555):
@@ -1566,6 +2196,8 @@
return NGX_ERROR;
}
+#endif
+
if (n > 0) {
if (c->ssl->saved_write_handler) {
@@ -1591,14 +2223,28 @@
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr);
if (sslerr == SSL_ERROR_WANT_READ) {
+
+ if (c->ssl->saved_write_handler) {
+
+ c->write->handler = c->ssl->saved_write_handler;
+ c->ssl->saved_write_handler = NULL;
+ c->write->ready = 1;
+
+ if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ ngx_post_event(c->write, &ngx_posted_events);
+ }
+
c->read->ready = 0;
return NGX_AGAIN;
}
if (sslerr == SSL_ERROR_WANT_WRITE) {
- ngx_log_error(NGX_LOG_INFO, c->log, 0,
- "peer started SSL renegotiation");
+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
+ "SSL_read: want write");
c->write->ready = 0;
@@ -1640,6 +2286,8 @@
c = wev->data;
+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL write handler");
+
c->read->handler(c->read);
}
@@ -1813,6 +2461,12 @@
int n, sslerr;
ngx_err_t err;
+#ifdef SSL_READ_EARLY_DATA_SUCCESS
+ if (c->ssl->in_early) {
+ return ngx_ssl_write_early(c, data, size);
+ }
+#endif
+
ngx_ssl_clear_error(c->log);
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL to write: %uz", size);
@@ -1848,14 +2502,28 @@
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr);
if (sslerr == SSL_ERROR_WANT_WRITE) {
+
+ if (c->ssl->saved_read_handler) {
+
+ c->read->handler = c->ssl->saved_read_handler;
+ c->ssl->saved_read_handler = NULL;
+ c->read->ready = 1;
+
+ if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ ngx_post_event(c->read, &ngx_posted_events);
+ }
+
c->write->ready = 0;
return NGX_AGAIN;
}
if (sslerr == SSL_ERROR_WANT_READ) {
- ngx_log_error(NGX_LOG_INFO, c->log, 0,
- "peer started SSL renegotiation");
+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
+ "SSL_write: want read");
c->read->ready = 0;
@@ -1886,6 +2554,123 @@
}
+#ifdef SSL_READ_EARLY_DATA_SUCCESS
+
+ssize_t
+ngx_ssl_write_early(ngx_connection_t *c, u_char *data, size_t size)
+{
+ int n, sslerr;
+ size_t written;
+ ngx_err_t err;
+
+ ngx_ssl_clear_error(c->log);
+
+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL to write: %uz", size);
+
+ written = 0;
+
+ n = SSL_write_early_data(c->ssl->connection, data, size, &written);
+
+ ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
+ "SSL_write_early_data: %d, %uz", n, written);
+
+ if (n > 0) {
+
+ if (c->ssl->saved_read_handler) {
+
+ c->read->handler = c->ssl->saved_read_handler;
+ c->ssl->saved_read_handler = NULL;
+ c->read->ready = 1;
+
+ if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ ngx_post_event(c->read, &ngx_posted_events);
+ }
+
+ if (c->ssl->write_blocked) {
+ c->ssl->write_blocked = 0;
+ ngx_post_event(c->read, &ngx_posted_events);
+ }
+
+ c->sent += written;
+
+ return written;
+ }
+
+ sslerr = SSL_get_error(c->ssl->connection, n);
+
+ err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
+
+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr);
+
+ if (sslerr == SSL_ERROR_WANT_WRITE) {
+
+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
+ "SSL_write_early_data: want write");
+
+ if (c->ssl->saved_read_handler) {
+
+ c->read->handler = c->ssl->saved_read_handler;
+ c->ssl->saved_read_handler = NULL;
+ c->read->ready = 1;
+
+ if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ ngx_post_event(c->read, &ngx_posted_events);
+ }
+
+ /*
+ * OpenSSL 1.1.1a fails to handle SSL_read_early_data()
+ * if an SSL_write_early_data() call blocked on writing,
+ * see https://github.com/openssl/openssl/issues/7757
+ */
+
+ c->ssl->write_blocked = 1;
+
+ c->write->ready = 0;
+ return NGX_AGAIN;
+ }
+
+ if (sslerr == SSL_ERROR_WANT_READ) {
+
+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
+ "SSL_write_early_data: want read");
+
+ c->read->ready = 0;
+
+ if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ /*
+ * we do not set the timer because there is already
+ * the write event timer
+ */
+
+ if (c->ssl->saved_read_handler == NULL) {
+ c->ssl->saved_read_handler = c->read->handler;
+ c->read->handler = ngx_ssl_read_handler;
+ }
+
+ return NGX_AGAIN;
+ }
+
+ c->ssl->no_wait_shutdown = 1;
+ c->ssl->no_send_shutdown = 1;
+ c->write->error = 1;
+
+ ngx_ssl_connection_error(c, sslerr, err, "SSL_write_early_data() failed");
+
+ return NGX_ERROR;
+}
+
+#endif
+
+
static void
ngx_ssl_read_handler(ngx_event_t *rev)
{
@@ -1893,6 +2678,8 @@
c = rev->data;
+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL read handler");
+
c->write->handler(c->write);
}
@@ -2089,9 +2876,15 @@
|| n == SSL_R_NO_COMPRESSION_SPECIFIED /* 187 */
|| n == SSL_R_NO_SHARED_CIPHER /* 193 */
|| n == SSL_R_RECORD_LENGTH_MISMATCH /* 213 */
+#ifdef SSL_R_CLIENTHELLO_TLSEXT
+ || n == SSL_R_CLIENTHELLO_TLSEXT /* 226 */
+#endif
#ifdef SSL_R_PARSE_TLSEXT
|| n == SSL_R_PARSE_TLSEXT /* 227 */
#endif
+#ifdef SSL_R_CALLBACK_FAILED
+ || n == SSL_R_CALLBACK_FAILED /* 234 */
+#endif
|| n == SSL_R_UNEXPECTED_MESSAGE /* 244 */
|| n == SSL_R_UNEXPECTED_RECORD /* 245 */
|| n == SSL_R_UNKNOWN_ALERT_TYPE /* 246 */
@@ -2119,6 +2912,9 @@
#ifdef SSL_R_INAPPROPRIATE_FALLBACK
|| n == SSL_R_INAPPROPRIATE_FALLBACK /* 373 */
#endif
+#ifdef SSL_R_CERT_CB_ERROR
+ || n == SSL_R_CERT_CB_ERROR /* 377 */
+#endif
#ifdef SSL_R_VERSION_TOO_LOW
|| n == SSL_R_VERSION_TOO_LOW /* 396 */
#endif
@@ -2198,53 +2994,60 @@
p = ngx_vslprintf(errstr, last - 1, fmt, args);
va_end(args);
- p = ngx_cpystrn(p, (u_char *) " (SSL:", last - p);
+ if (ERR_peek_error()) {
+ p = ngx_cpystrn(p, (u_char *) " (SSL:", last - p);
- for ( ;; ) {
+ for ( ;; ) {
- n = ERR_peek_error_line_data(NULL, NULL, &data, &flags);
+ n = ERR_peek_error_line_data(NULL, NULL, &data, &flags);
- if (n == 0) {
- break;
- }
+ if (n == 0) {
+ break;
+ }
- /* ERR_error_string_n() requires at least one byte */
+ /* ERR_error_string_n() requires at least one byte */
- if (p >= last - 1) {
- goto next;
- }
+ if (p >= last - 1) {
+ goto next;
+ }
- *p++ = ' ';
+ *p++ = ' ';
- ERR_error_string_n(n, (char *) p, last - p);
+ ERR_error_string_n(n, (char *) p, last - p);
- while (p < last && *p) {
- p++;
- }
+ while (p < last && *p) {
+ p++;
+ }
- if (p < last && *data && (flags & ERR_TXT_STRING)) {
- *p++ = ':';
- p = ngx_cpystrn(p, (u_char *) data, last - p);
- }
+ if (p < last && *data && (flags & ERR_TXT_STRING)) {
+ *p++ = ':';
+ p = ngx_cpystrn(p, (u_char *) data, last - p);
+ }
+
+ next:
- next:
+ (void) ERR_get_error();
+ }
- (void) ERR_get_error();
+ if (p < last) {
+ *p++ = ')';
+ }
}
- ngx_log_error(level, log, err, "%*s)", p - errstr, errstr);
+ ngx_log_error(level, log, err, "%*s", p - errstr, errstr);
}
ngx_int_t
ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
- ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout)
+ ngx_array_t *certificates, ssize_t builtin_session_cache,
+ ngx_shm_zone_t *shm_zone, time_t timeout)
{
long cache_mode;
SSL_CTX_set_timeout(ssl->ctx, (long) timeout);
- if (ngx_ssl_session_id_context(ssl, sess_ctx) != NGX_OK) {
+ if (ngx_ssl_session_id_context(ssl, sess_ctx, certificates) != NGX_OK) {
return NGX_ERROR;
}
@@ -2310,11 +3113,14 @@
static ngx_int_t
-ngx_ssl_session_id_context(ngx_ssl_t *ssl, ngx_str_t *sess_ctx)
+ngx_ssl_session_id_context(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
+ ngx_array_t *certificates)
{
int n, i;
X509 *cert;
X509_NAME *name;
+ ngx_str_t *certs;
+ ngx_uint_t k;
EVP_MD_CTX *md;
unsigned int len;
STACK_OF(X509_NAME) *list;
@@ -2359,6 +3165,24 @@
}
}
+ if (SSL_CTX_get_ex_data(ssl->ctx, ngx_ssl_certificate_index) == NULL) {
+
+ /*
+ * If certificates are loaded dynamically, we use certificate
+ * names as specified in the configuration (with variables).
+ */
+
+ certs = certificates->elts;
+ for (k = 0; k < certificates->nelts; k++) {
+
+ if (EVP_DigestUpdate(md, certs[k].data, certs[k].len) == 0) {
+ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
+ "EVP_DigestUpdate() failed");
+ goto failed;
+ }
+ }
+ }
+
list = SSL_CTX_get_client_CA_list(ssl->ctx);
if (list != NULL) {
@@ -2383,7 +3207,7 @@
if (EVP_DigestFinal_ex(md, buf, &len) == 0) {
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
- "EVP_DigestUpdate() failed");
+ "EVP_DigestFinal_ex() failed");
goto failed;
}
@@ -2630,6 +3454,7 @@
const
#endif
u_char *p;
+ size_t slen;
uint32_t hash;
ngx_int_t rc;
ngx_shm_zone_t *shm_zone;
@@ -2685,12 +3510,14 @@
if (rc == 0) {
if (sess_id->expire > ngx_time()) {
- ngx_memcpy(buf, sess_id->session, sess_id->len);
+ slen = sess_id->len;
+
+ ngx_memcpy(buf, sess_id->session, slen);
ngx_shmtx_unlock(&shpool->mutex);
p = buf;
- sess = d2i_SSL_SESSION(NULL, &p, sess_id->len);
+ sess = d2i_SSL_SESSION(NULL, &p, slen);
return sess;
}
@@ -2911,6 +3738,7 @@
ngx_uint_t i;
ngx_array_t *keys;
ngx_file_info_t fi;
+ ngx_pool_cleanup_t *cln;
ngx_ssl_session_ticket_key_t *key;
if (paths == NULL) {
@@ -2923,6 +3751,14 @@
return NGX_ERROR;
}
+ cln = ngx_pool_cleanup_add(cf->pool, 0);
+ if (cln == NULL) {
+ return NGX_ERROR;
+ }
+
+ cln->handler = ngx_ssl_session_ticket_keys_cleanup;
+ cln->data = keys;
+
path = paths->elts;
for (i = 0; i < paths->nelts; i++) {
@@ -2994,6 +3830,8 @@
ngx_log_error(NGX_LOG_ALERT, cf->log, ngx_errno,
ngx_close_file_n " \"%V\" failed", &file.name);
}
+
+ ngx_explicit_memzero(&buf, 80);
}
if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_session_ticket_keys_index, keys)
@@ -3024,6 +3862,8 @@
ngx_close_file_n " \"%V\" failed", &file.name);
}
+ ngx_explicit_memzero(&buf, 80);
+
return NGX_ERROR;
}
@@ -3152,6 +3992,16 @@
}
}
+
+static void
+ngx_ssl_session_ticket_keys_cleanup(void *data)
+{
+ ngx_array_t *keys = data;
+
+ ngx_explicit_memzero(keys->elts,
+ keys->nelts * sizeof(ngx_ssl_session_ticket_key_t));
+}
+
#else
ngx_int_t
@@ -3575,6 +4425,33 @@
ngx_int_t
+ngx_ssl_get_early_data(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
+{
+ s->len = 0;
+
+#ifdef SSL_ERROR_EARLY_DATA_REJECTED
+
+ /* BoringSSL */
+
+ if (SSL_in_early_data(c->ssl->connection)) {
+ ngx_str_set(s, "1");
+ }
+
+#elif defined SSL_READ_EARLY_DATA_SUCCESS
+
+ /* OpenSSL */
+
+ if (!SSL_is_init_finished(c->ssl->connection)) {
+ ngx_str_set(s, "1");
+ }
+
+#endif
+
+ return NGX_OK;
+}
+
+
+ngx_int_t
ngx_ssl_get_server_name(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
{
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
@@ -3745,6 +4622,7 @@
name = X509_get_subject_name(cert);
if (name == NULL) {
+ X509_free(cert);
return NGX_ERROR;
}
@@ -3796,6 +4674,7 @@
name = X509_get_issuer_name(cert);
if (name == NULL) {
+ X509_free(cert);
return NGX_ERROR;
}
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/event/ngx_event_openssl.h
^
|
| @@ -81,15 +81,24 @@
ngx_connection_handler_pt handler;
+ ngx_ssl_session_t *session;
+ ngx_connection_handler_pt save_session;
+
ngx_event_handler_pt saved_read_handler;
ngx_event_handler_pt saved_write_handler;
+ u_char early_buf;
+
unsigned handshaked:1;
unsigned renegotiation:1;
unsigned buffer:1;
unsigned no_wait_shutdown:1;
unsigned no_send_shutdown:1;
unsigned handshake_buffer_set:1;
+ unsigned try_early_data:1;
+ unsigned in_early:1;
+ unsigned early_preread:1;
+ unsigned write_blocked:1;
};
@@ -152,10 +161,14 @@
ngx_int_t ngx_ssl_init(ngx_log_t *log);
ngx_int_t ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data);
+
ngx_int_t ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl,
ngx_array_t *certs, ngx_array_t *keys, ngx_array_t *passwords);
ngx_int_t ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
ngx_str_t *cert, ngx_str_t *key, ngx_array_t *passwords);
+ngx_int_t ngx_ssl_connection_certificate(ngx_connection_t *c, ngx_pool_t *pool,
+ ngx_str_t *cert, ngx_str_t *key, ngx_array_t *passwords);
+
ngx_int_t ngx_ssl_ciphers(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *ciphers,
ngx_uint_t prefer_server_ciphers);
ngx_int_t ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
@@ -170,10 +183,17 @@
RSA *ngx_ssl_rsa512_key_callback(ngx_ssl_conn_t *ssl_conn, int is_export,
int key_length);
ngx_array_t *ngx_ssl_read_password_file(ngx_conf_t *cf, ngx_str_t *file);
+ngx_array_t *ngx_ssl_preserve_passwords(ngx_conf_t *cf,
+ ngx_array_t *passwords);
ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file);
ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name);
+ngx_int_t ngx_ssl_early_data(ngx_conf_t *cf, ngx_ssl_t *ssl,
+ ngx_uint_t enable);
+ngx_int_t ngx_ssl_client_session_cache(ngx_conf_t *cf, ngx_ssl_t *ssl,
+ ngx_uint_t enable);
ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
- ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout);
+ ngx_array_t *certificates, ssize_t builtin_session_cache,
+ ngx_shm_zone_t *shm_zone, time_t timeout);
ngx_int_t ngx_ssl_session_ticket_keys(ngx_conf_t *cf, ngx_ssl_t *ssl,
ngx_array_t *paths);
ngx_int_t ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone, void *data);
@@ -182,7 +202,8 @@
void ngx_ssl_remove_cached_session(SSL_CTX *ssl, ngx_ssl_session_t *sess);
ngx_int_t ngx_ssl_set_session(ngx_connection_t *c, ngx_ssl_session_t *session);
-#define ngx_ssl_get_session(c) SSL_get1_session(c->ssl->connection)
+ngx_ssl_session_t *ngx_ssl_get_session(ngx_connection_t *c);
+ngx_ssl_session_t *ngx_ssl_get0_session(ngx_connection_t *c);
#define ngx_ssl_free_session SSL_SESSION_free
#define ngx_ssl_get_connection(ssl_conn) \
SSL_get_ex_data(ssl_conn, ngx_ssl_connection_index)
@@ -211,6 +232,8 @@
ngx_str_t *s);
ngx_int_t ngx_ssl_get_session_reused(ngx_connection_t *c, ngx_pool_t *pool,
ngx_str_t *s);
+ngx_int_t ngx_ssl_get_early_data(ngx_connection_t *c, ngx_pool_t *pool,
+ ngx_str_t *s);
ngx_int_t ngx_ssl_get_server_name(ngx_connection_t *c, ngx_pool_t *pool,
ngx_str_t *s);
ngx_int_t ngx_ssl_get_raw_certificate(ngx_connection_t *c, ngx_pool_t *pool,
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/event/ngx_event_openssl_stapling.c
^
|
| @@ -227,7 +227,7 @@
return NGX_ERROR;
}
- bio = BIO_new_file((char *) file->data, "r");
+ bio = BIO_new_file((char *) file->data, "rb");
if (bio == NULL) {
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
"BIO_new_file(\"%s\") failed", file->data);
@@ -511,6 +511,11 @@
rc = SSL_TLSEXT_ERR_NOACK;
cert = SSL_get_certificate(ssl_conn);
+
+ if (cert == NULL) {
+ return rc;
+ }
+
staple = X509_get_ex_data(cert, ngx_ssl_stapling_index);
if (staple == NULL) {
|
|
[-]
[+]
|
Added |
_service:download_url:nginx-1.16.1.tar.gz/src/event/ngx_event_udp.c
^
|
| @@ -0,0 +1,663 @@
+
+/*
+ * Copyright (C) Roman Arutyunyan
+ * Copyright (C) Nginx, Inc.
+ */
+
+
+#include <ngx_config.h>
+#include <ngx_core.h>
+#include <ngx_event.h>
+
+
+#if !(NGX_WIN32)
+
+struct ngx_udp_connection_s {
+ ngx_rbtree_node_t node;
+ ngx_connection_t *connection;
+ ngx_buf_t *buffer;
+};
+
+
+static void ngx_close_accepted_udp_connection(ngx_connection_t *c);
+static ssize_t ngx_udp_shared_recv(ngx_connection_t *c, u_char *buf,
+ size_t size);
+static ngx_int_t ngx_insert_udp_connection(ngx_connection_t *c);
+static ngx_connection_t *ngx_lookup_udp_connection(ngx_listening_t *ls,
+ struct sockaddr *sockaddr, socklen_t socklen,
+ struct sockaddr *local_sockaddr, socklen_t local_socklen);
+
+
+void
+ngx_event_recvmsg(ngx_event_t *ev)
+{
+ ssize_t n;
+ ngx_buf_t buf;
+ ngx_log_t *log;
+ ngx_err_t err;
+ socklen_t socklen, local_socklen;
+ ngx_event_t *rev, *wev;
+ struct iovec iov[1];
+ struct msghdr msg;
+ ngx_sockaddr_t sa, lsa;
+ struct sockaddr *sockaddr, *local_sockaddr;
+ ngx_listening_t *ls;
+ ngx_event_conf_t *ecf;
+ ngx_connection_t *c, *lc;
+ static u_char buffer[65535];
+
+#if (NGX_HAVE_MSGHDR_MSG_CONTROL)
+
+#if (NGX_HAVE_IP_RECVDSTADDR)
+ u_char msg_control[CMSG_SPACE(sizeof(struct in_addr))];
+#elif (NGX_HAVE_IP_PKTINFO)
+ u_char msg_control[CMSG_SPACE(sizeof(struct in_pktinfo))];
+#endif
+
+#if (NGX_HAVE_INET6 && NGX_HAVE_IPV6_RECVPKTINFO)
+ u_char msg_control6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
+#endif
+
+#endif
+
+ if (ev->timedout) {
+ if (ngx_enable_accept_events((ngx_cycle_t *) ngx_cycle) != NGX_OK) {
+ return;
+ }
+
+ ev->timedout = 0;
+ }
+
+ ecf = ngx_event_get_conf(ngx_cycle->conf_ctx, ngx_event_core_module);
+
+ if (!(ngx_event_flags & NGX_USE_KQUEUE_EVENT)) {
+ ev->available = ecf->multi_accept;
+ }
+
+ lc = ev->data;
+ ls = lc->listening;
+ ev->ready = 0;
+
+ ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ev->log, 0,
+ "recvmsg on %V, ready: %d", &ls->addr_text, ev->available);
+
+ do {
+ ngx_memzero(&msg, sizeof(struct msghdr));
+
+ iov[0].iov_base = (void *) buffer;
+ iov[0].iov_len = sizeof(buffer);
+
+ msg.msg_name = &sa;
+ msg.msg_namelen = sizeof(ngx_sockaddr_t);
+ msg.msg_iov = iov;
+ msg.msg_iovlen = 1;
+
+#if (NGX_HAVE_MSGHDR_MSG_CONTROL)
+
+ if (ls->wildcard) {
+
+#if (NGX_HAVE_IP_RECVDSTADDR || NGX_HAVE_IP_PKTINFO)
+ if (ls->sockaddr->sa_family == AF_INET) {
+ msg.msg_control = &msg_control;
+ msg.msg_controllen = sizeof(msg_control);
+ }
+#endif
+
+#if (NGX_HAVE_INET6 && NGX_HAVE_IPV6_RECVPKTINFO)
+ if (ls->sockaddr->sa_family == AF_INET6) {
+ msg.msg_control = &msg_control6;
+ msg.msg_controllen = sizeof(msg_control6);
+ }
+#endif
+ }
+
+#endif
+
+ n = recvmsg(lc->fd, &msg, 0);
+
+ if (n == -1) {
+ err = ngx_socket_errno;
+
+ if (err == NGX_EAGAIN) {
+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ev->log, err,
+ "recvmsg() not ready");
+ return;
+ }
+
+ ngx_log_error(NGX_LOG_ALERT, ev->log, err, "recvmsg() failed");
+
+ return;
+ }
+
+#if (NGX_HAVE_MSGHDR_MSG_CONTROL)
+ if (msg.msg_flags & (MSG_TRUNC|MSG_CTRUNC)) {
+ ngx_log_error(NGX_LOG_ALERT, ev->log, 0,
+ "recvmsg() truncated data");
+ continue;
+ }
+#endif
+
+ sockaddr = msg.msg_name;
+ socklen = msg.msg_namelen;
+
+ if (socklen > (socklen_t) sizeof(ngx_sockaddr_t)) {
+ socklen = sizeof(ngx_sockaddr_t);
+ }
+
+ if (socklen == 0) {
+
+ /*
+ * on Linux recvmsg() returns zero msg_namelen
+ * when receiving packets from unbound AF_UNIX sockets
+ */
+
+ socklen = sizeof(struct sockaddr);
+ ngx_memzero(&sa, sizeof(struct sockaddr));
+ sa.sockaddr.sa_family = ls->sockaddr->sa_family;
+ }
+
+ local_sockaddr = ls->sockaddr;
+ local_socklen = ls->socklen;
+
+#if (NGX_HAVE_MSGHDR_MSG_CONTROL)
+
+ if (ls->wildcard) {
+ struct cmsghdr *cmsg;
+
+ ngx_memcpy(&lsa, local_sockaddr, local_socklen);
+ local_sockaddr = &lsa.sockaddr;
+
+ for (cmsg = CMSG_FIRSTHDR(&msg);
+ cmsg != NULL;
+ cmsg = CMSG_NXTHDR(&msg, cmsg))
+ {
+
+#if (NGX_HAVE_IP_RECVDSTADDR)
+
+ if (cmsg->cmsg_level == IPPROTO_IP
+ && cmsg->cmsg_type == IP_RECVDSTADDR
+ && local_sockaddr->sa_family == AF_INET)
+ {
+ struct in_addr *addr;
+ struct sockaddr_in *sin;
+
+ addr = (struct in_addr *) CMSG_DATA(cmsg);
+ sin = (struct sockaddr_in *) local_sockaddr;
+ sin->sin_addr = *addr;
+
+ break;
+ }
+
+#elif (NGX_HAVE_IP_PKTINFO)
+
+ if (cmsg->cmsg_level == IPPROTO_IP
+ && cmsg->cmsg_type == IP_PKTINFO
+ && local_sockaddr->sa_family == AF_INET)
+ {
+ struct in_pktinfo *pkt;
+ struct sockaddr_in *sin;
+
+ pkt = (struct in_pktinfo *) CMSG_DATA(cmsg);
+ sin = (struct sockaddr_in *) local_sockaddr;
+ sin->sin_addr = pkt->ipi_addr;
+
+ break;
+ }
+
+#endif
+
+#if (NGX_HAVE_INET6 && NGX_HAVE_IPV6_RECVPKTINFO)
+
+ if (cmsg->cmsg_level == IPPROTO_IPV6
+ && cmsg->cmsg_type == IPV6_PKTINFO
+ && local_sockaddr->sa_family == AF_INET6)
+ {
+ struct in6_pktinfo *pkt6;
+ struct sockaddr_in6 *sin6;
+
+ pkt6 = (struct in6_pktinfo *) CMSG_DATA(cmsg);
+ sin6 = (struct sockaddr_in6 *) local_sockaddr;
+ sin6->sin6_addr = pkt6->ipi6_addr;
+
+ break;
+ }
+
+#endif
+
+ }
+ }
+
+#endif
+
+ c = ngx_lookup_udp_connection(ls, sockaddr, socklen, local_sockaddr,
+ local_socklen);
+
+ if (c) {
+
+#if (NGX_DEBUG)
+ if (c->log->log_level & NGX_LOG_DEBUG_EVENT) {
+ ngx_log_handler_pt handler;
+
+ handler = c->log->handler;
+ c->log->handler = NULL;
+
+ ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
+ "recvmsg: fd:%d n:%z", c->fd, n);
+
+ c->log->handler = handler;
+ }
+#endif
+
+ ngx_memzero(&buf, sizeof(ngx_buf_t));
+
+ buf.pos = buffer;
+ buf.last = buffer + n;
+
+ rev = c->read;
+
+ c->udp->buffer = &buf;
+
+ rev->ready = 1;
+ rev->active = 0;
+
+ rev->handler(rev);
+
+ if (c->udp) {
+ c->udp->buffer = NULL;
+ }
+
+ rev->ready = 0;
+ rev->active = 1;
+
+ goto next;
+ }
+
+#if (NGX_STAT_STUB)
+ (void) ngx_atomic_fetch_add(ngx_stat_accepted, 1);
+#endif
+
+ ngx_accept_disabled = ngx_cycle->connection_n / 8
+ - ngx_cycle->free_connection_n;
+
+ c = ngx_get_connection(lc->fd, ev->log);
+ if (c == NULL) {
+ return;
+ }
+
+ c->shared = 1;
+ c->type = SOCK_DGRAM;
+ c->socklen = socklen;
+
+#if (NGX_STAT_STUB)
+ (void) ngx_atomic_fetch_add(ngx_stat_active, 1);
+#endif
+
+ c->pool = ngx_create_pool(ls->pool_size, ev->log);
+ if (c->pool == NULL) {
+ ngx_close_accepted_udp_connection(c);
+ return;
+ }
+
+ c->sockaddr = ngx_palloc(c->pool, socklen);
+ if (c->sockaddr == NULL) {
+ ngx_close_accepted_udp_connection(c);
+ return;
+ }
+
+ ngx_memcpy(c->sockaddr, sockaddr, socklen);
+
+ log = ngx_palloc(c->pool, sizeof(ngx_log_t));
+ if (log == NULL) {
+ ngx_close_accepted_udp_connection(c);
+ return;
+ }
+
+ *log = ls->log;
+
+ c->recv = ngx_udp_shared_recv;
+ c->send = ngx_udp_send;
+ c->send_chain = ngx_udp_send_chain;
+
+ c->log = log;
+ c->pool->log = log;
+ c->listening = ls;
+
+ if (local_sockaddr == &lsa.sockaddr) {
+ local_sockaddr = ngx_palloc(c->pool, local_socklen);
+ if (local_sockaddr == NULL) {
+ ngx_close_accepted_udp_connection(c);
+ return;
+ }
+
+ ngx_memcpy(local_sockaddr, &lsa, local_socklen);
+ }
+
+ c->local_sockaddr = local_sockaddr;
+ c->local_socklen = local_socklen;
+
+ c->buffer = ngx_create_temp_buf(c->pool, n);
+ if (c->buffer == NULL) {
+ ngx_close_accepted_udp_connection(c);
+ return;
+ }
+
+ c->buffer->last = ngx_cpymem(c->buffer->last, buffer, n);
+
+ rev = c->read;
+ wev = c->write;
+
+ rev->active = 1;
+ wev->ready = 1;
+
+ rev->log = log;
+ wev->log = log;
+
+ /*
+ * TODO: MT: - ngx_atomic_fetch_add()
+ * or protection by critical section or light mutex
+ *
+ * TODO: MP: - allocated in a shared memory
+ * - ngx_atomic_fetch_add()
+ * or protection by critical section or light mutex
+ */
+
+ c->number = ngx_atomic_fetch_add(ngx_connection_counter, 1);
+
+#if (NGX_STAT_STUB)
+ (void) ngx_atomic_fetch_add(ngx_stat_handled, 1);
+#endif
+
+ if (ls->addr_ntop) {
+ c->addr_text.data = ngx_pnalloc(c->pool, ls->addr_text_max_len);
+ if (c->addr_text.data == NULL) {
+ ngx_close_accepted_udp_connection(c);
+ return;
+ }
+
+ c->addr_text.len = ngx_sock_ntop(c->sockaddr, c->socklen,
+ c->addr_text.data,
+ ls->addr_text_max_len, 0);
+ if (c->addr_text.len == 0) {
+ ngx_close_accepted_udp_connection(c);
+ return;
+ }
+ }
+
+#if (NGX_DEBUG)
+ {
+ ngx_str_t addr;
+ u_char text[NGX_SOCKADDR_STRLEN];
+
+ ngx_debug_accepted_connection(ecf, c);
+
+ if (log->log_level & NGX_LOG_DEBUG_EVENT) {
+ addr.data = text;
+ addr.len = ngx_sock_ntop(c->sockaddr, c->socklen, text,
+ NGX_SOCKADDR_STRLEN, 1);
+
+ ngx_log_debug4(NGX_LOG_DEBUG_EVENT, log, 0,
+ "*%uA recvmsg: %V fd:%d n:%z",
+ c->number, &addr, c->fd, n);
+ }
+
+ }
+#endif
+
+ if (ngx_insert_udp_connection(c) != NGX_OK) {
+ ngx_close_accepted_udp_connection(c);
+ return;
+ }
+
+ log->data = NULL;
+ log->handler = NULL;
+
+ ls->handler(c);
+
+ next:
+
+ if (ngx_event_flags & NGX_USE_KQUEUE_EVENT) {
+ ev->available -= n;
+ }
+
+ } while (ev->available);
+}
+
+
+static void
+ngx_close_accepted_udp_connection(ngx_connection_t *c)
+{
+ ngx_free_connection(c);
+
+ c->fd = (ngx_socket_t) -1;
+
+ if (c->pool) {
+ ngx_destroy_pool(c->pool);
+ }
+
+#if (NGX_STAT_STUB)
+ (void) ngx_atomic_fetch_add(ngx_stat_active, -1);
+#endif
+}
+
+
+static ssize_t
+ngx_udp_shared_recv(ngx_connection_t *c, u_char *buf, size_t size)
+{
+ ssize_t n;
+ ngx_buf_t *b;
+
+ if (c->udp == NULL || c->udp->buffer == NULL) {
+ return NGX_AGAIN;
+ }
+
+ b = c->udp->buffer;
+
+ n = ngx_min(b->last - b->pos, (ssize_t) size);
+
+ ngx_memcpy(buf, b->pos, n);
+
+ c->udp->buffer = NULL;
+
+ c->read->ready = 0;
+ c->read->active = 1;
+
+ return n;
+}
+
+
+void
+ngx_udp_rbtree_insert_value(ngx_rbtree_node_t *temp,
+ ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel)
+{
+ ngx_int_t rc;
+ ngx_connection_t *c, *ct;
+ ngx_rbtree_node_t **p;
+ ngx_udp_connection_t *udp, *udpt;
+
+ for ( ;; ) {
+
+ if (node->key < temp->key) {
+
+ p = &temp->left;
+
+ } else if (node->key > temp->key) {
+
+ p = &temp->right;
+
+ } else { /* node->key == temp->key */
+
+ udp = (ngx_udp_connection_t *) node;
+ c = udp->connection;
+
+ udpt = (ngx_udp_connection_t *) temp;
+ ct = udpt->connection;
+
+ rc = ngx_cmp_sockaddr(c->sockaddr, c->socklen,
+ ct->sockaddr, ct->socklen, 1);
+
+ if (rc == 0 && c->listening->wildcard) {
+ rc = ngx_cmp_sockaddr(c->local_sockaddr, c->local_socklen,
+ ct->local_sockaddr, ct->local_socklen, 1);
+ }
+
+ p = (rc < 0) ? &temp->left : &temp->right;
+ }
+
+ if (*p == sentinel) {
+ break;
+ }
+
+ temp = *p;
+ }
+
+ *p = node;
+ node->parent = temp;
+ node->left = sentinel;
+ node->right = sentinel;
+ ngx_rbt_red(node);
+}
+
+
+static ngx_int_t
+ngx_insert_udp_connection(ngx_connection_t *c)
+{
+ uint32_t hash;
+ ngx_pool_cleanup_t *cln;
+ ngx_udp_connection_t *udp;
+
+ if (c->udp) {
+ return NGX_OK;
+ }
+
+ udp = ngx_pcalloc(c->pool, sizeof(ngx_udp_connection_t));
+ if (udp == NULL) {
+ return NGX_ERROR;
+ }
+
+ udp->connection = c;
+
+ ngx_crc32_init(hash);
+ ngx_crc32_update(&hash, (u_char *) c->sockaddr, c->socklen);
+
+ if (c->listening->wildcard) {
+ ngx_crc32_update(&hash, (u_char *) c->local_sockaddr, c->local_socklen);
+ }
+
+ ngx_crc32_final(hash);
+
+ udp->node.key = hash;
+
+ cln = ngx_pool_cleanup_add(c->pool, 0);
+ if (cln == NULL) {
+ return NGX_ERROR;
+ }
+
+ cln->data = c;
+ cln->handler = ngx_delete_udp_connection;
+
+ ngx_rbtree_insert(&c->listening->rbtree, &udp->node);
+
+ c->udp = udp;
+
+ return NGX_OK;
+}
+
+
+void
+ngx_delete_udp_connection(void *data)
+{
+ ngx_connection_t *c = data;
+
+ if (c->udp == NULL) {
+ return;
+ }
+
+ ngx_rbtree_delete(&c->listening->rbtree, &c->udp->node);
+
+ c->udp = NULL;
+}
+
+
+static ngx_connection_t *
+ngx_lookup_udp_connection(ngx_listening_t *ls, struct sockaddr *sockaddr,
+ socklen_t socklen, struct sockaddr *local_sockaddr, socklen_t local_socklen)
+{
+ uint32_t hash;
+ ngx_int_t rc;
+ ngx_connection_t *c;
+ ngx_rbtree_node_t *node, *sentinel;
+ ngx_udp_connection_t *udp;
+
+#if (NGX_HAVE_UNIX_DOMAIN)
+
+ if (sockaddr->sa_family == AF_UNIX) {
+ struct sockaddr_un *saun = (struct sockaddr_un *) sockaddr;
+
+ if (socklen <= (socklen_t) offsetof(struct sockaddr_un, sun_path)
+ || saun->sun_path[0] == '\0')
+ {
+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0,
+ "unbound unix socket");
+ return NULL;
+ }
+ }
+
+#endif
+
+ node = ls->rbtree.root;
+ sentinel = ls->rbtree.sentinel;
+
+ ngx_crc32_init(hash);
+ ngx_crc32_update(&hash, (u_char *) sockaddr, socklen);
+
+ if (ls->wildcard) {
+ ngx_crc32_update(&hash, (u_char *) local_sockaddr, local_socklen);
+ }
+
+ ngx_crc32_final(hash);
+
+ while (node != sentinel) {
+
+ if (hash < node->key) {
+ node = node->left;
+ continue;
+ }
+
+ if (hash > node->key) {
+ node = node->right;
+ continue;
+ }
+
+ /* hash == node->key */
+
+ udp = (ngx_udp_connection_t *) node;
+
+ c = udp->connection;
+
+ rc = ngx_cmp_sockaddr(sockaddr, socklen,
+ c->sockaddr, c->socklen, 1);
+
+ if (rc == 0 && ls->wildcard) {
+ rc = ngx_cmp_sockaddr(local_sockaddr, local_socklen,
+ c->local_sockaddr, c->local_socklen, 1);
+ }
+
+ if (rc == 0) {
+ return c;
+ }
+
+ node = (rc < 0) ? node->left : node->right;
+ }
+
+ return NULL;
+}
+
+#else
+
+void
+ngx_delete_udp_connection(void *data)
+{
+ return;
+}
+
+#endif
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/modules/ngx_http_autoindex_module.c
^
|
| @@ -186,8 +186,6 @@
return rc;
}
- /* NGX_DIR_MASK_LEN is lesser than NGX_HTTP_AUTOINDEX_PREALLOCATE */
-
last = ngx_http_map_uri_to_path(r, &path, &root,
NGX_HTTP_AUTOINDEX_PREALLOCATE);
if (last == NULL) {
@@ -436,7 +434,7 @@
{
u_char *last, scale;
off_t length;
- size_t len, char_len, escape_html;
+ size_t len, entry_len, char_len, escape_html;
ngx_tm_t tm;
ngx_buf_t *b;
ngx_int_t size;
@@ -452,7 +450,7 @@
static u_char header[] =
"</title></head>" CRLF
- "<body bgcolor=\"white\">" CRLF
+ "<body>" CRLF
"<h1>Index of "
;
@@ -501,17 +499,23 @@
entry[i].utf_len = entry[i].name.len;
}
- len += sizeof("<a href=\"") - 1
- + entry[i].name.len + entry[i].escape
- + 1 /* 1 is for "/" */
- + sizeof("\">") - 1
- + entry[i].name.len - entry[i].utf_len
- + entry[i].escape_html
- + NGX_HTTP_AUTOINDEX_NAME_LEN + sizeof(">") - 2
- + sizeof("</a>") - 1
- + sizeof(" 28-Sep-1970 12:00 ") - 1
- + 20 /* the file size */
- + 2;
+ entry_len = sizeof("<a href=\"") - 1
+ + entry[i].name.len + entry[i].escape
+ + 1 /* 1 is for "/" */
+ + sizeof("\">") - 1
+ + entry[i].name.len - entry[i].utf_len
+ + entry[i].escape_html
+ + NGX_HTTP_AUTOINDEX_NAME_LEN + sizeof(">") - 2
+ + sizeof("</a>") - 1
+ + sizeof(" 28-Sep-1970 12:00 ") - 1
+ + 20 /* the file size */
+ + 2;
+
+ if (len > NGX_MAX_SIZE_T_VALUE - entry_len) {
+ return NULL;
+ }
+
+ len += entry_len;
}
b = ngx_create_temp_buf(r->pool, len);
@@ -699,7 +703,7 @@
ngx_http_autoindex_json(ngx_http_request_t *r, ngx_array_t *entries,
ngx_str_t *callback)
{
- size_t len;
+ size_t len, entry_len;
ngx_buf_t *b;
ngx_uint_t i;
ngx_http_autoindex_entry_t *entry;
@@ -716,15 +720,21 @@
entry[i].escape = ngx_escape_json(NULL, entry[i].name.data,
entry[i].name.len);
- len += sizeof("{ }," CRLF) - 1
- + sizeof("\"name\":\"\"") - 1
- + entry[i].name.len + entry[i].escape
- + sizeof(", \"type\":\"directory\"") - 1
- + sizeof(", \"mtime\":\"Wed, 31 Dec 1986 10:00:00 GMT\"") - 1;
+ entry_len = sizeof("{ }," CRLF) - 1
+ + sizeof("\"name\":\"\"") - 1
+ + entry[i].name.len + entry[i].escape
+ + sizeof(", \"type\":\"directory\"") - 1
+ + sizeof(", \"mtime\":\"Wed, 31 Dec 1986 10:00:00 GMT\"") - 1;
if (entry[i].file) {
- len += sizeof(", \"size\":") - 1 + NGX_OFF_T_LEN;
+ entry_len += sizeof(", \"size\":") - 1 + NGX_OFF_T_LEN;
+ }
+
+ if (len > NGX_MAX_SIZE_T_VALUE - entry_len) {
+ return NULL;
}
+
+ len += entry_len;
}
b = ngx_create_temp_buf(r->pool, len);
@@ -843,7 +853,7 @@
static ngx_buf_t *
ngx_http_autoindex_xml(ngx_http_request_t *r, ngx_array_t *entries)
{
- size_t len;
+ size_t len, entry_len;
ngx_tm_t tm;
ngx_buf_t *b;
ngx_str_t type;
@@ -861,13 +871,19 @@
entry[i].escape = ngx_escape_html(NULL, entry[i].name.data,
entry[i].name.len);
- len += sizeof("<directory></directory>" CRLF) - 1
- + entry[i].name.len + entry[i].escape
- + sizeof(" mtime=\"1986-12-31T10:00:00Z\"") - 1;
+ entry_len = sizeof("<directory></directory>" CRLF) - 1
+ + entry[i].name.len + entry[i].escape
+ + sizeof(" mtime=\"1986-12-31T10:00:00Z\"") - 1;
if (entry[i].file) {
- len += sizeof(" size=\"\"") - 1 + NGX_OFF_T_LEN;
+ entry_len += sizeof(" size=\"\"") - 1 + NGX_OFF_T_LEN;
}
+
+ if (len > NGX_MAX_SIZE_T_VALUE - entry_len) {
+ return NULL;
+ }
+
+ len += entry_len;
}
b = ngx_create_temp_buf(r->pool, len);
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/modules/ngx_http_dav_module.c
^
|
| @@ -841,11 +841,9 @@
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
- dlcf = ngx_http_get_module_loc_conf(r, ngx_http_dav_module);
-
cf.size = ngx_file_size(&fi);
cf.buf_size = 0;
- cf.access = dlcf->access;
+ cf.access = ngx_file_access(&fi);
cf.time = ngx_file_mtime(&fi);
cf.log = r->connection->log;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/modules/ngx_http_fastcgi_module.c
^
|
| @@ -286,6 +286,13 @@
offsetof(ngx_http_fastcgi_loc_conf_t, upstream.local),
NULL },
+ { ngx_string("fastcgi_socket_keepalive"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+ ngx_conf_set_flag_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_fastcgi_loc_conf_t, upstream.socket_keepalive),
+ NULL },
+
{ ngx_string("fastcgi_connect_timeout"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
ngx_conf_set_msec_slot,
@@ -2721,6 +2728,7 @@
conf->upstream.force_ranges = NGX_CONF_UNSET;
conf->upstream.local = NGX_CONF_UNSET_PTR;
+ conf->upstream.socket_keepalive = NGX_CONF_UNSET;
conf->upstream.connect_timeout = NGX_CONF_UNSET_MSEC;
conf->upstream.send_timeout = NGX_CONF_UNSET_MSEC;
@@ -2824,6 +2832,9 @@
ngx_conf_merge_ptr_value(conf->upstream.local,
prev->upstream.local, NULL);
+ ngx_conf_merge_value(conf->upstream.socket_keepalive,
+ prev->upstream.socket_keepalive, 0);
+
ngx_conf_merge_msec_value(conf->upstream.connect_timeout,
prev->upstream.connect_timeout, 60000);
@@ -3501,7 +3512,7 @@
clcf->handler = ngx_http_fastcgi_handler;
- if (clcf->name.data[clcf->name.len - 1] == '/') {
+ if (clcf->name.len && clcf->name.data[clcf->name.len - 1] == '/') {
clcf->auto_redirect = 1;
}
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/modules/ngx_http_geo_module.c
^
|
| @@ -215,6 +215,13 @@
break;
#endif
+#if (NGX_HAVE_UNIX_DOMAIN)
+ case AF_UNIX:
+ vv = (ngx_http_variable_value_t *)
+ ngx_radix32tree_find(ctx->u.trees.tree, INADDR_NONE);
+ break;
+#endif
+
default: /* AF_INET */
sin = (struct sockaddr_in *) addr.sockaddr;
inaddr = ntohl(sin->sin_addr.s_addr);
@@ -277,6 +284,12 @@
break;
#endif
+#if (NGX_HAVE_UNIX_DOMAIN)
+ case AF_UNIX:
+ inaddr = INADDR_NONE;
+ break;
+#endif
+
default: /* AF_INET */
sin = (struct sockaddr_in *) addr.sockaddr;
inaddr = ntohl(sin->sin_addr.s_addr);
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/modules/ngx_http_grpc_module.c
^
|
| @@ -251,6 +251,13 @@
offsetof(ngx_http_grpc_loc_conf_t, upstream.local),
NULL },
+ { ngx_string("grpc_socket_keepalive"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+ ngx_conf_set_flag_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_grpc_loc_conf_t, upstream.socket_keepalive),
+ NULL },
+
{ ngx_string("grpc_connect_timeout"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
ngx_conf_set_msec_slot,
@@ -4165,6 +4172,7 @@
*/
conf->upstream.local = NGX_CONF_UNSET_PTR;
+ conf->upstream.socket_keepalive = NGX_CONF_UNSET;
conf->upstream.next_upstream_tries = NGX_CONF_UNSET_UINT;
conf->upstream.connect_timeout = NGX_CONF_UNSET_MSEC;
conf->upstream.send_timeout = NGX_CONF_UNSET_MSEC;
@@ -4220,6 +4228,9 @@
ngx_conf_merge_ptr_value(conf->upstream.local,
prev->upstream.local, NULL);
+ ngx_conf_merge_value(conf->upstream.socket_keepalive,
+ prev->upstream.socket_keepalive, 0);
+
ngx_conf_merge_uint_value(conf->upstream.next_upstream_tries,
prev->upstream.next_upstream_tries, 0);
@@ -4586,7 +4597,7 @@
clcf->handler = ngx_http_grpc_handler;
- if (clcf->name.data[clcf->name.len - 1] == '/') {
+ if (clcf->name.len && clcf->name.data[clcf->name.len - 1] == '/') {
clcf->auto_redirect = 1;
}
@@ -4639,6 +4650,7 @@
cln = ngx_pool_cleanup_add(cf->pool, 0);
if (cln == NULL) {
+ ngx_ssl_cleanup_ctx(glcf->upstream.ssl);
return NGX_ERROR;
}
@@ -4688,6 +4700,13 @@
}
}
+ if (ngx_ssl_client_session_cache(cf, glcf->upstream.ssl,
+ glcf->upstream.ssl_session_reuse)
+ != NGX_OK)
+ {
+ return NGX_ERROR;
+ }
+
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
if (SSL_CTX_set_alpn_protos(glcf->upstream.ssl->ctx,
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/modules/ngx_http_limit_req_module.c
^
|
| @@ -44,7 +44,7 @@
ngx_shm_zone_t *shm_zone;
/* integer value, 1 corresponds to 0.001 r/s */
ngx_uint_t burst;
- ngx_uint_t nodelay; /* unsigned nodelay:1 */
+ ngx_uint_t delay;
} ngx_http_limit_req_limit_t;
@@ -399,7 +399,14 @@
ms = (ngx_msec_int_t) (now - lr->last);
- excess = lr->excess - ctx->rate * ngx_abs(ms) / 1000 + 1000;
+ if (ms < -60000) {
+ ms = 1;
+
+ } else if (ms < 0) {
+ ms = 0;
+ }
+
+ excess = lr->excess - ctx->rate * ms / 1000 + 1000;
if (excess < 0) {
excess = 0;
@@ -413,7 +420,11 @@
if (account) {
lr->excess = excess;
- lr->last = now;
+
+ if (ms) {
+ lr->last = now;
+ }
+
return NGX_OK;
}
@@ -488,12 +499,12 @@
excess = *ep;
- if (excess == 0 || (*limit)->nodelay) {
+ if ((ngx_uint_t) excess <= (*limit)->delay) {
max_delay = 0;
} else {
ctx = (*limit)->shm_zone->data;
- max_delay = excess * 1000 / ctx->rate;
+ max_delay = (excess - (*limit)->delay) * 1000 / ctx->rate;
}
while (n--) {
@@ -509,13 +520,23 @@
now = ngx_current_msec;
ms = (ngx_msec_int_t) (now - lr->last);
- excess = lr->excess - ctx->rate * ngx_abs(ms) / 1000 + 1000;
+ if (ms < -60000) {
+ ms = 1;
+
+ } else if (ms < 0) {
+ ms = 0;
+ }
+
+ excess = lr->excess - ctx->rate * ms / 1000 + 1000;
if (excess < 0) {
excess = 0;
}
- lr->last = now;
+ if (ms) {
+ lr->last = now;
+ }
+
lr->excess = excess;
lr->count--;
@@ -523,11 +544,11 @@
ctx->node = NULL;
- if (limits[n].nodelay) {
+ if ((ngx_uint_t) excess <= limits[n].delay) {
continue;
}
- delay = excess * 1000 / ctx->rate;
+ delay = (excess - limits[n].delay) * 1000 / ctx->rate;
if (delay > max_delay) {
max_delay = delay;
@@ -854,9 +875,9 @@
{
ngx_http_limit_req_conf_t *lrcf = conf;
- ngx_int_t burst;
+ ngx_int_t burst, delay;
ngx_str_t *value, s;
- ngx_uint_t i, nodelay;
+ ngx_uint_t i;
ngx_shm_zone_t *shm_zone;
ngx_http_limit_req_limit_t *limit, *limits;
@@ -864,7 +885,7 @@
shm_zone = NULL;
burst = 0;
- nodelay = 0;
+ delay = 0;
for (i = 1; i < cf->args->nelts; i++) {
@@ -887,7 +908,19 @@
burst = ngx_atoi(value[i].data + 6, value[i].len - 6);
if (burst <= 0) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "invalid burst rate \"%V\"", &value[i]);
+ "invalid burst value \"%V\"", &value[i]);
+ return NGX_CONF_ERROR;
+ }
+
+ continue;
+ }
+
+ if (ngx_strncmp(value[i].data, "delay=", 6) == 0) {
+
+ delay = ngx_atoi(value[i].data + 6, value[i].len - 6);
+ if (delay <= 0) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "invalid delay value \"%V\"", &value[i]);
return NGX_CONF_ERROR;
}
@@ -895,7 +928,7 @@
}
if (ngx_strcmp(value[i].data, "nodelay") == 0) {
- nodelay = 1;
+ delay = NGX_MAX_INT_T_VALUE / 1000;
continue;
}
@@ -935,7 +968,7 @@
limit->shm_zone = shm_zone;
limit->burst = burst * 1000;
- limit->nodelay = nodelay;
+ limit->delay = delay * 1000;
return NGX_CONF_OK;
}
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/modules/ngx_http_memcached_module.c
^
|
| @@ -67,6 +67,13 @@
offsetof(ngx_http_memcached_loc_conf_t, upstream.local),
NULL },
+ { ngx_string("memcached_socket_keepalive"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+ ngx_conf_set_flag_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_memcached_loc_conf_t, upstream.socket_keepalive),
+ NULL },
+
{ ngx_string("memcached_connect_timeout"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
ngx_conf_set_msec_slot,
@@ -595,6 +602,7 @@
*/
conf->upstream.local = NGX_CONF_UNSET_PTR;
+ conf->upstream.socket_keepalive = NGX_CONF_UNSET;
conf->upstream.next_upstream_tries = NGX_CONF_UNSET_UINT;
conf->upstream.connect_timeout = NGX_CONF_UNSET_MSEC;
conf->upstream.send_timeout = NGX_CONF_UNSET_MSEC;
@@ -634,6 +642,9 @@
ngx_conf_merge_ptr_value(conf->upstream.local,
prev->upstream.local, NULL);
+ ngx_conf_merge_value(conf->upstream.socket_keepalive,
+ prev->upstream.socket_keepalive, 0);
+
ngx_conf_merge_uint_value(conf->upstream.next_upstream_tries,
prev->upstream.next_upstream_tries, 0);
@@ -707,7 +718,7 @@
clcf->handler = ngx_http_memcached_handler;
- if (clcf->name.data[clcf->name.len - 1] == '/') {
+ if (clcf->name.len && clcf->name.data[clcf->name.len - 1] == '/') {
clcf->auto_redirect = 1;
}
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/modules/ngx_http_proxy_module.c
^
|
| @@ -324,6 +324,13 @@
offsetof(ngx_http_proxy_loc_conf_t, upstream.local),
NULL },
+ { ngx_string("proxy_socket_keepalive"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+ ngx_conf_set_flag_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_proxy_loc_conf_t, upstream.socket_keepalive),
+ NULL },
+
{ ngx_string("proxy_connect_timeout"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
ngx_conf_set_msec_slot,
@@ -2833,6 +2840,7 @@
conf->upstream.force_ranges = NGX_CONF_UNSET;
conf->upstream.local = NGX_CONF_UNSET_PTR;
+ conf->upstream.socket_keepalive = NGX_CONF_UNSET;
conf->upstream.connect_timeout = NGX_CONF_UNSET_MSEC;
conf->upstream.send_timeout = NGX_CONF_UNSET_MSEC;
@@ -2953,6 +2961,9 @@
ngx_conf_merge_ptr_value(conf->upstream.local,
prev->upstream.local, NULL);
+ ngx_conf_merge_value(conf->upstream.socket_keepalive,
+ prev->upstream.socket_keepalive, 0);
+
ngx_conf_merge_msec_value(conf->upstream.connect_timeout,
prev->upstream.connect_timeout, 60000);
@@ -3580,7 +3591,7 @@
clcf->handler = ngx_http_proxy_handler;
- if (clcf->name.data[clcf->name.len - 1] == '/') {
+ if (clcf->name.len && clcf->name.data[clcf->name.len - 1] == '/') {
clcf->auto_redirect = 1;
}
@@ -4259,6 +4270,7 @@
cln = ngx_pool_cleanup_add(cf->pool, 0);
if (cln == NULL) {
+ ngx_ssl_cleanup_ctx(plcf->upstream.ssl);
return NGX_ERROR;
}
@@ -4308,6 +4320,13 @@
}
}
+ if (ngx_ssl_client_session_cache(cf, plcf->upstream.ssl,
+ plcf->upstream.ssl_session_reuse)
+ != NGX_OK)
+ {
+ return NGX_ERROR;
+ }
+
return NGX_OK;
}
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/modules/ngx_http_random_index_module.c
^
|
| @@ -98,7 +98,7 @@
}
#if (NGX_HAVE_D_TYPE)
- len = NGX_DIR_MASK_LEN;
+ len = 0;
#else
len = NGX_HTTP_RANDOM_INDEX_PREALLOCATE;
#endif
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/modules/ngx_http_rewrite_module.c
^
|
| @@ -180,15 +180,7 @@
code(e);
}
- if (e->status < NGX_HTTP_BAD_REQUEST) {
- return e->status;
- }
-
- if (r->err_status == 0) {
- return e->status;
- }
-
- return r->err_status;
+ return e->status;
}
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/modules/ngx_http_scgi_module.c
^
|
| @@ -143,6 +143,13 @@
offsetof(ngx_http_scgi_loc_conf_t, upstream.local),
NULL },
+ { ngx_string("scgi_socket_keepalive"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+ ngx_conf_set_flag_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_scgi_loc_conf_t, upstream.socket_keepalive),
+ NULL },
+
{ ngx_string("scgi_connect_timeout"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
ngx_conf_set_msec_slot,
@@ -1200,6 +1207,7 @@
conf->upstream.force_ranges = NGX_CONF_UNSET;
conf->upstream.local = NGX_CONF_UNSET_PTR;
+ conf->upstream.socket_keepalive = NGX_CONF_UNSET;
conf->upstream.connect_timeout = NGX_CONF_UNSET_MSEC;
conf->upstream.send_timeout = NGX_CONF_UNSET_MSEC;
@@ -1298,6 +1306,9 @@
ngx_conf_merge_ptr_value(conf->upstream.local,
prev->upstream.local, NULL);
+ ngx_conf_merge_value(conf->upstream.socket_keepalive,
+ prev->upstream.socket_keepalive, 0);
+
ngx_conf_merge_msec_value(conf->upstream.connect_timeout,
prev->upstream.connect_timeout, 60000);
@@ -1857,7 +1868,7 @@
return NGX_CONF_ERROR;
}
- if (clcf->name.data[clcf->name.len - 1] == '/') {
+ if (clcf->name.len && clcf->name.data[clcf->name.len - 1] == '/') {
clcf->auto_redirect = 1;
}
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/modules/ngx_http_ssl_module.c
^
|
| @@ -41,6 +41,9 @@
static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf,
void *parent, void *child);
+static ngx_int_t ngx_http_ssl_compile_certificates(ngx_conf_t *cf,
+ ngx_http_ssl_srv_conf_t *conf);
+
static char *ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
static char *ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd,
@@ -71,6 +74,11 @@
};
+static ngx_conf_deprecated_t ngx_http_ssl_deprecated = {
+ ngx_conf_deprecated, "ssl", "listen ... ssl"
+};
+
+
static ngx_command_t ngx_http_ssl_commands[] = {
{ ngx_string("ssl"),
@@ -78,7 +86,7 @@
ngx_http_ssl_enable,
NGX_HTTP_SRV_CONF_OFFSET,
offsetof(ngx_http_ssl_srv_conf_t, enable),
- NULL },
+ &ngx_http_ssl_deprecated },
{ ngx_string("ssl_certificate"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
@@ -234,6 +242,13 @@
offsetof(ngx_http_ssl_srv_conf_t, stapling_verify),
NULL },
+ { ngx_string("ssl_early_data"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
+ ngx_conf_set_flag_slot,
+ NGX_HTTP_SRV_CONF_OFFSET,
+ offsetof(ngx_http_ssl_srv_conf_t, early_data),
+ NULL },
+
ngx_null_command
};
@@ -289,6 +304,10 @@
{ ngx_string("ssl_session_reused"), NULL, ngx_http_ssl_variable,
(uintptr_t) ngx_ssl_get_session_reused, NGX_HTTP_VAR_CHANGEABLE, 0 },
+ { ngx_string("ssl_early_data"), NULL, ngx_http_ssl_variable,
+ (uintptr_t) ngx_ssl_get_early_data,
+ NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 },
+
{ ngx_string("ssl_server_name"), NULL, ngx_http_ssl_variable,
(uintptr_t) ngx_ssl_get_server_name, NGX_HTTP_VAR_CHANGEABLE, 0 },
@@ -534,6 +553,7 @@
* set by ngx_pcalloc():
*
* sscf->protocols = 0;
+ * sscf->certificate_values = NULL;
* sscf->dhparam = { 0, NULL };
* sscf->ecdh_curve = { 0, NULL };
* sscf->client_certificate = { 0, NULL };
@@ -547,6 +567,7 @@
sscf->enable = NGX_CONF_UNSET;
sscf->prefer_server_ciphers = NGX_CONF_UNSET;
+ sscf->early_data = NGX_CONF_UNSET;
sscf->buffer_size = NGX_CONF_UNSET_SIZE;
sscf->verify = NGX_CONF_UNSET_UINT;
sscf->verify_depth = NGX_CONF_UNSET_UINT;
@@ -589,6 +610,8 @@
ngx_conf_merge_value(conf->prefer_server_ciphers,
prev->prefer_server_ciphers, 0);
+ ngx_conf_merge_value(conf->early_data, prev->early_data, 0);
+
ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
(NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
|NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
@@ -677,6 +700,15 @@
return NGX_CONF_ERROR;
}
+ cln = ngx_pool_cleanup_add(cf->pool, 0);
+ if (cln == NULL) {
+ ngx_ssl_cleanup_ctx(&conf->ssl);
+ return NGX_CONF_ERROR;
+ }
+
+ cln->handler = ngx_ssl_cleanup_ctx;
+ cln->data = &conf->ssl;
+
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx,
@@ -700,19 +732,36 @@
ngx_http_ssl_npn_advertised, NULL);
#endif
- cln = ngx_pool_cleanup_add(cf->pool, 0);
- if (cln == NULL) {
+ if (ngx_http_ssl_compile_certificates(cf, conf) != NGX_OK) {
return NGX_CONF_ERROR;
}
- cln->handler = ngx_ssl_cleanup_ctx;
- cln->data = &conf->ssl;
+ if (conf->certificate_values) {
- if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates,
- conf->certificate_keys, conf->passwords)
- != NGX_OK)
- {
+#ifdef SSL_R_CERT_CB_ERROR
+
+ /* install callback to lookup certificates */
+
+ SSL_CTX_set_cert_cb(conf->ssl.ctx, ngx_http_ssl_certificate, conf);
+
+#else
+ ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
+ "variables in "
+ "\"ssl_certificate\" and \"ssl_certificate_key\" "
+ "directives are not supported on this platform");
return NGX_CONF_ERROR;
+#endif
+
+ } else {
+
+ /* configure certificates */
+
+ if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates,
+ conf->certificate_keys, conf->passwords)
+ != NGX_OK)
+ {
+ return NGX_CONF_ERROR;
+ }
}
if (ngx_ssl_ciphers(cf, &conf->ssl, &conf->ciphers,
@@ -769,7 +818,7 @@
}
if (ngx_ssl_session_cache(&conf->ssl, &ngx_http_ssl_sess_id_ctx,
- conf->builtin_session_cache,
+ conf->certificates, conf->builtin_session_cache,
conf->shm_zone, conf->session_timeout)
!= NGX_OK)
{
@@ -804,10 +853,98 @@
}
+ if (ngx_ssl_early_data(cf, &conf->ssl, conf->early_data) != NGX_OK) {
+ return NGX_CONF_ERROR;
+ }
+
return NGX_CONF_OK;
}
+static ngx_int_t
+ngx_http_ssl_compile_certificates(ngx_conf_t *cf,
+ ngx_http_ssl_srv_conf_t *conf)
+{
+ ngx_str_t *cert, *key;
+ ngx_uint_t i, nelts;
+ ngx_http_complex_value_t *cv;
+ ngx_http_compile_complex_value_t ccv;
+
+ cert = conf->certificates->elts;
+ key = conf->certificate_keys->elts;
+ nelts = conf->certificates->nelts;
+
+ for (i = 0; i < nelts; i++) {
+
+ if (ngx_http_script_variables_count(&cert[i])) {
+ goto found;
+ }
+
+ if (ngx_http_script_variables_count(&key[i])) {
+ goto found;
+ }
+ }
+
+ return NGX_OK;
+
+found:
+
+ conf->certificate_values = ngx_array_create(cf->pool, nelts,
+ sizeof(ngx_http_complex_value_t));
+ if (conf->certificate_values == NULL) {
+ return NGX_ERROR;
+ }
+
+ conf->certificate_key_values = ngx_array_create(cf->pool, nelts,
+ sizeof(ngx_http_complex_value_t));
+ if (conf->certificate_key_values == NULL) {
+ return NGX_ERROR;
+ }
+
+ for (i = 0; i < nelts; i++) {
+
+ cv = ngx_array_push(conf->certificate_values);
+ if (cv == NULL) {
+ return NGX_ERROR;
+ }
+
+ ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t));
+
+ ccv.cf = cf;
+ ccv.value = &cert[i];
+ ccv.complex_value = cv;
+ ccv.zero = 1;
+
+ if (ngx_http_compile_complex_value(&ccv) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ cv = ngx_array_push(conf->certificate_key_values);
+ if (cv == NULL) {
+ return NGX_ERROR;
+ }
+
+ ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t));
+
+ ccv.cf = cf;
+ ccv.value = &key[i];
+ ccv.complex_value = cv;
+ ccv.zero = 1;
+
+ if (ngx_http_compile_complex_value(&ccv) != NGX_OK) {
+ return NGX_ERROR;
+ }
+ }
+
+ conf->passwords = ngx_ssl_preserve_passwords(cf, conf->passwords);
+ if (conf->passwords == NULL) {
+ return NGX_ERROR;
+ }
+
+ return NGX_OK;
+}
+
+
static char *
ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
@@ -966,10 +1103,12 @@
static ngx_int_t
ngx_http_ssl_init(ngx_conf_t *cf)
{
- ngx_uint_t s;
+ ngx_uint_t a, p, s;
+ ngx_http_conf_addr_t *addr;
+ ngx_http_conf_port_t *port;
ngx_http_ssl_srv_conf_t *sscf;
ngx_http_core_loc_conf_t *clcf;
- ngx_http_core_srv_conf_t **cscfp;
+ ngx_http_core_srv_conf_t **cscfp, *cscf;
ngx_http_core_main_conf_t *cmcf;
cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module);
@@ -993,5 +1132,32 @@
}
}
+ if (cmcf->ports == NULL) {
+ return NGX_OK;
+ }
+
+ port = cmcf->ports->elts;
+ for (p = 0; p < cmcf->ports->nelts; p++) {
+
+ addr = port[p].addrs.elts;
+ for (a = 0; a < port[p].addrs.nelts; a++) {
+
+ if (!addr[a].opt.ssl) {
+ continue;
+ }
+
+ cscf = addr[a].default_server;
+ sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index];
+
+ if (sscf->certificates == NULL) {
+ ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
+ "no \"ssl_certificate\" is defined for "
+ "the \"listen ... ssl\" directive in %s:%ui",
+ cscf->file_name, cscf->line);
+ return NGX_ERROR;
+ }
+ }
+ }
+
return NGX_OK;
}
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/modules/ngx_http_ssl_module.h
^
|
| @@ -20,6 +20,7 @@
ngx_ssl_t ssl;
ngx_flag_t prefer_server_ciphers;
+ ngx_flag_t early_data;
ngx_uint_t protocols;
@@ -35,6 +36,9 @@
ngx_array_t *certificates;
ngx_array_t *certificate_keys;
+ ngx_array_t *certificate_values;
+ ngx_array_t *certificate_key_values;
+
ngx_str_t dhparam;
ngx_str_t ecdh_curve;
ngx_str_t client_certificate;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/modules/ngx_http_upstream_hash_module.c
^
|
| @@ -176,7 +176,7 @@
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0,
"get hash peer, try: %ui", pc->tries);
- ngx_http_upstream_rr_peers_wlock(hp->rrp.peers);
+ ngx_http_upstream_rr_peers_rlock(hp->rrp.peers);
if (hp->tries > 20 || hp->rrp.peers->single) {
ngx_http_upstream_rr_peers_unlock(hp->rrp.peers);
@@ -228,10 +228,13 @@
goto next;
}
+ ngx_http_upstream_rr_peer_lock(hp->rrp.peers, peer);
+
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, pc->log, 0,
"get hash peer, value:%uD, peer:%ui", hp->hash, p);
if (peer->down) {
+ ngx_http_upstream_rr_peer_unlock(hp->rrp.peers, peer);
goto next;
}
@@ -239,10 +242,12 @@
&& peer->fails >= peer->max_fails
&& now - peer->checked <= peer->fail_timeout)
{
+ ngx_http_upstream_rr_peer_unlock(hp->rrp.peers, peer);
goto next;
}
if (peer->max_conns && peer->conns >= peer->max_conns) {
+ ngx_http_upstream_rr_peer_unlock(hp->rrp.peers, peer);
goto next;
}
@@ -268,6 +273,7 @@
peer->checked = now;
}
+ ngx_http_upstream_rr_peer_unlock(hp->rrp.peers, peer);
ngx_http_upstream_rr_peers_unlock(hp->rrp.peers);
hp->rrp.tried[n] |= m;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/modules/ngx_http_upstream_ip_hash_module.c
^
|
| @@ -161,7 +161,7 @@
/* TODO: cached */
- ngx_http_upstream_rr_peers_wlock(iphp->rrp.peers);
+ ngx_http_upstream_rr_peers_rlock(iphp->rrp.peers);
if (iphp->tries > 20 || iphp->rrp.peers->single) {
ngx_http_upstream_rr_peers_unlock(iphp->rrp.peers);
@@ -201,7 +201,10 @@
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, pc->log, 0,
"get ip hash peer, hash: %ui %04XL", p, (uint64_t) m);
+ ngx_http_upstream_rr_peer_lock(iphp->rrp.peers, peer);
+
if (peer->down) {
+ ngx_http_upstream_rr_peer_unlock(iphp->rrp.peers, peer);
goto next;
}
@@ -209,10 +212,12 @@
&& peer->fails >= peer->max_fails
&& now - peer->checked <= peer->fail_timeout)
{
+ ngx_http_upstream_rr_peer_unlock(iphp->rrp.peers, peer);
goto next;
}
if (peer->max_conns && peer->conns >= peer->max_conns) {
+ ngx_http_upstream_rr_peer_unlock(iphp->rrp.peers, peer);
goto next;
}
@@ -238,6 +243,7 @@
peer->checked = now;
}
+ ngx_http_upstream_rr_peer_unlock(iphp->rrp.peers, peer);
ngx_http_upstream_rr_peers_unlock(iphp->rrp.peers);
iphp->rrp.tried[n] |= m;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/modules/ngx_http_upstream_keepalive_module.c
^
|
| @@ -12,6 +12,8 @@
typedef struct {
ngx_uint_t max_cached;
+ ngx_uint_t requests;
+ ngx_msec_t timeout;
ngx_queue_t cache;
ngx_queue_t free;
@@ -84,6 +86,20 @@
0,
NULL },
+ { ngx_string("keepalive_timeout"),
+ NGX_HTTP_UPS_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_msec_slot,
+ NGX_HTTP_SRV_CONF_OFFSET,
+ offsetof(ngx_http_upstream_keepalive_srv_conf_t, timeout),
+ NULL },
+
+ { ngx_string("keepalive_requests"),
+ NGX_HTTP_UPS_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_num_slot,
+ NGX_HTTP_SRV_CONF_OFFSET,
+ offsetof(ngx_http_upstream_keepalive_srv_conf_t, requests),
+ NULL },
+
ngx_null_command
};
@@ -133,6 +149,9 @@
kcf = ngx_http_conf_upstream_srv_conf(us,
ngx_http_upstream_keepalive_module);
+ ngx_conf_init_msec_value(kcf->timeout, 60000);
+ ngx_conf_init_uint_value(kcf->requests, 100);
+
if (kcf->original_init_upstream(cf, us) != NGX_OK) {
return NGX_ERROR;
}
@@ -261,6 +280,10 @@
c->write->log = pc->log;
c->pool->log = pc->log;
+ if (c->read->timer_set) {
+ ngx_del_timer(c->read);
+ }
+
pc->connection = c;
pc->cached = 1;
@@ -298,6 +321,10 @@
goto invalid;
}
+ if (c->requests >= kp->conf->requests) {
+ goto invalid;
+ }
+
if (!u->keepalive) {
goto invalid;
}
@@ -339,10 +366,9 @@
pc->connection = NULL;
- if (c->read->timer_set) {
- c->read->delayed = 0;
- ngx_del_timer(c->read);
- }
+ c->read->delayed = 0;
+ ngx_add_timer(c->read, kp->conf->timeout);
+
if (c->write->timer_set) {
ngx_del_timer(c->write);
}
@@ -393,7 +419,7 @@
c = ev->data;
- if (c->close) {
+ if (c->close || c->read->timedout) {
goto close;
}
@@ -486,6 +512,9 @@
* conf->max_cached = 0;
*/
+ conf->timeout = NGX_CONF_UNSET_MSEC;
+ conf->requests = NGX_CONF_UNSET_UINT;
+
return conf;
}
@@ -518,6 +547,8 @@
kcf->max_cached = n;
+ /* init upstream handler */
+
uscf = ngx_http_conf_get_module_srv_conf(cf, ngx_http_upstream_module);
kcf->original_init_upstream = uscf->peer.init_upstream
|
|
[-]
[+]
|
Added |
_service:download_url:nginx-1.16.1.tar.gz/src/http/modules/ngx_http_upstream_random_module.c
^
|
| @@ -0,0 +1,502 @@
+
+/*
+ * Copyright (C) Nginx, Inc.
+ */
+
+
+#include <ngx_config.h>
+#include <ngx_core.h>
+#include <ngx_http.h>
+
+
+typedef struct {
+ ngx_http_upstream_rr_peer_t *peer;
+ ngx_uint_t range;
+} ngx_http_upstream_random_range_t;
+
+
+typedef struct {
+ ngx_uint_t two;
+ ngx_http_upstream_random_range_t *ranges;
+} ngx_http_upstream_random_srv_conf_t;
+
+
+typedef struct {
+ /* the round robin data must be first */
+ ngx_http_upstream_rr_peer_data_t rrp;
+
+ ngx_http_upstream_random_srv_conf_t *conf;
+ u_char tries;
+} ngx_http_upstream_random_peer_data_t;
+
+
+static ngx_int_t ngx_http_upstream_init_random(ngx_conf_t *cf,
+ ngx_http_upstream_srv_conf_t *us);
+static ngx_int_t ngx_http_upstream_update_random(ngx_pool_t *pool,
+ ngx_http_upstream_srv_conf_t *us);
+
+static ngx_int_t ngx_http_upstream_init_random_peer(ngx_http_request_t *r,
+ ngx_http_upstream_srv_conf_t *us);
+static ngx_int_t ngx_http_upstream_get_random_peer(ngx_peer_connection_t *pc,
+ void *data);
+static ngx_int_t ngx_http_upstream_get_random2_peer(ngx_peer_connection_t *pc,
+ void *data);
+static ngx_uint_t ngx_http_upstream_peek_random_peer(
+ ngx_http_upstream_rr_peers_t *peers,
+ ngx_http_upstream_random_peer_data_t *rp);
+static void *ngx_http_upstream_random_create_conf(ngx_conf_t *cf);
+static char *ngx_http_upstream_random(ngx_conf_t *cf, ngx_command_t *cmd,
+ void *conf);
+
+
+static ngx_command_t ngx_http_upstream_random_commands[] = {
+
+ { ngx_string("random"),
+ NGX_HTTP_UPS_CONF|NGX_CONF_NOARGS|NGX_CONF_TAKE12,
+ ngx_http_upstream_random,
+ NGX_HTTP_SRV_CONF_OFFSET,
+ 0,
+ NULL },
+
+ ngx_null_command
+};
+
+
+static ngx_http_module_t ngx_http_upstream_random_module_ctx = {
+ NULL, /* preconfiguration */
+ NULL, /* postconfiguration */
+
+ NULL, /* create main configuration */
+ NULL, /* init main configuration */
+
+ ngx_http_upstream_random_create_conf, /* create server configuration */
+ NULL, /* merge server configuration */
+
+ NULL, /* create location configuration */
+ NULL /* merge location configuration */
+};
+
+
+ngx_module_t ngx_http_upstream_random_module = {
+ NGX_MODULE_V1,
+ &ngx_http_upstream_random_module_ctx, /* module context */
+ ngx_http_upstream_random_commands, /* module directives */
+ NGX_HTTP_MODULE, /* module type */
+ NULL, /* init master */
+ NULL, /* init module */
+ NULL, /* init process */
+ NULL, /* init thread */
+ NULL, /* exit thread */
+ NULL, /* exit process */
+ NULL, /* exit master */
+ NGX_MODULE_V1_PADDING
+};
+
+
+static ngx_int_t
+ngx_http_upstream_init_random(ngx_conf_t *cf, ngx_http_upstream_srv_conf_t *us)
+{
+ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, cf->log, 0, "init random");
+
+ if (ngx_http_upstream_init_round_robin(cf, us) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ us->peer.init = ngx_http_upstream_init_random_peer;
+
+#if (NGX_HTTP_UPSTREAM_ZONE)
+ if (us->shm_zone) {
+ return NGX_OK;
+ }
+#endif
+
+ return ngx_http_upstream_update_random(cf->pool, us);
+}
+
+
+static ngx_int_t
+ngx_http_upstream_update_random(ngx_pool_t *pool,
+ ngx_http_upstream_srv_conf_t *us)
+{
+ size_t size;
+ ngx_uint_t i, total_weight;
+ ngx_http_upstream_rr_peer_t *peer;
+ ngx_http_upstream_rr_peers_t *peers;
+ ngx_http_upstream_random_range_t *ranges;
+ ngx_http_upstream_random_srv_conf_t *rcf;
+
+ rcf = ngx_http_conf_upstream_srv_conf(us, ngx_http_upstream_random_module);
+
+ peers = us->peer.data;
+
+ size = peers->number * sizeof(ngx_http_upstream_random_range_t);
+
+ ranges = pool ? ngx_palloc(pool, size) : ngx_alloc(size, ngx_cycle->log);
+ if (ranges == NULL) {
+ return NGX_ERROR;
+ }
+
+ total_weight = 0;
+
+ for (peer = peers->peer, i = 0; peer; peer = peer->next, i++) {
+ ranges[i].peer = peer;
+ ranges[i].range = total_weight;
+ total_weight += peer->weight;
+ }
+
+ rcf->ranges = ranges;
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_http_upstream_init_random_peer(ngx_http_request_t *r,
+ ngx_http_upstream_srv_conf_t *us)
+{
+ ngx_http_upstream_random_srv_conf_t *rcf;
+ ngx_http_upstream_random_peer_data_t *rp;
+
+ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+ "init random peer");
+
+ rcf = ngx_http_conf_upstream_srv_conf(us, ngx_http_upstream_random_module);
+
+ rp = ngx_palloc(r->pool, sizeof(ngx_http_upstream_random_peer_data_t));
+ if (rp == NULL) {
+ return NGX_ERROR;
+ }
+
+ r->upstream->peer.data = &rp->rrp;
+
+ if (ngx_http_upstream_init_round_robin_peer(r, us) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ if (rcf->two) {
+ r->upstream->peer.get = ngx_http_upstream_get_random2_peer;
+
+ } else {
+ r->upstream->peer.get = ngx_http_upstream_get_random_peer;
+ }
+
+ rp->conf = rcf;
+ rp->tries = 0;
+
+ ngx_http_upstream_rr_peers_rlock(rp->rrp.peers);
+
+#if (NGX_HTTP_UPSTREAM_ZONE)
+ if (rp->rrp.peers->shpool && rcf->ranges == NULL) {
+ if (ngx_http_upstream_update_random(NULL, us) != NGX_OK) {
+ ngx_http_upstream_rr_peers_unlock(rp->rrp.peers);
+ return NGX_ERROR;
+ }
+ }
+#endif
+
+ ngx_http_upstream_rr_peers_unlock(rp->rrp.peers);
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_http_upstream_get_random_peer(ngx_peer_connection_t *pc, void *data)
+{
+ ngx_http_upstream_random_peer_data_t *rp = data;
+
+ time_t now;
+ uintptr_t m;
+ ngx_uint_t i, n;
+ ngx_http_upstream_rr_peer_t *peer;
+ ngx_http_upstream_rr_peers_t *peers;
+ ngx_http_upstream_rr_peer_data_t *rrp;
+
+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0,
+ "get random peer, try: %ui", pc->tries);
+
+ rrp = &rp->rrp;
+ peers = rrp->peers;
+
+ ngx_http_upstream_rr_peers_rlock(peers);
+
+ if (rp->tries > 20 || peers->single) {
+ ngx_http_upstream_rr_peers_unlock(peers);
+ return ngx_http_upstream_get_round_robin_peer(pc, rrp);
+ }
+
+ pc->cached = 0;
+ pc->connection = NULL;
+
+ now = ngx_time();
+
+ for ( ;; ) {
+
+ i = ngx_http_upstream_peek_random_peer(peers, rp);
+
+ peer = rp->conf->ranges[i].peer;
+
+ n = i / (8 * sizeof(uintptr_t));
+ m = (uintptr_t) 1 << i % (8 * sizeof(uintptr_t));
+
+ if (rrp->tried[n] & m) {
+ goto next;
+ }
+
+ ngx_http_upstream_rr_peer_lock(peers, peer);
+
+ if (peer->down) {
+ ngx_http_upstream_rr_peer_unlock(peers, peer);
+ goto next;
+ }
+
+ if (peer->max_fails
+ && peer->fails >= peer->max_fails
+ && now - peer->checked <= peer->fail_timeout)
+ {
+ ngx_http_upstream_rr_peer_unlock(peers, peer);
+ goto next;
+ }
+
+ if (peer->max_conns && peer->conns >= peer->max_conns) {
+ ngx_http_upstream_rr_peer_unlock(peers, peer);
+ goto next;
+ }
+
+ break;
+
+ next:
+
+ if (++rp->tries > 20) {
+ ngx_http_upstream_rr_peers_unlock(peers);
+ return ngx_http_upstream_get_round_robin_peer(pc, rrp);
+ }
+ }
+
+ rrp->current = peer;
+
+ if (now - peer->checked > peer->fail_timeout) {
+ peer->checked = now;
+ }
+
+ pc->sockaddr = peer->sockaddr;
+ pc->socklen = peer->socklen;
+ pc->name = &peer->name;
+
+ peer->conns++;
+
+ ngx_http_upstream_rr_peer_unlock(peers, peer);
+ ngx_http_upstream_rr_peers_unlock(peers);
+
+ rrp->tried[n] |= m;
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_http_upstream_get_random2_peer(ngx_peer_connection_t *pc, void *data)
+{
+ ngx_http_upstream_random_peer_data_t *rp = data;
+
+ time_t now;
+ uintptr_t m;
+ ngx_uint_t i, n, p;
+ ngx_http_upstream_rr_peer_t *peer, *prev;
+ ngx_http_upstream_rr_peers_t *peers;
+ ngx_http_upstream_rr_peer_data_t *rrp;
+
+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0,
+ "get random2 peer, try: %ui", pc->tries);
+
+ rrp = &rp->rrp;
+ peers = rrp->peers;
+
+ ngx_http_upstream_rr_peers_wlock(peers);
+
+ if (rp->tries > 20 || peers->single) {
+ ngx_http_upstream_rr_peers_unlock(peers);
+ return ngx_http_upstream_get_round_robin_peer(pc, rrp);
+ }
+
+ pc->cached = 0;
+ pc->connection = NULL;
+
+ now = ngx_time();
+
+ prev = NULL;
+
+#if (NGX_SUPPRESS_WARN)
+ p = 0;
+#endif
+
+ for ( ;; ) {
+
+ i = ngx_http_upstream_peek_random_peer(peers, rp);
+
+ peer = rp->conf->ranges[i].peer;
+
+ if (peer == prev) {
+ goto next;
+ }
+
+ n = i / (8 * sizeof(uintptr_t));
+ m = (uintptr_t) 1 << i % (8 * sizeof(uintptr_t));
+
+ if (rrp->tried[n] & m) {
+ goto next;
+ }
+
+ if (peer->down) {
+ goto next;
+ }
+
+ if (peer->max_fails
+ && peer->fails >= peer->max_fails
+ && now - peer->checked <= peer->fail_timeout)
+ {
+ goto next;
+ }
+
+ if (peer->max_conns && peer->conns >= peer->max_conns) {
+ goto next;
+ }
+
+ if (prev) {
+ if (peer->conns * prev->weight > prev->conns * peer->weight) {
+ peer = prev;
+ n = p / (8 * sizeof(uintptr_t));
+ m = (uintptr_t) 1 << p % (8 * sizeof(uintptr_t));
+ }
+
+ break;
+ }
+
+ prev = peer;
+ p = i;
+
+ next:
+
+ if (++rp->tries > 20) {
+ ngx_http_upstream_rr_peers_unlock(peers);
+ return ngx_http_upstream_get_round_robin_peer(pc, rrp);
+ }
+ }
+
+ rrp->current = peer;
+
+ if (now - peer->checked > peer->fail_timeout) {
+ peer->checked = now;
+ }
+
+ pc->sockaddr = peer->sockaddr;
+ pc->socklen = peer->socklen;
+ pc->name = &peer->name;
+
+ peer->conns++;
+
+ ngx_http_upstream_rr_peers_unlock(peers);
+
+ rrp->tried[n] |= m;
+
+ return NGX_OK;
+}
+
+
+static ngx_uint_t
+ngx_http_upstream_peek_random_peer(ngx_http_upstream_rr_peers_t *peers,
+ ngx_http_upstream_random_peer_data_t *rp)
+{
+ ngx_uint_t i, j, k, x;
+
+ x = ngx_random() % peers->total_weight;
+
+ i = 0;
+ j = peers->number;
+
+ while (j - i > 1) {
+ k = (i + j) / 2;
+
+ if (x < rp->conf->ranges[k].range) {
+ j = k;
+
+ } else {
+ i = k;
+ }
+ }
+
+ return i;
+}
+
+
+static void *
+ngx_http_upstream_random_create_conf(ngx_conf_t *cf)
+{
+ ngx_http_upstream_random_srv_conf_t *conf;
+
+ conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_upstream_random_srv_conf_t));
+ if (conf == NULL) {
+ return NULL;
+ }
+
+ /*
+ * set by ngx_pcalloc():
+ *
+ * conf->two = 0;
+ */
+
+ return conf;
+}
+
+
+static char *
+ngx_http_upstream_random(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+ ngx_http_upstream_random_srv_conf_t *rcf = conf;
+
+ ngx_str_t *value;
+ ngx_http_upstream_srv_conf_t *uscf;
+
+ uscf = ngx_http_conf_get_module_srv_conf(cf, ngx_http_upstream_module);
+
+ if (uscf->peer.init_upstream) {
+ ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
+ "load balancing method redefined");
+ }
+
+ uscf->peer.init_upstream = ngx_http_upstream_init_random;
+
+ uscf->flags = NGX_HTTP_UPSTREAM_CREATE
+ |NGX_HTTP_UPSTREAM_WEIGHT
+ |NGX_HTTP_UPSTREAM_MAX_CONNS
+ |NGX_HTTP_UPSTREAM_MAX_FAILS
+ |NGX_HTTP_UPSTREAM_FAIL_TIMEOUT
+ |NGX_HTTP_UPSTREAM_DOWN;
+
+ if (cf->args->nelts == 1) {
+ return NGX_CONF_OK;
+ }
+
+ value = cf->args->elts;
+
+ if (ngx_strcmp(value[1].data, "two") == 0) {
+ rcf->two = 1;
+
+ } else {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "invalid parameter \"%V\"", &value[1]);
+ return NGX_CONF_ERROR;
+ }
+
+ if (cf->args->nelts == 2) {
+ return NGX_CONF_OK;
+ }
+
+ if (ngx_strcmp(value[2].data, "least_conn") != 0) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "invalid parameter \"%V\"", &value[2]);
+ return NGX_CONF_ERROR;
+ }
+
+ return NGX_CONF_OK;
+}
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/modules/ngx_http_userid_filter_module.c
^
|
| @@ -545,6 +545,13 @@
break;
#endif
+
+#if (NGX_HAVE_UNIX_DOMAIN)
+ case AF_UNIX:
+ ctx->uid_set[0] = 0;
+ break;
+#endif
+
default: /* AF_INET */
sin = (struct sockaddr_in *) c->local_sockaddr;
ctx->uid_set[0] = sin->sin_addr.s_addr;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/modules/ngx_http_uwsgi_module.c
^
|
| @@ -204,6 +204,13 @@
offsetof(ngx_http_uwsgi_loc_conf_t, upstream.local),
NULL },
+ { ngx_string("uwsgi_socket_keepalive"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+ ngx_conf_set_flag_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_uwsgi_loc_conf_t, upstream.socket_keepalive),
+ NULL },
+
{ ngx_string("uwsgi_connect_timeout"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
ngx_conf_set_msec_slot,
@@ -954,12 +961,18 @@
#if 0
/* allow custom uwsgi packet */
if (len > 0 && len < 2) {
- ngx_log_error (NGX_LOG_ALERT, r->connection->log, 0,
- "uwsgi request is too little: %uz", len);
+ ngx_log_error(NGX_LOG_ALERT, r->connection->log, 0,
+ "uwsgi request is too little: %uz", len);
return NGX_ERROR;
}
#endif
+ if (len > 65535) {
+ ngx_log_error(NGX_LOG_ALERT, r->connection->log, 0,
+ "uwsgi request is too big: %uz", len);
+ return NGX_ERROR;
+ }
+
b = ngx_create_temp_buf(r->pool, len + 4);
if (b == NULL) {
return NGX_ERROR;
@@ -1407,6 +1420,7 @@
conf->upstream.force_ranges = NGX_CONF_UNSET;
conf->upstream.local = NGX_CONF_UNSET_PTR;
+ conf->upstream.socket_keepalive = NGX_CONF_UNSET;
conf->upstream.connect_timeout = NGX_CONF_UNSET_MSEC;
conf->upstream.send_timeout = NGX_CONF_UNSET_MSEC;
@@ -1513,6 +1527,9 @@
ngx_conf_merge_ptr_value(conf->upstream.local,
prev->upstream.local, NULL);
+ ngx_conf_merge_value(conf->upstream.socket_keepalive,
+ prev->upstream.socket_keepalive, 0);
+
ngx_conf_merge_msec_value(conf->upstream.connect_timeout,
prev->upstream.connect_timeout, 60000);
@@ -2144,7 +2161,7 @@
return NGX_CONF_ERROR;
}
- if (clcf->name.data[clcf->name.len - 1] == '/') {
+ if (clcf->name.len && clcf->name.data[clcf->name.len - 1] == '/') {
clcf->auto_redirect = 1;
}
@@ -2342,6 +2359,7 @@
cln = ngx_pool_cleanup_add(cf->pool, 0);
if (cln == NULL) {
+ ngx_ssl_cleanup_ctx(uwcf->upstream.ssl);
return NGX_ERROR;
}
@@ -2391,6 +2409,13 @@
}
}
+ if (ngx_ssl_client_session_cache(cf, uwcf->upstream.ssl,
+ uwcf->upstream.ssl_session_reuse)
+ != NGX_OK)
+ {
+ return NGX_ERROR;
+ }
+
return NGX_OK;
}
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/ngx_http.c
^
|
| @@ -1157,7 +1157,7 @@
}
}
- sa = &lsopt->sockaddr.sockaddr;
+ sa = lsopt->sockaddr;
p = ngx_inet_get_port(sa);
port = cmcf->ports->elts;
@@ -1209,8 +1209,8 @@
for (i = 0; i < port->addrs.nelts; i++) {
- if (ngx_cmp_sockaddr(&lsopt->sockaddr.sockaddr, lsopt->socklen,
- &addr[i].opt.sockaddr.sockaddr,
+ if (ngx_cmp_sockaddr(lsopt->sockaddr, lsopt->socklen,
+ addr[i].opt.sockaddr,
addr[i].opt.socklen, 0)
!= NGX_OK)
{
@@ -1239,7 +1239,8 @@
if (addr[i].opt.set) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "duplicate listen options for %s", addr[i].opt.addr);
+ "duplicate listen options for %V",
+ &addr[i].opt.addr_text);
return NGX_ERROR;
}
@@ -1252,7 +1253,8 @@
if (default_server) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "a duplicate default server for %s", addr[i].opt.addr);
+ "a duplicate default server for %V",
+ &addr[i].opt.addr_text);
return NGX_ERROR;
}
@@ -1305,8 +1307,8 @@
if (lsopt->http2 && lsopt->ssl) {
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
"nginx was built with OpenSSL that lacks ALPN "
- "and NPN support, HTTP/2 is not enabled for %s",
- lsopt->addr);
+ "and NPN support, HTTP/2 is not enabled for %V",
+ &lsopt->addr_text);
}
#endif
@@ -1354,7 +1356,8 @@
for (i = 0; i < addr->servers.nelts; i++) {
if (server[i] == cscf) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "a duplicate listen %s", addr->opt.addr);
+ "a duplicate listen %V",
+ &addr->opt.addr_text);
return NGX_ERROR;
}
}
@@ -1471,15 +1474,15 @@
if (rc == NGX_DECLINED) {
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
- "invalid server name or wildcard \"%V\" on %s",
- &name[n].name, addr->opt.addr);
+ "invalid server name or wildcard \"%V\" on %V",
+ &name[n].name, &addr->opt.addr_text);
return NGX_ERROR;
}
if (rc == NGX_BUSY) {
ngx_log_error(NGX_LOG_WARN, cf->log, 0,
- "conflicting server name \"%V\" on %s, ignored",
- &name[n].name, addr->opt.addr);
+ "conflicting server name \"%V\" on %V, ignored",
+ &name[n].name, &addr->opt.addr_text);
}
}
}
@@ -1685,10 +1688,6 @@
break;
}
- if (ngx_clone_listening(cf, ls) != NGX_OK) {
- return NGX_ERROR;
- }
-
addr++;
last--;
}
@@ -1704,8 +1703,7 @@
ngx_http_core_loc_conf_t *clcf;
ngx_http_core_srv_conf_t *cscf;
- ls = ngx_create_listening(cf, &addr->opt.sockaddr.sockaddr,
- addr->opt.socklen);
+ ls = ngx_create_listening(cf, addr->opt.sockaddr, addr->opt.socklen);
if (ls == NULL) {
return NULL;
}
@@ -1795,7 +1793,7 @@
for (i = 0; i < hport->naddrs; i++) {
- sin = &addr[i].opt.sockaddr.sockaddr_in;
+ sin = (struct sockaddr_in *) addr[i].opt.sockaddr;
addrs[i].addr = sin->sin_addr.s_addr;
addrs[i].conf.default_server = addr[i].default_server;
#if (NGX_HTTP_SSL)
@@ -1860,7 +1858,7 @@
for (i = 0; i < hport->naddrs; i++) {
- sin6 = &addr[i].opt.sockaddr.sockaddr_in6;
+ sin6 = (struct sockaddr_in6 *) addr[i].opt.sockaddr;
addrs6[i].addr6 = sin6->sin6_addr;
addrs6[i].conf.default_server = addr[i].default_server;
#if (NGX_HTTP_SSL)
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/ngx_http.h
^
|
| @@ -88,6 +88,10 @@
#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME)
int ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg);
#endif
+#if (NGX_HTTP_SSL && defined SSL_R_CERT_CB_ERROR)
+int ngx_http_ssl_certificate(ngx_ssl_conn_t *ssl_conn, void *arg);
+#endif
+
ngx_int_t ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b);
ngx_int_t ngx_http_parse_uri(ngx_http_request_t *r);
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/ngx_http_core_module.c
^
|
| @@ -2318,6 +2318,7 @@
sr->unparsed_uri = r->unparsed_uri;
sr->method_name = ngx_http_core_get_method;
sr->http_protocol = r->http_protocol;
+ sr->schema = r->schema;
ngx_http_set_exten(sr);
@@ -2385,6 +2386,14 @@
sr->phase_handler = r->phase_handler;
sr->write_event_handler = ngx_http_core_run_phases;
+#if (NGX_PCRE)
+ sr->ncaptures = r->ncaptures;
+ sr->captures = r->captures;
+ sr->captures_data = r->captures_data;
+ sr->realloc_captures = 1;
+ r->realloc_captures = 1;
+#endif
+
ngx_http_update_location_config(sr);
}
@@ -2706,6 +2715,8 @@
{
char *rv;
void *mconf;
+ size_t len;
+ u_char *p;
ngx_uint_t i;
ngx_conf_t pcf;
ngx_http_module_t *module;
@@ -2793,7 +2804,14 @@
if (rv == NGX_CONF_OK && !cscf->listen) {
ngx_memzero(&lsopt, sizeof(ngx_http_listen_opt_t));
- sin = &lsopt.sockaddr.sockaddr_in;
+ p = ngx_pcalloc(cf->pool, sizeof(struct sockaddr_in));
+ if (p == NULL) {
+ return NGX_CONF_ERROR;
+ }
+
+ lsopt.sockaddr = (struct sockaddr *) p;
+
+ sin = (struct sockaddr_in *) p;
sin->sin_family = AF_INET;
#if (NGX_WIN32)
@@ -2816,8 +2834,16 @@
#endif
lsopt.wildcard = 1;
- (void) ngx_sock_ntop(&lsopt.sockaddr.sockaddr, lsopt.socklen,
- lsopt.addr, NGX_SOCKADDR_STRLEN, 1);
+ len = NGX_INET_ADDRSTRLEN + sizeof(":65535") - 1;
+
+ p = ngx_pnalloc(cf->pool, len);
+ if (p == NULL) {
+ return NGX_CONF_ERROR;
+ }
+
+ lsopt.addr_text.data = p;
+ lsopt.addr_text.len = ngx_sock_ntop(lsopt.sockaddr, lsopt.socklen, p,
+ len, 1);
if (ngx_http_add_listen(cf, cscf, &lsopt) != NGX_OK) {
return NGX_CONF_ERROR;
@@ -3256,6 +3282,9 @@
cscf->merge_slashes = NGX_CONF_UNSET;
cscf->underscores_in_headers = NGX_CONF_UNSET;
+ cscf->file_name = cf->conf_file->file.name.data;
+ cscf->line = cf->conf_file->line;
+
return cscf;
}
@@ -3767,9 +3796,6 @@
ngx_memzero(&lsopt, sizeof(ngx_http_listen_opt_t));
- ngx_memcpy(&lsopt.sockaddr.sockaddr, &u.sockaddr, u.socklen);
-
- lsopt.socklen = u.socklen;
lsopt.backlog = NGX_LISTEN_BACKLOG;
lsopt.rcvbuf = -1;
lsopt.sndbuf = -1;
@@ -3779,14 +3805,10 @@
#if (NGX_HAVE_TCP_FASTOPEN)
lsopt.fastopen = -1;
#endif
- lsopt.wildcard = u.wildcard;
#if (NGX_HAVE_INET6)
lsopt.ipv6only = 1;
#endif
- (void) ngx_sock_ntop(&lsopt.sockaddr.sockaddr, lsopt.socklen, lsopt.addr,
- NGX_SOCKADDR_STRLEN, 1);
-
for (n = 2; n < cf->args->nelts; n++) {
if (ngx_strcmp(value[n].data, "default_server") == 0
@@ -3911,34 +3933,22 @@
if (ngx_strncmp(value[n].data, "ipv6only=o", 10) == 0) {
#if (NGX_HAVE_INET6 && defined IPV6_V6ONLY)
- struct sockaddr *sa;
-
- sa = &lsopt.sockaddr.sockaddr;
+ if (ngx_strcmp(&value[n].data[10], "n") == 0) {
+ lsopt.ipv6only = 1;
- if (sa->sa_family == AF_INET6) {
-
- if (ngx_strcmp(&value[n].data[10], "n") == 0) {
- lsopt.ipv6only = 1;
-
- } else if (ngx_strcmp(&value[n].data[10], "ff") == 0) {
- lsopt.ipv6only = 0;
-
- } else {
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "invalid ipv6only flags \"%s\"",
- &value[n].data[9]);
- return NGX_CONF_ERROR;
- }
-
- lsopt.set = 1;
- lsopt.bind = 1;
+ } else if (ngx_strcmp(&value[n].data[10], "ff") == 0) {
+ lsopt.ipv6only = 0;
} else {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "ipv6only is not supported "
- "on addr \"%s\", ignored", lsopt.addr);
+ "invalid ipv6only flags \"%s\"",
+ &value[n].data[9]);
+ return NGX_CONF_ERROR;
}
+ lsopt.set = 1;
+ lsopt.bind = 1;
+
continue;
#else
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
@@ -4094,11 +4104,18 @@
return NGX_CONF_ERROR;
}
- if (ngx_http_add_listen(cf, cscf, &lsopt) == NGX_OK) {
- return NGX_CONF_OK;
+ for (n = 0; n < u.naddrs; n++) {
+ lsopt.sockaddr = u.addrs[n].sockaddr;
+ lsopt.socklen = u.addrs[n].socklen;
+ lsopt.addr_text = u.addrs[n].name;
+ lsopt.wildcard = ngx_inet_wildcard(lsopt.sockaddr);
+
+ if (ngx_http_add_listen(cf, cscf, &lsopt) != NGX_OK) {
+ return NGX_CONF_ERROR;
+ }
}
- return NGX_CONF_ERROR;
+ return NGX_CONF_OK;
}
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/ngx_http_core_module.h
^
|
| @@ -65,8 +65,9 @@
typedef struct {
- ngx_sockaddr_t sockaddr;
+ struct sockaddr *sockaddr;
socklen_t socklen;
+ ngx_str_t addr_text;
unsigned set:1;
unsigned default_server:1;
@@ -100,8 +101,6 @@
#if (NGX_HAVE_DEFERRED_ACCEPT && defined SO_ACCEPTFILTER)
char *accept_filter;
#endif
-
- u_char addr[NGX_SOCKADDR_STRLEN + 1];
} ngx_http_listen_opt_t;
@@ -184,6 +183,9 @@
/* server ctx */
ngx_http_conf_ctx_t *ctx;
+ u_char *file_name;
+ ngx_uint_t line;
+
ngx_str_t server_name;
size_t connection_pool_size;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/ngx_http_file_cache.c
^
|
| @@ -2418,23 +2418,32 @@
p = (u_char *) ngx_strchr(name.data, ':');
- if (p) {
- name.len = p - name.data;
+ if (p == NULL) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "invalid keys zone size \"%V\"", &value[i]);
+ return NGX_CONF_ERROR;
+ }
- p++;
+ name.len = p - name.data;
- s.len = value[i].data + value[i].len - p;
- s.data = p;
+ s.data = p + 1;
+ s.len = value[i].data + value[i].len - s.data;
+
+ size = ngx_parse_size(&s);
+
+ if (size == NGX_ERROR) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "invalid keys zone size \"%V\"", &value[i]);
+ return NGX_CONF_ERROR;
+ }
- size = ngx_parse_size(&s);
- if (size > 8191) {
- continue;
- }
+ if (size < (ssize_t) (2 * ngx_pagesize)) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "keys zone \"%V\" is too small", &value[i]);
+ return NGX_CONF_ERROR;
}
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "invalid keys zone size \"%V\"", &value[i]);
- return NGX_CONF_ERROR;
+ continue;
}
if (ngx_strncmp(value[i].data, "inactive=", 9) == 0) {
@@ -2620,7 +2629,8 @@
time_t valid;
ngx_str_t *value;
- ngx_uint_t i, n, status;
+ ngx_int_t status;
+ ngx_uint_t i, n;
ngx_array_t **a;
ngx_http_cache_valid_t *v;
static ngx_uint_t statuses[] = { 200, 301, 302 };
@@ -2668,7 +2678,7 @@
} else {
status = ngx_atoi(value[i].data, value[i].len);
- if (status < 100) {
+ if (status < 100 || status > 599) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"invalid status \"%V\"", &value[i]);
return NGX_CONF_ERROR;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/ngx_http_parse.c
^
|
| @@ -307,6 +307,11 @@
break;
}
+ if ((ch >= '0' && ch <= '9') || ch == '+' || ch == '-' || ch == '.')
+ {
+ break;
+ }
+
switch (ch) {
case ':':
r->schema_end = p;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/ngx_http_request.c
^
|
| @@ -11,6 +11,7 @@
static void ngx_http_wait_request_handler(ngx_event_t *ev);
+static ngx_http_request_t *ngx_http_alloc_request(ngx_connection_t *c);
static void ngx_http_process_request_line(ngx_event_t *rev);
static void ngx_http_process_request_headers(ngx_event_t *rev);
static ssize_t ngx_http_read_request_header(ngx_http_request_t *r);
@@ -336,19 +337,8 @@
sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module);
if (sscf->enable || hc->addr_conf->ssl) {
-
- c->log->action = "SSL handshaking";
-
- if (hc->addr_conf->ssl && sscf->ssl.ctx == NULL) {
- ngx_log_error(NGX_LOG_ERR, c->log, 0,
- "no \"ssl_certificate\" is defined "
- "in server listening on SSL port");
- ngx_http_close_connection(c);
- return;
- }
-
hc->ssl = 1;
-
+ c->log->action = "SSL handshaking";
rev->handler = ngx_http_ssl_handshake;
}
}
@@ -514,17 +504,45 @@
ngx_http_request_t *
ngx_http_create_request(ngx_connection_t *c)
{
+ ngx_http_request_t *r;
+ ngx_http_log_ctx_t *ctx;
+ ngx_http_core_loc_conf_t *clcf;
+
+ r = ngx_http_alloc_request(c);
+ if (r == NULL) {
+ return NULL;
+ }
+
+ c->requests++;
+
+ clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
+
+ ngx_set_connection_log(c, clcf->error_log);
+
+ ctx = c->log->data;
+ ctx->request = r;
+ ctx->current_request = r;
+
+#if (NGX_STAT_STUB)
+ (void) ngx_atomic_fetch_add(ngx_stat_reading, 1);
+ r->stat_reading = 1;
+ (void) ngx_atomic_fetch_add(ngx_stat_requests, 1);
+#endif
+
+ return r;
+}
+
+
+static ngx_http_request_t *
+ngx_http_alloc_request(ngx_connection_t *c)
+{
ngx_pool_t *pool;
ngx_time_t *tp;
ngx_http_request_t *r;
- ngx_http_log_ctx_t *ctx;
ngx_http_connection_t *hc;
ngx_http_core_srv_conf_t *cscf;
- ngx_http_core_loc_conf_t *clcf;
ngx_http_core_main_conf_t *cmcf;
- c->requests++;
-
hc = c->data;
cscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_core_module);
@@ -552,10 +570,6 @@
r->read_event_handler = ngx_http_block_reading;
- clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
-
- ngx_set_connection_log(r->connection, clcf->error_log);
-
r->header_in = hc->busy ? hc->busy->buf : c->buffer;
if (ngx_list_init(&r->headers_out.headers, r->pool, 20,
@@ -615,17 +629,8 @@
r->http_state = NGX_HTTP_READING_REQUEST_STATE;
- ctx = c->log->data;
- ctx->request = r;
- ctx->current_request = r;
r->log_handler = ngx_http_log_error_handler;
-#if (NGX_STAT_STUB)
- (void) ngx_atomic_fetch_add(ngx_stat_reading, 1);
- r->stat_reading = 1;
- (void) ngx_atomic_fetch_add(ngx_stat_requests, 1);
-#endif
-
return r;
}
@@ -844,11 +849,13 @@
ngx_http_close_connection(c);
}
+
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
int
ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
{
+ ngx_int_t rc;
ngx_str_t host;
const char *servername;
ngx_connection_t *c;
@@ -857,16 +864,17 @@
ngx_http_core_loc_conf_t *clcf;
ngx_http_core_srv_conf_t *cscf;
- servername = SSL_get_servername(ssl_conn, TLSEXT_NAMETYPE_host_name);
+ c = ngx_ssl_get_connection(ssl_conn);
- if (servername == NULL) {
- return SSL_TLSEXT_ERR_NOACK;
+ if (c->ssl->handshaked) {
+ *ad = SSL_AD_NO_RENEGOTIATION;
+ return SSL_TLSEXT_ERR_ALERT_FATAL;
}
- c = ngx_ssl_get_connection(ssl_conn);
+ servername = SSL_get_servername(ssl_conn, TLSEXT_NAMETYPE_host_name);
- if (c->ssl->renegotiation) {
- return SSL_TLSEXT_ERR_NOACK;
+ if (servername == NULL) {
+ return SSL_TLSEXT_ERR_OK;
}
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0,
@@ -875,27 +883,40 @@
host.len = ngx_strlen(servername);
if (host.len == 0) {
- return SSL_TLSEXT_ERR_NOACK;
+ return SSL_TLSEXT_ERR_OK;
}
host.data = (u_char *) servername;
- if (ngx_http_validate_host(&host, c->pool, 1) != NGX_OK) {
- return SSL_TLSEXT_ERR_NOACK;
+ rc = ngx_http_validate_host(&host, c->pool, 1);
+
+ if (rc == NGX_ERROR) {
+ *ad = SSL_AD_INTERNAL_ERROR;
+ return SSL_TLSEXT_ERR_ALERT_FATAL;
+ }
+
+ if (rc == NGX_DECLINED) {
+ return SSL_TLSEXT_ERR_OK;
}
hc = c->data;
- if (ngx_http_find_virtual_server(c, hc->addr_conf->virtual_names, &host,
- NULL, &cscf)
- != NGX_OK)
- {
- return SSL_TLSEXT_ERR_NOACK;
+ rc = ngx_http_find_virtual_server(c, hc->addr_conf->virtual_names, &host,
+ NULL, &cscf);
+
+ if (rc == NGX_ERROR) {
+ *ad = SSL_AD_INTERNAL_ERROR;
+ return SSL_TLSEXT_ERR_ALERT_FATAL;
+ }
+
+ if (rc == NGX_DECLINED) {
+ return SSL_TLSEXT_ERR_OK;
}
hc->ssl_servername = ngx_palloc(c->pool, sizeof(ngx_str_t));
if (hc->ssl_servername == NULL) {
- return SSL_TLSEXT_ERR_NOACK;
+ *ad = SSL_AD_INTERNAL_ERROR;
+ return SSL_TLSEXT_ERR_ALERT_FATAL;
}
*hc->ssl_servername = host;
@@ -930,6 +951,10 @@
#endif
SSL_set_options(ssl_conn, SSL_CTX_get_options(sscf->ssl.ctx));
+
+#ifdef SSL_OP_NO_RENEGOTIATION
+ SSL_set_options(ssl_conn, SSL_OP_NO_RENEGOTIATION);
+#endif
}
return SSL_TLSEXT_ERR_OK;
@@ -937,6 +962,75 @@
#endif
+
+#ifdef SSL_R_CERT_CB_ERROR
+
+int
+ngx_http_ssl_certificate(ngx_ssl_conn_t *ssl_conn, void *arg)
+{
+ ngx_str_t cert, key;
+ ngx_uint_t i, nelts;
+ ngx_connection_t *c;
+ ngx_http_request_t *r;
+ ngx_http_ssl_srv_conf_t *sscf;
+ ngx_http_complex_value_t *certs, *keys;
+
+ c = ngx_ssl_get_connection(ssl_conn);
+
+ if (c->ssl->handshaked) {
+ return 0;
+ }
+
+ r = ngx_http_alloc_request(c);
+ if (r == NULL) {
+ return 0;
+ }
+
+ r->logged = 1;
+
+ sscf = arg;
+
+ nelts = sscf->certificate_values->nelts;
+ certs = sscf->certificate_values->elts;
+ keys = sscf->certificate_key_values->elts;
+
+ for (i = 0; i < nelts; i++) {
+
+ if (ngx_http_complex_value(r, &certs[i], &cert) != NGX_OK) {
+ goto failed;
+ }
+
+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0,
+ "ssl cert: \"%s\"", cert.data);
+
+ if (ngx_http_complex_value(r, &keys[i], &key) != NGX_OK) {
+ goto failed;
+ }
+
+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0,
+ "ssl key: \"%s\"", key.data);
+
+ if (ngx_ssl_connection_certificate(c, r->pool, &cert, &key,
+ sscf->passwords)
+ != NGX_OK)
+ {
+ goto failed;
+ }
+ }
+
+ ngx_http_free_request(r, 0);
+ c->destroyed = 0;
+ return 1;
+
+failed:
+
+ ngx_http_free_request(r, 0);
+ c->destroyed = 0;
+ return 0;
+}
+
+#endif
+
#endif
@@ -970,7 +1064,7 @@
n = ngx_http_read_request_header(r);
if (n == NGX_AGAIN || n == NGX_ERROR) {
- return;
+ break;
}
}
@@ -995,10 +1089,15 @@
}
if (ngx_http_process_request_uri(r) != NGX_OK) {
- return;
+ break;
}
- if (r->host_start && r->host_end) {
+ if (r->schema_end) {
+ r->schema.len = r->schema_end - r->schema_start;
+ r->schema.data = r->schema_start;
+ }
+
+ if (r->host_end) {
host.len = r->host_end - r->host_start;
host.data = r->host_start;
@@ -1009,16 +1108,16 @@
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent invalid host in request line");
ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
- return;
+ break;
}
if (rc == NGX_ERROR) {
ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
- return;
+ break;
}
if (ngx_http_set_virtual_server(r, &host) == NGX_ERROR) {
- return;
+ break;
}
r->headers_in.server = host;
@@ -1030,11 +1129,11 @@
&& ngx_http_set_virtual_server(r, &r->headers_in.server)
== NGX_ERROR)
{
- return;
+ break;
}
ngx_http_process_request(r);
- return;
+ break;
}
@@ -1043,7 +1142,7 @@
!= NGX_OK)
{
ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
- return;
+ break;
}
c->log->action = "reading client request headers";
@@ -1051,7 +1150,7 @@
rev->handler = ngx_http_process_request_headers;
ngx_http_process_request_headers(rev);
- return;
+ break;
}
if (rc != NGX_AGAIN) {
@@ -1068,7 +1167,7 @@
ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
}
- return;
+ break;
}
/* NGX_AGAIN: a request line parsing is still incomplete */
@@ -1079,7 +1178,7 @@
if (rv == NGX_ERROR) {
ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
- return;
+ break;
}
if (rv == NGX_DECLINED) {
@@ -1089,10 +1188,12 @@
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent too long URI");
ngx_http_finalize_request(r, NGX_HTTP_REQUEST_URI_TOO_LARGE);
- return;
+ break;
}
}
}
+
+ ngx_http_run_posted_requests(c);
}
@@ -1254,7 +1355,7 @@
if (rv == NGX_ERROR) {
ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
- return;
+ break;
}
if (rv == NGX_DECLINED) {
@@ -1267,7 +1368,7 @@
"client sent too large request");
ngx_http_finalize_request(r,
NGX_HTTP_REQUEST_HEADER_TOO_LARGE);
- return;
+ break;
}
len = r->header_in->end - p;
@@ -1282,14 +1383,14 @@
ngx_http_finalize_request(r,
NGX_HTTP_REQUEST_HEADER_TOO_LARGE);
- return;
+ break;
}
}
n = ngx_http_read_request_header(r);
if (n == NGX_AGAIN || n == NGX_ERROR) {
- return;
+ break;
}
}
@@ -1319,7 +1420,7 @@
h = ngx_list_push(&r->headers_in.headers);
if (h == NULL) {
ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
- return;
+ break;
}
h->hash = r->header_hash;
@@ -1335,7 +1436,7 @@
h->lowcase_key = ngx_pnalloc(r->pool, h->key.len);
if (h->lowcase_key == NULL) {
ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
- return;
+ break;
}
if (h->key.len == r->lowcase_index) {
@@ -1349,7 +1450,7 @@
h->lowcase_key, h->key.len);
if (hh && hh->handler(r, h, hh->offset) != NGX_OK) {
- return;
+ break;
}
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
@@ -1373,12 +1474,12 @@
rc = ngx_http_process_request_header(r);
if (rc != NGX_OK) {
- return;
+ break;
}
ngx_http_process_request(r);
- return;
+ break;
}
if (rc == NGX_AGAIN) {
@@ -1394,8 +1495,10 @@
"client sent invalid header line");
ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
- return;
+ break;
}
+
+ ngx_http_run_posted_requests(c);
}
@@ -1950,8 +2053,6 @@
r->read_event_handler = ngx_http_block_reading;
ngx_http_handler(r);
-
- ngx_http_run_posted_requests(c);
}
@@ -2359,6 +2460,7 @@
|| rc == NGX_HTTP_NO_CONTENT)
{
if (rc == NGX_HTTP_CLOSE) {
+ c->timedout = 1;
ngx_http_terminate_request(r, rc);
return;
}
@@ -3316,6 +3418,10 @@
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, "lingering read: %z", n);
+ if (n == NGX_AGAIN) {
+ break;
+ }
+
if (n == NGX_ERROR || n == 0) {
ngx_http_close_request(r, 0);
return;
@@ -3508,9 +3614,11 @@
r->headers_out.status = rc;
}
- log->action = "logging request";
+ if (!r->logged) {
+ log->action = "logging request";
- ngx_http_log_request(r);
+ ngx_http_log_request(r);
+ }
log->action = "closing request";
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/ngx_http_request.h
^
|
| @@ -412,6 +412,7 @@
ngx_str_t method_name;
ngx_str_t http_protocol;
+ ngx_str_t schema;
ngx_chain_t *out;
ngx_http_request_t *main;
@@ -498,6 +499,10 @@
unsigned gzip_vary:1;
#endif
+#if (NGX_PCRE)
+ unsigned realloc_captures:1;
+#endif
+
unsigned proxy:1;
unsigned bypass_cache:1;
unsigned no_cache:1;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/ngx_http_script.c
^
|
| @@ -271,6 +271,34 @@
}
+ngx_int_t
+ngx_http_test_required_predicates(ngx_http_request_t *r,
+ ngx_array_t *predicates)
+{
+ ngx_str_t val;
+ ngx_uint_t i;
+ ngx_http_complex_value_t *cv;
+
+ if (predicates == NULL) {
+ return NGX_OK;
+ }
+
+ cv = predicates->elts;
+
+ for (i = 0; i < predicates->nelts; i++) {
+ if (ngx_http_complex_value(r, &cv[i], &val) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ if (val.len == 0 || (val.len == 1 && val.data[0] == '0')) {
+ return NGX_DECLINED;
+ }
+ }
+
+ return NGX_OK;
+}
+
+
char *
ngx_http_set_predicate_slot(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/ngx_http_script.h
^
|
| @@ -214,6 +214,8 @@
ngx_int_t ngx_http_test_predicates(ngx_http_request_t *r,
ngx_array_t *predicates);
+ngx_int_t ngx_http_test_required_predicates(ngx_http_request_t *r,
+ ngx_array_t *predicates);
char *ngx_http_set_predicate_slot(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/ngx_http_special_response.c
^
|
| @@ -60,7 +60,7 @@
static char ngx_http_error_301_page[] =
"<html>" CRLF
"<head><title>301 Moved Permanently</title></head>" CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>301 Moved Permanently</h1></center>" CRLF
;
@@ -68,7 +68,7 @@
static char ngx_http_error_302_page[] =
"<html>" CRLF
"<head><title>302 Found</title></head>" CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>302 Found</h1></center>" CRLF
;
@@ -76,7 +76,7 @@
static char ngx_http_error_303_page[] =
"<html>" CRLF
"<head><title>303 See Other</title></head>" CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>303 See Other</h1></center>" CRLF
;
@@ -84,7 +84,7 @@
static char ngx_http_error_307_page[] =
"<html>" CRLF
"<head><title>307 Temporary Redirect</title></head>" CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>307 Temporary Redirect</h1></center>" CRLF
;
@@ -92,7 +92,7 @@
static char ngx_http_error_308_page[] =
"<html>" CRLF
"<head><title>308 Permanent Redirect</title></head>" CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>308 Permanent Redirect</h1></center>" CRLF
;
@@ -100,7 +100,7 @@
static char ngx_http_error_400_page[] =
"<html>" CRLF
"<head><title>400 Bad Request</title></head>" CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>400 Bad Request</h1></center>" CRLF
;
@@ -108,7 +108,7 @@
static char ngx_http_error_401_page[] =
"<html>" CRLF
"<head><title>401 Authorization Required</title></head>" CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>401 Authorization Required</h1></center>" CRLF
;
@@ -116,7 +116,7 @@
static char ngx_http_error_402_page[] =
"<html>" CRLF
"<head><title>402 Payment Required</title></head>" CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>402 Payment Required</h1></center>" CRLF
;
@@ -124,7 +124,7 @@
static char ngx_http_error_403_page[] =
"<html>" CRLF
"<head><title>403 Forbidden</title></head>" CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>403 Forbidden</h1></center>" CRLF
;
@@ -132,7 +132,7 @@
static char ngx_http_error_404_page[] =
"<html>" CRLF
"<head><title>404 Not Found</title></head>" CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>404 Not Found</h1></center>" CRLF
;
@@ -140,7 +140,7 @@
static char ngx_http_error_405_page[] =
"<html>" CRLF
"<head><title>405 Not Allowed</title></head>" CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>405 Not Allowed</h1></center>" CRLF
;
@@ -148,7 +148,7 @@
static char ngx_http_error_406_page[] =
"<html>" CRLF
"<head><title>406 Not Acceptable</title></head>" CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>406 Not Acceptable</h1></center>" CRLF
;
@@ -156,7 +156,7 @@
static char ngx_http_error_408_page[] =
"<html>" CRLF
"<head><title>408 Request Time-out</title></head>" CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>408 Request Time-out</h1></center>" CRLF
;
@@ -164,7 +164,7 @@
static char ngx_http_error_409_page[] =
"<html>" CRLF
"<head><title>409 Conflict</title></head>" CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>409 Conflict</h1></center>" CRLF
;
@@ -172,7 +172,7 @@
static char ngx_http_error_410_page[] =
"<html>" CRLF
"<head><title>410 Gone</title></head>" CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>410 Gone</h1></center>" CRLF
;
@@ -180,7 +180,7 @@
static char ngx_http_error_411_page[] =
"<html>" CRLF
"<head><title>411 Length Required</title></head>" CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>411 Length Required</h1></center>" CRLF
;
@@ -188,7 +188,7 @@
static char ngx_http_error_412_page[] =
"<html>" CRLF
"<head><title>412 Precondition Failed</title></head>" CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>412 Precondition Failed</h1></center>" CRLF
;
@@ -196,7 +196,7 @@
static char ngx_http_error_413_page[] =
"<html>" CRLF
"<head><title>413 Request Entity Too Large</title></head>" CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>413 Request Entity Too Large</h1></center>" CRLF
;
@@ -204,7 +204,7 @@
static char ngx_http_error_414_page[] =
"<html>" CRLF
"<head><title>414 Request-URI Too Large</title></head>" CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>414 Request-URI Too Large</h1></center>" CRLF
;
@@ -212,7 +212,7 @@
static char ngx_http_error_415_page[] =
"<html>" CRLF
"<head><title>415 Unsupported Media Type</title></head>" CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>415 Unsupported Media Type</h1></center>" CRLF
;
@@ -220,7 +220,7 @@
static char ngx_http_error_416_page[] =
"<html>" CRLF
"<head><title>416 Requested Range Not Satisfiable</title></head>" CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>416 Requested Range Not Satisfiable</h1></center>" CRLF
;
@@ -228,7 +228,7 @@
static char ngx_http_error_421_page[] =
"<html>" CRLF
"<head><title>421 Misdirected Request</title></head>" CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>421 Misdirected Request</h1></center>" CRLF
;
@@ -236,7 +236,7 @@
static char ngx_http_error_429_page[] =
"<html>" CRLF
"<head><title>429 Too Many Requests</title></head>" CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>429 Too Many Requests</h1></center>" CRLF
;
@@ -245,7 +245,7 @@
"<html>" CRLF
"<head><title>400 Request Header Or Cookie Too Large</title></head>"
CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>400 Bad Request</h1></center>" CRLF
"<center>Request Header Or Cookie Too Large</center>" CRLF
;
@@ -255,7 +255,7 @@
"<html>" CRLF
"<head><title>400 The SSL certificate error</title></head>"
CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>400 Bad Request</h1></center>" CRLF
"<center>The SSL certificate error</center>" CRLF
;
@@ -265,7 +265,7 @@
"<html>" CRLF
"<head><title>400 No required SSL certificate was sent</title></head>"
CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>400 Bad Request</h1></center>" CRLF
"<center>No required SSL certificate was sent</center>" CRLF
;
@@ -275,7 +275,7 @@
"<html>" CRLF
"<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>"
CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>400 Bad Request</h1></center>" CRLF
"<center>The plain HTTP request was sent to HTTPS port</center>" CRLF
;
@@ -284,7 +284,7 @@
static char ngx_http_error_500_page[] =
"<html>" CRLF
"<head><title>500 Internal Server Error</title></head>" CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>500 Internal Server Error</h1></center>" CRLF
;
@@ -292,7 +292,7 @@
static char ngx_http_error_501_page[] =
"<html>" CRLF
"<head><title>501 Not Implemented</title></head>" CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>501 Not Implemented</h1></center>" CRLF
;
@@ -300,7 +300,7 @@
static char ngx_http_error_502_page[] =
"<html>" CRLF
"<head><title>502 Bad Gateway</title></head>" CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>502 Bad Gateway</h1></center>" CRLF
;
@@ -308,7 +308,7 @@
static char ngx_http_error_503_page[] =
"<html>" CRLF
"<head><title>503 Service Temporarily Unavailable</title></head>" CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>503 Service Temporarily Unavailable</h1></center>" CRLF
;
@@ -316,7 +316,7 @@
static char ngx_http_error_504_page[] =
"<html>" CRLF
"<head><title>504 Gateway Time-out</title></head>" CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>504 Gateway Time-out</h1></center>" CRLF
;
@@ -324,7 +324,7 @@
static char ngx_http_error_505_page[] =
"<html>" CRLF
"<head><title>505 HTTP Version Not Supported</title></head>" CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>505 HTTP Version Not Supported</h1></center>" CRLF
;
@@ -332,7 +332,7 @@
static char ngx_http_error_507_page[] =
"<html>" CRLF
"<head><title>507 Insufficient Storage</title></head>" CRLF
-"<body bgcolor=\"white\">" CRLF
+"<body>" CRLF
"<center><h1>507 Insufficient Storage</h1></center>" CRLF
;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/ngx_http_upstream.c
^
|
| @@ -187,6 +187,7 @@
static void ngx_http_upstream_ssl_handshake_handler(ngx_connection_t *c);
static void ngx_http_upstream_ssl_handshake(ngx_http_request_t *,
ngx_http_upstream_t *u, ngx_connection_t *c);
+static void ngx_http_upstream_ssl_save_session(ngx_connection_t *c);
static ngx_int_t ngx_http_upstream_ssl_name(ngx_http_request_t *r,
ngx_http_upstream_t *u, ngx_connection_t *c);
#endif
@@ -408,6 +409,10 @@
ngx_http_upstream_response_length_variable, 1,
NGX_HTTP_VAR_NOCACHEABLE, 0 },
+ { ngx_string("upstream_bytes_sent"), NULL,
+ ngx_http_upstream_response_length_variable, 2,
+ NGX_HTTP_VAR_NOCACHEABLE, 0 },
+
#if (NGX_HTTP_CACHE)
{ ngx_string("upstream_cache_status"), NULL,
@@ -627,6 +632,10 @@
return;
}
+ if (u->conf->socket_keepalive) {
+ u->peer.so_keepalive = 1;
+ }
+
clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
u->output.alignment = clcf->directio_alignment;
@@ -841,7 +850,7 @@
ngx_http_file_cache_create_key(r);
- if (r->cache->header_start + 256 >= u->conf->buffer_size) {
+ if (r->cache->header_start + 256 > u->conf->buffer_size) {
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
"%V_buffer_size %uz is not enough for cache key, "
"it should be increased to at least %uz",
@@ -1500,8 +1509,8 @@
r->connection->log->action = "connecting to upstream";
- if (u->state && u->state->response_time) {
- u->state->response_time = ngx_current_msec - u->state->response_time;
+ if (u->state && u->state->response_time == (ngx_msec_t) -1) {
+ u->state->response_time = ngx_current_msec - u->start_time;
}
u->state = ngx_array_push(r->upstream_states);
@@ -1513,7 +1522,9 @@
ngx_memzero(u->state, sizeof(ngx_http_upstream_state_t));
- u->state->response_time = ngx_current_msec;
+ u->start_time = ngx_current_msec;
+
+ u->state->response_time = (ngx_msec_t) -1;
u->state->connect_time = (ngx_msec_t) -1;
u->state->header_time = (ngx_msec_t) -1;
@@ -1545,6 +1556,8 @@
c = u->peer.connection;
+ c->requests++;
+
c->data = r;
c->write->handler = ngx_http_upstream_handler;
@@ -1556,6 +1569,10 @@
c->sendfile &= r->connection->sendfile;
u->output.sendfile = c->sendfile;
+ if (r->connection->tcp_nopush == NGX_TCP_NOPUSH_DISABLED) {
+ c->tcp_nopush = NGX_TCP_NOPUSH_DISABLED;
+ }
+
if (c->pool == NULL) {
/* we need separate pool here to be able to cache SSL connections */
@@ -1671,6 +1688,8 @@
}
if (u->conf->ssl_session_reuse) {
+ c->ssl->save_session = ngx_http_upstream_ssl_save_session;
+
if (u->peer.set_session(&u->peer, u->peer.data) != NGX_OK) {
ngx_http_upstream_finalize_request(r, u,
NGX_HTTP_INTERNAL_SERVER_ERROR);
@@ -1755,10 +1774,6 @@
}
}
- if (u->conf->ssl_session_reuse) {
- u->peer.save_session(&u->peer, u->peer.data);
- }
-
c->write->handler = ngx_http_upstream_handler;
c->read->handler = ngx_http_upstream_handler;
@@ -1778,6 +1793,27 @@
}
+static void
+ngx_http_upstream_ssl_save_session(ngx_connection_t *c)
+{
+ ngx_http_request_t *r;
+ ngx_http_upstream_t *u;
+
+ if (c->idle) {
+ return;
+ }
+
+ r = c->data;
+
+ u = r->upstream;
+ c = r->connection;
+
+ ngx_http_set_log_request(c->log, r);
+
+ u->peer.save_session(&u->peer, u->peer.data);
+}
+
+
static ngx_int_t
ngx_http_upstream_ssl_name(ngx_http_request_t *r, ngx_http_upstream_t *u,
ngx_connection_t *c)
@@ -1972,7 +2008,7 @@
"http upstream send request");
if (u->state->connect_time == (ngx_msec_t) -1) {
- u->state->connect_time = ngx_current_msec - u->state->response_time;
+ u->state->connect_time = ngx_current_msec - u->start_time;
}
if (!u->request_sent && ngx_http_upstream_test_connect(c) != NGX_OK) {
@@ -2109,7 +2145,7 @@
out = u->request_bufs;
if (r->request_body->bufs) {
- for (cl = out; cl->next; cl = out->next) { /* void */ }
+ for (cl = out; cl->next; cl = cl->next) { /* void */ }
cl->next = r->request_body->bufs;
r->request_body->bufs = NULL;
}
@@ -2383,7 +2419,7 @@
/* rc == NGX_OK */
- u->state->header_time = ngx_current_msec - u->state->response_time;
+ u->state->header_time = ngx_current_msec - u->start_time;
if (u->headers_in.status_n >= NGX_HTTP_SPECIAL_RESPONSE) {
@@ -4104,6 +4140,10 @@
if (u->peer.sockaddr) {
+ if (u->peer.connection) {
+ u->state->bytes_sent = u->peer.connection->sent;
+ }
+
if (ft_type == NGX_HTTP_UPSTREAM_FT_HTTP_403
|| ft_type == NGX_HTTP_UPSTREAM_FT_HTTP_404)
{
@@ -4279,14 +4319,18 @@
u->resolved->ctx = NULL;
}
- if (u->state && u->state->response_time) {
- u->state->response_time = ngx_current_msec - u->state->response_time;
+ if (u->state && u->state->response_time == (ngx_msec_t) -1) {
+ u->state->response_time = ngx_current_msec - u->start_time;
if (u->pipe && u->pipe->read_length) {
u->state->bytes_received += u->pipe->read_length
- u->pipe->preread_size;
u->state->response_length = u->pipe->read_length;
}
+
+ if (u->peer.connection) {
+ u->state->bytes_sent = u->peer.connection->sent;
+ }
}
u->finalize_request(r, rc);
@@ -5389,18 +5433,18 @@
state = r->upstream_states->elts;
for ( ;; ) {
- if (state[i].status) {
- if (data == 1 && state[i].header_time != (ngx_msec_t) -1) {
- ms = state[i].header_time;
+ if (data == 1) {
+ ms = state[i].header_time;
- } else if (data == 2 && state[i].connect_time != (ngx_msec_t) -1) {
- ms = state[i].connect_time;
+ } else if (data == 2) {
+ ms = state[i].connect_time;
- } else {
- ms = state[i].response_time;
- }
+ } else {
+ ms = state[i].response_time;
+ }
+ if (ms != -1) {
ms = ngx_max(ms, 0);
p = ngx_sprintf(p, "%T.%03M", (time_t) ms / 1000, ms % 1000);
@@ -5470,6 +5514,9 @@
if (data == 1) {
p = ngx_sprintf(p, "%O", state[i].bytes_received);
+ } else if (data == 2) {
+ p = ngx_sprintf(p, "%O", state[i].bytes_sent);
+
} else {
p = ngx_sprintf(p, "%O", state[i].response_length);
}
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/ngx_http_upstream.h
^
|
| @@ -64,6 +64,7 @@
ngx_msec_t queue_time;
off_t response_length;
off_t bytes_received;
+ off_t bytes_sent;
ngx_str_t *peer;
} ngx_http_upstream_state_t;
@@ -188,6 +189,7 @@
ngx_array_t *pass_headers;
ngx_http_upstream_local_t *local;
+ ngx_flag_t socket_keepalive;
#if (NGX_HTTP_CACHE)
ngx_shm_zone_t *cache_zone;
@@ -364,7 +366,7 @@
ngx_int_t (*rewrite_cookie)(ngx_http_request_t *r,
ngx_table_elt_t *h);
- ngx_msec_t timeout;
+ ngx_msec_t start_time;
ngx_http_upstream_state_t *state;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/ngx_http_upstream_round_robin.c
^
|
| @@ -744,7 +744,7 @@
if (peers->shpool) {
- ssl_session = SSL_get0_session(pc->connection->ssl->connection);
+ ssl_session = ngx_ssl_get0_session(pc->connection);
if (ssl_session == NULL) {
return;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/ngx_http_variables.c
^
|
| @@ -2504,7 +2504,9 @@
if (re->ncaptures) {
len = cmcf->ncaptures;
- if (r->captures == NULL) {
+ if (r->captures == NULL || r->realloc_captures) {
+ r->realloc_captures = 0;
+
r->captures = ngx_palloc(r->pool, len * sizeof(int));
if (r->captures == NULL) {
return NGX_ERROR;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/ngx_http_write_filter_module.c
^
|
| @@ -80,7 +80,6 @@
cl->buf->file_pos,
cl->buf->file_last - cl->buf->file_pos);
-#if 1
if (ngx_buf_size(cl->buf) == 0 && !ngx_buf_special(cl->buf)) {
ngx_log_error(NGX_LOG_ALERT, c->log, 0,
"zero size buf in writer "
@@ -98,7 +97,24 @@
ngx_debug_point();
return NGX_ERROR;
}
-#endif
+
+ if (ngx_buf_size(cl->buf) < 0) {
+ ngx_log_error(NGX_LOG_ALERT, c->log, 0,
+ "negative size buf in writer "
+ "t:%d r:%d f:%d %p %p-%p %p %O-%O",
+ cl->buf->temporary,
+ cl->buf->recycled,
+ cl->buf->in_file,
+ cl->buf->start,
+ cl->buf->pos,
+ cl->buf->last,
+ cl->buf->file,
+ cl->buf->file_pos,
+ cl->buf->file_last);
+
+ ngx_debug_point();
+ return NGX_ERROR;
+ }
size += ngx_buf_size(cl->buf);
@@ -136,7 +152,6 @@
cl->buf->file_pos,
cl->buf->file_last - cl->buf->file_pos);
-#if 1
if (ngx_buf_size(cl->buf) == 0 && !ngx_buf_special(cl->buf)) {
ngx_log_error(NGX_LOG_ALERT, c->log, 0,
"zero size buf in writer "
@@ -154,7 +169,24 @@
ngx_debug_point();
return NGX_ERROR;
}
-#endif
+
+ if (ngx_buf_size(cl->buf) < 0) {
+ ngx_log_error(NGX_LOG_ALERT, c->log, 0,
+ "negative size buf in writer "
+ "t:%d r:%d f:%d %p %p-%p %p %O-%O",
+ cl->buf->temporary,
+ cl->buf->recycled,
+ cl->buf->in_file,
+ cl->buf->start,
+ cl->buf->pos,
+ cl->buf->last,
+ cl->buf->file,
+ cl->buf->file_pos,
+ cl->buf->file_last);
+
+ ngx_debug_point();
+ return NGX_ERROR;
+ }
size += ngx_buf_size(cl->buf);
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/v2/ngx_http_v2.c
^
|
| @@ -270,11 +270,10 @@
h2c->frame_size = NGX_HTTP_V2_DEFAULT_FRAME_SIZE;
- h2c->table_update = 1;
-
h2scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v2_module);
h2c->concurrent_pushes = h2scf->concurrent_pushes;
+ h2c->priority_limit = h2scf->concurrent_streams;
h2c->pool = ngx_create_pool(h2scf->pool_size, h2c->connection->log);
if (h2c->pool == NULL) {
@@ -1548,6 +1547,14 @@
header->name.len = h2c->state.field_end - h2c->state.field_start;
header->name.data = h2c->state.field_start;
+ if (header->name.len == 0) {
+ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
+ "client sent zero header name length");
+
+ return ngx_http_v2_connection_error(h2c,
+ NGX_HTTP_V2_PROTOCOL_ERROR);
+ }
+
return ngx_http_v2_state_field_len(h2c, pos, end);
}
@@ -1798,6 +1805,13 @@
return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR);
}
+ if (--h2c->priority_limit == 0) {
+ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
+ "client sent too many PRIORITY frames");
+
+ return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_ENHANCE_YOUR_CALM);
+ }
+
if (end - pos < NGX_HTTP_V2_PRIORITY_SIZE) {
return ngx_http_v2_state_save(h2c, pos, end,
ngx_http_v2_state_priority);
@@ -2076,6 +2090,11 @@
h2c->concurrent_pushes = ngx_min(value, h2scf->concurrent_pushes);
break;
+ case NGX_HTTP_V2_HEADER_TABLE_SIZE_SETTING:
+
+ h2c->table_update = 1;
+ break;
+
default:
break;
}
@@ -2617,18 +2636,13 @@
r->method_name = ngx_http_core_get_method;
r->method = NGX_HTTP_GET;
- r->schema_start = (u_char *) "https";
-
-#if (NGX_HTTP_SSL)
- if (fc->ssl) {
- r->schema_end = r->schema_start + 5;
-
- } else
-#endif
- {
- r->schema_end = r->schema_start + 4;
+ r->schema.data = ngx_pstrdup(pool, &parent->request->schema);
+ if (r->schema.data == NULL) {
+ goto close;
}
+ r->schema.len = parent->request->schema.len;
+
value.data = ngx_pstrdup(pool, path);
if (value.data == NULL) {
goto close;
@@ -2676,11 +2690,13 @@
if (rc == NGX_ABORT) {
/* header handler has already finalized request */
+ ngx_http_run_posted_requests(fc);
return NULL;
}
if (rc == NGX_DECLINED) {
ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
+ ngx_http_run_posted_requests(fc);
return NULL;
}
@@ -3112,6 +3128,8 @@
h2c->processing++;
}
+ h2c->priority_limit += h2scf->concurrent_streams;
+
return stream;
}
@@ -3249,10 +3267,6 @@
ngx_uint_t i;
ngx_http_core_srv_conf_t *cscf;
- if (header->name.len == 0) {
- return NGX_ERROR;
- }
-
r->invalid_header = 0;
cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module);
@@ -3484,7 +3498,10 @@
static ngx_int_t
ngx_http_v2_parse_scheme(ngx_http_request_t *r, ngx_str_t *value)
{
- if (r->schema_start) {
+ u_char c, ch;
+ ngx_uint_t i;
+
+ if (r->schema.len) {
ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
"client sent duplicate :scheme header");
@@ -3498,8 +3515,27 @@
return NGX_DECLINED;
}
- r->schema_start = value->data;
- r->schema_end = value->data + value->len;
+ for (i = 0; i < value->len; i++) {
+ ch = value->data[i];
+
+ c = (u_char) (ch | 0x20);
+ if (c >= 'a' && c <= 'z') {
+ continue;
+ }
+
+ if (((ch >= '0' && ch <= '9') || ch == '+' || ch == '-' || ch == '.')
+ && i > 0)
+ {
+ continue;
+ }
+
+ ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+ "client sent invalid :scheme header: \"%V\"", value);
+
+ return NGX_DECLINED;
+ }
+
+ r->schema = *value;
return NGX_OK;
}
@@ -3562,14 +3598,14 @@
static const u_char ending[] = " HTTP/2.0";
if (r->method_name.len == 0
- || r->schema_start == NULL
+ || r->schema.len == 0
|| r->unparsed_uri.len == 0)
{
if (r->method_name.len == 0) {
ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
"client sent no :method header");
- } else if (r->schema_start == NULL) {
+ } else if (r->schema.len == 0) {
ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
"client sent no :scheme header");
@@ -3732,18 +3768,22 @@
static void
ngx_http_v2_run_request(ngx_http_request_t *r)
{
+ ngx_connection_t *fc;
+
+ fc = r->connection;
+
if (ngx_http_v2_construct_request_line(r) != NGX_OK) {
- return;
+ goto failed;
}
if (ngx_http_v2_construct_cookie_header(r) != NGX_OK) {
- return;
+ goto failed;
}
r->http_state = NGX_HTTP_PROCESS_REQUEST_STATE;
if (ngx_http_process_request_header(r) != NGX_OK) {
- return;
+ goto failed;
}
if (r->headers_in.content_length_n > 0 && r->stream->in_closed) {
@@ -3753,7 +3793,7 @@
r->stream->skip_data = 1;
ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
- return;
+ goto failed;
}
if (r->headers_in.content_length_n == -1 && !r->stream->in_closed) {
@@ -3761,6 +3801,10 @@
}
ngx_http_process_request(r);
+
+failed:
+
+ ngx_http_run_posted_requests(fc);
}
@@ -4335,6 +4379,8 @@
*/
pool = stream->pool;
+ h2c->frames -= stream->frames;
+
ngx_http_free_request(stream->request, rc);
if (pool != h2c->state.pool) {
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/v2/ngx_http_v2.h
^
|
| @@ -122,6 +122,7 @@
ngx_uint_t processing;
ngx_uint_t frames;
ngx_uint_t idle;
+ ngx_uint_t priority_limit;
ngx_uint_t pushing;
ngx_uint_t concurrent_pushes;
@@ -192,6 +193,8 @@
ngx_buf_t *preread;
+ ngx_uint_t frames;
+
ngx_http_v2_out_frame_t *free_frames;
ngx_chain_t *free_frame_headers;
ngx_chain_t *free_bufs;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/http/v2/ngx_http_v2_filter_module.c
^
|
| @@ -944,15 +944,15 @@
ph = ngx_http_v2_push_headers;
+ len = ngx_max(r->schema.len, path->len);
+
if (binary[0].len) {
- tmp = ngx_palloc(r->pool, path->len);
+ tmp = ngx_palloc(r->pool, len);
if (tmp == NULL) {
return NGX_ERROR;
}
} else {
- len = path->len;
-
for (i = 0; i < NGX_HTTP_V2_PUSH_HEADERS; i++) {
h = (ngx_table_elt_t **) ((char *) &r->headers_in + ph[i].offset);
@@ -994,7 +994,7 @@
len = (h2c->table_update ? 1 : 0)
+ 1
+ 1 + NGX_HTTP_V2_INT_OCTETS + path->len
- + 1;
+ + 1 + NGX_HTTP_V2_INT_OCTETS + r->schema.len;
for (i = 0; i < NGX_HTTP_V2_PUSH_HEADERS; i++) {
len += binary[i].len;
@@ -1025,18 +1025,20 @@
*pos++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_PATH_INDEX);
pos = ngx_http_v2_write_value(pos, path->data, path->len, tmp);
-#if (NGX_HTTP_SSL)
- if (fc->ssl) {
- ngx_log_debug0(NGX_LOG_DEBUG_HTTP, fc->log, 0,
- "http2 push header: \":scheme: https\"");
+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, fc->log, 0,
+ "http2 push header: \":scheme: %V\"", &r->schema);
+
+ if (r->schema.len == 5 && ngx_strncmp(r->schema.data, "https", 5) == 0) {
*pos++ = ngx_http_v2_indexed(NGX_HTTP_V2_SCHEME_HTTPS_INDEX);
- } else
-#endif
+ } else if (r->schema.len == 4
+ && ngx_strncmp(r->schema.data, "http", 4) == 0)
{
- ngx_log_debug0(NGX_LOG_DEBUG_HTTP, fc->log, 0,
- "http2 push header: \":scheme: http\"");
*pos++ = ngx_http_v2_indexed(NGX_HTTP_V2_SCHEME_HTTP_INDEX);
+
+ } else {
+ *pos++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_SCHEME_HTTP_INDEX);
+ pos = ngx_http_v2_write_value(pos, r->schema.data, r->schema.len, tmp);
}
for (i = 0; i < NGX_HTTP_V2_PUSH_HEADERS; i++) {
@@ -1661,22 +1663,34 @@
ngx_http_v2_filter_get_data_frame(ngx_http_v2_stream_t *stream,
size_t len, ngx_chain_t *first, ngx_chain_t *last)
{
- u_char flags;
- ngx_buf_t *buf;
- ngx_chain_t *cl;
- ngx_http_v2_out_frame_t *frame;
+ u_char flags;
+ ngx_buf_t *buf;
+ ngx_chain_t *cl;
+ ngx_http_v2_out_frame_t *frame;
+ ngx_http_v2_connection_t *h2c;
frame = stream->free_frames;
+ h2c = stream->connection;
if (frame) {
stream->free_frames = frame->next;
- } else {
+ } else if (h2c->frames < 10000) {
frame = ngx_palloc(stream->request->pool,
sizeof(ngx_http_v2_out_frame_t));
if (frame == NULL) {
return NULL;
}
+
+ stream->frames++;
+ h2c->frames++;
+
+ } else {
+ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
+ "http2 flood detected");
+
+ h2c->connection->error = 1;
+ return NULL;
}
flags = last->buf->last_buf ? NGX_HTTP_V2_END_STREAM_FLAG : 0;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/mail/ngx_mail.c
^
|
| @@ -231,7 +231,7 @@
ngx_mail_conf_port_t *port;
ngx_mail_conf_addr_t *addr;
- sa = &listen->sockaddr.sockaddr;
+ sa = listen->sockaddr;
p = ngx_inet_get_port(sa);
port = ports->elts;
@@ -316,7 +316,7 @@
continue;
}
- ls = ngx_create_listening(cf, &addr[i].opt.sockaddr.sockaddr,
+ ls = ngx_create_listening(cf, addr[i].opt.sockaddr,
addr[i].opt.socklen);
if (ls == NULL) {
return NGX_CONF_ERROR;
@@ -384,12 +384,9 @@
ngx_mail_add_addrs(ngx_conf_t *cf, ngx_mail_port_t *mport,
ngx_mail_conf_addr_t *addr)
{
- u_char *p;
- size_t len;
ngx_uint_t i;
ngx_mail_in_addr_t *addrs;
struct sockaddr_in *sin;
- u_char buf[NGX_SOCKADDR_STRLEN];
mport->addrs = ngx_pcalloc(cf->pool,
mport->naddrs * sizeof(ngx_mail_in_addr_t));
@@ -401,26 +398,14 @@
for (i = 0; i < mport->naddrs; i++) {
- sin = &addr[i].opt.sockaddr.sockaddr_in;
+ sin = (struct sockaddr_in *) addr[i].opt.sockaddr;
addrs[i].addr = sin->sin_addr.s_addr;
addrs[i].conf.ctx = addr[i].opt.ctx;
#if (NGX_MAIL_SSL)
addrs[i].conf.ssl = addr[i].opt.ssl;
#endif
-
- len = ngx_sock_ntop(&addr[i].opt.sockaddr.sockaddr, addr[i].opt.socklen,
- buf, NGX_SOCKADDR_STRLEN, 1);
-
- p = ngx_pnalloc(cf->pool, len);
- if (p == NULL) {
- return NGX_ERROR;
- }
-
- ngx_memcpy(p, buf, len);
-
- addrs[i].conf.addr_text.len = len;
- addrs[i].conf.addr_text.data = p;
+ addrs[i].conf.addr_text = addr[i].opt.addr_text;
}
return NGX_OK;
@@ -433,12 +418,9 @@
ngx_mail_add_addrs6(ngx_conf_t *cf, ngx_mail_port_t *mport,
ngx_mail_conf_addr_t *addr)
{
- u_char *p;
- size_t len;
ngx_uint_t i;
ngx_mail_in6_addr_t *addrs6;
struct sockaddr_in6 *sin6;
- u_char buf[NGX_SOCKADDR_STRLEN];
mport->addrs = ngx_pcalloc(cf->pool,
mport->naddrs * sizeof(ngx_mail_in6_addr_t));
@@ -450,26 +432,14 @@
for (i = 0; i < mport->naddrs; i++) {
- sin6 = &addr[i].opt.sockaddr.sockaddr_in6;
+ sin6 = (struct sockaddr_in6 *) addr[i].opt.sockaddr;
addrs6[i].addr6 = sin6->sin6_addr;
addrs6[i].conf.ctx = addr[i].opt.ctx;
#if (NGX_MAIL_SSL)
addrs6[i].conf.ssl = addr[i].opt.ssl;
#endif
-
- len = ngx_sock_ntop(&addr[i].opt.sockaddr.sockaddr, addr[i].opt.socklen,
- buf, NGX_SOCKADDR_STRLEN, 1);
-
- p = ngx_pnalloc(cf->pool, len);
- if (p == NULL) {
- return NGX_ERROR;
- }
-
- ngx_memcpy(p, buf, len);
-
- addrs6[i].conf.addr_text.len = len;
- addrs6[i].conf.addr_text.data = p;
+ addrs6[i].conf.addr_text = addr[i].opt.addr_text;
}
return NGX_OK;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/mail/ngx_mail.h
^
|
| @@ -27,8 +27,9 @@
typedef struct {
- ngx_sockaddr_t sockaddr;
+ struct sockaddr *sockaddr;
socklen_t socklen;
+ ngx_str_t addr_text;
/* server ctx */
ngx_mail_conf_ctx_t *ctx;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/mail/ngx_mail_core_module.c
^
|
| @@ -297,8 +297,8 @@
ngx_str_t *value, size;
ngx_url_t u;
- ngx_uint_t i, m;
- ngx_mail_listen_t *ls;
+ ngx_uint_t i, n, m;
+ ngx_mail_listen_t *ls, *als;
ngx_mail_module_t *module;
ngx_mail_core_main_conf_t *cmcf;
@@ -323,36 +323,16 @@
cmcf = ngx_mail_conf_get_module_main_conf(cf, ngx_mail_core_module);
- ls = cmcf->listen.elts;
-
- for (i = 0; i < cmcf->listen.nelts; i++) {
-
- if (ngx_cmp_sockaddr(&ls[i].sockaddr.sockaddr, ls[i].socklen,
- (struct sockaddr *) &u.sockaddr, u.socklen, 1)
- != NGX_OK)
- {
- continue;
- }
-
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "duplicate \"%V\" address and port pair", &u.url);
- return NGX_CONF_ERROR;
- }
-
- ls = ngx_array_push(&cmcf->listen);
+ ls = ngx_array_push_n(&cmcf->listen, u.naddrs);
if (ls == NULL) {
return NGX_CONF_ERROR;
}
ngx_memzero(ls, sizeof(ngx_mail_listen_t));
- ngx_memcpy(&ls->sockaddr.sockaddr, &u.sockaddr, u.socklen);
-
- ls->socklen = u.socklen;
ls->backlog = NGX_LISTEN_BACKLOG;
ls->rcvbuf = -1;
ls->sndbuf = -1;
- ls->wildcard = u.wildcard;
ls->ctx = cf->ctx;
#if (NGX_HAVE_INET6)
@@ -434,35 +414,20 @@
if (ngx_strncmp(value[i].data, "ipv6only=o", 10) == 0) {
#if (NGX_HAVE_INET6 && defined IPV6_V6ONLY)
- size_t len;
- u_char buf[NGX_SOCKADDR_STRLEN];
-
- if (ls->sockaddr.sockaddr.sa_family == AF_INET6) {
-
- if (ngx_strcmp(&value[i].data[10], "n") == 0) {
- ls->ipv6only = 1;
+ if (ngx_strcmp(&value[i].data[10], "n") == 0) {
+ ls->ipv6only = 1;
- } else if (ngx_strcmp(&value[i].data[10], "ff") == 0) {
- ls->ipv6only = 0;
-
- } else {
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "invalid ipv6only flags \"%s\"",
- &value[i].data[9]);
- return NGX_CONF_ERROR;
- }
-
- ls->bind = 1;
+ } else if (ngx_strcmp(&value[i].data[10], "ff") == 0) {
+ ls->ipv6only = 0;
} else {
- len = ngx_sock_ntop(&ls->sockaddr.sockaddr, ls->socklen, buf,
- NGX_SOCKADDR_STRLEN, 1);
-
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "ipv6only is not supported "
- "on addr \"%*s\", ignored", len, buf);
+ "invalid ipv6only flags \"%s\"",
+ &value[i].data[9]);
+ return NGX_CONF_ERROR;
}
+ ls->bind = 1;
continue;
#else
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
@@ -474,7 +439,16 @@
if (ngx_strcmp(value[i].data, "ssl") == 0) {
#if (NGX_MAIL_SSL)
+ ngx_mail_ssl_conf_t *sslcf;
+
+ sslcf = ngx_mail_conf_get_module_srv_conf(cf, ngx_mail_ssl_module);
+
+ sslcf->listen = 1;
+ sslcf->file = cf->conf_file->file.name.data;
+ sslcf->line = cf->conf_file->line;
+
ls->ssl = 1;
+
continue;
#else
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
@@ -579,6 +553,32 @@
return NGX_CONF_ERROR;
}
+ als = cmcf->listen.elts;
+
+ for (n = 0; n < u.naddrs; n++) {
+ ls[n] = ls[0];
+
+ ls[n].sockaddr = u.addrs[n].sockaddr;
+ ls[n].socklen = u.addrs[n].socklen;
+ ls[n].addr_text = u.addrs[n].name;
+ ls[n].wildcard = ngx_inet_wildcard(ls[n].sockaddr);
+
+ for (i = 0; i < cmcf->listen.nelts - u.naddrs + n; i++) {
+
+ if (ngx_cmp_sockaddr(als[i].sockaddr, als[i].socklen,
+ ls[n].sockaddr, ls[n].socklen, 1)
+ != NGX_OK)
+ {
+ continue;
+ }
+
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "duplicate \"%V\" address and port pair",
+ &ls[n].addr_text);
+ return NGX_CONF_ERROR;
+ }
+ }
+
return NGX_CONF_OK;
}
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/mail/ngx_mail_handler.c
^
|
| @@ -165,27 +165,11 @@
sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
- if (sslcf->enable) {
+ if (sslcf->enable || addr_conf->ssl) {
c->log->action = "SSL handshaking";
ngx_mail_ssl_init_connection(&sslcf->ssl, c);
return;
- }
-
- if (addr_conf->ssl) {
-
- c->log->action = "SSL handshaking";
-
- if (sslcf->ssl.ctx == NULL) {
- ngx_log_error(NGX_LOG_ERR, c->log, 0,
- "no \"ssl_certificate\" is defined "
- "in server listening on SSL port");
- ngx_mail_close_connection(c);
- return;
- }
-
- ngx_mail_ssl_init_connection(&sslcf->ssl, c);
- return;
}
}
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/mail/ngx_mail_ssl_module.c
^
|
| @@ -56,6 +56,11 @@
};
+static ngx_conf_deprecated_t ngx_mail_ssl_deprecated = {
+ ngx_conf_deprecated, "ssl", "listen ... ssl"
+};
+
+
static ngx_command_t ngx_mail_ssl_commands[] = {
{ ngx_string("ssl"),
@@ -63,7 +68,7 @@
ngx_mail_ssl_enable,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_ssl_conf_t, enable),
- NULL },
+ &ngx_mail_ssl_deprecated },
{ ngx_string("starttls"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
@@ -238,6 +243,7 @@
/*
* set by ngx_pcalloc():
*
+ * scf->listen = 0;
* scf->protocols = 0;
* scf->dhparam = { 0, NULL };
* scf->ecdh_curve = { 0, NULL };
@@ -313,14 +319,17 @@
conf->ssl.log = cf->log;
- if (conf->enable) {
+ if (conf->listen) {
+ mode = "listen ... ssl";
+
+ } else if (conf->enable) {
mode = "ssl";
} else if (conf->starttls != NGX_MAIL_STARTTLS_OFF) {
mode = "starttls";
} else {
- mode = "";
+ return NGX_CONF_OK;
}
if (conf->file == NULL) {
@@ -328,51 +337,31 @@
conf->line = prev->line;
}
- if (*mode) {
-
- if (conf->certificates == NULL) {
- ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
- "no \"ssl_certificate\" is defined for "
- "the \"%s\" directive in %s:%ui",
- mode, conf->file, conf->line);
- return NGX_CONF_ERROR;
- }
-
- if (conf->certificate_keys == NULL) {
- ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
- "no \"ssl_certificate_key\" is defined for "
- "the \"%s\" directive in %s:%ui",
- mode, conf->file, conf->line);
- return NGX_CONF_ERROR;
- }
-
- if (conf->certificate_keys->nelts < conf->certificates->nelts) {
- ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
- "no \"ssl_certificate_key\" is defined "
- "for certificate \"%V\" and "
- "the \"ssl\" directive in %s:%ui",
- ((ngx_str_t *) conf->certificates->elts)
- + conf->certificates->nelts - 1,
- conf->file, conf->line);
- return NGX_CONF_ERROR;
- }
-
- } else {
+ if (conf->certificates == NULL) {
+ ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
+ "no \"ssl_certificate\" is defined for "
+ "the \"%s\" directive in %s:%ui",
+ mode, conf->file, conf->line);
+ return NGX_CONF_ERROR;
+ }
- if (conf->certificates == NULL) {
- return NGX_CONF_OK;
- }
+ if (conf->certificate_keys == NULL) {
+ ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
+ "no \"ssl_certificate_key\" is defined for "
+ "the \"%s\" directive in %s:%ui",
+ mode, conf->file, conf->line);
+ return NGX_CONF_ERROR;
+ }
- if (conf->certificate_keys == NULL
- || conf->certificate_keys->nelts < conf->certificates->nelts)
- {
- ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
- "no \"ssl_certificate_key\" is defined "
- "for certificate \"%V\"",
- ((ngx_str_t *) conf->certificates->elts)
- + conf->certificates->nelts - 1);
- return NGX_CONF_ERROR;
- }
+ if (conf->certificate_keys->nelts < conf->certificates->nelts) {
+ ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
+ "no \"ssl_certificate_key\" is defined "
+ "for certificate \"%V\" and "
+ "the \"%s\" directive in %s:%ui",
+ ((ngx_str_t *) conf->certificates->elts)
+ + conf->certificates->nelts - 1,
+ mode, conf->file, conf->line);
+ return NGX_CONF_ERROR;
}
if (ngx_ssl_create(&conf->ssl, conf->protocols, NULL) != NGX_OK) {
@@ -381,6 +370,7 @@
cln = ngx_pool_cleanup_add(cf->pool, 0);
if (cln == NULL) {
+ ngx_ssl_cleanup_ctx(&conf->ssl);
return NGX_CONF_ERROR;
}
@@ -446,7 +436,7 @@
}
if (ngx_ssl_session_cache(&conf->ssl, &ngx_mail_ssl_sess_id_ctx,
- conf->builtin_session_cache,
+ conf->certificates, conf->builtin_session_cache,
conf->shm_zone, conf->session_timeout)
!= NGX_OK)
{
@@ -494,8 +484,10 @@
return NGX_CONF_ERROR;
}
- scf->file = cf->conf_file->file.name.data;
- scf->line = cf->conf_file->line;
+ if (!scf->listen) {
+ scf->file = cf->conf_file->file.name.data;
+ scf->line = cf->conf_file->line;
+ }
return NGX_CONF_OK;
}
@@ -520,8 +512,10 @@
return NGX_CONF_ERROR;
}
- scf->file = cf->conf_file->file.name.data;
- scf->line = cf->conf_file->line;
+ if (!scf->listen) {
+ scf->file = cf->conf_file->file.name.data;
+ scf->line = cf->conf_file->line;
+ }
return NGX_CONF_OK;
}
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/mail/ngx_mail_ssl_module.h
^
|
| @@ -26,6 +26,7 @@
ngx_ssl_t ssl;
ngx_uint_t starttls;
+ ngx_uint_t listen;
ngx_uint_t protocols;
ngx_uint_t verify;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/os/unix/ngx_file_aio_read.c
^
|
| @@ -110,7 +110,7 @@
#if (NGX_HAVE_KQUEUE)
aio->aiocb.aio_sigevent.sigev_notify_kqueue = ngx_kqueue;
aio->aiocb.aio_sigevent.sigev_notify = SIGEV_KEVENT;
- aio->aiocb.aio_sigevent.sigev_value.sigval_ptr = ev;
+ aio->aiocb.aio_sigevent.sigev_value.sival_ptr = ev;
#endif
ev->handler = ngx_file_aio_event_handler;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/os/unix/ngx_files.h
^
|
| @@ -213,9 +213,6 @@
#endif
-#define NGX_DIR_MASK_LEN 0
-
-
ngx_int_t ngx_open_dir(ngx_str_t *name, ngx_dir_t *dir);
#define ngx_open_dir_n "opendir()"
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/os/unix/ngx_freebsd_config.h
^
|
| @@ -89,8 +89,14 @@
#if (NGX_HAVE_FILE_AIO)
+
#include <aio.h>
typedef struct aiocb ngx_aiocb_t;
+
+#if (__FreeBSD_version < 700005 && !defined __DragonFly__)
+#define sival_ptr sigval_ptr
+#endif
+
#endif
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/os/unix/ngx_thread.h
^
|
| @@ -47,12 +47,12 @@
#elif (NGX_DARWIN)
typedef uint64_t ngx_tid_t;
-#define NGX_TID_T_FMT "%uA"
+#define NGX_TID_T_FMT "%uL"
#else
typedef uint64_t ngx_tid_t;
-#define NGX_TID_T_FMT "%uA"
+#define NGX_TID_T_FMT "%uL"
#endif
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/stream/ngx_stream.c
^
|
| @@ -387,7 +387,7 @@
ngx_stream_conf_port_t *port;
ngx_stream_conf_addr_t *addr;
- sa = &listen->sockaddr.sockaddr;
+ sa = listen->sockaddr;
p = ngx_inet_get_port(sa);
port = ports->elts;
@@ -476,7 +476,7 @@
continue;
}
- ls = ngx_create_listening(cf, &addr[i].opt.sockaddr.sockaddr,
+ ls = ngx_create_listening(cf, addr[i].opt.sockaddr,
addr[i].opt.socklen);
if (ls == NULL) {
return NGX_CONF_ERROR;
@@ -538,10 +538,6 @@
break;
}
- if (ngx_clone_listening(cf, ls) != NGX_OK) {
- return NGX_CONF_ERROR;
- }
-
addr++;
last--;
}
@@ -555,12 +551,9 @@
ngx_stream_add_addrs(ngx_conf_t *cf, ngx_stream_port_t *stport,
ngx_stream_conf_addr_t *addr)
{
- u_char *p;
- size_t len;
ngx_uint_t i;
struct sockaddr_in *sin;
ngx_stream_in_addr_t *addrs;
- u_char buf[NGX_SOCKADDR_STRLEN];
stport->addrs = ngx_pcalloc(cf->pool,
stport->naddrs * sizeof(ngx_stream_in_addr_t));
@@ -572,7 +565,7 @@
for (i = 0; i < stport->naddrs; i++) {
- sin = &addr[i].opt.sockaddr.sockaddr_in;
+ sin = (struct sockaddr_in *) addr[i].opt.sockaddr;
addrs[i].addr = sin->sin_addr.s_addr;
addrs[i].conf.ctx = addr[i].opt.ctx;
@@ -580,19 +573,7 @@
addrs[i].conf.ssl = addr[i].opt.ssl;
#endif
addrs[i].conf.proxy_protocol = addr[i].opt.proxy_protocol;
-
- len = ngx_sock_ntop(&addr[i].opt.sockaddr.sockaddr, addr[i].opt.socklen,
- buf, NGX_SOCKADDR_STRLEN, 1);
-
- p = ngx_pnalloc(cf->pool, len);
- if (p == NULL) {
- return NGX_ERROR;
- }
-
- ngx_memcpy(p, buf, len);
-
- addrs[i].conf.addr_text.len = len;
- addrs[i].conf.addr_text.data = p;
+ addrs[i].conf.addr_text = addr[i].opt.addr_text;
}
return NGX_OK;
@@ -605,12 +586,9 @@
ngx_stream_add_addrs6(ngx_conf_t *cf, ngx_stream_port_t *stport,
ngx_stream_conf_addr_t *addr)
{
- u_char *p;
- size_t len;
ngx_uint_t i;
struct sockaddr_in6 *sin6;
ngx_stream_in6_addr_t *addrs6;
- u_char buf[NGX_SOCKADDR_STRLEN];
stport->addrs = ngx_pcalloc(cf->pool,
stport->naddrs * sizeof(ngx_stream_in6_addr_t));
@@ -622,7 +600,7 @@
for (i = 0; i < stport->naddrs; i++) {
- sin6 = &addr[i].opt.sockaddr.sockaddr_in6;
+ sin6 = (struct sockaddr_in6 *) addr[i].opt.sockaddr;
addrs6[i].addr6 = sin6->sin6_addr;
addrs6[i].conf.ctx = addr[i].opt.ctx;
@@ -630,19 +608,7 @@
addrs6[i].conf.ssl = addr[i].opt.ssl;
#endif
addrs6[i].conf.proxy_protocol = addr[i].opt.proxy_protocol;
-
- len = ngx_sock_ntop(&addr[i].opt.sockaddr.sockaddr, addr[i].opt.socklen,
- buf, NGX_SOCKADDR_STRLEN, 1);
-
- p = ngx_pnalloc(cf->pool, len);
- if (p == NULL) {
- return NGX_ERROR;
- }
-
- ngx_memcpy(p, buf, len);
-
- addrs6[i].conf.addr_text.len = len;
- addrs6[i].conf.addr_text.data = p;
+ addrs6[i].conf.addr_text = addr[i].opt.addr_text;
}
return NGX_OK;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/stream/ngx_stream.h
^
|
| @@ -41,8 +41,9 @@
typedef struct {
- ngx_sockaddr_t sockaddr;
+ struct sockaddr *sockaddr;
socklen_t socklen;
+ ngx_str_t addr_text;
/* server ctx */
ngx_stream_conf_ctx_t *ctx;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/stream/ngx_stream_core_module.c
^
|
| @@ -249,34 +249,40 @@
}
if (!c->read->ready) {
- if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
- rc = NGX_ERROR;
- break;
- }
-
- if (!c->read->timer_set) {
- ngx_add_timer(c->read, cscf->preread_timeout);
- }
-
- c->read->handler = ngx_stream_session_handler;
-
- return NGX_OK;
+ break;
}
n = c->recv(c, c->buffer->last, size);
- if (n == NGX_ERROR) {
+ if (n == NGX_ERROR || n == 0) {
rc = NGX_STREAM_OK;
break;
}
- if (n > 0) {
- c->buffer->last += n;
+ if (n == NGX_AGAIN) {
+ break;
}
+ c->buffer->last += n;
+
rc = ph->handler(s);
}
+ if (rc == NGX_AGAIN) {
+ if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
+ ngx_stream_finalize_session(s, NGX_STREAM_INTERNAL_SERVER_ERROR);
+ return NGX_OK;
+ }
+
+ if (!c->read->timer_set) {
+ ngx_add_timer(c->read, cscf->preread_timeout);
+ }
+
+ c->read->handler = ngx_stream_session_handler;
+
+ return NGX_OK;
+ }
+
if (c->read->timer_set) {
ngx_del_timer(c->read);
}
@@ -571,7 +577,7 @@
ngx_str_t *value, size;
ngx_url_t u;
- ngx_uint_t i, backlog;
+ ngx_uint_t i, n, backlog;
ngx_stream_listen_t *ls, *als;
ngx_stream_core_main_conf_t *cmcf;
@@ -596,21 +602,17 @@
cmcf = ngx_stream_conf_get_module_main_conf(cf, ngx_stream_core_module);
- ls = ngx_array_push(&cmcf->listen);
+ ls = ngx_array_push_n(&cmcf->listen, u.naddrs);
if (ls == NULL) {
return NGX_CONF_ERROR;
}
ngx_memzero(ls, sizeof(ngx_stream_listen_t));
- ngx_memcpy(&ls->sockaddr.sockaddr, &u.sockaddr, u.socklen);
-
- ls->socklen = u.socklen;
ls->backlog = NGX_LISTEN_BACKLOG;
ls->rcvbuf = -1;
ls->sndbuf = -1;
ls->type = SOCK_STREAM;
- ls->wildcard = u.wildcard;
ls->ctx = cf->ctx;
#if (NGX_HAVE_INET6)
@@ -682,35 +684,20 @@
if (ngx_strncmp(value[i].data, "ipv6only=o", 10) == 0) {
#if (NGX_HAVE_INET6 && defined IPV6_V6ONLY)
- size_t len;
- u_char buf[NGX_SOCKADDR_STRLEN];
-
- if (ls->sockaddr.sockaddr.sa_family == AF_INET6) {
-
- if (ngx_strcmp(&value[i].data[10], "n") == 0) {
- ls->ipv6only = 1;
+ if (ngx_strcmp(&value[i].data[10], "n") == 0) {
+ ls->ipv6only = 1;
- } else if (ngx_strcmp(&value[i].data[10], "ff") == 0) {
- ls->ipv6only = 0;
-
- } else {
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "invalid ipv6only flags \"%s\"",
- &value[i].data[9]);
- return NGX_CONF_ERROR;
- }
-
- ls->bind = 1;
+ } else if (ngx_strcmp(&value[i].data[10], "ff") == 0) {
+ ls->ipv6only = 0;
} else {
- len = ngx_sock_ntop(&ls->sockaddr.sockaddr, ls->socklen, buf,
- NGX_SOCKADDR_STRLEN, 1);
-
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "ipv6only is not supported "
- "on addr \"%*s\", ignored", len, buf);
+ "invalid ipv6only flags \"%s\"",
+ &value[i].data[9]);
+ return NGX_CONF_ERROR;
}
+ ls->bind = 1;
continue;
#else
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
@@ -734,7 +721,17 @@
if (ngx_strcmp(value[i].data, "ssl") == 0) {
#if (NGX_STREAM_SSL)
+ ngx_stream_ssl_conf_t *sslcf;
+
+ sslcf = ngx_stream_conf_get_module_srv_conf(cf,
+ ngx_stream_ssl_module);
+
+ sslcf->listen = 1;
+ sslcf->file = cf->conf_file->file.name.data;
+ sslcf->line = cf->conf_file->line;
+
ls->ssl = 1;
+
continue;
#else
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
@@ -866,21 +863,31 @@
als = cmcf->listen.elts;
- for (i = 0; i < cmcf->listen.nelts - 1; i++) {
- if (ls->type != als[i].type) {
- continue;
- }
+ for (n = 0; n < u.naddrs; n++) {
+ ls[n] = ls[0];
- if (ngx_cmp_sockaddr(&als[i].sockaddr.sockaddr, als[i].socklen,
- &ls->sockaddr.sockaddr, ls->socklen, 1)
- != NGX_OK)
- {
- continue;
- }
+ ls[n].sockaddr = u.addrs[n].sockaddr;
+ ls[n].socklen = u.addrs[n].socklen;
+ ls[n].addr_text = u.addrs[n].name;
+ ls[n].wildcard = ngx_inet_wildcard(ls[n].sockaddr);
+
+ for (i = 0; i < cmcf->listen.nelts - u.naddrs + n; i++) {
+ if (ls[n].type != als[i].type) {
+ continue;
+ }
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "duplicate \"%V\" address and port pair", &u.url);
- return NGX_CONF_ERROR;
+ if (ngx_cmp_sockaddr(als[i].sockaddr, als[i].socklen,
+ ls[n].sockaddr, ls[n].socklen, 1)
+ != NGX_OK)
+ {
+ continue;
+ }
+
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "duplicate \"%V\" address and port pair",
+ &ls[n].addr_text);
+ return NGX_CONF_ERROR;
+ }
}
return NGX_CONF_OK;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/stream/ngx_stream_geo_module.c
^
|
| @@ -206,6 +206,13 @@
break;
#endif
+#if (NGX_HAVE_UNIX_DOMAIN)
+ case AF_UNIX:
+ vv = (ngx_stream_variable_value_t *)
+ ngx_radix32tree_find(ctx->u.trees.tree, INADDR_NONE);
+ break;
+#endif
+
default: /* AF_INET */
sin = (struct sockaddr_in *) addr.sockaddr;
inaddr = ntohl(sin->sin_addr.s_addr);
@@ -268,6 +275,12 @@
break;
#endif
+#if (NGX_HAVE_UNIX_DOMAIN)
+ case AF_UNIX:
+ inaddr = INADDR_NONE;
+ break;
+#endif
+
default: /* AF_INET */
sin = (struct sockaddr_in *) addr.sockaddr;
inaddr = ntohl(sin->sin_addr.s_addr);
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/stream/ngx_stream_proxy_module.c
^
|
| @@ -26,11 +26,13 @@
size_t buffer_size;
size_t upload_rate;
size_t download_rate;
+ ngx_uint_t requests;
ngx_uint_t responses;
ngx_uint_t next_upstream_tries;
ngx_flag_t next_upstream;
ngx_flag_t proxy_protocol;
ngx_stream_upstream_local_t *local;
+ ngx_flag_t socket_keepalive;
#if (NGX_STREAM_SSL)
ngx_flag_t ssl_enable;
@@ -72,6 +74,8 @@
static ngx_int_t ngx_stream_proxy_test_connect(ngx_connection_t *c);
static void ngx_stream_proxy_process(ngx_stream_session_t *s,
ngx_uint_t from_upstream, ngx_uint_t do_write);
+static ngx_int_t ngx_stream_proxy_test_finalize(ngx_stream_session_t *s,
+ ngx_uint_t from_upstream);
static void ngx_stream_proxy_next_upstream(ngx_stream_session_t *s);
static void ngx_stream_proxy_finalize(ngx_stream_session_t *s, ngx_uint_t rc);
static u_char *ngx_stream_proxy_log_error(ngx_log_t *log, u_char *buf,
@@ -92,6 +96,7 @@
ngx_command_t *cmd, void *conf);
static void ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s);
static void ngx_stream_proxy_ssl_handshake(ngx_connection_t *pc);
+static void ngx_stream_proxy_ssl_save_session(ngx_connection_t *c);
static ngx_int_t ngx_stream_proxy_ssl_name(ngx_stream_session_t *s);
static ngx_int_t ngx_stream_proxy_set_ssl(ngx_conf_t *cf,
ngx_stream_proxy_srv_conf_t *pscf);
@@ -135,6 +140,13 @@
0,
NULL },
+ { ngx_string("proxy_socket_keepalive"),
+ NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG,
+ ngx_conf_set_flag_slot,
+ NGX_STREAM_SRV_CONF_OFFSET,
+ offsetof(ngx_stream_proxy_srv_conf_t, socket_keepalive),
+ NULL },
+
{ ngx_string("proxy_connect_timeout"),
NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_msec_slot,
@@ -184,6 +196,13 @@
offsetof(ngx_stream_proxy_srv_conf_t, download_rate),
NULL },
+ { ngx_string("proxy_requests"),
+ NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_num_slot,
+ NGX_STREAM_SRV_CONF_OFFSET,
+ offsetof(ngx_stream_proxy_srv_conf_t, requests),
+ NULL },
+
{ ngx_string("proxy_responses"),
NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_num_slot,
@@ -377,6 +396,8 @@
s->log_handler = ngx_stream_proxy_log_error;
+ u->requests = 1;
+
u->peer.log = c->log;
u->peer.log_error = NGX_ERROR_ERR;
@@ -385,6 +406,10 @@
return;
}
+ if (pscf->socket_keepalive) {
+ u->peer.so_keepalive = 1;
+ }
+
u->peer.type = c->type;
u->start_sec = ngx_time();
@@ -398,21 +423,19 @@
return;
}
- if (c->type == SOCK_STREAM) {
- p = ngx_pnalloc(c->pool, pscf->buffer_size);
- if (p == NULL) {
- ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR);
- return;
- }
+ p = ngx_pnalloc(c->pool, pscf->buffer_size);
+ if (p == NULL) {
+ ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR);
+ return;
+ }
- u->downstream_buf.start = p;
- u->downstream_buf.end = p + pscf->buffer_size;
- u->downstream_buf.pos = p;
- u->downstream_buf.last = p;
+ u->downstream_buf.start = p;
+ u->downstream_buf.end = p + pscf->buffer_size;
+ u->downstream_buf.pos = p;
+ u->downstream_buf.last = p;
- if (c->read->ready) {
- ngx_post_event(c->read, &ngx_posted_events);
- }
+ if (c->read->ready) {
+ ngx_post_event(c->read, &ngx_posted_events);
}
if (pscf->upstream_value) {
@@ -667,7 +690,7 @@
u->proxy_protocol = pscf->proxy_protocol;
if (u->state) {
- u->state->response_time = ngx_current_msec - u->state->response_time;
+ u->state->response_time = ngx_current_msec - u->start_time;
}
u->state = ngx_array_push(s->upstream_states);
@@ -678,9 +701,11 @@
ngx_memzero(u->state, sizeof(ngx_stream_upstream_state_t));
+ u->start_time = ngx_current_msec;
+
u->state->connect_time = (ngx_msec_t) -1;
u->state->first_byte_time = (ngx_msec_t) -1;
- u->state->response_time = ngx_current_msec;
+ u->state->response_time = (ngx_msec_t) -1;
rc = ngx_event_connect_peer(&u->peer);
@@ -794,7 +819,7 @@
}
}
- u->state->connect_time = ngx_current_msec - u->state->response_time;
+ u->state->connect_time = ngx_current_msec - u->start_time;
if (u->peer.notify) {
u->peer.notify(&u->peer, u->peer.data,
@@ -829,7 +854,6 @@
cl->buf->tag = (ngx_buf_tag_t) &ngx_stream_proxy_module;
cl->buf->flush = 1;
- cl->buf->last_buf = (c->type == SOCK_DGRAM);
cl->next = u->upstream_out;
u->upstream_out = cl;
@@ -871,17 +895,12 @@
u->proxy_protocol = 0;
}
- if (c->type == SOCK_DGRAM && pscf->responses == 0) {
- pc->read->ready = 0;
- pc->read->eof = 1;
- }
-
u->connected = 1;
pc->read->handler = ngx_stream_proxy_upstream_handler;
pc->write->handler = ngx_stream_proxy_upstream_handler;
- if (pc->read->ready || pc->read->eof) {
+ if (pc->read->ready) {
ngx_post_event(pc->read, &ngx_posted_events);
}
@@ -1014,6 +1033,8 @@
}
if (pscf->ssl_session_reuse) {
+ pc->ssl->save_session = ngx_stream_proxy_ssl_save_session;
+
if (u->peer.set_session(&u->peer, u->peer.data) != NGX_OK) {
ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR);
return;
@@ -1072,11 +1093,6 @@
}
}
- if (pscf->ssl_session_reuse) {
- u = s->upstream;
- u->peer.save_session(&u->peer, u->peer.data);
- }
-
if (pc->write->timer_set) {
ngx_del_timer(pc->write);
}
@@ -1092,6 +1108,19 @@
}
+static void
+ngx_stream_proxy_ssl_save_session(ngx_connection_t *c)
+{
+ ngx_stream_session_t *s;
+ ngx_stream_upstream_t *u;
+
+ s = c->data;
+ u = s->upstream;
+
+ u->peer.save_session(&u->peer, u->peer.data);
+}
+
+
static ngx_int_t
ngx_stream_proxy_ssl_name(ngx_stream_session_t *s)
{
@@ -1280,6 +1309,7 @@
ngx_stream_proxy_process_connection(ngx_event_t *ev, ngx_uint_t from_upstream)
{
ngx_connection_t *c, *pc;
+ ngx_log_handler_pt handler;
ngx_stream_session_t *s;
ngx_stream_upstream_t *u;
ngx_stream_proxy_srv_conf_t *pscf;
@@ -1321,32 +1351,47 @@
} else {
if (s->connection->type == SOCK_DGRAM) {
- if (pscf->responses == NGX_MAX_INT32_VALUE) {
+
+ if (pscf->responses == NGX_MAX_INT32_VALUE
+ || (u->responses >= pscf->responses * u->requests))
+ {
/*
* successfully terminate timed out UDP session
- * with unspecified number of responses
+ * if expected number of responses was received
*/
- pc->read->ready = 0;
- pc->read->eof = 1;
+ handler = c->log->handler;
+ c->log->handler = NULL;
+
+ ngx_log_error(NGX_LOG_INFO, c->log, 0,
+ "udp timed out"
+ ", packets from/to client:%ui/%ui"
+ ", bytes from/to client:%O/%O"
+ ", bytes from/to upstream:%O/%O",
+ u->requests, u->responses,
+ s->received, c->sent, u->received,
+ pc ? pc->sent : 0);
+
+ c->log->handler = handler;
- ngx_stream_proxy_process(s, 1, 0);
+ ngx_stream_proxy_finalize(s, NGX_STREAM_OK);
return;
}
ngx_connection_error(pc, NGX_ETIMEDOUT, "upstream timed out");
- if (u->received == 0) {
- ngx_stream_proxy_next_upstream(s);
- return;
- }
+ pc->read->error = 1;
+
+ ngx_stream_proxy_finalize(s, NGX_STREAM_BAD_GATEWAY);
- } else {
- ngx_connection_error(c, NGX_ETIMEDOUT, "connection timed out");
+ return;
}
+ ngx_connection_error(c, NGX_ETIMEDOUT, "connection timed out");
+
ngx_stream_proxy_finalize(s, NGX_STREAM_OK);
+
return;
}
@@ -1453,7 +1498,7 @@
ssize_t n;
ngx_buf_t *b;
ngx_int_t rc;
- ngx_uint_t flags;
+ ngx_uint_t flags, *packets;
ngx_msec_t delay;
ngx_chain_t *cl, **ll, **out, **busy;
ngx_connection_t *c, *pc, *src, *dst;
@@ -1489,6 +1534,7 @@
b = &u->upstream_buf;
limit_rate = pscf->download_rate;
received = &u->received;
+ packets = &u->responses;
out = &u->downstream_out;
busy = &u->downstream_busy;
recv_action = "proxying and reading from upstream";
@@ -1500,6 +1546,7 @@
b = &u->downstream_buf;
limit_rate = pscf->upload_rate;
received = &s->received;
+ packets = &u->requests;
out = &u->upstream_out;
busy = &u->upstream_busy;
recv_action = "proxying and reading from client";
@@ -1516,11 +1563,6 @@
rc = ngx_stream_top_filter(s, *out, from_upstream);
if (rc == NGX_ERROR) {
- if (c->type == SOCK_DGRAM && !from_upstream) {
- ngx_stream_proxy_next_upstream(s);
- return;
- }
-
ngx_stream_proxy_finalize(s, NGX_STREAM_OK);
return;
}
@@ -1551,7 +1593,7 @@
break;
}
- if ((off_t) size > limit) {
+ if (c->type == SOCK_STREAM && (off_t) size > limit) {
size = (size_t) limit;
}
}
@@ -1565,11 +1607,6 @@
}
if (n == NGX_ERROR) {
- if (c->type == SOCK_DGRAM && u->received == 0) {
- ngx_stream_proxy_next_upstream(s);
- return;
- }
-
src->read->eof = 1;
n = 0;
}
@@ -1587,16 +1624,10 @@
if (from_upstream) {
if (u->state->first_byte_time == (ngx_msec_t) -1) {
u->state->first_byte_time = ngx_current_msec
- - u->state->response_time;
+ - u->start_time;
}
}
- if (c->type == SOCK_DGRAM && ++u->responses == pscf->responses)
- {
- src->read->ready = 0;
- src->read->eof = 1;
- }
-
for (ll = out; *ll; ll = &(*ll)->next) { /* void */ }
cl = ngx_chain_get_free_buf(c->pool, &u->free);
@@ -1616,6 +1647,7 @@
cl->buf->last_buf = src->read->eof;
cl->buf->flush = 1;
+ (*packets)++;
*received += n;
b->last += n;
do_write = 1;
@@ -1629,33 +1661,19 @@
c->log->action = "proxying connection";
- if (src->read->eof && dst && (dst->read->eof || !dst->buffered)) {
- handler = c->log->handler;
- c->log->handler = NULL;
-
- ngx_log_error(NGX_LOG_INFO, c->log, 0,
- "%s%s disconnected"
- ", bytes from/to client:%O/%O"
- ", bytes from/to upstream:%O/%O",
- src->type == SOCK_DGRAM ? "udp " : "",
- from_upstream ? "upstream" : "client",
- s->received, c->sent, u->received, pc ? pc->sent : 0);
-
- c->log->handler = handler;
-
- ngx_stream_proxy_finalize(s, NGX_STREAM_OK);
+ if (ngx_stream_proxy_test_finalize(s, from_upstream) == NGX_OK) {
return;
}
flags = src->read->eof ? NGX_CLOSE_EVENT : 0;
- if (!src->shared && ngx_handle_read_event(src->read, flags) != NGX_OK) {
+ if (ngx_handle_read_event(src->read, flags) != NGX_OK) {
ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR);
return;
}
if (dst) {
- if (!dst->shared && ngx_handle_write_event(dst->write, 0) != NGX_OK) {
+ if (ngx_handle_write_event(dst->write, 0) != NGX_OK) {
ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR);
return;
}
@@ -1670,6 +1688,87 @@
}
+static ngx_int_t
+ngx_stream_proxy_test_finalize(ngx_stream_session_t *s,
+ ngx_uint_t from_upstream)
+{
+ ngx_connection_t *c, *pc;
+ ngx_log_handler_pt handler;
+ ngx_stream_upstream_t *u;
+ ngx_stream_proxy_srv_conf_t *pscf;
+
+ pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module);
+
+ c = s->connection;
+ u = s->upstream;
+ pc = u->connected ? u->peer.connection : NULL;
+
+ if (c->type == SOCK_DGRAM) {
+
+ if (pscf->requests && u->requests < pscf->requests) {
+ return NGX_DECLINED;
+ }
+
+ if (pscf->requests) {
+ ngx_delete_udp_connection(c);
+ }
+
+ if (pscf->responses == NGX_MAX_INT32_VALUE
+ || u->responses < pscf->responses * u->requests)
+ {
+ return NGX_DECLINED;
+ }
+
+ if (pc == NULL || c->buffered || pc->buffered) {
+ return NGX_DECLINED;
+ }
+
+ handler = c->log->handler;
+ c->log->handler = NULL;
+
+ ngx_log_error(NGX_LOG_INFO, c->log, 0,
+ "udp done"
+ ", packets from/to client:%ui/%ui"
+ ", bytes from/to client:%O/%O"
+ ", bytes from/to upstream:%O/%O",
+ u->requests, u->responses,
+ s->received, c->sent, u->received, pc ? pc->sent : 0);
+
+ c->log->handler = handler;
+
+ ngx_stream_proxy_finalize(s, NGX_STREAM_OK);
+
+ return NGX_OK;
+ }
+
+ /* c->type == SOCK_STREAM */
+
+ if (pc == NULL
+ || (!c->read->eof && !pc->read->eof)
+ || (!c->read->eof && c->buffered)
+ || (!pc->read->eof && pc->buffered))
+ {
+ return NGX_DECLINED;
+ }
+
+ handler = c->log->handler;
+ c->log->handler = NULL;
+
+ ngx_log_error(NGX_LOG_INFO, c->log, 0,
+ "%s disconnected"
+ ", bytes from/to client:%O/%O"
+ ", bytes from/to upstream:%O/%O",
+ from_upstream ? "upstream" : "client",
+ s->received, c->sent, u->received, pc ? pc->sent : 0);
+
+ c->log->handler = handler;
+
+ ngx_stream_proxy_finalize(s, NGX_STREAM_OK);
+
+ return NGX_OK;
+}
+
+
static void
ngx_stream_proxy_next_upstream(ngx_stream_session_t *s)
{
@@ -1739,6 +1838,7 @@
static void
ngx_stream_proxy_finalize(ngx_stream_session_t *s, ngx_uint_t rc)
{
+ ngx_uint_t state;
ngx_connection_t *pc;
ngx_stream_upstream_t *u;
@@ -1759,7 +1859,9 @@
pc = u->peer.connection;
if (u->state) {
- u->state->response_time = ngx_current_msec - u->state->response_time;
+ if (u->state->response_time == (ngx_msec_t) -1) {
+ u->state->response_time = ngx_current_msec - u->start_time;
+ }
if (pc) {
u->state->bytes_received = u->received;
@@ -1768,7 +1870,15 @@
}
if (u->peer.free && u->peer.sockaddr) {
- u->peer.free(&u->peer, u->peer.data, 0);
+ state = 0;
+
+ if (pc && pc->type == SOCK_DGRAM
+ && (pc->read->error || pc->write->error))
+ {
+ state = NGX_PEER_FAILED;
+ }
+
+ u->peer.free(&u->peer, u->peer.data, state);
u->peer.sockaddr = NULL;
}
@@ -1856,11 +1966,13 @@
conf->buffer_size = NGX_CONF_UNSET_SIZE;
conf->upload_rate = NGX_CONF_UNSET_SIZE;
conf->download_rate = NGX_CONF_UNSET_SIZE;
+ conf->requests = NGX_CONF_UNSET_UINT;
conf->responses = NGX_CONF_UNSET_UINT;
conf->next_upstream_tries = NGX_CONF_UNSET_UINT;
conf->next_upstream = NGX_CONF_UNSET;
conf->proxy_protocol = NGX_CONF_UNSET;
conf->local = NGX_CONF_UNSET_PTR;
+ conf->socket_keepalive = NGX_CONF_UNSET;
#if (NGX_STREAM_SSL)
conf->ssl_enable = NGX_CONF_UNSET;
@@ -1899,6 +2011,9 @@
ngx_conf_merge_size_value(conf->download_rate,
prev->download_rate, 0);
+ ngx_conf_merge_uint_value(conf->requests,
+ prev->requests, 0);
+
ngx_conf_merge_uint_value(conf->responses,
prev->responses, NGX_MAX_INT32_VALUE);
@@ -1911,6 +2026,9 @@
ngx_conf_merge_ptr_value(conf->local, prev->local, NULL);
+ ngx_conf_merge_value(conf->socket_keepalive,
+ prev->socket_keepalive, 0);
+
#if (NGX_STREAM_SSL)
ngx_conf_merge_value(conf->ssl_enable, prev->ssl_enable, 0);
@@ -1978,6 +2096,7 @@
cln = ngx_pool_cleanup_add(cf->pool, 0);
if (cln == NULL) {
+ ngx_ssl_cleanup_ctx(pscf->ssl);
return NGX_ERROR;
}
@@ -2025,6 +2144,12 @@
}
}
+ if (ngx_ssl_client_session_cache(cf, pscf->ssl, pscf->ssl_session_reuse)
+ != NGX_OK)
+ {
+ return NGX_ERROR;
+ }
+
return NGX_OK;
}
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/stream/ngx_stream_ssl_module.c
^
|
| @@ -22,6 +22,12 @@
static ngx_int_t ngx_stream_ssl_init_connection(ngx_ssl_t *ssl,
ngx_connection_t *c);
static void ngx_stream_ssl_handshake_handler(ngx_connection_t *c);
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+int ngx_stream_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg);
+#endif
+#ifdef SSL_R_CERT_CB_ERROR
+static int ngx_stream_ssl_certificate(ngx_ssl_conn_t *ssl_conn, void *arg);
+#endif
static ngx_int_t ngx_stream_ssl_static_variable(ngx_stream_session_t *s,
ngx_stream_variable_value_t *v, uintptr_t data);
static ngx_int_t ngx_stream_ssl_variable(ngx_stream_session_t *s,
@@ -32,6 +38,9 @@
static char *ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent,
void *child);
+static ngx_int_t ngx_stream_ssl_compile_certificates(ngx_conf_t *cf,
+ ngx_stream_ssl_conf_t *conf);
+
static char *ngx_stream_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
static char *ngx_stream_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
@@ -304,13 +313,6 @@
if (c->ssl == NULL) {
c->log->action = "SSL handshaking";
- if (sslcf->ssl.ctx == NULL) {
- ngx_log_error(NGX_LOG_ERR, c->log, 0,
- "no \"ssl_certificate\" is defined "
- "in server listening on SSL port");
- return NGX_ERROR;
- }
-
rv = ngx_stream_ssl_init_connection(&sslcf->ssl, c);
if (rv != NGX_OK) {
@@ -415,6 +417,73 @@
}
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+
+int
+ngx_stream_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
+{
+ return SSL_TLSEXT_ERR_OK;
+}
+
+#endif
+
+
+#ifdef SSL_R_CERT_CB_ERROR
+
+int
+ngx_stream_ssl_certificate(ngx_ssl_conn_t *ssl_conn, void *arg)
+{
+ ngx_str_t cert, key;
+ ngx_uint_t i, nelts;
+ ngx_connection_t *c;
+ ngx_stream_session_t *s;
+ ngx_stream_ssl_conf_t *sslcf;
+ ngx_stream_complex_value_t *certs, *keys;
+
+ c = ngx_ssl_get_connection(ssl_conn);
+
+ if (c->ssl->handshaked) {
+ return 0;
+ }
+
+ s = c->data;
+
+ sslcf = arg;
+
+ nelts = sslcf->certificate_values->nelts;
+ certs = sslcf->certificate_values->elts;
+ keys = sslcf->certificate_key_values->elts;
+
+ for (i = 0; i < nelts; i++) {
+
+ if (ngx_stream_complex_value(s, &certs[i], &cert) != NGX_OK) {
+ return 0;
+ }
+
+ ngx_log_debug1(NGX_LOG_DEBUG_STREAM, c->log, 0,
+ "ssl cert: \"%s\"", cert.data);
+
+ if (ngx_stream_complex_value(s, &keys[i], &key) != NGX_OK) {
+ return 0;
+ }
+
+ ngx_log_debug1(NGX_LOG_DEBUG_STREAM, c->log, 0,
+ "ssl key: \"%s\"", key.data);
+
+ if (ngx_ssl_connection_certificate(c, c->pool, &cert, &key,
+ sslcf->passwords)
+ != NGX_OK)
+ {
+ return 0;
+ }
+ }
+
+ return 1;
+}
+
+#endif
+
+
static ngx_int_t
ngx_stream_ssl_static_variable(ngx_stream_session_t *s,
ngx_stream_variable_value_t *v, uintptr_t data)
@@ -510,7 +579,9 @@
/*
* set by ngx_pcalloc():
*
+ * scf->listen = 0;
* scf->protocols = 0;
+ * scf->certificate_values = NULL;
* scf->dhparam = { 0, NULL };
* scf->ecdh_curve = { 0, NULL };
* scf->client_certificate = { 0, NULL };
@@ -582,18 +653,34 @@
conf->ssl.log = cf->log;
- if (conf->certificates == NULL) {
+ if (!conf->listen) {
return NGX_CONF_OK;
}
- if (conf->certificate_keys == NULL
- || conf->certificate_keys->nelts < conf->certificates->nelts)
- {
+ if (conf->certificates == NULL) {
+ ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
+ "no \"ssl_certificate\" is defined for "
+ "the \"listen ... ssl\" directive in %s:%ui",
+ conf->file, conf->line);
+ return NGX_CONF_ERROR;
+ }
+
+ if (conf->certificate_keys == NULL) {
+ ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
+ "no \"ssl_certificate_key\" is defined for "
+ "the \"listen ... ssl\" directive in %s:%ui",
+ conf->file, conf->line);
+ return NGX_CONF_ERROR;
+ }
+
+ if (conf->certificate_keys->nelts < conf->certificates->nelts) {
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
"no \"ssl_certificate_key\" is defined "
- "for certificate \"%V\"",
+ "for certificate \"%V\" and "
+ "the \"listen ... ssl\" directive in %s:%ui",
((ngx_str_t *) conf->certificates->elts)
- + conf->certificates->nelts - 1);
+ + conf->certificates->nelts - 1,
+ conf->file, conf->line);
return NGX_CONF_ERROR;
}
@@ -603,19 +690,50 @@
cln = ngx_pool_cleanup_add(cf->pool, 0);
if (cln == NULL) {
+ ngx_ssl_cleanup_ctx(&conf->ssl);
return NGX_CONF_ERROR;
}
cln->handler = ngx_ssl_cleanup_ctx;
cln->data = &conf->ssl;
- if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates,
- conf->certificate_keys, conf->passwords)
- != NGX_OK)
- {
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+ SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx,
+ ngx_stream_ssl_servername);
+#endif
+
+ if (ngx_stream_ssl_compile_certificates(cf, conf) != NGX_OK) {
return NGX_CONF_ERROR;
}
+ if (conf->certificate_values) {
+
+#ifdef SSL_R_CERT_CB_ERROR
+
+ /* install callback to lookup certificates */
+
+ SSL_CTX_set_cert_cb(conf->ssl.ctx, ngx_stream_ssl_certificate, conf);
+
+#else
+ ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
+ "variables in "
+ "\"ssl_certificate\" and \"ssl_certificate_key\" "
+ "directives are not supported on this platform");
+ return NGX_CONF_ERROR;
+#endif
+
+ } else {
+
+ /* configure certificates */
+
+ if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates,
+ conf->certificate_keys, conf->passwords)
+ != NGX_OK)
+ {
+ return NGX_CONF_ERROR;
+ }
+ }
+
if (ngx_ssl_ciphers(cf, &conf->ssl, &conf->ciphers,
conf->prefer_server_ciphers)
!= NGX_OK)
@@ -668,7 +786,7 @@
}
if (ngx_ssl_session_cache(&conf->ssl, &ngx_stream_ssl_sess_id_ctx,
- conf->builtin_session_cache,
+ conf->certificates, conf->builtin_session_cache,
conf->shm_zone, conf->session_timeout)
!= NGX_OK)
{
@@ -697,6 +815,90 @@
}
+static ngx_int_t
+ngx_stream_ssl_compile_certificates(ngx_conf_t *cf,
+ ngx_stream_ssl_conf_t *conf)
+{
+ ngx_str_t *cert, *key;
+ ngx_uint_t i, nelts;
+ ngx_stream_complex_value_t *cv;
+ ngx_stream_compile_complex_value_t ccv;
+
+ cert = conf->certificates->elts;
+ key = conf->certificate_keys->elts;
+ nelts = conf->certificates->nelts;
+
+ for (i = 0; i < nelts; i++) {
+
+ if (ngx_stream_script_variables_count(&cert[i])) {
+ goto found;
+ }
+
+ if (ngx_stream_script_variables_count(&key[i])) {
+ goto found;
+ }
+ }
+
+ return NGX_OK;
+
+found:
+
+ conf->certificate_values = ngx_array_create(cf->pool, nelts,
+ sizeof(ngx_stream_complex_value_t));
+ if (conf->certificate_values == NULL) {
+ return NGX_ERROR;
+ }
+
+ conf->certificate_key_values = ngx_array_create(cf->pool, nelts,
+ sizeof(ngx_stream_complex_value_t));
+ if (conf->certificate_key_values == NULL) {
+ return NGX_ERROR;
+ }
+
+ for (i = 0; i < nelts; i++) {
+
+ cv = ngx_array_push(conf->certificate_values);
+ if (cv == NULL) {
+ return NGX_ERROR;
+ }
+
+ ngx_memzero(&ccv, sizeof(ngx_stream_compile_complex_value_t));
+
+ ccv.cf = cf;
+ ccv.value = &cert[i];
+ ccv.complex_value = cv;
+ ccv.zero = 1;
+
+ if (ngx_stream_compile_complex_value(&ccv) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ cv = ngx_array_push(conf->certificate_key_values);
+ if (cv == NULL) {
+ return NGX_ERROR;
+ }
+
+ ngx_memzero(&ccv, sizeof(ngx_stream_compile_complex_value_t));
+
+ ccv.cf = cf;
+ ccv.value = &key[i];
+ ccv.complex_value = cv;
+ ccv.zero = 1;
+
+ if (ngx_stream_compile_complex_value(&ccv) != NGX_OK) {
+ return NGX_ERROR;
+ }
+ }
+
+ conf->passwords = ngx_ssl_preserve_passwords(cf, conf->passwords);
+ if (conf->passwords == NULL) {
+ return NGX_ERROR;
+ }
+
+ return NGX_OK;
+}
+
+
static char *
ngx_stream_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/stream/ngx_stream_ssl_module.h
^
|
| @@ -21,6 +21,7 @@
ngx_ssl_t ssl;
+ ngx_uint_t listen;
ngx_uint_t protocols;
ngx_uint_t verify;
@@ -33,6 +34,9 @@
ngx_array_t *certificates;
ngx_array_t *certificate_keys;
+ ngx_array_t *certificate_values;
+ ngx_array_t *certificate_key_values;
+
ngx_str_t dhparam;
ngx_str_t ecdh_curve;
ngx_str_t client_certificate;
@@ -47,6 +51,9 @@
ngx_flag_t session_tickets;
ngx_array_t *session_ticket_keys;
+
+ u_char *file;
+ ngx_uint_t line;
} ngx_stream_ssl_conf_t;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/stream/ngx_stream_ssl_preread_module.c
^
|
| @@ -21,6 +21,7 @@
u_char *pos;
u_char *dst;
u_char buf[4];
+ u_char version[2];
ngx_str_t host;
ngx_str_t alpn;
ngx_log_t *log;
@@ -32,6 +33,8 @@
static ngx_int_t ngx_stream_ssl_preread_handler(ngx_stream_session_t *s);
static ngx_int_t ngx_stream_ssl_preread_parse_record(
ngx_stream_ssl_preread_ctx_t *ctx, u_char *pos, u_char *last);
+static ngx_int_t ngx_stream_ssl_preread_protocol_variable(
+ ngx_stream_session_t *s, ngx_stream_variable_value_t *v, uintptr_t data);
static ngx_int_t ngx_stream_ssl_preread_server_name_variable(
ngx_stream_session_t *s, ngx_stream_variable_value_t *v, uintptr_t data);
static ngx_int_t ngx_stream_ssl_preread_alpn_protocols_variable(
@@ -86,6 +89,9 @@
static ngx_stream_variable_t ngx_stream_ssl_preread_vars[] = {
+ { ngx_string("ssl_preread_protocol"), NULL,
+ ngx_stream_ssl_preread_protocol_variable, 0, 0, 0 },
+
{ ngx_string("ssl_preread_server_name"), NULL,
ngx_stream_ssl_preread_server_name_variable, 0, 0, 0 },
@@ -143,6 +149,14 @@
while (last - p >= 5) {
+ if ((p[0] & 0x80) && p[2] == 1 && (p[3] == 0 || p[3] == 3)) {
+ ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0,
+ "ssl preread: version 2 ClientHello");
+ ctx->version[0] = p[3];
+ ctx->version[1] = p[4];
+ return NGX_OK;
+ }
+
if (p[0] != 0x16) {
ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0,
"ssl preread: not a handshake");
@@ -196,7 +210,8 @@
enum {
sw_start = 0,
sw_header, /* handshake msg_type, length */
- sw_head_tail, /* version, random */
+ sw_version, /* client_version */
+ sw_random, /* random */
sw_sid_len, /* session_id length */
sw_sid, /* session_id */
sw_cs_len, /* cipher_suites length */
@@ -210,7 +225,8 @@
sw_sni_host, /* SNI host_name */
sw_alpn_len, /* ALPN length */
sw_alpn_proto_len, /* ALPN protocol_name length */
- sw_alpn_proto_data /* ALPN protocol_name */
+ sw_alpn_proto_data, /* ALPN protocol_name */
+ sw_supver_len /* supported_versions length */
} state;
ngx_log_debug2(NGX_LOG_DEBUG_STREAM, ctx->log, 0,
@@ -254,13 +270,19 @@
return NGX_DECLINED;
}
- state = sw_head_tail;
- dst = NULL;
- size = 34;
+ state = sw_version;
+ dst = ctx->version;
+ size = 2;
left = (p[1] << 16) + (p[2] << 8) + p[3];
break;
- case sw_head_tail:
+ case sw_version:
+ state = sw_random;
+ dst = NULL;
+ size = 32;
+ break;
+
+ case sw_random:
state = sw_sid_len;
dst = p;
size = 1;
@@ -334,6 +356,14 @@
break;
}
+ if (p[0] == 0 && p[1] == 43) {
+ /* supported_versions extension */
+ state = sw_supver_len;
+ dst = p;
+ size = 1;
+ break;
+ }
+
state = sw_ext;
dst = NULL;
size = (p[2] << 8) + p[3];
@@ -434,6 +464,19 @@
dst = NULL;
size = 0;
break;
+
+ case sw_supver_len:
+ ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0,
+ "ssl preread: supported_versions");
+
+ /* set TLSv1.3 */
+ ctx->version[0] = 3;
+ ctx->version[1] = 4;
+
+ state = sw_ext;
+ dst = NULL;
+ size = p[0];
+ break;
}
if (left < size) {
@@ -453,6 +496,62 @@
}
+static ngx_int_t
+ngx_stream_ssl_preread_protocol_variable(ngx_stream_session_t *s,
+ ngx_variable_value_t *v, uintptr_t data)
+{
+ ngx_str_t version;
+ ngx_stream_ssl_preread_ctx_t *ctx;
+
+ ctx = ngx_stream_get_module_ctx(s, ngx_stream_ssl_preread_module);
+
+ if (ctx == NULL) {
+ v->not_found = 1;
+ return NGX_OK;
+ }
+
+ /* SSL_get_version() format */
+
+ ngx_str_null(&version);
+
+ switch (ctx->version[0]) {
+ case 0:
+ switch (ctx->version[1]) {
+ case 2:
+ ngx_str_set(&version, "SSLv2");
+ break;
+ }
+ break;
+ case 3:
+ switch (ctx->version[1]) {
+ case 0:
+ ngx_str_set(&version, "SSLv3");
+ break;
+ case 1:
+ ngx_str_set(&version, "TLSv1");
+ break;
+ case 2:
+ ngx_str_set(&version, "TLSv1.1");
+ break;
+ case 3:
+ ngx_str_set(&version, "TLSv1.2");
+ break;
+ case 4:
+ ngx_str_set(&version, "TLSv1.3");
+ break;
+ }
+ }
+
+ v->valid = 1;
+ v->no_cacheable = 0;
+ v->not_found = 0;
+ v->len = version.len;
+ v->data = version.data;
+
+ return NGX_OK;
+}
+
+
static ngx_int_t
ngx_stream_ssl_preread_server_name_variable(ngx_stream_session_t *s,
ngx_variable_value_t *v, uintptr_t data)
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/stream/ngx_stream_upstream.c
^
|
| @@ -267,24 +267,22 @@
for ( ;; ) {
if (data == 1) {
- if (state[i].first_byte_time == (ngx_msec_t) -1) {
- *p++ = '-';
- goto next;
- }
-
ms = state[i].first_byte_time;
- } else if (data == 2 && state[i].connect_time != (ngx_msec_t) -1) {
+ } else if (data == 2) {
ms = state[i].connect_time;
} else {
ms = state[i].response_time;
}
- ms = ngx_max(ms, 0);
- p = ngx_sprintf(p, "%T.%03M", (time_t) ms / 1000, ms % 1000);
+ if (ms != -1) {
+ ms = ngx_max(ms, 0);
+ p = ngx_sprintf(p, "%T.%03M", (time_t) ms / 1000, ms % 1000);
- next:
+ } else {
+ *p++ = '-';
+ }
if (++i == s->upstream_states->nelts) {
break;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/stream/ngx_stream_upstream.h
^
|
| @@ -128,7 +128,9 @@
off_t received;
time_t start_sec;
+ ngx_uint_t requests;
ngx_uint_t responses;
+ ngx_msec_t start_time;
ngx_str_t ssl_name;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/stream/ngx_stream_upstream_hash_module.c
^
|
| @@ -176,7 +176,7 @@
ngx_log_debug1(NGX_LOG_DEBUG_STREAM, pc->log, 0,
"get hash peer, try: %ui", pc->tries);
- ngx_stream_upstream_rr_peers_wlock(hp->rrp.peers);
+ ngx_stream_upstream_rr_peers_rlock(hp->rrp.peers);
if (hp->tries > 20 || hp->rrp.peers->single) {
ngx_stream_upstream_rr_peers_unlock(hp->rrp.peers);
@@ -227,10 +227,13 @@
goto next;
}
+ ngx_stream_upstream_rr_peer_lock(hp->rrp.peers, peer);
+
ngx_log_debug2(NGX_LOG_DEBUG_STREAM, pc->log, 0,
"get hash peer, value:%uD, peer:%ui", hp->hash, p);
if (peer->down) {
+ ngx_stream_upstream_rr_peer_unlock(hp->rrp.peers, peer);
goto next;
}
@@ -238,10 +241,12 @@
&& peer->fails >= peer->max_fails
&& now - peer->checked <= peer->fail_timeout)
{
+ ngx_stream_upstream_rr_peer_unlock(hp->rrp.peers, peer);
goto next;
}
if (peer->max_conns && peer->conns >= peer->max_conns) {
+ ngx_stream_upstream_rr_peer_unlock(hp->rrp.peers, peer);
goto next;
}
@@ -267,6 +272,7 @@
peer->checked = now;
}
+ ngx_stream_upstream_rr_peer_unlock(hp->rrp.peers, peer);
ngx_stream_upstream_rr_peers_unlock(hp->rrp.peers);
hp->rrp.tried[n] |= m;
|
|
[-]
[+]
|
Added |
_service:download_url:nginx-1.16.1.tar.gz/src/stream/ngx_stream_upstream_random_module.c
^
|
| @@ -0,0 +1,502 @@
+
+/*
+ * Copyright (C) Nginx, Inc.
+ */
+
+
+#include <ngx_config.h>
+#include <ngx_core.h>
+#include <ngx_stream.h>
+
+
+typedef struct {
+ ngx_stream_upstream_rr_peer_t *peer;
+ ngx_uint_t range;
+} ngx_stream_upstream_random_range_t;
+
+
+typedef struct {
+ ngx_uint_t two;
+ ngx_stream_upstream_random_range_t *ranges;
+} ngx_stream_upstream_random_srv_conf_t;
+
+
+typedef struct {
+ /* the round robin data must be first */
+ ngx_stream_upstream_rr_peer_data_t rrp;
+
+ ngx_stream_upstream_random_srv_conf_t *conf;
+ u_char tries;
+} ngx_stream_upstream_random_peer_data_t;
+
+
+static ngx_int_t ngx_stream_upstream_init_random(ngx_conf_t *cf,
+ ngx_stream_upstream_srv_conf_t *us);
+static ngx_int_t ngx_stream_upstream_update_random(ngx_pool_t *pool,
+ ngx_stream_upstream_srv_conf_t *us);
+
+static ngx_int_t ngx_stream_upstream_init_random_peer(ngx_stream_session_t *s,
+ ngx_stream_upstream_srv_conf_t *us);
+static ngx_int_t ngx_stream_upstream_get_random_peer(ngx_peer_connection_t *pc,
+ void *data);
+static ngx_int_t ngx_stream_upstream_get_random2_peer(ngx_peer_connection_t *pc,
+ void *data);
+static ngx_uint_t ngx_stream_upstream_peek_random_peer(
+ ngx_stream_upstream_rr_peers_t *peers,
+ ngx_stream_upstream_random_peer_data_t *rp);
+static void *ngx_stream_upstream_random_create_conf(ngx_conf_t *cf);
+static char *ngx_stream_upstream_random(ngx_conf_t *cf, ngx_command_t *cmd,
+ void *conf);
+
+
+static ngx_command_t ngx_stream_upstream_random_commands[] = {
+
+ { ngx_string("random"),
+ NGX_STREAM_UPS_CONF|NGX_CONF_NOARGS|NGX_CONF_TAKE12,
+ ngx_stream_upstream_random,
+ NGX_STREAM_SRV_CONF_OFFSET,
+ 0,
+ NULL },
+
+ ngx_null_command
+};
+
+
+static ngx_stream_module_t ngx_stream_upstream_random_module_ctx = {
+ NULL, /* preconfiguration */
+ NULL, /* postconfiguration */
+
+ NULL, /* create main configuration */
+ NULL, /* init main configuration */
+
+ ngx_stream_upstream_random_create_conf, /* create server configuration */
+ NULL /* merge server configuration */
+};
+
+
+ngx_module_t ngx_stream_upstream_random_module = {
+ NGX_MODULE_V1,
+ &ngx_stream_upstream_random_module_ctx, /* module context */
+ ngx_stream_upstream_random_commands, /* module directives */
+ NGX_STREAM_MODULE, /* module type */
+ NULL, /* init master */
+ NULL, /* init module */
+ NULL, /* init process */
+ NULL, /* init thread */
+ NULL, /* exit thread */
+ NULL, /* exit process */
+ NULL, /* exit master */
+ NGX_MODULE_V1_PADDING
+};
+
+
+static ngx_int_t
+ngx_stream_upstream_init_random(ngx_conf_t *cf,
+ ngx_stream_upstream_srv_conf_t *us)
+{
+ ngx_log_debug0(NGX_LOG_DEBUG_STREAM, cf->log, 0, "init random");
+
+ if (ngx_stream_upstream_init_round_robin(cf, us) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ us->peer.init = ngx_stream_upstream_init_random_peer;
+
+#if (NGX_STREAM_UPSTREAM_ZONE)
+ if (us->shm_zone) {
+ return NGX_OK;
+ }
+#endif
+
+ return ngx_stream_upstream_update_random(cf->pool, us);
+}
+
+
+static ngx_int_t
+ngx_stream_upstream_update_random(ngx_pool_t *pool,
+ ngx_stream_upstream_srv_conf_t *us)
+{
+ size_t size;
+ ngx_uint_t i, total_weight;
+ ngx_stream_upstream_rr_peer_t *peer;
+ ngx_stream_upstream_rr_peers_t *peers;
+ ngx_stream_upstream_random_range_t *ranges;
+ ngx_stream_upstream_random_srv_conf_t *rcf;
+
+ rcf = ngx_stream_conf_upstream_srv_conf(us,
+ ngx_stream_upstream_random_module);
+ peers = us->peer.data;
+
+ size = peers->number * sizeof(ngx_stream_upstream_random_range_t);
+
+ ranges = pool ? ngx_palloc(pool, size) : ngx_alloc(size, ngx_cycle->log);
+ if (ranges == NULL) {
+ return NGX_ERROR;
+ }
+
+ total_weight = 0;
+
+ for (peer = peers->peer, i = 0; peer; peer = peer->next, i++) {
+ ranges[i].peer = peer;
+ ranges[i].range = total_weight;
+ total_weight += peer->weight;
+ }
+
+ rcf->ranges = ranges;
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_stream_upstream_init_random_peer(ngx_stream_session_t *s,
+ ngx_stream_upstream_srv_conf_t *us)
+{
+ ngx_stream_upstream_random_srv_conf_t *rcf;
+ ngx_stream_upstream_random_peer_data_t *rp;
+
+ ngx_log_debug0(NGX_LOG_DEBUG_STREAM, s->connection->log, 0,
+ "init random peer");
+
+ rcf = ngx_stream_conf_upstream_srv_conf(us,
+ ngx_stream_upstream_random_module);
+
+ rp = ngx_palloc(s->connection->pool,
+ sizeof(ngx_stream_upstream_random_peer_data_t));
+ if (rp == NULL) {
+ return NGX_ERROR;
+ }
+
+ s->upstream->peer.data = &rp->rrp;
+
+ if (ngx_stream_upstream_init_round_robin_peer(s, us) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ if (rcf->two) {
+ s->upstream->peer.get = ngx_stream_upstream_get_random2_peer;
+
+ } else {
+ s->upstream->peer.get = ngx_stream_upstream_get_random_peer;
+ }
+
+ rp->conf = rcf;
+ rp->tries = 0;
+
+ ngx_stream_upstream_rr_peers_rlock(rp->rrp.peers);
+
+#if (NGX_STREAM_UPSTREAM_ZONE)
+ if (rp->rrp.peers->shpool && rcf->ranges == NULL) {
+ if (ngx_stream_upstream_update_random(NULL, us) != NGX_OK) {
+ ngx_stream_upstream_rr_peers_unlock(rp->rrp.peers);
+ return NGX_ERROR;
+ }
+ }
+#endif
+
+ ngx_stream_upstream_rr_peers_unlock(rp->rrp.peers);
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_stream_upstream_get_random_peer(ngx_peer_connection_t *pc, void *data)
+{
+ ngx_stream_upstream_random_peer_data_t *rp = data;
+
+ time_t now;
+ uintptr_t m;
+ ngx_uint_t i, n;
+ ngx_stream_upstream_rr_peer_t *peer;
+ ngx_stream_upstream_rr_peers_t *peers;
+ ngx_stream_upstream_rr_peer_data_t *rrp;
+
+ ngx_log_debug1(NGX_LOG_DEBUG_STREAM, pc->log, 0,
+ "get random peer, try: %ui", pc->tries);
+
+ rrp = &rp->rrp;
+ peers = rrp->peers;
+
+ ngx_stream_upstream_rr_peers_rlock(peers);
+
+ if (rp->tries > 20 || peers->single) {
+ ngx_stream_upstream_rr_peers_unlock(peers);
+ return ngx_stream_upstream_get_round_robin_peer(pc, rrp);
+ }
+
+ pc->cached = 0;
+ pc->connection = NULL;
+
+ now = ngx_time();
+
+ for ( ;; ) {
+
+ i = ngx_stream_upstream_peek_random_peer(peers, rp);
+
+ peer = rp->conf->ranges[i].peer;
+
+ n = i / (8 * sizeof(uintptr_t));
+ m = (uintptr_t) 1 << i % (8 * sizeof(uintptr_t));
+
+ if (rrp->tried[n] & m) {
+ goto next;
+ }
+
+ ngx_stream_upstream_rr_peer_lock(peers, peer);
+
+ if (peer->down) {
+ ngx_stream_upstream_rr_peer_unlock(peers, peer);
+ goto next;
+ }
+
+ if (peer->max_fails
+ && peer->fails >= peer->max_fails
+ && now - peer->checked <= peer->fail_timeout)
+ {
+ ngx_stream_upstream_rr_peer_unlock(peers, peer);
+ goto next;
+ }
+
+ if (peer->max_conns && peer->conns >= peer->max_conns) {
+ ngx_stream_upstream_rr_peer_unlock(peers, peer);
+ goto next;
+ }
+
+ break;
+
+ next:
+
+ if (++rp->tries > 20) {
+ ngx_stream_upstream_rr_peers_unlock(peers);
+ return ngx_stream_upstream_get_round_robin_peer(pc, rrp);
+ }
+ }
+
+ rrp->current = peer;
+
+ if (now - peer->checked > peer->fail_timeout) {
+ peer->checked = now;
+ }
+
+ pc->sockaddr = peer->sockaddr;
+ pc->socklen = peer->socklen;
+ pc->name = &peer->name;
+
+ peer->conns++;
+
+ ngx_stream_upstream_rr_peer_unlock(peers, peer);
+ ngx_stream_upstream_rr_peers_unlock(peers);
+
+ rrp->tried[n] |= m;
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_stream_upstream_get_random2_peer(ngx_peer_connection_t *pc, void *data)
+{
+ ngx_stream_upstream_random_peer_data_t *rp = data;
+
+ time_t now;
+ uintptr_t m;
+ ngx_uint_t i, n, p;
+ ngx_stream_upstream_rr_peer_t *peer, *prev;
+ ngx_stream_upstream_rr_peers_t *peers;
+ ngx_stream_upstream_rr_peer_data_t *rrp;
+
+ ngx_log_debug1(NGX_LOG_DEBUG_STREAM, pc->log, 0,
+ "get random2 peer, try: %ui", pc->tries);
+
+ rrp = &rp->rrp;
+ peers = rrp->peers;
+
+ ngx_stream_upstream_rr_peers_wlock(peers);
+
+ if (rp->tries > 20 || peers->single) {
+ ngx_stream_upstream_rr_peers_unlock(peers);
+ return ngx_stream_upstream_get_round_robin_peer(pc, rrp);
+ }
+
+ pc->cached = 0;
+ pc->connection = NULL;
+
+ now = ngx_time();
+
+ prev = NULL;
+
+#if (NGX_SUPPRESS_WARN)
+ p = 0;
+#endif
+
+ for ( ;; ) {
+
+ i = ngx_stream_upstream_peek_random_peer(peers, rp);
+
+ peer = rp->conf->ranges[i].peer;
+
+ if (peer == prev) {
+ goto next;
+ }
+
+ n = i / (8 * sizeof(uintptr_t));
+ m = (uintptr_t) 1 << i % (8 * sizeof(uintptr_t));
+
+ if (rrp->tried[n] & m) {
+ goto next;
+ }
+
+ if (peer->down) {
+ goto next;
+ }
+
+ if (peer->max_fails
+ && peer->fails >= peer->max_fails
+ && now - peer->checked <= peer->fail_timeout)
+ {
+ goto next;
+ }
+
+ if (peer->max_conns && peer->conns >= peer->max_conns) {
+ goto next;
+ }
+
+ if (prev) {
+ if (peer->conns * prev->weight > prev->conns * peer->weight) {
+ peer = prev;
+ n = p / (8 * sizeof(uintptr_t));
+ m = (uintptr_t) 1 << p % (8 * sizeof(uintptr_t));
+ }
+
+ break;
+ }
+
+ prev = peer;
+ p = i;
+
+ next:
+
+ if (++rp->tries > 20) {
+ ngx_stream_upstream_rr_peers_unlock(peers);
+ return ngx_stream_upstream_get_round_robin_peer(pc, rrp);
+ }
+ }
+
+ rrp->current = peer;
+
+ if (now - peer->checked > peer->fail_timeout) {
+ peer->checked = now;
+ }
+
+ pc->sockaddr = peer->sockaddr;
+ pc->socklen = peer->socklen;
+ pc->name = &peer->name;
+
+ peer->conns++;
+
+ ngx_stream_upstream_rr_peers_unlock(peers);
+
+ rrp->tried[n] |= m;
+
+ return NGX_OK;
+}
+
+
+static ngx_uint_t
+ngx_stream_upstream_peek_random_peer(ngx_stream_upstream_rr_peers_t *peers,
+ ngx_stream_upstream_random_peer_data_t *rp)
+{
+ ngx_uint_t i, j, k, x;
+
+ x = ngx_random() % peers->total_weight;
+
+ i = 0;
+ j = peers->number;
+
+ while (j - i > 1) {
+ k = (i + j) / 2;
+
+ if (x < rp->conf->ranges[k].range) {
+ j = k;
+
+ } else {
+ i = k;
+ }
+ }
+
+ return i;
+}
+
+
+static void *
+ngx_stream_upstream_random_create_conf(ngx_conf_t *cf)
+{
+ ngx_stream_upstream_random_srv_conf_t *conf;
+
+ conf = ngx_pcalloc(cf->pool, sizeof(ngx_stream_upstream_random_srv_conf_t));
+ if (conf == NULL) {
+ return NULL;
+ }
+
+ /*
+ * set by ngx_pcalloc():
+ *
+ * conf->two = 0;
+ */
+
+ return conf;
+}
+
+
+static char *
+ngx_stream_upstream_random(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+ ngx_stream_upstream_random_srv_conf_t *rcf = conf;
+
+ ngx_str_t *value;
+ ngx_stream_upstream_srv_conf_t *uscf;
+
+ uscf = ngx_stream_conf_get_module_srv_conf(cf, ngx_stream_upstream_module);
+
+ if (uscf->peer.init_upstream) {
+ ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
+ "load balancing method redefined");
+ }
+
+ uscf->peer.init_upstream = ngx_stream_upstream_init_random;
+
+ uscf->flags = NGX_STREAM_UPSTREAM_CREATE
+ |NGX_STREAM_UPSTREAM_WEIGHT
+ |NGX_STREAM_UPSTREAM_MAX_CONNS
+ |NGX_STREAM_UPSTREAM_MAX_FAILS
+ |NGX_STREAM_UPSTREAM_FAIL_TIMEOUT
+ |NGX_STREAM_UPSTREAM_DOWN;
+
+ if (cf->args->nelts == 1) {
+ return NGX_CONF_OK;
+ }
+
+ value = cf->args->elts;
+
+ if (ngx_strcmp(value[1].data, "two") == 0) {
+ rcf->two = 1;
+
+ } else {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "invalid parameter \"%V\"", &value[1]);
+ return NGX_CONF_ERROR;
+ }
+
+ if (cf->args->nelts == 2) {
+ return NGX_CONF_OK;
+ }
+
+ if (ngx_strcmp(value[2].data, "least_conn") != 0) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "invalid parameter \"%V\"", &value[2]);
+ return NGX_CONF_ERROR;
+ }
+
+ return NGX_CONF_OK;
+}
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/stream/ngx_stream_upstream_round_robin.c
^
|
| @@ -776,7 +776,7 @@
if (peers->shpool) {
- ssl_session = SSL_get0_session(pc->connection->ssl->connection);
+ ssl_session = ngx_ssl_get0_session(pc->connection);
if (ssl_session == NULL) {
return;
|
|
[-]
[+]
|
Changed |
_service:download_url:nginx-1.16.1.tar.gz/src/stream/ngx_stream_write_filter_module.c
^
|
| @@ -104,7 +104,6 @@
cl->buf->file_pos,
cl->buf->file_last - cl->buf->file_pos);
-#if 1
if (ngx_buf_size(cl->buf) == 0 && !ngx_buf_special(cl->buf)) {
ngx_log_error(NGX_LOG_ALERT, c->log, 0,
"zero size buf in writer "
@@ -122,7 +121,24 @@
ngx_debug_point();
return NGX_ERROR;
}
-#endif
+
+ if (ngx_buf_size(cl->buf) < 0) {
+ ngx_log_error(NGX_LOG_ALERT, c->log, 0,
+ "negative size buf in writer "
+ "t:%d r:%d f:%d %p %p-%p %p %O-%O",
+ cl->buf->temporary,
+ cl->buf->recycled,
+ cl->buf->in_file,
+ cl->buf->start,
+ cl->buf->pos,
+ cl->buf->last,
+ cl->buf->file,
+ cl->buf->file_pos,
+ cl->buf->file_last);
+
+ ngx_debug_point();
+ return NGX_ERROR;
+ }
size += ngx_buf_size(cl->buf);
@@ -160,7 +176,6 @@
cl->buf->file_pos,
cl->buf->file_last - cl->buf->file_pos);
-#if 1
if (ngx_buf_size(cl->buf) == 0 && !ngx_buf_special(cl->buf)) {
ngx_log_error(NGX_LOG_ALERT, c->log, 0,
"zero size buf in writer "
@@ -178,7 +193,24 @@
ngx_debug_point();
return NGX_ERROR;
}
-#endif
+
+ if (ngx_buf_size(cl->buf) < 0) {
+ ngx_log_error(NGX_LOG_ALERT, c->log, 0,
+ "negative size buf in writer "
+ "t:%d r:%d f:%d %p %p-%p %p %O-%O",
+ cl->buf->temporary,
+ cl->buf->recycled,
+ cl->buf->in_file,
+ cl->buf->start,
+ cl->buf->pos,
+ cl->buf->last,
+ cl->buf->file,
+ cl->buf->file_pos,
+ cl->buf->file_last);
+
+ ngx_debug_point();
+ return NGX_ERROR;
+ }
size += ngx_buf_size(cl->buf);
|
