From othree at gmail.com Wed Mar 1 03:44:11 2017 From: othree at gmail.com (othree) Date: Wed, 01 Mar 2017 11:44:11 +0800 Subject: [PATCH] Contrib: vim syntax, update 3rd party module directives Message-ID: # HG changeset patch # User othree # Date 1488339792 -28800 # Wed Mar 01 11:43:12 2017 +0800 # Node ID b57cf9a765d8f5603f1bf359eb95dadc0a832f18 # Parent 8b7fd958c59f8280d167fe7dd93f1942bfed5876 Contrib: vim syntax, update 3rd party module directives. diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim --- a/contrib/vim/syntax/nginx.vim +++ b/contrib/vim/syntax/nginx.vim @@ -328,17 +328,17 @@ syn keyword ngxDirective pid syn keyword ngxDirective pop3_auth syn keyword ngxDirective pop3_capabilities syn keyword ngxDirective port_in_redirect syn keyword ngxDirective post_acceptex syn keyword ngxDirective postpone_gzipping syn keyword ngxDirective postpone_output syn keyword ngxDirective preread_buffer_size syn keyword ngxDirective preread_timeout -syn keyword ngxDirective protocol nextgroup=ngxMailProtocol skipwhite +syn keyword ngxDirective protocol nextgroup=ngxMailProtocol skipwhite skipempty syn keyword ngxMailProtocol imap pop3 smtp contained syn keyword ngxDirective proxy syn keyword ngxDirective proxy_bind syn keyword ngxDirective proxy_buffer syn keyword ngxDirective proxy_buffer_size syn keyword ngxDirective proxy_buffering syn keyword ngxDirective proxy_buffers syn keyword ngxDirective proxy_busy_buffers_size @@ -391,17 +391,17 @@ syn keyword ngxDirective proxy_send_time syn keyword ngxDirective proxy_set_body syn keyword ngxDirective proxy_set_header syn keyword ngxDirective proxy_ssl_certificate syn keyword ngxDirective proxy_ssl_certificate_key syn keyword ngxDirective proxy_ssl_ciphers syn keyword ngxDirective proxy_ssl_crl syn keyword ngxDirective proxy_ssl_name syn keyword ngxDirective proxy_ssl_password_file -syn keyword ngxDirective proxy_ssl_protocols nextgroup=ngxSSLProtocol skipwhite +syn keyword ngxDirective proxy_ssl_protocols nextgroup=ngxSSLProtocol skipwhite skipempty syn keyword ngxDirective proxy_ssl_server_name syn keyword ngxDirective proxy_ssl_session_reuse syn keyword ngxDirective proxy_ssl_trusted_certificate syn keyword ngxDirective proxy_ssl_verify syn keyword ngxDirective proxy_ssl_verify_depth syn keyword ngxDirective proxy_store syn keyword ngxDirective proxy_store_access syn keyword ngxDirective proxy_temp_file_write_size @@ -513,18 +513,18 @@ syn keyword ngxDirective ssl_client_cert syn keyword ngxDirective ssl_crl syn keyword ngxDirective ssl_dhparam syn keyword ngxDirective ssl_ecdh_curve syn keyword ngxDirective ssl_engine syn keyword ngxDirective ssl_handshake_timeout syn keyword ngxDirective ssl_password_file syn keyword ngxDirective ssl_prefer_server_ciphers syn keyword ngxDirective ssl_preread -syn keyword ngxDirective ssl_protocols nextgroup=ngxSSLProtocol skipwhite -syn keyword ngxSSLProtocol SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2 contained nextgroup=ngxSSLProtocol skipwhite +syn keyword ngxDirective ssl_protocols nextgroup=ngxSSLProtocol skipwhite skipempty +syn keyword ngxSSLProtocol SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2 contained nextgroup=ngxSSLProtocol skipwhite skipempty syn keyword ngxDirective ssl_session_cache syn keyword ngxDirective ssl_session_ticket_key syn keyword ngxDirective ssl_session_tickets syn keyword ngxDirective ssl_session_timeout syn keyword ngxDirective ssl_stapling syn keyword ngxDirective ssl_stapling_file syn keyword ngxDirective ssl_stapling_responder syn keyword ngxDirective ssl_stapling_verify @@ -605,17 +605,17 @@ syn keyword ngxDirective uwsgi_read_time syn keyword ngxDirective uwsgi_request_buffering syn keyword ngxDirective uwsgi_send_timeout syn keyword ngxDirective uwsgi_ssl_certificate syn keyword ngxDirective uwsgi_ssl_certificate_key syn keyword ngxDirective uwsgi_ssl_ciphers syn keyword ngxDirective uwsgi_ssl_crl syn keyword ngxDirective uwsgi_ssl_name syn keyword ngxDirective uwsgi_ssl_password_file -syn keyword ngxDirective uwsgi_ssl_protocols nextgroup=ngxSSLProtocol skipwhite +syn keyword ngxDirective uwsgi_ssl_protocols nextgroup=ngxSSLProtocol skipwhite skipempty syn keyword ngxDirective uwsgi_ssl_server_name syn keyword ngxDirective uwsgi_ssl_session_reuse syn keyword ngxDirective uwsgi_ssl_trusted_certificate syn keyword ngxDirective uwsgi_ssl_verify syn keyword ngxDirective uwsgi_ssl_verify_depth syn keyword ngxDirective uwsgi_store syn keyword ngxDirective uwsgi_store_access syn keyword ngxDirective uwsgi_string @@ -639,297 +639,1490 @@ syn keyword ngxDirective xml_entities syn keyword ngxDirective xslt_last_modified syn keyword ngxDirective xslt_param syn keyword ngxDirective xslt_string_param syn keyword ngxDirective xslt_stylesheet syn keyword ngxDirective xslt_types syn keyword ngxDirective zone " 3rd party module list: -" http://wiki.nginx.org/Nginx3rdPartyModules +" https://www.nginx.com/resources/wiki/modules/ -" Accept Language Module +" Accept Language Module " Parses the Accept-Language header and gives the most suitable locale from a list of supported locales. syn keyword ngxDirectiveThirdParty set_from_accept_language -" Access Key Module +" Access Key Module (DEPRECATED) " Denies access unless the request URL contains an access key. -syn keyword ngxDirectiveThirdParty accesskey -syn keyword ngxDirectiveThirdParty accesskey_arg -syn keyword ngxDirectiveThirdParty accesskey_hashmethod -syn keyword ngxDirectiveThirdParty accesskey_signature +syn keyword ngxDirectiveDeprecated accesskey +syn keyword ngxDirectiveDeprecated accesskey_arg +syn keyword ngxDirectiveDeprecated accesskey_hashmethod +syn keyword ngxDirectiveDeprecated accesskey_signature -" Auth PAM Module -" HTTP Basic Authentication using PAM. -syn keyword ngxDirectiveThirdParty auth_pam -syn keyword ngxDirectiveThirdParty auth_pam_service_name +" Asynchronous FastCGI Module +" Primarily a modified version of the Nginx FastCGI module which implements multiplexing of connections, allowing a single FastCGI server to handle many concurrent requests. +" syn keyword ngxDirectiveThirdParty fastcgi_bind +" syn keyword ngxDirectiveThirdParty fastcgi_buffer_size +" syn keyword ngxDirectiveThirdParty fastcgi_buffers +" syn keyword ngxDirectiveThirdParty fastcgi_busy_buffers_size +" syn keyword ngxDirectiveThirdParty fastcgi_cache +" syn keyword ngxDirectiveThirdParty fastcgi_cache_key +" syn keyword ngxDirectiveThirdParty fastcgi_cache_methods +" syn keyword ngxDirectiveThirdParty fastcgi_cache_min_uses +" syn keyword ngxDirectiveThirdParty fastcgi_cache_path +" syn keyword ngxDirectiveThirdParty fastcgi_cache_use_stale +" syn keyword ngxDirectiveThirdParty fastcgi_cache_valid +" syn keyword ngxDirectiveThirdParty fastcgi_catch_stderr +" syn keyword ngxDirectiveThirdParty fastcgi_connect_timeout +" syn keyword ngxDirectiveThirdParty fastcgi_hide_header +" syn keyword ngxDirectiveThirdParty fastcgi_ignore_client_abort +" syn keyword ngxDirectiveThirdParty fastcgi_ignore_headers +" syn keyword ngxDirectiveThirdParty fastcgi_index +" syn keyword ngxDirectiveThirdParty fastcgi_intercept_errors +" syn keyword ngxDirectiveThirdParty fastcgi_max_temp_file_size +" syn keyword ngxDirectiveThirdParty fastcgi_next_upstream +" syn keyword ngxDirectiveThirdParty fastcgi_param +" syn keyword ngxDirectiveThirdParty fastcgi_pass +" syn keyword ngxDirectiveThirdParty fastcgi_pass_header +" syn keyword ngxDirectiveThirdParty fastcgi_pass_request_body +" syn keyword ngxDirectiveThirdParty fastcgi_pass_request_headers +" syn keyword ngxDirectiveThirdParty fastcgi_read_timeout +" syn keyword ngxDirectiveThirdParty fastcgi_send_lowat +" syn keyword ngxDirectiveThirdParty fastcgi_send_timeout +" syn keyword ngxDirectiveThirdParty fastcgi_split_path_info +" syn keyword ngxDirectiveThirdParty fastcgi_store +" syn keyword ngxDirectiveThirdParty fastcgi_store_access +" syn keyword ngxDirectiveThirdParty fastcgi_temp_file_write_size +" syn keyword ngxDirectiveThirdParty fastcgi_temp_path +syn keyword ngxDirectiveDeprecated fastcgi_upstream_fail_timeout +syn keyword ngxDirectiveDeprecated fastcgi_upstream_max_fails -" Cache Purge Module -" Module adding ability to purge content from FastCGI and proxy caches. +" Akamai G2O Module +" Nginx Module for Authenticating Akamai G2O requests +syn keyword ngxDirectiveThirdParty g2o +syn keyword ngxDirectiveThirdParty g2o_nonce +syn keyword ngxDirectiveThirdParty g2o_key + +" Lua Module +" You can be very simple to execute lua code for nginx +syn keyword ngxDirectiveThirdParty lua_file + +" Array Variable Module +" Add support for array-typed variables to nginx config files +syn keyword ngxDirectiveThirdParty array_split +syn keyword ngxDirectiveThirdParty array_join +syn keyword ngxDirectiveThirdParty array_map +syn keyword ngxDirectiveThirdParty array_map_op + +" Nginx Audio Track for HTTP Live Streaming +" This nginx module generates audio track for hls streams on the fly. +syn keyword ngxDirectiveThirdParty ngx_hls_audio_track +syn keyword ngxDirectiveThirdParty ngx_hls_audio_track_rootpath +syn keyword ngxDirectiveThirdParty ngx_hls_audio_track_output_format +syn keyword ngxDirectiveThirdParty ngx_hls_audio_track_output_header + +" AWS Proxy Module +" Nginx module to proxy to authenticated AWS services +syn keyword ngxDirectiveThirdParty aws_access_key +syn keyword ngxDirectiveThirdParty aws_key_scope +syn keyword ngxDirectiveThirdParty aws_signing_key +syn keyword ngxDirectiveThirdParty aws_endpoint +syn keyword ngxDirectiveThirdParty aws_s3_bucket +syn keyword ngxDirectiveThirdParty aws_sign + +" Backtrace module +" A Nginx module to dump backtrace when a worker process exits abnormally +syn keyword ngxDirectiveThirdParty backtrace_log +syn keyword ngxDirectiveThirdParty backtrace_max_stack_size + +" Brotli Module +" Nginx module for Brotli compression +syn keyword ngxDirectiveThirdParty brotli_static +syn keyword ngxDirectiveThirdParty brotli +syn keyword ngxDirectiveThirdParty brotli_types +syn keyword ngxDirectiveThirdParty brotli_buffers +syn keyword ngxDirectiveThirdParty brotli_comp_level +syn keyword ngxDirectiveThirdParty brotli_window +syn keyword ngxDirectiveThirdParty brotli_min_length + +" Cache Purge Module +" Adds ability to purge content from FastCGI, proxy, SCGI and uWSGI caches. syn keyword ngxDirectiveThirdParty fastcgi_cache_purge syn keyword ngxDirectiveThirdParty proxy_cache_purge +" syn keyword ngxDirectiveThirdParty scgi_cache_purge +" syn keyword ngxDirectiveThirdParty uwsgi_cache_purge -" Chunkin Module +" Chunkin Module (DEPRECATED) " HTTP 1.1 chunked-encoding request body support for Nginx. -syn keyword ngxDirectiveThirdParty chunkin -syn keyword ngxDirectiveThirdParty chunkin_keepalive -syn keyword ngxDirectiveThirdParty chunkin_max_chunks_per_buf -syn keyword ngxDirectiveThirdParty chunkin_resume +syn keyword ngxDirectiveDeprecated chunkin +syn keyword ngxDirectiveDeprecated chunkin_keepalive +syn keyword ngxDirectiveDeprecated chunkin_max_chunks_per_buf +syn keyword ngxDirectiveDeprecated chunkin_resume -" Circle GIF Module +" Circle GIF Module " Generates simple circle images with the colors and size specified in the URL. syn keyword ngxDirectiveThirdParty circle_gif syn keyword ngxDirectiveThirdParty circle_gif_max_radius syn keyword ngxDirectiveThirdParty circle_gif_min_radius syn keyword ngxDirectiveThirdParty circle_gif_step_radius -" Drizzle Module -" Make nginx talk directly to mysql, drizzle, and sqlite3 by libdrizzle. +" Nginx-Clojure Module +" Parses the Accept-Language header and gives the most suitable locale from a list of supported locales. +syn keyword ngxDirectiveThirdParty jvm_path +syn keyword ngxDirectiveThirdParty jvm_var +syn keyword ngxDirectiveThirdParty jvm_classpath +syn keyword ngxDirectiveThirdParty jvm_classpath_check +syn keyword ngxDirectiveThirdParty jvm_workers +syn keyword ngxDirectiveThirdParty jvm_options +syn keyword ngxDirectiveThirdParty jvm_handler_type +syn keyword ngxDirectiveThirdParty jvm_init_handler_name +syn keyword ngxDirectiveThirdParty jvm_init_handler_code +syn keyword ngxDirectiveThirdParty jvm_exit_handler_name +syn keyword ngxDirectiveThirdParty jvm_exit_handler_code +syn keyword ngxDirectiveThirdParty handlers_lazy_init +syn keyword ngxDirectiveThirdParty auto_upgrade_ws +syn keyword ngxDirectiveThirdParty content_handler_type +syn keyword ngxDirectiveThirdParty content_handler_name +syn keyword ngxDirectiveThirdParty content_handler_code +syn keyword ngxDirectiveThirdParty rewrite_handler_type +syn keyword ngxDirectiveThirdParty rewrite_handler_name +syn keyword ngxDirectiveThirdParty rewrite_handler_code +syn keyword ngxDirectiveThirdParty access_handler_type +syn keyword ngxDirectiveThirdParty access_handler_name +syn keyword ngxDirectiveThirdParty access_handler_code +syn keyword ngxDirectiveThirdParty header_filter_type +syn keyword ngxDirectiveThirdParty header_filter_name +syn keyword ngxDirectiveThirdParty header_filter_code +syn keyword ngxDirectiveThirdParty content_handler_property +syn keyword ngxDirectiveThirdParty rewrite_handler_property +syn keyword ngxDirectiveThirdParty access_handler_property +syn keyword ngxDirectiveThirdParty header_filter_property +syn keyword ngxDirectiveThirdParty always_read_body +syn keyword ngxDirectiveThirdParty shared_map +syn keyword ngxDirectiveThirdParty write_page_size + +" Upstream Consistent Hash +" A load balancer that uses an internal consistent hash ring to select the right backend node. +syn keyword ngxDirectiveThirdParty consistent_hash + +" Nginx Development Kit +" The NDK is an Nginx module that is designed to extend the core functionality of the excellent Nginx webserver in a way that can be used as a basis of other Nginx modules. +" NDK_UPSTREAM_LIST +" This submodule provides a directive that creates a list of upstreams, with optional weighting. This list can then be used by other modules to hash over the upstreams however they choose. +syn keyword ngxDirectiveThirdParty upstream_list + +" Drizzle Module +" Upstream module for talking to MySQL and Drizzle directly +syn keyword ngxDirectiveThirdParty drizzle_server +syn keyword ngxDirectiveThirdParty drizzle_keepalive +syn keyword ngxDirectiveThirdParty drizzle_query +syn keyword ngxDirectiveThirdParty drizzle_pass syn keyword ngxDirectiveThirdParty drizzle_connect_timeout -syn keyword ngxDirectiveThirdParty drizzle_dbname -syn keyword ngxDirectiveThirdParty drizzle_keepalive -syn keyword ngxDirectiveThirdParty drizzle_module_header -syn keyword ngxDirectiveThirdParty drizzle_pass -syn keyword ngxDirectiveThirdParty drizzle_query +syn keyword ngxDirectiveThirdParty drizzle_send_query_timeout syn keyword ngxDirectiveThirdParty drizzle_recv_cols_timeout syn keyword ngxDirectiveThirdParty drizzle_recv_rows_timeout -syn keyword ngxDirectiveThirdParty drizzle_send_query_timeout -syn keyword ngxDirectiveThirdParty drizzle_server +syn keyword ngxDirectiveThirdParty drizzle_buffer_size +syn keyword ngxDirectiveThirdParty drizzle_module_header +syn keyword ngxDirectiveThirdParty drizzle_status -" Echo Module -" Brings 'echo', 'sleep', 'time', 'exec' and more shell-style goodies to Nginx config file. +" Dynamic ETags Module +" Attempt at handling ETag / If-None-Match on proxied content. +syn keyword ngxDirectiveThirdParty dynamic_etags + +" Echo Module +" Bringing the power of "echo", "sleep", "time" and more to Nginx's config file syn keyword ngxDirectiveThirdParty echo -syn keyword ngxDirectiveThirdParty echo_after_body -syn keyword ngxDirectiveThirdParty echo_before_body +syn keyword ngxDirectiveThirdParty echo_duplicate +syn keyword ngxDirectiveThirdParty echo_flush +syn keyword ngxDirectiveThirdParty echo_sleep syn keyword ngxDirectiveThirdParty echo_blocking_sleep -syn keyword ngxDirectiveThirdParty echo_duplicate -syn keyword ngxDirectiveThirdParty echo_end -syn keyword ngxDirectiveThirdParty echo_exec -syn keyword ngxDirectiveThirdParty echo_flush +syn keyword ngxDirectiveThirdParty echo_reset_timer +syn keyword ngxDirectiveThirdParty echo_read_request_body +syn keyword ngxDirectiveThirdParty echo_location_async +syn keyword ngxDirectiveThirdParty echo_location +syn keyword ngxDirectiveThirdParty echo_subrequest_async +syn keyword ngxDirectiveThirdParty echo_subrequest syn keyword ngxDirectiveThirdParty echo_foreach_split -syn keyword ngxDirectiveThirdParty echo_location -syn keyword ngxDirectiveThirdParty echo_location_async -syn keyword ngxDirectiveThirdParty echo_read_request_body +syn keyword ngxDirectiveThirdParty echo_end syn keyword ngxDirectiveThirdParty echo_request_body -syn keyword ngxDirectiveThirdParty echo_reset_timer -syn keyword ngxDirectiveThirdParty echo_sleep -syn keyword ngxDirectiveThirdParty echo_subrequest -syn keyword ngxDirectiveThirdParty echo_subrequest_async +syn keyword ngxDirectiveThirdParty echo_exec +syn keyword ngxDirectiveThirdParty echo_status +syn keyword ngxDirectiveThirdParty echo_before_body +syn keyword ngxDirectiveThirdParty echo_after_body -" Events Module +" Encrypted Session Module +" Encrypt and decrypt nginx variable values +syn keyword ngxDirectiveThirdParty encrypted_session_key +syn keyword ngxDirectiveThirdParty encrypted_session_iv +syn keyword ngxDirectiveThirdParty encrypted_session_expires +syn keyword ngxDirectiveThirdParty set_encrypt_session +syn keyword ngxDirectiveThirdParty set_decrypt_session + +" Enhanced Memcached Module +" This module is based on the standard Nginx Memcached module, with some additonal features +syn keyword ngxDirectiveThirdParty enhanced_memcached_pass +syn keyword ngxDirectiveThirdParty enhanced_memcached_hash_keys_with_md5 +syn keyword ngxDirectiveThirdParty enhanced_memcached_allow_put +syn keyword ngxDirectiveThirdParty enhanced_memcached_allow_delete +syn keyword ngxDirectiveThirdParty enhanced_memcached_stats +syn keyword ngxDirectiveThirdParty enhanced_memcached_flush +syn keyword ngxDirectiveThirdParty enhanced_memcached_flush_namespace +syn keyword ngxDirectiveThirdParty enhanced_memcached_bind +syn keyword ngxDirectiveThirdParty enhanced_memcached_connect_timeout +syn keyword ngxDirectiveThirdParty enhanced_memcached_send_timeout +syn keyword ngxDirectiveThirdParty enhanced_memcached_buffer_size +syn keyword ngxDirectiveThirdParty enhanced_memcached_read_timeout + +" Events Module (DEPRECATED) " Provides options for start/stop events. -syn keyword ngxDirectiveThirdParty on_start -syn keyword ngxDirectiveThirdParty on_stop +syn keyword ngxDirectiveDeprecated on_start +syn keyword ngxDirectiveDeprecated on_stop -" EY Balancer Module +" EY Balancer Module " Adds a request queue to Nginx that allows the limiting of concurrent requests passed to the upstream. syn keyword ngxDirectiveThirdParty max_connections syn keyword ngxDirectiveThirdParty max_connections_max_queue_length syn keyword ngxDirectiveThirdParty max_connections_queue_timeout -" Fancy Indexes Module +" Upstream Fair Balancer +" Sends an incoming request to the least-busy backend server, rather than distributing requests round-robin. +syn keyword ngxDirectiveThirdParty fair +syn keyword ngxDirectiveThirdParty upstream_fair_shm_size + +" Fancy Indexes Module " Like the built-in autoindex module, but fancier. syn keyword ngxDirectiveThirdParty fancyindex +syn keyword ngxDirectiveThirdParty fancyindex_default_sort +syn keyword ngxDirectiveThirdParty fancyindex_directories_first +syn keyword ngxDirectiveThirdParty fancyindex_css_href syn keyword ngxDirectiveThirdParty fancyindex_exact_size +syn keyword ngxDirectiveThirdParty fancyindex_name_length syn keyword ngxDirectiveThirdParty fancyindex_footer syn keyword ngxDirectiveThirdParty fancyindex_header +syn keyword ngxDirectiveThirdParty fancyindex_show_path +syn keyword ngxDirectiveThirdParty fancyindex_ignore +syn keyword ngxDirectiveThirdParty fancyindex_hide_symlinks syn keyword ngxDirectiveThirdParty fancyindex_localtime -syn keyword ngxDirectiveThirdParty fancyindex_readme -syn keyword ngxDirectiveThirdParty fancyindex_readme_mode +syn keyword ngxDirectiveThirdParty fancyindex_time_format + +" Form Auth Module +" Provides authentication and authorization with credentials submitted via POST request +syn keyword ngxDirectiveThirdParty form_auth +syn keyword ngxDirectiveThirdParty form_auth_pam_service +syn keyword ngxDirectiveThirdParty form_auth_login +syn keyword ngxDirectiveThirdParty form_auth_password +syn keyword ngxDirectiveThirdParty form_auth_remote_user + +" Form Input Module +" Reads HTTP POST and PUT request body encoded in "application/x-www-form-urlencoded" and parses the arguments into nginx variables. +syn keyword ngxDirectiveThirdParty set_form_input +syn keyword ngxDirectiveThirdParty set_form_input_multi " GeoIP Module (DEPRECATED) " Country code lookups via the MaxMind GeoIP API. -syn keyword ngxDirectiveThirdParty geoip_country_file +syn keyword ngxDirectiveDeprecated geoip_country_file -" Headers More Module +" GeoIP 2 Module +" Creates variables with values from the maxmind geoip2 databases based on the client IP +syn keyword ngxDirectiveThirdParty geoip2 + +" GridFS Module +" Nginx module for serving files from MongoDB's GridFS +syn keyword ngxDirectiveThirdParty gridfs + +" Headers More Module " Set and clear input and output headers...more than "add"! syn keyword ngxDirectiveThirdParty more_clear_headers syn keyword ngxDirectiveThirdParty more_clear_input_headers syn keyword ngxDirectiveThirdParty more_set_headers syn keyword ngxDirectiveThirdParty more_set_input_headers -" HTTP Push Module -" Turn Nginx into an adept long-polling HTTP Push (Comet) server. -syn keyword ngxDirectiveThirdParty push_buffer_size -syn keyword ngxDirectiveThirdParty push_listener -syn keyword ngxDirectiveThirdParty push_message_timeout -syn keyword ngxDirectiveThirdParty push_queue_messages -syn keyword ngxDirectiveThirdParty push_sender +" Health Checks Upstreams Module +" Polls backends and if they respond with HTTP 200 + an optional request body, they are marked good. Otherwise, they are marked bad. +syn keyword ngxDirectiveThirdParty healthcheck_enabled +syn keyword ngxDirectiveThirdParty healthcheck_delay +syn keyword ngxDirectiveThirdParty healthcheck_timeout +syn keyword ngxDirectiveThirdParty healthcheck_failcount +syn keyword ngxDirectiveThirdParty healthcheck_send +syn keyword ngxDirectiveThirdParty healthcheck_expected +syn keyword ngxDirectiveThirdParty healthcheck_buffer +syn keyword ngxDirectiveThirdParty healthcheck_status -" HTTP Redis Module > -" Redis support.> -syn keyword ngxDirectiveThirdParty redis_bind -syn keyword ngxDirectiveThirdParty redis_buffer_size -syn keyword ngxDirectiveThirdParty redis_connect_timeout -syn keyword ngxDirectiveThirdParty redis_next_upstream -syn keyword ngxDirectiveThirdParty redis_pass -syn keyword ngxDirectiveThirdParty redis_read_timeout -syn keyword ngxDirectiveThirdParty redis_send_timeout +" HTTP Accounting Module +" Add traffic stat function to nginx. Useful for http accounting based on nginx configuration logic +syn keyword ngxDirectiveThirdParty http_accounting +syn keyword ngxDirectiveThirdParty http_accounting_log +syn keyword ngxDirectiveThirdParty http_accounting_id +syn keyword ngxDirectiveThirdParty http_accounting_interval +syn keyword ngxDirectiveThirdParty http_accounting_perturb -" HTTP JavaScript Module +" Nginx Digest Authentication module +" Digest Authentication for Nginx +syn keyword ngxDirectiveThirdParty auth_digest +syn keyword ngxDirectiveThirdParty auth_digest_user_file +syn keyword ngxDirectiveThirdParty auth_digest_timeout +syn keyword ngxDirectiveThirdParty auth_digest_expires +syn keyword ngxDirectiveThirdParty auth_digest_replays +syn keyword ngxDirectiveThirdParty auth_digest_shm_size + +" Auth PAM Module +" HTTP Basic Authentication using PAM. +syn keyword ngxDirectiveThirdParty auth_pam +syn keyword ngxDirectiveThirdParty auth_pam_service_name + +" HTTP Auth Request Module +" Implements client authorization based on the result of a subrequest +" syn keyword ngxDirectiveThirdParty auth_request +" syn keyword ngxDirectiveThirdParty auth_request_set + +" HTTP Concatenation module for Nginx +" A Nginx module for concatenating files in a given context: CSS and JS files usually +syn keyword ngxDirectiveThirdParty concat +syn keyword ngxDirectiveThirdParty concat_types +syn keyword ngxDirectiveThirdParty concat_unique +syn keyword ngxDirectiveThirdParty concat_max_files +syn keyword ngxDirectiveThirdParty concat_delimiter +syn keyword ngxDirectiveThirdParty concat_ignore_file_error + +" HTTP Dynamic Upstream Module +" Update upstreams' config by restful interface +syn keyword ngxDirectiveThirdParty dyups_interface +syn keyword ngxDirectiveThirdParty dyups_read_msg_timeout +syn keyword ngxDirectiveThirdParty dyups_shm_zone_size +syn keyword ngxDirectiveThirdParty dyups_upstream_conf +syn keyword ngxDirectiveThirdParty dyups_trylock + +" HTTP Footer If Filter Module +" The ngx_http_footer_if_filter_module is used to add given content to the end of the response according to the condition specified. +syn keyword ngxDirectiveThirdParty footer_if + +" HTTP Footer Filter Module +" This module implements a body filter that adds a given string to the page footer. +syn keyword ngxDirectiveThirdParty footer +syn keyword ngxDirectiveThirdParty footer_types + +" HTTP Internal Redirect Module +" Make an internal redirect to the uri specified according to the condition specified. +syn keyword ngxDirectiveThirdParty internal_redirect_if +syn keyword ngxDirectiveThirdParty internal_redirect_if_no_postponed + +" HTTP JavaScript Module " Embedding SpiderMonkey. Nearly full port on Perl module. syn keyword ngxDirectiveThirdParty js syn keyword ngxDirectiveThirdParty js_filter syn keyword ngxDirectiveThirdParty js_filter_types syn keyword ngxDirectiveThirdParty js_load syn keyword ngxDirectiveThirdParty js_maxmem syn keyword ngxDirectiveThirdParty js_require syn keyword ngxDirectiveThirdParty js_set syn keyword ngxDirectiveThirdParty js_utf8 -" Log Request Speed +" HTTP Push Module (DEPRECATED) +" Turn Nginx into an adept long-polling HTTP Push (Comet) server. +syn keyword ngxDirectiveDeprecated push_buffer_size +syn keyword ngxDirectiveDeprecated push_listener +syn keyword ngxDirectiveDeprecated push_message_timeout +syn keyword ngxDirectiveDeprecated push_queue_messages +syn keyword ngxDirectiveDeprecated push_sender + +" HTTP Redis Module +" Redis support. +syn keyword ngxDirectiveThirdParty redis_bind +syn keyword ngxDirectiveThirdParty redis_buffer_size +syn keyword ngxDirectiveThirdParty redis_connect_timeout +syn keyword ngxDirectiveThirdParty redis_next_upstream +syn keyword ngxDirectiveThirdParty redis_pass +syn keyword ngxDirectiveThirdParty redis_read_timeout +syn keyword ngxDirectiveThirdParty redis_send_timeout + +" Iconv Module +" A character conversion nginx module using libiconv +syn keyword ngxDirectiveThirdParty set_iconv +syn keyword ngxDirectiveThirdParty iconv_buffer_size +syn keyword ngxDirectiveThirdParty iconv_filter + +" IP Blocker Module +" An efficient shared memory IP blocking system for nginx. +syn keyword ngxDirectiveThirdParty ip_blocker + +" IP2Location Module +" Allows user to lookup for geolocation information using IP2Location database +syn keyword ngxDirectiveThirdParty ip2location_database + +" JS Module +" Reflect the nginx functionality in JS +syn keyword ngxDirectiveThirdParty js +syn keyword ngxDirectiveThirdParty js_access +syn keyword ngxDirectiveThirdParty js_load +syn keyword ngxDirectiveThirdParty js_set + +" Limit Upload Rate Module +" Limit client-upload rate when they are sending request bodies to you +syn keyword ngxDirectiveThirdParty limit_upload_rate +syn keyword ngxDirectiveThirdParty limit_upload_rate_after + +" Limit Upstream Module +" Limit the number of connections to upstream for NGINX +syn keyword ngxDirectiveThirdParty limit_upstream_zone +syn keyword ngxDirectiveThirdParty limit_upstream_conn +syn keyword ngxDirectiveThirdParty limit_upstream_log_level + +" Log If Module +" Conditional accesslog for nginx +syn keyword ngxDirectiveThirdParty access_log_bypass_if + +" Log Request Speed (DEPRECATED) " Log the time it took to process each request. -syn keyword ngxDirectiveThirdParty log_request_speed_filter -syn keyword ngxDirectiveThirdParty log_request_speed_filter_timeout +syn keyword ngxDirectiveDeprecated log_request_speed_filter +syn keyword ngxDirectiveDeprecated log_request_speed_filter_timeout -" Memc Module +" Log ZeroMQ Module +" ZeroMQ logger module for nginx +syn keyword ngxDirectiveThirdParty log_zmq_server +syn keyword ngxDirectiveThirdParty log_zmq_endpoint +syn keyword ngxDirectiveThirdParty log_zmq_format +syn keyword ngxDirectiveThirdParty log_zmq_off + +" Lower/UpperCase Module +" This module simply uppercases or lowercases a string and saves it into a new variable. +syn keyword ngxDirectiveThirdParty lower +syn keyword ngxDirectiveThirdParty upper + +" Lua Upstream Module +" Nginx C module to expose Lua API to ngx_lua for Nginx upstreams + +" Lua Module +" Embed the Power of Lua into NGINX HTTP servers +syn keyword ngxDirectiveThirdParty lua_use_default_type +syn keyword ngxDirectiveThirdParty lua_malloc_trim +syn keyword ngxDirectiveThirdParty lua_code_cache +syn keyword ngxDirectiveThirdParty lua_regex_cache_max_entries +syn keyword ngxDirectiveThirdParty lua_regex_match_limit +syn keyword ngxDirectiveThirdParty lua_package_path +syn keyword ngxDirectiveThirdParty lua_package_cpath +syn keyword ngxDirectiveThirdParty init_by_lua +syn keyword ngxDirectiveThirdParty init_by_lua_block +syn keyword ngxDirectiveThirdParty init_by_lua_file +syn keyword ngxDirectiveThirdParty init_worker_by_lua +syn keyword ngxDirectiveThirdParty init_worker_by_lua_block +syn keyword ngxDirectiveThirdParty init_worker_by_lua_file +syn keyword ngxDirectiveThirdParty set_by_lua +syn keyword ngxDirectiveThirdParty set_by_lua_block +syn keyword ngxDirectiveThirdParty set_by_lua_file +syn keyword ngxDirectiveThirdParty content_by_lua +syn keyword ngxDirectiveThirdParty content_by_lua_block +syn keyword ngxDirectiveThirdParty content_by_lua_file +syn keyword ngxDirectiveThirdParty rewrite_by_lua +syn keyword ngxDirectiveThirdParty rewrite_by_lua_block +syn keyword ngxDirectiveThirdParty rewrite_by_lua_file +syn keyword ngxDirectiveThirdParty access_by_lua +syn keyword ngxDirectiveThirdParty access_by_lua_block +syn keyword ngxDirectiveThirdParty access_by_lua_file +syn keyword ngxDirectiveThirdParty header_filter_by_lua +syn keyword ngxDirectiveThirdParty header_filter_by_lua_block +syn keyword ngxDirectiveThirdParty header_filter_by_lua_file +syn keyword ngxDirectiveThirdParty body_filter_by_lua +syn keyword ngxDirectiveThirdParty body_filter_by_lua_block +syn keyword ngxDirectiveThirdParty body_filter_by_lua_file +syn keyword ngxDirectiveThirdParty log_by_lua +syn keyword ngxDirectiveThirdParty log_by_lua_block +syn keyword ngxDirectiveThirdParty log_by_lua_file +syn keyword ngxDirectiveThirdParty balancer_by_lua_block +syn keyword ngxDirectiveThirdParty balancer_by_lua_file +syn keyword ngxDirectiveThirdParty lua_need_request_body +syn keyword ngxDirectiveThirdParty ssl_certificate_by_lua_block +syn keyword ngxDirectiveThirdParty ssl_certificate_by_lua_file +syn keyword ngxDirectiveThirdParty ssl_session_fetch_by_lua_block +syn keyword ngxDirectiveThirdParty ssl_session_fetch_by_lua_file +syn keyword ngxDirectiveThirdParty ssl_session_store_by_lua_block +syn keyword ngxDirectiveThirdParty ssl_session_store_by_lua_file +syn keyword ngxDirectiveThirdParty lua_shared_dict +syn keyword ngxDirectiveThirdParty lua_socket_connect_timeout +syn keyword ngxDirectiveThirdParty lua_socket_send_timeout +syn keyword ngxDirectiveThirdParty lua_socket_send_lowat +syn keyword ngxDirectiveThirdParty lua_socket_read_timeout +syn keyword ngxDirectiveThirdParty lua_socket_buffer_size +syn keyword ngxDirectiveThirdParty lua_socket_pool_size +syn keyword ngxDirectiveThirdParty lua_socket_keepalive_timeout +syn keyword ngxDirectiveThirdParty lua_socket_log_errors +syn keyword ngxDirectiveThirdParty lua_ssl_ciphers +syn keyword ngxDirectiveThirdParty lua_ssl_crl +syn keyword ngxDirectiveThirdParty lua_ssl_protocols +syn keyword ngxDirectiveThirdParty lua_ssl_trusted_certificate +syn keyword ngxDirectiveThirdParty lua_ssl_verify_depth +syn keyword ngxDirectiveThirdParty lua_http10_buffering +syn keyword ngxDirectiveThirdParty rewrite_by_lua_no_postpone +syn keyword ngxDirectiveThirdParty access_by_lua_no_postpone +syn keyword ngxDirectiveThirdParty lua_transform_underscores_in_response_headers +syn keyword ngxDirectiveThirdParty lua_check_client_abort +syn keyword ngxDirectiveThirdParty lua_max_pending_timers +syn keyword ngxDirectiveThirdParty lua_max_running_timers + +" MD5 Filter Module +" A content filter for nginx, which returns the md5 hash of the content otherwise returned. +syn keyword ngxDirectiveThirdParty md5_filter + +" Memc Module " An extended version of the standard memcached module that supports set, add, delete, and many more memcached commands. syn keyword ngxDirectiveThirdParty memc_buffer_size syn keyword ngxDirectiveThirdParty memc_cmds_allowed syn keyword ngxDirectiveThirdParty memc_connect_timeout syn keyword ngxDirectiveThirdParty memc_flags_to_last_modified syn keyword ngxDirectiveThirdParty memc_next_upstream syn keyword ngxDirectiveThirdParty memc_pass syn keyword ngxDirectiveThirdParty memc_read_timeout syn keyword ngxDirectiveThirdParty memc_send_timeout syn keyword ngxDirectiveThirdParty memc_upstream_fail_timeout syn keyword ngxDirectiveThirdParty memc_upstream_max_fails +" Mod Security Module +" ModSecurity is an open source, cross platform web application firewall (WAF) engine +syn keyword ngxDirectiveThirdParty ModSecurityConfig +syn keyword ngxDirectiveThirdParty ModSecurityEnabled +syn keyword ngxDirectiveThirdParty pool_context +syn keyword ngxDirectiveThirdParty pool_context_hash_size + " Mogilefs Module -" Implements a MogileFS client, provides a replace to the Perlbal reverse proxy of the original MogileFS. +" MogileFS client for nginx web server. +syn keyword ngxDirectiveThirdParty mogilefs_pass +syn keyword ngxDirectiveThirdParty mogilefs_methods +syn keyword ngxDirectiveThirdParty mogilefs_domain +syn keyword ngxDirectiveThirdParty mogilefs_class +syn keyword ngxDirectiveThirdParty mogilefs_tracker +syn keyword ngxDirectiveThirdParty mogilefs_noverify syn keyword ngxDirectiveThirdParty mogilefs_connect_timeout -syn keyword ngxDirectiveThirdParty mogilefs_domain -syn keyword ngxDirectiveThirdParty mogilefs_methods -syn keyword ngxDirectiveThirdParty mogilefs_noverify -syn keyword ngxDirectiveThirdParty mogilefs_pass +syn keyword ngxDirectiveThirdParty mogilefs_send_timeout syn keyword ngxDirectiveThirdParty mogilefs_read_timeout -syn keyword ngxDirectiveThirdParty mogilefs_send_timeout -syn keyword ngxDirectiveThirdParty mogilefs_tracker -" MP4 Streaming Lite Module +" Mongo Module +" Upstream module that allows nginx to communicate directly with MongoDB database. +syn keyword ngxDirectiveThirdParty mongo_auth +syn keyword ngxDirectiveThirdParty mongo_pass +syn keyword ngxDirectiveThirdParty mongo_query +syn keyword ngxDirectiveThirdParty mongo_json +syn keyword ngxDirectiveThirdParty mongo_bind +syn keyword ngxDirectiveThirdParty mongo_connect_timeout +syn keyword ngxDirectiveThirdParty mongo_send_timeout +syn keyword ngxDirectiveThirdParty mongo_read_timeout +syn keyword ngxDirectiveThirdParty mongo_buffering +syn keyword ngxDirectiveThirdParty mongo_buffer_size +syn keyword ngxDirectiveThirdParty mongo_buffers +syn keyword ngxDirectiveThirdParty mongo_busy_buffers_size +syn keyword ngxDirectiveThirdParty mongo_next_upstream + +" MP4 Streaming Lite Module " Will seek to a certain time within H.264/MP4 files when provided with a 'start' parameter in the URL. -syn keyword ngxDirectiveThirdParty mp4 +" syn keyword ngxDirectiveThirdParty mp4 -" Nginx Notice Module +" NAXSI Module +" NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX +syn keyword ngxDirectiveThirdParty DeniedUrl denied_url +syn keyword ngxDirectiveThirdParty LearningMode learning_mode +syn keyword ngxDirectiveThirdParty SecRulesEnabled rules_enabled +syn keyword ngxDirectiveThirdParty SecRulesDisabled rules_disabled +syn keyword ngxDirectiveThirdParty CheckRule check_rule +syn keyword ngxDirectiveThirdParty BasicRule basic_rule +syn keyword ngxDirectiveThirdParty MainRule main_rule +syn keyword ngxDirectiveThirdParty LibInjectionSql libinjection_sql +syn keyword ngxDirectiveThirdParty LibInjectionXss libinjection_xss + +" Nchan Module +" Fast, horizontally scalable, multiprocess pub/sub queuing server and proxy for HTTP, long-polling, Websockets and EventSource (SSE) +syn keyword ngxDirectiveThirdParty nchan_channel_id +syn keyword ngxDirectiveThirdParty nchan_channel_id_split_delimiter +syn keyword ngxDirectiveThirdParty nchan_eventsource_event +syn keyword ngxDirectiveThirdParty nchan_longpoll_multipart_response +syn keyword ngxDirectiveThirdParty nchan_publisher +syn keyword ngxDirectiveThirdParty nchan_publisher_channel_id +syn keyword ngxDirectiveThirdParty nchan_publisher_upstream_request +syn keyword ngxDirectiveThirdParty nchan_pubsub +syn keyword ngxDirectiveThirdParty nchan_subscribe_request +syn keyword ngxDirectiveThirdParty nchan_subscriber +syn keyword ngxDirectiveThirdParty nchan_subscriber_channel_id +syn keyword ngxDirectiveThirdParty nchan_subscriber_compound_etag_message_id +syn keyword ngxDirectiveThirdParty nchan_subscriber_first_message +syn keyword ngxDirectiveThirdParty nchan_subscriber_http_raw_stream_separator +syn keyword ngxDirectiveThirdParty nchan_subscriber_last_message_id +syn keyword ngxDirectiveThirdParty nchan_subscriber_message_id_custom_etag_header +syn keyword ngxDirectiveThirdParty nchan_subscriber_timeout +syn keyword ngxDirectiveThirdParty nchan_unsubscribe_request +syn keyword ngxDirectiveThirdParty nchan_websocket_ping_interval +syn keyword ngxDirectiveThirdParty nchan_authorize_request +syn keyword ngxDirectiveThirdParty nchan_max_reserved_memory +syn keyword ngxDirectiveThirdParty nchan_message_buffer_length +syn keyword ngxDirectiveThirdParty nchan_message_timeout +syn keyword ngxDirectiveThirdParty nchan_redis_idle_channel_cache_timeout +syn keyword ngxDirectiveThirdParty nchan_redis_namespace +syn keyword ngxDirectiveThirdParty nchan_redis_pass +syn keyword ngxDirectiveThirdParty nchan_redis_ping_interval +syn keyword ngxDirectiveThirdParty nchan_redis_server +syn keyword ngxDirectiveThirdParty nchan_redis_storage_mode +syn keyword ngxDirectiveThirdParty nchan_redis_url +syn keyword ngxDirectiveThirdParty nchan_store_messages +syn keyword ngxDirectiveThirdParty nchan_use_redis +syn keyword ngxDirectiveThirdParty nchan_access_control_allow_origin +syn keyword ngxDirectiveThirdParty nchan_channel_group +syn keyword ngxDirectiveThirdParty nchan_channel_group_accounting +syn keyword ngxDirectiveThirdParty nchan_group_location +syn keyword ngxDirectiveThirdParty nchan_group_max_channels +syn keyword ngxDirectiveThirdParty nchan_group_max_messages +syn keyword ngxDirectiveThirdParty nchan_group_max_messages_disk +syn keyword ngxDirectiveThirdParty nchan_group_max_messages_memory +syn keyword ngxDirectiveThirdParty nchan_group_max_subscribers +syn keyword ngxDirectiveThirdParty nchan_subscribe_existing_channels_only +syn keyword ngxDirectiveThirdParty nchan_channel_event_string +syn keyword ngxDirectiveThirdParty nchan_channel_events_channel_id +syn keyword ngxDirectiveThirdParty nchan_stub_status +syn keyword ngxDirectiveThirdParty nchan_max_channel_id_length +syn keyword ngxDirectiveThirdParty nchan_max_channel_subscribers +syn keyword ngxDirectiveThirdParty nchan_channel_timeout +syn keyword ngxDirectiveThirdParty nchan_storage_engine + +" Nginx Notice Module " Serve static file to POST requests. syn keyword ngxDirectiveThirdParty notice syn keyword ngxDirectiveThirdParty notice_type -" Phusion Passenger -" Easy and robust deployment of Ruby on Rails application on Apache and Nginx webservers. -syn keyword ngxDirectiveThirdParty passenger_base_uri -syn keyword ngxDirectiveThirdParty passenger_default_user +" OCSP Proxy Module +" Nginx OCSP processing module designed for response caching +syn keyword ngxDirectiveThirdParty ocsp_proxy +syn keyword ngxDirectiveThirdParty ocsp_cache_timeout + +" Eval Module +" Module for nginx web server evaluates response of proxy or memcached module into variables. +syn keyword ngxDirectiveThirdParty eval +syn keyword ngxDirectiveThirdParty eval_escalate +syn keyword ngxDirectiveThirdParty eval_buffer_size +syn keyword ngxDirectiveThirdParty eval_override_content_type +syn keyword ngxDirectiveThirdParty eval_subrequest_in_memory + +" OpenSSL Version Module +" Nginx OpenSSL version check at startup +syn keyword ngxDirectiveThirdParty openssl_version_minimum +syn keyword ngxDirectiveThirdParty openssl_builddate_minimum + +" Owner Match Module +" Control access for specific owners and groups of files +syn keyword ngxDirectiveThirdParty omallow +syn keyword ngxDirectiveThirdParty omdeny + +" Accept Language Module +" Parses the Accept-Language header and gives the most suitable locale from a list of supported locales. +syn keyword ngxDirectiveThirdParty pagespeed + +" PHP Memcache Standard Balancer Module +" Loadbalancer that is compatible to the standard loadbalancer in the php-memcache module +syn keyword ngxDirectiveThirdParty hash_key + +" PHP Session Module +" Nginx module to parse php sessions +syn keyword ngxDirectiveThirdParty php_session_parse +syn keyword ngxDirectiveThirdParty php_session_strip_formatting + +" Phusion Passenger Module +" Passenger is an open source web application server. +syn keyword ngxDirectiveThirdParty passenger_root syn keyword ngxDirectiveThirdParty passenger_enabled -syn keyword ngxDirectiveThirdParty passenger_log_level -syn keyword ngxDirectiveThirdParty passenger_max_instances_per_app -syn keyword ngxDirectiveThirdParty passenger_max_pool_size -syn keyword ngxDirectiveThirdParty passenger_pool_idle_time -syn keyword ngxDirectiveThirdParty passenger_root +syn keyword ngxDirectiveThirdParty passenger_base_uri +syn keyword ngxDirectiveThirdParty passenger_document_root syn keyword ngxDirectiveThirdParty passenger_ruby -syn keyword ngxDirectiveThirdParty passenger_use_global_queue +syn keyword ngxDirectiveThirdParty passenger_python +syn keyword ngxDirectiveThirdParty passenger_nodejs +syn keyword ngxDirectiveThirdParty passenger_meteor_app_settings +syn keyword ngxDirectiveThirdParty passenger_app_env +syn keyword ngxDirectiveThirdParty passenger_app_root +syn keyword ngxDirectiveThirdParty passenger_app_group_name +syn keyword ngxDirectiveThirdParty passenger_app_type +syn keyword ngxDirectiveThirdParty passenger_startup_file +syn keyword ngxDirectiveThirdParty passenger_restart_dir +syn keyword ngxDirectiveThirdParty passenger_spawn_method +syn keyword ngxDirectiveThirdParty passenger_env_var +syn keyword ngxDirectiveThirdParty passenger_load_shell_envvars +syn keyword ngxDirectiveThirdParty passenger_rolling_restarts +syn keyword ngxDirectiveThirdParty passenger_resist_deployment_errors syn keyword ngxDirectiveThirdParty passenger_user_switching -syn keyword ngxDirectiveThirdParty rack_env -syn keyword ngxDirectiveThirdParty rails_app_spawner_idle_time -syn keyword ngxDirectiveThirdParty rails_env -syn keyword ngxDirectiveThirdParty rails_framework_spawner_idle_time -syn keyword ngxDirectiveThirdParty rails_spawn_method +syn keyword ngxDirectiveThirdParty passenger_user +syn keyword ngxDirectiveThirdParty passenger_group +syn keyword ngxDirectiveThirdParty passenger_default_user +syn keyword ngxDirectiveThirdParty passenger_default_group +syn keyword ngxDirectiveThirdParty passenger_show_version_in_header +syn keyword ngxDirectiveThirdParty passenger_friendly_error_pages +syn keyword ngxDirectiveThirdParty passenger_disable_security_update_check +syn keyword ngxDirectiveThirdParty passenger_security_update_check_proxy +syn keyword ngxDirectiveThirdParty passenger_max_pool_size +syn keyword ngxDirectiveThirdParty passenger_min_instances +syn keyword ngxDirectiveThirdParty passenger_max_instances +syn keyword ngxDirectiveThirdParty passenger_max_instances_per_app +syn keyword ngxDirectiveThirdParty passenger_pool_idle_time +syn keyword ngxDirectiveThirdParty passenger_max_preloader_idle_time +syn keyword ngxDirectiveThirdParty passenger_force_max_concurrent_requests_per_process +syn keyword ngxDirectiveThirdParty passenger_start_timeout +syn keyword ngxDirectiveThirdParty passenger_concurrency_model +syn keyword ngxDirectiveThirdParty passenger_thread_count +syn keyword ngxDirectiveThirdParty passenger_max_requests +syn keyword ngxDirectiveThirdParty passenger_max_request_time +syn keyword ngxDirectiveThirdParty passenger_memory_limit +syn keyword ngxDirectiveThirdParty passenger_stat_throttle_rate +syn keyword ngxDirectiveThirdParty passenger_core_file_descriptor_ulimit +syn keyword ngxDirectiveThirdParty passenger_app_file_descriptor_ulimit +syn keyword ngxDirectiveThirdParty passenger_pre_start +syn keyword ngxDirectiveThirdParty passenger_set_header +syn keyword ngxDirectiveThirdParty passenger_max_request_queue_size +syn keyword ngxDirectiveThirdParty passenger_request_queue_overflow_status_code +syn keyword ngxDirectiveThirdParty passenger_sticky_sessions +syn keyword ngxDirectiveThirdParty passenger_sticky_sessions_cookie_name +syn keyword ngxDirectiveThirdParty passenger_abort_websockets_on_process_shutdown +syn keyword ngxDirectiveThirdParty passenger_ignore_client_abort +syn keyword ngxDirectiveThirdParty passenger_intercept_errors +syn keyword ngxDirectiveThirdParty passenger_pass_header +syn keyword ngxDirectiveThirdParty passenger_ignore_headers +syn keyword ngxDirectiveThirdParty passenger_headers_hash_bucket_size +syn keyword ngxDirectiveThirdParty passenger_headers_hash_max_size +syn keyword ngxDirectiveThirdParty passenger_buffer_response +syn keyword ngxDirectiveThirdParty passenger_response_buffer_high_watermark +syn keyword ngxDirectiveThirdParty passenger_buffer_size, passenger_buffers, passenger_busy_buffers_size +syn keyword ngxDirectiveThirdParty passenger_socket_backlog +syn keyword ngxDirectiveThirdParty passenger_log_level +syn keyword ngxDirectiveThirdParty passenger_log_file +syn keyword ngxDirectiveThirdParty passenger_file_descriptor_log_file +syn keyword ngxDirectiveThirdParty passenger_debugger +syn keyword ngxDirectiveThirdParty passenger_instance_registry_dir +syn keyword ngxDirectiveThirdParty passenger_data_buffer_dir +syn keyword ngxDirectiveThirdParty passenger_fly_with +syn keyword ngxDirectiveThirdParty union_station_support +syn keyword ngxDirectiveThirdParty union_station_key +syn keyword ngxDirectiveThirdParty union_station_proxy_address +syn keyword ngxDirectiveThirdParty union_station_filter +syn keyword ngxDirectiveThirdParty union_station_gateway_address +syn keyword ngxDirectiveThirdParty union_station_gateway_port +syn keyword ngxDirectiveThirdParty union_station_gateway_cert +syn keyword ngxDirectiveDeprecated rails_spawn_method +syn keyword ngxDirectiveDeprecated passenger_debug_log_file -" RDS JSON Module -" Help ngx_drizzle and other DBD modules emit JSON data. +" Postgres Module +" Upstream module that allows nginx to communicate directly with PostgreSQL database. +syn keyword ngxDirectiveThirdParty postgres_server +syn keyword ngxDirectiveThirdParty postgres_keepalive +syn keyword ngxDirectiveThirdParty postgres_pass +syn keyword ngxDirectiveThirdParty postgres_query +syn keyword ngxDirectiveThirdParty postgres_rewrite +syn keyword ngxDirectiveThirdParty postgres_output +syn keyword ngxDirectiveThirdParty postgres_set +syn keyword ngxDirectiveThirdParty postgres_escape +syn keyword ngxDirectiveThirdParty postgres_connect_timeout +syn keyword ngxDirectiveThirdParty postgres_result_timeout + +" Pubcookie Module +" Authorizes users using encrypted cookies +syn keyword ngxDirectiveThirdParty pubcookie_inactive_expire +syn keyword ngxDirectiveThirdParty pubcookie_hard_expire +syn keyword ngxDirectiveThirdParty pubcookie_app_id +syn keyword ngxDirectiveThirdParty pubcookie_dir_depth +syn keyword ngxDirectiveThirdParty pubcookie_catenate_app_ids +syn keyword ngxDirectiveThirdParty pubcookie_app_srv_id +syn keyword ngxDirectiveThirdParty pubcookie_login +syn keyword ngxDirectiveThirdParty pubcookie_login_method +syn keyword ngxDirectiveThirdParty pubcookie_post +syn keyword ngxDirectiveThirdParty pubcookie_domain +syn keyword ngxDirectiveThirdParty pubcookie_granting_cert_file +syn keyword ngxDirectiveThirdParty pubcookie_session_key_file +syn keyword ngxDirectiveThirdParty pubcookie_session_cert_file +syn keyword ngxDirectiveThirdParty pubcookie_crypt_key_file +syn keyword ngxDirectiveThirdParty pubcookie_end_session +syn keyword ngxDirectiveThirdParty pubcookie_encryption +syn keyword ngxDirectiveThirdParty pubcookie_session_reauth +syn keyword ngxDirectiveThirdParty pubcookie_auth_type_names +syn keyword ngxDirectiveThirdParty pubcookie_no_prompt +syn keyword ngxDirectiveThirdParty pubcookie_on_demand +syn keyword ngxDirectiveThirdParty pubcookie_addl_request +syn keyword ngxDirectiveThirdParty pubcookie_no_obscure_cookies +syn keyword ngxDirectiveThirdParty pubcookie_no_clean_creds +syn keyword ngxDirectiveThirdParty pubcookie_egd_device +syn keyword ngxDirectiveThirdParty pubcookie_no_blank +syn keyword ngxDirectiveThirdParty pubcookie_super_debug +syn keyword ngxDirectiveThirdParty pubcookie_set_remote_user + +" Push Stream Module +" A pure stream http push technology for your Nginx setup +syn keyword ngxDirectiveThirdParty push_stream_channels_statistics +syn keyword ngxDirectiveThirdParty push_stream_publisher +syn keyword ngxDirectiveThirdParty push_stream_subscriber +syn keyword ngxDirectiveThirdParty push_stream_shared_memory_size +syn keyword ngxDirectiveThirdParty push_stream_channel_deleted_message_text +syn keyword ngxDirectiveThirdParty push_stream_channel_inactivity_time +syn keyword ngxDirectiveThirdParty push_stream_ping_message_text +syn keyword ngxDirectiveThirdParty push_stream_timeout_with_body +syn keyword ngxDirectiveThirdParty push_stream_message_ttl +syn keyword ngxDirectiveThirdParty push_stream_max_subscribers_per_channel +syn keyword ngxDirectiveThirdParty push_stream_max_messages_stored_per_channel +syn keyword ngxDirectiveThirdParty push_stream_max_channel_id_length +syn keyword ngxDirectiveThirdParty push_stream_max_number_of_channels +syn keyword ngxDirectiveThirdParty push_stream_max_number_of_wildcard_channels +syn keyword ngxDirectiveThirdParty push_stream_wildcard_channel_prefix +syn keyword ngxDirectiveThirdParty push_stream_events_channel_id +syn keyword ngxDirectiveThirdParty push_stream_channels_path +syn keyword ngxDirectiveThirdParty push_stream_store_messages +syn keyword ngxDirectiveThirdParty push_stream_channel_info_on_publish +syn keyword ngxDirectiveThirdParty push_stream_authorized_channels_only +syn keyword ngxDirectiveThirdParty push_stream_header_template_file +syn keyword ngxDirectiveThirdParty push_stream_header_template +syn keyword ngxDirectiveThirdParty push_stream_message_template +syn keyword ngxDirectiveThirdParty push_stream_footer_template +syn keyword ngxDirectiveThirdParty push_stream_wildcard_channel_max_qtd +syn keyword ngxDirectiveThirdParty push_stream_ping_message_interval +syn keyword ngxDirectiveThirdParty push_stream_subscriber_connection_ttl +syn keyword ngxDirectiveThirdParty push_stream_longpolling_connection_ttl +syn keyword ngxDirectiveThirdParty push_stream_websocket_allow_publish +syn keyword ngxDirectiveThirdParty push_stream_last_received_message_time +syn keyword ngxDirectiveThirdParty push_stream_last_received_message_tag +syn keyword ngxDirectiveThirdParty push_stream_last_event_id +syn keyword ngxDirectiveThirdParty push_stream_user_agent +syn keyword ngxDirectiveThirdParty push_stream_padding_by_user_agent +syn keyword ngxDirectiveThirdParty push_stream_allowed_origins +syn keyword ngxDirectiveThirdParty push_stream_allow_connections_to_events_channel + +" rDNS Module +" Make a reverse DNS (rDNS) lookup for incoming connection and provides simple access control of incoming hostname by allow/deny rules +syn keyword ngxDirectiveThirdParty rdns +syn keyword ngxDirectiveThirdParty rdns_allow +syn keyword ngxDirectiveThirdParty rdns_deny + +" RDS CSV Module +" Nginx output filter module to convert Resty-DBD-Streams (RDS) to Comma-Separated Values (CSV) +syn keyword ngxDirectiveThirdParty rds_csv +syn keyword ngxDirectiveThirdParty rds_csv_row_terminator +syn keyword ngxDirectiveThirdParty rds_csv_field_separator +syn keyword ngxDirectiveThirdParty rds_csv_field_name_header +syn keyword ngxDirectiveThirdParty rds_csv_content_type +syn keyword ngxDirectiveThirdParty rds_csv_buffer_size + +" RDS JSON Module +" An output filter that formats Resty DBD Streams generated by ngx_drizzle and others to JSON syn keyword ngxDirectiveThirdParty rds_json +syn keyword ngxDirectiveThirdParty rds_json_buffer_size +syn keyword ngxDirectiveThirdParty rds_json_format +syn keyword ngxDirectiveThirdParty rds_json_root +syn keyword ngxDirectiveThirdParty rds_json_success_property +syn keyword ngxDirectiveThirdParty rds_json_user_property +syn keyword ngxDirectiveThirdParty rds_json_errcode_key +syn keyword ngxDirectiveThirdParty rds_json_errstr_key +syn keyword ngxDirectiveThirdParty rds_json_ret syn keyword ngxDirectiveThirdParty rds_json_content_type -syn keyword ngxDirectiveThirdParty rds_json_format -syn keyword ngxDirectiveThirdParty rds_json_ret -" RRD Graph Module +" Redis Module +" Use this module to perform simple caching +syn keyword ngxDirectiveThirdParty redis_pass +syn keyword ngxDirectiveThirdParty redis_bind +syn keyword ngxDirectiveThirdParty redis_connect_timeout +syn keyword ngxDirectiveThirdParty redis_read_timeout +syn keyword ngxDirectiveThirdParty redis_send_timeout +syn keyword ngxDirectiveThirdParty redis_buffer_size +syn keyword ngxDirectiveThirdParty redis_next_upstream +syn keyword ngxDirectiveThirdParty redis_gzip_flag + +" Redis 2 Module +" Nginx upstream module for the Redis 2.0 protocol +syn keyword ngxDirectiveThirdParty redis2_query +syn keyword ngxDirectiveThirdParty redis2_raw_query +syn keyword ngxDirectiveThirdParty redis2_raw_queries +syn keyword ngxDirectiveThirdParty redis2_literal_raw_query +syn keyword ngxDirectiveThirdParty redis2_pass +syn keyword ngxDirectiveThirdParty redis2_connect_timeout +syn keyword ngxDirectiveThirdParty redis2_send_timeout +syn keyword ngxDirectiveThirdParty redis2_read_timeout +syn keyword ngxDirectiveThirdParty redis2_buffer_size +syn keyword ngxDirectiveThirdParty redis2_next_upstream + +" Replace Filter Module +" Streaming regular expression replacement in response bodies +syn keyword ngxDirectiveThirdParty replace_filter +syn keyword ngxDirectiveThirdParty replace_filter_types +syn keyword ngxDirectiveThirdParty replace_filter_max_buffered_size +syn keyword ngxDirectiveThirdParty replace_filter_last_modified +syn keyword ngxDirectiveThirdParty replace_filter_skip + +" Roboo Module +" HTTP Robot Mitigator + +" RRD Graph Module " This module provides an HTTP interface to RRDtool's graphing facilities. syn keyword ngxDirectiveThirdParty rrd_graph syn keyword ngxDirectiveThirdParty rrd_graph_root -" Secure Download -" Create expiring links. +" RTMP Module +" NGINX-based Media Streaming Server +syn keyword ngxDirectiveThirdParty rtmp +" syn keyword ngxDirectiveThirdParty server +" syn keyword ngxDirectiveThirdParty listen +syn keyword ngxDirectiveThirdParty application +" syn keyword ngxDirectiveThirdParty timeout +syn keyword ngxDirectiveThirdParty ping +syn keyword ngxDirectiveThirdParty ping_timeout +syn keyword ngxDirectiveThirdParty max_streams +syn keyword ngxDirectiveThirdParty ack_window +syn keyword ngxDirectiveThirdParty chunk_size +syn keyword ngxDirectiveThirdParty max_queue +syn keyword ngxDirectiveThirdParty max_message +syn keyword ngxDirectiveThirdParty out_queue +syn keyword ngxDirectiveThirdParty out_cork +" syn keyword ngxDirectiveThirdParty allow +" syn keyword ngxDirectiveThirdParty deny +syn keyword ngxDirectiveThirdParty exec_push +syn keyword ngxDirectiveThirdParty exec_pull +syn keyword ngxDirectiveThirdParty exec +syn keyword ngxDirectiveThirdParty exec_options +syn keyword ngxDirectiveThirdParty exec_static +syn keyword ngxDirectiveThirdParty exec_kill_signal +syn keyword ngxDirectiveThirdParty respawn +syn keyword ngxDirectiveThirdParty respawn_timeout +syn keyword ngxDirectiveThirdParty exec_publish +syn keyword ngxDirectiveThirdParty exec_play +syn keyword ngxDirectiveThirdParty exec_play_done +syn keyword ngxDirectiveThirdParty exec_publish_done +syn keyword ngxDirectiveThirdParty exec_record_done +syn keyword ngxDirectiveThirdParty live +syn keyword ngxDirectiveThirdParty meta +syn keyword ngxDirectiveThirdParty interleave +syn keyword ngxDirectiveThirdParty wait_key +syn keyword ngxDirectiveThirdParty wait_video +syn keyword ngxDirectiveThirdParty publish_notify +syn keyword ngxDirectiveThirdParty drop_idle_publisher +syn keyword ngxDirectiveThirdParty sync +syn keyword ngxDirectiveThirdParty play_restart +syn keyword ngxDirectiveThirdParty idle_streams +syn keyword ngxDirectiveThirdParty record +syn keyword ngxDirectiveThirdParty record_path +syn keyword ngxDirectiveThirdParty record_suffix +syn keyword ngxDirectiveThirdParty record_unique +syn keyword ngxDirectiveThirdParty record_append +syn keyword ngxDirectiveThirdParty record_lock +syn keyword ngxDirectiveThirdParty record_max_size +syn keyword ngxDirectiveThirdParty record_max_frames +syn keyword ngxDirectiveThirdParty record_interval +syn keyword ngxDirectiveThirdParty recorder +syn keyword ngxDirectiveThirdParty record_notify +syn keyword ngxDirectiveThirdParty play +syn keyword ngxDirectiveThirdParty play_temp_path +syn keyword ngxDirectiveThirdParty play_local_path +syn keyword ngxDirectiveThirdParty pull +syn keyword ngxDirectiveThirdParty push +syn keyword ngxDirectiveThirdParty push_reconnect +syn keyword ngxDirectiveThirdParty session_relay +syn keyword ngxDirectiveThirdParty on_connect +syn keyword ngxDirectiveThirdParty on_play +syn keyword ngxDirectiveThirdParty on_publish +syn keyword ngxDirectiveThirdParty on_done +syn keyword ngxDirectiveThirdParty on_play_done +syn keyword ngxDirectiveThirdParty on_publish_done +syn keyword ngxDirectiveThirdParty on_record_done +syn keyword ngxDirectiveThirdParty on_update +syn keyword ngxDirectiveThirdParty notify_update_timeout +syn keyword ngxDirectiveThirdParty notify_update_strict +syn keyword ngxDirectiveThirdParty notify_relay_redirect +syn keyword ngxDirectiveThirdParty notify_method +syn keyword ngxDirectiveThirdParty hls +syn keyword ngxDirectiveThirdParty hls_path +syn keyword ngxDirectiveThirdParty hls_fragment +syn keyword ngxDirectiveThirdParty hls_playlist_length +syn keyword ngxDirectiveThirdParty hls_sync +syn keyword ngxDirectiveThirdParty hls_continuous +syn keyword ngxDirectiveThirdParty hls_nested +syn keyword ngxDirectiveThirdParty hls_base_url +syn keyword ngxDirectiveThirdParty hls_cleanup +syn keyword ngxDirectiveThirdParty hls_fragment_naming +syn keyword ngxDirectiveThirdParty hls_fragment_slicing +syn keyword ngxDirectiveThirdParty hls_variant +syn keyword ngxDirectiveThirdParty hls_type +syn keyword ngxDirectiveThirdParty hls_keys +syn keyword ngxDirectiveThirdParty hls_key_path +syn keyword ngxDirectiveThirdParty hls_key_url +syn keyword ngxDirectiveThirdParty hls_fragments_per_key +syn keyword ngxDirectiveThirdParty dash +syn keyword ngxDirectiveThirdParty dash_path +syn keyword ngxDirectiveThirdParty dash_fragment +syn keyword ngxDirectiveThirdParty dash_playlist_length +syn keyword ngxDirectiveThirdParty dash_nested +syn keyword ngxDirectiveThirdParty dash_cleanup +" syn keyword ngxDirectiveThirdParty access_log +" syn keyword ngxDirectiveThirdParty log_format +syn keyword ngxDirectiveThirdParty max_connections +syn keyword ngxDirectiveThirdParty rtmp_stat +syn keyword ngxDirectiveThirdParty rtmp_stat_stylesheet +syn keyword ngxDirectiveThirdParty rtmp_auto_push +syn keyword ngxDirectiveThirdParty rtmp_auto_push_reconnect +syn keyword ngxDirectiveThirdParty rtmp_socket_dir +syn keyword ngxDirectiveThirdParty rtmp_control + +" RTMPT Module +" Module for nginx to proxy rtmp using http protocol +syn keyword ngxDirectiveThirdParty rtmpt_proxy_target +syn keyword ngxDirectiveThirdParty rtmpt_proxy_rtmp_timeout +syn keyword ngxDirectiveThirdParty rtmpt_proxy_http_timeout +syn keyword ngxDirectiveThirdParty rtmpt_proxy +syn keyword ngxDirectiveThirdParty rtmpt_proxy_stat +syn keyword ngxDirectiveThirdParty rtmpt_proxy_stylesheet + +" Syntactically Awesome Module +" Providing on-the-fly compiling of Sass files as an NGINX module. +syn keyword ngxDirectiveThirdParty sass_compile +syn keyword ngxDirectiveThirdParty sass_error_log +syn keyword ngxDirectiveThirdParty sass_include_path +syn keyword ngxDirectiveThirdParty sass_indent +syn keyword ngxDirectiveThirdParty sass_is_indented_syntax +syn keyword ngxDirectiveThirdParty sass_linefeed +syn keyword ngxDirectiveThirdParty sass_precision +syn keyword ngxDirectiveThirdParty sass_output_style +syn keyword ngxDirectiveThirdParty sass_source_comments +syn keyword ngxDirectiveThirdParty sass_source_map_embed + +" Secure Download Module +" Enables you to create links which are only valid until a certain datetime is reached syn keyword ngxDirectiveThirdParty secure_download -syn keyword ngxDirectiveThirdParty secure_download_fail_location +syn keyword ngxDirectiveThirdParty secure_download_secret syn keyword ngxDirectiveThirdParty secure_download_path_mode -syn keyword ngxDirectiveThirdParty secure_download_secret -" SlowFS Cache Module +" Selective Cache Purge Module +" A module to purge cache by GLOB patterns. The supported patterns are the same as supported by Redis. +syn keyword ngxDirectiveThirdParty selective_cache_purge_redis_unix_socket +syn keyword ngxDirectiveThirdParty selective_cache_purge_redis_host +syn keyword ngxDirectiveThirdParty selective_cache_purge_redis_port +syn keyword ngxDirectiveThirdParty selective_cache_purge_redis_database +syn keyword ngxDirectiveThirdParty selective_cache_purge_query + +" Set cconv Module +" Cconv rewrite set commands +syn keyword ngxDirectiveThirdParty set_cconv_to_simp +syn keyword ngxDirectiveThirdParty set_cconv_to_trad +syn keyword ngxDirectiveThirdParty set_pinyin_to_normal + +" Set Hash Module +" Nginx module that allows the setting of variables to the value of a variety of hashes +syn keyword ngxDirectiveThirdParty set_md5 +syn keyword ngxDirectiveThirdParty set_md5_upper +syn keyword ngxDirectiveThirdParty set_murmur2 +syn keyword ngxDirectiveThirdParty set_murmur2_upper +syn keyword ngxDirectiveThirdParty set_sha1 +syn keyword ngxDirectiveThirdParty set_sha1_upper + +" Set Lang Module +" Provides a variety of ways for setting a variable denoting the langauge that content should be returned in. +syn keyword ngxDirectiveThirdParty set_lang +syn keyword ngxDirectiveThirdParty set_lang_method +syn keyword ngxDirectiveThirdParty lang_cookie +syn keyword ngxDirectiveThirdParty lang_get_var +syn keyword ngxDirectiveThirdParty lang_list +syn keyword ngxDirectiveThirdParty lang_post_var +syn keyword ngxDirectiveThirdParty lang_host +syn keyword ngxDirectiveThirdParty lang_referer + +" Set Misc Module +" Various set_xxx directives added to nginx's rewrite module +syn keyword ngxDirectiveThirdParty set_if_empty +syn keyword ngxDirectiveThirdParty set_quote_sql_str +syn keyword ngxDirectiveThirdParty set_quote_pgsql_str +syn keyword ngxDirectiveThirdParty set_quote_json_str +syn keyword ngxDirectiveThirdParty set_unescape_uri +syn keyword ngxDirectiveThirdParty set_escape_uri +syn keyword ngxDirectiveThirdParty set_hashed_upstream +syn keyword ngxDirectiveThirdParty set_encode_base32 +syn keyword ngxDirectiveThirdParty set_base32_padding +syn keyword ngxDirectiveThirdParty set_misc_base32_padding +syn keyword ngxDirectiveThirdParty set_base32_alphabet +syn keyword ngxDirectiveThirdParty set_decode_base32 +syn keyword ngxDirectiveThirdParty set_encode_base64 +syn keyword ngxDirectiveThirdParty set_decode_base64 +syn keyword ngxDirectiveThirdParty set_encode_hex +syn keyword ngxDirectiveThirdParty set_decode_hex +syn keyword ngxDirectiveThirdParty set_sha1 +syn keyword ngxDirectiveThirdParty set_md5 +syn keyword ngxDirectiveThirdParty set_hmac_sha1 +syn keyword ngxDirectiveThirdParty set_random +syn keyword ngxDirectiveThirdParty set_secure_random_alphanum +syn keyword ngxDirectiveThirdParty set_secure_random_lcalpha +syn keyword ngxDirectiveThirdParty set_rotate +syn keyword ngxDirectiveThirdParty set_local_today +syn keyword ngxDirectiveThirdParty set_formatted_gmt_time +syn keyword ngxDirectiveThirdParty set_formatted_local_time + +" SFlow Module +" A binary, random-sampling nginx module designed for: lightweight, centralized, continuous, real-time monitoring of very large and very busy web farms. +syn keyword ngxDirectiveThirdParty sflow + +" Shibboleth Module +" Shibboleth auth request module for nginx +syn keyword ngxDirectiveThirdParty shib_request +syn keyword ngxDirectiveThirdParty shib_request_set +syn keyword ngxDirectiveThirdParty shib_request_use_headers + +" Slice Module +" Nginx module for serving a file in slices (reverse byte-range) +" syn keyword ngxDirectiveThirdParty slice +syn keyword ngxDirectiveThirdParty slice_arg_begin +syn keyword ngxDirectiveThirdParty slice_arg_end +syn keyword ngxDirectiveThirdParty slice_header +syn keyword ngxDirectiveThirdParty slice_footer +syn keyword ngxDirectiveThirdParty slice_header_first +syn keyword ngxDirectiveThirdParty slice_footer_last + +" SlowFS Cache Module " Module adding ability to cache static files. syn keyword ngxDirectiveThirdParty slowfs_big_file_size syn keyword ngxDirectiveThirdParty slowfs_cache syn keyword ngxDirectiveThirdParty slowfs_cache_key syn keyword ngxDirectiveThirdParty slowfs_cache_min_uses syn keyword ngxDirectiveThirdParty slowfs_cache_path syn keyword ngxDirectiveThirdParty slowfs_cache_purge syn keyword ngxDirectiveThirdParty slowfs_cache_valid syn keyword ngxDirectiveThirdParty slowfs_temp_path -" Strip Module +" Small Light Module +" Dynamic Image Transformation Module For nginx. +syn keyword ngxDirectiveThirdParty small_light +syn keyword ngxDirectiveThirdParty small_light_getparam_mode +syn keyword ngxDirectiveThirdParty small_light_material_dir +syn keyword ngxDirectiveThirdParty small_light_pattern_define +syn keyword ngxDirectiveThirdParty small_light_radius_max +syn keyword ngxDirectiveThirdParty small_light_sigma_max +syn keyword ngxDirectiveThirdParty small_light_imlib2_temp_dir +syn keyword ngxDirectiveThirdParty small_light_buffer + +" Sorted Querystring Filter Module +" Nginx module to expose querystring parameters sorted in a variable to be used on cache_key as example +syn keyword ngxDirectiveThirdParty sorted_querystring_filter_parameter + +" Sphinx2 Module +" Nginx upstream module for Sphinx 2.x +syn keyword ngxDirectiveThirdParty sphinx2_pass +syn keyword ngxDirectiveThirdParty sphinx2_bind +syn keyword ngxDirectiveThirdParty sphinx2_connect_timeout +syn keyword ngxDirectiveThirdParty sphinx2_send_timeout +syn keyword ngxDirectiveThirdParty sphinx2_buffer_size +syn keyword ngxDirectiveThirdParty sphinx2_read_timeout +syn keyword ngxDirectiveThirdParty sphinx2_next_upstream + +" HTTP SPNEGO auth Module +" This module implements adds SPNEGO support to nginx(http://nginx.org). It currently supports only Kerberos authentication via GSSAPI +syn keyword ngxDirectiveThirdParty auth_gss +syn keyword ngxDirectiveThirdParty auth_gss_keytab +syn keyword ngxDirectiveThirdParty auth_gss_realm +syn keyword ngxDirectiveThirdParty auth_gss_service_name +syn keyword ngxDirectiveThirdParty auth_gss_authorized_principal +syn keyword ngxDirectiveThirdParty auth_gss_allow_basic_fallback + +" SR Cache Module +" Transparent subrequest-based caching layout for arbitrary nginx locations +syn keyword ngxDirectiveThirdParty srcache_fetch +syn keyword ngxDirectiveThirdParty srcache_fetch_skip +syn keyword ngxDirectiveThirdParty srcache_store +syn keyword ngxDirectiveThirdParty srcache_store_max_size +syn keyword ngxDirectiveThirdParty srcache_store_skip +syn keyword ngxDirectiveThirdParty srcache_store_statuses +syn keyword ngxDirectiveThirdParty srcache_store_ranges +syn keyword ngxDirectiveThirdParty srcache_header_buffer_size +syn keyword ngxDirectiveThirdParty srcache_store_hide_header +syn keyword ngxDirectiveThirdParty srcache_store_pass_header +syn keyword ngxDirectiveThirdParty srcache_methods +syn keyword ngxDirectiveThirdParty srcache_ignore_content_encoding +syn keyword ngxDirectiveThirdParty srcache_request_cache_control +syn keyword ngxDirectiveThirdParty srcache_response_cache_control +syn keyword ngxDirectiveThirdParty srcache_store_no_store +syn keyword ngxDirectiveThirdParty srcache_store_no_cache +syn keyword ngxDirectiveThirdParty srcache_store_private +syn keyword ngxDirectiveThirdParty srcache_default_expire +syn keyword ngxDirectiveThirdParty srcache_max_expire + +" SSSD Info Module +" Retrives additional attributes from SSSD for current authentizated user +syn keyword ngxDirectiveThirdParty sssd_info +syn keyword ngxDirectiveThirdParty sssd_info_output_to +syn keyword ngxDirectiveThirdParty sssd_info_groups +syn keyword ngxDirectiveThirdParty sssd_info_group +syn keyword ngxDirectiveThirdParty sssd_info_group_separator +syn keyword ngxDirectiveThirdParty sssd_info_attributes +syn keyword ngxDirectiveThirdParty sssd_info_attribute +syn keyword ngxDirectiveThirdParty sssd_info_attribute_separator + +" Static Etags Module +" Generate etags for static content +syn keyword ngxDirectiveThirdParty FileETag + +" Statsd Module +" An nginx module for sending statistics to statsd +syn keyword ngxDirectiveThirdParty statsd_server +syn keyword ngxDirectiveThirdParty statsd_sample_rate +syn keyword ngxDirectiveThirdParty statsd_count +syn keyword ngxDirectiveThirdParty statsd_timing + +" Sticky Module +" Add a sticky cookie to be always forwarded to the same upstream server +" syn keyword ngxDirectiveThirdParty sticky + +" Stream Echo Module +" TCP/stream echo module for NGINX (a port of ngx_http_echo_module) +syn keyword ngxDirectiveThirdParty echo +syn keyword ngxDirectiveThirdParty echo_duplicate +syn keyword ngxDirectiveThirdParty echo_flush_wait +syn keyword ngxDirectiveThirdParty echo_sleep +syn keyword ngxDirectiveThirdParty echo_send_timeout +syn keyword ngxDirectiveThirdParty echo_read_bytes +syn keyword ngxDirectiveThirdParty echo_read_line +syn keyword ngxDirectiveThirdParty echo_request_data +syn keyword ngxDirectiveThirdParty echo_discard_request +syn keyword ngxDirectiveThirdParty echo_read_buffer_size +syn keyword ngxDirectiveThirdParty echo_read_timeout +syn keyword ngxDirectiveThirdParty echo_client_error_log_level +syn keyword ngxDirectiveThirdParty echo_lingering_close +syn keyword ngxDirectiveThirdParty echo_lingering_time +syn keyword ngxDirectiveThirdParty echo_lingering_timeout + +" Stream Lua Module +" Embed the power of Lua into Nginx stream/TCP Servers. +syn keyword ngxDirectiveThirdParty lua_resolver +syn keyword ngxDirectiveThirdParty lua_resolver_timeout +syn keyword ngxDirectiveThirdParty lua_lingering_close +syn keyword ngxDirectiveThirdParty lua_lingering_time +syn keyword ngxDirectiveThirdParty lua_lingering_timeout + +" Stream Upsync Module +" Sync upstreams from consul or others, dynamiclly modify backend-servers attribute(weight, max_fails,...), needn't reload nginx. +syn keyword ngxDirectiveThirdParty upsync +syn keyword ngxDirectiveThirdParty upsync_dump_path +syn keyword ngxDirectiveThirdParty upsync_lb +syn keyword ngxDirectiveThirdParty upsync_show + +" Strip Module " Whitespace remover. syn keyword ngxDirectiveThirdParty strip -" Substitutions Module +" Subrange Module +" Split one big HTTP/Range request to multiple subrange requesets +syn keyword ngxDirectiveThirdParty subrange + +" Substitutions Module " A filter module which can do both regular expression and fixed string substitutions on response bodies. syn keyword ngxDirectiveThirdParty subs_filter syn keyword ngxDirectiveThirdParty subs_filter_types -" Supervisord Module +" Summarizer Module +" Upstream nginx module to get summaries of documents using the summarizer daemon service +syn keyword ngxDirectiveThirdParty smrzr_filename +syn keyword ngxDirectiveThirdParty smrzr_ratio + +" Supervisord Module " Module providing nginx with API to communicate with supervisord and manage (start/stop) backends on-demand. syn keyword ngxDirectiveThirdParty supervisord syn keyword ngxDirectiveThirdParty supervisord_inherit_backend_status syn keyword ngxDirectiveThirdParty supervisord_name syn keyword ngxDirectiveThirdParty supervisord_start syn keyword ngxDirectiveThirdParty supervisord_stop -" Upload Module -" Parses multipart/form-data allowing arbitrary handling of uploaded files. -syn keyword ngxDirectiveThirdParty upload_aggregate_form_field -syn keyword ngxDirectiveThirdParty upload_buffer_size -syn keyword ngxDirectiveThirdParty upload_cleanup -syn keyword ngxDirectiveThirdParty upload_limit_rate -syn keyword ngxDirectiveThirdParty upload_max_file_size -syn keyword ngxDirectiveThirdParty upload_max_output_body_len -syn keyword ngxDirectiveThirdParty upload_max_part_header_len -syn keyword ngxDirectiveThirdParty upload_pass -syn keyword ngxDirectiveThirdParty upload_pass_args -syn keyword ngxDirectiveThirdParty upload_pass_form_field -syn keyword ngxDirectiveThirdParty upload_set_form_field -syn keyword ngxDirectiveThirdParty upload_store -syn keyword ngxDirectiveThirdParty upload_store_access +" Tarantool Upstream Module +" Tarantool NginX upstream module (REST, JSON API, websockets, load balancing) +syn keyword ngxDirectiveThirdParty tnt_pass +syn keyword ngxDirectiveThirdParty tnt_http_methods +syn keyword ngxDirectiveThirdParty tnt_http_rest_methods +syn keyword ngxDirectiveThirdParty tnt_pass_http_request +syn keyword ngxDirectiveThirdParty tnt_pass_http_request_buffer_size +syn keyword ngxDirectiveThirdParty tnt_method +syn keyword ngxDirectiveThirdParty tnt_http_allowed_methods - experemental +syn keyword ngxDirectiveThirdParty tnt_send_timeout +syn keyword ngxDirectiveThirdParty tnt_read_timeout +syn keyword ngxDirectiveThirdParty tnt_buffer_size +syn keyword ngxDirectiveThirdParty tnt_next_upstream +syn keyword ngxDirectiveThirdParty tnt_connect_timeout +syn keyword ngxDirectiveThirdParty tnt_next_upstream +syn keyword ngxDirectiveThirdParty tnt_next_upstream_tries +syn keyword ngxDirectiveThirdParty tnt_next_upstream_timeout -" Upload Progress Module -" Tracks and reports upload progress. +" TCP Proxy Module +" Add the feature of tcp proxy with nginx, with health check and status monitor +syn keyword ngxDirectiveBlock tcp +" syn keyword ngxDirectiveThirdParty server +" syn keyword ngxDirectiveThirdParty listen +" syn keyword ngxDirectiveThirdParty allow +" syn keyword ngxDirectiveThirdParty deny +" syn keyword ngxDirectiveThirdParty so_keepalive +" syn keyword ngxDirectiveThirdParty tcp_nodelay +" syn keyword ngxDirectiveThirdParty timeout +" syn keyword ngxDirectiveThirdParty server_name +" syn keyword ngxDirectiveThirdParty resolver +" syn keyword ngxDirectiveThirdParty resolver_timeout +" syn keyword ngxDirectiveThirdParty upstream +syn keyword ngxDirectiveThirdParty check +syn keyword ngxDirectiveThirdParty check_http_send +syn keyword ngxDirectiveThirdParty check_http_expect_alive +syn keyword ngxDirectiveThirdParty check_smtp_send +syn keyword ngxDirectiveThirdParty check_smtp_expect_alive +syn keyword ngxDirectiveThirdParty check_shm_size +syn keyword ngxDirectiveThirdParty check_status +" syn keyword ngxDirectiveThirdParty ip_hash +" syn keyword ngxDirectiveThirdParty proxy_pass +" syn keyword ngxDirectiveThirdParty proxy_buffer +" syn keyword ngxDirectiveThirdParty proxy_connect_timeout +" syn keyword ngxDirectiveThirdParty proxy_read_timeout +syn keyword ngxDirectiveThirdParty proxy_write_timeout + +" Testcookie Module +" NGINX module for L7 DDoS attack mitigation +syn keyword ngxDirectiveThirdParty testcookie +syn keyword ngxDirectiveThirdParty testcookie_name +syn keyword ngxDirectiveThirdParty testcookie_domain +syn keyword ngxDirectiveThirdParty testcookie_expires +syn keyword ngxDirectiveThirdParty testcookie_path +syn keyword ngxDirectiveThirdParty testcookie_secret +syn keyword ngxDirectiveThirdParty testcookie_session +syn keyword ngxDirectiveThirdParty testcookie_arg +syn keyword ngxDirectiveThirdParty testcookie_max_attempts +syn keyword ngxDirectiveThirdParty testcookie_p3p +syn keyword ngxDirectiveThirdParty testcookie_fallback +syn keyword ngxDirectiveThirdParty testcookie_whitelist +syn keyword ngxDirectiveThirdParty testcookie_pass +syn keyword ngxDirectiveThirdParty testcookie_redirect_via_refresh +syn keyword ngxDirectiveThirdParty testcookie_refresh_template +syn keyword ngxDirectiveThirdParty testcookie_refresh_status +syn keyword ngxDirectiveThirdParty testcookie_deny_keepalive +syn keyword ngxDirectiveThirdParty testcookie_get_only +syn keyword ngxDirectiveThirdParty testcookie_https_location +syn keyword ngxDirectiveThirdParty testcookie_refresh_encrypt_cookie +syn keyword ngxDirectiveThirdParty testcookie_refresh_encrypt_cookie_key +syn keyword ngxDirectiveThirdParty testcookie_refresh_encrypt_iv +syn keyword ngxDirectiveThirdParty testcookie_internal +syn keyword ngxDirectiveThirdParty testcookie_httponly_flag +syn keyword ngxDirectiveThirdParty testcookie_secure_flag + +" Types Filter Module +" Change the `Content-Type` output header depending on an extension variable according to a condition specified in the 'if' clause. +syn keyword ngxDirectiveThirdParty types_filter +syn keyword ngxDirectiveThirdParty types_filter_use_default + +" Unzip Module +" Enabling fetching of files that are stored in zipped archives. +syn keyword ngxDirectiveThirdParty file_in_unzip_archivefile +syn keyword ngxDirectiveThirdParty file_in_unzip_extract +syn keyword ngxDirectiveThirdParty file_in_unzip + +" Upload Progress Module +" An upload progress system, that monitors RFC1867 POST upload as they are transmitted to upstream servers +syn keyword ngxDirectiveThirdParty upload_progress +syn keyword ngxDirectiveThirdParty track_uploads syn keyword ngxDirectiveThirdParty report_uploads -syn keyword ngxDirectiveThirdParty track_uploads -syn keyword ngxDirectiveThirdParty upload_progress syn keyword ngxDirectiveThirdParty upload_progress_content_type syn keyword ngxDirectiveThirdParty upload_progress_header +syn keyword ngxDirectiveThirdParty upload_progress_jsonp_parameter syn keyword ngxDirectiveThirdParty upload_progress_json_output +syn keyword ngxDirectiveThirdParty upload_progress_jsonp_output syn keyword ngxDirectiveThirdParty upload_progress_template -" Upstream Fair Balancer -" Sends an incoming request to the least-busy backend server, rather than distributing requests round-robin. +" Upload Module +" Parses request body storing all files being uploaded to a directory specified by upload_store directive +syn keyword ngxDirectiveThirdParty upload_pass +syn keyword ngxDirectiveThirdParty upload_resumable +syn keyword ngxDirectiveThirdParty upload_store +syn keyword ngxDirectiveThirdParty upload_state_store +syn keyword ngxDirectiveThirdParty upload_store_access +syn keyword ngxDirectiveThirdParty upload_set_form_field +syn keyword ngxDirectiveThirdParty upload_aggregate_form_field +syn keyword ngxDirectiveThirdParty upload_pass_form_field +syn keyword ngxDirectiveThirdParty upload_cleanup +syn keyword ngxDirectiveThirdParty upload_buffer_size +syn keyword ngxDirectiveThirdParty upload_max_part_header_len +syn keyword ngxDirectiveThirdParty upload_max_file_size +syn keyword ngxDirectiveThirdParty upload_limit_rate +syn keyword ngxDirectiveThirdParty upload_max_output_body_len +syn keyword ngxDirectiveThirdParty upload_tame_arrays +syn keyword ngxDirectiveThirdParty upload_pass_args + +" Upstream Fair Module +" The fair load balancer module for nginx http://nginx.localdomain.pl syn keyword ngxDirectiveThirdParty fair syn keyword ngxDirectiveThirdParty upstream_fair_shm_size -" Upstream Consistent Hash -" Select backend based on Consistent hash ring. -syn keyword ngxDirectiveThirdParty consistent_hash - -" Upstream Hash Module +" Upstream Hash Module (DEPRECATED) " Provides simple upstream load distribution by hashing a configurable variable. -syn keyword ngxDirectiveThirdParty hash -syn keyword ngxDirectiveThirdParty hash_again +" syn keyword ngxDirectiveDeprecated hash +syn keyword ngxDirectiveDeprecated hash_again -" XSS Module +" Upstream Domain Resolve Module +" A load-balancer that resolves an upstream domain name asynchronously. +syn keyword ngxDirectiveThirdParty jdomain + +" Upsync Module +" Sync upstreams from consul or others, dynamiclly modify backend-servers attribute(weight, max_fails,...), needn't reload nginx +syn keyword ngxDirectiveThirdParty upsync +syn keyword ngxDirectiveThirdParty upsync_dump_path +syn keyword ngxDirectiveThirdParty upsync_lb +syn keyword ngxDirectiveThirdParty upstream_show + +" URL Module +" Nginx url encoding converting module +syn keyword ngxDirectiveThirdParty url_encoding_convert +syn keyword ngxDirectiveThirdParty url_encoding_convert_from +syn keyword ngxDirectiveThirdParty url_encoding_convert_to + +" User Agent Module +" Match browsers and crawlers +syn keyword ngxDirectiveThirdParty user_agent + +" Upstrema Ketama Chash Module +" Nginx load-balancer module implementing ketama consistent hashing. +syn keyword ngxDirectiveThirdParty ketama_chash + +" Video Thumbextractor Module +" Extract thumbs from a video file +syn keyword ngxDirectiveThirdParty video_thumbextractor +syn keyword ngxDirectiveThirdParty video_thumbextractor_video_filename +syn keyword ngxDirectiveThirdParty video_thumbextractor_video_second +syn keyword ngxDirectiveThirdParty video_thumbextractor_image_width +syn keyword ngxDirectiveThirdParty video_thumbextractor_image_height +syn keyword ngxDirectiveThirdParty video_thumbextractor_only_keyframe +syn keyword ngxDirectiveThirdParty video_thumbextractor_next_time +syn keyword ngxDirectiveThirdParty video_thumbextractor_tile_rows +syn keyword ngxDirectiveThirdParty video_thumbextractor_tile_cols +syn keyword ngxDirectiveThirdParty video_thumbextractor_tile_max_rows +syn keyword ngxDirectiveThirdParty video_thumbextractor_tile_max_cols +syn keyword ngxDirectiveThirdParty video_thumbextractor_tile_sample_interval +syn keyword ngxDirectiveThirdParty video_thumbextractor_tile_color +syn keyword ngxDirectiveThirdParty video_thumbextractor_tile_margin +syn keyword ngxDirectiveThirdParty video_thumbextractor_tile_padding +syn keyword ngxDirectiveThirdParty video_thumbextractor_threads +syn keyword ngxDirectiveThirdParty video_thumbextractor_processes_per_worker + +" Eval Module +" Module for nginx web server evaluates response of proxy or memcached module into variables. +syn keyword ngxDirectiveThirdParty eval +syn keyword ngxDirectiveThirdParty eval_escalate +syn keyword ngxDirectiveThirdParty eval_override_content_type + +" VTS Module +" Nginx virtual host traffic status module +syn keyword ngxDirectiveThirdParty vhost_traffic_status +syn keyword ngxDirectiveThirdParty vhost_traffic_status_zone +syn keyword ngxDirectiveThirdParty vhost_traffic_status_display +syn keyword ngxDirectiveThirdParty vhost_traffic_status_display_format +syn keyword ngxDirectiveThirdParty vhost_traffic_status_display_jsonp +syn keyword ngxDirectiveThirdParty vhost_traffic_status_filter +syn keyword ngxDirectiveThirdParty vhost_traffic_status_filter_by_host +syn keyword ngxDirectiveThirdParty vhost_traffic_status_filter_by_set_key +syn keyword ngxDirectiveThirdParty vhost_traffic_status_filter_check_duplicate +syn keyword ngxDirectiveThirdParty vhost_traffic_status_limit +syn keyword ngxDirectiveThirdParty vhost_traffic_status_limit_traffic +syn keyword ngxDirectiveThirdParty vhost_traffic_status_limit_traffic_by_set_key +syn keyword ngxDirectiveThirdParty vhost_traffic_status_limit_check_duplicate + +" XSS Module " Native support for cross-site scripting (XSS) in an nginx. +syn keyword ngxDirectiveThirdParty xss_get syn keyword ngxDirectiveThirdParty xss_callback_arg -syn keyword ngxDirectiveThirdParty xss_get +syn keyword ngxDirectiveThirdParty xss_override_status +syn keyword ngxDirectiveThirdParty xss_check_status syn keyword ngxDirectiveThirdParty xss_input_types -syn keyword ngxDirectiveThirdParty xss_output_type + +" ZIP Module +" ZIP archiver for nginx + " highlight hi link ngxComment Comment hi link ngxVariable Identifier hi link ngxVariableBlock Identifier hi link ngxVariableString PreProc hi link ngxBlock Normal From mdounin at mdounin.ru Wed Mar 1 12:47:13 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 1 Mar 2017 15:47:13 +0300 Subject: [PATCH] Contrib: vim syntax, update 3rd party module directives In-Reply-To: References: Message-ID: <20170301124713.GR34777@mdounin.ru> Hello! On Wed, Mar 01, 2017 at 11:44:11AM +0800, othree wrote: > # HG changeset patch > # User othree > # Date 1488339792 -28800 > # Wed Mar 01 11:43:12 2017 +0800 > # Node ID b57cf9a765d8f5603f1bf359eb95dadc0a832f18 > # Parent 8b7fd958c59f8280d167fe7dd93f1942bfed5876 > Contrib: vim syntax, update 3rd party module directives. > > diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim > --- a/contrib/vim/syntax/nginx.vim > +++ b/contrib/vim/syntax/nginx.vim > @@ -328,17 +328,17 @@ syn keyword ngxDirective pid > syn keyword ngxDirective pop3_auth > syn keyword ngxDirective pop3_capabilities > syn keyword ngxDirective port_in_redirect > syn keyword ngxDirective post_acceptex > syn keyword ngxDirective postpone_gzipping > syn keyword ngxDirective postpone_output > syn keyword ngxDirective preread_buffer_size > syn keyword ngxDirective preread_timeout > -syn keyword ngxDirective protocol nextgroup=ngxMailProtocol skipwhite > +syn keyword ngxDirective protocol nextgroup=ngxMailProtocol skipwhite skipempty > syn keyword ngxMailProtocol imap pop3 smtp contained > syn keyword ngxDirective proxy > syn keyword ngxDirective proxy_bind > syn keyword ngxDirective proxy_buffer > syn keyword ngxDirective proxy_buffer_size > syn keyword ngxDirective proxy_buffering > syn keyword ngxDirective proxy_buffers > syn keyword ngxDirective proxy_busy_buffers_size > @@ -391,17 +391,17 @@ syn keyword ngxDirective proxy_send_time > syn keyword ngxDirective proxy_set_body > syn keyword ngxDirective proxy_set_header > syn keyword ngxDirective proxy_ssl_certificate > syn keyword ngxDirective proxy_ssl_certificate_key > syn keyword ngxDirective proxy_ssl_ciphers > syn keyword ngxDirective proxy_ssl_crl > syn keyword ngxDirective proxy_ssl_name > syn keyword ngxDirective proxy_ssl_password_file > -syn keyword ngxDirective proxy_ssl_protocols nextgroup=ngxSSLProtocol skipwhite > +syn keyword ngxDirective proxy_ssl_protocols nextgroup=ngxSSLProtocol skipwhite skipempty > syn keyword ngxDirective proxy_ssl_server_name > syn keyword ngxDirective proxy_ssl_session_reuse > syn keyword ngxDirective proxy_ssl_trusted_certificate > syn keyword ngxDirective proxy_ssl_verify > syn keyword ngxDirective proxy_ssl_verify_depth > syn keyword ngxDirective proxy_store > syn keyword ngxDirective proxy_store_access > syn keyword ngxDirective proxy_temp_file_write_size > @@ -513,18 +513,18 @@ syn keyword ngxDirective ssl_client_cert > syn keyword ngxDirective ssl_crl > syn keyword ngxDirective ssl_dhparam > syn keyword ngxDirective ssl_ecdh_curve > syn keyword ngxDirective ssl_engine > syn keyword ngxDirective ssl_handshake_timeout > syn keyword ngxDirective ssl_password_file > syn keyword ngxDirective ssl_prefer_server_ciphers > syn keyword ngxDirective ssl_preread > -syn keyword ngxDirective ssl_protocols nextgroup=ngxSSLProtocol skipwhite > -syn keyword ngxSSLProtocol SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2 contained nextgroup=ngxSSLProtocol skipwhite > +syn keyword ngxDirective ssl_protocols nextgroup=ngxSSLProtocol skipwhite skipempty > +syn keyword ngxSSLProtocol SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2 contained nextgroup=ngxSSLProtocol skipwhite skipempty > syn keyword ngxDirective ssl_session_cache > syn keyword ngxDirective ssl_session_ticket_key > syn keyword ngxDirective ssl_session_tickets > syn keyword ngxDirective ssl_session_timeout > syn keyword ngxDirective ssl_stapling > syn keyword ngxDirective ssl_stapling_file > syn keyword ngxDirective ssl_stapling_responder > syn keyword ngxDirective ssl_stapling_verify > @@ -605,17 +605,17 @@ syn keyword ngxDirective uwsgi_read_time > syn keyword ngxDirective uwsgi_request_buffering > syn keyword ngxDirective uwsgi_send_timeout > syn keyword ngxDirective uwsgi_ssl_certificate > syn keyword ngxDirective uwsgi_ssl_certificate_key > syn keyword ngxDirective uwsgi_ssl_ciphers > syn keyword ngxDirective uwsgi_ssl_crl > syn keyword ngxDirective uwsgi_ssl_name > syn keyword ngxDirective uwsgi_ssl_password_file > -syn keyword ngxDirective uwsgi_ssl_protocols nextgroup=ngxSSLProtocol skipwhite > +syn keyword ngxDirective uwsgi_ssl_protocols nextgroup=ngxSSLProtocol skipwhite skipempty > syn keyword ngxDirective uwsgi_ssl_server_name > syn keyword ngxDirective uwsgi_ssl_session_reuse > syn keyword ngxDirective uwsgi_ssl_trusted_certificate > syn keyword ngxDirective uwsgi_ssl_verify > syn keyword ngxDirective uwsgi_ssl_verify_depth > syn keyword ngxDirective uwsgi_store > syn keyword ngxDirective uwsgi_store_access > syn keyword ngxDirective uwsgi_string These changes look unrelated. [...] -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Wed Mar 1 15:33:27 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 1 Mar 2017 18:33:27 +0300 Subject: [PATCH 2 of 3] Upstream: allow recovery from "429 Too Many Requests" response In-Reply-To: References: <20170225234510.GD34777@mdounin.ru> Message-ID: <20170301153327.GT34777@mdounin.ru> Hello! On Tue, Feb 28, 2017 at 03:40:00PM -0800, Piotr Sikora via nginx-devel wrote: > # HG changeset patch > # User Piotr Sikora > # Date 1488324535 28800 > # Tue Feb 28 15:28:55 2017 -0800 > # Node ID e21f12a958010e1f3e5cdc1640859e335e032ca5 > # Parent 9a63d6e990d230db0ec6b03250265447f648526e > Upstream: allow recovery from "429 Too Many Requests" response. > > This change adds "http_429" parameter to "proxy_next_upstream" for > retrying rate-limited requests, and to "proxy_cache_use_stale" for > serving stale cached responses after being rate-limited. > > Signed-off-by: Piotr Sikora [...] > @@ -4115,7 +4116,8 @@ ngx_http_upstream_next(ngx_http_request_ > if (u->peer.sockaddr) { > > if (ft_type == NGX_HTTP_UPSTREAM_FT_HTTP_403 > - || ft_type == NGX_HTTP_UPSTREAM_FT_HTTP_404) > + || ft_type == NGX_HTTP_UPSTREAM_FT_HTTP_404 > + || ft_type == NGX_HTTP_UPSTREAM_FT_HTTP_429) > { > state = NGX_PEER_NEXT; > Not sure it's good idea to don't count a 429 response as a peer failure. Contrary, counting it as a failure will naturally reduce load on the particular server, resulting in less rejects. -- Maxim Dounin http://nginx.org/ From othree at gmail.com Wed Mar 1 15:34:39 2017 From: othree at gmail.com (OOO) Date: Wed, 1 Mar 2017 23:34:39 +0800 Subject: [PATCH] Contrib: vim syntax, update 3rd party module directives In-Reply-To: <20170301124713.GR34777@mdounin.ru> References: <20170301124713.GR34777@mdounin.ru> Message-ID: OH Yes, Not direct related. My original plan is have another commit to add skipempty. (skipwhite not include newline, so this change is required to make sure highlight correct) I will fix this commit. 2017-03-01 20:47 GMT+08:00 Maxim Dounin : > Hello! > > On Wed, Mar 01, 2017 at 11:44:11AM +0800, othree wrote: > >> # HG changeset patch >> # User othree >> # Date 1488339792 -28800 >> # Wed Mar 01 11:43:12 2017 +0800 >> # Node ID b57cf9a765d8f5603f1bf359eb95dadc0a832f18 >> # Parent 8b7fd958c59f8280d167fe7dd93f1942bfed5876 >> Contrib: vim syntax, update 3rd party module directives. >> >> diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim >> --- a/contrib/vim/syntax/nginx.vim >> +++ b/contrib/vim/syntax/nginx.vim >> @@ -328,17 +328,17 @@ syn keyword ngxDirective pid >> syn keyword ngxDirective pop3_auth >> syn keyword ngxDirective pop3_capabilities >> syn keyword ngxDirective port_in_redirect >> syn keyword ngxDirective post_acceptex >> syn keyword ngxDirective postpone_gzipping >> syn keyword ngxDirective postpone_output >> syn keyword ngxDirective preread_buffer_size >> syn keyword ngxDirective preread_timeout >> -syn keyword ngxDirective protocol nextgroup=ngxMailProtocol skipwhite >> +syn keyword ngxDirective protocol nextgroup=ngxMailProtocol skipwhite skipempty >> syn keyword ngxMailProtocol imap pop3 smtp contained >> syn keyword ngxDirective proxy >> syn keyword ngxDirective proxy_bind >> syn keyword ngxDirective proxy_buffer >> syn keyword ngxDirective proxy_buffer_size >> syn keyword ngxDirective proxy_buffering >> syn keyword ngxDirective proxy_buffers >> syn keyword ngxDirective proxy_busy_buffers_size >> @@ -391,17 +391,17 @@ syn keyword ngxDirective proxy_send_time >> syn keyword ngxDirective proxy_set_body >> syn keyword ngxDirective proxy_set_header >> syn keyword ngxDirective proxy_ssl_certificate >> syn keyword ngxDirective proxy_ssl_certificate_key >> syn keyword ngxDirective proxy_ssl_ciphers >> syn keyword ngxDirective proxy_ssl_crl >> syn keyword ngxDirective proxy_ssl_name >> syn keyword ngxDirective proxy_ssl_password_file >> -syn keyword ngxDirective proxy_ssl_protocols nextgroup=ngxSSLProtocol skipwhite >> +syn keyword ngxDirective proxy_ssl_protocols nextgroup=ngxSSLProtocol skipwhite skipempty >> syn keyword ngxDirective proxy_ssl_server_name >> syn keyword ngxDirective proxy_ssl_session_reuse >> syn keyword ngxDirective proxy_ssl_trusted_certificate >> syn keyword ngxDirective proxy_ssl_verify >> syn keyword ngxDirective proxy_ssl_verify_depth >> syn keyword ngxDirective proxy_store >> syn keyword ngxDirective proxy_store_access >> syn keyword ngxDirective proxy_temp_file_write_size >> @@ -513,18 +513,18 @@ syn keyword ngxDirective ssl_client_cert >> syn keyword ngxDirective ssl_crl >> syn keyword ngxDirective ssl_dhparam >> syn keyword ngxDirective ssl_ecdh_curve >> syn keyword ngxDirective ssl_engine >> syn keyword ngxDirective ssl_handshake_timeout >> syn keyword ngxDirective ssl_password_file >> syn keyword ngxDirective ssl_prefer_server_ciphers >> syn keyword ngxDirective ssl_preread >> -syn keyword ngxDirective ssl_protocols nextgroup=ngxSSLProtocol skipwhite >> -syn keyword ngxSSLProtocol SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2 contained nextgroup=ngxSSLProtocol skipwhite >> +syn keyword ngxDirective ssl_protocols nextgroup=ngxSSLProtocol skipwhite skipempty >> +syn keyword ngxSSLProtocol SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2 contained nextgroup=ngxSSLProtocol skipwhite skipempty >> syn keyword ngxDirective ssl_session_cache >> syn keyword ngxDirective ssl_session_ticket_key >> syn keyword ngxDirective ssl_session_tickets >> syn keyword ngxDirective ssl_session_timeout >> syn keyword ngxDirective ssl_stapling >> syn keyword ngxDirective ssl_stapling_file >> syn keyword ngxDirective ssl_stapling_responder >> syn keyword ngxDirective ssl_stapling_verify >> @@ -605,17 +605,17 @@ syn keyword ngxDirective uwsgi_read_time >> syn keyword ngxDirective uwsgi_request_buffering >> syn keyword ngxDirective uwsgi_send_timeout >> syn keyword ngxDirective uwsgi_ssl_certificate >> syn keyword ngxDirective uwsgi_ssl_certificate_key >> syn keyword ngxDirective uwsgi_ssl_ciphers >> syn keyword ngxDirective uwsgi_ssl_crl >> syn keyword ngxDirective uwsgi_ssl_name >> syn keyword ngxDirective uwsgi_ssl_password_file >> -syn keyword ngxDirective uwsgi_ssl_protocols nextgroup=ngxSSLProtocol skipwhite >> +syn keyword ngxDirective uwsgi_ssl_protocols nextgroup=ngxSSLProtocol skipwhite skipempty >> syn keyword ngxDirective uwsgi_ssl_server_name >> syn keyword ngxDirective uwsgi_ssl_session_reuse >> syn keyword ngxDirective uwsgi_ssl_trusted_certificate >> syn keyword ngxDirective uwsgi_ssl_verify >> syn keyword ngxDirective uwsgi_ssl_verify_depth >> syn keyword ngxDirective uwsgi_store >> syn keyword ngxDirective uwsgi_store_access >> syn keyword ngxDirective uwsgi_string > > These changes look unrelated. > > [...] > > -- > Maxim Dounin > http://nginx.org/ > _______________________________________________ > nginx-devel mailing list > nginx-devel at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel -- OOO From mdounin at mdounin.ru Wed Mar 1 15:39:00 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 1 Mar 2017 18:39:00 +0300 Subject: [PATCH 3 of 3] Limit req: change default response code when rate-limiting In-Reply-To: References: <20170225234510.GD34777@mdounin.ru> Message-ID: <20170301153900.GU34777@mdounin.ru> Hello! On Tue, Feb 28, 2017 at 03:40:01PM -0800, Piotr Sikora via nginx-devel wrote: > # HG changeset patch > # User Piotr Sikora > # Date 1488324535 28800 > # Tue Feb 28 15:28:55 2017 -0800 > # Node ID c9d43c652ac776068e78f695dde00606eed184f8 > # Parent e21f12a958010e1f3e5cdc1640859e335e032ca5 > Limit req: change default response code when rate-limiting. > > Previously, "503 Service Unavailable" response code was used, but > the new "429 Too Many Requests" response code is more appropriate. > > Signed-off-by: Piotr Sikora > > diff -r e21f12a95801 -r c9d43c652ac7 src/http/modules/ngx_http_limit_req_module.c > --- a/src/http/modules/ngx_http_limit_req_module.c > +++ b/src/http/modules/ngx_http_limit_req_module.c > @@ -712,7 +712,7 @@ ngx_http_limit_req_merge_conf(ngx_conf_t > NGX_LOG_INFO : conf->limit_log_level + 1; > > ngx_conf_merge_uint_value(conf->status_code, prev->status_code, > - NGX_HTTP_SERVICE_UNAVAILABLE); > + NGX_HTTP_TOO_MANY_REQUESTS); > > return NGX_CONF_OK; > } As I already wrote, I certainly disagree with this change. -- Maxim Dounin http://nginx.org/ From othree at gmail.com Wed Mar 1 15:49:05 2017 From: othree at gmail.com (othree) Date: Wed, 01 Mar 2017 23:49:05 +0800 Subject: [PATCH] Contrib: vim syntax, update 3rd party module directives Message-ID: <7fca6f60d5cafa0127b5.1488383345@othreedeMacBook-Pro.local> # HG changeset patch # User othree # Date 1488382899 -28800 # Wed Mar 01 23:41:39 2017 +0800 # Node ID 7fca6f60d5cafa0127b5bc4d6b74fcd06ab532a3 # Parent 8b7fd958c59f8280d167fe7dd93f1942bfed5876 Contrib: vim syntax, update 3rd party module directives. diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim --- a/contrib/vim/syntax/nginx.vim +++ b/contrib/vim/syntax/nginx.vim @@ -639,297 +639,1490 @@ syn keyword ngxDirective xml_entities syn keyword ngxDirective xslt_last_modified syn keyword ngxDirective xslt_param syn keyword ngxDirective xslt_string_param syn keyword ngxDirective xslt_stylesheet syn keyword ngxDirective xslt_types syn keyword ngxDirective zone " 3rd party module list: -" http://wiki.nginx.org/Nginx3rdPartyModules +" https://www.nginx.com/resources/wiki/modules/ -" Accept Language Module +" Accept Language Module " Parses the Accept-Language header and gives the most suitable locale from a list of supported locales. syn keyword ngxDirectiveThirdParty set_from_accept_language -" Access Key Module +" Access Key Module (DEPRECATED) " Denies access unless the request URL contains an access key. -syn keyword ngxDirectiveThirdParty accesskey -syn keyword ngxDirectiveThirdParty accesskey_arg -syn keyword ngxDirectiveThirdParty accesskey_hashmethod -syn keyword ngxDirectiveThirdParty accesskey_signature +syn keyword ngxDirectiveDeprecated accesskey +syn keyword ngxDirectiveDeprecated accesskey_arg +syn keyword ngxDirectiveDeprecated accesskey_hashmethod +syn keyword ngxDirectiveDeprecated accesskey_signature -" Auth PAM Module -" HTTP Basic Authentication using PAM. -syn keyword ngxDirectiveThirdParty auth_pam -syn keyword ngxDirectiveThirdParty auth_pam_service_name +" Asynchronous FastCGI Module +" Primarily a modified version of the Nginx FastCGI module which implements multiplexing of connections, allowing a single FastCGI server to handle many concurrent requests. +" syn keyword ngxDirectiveThirdParty fastcgi_bind +" syn keyword ngxDirectiveThirdParty fastcgi_buffer_size +" syn keyword ngxDirectiveThirdParty fastcgi_buffers +" syn keyword ngxDirectiveThirdParty fastcgi_busy_buffers_size +" syn keyword ngxDirectiveThirdParty fastcgi_cache +" syn keyword ngxDirectiveThirdParty fastcgi_cache_key +" syn keyword ngxDirectiveThirdParty fastcgi_cache_methods +" syn keyword ngxDirectiveThirdParty fastcgi_cache_min_uses +" syn keyword ngxDirectiveThirdParty fastcgi_cache_path +" syn keyword ngxDirectiveThirdParty fastcgi_cache_use_stale +" syn keyword ngxDirectiveThirdParty fastcgi_cache_valid +" syn keyword ngxDirectiveThirdParty fastcgi_catch_stderr +" syn keyword ngxDirectiveThirdParty fastcgi_connect_timeout +" syn keyword ngxDirectiveThirdParty fastcgi_hide_header +" syn keyword ngxDirectiveThirdParty fastcgi_ignore_client_abort +" syn keyword ngxDirectiveThirdParty fastcgi_ignore_headers +" syn keyword ngxDirectiveThirdParty fastcgi_index +" syn keyword ngxDirectiveThirdParty fastcgi_intercept_errors +" syn keyword ngxDirectiveThirdParty fastcgi_max_temp_file_size +" syn keyword ngxDirectiveThirdParty fastcgi_next_upstream +" syn keyword ngxDirectiveThirdParty fastcgi_param +" syn keyword ngxDirectiveThirdParty fastcgi_pass +" syn keyword ngxDirectiveThirdParty fastcgi_pass_header +" syn keyword ngxDirectiveThirdParty fastcgi_pass_request_body +" syn keyword ngxDirectiveThirdParty fastcgi_pass_request_headers +" syn keyword ngxDirectiveThirdParty fastcgi_read_timeout +" syn keyword ngxDirectiveThirdParty fastcgi_send_lowat +" syn keyword ngxDirectiveThirdParty fastcgi_send_timeout +" syn keyword ngxDirectiveThirdParty fastcgi_split_path_info +" syn keyword ngxDirectiveThirdParty fastcgi_store +" syn keyword ngxDirectiveThirdParty fastcgi_store_access +" syn keyword ngxDirectiveThirdParty fastcgi_temp_file_write_size +" syn keyword ngxDirectiveThirdParty fastcgi_temp_path +syn keyword ngxDirectiveDeprecated fastcgi_upstream_fail_timeout +syn keyword ngxDirectiveDeprecated fastcgi_upstream_max_fails -" Cache Purge Module -" Module adding ability to purge content from FastCGI and proxy caches. +" Akamai G2O Module +" Nginx Module for Authenticating Akamai G2O requests +syn keyword ngxDirectiveThirdParty g2o +syn keyword ngxDirectiveThirdParty g2o_nonce +syn keyword ngxDirectiveThirdParty g2o_key + +" Lua Module +" You can be very simple to execute lua code for nginx +syn keyword ngxDirectiveThirdParty lua_file + +" Array Variable Module +" Add support for array-typed variables to nginx config files +syn keyword ngxDirectiveThirdParty array_split +syn keyword ngxDirectiveThirdParty array_join +syn keyword ngxDirectiveThirdParty array_map +syn keyword ngxDirectiveThirdParty array_map_op + +" Nginx Audio Track for HTTP Live Streaming +" This nginx module generates audio track for hls streams on the fly. +syn keyword ngxDirectiveThirdParty ngx_hls_audio_track +syn keyword ngxDirectiveThirdParty ngx_hls_audio_track_rootpath +syn keyword ngxDirectiveThirdParty ngx_hls_audio_track_output_format +syn keyword ngxDirectiveThirdParty ngx_hls_audio_track_output_header + +" AWS Proxy Module +" Nginx module to proxy to authenticated AWS services +syn keyword ngxDirectiveThirdParty aws_access_key +syn keyword ngxDirectiveThirdParty aws_key_scope +syn keyword ngxDirectiveThirdParty aws_signing_key +syn keyword ngxDirectiveThirdParty aws_endpoint +syn keyword ngxDirectiveThirdParty aws_s3_bucket +syn keyword ngxDirectiveThirdParty aws_sign + +" Backtrace module +" A Nginx module to dump backtrace when a worker process exits abnormally +syn keyword ngxDirectiveThirdParty backtrace_log +syn keyword ngxDirectiveThirdParty backtrace_max_stack_size + +" Brotli Module +" Nginx module for Brotli compression +syn keyword ngxDirectiveThirdParty brotli_static +syn keyword ngxDirectiveThirdParty brotli +syn keyword ngxDirectiveThirdParty brotli_types +syn keyword ngxDirectiveThirdParty brotli_buffers +syn keyword ngxDirectiveThirdParty brotli_comp_level +syn keyword ngxDirectiveThirdParty brotli_window +syn keyword ngxDirectiveThirdParty brotli_min_length + +" Cache Purge Module +" Adds ability to purge content from FastCGI, proxy, SCGI and uWSGI caches. syn keyword ngxDirectiveThirdParty fastcgi_cache_purge syn keyword ngxDirectiveThirdParty proxy_cache_purge +" syn keyword ngxDirectiveThirdParty scgi_cache_purge +" syn keyword ngxDirectiveThirdParty uwsgi_cache_purge -" Chunkin Module +" Chunkin Module (DEPRECATED) " HTTP 1.1 chunked-encoding request body support for Nginx. -syn keyword ngxDirectiveThirdParty chunkin -syn keyword ngxDirectiveThirdParty chunkin_keepalive -syn keyword ngxDirectiveThirdParty chunkin_max_chunks_per_buf -syn keyword ngxDirectiveThirdParty chunkin_resume +syn keyword ngxDirectiveDeprecated chunkin +syn keyword ngxDirectiveDeprecated chunkin_keepalive +syn keyword ngxDirectiveDeprecated chunkin_max_chunks_per_buf +syn keyword ngxDirectiveDeprecated chunkin_resume -" Circle GIF Module +" Circle GIF Module " Generates simple circle images with the colors and size specified in the URL. syn keyword ngxDirectiveThirdParty circle_gif syn keyword ngxDirectiveThirdParty circle_gif_max_radius syn keyword ngxDirectiveThirdParty circle_gif_min_radius syn keyword ngxDirectiveThirdParty circle_gif_step_radius -" Drizzle Module -" Make nginx talk directly to mysql, drizzle, and sqlite3 by libdrizzle. +" Nginx-Clojure Module +" Parses the Accept-Language header and gives the most suitable locale from a list of supported locales. +syn keyword ngxDirectiveThirdParty jvm_path +syn keyword ngxDirectiveThirdParty jvm_var +syn keyword ngxDirectiveThirdParty jvm_classpath +syn keyword ngxDirectiveThirdParty jvm_classpath_check +syn keyword ngxDirectiveThirdParty jvm_workers +syn keyword ngxDirectiveThirdParty jvm_options +syn keyword ngxDirectiveThirdParty jvm_handler_type +syn keyword ngxDirectiveThirdParty jvm_init_handler_name +syn keyword ngxDirectiveThirdParty jvm_init_handler_code +syn keyword ngxDirectiveThirdParty jvm_exit_handler_name +syn keyword ngxDirectiveThirdParty jvm_exit_handler_code +syn keyword ngxDirectiveThirdParty handlers_lazy_init +syn keyword ngxDirectiveThirdParty auto_upgrade_ws +syn keyword ngxDirectiveThirdParty content_handler_type +syn keyword ngxDirectiveThirdParty content_handler_name +syn keyword ngxDirectiveThirdParty content_handler_code +syn keyword ngxDirectiveThirdParty rewrite_handler_type +syn keyword ngxDirectiveThirdParty rewrite_handler_name +syn keyword ngxDirectiveThirdParty rewrite_handler_code +syn keyword ngxDirectiveThirdParty access_handler_type +syn keyword ngxDirectiveThirdParty access_handler_name +syn keyword ngxDirectiveThirdParty access_handler_code +syn keyword ngxDirectiveThirdParty header_filter_type +syn keyword ngxDirectiveThirdParty header_filter_name +syn keyword ngxDirectiveThirdParty header_filter_code +syn keyword ngxDirectiveThirdParty content_handler_property +syn keyword ngxDirectiveThirdParty rewrite_handler_property +syn keyword ngxDirectiveThirdParty access_handler_property +syn keyword ngxDirectiveThirdParty header_filter_property +syn keyword ngxDirectiveThirdParty always_read_body +syn keyword ngxDirectiveThirdParty shared_map +syn keyword ngxDirectiveThirdParty write_page_size + +" Upstream Consistent Hash +" A load balancer that uses an internal consistent hash ring to select the right backend node. +syn keyword ngxDirectiveThirdParty consistent_hash + +" Nginx Development Kit +" The NDK is an Nginx module that is designed to extend the core functionality of the excellent Nginx webserver in a way that can be used as a basis of other Nginx modules. +" NDK_UPSTREAM_LIST +" This submodule provides a directive that creates a list of upstreams, with optional weighting. This list can then be used by other modules to hash over the upstreams however they choose. +syn keyword ngxDirectiveThirdParty upstream_list + +" Drizzle Module +" Upstream module for talking to MySQL and Drizzle directly +syn keyword ngxDirectiveThirdParty drizzle_server +syn keyword ngxDirectiveThirdParty drizzle_keepalive +syn keyword ngxDirectiveThirdParty drizzle_query +syn keyword ngxDirectiveThirdParty drizzle_pass syn keyword ngxDirectiveThirdParty drizzle_connect_timeout -syn keyword ngxDirectiveThirdParty drizzle_dbname -syn keyword ngxDirectiveThirdParty drizzle_keepalive -syn keyword ngxDirectiveThirdParty drizzle_module_header -syn keyword ngxDirectiveThirdParty drizzle_pass -syn keyword ngxDirectiveThirdParty drizzle_query +syn keyword ngxDirectiveThirdParty drizzle_send_query_timeout syn keyword ngxDirectiveThirdParty drizzle_recv_cols_timeout syn keyword ngxDirectiveThirdParty drizzle_recv_rows_timeout -syn keyword ngxDirectiveThirdParty drizzle_send_query_timeout -syn keyword ngxDirectiveThirdParty drizzle_server +syn keyword ngxDirectiveThirdParty drizzle_buffer_size +syn keyword ngxDirectiveThirdParty drizzle_module_header +syn keyword ngxDirectiveThirdParty drizzle_status -" Echo Module -" Brings 'echo', 'sleep', 'time', 'exec' and more shell-style goodies to Nginx config file. +" Dynamic ETags Module +" Attempt at handling ETag / If-None-Match on proxied content. +syn keyword ngxDirectiveThirdParty dynamic_etags + +" Echo Module +" Bringing the power of "echo", "sleep", "time" and more to Nginx's config file syn keyword ngxDirectiveThirdParty echo -syn keyword ngxDirectiveThirdParty echo_after_body -syn keyword ngxDirectiveThirdParty echo_before_body +syn keyword ngxDirectiveThirdParty echo_duplicate +syn keyword ngxDirectiveThirdParty echo_flush +syn keyword ngxDirectiveThirdParty echo_sleep syn keyword ngxDirectiveThirdParty echo_blocking_sleep -syn keyword ngxDirectiveThirdParty echo_duplicate -syn keyword ngxDirectiveThirdParty echo_end -syn keyword ngxDirectiveThirdParty echo_exec -syn keyword ngxDirectiveThirdParty echo_flush +syn keyword ngxDirectiveThirdParty echo_reset_timer +syn keyword ngxDirectiveThirdParty echo_read_request_body +syn keyword ngxDirectiveThirdParty echo_location_async +syn keyword ngxDirectiveThirdParty echo_location +syn keyword ngxDirectiveThirdParty echo_subrequest_async +syn keyword ngxDirectiveThirdParty echo_subrequest syn keyword ngxDirectiveThirdParty echo_foreach_split -syn keyword ngxDirectiveThirdParty echo_location -syn keyword ngxDirectiveThirdParty echo_location_async -syn keyword ngxDirectiveThirdParty echo_read_request_body +syn keyword ngxDirectiveThirdParty echo_end syn keyword ngxDirectiveThirdParty echo_request_body -syn keyword ngxDirectiveThirdParty echo_reset_timer -syn keyword ngxDirectiveThirdParty echo_sleep -syn keyword ngxDirectiveThirdParty echo_subrequest -syn keyword ngxDirectiveThirdParty echo_subrequest_async +syn keyword ngxDirectiveThirdParty echo_exec +syn keyword ngxDirectiveThirdParty echo_status +syn keyword ngxDirectiveThirdParty echo_before_body +syn keyword ngxDirectiveThirdParty echo_after_body -" Events Module +" Encrypted Session Module +" Encrypt and decrypt nginx variable values +syn keyword ngxDirectiveThirdParty encrypted_session_key +syn keyword ngxDirectiveThirdParty encrypted_session_iv +syn keyword ngxDirectiveThirdParty encrypted_session_expires +syn keyword ngxDirectiveThirdParty set_encrypt_session +syn keyword ngxDirectiveThirdParty set_decrypt_session + +" Enhanced Memcached Module +" This module is based on the standard Nginx Memcached module, with some additonal features +syn keyword ngxDirectiveThirdParty enhanced_memcached_pass +syn keyword ngxDirectiveThirdParty enhanced_memcached_hash_keys_with_md5 +syn keyword ngxDirectiveThirdParty enhanced_memcached_allow_put +syn keyword ngxDirectiveThirdParty enhanced_memcached_allow_delete +syn keyword ngxDirectiveThirdParty enhanced_memcached_stats +syn keyword ngxDirectiveThirdParty enhanced_memcached_flush +syn keyword ngxDirectiveThirdParty enhanced_memcached_flush_namespace +syn keyword ngxDirectiveThirdParty enhanced_memcached_bind +syn keyword ngxDirectiveThirdParty enhanced_memcached_connect_timeout +syn keyword ngxDirectiveThirdParty enhanced_memcached_send_timeout +syn keyword ngxDirectiveThirdParty enhanced_memcached_buffer_size +syn keyword ngxDirectiveThirdParty enhanced_memcached_read_timeout + +" Events Module (DEPRECATED) " Provides options for start/stop events. -syn keyword ngxDirectiveThirdParty on_start -syn keyword ngxDirectiveThirdParty on_stop +syn keyword ngxDirectiveDeprecated on_start +syn keyword ngxDirectiveDeprecated on_stop -" EY Balancer Module +" EY Balancer Module " Adds a request queue to Nginx that allows the limiting of concurrent requests passed to the upstream. syn keyword ngxDirectiveThirdParty max_connections syn keyword ngxDirectiveThirdParty max_connections_max_queue_length syn keyword ngxDirectiveThirdParty max_connections_queue_timeout -" Fancy Indexes Module +" Upstream Fair Balancer +" Sends an incoming request to the least-busy backend server, rather than distributing requests round-robin. +syn keyword ngxDirectiveThirdParty fair +syn keyword ngxDirectiveThirdParty upstream_fair_shm_size + +" Fancy Indexes Module " Like the built-in autoindex module, but fancier. syn keyword ngxDirectiveThirdParty fancyindex +syn keyword ngxDirectiveThirdParty fancyindex_default_sort +syn keyword ngxDirectiveThirdParty fancyindex_directories_first +syn keyword ngxDirectiveThirdParty fancyindex_css_href syn keyword ngxDirectiveThirdParty fancyindex_exact_size +syn keyword ngxDirectiveThirdParty fancyindex_name_length syn keyword ngxDirectiveThirdParty fancyindex_footer syn keyword ngxDirectiveThirdParty fancyindex_header +syn keyword ngxDirectiveThirdParty fancyindex_show_path +syn keyword ngxDirectiveThirdParty fancyindex_ignore +syn keyword ngxDirectiveThirdParty fancyindex_hide_symlinks syn keyword ngxDirectiveThirdParty fancyindex_localtime -syn keyword ngxDirectiveThirdParty fancyindex_readme -syn keyword ngxDirectiveThirdParty fancyindex_readme_mode +syn keyword ngxDirectiveThirdParty fancyindex_time_format + +" Form Auth Module +" Provides authentication and authorization with credentials submitted via POST request +syn keyword ngxDirectiveThirdParty form_auth +syn keyword ngxDirectiveThirdParty form_auth_pam_service +syn keyword ngxDirectiveThirdParty form_auth_login +syn keyword ngxDirectiveThirdParty form_auth_password +syn keyword ngxDirectiveThirdParty form_auth_remote_user + +" Form Input Module +" Reads HTTP POST and PUT request body encoded in "application/x-www-form-urlencoded" and parses the arguments into nginx variables. +syn keyword ngxDirectiveThirdParty set_form_input +syn keyword ngxDirectiveThirdParty set_form_input_multi " GeoIP Module (DEPRECATED) " Country code lookups via the MaxMind GeoIP API. -syn keyword ngxDirectiveThirdParty geoip_country_file +syn keyword ngxDirectiveDeprecated geoip_country_file -" Headers More Module +" GeoIP 2 Module +" Creates variables with values from the maxmind geoip2 databases based on the client IP +syn keyword ngxDirectiveThirdParty geoip2 + +" GridFS Module +" Nginx module for serving files from MongoDB's GridFS +syn keyword ngxDirectiveThirdParty gridfs + +" Headers More Module " Set and clear input and output headers...more than "add"! syn keyword ngxDirectiveThirdParty more_clear_headers syn keyword ngxDirectiveThirdParty more_clear_input_headers syn keyword ngxDirectiveThirdParty more_set_headers syn keyword ngxDirectiveThirdParty more_set_input_headers -" HTTP Push Module -" Turn Nginx into an adept long-polling HTTP Push (Comet) server. -syn keyword ngxDirectiveThirdParty push_buffer_size -syn keyword ngxDirectiveThirdParty push_listener -syn keyword ngxDirectiveThirdParty push_message_timeout -syn keyword ngxDirectiveThirdParty push_queue_messages -syn keyword ngxDirectiveThirdParty push_sender +" Health Checks Upstreams Module +" Polls backends and if they respond with HTTP 200 + an optional request body, they are marked good. Otherwise, they are marked bad. +syn keyword ngxDirectiveThirdParty healthcheck_enabled +syn keyword ngxDirectiveThirdParty healthcheck_delay +syn keyword ngxDirectiveThirdParty healthcheck_timeout +syn keyword ngxDirectiveThirdParty healthcheck_failcount +syn keyword ngxDirectiveThirdParty healthcheck_send +syn keyword ngxDirectiveThirdParty healthcheck_expected +syn keyword ngxDirectiveThirdParty healthcheck_buffer +syn keyword ngxDirectiveThirdParty healthcheck_status -" HTTP Redis Module > -" Redis support.> -syn keyword ngxDirectiveThirdParty redis_bind -syn keyword ngxDirectiveThirdParty redis_buffer_size -syn keyword ngxDirectiveThirdParty redis_connect_timeout -syn keyword ngxDirectiveThirdParty redis_next_upstream -syn keyword ngxDirectiveThirdParty redis_pass -syn keyword ngxDirectiveThirdParty redis_read_timeout -syn keyword ngxDirectiveThirdParty redis_send_timeout +" HTTP Accounting Module +" Add traffic stat function to nginx. Useful for http accounting based on nginx configuration logic +syn keyword ngxDirectiveThirdParty http_accounting +syn keyword ngxDirectiveThirdParty http_accounting_log +syn keyword ngxDirectiveThirdParty http_accounting_id +syn keyword ngxDirectiveThirdParty http_accounting_interval +syn keyword ngxDirectiveThirdParty http_accounting_perturb -" HTTP JavaScript Module +" Nginx Digest Authentication module +" Digest Authentication for Nginx +syn keyword ngxDirectiveThirdParty auth_digest +syn keyword ngxDirectiveThirdParty auth_digest_user_file +syn keyword ngxDirectiveThirdParty auth_digest_timeout +syn keyword ngxDirectiveThirdParty auth_digest_expires +syn keyword ngxDirectiveThirdParty auth_digest_replays +syn keyword ngxDirectiveThirdParty auth_digest_shm_size + +" Auth PAM Module +" HTTP Basic Authentication using PAM. +syn keyword ngxDirectiveThirdParty auth_pam +syn keyword ngxDirectiveThirdParty auth_pam_service_name + +" HTTP Auth Request Module +" Implements client authorization based on the result of a subrequest +" syn keyword ngxDirectiveThirdParty auth_request +" syn keyword ngxDirectiveThirdParty auth_request_set + +" HTTP Concatenation module for Nginx +" A Nginx module for concatenating files in a given context: CSS and JS files usually +syn keyword ngxDirectiveThirdParty concat +syn keyword ngxDirectiveThirdParty concat_types +syn keyword ngxDirectiveThirdParty concat_unique +syn keyword ngxDirectiveThirdParty concat_max_files +syn keyword ngxDirectiveThirdParty concat_delimiter +syn keyword ngxDirectiveThirdParty concat_ignore_file_error + +" HTTP Dynamic Upstream Module +" Update upstreams' config by restful interface +syn keyword ngxDirectiveThirdParty dyups_interface +syn keyword ngxDirectiveThirdParty dyups_read_msg_timeout +syn keyword ngxDirectiveThirdParty dyups_shm_zone_size +syn keyword ngxDirectiveThirdParty dyups_upstream_conf +syn keyword ngxDirectiveThirdParty dyups_trylock + +" HTTP Footer If Filter Module +" The ngx_http_footer_if_filter_module is used to add given content to the end of the response according to the condition specified. +syn keyword ngxDirectiveThirdParty footer_if + +" HTTP Footer Filter Module +" This module implements a body filter that adds a given string to the page footer. +syn keyword ngxDirectiveThirdParty footer +syn keyword ngxDirectiveThirdParty footer_types + +" HTTP Internal Redirect Module +" Make an internal redirect to the uri specified according to the condition specified. +syn keyword ngxDirectiveThirdParty internal_redirect_if +syn keyword ngxDirectiveThirdParty internal_redirect_if_no_postponed + +" HTTP JavaScript Module " Embedding SpiderMonkey. Nearly full port on Perl module. syn keyword ngxDirectiveThirdParty js syn keyword ngxDirectiveThirdParty js_filter syn keyword ngxDirectiveThirdParty js_filter_types syn keyword ngxDirectiveThirdParty js_load syn keyword ngxDirectiveThirdParty js_maxmem syn keyword ngxDirectiveThirdParty js_require syn keyword ngxDirectiveThirdParty js_set syn keyword ngxDirectiveThirdParty js_utf8 -" Log Request Speed +" HTTP Push Module (DEPRECATED) +" Turn Nginx into an adept long-polling HTTP Push (Comet) server. +syn keyword ngxDirectiveDeprecated push_buffer_size +syn keyword ngxDirectiveDeprecated push_listener +syn keyword ngxDirectiveDeprecated push_message_timeout +syn keyword ngxDirectiveDeprecated push_queue_messages +syn keyword ngxDirectiveDeprecated push_sender + +" HTTP Redis Module +" Redis support. +syn keyword ngxDirectiveThirdParty redis_bind +syn keyword ngxDirectiveThirdParty redis_buffer_size +syn keyword ngxDirectiveThirdParty redis_connect_timeout +syn keyword ngxDirectiveThirdParty redis_next_upstream +syn keyword ngxDirectiveThirdParty redis_pass +syn keyword ngxDirectiveThirdParty redis_read_timeout +syn keyword ngxDirectiveThirdParty redis_send_timeout + +" Iconv Module +" A character conversion nginx module using libiconv +syn keyword ngxDirectiveThirdParty set_iconv +syn keyword ngxDirectiveThirdParty iconv_buffer_size +syn keyword ngxDirectiveThirdParty iconv_filter + +" IP Blocker Module +" An efficient shared memory IP blocking system for nginx. +syn keyword ngxDirectiveThirdParty ip_blocker + +" IP2Location Module +" Allows user to lookup for geolocation information using IP2Location database +syn keyword ngxDirectiveThirdParty ip2location_database + +" JS Module +" Reflect the nginx functionality in JS +syn keyword ngxDirectiveThirdParty js +syn keyword ngxDirectiveThirdParty js_access +syn keyword ngxDirectiveThirdParty js_load +syn keyword ngxDirectiveThirdParty js_set + +" Limit Upload Rate Module +" Limit client-upload rate when they are sending request bodies to you +syn keyword ngxDirectiveThirdParty limit_upload_rate +syn keyword ngxDirectiveThirdParty limit_upload_rate_after + +" Limit Upstream Module +" Limit the number of connections to upstream for NGINX +syn keyword ngxDirectiveThirdParty limit_upstream_zone +syn keyword ngxDirectiveThirdParty limit_upstream_conn +syn keyword ngxDirectiveThirdParty limit_upstream_log_level + +" Log If Module +" Conditional accesslog for nginx +syn keyword ngxDirectiveThirdParty access_log_bypass_if + +" Log Request Speed (DEPRECATED) " Log the time it took to process each request. -syn keyword ngxDirectiveThirdParty log_request_speed_filter -syn keyword ngxDirectiveThirdParty log_request_speed_filter_timeout +syn keyword ngxDirectiveDeprecated log_request_speed_filter +syn keyword ngxDirectiveDeprecated log_request_speed_filter_timeout -" Memc Module +" Log ZeroMQ Module +" ZeroMQ logger module for nginx +syn keyword ngxDirectiveThirdParty log_zmq_server +syn keyword ngxDirectiveThirdParty log_zmq_endpoint +syn keyword ngxDirectiveThirdParty log_zmq_format +syn keyword ngxDirectiveThirdParty log_zmq_off + +" Lower/UpperCase Module +" This module simply uppercases or lowercases a string and saves it into a new variable. +syn keyword ngxDirectiveThirdParty lower +syn keyword ngxDirectiveThirdParty upper + +" Lua Upstream Module +" Nginx C module to expose Lua API to ngx_lua for Nginx upstreams + +" Lua Module +" Embed the Power of Lua into NGINX HTTP servers +syn keyword ngxDirectiveThirdParty lua_use_default_type +syn keyword ngxDirectiveThirdParty lua_malloc_trim +syn keyword ngxDirectiveThirdParty lua_code_cache +syn keyword ngxDirectiveThirdParty lua_regex_cache_max_entries +syn keyword ngxDirectiveThirdParty lua_regex_match_limit +syn keyword ngxDirectiveThirdParty lua_package_path +syn keyword ngxDirectiveThirdParty lua_package_cpath +syn keyword ngxDirectiveThirdParty init_by_lua +syn keyword ngxDirectiveThirdParty init_by_lua_block +syn keyword ngxDirectiveThirdParty init_by_lua_file +syn keyword ngxDirectiveThirdParty init_worker_by_lua +syn keyword ngxDirectiveThirdParty init_worker_by_lua_block +syn keyword ngxDirectiveThirdParty init_worker_by_lua_file +syn keyword ngxDirectiveThirdParty set_by_lua +syn keyword ngxDirectiveThirdParty set_by_lua_block +syn keyword ngxDirectiveThirdParty set_by_lua_file +syn keyword ngxDirectiveThirdParty content_by_lua +syn keyword ngxDirectiveThirdParty content_by_lua_block +syn keyword ngxDirectiveThirdParty content_by_lua_file +syn keyword ngxDirectiveThirdParty rewrite_by_lua +syn keyword ngxDirectiveThirdParty rewrite_by_lua_block +syn keyword ngxDirectiveThirdParty rewrite_by_lua_file +syn keyword ngxDirectiveThirdParty access_by_lua +syn keyword ngxDirectiveThirdParty access_by_lua_block +syn keyword ngxDirectiveThirdParty access_by_lua_file +syn keyword ngxDirectiveThirdParty header_filter_by_lua +syn keyword ngxDirectiveThirdParty header_filter_by_lua_block +syn keyword ngxDirectiveThirdParty header_filter_by_lua_file +syn keyword ngxDirectiveThirdParty body_filter_by_lua +syn keyword ngxDirectiveThirdParty body_filter_by_lua_block +syn keyword ngxDirectiveThirdParty body_filter_by_lua_file +syn keyword ngxDirectiveThirdParty log_by_lua +syn keyword ngxDirectiveThirdParty log_by_lua_block +syn keyword ngxDirectiveThirdParty log_by_lua_file +syn keyword ngxDirectiveThirdParty balancer_by_lua_block +syn keyword ngxDirectiveThirdParty balancer_by_lua_file +syn keyword ngxDirectiveThirdParty lua_need_request_body +syn keyword ngxDirectiveThirdParty ssl_certificate_by_lua_block +syn keyword ngxDirectiveThirdParty ssl_certificate_by_lua_file +syn keyword ngxDirectiveThirdParty ssl_session_fetch_by_lua_block +syn keyword ngxDirectiveThirdParty ssl_session_fetch_by_lua_file +syn keyword ngxDirectiveThirdParty ssl_session_store_by_lua_block +syn keyword ngxDirectiveThirdParty ssl_session_store_by_lua_file +syn keyword ngxDirectiveThirdParty lua_shared_dict +syn keyword ngxDirectiveThirdParty lua_socket_connect_timeout +syn keyword ngxDirectiveThirdParty lua_socket_send_timeout +syn keyword ngxDirectiveThirdParty lua_socket_send_lowat +syn keyword ngxDirectiveThirdParty lua_socket_read_timeout +syn keyword ngxDirectiveThirdParty lua_socket_buffer_size +syn keyword ngxDirectiveThirdParty lua_socket_pool_size +syn keyword ngxDirectiveThirdParty lua_socket_keepalive_timeout +syn keyword ngxDirectiveThirdParty lua_socket_log_errors +syn keyword ngxDirectiveThirdParty lua_ssl_ciphers +syn keyword ngxDirectiveThirdParty lua_ssl_crl +syn keyword ngxDirectiveThirdParty lua_ssl_protocols +syn keyword ngxDirectiveThirdParty lua_ssl_trusted_certificate +syn keyword ngxDirectiveThirdParty lua_ssl_verify_depth +syn keyword ngxDirectiveThirdParty lua_http10_buffering +syn keyword ngxDirectiveThirdParty rewrite_by_lua_no_postpone +syn keyword ngxDirectiveThirdParty access_by_lua_no_postpone +syn keyword ngxDirectiveThirdParty lua_transform_underscores_in_response_headers +syn keyword ngxDirectiveThirdParty lua_check_client_abort +syn keyword ngxDirectiveThirdParty lua_max_pending_timers +syn keyword ngxDirectiveThirdParty lua_max_running_timers + +" MD5 Filter Module +" A content filter for nginx, which returns the md5 hash of the content otherwise returned. +syn keyword ngxDirectiveThirdParty md5_filter + +" Memc Module " An extended version of the standard memcached module that supports set, add, delete, and many more memcached commands. syn keyword ngxDirectiveThirdParty memc_buffer_size syn keyword ngxDirectiveThirdParty memc_cmds_allowed syn keyword ngxDirectiveThirdParty memc_connect_timeout syn keyword ngxDirectiveThirdParty memc_flags_to_last_modified syn keyword ngxDirectiveThirdParty memc_next_upstream syn keyword ngxDirectiveThirdParty memc_pass syn keyword ngxDirectiveThirdParty memc_read_timeout syn keyword ngxDirectiveThirdParty memc_send_timeout syn keyword ngxDirectiveThirdParty memc_upstream_fail_timeout syn keyword ngxDirectiveThirdParty memc_upstream_max_fails +" Mod Security Module +" ModSecurity is an open source, cross platform web application firewall (WAF) engine +syn keyword ngxDirectiveThirdParty ModSecurityConfig +syn keyword ngxDirectiveThirdParty ModSecurityEnabled +syn keyword ngxDirectiveThirdParty pool_context +syn keyword ngxDirectiveThirdParty pool_context_hash_size + " Mogilefs Module -" Implements a MogileFS client, provides a replace to the Perlbal reverse proxy of the original MogileFS. +" MogileFS client for nginx web server. +syn keyword ngxDirectiveThirdParty mogilefs_pass +syn keyword ngxDirectiveThirdParty mogilefs_methods +syn keyword ngxDirectiveThirdParty mogilefs_domain +syn keyword ngxDirectiveThirdParty mogilefs_class +syn keyword ngxDirectiveThirdParty mogilefs_tracker +syn keyword ngxDirectiveThirdParty mogilefs_noverify syn keyword ngxDirectiveThirdParty mogilefs_connect_timeout -syn keyword ngxDirectiveThirdParty mogilefs_domain -syn keyword ngxDirectiveThirdParty mogilefs_methods -syn keyword ngxDirectiveThirdParty mogilefs_noverify -syn keyword ngxDirectiveThirdParty mogilefs_pass +syn keyword ngxDirectiveThirdParty mogilefs_send_timeout syn keyword ngxDirectiveThirdParty mogilefs_read_timeout -syn keyword ngxDirectiveThirdParty mogilefs_send_timeout -syn keyword ngxDirectiveThirdParty mogilefs_tracker -" MP4 Streaming Lite Module +" Mongo Module +" Upstream module that allows nginx to communicate directly with MongoDB database. +syn keyword ngxDirectiveThirdParty mongo_auth +syn keyword ngxDirectiveThirdParty mongo_pass +syn keyword ngxDirectiveThirdParty mongo_query +syn keyword ngxDirectiveThirdParty mongo_json +syn keyword ngxDirectiveThirdParty mongo_bind +syn keyword ngxDirectiveThirdParty mongo_connect_timeout +syn keyword ngxDirectiveThirdParty mongo_send_timeout +syn keyword ngxDirectiveThirdParty mongo_read_timeout +syn keyword ngxDirectiveThirdParty mongo_buffering +syn keyword ngxDirectiveThirdParty mongo_buffer_size +syn keyword ngxDirectiveThirdParty mongo_buffers +syn keyword ngxDirectiveThirdParty mongo_busy_buffers_size +syn keyword ngxDirectiveThirdParty mongo_next_upstream + +" MP4 Streaming Lite Module " Will seek to a certain time within H.264/MP4 files when provided with a 'start' parameter in the URL. -syn keyword ngxDirectiveThirdParty mp4 +" syn keyword ngxDirectiveThirdParty mp4 -" Nginx Notice Module +" NAXSI Module +" NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX +syn keyword ngxDirectiveThirdParty DeniedUrl denied_url +syn keyword ngxDirectiveThirdParty LearningMode learning_mode +syn keyword ngxDirectiveThirdParty SecRulesEnabled rules_enabled +syn keyword ngxDirectiveThirdParty SecRulesDisabled rules_disabled +syn keyword ngxDirectiveThirdParty CheckRule check_rule +syn keyword ngxDirectiveThirdParty BasicRule basic_rule +syn keyword ngxDirectiveThirdParty MainRule main_rule +syn keyword ngxDirectiveThirdParty LibInjectionSql libinjection_sql +syn keyword ngxDirectiveThirdParty LibInjectionXss libinjection_xss + +" Nchan Module +" Fast, horizontally scalable, multiprocess pub/sub queuing server and proxy for HTTP, long-polling, Websockets and EventSource (SSE) +syn keyword ngxDirectiveThirdParty nchan_channel_id +syn keyword ngxDirectiveThirdParty nchan_channel_id_split_delimiter +syn keyword ngxDirectiveThirdParty nchan_eventsource_event +syn keyword ngxDirectiveThirdParty nchan_longpoll_multipart_response +syn keyword ngxDirectiveThirdParty nchan_publisher +syn keyword ngxDirectiveThirdParty nchan_publisher_channel_id +syn keyword ngxDirectiveThirdParty nchan_publisher_upstream_request +syn keyword ngxDirectiveThirdParty nchan_pubsub +syn keyword ngxDirectiveThirdParty nchan_subscribe_request +syn keyword ngxDirectiveThirdParty nchan_subscriber +syn keyword ngxDirectiveThirdParty nchan_subscriber_channel_id +syn keyword ngxDirectiveThirdParty nchan_subscriber_compound_etag_message_id +syn keyword ngxDirectiveThirdParty nchan_subscriber_first_message +syn keyword ngxDirectiveThirdParty nchan_subscriber_http_raw_stream_separator +syn keyword ngxDirectiveThirdParty nchan_subscriber_last_message_id +syn keyword ngxDirectiveThirdParty nchan_subscriber_message_id_custom_etag_header +syn keyword ngxDirectiveThirdParty nchan_subscriber_timeout +syn keyword ngxDirectiveThirdParty nchan_unsubscribe_request +syn keyword ngxDirectiveThirdParty nchan_websocket_ping_interval +syn keyword ngxDirectiveThirdParty nchan_authorize_request +syn keyword ngxDirectiveThirdParty nchan_max_reserved_memory +syn keyword ngxDirectiveThirdParty nchan_message_buffer_length +syn keyword ngxDirectiveThirdParty nchan_message_timeout +syn keyword ngxDirectiveThirdParty nchan_redis_idle_channel_cache_timeout +syn keyword ngxDirectiveThirdParty nchan_redis_namespace +syn keyword ngxDirectiveThirdParty nchan_redis_pass +syn keyword ngxDirectiveThirdParty nchan_redis_ping_interval +syn keyword ngxDirectiveThirdParty nchan_redis_server +syn keyword ngxDirectiveThirdParty nchan_redis_storage_mode +syn keyword ngxDirectiveThirdParty nchan_redis_url +syn keyword ngxDirectiveThirdParty nchan_store_messages +syn keyword ngxDirectiveThirdParty nchan_use_redis +syn keyword ngxDirectiveThirdParty nchan_access_control_allow_origin +syn keyword ngxDirectiveThirdParty nchan_channel_group +syn keyword ngxDirectiveThirdParty nchan_channel_group_accounting +syn keyword ngxDirectiveThirdParty nchan_group_location +syn keyword ngxDirectiveThirdParty nchan_group_max_channels +syn keyword ngxDirectiveThirdParty nchan_group_max_messages +syn keyword ngxDirectiveThirdParty nchan_group_max_messages_disk +syn keyword ngxDirectiveThirdParty nchan_group_max_messages_memory +syn keyword ngxDirectiveThirdParty nchan_group_max_subscribers +syn keyword ngxDirectiveThirdParty nchan_subscribe_existing_channels_only +syn keyword ngxDirectiveThirdParty nchan_channel_event_string +syn keyword ngxDirectiveThirdParty nchan_channel_events_channel_id +syn keyword ngxDirectiveThirdParty nchan_stub_status +syn keyword ngxDirectiveThirdParty nchan_max_channel_id_length +syn keyword ngxDirectiveThirdParty nchan_max_channel_subscribers +syn keyword ngxDirectiveThirdParty nchan_channel_timeout +syn keyword ngxDirectiveThirdParty nchan_storage_engine + +" Nginx Notice Module " Serve static file to POST requests. syn keyword ngxDirectiveThirdParty notice syn keyword ngxDirectiveThirdParty notice_type -" Phusion Passenger -" Easy and robust deployment of Ruby on Rails application on Apache and Nginx webservers. -syn keyword ngxDirectiveThirdParty passenger_base_uri -syn keyword ngxDirectiveThirdParty passenger_default_user +" OCSP Proxy Module +" Nginx OCSP processing module designed for response caching +syn keyword ngxDirectiveThirdParty ocsp_proxy +syn keyword ngxDirectiveThirdParty ocsp_cache_timeout + +" Eval Module +" Module for nginx web server evaluates response of proxy or memcached module into variables. +syn keyword ngxDirectiveThirdParty eval +syn keyword ngxDirectiveThirdParty eval_escalate +syn keyword ngxDirectiveThirdParty eval_buffer_size +syn keyword ngxDirectiveThirdParty eval_override_content_type +syn keyword ngxDirectiveThirdParty eval_subrequest_in_memory + +" OpenSSL Version Module +" Nginx OpenSSL version check at startup +syn keyword ngxDirectiveThirdParty openssl_version_minimum +syn keyword ngxDirectiveThirdParty openssl_builddate_minimum + +" Owner Match Module +" Control access for specific owners and groups of files +syn keyword ngxDirectiveThirdParty omallow +syn keyword ngxDirectiveThirdParty omdeny + +" Accept Language Module +" Parses the Accept-Language header and gives the most suitable locale from a list of supported locales. +syn keyword ngxDirectiveThirdParty pagespeed + +" PHP Memcache Standard Balancer Module +" Loadbalancer that is compatible to the standard loadbalancer in the php-memcache module +syn keyword ngxDirectiveThirdParty hash_key + +" PHP Session Module +" Nginx module to parse php sessions +syn keyword ngxDirectiveThirdParty php_session_parse +syn keyword ngxDirectiveThirdParty php_session_strip_formatting + +" Phusion Passenger Module +" Passenger is an open source web application server. +syn keyword ngxDirectiveThirdParty passenger_root syn keyword ngxDirectiveThirdParty passenger_enabled -syn keyword ngxDirectiveThirdParty passenger_log_level -syn keyword ngxDirectiveThirdParty passenger_max_instances_per_app -syn keyword ngxDirectiveThirdParty passenger_max_pool_size -syn keyword ngxDirectiveThirdParty passenger_pool_idle_time -syn keyword ngxDirectiveThirdParty passenger_root +syn keyword ngxDirectiveThirdParty passenger_base_uri +syn keyword ngxDirectiveThirdParty passenger_document_root syn keyword ngxDirectiveThirdParty passenger_ruby -syn keyword ngxDirectiveThirdParty passenger_use_global_queue +syn keyword ngxDirectiveThirdParty passenger_python +syn keyword ngxDirectiveThirdParty passenger_nodejs +syn keyword ngxDirectiveThirdParty passenger_meteor_app_settings +syn keyword ngxDirectiveThirdParty passenger_app_env +syn keyword ngxDirectiveThirdParty passenger_app_root +syn keyword ngxDirectiveThirdParty passenger_app_group_name +syn keyword ngxDirectiveThirdParty passenger_app_type +syn keyword ngxDirectiveThirdParty passenger_startup_file +syn keyword ngxDirectiveThirdParty passenger_restart_dir +syn keyword ngxDirectiveThirdParty passenger_spawn_method +syn keyword ngxDirectiveThirdParty passenger_env_var +syn keyword ngxDirectiveThirdParty passenger_load_shell_envvars +syn keyword ngxDirectiveThirdParty passenger_rolling_restarts +syn keyword ngxDirectiveThirdParty passenger_resist_deployment_errors syn keyword ngxDirectiveThirdParty passenger_user_switching -syn keyword ngxDirectiveThirdParty rack_env -syn keyword ngxDirectiveThirdParty rails_app_spawner_idle_time -syn keyword ngxDirectiveThirdParty rails_env -syn keyword ngxDirectiveThirdParty rails_framework_spawner_idle_time -syn keyword ngxDirectiveThirdParty rails_spawn_method +syn keyword ngxDirectiveThirdParty passenger_user +syn keyword ngxDirectiveThirdParty passenger_group +syn keyword ngxDirectiveThirdParty passenger_default_user +syn keyword ngxDirectiveThirdParty passenger_default_group +syn keyword ngxDirectiveThirdParty passenger_show_version_in_header +syn keyword ngxDirectiveThirdParty passenger_friendly_error_pages +syn keyword ngxDirectiveThirdParty passenger_disable_security_update_check +syn keyword ngxDirectiveThirdParty passenger_security_update_check_proxy +syn keyword ngxDirectiveThirdParty passenger_max_pool_size +syn keyword ngxDirectiveThirdParty passenger_min_instances +syn keyword ngxDirectiveThirdParty passenger_max_instances +syn keyword ngxDirectiveThirdParty passenger_max_instances_per_app +syn keyword ngxDirectiveThirdParty passenger_pool_idle_time +syn keyword ngxDirectiveThirdParty passenger_max_preloader_idle_time +syn keyword ngxDirectiveThirdParty passenger_force_max_concurrent_requests_per_process +syn keyword ngxDirectiveThirdParty passenger_start_timeout +syn keyword ngxDirectiveThirdParty passenger_concurrency_model +syn keyword ngxDirectiveThirdParty passenger_thread_count +syn keyword ngxDirectiveThirdParty passenger_max_requests +syn keyword ngxDirectiveThirdParty passenger_max_request_time +syn keyword ngxDirectiveThirdParty passenger_memory_limit +syn keyword ngxDirectiveThirdParty passenger_stat_throttle_rate +syn keyword ngxDirectiveThirdParty passenger_core_file_descriptor_ulimit +syn keyword ngxDirectiveThirdParty passenger_app_file_descriptor_ulimit +syn keyword ngxDirectiveThirdParty passenger_pre_start +syn keyword ngxDirectiveThirdParty passenger_set_header +syn keyword ngxDirectiveThirdParty passenger_max_request_queue_size +syn keyword ngxDirectiveThirdParty passenger_request_queue_overflow_status_code +syn keyword ngxDirectiveThirdParty passenger_sticky_sessions +syn keyword ngxDirectiveThirdParty passenger_sticky_sessions_cookie_name +syn keyword ngxDirectiveThirdParty passenger_abort_websockets_on_process_shutdown +syn keyword ngxDirectiveThirdParty passenger_ignore_client_abort +syn keyword ngxDirectiveThirdParty passenger_intercept_errors +syn keyword ngxDirectiveThirdParty passenger_pass_header +syn keyword ngxDirectiveThirdParty passenger_ignore_headers +syn keyword ngxDirectiveThirdParty passenger_headers_hash_bucket_size +syn keyword ngxDirectiveThirdParty passenger_headers_hash_max_size +syn keyword ngxDirectiveThirdParty passenger_buffer_response +syn keyword ngxDirectiveThirdParty passenger_response_buffer_high_watermark +syn keyword ngxDirectiveThirdParty passenger_buffer_size, passenger_buffers, passenger_busy_buffers_size +syn keyword ngxDirectiveThirdParty passenger_socket_backlog +syn keyword ngxDirectiveThirdParty passenger_log_level +syn keyword ngxDirectiveThirdParty passenger_log_file +syn keyword ngxDirectiveThirdParty passenger_file_descriptor_log_file +syn keyword ngxDirectiveThirdParty passenger_debugger +syn keyword ngxDirectiveThirdParty passenger_instance_registry_dir +syn keyword ngxDirectiveThirdParty passenger_data_buffer_dir +syn keyword ngxDirectiveThirdParty passenger_fly_with +syn keyword ngxDirectiveThirdParty union_station_support +syn keyword ngxDirectiveThirdParty union_station_key +syn keyword ngxDirectiveThirdParty union_station_proxy_address +syn keyword ngxDirectiveThirdParty union_station_filter +syn keyword ngxDirectiveThirdParty union_station_gateway_address +syn keyword ngxDirectiveThirdParty union_station_gateway_port +syn keyword ngxDirectiveThirdParty union_station_gateway_cert +syn keyword ngxDirectiveDeprecated rails_spawn_method +syn keyword ngxDirectiveDeprecated passenger_debug_log_file -" RDS JSON Module -" Help ngx_drizzle and other DBD modules emit JSON data. +" Postgres Module +" Upstream module that allows nginx to communicate directly with PostgreSQL database. +syn keyword ngxDirectiveThirdParty postgres_server +syn keyword ngxDirectiveThirdParty postgres_keepalive +syn keyword ngxDirectiveThirdParty postgres_pass +syn keyword ngxDirectiveThirdParty postgres_query +syn keyword ngxDirectiveThirdParty postgres_rewrite +syn keyword ngxDirectiveThirdParty postgres_output +syn keyword ngxDirectiveThirdParty postgres_set +syn keyword ngxDirectiveThirdParty postgres_escape +syn keyword ngxDirectiveThirdParty postgres_connect_timeout +syn keyword ngxDirectiveThirdParty postgres_result_timeout + +" Pubcookie Module +" Authorizes users using encrypted cookies +syn keyword ngxDirectiveThirdParty pubcookie_inactive_expire +syn keyword ngxDirectiveThirdParty pubcookie_hard_expire +syn keyword ngxDirectiveThirdParty pubcookie_app_id +syn keyword ngxDirectiveThirdParty pubcookie_dir_depth +syn keyword ngxDirectiveThirdParty pubcookie_catenate_app_ids +syn keyword ngxDirectiveThirdParty pubcookie_app_srv_id +syn keyword ngxDirectiveThirdParty pubcookie_login +syn keyword ngxDirectiveThirdParty pubcookie_login_method +syn keyword ngxDirectiveThirdParty pubcookie_post +syn keyword ngxDirectiveThirdParty pubcookie_domain +syn keyword ngxDirectiveThirdParty pubcookie_granting_cert_file +syn keyword ngxDirectiveThirdParty pubcookie_session_key_file +syn keyword ngxDirectiveThirdParty pubcookie_session_cert_file +syn keyword ngxDirectiveThirdParty pubcookie_crypt_key_file +syn keyword ngxDirectiveThirdParty pubcookie_end_session +syn keyword ngxDirectiveThirdParty pubcookie_encryption +syn keyword ngxDirectiveThirdParty pubcookie_session_reauth +syn keyword ngxDirectiveThirdParty pubcookie_auth_type_names +syn keyword ngxDirectiveThirdParty pubcookie_no_prompt +syn keyword ngxDirectiveThirdParty pubcookie_on_demand +syn keyword ngxDirectiveThirdParty pubcookie_addl_request +syn keyword ngxDirectiveThirdParty pubcookie_no_obscure_cookies +syn keyword ngxDirectiveThirdParty pubcookie_no_clean_creds +syn keyword ngxDirectiveThirdParty pubcookie_egd_device +syn keyword ngxDirectiveThirdParty pubcookie_no_blank +syn keyword ngxDirectiveThirdParty pubcookie_super_debug +syn keyword ngxDirectiveThirdParty pubcookie_set_remote_user + +" Push Stream Module +" A pure stream http push technology for your Nginx setup +syn keyword ngxDirectiveThirdParty push_stream_channels_statistics +syn keyword ngxDirectiveThirdParty push_stream_publisher +syn keyword ngxDirectiveThirdParty push_stream_subscriber +syn keyword ngxDirectiveThirdParty push_stream_shared_memory_size +syn keyword ngxDirectiveThirdParty push_stream_channel_deleted_message_text +syn keyword ngxDirectiveThirdParty push_stream_channel_inactivity_time +syn keyword ngxDirectiveThirdParty push_stream_ping_message_text +syn keyword ngxDirectiveThirdParty push_stream_timeout_with_body +syn keyword ngxDirectiveThirdParty push_stream_message_ttl +syn keyword ngxDirectiveThirdParty push_stream_max_subscribers_per_channel +syn keyword ngxDirectiveThirdParty push_stream_max_messages_stored_per_channel +syn keyword ngxDirectiveThirdParty push_stream_max_channel_id_length +syn keyword ngxDirectiveThirdParty push_stream_max_number_of_channels +syn keyword ngxDirectiveThirdParty push_stream_max_number_of_wildcard_channels +syn keyword ngxDirectiveThirdParty push_stream_wildcard_channel_prefix +syn keyword ngxDirectiveThirdParty push_stream_events_channel_id +syn keyword ngxDirectiveThirdParty push_stream_channels_path +syn keyword ngxDirectiveThirdParty push_stream_store_messages +syn keyword ngxDirectiveThirdParty push_stream_channel_info_on_publish +syn keyword ngxDirectiveThirdParty push_stream_authorized_channels_only +syn keyword ngxDirectiveThirdParty push_stream_header_template_file +syn keyword ngxDirectiveThirdParty push_stream_header_template +syn keyword ngxDirectiveThirdParty push_stream_message_template +syn keyword ngxDirectiveThirdParty push_stream_footer_template +syn keyword ngxDirectiveThirdParty push_stream_wildcard_channel_max_qtd +syn keyword ngxDirectiveThirdParty push_stream_ping_message_interval +syn keyword ngxDirectiveThirdParty push_stream_subscriber_connection_ttl +syn keyword ngxDirectiveThirdParty push_stream_longpolling_connection_ttl +syn keyword ngxDirectiveThirdParty push_stream_websocket_allow_publish +syn keyword ngxDirectiveThirdParty push_stream_last_received_message_time +syn keyword ngxDirectiveThirdParty push_stream_last_received_message_tag +syn keyword ngxDirectiveThirdParty push_stream_last_event_id +syn keyword ngxDirectiveThirdParty push_stream_user_agent +syn keyword ngxDirectiveThirdParty push_stream_padding_by_user_agent +syn keyword ngxDirectiveThirdParty push_stream_allowed_origins +syn keyword ngxDirectiveThirdParty push_stream_allow_connections_to_events_channel + +" rDNS Module +" Make a reverse DNS (rDNS) lookup for incoming connection and provides simple access control of incoming hostname by allow/deny rules +syn keyword ngxDirectiveThirdParty rdns +syn keyword ngxDirectiveThirdParty rdns_allow +syn keyword ngxDirectiveThirdParty rdns_deny + +" RDS CSV Module +" Nginx output filter module to convert Resty-DBD-Streams (RDS) to Comma-Separated Values (CSV) +syn keyword ngxDirectiveThirdParty rds_csv +syn keyword ngxDirectiveThirdParty rds_csv_row_terminator +syn keyword ngxDirectiveThirdParty rds_csv_field_separator +syn keyword ngxDirectiveThirdParty rds_csv_field_name_header +syn keyword ngxDirectiveThirdParty rds_csv_content_type +syn keyword ngxDirectiveThirdParty rds_csv_buffer_size + +" RDS JSON Module +" An output filter that formats Resty DBD Streams generated by ngx_drizzle and others to JSON syn keyword ngxDirectiveThirdParty rds_json +syn keyword ngxDirectiveThirdParty rds_json_buffer_size +syn keyword ngxDirectiveThirdParty rds_json_format +syn keyword ngxDirectiveThirdParty rds_json_root +syn keyword ngxDirectiveThirdParty rds_json_success_property +syn keyword ngxDirectiveThirdParty rds_json_user_property +syn keyword ngxDirectiveThirdParty rds_json_errcode_key +syn keyword ngxDirectiveThirdParty rds_json_errstr_key +syn keyword ngxDirectiveThirdParty rds_json_ret syn keyword ngxDirectiveThirdParty rds_json_content_type -syn keyword ngxDirectiveThirdParty rds_json_format -syn keyword ngxDirectiveThirdParty rds_json_ret -" RRD Graph Module +" Redis Module +" Use this module to perform simple caching +syn keyword ngxDirectiveThirdParty redis_pass +syn keyword ngxDirectiveThirdParty redis_bind +syn keyword ngxDirectiveThirdParty redis_connect_timeout +syn keyword ngxDirectiveThirdParty redis_read_timeout +syn keyword ngxDirectiveThirdParty redis_send_timeout +syn keyword ngxDirectiveThirdParty redis_buffer_size +syn keyword ngxDirectiveThirdParty redis_next_upstream +syn keyword ngxDirectiveThirdParty redis_gzip_flag + +" Redis 2 Module +" Nginx upstream module for the Redis 2.0 protocol +syn keyword ngxDirectiveThirdParty redis2_query +syn keyword ngxDirectiveThirdParty redis2_raw_query +syn keyword ngxDirectiveThirdParty redis2_raw_queries +syn keyword ngxDirectiveThirdParty redis2_literal_raw_query +syn keyword ngxDirectiveThirdParty redis2_pass +syn keyword ngxDirectiveThirdParty redis2_connect_timeout +syn keyword ngxDirectiveThirdParty redis2_send_timeout +syn keyword ngxDirectiveThirdParty redis2_read_timeout +syn keyword ngxDirectiveThirdParty redis2_buffer_size +syn keyword ngxDirectiveThirdParty redis2_next_upstream + +" Replace Filter Module +" Streaming regular expression replacement in response bodies +syn keyword ngxDirectiveThirdParty replace_filter +syn keyword ngxDirectiveThirdParty replace_filter_types +syn keyword ngxDirectiveThirdParty replace_filter_max_buffered_size +syn keyword ngxDirectiveThirdParty replace_filter_last_modified +syn keyword ngxDirectiveThirdParty replace_filter_skip + +" Roboo Module +" HTTP Robot Mitigator + +" RRD Graph Module " This module provides an HTTP interface to RRDtool's graphing facilities. syn keyword ngxDirectiveThirdParty rrd_graph syn keyword ngxDirectiveThirdParty rrd_graph_root -" Secure Download -" Create expiring links. +" RTMP Module +" NGINX-based Media Streaming Server +syn keyword ngxDirectiveThirdParty rtmp +" syn keyword ngxDirectiveThirdParty server +" syn keyword ngxDirectiveThirdParty listen +syn keyword ngxDirectiveThirdParty application +" syn keyword ngxDirectiveThirdParty timeout +syn keyword ngxDirectiveThirdParty ping +syn keyword ngxDirectiveThirdParty ping_timeout +syn keyword ngxDirectiveThirdParty max_streams +syn keyword ngxDirectiveThirdParty ack_window +syn keyword ngxDirectiveThirdParty chunk_size +syn keyword ngxDirectiveThirdParty max_queue +syn keyword ngxDirectiveThirdParty max_message +syn keyword ngxDirectiveThirdParty out_queue +syn keyword ngxDirectiveThirdParty out_cork +" syn keyword ngxDirectiveThirdParty allow +" syn keyword ngxDirectiveThirdParty deny +syn keyword ngxDirectiveThirdParty exec_push +syn keyword ngxDirectiveThirdParty exec_pull +syn keyword ngxDirectiveThirdParty exec +syn keyword ngxDirectiveThirdParty exec_options +syn keyword ngxDirectiveThirdParty exec_static +syn keyword ngxDirectiveThirdParty exec_kill_signal +syn keyword ngxDirectiveThirdParty respawn +syn keyword ngxDirectiveThirdParty respawn_timeout +syn keyword ngxDirectiveThirdParty exec_publish +syn keyword ngxDirectiveThirdParty exec_play +syn keyword ngxDirectiveThirdParty exec_play_done +syn keyword ngxDirectiveThirdParty exec_publish_done +syn keyword ngxDirectiveThirdParty exec_record_done +syn keyword ngxDirectiveThirdParty live +syn keyword ngxDirectiveThirdParty meta +syn keyword ngxDirectiveThirdParty interleave +syn keyword ngxDirectiveThirdParty wait_key +syn keyword ngxDirectiveThirdParty wait_video +syn keyword ngxDirectiveThirdParty publish_notify +syn keyword ngxDirectiveThirdParty drop_idle_publisher +syn keyword ngxDirectiveThirdParty sync +syn keyword ngxDirectiveThirdParty play_restart +syn keyword ngxDirectiveThirdParty idle_streams +syn keyword ngxDirectiveThirdParty record +syn keyword ngxDirectiveThirdParty record_path +syn keyword ngxDirectiveThirdParty record_suffix +syn keyword ngxDirectiveThirdParty record_unique +syn keyword ngxDirectiveThirdParty record_append +syn keyword ngxDirectiveThirdParty record_lock +syn keyword ngxDirectiveThirdParty record_max_size +syn keyword ngxDirectiveThirdParty record_max_frames +syn keyword ngxDirectiveThirdParty record_interval +syn keyword ngxDirectiveThirdParty recorder +syn keyword ngxDirectiveThirdParty record_notify +syn keyword ngxDirectiveThirdParty play +syn keyword ngxDirectiveThirdParty play_temp_path +syn keyword ngxDirectiveThirdParty play_local_path +syn keyword ngxDirectiveThirdParty pull +syn keyword ngxDirectiveThirdParty push +syn keyword ngxDirectiveThirdParty push_reconnect +syn keyword ngxDirectiveThirdParty session_relay +syn keyword ngxDirectiveThirdParty on_connect +syn keyword ngxDirectiveThirdParty on_play +syn keyword ngxDirectiveThirdParty on_publish +syn keyword ngxDirectiveThirdParty on_done +syn keyword ngxDirectiveThirdParty on_play_done +syn keyword ngxDirectiveThirdParty on_publish_done +syn keyword ngxDirectiveThirdParty on_record_done +syn keyword ngxDirectiveThirdParty on_update +syn keyword ngxDirectiveThirdParty notify_update_timeout +syn keyword ngxDirectiveThirdParty notify_update_strict +syn keyword ngxDirectiveThirdParty notify_relay_redirect +syn keyword ngxDirectiveThirdParty notify_method +syn keyword ngxDirectiveThirdParty hls +syn keyword ngxDirectiveThirdParty hls_path +syn keyword ngxDirectiveThirdParty hls_fragment +syn keyword ngxDirectiveThirdParty hls_playlist_length +syn keyword ngxDirectiveThirdParty hls_sync +syn keyword ngxDirectiveThirdParty hls_continuous +syn keyword ngxDirectiveThirdParty hls_nested +syn keyword ngxDirectiveThirdParty hls_base_url +syn keyword ngxDirectiveThirdParty hls_cleanup +syn keyword ngxDirectiveThirdParty hls_fragment_naming +syn keyword ngxDirectiveThirdParty hls_fragment_slicing +syn keyword ngxDirectiveThirdParty hls_variant +syn keyword ngxDirectiveThirdParty hls_type +syn keyword ngxDirectiveThirdParty hls_keys +syn keyword ngxDirectiveThirdParty hls_key_path +syn keyword ngxDirectiveThirdParty hls_key_url +syn keyword ngxDirectiveThirdParty hls_fragments_per_key +syn keyword ngxDirectiveThirdParty dash +syn keyword ngxDirectiveThirdParty dash_path +syn keyword ngxDirectiveThirdParty dash_fragment +syn keyword ngxDirectiveThirdParty dash_playlist_length +syn keyword ngxDirectiveThirdParty dash_nested +syn keyword ngxDirectiveThirdParty dash_cleanup +" syn keyword ngxDirectiveThirdParty access_log +" syn keyword ngxDirectiveThirdParty log_format +syn keyword ngxDirectiveThirdParty max_connections +syn keyword ngxDirectiveThirdParty rtmp_stat +syn keyword ngxDirectiveThirdParty rtmp_stat_stylesheet +syn keyword ngxDirectiveThirdParty rtmp_auto_push +syn keyword ngxDirectiveThirdParty rtmp_auto_push_reconnect +syn keyword ngxDirectiveThirdParty rtmp_socket_dir +syn keyword ngxDirectiveThirdParty rtmp_control + +" RTMPT Module +" Module for nginx to proxy rtmp using http protocol +syn keyword ngxDirectiveThirdParty rtmpt_proxy_target +syn keyword ngxDirectiveThirdParty rtmpt_proxy_rtmp_timeout +syn keyword ngxDirectiveThirdParty rtmpt_proxy_http_timeout +syn keyword ngxDirectiveThirdParty rtmpt_proxy +syn keyword ngxDirectiveThirdParty rtmpt_proxy_stat +syn keyword ngxDirectiveThirdParty rtmpt_proxy_stylesheet + +" Syntactically Awesome Module +" Providing on-the-fly compiling of Sass files as an NGINX module. +syn keyword ngxDirectiveThirdParty sass_compile +syn keyword ngxDirectiveThirdParty sass_error_log +syn keyword ngxDirectiveThirdParty sass_include_path +syn keyword ngxDirectiveThirdParty sass_indent +syn keyword ngxDirectiveThirdParty sass_is_indented_syntax +syn keyword ngxDirectiveThirdParty sass_linefeed +syn keyword ngxDirectiveThirdParty sass_precision +syn keyword ngxDirectiveThirdParty sass_output_style +syn keyword ngxDirectiveThirdParty sass_source_comments +syn keyword ngxDirectiveThirdParty sass_source_map_embed + +" Secure Download Module +" Enables you to create links which are only valid until a certain datetime is reached syn keyword ngxDirectiveThirdParty secure_download -syn keyword ngxDirectiveThirdParty secure_download_fail_location +syn keyword ngxDirectiveThirdParty secure_download_secret syn keyword ngxDirectiveThirdParty secure_download_path_mode -syn keyword ngxDirectiveThirdParty secure_download_secret -" SlowFS Cache Module +" Selective Cache Purge Module +" A module to purge cache by GLOB patterns. The supported patterns are the same as supported by Redis. +syn keyword ngxDirectiveThirdParty selective_cache_purge_redis_unix_socket +syn keyword ngxDirectiveThirdParty selective_cache_purge_redis_host +syn keyword ngxDirectiveThirdParty selective_cache_purge_redis_port +syn keyword ngxDirectiveThirdParty selective_cache_purge_redis_database +syn keyword ngxDirectiveThirdParty selective_cache_purge_query + +" Set cconv Module +" Cconv rewrite set commands +syn keyword ngxDirectiveThirdParty set_cconv_to_simp +syn keyword ngxDirectiveThirdParty set_cconv_to_trad +syn keyword ngxDirectiveThirdParty set_pinyin_to_normal + +" Set Hash Module +" Nginx module that allows the setting of variables to the value of a variety of hashes +syn keyword ngxDirectiveThirdParty set_md5 +syn keyword ngxDirectiveThirdParty set_md5_upper +syn keyword ngxDirectiveThirdParty set_murmur2 +syn keyword ngxDirectiveThirdParty set_murmur2_upper +syn keyword ngxDirectiveThirdParty set_sha1 +syn keyword ngxDirectiveThirdParty set_sha1_upper + +" Set Lang Module +" Provides a variety of ways for setting a variable denoting the langauge that content should be returned in. +syn keyword ngxDirectiveThirdParty set_lang +syn keyword ngxDirectiveThirdParty set_lang_method +syn keyword ngxDirectiveThirdParty lang_cookie +syn keyword ngxDirectiveThirdParty lang_get_var +syn keyword ngxDirectiveThirdParty lang_list +syn keyword ngxDirectiveThirdParty lang_post_var +syn keyword ngxDirectiveThirdParty lang_host +syn keyword ngxDirectiveThirdParty lang_referer + +" Set Misc Module +" Various set_xxx directives added to nginx's rewrite module +syn keyword ngxDirectiveThirdParty set_if_empty +syn keyword ngxDirectiveThirdParty set_quote_sql_str +syn keyword ngxDirectiveThirdParty set_quote_pgsql_str +syn keyword ngxDirectiveThirdParty set_quote_json_str +syn keyword ngxDirectiveThirdParty set_unescape_uri +syn keyword ngxDirectiveThirdParty set_escape_uri +syn keyword ngxDirectiveThirdParty set_hashed_upstream +syn keyword ngxDirectiveThirdParty set_encode_base32 +syn keyword ngxDirectiveThirdParty set_base32_padding +syn keyword ngxDirectiveThirdParty set_misc_base32_padding +syn keyword ngxDirectiveThirdParty set_base32_alphabet +syn keyword ngxDirectiveThirdParty set_decode_base32 +syn keyword ngxDirectiveThirdParty set_encode_base64 +syn keyword ngxDirectiveThirdParty set_decode_base64 +syn keyword ngxDirectiveThirdParty set_encode_hex +syn keyword ngxDirectiveThirdParty set_decode_hex +syn keyword ngxDirectiveThirdParty set_sha1 +syn keyword ngxDirectiveThirdParty set_md5 +syn keyword ngxDirectiveThirdParty set_hmac_sha1 +syn keyword ngxDirectiveThirdParty set_random +syn keyword ngxDirectiveThirdParty set_secure_random_alphanum +syn keyword ngxDirectiveThirdParty set_secure_random_lcalpha +syn keyword ngxDirectiveThirdParty set_rotate +syn keyword ngxDirectiveThirdParty set_local_today +syn keyword ngxDirectiveThirdParty set_formatted_gmt_time +syn keyword ngxDirectiveThirdParty set_formatted_local_time + +" SFlow Module +" A binary, random-sampling nginx module designed for: lightweight, centralized, continuous, real-time monitoring of very large and very busy web farms. +syn keyword ngxDirectiveThirdParty sflow + +" Shibboleth Module +" Shibboleth auth request module for nginx +syn keyword ngxDirectiveThirdParty shib_request +syn keyword ngxDirectiveThirdParty shib_request_set +syn keyword ngxDirectiveThirdParty shib_request_use_headers + +" Slice Module +" Nginx module for serving a file in slices (reverse byte-range) +" syn keyword ngxDirectiveThirdParty slice +syn keyword ngxDirectiveThirdParty slice_arg_begin +syn keyword ngxDirectiveThirdParty slice_arg_end +syn keyword ngxDirectiveThirdParty slice_header +syn keyword ngxDirectiveThirdParty slice_footer +syn keyword ngxDirectiveThirdParty slice_header_first +syn keyword ngxDirectiveThirdParty slice_footer_last + +" SlowFS Cache Module " Module adding ability to cache static files. syn keyword ngxDirectiveThirdParty slowfs_big_file_size syn keyword ngxDirectiveThirdParty slowfs_cache syn keyword ngxDirectiveThirdParty slowfs_cache_key syn keyword ngxDirectiveThirdParty slowfs_cache_min_uses syn keyword ngxDirectiveThirdParty slowfs_cache_path syn keyword ngxDirectiveThirdParty slowfs_cache_purge syn keyword ngxDirectiveThirdParty slowfs_cache_valid syn keyword ngxDirectiveThirdParty slowfs_temp_path -" Strip Module +" Small Light Module +" Dynamic Image Transformation Module For nginx. +syn keyword ngxDirectiveThirdParty small_light +syn keyword ngxDirectiveThirdParty small_light_getparam_mode +syn keyword ngxDirectiveThirdParty small_light_material_dir +syn keyword ngxDirectiveThirdParty small_light_pattern_define +syn keyword ngxDirectiveThirdParty small_light_radius_max +syn keyword ngxDirectiveThirdParty small_light_sigma_max +syn keyword ngxDirectiveThirdParty small_light_imlib2_temp_dir +syn keyword ngxDirectiveThirdParty small_light_buffer + +" Sorted Querystring Filter Module +" Nginx module to expose querystring parameters sorted in a variable to be used on cache_key as example +syn keyword ngxDirectiveThirdParty sorted_querystring_filter_parameter + +" Sphinx2 Module +" Nginx upstream module for Sphinx 2.x +syn keyword ngxDirectiveThirdParty sphinx2_pass +syn keyword ngxDirectiveThirdParty sphinx2_bind +syn keyword ngxDirectiveThirdParty sphinx2_connect_timeout +syn keyword ngxDirectiveThirdParty sphinx2_send_timeout +syn keyword ngxDirectiveThirdParty sphinx2_buffer_size +syn keyword ngxDirectiveThirdParty sphinx2_read_timeout +syn keyword ngxDirectiveThirdParty sphinx2_next_upstream + +" HTTP SPNEGO auth Module +" This module implements adds SPNEGO support to nginx(http://nginx.org). It currently supports only Kerberos authentication via GSSAPI +syn keyword ngxDirectiveThirdParty auth_gss +syn keyword ngxDirectiveThirdParty auth_gss_keytab +syn keyword ngxDirectiveThirdParty auth_gss_realm +syn keyword ngxDirectiveThirdParty auth_gss_service_name +syn keyword ngxDirectiveThirdParty auth_gss_authorized_principal +syn keyword ngxDirectiveThirdParty auth_gss_allow_basic_fallback + +" SR Cache Module +" Transparent subrequest-based caching layout for arbitrary nginx locations +syn keyword ngxDirectiveThirdParty srcache_fetch +syn keyword ngxDirectiveThirdParty srcache_fetch_skip +syn keyword ngxDirectiveThirdParty srcache_store +syn keyword ngxDirectiveThirdParty srcache_store_max_size +syn keyword ngxDirectiveThirdParty srcache_store_skip +syn keyword ngxDirectiveThirdParty srcache_store_statuses +syn keyword ngxDirectiveThirdParty srcache_store_ranges +syn keyword ngxDirectiveThirdParty srcache_header_buffer_size +syn keyword ngxDirectiveThirdParty srcache_store_hide_header +syn keyword ngxDirectiveThirdParty srcache_store_pass_header +syn keyword ngxDirectiveThirdParty srcache_methods +syn keyword ngxDirectiveThirdParty srcache_ignore_content_encoding +syn keyword ngxDirectiveThirdParty srcache_request_cache_control +syn keyword ngxDirectiveThirdParty srcache_response_cache_control +syn keyword ngxDirectiveThirdParty srcache_store_no_store +syn keyword ngxDirectiveThirdParty srcache_store_no_cache +syn keyword ngxDirectiveThirdParty srcache_store_private +syn keyword ngxDirectiveThirdParty srcache_default_expire +syn keyword ngxDirectiveThirdParty srcache_max_expire + +" SSSD Info Module +" Retrives additional attributes from SSSD for current authentizated user +syn keyword ngxDirectiveThirdParty sssd_info +syn keyword ngxDirectiveThirdParty sssd_info_output_to +syn keyword ngxDirectiveThirdParty sssd_info_groups +syn keyword ngxDirectiveThirdParty sssd_info_group +syn keyword ngxDirectiveThirdParty sssd_info_group_separator +syn keyword ngxDirectiveThirdParty sssd_info_attributes +syn keyword ngxDirectiveThirdParty sssd_info_attribute +syn keyword ngxDirectiveThirdParty sssd_info_attribute_separator + +" Static Etags Module +" Generate etags for static content +syn keyword ngxDirectiveThirdParty FileETag + +" Statsd Module +" An nginx module for sending statistics to statsd +syn keyword ngxDirectiveThirdParty statsd_server +syn keyword ngxDirectiveThirdParty statsd_sample_rate +syn keyword ngxDirectiveThirdParty statsd_count +syn keyword ngxDirectiveThirdParty statsd_timing + +" Sticky Module +" Add a sticky cookie to be always forwarded to the same upstream server +" syn keyword ngxDirectiveThirdParty sticky + +" Stream Echo Module +" TCP/stream echo module for NGINX (a port of ngx_http_echo_module) +syn keyword ngxDirectiveThirdParty echo +syn keyword ngxDirectiveThirdParty echo_duplicate +syn keyword ngxDirectiveThirdParty echo_flush_wait +syn keyword ngxDirectiveThirdParty echo_sleep +syn keyword ngxDirectiveThirdParty echo_send_timeout +syn keyword ngxDirectiveThirdParty echo_read_bytes +syn keyword ngxDirectiveThirdParty echo_read_line +syn keyword ngxDirectiveThirdParty echo_request_data +syn keyword ngxDirectiveThirdParty echo_discard_request +syn keyword ngxDirectiveThirdParty echo_read_buffer_size +syn keyword ngxDirectiveThirdParty echo_read_timeout +syn keyword ngxDirectiveThirdParty echo_client_error_log_level +syn keyword ngxDirectiveThirdParty echo_lingering_close +syn keyword ngxDirectiveThirdParty echo_lingering_time +syn keyword ngxDirectiveThirdParty echo_lingering_timeout + +" Stream Lua Module +" Embed the power of Lua into Nginx stream/TCP Servers. +syn keyword ngxDirectiveThirdParty lua_resolver +syn keyword ngxDirectiveThirdParty lua_resolver_timeout +syn keyword ngxDirectiveThirdParty lua_lingering_close +syn keyword ngxDirectiveThirdParty lua_lingering_time +syn keyword ngxDirectiveThirdParty lua_lingering_timeout + +" Stream Upsync Module +" Sync upstreams from consul or others, dynamiclly modify backend-servers attribute(weight, max_fails,...), needn't reload nginx. +syn keyword ngxDirectiveThirdParty upsync +syn keyword ngxDirectiveThirdParty upsync_dump_path +syn keyword ngxDirectiveThirdParty upsync_lb +syn keyword ngxDirectiveThirdParty upsync_show + +" Strip Module " Whitespace remover. syn keyword ngxDirectiveThirdParty strip -" Substitutions Module +" Subrange Module +" Split one big HTTP/Range request to multiple subrange requesets +syn keyword ngxDirectiveThirdParty subrange + +" Substitutions Module " A filter module which can do both regular expression and fixed string substitutions on response bodies. syn keyword ngxDirectiveThirdParty subs_filter syn keyword ngxDirectiveThirdParty subs_filter_types -" Supervisord Module +" Summarizer Module +" Upstream nginx module to get summaries of documents using the summarizer daemon service +syn keyword ngxDirectiveThirdParty smrzr_filename +syn keyword ngxDirectiveThirdParty smrzr_ratio + +" Supervisord Module " Module providing nginx with API to communicate with supervisord and manage (start/stop) backends on-demand. syn keyword ngxDirectiveThirdParty supervisord syn keyword ngxDirectiveThirdParty supervisord_inherit_backend_status syn keyword ngxDirectiveThirdParty supervisord_name syn keyword ngxDirectiveThirdParty supervisord_start syn keyword ngxDirectiveThirdParty supervisord_stop -" Upload Module -" Parses multipart/form-data allowing arbitrary handling of uploaded files. -syn keyword ngxDirectiveThirdParty upload_aggregate_form_field -syn keyword ngxDirectiveThirdParty upload_buffer_size -syn keyword ngxDirectiveThirdParty upload_cleanup -syn keyword ngxDirectiveThirdParty upload_limit_rate -syn keyword ngxDirectiveThirdParty upload_max_file_size -syn keyword ngxDirectiveThirdParty upload_max_output_body_len -syn keyword ngxDirectiveThirdParty upload_max_part_header_len -syn keyword ngxDirectiveThirdParty upload_pass -syn keyword ngxDirectiveThirdParty upload_pass_args -syn keyword ngxDirectiveThirdParty upload_pass_form_field -syn keyword ngxDirectiveThirdParty upload_set_form_field -syn keyword ngxDirectiveThirdParty upload_store -syn keyword ngxDirectiveThirdParty upload_store_access +" Tarantool Upstream Module +" Tarantool NginX upstream module (REST, JSON API, websockets, load balancing) +syn keyword ngxDirectiveThirdParty tnt_pass +syn keyword ngxDirectiveThirdParty tnt_http_methods +syn keyword ngxDirectiveThirdParty tnt_http_rest_methods +syn keyword ngxDirectiveThirdParty tnt_pass_http_request +syn keyword ngxDirectiveThirdParty tnt_pass_http_request_buffer_size +syn keyword ngxDirectiveThirdParty tnt_method +syn keyword ngxDirectiveThirdParty tnt_http_allowed_methods - experemental +syn keyword ngxDirectiveThirdParty tnt_send_timeout +syn keyword ngxDirectiveThirdParty tnt_read_timeout +syn keyword ngxDirectiveThirdParty tnt_buffer_size +syn keyword ngxDirectiveThirdParty tnt_next_upstream +syn keyword ngxDirectiveThirdParty tnt_connect_timeout +syn keyword ngxDirectiveThirdParty tnt_next_upstream +syn keyword ngxDirectiveThirdParty tnt_next_upstream_tries +syn keyword ngxDirectiveThirdParty tnt_next_upstream_timeout -" Upload Progress Module -" Tracks and reports upload progress. +" TCP Proxy Module +" Add the feature of tcp proxy with nginx, with health check and status monitor +syn keyword ngxDirectiveBlock tcp +" syn keyword ngxDirectiveThirdParty server +" syn keyword ngxDirectiveThirdParty listen +" syn keyword ngxDirectiveThirdParty allow +" syn keyword ngxDirectiveThirdParty deny +" syn keyword ngxDirectiveThirdParty so_keepalive +" syn keyword ngxDirectiveThirdParty tcp_nodelay +" syn keyword ngxDirectiveThirdParty timeout +" syn keyword ngxDirectiveThirdParty server_name +" syn keyword ngxDirectiveThirdParty resolver +" syn keyword ngxDirectiveThirdParty resolver_timeout +" syn keyword ngxDirectiveThirdParty upstream +syn keyword ngxDirectiveThirdParty check +syn keyword ngxDirectiveThirdParty check_http_send +syn keyword ngxDirectiveThirdParty check_http_expect_alive +syn keyword ngxDirectiveThirdParty check_smtp_send +syn keyword ngxDirectiveThirdParty check_smtp_expect_alive +syn keyword ngxDirectiveThirdParty check_shm_size +syn keyword ngxDirectiveThirdParty check_status +" syn keyword ngxDirectiveThirdParty ip_hash +" syn keyword ngxDirectiveThirdParty proxy_pass +" syn keyword ngxDirectiveThirdParty proxy_buffer +" syn keyword ngxDirectiveThirdParty proxy_connect_timeout +" syn keyword ngxDirectiveThirdParty proxy_read_timeout +syn keyword ngxDirectiveThirdParty proxy_write_timeout + +" Testcookie Module +" NGINX module for L7 DDoS attack mitigation +syn keyword ngxDirectiveThirdParty testcookie +syn keyword ngxDirectiveThirdParty testcookie_name +syn keyword ngxDirectiveThirdParty testcookie_domain +syn keyword ngxDirectiveThirdParty testcookie_expires +syn keyword ngxDirectiveThirdParty testcookie_path +syn keyword ngxDirectiveThirdParty testcookie_secret +syn keyword ngxDirectiveThirdParty testcookie_session +syn keyword ngxDirectiveThirdParty testcookie_arg +syn keyword ngxDirectiveThirdParty testcookie_max_attempts +syn keyword ngxDirectiveThirdParty testcookie_p3p +syn keyword ngxDirectiveThirdParty testcookie_fallback +syn keyword ngxDirectiveThirdParty testcookie_whitelist +syn keyword ngxDirectiveThirdParty testcookie_pass +syn keyword ngxDirectiveThirdParty testcookie_redirect_via_refresh +syn keyword ngxDirectiveThirdParty testcookie_refresh_template +syn keyword ngxDirectiveThirdParty testcookie_refresh_status +syn keyword ngxDirectiveThirdParty testcookie_deny_keepalive +syn keyword ngxDirectiveThirdParty testcookie_get_only +syn keyword ngxDirectiveThirdParty testcookie_https_location +syn keyword ngxDirectiveThirdParty testcookie_refresh_encrypt_cookie +syn keyword ngxDirectiveThirdParty testcookie_refresh_encrypt_cookie_key +syn keyword ngxDirectiveThirdParty testcookie_refresh_encrypt_iv +syn keyword ngxDirectiveThirdParty testcookie_internal +syn keyword ngxDirectiveThirdParty testcookie_httponly_flag +syn keyword ngxDirectiveThirdParty testcookie_secure_flag + +" Types Filter Module +" Change the `Content-Type` output header depending on an extension variable according to a condition specified in the 'if' clause. +syn keyword ngxDirectiveThirdParty types_filter +syn keyword ngxDirectiveThirdParty types_filter_use_default + +" Unzip Module +" Enabling fetching of files that are stored in zipped archives. +syn keyword ngxDirectiveThirdParty file_in_unzip_archivefile +syn keyword ngxDirectiveThirdParty file_in_unzip_extract +syn keyword ngxDirectiveThirdParty file_in_unzip + +" Upload Progress Module +" An upload progress system, that monitors RFC1867 POST upload as they are transmitted to upstream servers +syn keyword ngxDirectiveThirdParty upload_progress +syn keyword ngxDirectiveThirdParty track_uploads syn keyword ngxDirectiveThirdParty report_uploads -syn keyword ngxDirectiveThirdParty track_uploads -syn keyword ngxDirectiveThirdParty upload_progress syn keyword ngxDirectiveThirdParty upload_progress_content_type syn keyword ngxDirectiveThirdParty upload_progress_header +syn keyword ngxDirectiveThirdParty upload_progress_jsonp_parameter syn keyword ngxDirectiveThirdParty upload_progress_json_output +syn keyword ngxDirectiveThirdParty upload_progress_jsonp_output syn keyword ngxDirectiveThirdParty upload_progress_template -" Upstream Fair Balancer -" Sends an incoming request to the least-busy backend server, rather than distributing requests round-robin. +" Upload Module +" Parses request body storing all files being uploaded to a directory specified by upload_store directive +syn keyword ngxDirectiveThirdParty upload_pass +syn keyword ngxDirectiveThirdParty upload_resumable +syn keyword ngxDirectiveThirdParty upload_store +syn keyword ngxDirectiveThirdParty upload_state_store +syn keyword ngxDirectiveThirdParty upload_store_access +syn keyword ngxDirectiveThirdParty upload_set_form_field +syn keyword ngxDirectiveThirdParty upload_aggregate_form_field +syn keyword ngxDirectiveThirdParty upload_pass_form_field +syn keyword ngxDirectiveThirdParty upload_cleanup +syn keyword ngxDirectiveThirdParty upload_buffer_size +syn keyword ngxDirectiveThirdParty upload_max_part_header_len +syn keyword ngxDirectiveThirdParty upload_max_file_size +syn keyword ngxDirectiveThirdParty upload_limit_rate +syn keyword ngxDirectiveThirdParty upload_max_output_body_len +syn keyword ngxDirectiveThirdParty upload_tame_arrays +syn keyword ngxDirectiveThirdParty upload_pass_args + +" Upstream Fair Module +" The fair load balancer module for nginx http://nginx.localdomain.pl syn keyword ngxDirectiveThirdParty fair syn keyword ngxDirectiveThirdParty upstream_fair_shm_size -" Upstream Consistent Hash -" Select backend based on Consistent hash ring. -syn keyword ngxDirectiveThirdParty consistent_hash - -" Upstream Hash Module +" Upstream Hash Module (DEPRECATED) " Provides simple upstream load distribution by hashing a configurable variable. -syn keyword ngxDirectiveThirdParty hash -syn keyword ngxDirectiveThirdParty hash_again +" syn keyword ngxDirectiveDeprecated hash +syn keyword ngxDirectiveDeprecated hash_again -" XSS Module +" Upstream Domain Resolve Module +" A load-balancer that resolves an upstream domain name asynchronously. +syn keyword ngxDirectiveThirdParty jdomain + +" Upsync Module +" Sync upstreams from consul or others, dynamiclly modify backend-servers attribute(weight, max_fails,...), needn't reload nginx +syn keyword ngxDirectiveThirdParty upsync +syn keyword ngxDirectiveThirdParty upsync_dump_path +syn keyword ngxDirectiveThirdParty upsync_lb +syn keyword ngxDirectiveThirdParty upstream_show + +" URL Module +" Nginx url encoding converting module +syn keyword ngxDirectiveThirdParty url_encoding_convert +syn keyword ngxDirectiveThirdParty url_encoding_convert_from +syn keyword ngxDirectiveThirdParty url_encoding_convert_to + +" User Agent Module +" Match browsers and crawlers +syn keyword ngxDirectiveThirdParty user_agent + +" Upstrema Ketama Chash Module +" Nginx load-balancer module implementing ketama consistent hashing. +syn keyword ngxDirectiveThirdParty ketama_chash + +" Video Thumbextractor Module +" Extract thumbs from a video file +syn keyword ngxDirectiveThirdParty video_thumbextractor +syn keyword ngxDirectiveThirdParty video_thumbextractor_video_filename +syn keyword ngxDirectiveThirdParty video_thumbextractor_video_second +syn keyword ngxDirectiveThirdParty video_thumbextractor_image_width +syn keyword ngxDirectiveThirdParty video_thumbextractor_image_height +syn keyword ngxDirectiveThirdParty video_thumbextractor_only_keyframe +syn keyword ngxDirectiveThirdParty video_thumbextractor_next_time +syn keyword ngxDirectiveThirdParty video_thumbextractor_tile_rows +syn keyword ngxDirectiveThirdParty video_thumbextractor_tile_cols +syn keyword ngxDirectiveThirdParty video_thumbextractor_tile_max_rows +syn keyword ngxDirectiveThirdParty video_thumbextractor_tile_max_cols +syn keyword ngxDirectiveThirdParty video_thumbextractor_tile_sample_interval +syn keyword ngxDirectiveThirdParty video_thumbextractor_tile_color +syn keyword ngxDirectiveThirdParty video_thumbextractor_tile_margin +syn keyword ngxDirectiveThirdParty video_thumbextractor_tile_padding +syn keyword ngxDirectiveThirdParty video_thumbextractor_threads +syn keyword ngxDirectiveThirdParty video_thumbextractor_processes_per_worker + +" Eval Module +" Module for nginx web server evaluates response of proxy or memcached module into variables. +syn keyword ngxDirectiveThirdParty eval +syn keyword ngxDirectiveThirdParty eval_escalate +syn keyword ngxDirectiveThirdParty eval_override_content_type + +" VTS Module +" Nginx virtual host traffic status module +syn keyword ngxDirectiveThirdParty vhost_traffic_status +syn keyword ngxDirectiveThirdParty vhost_traffic_status_zone +syn keyword ngxDirectiveThirdParty vhost_traffic_status_display +syn keyword ngxDirectiveThirdParty vhost_traffic_status_display_format +syn keyword ngxDirectiveThirdParty vhost_traffic_status_display_jsonp +syn keyword ngxDirectiveThirdParty vhost_traffic_status_filter +syn keyword ngxDirectiveThirdParty vhost_traffic_status_filter_by_host +syn keyword ngxDirectiveThirdParty vhost_traffic_status_filter_by_set_key +syn keyword ngxDirectiveThirdParty vhost_traffic_status_filter_check_duplicate +syn keyword ngxDirectiveThirdParty vhost_traffic_status_limit +syn keyword ngxDirectiveThirdParty vhost_traffic_status_limit_traffic +syn keyword ngxDirectiveThirdParty vhost_traffic_status_limit_traffic_by_set_key +syn keyword ngxDirectiveThirdParty vhost_traffic_status_limit_check_duplicate + +" XSS Module " Native support for cross-site scripting (XSS) in an nginx. +syn keyword ngxDirectiveThirdParty xss_get syn keyword ngxDirectiveThirdParty xss_callback_arg -syn keyword ngxDirectiveThirdParty xss_get +syn keyword ngxDirectiveThirdParty xss_override_status +syn keyword ngxDirectiveThirdParty xss_check_status syn keyword ngxDirectiveThirdParty xss_input_types -syn keyword ngxDirectiveThirdParty xss_output_type + +" ZIP Module +" ZIP archiver for nginx + " highlight hi link ngxComment Comment hi link ngxVariable Identifier hi link ngxVariableBlock Identifier hi link ngxVariableString PreProc hi link ngxBlock Normal From piotrsikora at google.com Wed Mar 1 20:16:39 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Wed, 1 Mar 2017 12:16:39 -0800 Subject: [PATCH 2 of 3] Upstream: allow recovery from "429 Too Many Requests" response In-Reply-To: <20170301153327.GT34777@mdounin.ru> References: <20170225234510.GD34777@mdounin.ru> <20170301153327.GT34777@mdounin.ru> Message-ID: Hi Maxim, > Not sure it's good idea to don't count a 429 response as a peer > failure. Contrary, counting it as a failure will naturally reduce > load on the particular server, resulting in less rejects. But 429 can be returned on a per request basis (think client IP exceeding limit_req limits, or a logged in user that's rate-limited based on API usage), so I'd question marking backends as failed because of that. Best regards, Piotr Sikora From piotrsikora at google.com Wed Mar 1 20:20:38 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Wed, 1 Mar 2017 12:20:38 -0800 Subject: [PATCH 3 of 3] Limit req: change default response code when rate-limiting In-Reply-To: <20170301153900.GU34777@mdounin.ru> References: <20170225234510.GD34777@mdounin.ru> <20170301153900.GU34777@mdounin.ru> Message-ID: Hi Maxim, > As I already wrote, I certainly disagree with this change. Yes, that was expected (that's why it was originally split into separate change). Is there a particular reason why do you disagree? It's hard to have a constructive discussion if you don't provide any reasoning for your (possibly correct) opinion. Best regards, Piotr Sikora From mdounin at mdounin.ru Wed Mar 1 23:58:24 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 2 Mar 2017 02:58:24 +0300 Subject: [PATCH 2 of 3] Upstream: allow recovery from "429 Too Many Requests" response In-Reply-To: References: <20170225234510.GD34777@mdounin.ru> <20170301153327.GT34777@mdounin.ru> Message-ID: <20170301235824.GW34777@mdounin.ru> Hello! On Wed, Mar 01, 2017 at 12:16:39PM -0800, Piotr Sikora via nginx-devel wrote: > Hi Maxim, > > > Not sure it's good idea to don't count a 429 response as a peer > > failure. Contrary, counting it as a failure will naturally reduce > > load on the particular server, resulting in less rejects. > > But 429 can be returned on a per request basis (think client IP > exceeding limit_req limits, or a logged in user that's rate-limited > based on API usage), so I'd question marking backends as failed > because of that. Sure, but why one would use "proxy_next_upstream http_429" then? If one of your backends reject a requests based on client's IP / login, then you probably don't want nginx to retry such a request on other servers, as this will just allow the user to do more requests when you already know the limit was reached. And it doesn't look like an effective way to build a system with distributed limits. In contrast, if a limit affects nginx's IP and/or group of services on a backend, retrying on a different backend may make sense. But use case suggests that 429 should be counted as failure. Note well that right now only 404 and 403 are not counted as failures, and these are done for a very specific use case: when only some of your backends have relevant resources available, and 404 is just used a signal to try other backends. And 403 is mostly the same, but will appear when syncing new directories to a backend server. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Thu Mar 2 00:16:07 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 2 Mar 2017 03:16:07 +0300 Subject: [PATCH 3 of 3] Limit req: change default response code when rate-limiting In-Reply-To: References: <20170225234510.GD34777@mdounin.ru> <20170301153900.GU34777@mdounin.ru> Message-ID: <20170302001607.GX34777@mdounin.ru> Hello! On Wed, Mar 01, 2017 at 12:20:38PM -0800, Piotr Sikora via nginx-devel wrote: > Hi Maxim, > > > As I already wrote, I certainly disagree with this change. > > Yes, that was expected (that's why it was originally split into > separate change). > > Is there a particular reason why do you disagree? It's hard to have a > constructive discussion if you don't provide any reasoning for your > (possibly correct) opinion. There are two main reasons: 1. Because it usually not a good idea to inform an attacker who is being rate-limited that it is being rate-limited. For the very same reasons why one wouldn't inform the attacker who is trying to bruteforce logins and passwords if the error was in the login or in the password: it simplifies the attack. 2. There is no real difference between limit_req and limit_conn, both are some resource limits. Yet 429 clearly does not apply to limit_conn, by definition as given in RFC 6585 ("too many requests in a given amount of time"), and this is probably why you don't try to change limit_conn code in your patch. This in turn suggests that 429 is in general very badly defined. Other less important reasons include the fact that limit_req can be configured to apply arbitrary resource limits, not necessary client-related ones, and 5xx code as the default might be more appropriate. Also chaning the default without really good reasons is a bad idea, as it will break existing configurations. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Thu Mar 2 00:38:52 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 2 Mar 2017 03:38:52 +0300 Subject: Add missing static specifiers In-Reply-To: References: <20170228202219.GO34777@mdounin.ru> Message-ID: <20170302003852.GY34777@mdounin.ru> Hello! On Tue, Feb 28, 2017 at 09:20:37PM +0000, Eran Kornblau wrote: [...] > > > diff -r 8b7fd958c59f -r 4b4b8f5413a4 src/os/unix/ngx_linux_init.c > > > --- a/src/os/unix/ngx_linux_init.c Mon Feb 27 22:36:15 2017 +0300 > > > +++ b/src/os/unix/ngx_linux_init.c Tue Feb 28 11:49:07 2017 -0500 > > > @@ -9,8 +9,8 @@ > > > #include > > > > > > > > > -u_char ngx_linux_kern_ostype[50]; > > > -u_char ngx_linux_kern_osrelease[50]; > > > +static u_char ngx_linux_kern_ostype[50]; static u_char > > > +ngx_linux_kern_osrelease[50]; > > > > There are various OS-specific variables for various other > > platforms as well. It would be a good idea to either review > > them all, or left them as is. > > > Only one I could find is SERVICE_TABLE_ENTRY st (went over win32 > files manually) > Added it Looking into ngx_freebsd_init.c will show multiple similar variables (with some of them actually exported), the same in ngx_solaris_init.c, ngx_darwin_init.c, ngx_posix_init.c. It might be better idea to just avoid changing this part for now. [...] > diff -r 8b7fd958c59f -r 050f8b3c3c67 src/event/ngx_event.c > --- a/src/event/ngx_event.c Mon Feb 27 22:36:15 2017 +0300 > +++ b/src/event/ngx_event.c Tue Feb 28 16:06:25 2017 -0500 > @@ -59,19 +59,19 @@ > > #if (NGX_STAT_STUB) > > -ngx_atomic_t ngx_stat_accepted0; > +static ngx_atomic_t ngx_stat_accepted0; > ngx_atomic_t *ngx_stat_accepted = &ngx_stat_accepted0; > -ngx_atomic_t ngx_stat_handled0; > +static ngx_atomic_t ngx_stat_handled0; > ngx_atomic_t *ngx_stat_handled = &ngx_stat_handled0; > -ngx_atomic_t ngx_stat_requests0; > +static ngx_atomic_t ngx_stat_requests0; > ngx_atomic_t *ngx_stat_requests = &ngx_stat_requests0; > -ngx_atomic_t ngx_stat_active0; > +static ngx_atomic_t ngx_stat_active0; > ngx_atomic_t *ngx_stat_active = &ngx_stat_active0; > -ngx_atomic_t ngx_stat_reading0; > +static ngx_atomic_t ngx_stat_reading0; > ngx_atomic_t *ngx_stat_reading = &ngx_stat_reading0; > -ngx_atomic_t ngx_stat_writing0; > +static ngx_atomic_t ngx_stat_writing0; > ngx_atomic_t *ngx_stat_writing = &ngx_stat_writing0; > -ngx_atomic_t ngx_stat_waiting0; > +static ngx_atomic_t ngx_stat_waiting0; > ngx_atomic_t *ngx_stat_waiting = &ngx_stat_waiting0; This certainly needs additional changes to match style. Variable names in a single block are expected to be lined up. [...] -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Thu Mar 2 00:57:01 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 02 Mar 2017 00:57:01 +0000 Subject: [nginx] Contrib: vim syntax, update 3rd party module directives. Message-ID: details: http://hg.nginx.org/nginx/rev/7fca6f60d5ca branches: changeset: 6921:7fca6f60d5ca user: othree date: Wed Mar 01 23:41:39 2017 +0800 description: Contrib: vim syntax, update 3rd party module directives. diffstat: contrib/vim/syntax/nginx.vim | 1477 +++++++++++++++++++++++++++++++++++++---- 1 files changed, 1335 insertions(+), 142 deletions(-) diffs (truncated from 1615 to 1000 lines): diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim --- a/contrib/vim/syntax/nginx.vim +++ b/contrib/vim/syntax/nginx.vim @@ -644,127 +644,367 @@ syn keyword ngxDirective xslt_types syn keyword ngxDirective zone " 3rd party module list: -" http://wiki.nginx.org/Nginx3rdPartyModules +" https://www.nginx.com/resources/wiki/modules/ -" Accept Language Module +" Accept Language Module " Parses the Accept-Language header and gives the most suitable locale from a list of supported locales. syn keyword ngxDirectiveThirdParty set_from_accept_language -" Access Key Module +" Access Key Module (DEPRECATED) " Denies access unless the request URL contains an access key. -syn keyword ngxDirectiveThirdParty accesskey -syn keyword ngxDirectiveThirdParty accesskey_arg -syn keyword ngxDirectiveThirdParty accesskey_hashmethod -syn keyword ngxDirectiveThirdParty accesskey_signature +syn keyword ngxDirectiveDeprecated accesskey +syn keyword ngxDirectiveDeprecated accesskey_arg +syn keyword ngxDirectiveDeprecated accesskey_hashmethod +syn keyword ngxDirectiveDeprecated accesskey_signature -" Auth PAM Module -" HTTP Basic Authentication using PAM. -syn keyword ngxDirectiveThirdParty auth_pam -syn keyword ngxDirectiveThirdParty auth_pam_service_name +" Asynchronous FastCGI Module +" Primarily a modified version of the Nginx FastCGI module which implements multiplexing of connections, allowing a single FastCGI server to handle many concurrent requests. +" syn keyword ngxDirectiveThirdParty fastcgi_bind +" syn keyword ngxDirectiveThirdParty fastcgi_buffer_size +" syn keyword ngxDirectiveThirdParty fastcgi_buffers +" syn keyword ngxDirectiveThirdParty fastcgi_busy_buffers_size +" syn keyword ngxDirectiveThirdParty fastcgi_cache +" syn keyword ngxDirectiveThirdParty fastcgi_cache_key +" syn keyword ngxDirectiveThirdParty fastcgi_cache_methods +" syn keyword ngxDirectiveThirdParty fastcgi_cache_min_uses +" syn keyword ngxDirectiveThirdParty fastcgi_cache_path +" syn keyword ngxDirectiveThirdParty fastcgi_cache_use_stale +" syn keyword ngxDirectiveThirdParty fastcgi_cache_valid +" syn keyword ngxDirectiveThirdParty fastcgi_catch_stderr +" syn keyword ngxDirectiveThirdParty fastcgi_connect_timeout +" syn keyword ngxDirectiveThirdParty fastcgi_hide_header +" syn keyword ngxDirectiveThirdParty fastcgi_ignore_client_abort +" syn keyword ngxDirectiveThirdParty fastcgi_ignore_headers +" syn keyword ngxDirectiveThirdParty fastcgi_index +" syn keyword ngxDirectiveThirdParty fastcgi_intercept_errors +" syn keyword ngxDirectiveThirdParty fastcgi_max_temp_file_size +" syn keyword ngxDirectiveThirdParty fastcgi_next_upstream +" syn keyword ngxDirectiveThirdParty fastcgi_param +" syn keyword ngxDirectiveThirdParty fastcgi_pass +" syn keyword ngxDirectiveThirdParty fastcgi_pass_header +" syn keyword ngxDirectiveThirdParty fastcgi_pass_request_body +" syn keyword ngxDirectiveThirdParty fastcgi_pass_request_headers +" syn keyword ngxDirectiveThirdParty fastcgi_read_timeout +" syn keyword ngxDirectiveThirdParty fastcgi_send_lowat +" syn keyword ngxDirectiveThirdParty fastcgi_send_timeout +" syn keyword ngxDirectiveThirdParty fastcgi_split_path_info +" syn keyword ngxDirectiveThirdParty fastcgi_store +" syn keyword ngxDirectiveThirdParty fastcgi_store_access +" syn keyword ngxDirectiveThirdParty fastcgi_temp_file_write_size +" syn keyword ngxDirectiveThirdParty fastcgi_temp_path +syn keyword ngxDirectiveDeprecated fastcgi_upstream_fail_timeout +syn keyword ngxDirectiveDeprecated fastcgi_upstream_max_fails -" Cache Purge Module -" Module adding ability to purge content from FastCGI and proxy caches. +" Akamai G2O Module +" Nginx Module for Authenticating Akamai G2O requests +syn keyword ngxDirectiveThirdParty g2o +syn keyword ngxDirectiveThirdParty g2o_nonce +syn keyword ngxDirectiveThirdParty g2o_key + +" Lua Module +" You can be very simple to execute lua code for nginx +syn keyword ngxDirectiveThirdParty lua_file + +" Array Variable Module +" Add support for array-typed variables to nginx config files +syn keyword ngxDirectiveThirdParty array_split +syn keyword ngxDirectiveThirdParty array_join +syn keyword ngxDirectiveThirdParty array_map +syn keyword ngxDirectiveThirdParty array_map_op + +" Nginx Audio Track for HTTP Live Streaming +" This nginx module generates audio track for hls streams on the fly. +syn keyword ngxDirectiveThirdParty ngx_hls_audio_track +syn keyword ngxDirectiveThirdParty ngx_hls_audio_track_rootpath +syn keyword ngxDirectiveThirdParty ngx_hls_audio_track_output_format +syn keyword ngxDirectiveThirdParty ngx_hls_audio_track_output_header + +" AWS Proxy Module +" Nginx module to proxy to authenticated AWS services +syn keyword ngxDirectiveThirdParty aws_access_key +syn keyword ngxDirectiveThirdParty aws_key_scope +syn keyword ngxDirectiveThirdParty aws_signing_key +syn keyword ngxDirectiveThirdParty aws_endpoint +syn keyword ngxDirectiveThirdParty aws_s3_bucket +syn keyword ngxDirectiveThirdParty aws_sign + +" Backtrace module +" A Nginx module to dump backtrace when a worker process exits abnormally +syn keyword ngxDirectiveThirdParty backtrace_log +syn keyword ngxDirectiveThirdParty backtrace_max_stack_size + +" Brotli Module +" Nginx module for Brotli compression +syn keyword ngxDirectiveThirdParty brotli_static +syn keyword ngxDirectiveThirdParty brotli +syn keyword ngxDirectiveThirdParty brotli_types +syn keyword ngxDirectiveThirdParty brotli_buffers +syn keyword ngxDirectiveThirdParty brotli_comp_level +syn keyword ngxDirectiveThirdParty brotli_window +syn keyword ngxDirectiveThirdParty brotli_min_length + +" Cache Purge Module +" Adds ability to purge content from FastCGI, proxy, SCGI and uWSGI caches. syn keyword ngxDirectiveThirdParty fastcgi_cache_purge syn keyword ngxDirectiveThirdParty proxy_cache_purge +" syn keyword ngxDirectiveThirdParty scgi_cache_purge +" syn keyword ngxDirectiveThirdParty uwsgi_cache_purge -" Chunkin Module +" Chunkin Module (DEPRECATED) " HTTP 1.1 chunked-encoding request body support for Nginx. -syn keyword ngxDirectiveThirdParty chunkin -syn keyword ngxDirectiveThirdParty chunkin_keepalive -syn keyword ngxDirectiveThirdParty chunkin_max_chunks_per_buf -syn keyword ngxDirectiveThirdParty chunkin_resume +syn keyword ngxDirectiveDeprecated chunkin +syn keyword ngxDirectiveDeprecated chunkin_keepalive +syn keyword ngxDirectiveDeprecated chunkin_max_chunks_per_buf +syn keyword ngxDirectiveDeprecated chunkin_resume -" Circle GIF Module +" Circle GIF Module " Generates simple circle images with the colors and size specified in the URL. syn keyword ngxDirectiveThirdParty circle_gif syn keyword ngxDirectiveThirdParty circle_gif_max_radius syn keyword ngxDirectiveThirdParty circle_gif_min_radius syn keyword ngxDirectiveThirdParty circle_gif_step_radius -" Drizzle Module -" Make nginx talk directly to mysql, drizzle, and sqlite3 by libdrizzle. +" Nginx-Clojure Module +" Parses the Accept-Language header and gives the most suitable locale from a list of supported locales. +syn keyword ngxDirectiveThirdParty jvm_path +syn keyword ngxDirectiveThirdParty jvm_var +syn keyword ngxDirectiveThirdParty jvm_classpath +syn keyword ngxDirectiveThirdParty jvm_classpath_check +syn keyword ngxDirectiveThirdParty jvm_workers +syn keyword ngxDirectiveThirdParty jvm_options +syn keyword ngxDirectiveThirdParty jvm_handler_type +syn keyword ngxDirectiveThirdParty jvm_init_handler_name +syn keyword ngxDirectiveThirdParty jvm_init_handler_code +syn keyword ngxDirectiveThirdParty jvm_exit_handler_name +syn keyword ngxDirectiveThirdParty jvm_exit_handler_code +syn keyword ngxDirectiveThirdParty handlers_lazy_init +syn keyword ngxDirectiveThirdParty auto_upgrade_ws +syn keyword ngxDirectiveThirdParty content_handler_type +syn keyword ngxDirectiveThirdParty content_handler_name +syn keyword ngxDirectiveThirdParty content_handler_code +syn keyword ngxDirectiveThirdParty rewrite_handler_type +syn keyword ngxDirectiveThirdParty rewrite_handler_name +syn keyword ngxDirectiveThirdParty rewrite_handler_code +syn keyword ngxDirectiveThirdParty access_handler_type +syn keyword ngxDirectiveThirdParty access_handler_name +syn keyword ngxDirectiveThirdParty access_handler_code +syn keyword ngxDirectiveThirdParty header_filter_type +syn keyword ngxDirectiveThirdParty header_filter_name +syn keyword ngxDirectiveThirdParty header_filter_code +syn keyword ngxDirectiveThirdParty content_handler_property +syn keyword ngxDirectiveThirdParty rewrite_handler_property +syn keyword ngxDirectiveThirdParty access_handler_property +syn keyword ngxDirectiveThirdParty header_filter_property +syn keyword ngxDirectiveThirdParty always_read_body +syn keyword ngxDirectiveThirdParty shared_map +syn keyword ngxDirectiveThirdParty write_page_size + +" Upstream Consistent Hash +" A load balancer that uses an internal consistent hash ring to select the right backend node. +syn keyword ngxDirectiveThirdParty consistent_hash + +" Nginx Development Kit +" The NDK is an Nginx module that is designed to extend the core functionality of the excellent Nginx webserver in a way that can be used as a basis of other Nginx modules. +" NDK_UPSTREAM_LIST +" This submodule provides a directive that creates a list of upstreams, with optional weighting. This list can then be used by other modules to hash over the upstreams however they choose. +syn keyword ngxDirectiveThirdParty upstream_list + +" Drizzle Module +" Upstream module for talking to MySQL and Drizzle directly +syn keyword ngxDirectiveThirdParty drizzle_server +syn keyword ngxDirectiveThirdParty drizzle_keepalive +syn keyword ngxDirectiveThirdParty drizzle_query +syn keyword ngxDirectiveThirdParty drizzle_pass syn keyword ngxDirectiveThirdParty drizzle_connect_timeout -syn keyword ngxDirectiveThirdParty drizzle_dbname -syn keyword ngxDirectiveThirdParty drizzle_keepalive -syn keyword ngxDirectiveThirdParty drizzle_module_header -syn keyword ngxDirectiveThirdParty drizzle_pass -syn keyword ngxDirectiveThirdParty drizzle_query +syn keyword ngxDirectiveThirdParty drizzle_send_query_timeout syn keyword ngxDirectiveThirdParty drizzle_recv_cols_timeout syn keyword ngxDirectiveThirdParty drizzle_recv_rows_timeout -syn keyword ngxDirectiveThirdParty drizzle_send_query_timeout -syn keyword ngxDirectiveThirdParty drizzle_server +syn keyword ngxDirectiveThirdParty drizzle_buffer_size +syn keyword ngxDirectiveThirdParty drizzle_module_header +syn keyword ngxDirectiveThirdParty drizzle_status -" Echo Module -" Brings 'echo', 'sleep', 'time', 'exec' and more shell-style goodies to Nginx config file. +" Dynamic ETags Module +" Attempt at handling ETag / If-None-Match on proxied content. +syn keyword ngxDirectiveThirdParty dynamic_etags + +" Echo Module +" Bringing the power of "echo", "sleep", "time" and more to Nginx's config file syn keyword ngxDirectiveThirdParty echo -syn keyword ngxDirectiveThirdParty echo_after_body -syn keyword ngxDirectiveThirdParty echo_before_body +syn keyword ngxDirectiveThirdParty echo_duplicate +syn keyword ngxDirectiveThirdParty echo_flush +syn keyword ngxDirectiveThirdParty echo_sleep syn keyword ngxDirectiveThirdParty echo_blocking_sleep -syn keyword ngxDirectiveThirdParty echo_duplicate -syn keyword ngxDirectiveThirdParty echo_end -syn keyword ngxDirectiveThirdParty echo_exec -syn keyword ngxDirectiveThirdParty echo_flush +syn keyword ngxDirectiveThirdParty echo_reset_timer +syn keyword ngxDirectiveThirdParty echo_read_request_body +syn keyword ngxDirectiveThirdParty echo_location_async +syn keyword ngxDirectiveThirdParty echo_location +syn keyword ngxDirectiveThirdParty echo_subrequest_async +syn keyword ngxDirectiveThirdParty echo_subrequest syn keyword ngxDirectiveThirdParty echo_foreach_split -syn keyword ngxDirectiveThirdParty echo_location -syn keyword ngxDirectiveThirdParty echo_location_async -syn keyword ngxDirectiveThirdParty echo_read_request_body +syn keyword ngxDirectiveThirdParty echo_end syn keyword ngxDirectiveThirdParty echo_request_body -syn keyword ngxDirectiveThirdParty echo_reset_timer -syn keyword ngxDirectiveThirdParty echo_sleep -syn keyword ngxDirectiveThirdParty echo_subrequest -syn keyword ngxDirectiveThirdParty echo_subrequest_async +syn keyword ngxDirectiveThirdParty echo_exec +syn keyword ngxDirectiveThirdParty echo_status +syn keyword ngxDirectiveThirdParty echo_before_body +syn keyword ngxDirectiveThirdParty echo_after_body -" Events Module +" Encrypted Session Module +" Encrypt and decrypt nginx variable values +syn keyword ngxDirectiveThirdParty encrypted_session_key +syn keyword ngxDirectiveThirdParty encrypted_session_iv +syn keyword ngxDirectiveThirdParty encrypted_session_expires +syn keyword ngxDirectiveThirdParty set_encrypt_session +syn keyword ngxDirectiveThirdParty set_decrypt_session + +" Enhanced Memcached Module +" This module is based on the standard Nginx Memcached module, with some additonal features +syn keyword ngxDirectiveThirdParty enhanced_memcached_pass +syn keyword ngxDirectiveThirdParty enhanced_memcached_hash_keys_with_md5 +syn keyword ngxDirectiveThirdParty enhanced_memcached_allow_put +syn keyword ngxDirectiveThirdParty enhanced_memcached_allow_delete +syn keyword ngxDirectiveThirdParty enhanced_memcached_stats +syn keyword ngxDirectiveThirdParty enhanced_memcached_flush +syn keyword ngxDirectiveThirdParty enhanced_memcached_flush_namespace +syn keyword ngxDirectiveThirdParty enhanced_memcached_bind +syn keyword ngxDirectiveThirdParty enhanced_memcached_connect_timeout +syn keyword ngxDirectiveThirdParty enhanced_memcached_send_timeout +syn keyword ngxDirectiveThirdParty enhanced_memcached_buffer_size +syn keyword ngxDirectiveThirdParty enhanced_memcached_read_timeout + +" Events Module (DEPRECATED) " Provides options for start/stop events. -syn keyword ngxDirectiveThirdParty on_start -syn keyword ngxDirectiveThirdParty on_stop +syn keyword ngxDirectiveDeprecated on_start +syn keyword ngxDirectiveDeprecated on_stop -" EY Balancer Module +" EY Balancer Module " Adds a request queue to Nginx that allows the limiting of concurrent requests passed to the upstream. syn keyword ngxDirectiveThirdParty max_connections syn keyword ngxDirectiveThirdParty max_connections_max_queue_length syn keyword ngxDirectiveThirdParty max_connections_queue_timeout -" Fancy Indexes Module +" Upstream Fair Balancer +" Sends an incoming request to the least-busy backend server, rather than distributing requests round-robin. +syn keyword ngxDirectiveThirdParty fair +syn keyword ngxDirectiveThirdParty upstream_fair_shm_size + +" Fancy Indexes Module " Like the built-in autoindex module, but fancier. syn keyword ngxDirectiveThirdParty fancyindex +syn keyword ngxDirectiveThirdParty fancyindex_default_sort +syn keyword ngxDirectiveThirdParty fancyindex_directories_first +syn keyword ngxDirectiveThirdParty fancyindex_css_href syn keyword ngxDirectiveThirdParty fancyindex_exact_size +syn keyword ngxDirectiveThirdParty fancyindex_name_length syn keyword ngxDirectiveThirdParty fancyindex_footer syn keyword ngxDirectiveThirdParty fancyindex_header +syn keyword ngxDirectiveThirdParty fancyindex_show_path +syn keyword ngxDirectiveThirdParty fancyindex_ignore +syn keyword ngxDirectiveThirdParty fancyindex_hide_symlinks syn keyword ngxDirectiveThirdParty fancyindex_localtime -syn keyword ngxDirectiveThirdParty fancyindex_readme -syn keyword ngxDirectiveThirdParty fancyindex_readme_mode +syn keyword ngxDirectiveThirdParty fancyindex_time_format + +" Form Auth Module +" Provides authentication and authorization with credentials submitted via POST request +syn keyword ngxDirectiveThirdParty form_auth +syn keyword ngxDirectiveThirdParty form_auth_pam_service +syn keyword ngxDirectiveThirdParty form_auth_login +syn keyword ngxDirectiveThirdParty form_auth_password +syn keyword ngxDirectiveThirdParty form_auth_remote_user + +" Form Input Module +" Reads HTTP POST and PUT request body encoded in "application/x-www-form-urlencoded" and parses the arguments into nginx variables. +syn keyword ngxDirectiveThirdParty set_form_input +syn keyword ngxDirectiveThirdParty set_form_input_multi " GeoIP Module (DEPRECATED) " Country code lookups via the MaxMind GeoIP API. -syn keyword ngxDirectiveThirdParty geoip_country_file +syn keyword ngxDirectiveDeprecated geoip_country_file -" Headers More Module +" GeoIP 2 Module +" Creates variables with values from the maxmind geoip2 databases based on the client IP +syn keyword ngxDirectiveThirdParty geoip2 + +" GridFS Module +" Nginx module for serving files from MongoDB's GridFS +syn keyword ngxDirectiveThirdParty gridfs + +" Headers More Module " Set and clear input and output headers...more than "add"! syn keyword ngxDirectiveThirdParty more_clear_headers syn keyword ngxDirectiveThirdParty more_clear_input_headers syn keyword ngxDirectiveThirdParty more_set_headers syn keyword ngxDirectiveThirdParty more_set_input_headers -" HTTP Push Module -" Turn Nginx into an adept long-polling HTTP Push (Comet) server. -syn keyword ngxDirectiveThirdParty push_buffer_size -syn keyword ngxDirectiveThirdParty push_listener -syn keyword ngxDirectiveThirdParty push_message_timeout -syn keyword ngxDirectiveThirdParty push_queue_messages -syn keyword ngxDirectiveThirdParty push_sender +" Health Checks Upstreams Module +" Polls backends and if they respond with HTTP 200 + an optional request body, they are marked good. Otherwise, they are marked bad. +syn keyword ngxDirectiveThirdParty healthcheck_enabled +syn keyword ngxDirectiveThirdParty healthcheck_delay +syn keyword ngxDirectiveThirdParty healthcheck_timeout +syn keyword ngxDirectiveThirdParty healthcheck_failcount +syn keyword ngxDirectiveThirdParty healthcheck_send +syn keyword ngxDirectiveThirdParty healthcheck_expected +syn keyword ngxDirectiveThirdParty healthcheck_buffer +syn keyword ngxDirectiveThirdParty healthcheck_status -" HTTP Redis Module > -" Redis support.> -syn keyword ngxDirectiveThirdParty redis_bind -syn keyword ngxDirectiveThirdParty redis_buffer_size -syn keyword ngxDirectiveThirdParty redis_connect_timeout -syn keyword ngxDirectiveThirdParty redis_next_upstream -syn keyword ngxDirectiveThirdParty redis_pass -syn keyword ngxDirectiveThirdParty redis_read_timeout -syn keyword ngxDirectiveThirdParty redis_send_timeout +" HTTP Accounting Module +" Add traffic stat function to nginx. Useful for http accounting based on nginx configuration logic +syn keyword ngxDirectiveThirdParty http_accounting +syn keyword ngxDirectiveThirdParty http_accounting_log +syn keyword ngxDirectiveThirdParty http_accounting_id +syn keyword ngxDirectiveThirdParty http_accounting_interval +syn keyword ngxDirectiveThirdParty http_accounting_perturb -" HTTP JavaScript Module +" Nginx Digest Authentication module +" Digest Authentication for Nginx +syn keyword ngxDirectiveThirdParty auth_digest +syn keyword ngxDirectiveThirdParty auth_digest_user_file +syn keyword ngxDirectiveThirdParty auth_digest_timeout +syn keyword ngxDirectiveThirdParty auth_digest_expires +syn keyword ngxDirectiveThirdParty auth_digest_replays +syn keyword ngxDirectiveThirdParty auth_digest_shm_size + +" Auth PAM Module +" HTTP Basic Authentication using PAM. +syn keyword ngxDirectiveThirdParty auth_pam +syn keyword ngxDirectiveThirdParty auth_pam_service_name + +" HTTP Auth Request Module +" Implements client authorization based on the result of a subrequest +" syn keyword ngxDirectiveThirdParty auth_request +" syn keyword ngxDirectiveThirdParty auth_request_set + +" HTTP Concatenation module for Nginx +" A Nginx module for concatenating files in a given context: CSS and JS files usually +syn keyword ngxDirectiveThirdParty concat +syn keyword ngxDirectiveThirdParty concat_types +syn keyword ngxDirectiveThirdParty concat_unique +syn keyword ngxDirectiveThirdParty concat_max_files +syn keyword ngxDirectiveThirdParty concat_delimiter +syn keyword ngxDirectiveThirdParty concat_ignore_file_error + +" HTTP Dynamic Upstream Module +" Update upstreams' config by restful interface +syn keyword ngxDirectiveThirdParty dyups_interface +syn keyword ngxDirectiveThirdParty dyups_read_msg_timeout +syn keyword ngxDirectiveThirdParty dyups_shm_zone_size +syn keyword ngxDirectiveThirdParty dyups_upstream_conf +syn keyword ngxDirectiveThirdParty dyups_trylock + +" HTTP Footer If Filter Module +" The ngx_http_footer_if_filter_module is used to add given content to the end of the response according to the condition specified. +syn keyword ngxDirectiveThirdParty footer_if + +" HTTP Footer Filter Module +" This module implements a body filter that adds a given string to the page footer. +syn keyword ngxDirectiveThirdParty footer +syn keyword ngxDirectiveThirdParty footer_types + +" HTTP Internal Redirect Module +" Make an internal redirect to the uri specified according to the condition specified. +syn keyword ngxDirectiveThirdParty internal_redirect_if +syn keyword ngxDirectiveThirdParty internal_redirect_if_no_postponed + +" HTTP JavaScript Module " Embedding SpiderMonkey. Nearly full port on Perl module. syn keyword ngxDirectiveThirdParty js syn keyword ngxDirectiveThirdParty js_filter @@ -775,12 +1015,152 @@ syn keyword ngxDirectiveThirdParty js_re syn keyword ngxDirectiveThirdParty js_set syn keyword ngxDirectiveThirdParty js_utf8 -" Log Request Speed +" HTTP Push Module (DEPRECATED) +" Turn Nginx into an adept long-polling HTTP Push (Comet) server. +syn keyword ngxDirectiveDeprecated push_buffer_size +syn keyword ngxDirectiveDeprecated push_listener +syn keyword ngxDirectiveDeprecated push_message_timeout +syn keyword ngxDirectiveDeprecated push_queue_messages +syn keyword ngxDirectiveDeprecated push_sender + +" HTTP Redis Module +" Redis support. +syn keyword ngxDirectiveThirdParty redis_bind +syn keyword ngxDirectiveThirdParty redis_buffer_size +syn keyword ngxDirectiveThirdParty redis_connect_timeout +syn keyword ngxDirectiveThirdParty redis_next_upstream +syn keyword ngxDirectiveThirdParty redis_pass +syn keyword ngxDirectiveThirdParty redis_read_timeout +syn keyword ngxDirectiveThirdParty redis_send_timeout + +" Iconv Module +" A character conversion nginx module using libiconv +syn keyword ngxDirectiveThirdParty set_iconv +syn keyword ngxDirectiveThirdParty iconv_buffer_size +syn keyword ngxDirectiveThirdParty iconv_filter + +" IP Blocker Module +" An efficient shared memory IP blocking system for nginx. +syn keyword ngxDirectiveThirdParty ip_blocker + +" IP2Location Module +" Allows user to lookup for geolocation information using IP2Location database +syn keyword ngxDirectiveThirdParty ip2location_database + +" JS Module +" Reflect the nginx functionality in JS +syn keyword ngxDirectiveThirdParty js +syn keyword ngxDirectiveThirdParty js_access +syn keyword ngxDirectiveThirdParty js_load +syn keyword ngxDirectiveThirdParty js_set + +" Limit Upload Rate Module +" Limit client-upload rate when they are sending request bodies to you +syn keyword ngxDirectiveThirdParty limit_upload_rate +syn keyword ngxDirectiveThirdParty limit_upload_rate_after + +" Limit Upstream Module +" Limit the number of connections to upstream for NGINX +syn keyword ngxDirectiveThirdParty limit_upstream_zone +syn keyword ngxDirectiveThirdParty limit_upstream_conn +syn keyword ngxDirectiveThirdParty limit_upstream_log_level + +" Log If Module +" Conditional accesslog for nginx +syn keyword ngxDirectiveThirdParty access_log_bypass_if + +" Log Request Speed (DEPRECATED) " Log the time it took to process each request. -syn keyword ngxDirectiveThirdParty log_request_speed_filter -syn keyword ngxDirectiveThirdParty log_request_speed_filter_timeout +syn keyword ngxDirectiveDeprecated log_request_speed_filter +syn keyword ngxDirectiveDeprecated log_request_speed_filter_timeout -" Memc Module +" Log ZeroMQ Module +" ZeroMQ logger module for nginx +syn keyword ngxDirectiveThirdParty log_zmq_server +syn keyword ngxDirectiveThirdParty log_zmq_endpoint +syn keyword ngxDirectiveThirdParty log_zmq_format +syn keyword ngxDirectiveThirdParty log_zmq_off + +" Lower/UpperCase Module +" This module simply uppercases or lowercases a string and saves it into a new variable. +syn keyword ngxDirectiveThirdParty lower +syn keyword ngxDirectiveThirdParty upper + +" Lua Upstream Module +" Nginx C module to expose Lua API to ngx_lua for Nginx upstreams + +" Lua Module +" Embed the Power of Lua into NGINX HTTP servers +syn keyword ngxDirectiveThirdParty lua_use_default_type +syn keyword ngxDirectiveThirdParty lua_malloc_trim +syn keyword ngxDirectiveThirdParty lua_code_cache +syn keyword ngxDirectiveThirdParty lua_regex_cache_max_entries +syn keyword ngxDirectiveThirdParty lua_regex_match_limit +syn keyword ngxDirectiveThirdParty lua_package_path +syn keyword ngxDirectiveThirdParty lua_package_cpath +syn keyword ngxDirectiveThirdParty init_by_lua +syn keyword ngxDirectiveThirdParty init_by_lua_block +syn keyword ngxDirectiveThirdParty init_by_lua_file +syn keyword ngxDirectiveThirdParty init_worker_by_lua +syn keyword ngxDirectiveThirdParty init_worker_by_lua_block +syn keyword ngxDirectiveThirdParty init_worker_by_lua_file +syn keyword ngxDirectiveThirdParty set_by_lua +syn keyword ngxDirectiveThirdParty set_by_lua_block +syn keyword ngxDirectiveThirdParty set_by_lua_file +syn keyword ngxDirectiveThirdParty content_by_lua +syn keyword ngxDirectiveThirdParty content_by_lua_block +syn keyword ngxDirectiveThirdParty content_by_lua_file +syn keyword ngxDirectiveThirdParty rewrite_by_lua +syn keyword ngxDirectiveThirdParty rewrite_by_lua_block +syn keyword ngxDirectiveThirdParty rewrite_by_lua_file +syn keyword ngxDirectiveThirdParty access_by_lua +syn keyword ngxDirectiveThirdParty access_by_lua_block +syn keyword ngxDirectiveThirdParty access_by_lua_file +syn keyword ngxDirectiveThirdParty header_filter_by_lua +syn keyword ngxDirectiveThirdParty header_filter_by_lua_block +syn keyword ngxDirectiveThirdParty header_filter_by_lua_file +syn keyword ngxDirectiveThirdParty body_filter_by_lua +syn keyword ngxDirectiveThirdParty body_filter_by_lua_block +syn keyword ngxDirectiveThirdParty body_filter_by_lua_file +syn keyword ngxDirectiveThirdParty log_by_lua +syn keyword ngxDirectiveThirdParty log_by_lua_block +syn keyword ngxDirectiveThirdParty log_by_lua_file +syn keyword ngxDirectiveThirdParty balancer_by_lua_block +syn keyword ngxDirectiveThirdParty balancer_by_lua_file +syn keyword ngxDirectiveThirdParty lua_need_request_body +syn keyword ngxDirectiveThirdParty ssl_certificate_by_lua_block +syn keyword ngxDirectiveThirdParty ssl_certificate_by_lua_file +syn keyword ngxDirectiveThirdParty ssl_session_fetch_by_lua_block +syn keyword ngxDirectiveThirdParty ssl_session_fetch_by_lua_file +syn keyword ngxDirectiveThirdParty ssl_session_store_by_lua_block +syn keyword ngxDirectiveThirdParty ssl_session_store_by_lua_file +syn keyword ngxDirectiveThirdParty lua_shared_dict +syn keyword ngxDirectiveThirdParty lua_socket_connect_timeout +syn keyword ngxDirectiveThirdParty lua_socket_send_timeout +syn keyword ngxDirectiveThirdParty lua_socket_send_lowat +syn keyword ngxDirectiveThirdParty lua_socket_read_timeout +syn keyword ngxDirectiveThirdParty lua_socket_buffer_size +syn keyword ngxDirectiveThirdParty lua_socket_pool_size +syn keyword ngxDirectiveThirdParty lua_socket_keepalive_timeout +syn keyword ngxDirectiveThirdParty lua_socket_log_errors +syn keyword ngxDirectiveThirdParty lua_ssl_ciphers +syn keyword ngxDirectiveThirdParty lua_ssl_crl +syn keyword ngxDirectiveThirdParty lua_ssl_protocols +syn keyword ngxDirectiveThirdParty lua_ssl_trusted_certificate +syn keyword ngxDirectiveThirdParty lua_ssl_verify_depth +syn keyword ngxDirectiveThirdParty lua_http10_buffering +syn keyword ngxDirectiveThirdParty rewrite_by_lua_no_postpone +syn keyword ngxDirectiveThirdParty access_by_lua_no_postpone +syn keyword ngxDirectiveThirdParty lua_transform_underscores_in_response_headers +syn keyword ngxDirectiveThirdParty lua_check_client_abort +syn keyword ngxDirectiveThirdParty lua_max_pending_timers +syn keyword ngxDirectiveThirdParty lua_max_running_timers + +" MD5 Filter Module +" A content filter for nginx, which returns the md5 hash of the content otherwise returned. +syn keyword ngxDirectiveThirdParty md5_filter + +" Memc Module " An extended version of the standard memcached module that supports set, add, delete, and many more memcached commands. syn keyword ngxDirectiveThirdParty memc_buffer_size syn keyword ngxDirectiveThirdParty memc_cmds_allowed @@ -793,65 +1173,596 @@ syn keyword ngxDirectiveThirdParty memc_ syn keyword ngxDirectiveThirdParty memc_upstream_fail_timeout syn keyword ngxDirectiveThirdParty memc_upstream_max_fails +" Mod Security Module +" ModSecurity is an open source, cross platform web application firewall (WAF) engine +syn keyword ngxDirectiveThirdParty ModSecurityConfig +syn keyword ngxDirectiveThirdParty ModSecurityEnabled +syn keyword ngxDirectiveThirdParty pool_context +syn keyword ngxDirectiveThirdParty pool_context_hash_size + " Mogilefs Module -" Implements a MogileFS client, provides a replace to the Perlbal reverse proxy of the original MogileFS. +" MogileFS client for nginx web server. +syn keyword ngxDirectiveThirdParty mogilefs_pass +syn keyword ngxDirectiveThirdParty mogilefs_methods +syn keyword ngxDirectiveThirdParty mogilefs_domain +syn keyword ngxDirectiveThirdParty mogilefs_class +syn keyword ngxDirectiveThirdParty mogilefs_tracker +syn keyword ngxDirectiveThirdParty mogilefs_noverify syn keyword ngxDirectiveThirdParty mogilefs_connect_timeout -syn keyword ngxDirectiveThirdParty mogilefs_domain -syn keyword ngxDirectiveThirdParty mogilefs_methods -syn keyword ngxDirectiveThirdParty mogilefs_noverify -syn keyword ngxDirectiveThirdParty mogilefs_pass +syn keyword ngxDirectiveThirdParty mogilefs_send_timeout syn keyword ngxDirectiveThirdParty mogilefs_read_timeout -syn keyword ngxDirectiveThirdParty mogilefs_send_timeout -syn keyword ngxDirectiveThirdParty mogilefs_tracker -" MP4 Streaming Lite Module +" Mongo Module +" Upstream module that allows nginx to communicate directly with MongoDB database. +syn keyword ngxDirectiveThirdParty mongo_auth +syn keyword ngxDirectiveThirdParty mongo_pass +syn keyword ngxDirectiveThirdParty mongo_query +syn keyword ngxDirectiveThirdParty mongo_json +syn keyword ngxDirectiveThirdParty mongo_bind +syn keyword ngxDirectiveThirdParty mongo_connect_timeout +syn keyword ngxDirectiveThirdParty mongo_send_timeout +syn keyword ngxDirectiveThirdParty mongo_read_timeout +syn keyword ngxDirectiveThirdParty mongo_buffering +syn keyword ngxDirectiveThirdParty mongo_buffer_size +syn keyword ngxDirectiveThirdParty mongo_buffers +syn keyword ngxDirectiveThirdParty mongo_busy_buffers_size +syn keyword ngxDirectiveThirdParty mongo_next_upstream + +" MP4 Streaming Lite Module " Will seek to a certain time within H.264/MP4 files when provided with a 'start' parameter in the URL. -syn keyword ngxDirectiveThirdParty mp4 +" syn keyword ngxDirectiveThirdParty mp4 -" Nginx Notice Module +" NAXSI Module +" NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX +syn keyword ngxDirectiveThirdParty DeniedUrl denied_url +syn keyword ngxDirectiveThirdParty LearningMode learning_mode +syn keyword ngxDirectiveThirdParty SecRulesEnabled rules_enabled +syn keyword ngxDirectiveThirdParty SecRulesDisabled rules_disabled +syn keyword ngxDirectiveThirdParty CheckRule check_rule +syn keyword ngxDirectiveThirdParty BasicRule basic_rule +syn keyword ngxDirectiveThirdParty MainRule main_rule +syn keyword ngxDirectiveThirdParty LibInjectionSql libinjection_sql +syn keyword ngxDirectiveThirdParty LibInjectionXss libinjection_xss + +" Nchan Module +" Fast, horizontally scalable, multiprocess pub/sub queuing server and proxy for HTTP, long-polling, Websockets and EventSource (SSE) +syn keyword ngxDirectiveThirdParty nchan_channel_id +syn keyword ngxDirectiveThirdParty nchan_channel_id_split_delimiter +syn keyword ngxDirectiveThirdParty nchan_eventsource_event +syn keyword ngxDirectiveThirdParty nchan_longpoll_multipart_response +syn keyword ngxDirectiveThirdParty nchan_publisher +syn keyword ngxDirectiveThirdParty nchan_publisher_channel_id +syn keyword ngxDirectiveThirdParty nchan_publisher_upstream_request +syn keyword ngxDirectiveThirdParty nchan_pubsub +syn keyword ngxDirectiveThirdParty nchan_subscribe_request +syn keyword ngxDirectiveThirdParty nchan_subscriber +syn keyword ngxDirectiveThirdParty nchan_subscriber_channel_id +syn keyword ngxDirectiveThirdParty nchan_subscriber_compound_etag_message_id +syn keyword ngxDirectiveThirdParty nchan_subscriber_first_message +syn keyword ngxDirectiveThirdParty nchan_subscriber_http_raw_stream_separator +syn keyword ngxDirectiveThirdParty nchan_subscriber_last_message_id +syn keyword ngxDirectiveThirdParty nchan_subscriber_message_id_custom_etag_header +syn keyword ngxDirectiveThirdParty nchan_subscriber_timeout +syn keyword ngxDirectiveThirdParty nchan_unsubscribe_request +syn keyword ngxDirectiveThirdParty nchan_websocket_ping_interval +syn keyword ngxDirectiveThirdParty nchan_authorize_request +syn keyword ngxDirectiveThirdParty nchan_max_reserved_memory +syn keyword ngxDirectiveThirdParty nchan_message_buffer_length +syn keyword ngxDirectiveThirdParty nchan_message_timeout +syn keyword ngxDirectiveThirdParty nchan_redis_idle_channel_cache_timeout +syn keyword ngxDirectiveThirdParty nchan_redis_namespace +syn keyword ngxDirectiveThirdParty nchan_redis_pass +syn keyword ngxDirectiveThirdParty nchan_redis_ping_interval +syn keyword ngxDirectiveThirdParty nchan_redis_server +syn keyword ngxDirectiveThirdParty nchan_redis_storage_mode +syn keyword ngxDirectiveThirdParty nchan_redis_url +syn keyword ngxDirectiveThirdParty nchan_store_messages +syn keyword ngxDirectiveThirdParty nchan_use_redis +syn keyword ngxDirectiveThirdParty nchan_access_control_allow_origin +syn keyword ngxDirectiveThirdParty nchan_channel_group +syn keyword ngxDirectiveThirdParty nchan_channel_group_accounting +syn keyword ngxDirectiveThirdParty nchan_group_location +syn keyword ngxDirectiveThirdParty nchan_group_max_channels +syn keyword ngxDirectiveThirdParty nchan_group_max_messages +syn keyword ngxDirectiveThirdParty nchan_group_max_messages_disk +syn keyword ngxDirectiveThirdParty nchan_group_max_messages_memory +syn keyword ngxDirectiveThirdParty nchan_group_max_subscribers +syn keyword ngxDirectiveThirdParty nchan_subscribe_existing_channels_only +syn keyword ngxDirectiveThirdParty nchan_channel_event_string +syn keyword ngxDirectiveThirdParty nchan_channel_events_channel_id +syn keyword ngxDirectiveThirdParty nchan_stub_status +syn keyword ngxDirectiveThirdParty nchan_max_channel_id_length +syn keyword ngxDirectiveThirdParty nchan_max_channel_subscribers +syn keyword ngxDirectiveThirdParty nchan_channel_timeout +syn keyword ngxDirectiveThirdParty nchan_storage_engine + +" Nginx Notice Module " Serve static file to POST requests. syn keyword ngxDirectiveThirdParty notice syn keyword ngxDirectiveThirdParty notice_type -" Phusion Passenger -" Easy and robust deployment of Ruby on Rails application on Apache and Nginx webservers. -syn keyword ngxDirectiveThirdParty passenger_base_uri -syn keyword ngxDirectiveThirdParty passenger_default_user +" OCSP Proxy Module +" Nginx OCSP processing module designed for response caching +syn keyword ngxDirectiveThirdParty ocsp_proxy +syn keyword ngxDirectiveThirdParty ocsp_cache_timeout + +" Eval Module +" Module for nginx web server evaluates response of proxy or memcached module into variables. +syn keyword ngxDirectiveThirdParty eval +syn keyword ngxDirectiveThirdParty eval_escalate +syn keyword ngxDirectiveThirdParty eval_buffer_size +syn keyword ngxDirectiveThirdParty eval_override_content_type +syn keyword ngxDirectiveThirdParty eval_subrequest_in_memory + +" OpenSSL Version Module +" Nginx OpenSSL version check at startup +syn keyword ngxDirectiveThirdParty openssl_version_minimum +syn keyword ngxDirectiveThirdParty openssl_builddate_minimum + +" Owner Match Module +" Control access for specific owners and groups of files +syn keyword ngxDirectiveThirdParty omallow +syn keyword ngxDirectiveThirdParty omdeny + +" Accept Language Module +" Parses the Accept-Language header and gives the most suitable locale from a list of supported locales. +syn keyword ngxDirectiveThirdParty pagespeed + +" PHP Memcache Standard Balancer Module +" Loadbalancer that is compatible to the standard loadbalancer in the php-memcache module +syn keyword ngxDirectiveThirdParty hash_key + +" PHP Session Module +" Nginx module to parse php sessions +syn keyword ngxDirectiveThirdParty php_session_parse +syn keyword ngxDirectiveThirdParty php_session_strip_formatting + +" Phusion Passenger Module +" Passenger is an open source web application server. +syn keyword ngxDirectiveThirdParty passenger_root syn keyword ngxDirectiveThirdParty passenger_enabled -syn keyword ngxDirectiveThirdParty passenger_log_level -syn keyword ngxDirectiveThirdParty passenger_max_instances_per_app -syn keyword ngxDirectiveThirdParty passenger_max_pool_size -syn keyword ngxDirectiveThirdParty passenger_pool_idle_time -syn keyword ngxDirectiveThirdParty passenger_root +syn keyword ngxDirectiveThirdParty passenger_base_uri +syn keyword ngxDirectiveThirdParty passenger_document_root syn keyword ngxDirectiveThirdParty passenger_ruby -syn keyword ngxDirectiveThirdParty passenger_use_global_queue +syn keyword ngxDirectiveThirdParty passenger_python +syn keyword ngxDirectiveThirdParty passenger_nodejs +syn keyword ngxDirectiveThirdParty passenger_meteor_app_settings +syn keyword ngxDirectiveThirdParty passenger_app_env +syn keyword ngxDirectiveThirdParty passenger_app_root +syn keyword ngxDirectiveThirdParty passenger_app_group_name +syn keyword ngxDirectiveThirdParty passenger_app_type +syn keyword ngxDirectiveThirdParty passenger_startup_file +syn keyword ngxDirectiveThirdParty passenger_restart_dir +syn keyword ngxDirectiveThirdParty passenger_spawn_method +syn keyword ngxDirectiveThirdParty passenger_env_var +syn keyword ngxDirectiveThirdParty passenger_load_shell_envvars +syn keyword ngxDirectiveThirdParty passenger_rolling_restarts +syn keyword ngxDirectiveThirdParty passenger_resist_deployment_errors syn keyword ngxDirectiveThirdParty passenger_user_switching -syn keyword ngxDirectiveThirdParty rack_env -syn keyword ngxDirectiveThirdParty rails_app_spawner_idle_time -syn keyword ngxDirectiveThirdParty rails_env -syn keyword ngxDirectiveThirdParty rails_framework_spawner_idle_time -syn keyword ngxDirectiveThirdParty rails_spawn_method +syn keyword ngxDirectiveThirdParty passenger_user +syn keyword ngxDirectiveThirdParty passenger_group +syn keyword ngxDirectiveThirdParty passenger_default_user +syn keyword ngxDirectiveThirdParty passenger_default_group +syn keyword ngxDirectiveThirdParty passenger_show_version_in_header +syn keyword ngxDirectiveThirdParty passenger_friendly_error_pages +syn keyword ngxDirectiveThirdParty passenger_disable_security_update_check +syn keyword ngxDirectiveThirdParty passenger_security_update_check_proxy +syn keyword ngxDirectiveThirdParty passenger_max_pool_size +syn keyword ngxDirectiveThirdParty passenger_min_instances +syn keyword ngxDirectiveThirdParty passenger_max_instances +syn keyword ngxDirectiveThirdParty passenger_max_instances_per_app +syn keyword ngxDirectiveThirdParty passenger_pool_idle_time +syn keyword ngxDirectiveThirdParty passenger_max_preloader_idle_time +syn keyword ngxDirectiveThirdParty passenger_force_max_concurrent_requests_per_process +syn keyword ngxDirectiveThirdParty passenger_start_timeout +syn keyword ngxDirectiveThirdParty passenger_concurrency_model +syn keyword ngxDirectiveThirdParty passenger_thread_count +syn keyword ngxDirectiveThirdParty passenger_max_requests +syn keyword ngxDirectiveThirdParty passenger_max_request_time +syn keyword ngxDirectiveThirdParty passenger_memory_limit +syn keyword ngxDirectiveThirdParty passenger_stat_throttle_rate +syn keyword ngxDirectiveThirdParty passenger_core_file_descriptor_ulimit +syn keyword ngxDirectiveThirdParty passenger_app_file_descriptor_ulimit +syn keyword ngxDirectiveThirdParty passenger_pre_start +syn keyword ngxDirectiveThirdParty passenger_set_header +syn keyword ngxDirectiveThirdParty passenger_max_request_queue_size +syn keyword ngxDirectiveThirdParty passenger_request_queue_overflow_status_code +syn keyword ngxDirectiveThirdParty passenger_sticky_sessions +syn keyword ngxDirectiveThirdParty passenger_sticky_sessions_cookie_name +syn keyword ngxDirectiveThirdParty passenger_abort_websockets_on_process_shutdown +syn keyword ngxDirectiveThirdParty passenger_ignore_client_abort +syn keyword ngxDirectiveThirdParty passenger_intercept_errors +syn keyword ngxDirectiveThirdParty passenger_pass_header +syn keyword ngxDirectiveThirdParty passenger_ignore_headers +syn keyword ngxDirectiveThirdParty passenger_headers_hash_bucket_size +syn keyword ngxDirectiveThirdParty passenger_headers_hash_max_size +syn keyword ngxDirectiveThirdParty passenger_buffer_response +syn keyword ngxDirectiveThirdParty passenger_response_buffer_high_watermark +syn keyword ngxDirectiveThirdParty passenger_buffer_size, passenger_buffers, passenger_busy_buffers_size +syn keyword ngxDirectiveThirdParty passenger_socket_backlog +syn keyword ngxDirectiveThirdParty passenger_log_level +syn keyword ngxDirectiveThirdParty passenger_log_file +syn keyword ngxDirectiveThirdParty passenger_file_descriptor_log_file +syn keyword ngxDirectiveThirdParty passenger_debugger +syn keyword ngxDirectiveThirdParty passenger_instance_registry_dir +syn keyword ngxDirectiveThirdParty passenger_data_buffer_dir +syn keyword ngxDirectiveThirdParty passenger_fly_with +syn keyword ngxDirectiveThirdParty union_station_support +syn keyword ngxDirectiveThirdParty union_station_key +syn keyword ngxDirectiveThirdParty union_station_proxy_address +syn keyword ngxDirectiveThirdParty union_station_filter +syn keyword ngxDirectiveThirdParty union_station_gateway_address +syn keyword ngxDirectiveThirdParty union_station_gateway_port +syn keyword ngxDirectiveThirdParty union_station_gateway_cert +syn keyword ngxDirectiveDeprecated rails_spawn_method +syn keyword ngxDirectiveDeprecated passenger_debug_log_file -" RDS JSON Module -" Help ngx_drizzle and other DBD modules emit JSON data. +" Postgres Module +" Upstream module that allows nginx to communicate directly with PostgreSQL database. +syn keyword ngxDirectiveThirdParty postgres_server +syn keyword ngxDirectiveThirdParty postgres_keepalive +syn keyword ngxDirectiveThirdParty postgres_pass +syn keyword ngxDirectiveThirdParty postgres_query +syn keyword ngxDirectiveThirdParty postgres_rewrite +syn keyword ngxDirectiveThirdParty postgres_output +syn keyword ngxDirectiveThirdParty postgres_set +syn keyword ngxDirectiveThirdParty postgres_escape +syn keyword ngxDirectiveThirdParty postgres_connect_timeout +syn keyword ngxDirectiveThirdParty postgres_result_timeout + +" Pubcookie Module +" Authorizes users using encrypted cookies +syn keyword ngxDirectiveThirdParty pubcookie_inactive_expire +syn keyword ngxDirectiveThirdParty pubcookie_hard_expire +syn keyword ngxDirectiveThirdParty pubcookie_app_id +syn keyword ngxDirectiveThirdParty pubcookie_dir_depth +syn keyword ngxDirectiveThirdParty pubcookie_catenate_app_ids +syn keyword ngxDirectiveThirdParty pubcookie_app_srv_id +syn keyword ngxDirectiveThirdParty pubcookie_login +syn keyword ngxDirectiveThirdParty pubcookie_login_method +syn keyword ngxDirectiveThirdParty pubcookie_post +syn keyword ngxDirectiveThirdParty pubcookie_domain +syn keyword ngxDirectiveThirdParty pubcookie_granting_cert_file +syn keyword ngxDirectiveThirdParty pubcookie_session_key_file +syn keyword ngxDirectiveThirdParty pubcookie_session_cert_file +syn keyword ngxDirectiveThirdParty pubcookie_crypt_key_file +syn keyword ngxDirectiveThirdParty pubcookie_end_session +syn keyword ngxDirectiveThirdParty pubcookie_encryption +syn keyword ngxDirectiveThirdParty pubcookie_session_reauth +syn keyword ngxDirectiveThirdParty pubcookie_auth_type_names +syn keyword ngxDirectiveThirdParty pubcookie_no_prompt +syn keyword ngxDirectiveThirdParty pubcookie_on_demand +syn keyword ngxDirectiveThirdParty pubcookie_addl_request +syn keyword ngxDirectiveThirdParty pubcookie_no_obscure_cookies +syn keyword ngxDirectiveThirdParty pubcookie_no_clean_creds +syn keyword ngxDirectiveThirdParty pubcookie_egd_device +syn keyword ngxDirectiveThirdParty pubcookie_no_blank +syn keyword ngxDirectiveThirdParty pubcookie_super_debug +syn keyword ngxDirectiveThirdParty pubcookie_set_remote_user + +" Push Stream Module +" A pure stream http push technology for your Nginx setup +syn keyword ngxDirectiveThirdParty push_stream_channels_statistics +syn keyword ngxDirectiveThirdParty push_stream_publisher +syn keyword ngxDirectiveThirdParty push_stream_subscriber +syn keyword ngxDirectiveThirdParty push_stream_shared_memory_size +syn keyword ngxDirectiveThirdParty push_stream_channel_deleted_message_text +syn keyword ngxDirectiveThirdParty push_stream_channel_inactivity_time +syn keyword ngxDirectiveThirdParty push_stream_ping_message_text +syn keyword ngxDirectiveThirdParty push_stream_timeout_with_body +syn keyword ngxDirectiveThirdParty push_stream_message_ttl +syn keyword ngxDirectiveThirdParty push_stream_max_subscribers_per_channel +syn keyword ngxDirectiveThirdParty push_stream_max_messages_stored_per_channel +syn keyword ngxDirectiveThirdParty push_stream_max_channel_id_length +syn keyword ngxDirectiveThirdParty push_stream_max_number_of_channels +syn keyword ngxDirectiveThirdParty push_stream_max_number_of_wildcard_channels +syn keyword ngxDirectiveThirdParty push_stream_wildcard_channel_prefix +syn keyword ngxDirectiveThirdParty push_stream_events_channel_id +syn keyword ngxDirectiveThirdParty push_stream_channels_path +syn keyword ngxDirectiveThirdParty push_stream_store_messages +syn keyword ngxDirectiveThirdParty push_stream_channel_info_on_publish +syn keyword ngxDirectiveThirdParty push_stream_authorized_channels_only +syn keyword ngxDirectiveThirdParty push_stream_header_template_file +syn keyword ngxDirectiveThirdParty push_stream_header_template +syn keyword ngxDirectiveThirdParty push_stream_message_template +syn keyword ngxDirectiveThirdParty push_stream_footer_template +syn keyword ngxDirectiveThirdParty push_stream_wildcard_channel_max_qtd +syn keyword ngxDirectiveThirdParty push_stream_ping_message_interval +syn keyword ngxDirectiveThirdParty push_stream_subscriber_connection_ttl +syn keyword ngxDirectiveThirdParty push_stream_longpolling_connection_ttl +syn keyword ngxDirectiveThirdParty push_stream_websocket_allow_publish +syn keyword ngxDirectiveThirdParty push_stream_last_received_message_time +syn keyword ngxDirectiveThirdParty push_stream_last_received_message_tag +syn keyword ngxDirectiveThirdParty push_stream_last_event_id +syn keyword ngxDirectiveThirdParty push_stream_user_agent +syn keyword ngxDirectiveThirdParty push_stream_padding_by_user_agent +syn keyword ngxDirectiveThirdParty push_stream_allowed_origins +syn keyword ngxDirectiveThirdParty push_stream_allow_connections_to_events_channel + +" rDNS Module +" Make a reverse DNS (rDNS) lookup for incoming connection and provides simple access control of incoming hostname by allow/deny rules +syn keyword ngxDirectiveThirdParty rdns +syn keyword ngxDirectiveThirdParty rdns_allow +syn keyword ngxDirectiveThirdParty rdns_deny + +" RDS CSV Module +" Nginx output filter module to convert Resty-DBD-Streams (RDS) to Comma-Separated Values (CSV) +syn keyword ngxDirectiveThirdParty rds_csv +syn keyword ngxDirectiveThirdParty rds_csv_row_terminator +syn keyword ngxDirectiveThirdParty rds_csv_field_separator +syn keyword ngxDirectiveThirdParty rds_csv_field_name_header +syn keyword ngxDirectiveThirdParty rds_csv_content_type +syn keyword ngxDirectiveThirdParty rds_csv_buffer_size + +" RDS JSON Module +" An output filter that formats Resty DBD Streams generated by ngx_drizzle and others to JSON syn keyword ngxDirectiveThirdParty rds_json +syn keyword ngxDirectiveThirdParty rds_json_buffer_size +syn keyword ngxDirectiveThirdParty rds_json_format +syn keyword ngxDirectiveThirdParty rds_json_root +syn keyword ngxDirectiveThirdParty rds_json_success_property +syn keyword ngxDirectiveThirdParty rds_json_user_property +syn keyword ngxDirectiveThirdParty rds_json_errcode_key +syn keyword ngxDirectiveThirdParty rds_json_errstr_key +syn keyword ngxDirectiveThirdParty rds_json_ret syn keyword ngxDirectiveThirdParty rds_json_content_type -syn keyword ngxDirectiveThirdParty rds_json_format -syn keyword ngxDirectiveThirdParty rds_json_ret -" RRD Graph Module +" Redis Module +" Use this module to perform simple caching +syn keyword ngxDirectiveThirdParty redis_pass +syn keyword ngxDirectiveThirdParty redis_bind +syn keyword ngxDirectiveThirdParty redis_connect_timeout +syn keyword ngxDirectiveThirdParty redis_read_timeout +syn keyword ngxDirectiveThirdParty redis_send_timeout +syn keyword ngxDirectiveThirdParty redis_buffer_size +syn keyword ngxDirectiveThirdParty redis_next_upstream +syn keyword ngxDirectiveThirdParty redis_gzip_flag + +" Redis 2 Module +" Nginx upstream module for the Redis 2.0 protocol +syn keyword ngxDirectiveThirdParty redis2_query +syn keyword ngxDirectiveThirdParty redis2_raw_query +syn keyword ngxDirectiveThirdParty redis2_raw_queries +syn keyword ngxDirectiveThirdParty redis2_literal_raw_query +syn keyword ngxDirectiveThirdParty redis2_pass +syn keyword ngxDirectiveThirdParty redis2_connect_timeout +syn keyword ngxDirectiveThirdParty redis2_send_timeout +syn keyword ngxDirectiveThirdParty redis2_read_timeout +syn keyword ngxDirectiveThirdParty redis2_buffer_size +syn keyword ngxDirectiveThirdParty redis2_next_upstream + +" Replace Filter Module +" Streaming regular expression replacement in response bodies +syn keyword ngxDirectiveThirdParty replace_filter +syn keyword ngxDirectiveThirdParty replace_filter_types +syn keyword ngxDirectiveThirdParty replace_filter_max_buffered_size +syn keyword ngxDirectiveThirdParty replace_filter_last_modified +syn keyword ngxDirectiveThirdParty replace_filter_skip + +" Roboo Module +" HTTP Robot Mitigator + From mdounin at mdounin.ru Thu Mar 2 00:57:27 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 2 Mar 2017 03:57:27 +0300 Subject: [PATCH] Contrib: vim syntax, update 3rd party module directives In-Reply-To: <7fca6f60d5cafa0127b5.1488383345@othreedeMacBook-Pro.local> References: <7fca6f60d5cafa0127b5.1488383345@othreedeMacBook-Pro.local> Message-ID: <20170302005727.GZ34777@mdounin.ru> Hello! On Wed, Mar 01, 2017 at 11:49:05PM +0800, othree wrote: > # HG changeset patch > # User othree > # Date 1488382899 -28800 > # Wed Mar 01 23:41:39 2017 +0800 > # Node ID 7fca6f60d5cafa0127b5bc4d6b74fcd06ab532a3 > # Parent 8b7fd958c59f8280d167fe7dd93f1942bfed5876 > Contrib: vim syntax, update 3rd party module directives. [...] Committed, thanks. -- Maxim Dounin http://nginx.org/ From eran.kornblau at kaltura.com Thu Mar 2 07:15:25 2017 From: eran.kornblau at kaltura.com (Eran Kornblau) Date: Thu, 2 Mar 2017 07:15:25 +0000 Subject: Add missing static specifiers In-Reply-To: <20170302003852.GY34777@mdounin.ru> References: <20170228202219.GO34777@mdounin.ru> <20170302003852.GY34777@mdounin.ru> Message-ID: Thanks, updated patch attached. > Hello! > > On Tue, Feb 28, 2017 at 09:20:37PM +0000, Eran Kornblau wrote: > > [...] > > > > > diff -r 8b7fd958c59f -r 4b4b8f5413a4 src/os/unix/ngx_linux_init.c > > > > --- a/src/os/unix/ngx_linux_init.c Mon Feb 27 22:36:15 2017 +0300 > > > > +++ b/src/os/unix/ngx_linux_init.c Tue Feb 28 11:49:07 2017 -0500 > > > > @@ -9,8 +9,8 @@ > > > > #include > > > > > > > > > > > > -u_char ngx_linux_kern_ostype[50]; -u_char > > > > ngx_linux_kern_osrelease[50]; > > > > +static u_char ngx_linux_kern_ostype[50]; static u_char > > > > +ngx_linux_kern_osrelease[50]; > > > > > > There are various OS-specific variables for various other platforms > > > as well. It would be a good idea to either review them all, or left > > > them as is. > > > > > Only one I could find is SERVICE_TABLE_ENTRY st (went over win32 files > > manually) Added it > > Looking into ngx_freebsd_init.c will show multiple similar variables (with some of them actually exported), the same in ngx_solaris_init.c, ngx_darwin_init.c, ngx_posix_init.c. It might be better idea to just avoid changing this part for now. > Ok, removed the OS-specific changes > [...] > > > diff -r 8b7fd958c59f -r 050f8b3c3c67 src/event/ngx_event.c > > --- a/src/event/ngx_event.c Mon Feb 27 22:36:15 2017 +0300 > > +++ b/src/event/ngx_event.c Tue Feb 28 16:06:25 2017 -0500 > > @@ -59,19 +59,19 @@ > > > > #if (NGX_STAT_STUB) > > > > -ngx_atomic_t ngx_stat_accepted0; > > +static ngx_atomic_t ngx_stat_accepted0; > > ngx_atomic_t *ngx_stat_accepted = &ngx_stat_accepted0; > > -ngx_atomic_t ngx_stat_handled0; > > +static ngx_atomic_t ngx_stat_handled0; > > ngx_atomic_t *ngx_stat_handled = &ngx_stat_handled0; > > -ngx_atomic_t ngx_stat_requests0; > > +static ngx_atomic_t ngx_stat_requests0; > > ngx_atomic_t *ngx_stat_requests = &ngx_stat_requests0; > > -ngx_atomic_t ngx_stat_active0; > > +static ngx_atomic_t ngx_stat_active0; > > ngx_atomic_t *ngx_stat_active = &ngx_stat_active0; > > -ngx_atomic_t ngx_stat_reading0; > > +static ngx_atomic_t ngx_stat_reading0; > > ngx_atomic_t *ngx_stat_reading = &ngx_stat_reading0; > > -ngx_atomic_t ngx_stat_writing0; > > +static ngx_atomic_t ngx_stat_writing0; > > ngx_atomic_t *ngx_stat_writing = &ngx_stat_writing0; > > -ngx_atomic_t ngx_stat_waiting0; > > +static ngx_atomic_t ngx_stat_waiting0; > > ngx_atomic_t *ngx_stat_waiting = &ngx_stat_waiting0; > > This certainly needs additional changes to match style. Variable names in a single block are expected to be lined up. > Fixed, separated the ints and pointers into two blocks (that made more sense to me than aligning them on a single block) > [...] > > -- > Maxim Dounin > http://nginx.org/ > _______________________________________________ > nginx-devel mailing list > nginx-devel at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel > Eran -------------- next part -------------- A non-text attachment was scrubbed... Name: nginx-add-static3.patch Type: application/octet-stream Size: 9414 bytes Desc: nginx-add-static3.patch URL: From othree at gmail.com Thu Mar 2 09:27:46 2017 From: othree at gmail.com (othree) Date: Thu, 02 Mar 2017 17:27:46 +0800 Subject: [PATCH] Contrib: vim syntax, allow multiline config by skipempty Message-ID: # HG changeset patch # User othree # Date 1488446347 -28800 # Thu Mar 02 17:19:07 2017 +0800 # Node ID e890ea7773ce474b7611d739564712793cc60e2c # Parent 7fca6f60d5cafa0127b5bc4d6b74fcd06ab532a3 Contrib: vim syntax, allow multiline config by skipempty. diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim --- a/contrib/vim/syntax/nginx.vim +++ b/contrib/vim/syntax/nginx.vim @@ -328,17 +328,17 @@ syn keyword ngxDirective pid syn keyword ngxDirective pop3_auth syn keyword ngxDirective pop3_capabilities syn keyword ngxDirective port_in_redirect syn keyword ngxDirective post_acceptex syn keyword ngxDirective postpone_gzipping syn keyword ngxDirective postpone_output syn keyword ngxDirective preread_buffer_size syn keyword ngxDirective preread_timeout -syn keyword ngxDirective protocol nextgroup=ngxMailProtocol skipwhite +syn keyword ngxDirective protocol nextgroup=ngxMailProtocol skipwhite skipempty syn keyword ngxMailProtocol imap pop3 smtp contained syn keyword ngxDirective proxy syn keyword ngxDirective proxy_bind syn keyword ngxDirective proxy_buffer syn keyword ngxDirective proxy_buffer_size syn keyword ngxDirective proxy_buffering syn keyword ngxDirective proxy_buffers syn keyword ngxDirective proxy_busy_buffers_size @@ -391,17 +391,17 @@ syn keyword ngxDirective proxy_send_time syn keyword ngxDirective proxy_set_body syn keyword ngxDirective proxy_set_header syn keyword ngxDirective proxy_ssl_certificate syn keyword ngxDirective proxy_ssl_certificate_key syn keyword ngxDirective proxy_ssl_ciphers syn keyword ngxDirective proxy_ssl_crl syn keyword ngxDirective proxy_ssl_name syn keyword ngxDirective proxy_ssl_password_file -syn keyword ngxDirective proxy_ssl_protocols nextgroup=ngxSSLProtocol skipwhite +syn keyword ngxDirective proxy_ssl_protocols nextgroup=ngxSSLProtocol skipwhite skipempty syn keyword ngxDirective proxy_ssl_server_name syn keyword ngxDirective proxy_ssl_session_reuse syn keyword ngxDirective proxy_ssl_trusted_certificate syn keyword ngxDirective proxy_ssl_verify syn keyword ngxDirective proxy_ssl_verify_depth syn keyword ngxDirective proxy_store syn keyword ngxDirective proxy_store_access syn keyword ngxDirective proxy_temp_file_write_size @@ -513,18 +513,18 @@ syn keyword ngxDirective ssl_client_cert syn keyword ngxDirective ssl_crl syn keyword ngxDirective ssl_dhparam syn keyword ngxDirective ssl_ecdh_curve syn keyword ngxDirective ssl_engine syn keyword ngxDirective ssl_handshake_timeout syn keyword ngxDirective ssl_password_file syn keyword ngxDirective ssl_prefer_server_ciphers syn keyword ngxDirective ssl_preread -syn keyword ngxDirective ssl_protocols nextgroup=ngxSSLProtocol skipwhite -syn keyword ngxSSLProtocol SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2 contained nextgroup=ngxSSLProtocol skipwhite +syn keyword ngxDirective ssl_protocols nextgroup=ngxSSLProtocol skipwhite skipempty +syn keyword ngxSSLProtocol SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2 contained nextgroup=ngxSSLProtocol skipwhite skipempty syn keyword ngxDirective ssl_session_cache syn keyword ngxDirective ssl_session_ticket_key syn keyword ngxDirective ssl_session_tickets syn keyword ngxDirective ssl_session_timeout syn keyword ngxDirective ssl_stapling syn keyword ngxDirective ssl_stapling_file syn keyword ngxDirective ssl_stapling_responder syn keyword ngxDirective ssl_stapling_verify @@ -605,17 +605,17 @@ syn keyword ngxDirective uwsgi_read_time syn keyword ngxDirective uwsgi_request_buffering syn keyword ngxDirective uwsgi_send_timeout syn keyword ngxDirective uwsgi_ssl_certificate syn keyword ngxDirective uwsgi_ssl_certificate_key syn keyword ngxDirective uwsgi_ssl_ciphers syn keyword ngxDirective uwsgi_ssl_crl syn keyword ngxDirective uwsgi_ssl_name syn keyword ngxDirective uwsgi_ssl_password_file -syn keyword ngxDirective uwsgi_ssl_protocols nextgroup=ngxSSLProtocol skipwhite +syn keyword ngxDirective uwsgi_ssl_protocols nextgroup=ngxSSLProtocol skipwhite skipempty syn keyword ngxDirective uwsgi_ssl_server_name syn keyword ngxDirective uwsgi_ssl_session_reuse syn keyword ngxDirective uwsgi_ssl_trusted_certificate syn keyword ngxDirective uwsgi_ssl_verify syn keyword ngxDirective uwsgi_ssl_verify_depth syn keyword ngxDirective uwsgi_store syn keyword ngxDirective uwsgi_store_access syn keyword ngxDirective uwsgi_string From othree at gmail.com Thu Mar 2 09:33:47 2017 From: othree at gmail.com (OOO) Date: Thu, 2 Mar 2017 17:33:47 +0800 Subject: [PATCH] Contrib: vim syntax, allow multiline config by skipempty In-Reply-To: References: Message-ID: I think there will be about 4 more commits: * Support rewrite flag. * Better location path highlight. * Remove ngxBlock syntax group. * Support geoip2 database keywords. 2017-03-02 17:27 GMT+08:00 othree : > # HG changeset patch > # User othree > # Date 1488446347 -28800 > # Thu Mar 02 17:19:07 2017 +0800 > # Node ID e890ea7773ce474b7611d739564712793cc60e2c > # Parent 7fca6f60d5cafa0127b5bc4d6b74fcd06ab532a3 > Contrib: vim syntax, allow multiline config by skipempty. > > diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim > --- a/contrib/vim/syntax/nginx.vim > +++ b/contrib/vim/syntax/nginx.vim > @@ -328,17 +328,17 @@ syn keyword ngxDirective pid > syn keyword ngxDirective pop3_auth > syn keyword ngxDirective pop3_capabilities > syn keyword ngxDirective port_in_redirect > syn keyword ngxDirective post_acceptex > syn keyword ngxDirective postpone_gzipping > syn keyword ngxDirective postpone_output > syn keyword ngxDirective preread_buffer_size > syn keyword ngxDirective preread_timeout > -syn keyword ngxDirective protocol nextgroup=ngxMailProtocol skipwhite > +syn keyword ngxDirective protocol nextgroup=ngxMailProtocol skipwhite skipempty > syn keyword ngxMailProtocol imap pop3 smtp contained > syn keyword ngxDirective proxy > syn keyword ngxDirective proxy_bind > syn keyword ngxDirective proxy_buffer > syn keyword ngxDirective proxy_buffer_size > syn keyword ngxDirective proxy_buffering > syn keyword ngxDirective proxy_buffers > syn keyword ngxDirective proxy_busy_buffers_size > @@ -391,17 +391,17 @@ syn keyword ngxDirective proxy_send_time > syn keyword ngxDirective proxy_set_body > syn keyword ngxDirective proxy_set_header > syn keyword ngxDirective proxy_ssl_certificate > syn keyword ngxDirective proxy_ssl_certificate_key > syn keyword ngxDirective proxy_ssl_ciphers > syn keyword ngxDirective proxy_ssl_crl > syn keyword ngxDirective proxy_ssl_name > syn keyword ngxDirective proxy_ssl_password_file > -syn keyword ngxDirective proxy_ssl_protocols nextgroup=ngxSSLProtocol skipwhite > +syn keyword ngxDirective proxy_ssl_protocols nextgroup=ngxSSLProtocol skipwhite skipempty > syn keyword ngxDirective proxy_ssl_server_name > syn keyword ngxDirective proxy_ssl_session_reuse > syn keyword ngxDirective proxy_ssl_trusted_certificate > syn keyword ngxDirective proxy_ssl_verify > syn keyword ngxDirective proxy_ssl_verify_depth > syn keyword ngxDirective proxy_store > syn keyword ngxDirective proxy_store_access > syn keyword ngxDirective proxy_temp_file_write_size > @@ -513,18 +513,18 @@ syn keyword ngxDirective ssl_client_cert > syn keyword ngxDirective ssl_crl > syn keyword ngxDirective ssl_dhparam > syn keyword ngxDirective ssl_ecdh_curve > syn keyword ngxDirective ssl_engine > syn keyword ngxDirective ssl_handshake_timeout > syn keyword ngxDirective ssl_password_file > syn keyword ngxDirective ssl_prefer_server_ciphers > syn keyword ngxDirective ssl_preread > -syn keyword ngxDirective ssl_protocols nextgroup=ngxSSLProtocol skipwhite > -syn keyword ngxSSLProtocol SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2 contained nextgroup=ngxSSLProtocol skipwhite > +syn keyword ngxDirective ssl_protocols nextgroup=ngxSSLProtocol skipwhite skipempty > +syn keyword ngxSSLProtocol SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2 contained nextgroup=ngxSSLProtocol skipwhite skipempty > syn keyword ngxDirective ssl_session_cache > syn keyword ngxDirective ssl_session_ticket_key > syn keyword ngxDirective ssl_session_tickets > syn keyword ngxDirective ssl_session_timeout > syn keyword ngxDirective ssl_stapling > syn keyword ngxDirective ssl_stapling_file > syn keyword ngxDirective ssl_stapling_responder > syn keyword ngxDirective ssl_stapling_verify > @@ -605,17 +605,17 @@ syn keyword ngxDirective uwsgi_read_time > syn keyword ngxDirective uwsgi_request_buffering > syn keyword ngxDirective uwsgi_send_timeout > syn keyword ngxDirective uwsgi_ssl_certificate > syn keyword ngxDirective uwsgi_ssl_certificate_key > syn keyword ngxDirective uwsgi_ssl_ciphers > syn keyword ngxDirective uwsgi_ssl_crl > syn keyword ngxDirective uwsgi_ssl_name > syn keyword ngxDirective uwsgi_ssl_password_file > -syn keyword ngxDirective uwsgi_ssl_protocols nextgroup=ngxSSLProtocol skipwhite > +syn keyword ngxDirective uwsgi_ssl_protocols nextgroup=ngxSSLProtocol skipwhite skipempty > syn keyword ngxDirective uwsgi_ssl_server_name > syn keyword ngxDirective uwsgi_ssl_session_reuse > syn keyword ngxDirective uwsgi_ssl_trusted_certificate > syn keyword ngxDirective uwsgi_ssl_verify > syn keyword ngxDirective uwsgi_ssl_verify_depth > syn keyword ngxDirective uwsgi_store > syn keyword ngxDirective uwsgi_store_access > syn keyword ngxDirective uwsgi_string -- OOO From mdounin at mdounin.ru Thu Mar 2 12:11:05 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 2 Mar 2017 15:11:05 +0300 Subject: [PATCH] Contrib: vim syntax, allow multiline config by skipempty In-Reply-To: References: Message-ID: <20170302121105.GC34777@mdounin.ru> Hello! On Thu, Mar 02, 2017 at 05:33:47PM +0800, OOO wrote: > I think there will be about 4 more commits: > > * Support rewrite flag. > * Better location path highlight. > * Remove ngxBlock syntax group. > * Support geoip2 database keywords. You may want to build a patch series and send it for the review at once instead of trying to provide individual patches one-by-one. Also please note that there is an "--in-reply-to" option of "hg email", which allows nice threading of patches send via it. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Thu Mar 2 13:36:45 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 2 Mar 2017 16:36:45 +0300 Subject: Add missing static specifiers In-Reply-To: References: <20170228202219.GO34777@mdounin.ru> <20170302003852.GY34777@mdounin.ru> Message-ID: <20170302133645.GE34777@mdounin.ru> Hello! On Thu, Mar 02, 2017 at 07:15:25AM +0000, Eran Kornblau wrote: [...] > > > diff -r 8b7fd958c59f -r 050f8b3c3c67 src/event/ngx_event.c > > > --- a/src/event/ngx_event.c Mon Feb 27 22:36:15 2017 +0300 > > > +++ b/src/event/ngx_event.c Tue Feb 28 16:06:25 2017 -0500 > > > @@ -59,19 +59,19 @@ > > > > > > #if (NGX_STAT_STUB) > > > > > > -ngx_atomic_t ngx_stat_accepted0; > > > +static ngx_atomic_t ngx_stat_accepted0; > > > ngx_atomic_t *ngx_stat_accepted = &ngx_stat_accepted0; > > > -ngx_atomic_t ngx_stat_handled0; > > > +static ngx_atomic_t ngx_stat_handled0; > > > ngx_atomic_t *ngx_stat_handled = &ngx_stat_handled0; > > > -ngx_atomic_t ngx_stat_requests0; > > > +static ngx_atomic_t ngx_stat_requests0; > > > ngx_atomic_t *ngx_stat_requests = &ngx_stat_requests0; > > > -ngx_atomic_t ngx_stat_active0; > > > +static ngx_atomic_t ngx_stat_active0; > > > ngx_atomic_t *ngx_stat_active = &ngx_stat_active0; > > > -ngx_atomic_t ngx_stat_reading0; > > > +static ngx_atomic_t ngx_stat_reading0; > > > ngx_atomic_t *ngx_stat_reading = &ngx_stat_reading0; > > > -ngx_atomic_t ngx_stat_writing0; > > > +static ngx_atomic_t ngx_stat_writing0; > > > ngx_atomic_t *ngx_stat_writing = &ngx_stat_writing0; > > > -ngx_atomic_t ngx_stat_waiting0; > > > +static ngx_atomic_t ngx_stat_waiting0; > > > ngx_atomic_t *ngx_stat_waiting = &ngx_stat_waiting0; > > > > This certainly needs additional changes to match style. Variable names in a single block are expected to be lined up. > > > Fixed, separated the ints and pointers into two blocks (that made more sense to me than aligning them on a single block) Doesn't looks like a good solution to me. Rather, I would indent pointer names to the appropriate position, much like it is already done slightly above in the same file: static ngx_atomic_t connection_counter = 1; ngx_atomic_t *ngx_connection_counter = &connection_counter; -- Maxim Dounin http://nginx.org/ From eran.kornblau at kaltura.com Thu Mar 2 13:52:58 2017 From: eran.kornblau at kaltura.com (Eran Kornblau) Date: Thu, 2 Mar 2017 13:52:58 +0000 Subject: Add missing static specifiers In-Reply-To: <20170302133645.GE34777@mdounin.ru> References: <20170228202219.GO34777@mdounin.ru> <20170302003852.GY34777@mdounin.ru> <20170302133645.GE34777@mdounin.ru> Message-ID: > > -----Original Message----- > From: nginx-devel [mailto:nginx-devel-bounces at nginx.org] On Behalf Of Maxim Dounin > Sent: Thursday, March 2, 2017 3:37 PM > To: nginx-devel at nginx.org > Subject: Re: Add missing static specifiers > > Hello! > > On Thu, Mar 02, 2017 at 07:15:25AM +0000, Eran Kornblau wrote: > > [...] > > > > > > Fixed, separated the ints and pointers into two blocks (that made more > > sense to me than aligning them on a single block) > > Doesn't looks like a good solution to me. Rather, I would indent pointer names to the appropriate position, much like it is already done slightly above in the same file: > > static ngx_atomic_t connection_counter = 1; > ngx_atomic_t *ngx_connection_counter = &connection_counter; > Fixed > -- > Maxim Dounin > http://nginx.org/ > _______________________________________________ > nginx-devel mailing list > nginx-devel at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel > Eran -------------- next part -------------- A non-text attachment was scrubbed... Name: nginx-add-static4.patch Type: application/octet-stream Size: 9850 bytes Desc: nginx-add-static4.patch URL: From mdounin at mdounin.ru Thu Mar 2 15:50:02 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 02 Mar 2017 15:50:02 +0000 Subject: [nginx] Added missing static specifiers. Message-ID: details: http://hg.nginx.org/nginx/rev/a72886067bbb branches: changeset: 6922:a72886067bbb user: Eran Kornblau date: Thu Mar 02 08:46:00 2017 -0500 description: Added missing static specifiers. diffstat: src/core/ngx_resolver.c | 8 +++--- src/event/modules/ngx_devpoll_module.c | 2 +- src/event/modules/ngx_epoll_module.c | 2 +- src/event/modules/ngx_eventport_module.c | 2 +- src/event/modules/ngx_iocp_module.c | 2 +- src/event/modules/ngx_kqueue_module.c | 2 +- src/event/modules/ngx_poll_module.c | 4 +- src/event/modules/ngx_select_module.c | 4 +- src/event/modules/ngx_win32_select_module.c | 4 +- src/event/ngx_event.c | 30 +++++++++++----------- src/http/modules/ngx_http_charset_filter_module.c | 2 +- src/http/modules/ngx_http_gzip_static_module.c | 2 +- src/http/modules/ngx_http_static_module.c | 2 +- src/http/modules/ngx_http_xslt_filter_module.c | 2 +- src/http/ngx_http_upstream.c | 2 +- 15 files changed, 35 insertions(+), 35 deletions(-) diffs (244 lines): diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c --- a/src/core/ngx_resolver.c +++ b/src/core/ngx_resolver.c @@ -56,8 +56,8 @@ typedef struct { ((u_char *) (n) - offsetof(ngx_resolver_node_t, node)) -ngx_int_t ngx_udp_connect(ngx_resolver_connection_t *rec); -ngx_int_t ngx_tcp_connect(ngx_resolver_connection_t *rec); +static ngx_int_t ngx_udp_connect(ngx_resolver_connection_t *rec); +static ngx_int_t ngx_tcp_connect(ngx_resolver_connection_t *rec); static void ngx_resolver_cleanup(void *data); @@ -4379,7 +4379,7 @@ ngx_resolver_log_error(ngx_log_t *log, u } -ngx_int_t +static ngx_int_t ngx_udp_connect(ngx_resolver_connection_t *rec) { int rc; @@ -4463,7 +4463,7 @@ failed: } -ngx_int_t +static ngx_int_t ngx_tcp_connect(ngx_resolver_connection_t *rec) { int rc; diff --git a/src/event/modules/ngx_devpoll_module.c b/src/event/modules/ngx_devpoll_module.c --- a/src/event/modules/ngx_devpoll_module.c +++ b/src/event/modules/ngx_devpoll_module.c @@ -78,7 +78,7 @@ static ngx_command_t ngx_devpoll_comman }; -ngx_event_module_t ngx_devpoll_module_ctx = { +static ngx_event_module_t ngx_devpoll_module_ctx = { &devpoll_name, ngx_devpoll_create_conf, /* create configuration */ ngx_devpoll_init_conf, /* init configuration */ diff --git a/src/event/modules/ngx_epoll_module.c b/src/event/modules/ngx_epoll_module.c --- a/src/event/modules/ngx_epoll_module.c +++ b/src/event/modules/ngx_epoll_module.c @@ -176,7 +176,7 @@ static ngx_command_t ngx_epoll_commands }; -ngx_event_module_t ngx_epoll_module_ctx = { +static ngx_event_module_t ngx_epoll_module_ctx = { &epoll_name, ngx_epoll_create_conf, /* create configuration */ ngx_epoll_init_conf, /* init configuration */ diff --git a/src/event/modules/ngx_eventport_module.c b/src/event/modules/ngx_eventport_module.c --- a/src/event/modules/ngx_eventport_module.c +++ b/src/event/modules/ngx_eventport_module.c @@ -169,7 +169,7 @@ static ngx_command_t ngx_eventport_comm }; -ngx_event_module_t ngx_eventport_module_ctx = { +static ngx_event_module_t ngx_eventport_module_ctx = { &eventport_name, ngx_eventport_create_conf, /* create configuration */ ngx_eventport_init_conf, /* init configuration */ diff --git a/src/event/modules/ngx_iocp_module.c b/src/event/modules/ngx_iocp_module.c --- a/src/event/modules/ngx_iocp_module.c +++ b/src/event/modules/ngx_iocp_module.c @@ -52,7 +52,7 @@ static ngx_command_t ngx_iocp_commands[ }; -ngx_event_module_t ngx_iocp_module_ctx = { +static ngx_event_module_t ngx_iocp_module_ctx = { &iocp_name, ngx_iocp_create_conf, /* create configuration */ ngx_iocp_init_conf, /* init configuration */ diff --git a/src/event/modules/ngx_kqueue_module.c b/src/event/modules/ngx_kqueue_module.c --- a/src/event/modules/ngx_kqueue_module.c +++ b/src/event/modules/ngx_kqueue_module.c @@ -73,7 +73,7 @@ static ngx_command_t ngx_kqueue_command }; -ngx_event_module_t ngx_kqueue_module_ctx = { +static ngx_event_module_t ngx_kqueue_module_ctx = { &kqueue_name, ngx_kqueue_create_conf, /* create configuration */ ngx_kqueue_init_conf, /* init configuration */ diff --git a/src/event/modules/ngx_poll_module.c b/src/event/modules/ngx_poll_module.c --- a/src/event/modules/ngx_poll_module.c +++ b/src/event/modules/ngx_poll_module.c @@ -25,9 +25,9 @@ static struct pollfd *event_list; static ngx_uint_t nevents; -static ngx_str_t poll_name = ngx_string("poll"); +static ngx_str_t poll_name = ngx_string("poll"); -ngx_event_module_t ngx_poll_module_ctx = { +static ngx_event_module_t ngx_poll_module_ctx = { &poll_name, NULL, /* create configuration */ ngx_poll_init_conf, /* init configuration */ diff --git a/src/event/modules/ngx_select_module.c b/src/event/modules/ngx_select_module.c --- a/src/event/modules/ngx_select_module.c +++ b/src/event/modules/ngx_select_module.c @@ -33,9 +33,9 @@ static ngx_uint_t nevents; static ngx_event_t **event_index; -static ngx_str_t select_name = ngx_string("select"); +static ngx_str_t select_name = ngx_string("select"); -ngx_event_module_t ngx_select_module_ctx = { +static ngx_event_module_t ngx_select_module_ctx = { &select_name, NULL, /* create configuration */ ngx_select_init_conf, /* init configuration */ diff --git a/src/event/modules/ngx_win32_select_module.c b/src/event/modules/ngx_win32_select_module.c --- a/src/event/modules/ngx_win32_select_module.c +++ b/src/event/modules/ngx_win32_select_module.c @@ -34,9 +34,9 @@ static ngx_uint_t nevents; static ngx_event_t **event_index; -static ngx_str_t select_name = ngx_string("select"); +static ngx_str_t select_name = ngx_string("select"); -ngx_event_module_t ngx_select_module_ctx = { +static ngx_event_module_t ngx_select_module_ctx = { &select_name, NULL, /* create configuration */ ngx_select_init_conf, /* init configuration */ diff --git a/src/event/ngx_event.c b/src/event/ngx_event.c --- a/src/event/ngx_event.c +++ b/src/event/ngx_event.c @@ -59,20 +59,20 @@ ngx_int_t ngx_accept_disable #if (NGX_STAT_STUB) -ngx_atomic_t ngx_stat_accepted0; -ngx_atomic_t *ngx_stat_accepted = &ngx_stat_accepted0; -ngx_atomic_t ngx_stat_handled0; -ngx_atomic_t *ngx_stat_handled = &ngx_stat_handled0; -ngx_atomic_t ngx_stat_requests0; -ngx_atomic_t *ngx_stat_requests = &ngx_stat_requests0; -ngx_atomic_t ngx_stat_active0; -ngx_atomic_t *ngx_stat_active = &ngx_stat_active0; -ngx_atomic_t ngx_stat_reading0; -ngx_atomic_t *ngx_stat_reading = &ngx_stat_reading0; -ngx_atomic_t ngx_stat_writing0; -ngx_atomic_t *ngx_stat_writing = &ngx_stat_writing0; -ngx_atomic_t ngx_stat_waiting0; -ngx_atomic_t *ngx_stat_waiting = &ngx_stat_waiting0; +static ngx_atomic_t ngx_stat_accepted0; +ngx_atomic_t *ngx_stat_accepted = &ngx_stat_accepted0; +static ngx_atomic_t ngx_stat_handled0; +ngx_atomic_t *ngx_stat_handled = &ngx_stat_handled0; +static ngx_atomic_t ngx_stat_requests0; +ngx_atomic_t *ngx_stat_requests = &ngx_stat_requests0; +static ngx_atomic_t ngx_stat_active0; +ngx_atomic_t *ngx_stat_active = &ngx_stat_active0; +static ngx_atomic_t ngx_stat_reading0; +ngx_atomic_t *ngx_stat_reading = &ngx_stat_reading0; +static ngx_atomic_t ngx_stat_writing0; +ngx_atomic_t *ngx_stat_writing = &ngx_stat_writing0; +static ngx_atomic_t ngx_stat_waiting0; +ngx_atomic_t *ngx_stat_waiting = &ngx_stat_waiting0; #endif @@ -165,7 +165,7 @@ static ngx_command_t ngx_event_core_com }; -ngx_event_module_t ngx_event_core_module_ctx = { +static ngx_event_module_t ngx_event_core_module_ctx = { &event_core_name, ngx_event_core_create_conf, /* create configuration */ ngx_event_core_init_conf, /* init configuration */ diff --git a/src/http/modules/ngx_http_charset_filter_module.c b/src/http/modules/ngx_http_charset_filter_module.c --- a/src/http/modules/ngx_http_charset_filter_module.c +++ b/src/http/modules/ngx_http_charset_filter_module.c @@ -123,7 +123,7 @@ static char *ngx_http_charset_merge_loc_ static ngx_int_t ngx_http_charset_postconfiguration(ngx_conf_t *cf); -ngx_str_t ngx_http_charset_default_types[] = { +static ngx_str_t ngx_http_charset_default_types[] = { ngx_string("text/html"), ngx_string("text/xml"), ngx_string("text/plain"), diff --git a/src/http/modules/ngx_http_gzip_static_module.c b/src/http/modules/ngx_http_gzip_static_module.c --- a/src/http/modules/ngx_http_gzip_static_module.c +++ b/src/http/modules/ngx_http_gzip_static_module.c @@ -48,7 +48,7 @@ static ngx_command_t ngx_http_gzip_stat }; -ngx_http_module_t ngx_http_gzip_static_module_ctx = { +static ngx_http_module_t ngx_http_gzip_static_module_ctx = { NULL, /* preconfiguration */ ngx_http_gzip_static_init, /* postconfiguration */ diff --git a/src/http/modules/ngx_http_static_module.c b/src/http/modules/ngx_http_static_module.c --- a/src/http/modules/ngx_http_static_module.c +++ b/src/http/modules/ngx_http_static_module.c @@ -14,7 +14,7 @@ static ngx_int_t ngx_http_static_handler static ngx_int_t ngx_http_static_init(ngx_conf_t *cf); -ngx_http_module_t ngx_http_static_module_ctx = { +static ngx_http_module_t ngx_http_static_module_ctx = { NULL, /* preconfiguration */ ngx_http_static_init, /* postconfiguration */ diff --git a/src/http/modules/ngx_http_xslt_filter_module.c b/src/http/modules/ngx_http_xslt_filter_module.c --- a/src/http/modules/ngx_http_xslt_filter_module.c +++ b/src/http/modules/ngx_http_xslt_filter_module.c @@ -109,7 +109,7 @@ static ngx_int_t ngx_http_xslt_filter_in static void ngx_http_xslt_filter_exit(ngx_cycle_t *cycle); -ngx_str_t ngx_http_xslt_default_types[] = { +static ngx_str_t ngx_http_xslt_default_types[] = { ngx_string("text/xml"), ngx_null_string }; diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c --- a/src/http/ngx_http_upstream.c +++ b/src/http/ngx_http_upstream.c @@ -188,7 +188,7 @@ static ngx_int_t ngx_http_upstream_ssl_n #endif -ngx_http_upstream_header_t ngx_http_upstream_headers_in[] = { +static ngx_http_upstream_header_t ngx_http_upstream_headers_in[] = { { ngx_string("Status"), ngx_http_upstream_process_header_line, From mdounin at mdounin.ru Thu Mar 2 15:50:14 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 2 Mar 2017 18:50:14 +0300 Subject: Add missing static specifiers In-Reply-To: References: <20170228202219.GO34777@mdounin.ru> <20170302003852.GY34777@mdounin.ru> <20170302133645.GE34777@mdounin.ru> Message-ID: <20170302155014.GF34777@mdounin.ru> Hello! On Thu, Mar 02, 2017 at 01:52:58PM +0000, Eran Kornblau wrote: [...] > # User Eran Kornblau > # Date 1488462360 18000 > # Thu Mar 02 08:46:00 2017 -0500 > # Node ID ecf63ae67df1d5768be40966a5afadb751d894bc > # Parent 8b7fd958c59f8280d167fe7dd93f1942bfed5876 > Added missing static specifiers. Committed with (with some minor style changes in select/poll modules), thanks. -- Maxim Dounin http://nginx.org/ From hongzhidao at gmail.com Thu Mar 2 16:06:31 2017 From: hongzhidao at gmail.com (=?UTF-8?B?5rSq5b+X6YGT?=) Date: Fri, 3 Mar 2017 00:06:31 +0800 Subject: [nginx] two masters exist Message-ID: Hi! It's possible that two masters exist at the same time. kill -USR2 pid; sleep(2); if [ -f ${oldbinpidfile} -a -f ${pidfile} ]; # New master doesn't success in two seconds kill -QUIT oldpid; fi We assume that the previous exist master is old, I want to know which master process the request that's accepted, maybe I can design the variable $master with value old or new. Is it possible to implement? Thanks! B.R. -------------- next part -------------- An HTML attachment was scrubbed... URL: From eran.kornblau at kaltura.com Thu Mar 2 21:32:25 2017 From: eran.kornblau at kaltura.com (Eran Kornblau) Date: Thu, 2 Mar 2017 21:32:25 +0000 Subject: Add missing static specifiers In-Reply-To: <20170302155014.GF34777@mdounin.ru> References: <20170228202219.GO34777@mdounin.ru> <20170302003852.GY34777@mdounin.ru> <20170302133645.GE34777@mdounin.ru> <20170302155014.GF34777@mdounin.ru> Message-ID: > Hello! > > On Thu, Mar 02, 2017 at 01:52:58PM +0000, Eran Kornblau wrote: > > [...] > > > # User Eran Kornblau # Date 1488462360 18000 > > # Thu Mar 02 08:46:00 2017 -0500 > > # Node ID ecf63ae67df1d5768be40966a5afadb751d894bc > > # Parent 8b7fd958c59f8280d167fe7dd93f1942bfed5876 > > Added missing static specifiers. > > Committed with (with some minor style changes in select/poll modules), thanks. > Thanks Maxim! > -- > Maxim Dounin > http://nginx.org/ > _______________________________________________ > nginx-devel mailing list > nginx-devel at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel > Eran From othree at gmail.com Fri Mar 3 10:56:56 2017 From: othree at gmail.com (othree) Date: Fri, 03 Mar 2017 18:56:56 +0800 Subject: [PATCH 1 of 4] Contrib: vim syntax, allow multiline config by skipempty Message-ID: # HG changeset patch # User othree # Date 1488526499 -28800 # Fri Mar 03 15:34:59 2017 +0800 # Node ID d91e05e761d148d7299017b62d581c6a1429bbd4 # Parent a72886067bbbfe854617976839434df76f0565b6 Contrib: vim syntax, allow multiline config by skipempty. diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim --- a/contrib/vim/syntax/nginx.vim +++ b/contrib/vim/syntax/nginx.vim @@ -328,17 +328,17 @@ syn keyword ngxDirective pid syn keyword ngxDirective pop3_auth syn keyword ngxDirective pop3_capabilities syn keyword ngxDirective port_in_redirect syn keyword ngxDirective post_acceptex syn keyword ngxDirective postpone_gzipping syn keyword ngxDirective postpone_output syn keyword ngxDirective preread_buffer_size syn keyword ngxDirective preread_timeout -syn keyword ngxDirective protocol nextgroup=ngxMailProtocol skipwhite +syn keyword ngxDirective protocol nextgroup=ngxMailProtocol skipwhite skipempty syn keyword ngxMailProtocol imap pop3 smtp contained syn keyword ngxDirective proxy syn keyword ngxDirective proxy_bind syn keyword ngxDirective proxy_buffer syn keyword ngxDirective proxy_buffer_size syn keyword ngxDirective proxy_buffering syn keyword ngxDirective proxy_buffers syn keyword ngxDirective proxy_busy_buffers_size @@ -391,17 +391,17 @@ syn keyword ngxDirective proxy_send_time syn keyword ngxDirective proxy_set_body syn keyword ngxDirective proxy_set_header syn keyword ngxDirective proxy_ssl_certificate syn keyword ngxDirective proxy_ssl_certificate_key syn keyword ngxDirective proxy_ssl_ciphers syn keyword ngxDirective proxy_ssl_crl syn keyword ngxDirective proxy_ssl_name syn keyword ngxDirective proxy_ssl_password_file -syn keyword ngxDirective proxy_ssl_protocols nextgroup=ngxSSLProtocol skipwhite +syn keyword ngxDirective proxy_ssl_protocols nextgroup=ngxSSLProtocol skipwhite skipempty syn keyword ngxDirective proxy_ssl_server_name syn keyword ngxDirective proxy_ssl_session_reuse syn keyword ngxDirective proxy_ssl_trusted_certificate syn keyword ngxDirective proxy_ssl_verify syn keyword ngxDirective proxy_ssl_verify_depth syn keyword ngxDirective proxy_store syn keyword ngxDirective proxy_store_access syn keyword ngxDirective proxy_temp_file_write_size @@ -513,18 +513,18 @@ syn keyword ngxDirective ssl_client_cert syn keyword ngxDirective ssl_crl syn keyword ngxDirective ssl_dhparam syn keyword ngxDirective ssl_ecdh_curve syn keyword ngxDirective ssl_engine syn keyword ngxDirective ssl_handshake_timeout syn keyword ngxDirective ssl_password_file syn keyword ngxDirective ssl_prefer_server_ciphers syn keyword ngxDirective ssl_preread -syn keyword ngxDirective ssl_protocols nextgroup=ngxSSLProtocol skipwhite -syn keyword ngxSSLProtocol SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2 contained nextgroup=ngxSSLProtocol skipwhite +syn keyword ngxDirective ssl_protocols nextgroup=ngxSSLProtocol skipwhite skipempty +syn keyword ngxSSLProtocol SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2 contained nextgroup=ngxSSLProtocol skipwhite skipempty syn keyword ngxDirective ssl_session_cache syn keyword ngxDirective ssl_session_ticket_key syn keyword ngxDirective ssl_session_tickets syn keyword ngxDirective ssl_session_timeout syn keyword ngxDirective ssl_stapling syn keyword ngxDirective ssl_stapling_file syn keyword ngxDirective ssl_stapling_responder syn keyword ngxDirective ssl_stapling_verify @@ -605,17 +605,17 @@ syn keyword ngxDirective uwsgi_read_time syn keyword ngxDirective uwsgi_request_buffering syn keyword ngxDirective uwsgi_send_timeout syn keyword ngxDirective uwsgi_ssl_certificate syn keyword ngxDirective uwsgi_ssl_certificate_key syn keyword ngxDirective uwsgi_ssl_ciphers syn keyword ngxDirective uwsgi_ssl_crl syn keyword ngxDirective uwsgi_ssl_name syn keyword ngxDirective uwsgi_ssl_password_file -syn keyword ngxDirective uwsgi_ssl_protocols nextgroup=ngxSSLProtocol skipwhite +syn keyword ngxDirective uwsgi_ssl_protocols nextgroup=ngxSSLProtocol skipwhite skipempty syn keyword ngxDirective uwsgi_ssl_server_name syn keyword ngxDirective uwsgi_ssl_session_reuse syn keyword ngxDirective uwsgi_ssl_trusted_certificate syn keyword ngxDirective uwsgi_ssl_verify syn keyword ngxDirective uwsgi_ssl_verify_depth syn keyword ngxDirective uwsgi_store syn keyword ngxDirective uwsgi_store_access syn keyword ngxDirective uwsgi_string From othree at gmail.com Fri Mar 3 10:56:58 2017 From: othree at gmail.com (othree) Date: Fri, 03 Mar 2017 18:56:58 +0800 Subject: [PATCH 3 of 4] Contrib: vim syntax, highlight HTTP status code In-Reply-To: References: Message-ID: # HG changeset patch # User othree # Date 1488526564 -28800 # Fri Mar 03 15:36:04 2017 +0800 # Node ID b88ed85b7b4f3ea5a586f4f58251481348c502f1 # Parent 47796d6e4c8af080e515fa45699cf23cd10cf7ad Contrib: vim syntax, highlight HTTP status code. diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim --- a/contrib/vim/syntax/nginx.vim +++ b/contrib/vim/syntax/nginx.vim @@ -61,31 +61,37 @@ syn keyword ngxListenOptions accept_filt syn keyword ngxListenOptions deferred contained syn keyword ngxListenOptions bind contained syn keyword ngxListenOptions ipv6only contained syn keyword ngxListenOptions reuseport contained syn keyword ngxListenOptions so_keepalive contained syn keyword ngxListenOptions keepidle contained syn keyword ngxDirectiveControl break -syn keyword ngxDirectiveControl return +syn keyword ngxDirectiveControl return nextgroup=ngxStatusCode skipwhite skipempty syn keyword ngxDirectiveControl rewrite nextgroup=ngxRewriteURI skipwhite skipempty syn keyword ngxDirectiveControl set +syn match ngxStatusCode /\d\d\d/ contained +syn match ngxStatusCodes /\d\d\d/ contained contains=ngxStatusCode nextgroup=ngxStatusCode skipwhite skipempty + syn match ngxRewriteURI /\S\+/ contained contains=ngxVariableString nextgroup=ngxRewritedURI skipwhite skipempty syn match ngxRewritedURI /\S\+/ contained contains=ngxVariableString nextgroup=ngxRewriteFlag skipwhite skipempty syn keyword ngxRewriteFlag last contained syn keyword ngxRewriteFlag break contained syn keyword ngxRewriteFlag redirect contained syn keyword ngxRewriteFlag permanent contained -syn keyword ngxDirectiveError error_page +syn keyword ngxDirectiveError error_page nextgroup=ngxErrorStatusCode skipwhite skipempty syn keyword ngxDirectiveError post_action +syn match ngxErrorStatusCode /\d\d\d/ contained contains=ngxStatusCode nextgroup=ngxErrorResponseCode skipwhite skipempty +syn match ngxErrorResponseCode /=\d\d\d/ contained contains=ngxStatusCode + syn keyword ngxDirectiveDeprecated connections syn keyword ngxDirectiveDeprecated imap syn keyword ngxDirectiveDeprecated limit_zone syn keyword ngxDirectiveDeprecated mysql_test syn keyword ngxDirectiveDeprecated open_file_cache_retest syn keyword ngxDirectiveDeprecated optimize_server_names syn keyword ngxDirectiveDeprecated satisfy_any syn keyword ngxDirectiveDeprecated so_keepalive @@ -270,23 +276,23 @@ syn keyword ngxDirective keepalive_reque syn keyword ngxDirective keepalive_timeout syn keyword ngxDirective kqueue_changes syn keyword ngxDirective kqueue_events syn keyword ngxDirective large_client_header_buffers syn keyword ngxDirective least_conn syn keyword ngxDirective least_time syn keyword ngxDirective limit_conn syn keyword ngxDirective limit_conn_log_level -syn keyword ngxDirective limit_conn_status +syn keyword ngxDirective limit_conn_status nextgroup=ngxStatusCode skipwhite skipempty syn keyword ngxDirective limit_conn_zone syn keyword ngxDirective limit_rate syn keyword ngxDirective limit_rate_after syn keyword ngxDirective limit_req syn keyword ngxDirective limit_req_log_level -syn keyword ngxDirective limit_req_status +syn keyword ngxDirective limit_req_status nextgroup=ngxStatusCode skipwhite skipempty syn keyword ngxDirective limit_req_zone syn keyword ngxDirective lingering_close syn keyword ngxDirective lingering_time syn keyword ngxDirective lingering_timeout syn keyword ngxDirective load_module syn keyword ngxDirective lock_file syn keyword ngxDirective log_format syn keyword ngxDirective log_not_found @@ -359,17 +365,17 @@ syn keyword ngxDirective proxy_cache_loc syn keyword ngxDirective proxy_cache_lock_timeout syn keyword ngxDirective proxy_cache_max_range_offset syn keyword ngxDirective proxy_cache_methods syn keyword ngxDirective proxy_cache_min_uses syn keyword ngxDirective proxy_cache_path syn keyword ngxDirective proxy_cache_purge syn keyword ngxDirective proxy_cache_revalidate syn keyword ngxDirective proxy_cache_use_stale -syn keyword ngxDirective proxy_cache_valid +syn keyword ngxDirective proxy_cache_valid nextgroup=ngxStatusCodes skipwhite skipempty syn keyword ngxDirective proxy_connect_timeout syn keyword ngxDirective proxy_cookie_domain syn keyword ngxDirective proxy_cookie_path syn keyword ngxDirective proxy_download_rate syn keyword ngxDirective proxy_force_ranges syn keyword ngxDirective proxy_headers_hash_bucket_size syn keyword ngxDirective proxy_headers_hash_max_size syn keyword ngxDirective proxy_hide_header @@ -2132,16 +2138,17 @@ syn keyword ngxDirectiveThirdParty xss_i hi link ngxComment Comment hi link ngxVariable Identifier hi link ngxVariableBlock Identifier hi link ngxVariableString PreProc hi link ngxBlock Normal hi link ngxString String hi link ngxBoolean Boolean +hi link ngxStatusCode Number hi link ngxRewriteFlag Boolean hi link ngxDirectiveBlock Statement hi link ngxDirectiveImportant Type hi link ngxDirectiveControl Keyword hi link ngxDirectiveError Constant hi link ngxDirectiveDeprecated Error hi link ngxDirective Identifier hi link ngxDirectiveThirdParty Special From othree at gmail.com Fri Mar 3 10:56:57 2017 From: othree at gmail.com (othree) Date: Fri, 03 Mar 2017 18:56:57 +0800 Subject: [PATCH 2 of 4] Contrib: vim syntax, highlight rewrite flag In-Reply-To: References: Message-ID: <47796d6e4c8af080e515.1488538617@othree.local> # HG changeset patch # User othree # Date 1488526542 -28800 # Fri Mar 03 15:35:42 2017 +0800 # Node ID 47796d6e4c8af080e515fa45699cf23cd10cf7ad # Parent d91e05e761d148d7299017b62d581c6a1429bbd4 Contrib: vim syntax, highlight rewrite flag. diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim --- a/contrib/vim/syntax/nginx.vim +++ b/contrib/vim/syntax/nginx.vim @@ -62,19 +62,27 @@ syn keyword ngxListenOptions deferred syn keyword ngxListenOptions bind contained syn keyword ngxListenOptions ipv6only contained syn keyword ngxListenOptions reuseport contained syn keyword ngxListenOptions so_keepalive contained syn keyword ngxListenOptions keepidle contained syn keyword ngxDirectiveControl break syn keyword ngxDirectiveControl return -syn keyword ngxDirectiveControl rewrite +syn keyword ngxDirectiveControl rewrite nextgroup=ngxRewriteURI skipwhite skipempty syn keyword ngxDirectiveControl set +syn match ngxRewriteURI /\S\+/ contained contains=ngxVariableString nextgroup=ngxRewritedURI skipwhite skipempty +syn match ngxRewritedURI /\S\+/ contained contains=ngxVariableString nextgroup=ngxRewriteFlag skipwhite skipempty + +syn keyword ngxRewriteFlag last contained +syn keyword ngxRewriteFlag break contained +syn keyword ngxRewriteFlag redirect contained +syn keyword ngxRewriteFlag permanent contained + syn keyword ngxDirectiveError error_page syn keyword ngxDirectiveError post_action syn keyword ngxDirectiveDeprecated connections syn keyword ngxDirectiveDeprecated imap syn keyword ngxDirectiveDeprecated limit_zone syn keyword ngxDirectiveDeprecated mysql_test syn keyword ngxDirectiveDeprecated open_file_cache_retest @@ -2124,16 +2132,17 @@ syn keyword ngxDirectiveThirdParty xss_i hi link ngxComment Comment hi link ngxVariable Identifier hi link ngxVariableBlock Identifier hi link ngxVariableString PreProc hi link ngxBlock Normal hi link ngxString String hi link ngxBoolean Boolean +hi link ngxRewriteFlag Boolean hi link ngxDirectiveBlock Statement hi link ngxDirectiveImportant Type hi link ngxDirectiveControl Keyword hi link ngxDirectiveError Constant hi link ngxDirectiveDeprecated Error hi link ngxDirective Identifier hi link ngxDirectiveThirdParty Special From othree at gmail.com Fri Mar 3 10:56:59 2017 From: othree at gmail.com (othree) Date: Fri, 03 Mar 2017 18:56:59 +0800 Subject: [PATCH 4 of 4] Contrib: vim syntax, remove unecessary ngxBlock In-Reply-To: References: Message-ID: <433844daf574dbf89390.1488538619@othree.local> # HG changeset patch # User othree # Date 1488538568 -28800 # Fri Mar 03 18:56:08 2017 +0800 # Node ID 433844daf574dbf89390e574201b3db417337cdd # Parent b88ed85b7b4f3ea5a586f4f58251481348c502f1 Contrib: vim syntax, remove unecessary ngxBlock. ngxBlock breaks highlighting for the following conf: rewrite "^/[0-9a-z]{40}/(.*)" /$1/ last; diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim --- a/contrib/vim/syntax/nginx.vim +++ b/contrib/vim/syntax/nginx.vim @@ -7,36 +7,35 @@ end setlocal iskeyword+=. setlocal iskeyword+=/ setlocal iskeyword+=: syn match ngxVariable '\$\(\w\+\|{\w\+}\)' syn match ngxVariableBlock '\$\(\w\+\|{\w\+}\)' contained syn match ngxVariableString '\$\(\w\+\|{\w\+}\)' contained -syn region ngxBlock start=+^+ end=+{+ skip=+\${+ contains=ngxComment,ngxDirectiveBlock,ngxVariableBlock,ngxString oneline syn region ngxString start=+[^:a-zA-Z>!\\@]\z(["']\)+lc=1 end=+\z1+ skip=+\\\\\|\\\z1+ contains=ngxVariableString syn match ngxComment ' *#.*$' syn keyword ngxBoolean on syn keyword ngxBoolean off -syn keyword ngxDirectiveBlock http contained -syn keyword ngxDirectiveBlock mail contained -syn keyword ngxDirectiveBlock events contained -syn keyword ngxDirectiveBlock server contained -syn keyword ngxDirectiveBlock types contained -syn keyword ngxDirectiveBlock location contained -syn keyword ngxDirectiveBlock upstream contained -syn keyword ngxDirectiveBlock charset_map contained -syn keyword ngxDirectiveBlock limit_except contained -syn keyword ngxDirectiveBlock if contained -syn keyword ngxDirectiveBlock geo contained -syn keyword ngxDirectiveBlock map contained -syn keyword ngxDirectiveBlock split_clients contained +syn keyword ngxDirectiveBlock http +syn keyword ngxDirectiveBlock mail +syn keyword ngxDirectiveBlock events +syn keyword ngxDirectiveBlock server +syn keyword ngxDirectiveBlock types +syn keyword ngxDirectiveBlock location +syn keyword ngxDirectiveBlock upstream +syn keyword ngxDirectiveBlock charset_map +syn keyword ngxDirectiveBlock limit_except +syn keyword ngxDirectiveBlock if +syn keyword ngxDirectiveBlock geo +syn keyword ngxDirectiveBlock map +syn keyword ngxDirectiveBlock split_clients syn keyword ngxDirectiveImportant include syn keyword ngxDirectiveImportant root syn keyword ngxDirectiveImportant server syn keyword ngxDirectiveImportant server_name syn keyword ngxDirectiveImportant listen contained syn region ngxDirectiveImportantListen matchgroup=ngxDirectiveImportant start=+listen+ skip=+\\\\\|\\\;+ end=+;+he=e-1 contains=ngxListenOptions,ngxString syn keyword ngxDirectiveImportant internal @@ -2134,17 +2133,16 @@ syn keyword ngxDirectiveThirdParty xss_i " highlight hi link ngxComment Comment hi link ngxVariable Identifier hi link ngxVariableBlock Identifier hi link ngxVariableString PreProc -hi link ngxBlock Normal hi link ngxString String hi link ngxBoolean Boolean hi link ngxStatusCode Number hi link ngxRewriteFlag Boolean hi link ngxDirectiveBlock Statement hi link ngxDirectiveImportant Type hi link ngxDirectiveControl Keyword From dave.bevan at bbc.co.uk Fri Mar 3 12:08:56 2017 From: dave.bevan at bbc.co.uk (Dave Bevan) Date: Fri, 3 Mar 2017 12:08:56 +0000 Subject: New ssl var: $ssl_client_ms_upn Message-ID: <8B4260EB2A248F47B816B86AAB389ECD8CBA1066@bgb01xud1008> Hi. At the risk of being shot down in flames, what else do I need to do to comply with your requirements to get my patch accepted such that it appears at http://hg.nginx.org/nginx/ ? I'm happy to contribute documentation, add a test case to the nginx-test repo etc. Many thanks, -- Dave Bevan Senior Broadcast Systems Developer News Labs, BBC Design & Engineering bbcnewslabs.co.uk bbc.co.uk/news ________________________________________ From: nginx-devel [nginx-devel-bounces at nginx.org] on behalf of nginx-devel-request at nginx.org [nginx-devel-request at nginx.org] Sent: 25 February 2017 12:00 To: nginx-devel at nginx.org Subject: nginx-devel Digest, Vol 88, Issue 35 Send nginx-devel mailing list submissions to nginx-devel at nginx.org To subscribe or unsubscribe via the World Wide Web, visit http://mailman.nginx.org/mailman/listinfo/nginx-devel or, via email, send a message with subject or body 'help' to nginx-devel-request at nginx.org You can reach the person managing the list at nginx-devel-owner at nginx.org When replying, please edit your Subject line so it is more specific than "Re: Contents of nginx-devel digest..." Today's Topics: 1. New ssl var: $ssl_client_ms_upn (Dave Bevan) ---------------------------------------------------------------------- Message: 1 Date: Fri, 24 Feb 2017 13:48:27 +0000 From: Dave Bevan To: "nginx-devel at nginx.org" Subject: New ssl var: $ssl_client_ms_upn Message-ID: <8B4260EB2A248F47B816B86AAB389ECD8CB863AF at bgb01xud1008> Content-Type: text/plain; charset="iso-8859-1" # HG changeset patch # User Dave Bevan # Date 1487943997 0 # Fri Feb 24 13:46:37 2017 +0000 # Node ID 5ccdcc88e98c31c4694fa47d6876934d2af0fcfd # Parent 00903b2132edb863e8aed2e84e216817fcc07c90 Add new ssl variable: $ssl_client_ms_upn (Microsoft UserPrincipalName). Retrieved from a client cert, this identity string is used in corporate environments as a primary key when interacting with Active Directory. Commonly used to set REMOTE_USER param. Brings equivalence with Apache 2.4.17 which introduced access to the same data: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/CHANGES Changes with Apache 2.4.17 *) mod_ssl: Add support for extracting the msUPN and dnsSRV forms of subjectAltName entries of type "otherName" into SSL_{CLIENT,SERVER}_SAN_OTHER_{msUPN,dnsSRV}_n environment variables. Addresses PR 58020. [Jan Pazdziora , Kaspar Brand] Includes enhanced error checking (thanks Andrey K) diff -r 00903b2132ed -r 5ccdcc88e98c src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c Wed Feb 22 12:26:41 2017 +0800 +++ b/src/event/ngx_event_openssl.c Fri Feb 24 13:46:37 2017 +0000 @@ -4081,6 +4081,67 @@ } +ngx_int_t +ngx_ssl_get_client_ms_upn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) +{ + int i; + BIO *bio; + X509 *cert; + GENERAL_NAME *altname; + STACK_OF(GENERAL_NAME) *altnames; + + s->len = 0; + + cert = SSL_get_peer_certificate(c->ssl->connection); + if (cert == NULL) { + return NGX_OK; + } + + bio = BIO_new(BIO_s_mem()); + if (bio == NULL) { + X509_free(cert); + return NGX_ERROR; + } + + altnames = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); + + if (altnames) { + for (i = 0; i < sk_GENERAL_NAME_num(altnames); i++) { + altname = sk_GENERAL_NAME_value(altnames, i); + + if (altname->type != GEN_OTHERNAME) { + continue; + } + + if (NID_ms_upn != OBJ_obj2nid(altname->d.otherName->type_id)) { + continue; + } + + BIO_printf(bio, "%s", + (char*)ASN1_STRING_data(altname->d.otherName->value->value.asn1_string)); + break; + } + } + + s->len = BIO_pending(bio); + s->data = ngx_pnalloc(pool, s->len); + if (s->data == NULL) { + BIO_free(bio); + X509_free(cert); + GENERAL_NAMES_free(altnames); + return NGX_ERROR; + } + + BIO_read(bio, s->data, s->len); + + BIO_free(bio); + X509_free(cert); + GENERAL_NAMES_free(altnames); + + return NGX_OK; +} + + static time_t ngx_ssl_parse_time( #if OPENSSL_VERSION_NUMBER > 0x10100000L diff -r 00903b2132ed -r 5ccdcc88e98c src/event/ngx_event_openssl.h --- a/src/event/ngx_event_openssl.h Wed Feb 22 12:26:41 2017 +0800 +++ b/src/event/ngx_event_openssl.h Fri Feb 24 13:46:37 2017 +0000 @@ -226,6 +226,8 @@ ngx_str_t *s); ngx_int_t ngx_ssl_get_client_v_remain(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s); +ngx_int_t ngx_ssl_get_client_ms_upn(ngx_connection_t *c, ngx_pool_t *pool, + ngx_str_t *s); ngx_int_t ngx_ssl_handshake(ngx_connection_t *c); diff -r 00903b2132ed -r 5ccdcc88e98c src/http/modules/ngx_http_ssl_module.c --- a/src/http/modules/ngx_http_ssl_module.c Wed Feb 22 12:26:41 2017 +0800 +++ b/src/http/modules/ngx_http_ssl_module.c Fri Feb 24 13:46:37 2017 +0000 @@ -328,6 +328,9 @@ { ngx_string("ssl_client_v_remain"), NULL, ngx_http_ssl_variable, (uintptr_t) ngx_ssl_get_client_v_remain, NGX_HTTP_VAR_CHANGEABLE, 0 }, + { ngx_string("ssl_client_ms_upn"), NULL, ngx_http_ssl_variable, + (uintptr_t) ngx_ssl_get_client_ms_upn, NGX_HTTP_VAR_CHANGEABLE, 0 }, + { ngx_null_string, NULL, NULL, 0, 0, 0 } }; diff -r 00903b2132ed -r 5ccdcc88e98c src/stream/ngx_stream_ssl_module.c --- a/src/stream/ngx_stream_ssl_module.c Wed Feb 22 12:26:41 2017 +0800 +++ b/src/stream/ngx_stream_ssl_module.c Fri Feb 24 13:46:37 2017 +0000 @@ -272,6 +272,9 @@ { ngx_string("ssl_client_v_remain"), NULL, ngx_stream_ssl_variable, (uintptr_t) ngx_ssl_get_client_v_remain, NGX_STREAM_VAR_CHANGEABLE, 0 }, + { ngx_string("ssl_client_ms_upn"), NULL, ngx_stream_ssl_variable, + (uintptr_t) ngx_ssl_get_client_ms_upn, NGX_STREAM_VAR_CHANGEABLE, 0 }, + { ngx_null_string, NULL, NULL, 0, 0, 0 } }; -------------- next part -------------- An HTML attachment was scrubbed... URL: ------------------------------ Subject: Digest Footer _______________________________________________ nginx-devel mailing list nginx-devel at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel ------------------------------ End of nginx-devel Digest, Vol 88, Issue 35 ******************************************* ----------------------------- http://www.bbc.co.uk This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. ----------------------------- From mdounin at mdounin.ru Fri Mar 3 13:08:03 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 3 Mar 2017 16:08:03 +0300 Subject: New ssl var: $ssl_client_ms_upn In-Reply-To: <8B4260EB2A248F47B816B86AAB389ECD8CBA1066@bgb01xud1008> References: <8B4260EB2A248F47B816B86AAB389ECD8CBA1066@bgb01xud1008> Message-ID: <20170303130803.GI34777@mdounin.ru> Hello! On Fri, Mar 03, 2017 at 12:08:56PM +0000, Dave Bevan wrote: > At the risk of being shot down in flames, what else do I need to > do to comply with your requirements to get my patch accepted > such that it appears at http://hg.nginx.org/nginx/ ? You were already told that: - There are obvious issues with implementation, your code will produce grabage if there is more than one relevant subjectAlternativeName. - There are questions whether these variables are at all needed. And the fact that in Apache they were intorduced only about a year ago suggests that the answer may be no. In general, it might be a better idea to implement this as a 3rd party module if you use this and think it can be usable for others. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Fri Mar 3 14:05:34 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 3 Mar 2017 17:05:34 +0300 Subject: [PATCH 4 of 4] Contrib: vim syntax, remove unecessary ngxBlock In-Reply-To: <433844daf574dbf89390.1488538619@othree.local> References: <433844daf574dbf89390.1488538619@othree.local> Message-ID: <20170303140534.GJ34777@mdounin.ru> Hello! On Fri, Mar 03, 2017 at 06:56:59PM +0800, othree wrote: > # HG changeset patch > # User othree > # Date 1488538568 -28800 > # Fri Mar 03 18:56:08 2017 +0800 > # Node ID 433844daf574dbf89390e574201b3db417337cdd > # Parent b88ed85b7b4f3ea5a586f4f58251481348c502f1 > Contrib: vim syntax, remove unecessary ngxBlock. > > ngxBlock breaks highlighting for the following conf: > > rewrite "^/[0-9a-z]{40}/(.*)" /$1/ last; While current implementation of ngxBlock looks incorrect, I don't see how it breaks highlighting of the rewrite in question. Could you please elaborate? On the other hand, the rewrite highlighting is clearly incorrect either. Rewrite arguments (much like any other directive arguments) can be escaped strings, and the rewrite parsing as implemented in the patch 2 doesn't take it into account, hence it will be broken with a configuration like: rewrite "/foo bar/" /bazz/ last; In general, it might be better idea to start with general configuration syntax matching instead of focusing on the ad-hoc solutions for some particular directives. And removing ngxBlock looks like a step in the wrong direction to me, as it is a basic concept of the configuration syntax. -- Maxim Dounin http://nginx.org/ From othree at gmail.com Fri Mar 3 15:37:36 2017 From: othree at gmail.com (OOO) Date: Fri, 3 Mar 2017 23:37:36 +0800 Subject: [PATCH 4 of 4] Contrib: vim syntax, remove unecessary ngxBlock In-Reply-To: <20170303140534.GJ34777@mdounin.ru> References: <433844daf574dbf89390.1488538619@othree.local> <20170303140534.GJ34777@mdounin.ru> Message-ID: Hi I made a sample and take screenshot[1]. This one (remove current ngxBlock) is a blocker for some other changes. [1]:https://www.flickr.com/photos/othree/32843758310/ And about the *ngxBlock* you talked about in the last paragraph. I think you are talking about curly bracket block: http { include conf/mime.types; index index.html index.htm index.php; } I think it's not necessary for nginx conf file syntax highlight definition. I can do more specific syntax highlight like ngxServerBlock for `server { ... }` or another for `http { ... }`. And made some constrain, ex: only allow *http* in *server*. Not allow *http* at root level. But it add lots of complexity. And I don't see the benefit worthy it. Also breaks highlight in partial conf file (which will be included by other conf file). I will fix the rewrite commit. But I have another question. Maybe you have an idea about it. rewrite "/foo bar/" /bazz/ last; For now, if I fix the bug. The "/foo bar/" part will be highlight as string. But the /bazz/ part will be normal (no highlight). I think they should both be highlight as string. Do you have any idea? Lots of directive have similar issue. I have another change is about location path: location ~ /path/to/file { } Is to highlight /path/to/file part like a string. I fell its better to see the conf. But not sure is it good to everyone. 2017-03-03 22:05 GMT+08:00 Maxim Dounin : > Hello! > > On Fri, Mar 03, 2017 at 06:56:59PM +0800, othree wrote: > >> # HG changeset patch >> # User othree >> # Date 1488538568 -28800 >> # Fri Mar 03 18:56:08 2017 +0800 >> # Node ID 433844daf574dbf89390e574201b3db417337cdd >> # Parent b88ed85b7b4f3ea5a586f4f58251481348c502f1 >> Contrib: vim syntax, remove unecessary ngxBlock. >> >> ngxBlock breaks highlighting for the following conf: >> >> rewrite "^/[0-9a-z]{40}/(.*)" /$1/ last; > > While current implementation of ngxBlock looks incorrect, I don't > see how it breaks highlighting of the rewrite in question. Could > you please elaborate? > > On the other hand, the rewrite highlighting is clearly incorrect > either. Rewrite arguments (much like any other directive > arguments) can be escaped strings, and the rewrite parsing as > implemented in the patch 2 doesn't take it into account, hence it > will be broken with a configuration like: > > rewrite "/foo bar/" /bazz/ last; > > In general, it might be better idea to start with general > configuration syntax matching instead of focusing on the ad-hoc > solutions for some particular directives. And removing ngxBlock > looks like a step in the wrong direction to me, as it is a basic > concept of the configuration syntax. > > -- > Maxim Dounin > http://nginx.org/ > _______________________________________________ > nginx-devel mailing list > nginx-devel at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel -- OOO From saju.pillai at concur.com Fri Mar 3 17:18:18 2017 From: saju.pillai at concur.com (Pillai, Saju) Date: Fri, 3 Mar 2017 09:18:18 -0800 Subject: module init order & embedded variables Message-ID: My module needs to access variables created by the ngx_http_ssl_module. Iam trying to find the index of these variables from my module_init, but I am finding this to be sensitive to the order in which the modules are compiled into the nginx binary. My plan was to locate the indices for the variables at module init time and store them in static variables that my module handler can directly use to look up the values. 1. What is the recommended way for a module to access another module's embedded vars? 2. Is there a mechanism to control module init order? -srp ________________________________ This e-mail message is authorized for use by the intended recipient only and may contain information that is privileged and confidential. If you received this message in error, please call us immediately at (425) 590-5000 and ask to speak to the message sender. Please do not copy, disseminate, or retain this message unless you are the intended recipient. In addition, to ensure the security of your data, please do not send any unencrypted credit card or personally identifiable information to this email address. Thank you. From mdounin at mdounin.ru Fri Mar 3 17:24:28 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 3 Mar 2017 20:24:28 +0300 Subject: [PATCH 4 of 4] Contrib: vim syntax, remove unecessary ngxBlock In-Reply-To: References: <433844daf574dbf89390.1488538619@othree.local> <20170303140534.GJ34777@mdounin.ru> Message-ID: <20170303172428.GM34777@mdounin.ru> Hello! On Fri, Mar 03, 2017 at 11:37:36PM +0800, OOO wrote: > I made a sample and take screenshot[1]. > This one (remove current ngxBlock) is a blocker for some other changes. > > [1]:https://www.flickr.com/photos/othree/32843758310/ Ah, ok, I see. The problem only happens if there is an indentation. > And about the *ngxBlock* you talked about in the last paragraph. > I think you are talking about curly bracket block: > > http { > include conf/mime.types; > index index.html index.htm index.php; > } > > I think it's not necessary for nginx conf file syntax highlight definition. > I can do more specific syntax highlight like ngxServerBlock for > `server { ... }` or another for `http { ... }`. > And made some constrain, ex: only allow *http* in *server*. Not allow > *http* at root level. > But it add lots of complexity. And I don't see the benefit worthy it. > Also breaks highlight in partial conf file (which will be included by > other conf file). Not allowing "server" at root level will break highlighting in include files, agree. But it should be still possible to check if there are missing / unbalanced curly brackets, and warn a user if tries to write "server { ..." instead of "server { ... }". And it should be still possible to enforce http{} should be only at top level, and there should be no server{} insider another server{}. Moreover, I think it is the only way to properly parse configuration for highliting. Without matching blocks you want be able to properly highligh configuration directives. For example, consider the following configuration: map $foo $bar { index foo; } index bar; In this example, only "map" and "index bar" should be highlighted as configuration directives. Highliting "index foo" would be an error, because it is not a configuration directive, but a source and resulting values of the map. The same applies to matching directives. Not seeing a directive ending will lead to server_name some-name-but-no-semicolon listen 80; being misinterpreted as two configuration directives, making it harder for people to find the bug. And this is actually a typical problem nginx users often face, as per questions on the mailing list. And it would be really good for syntax highlighting to help them to find the bug instead of misleading them even further. > I will fix the rewrite commit. > But I have another question. > Maybe you have an idea about it. > > rewrite "/foo bar/" /bazz/ last; > > For now, if I fix the bug. The "/foo bar/" part will be highlight as string. > But the /bazz/ part will be normal (no highlight). > I think they should both be highlight as string. > Do you have any idea? Current behaviour is to hightlight strings everywhere unconditionally, and I don't think it's a problem. Your changes won't introduce any regression here. Moreover, this is something anyway will happen even if you specifically define matching for a particular parameter. For example, consider the following configuration snippet: "rewrite" "/foo bar/" "/bazz/" "last"; It is identical to the snippet above from nginx point of view, but all the arguments and the directive name will be highlited as strings. I don't really think this is something would be easy to resolve. BTW, just noticed while testing the above example. ngxString now doesn't match at the start of a line, so the following snippet won't be correctly highlighted: rewrite "/foo/" /bar last; I think the fix would be to explicitly check for whitespaces or newline before ngxString, like this: diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim --- a/contrib/vim/syntax/nginx.vim +++ b/contrib/vim/syntax/nginx.vim @@ -13,7 +13,7 @@ syn match ngxVariable '\$\(\w\+\|{\w\+}\ syn match ngxVariableBlock '\$\(\w\+\|{\w\+}\)' contained syn match ngxVariableString '\$\(\w\+\|{\w\+}\)' contained syn region ngxBlock start=+^+ end=+{+ skip=+\${+ contains=ngxComment,ngxDirectiveBlock,ngxVariableBlock,ngxString oneline -syn region ngxString start=+[^:a-zA-Z>!\\@]\z(["']\)+lc=1 end=+\z1+ skip=+\\\\\|\\\z1+ contains=ngxVariableString +syn region ngxString start=+\(^\|[ \t]\)\zs\z(["']\)+ end=+\z1+ skip=+\\\\\|\\\z1+ contains=ngxVariableString syn match ngxComment ' *#.*$' syn keyword ngxBoolean on Please let me know if you have any objections to the above patch and/or just include it into your patch series. -- Maxim Dounin http://nginx.org/ From thibaultcha at fastmail.com Fri Mar 3 19:34:28 2017 From: thibaultcha at fastmail.com (Thibault Charbonnier) Date: Fri, 3 Mar 2017 11:34:28 -0800 Subject: [PATCH] Resolver: parse hosts file entries In-Reply-To: <56e01788-baca-8c2d-c0ca-de1e02965226@fastmail.com> References: <56e01788-baca-8c2d-c0ca-de1e02965226@fastmail.com> Message-ID: <24b3710c-c9c6-3995-c076-6adb00ae03a2@fastmail.com> Hi, Just curious what is the community's stance on this? If the feature is desired but the patch isn't good, I am willing to receive feedback and improve it. If not desired, may I be so curious as to ask why? I hope the ping is considered ok. Best, Thibault From othree at gmail.com Sat Mar 4 11:59:31 2017 From: othree at gmail.com (othree) Date: Sat, 04 Mar 2017 19:59:31 +0800 Subject: [PATCH] Contrib: vim syntax, support block region In-Reply-To: <20170303172428.GM34777@mdounin.ru> References: <20170303172428.GM34777@mdounin.ru> Message-ID: # HG changeset patch # User othree # Date 1488628696 -28800 # Sat Mar 04 19:58:16 2017 +0800 # Node ID a244d5f635ebf90cd30c42f826810b9bf5d53f3c # Parent 7fca6f60d5cafa0127b5bc4d6b74fcd06ab532a3 Contrib: vim syntax, support block region. diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim --- a/contrib/vim/syntax/nginx.vim +++ b/contrib/vim/syntax/nginx.vim @@ -4,43 +4,66 @@ if exists("b:current_syntax") finish end setlocal iskeyword+=. setlocal iskeyword+=/ setlocal iskeyword+=: -syn match ngxVariable '\$\(\w\+\|{\w\+}\)' -syn match ngxVariableBlock '\$\(\w\+\|{\w\+}\)' contained -syn match ngxVariableString '\$\(\w\+\|{\w\+}\)' contained -syn region ngxBlock start=+^+ end=+{+ skip=+\${+ contains=ngxComment,ngxDirectiveBlock,ngxVariableBlock,ngxString oneline -syn region ngxString start=+[^:a-zA-Z>!\\@]\z(["']\)+lc=1 end=+\z1+ skip=+\\\\\|\\\z1+ contains=ngxVariableString -syn match ngxComment ' *#.*$' +syn match ngxVariable '\$\(\w\+\|{\w\+}\)' +syn match ngxVariableString '\$\(\w\+\|{\w\+}\)' contained + +syn region ngxString start=+\%(^\|\s\)\zs\z(["']\)+ end=+\z1+ skip=+\\\\\|\\\z1+ contains=ngxVariableString +syn region ngxComment start=+\%(^\|\s\)\zs#+ end=+$+ oneline syn keyword ngxBoolean on syn keyword ngxBoolean off -syn keyword ngxDirectiveBlock http contained -syn keyword ngxDirectiveBlock mail contained -syn keyword ngxDirectiveBlock events contained -syn keyword ngxDirectiveBlock server contained -syn keyword ngxDirectiveBlock types contained -syn keyword ngxDirectiveBlock location contained -syn keyword ngxDirectiveBlock upstream contained -syn keyword ngxDirectiveBlock charset_map contained -syn keyword ngxDirectiveBlock limit_except contained -syn keyword ngxDirectiveBlock if contained -syn keyword ngxDirectiveBlock geo contained -syn keyword ngxDirectiveBlock map contained -syn keyword ngxDirectiveBlock split_clients contained +syn match ngxDirectiveBlockParams /\S\+/ contains=ngxVariableString contained nextgroup=ngxDirectiveBlockParams,ngxBlock skipwhite skipempty +syn match ngxDirectiveBlockParam1 /\S\+/ contains=ngxVariableString contained nextgroup=ngxDirectiveBlockParam2 skipwhite skipempty +syn match ngxDirectiveBlockParam2 /\S\+/ contains=ngxVariableString contained nextgroup=ngxBlock skipwhite skipempty +syn region ngxDirectiveBlockParams start=+\%(^\|\s\)\zs\z(["']\)+ end=+\z1+ skip=+\\\\\|\\\z1+ contains=ngxVariableString contained nextgroup=ngxDirectiveBlockParams,ngxBlock skipwhite skipempty +syn region ngxDirectiveBlockParam1 start=+\%(^\|\s\)\zs\z(["']\)+ end=+\z1+ skip=+\\\\\|\\\z1+ contains=ngxVariableString contained nextgroup=ngxDirectiveBlockParam2 skipwhite skipempty +syn region ngxDirectiveBlockParam2 start=+\%(^\|\s\)\zs\z(["']\)+ end=+\z1+ skip=+\\\\\|\\\z1+ contains=ngxVariableString contained nextgroup=ngxBlock skipwhite skipempty + +syn cluster ngxDirectives contains=ngxDirectiveBlock,ngxDirectiveImportant,ngxDirectiveControl,ngxDirectiveError,ngxDirectiveDeprecated,ngxDirective,ngxDirectiveThirdParty +syn cluster ngxBlockDirectives contains=@ngxDirectives,ngxReservedMainContextDirective +syn cluster ngxBlockElements contains=@ngxBlockDirectives,ngxVariable,ngxString,ngxComment,ngxBoolean + +syn region ngxBlock start=+{+ end=+}+ contained contains=@ngxBlockElements +syn region ngxServerBlock start=+{+ end=+}+ contained contains=@ngxBlockElements,ngxReservedServerContextDirective +syn region ngxUpstreamBlock start=+{+ end=+}+ contained contains=@ngxBlockElements,ngxDirectiveServer + +syn keyword ngxDirectiveBlock http nextgroup=ngxBlock skipwhite skipempty +syn keyword ngxDirectiveBlock mail nextgroup=ngxBlock skipwhite skipempty +syn keyword ngxDirectiveBlock events nextgroup=ngxBlock skipwhite skipempty +syn keyword ngxDirectiveBlock server nextgroup=ngxServerBlock skipwhite skipempty +syn keyword ngxDirectiveBlock types nextgroup=ngxBlock skipwhite skipempty + +syn match ngxLocationPath /\S\+/ contained nextgroup=ngxBlock skipwhite skipempty +syn region ngxLocationPath start=+\%(^\|\s\)\zs\z(["']\)+lc=1 end=+\z1+ skip=+\\\\\|\\\z1+ contains=ngxVariableString contained nextgroup=ngxBlock skipwhite skipempty +syn match ngxLocationOperator /\(=\|\~\*\|\^\~\|\~\)/ contained nextgroup=ngxLocationPath skipwhite skipempty +syn match ngxLocationNamedLoc /@\w\+/ +syn keyword ngxDirectiveBlock location nextgroup=ngxLocationNamedLoc,ngxLocationOperator,ngxLocationPath,ngxString skipwhite skipempty + +syn keyword ngxDirectiveBlock upstream nextgroup=ngxUpstreamBlock skipwhite skipempty +syn keyword ngxDirectiveBlock charset_map nextgroup=ngxDirectiveBlockParam1 skipwhite skipempty +syn keyword ngxDirectiveBlock limit_except nextgroup=ngxDirectiveBlockParams skipwhite skipempty +syn keyword ngxDirectiveBlock if nextgroup=ngxBlock skipwhite skipempty +syn keyword ngxDirectiveBlock geo nextgroup=ngxBlock skipwhite skipempty +syn keyword ngxDirectiveBlock map nextgroup=ngxDirectiveBlockParam1 skipwhite skipempty +syn keyword ngxDirectiveBlock split_clients nextgroup=ngxDirectiveBlockParam1 skipwhite skipempty + +syn keyword ngxReservedMainContextDirective http contained +syn keyword ngxReservedServerContextDirective server contained syn keyword ngxDirectiveImportant include syn keyword ngxDirectiveImportant root -syn keyword ngxDirectiveImportant server +syn keyword ngxDirectiveServer server contained syn keyword ngxDirectiveImportant server_name syn keyword ngxDirectiveImportant listen contained syn region ngxDirectiveImportantListen matchgroup=ngxDirectiveImportant start=+listen+ skip=+\\\\\|\\\;+ end=+;+he=e-1 contains=ngxListenOptions,ngxString syn keyword ngxDirectiveImportant internal syn keyword ngxDirectiveImportant proxy_pass syn keyword ngxDirectiveImportant memcached_pass syn keyword ngxDirectiveImportant fastcgi_pass syn keyword ngxDirectiveImportant scgi_pass @@ -2118,24 +2141,26 @@ syn keyword ngxDirectiveThirdParty xss_i " ZIP Module " ZIP archiver for nginx " highlight hi link ngxComment Comment hi link ngxVariable Identifier -hi link ngxVariableBlock Identifier hi link ngxVariableString PreProc -hi link ngxBlock Normal hi link ngxString String +hi link ngxLocationOperator Operator +hi link ngxLocationPath String +hi link ngxLocationNamedLoc Identifier hi link ngxBoolean Boolean hi link ngxDirectiveBlock Statement hi link ngxDirectiveImportant Type +hi link ngxDirectiveServer ngxDirectiveImportant hi link ngxDirectiveControl Keyword hi link ngxDirectiveError Constant hi link ngxDirectiveDeprecated Error hi link ngxDirective Identifier hi link ngxDirectiveThirdParty Special hi link ngxListenOptions Keyword hi link ngxMailProtocol Keyword From othree at gmail.com Sat Mar 4 12:18:30 2017 From: othree at gmail.com (OOO) Date: Sat, 4 Mar 2017 20:18:30 +0800 Subject: [PATCH 4 of 4] Contrib: vim syntax, remove unecessary ngxBlock In-Reply-To: <20170303172428.GM34777@mdounin.ru> References: <433844daf574dbf89390.1488538619@othree.local> <20170303140534.GJ34777@mdounin.ru> <20170303172428.GM34777@mdounin.ru> Message-ID: Hi I send a new patch to mailing list "Contrib: vim syntax, support block region". That one is for testing the real ngxBlock we talked in previous mail. This patch also includes: * http only allow in main context * server not allow in server * Fix the string at beginning of line There is a way to correct highlighting the following conf: server_name some-name-but-no-semicolon listen 80; By using region, just like block ( end=/;/ ). But the syntax definition will become very huge. Every directive: syn keyword ngxDirective absolute_redirect Might becomes: syn keyword ngxDirective absolute_redirect nextgroup=ngxDirectiveOption Some common directive might have other syntax group, ex: listen. If we are going to this direction. The patches I sent should not commit in repo now. 2017-03-04 1:24 GMT+08:00 Maxim Dounin : > Hello! > > On Fri, Mar 03, 2017 at 11:37:36PM +0800, OOO wrote: > >> I made a sample and take screenshot[1]. >> This one (remove current ngxBlock) is a blocker for some other changes. >> >> [1]:https://www.flickr.com/photos/othree/32843758310/ > > Ah, ok, I see. The problem only happens if there is an > indentation. > >> And about the *ngxBlock* you talked about in the last paragraph. >> I think you are talking about curly bracket block: >> >> http { >> include conf/mime.types; >> index index.html index.htm index.php; >> } >> >> I think it's not necessary for nginx conf file syntax highlight definition. >> I can do more specific syntax highlight like ngxServerBlock for >> `server { ... }` or another for `http { ... }`. >> And made some constrain, ex: only allow *http* in *server*. Not allow >> *http* at root level. >> But it add lots of complexity. And I don't see the benefit worthy it. >> Also breaks highlight in partial conf file (which will be included by >> other conf file). > > Not allowing "server" at root level will break highlighting in > include files, agree. But it should be still possible to check if > there are missing / unbalanced curly brackets, and warn a user if > tries to write "server { ..." instead of "server { ... }". And it > should be still possible to enforce http{} should be only at top level, > and there should be no server{} insider another server{}. > > Moreover, I think it is the only way to properly parse > configuration for highliting. Without matching blocks you want be > able to properly highligh configuration directives. For example, > consider the following configuration: > > map $foo $bar { > index foo; > } > > index bar; > > In this example, only "map" and "index bar" should be highlighted > as configuration directives. Highliting "index foo" would be an > error, because it is not a configuration directive, but a source > and resulting values of the map. > > The same applies to matching directives. Not seeing a directive > ending will lead to > > server_name some-name-but-no-semicolon > listen 80; > > being misinterpreted as two configuration directives, making it > harder for people to find the bug. And this is actually a typical > problem nginx users often face, as per questions on the mailing > list. And it would be really good for syntax highlighting to help > them to find the bug instead of misleading them even further. > >> I will fix the rewrite commit. >> But I have another question. >> Maybe you have an idea about it. >> >> rewrite "/foo bar/" /bazz/ last; >> >> For now, if I fix the bug. The "/foo bar/" part will be highlight as string. >> But the /bazz/ part will be normal (no highlight). >> I think they should both be highlight as string. >> Do you have any idea? > > Current behaviour is to hightlight strings everywhere > unconditionally, and I don't think it's a problem. Your changes > won't introduce any regression here. > > Moreover, this is something anyway will happen even if you > specifically define matching for a particular parameter. For > example, consider the following configuration snippet: > > "rewrite" "/foo bar/" "/bazz/" "last"; > > It is identical to the snippet above from nginx point of view, but > all the arguments and the directive name will be highlited as > strings. I don't really think this is something would be easy to > resolve. > > BTW, just noticed while testing the above example. ngxString now > doesn't match at the start of a line, so the following snippet > won't be correctly highlighted: > > rewrite > "/foo/" > /bar > last; > > I think the fix would be to explicitly check for whitespaces or > newline before ngxString, like this: > > diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim > --- a/contrib/vim/syntax/nginx.vim > +++ b/contrib/vim/syntax/nginx.vim > @@ -13,7 +13,7 @@ syn match ngxVariable '\$\(\w\+\|{\w\+}\ > syn match ngxVariableBlock '\$\(\w\+\|{\w\+}\)' contained > syn match ngxVariableString '\$\(\w\+\|{\w\+}\)' contained > syn region ngxBlock start=+^+ end=+{+ skip=+\${+ contains=ngxComment,ngxDirectiveBlock,ngxVariableBlock,ngxString oneline > -syn region ngxString start=+[^:a-zA-Z>!\\@]\z(["']\)+lc=1 end=+\z1+ skip=+\\\\\|\\\z1+ contains=ngxVariableString > +syn region ngxString start=+\(^\|[ \t]\)\zs\z(["']\)+ end=+\z1+ skip=+\\\\\|\\\z1+ contains=ngxVariableString > syn match ngxComment ' *#.*$' > > syn keyword ngxBoolean on > > Please let me know if you have any objections to the above patch > and/or just include it into your patch series. > > -- > Maxim Dounin > http://nginx.org/ > _______________________________________________ > nginx-devel mailing list > nginx-devel at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel -- OOO From ru at nginx.com Mon Mar 6 08:11:53 2017 From: ru at nginx.com (Ruslan Ermilov) Date: Mon, 06 Mar 2017 08:11:53 +0000 Subject: [nginx] Added missing "static" specifiers found by gcc -Wtraditional. Message-ID: details: http://hg.nginx.org/nginx/rev/fbdaad9b0e7b branches: changeset: 6923:fbdaad9b0e7b user: Ruslan Ermilov date: Mon Mar 06 11:09:47 2017 +0300 description: Added missing "static" specifiers found by gcc -Wtraditional. diffstat: src/event/modules/ngx_devpoll_module.c | 2 +- src/event/modules/ngx_eventport_module.c | 2 +- src/http/ngx_http_upstream.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diffs (36 lines): diff -r a72886067bbb -r fbdaad9b0e7b src/event/modules/ngx_devpoll_module.c --- a/src/event/modules/ngx_devpoll_module.c Thu Mar 02 08:46:00 2017 -0500 +++ b/src/event/modules/ngx_devpoll_module.c Mon Mar 06 11:09:47 2017 +0300 @@ -336,7 +336,7 @@ ngx_devpoll_set_event(ngx_event_t *ev, n } -ngx_int_t +static ngx_int_t ngx_devpoll_process_events(ngx_cycle_t *cycle, ngx_msec_t timer, ngx_uint_t flags) { diff -r a72886067bbb -r fbdaad9b0e7b src/event/modules/ngx_eventport_module.c --- a/src/event/modules/ngx_eventport_module.c Thu Mar 02 08:46:00 2017 -0500 +++ b/src/event/modules/ngx_eventport_module.c Mon Mar 06 11:09:47 2017 +0300 @@ -432,7 +432,7 @@ ngx_eventport_notify(ngx_event_handler_p } -ngx_int_t +static ngx_int_t ngx_eventport_process_events(ngx_cycle_t *cycle, ngx_msec_t timer, ngx_uint_t flags) { diff -r a72886067bbb -r fbdaad9b0e7b src/http/ngx_http_upstream.c --- a/src/http/ngx_http_upstream.c Thu Mar 02 08:46:00 2017 -0500 +++ b/src/http/ngx_http_upstream.c Mon Mar 06 11:09:47 2017 +0300 @@ -5554,7 +5554,7 @@ ngx_http_upstream_cookie_variable(ngx_ht #if (NGX_HTTP_CACHE) -ngx_int_t +static ngx_int_t ngx_http_upstream_cache_status(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data) { From pluknet at nginx.com Mon Mar 6 16:12:24 2017 From: pluknet at nginx.com (Sergey Kandaurov) Date: Mon, 06 Mar 2017 16:12:24 +0000 Subject: [nginx] Mail: don't emit separator in capability lists for APOP. Message-ID: details: http://hg.nginx.org/nginx/rev/03735fef08da branches: changeset: 6924:03735fef08da user: Sergey Kandaurov date: Mon Mar 06 17:56:23 2017 +0300 description: Mail: don't emit separator in capability lists for APOP. Notably, this fixes CAPA and AUTH output. The bug had appeared in nginx 1.11.6 (73b451d304c0). diffstat: src/mail/ngx_mail_pop3_module.c | 16 ++++++++++++++++ 1 files changed, 16 insertions(+), 0 deletions(-) diffs (47 lines): diff -r fbdaad9b0e7b -r 03735fef08da src/mail/ngx_mail_pop3_module.c --- a/src/mail/ngx_mail_pop3_module.c Mon Mar 06 11:09:47 2017 +0300 +++ b/src/mail/ngx_mail_pop3_module.c Mon Mar 06 17:56:23 2017 +0300 @@ -185,6 +185,10 @@ ngx_mail_pop3_merge_srv_conf(ngx_conf_t m <= NGX_MAIL_AUTH_EXTERNAL_ENABLED; m <<= 1, i++) { + if (ngx_mail_pop3_auth_methods_names[i].len == 0) { + continue; + } + if (m & conf->auth_methods) { size += 1 + ngx_mail_pop3_auth_methods_names[i].len; } @@ -212,6 +216,10 @@ ngx_mail_pop3_merge_srv_conf(ngx_conf_t m <= NGX_MAIL_AUTH_EXTERNAL_ENABLED; m <<= 1, i++) { + if (ngx_mail_pop3_auth_methods_names[i].len == 0) { + continue; + } + if (m & conf->auth_methods) { *p++ = ' '; p = ngx_cpymem(p, ngx_mail_pop3_auth_methods_names[i].data, @@ -248,6 +256,10 @@ ngx_mail_pop3_merge_srv_conf(ngx_conf_t m <= NGX_MAIL_AUTH_EXTERNAL_ENABLED; m <<= 1, i++) { + if (ngx_mail_pop3_auth_methods_names[i].len == 0) { + continue; + } + if (m & conf->auth_methods) { size += ngx_mail_pop3_auth_methods_names[i].len + sizeof(CRLF) - 1; @@ -269,6 +281,10 @@ ngx_mail_pop3_merge_srv_conf(ngx_conf_t m <= NGX_MAIL_AUTH_EXTERNAL_ENABLED; m <<= 1, i++) { + if (ngx_mail_pop3_auth_methods_names[i].len == 0) { + continue; + } + if (m & conf->auth_methods) { p = ngx_cpymem(p, ngx_mail_pop3_auth_methods_names[i].data, ngx_mail_pop3_auth_methods_names[i].len); From eran.kornblau at kaltura.com Mon Mar 6 19:52:31 2017 From: eran.kornblau at kaltura.com (Eran Kornblau) Date: Mon, 6 Mar 2017 19:52:31 +0000 Subject: Add support for 'define' directive Message-ID: Hi all, I would like to add support for a 'define' directive to nginx, which will allow text substitutions during conf parsing. At this point I'm thinking about adding support only for simple macros - no parameters, no ifdefs etc. Before I start working on the code, I wanted to check whether this makes sense to you and whether you'll be willing to merge it (assuming it's implemented well, of course). A sample configuration may look like this: nginx.conf: ... define extra_log_args '$http_my_param $arg_some_arg' ... include child.conf child.conf: ... log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $bytes_sent $request_time "$http_referer" ' %extra_log_args%; ... In terms of implementation, the define command will add the key/value to a new rbtree on ngx_conf_t. In ngx_conf_read_token, next to the code that decodes \r,\n etc., the defined keys will be expanded to their values. Since the expansion is performed within an arg, this implies that a define cannot map to multiple args - it will essentially be like an nginx variable except that it's evaluated during conf parsing. An example of a use case where this could be useful (from our production environment) - We have multiple types of nginx servers, for example, some serve vod content, and some serve live video content. In addition to that, we have multiple data centers. The configuration of these servers is different but there are many common parts. Our way to share these common parts is to create small shared conf files and have them included by the server-specific configuration files. So we have x root conf files that include other files. On each server, nginx.conf is a symbolic link to the root conf matching the specific server. In some cases, some internal conf file has parts that depend on the site, and the problem is that we don't have a way to propagate the id of the site from the root conf to this child conf. We can probably do it with 'set', but that would be less optimal since there's no reason to have this value dynamic. Any feedback is welcome Thank you Eran -------------- next part -------------- An HTML attachment was scrubbed... URL: From ru at nginx.com Tue Mar 7 08:59:44 2017 From: ru at nginx.com (Ruslan Ermilov) Date: Tue, 07 Mar 2017 08:59:44 +0000 Subject: [nginx] Removed casts not needed after 1f513d7f1b45. Message-ID: details: http://hg.nginx.org/nginx/rev/b3c5b4312667 branches: changeset: 6925:b3c5b4312667 user: Ruslan Ermilov date: Tue Mar 07 11:47:58 2017 +0300 description: Removed casts not needed after 1f513d7f1b45. diffstat: src/core/ngx_rbtree.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diffs (21 lines): diff -r 03735fef08da -r b3c5b4312667 src/core/ngx_rbtree.c --- a/src/core/ngx_rbtree.c Mon Mar 06 17:56:23 2017 +0300 +++ b/src/core/ngx_rbtree.c Tue Mar 07 11:47:58 2017 +0300 @@ -28,7 +28,7 @@ ngx_rbtree_insert(ngx_rbtree_t *tree, ng /* a binary tree insert */ - root = (ngx_rbtree_node_t **) &tree->root; + root = &tree->root; sentinel = tree->sentinel; if (*root == sentinel) { @@ -161,7 +161,7 @@ ngx_rbtree_delete(ngx_rbtree_t *tree, ng /* a binary tree delete */ - root = (ngx_rbtree_node_t **) &tree->root; + root = &tree->root; sentinel = tree->sentinel; if (node->left == sentinel) { From mdounin at mdounin.ru Tue Mar 7 15:51:03 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 07 Mar 2017 15:51:03 +0000 Subject: [nginx] Converted hc->busy/hc->free to use chain links. Message-ID: details: http://hg.nginx.org/nginx/rev/e662cbf1b932 branches: changeset: 6926:e662cbf1b932 user: Maxim Dounin date: Tue Mar 07 18:49:31 2017 +0300 description: Converted hc->busy/hc->free to use chain links. Most notably, this fixes possible buffer overflows if number of large client header buffers in a virtual server is different from the one in the default server. Reported by Daniil Bondarev. diffstat: src/http/ngx_http_request.c | 91 ++++++++++++++++++++++++++------------------ src/http/ngx_http_request.h | 5 +- 2 files changed, 55 insertions(+), 41 deletions(-) diffs (194 lines): diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -549,7 +549,7 @@ ngx_http_create_request(ngx_connection_t ngx_set_connection_log(r->connection, clcf->error_log); - r->header_in = hc->nbusy ? hc->busy[0] : c->buffer; + r->header_in = hc->busy ? hc->busy->buf : c->buffer; if (ngx_list_init(&r->headers_out.headers, r->pool, 20, sizeof(ngx_table_elt_t)) @@ -1431,6 +1431,7 @@ ngx_http_alloc_large_header_buffer(ngx_h { u_char *old, *new; ngx_buf_t *b; + ngx_chain_t *cl; ngx_http_connection_t *hc; ngx_http_core_srv_conf_t *cscf; @@ -1460,8 +1461,11 @@ ngx_http_alloc_large_header_buffer(ngx_h hc = r->http_connection; - if (hc->nfree) { - b = hc->free[--hc->nfree]; + if (hc->free) { + cl = hc->free; + hc->free = cl->next; + + b = cl->buf; ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http large header free: %p %uz", @@ -1469,20 +1473,19 @@ ngx_http_alloc_large_header_buffer(ngx_h } else if (hc->nbusy < cscf->large_client_header_buffers.num) { - if (hc->busy == NULL) { - hc->busy = ngx_palloc(r->connection->pool, - cscf->large_client_header_buffers.num * sizeof(ngx_buf_t *)); - if (hc->busy == NULL) { - return NGX_ERROR; - } - } - b = ngx_create_temp_buf(r->connection->pool, cscf->large_client_header_buffers.size); if (b == NULL) { return NGX_ERROR; } + cl = ngx_alloc_chain_link(r->connection->pool); + if (cl == NULL) { + return NGX_ERROR; + } + + cl->buf = b; + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http large header alloc: %p %uz", b->pos, b->end - b->last); @@ -1491,7 +1494,9 @@ ngx_http_alloc_large_header_buffer(ngx_h return NGX_DECLINED; } - hc->busy[hc->nbusy++] = b; + cl->next = hc->busy; + hc->busy = cl; + hc->nbusy++; if (r->state == 0) { /* @@ -2835,12 +2840,11 @@ static void ngx_http_set_keepalive(ngx_http_request_t *r) { int tcp_nodelay; - ngx_int_t i; ngx_buf_t *b, *f; + ngx_chain_t *cl, *ln; ngx_event_t *rev, *wev; ngx_connection_t *c; ngx_http_connection_t *hc; - ngx_http_core_srv_conf_t *cscf; ngx_http_core_loc_conf_t *clcf; c = r->connection; @@ -2876,26 +2880,32 @@ ngx_http_set_keepalive(ngx_http_request_ * Now we would move the large header buffers to the free list. */ - cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module); - - if (hc->free == NULL) { - hc->free = ngx_palloc(c->pool, - cscf->large_client_header_buffers.num * sizeof(ngx_buf_t *)); - - if (hc->free == NULL) { - ngx_http_close_request(r, 0); - return; + for (cl = hc->busy; cl; /* void */) { + ln = cl; + cl = cl->next; + + if (ln->buf == b) { + ngx_free_chain(c->pool, ln); + continue; } - } - - for (i = 0; i < hc->nbusy - 1; i++) { - f = hc->busy[i]; - hc->free[hc->nfree++] = f; + + f = ln->buf; f->pos = f->start; f->last = f->start; + + ln->next = hc->free; + hc->free = ln; } - hc->busy[0] = b; + cl = ngx_alloc_chain_link(c->pool); + if (cl == NULL) { + ngx_http_close_request(r, 0); + return; + } + + cl->buf = b; + + hc->busy = cl; hc->nbusy = 1; } } @@ -2966,27 +2976,32 @@ ngx_http_set_keepalive(ngx_http_request_ b->last = b->start; } - ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0, "hc free: %p %i", - hc->free, hc->nfree); + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, "hc free: %p", + hc->free); if (hc->free) { - for (i = 0; i < hc->nfree; i++) { - ngx_pfree(c->pool, hc->free[i]->start); - hc->free[i] = NULL; + for (cl = hc->free; cl; /* void */) { + ln = cl; + cl = cl->next; + ngx_pfree(c->pool, ln->buf->start); + ngx_free_chain(c->pool, ln); } - hc->nfree = 0; + hc->free = NULL; } ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0, "hc busy: %p %i", hc->busy, hc->nbusy); if (hc->busy) { - for (i = 0; i < hc->nbusy; i++) { - ngx_pfree(c->pool, hc->busy[i]->start); - hc->busy[i] = NULL; + for (cl = hc->busy; cl; /* void */) { + ln = cl; + cl = cl->next; + ngx_pfree(c->pool, ln->buf->start); + ngx_free_chain(c->pool, ln); } + hc->busy = NULL; hc->nbusy = 0; } diff --git a/src/http/ngx_http_request.h b/src/http/ngx_http_request.h --- a/src/http/ngx_http_request.h +++ b/src/http/ngx_http_request.h @@ -309,11 +309,10 @@ typedef struct { #endif #endif - ngx_buf_t **busy; + ngx_chain_t *busy; ngx_int_t nbusy; - ngx_buf_t **free; - ngx_int_t nfree; + ngx_chain_t *free; unsigned ssl:1; unsigned proxy_protocol:1; From mdounin at mdounin.ru Tue Mar 7 17:00:52 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 07 Mar 2017 17:00:52 +0000 Subject: [nginx] Access log: removed dead ev->timedout check in flush timer handler. Message-ID: details: http://hg.nginx.org/nginx/rev/c36d160cd4e0 branches: changeset: 6927:c36d160cd4e0 user: Maxim Dounin date: Tue Mar 07 18:51:12 2017 +0300 description: Access log: removed dead ev->timedout check in flush timer handler. The ev->timedout flag is set on first timer expiration, and never reset after it. Due to this the code to stop the timer when the timer was canceled never worked (except in a very specific time frame immediately after start), and the timer was always armed again. This essentially resulted in a buffer flush at the end of an event loop iteration. This behaviour actually seems to be better than just stopping the flush timer for the whole shutdown, so it is preserved as is instead of fixing the code to actually remove the timer. It will be further improved by upcoming changes to preserve cancelable timers if there are other timers blocking shutdown. diffstat: src/http/modules/ngx_http_log_module.c | 15 +-------------- src/stream/ngx_stream_log_module.c | 15 +-------------- 2 files changed, 2 insertions(+), 28 deletions(-) diffs (56 lines): diff --git a/src/http/modules/ngx_http_log_module.c b/src/http/modules/ngx_http_log_module.c --- a/src/http/modules/ngx_http_log_module.c +++ b/src/http/modules/ngx_http_log_module.c @@ -748,23 +748,10 @@ ngx_http_log_flush(ngx_open_file_t *file static void ngx_http_log_flush_handler(ngx_event_t *ev) { - ngx_open_file_t *file; - ngx_http_log_buf_t *buffer; - ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ev->log, 0, "http log buffer flush handler"); - if (ev->timedout) { - ngx_http_log_flush(ev->data, ev->log); - return; - } - - /* cancel the flush timer for graceful shutdown */ - - file = ev->data; - buffer = file->data; - - buffer->event = NULL; + ngx_http_log_flush(ev->data, ev->log); } diff --git a/src/stream/ngx_stream_log_module.c b/src/stream/ngx_stream_log_module.c --- a/src/stream/ngx_stream_log_module.c +++ b/src/stream/ngx_stream_log_module.c @@ -641,23 +641,10 @@ ngx_stream_log_flush(ngx_open_file_t *fi static void ngx_stream_log_flush_handler(ngx_event_t *ev) { - ngx_open_file_t *file; - ngx_stream_log_buf_t *buffer; - ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ev->log, 0, "stream log buffer flush handler"); - if (ev->timedout) { - ngx_stream_log_flush(ev->data, ev->log); - return; - } - - /* cancel the flush timer for graceful shutdown */ - - file = ev->data; - buffer = file->data; - - buffer->event = NULL; + ngx_stream_log_flush(ev->data, ev->log); } From mdounin at mdounin.ru Tue Mar 7 17:00:55 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 07 Mar 2017 17:00:55 +0000 Subject: [nginx] Core: introduced ngx_rbtree_next(). Message-ID: details: http://hg.nginx.org/nginx/rev/e0cc454aafe4 branches: changeset: 6928:e0cc454aafe4 user: Maxim Dounin date: Tue Mar 07 18:51:13 2017 +0300 description: Core: introduced ngx_rbtree_next(). diffstat: src/core/ngx_rbtree.c | 29 +++++++++++++++++++++++++++++ src/core/ngx_rbtree.h | 2 ++ 2 files changed, 31 insertions(+), 0 deletions(-) diffs (48 lines): diff --git a/src/core/ngx_rbtree.c b/src/core/ngx_rbtree.c --- a/src/core/ngx_rbtree.c +++ b/src/core/ngx_rbtree.c @@ -378,3 +378,32 @@ ngx_rbtree_right_rotate(ngx_rbtree_node_ temp->right = node; node->parent = temp; } + + +ngx_rbtree_node_t * +ngx_rbtree_next(ngx_rbtree_t *tree, ngx_rbtree_node_t *node) +{ + ngx_rbtree_node_t *root, *sentinel, *parent; + + sentinel = tree->sentinel; + + if (node->right != sentinel) { + return ngx_rbtree_min(node->right, sentinel); + } + + root = tree->root; + + for ( ;; ) { + parent = node->parent; + + if (node == root) { + return NULL; + } + + if (node == parent->left) { + return parent; + } + + node = parent; + } +} diff --git a/src/core/ngx_rbtree.h b/src/core/ngx_rbtree.h --- a/src/core/ngx_rbtree.h +++ b/src/core/ngx_rbtree.h @@ -54,6 +54,8 @@ void ngx_rbtree_insert_value(ngx_rbtree_ ngx_rbtree_node_t *sentinel); void ngx_rbtree_insert_timer_value(ngx_rbtree_node_t *root, ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel); +ngx_rbtree_node_t *ngx_rbtree_next(ngx_rbtree_t *tree, + ngx_rbtree_node_t *node); #define ngx_rbt_red(node) ((node)->color = 1) From mdounin at mdounin.ru Tue Mar 7 17:00:58 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 07 Mar 2017 17:00:58 +0000 Subject: [nginx] Cancelable timers are now preserved if there are other timers. Message-ID: details: http://hg.nginx.org/nginx/rev/3069dd358ba2 branches: changeset: 6929:3069dd358ba2 user: Maxim Dounin date: Tue Mar 07 18:51:15 2017 +0300 description: Cancelable timers are now preserved if there are other timers. There is no need to cancel timers early if there are other timers blocking shutdown anyway. Preserving such timers allows nginx to continue some periodic work till the shutdown is actually possible. With the new approach, timers with ev->cancelable are simply ignored when checking if there are any timers left during shutdown. diffstat: src/event/ngx_event_timer.c | 40 ++++++++++++++-------------------------- src/event/ngx_event_timer.h | 2 +- src/os/unix/ngx_process_cycle.c | 5 +---- src/os/win32/ngx_process_cycle.c | 6 +----- 4 files changed, 17 insertions(+), 36 deletions(-) diffs (104 lines): diff --git a/src/event/ngx_event_timer.c b/src/event/ngx_event_timer.c --- a/src/event/ngx_event_timer.c +++ b/src/event/ngx_event_timer.c @@ -96,43 +96,31 @@ ngx_event_expire_timers(void) } -void -ngx_event_cancel_timers(void) +ngx_int_t +ngx_event_no_timers_left(void) { ngx_event_t *ev; ngx_rbtree_node_t *node, *root, *sentinel; sentinel = ngx_event_timer_rbtree.sentinel; - - for ( ;; ) { - root = ngx_event_timer_rbtree.root; + root = ngx_event_timer_rbtree.root; - if (root == sentinel) { - return; - } + if (root == sentinel) { + return NGX_OK; + } - node = ngx_rbtree_min(root, sentinel); - + for (node = ngx_rbtree_min(root, sentinel); + node; + node = ngx_rbtree_next(&ngx_event_timer_rbtree, node)) + { ev = (ngx_event_t *) ((char *) node - offsetof(ngx_event_t, timer)); if (!ev->cancelable) { - return; + return NGX_AGAIN; } - - ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ev->log, 0, - "event timer cancel: %d: %M", - ngx_event_ident(ev->data), ev->timer.key); - - ngx_rbtree_delete(&ngx_event_timer_rbtree, &ev->timer); + } -#if (NGX_DEBUG) - ev->timer.left = NULL; - ev->timer.right = NULL; - ev->timer.parent = NULL; -#endif + /* only cancelable timers left */ - ev->timer_set = 0; - - ev->handler(ev); - } + return NGX_OK; } diff --git a/src/event/ngx_event_timer.h b/src/event/ngx_event_timer.h --- a/src/event/ngx_event_timer.h +++ b/src/event/ngx_event_timer.h @@ -22,7 +22,7 @@ ngx_int_t ngx_event_timer_init(ngx_log_t *log); ngx_msec_t ngx_event_find_timer(void); void ngx_event_expire_timers(void); -void ngx_event_cancel_timers(void); +ngx_int_t ngx_event_no_timers_left(void); extern ngx_rbtree_t ngx_event_timer_rbtree; diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c --- a/src/os/unix/ngx_process_cycle.c +++ b/src/os/unix/ngx_process_cycle.c @@ -738,10 +738,7 @@ ngx_worker_process_cycle(ngx_cycle_t *cy for ( ;; ) { if (ngx_exiting) { - ngx_event_cancel_timers(); - - if (ngx_event_timer_rbtree.root == ngx_event_timer_rbtree.sentinel) - { + if (ngx_event_no_timers_left() == NGX_OK) { ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "exiting"); ngx_worker_process_exit(cycle); diff --git a/src/os/win32/ngx_process_cycle.c b/src/os/win32/ngx_process_cycle.c --- a/src/os/win32/ngx_process_cycle.c +++ b/src/os/win32/ngx_process_cycle.c @@ -782,11 +782,7 @@ ngx_worker_thread(void *data) while (!ngx_quit) { if (ngx_exiting) { - ngx_event_cancel_timers(); - - if (ngx_event_timer_rbtree.root - == ngx_event_timer_rbtree.sentinel) - { + if (ngx_event_no_timers_left() == NGX_OK) { break; } } From mdounin at mdounin.ru Tue Mar 7 17:01:00 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 07 Mar 2017 17:01:00 +0000 Subject: [nginx] Introduced worker_shutdown_timeout. Message-ID: details: http://hg.nginx.org/nginx/rev/97c99bb43737 branches: changeset: 6930:97c99bb43737 user: Maxim Dounin date: Tue Mar 07 18:51:16 2017 +0300 description: Introduced worker_shutdown_timeout. The directive configures a timeout to be used when gracefully shutting down worker processes. When the timer expires, nginx will try to close all the connections currently open to facilitate shutdown. diffstat: src/core/nginx.c | 9 ++++++ src/core/ngx_cycle.c | 53 ++++++++++++++++++++++++++++++++++++++++ src/core/ngx_cycle.h | 2 + src/os/unix/ngx_process_cycle.c | 1 + src/os/win32/ngx_process_cycle.c | 1 + 5 files changed, 66 insertions(+), 0 deletions(-) diffs (148 lines): diff --git a/src/core/nginx.c b/src/core/nginx.c --- a/src/core/nginx.c +++ b/src/core/nginx.c @@ -124,6 +124,13 @@ static ngx_command_t ngx_core_commands[ offsetof(ngx_core_conf_t, rlimit_core), NULL }, + { ngx_string("worker_shutdown_timeout"), + NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1, + ngx_conf_set_msec_slot, + 0, + offsetof(ngx_core_conf_t, shutdown_timeout), + NULL }, + { ngx_string("working_directory"), NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1, ngx_conf_set_str_slot, @@ -1014,6 +1021,7 @@ ngx_core_module_create_conf(ngx_cycle_t ccf->daemon = NGX_CONF_UNSET; ccf->master = NGX_CONF_UNSET; ccf->timer_resolution = NGX_CONF_UNSET_MSEC; + ccf->shutdown_timeout = NGX_CONF_UNSET_MSEC; ccf->worker_processes = NGX_CONF_UNSET; ccf->debug_points = NGX_CONF_UNSET; @@ -1042,6 +1050,7 @@ ngx_core_module_init_conf(ngx_cycle_t *c ngx_conf_init_value(ccf->daemon, 1); ngx_conf_init_value(ccf->master, 1); ngx_conf_init_msec_value(ccf->timer_resolution, 0); + ngx_conf_init_msec_value(ccf->shutdown_timeout, 0); ngx_conf_init_value(ccf->worker_processes, 1); ngx_conf_init_value(ccf->debug_points, 0); diff --git a/src/core/ngx_cycle.c b/src/core/ngx_cycle.c --- a/src/core/ngx_cycle.c +++ b/src/core/ngx_cycle.c @@ -15,6 +15,7 @@ static ngx_int_t ngx_init_zone_pool(ngx_ ngx_shm_zone_t *shm_zone); static ngx_int_t ngx_test_lockfile(u_char *file, ngx_log_t *log); static void ngx_clean_old_cycles(ngx_event_t *ev); +static void ngx_shutdown_timer_handler(ngx_event_t *ev); volatile ngx_cycle_t *ngx_cycle; @@ -22,6 +23,7 @@ ngx_array_t ngx_old_cycles; static ngx_pool_t *ngx_temp_pool; static ngx_event_t ngx_cleaner_event; +static ngx_event_t ngx_shutdown_event; ngx_uint_t ngx_test_config; ngx_uint_t ngx_dump_config; @@ -1333,3 +1335,54 @@ ngx_clean_old_cycles(ngx_event_t *ev) ngx_old_cycles.nelts = 0; } } + + +void +ngx_set_shutdown_timer(ngx_cycle_t *cycle) +{ + ngx_core_conf_t *ccf; + + ccf = (ngx_core_conf_t *) ngx_get_conf(cycle->conf_ctx, ngx_core_module); + + if (ccf->shutdown_timeout) { + ngx_shutdown_event.handler = ngx_shutdown_timer_handler; + ngx_shutdown_event.data = cycle; + ngx_shutdown_event.log = cycle->log; + ngx_shutdown_event.cancelable = 1; + + ngx_add_timer(&ngx_shutdown_event, ccf->shutdown_timeout); + } +} + + +static void +ngx_shutdown_timer_handler(ngx_event_t *ev) +{ + ngx_uint_t i; + ngx_cycle_t *cycle; + ngx_connection_t *c; + + cycle = ev->data; + + c = cycle->connections; + + for (i = 0; i < cycle->connection_n; i++) { + + if (c[i].fd == (ngx_socket_t) -1 + || c[i].read == NULL + || c[i].read->accept + || c[i].read->channel + || c[i].read->resolver) + { + continue; + } + + ngx_log_debug1(NGX_LOG_DEBUG_CORE, ev->log, 0, + "*%uA shutdown timeout", c[i].number); + + c[i].close = 1; + c[i].error = 1; + + c[i].read->handler(c[i].read); + } +} diff --git a/src/core/ngx_cycle.h b/src/core/ngx_cycle.h --- a/src/core/ngx_cycle.h +++ b/src/core/ngx_cycle.h @@ -88,6 +88,7 @@ typedef struct { ngx_flag_t master; ngx_msec_t timer_resolution; + ngx_msec_t shutdown_timeout; ngx_int_t worker_processes; ngx_int_t debug_points; @@ -129,6 +130,7 @@ ngx_pid_t ngx_exec_new_binary(ngx_cycle_ ngx_cpuset_t *ngx_get_cpu_affinity(ngx_uint_t n); ngx_shm_zone_t *ngx_shared_memory_add(ngx_conf_t *cf, ngx_str_t *name, size_t size, void *tag); +void ngx_set_shutdown_timer(ngx_cycle_t *cycle); extern volatile ngx_cycle_t *ngx_cycle; diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c --- a/src/os/unix/ngx_process_cycle.c +++ b/src/os/unix/ngx_process_cycle.c @@ -763,6 +763,7 @@ ngx_worker_process_cycle(ngx_cycle_t *cy if (!ngx_exiting) { ngx_exiting = 1; + ngx_set_shutdown_timer(cycle); ngx_close_listening_sockets(cycle); ngx_close_idle_connections(cycle); } diff --git a/src/os/win32/ngx_process_cycle.c b/src/os/win32/ngx_process_cycle.c --- a/src/os/win32/ngx_process_cycle.c +++ b/src/os/win32/ngx_process_cycle.c @@ -800,6 +800,7 @@ ngx_worker_thread(void *data) if (!ngx_exiting) { ngx_exiting = 1; + ngx_set_shutdown_timer(cycle); ngx_close_listening_sockets(cycle); ngx_close_idle_connections(cycle); } From mdounin at mdounin.ru Tue Mar 7 17:01:02 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 07 Mar 2017 17:01:02 +0000 Subject: [nginx] Style. Message-ID: details: http://hg.nginx.org/nginx/rev/d45072375572 branches: changeset: 6931:d45072375572 user: Maxim Dounin date: Tue Mar 07 18:51:17 2017 +0300 description: Style. diffstat: src/os/unix/ngx_process_cycle.c | 2 -- 1 files changed, 0 insertions(+), 2 deletions(-) diffs (19 lines): diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c --- a/src/os/unix/ngx_process_cycle.c +++ b/src/os/unix/ngx_process_cycle.c @@ -740,7 +740,6 @@ ngx_worker_process_cycle(ngx_cycle_t *cy if (ngx_exiting) { if (ngx_event_no_timers_left() == NGX_OK) { ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "exiting"); - ngx_worker_process_exit(cycle); } } @@ -751,7 +750,6 @@ ngx_worker_process_cycle(ngx_cycle_t *cy if (ngx_terminate) { ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "exiting"); - ngx_worker_process_exit(cycle); } From hongzhidao at gmail.com Wed Mar 8 07:52:15 2017 From: hongzhidao at gmail.com (=?UTF-8?B?5rSq5b+X6YGT?=) Date: Wed, 8 Mar 2017 15:52:15 +0800 Subject: [nginx] Introduced worker_shutdown_timeout. In-Reply-To: References: Message-ID: Hi! It's a good design. It seems the worker process is not killed until expired, the time is set by 'worker_shutdown_timeout'. But I think ngx_shutdown_timer_handler will never be called, because of the following deal. if (ngx_exiting) { if (ngx_event_no_timers_left() == NGX_OK) { ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "exiting"); ngx_worker_process_exit(cycle); // the worker process exits though there are cancelable timers such as ngx_shutdown_event. } } I'm not sure it's right? diff -r d45072375572 src/core/ngx_cycle.c --- a/src/core/ngx_cycle.c Tue Mar 07 18:51:17 2017 +0300 +++ b/src/core/ngx_cycle.c Sun Mar 05 17:03:22 2017 +0800 @@ -1348,7 +1348,6 @@ ngx_shutdown_event.handler = ngx_shutdown_timer_handler; ngx_shutdown_event.data = cycle; ngx_shutdown_event.log = cycle->log; - ngx_shutdown_event.cancelable = 1; ngx_add_timer(&ngx_shutdown_event, ccf->shutdown_timeout); } And I think it's better that the shutting down process keep alive until ' worker_shutdown_timeout'. Thanks. B.R. 2017-03-08 1:01 GMT+08:00 Maxim Dounin : > details: http://hg.nginx.org/nginx/rev/97c99bb43737 > branches: > changeset: 6930:97c99bb43737 > user: Maxim Dounin > date: Tue Mar 07 18:51:16 2017 +0300 > description: > Introduced worker_shutdown_timeout. > > The directive configures a timeout to be used when gracefully shutting down > worker processes. When the timer expires, nginx will try to close all > the connections currently open to facilitate shutdown. > > diffstat: > > src/core/nginx.c | 9 ++++++ > src/core/ngx_cycle.c | 53 ++++++++++++++++++++++++++++++ > ++++++++++ > src/core/ngx_cycle.h | 2 + > src/os/unix/ngx_process_cycle.c | 1 + > src/os/win32/ngx_process_cycle.c | 1 + > 5 files changed, 66 insertions(+), 0 deletions(-) > > diffs (148 lines): > > diff --git a/src/core/nginx.c b/src/core/nginx.c > --- a/src/core/nginx.c > +++ b/src/core/nginx.c > @@ -124,6 +124,13 @@ static ngx_command_t ngx_core_commands[ > offsetof(ngx_core_conf_t, rlimit_core), > NULL }, > > + { ngx_string("worker_shutdown_timeout"), > + NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1, > + ngx_conf_set_msec_slot, > + 0, > + offsetof(ngx_core_conf_t, shutdown_timeout), > + NULL }, > + > { ngx_string("working_directory"), > NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1, > ngx_conf_set_str_slot, > @@ -1014,6 +1021,7 @@ ngx_core_module_create_conf(ngx_cycle_t > ccf->daemon = NGX_CONF_UNSET; > ccf->master = NGX_CONF_UNSET; > ccf->timer_resolution = NGX_CONF_UNSET_MSEC; > + ccf->shutdown_timeout = NGX_CONF_UNSET_MSEC; > > ccf->worker_processes = NGX_CONF_UNSET; > ccf->debug_points = NGX_CONF_UNSET; > @@ -1042,6 +1050,7 @@ ngx_core_module_init_conf(ngx_cycle_t *c > ngx_conf_init_value(ccf->daemon, 1); > ngx_conf_init_value(ccf->master, 1); > ngx_conf_init_msec_value(ccf->timer_resolution, 0); > + ngx_conf_init_msec_value(ccf->shutdown_timeout, 0); > > ngx_conf_init_value(ccf->worker_processes, 1); > ngx_conf_init_value(ccf->debug_points, 0); > diff --git a/src/core/ngx_cycle.c b/src/core/ngx_cycle.c > --- a/src/core/ngx_cycle.c > +++ b/src/core/ngx_cycle.c > @@ -15,6 +15,7 @@ static ngx_int_t ngx_init_zone_pool(ngx_ > ngx_shm_zone_t *shm_zone); > static ngx_int_t ngx_test_lockfile(u_char *file, ngx_log_t *log); > static void ngx_clean_old_cycles(ngx_event_t *ev); > +static void ngx_shutdown_timer_handler(ngx_event_t *ev); > > > volatile ngx_cycle_t *ngx_cycle; > @@ -22,6 +23,7 @@ ngx_array_t ngx_old_cycles; > > static ngx_pool_t *ngx_temp_pool; > static ngx_event_t ngx_cleaner_event; > +static ngx_event_t ngx_shutdown_event; > > ngx_uint_t ngx_test_config; > ngx_uint_t ngx_dump_config; > @@ -1333,3 +1335,54 @@ ngx_clean_old_cycles(ngx_event_t *ev) > ngx_old_cycles.nelts = 0; > } > } > + > + > +void > +ngx_set_shutdown_timer(ngx_cycle_t *cycle) > +{ > + ngx_core_conf_t *ccf; > + > + ccf = (ngx_core_conf_t *) ngx_get_conf(cycle->conf_ctx, > ngx_core_module); > + > + if (ccf->shutdown_timeout) { > + ngx_shutdown_event.handler = ngx_shutdown_timer_handler; > + ngx_shutdown_event.data = cycle; > + ngx_shutdown_event.log = cycle->log; > + ngx_shutdown_event.cancelable = 1; > + > + ngx_add_timer(&ngx_shutdown_event, ccf->shutdown_timeout); > + } > +} > + > + > +static void > +ngx_shutdown_timer_handler(ngx_event_t *ev) > +{ > + ngx_uint_t i; > + ngx_cycle_t *cycle; > + ngx_connection_t *c; > + > + cycle = ev->data; > + > + c = cycle->connections; > + > + for (i = 0; i < cycle->connection_n; i++) { > + > + if (c[i].fd == (ngx_socket_t) -1 > + || c[i].read == NULL > + || c[i].read->accept > + || c[i].read->channel > + || c[i].read->resolver) > + { > + continue; > + } > + > + ngx_log_debug1(NGX_LOG_DEBUG_CORE, ev->log, 0, > + "*%uA shutdown timeout", c[i].number); > + > + c[i].close = 1; > + c[i].error = 1; > + > + c[i].read->handler(c[i].read); > + } > +} > diff --git a/src/core/ngx_cycle.h b/src/core/ngx_cycle.h > --- a/src/core/ngx_cycle.h > +++ b/src/core/ngx_cycle.h > @@ -88,6 +88,7 @@ typedef struct { > ngx_flag_t master; > > ngx_msec_t timer_resolution; > + ngx_msec_t shutdown_timeout; > > ngx_int_t worker_processes; > ngx_int_t debug_points; > @@ -129,6 +130,7 @@ ngx_pid_t ngx_exec_new_binary(ngx_cycle_ > ngx_cpuset_t *ngx_get_cpu_affinity(ngx_uint_t n); > ngx_shm_zone_t *ngx_shared_memory_add(ngx_conf_t *cf, ngx_str_t *name, > size_t size, void *tag); > +void ngx_set_shutdown_timer(ngx_cycle_t *cycle); > > > extern volatile ngx_cycle_t *ngx_cycle; > diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_ > cycle.c > --- a/src/os/unix/ngx_process_cycle.c > +++ b/src/os/unix/ngx_process_cycle.c > @@ -763,6 +763,7 @@ ngx_worker_process_cycle(ngx_cycle_t *cy > > if (!ngx_exiting) { > ngx_exiting = 1; > + ngx_set_shutdown_timer(cycle); > ngx_close_listening_sockets(cycle); > ngx_close_idle_connections(cycle); > } > diff --git a/src/os/win32/ngx_process_cycle.c b/src/os/win32/ngx_process_ > cycle.c > --- a/src/os/win32/ngx_process_cycle.c > +++ b/src/os/win32/ngx_process_cycle.c > @@ -800,6 +800,7 @@ ngx_worker_thread(void *data) > > if (!ngx_exiting) { > ngx_exiting = 1; > + ngx_set_shutdown_timer(cycle); > ngx_close_listening_sockets(cycle); > ngx_close_idle_connections(cycle); > } > _______________________________________________ > nginx-devel mailing list > nginx-devel at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jyrno42 at gmail.com Wed Mar 8 16:12:32 2017 From: jyrno42 at gmail.com (=?iso-8859-1?q?J=FCrno_Ader?=) Date: Wed, 08 Mar 2017 18:12:32 +0200 Subject: [PATCH] SSL: Added crl_check_mode Message-ID: <9c13ae0d54a75902945b.1488989552@MASIN-NIX> # HG changeset patch # User J?rno Ader # Date 1488987398 -7200 # Wed Mar 08 17:36:38 2017 +0200 # Node ID 9c13ae0d54a75902945bc6ac9bbced1c298fdaa0 # Parent d450723755728f9d0cc291247b9601e2f3340f19 SSL: Added crl_check_mode Added crl_check_mode flag which can be used to modify flags used for the X509_STORE created in ngx_ssl_crl. This makes it possible to use Estonian Identity card revocation lists with nginx (see https://trac.nginx.org/nginx/ticket/1094) which previously failed since the root certificate for ESTEID does not have a proper CRL available. This patch implements the flag for the following modules: - http_proxy - http_ssl - http_uwsgi - mail_ssl - stream_proxy - stream_ssl diff -r d45072375572 -r 9c13ae0d54a7 src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c Tue Mar 07 18:51:17 2017 +0300 +++ b/src/event/ngx_event_openssl.c Wed Mar 08 17:36:38 2017 +0200 @@ -737,7 +737,8 @@ ngx_int_t -ngx_ssl_crl(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *crl) +ngx_ssl_crl(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *crl, + ngx_uint_t crl_check_mode) { X509_STORE *store; X509_LOOKUP *lookup; @@ -774,8 +775,23 @@ return NGX_ERROR; } - X509_STORE_set_flags(store, - X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL); + unsigned long crl_flags; + + switch (crl_check_mode) { + + case NGX_SSL_CRL_CHECK_LEAF: + crl_flags = X509_V_FLAG_CRL_CHECK; + break; + + case NGX_SSL_CRL_CHECK_CHAIN: + crl_flags = X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL; + break; + + default: + crl_flags = 0; + } + + X509_STORE_set_flags(store, crl_flags); return NGX_OK; } diff -r d45072375572 -r 9c13ae0d54a7 src/event/ngx_event_openssl.h --- a/src/event/ngx_event_openssl.h Tue Mar 07 18:51:17 2017 +0300 +++ b/src/event/ngx_event_openssl.h Wed Mar 08 17:36:38 2017 +0200 @@ -138,6 +138,9 @@ #define NGX_SSL_BUFSIZE 16384 +#define NGX_SSL_CRL_CHECK_NONE 0 +#define NGX_SSL_CRL_CHECK_LEAF 1 +#define NGX_SSL_CRL_CHECK_CHAIN 2 ngx_int_t ngx_ssl_init(ngx_log_t *log); ngx_int_t ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data); @@ -151,7 +154,8 @@ ngx_str_t *cert, ngx_int_t depth); ngx_int_t ngx_ssl_trusted_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert, ngx_int_t depth); -ngx_int_t ngx_ssl_crl(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *crl); +ngx_int_t ngx_ssl_crl(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *crl, + ngx_uint_t crl_check_mode); ngx_int_t ngx_ssl_stapling(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file, ngx_str_t *responder, ngx_uint_t verify); ngx_int_t ngx_ssl_stapling_resolver(ngx_conf_t *cf, ngx_ssl_t *ssl, diff -r d45072375572 -r 9c13ae0d54a7 src/http/modules/ngx_http_proxy_module.c --- a/src/http/modules/ngx_http_proxy_module.c Tue Mar 07 18:51:17 2017 +0300 +++ b/src/http/modules/ngx_http_proxy_module.c Wed Mar 08 17:36:38 2017 +0200 @@ -97,6 +97,7 @@ ngx_uint_t ssl_verify_depth; ngx_str_t ssl_trusted_certificate; ngx_str_t ssl_crl; + ngx_uint_t ssl_crl_check_mode; ngx_str_t ssl_certificate; ngx_str_t ssl_certificate_key; ngx_array_t *ssl_passwords; @@ -237,6 +238,14 @@ { ngx_null_string, 0 } }; + +static ngx_conf_enum_t ngx_http_proxy_ssl_crl_check_mode[] = { + { ngx_string("none"), NGX_SSL_CRL_CHECK_NONE }, + { ngx_string("chain"), NGX_SSL_CRL_CHECK_CHAIN }, + { ngx_string("leaf"), NGX_SSL_CRL_CHECK_LEAF }, + { ngx_null_string, 0 } +}; + #endif @@ -692,6 +701,13 @@ offsetof(ngx_http_proxy_loc_conf_t, ssl_crl), NULL }, + { ngx_string("proxy_ssl_crl_check_mode"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_conf_set_enum_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_proxy_loc_conf_t, ssl_crl_check_mode), + &ngx_http_proxy_ssl_crl_check_mode }, + { ngx_string("proxy_ssl_certificate"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, ngx_conf_set_str_slot, @@ -2884,6 +2900,7 @@ conf->upstream.ssl_verify = NGX_CONF_UNSET; conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; conf->ssl_passwords = NGX_CONF_UNSET_PTR; + conf->ssl_crl_check_mode = NGX_CONF_UNSET_UINT; #endif /* "proxy_cyclic_temp_file" is disabled */ @@ -3218,6 +3235,9 @@ ngx_conf_merge_str_value(conf->ssl_trusted_certificate, prev->ssl_trusted_certificate, ""); ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, ""); + ngx_conf_merge_uint_value(conf->ssl_crl_check_mode, + prev->ssl_crl_check_mode, + NGX_SSL_CRL_CHECK_CHAIN); ngx_conf_merge_str_value(conf->ssl_certificate, prev->ssl_certificate, ""); @@ -4378,7 +4398,10 @@ return NGX_ERROR; } - if (ngx_ssl_crl(cf, plcf->upstream.ssl, &plcf->ssl_crl) != NGX_OK) { + if (ngx_ssl_crl(cf, plcf->upstream.ssl, &plcf->ssl_crl, + plcf->ssl_crl_check_mode) + != NGX_OK) + { return NGX_ERROR; } } diff -r d45072375572 -r 9c13ae0d54a7 src/http/modules/ngx_http_ssl_module.c --- a/src/http/modules/ngx_http_ssl_module.c Tue Mar 07 18:51:17 2017 +0300 +++ b/src/http/modules/ngx_http_ssl_module.c Wed Mar 08 17:36:38 2017 +0200 @@ -70,6 +70,14 @@ }; +static ngx_conf_enum_t ngx_http_ssl_crl_check_mode[] = { + { ngx_string("none"), NGX_SSL_CRL_CHECK_NONE }, + { ngx_string("chain"), NGX_SSL_CRL_CHECK_CHAIN }, + { ngx_string("leaf"), NGX_SSL_CRL_CHECK_LEAF }, + { ngx_null_string, 0 } +}; + + static ngx_command_t ngx_http_ssl_commands[] = { { ngx_string("ssl"), @@ -205,6 +213,13 @@ offsetof(ngx_http_ssl_srv_conf_t, crl), NULL }, + { ngx_string("ssl_crl_check_mode"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, + ngx_conf_set_enum_slot, + NGX_HTTP_SRV_CONF_OFFSET, + offsetof(ngx_http_ssl_srv_conf_t, crl_check_mode), + &ngx_http_ssl_crl_check_mode }, + { ngx_string("ssl_stapling"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, ngx_conf_set_flag_slot, @@ -554,6 +569,7 @@ sscf->session_ticket_keys = NGX_CONF_UNSET_PTR; sscf->stapling = NGX_CONF_UNSET; sscf->stapling_verify = NGX_CONF_UNSET; + sscf->crl_check_mode = NGX_CONF_UNSET_UINT; return sscf; } @@ -607,6 +623,8 @@ ngx_conf_merge_str_value(conf->trusted_certificate, prev->trusted_certificate, ""); ngx_conf_merge_str_value(conf->crl, prev->crl, ""); + ngx_conf_merge_uint_value(conf->crl_check_mode, prev->crl_check_mode, + NGX_SSL_CRL_CHECK_CHAIN); ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve, NGX_DEFAULT_ECDH_CURVE); @@ -744,7 +762,10 @@ return NGX_CONF_ERROR; } - if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) { + if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl, + conf->crl_check_mode) + != NGX_OK) + { return NGX_CONF_ERROR; } diff -r d45072375572 -r 9c13ae0d54a7 src/http/modules/ngx_http_ssl_module.h --- a/src/http/modules/ngx_http_ssl_module.h Tue Mar 07 18:51:17 2017 +0300 +++ b/src/http/modules/ngx_http_ssl_module.h Wed Mar 08 17:36:38 2017 +0200 @@ -40,6 +40,7 @@ ngx_str_t client_certificate; ngx_str_t trusted_certificate; ngx_str_t crl; + ngx_uint_t crl_check_mode; ngx_str_t ciphers; diff -r d45072375572 -r 9c13ae0d54a7 src/http/modules/ngx_http_uwsgi_module.c --- a/src/http/modules/ngx_http_uwsgi_module.c Tue Mar 07 18:51:17 2017 +0300 +++ b/src/http/modules/ngx_http_uwsgi_module.c Wed Mar 08 17:36:38 2017 +0200 @@ -54,6 +54,7 @@ ngx_uint_t ssl_verify_depth; ngx_str_t ssl_trusted_certificate; ngx_str_t ssl_crl; + ngx_uint_t ssl_crl_check_mode; ngx_str_t ssl_certificate; ngx_str_t ssl_certificate_key; ngx_array_t *ssl_passwords; @@ -131,6 +132,14 @@ { ngx_null_string, 0 } }; + +static ngx_conf_enum_t ngx_http_uwsgi_ssl_crl_check_mode[] = { + { ngx_string("none"), NGX_SSL_CRL_CHECK_NONE }, + { ngx_string("chain"), NGX_SSL_CRL_CHECK_CHAIN }, + { ngx_string("leaf"), NGX_SSL_CRL_CHECK_LEAF }, + { ngx_null_string, 0 } +}; + #endif @@ -530,6 +539,13 @@ offsetof(ngx_http_uwsgi_loc_conf_t, ssl_crl), NULL }, + { ngx_string("uwsgi_ssl_crl_check_mode"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_conf_set_enum_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_uwsgi_loc_conf_t, ssl_crl_check_mode), + &ngx_http_uwsgi_ssl_crl_check_mode }, + { ngx_string("uwsgi_ssl_certificate"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, ngx_conf_set_str_slot, @@ -1446,6 +1462,7 @@ conf->upstream.ssl_verify = NGX_CONF_UNSET; conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; conf->ssl_passwords = NGX_CONF_UNSET_PTR; + conf->ssl_crl_check_mode = NGX_CONF_UNSET_UINT; #endif /* "uwsgi_cyclic_temp_file" is disabled */ @@ -1766,6 +1783,9 @@ ngx_conf_merge_str_value(conf->ssl_trusted_certificate, prev->ssl_trusted_certificate, ""); ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, ""); + ngx_conf_merge_uint_value(conf->ssl_crl_check_mode, + prev->ssl_crl_check_mode, + NGX_SSL_CRL_CHECK_CHAIN); ngx_conf_merge_str_value(conf->ssl_certificate, prev->ssl_certificate, ""); @@ -2381,7 +2401,10 @@ return NGX_ERROR; } - if (ngx_ssl_crl(cf, uwcf->upstream.ssl, &uwcf->ssl_crl) != NGX_OK) { + if (ngx_ssl_crl(cf, uwcf->upstream.ssl, &uwcf->ssl_crl, + uwcf->ssl_crl_check_mode) + != NGX_OK) + { return NGX_ERROR; } } diff -r d45072375572 -r 9c13ae0d54a7 src/mail/ngx_mail_ssl_module.c --- a/src/mail/ngx_mail_ssl_module.c Tue Mar 07 18:51:17 2017 +0300 +++ b/src/mail/ngx_mail_ssl_module.c Wed Mar 08 17:36:38 2017 +0200 @@ -55,6 +55,14 @@ }; +static ngx_conf_enum_t ngx_mail_ssl_crl_check_mode[] = { + { ngx_string("none"), NGX_SSL_CRL_CHECK_NONE }, + { ngx_string("chain"), NGX_SSL_CRL_CHECK_CHAIN }, + { ngx_string("leaf"), NGX_SSL_CRL_CHECK_LEAF }, + { ngx_null_string, 0 } +}; + + static ngx_command_t ngx_mail_ssl_commands[] = { { ngx_string("ssl"), @@ -190,6 +198,13 @@ offsetof(ngx_mail_ssl_conf_t, crl), NULL }, + { ngx_string("ssl_crl_check_mode"), + NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, + ngx_conf_set_enum_slot, + NGX_MAIL_SRV_CONF_OFFSET, + offsetof(ngx_mail_ssl_conf_t, crl_check_mode), + &ngx_mail_ssl_crl_check_mode }, + ngx_null_command }; @@ -259,6 +274,7 @@ scf->session_timeout = NGX_CONF_UNSET; scf->session_tickets = NGX_CONF_UNSET; scf->session_ticket_keys = NGX_CONF_UNSET_PTR; + scf->crl_check_mode = NGX_CONF_UNSET_UINT; return scf; } @@ -306,6 +322,8 @@ ngx_conf_merge_str_value(conf->trusted_certificate, prev->trusted_certificate, ""); ngx_conf_merge_str_value(conf->crl, prev->crl, ""); + ngx_conf_merge_uint_value(conf->crl_check_mode, + prev->crl_check_mode, NGX_SSL_CRL_CHECK_CHAIN); ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS); @@ -417,7 +435,9 @@ return NGX_CONF_ERROR; } - if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) { + if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl, conf->crl_check_mode) + != NGX_OK) + { return NGX_CONF_ERROR; } } diff -r d45072375572 -r 9c13ae0d54a7 src/mail/ngx_mail_ssl_module.h --- a/src/mail/ngx_mail_ssl_module.h Tue Mar 07 18:51:17 2017 +0300 +++ b/src/mail/ngx_mail_ssl_module.h Wed Mar 08 17:36:38 2017 +0200 @@ -43,6 +43,7 @@ ngx_str_t client_certificate; ngx_str_t trusted_certificate; ngx_str_t crl; + ngx_uint_t crl_check_mode; ngx_str_t ciphers; diff -r d45072375572 -r 9c13ae0d54a7 src/stream/ngx_stream_proxy_module.c --- a/src/stream/ngx_stream_proxy_module.c Tue Mar 07 18:51:17 2017 +0300 +++ b/src/stream/ngx_stream_proxy_module.c Wed Mar 08 17:36:38 2017 +0200 @@ -44,6 +44,7 @@ ngx_uint_t ssl_verify_depth; ngx_str_t ssl_trusted_certificate; ngx_str_t ssl_crl; + ngx_uint_t ssl_crl_check_mode; ngx_str_t ssl_certificate; ngx_str_t ssl_certificate_key; ngx_array_t *ssl_passwords; @@ -106,6 +107,14 @@ { ngx_null_string, 0 } }; + +static ngx_conf_enum_t ngx_stream_proxy_ssl_crl_check_mode[] = { + { ngx_string("none"), NGX_SSL_CRL_CHECK_NONE }, + { ngx_string("chain"), NGX_SSL_CRL_CHECK_CHAIN }, + { ngx_string("leaf"), NGX_SSL_CRL_CHECK_LEAF }, + { ngx_null_string, 0 } +}; + #endif @@ -290,6 +299,13 @@ offsetof(ngx_stream_proxy_srv_conf_t, ssl_crl), NULL }, + { ngx_string("proxy_ssl_crl_check_mode"), + NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, + ngx_conf_set_enum_slot, + NGX_STREAM_SRV_CONF_OFFSET, + offsetof(ngx_stream_proxy_srv_conf_t, ssl_crl_check_mode), + &ngx_stream_proxy_ssl_crl_check_mode }, + { ngx_string("proxy_ssl_certificate"), NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, ngx_conf_set_str_slot, @@ -1858,6 +1874,7 @@ conf->ssl_verify = NGX_CONF_UNSET; conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; conf->ssl_passwords = NGX_CONF_UNSET_PTR; + conf->ssl_crl_check_mode = NGX_CONF_UNSET_UINT; #endif return conf; @@ -1928,6 +1945,9 @@ prev->ssl_trusted_certificate, ""); ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, ""); + ngx_conf_merge_uint_value(conf->ssl_crl_check_mode, + prev->ssl_crl_check_mode, + NGX_SSL_CRL_CHECK_CHAIN); ngx_conf_merge_str_value(conf->ssl_certificate, prev->ssl_certificate, ""); @@ -2009,7 +2029,10 @@ return NGX_ERROR; } - if (ngx_ssl_crl(cf, pscf->ssl, &pscf->ssl_crl) != NGX_OK) { + if (ngx_ssl_crl(cf, pscf->ssl, &pscf->ssl_crl, + pscf->ssl_crl_check_mode) + != NGX_OK) + { return NGX_ERROR; } } diff -r d45072375572 -r 9c13ae0d54a7 src/stream/ngx_stream_ssl_module.c --- a/src/stream/ngx_stream_ssl_module.c Tue Mar 07 18:51:17 2017 +0300 +++ b/src/stream/ngx_stream_ssl_module.c Wed Mar 08 17:36:38 2017 +0200 @@ -58,6 +58,14 @@ }; +static ngx_conf_enum_t ngx_stream_ssl_crl_check_mode[] = { + { ngx_string("none"), NGX_SSL_CRL_CHECK_NONE }, + { ngx_string("chain"), NGX_SSL_CRL_CHECK_CHAIN }, + { ngx_string("leaf"), NGX_SSL_CRL_CHECK_LEAF }, + { ngx_null_string, 0 } +}; + + static ngx_command_t ngx_stream_ssl_commands[] = { { ngx_string("ssl_handshake_timeout"), @@ -186,6 +194,13 @@ offsetof(ngx_stream_ssl_conf_t, crl), NULL }, + { ngx_string("ssl_crl_check_mode"), + NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, + ngx_conf_set_enum_slot, + NGX_STREAM_SRV_CONF_OFFSET, + offsetof(ngx_stream_ssl_conf_t, crl_check_mode), + &ngx_stream_ssl_crl_check_mode }, + ngx_null_command }; @@ -519,6 +534,7 @@ scf->session_timeout = NGX_CONF_UNSET; scf->session_tickets = NGX_CONF_UNSET; scf->session_ticket_keys = NGX_CONF_UNSET_PTR; + scf->crl_check_mode = NGX_CONF_UNSET_UINT; return scf; } @@ -561,6 +577,8 @@ ngx_conf_merge_str_value(conf->trusted_certificate, prev->trusted_certificate, ""); ngx_conf_merge_str_value(conf->crl, prev->crl, ""); + ngx_conf_merge_uint_value(conf->crl_check_mode, prev->crl_check_mode, + NGX_SSL_CRL_CHECK_CHAIN); ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve, NGX_DEFAULT_ECDH_CURVE); @@ -635,7 +653,9 @@ return NGX_CONF_ERROR; } - if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) { + if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl, conf->crl_check_mode) + != NGX_OK) + { return NGX_CONF_ERROR; } } diff -r d45072375572 -r 9c13ae0d54a7 src/stream/ngx_stream_ssl_module.h --- a/src/stream/ngx_stream_ssl_module.h Tue Mar 07 18:51:17 2017 +0300 +++ b/src/stream/ngx_stream_ssl_module.h Wed Mar 08 17:36:38 2017 +0200 @@ -38,6 +38,7 @@ ngx_str_t client_certificate; ngx_str_t trusted_certificate; ngx_str_t crl; + ngx_uint_t crl_check_mode; ngx_str_t ciphers; From jeppojeps at gmail.com Wed Mar 8 19:10:25 2017 From: jeppojeps at gmail.com (Antonio Nappa) Date: Wed, 8 Mar 2017 20:10:25 +0100 Subject: Module connecting outside Message-ID: Hello everyone, I am in the process of creating a module that connects to the outside to exchange data with another service, I am taking as inspiration the mail_module and the upstream module, basically my module is connecting using the ngx_event_connect_peer and handling the read and write events properly. I have 2 questions: Is this the proper way to make a module connecting to the outside? Would it be possible to use nginx primitives to connect through SSL? Thanks a lot, Antonio -------------- next part -------------- An HTML attachment was scrubbed... URL: From datong at cloudflare.com Wed Mar 8 23:40:47 2017 From: datong at cloudflare.com (Datong Sun) Date: Wed, 8 Mar 2017 15:40:47 -0800 Subject: [nginx] Introduced worker_shutdown_timeout. In-Reply-To: References: Message-ID: Hello! Looks like to me that the original patch does what it's supposed to do (when combined with http://hg.nginx.org/nginx/rev/3069dd358ba2). Here is my understanding: Before this patch, an active connection could potentially delay shutdown indefinitely due to the presence of connection related timer inside the timer tree. The only reason why ngx_shutdown_timer_handler has to be invoked would be to force those lingering connections to be closed and therefore, free-up the timer tree and allow the shutdown to finish. If all connections were closed before ngx_shutdown_timer_handler was fired (your case), it is already safe to finish the shutdown and there is no reason to invoke or wait for ngx_shutdown_timer_handler to fire anymore. The cancelable field makes sure when this happens ngx_shutdown_event does not prevent NGINX from being able to complete the shutdown. Seems to me that delaying the shutdown until worker_shutdown_timeout when there is already no active connection left makes little sense. Thanks, Datong On Tue, Mar 7, 2017 at 11:52 PM, ??? wrote: > Hi! > > It's a good design. > It seems the worker process is not killed until expired, the time is set > by 'worker_shutdown_timeout'. > But I think ngx_shutdown_timer_handler will never be called, because of > the following deal. > > if (ngx_exiting) { > if (ngx_event_no_timers_left() == NGX_OK) { > ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "exiting"); > ngx_worker_process_exit(cycle); // the worker process > exits though there are cancelable timers such as ngx_shutdown_event. > } > } > > I'm not sure it's right? > > diff -r d45072375572 src/core/ngx_cycle.c > --- a/src/core/ngx_cycle.c Tue Mar 07 18:51:17 2017 +0300 > +++ b/src/core/ngx_cycle.c Sun Mar 05 17:03:22 2017 +0800 > @@ -1348,7 +1348,6 @@ > ngx_shutdown_event.handler = ngx_shutdown_timer_handler; > ngx_shutdown_event.data = cycle; > ngx_shutdown_event.log = cycle->log; > - ngx_shutdown_event.cancelable = 1; > > ngx_add_timer(&ngx_shutdown_event, ccf->shutdown_timeout); > } > > And I think it's better that the shutting down process keep alive until ' > worker_shutdown_timeout'. > > Thanks. > B.R. > > 2017-03-08 1:01 GMT+08:00 Maxim Dounin : > >> details: http://hg.nginx.org/nginx/rev/97c99bb43737 >> branches: >> changeset: 6930:97c99bb43737 >> user: Maxim Dounin >> date: Tue Mar 07 18:51:16 2017 +0300 >> description: >> Introduced worker_shutdown_timeout. >> >> The directive configures a timeout to be used when gracefully shutting >> down >> worker processes. When the timer expires, nginx will try to close all >> the connections currently open to facilitate shutdown. >> >> diffstat: >> >> src/core/nginx.c | 9 ++++++ >> src/core/ngx_cycle.c | 53 ++++++++++++++++++++++++++++++ >> ++++++++++ >> src/core/ngx_cycle.h | 2 + >> src/os/unix/ngx_process_cycle.c | 1 + >> src/os/win32/ngx_process_cycle.c | 1 + >> 5 files changed, 66 insertions(+), 0 deletions(-) >> >> diffs (148 lines): >> >> diff --git a/src/core/nginx.c b/src/core/nginx.c >> --- a/src/core/nginx.c >> +++ b/src/core/nginx.c >> @@ -124,6 +124,13 @@ static ngx_command_t ngx_core_commands[ >> offsetof(ngx_core_conf_t, rlimit_core), >> NULL }, >> >> + { ngx_string("worker_shutdown_timeout"), >> + NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1, >> + ngx_conf_set_msec_slot, >> + 0, >> + offsetof(ngx_core_conf_t, shutdown_timeout), >> + NULL }, >> + >> { ngx_string("working_directory"), >> NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1, >> ngx_conf_set_str_slot, >> @@ -1014,6 +1021,7 @@ ngx_core_module_create_conf(ngx_cycle_t >> ccf->daemon = NGX_CONF_UNSET; >> ccf->master = NGX_CONF_UNSET; >> ccf->timer_resolution = NGX_CONF_UNSET_MSEC; >> + ccf->shutdown_timeout = NGX_CONF_UNSET_MSEC; >> >> ccf->worker_processes = NGX_CONF_UNSET; >> ccf->debug_points = NGX_CONF_UNSET; >> @@ -1042,6 +1050,7 @@ ngx_core_module_init_conf(ngx_cycle_t *c >> ngx_conf_init_value(ccf->daemon, 1); >> ngx_conf_init_value(ccf->master, 1); >> ngx_conf_init_msec_value(ccf->timer_resolution, 0); >> + ngx_conf_init_msec_value(ccf->shutdown_timeout, 0); >> >> ngx_conf_init_value(ccf->worker_processes, 1); >> ngx_conf_init_value(ccf->debug_points, 0); >> diff --git a/src/core/ngx_cycle.c b/src/core/ngx_cycle.c >> --- a/src/core/ngx_cycle.c >> +++ b/src/core/ngx_cycle.c >> @@ -15,6 +15,7 @@ static ngx_int_t ngx_init_zone_pool(ngx_ >> ngx_shm_zone_t *shm_zone); >> static ngx_int_t ngx_test_lockfile(u_char *file, ngx_log_t *log); >> static void ngx_clean_old_cycles(ngx_event_t *ev); >> +static void ngx_shutdown_timer_handler(ngx_event_t *ev); >> >> >> volatile ngx_cycle_t *ngx_cycle; >> @@ -22,6 +23,7 @@ ngx_array_t ngx_old_cycles; >> >> static ngx_pool_t *ngx_temp_pool; >> static ngx_event_t ngx_cleaner_event; >> +static ngx_event_t ngx_shutdown_event; >> >> ngx_uint_t ngx_test_config; >> ngx_uint_t ngx_dump_config; >> @@ -1333,3 +1335,54 @@ ngx_clean_old_cycles(ngx_event_t *ev) >> ngx_old_cycles.nelts = 0; >> } >> } >> + >> + >> +void >> +ngx_set_shutdown_timer(ngx_cycle_t *cycle) >> +{ >> + ngx_core_conf_t *ccf; >> + >> + ccf = (ngx_core_conf_t *) ngx_get_conf(cycle->conf_ctx, >> ngx_core_module); >> + >> + if (ccf->shutdown_timeout) { >> + ngx_shutdown_event.handler = ngx_shutdown_timer_handler; >> + ngx_shutdown_event.data = cycle; >> + ngx_shutdown_event.log = cycle->log; >> + ngx_shutdown_event.cancelable = 1; >> + >> + ngx_add_timer(&ngx_shutdown_event, ccf->shutdown_timeout); >> + } >> +} >> + >> + >> +static void >> +ngx_shutdown_timer_handler(ngx_event_t *ev) >> +{ >> + ngx_uint_t i; >> + ngx_cycle_t *cycle; >> + ngx_connection_t *c; >> + >> + cycle = ev->data; >> + >> + c = cycle->connections; >> + >> + for (i = 0; i < cycle->connection_n; i++) { >> + >> + if (c[i].fd == (ngx_socket_t) -1 >> + || c[i].read == NULL >> + || c[i].read->accept >> + || c[i].read->channel >> + || c[i].read->resolver) >> + { >> + continue; >> + } >> + >> + ngx_log_debug1(NGX_LOG_DEBUG_CORE, ev->log, 0, >> + "*%uA shutdown timeout", c[i].number); >> + >> + c[i].close = 1; >> + c[i].error = 1; >> + >> + c[i].read->handler(c[i].read); >> + } >> +} >> diff --git a/src/core/ngx_cycle.h b/src/core/ngx_cycle.h >> --- a/src/core/ngx_cycle.h >> +++ b/src/core/ngx_cycle.h >> @@ -88,6 +88,7 @@ typedef struct { >> ngx_flag_t master; >> >> ngx_msec_t timer_resolution; >> + ngx_msec_t shutdown_timeout; >> >> ngx_int_t worker_processes; >> ngx_int_t debug_points; >> @@ -129,6 +130,7 @@ ngx_pid_t ngx_exec_new_binary(ngx_cycle_ >> ngx_cpuset_t *ngx_get_cpu_affinity(ngx_uint_t n); >> ngx_shm_zone_t *ngx_shared_memory_add(ngx_conf_t *cf, ngx_str_t *name, >> size_t size, void *tag); >> +void ngx_set_shutdown_timer(ngx_cycle_t *cycle); >> >> >> extern volatile ngx_cycle_t *ngx_cycle; >> diff --git a/src/os/unix/ngx_process_cycle.c >> b/src/os/unix/ngx_process_cycle.c >> --- a/src/os/unix/ngx_process_cycle.c >> +++ b/src/os/unix/ngx_process_cycle.c >> @@ -763,6 +763,7 @@ ngx_worker_process_cycle(ngx_cycle_t *cy >> >> if (!ngx_exiting) { >> ngx_exiting = 1; >> + ngx_set_shutdown_timer(cycle); >> ngx_close_listening_sockets(cycle); >> ngx_close_idle_connections(cycle); >> } >> diff --git a/src/os/win32/ngx_process_cycle.c >> b/src/os/win32/ngx_process_cycle.c >> --- a/src/os/win32/ngx_process_cycle.c >> +++ b/src/os/win32/ngx_process_cycle.c >> @@ -800,6 +800,7 @@ ngx_worker_thread(void *data) >> >> if (!ngx_exiting) { >> ngx_exiting = 1; >> + ngx_set_shutdown_timer(cycle); >> ngx_close_listening_sockets(cycle); >> ngx_close_idle_connections(cycle); >> } >> _______________________________________________ >> nginx-devel mailing list >> nginx-devel at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx-devel >> > > > _______________________________________________ > nginx-devel mailing list > nginx-devel at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel > -- *Datong Sun* | Systems Engineer datong at cloudflare.com 1 888 99 FLARE | www.cloudflare.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From hongzhidao at gmail.com Thu Mar 9 06:39:26 2017 From: hongzhidao at gmail.com (=?UTF-8?B?5rSq5b+X6YGT?=) Date: Thu, 9 Mar 2017 14:39:26 +0800 Subject: [nginx] Introduced worker_shutdown_timeout. In-Reply-To: References: Message-ID: Hi, glad to see you here. "The directive configures a timeout to be used when gracefully shutting down worker processes. When the timer expires, nginx will try to close all the connections currently open to facilitate shutdown." Well, if the only purpose is to close all the connections those fields 'cancelable' are zero, it works well now. "Cancelable timers are now preserved if there are other timers. There is no need to cancel timers early if there are other timers blocking shutdown anyway. Preserving such timers allows nginx to continue some periodic work till the shutdown is actually possible. With the new approach, timers with ev->cancelable are simply ignored when checking if there are any timers left during shutdown." But how to do the timers those are cancelable such as buffer-event in log module. When the worker process is shutting down, they lose the chance to do registered handler. Even so the log module also works well because of 'ngx_conf_flush_files'. So there are two questions: 1. Do we need to preserve cancelable timers until *worker_shutdown_timeout* *?* 2*. *If needed, it seems it's unable to invoke *ngx_shutdown_timer_handler *there are still cancelable timers left and no one active connections. Thanks. 2017-03-09 7:40 GMT+08:00 Datong Sun via nginx-devel : > Hello! > > Looks like to me that the original patch does what it's supposed to do > (when combined with http://hg.nginx.org/nginx/rev/3069dd358ba2). Here is > my understanding: > > Before this patch, an active connection could potentially delay shutdown > indefinitely due to the presence of connection related timer inside the > timer tree. The only reason why ngx_shutdown_timer_handler has to be > invoked would be to force those lingering connections to be closed and > therefore, free-up the timer tree and allow the shutdown to finish. > > If all connections were closed before ngx_shutdown_timer_handler was > fired (your case), it is already safe to finish the shutdown and there is > no reason to invoke or wait for ngx_shutdown_timer_handler to fire anymore > . The cancelable field makes sure when this happens ngx_shutdown_event does > not prevent NGINX from being able to complete the shutdown. > > Seems to me that delaying the shutdown until worker_shutdown_timeout when > there is already no active connection left makes little sense. > > Thanks, > Datong > > On Tue, Mar 7, 2017 at 11:52 PM, ??? wrote: > >> Hi! >> >> It's a good design. >> It seems the worker process is not killed until expired, the time is set >> by 'worker_shutdown_timeout'. >> But I think ngx_shutdown_timer_handler will never be called, because of >> the following deal. >> >> if (ngx_exiting) { >> if (ngx_event_no_timers_left() == NGX_OK) { >> ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "exiting"); >> ngx_worker_process_exit(cycle); // the worker process >> exits though there are cancelable timers such as ngx_shutdown_event. >> } >> } >> >> I'm not sure it's right? >> >> diff -r d45072375572 src/core/ngx_cycle.c >> --- a/src/core/ngx_cycle.c Tue Mar 07 18:51:17 2017 +0300 >> +++ b/src/core/ngx_cycle.c Sun Mar 05 17:03:22 2017 +0800 >> @@ -1348,7 +1348,6 @@ >> ngx_shutdown_event.handler = ngx_shutdown_timer_handler; >> ngx_shutdown_event.data = cycle; >> ngx_shutdown_event.log = cycle->log; >> - ngx_shutdown_event.cancelable = 1; >> >> ngx_add_timer(&ngx_shutdown_event, ccf->shutdown_timeout); >> } >> >> And I think it's better that the shutting down process keep alive until ' >> worker_shutdown_timeout'. >> >> Thanks. >> B.R. >> >> 2017-03-08 1:01 GMT+08:00 Maxim Dounin : >> >>> details: http://hg.nginx.org/nginx/rev/97c99bb43737 >>> branches: >>> changeset: 6930:97c99bb43737 >>> user: Maxim Dounin >>> date: Tue Mar 07 18:51:16 2017 +0300 >>> description: >>> Introduced worker_shutdown_timeout. >>> >>> The directive configures a timeout to be used when gracefully shutting >>> down >>> worker processes. When the timer expires, nginx will try to close all >>> the connections currently open to facilitate shutdown. >>> >>> diffstat: >>> >>> src/core/nginx.c | 9 ++++++ >>> src/core/ngx_cycle.c | 53 ++++++++++++++++++++++++++++++ >>> ++++++++++ >>> src/core/ngx_cycle.h | 2 + >>> src/os/unix/ngx_process_cycle.c | 1 + >>> src/os/win32/ngx_process_cycle.c | 1 + >>> 5 files changed, 66 insertions(+), 0 deletions(-) >>> >>> diffs (148 lines): >>> >>> diff --git a/src/core/nginx.c b/src/core/nginx.c >>> --- a/src/core/nginx.c >>> +++ b/src/core/nginx.c >>> @@ -124,6 +124,13 @@ static ngx_command_t ngx_core_commands[ >>> offsetof(ngx_core_conf_t, rlimit_core), >>> NULL }, >>> >>> + { ngx_string("worker_shutdown_timeout"), >>> + NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1, >>> + ngx_conf_set_msec_slot, >>> + 0, >>> + offsetof(ngx_core_conf_t, shutdown_timeout), >>> + NULL }, >>> + >>> { ngx_string("working_directory"), >>> NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1, >>> ngx_conf_set_str_slot, >>> @@ -1014,6 +1021,7 @@ ngx_core_module_create_conf(ngx_cycle_t >>> ccf->daemon = NGX_CONF_UNSET; >>> ccf->master = NGX_CONF_UNSET; >>> ccf->timer_resolution = NGX_CONF_UNSET_MSEC; >>> + ccf->shutdown_timeout = NGX_CONF_UNSET_MSEC; >>> >>> ccf->worker_processes = NGX_CONF_UNSET; >>> ccf->debug_points = NGX_CONF_UNSET; >>> @@ -1042,6 +1050,7 @@ ngx_core_module_init_conf(ngx_cycle_t *c >>> ngx_conf_init_value(ccf->daemon, 1); >>> ngx_conf_init_value(ccf->master, 1); >>> ngx_conf_init_msec_value(ccf->timer_resolution, 0); >>> + ngx_conf_init_msec_value(ccf->shutdown_timeout, 0); >>> >>> ngx_conf_init_value(ccf->worker_processes, 1); >>> ngx_conf_init_value(ccf->debug_points, 0); >>> diff --git a/src/core/ngx_cycle.c b/src/core/ngx_cycle.c >>> --- a/src/core/ngx_cycle.c >>> +++ b/src/core/ngx_cycle.c >>> @@ -15,6 +15,7 @@ static ngx_int_t ngx_init_zone_pool(ngx_ >>> ngx_shm_zone_t *shm_zone); >>> static ngx_int_t ngx_test_lockfile(u_char *file, ngx_log_t *log); >>> static void ngx_clean_old_cycles(ngx_event_t *ev); >>> +static void ngx_shutdown_timer_handler(ngx_event_t *ev); >>> >>> >>> volatile ngx_cycle_t *ngx_cycle; >>> @@ -22,6 +23,7 @@ ngx_array_t ngx_old_cycles; >>> >>> static ngx_pool_t *ngx_temp_pool; >>> static ngx_event_t ngx_cleaner_event; >>> +static ngx_event_t ngx_shutdown_event; >>> >>> ngx_uint_t ngx_test_config; >>> ngx_uint_t ngx_dump_config; >>> @@ -1333,3 +1335,54 @@ ngx_clean_old_cycles(ngx_event_t *ev) >>> ngx_old_cycles.nelts = 0; >>> } >>> } >>> + >>> + >>> +void >>> +ngx_set_shutdown_timer(ngx_cycle_t *cycle) >>> +{ >>> + ngx_core_conf_t *ccf; >>> + >>> + ccf = (ngx_core_conf_t *) ngx_get_conf(cycle->conf_ctx, >>> ngx_core_module); >>> + >>> + if (ccf->shutdown_timeout) { >>> + ngx_shutdown_event.handler = ngx_shutdown_timer_handler; >>> + ngx_shutdown_event.data = cycle; >>> + ngx_shutdown_event.log = cycle->log; >>> + ngx_shutdown_event.cancelable = 1; >>> + >>> + ngx_add_timer(&ngx_shutdown_event, ccf->shutdown_timeout); >>> + } >>> +} >>> + >>> + >>> +static void >>> +ngx_shutdown_timer_handler(ngx_event_t *ev) >>> +{ >>> + ngx_uint_t i; >>> + ngx_cycle_t *cycle; >>> + ngx_connection_t *c; >>> + >>> + cycle = ev->data; >>> + >>> + c = cycle->connections; >>> + >>> + for (i = 0; i < cycle->connection_n; i++) { >>> + >>> + if (c[i].fd == (ngx_socket_t) -1 >>> + || c[i].read == NULL >>> + || c[i].read->accept >>> + || c[i].read->channel >>> + || c[i].read->resolver) >>> + { >>> + continue; >>> + } >>> + >>> + ngx_log_debug1(NGX_LOG_DEBUG_CORE, ev->log, 0, >>> + "*%uA shutdown timeout", c[i].number); >>> + >>> + c[i].close = 1; >>> + c[i].error = 1; >>> + >>> + c[i].read->handler(c[i].read); >>> + } >>> +} >>> diff --git a/src/core/ngx_cycle.h b/src/core/ngx_cycle.h >>> --- a/src/core/ngx_cycle.h >>> +++ b/src/core/ngx_cycle.h >>> @@ -88,6 +88,7 @@ typedef struct { >>> ngx_flag_t master; >>> >>> ngx_msec_t timer_resolution; >>> + ngx_msec_t shutdown_timeout; >>> >>> ngx_int_t worker_processes; >>> ngx_int_t debug_points; >>> @@ -129,6 +130,7 @@ ngx_pid_t ngx_exec_new_binary(ngx_cycle_ >>> ngx_cpuset_t *ngx_get_cpu_affinity(ngx_uint_t n); >>> ngx_shm_zone_t *ngx_shared_memory_add(ngx_conf_t *cf, ngx_str_t *name, >>> size_t size, void *tag); >>> +void ngx_set_shutdown_timer(ngx_cycle_t *cycle); >>> >>> >>> extern volatile ngx_cycle_t *ngx_cycle; >>> diff --git a/src/os/unix/ngx_process_cycle.c >>> b/src/os/unix/ngx_process_cycle.c >>> --- a/src/os/unix/ngx_process_cycle.c >>> +++ b/src/os/unix/ngx_process_cycle.c >>> @@ -763,6 +763,7 @@ ngx_worker_process_cycle(ngx_cycle_t *cy >>> >>> if (!ngx_exiting) { >>> ngx_exiting = 1; >>> + ngx_set_shutdown_timer(cycle); >>> ngx_close_listening_sockets(cycle); >>> ngx_close_idle_connections(cycle); >>> } >>> diff --git a/src/os/win32/ngx_process_cycle.c >>> b/src/os/win32/ngx_process_cycle.c >>> --- a/src/os/win32/ngx_process_cycle.c >>> +++ b/src/os/win32/ngx_process_cycle.c >>> @@ -800,6 +800,7 @@ ngx_worker_thread(void *data) >>> >>> if (!ngx_exiting) { >>> ngx_exiting = 1; >>> + ngx_set_shutdown_timer(cycle); >>> ngx_close_listening_sockets(cycle); >>> ngx_close_idle_connections(cycle); >>> } >>> _______________________________________________ >>> nginx-devel mailing list >>> nginx-devel at nginx.org >>> http://mailman.nginx.org/mailman/listinfo/nginx-devel >>> >> >> >> _______________________________________________ >> nginx-devel mailing list >> nginx-devel at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx-devel >> > > > > -- > > *Datong Sun* | Systems Engineer > datong at cloudflare.com > > > 1 888 99 FLARE | www.cloudflare.com > > _______________________________________________ > nginx-devel mailing list > nginx-devel at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Thu Mar 9 12:17:22 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 9 Mar 2017 15:17:22 +0300 Subject: [nginx] Introduced worker_shutdown_timeout. In-Reply-To: References: Message-ID: <20170309121722.GK23126@mdounin.ru> Hello! On Wed, Mar 08, 2017 at 03:52:15PM +0800, ??? wrote: > It's a good design. > It seems the worker process is not killed until expired, the time is set by > 'worker_shutdown_timeout'. > But I think ngx_shutdown_timer_handler will never be called, because of the > following deal. > > if (ngx_exiting) { > if (ngx_event_no_timers_left() == NGX_OK) { > ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "exiting"); > ngx_worker_process_exit(cycle); // the worker process > exits though there are cancelable timers such as ngx_shutdown_event. > } > } > > I'm not sure it's right? It is not expected to be called as long as there are no (non-cancelable) timers left and nginx can exit immediately. It is only expected to be called when the timeout expires and nginx is still not able to exit. > diff -r d45072375572 src/core/ngx_cycle.c > --- a/src/core/ngx_cycle.c Tue Mar 07 18:51:17 2017 +0300 > +++ b/src/core/ngx_cycle.c Sun Mar 05 17:03:22 2017 +0800 > @@ -1348,7 +1348,6 @@ > ngx_shutdown_event.handler = ngx_shutdown_timer_handler; > ngx_shutdown_event.data = cycle; > ngx_shutdown_event.log = cycle->log; > - ngx_shutdown_event.cancelable = 1; > > ngx_add_timer(&ngx_shutdown_event, ccf->shutdown_timeout); > } > > And I think it's better that the shutting down process keep alive until ' > worker_shutdown_timeout'. No, this patch is wrong. With this patch, worker process shutdown will be unconditionally delayed for the specified time. It is not what it meant to do. The worker_shutdown_timeout directive is not expected to delay shutdown if there are no active connections. It was introduced to limit possible time spent in shutdown, that is, to ensure fast enough shutdown even if there are active connections. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Thu Mar 9 12:29:35 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 9 Mar 2017 15:29:35 +0300 Subject: [nginx] Introduced worker_shutdown_timeout. In-Reply-To: References: Message-ID: <20170309122935.GL23126@mdounin.ru> Hello! On Thu, Mar 09, 2017 at 02:39:26PM +0800, ??? wrote: [...] > "Cancelable timers are now preserved if there are other timers. There is no > need to cancel timers early if there are other timers blocking shutdown > anyway. Preserving such timers allows nginx to continue some periodic work > till the shutdown is actually possible. With the new approach, timers with > ev->cancelable are simply ignored when checking if there are any timers > left during shutdown." > > But how to do the timers those are cancelable such as buffer-event in log > module. > When the worker process is shutting down, they lose the chance to do > registered handler. > Even so the log module also works well because of 'ngx_conf_flush_files'. Cancelable timers are expected to do it's work normally until the actual shutdown is possible, but will not delay shutdown. You can't relay on them to do any cleanup work though, as they will not be called in many cases. For example, much like any other timers they will not be called on fast shutdown (aka ngx_terminate). To do a cleanup work you should use cleanup handlers and/or exit_process callbacks. In particular, the log module uses cancelable timers to do periodic flushes while the process is still running. The final flush will be done on the process exit in the ngx_conf_flush_files() exit_process callback. -- Maxim Dounin http://nginx.org/ From hongzhidao at gmail.com Thu Mar 9 12:52:07 2017 From: hongzhidao at gmail.com (=?UTF-8?B?5rSq5b+X6YGT?=) Date: Thu, 9 Mar 2017 20:52:07 +0800 Subject: [nginx] Introduced worker_shutdown_timeout. In-Reply-To: <20170309122935.GL23126@mdounin.ru> References: <20170309122935.GL23126@mdounin.ru> Message-ID: I get it. Yep, we can do the cleanup work in exit process or pool cleanup when expired time happened. I keep my opinion that it's useful and helpful if we set *ngx_shutdown_event.cancelable = 0.* First of all, we can set timeout zero if need to exit immediately. The key point is whether we need to invoke event handler like ngx_http_log_flush_handler. And I think it's more convenient to do the consequent things, we still have the event information in event handler, but not sure in exit process phase. By the way, is it a problem if I try to set *ngx_shutdown_event.cancelable = 0.* Thanks again. 2017-03-09 20:29 GMT+08:00 Maxim Dounin : > Hello! > > On Thu, Mar 09, 2017 at 02:39:26PM +0800, ??? wrote: > > [...] > > > "Cancelable timers are now preserved if there are other timers. There is > no > > need to cancel timers early if there are other timers blocking shutdown > > anyway. Preserving such timers allows nginx to continue some periodic > work > > till the shutdown is actually possible. With the new approach, timers > with > > ev->cancelable are simply ignored when checking if there are any timers > > left during shutdown." > > > > But how to do the timers those are cancelable such as buffer-event in log > > module. > > When the worker process is shutting down, they lose the chance to do > > registered handler. > > Even so the log module also works well because of 'ngx_conf_flush_files'. > > Cancelable timers are expected to do it's work normally until the > actual shutdown is possible, but will not delay shutdown. > > You can't relay on them to do any cleanup work though, as they > will not be called in many cases. For example, much like any > other timers they will not be called on fast shutdown (aka > ngx_terminate). To do a cleanup work you should use cleanup > handlers and/or exit_process callbacks. > > In particular, the log module uses cancelable timers to do > periodic flushes while the process is still running. The final > flush will be done on the process exit in the > ngx_conf_flush_files() exit_process callback. > > -- > Maxim Dounin > http://nginx.org/ > _______________________________________________ > nginx-devel mailing list > nginx-devel at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From hongzhidao at gmail.com Thu Mar 9 12:53:54 2017 From: hongzhidao at gmail.com (=?UTF-8?B?5rSq5b+X6YGT?=) Date: Thu, 9 Mar 2017 20:53:54 +0800 Subject: [nginx] Introduced worker_shutdown_timeout. In-Reply-To: References: <20170309122935.GL23126@mdounin.ru> Message-ID: "First of all, we can set timeout zero if need to exit immediately." It's not a good idea. 2017-03-09 20:52 GMT+08:00 ??? : > I get it. > > Yep, we can do the cleanup work in exit process or pool cleanup when > expired time happened. > > I keep my opinion that it's useful and helpful if we set *ngx_shutdown_event.cancelable > = 0.* > > First of all, we can set timeout zero if need to exit immediately. > The key point is whether we need to invoke event handler > like ngx_http_log_flush_handler. > And I think it's more convenient to do the consequent things, > we still have the event information in event handler, but not sure in exit > process phase. > > By the way, is it a problem if I try to set *ngx_shutdown_event.cancelable > = 0.* > > Thanks again. > > 2017-03-09 20:29 GMT+08:00 Maxim Dounin : > >> Hello! >> >> On Thu, Mar 09, 2017 at 02:39:26PM +0800, ??? wrote: >> >> [...] >> >> > "Cancelable timers are now preserved if there are other timers. There >> is no >> > need to cancel timers early if there are other timers blocking shutdown >> > anyway. Preserving such timers allows nginx to continue some periodic >> work >> > till the shutdown is actually possible. With the new approach, timers >> with >> > ev->cancelable are simply ignored when checking if there are any timers >> > left during shutdown." >> > >> > But how to do the timers those are cancelable such as buffer-event in >> log >> > module. >> > When the worker process is shutting down, they lose the chance to do >> > registered handler. >> > Even so the log module also works well because of >> 'ngx_conf_flush_files'. >> >> Cancelable timers are expected to do it's work normally until the >> actual shutdown is possible, but will not delay shutdown. >> >> You can't relay on them to do any cleanup work though, as they >> will not be called in many cases. For example, much like any >> other timers they will not be called on fast shutdown (aka >> ngx_terminate). To do a cleanup work you should use cleanup >> handlers and/or exit_process callbacks. >> >> In particular, the log module uses cancelable timers to do >> periodic flushes while the process is still running. The final >> flush will be done on the process exit in the >> ngx_conf_flush_files() exit_process callback. >> >> -- >> Maxim Dounin >> http://nginx.org/ >> _______________________________________________ >> nginx-devel mailing list >> nginx-devel at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx-devel >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From hongzhidao at gmail.com Thu Mar 9 13:00:43 2017 From: hongzhidao at gmail.com (=?UTF-8?B?5rSq5b+X6YGT?=) Date: Thu, 9 Mar 2017 21:00:43 +0800 Subject: [nginx] Introduced worker_shutdown_timeout. In-Reply-To: References: <20170309122935.GL23126@mdounin.ru> Message-ID: We can close the topic. I review the previous infos, and I have already got the answer. Thanks! 2017-03-09 20:53 GMT+08:00 ??? : > "First of all, we can set timeout zero if need to exit immediately." > > It's not a good idea. > > 2017-03-09 20:52 GMT+08:00 ??? : > >> I get it. >> >> Yep, we can do the cleanup work in exit process or pool cleanup when >> expired time happened. >> >> I keep my opinion that it's useful and helpful if we set *ngx_shutdown_event.cancelable >> = 0.* >> >> First of all, we can set timeout zero if need to exit immediately. >> The key point is whether we need to invoke event handler >> like ngx_http_log_flush_handler. >> And I think it's more convenient to do the consequent things, >> we still have the event information in event handler, but not sure in >> exit process phase. >> >> By the way, is it a problem if I try to set *ngx_shutdown_event.cancelable >> = 0.* >> >> Thanks again. >> >> 2017-03-09 20:29 GMT+08:00 Maxim Dounin : >> >>> Hello! >>> >>> On Thu, Mar 09, 2017 at 02:39:26PM +0800, ??? wrote: >>> >>> [...] >>> >>> > "Cancelable timers are now preserved if there are other timers. There >>> is no >>> > need to cancel timers early if there are other timers blocking shutdown >>> > anyway. Preserving such timers allows nginx to continue some periodic >>> work >>> > till the shutdown is actually possible. With the new approach, timers >>> with >>> > ev->cancelable are simply ignored when checking if there are any timers >>> > left during shutdown." >>> > >>> > But how to do the timers those are cancelable such as buffer-event in >>> log >>> > module. >>> > When the worker process is shutting down, they lose the chance to do >>> > registered handler. >>> > Even so the log module also works well because of >>> 'ngx_conf_flush_files'. >>> >>> Cancelable timers are expected to do it's work normally until the >>> actual shutdown is possible, but will not delay shutdown. >>> >>> You can't relay on them to do any cleanup work though, as they >>> will not be called in many cases. For example, much like any >>> other timers they will not be called on fast shutdown (aka >>> ngx_terminate). To do a cleanup work you should use cleanup >>> handlers and/or exit_process callbacks. >>> >>> In particular, the log module uses cancelable timers to do >>> periodic flushes while the process is still running. The final >>> flush will be done on the process exit in the >>> ngx_conf_flush_files() exit_process callback. >>> >>> -- >>> Maxim Dounin >>> http://nginx.org/ >>> _______________________________________________ >>> nginx-devel mailing list >>> nginx-devel at nginx.org >>> http://mailman.nginx.org/mailman/listinfo/nginx-devel >>> >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Thu Mar 9 13:16:02 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 9 Mar 2017 16:16:02 +0300 Subject: Module connecting outside In-Reply-To: References: Message-ID: <20170309131602.GM23126@mdounin.ru> Hello! On Wed, Mar 08, 2017 at 08:10:25PM +0100, Antonio Nappa wrote: > I am in the process of creating a module that connects to the outside to > exchange data with another service, I am taking as inspiration the > mail_module and the upstream module, basically my module is connecting > using the ngx_event_connect_peer and handling the read and write events > properly. I have 2 questions: > > Is this the proper way to make a module connecting to the outside? Yes. > Would it be possible to use nginx primitives to connect through SSL? To connect through SSL you sill have to use ngx_event_connect_peer(), and then have to use appropriate functions (ngx_ssl_create_connection(), ngx_ssl_handshake(), and so on) to initiate an SSL handshake. Once handshake is complete, you can use the connection much like any other connection in nginx, using c->send(), c->send_chain() and so on. Take a look on the ngx_http_upstream.c on how to do this properly. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Thu Mar 9 17:56:03 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 9 Mar 2017 20:56:03 +0300 Subject: [PATCH] SSL: Added crl_check_mode In-Reply-To: <9c13ae0d54a75902945b.1488989552@MASIN-NIX> References: <9c13ae0d54a75902945b.1488989552@MASIN-NIX> Message-ID: <20170309175603.GP23126@mdounin.ru> Hello! On Wed, Mar 08, 2017 at 06:12:32PM +0200, J?rno Ader wrote: > # HG changeset patch > # User J?rno Ader > # Date 1488987398 -7200 > # Wed Mar 08 17:36:38 2017 +0200 > # Node ID 9c13ae0d54a75902945bc6ac9bbced1c298fdaa0 > # Parent d450723755728f9d0cc291247b9601e2f3340f19 > SSL: Added crl_check_mode > > Added crl_check_mode flag which can be used to modify flags used for > the X509_STORE created in ngx_ssl_crl. > > This makes it possible to use Estonian Identity card revocation lists with > nginx (see https://trac.nginx.org/nginx/ticket/1094) which previously failed > since the root certificate for ESTEID does not have a proper CRL available. Just for the record: I've again looked at this, and it seems the problem with the CRL is as follows: The root certificate, "EE Certification Centre Root CA", has a CRL available at http://www.sk.ee/repository/crls/eeccrca.crl. This CRL lists Issuing Distrubution Point extension as follows: X509v3 Issuing Distrubution Point: critical Full Name: URI:http://www.sk.ee/repository/crls/eeccrca.crl But there are no CRL Distribution Points in the certificate itself. As a result, OpenSSL refuses to to use this CRL when it tries to verify more than just a leaf certificate, for example: $ openssl verify -CAfile EE_Certification_Centre_Root_CA.pem.crt -CRLfile eeccrca.crl.pem -crl_check_all KLASS3-SK_2010_EECCRCA_SHA384.pem.crt KLASS3-SK_2010_EECCRCA_SHA384.pem.crt: C = EE, O = AS Sertifitseerimiskeskus, CN = EE Certification Centre Root CA, emailAddress = pki at sk.ee error 44 at 1 depth lookup:Different CRL scope This probably should be reported to the sk.ee team, likely they want to fix this. Simply removing the IDP extension from the CRL should do the trick. [...] -- Maxim Dounin http://nginx.org/ From matwey.kornilov at gmail.com Fri Mar 10 09:10:32 2017 From: matwey.kornilov at gmail.com (Matwey V. Kornilov) Date: Fri, 10 Mar 2017 12:10:32 +0300 Subject: [PATCH 1 of 3] SSI: Implement #fsize SSI command Message-ID: # HG changeset patch # User Matwey V. Kornilov # Date 1489136573 -10800 # Fri Mar 10 12:02:53 2017 +0300 # Branch fsize # Node ID a682e88cdcddb04905814cdfacde3df9ebc2b48b # Parent 640f035293959b2d4b0ba5939d954bc517f57f77 SSI: Implement #fsize SSI command diff -r 640f03529395 -r a682e88cdcdd src/http/modules/ngx_http_ssi_filter_module.c --- a/src/http/modules/ngx_http_ssi_filter_module.c Fri Jan 27 19:06:35 2017 +0300 +++ b/src/http/modules/ngx_http_ssi_filter_module.c Fri Mar 10 12:02:53 2017 +0300 @@ -89,6 +89,10 @@ ngx_int_t rc); static ngx_int_t ngx_http_ssi_set_variable(ngx_http_request_t *r, void *data, ngx_int_t rc); +static ngx_int_t ngx_http_ssi_fsize(ngx_http_request_t *r, + ngx_http_ssi_ctx_t *ctx, ngx_str_t **params); +static ngx_int_t ngx_http_ssi_fsize_output(ngx_http_request_t *r, void *data, + ngx_int_t rc); static ngx_int_t ngx_http_ssi_echo(ngx_http_request_t *r, ngx_http_ssi_ctx_t *ctx, ngx_str_t **params); static ngx_int_t ngx_http_ssi_config(ngx_http_request_t *r, @@ -211,6 +215,7 @@ static u_char ngx_http_ssi_string[] = " router with NAT <--> client running with a public IP address I cannot configure NAT on the router, so setting port forwarding is not an option. My idea is to have a small program that starts a TCP connection towards the client and that passes the socket descriptor to the nginx web server. Basically the whole procedure can be summarized as follows: 1) the helper program, running on the same host of nginx, starts the TCP connection and punch holes the NAT 2) the client accepts the connection 3) the helper program passes the socket descriptor to the nginx web server by using a AF_UNIX socket 4) nginx receives the socket and adds this socket to it set of sockets 5) the client can now start sending HTTP requests to the webserver, as normally So, the question is: is there a preferred/already existing solution/infrastructure in nginx to do this? Thank you Ottavio From hucong.c at foxmail.com Thu Mar 23 12:46:32 2017 From: hucong.c at foxmail.com (=?utf-8?B?6IOh6IGqIChodWNjKQ==?=) Date: Thu, 23 Mar 2017 20:46:32 +0800 Subject: What is the best way to add a socket to nginx web server? In-Reply-To: <5637116E3E13BE46B0D936BF364783C106E7CACB@MAIA.sede.videotec.com> References: <5637116E3E13BE46B0D936BF364783C106E7CACB@MAIA.sede.videotec.com> Message-ID: Hi, Maybe you need to write a module where ngx_http_init_connection() should be rewritten/imitated after the imitation of ngx_event_connect_peer(). You can add some configuration items or introduce a timer which can restart/keep the TCP connection. And if OpenResty is familiar to you, a simpler way (lua not c) is also possible. ------------------ Original ------------------ From: "Ottavio Campana";; Date: Mar 23, 2017 To: "nginx-devel at nginx.org"; Subject: What is the best way to add a socket to nginx web server? Hello everybody, I am trying to understand if I can use/change nginx to solve a problem related to a very particular scenario I have this scenario: nginx web server <--> router with NAT <--> client running with a public IP address I cannot configure NAT on the router, so setting port forwarding is not an option. My idea is to have a small program that starts a TCP connection towards the client and that passes the socket descriptor to the nginx web server. Basically the whole procedure can be summarized as follows: 1) the helper program, running on the same host of nginx, starts the TCP connection and punch holes the NAT 2) the client accepts the connection 3) the helper program passes the socket descriptor to the nginx web server by using a AF_UNIX socket 4) nginx receives the socket and adds this socket to it set of sockets 5) the client can now start sending HTTP requests to the webserver, as normally So, the question is: is there a preferred/already existing solution/infrastructure in nginx to do this? Thank you Ottavio _______________________________________________ nginx-devel mailing list nginx-devel at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel From ru at nginx.com Thu Mar 23 15:29:48 2017 From: ru at nginx.com (Ruslan Ermilov) Date: Thu, 23 Mar 2017 15:29:48 +0000 Subject: [nginx] Simplified code about duplicate root/alias directive. Message-ID: details: http://hg.nginx.org/nginx/rev/6e20a6479325 branches: changeset: 6941:6e20a6479325 user: Ruslan Ermilov date: Wed Mar 22 23:36:35 2017 +0300 description: Simplified code about duplicate root/alias directive. diffstat: src/http/ngx_http_core_module.c | 14 ++++++-------- 1 files changed, 6 insertions(+), 8 deletions(-) diffs (26 lines): diff -r 39ff6939266e -r 6e20a6479325 src/http/ngx_http_core_module.c --- a/src/http/ngx_http_core_module.c Wed Mar 22 22:49:52 2017 +0300 +++ b/src/http/ngx_http_core_module.c Wed Mar 22 23:36:35 2017 +0300 @@ -4405,16 +4405,14 @@ ngx_http_core_root(ngx_conf_t *cf, ngx_c if (clcf->root.data) { if ((clcf->alias != 0) == alias) { - ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, - "\"%V\" directive is duplicate", - &cmd->name); - } else { - ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, - "\"%V\" directive is duplicate, " - "\"%s\" directive was specified earlier", - &cmd->name, clcf->alias ? "alias" : "root"); + return "is duplicate"; } + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "\"%V\" directive is duplicate, " + "\"%s\" directive was specified earlier", + &cmd->name, clcf->alias ? "alias" : "root"); + return NGX_CONF_ERROR; } From piotrsikora at google.com Fri Mar 24 10:48:07 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Fri, 24 Mar 2017 03:48:07 -0700 Subject: [PATCH 2 of 3] Upstream: allow recovery from "429 Too Many Requests" response In-Reply-To: <20170301235824.GW34777@mdounin.ru> References: <20170225234510.GD34777@mdounin.ru> <20170301153327.GT34777@mdounin.ru> <20170301235824.GW34777@mdounin.ru> Message-ID: Hey Maxim, > Sure, but why one would use "proxy_next_upstream http_429" then? > > If one of your backends reject a requests based on client's IP / > login, then you probably don't want nginx to retry such a request > on other servers, as this will just allow the user to do more > requests when you already know the limit was reached. And it > doesn't look like an effective way to build a system with > distributed limits. > > In contrast, if a limit affects nginx's IP and/or group of > services on a backend, retrying on a different backend may make > sense. But use case suggests that 429 should be counted as > failure. That's a good point. Fixed, thanks! Best regards, Piotr Sikora From piotrsikora at google.com Fri Mar 24 10:47:40 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Fri, 24 Mar 2017 03:47:40 -0700 Subject: [PATCH 1 of 2] HTTP: add support for "429 Too Many Requests" response (RFC6585) Message-ID: <799ef976b58cadbc212b.1490352460@piotrsikora.sfo.corp.google.com> # HG changeset patch # User Piotr Sikora # Date 1490348883 25200 # Fri Mar 24 02:48:03 2017 -0700 # Node ID 799ef976b58cadbc212bd790a666033d3777c10d # Parent 39ff6939266e913e8bfd400e60f9520e70725a4d HTTP: add support for "429 Too Many Requests" response (RFC6585). This change adds reason phrase in status line and pretty response body when "429" status code is used in "return", "limit_conn_status" and/or "limit_req_status" directives. Signed-off-by: Piotr Sikora diff -r 39ff6939266e -r 799ef976b58c src/http/ngx_http_header_filter_module.c --- a/src/http/ngx_http_header_filter_module.c +++ b/src/http/ngx_http_header_filter_module.c @@ -101,12 +101,16 @@ static ngx_str_t ngx_http_status_lines[] ngx_null_string, /* "419 unused" */ ngx_null_string, /* "420 unused" */ ngx_string("421 Misdirected Request"), + ngx_null_string, /* "422 Unprocessable Entity" */ + ngx_null_string, /* "423 Locked" */ + ngx_null_string, /* "424 Failed Dependency" */ + ngx_null_string, /* "425 unused" */ + ngx_null_string, /* "426 Upgrade Required" */ + ngx_null_string, /* "427 unused" */ + ngx_null_string, /* "428 Precondition Required" */ + ngx_string("429 Too Many Requests"), - /* ngx_null_string, */ /* "422 Unprocessable Entity" */ - /* ngx_null_string, */ /* "423 Locked" */ - /* ngx_null_string, */ /* "424 Failed Dependency" */ - -#define NGX_HTTP_LAST_4XX 422 +#define NGX_HTTP_LAST_4XX 430 #define NGX_HTTP_OFF_5XX (NGX_HTTP_LAST_4XX - 400 + NGX_HTTP_OFF_4XX) ngx_string("500 Internal Server Error"), diff -r 39ff6939266e -r 799ef976b58c src/http/ngx_http_request.h --- a/src/http/ngx_http_request.h +++ b/src/http/ngx_http_request.h @@ -98,6 +98,7 @@ #define NGX_HTTP_UNSUPPORTED_MEDIA_TYPE 415 #define NGX_HTTP_RANGE_NOT_SATISFIABLE 416 #define NGX_HTTP_MISDIRECTED_REQUEST 421 +#define NGX_HTTP_TOO_MANY_REQUESTS 429 /* Our own HTTP codes */ diff -r 39ff6939266e -r 799ef976b58c src/http/ngx_http_special_response.c --- a/src/http/ngx_http_special_response.c +++ b/src/http/ngx_http_special_response.c @@ -225,6 +225,14 @@ static char ngx_http_error_421_page[] = ; +static char ngx_http_error_429_page[] = +"" CRLF +"429 Too Many Requests" CRLF +"" CRLF +"

429 Too Many Requests

" CRLF +; + + static char ngx_http_error_494_page[] = "" CRLF "400 Request Header Or Cookie Too Large" @@ -354,8 +362,16 @@ static ngx_str_t ngx_http_error_pages[] ngx_null_string, /* 419 */ ngx_null_string, /* 420 */ ngx_string(ngx_http_error_421_page), + ngx_null_string, /* 422 */ + ngx_null_string, /* 423 */ + ngx_null_string, /* 424 */ + ngx_null_string, /* 425 */ + ngx_null_string, /* 426 */ + ngx_null_string, /* 427 */ + ngx_null_string, /* 428 */ + ngx_string(ngx_http_error_429_page), -#define NGX_HTTP_LAST_4XX 422 +#define NGX_HTTP_LAST_4XX 430 #define NGX_HTTP_OFF_5XX (NGX_HTTP_LAST_4XX - 400 + NGX_HTTP_OFF_4XX) ngx_string(ngx_http_error_494_page), /* 494, request header too large */ From piotrsikora at google.com Fri Mar 24 10:47:41 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Fri, 24 Mar 2017 03:47:41 -0700 Subject: [PATCH 2 of 2] Upstream: allow recovery from "429 Too Many Requests" response In-Reply-To: <799ef976b58cadbc212b.1490352460@piotrsikora.sfo.corp.google.com> References: <799ef976b58cadbc212b.1490352460@piotrsikora.sfo.corp.google.com> Message-ID: # HG changeset patch # User Piotr Sikora # Date 1490348883 25200 # Fri Mar 24 02:48:03 2017 -0700 # Node ID b377cfedf632b14a3d459e12342a0557a25a790c # Parent 799ef976b58cadbc212bd790a666033d3777c10d Upstream: allow recovery from "429 Too Many Requests" response. This change adds "http_429" parameter to "proxy_next_upstream" for retrying rate-limited requests, and to "proxy_cache_use_stale" for serving stale cached responses after being rate-limited. Signed-off-by: Piotr Sikora diff -r 799ef976b58c -r b377cfedf632 src/http/modules/ngx_http_fastcgi_module.c --- a/src/http/modules/ngx_http_fastcgi_module.c +++ b/src/http/modules/ngx_http_fastcgi_module.c @@ -211,6 +211,7 @@ static ngx_conf_bitmask_t ngx_http_fast { ngx_string("http_503"), NGX_HTTP_UPSTREAM_FT_HTTP_503 }, { ngx_string("http_403"), NGX_HTTP_UPSTREAM_FT_HTTP_403 }, { ngx_string("http_404"), NGX_HTTP_UPSTREAM_FT_HTTP_404 }, + { ngx_string("http_429"), NGX_HTTP_UPSTREAM_FT_HTTP_429 }, { ngx_string("updating"), NGX_HTTP_UPSTREAM_FT_UPDATING }, { ngx_string("off"), NGX_HTTP_UPSTREAM_FT_OFF }, { ngx_null_string, 0 } diff -r 799ef976b58c -r b377cfedf632 src/http/modules/ngx_http_proxy_module.c --- a/src/http/modules/ngx_http_proxy_module.c +++ b/src/http/modules/ngx_http_proxy_module.c @@ -220,6 +220,7 @@ static ngx_conf_bitmask_t ngx_http_prox { ngx_string("http_504"), NGX_HTTP_UPSTREAM_FT_HTTP_504 }, { ngx_string("http_403"), NGX_HTTP_UPSTREAM_FT_HTTP_403 }, { ngx_string("http_404"), NGX_HTTP_UPSTREAM_FT_HTTP_404 }, + { ngx_string("http_429"), NGX_HTTP_UPSTREAM_FT_HTTP_429 }, { ngx_string("updating"), NGX_HTTP_UPSTREAM_FT_UPDATING }, { ngx_string("off"), NGX_HTTP_UPSTREAM_FT_OFF }, { ngx_null_string, 0 } diff -r 799ef976b58c -r b377cfedf632 src/http/modules/ngx_http_scgi_module.c --- a/src/http/modules/ngx_http_scgi_module.c +++ b/src/http/modules/ngx_http_scgi_module.c @@ -82,6 +82,7 @@ static ngx_conf_bitmask_t ngx_http_scgi_ { ngx_string("http_503"), NGX_HTTP_UPSTREAM_FT_HTTP_503 }, { ngx_string("http_403"), NGX_HTTP_UPSTREAM_FT_HTTP_403 }, { ngx_string("http_404"), NGX_HTTP_UPSTREAM_FT_HTTP_404 }, + { ngx_string("http_429"), NGX_HTTP_UPSTREAM_FT_HTTP_429 }, { ngx_string("updating"), NGX_HTTP_UPSTREAM_FT_UPDATING }, { ngx_string("off"), NGX_HTTP_UPSTREAM_FT_OFF }, { ngx_null_string, 0 } diff -r 799ef976b58c -r b377cfedf632 src/http/modules/ngx_http_uwsgi_module.c --- a/src/http/modules/ngx_http_uwsgi_module.c +++ b/src/http/modules/ngx_http_uwsgi_module.c @@ -114,6 +114,7 @@ static ngx_conf_bitmask_t ngx_http_uwsgi { ngx_string("http_503"), NGX_HTTP_UPSTREAM_FT_HTTP_503 }, { ngx_string("http_403"), NGX_HTTP_UPSTREAM_FT_HTTP_403 }, { ngx_string("http_404"), NGX_HTTP_UPSTREAM_FT_HTTP_404 }, + { ngx_string("http_429"), NGX_HTTP_UPSTREAM_FT_HTTP_429 }, { ngx_string("updating"), NGX_HTTP_UPSTREAM_FT_UPDATING }, { ngx_string("off"), NGX_HTTP_UPSTREAM_FT_OFF }, { ngx_null_string, 0 } diff -r 799ef976b58c -r b377cfedf632 src/http/ngx_http_upstream.c --- a/src/http/ngx_http_upstream.c +++ b/src/http/ngx_http_upstream.c @@ -436,6 +436,7 @@ static ngx_http_upstream_next_t ngx_htt { 504, NGX_HTTP_UPSTREAM_FT_HTTP_504 }, { 403, NGX_HTTP_UPSTREAM_FT_HTTP_403 }, { 404, NGX_HTTP_UPSTREAM_FT_HTTP_404 }, + { 429, NGX_HTTP_UPSTREAM_FT_HTTP_429 }, { 0, 0 } }; @@ -4155,6 +4156,10 @@ ngx_http_upstream_next(ngx_http_request_ status = NGX_HTTP_NOT_FOUND; break; + case NGX_HTTP_UPSTREAM_FT_HTTP_429: + status = NGX_HTTP_TOO_MANY_REQUESTS; + break; + /* * NGX_HTTP_UPSTREAM_FT_BUSY_LOCK and NGX_HTTP_UPSTREAM_FT_MAX_WAITING * never reach here diff -r 799ef976b58c -r b377cfedf632 src/http/ngx_http_upstream.h --- a/src/http/ngx_http_upstream.h +++ b/src/http/ngx_http_upstream.h @@ -26,10 +26,11 @@ #define NGX_HTTP_UPSTREAM_FT_HTTP_504 0x00000080 #define NGX_HTTP_UPSTREAM_FT_HTTP_403 0x00000100 #define NGX_HTTP_UPSTREAM_FT_HTTP_404 0x00000200 -#define NGX_HTTP_UPSTREAM_FT_UPDATING 0x00000400 -#define NGX_HTTP_UPSTREAM_FT_BUSY_LOCK 0x00000800 -#define NGX_HTTP_UPSTREAM_FT_MAX_WAITING 0x00001000 -#define NGX_HTTP_UPSTREAM_FT_NON_IDEMPOTENT 0x00002000 +#define NGX_HTTP_UPSTREAM_FT_HTTP_429 0x00000400 +#define NGX_HTTP_UPSTREAM_FT_UPDATING 0x00000800 +#define NGX_HTTP_UPSTREAM_FT_BUSY_LOCK 0x00001000 +#define NGX_HTTP_UPSTREAM_FT_MAX_WAITING 0x00002000 +#define NGX_HTTP_UPSTREAM_FT_NON_IDEMPOTENT 0x00004000 #define NGX_HTTP_UPSTREAM_FT_NOLIVE 0x40000000 #define NGX_HTTP_UPSTREAM_FT_OFF 0x80000000 @@ -38,7 +39,8 @@ |NGX_HTTP_UPSTREAM_FT_HTTP_503 \ |NGX_HTTP_UPSTREAM_FT_HTTP_504 \ |NGX_HTTP_UPSTREAM_FT_HTTP_403 \ - |NGX_HTTP_UPSTREAM_FT_HTTP_404) + |NGX_HTTP_UPSTREAM_FT_HTTP_404 \ + |NGX_HTTP_UPSTREAM_FT_HTTP_429) #define NGX_HTTP_UPSTREAM_INVALID_HEADER 40 From piotrsikora at google.com Fri Mar 24 10:47:39 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Fri, 24 Mar 2017 03:47:39 -0700 Subject: [PATCH 1 of 3] HTTP: add support for trailers in HTTP responses Message-ID: # HG changeset patch # User Piotr Sikora # Date 1490351854 25200 # Fri Mar 24 03:37:34 2017 -0700 # Node ID a0f291f0a903b863161900f4d0cbb405f5d7a735 # Parent 39ff6939266e913e8bfd400e60f9520e70725a4d HTTP: add support for trailers in HTTP responses. Example: ngx_table_elt_t *h; h = ngx_list_push(&r->headers_out.trailers); if (h == NULL) { return NGX_ERROR; } ngx_str_set(&h->key, "Fun"); ngx_str_set(&h->value, "with trailers"); h->hash = ngx_hash_key_lc(h->key.data, h->key.len); The code above adds "Fun: with trailers" trailer to the response to the request with "TE: trailers" header (which indicates support for trailers). Modules that want to emit trailers must set r->expect_trailers = 1, otherwise they are going to be ignored. This change also adds $sent_trailer_* variables. Signed-off-by: Piotr Sikora diff -r 39ff6939266e -r a0f291f0a903 src/http/modules/ngx_http_chunked_filter_module.c --- a/src/http/modules/ngx_http_chunked_filter_module.c +++ b/src/http/modules/ngx_http_chunked_filter_module.c @@ -17,6 +17,7 @@ typedef struct { static ngx_int_t ngx_http_chunked_filter_init(ngx_conf_t *cf); +static ngx_chain_t *ngx_http_chunked_create_trailers(ngx_http_request_t *r); static ngx_http_module_t ngx_http_chunked_filter_module_ctx = { @@ -69,28 +70,33 @@ ngx_http_chunked_header_filter(ngx_http_ return ngx_http_next_header_filter(r); } - if (r->headers_out.content_length_n == -1) { + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); + + if (clcf->chunked_transfer_encoding + && r->allow_trailers && r->expect_trailers) + { + ngx_http_clear_content_length(r); + r->chunked = 1; + + } else if (r->headers_out.content_length_n == -1) { if (r->http_version < NGX_HTTP_VERSION_11) { r->keepalive = 0; + } else if (clcf->chunked_transfer_encoding) { + r->chunked = 1; + } else { - clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); + r->keepalive = 0; + } + } - if (clcf->chunked_transfer_encoding) { - r->chunked = 1; + if (r->chunked) { + ctx = ngx_pcalloc(r->pool, sizeof(ngx_http_chunked_filter_ctx_t)); + if (ctx == NULL) { + return NGX_ERROR; + } - ctx = ngx_pcalloc(r->pool, - sizeof(ngx_http_chunked_filter_ctx_t)); - if (ctx == NULL) { - return NGX_ERROR; - } - - ngx_http_set_ctx(r, ctx, ngx_http_chunked_filter_module); - - } else { - r->keepalive = 0; - } - } + ngx_http_set_ctx(r, ctx, ngx_http_chunked_filter_module); } return ngx_http_next_header_filter(r); @@ -201,6 +207,15 @@ ngx_http_chunked_body_filter(ngx_http_re b->pos += 2; } + if (r->allow_trailers && r->expect_trailers) { + tl->next = ngx_http_chunked_create_trailers(r); + + if (tl->next != NULL) { + b->last -= 2; + b->last_buf = 0; + } + } + } else if (size > 0) { tl = ngx_chain_get_free_buf(r->pool, &ctx->free); if (tl == NULL) { @@ -230,6 +245,108 @@ ngx_http_chunked_body_filter(ngx_http_re } +static ngx_chain_t * +ngx_http_chunked_create_trailers(ngx_http_request_t *r) +{ + size_t len; + ngx_buf_t *b; + ngx_uint_t i; + ngx_chain_t *cl; + ngx_list_part_t *part; + ngx_table_elt_t *header; + ngx_http_chunked_filter_ctx_t *ctx; + + len = 0; + + part = &r->headers_out.trailers.part; + header = part->elts; + + for (i = 0; /* void */; i++) { + + if (i >= part->nelts) { + if (part->next == NULL) { + break; + } + + part = part->next; + header = part->elts; + i = 0; + } + + if (header[i].hash == 0) { + continue; + } + + len += header[i].key.len + sizeof(": ") - 1 + + header[i].value.len + sizeof(CRLF) - 1; + } + + if (len == 0) { + return NULL; + } + + len += sizeof(CRLF) - 1; + + ctx = ngx_http_get_module_ctx(r, ngx_http_chunked_filter_module); + + cl = ngx_chain_get_free_buf(r->pool, &ctx->free); + if (cl == NULL) { + return NULL; + } + + b = cl->buf; + + b->tag = (ngx_buf_tag_t) &ngx_http_chunked_filter_module; + b->temporary = 0; + b->memory = 1; + b->last_buf = 1; + + b->start = ngx_palloc(r->pool, len); + if (b->start == NULL) { + return NULL; + } + + b->end = b->last + len; + b->pos = b->start; + b->last = b->start; + + part = &r->headers_out.trailers.part; + header = part->elts; + + for (i = 0; /* void */; i++) { + + if (i >= part->nelts) { + if (part->next == NULL) { + break; + } + + part = part->next; + header = part->elts; + i = 0; + } + + if (header[i].hash == 0) { + continue; + } + + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http trailer: \"%V: %V\"", + &header[i].key, &header[i].value); + + b->last = ngx_copy(b->last, header[i].key.data, header[i].key.len); + *b->last++ = ':'; *b->last++ = ' '; + + b->last = ngx_copy(b->last, header[i].value.data, header[i].value.len); + *b->last++ = CR; *b->last++ = LF; + } + + /* the end of HTTP trailer */ + *b->last++ = CR; *b->last++ = LF; + + return cl; +} + + static ngx_int_t ngx_http_chunked_filter_init(ngx_conf_t *cf) { diff -r 39ff6939266e -r a0f291f0a903 src/http/ngx_http_core_module.c --- a/src/http/ngx_http_core_module.c +++ b/src/http/ngx_http_core_module.c @@ -2477,6 +2477,13 @@ ngx_http_subrequest(ngx_http_request_t * return NGX_ERROR; } + if (ngx_list_init(&sr->headers_out.trailers, r->pool, 4, + sizeof(ngx_table_elt_t)) + != NGX_OK) + { + return NGX_ERROR; + } + cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module); sr->main_conf = cscf->ctx->main_conf; sr->srv_conf = cscf->ctx->srv_conf; diff -r 39ff6939266e -r a0f291f0a903 src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -29,6 +29,8 @@ static ngx_int_t ngx_http_process_connec ngx_table_elt_t *h, ngx_uint_t offset); static ngx_int_t ngx_http_process_user_agent(ngx_http_request_t *r, ngx_table_elt_t *h, ngx_uint_t offset); +static ngx_int_t ngx_http_process_te(ngx_http_request_t *r, + ngx_table_elt_t *h, ngx_uint_t offset); static ngx_int_t ngx_http_validate_host(ngx_str_t *host, ngx_pool_t *pool, ngx_uint_t alloc); @@ -125,6 +127,10 @@ ngx_http_header_t ngx_http_headers_in[] offsetof(ngx_http_headers_in_t, if_range), ngx_http_process_unique_header_line }, + { ngx_string("TE"), + offsetof(ngx_http_headers_in_t, te), + ngx_http_process_te }, + { ngx_string("Transfer-Encoding"), offsetof(ngx_http_headers_in_t, transfer_encoding), ngx_http_process_header_line }, @@ -559,6 +565,14 @@ ngx_http_create_request(ngx_connection_t return NULL; } + if (ngx_list_init(&r->headers_out.trailers, r->pool, 4, + sizeof(ngx_table_elt_t)) + != NGX_OK) + { + ngx_destroy_pool(r->pool); + return NULL; + } + r->ctx = ngx_pcalloc(r->pool, sizeof(void *) * ngx_http_max_module); if (r->ctx == NULL) { ngx_destroy_pool(r->pool); @@ -1744,6 +1758,63 @@ ngx_http_process_user_agent(ngx_http_req static ngx_int_t +ngx_http_process_te(ngx_http_request_t *r, ngx_table_elt_t *h, + ngx_uint_t offset) +{ + u_char *p; + + if (r->headers_in.te == NULL) { + r->headers_in.te = h; + } + + if (r->http_version < NGX_HTTP_VERSION_11) { + return NGX_OK; + } + + if (h->value.len == sizeof("trailers") - 1 + && ngx_memcmp(h->value.data, "trailers", sizeof("trailers") - 1) == 0) + { + r->allow_trailers = 1; + return NGX_OK; + } + +#if (NGX_HTTP_V2) + + if (r->http_version >= NGX_HTTP_VERSION_20) { + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "client sent HTTP/2 request with invalid header value: " + "\"TE: %V\"", &h->value); + + ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); + return NGX_ERROR; + } + +#endif + + if (h->value.len < sizeof("trailers") - 1) { + return NGX_OK; + } + + p = ngx_strcasestrn(h->value.data, "trailers", sizeof("trailers") - 2); + if (p == NULL) { + return NGX_OK; + } + + if (p == h->value.data || *(p - 1) == ',' || *(p - 1) == ' ') { + + p += sizeof("trailers") - 1; + + if (p == h->value.data + h->value.len || *p == ',' || *p == ' ') { + r->allow_trailers = 1; + return NGX_OK; + } + } + + return NGX_OK; +} + + +static ngx_int_t ngx_http_process_multi_header_lines(ngx_http_request_t *r, ngx_table_elt_t *h, ngx_uint_t offset) { diff -r 39ff6939266e -r a0f291f0a903 src/http/ngx_http_request.h --- a/src/http/ngx_http_request.h +++ b/src/http/ngx_http_request.h @@ -191,6 +191,7 @@ typedef struct { ngx_table_elt_t *range; ngx_table_elt_t *if_range; + ngx_table_elt_t *te; ngx_table_elt_t *transfer_encoding; ngx_table_elt_t *expect; ngx_table_elt_t *upgrade; @@ -247,6 +248,7 @@ typedef struct { typedef struct { ngx_list_t headers; + ngx_list_t trailers; ngx_uint_t status; ngx_str_t status_line; @@ -510,6 +512,8 @@ struct ngx_http_request_s { unsigned pipeline:1; unsigned chunked:1; unsigned header_only:1; + unsigned allow_trailers:1; + unsigned expect_trailers:1; unsigned keepalive:1; unsigned lingering_close:1; unsigned discard_body:1; diff -r 39ff6939266e -r a0f291f0a903 src/http/ngx_http_variables.c --- a/src/http/ngx_http_variables.c +++ b/src/http/ngx_http_variables.c @@ -38,6 +38,8 @@ static ngx_int_t ngx_http_variable_unkno ngx_http_variable_value_t *v, uintptr_t data); static ngx_int_t ngx_http_variable_unknown_header_out(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); +static ngx_int_t ngx_http_variable_unknown_trailer_out(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data); static ngx_int_t ngx_http_variable_request_line(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); static ngx_int_t ngx_http_variable_cookie(ngx_http_request_t *r, @@ -365,6 +367,9 @@ static ngx_http_variable_t ngx_http_cor { ngx_string("sent_http_"), NULL, ngx_http_variable_unknown_header_out, 0, NGX_HTTP_VAR_PREFIX, 0 }, + { ngx_string("sent_trailer_"), NULL, ngx_http_variable_unknown_trailer_out, + 0, NGX_HTTP_VAR_PREFIX, 0 }, + { ngx_string("cookie_"), NULL, ngx_http_variable_cookie, 0, NGX_HTTP_VAR_PREFIX, 0 }, @@ -934,6 +939,16 @@ ngx_http_variable_unknown_header_out(ngx } +static ngx_int_t +ngx_http_variable_unknown_trailer_out(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data) +{ + return ngx_http_variable_unknown_header(v, (ngx_str_t *) data, + &r->headers_out.trailers.part, + sizeof("sent_trailer_") - 1); +} + + ngx_int_t ngx_http_variable_unknown_header(ngx_http_variable_value_t *v, ngx_str_t *var, ngx_list_part_t *part, size_t prefix) diff -r 39ff6939266e -r a0f291f0a903 src/http/v2/ngx_http_v2_filter_module.c --- a/src/http/v2/ngx_http_v2_filter_module.c +++ b/src/http/v2/ngx_http_v2_filter_module.c @@ -50,13 +50,17 @@ #define NGX_HTTP_V2_SERVER_INDEX 54 #define NGX_HTTP_V2_VARY_INDEX 59 +#define NGX_HTTP_V2_FRAME_ERROR (ngx_http_v2_out_frame_t *) -1 + static u_char *ngx_http_v2_string_encode(u_char *dst, u_char *src, size_t len, u_char *tmp, ngx_uint_t lower); static u_char *ngx_http_v2_write_int(u_char *pos, ngx_uint_t prefix, ngx_uint_t value); static ngx_http_v2_out_frame_t *ngx_http_v2_create_headers_frame( - ngx_http_request_t *r, u_char *pos, u_char *end); + ngx_http_request_t *r, u_char *pos, u_char *end, ngx_uint_t fin); +static ngx_http_v2_out_frame_t *ngx_http_v2_create_trailers_frame( + ngx_http_request_t *r); static ngx_chain_t *ngx_http_v2_send_chain(ngx_connection_t *fc, ngx_chain_t *in, off_t limit); @@ -129,12 +133,12 @@ ngx_http_v2_header_filter(ngx_http_reque u_char status, *pos, *start, *p, *tmp; size_t len, tmp_len; ngx_str_t host, location; - ngx_uint_t i, port; + ngx_uint_t i, port, fin; ngx_list_part_t *part; ngx_table_elt_t *header; ngx_connection_t *fc; ngx_http_cleanup_t *cln; - ngx_http_v2_out_frame_t *frame; + ngx_http_v2_out_frame_t *headers, *trailers; ngx_http_core_loc_conf_t *clcf; ngx_http_core_srv_conf_t *cscf; u_char addr[NGX_SOCKADDR_STRLEN]; @@ -612,13 +616,6 @@ ngx_http_v2_header_filter(ngx_http_reque header[i].value.len, tmp); } - frame = ngx_http_v2_create_headers_frame(r, start, pos); - if (frame == NULL) { - return NGX_ERROR; - } - - ngx_http_v2_queue_blocked_frame(r->stream->connection, frame); - cln = ngx_http_cleanup_add(r, 0); if (cln == NULL) { return NGX_ERROR; @@ -627,8 +624,32 @@ ngx_http_v2_header_filter(ngx_http_reque cln->handler = ngx_http_v2_filter_cleanup; cln->data = r->stream; + if (r->header_only && r->allow_trailers && r->expect_trailers) { + trailers = ngx_http_v2_create_trailers_frame(r); + if (trailers == NGX_HTTP_V2_FRAME_ERROR) { + return NGX_ERROR; + } + + fin = trailers ? 0 : 1; + + } else { + trailers = NULL; + fin = r->header_only; + } + + headers = ngx_http_v2_create_headers_frame(r, start, pos, fin); + if (headers == NULL) { + return NGX_ERROR; + } + + ngx_http_v2_queue_blocked_frame(r->stream->connection, headers); r->stream->queued = 1; + if (trailers) { + ngx_http_v2_queue_blocked_frame(r->stream->connection, trailers); + r->stream->queued++; + } + fc->send_chain = ngx_http_v2_send_chain; fc->need_last_buf = 1; @@ -636,6 +657,129 @@ ngx_http_v2_header_filter(ngx_http_reque } +static ngx_http_v2_out_frame_t * +ngx_http_v2_create_trailers_frame(ngx_http_request_t *r) +{ + u_char *pos, *start, *tmp; + size_t len, tmp_len; + ngx_uint_t i; + ngx_list_part_t *part; + ngx_table_elt_t *header; + ngx_http_v2_out_frame_t *frame; + + len = 0; + tmp_len = 0; + + part = &r->headers_out.trailers.part; + header = part->elts; + + for (i = 0; /* void */; i++) { + + if (i >= part->nelts) { + if (part->next == NULL) { + break; + } + + part = part->next; + header = part->elts; + i = 0; + } + + if (header[i].hash == 0) { + continue; + } + + if (header[i].key.len > NGX_HTTP_V2_MAX_FIELD) { + ngx_log_error(NGX_LOG_WARN, r->connection->log, 0, + "too long response trailer name: \"%V\"", + &header[i].key); + + return NGX_HTTP_V2_FRAME_ERROR; + } + + if (header[i].value.len > NGX_HTTP_V2_MAX_FIELD) { + ngx_log_error(NGX_LOG_WARN, r->connection->log, 0, + "too long response trailer value: \"%V: %V\"", + &header[i].key, &header[i].value); + + return NGX_HTTP_V2_FRAME_ERROR; + } + + len += 1 + NGX_HTTP_V2_INT_OCTETS + header[i].key.len + + NGX_HTTP_V2_INT_OCTETS + header[i].value.len; + + if (header[i].key.len > tmp_len) { + tmp_len = header[i].key.len; + } + + if (header[i].value.len > tmp_len) { + tmp_len = header[i].value.len; + } + } + + if (len == 0) { + return NULL; + } + + tmp = ngx_palloc(r->pool, tmp_len); + pos = ngx_pnalloc(r->pool, len); + + if (pos == NULL || tmp == NULL) { + return NGX_HTTP_V2_FRAME_ERROR; + } + + start = pos; + + part = &r->headers_out.trailers.part; + header = part->elts; + + for (i = 0; /* void */; i++) { + + if (i >= part->nelts) { + if (part->next == NULL) { + break; + } + + part = part->next; + header = part->elts; + i = 0; + } + + if (header[i].hash == 0 + || header[i].key.len > NGX_HTTP_V2_MAX_FIELD + || header[i].value.len > NGX_HTTP_V2_MAX_FIELD) + { + continue; + } + +#if (NGX_DEBUG) + if (r->connection->log->log_level & NGX_LOG_DEBUG_HTTP) { + ngx_strlow(tmp, header[i].key.data, header[i].key.len); + + ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http2 output trailer: \"%*s: %V\"", + header[i].key.len, tmp, &header[i].value); + } +#endif + + *pos++ = 0; + + pos = ngx_http_v2_write_name(pos, header[i].key.data, + header[i].key.len, tmp); + + pos = ngx_http_v2_write_value(pos, header[i].value.data, + header[i].value.len, tmp); + } + + frame = ngx_http_v2_create_headers_frame(r, start, pos, 1); + if (frame == NULL) { + return NGX_HTTP_V2_FRAME_ERROR; + } + + return frame; +} + + static u_char * ngx_http_v2_string_encode(u_char *dst, u_char *src, size_t len, u_char *tmp, ngx_uint_t lower) @@ -686,7 +830,7 @@ ngx_http_v2_write_int(u_char *pos, ngx_u static ngx_http_v2_out_frame_t * ngx_http_v2_create_headers_frame(ngx_http_request_t *r, u_char *pos, - u_char *end) + u_char *end, ngx_uint_t fin) { u_char type, flags; size_t rest, frame_size; @@ -707,12 +851,12 @@ ngx_http_v2_create_headers_frame(ngx_htt frame->stream = stream; frame->length = rest; frame->blocked = 1; - frame->fin = r->header_only; + frame->fin = fin; ll = &frame->first; type = NGX_HTTP_V2_HEADERS_FRAME; - flags = r->header_only ? NGX_HTTP_V2_END_STREAM_FLAG : NGX_HTTP_V2_NO_FLAG; + flags = fin ? NGX_HTTP_V2_END_STREAM_FLAG : NGX_HTTP_V2_NO_FLAG; frame_size = stream->connection->frame_size; for ( ;; ) { @@ -774,7 +918,7 @@ ngx_http_v2_create_headers_frame(ngx_htt continue; } - b->last_buf = r->header_only; + b->last_buf = fin; cl->next = NULL; frame->last = cl; @@ -796,7 +940,7 @@ ngx_http_v2_send_chain(ngx_connection_t ngx_http_request_t *r; ngx_http_v2_stream_t *stream; ngx_http_v2_loc_conf_t *h2lcf; - ngx_http_v2_out_frame_t *frame; + ngx_http_v2_out_frame_t *frame, *trailers; ngx_http_v2_connection_t *h2c; r = fc->data; @@ -870,6 +1014,8 @@ ngx_http_v2_send_chain(ngx_connection_t frame_size = (h2lcf->chunk_size < h2c->frame_size) ? h2lcf->chunk_size : h2c->frame_size; + trailers = NULL; + #if (NGX_SUPPRESS_WARN) cl = NULL; #endif @@ -932,17 +1078,36 @@ ngx_http_v2_send_chain(ngx_connection_t size -= rest; } - frame = ngx_http_v2_filter_get_data_frame(stream, frame_size, out, cl); - if (frame == NULL) { - return NGX_CHAIN_ERROR; + if (cl->buf->last_buf && r->allow_trailers && r->expect_trailers) { + trailers = ngx_http_v2_create_trailers_frame(r); + if (trailers == NGX_HTTP_V2_FRAME_ERROR) { + return NGX_CHAIN_ERROR; + } + + if (trailers) { + cl->buf->last_buf = 0; + } } - ngx_http_v2_queue_frame(h2c, frame); + if (frame_size || cl->buf->last_buf) { + frame = ngx_http_v2_filter_get_data_frame(stream, frame_size, out, + cl); + if (frame == NULL) { + return NGX_CHAIN_ERROR; + } - h2c->send_window -= frame_size; + ngx_http_v2_queue_frame(h2c, frame); - stream->send_window -= frame_size; - stream->queued++; + h2c->send_window -= frame_size; + + stream->send_window -= frame_size; + stream->queued++; + } + + if (trailers) { + ngx_http_v2_queue_frame(h2c, trailers); + stream->queued++; + } if (in == NULL) { break; From piotrsikora at google.com Fri Mar 24 10:47:40 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Fri, 24 Mar 2017 03:47:40 -0700 Subject: [PATCH 2 of 3] Headers filter: add "add_trailer" directive In-Reply-To: References: Message-ID: <6d878f4585b977053a9d.1490352460@piotrsikora.sfo.corp.google.com> # HG changeset patch # User Piotr Sikora # Date 1490351854 25200 # Fri Mar 24 03:37:34 2017 -0700 # Node ID 6d878f4585b977053a9d00053bbb7aff263eb96c # Parent a0f291f0a903b863161900f4d0cbb405f5d7a735 Headers filter: add "add_trailer" directive. Trailers added using this directive are evaluated after response body is processed by output filters (but before it's written to the wire), so it's possible to use variables calculated from the response body as the trailer value. Signed-off-by: Piotr Sikora diff -r a0f291f0a903 -r 6d878f4585b9 src/http/modules/ngx_http_chunked_filter_module.c --- a/src/http/modules/ngx_http_chunked_filter_module.c +++ b/src/http/modules/ngx_http_chunked_filter_module.c @@ -256,6 +256,10 @@ ngx_http_chunked_create_trailers(ngx_htt ngx_table_elt_t *header; ngx_http_chunked_filter_ctx_t *ctx; + if (ngx_http_eval_trailers(r) != NGX_OK) { + return NULL; + } + len = 0; part = &r->headers_out.trailers.part; diff -r a0f291f0a903 -r 6d878f4585b9 src/http/modules/ngx_http_headers_filter_module.c --- a/src/http/modules/ngx_http_headers_filter_module.c +++ b/src/http/modules/ngx_http_headers_filter_module.c @@ -48,6 +48,7 @@ typedef struct { time_t expires_time; ngx_http_complex_value_t *expires_value; ngx_array_t *headers; + ngx_array_t *trailers; } ngx_http_headers_conf_t; @@ -72,6 +73,8 @@ static char *ngx_http_headers_expires(ng void *conf); static char *ngx_http_headers_add(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); +static char *ngx_http_headers_add_trailer(ngx_conf_t *cf, ngx_command_t *cmd, + void *conf); static ngx_http_set_header_t ngx_http_set_headers[] = { @@ -108,6 +111,14 @@ static ngx_command_t ngx_http_headers_f 0, NULL}, + { ngx_string("add_trailer"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF + |NGX_CONF_TAKE23, + ngx_http_headers_add_trailer, + NGX_HTTP_LOC_CONF_OFFSET, + 0, + NULL}, + ngx_null_command }; @@ -149,15 +160,24 @@ static ngx_http_output_header_filter_pt static ngx_int_t ngx_http_headers_filter(ngx_http_request_t *r) { - ngx_str_t value; - ngx_uint_t i, safe_status; - ngx_http_header_val_t *h; - ngx_http_headers_conf_t *conf; + u_char *p, *data; + size_t len; + ngx_str_t value; + ngx_uint_t i, safe_status; + ngx_table_elt_t *t; + ngx_http_header_val_t *h; + ngx_http_headers_conf_t *conf; + ngx_http_core_loc_conf_t *clcf; + + if (r != r->main) { + return ngx_http_next_header_filter(r); + } conf = ngx_http_get_module_loc_conf(r, ngx_http_headers_filter_module); - if ((conf->expires == NGX_HTTP_EXPIRES_OFF && conf->headers == NULL) - || r != r->main) + if (conf->expires == NGX_HTTP_EXPIRES_OFF + && conf->headers == NULL + && conf->trailers == NULL) { return ngx_http_next_header_filter(r); } @@ -205,6 +225,84 @@ ngx_http_headers_filter(ngx_http_request } } + if (conf->trailers && r->allow_trailers) { + + if (r->http_version < NGX_HTTP_VERSION_20) { + if (r->header_only + || r->headers_out.status == NGX_HTTP_NOT_MODIFIED + || r->headers_out.status == NGX_HTTP_NO_CONTENT + || r->headers_out.status < NGX_HTTP_OK + || r->method == NGX_HTTP_HEAD) + { + return ngx_http_next_header_filter(r); + } + + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); + + if (!clcf->chunked_transfer_encoding) { + return ngx_http_next_header_filter(r); + } + } + + len = 0; + + h = conf->trailers->elts; + for (i = 0; i < conf->trailers->nelts; i++) { + + if (!safe_status && !h[i].always) { + continue; + } + + if (h[i].value.value.len) { + len += h[i].key.len + sizeof(", ") - 1; + } + } + + if (len == 0) { + return ngx_http_next_header_filter(r); + } + + len -= sizeof(", ") - 1; + + t = ngx_list_push(&r->headers_out.headers); + if (t == NULL) { + return NGX_ERROR; + } + + data = ngx_pnalloc(r->pool, len); + if (data == NULL) { + return NGX_ERROR; + } + + p = data; + + h = conf->trailers->elts; + for (i = 0; i < conf->trailers->nelts; i++) { + + if (!safe_status && !h[i].always) { + continue; + } + + if (h[i].value.value.len) { + p = ngx_copy(p, h[i].key.data, h[i].key.len); + + if (p == data + len) { + break; + } + + *p++ = ','; *p++ = ' '; + } + } + + ngx_str_set(&t->key, "Trailer"); + t->value.data = data; + t->value.len = len; + t->hash = ngx_hash(ngx_hash(ngx_hash(ngx_hash(ngx_hash( + ngx_hash('t', 'r'), 'a'), 'i'), 'l'), 'e'), 'r'); + + r->expect_trailers = 1; + } + return ngx_http_next_header_filter(r); } @@ -541,6 +639,67 @@ ngx_http_set_response_header(ngx_http_re } +ngx_int_t +ngx_http_eval_trailers(ngx_http_request_t *r) +{ + ngx_str_t value; + ngx_uint_t i, safe_status; + ngx_table_elt_t *t; + ngx_http_header_val_t *h; + ngx_http_headers_conf_t *conf; + + conf = ngx_http_get_module_loc_conf(r, ngx_http_headers_filter_module); + + if (conf->trailers == NULL) { + return NGX_OK; + } + + switch (r->headers_out.status) { + + case NGX_HTTP_OK: + case NGX_HTTP_CREATED: + case NGX_HTTP_NO_CONTENT: + case NGX_HTTP_PARTIAL_CONTENT: + case NGX_HTTP_MOVED_PERMANENTLY: + case NGX_HTTP_MOVED_TEMPORARILY: + case NGX_HTTP_SEE_OTHER: + case NGX_HTTP_NOT_MODIFIED: + case NGX_HTTP_TEMPORARY_REDIRECT: + safe_status = 1; + break; + + default: + safe_status = 0; + break; + } + + h = conf->trailers->elts; + for (i = 0; i < conf->trailers->nelts; i++) { + + if (!safe_status && !h[i].always) { + continue; + } + + if (ngx_http_complex_value(r, &h[i].value, &value) != NGX_OK) { + return NGX_ERROR; + } + + if (value.len) { + t = ngx_list_push(&r->headers_out.trailers); + if (t == NULL) { + return NGX_ERROR; + } + + t->key = h[i].key; + t->value = value; + t->hash = 1; + } + } + + return NGX_OK; +} + + static void * ngx_http_headers_create_conf(ngx_conf_t *cf) { @@ -555,6 +714,7 @@ ngx_http_headers_create_conf(ngx_conf_t * set by ngx_pcalloc(): * * conf->headers = NULL; + * conf->trailers = NULL; * conf->expires_time = 0; * conf->expires_value = NULL; */ @@ -585,6 +745,10 @@ ngx_http_headers_merge_conf(ngx_conf_t * conf->headers = prev->headers; } + if (conf->trailers == NULL) { + conf->trailers = prev->trailers; + } + return NGX_CONF_OK; } @@ -739,3 +903,63 @@ ngx_http_headers_add(ngx_conf_t *cf, ngx return NGX_CONF_OK; } + + +static char * +ngx_http_headers_add_trailer(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +{ + ngx_http_headers_conf_t *hcf = conf; + + ngx_str_t *value; + ngx_http_header_val_t *hv; + ngx_http_compile_complex_value_t ccv; + + value = cf->args->elts; + + if (hcf->trailers == NULL) { + hcf->trailers = ngx_array_create(cf->pool, 1, + sizeof(ngx_http_header_val_t)); + if (hcf->trailers == NULL) { + return NGX_CONF_ERROR; + } + } + + hv = ngx_array_push(hcf->trailers); + if (hv == NULL) { + return NGX_CONF_ERROR; + } + + hv->key = value[1]; + hv->handler = NULL; + hv->offset = 0; + hv->always = 0; + + if (value[2].len == 0) { + ngx_memzero(&hv->value, sizeof(ngx_http_complex_value_t)); + + } else { + ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t)); + + ccv.cf = cf; + ccv.value = &value[2]; + ccv.complex_value = &hv->value; + + if (ngx_http_compile_complex_value(&ccv) != NGX_OK) { + return NGX_CONF_ERROR; + } + } + + if (cf->args->nelts == 3) { + return NGX_CONF_OK; + } + + if (ngx_strcmp(value[3].data, "always") != 0) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "invalid parameter \"%V\"", &value[3]); + return NGX_CONF_ERROR; + } + + hv->always = 1; + + return NGX_CONF_OK; +} diff -r a0f291f0a903 -r 6d878f4585b9 src/http/ngx_http.h --- a/src/http/ngx_http.h +++ b/src/http/ngx_http.h @@ -143,6 +143,7 @@ ngx_int_t ngx_http_special_response_hand ngx_int_t ngx_http_filter_finalize_request(ngx_http_request_t *r, ngx_module_t *m, ngx_int_t error); void ngx_http_clean_header(ngx_http_request_t *r); +ngx_int_t ngx_http_eval_trailers(ngx_http_request_t *r); ngx_int_t ngx_http_discard_request_body(ngx_http_request_t *r); diff -r a0f291f0a903 -r 6d878f4585b9 src/http/v2/ngx_http_v2_filter_module.c --- a/src/http/v2/ngx_http_v2_filter_module.c +++ b/src/http/v2/ngx_http_v2_filter_module.c @@ -667,6 +667,10 @@ ngx_http_v2_create_trailers_frame(ngx_ht ngx_table_elt_t *header; ngx_http_v2_out_frame_t *frame; + if (ngx_http_eval_trailers(r) != NGX_OK) { + return NGX_HTTP_V2_FRAME_ERROR; + } + len = 0; tmp_len = 0; From piotrsikora at google.com Fri Mar 24 10:47:41 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Fri, 24 Mar 2017 03:47:41 -0700 Subject: [PATCH 3 of 3] Upstream: add support for trailers in HTTP responses In-Reply-To: References: Message-ID: <94e49d08e3b4de32416f.1490352461@piotrsikora.sfo.corp.google.com> # HG changeset patch # User Piotr Sikora # Date 1490351854 25200 # Fri Mar 24 03:37:34 2017 -0700 # Node ID 94e49d08e3b4de32416f5841e38a2388e092191d # Parent 6d878f4585b977053a9d00053bbb7aff263eb96c Upstream: add support for trailers in HTTP responses. Please note that due to how upstream module terminates processing of responses that cannot have message body (responses to HEAD requests, and responses with 1xx, 204 and 304 status codes), trailers of those responses won't be passed to the downstream. This change also adds $upstream_trailer_* variables. Signed-off-by: Piotr Sikora diff -r 6d878f4585b9 -r 94e49d08e3b4 src/http/modules/ngx_http_fastcgi_module.c --- a/src/http/modules/ngx_http_fastcgi_module.c +++ b/src/http/modules/ngx_http_fastcgi_module.c @@ -2784,10 +2784,10 @@ ngx_http_fastcgi_create_loc_conf(ngx_con conf->upstream.intercept_errors = NGX_CONF_UNSET; - /* "fastcgi_cyclic_temp_file" is disabled */ + /* the hardcoded values */ conf->upstream.cyclic_temp_file = 0; - conf->upstream.change_buffering = 1; + conf->upstream.pass_trailers = 0; conf->catch_stderr = NGX_CONF_UNSET_PTR; diff -r 6d878f4585b9 -r 94e49d08e3b4 src/http/modules/ngx_http_memcached_module.c --- a/src/http/modules/ngx_http_memcached_module.c +++ b/src/http/modules/ngx_http_memcached_module.c @@ -619,6 +619,7 @@ ngx_http_memcached_create_loc_conf(ngx_c conf->upstream.pass_request_headers = 0; conf->upstream.pass_request_body = 0; conf->upstream.force_ranges = 1; + conf->upstream.pass_trailers = 0; conf->index = NGX_CONF_UNSET; conf->gzip_flag = NGX_CONF_UNSET_UINT; diff -r 6d878f4585b9 -r 94e49d08e3b4 src/http/modules/ngx_http_proxy_module.c --- a/src/http/modules/ngx_http_proxy_module.c +++ b/src/http/modules/ngx_http_proxy_module.c @@ -2886,11 +2886,12 @@ ngx_http_proxy_create_loc_conf(ngx_conf_ conf->ssl_passwords = NGX_CONF_UNSET_PTR; #endif - /* "proxy_cyclic_temp_file" is disabled */ + /* the hardcoded values */ conf->upstream.cyclic_temp_file = 0; + conf->upstream.change_buffering = 1; + conf->upstream.pass_trailers = 0; conf->redirect = NGX_CONF_UNSET; - conf->upstream.change_buffering = 1; conf->cookie_domains = NGX_CONF_UNSET_PTR; conf->cookie_paths = NGX_CONF_UNSET_PTR; diff -r 6d878f4585b9 -r 94e49d08e3b4 src/http/modules/ngx_http_scgi_module.c --- a/src/http/modules/ngx_http_scgi_module.c +++ b/src/http/modules/ngx_http_scgi_module.c @@ -1234,10 +1234,10 @@ ngx_http_scgi_create_loc_conf(ngx_conf_t conf->upstream.intercept_errors = NGX_CONF_UNSET; - /* "scgi_cyclic_temp_file" is disabled */ + /* the hardcoded values */ conf->upstream.cyclic_temp_file = 0; - conf->upstream.change_buffering = 1; + conf->upstream.pass_trailers = 0; ngx_str_set(&conf->upstream.module, "scgi"); diff -r 6d878f4585b9 -r 94e49d08e3b4 src/http/modules/ngx_http_uwsgi_module.c --- a/src/http/modules/ngx_http_uwsgi_module.c +++ b/src/http/modules/ngx_http_uwsgi_module.c @@ -1448,10 +1448,10 @@ ngx_http_uwsgi_create_loc_conf(ngx_conf_ conf->ssl_passwords = NGX_CONF_UNSET_PTR; #endif - /* "uwsgi_cyclic_temp_file" is disabled */ + /* the hardcoded values */ conf->upstream.cyclic_temp_file = 0; - conf->upstream.change_buffering = 1; + conf->upstream.pass_trailers = 0; ngx_str_set(&conf->upstream.module, "uwsgi"); diff -r 6d878f4585b9 -r 94e49d08e3b4 src/http/ngx_http_upstream.c --- a/src/http/ngx_http_upstream.c +++ b/src/http/ngx_http_upstream.c @@ -55,6 +55,8 @@ static ngx_int_t ngx_http_upstream_inter static ngx_int_t ngx_http_upstream_test_connect(ngx_connection_t *c); static ngx_int_t ngx_http_upstream_process_headers(ngx_http_request_t *r, ngx_http_upstream_t *u); +static ngx_int_t ngx_http_upstream_process_trailers(ngx_http_request_t *r, + ngx_http_upstream_t *u); static void ngx_http_upstream_process_body_in_memory(ngx_http_request_t *r, ngx_http_upstream_t *u); static void ngx_http_upstream_send_response(ngx_http_request_t *r, @@ -166,6 +168,8 @@ static ngx_int_t ngx_http_upstream_respo ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); static ngx_int_t ngx_http_upstream_header_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); +static ngx_int_t ngx_http_upstream_trailer_variable(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data); static ngx_int_t ngx_http_upstream_cookie_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); @@ -422,6 +426,9 @@ static ngx_http_variable_t ngx_http_ups { ngx_string("upstream_http_"), NULL, ngx_http_upstream_header_variable, 0, NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_PREFIX, 0 }, + { ngx_string("upstream_trailer_"), NULL, ngx_http_upstream_trailer_variable, + 0, NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_PREFIX, 0 }, + { ngx_string("upstream_cookie_"), NULL, ngx_http_upstream_cookie_variable, 0, NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_PREFIX, 0 }, @@ -1041,6 +1048,13 @@ ngx_http_upstream_cache_send(ngx_http_re return NGX_ERROR; } + if (ngx_list_init(&u->headers_in.trailers, r->pool, 2, + sizeof(ngx_table_elt_t)) + != NGX_OK) + { + return NGX_ERROR; + } + rc = u->process_header(r); if (rc == NGX_OK) { @@ -1861,6 +1875,13 @@ ngx_http_upstream_reinit(ngx_http_reques return NGX_ERROR; } + if (ngx_list_init(&u->headers_in.trailers, r->pool, 2, + sizeof(ngx_table_elt_t)) + != NGX_OK) + { + return NGX_ERROR; + } + /* reinit the request chain */ file_pos = 0; @@ -2228,6 +2249,15 @@ ngx_http_upstream_process_header(ngx_htt return; } + if (ngx_list_init(&u->headers_in.trailers, r->pool, 2, + sizeof(ngx_table_elt_t)) + != NGX_OK) + { + ngx_http_upstream_finalize_request(r, u, + NGX_HTTP_INTERNAL_SERVER_ERROR); + return; + } + #if (NGX_HTTP_CACHE) if (r->cache) { @@ -2735,6 +2765,44 @@ ngx_http_upstream_process_headers(ngx_ht } +static ngx_int_t +ngx_http_upstream_process_trailers(ngx_http_request_t *r, ngx_http_upstream_t *u) +{ + ngx_uint_t i; + ngx_list_part_t *part; + ngx_table_elt_t *h, *ho; + + if (!u->conf->pass_trailers || !r->allow_trailers || !r->expect_trailers) { + return NGX_OK; + } + + part = &u->headers_in.trailers.part; + h = part->elts; + + for (i = 0; /* void */; i++) { + + if (i >= part->nelts) { + if (part->next == NULL) { + break; + } + + part = part->next; + h = part->elts; + i = 0; + } + + ho = ngx_list_push(&r->headers_out.trailers); + if (ho == NULL) { + return NGX_ERROR; + } + + *ho = h[i]; + } + + return NGX_OK; +} + + static void ngx_http_upstream_process_body_in_memory(ngx_http_request_t *r, ngx_http_upstream_t *u) @@ -4396,6 +4464,13 @@ ngx_http_upstream_finalize_request(ngx_h } if (rc == 0) { + if (ngx_http_upstream_process_trailers(r, u) != NGX_OK) { + rc = NGX_ERROR; + flush = 1; + } + } + + if (rc == 0) { rc = ngx_http_send_special(r, NGX_HTTP_LAST); } else if (flush) { @@ -5519,6 +5594,21 @@ ngx_http_upstream_header_variable(ngx_ht static ngx_int_t +ngx_http_upstream_trailer_variable(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data) +{ + if (r->upstream == NULL) { + v->not_found = 1; + return NGX_OK; + } + + return ngx_http_variable_unknown_header(v, (ngx_str_t *) data, + &r->upstream->headers_in.trailers.part, + sizeof("upstream_trailer_") - 1); +} + + +static ngx_int_t ngx_http_upstream_cookie_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data) { diff -r 6d878f4585b9 -r 94e49d08e3b4 src/http/ngx_http_upstream.h --- a/src/http/ngx_http_upstream.h +++ b/src/http/ngx_http_upstream.h @@ -183,6 +183,7 @@ typedef struct { ngx_hash_t hide_headers_hash; ngx_array_t *hide_headers; ngx_array_t *pass_headers; + ngx_flag_t pass_trailers; ngx_http_upstream_local_t *local; @@ -248,6 +249,7 @@ typedef struct { typedef struct { ngx_list_t headers; + ngx_list_t trailers; ngx_uint_t status_n; ngx_str_t status_line; From mail at void.so Fri Mar 24 11:09:47 2017 From: mail at void.so (Pavel Balaev) Date: Fri, 24 Mar 2017 14:09:47 +0300 Subject: custom data pointer in struct ngx_connection_s Message-ID: <20170324110946.GD7140@rnd.localhost> Hello. I'm trying to write module for nginx. My module needs to hold some arbitrary data while connection is alive (keep-alive connection). The memory for void *ctx is allocated from r->commection->pool. The problem is that I don't know where to store this pointer. I added void *ctx to struct ngx_connection_s and use it like this: ctx = ngx_pcalloc(r->connection->pool, ... r->connection->ctx = ctx; and everything works as I needed, but I tnink that this solution may be wrong. From mdounin at mdounin.ru Fri Mar 24 14:57:23 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 24 Mar 2017 14:57:23 +0000 Subject: [nginx] Fixed CPU hog while freeing hc->busy after e662cbf1b932 (1.11.11). Message-ID: details: http://hg.nginx.org/nginx/rev/1c43ac026c1d branches: changeset: 6942:1c43ac026c1d user: Maxim Dounin date: Fri Mar 24 16:26:12 2017 +0300 description: Fixed CPU hog while freeing hc->busy after e662cbf1b932 (1.11.11). Reported by Richard Stanway, http://mailman.nginx.org/pipermail/nginx/2017-March/053296.html. diffstat: src/http/ngx_http_request.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diffs (11 lines): diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -2904,6 +2904,7 @@ ngx_http_set_keepalive(ngx_http_request_ } cl->buf = b; + cl->next = NULL; hc->busy = cl; hc->nbusy = 1; From mdounin at mdounin.ru Fri Mar 24 15:05:39 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 24 Mar 2017 15:05:39 +0000 Subject: [nginx] nginx-1.11.12-RELEASE Message-ID: details: http://hg.nginx.org/nginx/rev/7f394e433f00 branches: changeset: 6943:7f394e433f00 user: Maxim Dounin date: Fri Mar 24 18:05:05 2017 +0300 description: nginx-1.11.12-RELEASE diffstat: docs/xml/nginx/changes.xml | 16 ++++++++++++++++ 1 files changed, 16 insertions(+), 0 deletions(-) diffs (26 lines): diff --git a/docs/xml/nginx/changes.xml b/docs/xml/nginx/changes.xml --- a/docs/xml/nginx/changes.xml +++ b/docs/xml/nginx/changes.xml @@ -5,6 +5,22 @@ + + + + +nginx ??? ????????? ?????????; +?????? ????????? ? 1.11.11. + + +nginx might hog CPU; +the bug had appeared in 1.11.11. + + + + + + From mdounin at mdounin.ru Fri Mar 24 15:05:41 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 24 Mar 2017 15:05:41 +0000 Subject: [nginx] release-1.11.12 tag Message-ID: details: http://hg.nginx.org/nginx/rev/22be63bf21ed branches: changeset: 6944:22be63bf21ed user: Maxim Dounin date: Fri Mar 24 18:05:06 2017 +0300 description: release-1.11.12 tag diffstat: .hgtags | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diffs (8 lines): diff --git a/.hgtags b/.hgtags --- a/.hgtags +++ b/.hgtags @@ -410,3 +410,4 @@ 4591da489a30f790def29bc5987f43409b503cae 20a45c768e5ed26b740679d0e22045c98727c3cc release-1.11.9 1ad0999a7ded3d4fb01c7acf8ff57c80b643da7e release-1.11.10 d8b321a876d6254e9e98795e3b194ef053290354 release-1.11.11 +7f394e433f0003222aa6531931ecc0b24740d5e4 release-1.11.12 From piotrsikora at google.com Sun Mar 26 08:41:05 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Sun, 26 Mar 2017 01:41:05 -0700 Subject: [PATCH] HTTP/2: style Message-ID: # HG changeset patch # User Piotr Sikora # Date 1490516701 25200 # Sun Mar 26 01:25:01 2017 -0700 # Node ID a79510a00969e97331e8dbc8a423e0265115b2e4 # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 HTTP/2: style. Signed-off-by: Piotr Sikora diff -r 22be63bf21ed -r a79510a00969 src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c +++ b/src/http/v2/ngx_http_v2.c @@ -938,7 +938,7 @@ ngx_http_v2_state_read_data(ngx_http_v2_ if (size >= h2c->state.length) { size = h2c->state.length; - stream->in_closed = h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG; + stream->in_closed = h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG; } r = stream->request; @@ -1901,7 +1901,7 @@ ngx_http_v2_state_rst_stream(ngx_http_v2 if (node == NULL || node->stream == NULL) { ngx_log_debug0(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, - "unknown http2 stream"); + "unknown http2 stream"); return ngx_http_v2_state_complete(h2c, pos, end); } @@ -2015,6 +2015,7 @@ ngx_http_v2_state_settings_params(ngx_ht break; case NGX_HTTP_V2_MAX_FRAME_SIZE_SETTING: + if (value > NGX_HTTP_V2_MAX_FRAME_SIZE || value < NGX_HTTP_V2_DEFAULT_FRAME_SIZE) { diff -r 22be63bf21ed -r a79510a00969 src/http/v2/ngx_http_v2.h --- a/src/http/v2/ngx_http_v2.h +++ b/src/http/v2/ngx_http_v2.h @@ -249,8 +249,8 @@ ngx_http_v2_queue_blocked_frame(ngx_http { ngx_http_v2_out_frame_t **out; - for (out = &h2c->last_out; *out; out = &(*out)->next) - { + for (out = &h2c->last_out; *out; out = &(*out)->next) { + if ((*out)->blocked || (*out)->stream == NULL) { break; } From piotrsikora at google.com Sun Mar 26 08:41:09 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Sun, 26 Mar 2017 01:41:09 -0700 Subject: [PATCH 1 of 2] HTTP/2: fix $bytes_sent variable Message-ID: <74ee816e712ee3b73143.1490517669@piotrsikora.sfo.corp.google.com> # HG changeset patch # User Piotr Sikora # Date 1490516702 25200 # Sun Mar 26 01:25:02 2017 -0700 # Node ID 74ee816e712ee3b731437947470383555653338d # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 HTTP/2: fix $bytes_sent variable. Previously, its value accounted for payloads of HEADERS, CONTINUATION and DATA frames, as well as frame headers of HEADERS and DATA frames, but it didn't account for frame headers of CONTINUATION frames. Signed-off-by: Piotr Sikora diff -r 22be63bf21ed -r 74ee816e712e src/http/v2/ngx_http_v2_filter_module.c --- a/src/http/v2/ngx_http_v2_filter_module.c +++ b/src/http/v2/ngx_http_v2_filter_module.c @@ -769,6 +769,8 @@ ngx_http_v2_create_headers_frame(ngx_htt rest -= frame_size; if (rest) { + frame->length += NGX_HTTP_V2_FRAME_HEADER_SIZE; + type = NGX_HTTP_V2_CONTINUATION_FRAME; flags = NGX_HTTP_V2_NO_FLAG; continue; From piotrsikora at google.com Sun Mar 26 08:41:10 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Sun, 26 Mar 2017 01:41:10 -0700 Subject: [PATCH 2 of 2] HTTP/2: fix $body_bytes_sent variable In-Reply-To: <74ee816e712ee3b73143.1490517669@piotrsikora.sfo.corp.google.com> References: <74ee816e712ee3b73143.1490517669@piotrsikora.sfo.corp.google.com> Message-ID: # HG changeset patch # User Piotr Sikora # Date 1490516703 25200 # Sun Mar 26 01:25:03 2017 -0700 # Node ID dd6c656ed7a327641b2ddfc34768f9551e44bb0f # Parent 74ee816e712ee3b731437947470383555653338d HTTP/2: fix $body_bytes_sent variable. Previously, its value included payloads and frame headers of HEADERS and CONTINUATION frames. Signed-off-by: Piotr Sikora diff -r 74ee816e712e -r dd6c656ed7a3 src/http/v2/ngx_http_v2_filter_module.c --- a/src/http/v2/ngx_http_v2_filter_module.c +++ b/src/http/v2/ngx_http_v2_filter_module.c @@ -1211,6 +1211,9 @@ ngx_http_v2_headers_frame_handler(ngx_ht "http2:%ui HEADERS frame %p was sent", stream->node->id, frame); + stream->request->header_size += NGX_HTTP_V2_FRAME_HEADER_SIZE + + frame->length; + ngx_http_v2_handle_frame(stream, frame); ngx_http_v2_handle_stream(h2c, stream); From piotrsikora at google.com Sun Mar 26 08:41:11 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Sun, 26 Mar 2017 01:41:11 -0700 Subject: [PATCH] HTTP/2: fix flow control with padded DATA frames Message-ID: <899a53d2789b8c6bafdd.1490517671@piotrsikora.sfo.corp.google.com> # HG changeset patch # User Piotr Sikora # Date 1490516704 25200 # Sun Mar 26 01:25:04 2017 -0700 # Node ID 899a53d2789b8c6bafdd5e40d78b4e92dd32dd10 # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 HTTP/2: fix flow control with padded DATA frames. Previously, flow control didn't account for padding in DATA frames, which meant that its view of the world could drift from peer's view by up to 256 bytes per received padded DATA frame, which could lead to a deadlock. Signed-off-by: Piotr Sikora diff -r 22be63bf21ed -r 899a53d2789b src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c +++ b/src/http/v2/ngx_http_v2.c @@ -783,9 +783,12 @@ ngx_http_v2_state_head(ngx_http_v2_conne static u_char * ngx_http_v2_state_data(ngx_http_v2_connection_t *h2c, u_char *pos, u_char *end) { + size_t size; ngx_http_v2_node_t *node; ngx_http_v2_stream_t *stream; + size = h2c->state.length; + if (h2c->state.flags & NGX_HTTP_V2_PADDED_FLAG) { if (h2c->state.length == 0) { @@ -802,33 +805,32 @@ ngx_http_v2_state_data(ngx_http_v2_conne } h2c->state.padding = *pos++; - h2c->state.length--; - - if (h2c->state.padding > h2c->state.length) { + + if (h2c->state.padding >= size) { ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, "client sent padded DATA frame " "with incorrect length: %uz, padding: %uz", - h2c->state.length, h2c->state.padding); + size, h2c->state.padding); return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR); } - h2c->state.length -= h2c->state.padding; + h2c->state.length -= 1 + h2c->state.padding; } ngx_log_debug0(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, "http2 DATA frame"); - if (h2c->state.length > h2c->recv_window) { + if (size > h2c->recv_window) { ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, "client violated connection flow control: " "received DATA frame length %uz, available window %uz", - h2c->state.length, h2c->recv_window); + size, h2c->recv_window); return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_FLOW_CTRL_ERROR); } - h2c->recv_window -= h2c->state.length; + h2c->recv_window -= size; if (h2c->recv_window < NGX_HTTP_V2_MAX_WINDOW / 4) { @@ -854,11 +856,11 @@ ngx_http_v2_state_data(ngx_http_v2_conne stream = node->stream; - if (h2c->state.length > stream->recv_window) { + if (size > stream->recv_window) { ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, "client violated flow control for stream %ui: " "received DATA frame length %uz, available window %uz", - node->id, h2c->state.length, stream->recv_window); + node->id, size, stream->recv_window); if (ngx_http_v2_terminate_stream(h2c, stream, NGX_HTTP_V2_FLOW_CTRL_ERROR) @@ -871,7 +873,7 @@ ngx_http_v2_state_data(ngx_http_v2_conne return ngx_http_v2_state_skip_padded(h2c, pos, end); } - stream->recv_window -= h2c->state.length; + stream->recv_window -= size; if (stream->no_flow_control && stream->recv_window < NGX_HTTP_V2_MAX_WINDOW / 4) From piotrsikora at google.com Sun Mar 26 08:41:13 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Sun, 26 Mar 2017 01:41:13 -0700 Subject: [PATCH] HTTP/2: emit PROTOCOL_ERROR on padding errors Message-ID: <8d3fb456411018e28634.1490517673@piotrsikora.sfo.corp.google.com> # HG changeset patch # User Piotr Sikora # Date 1490516705 25200 # Sun Mar 26 01:25:05 2017 -0700 # Node ID 8d3fb456411018e286345ba92a855ca42ca8af2f # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 HTTP/2: emit PROTOCOL_ERROR on padding errors. Signed-off-by: Piotr Sikora diff -r 22be63bf21ed -r 8d3fb4564110 src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c +++ b/src/http/v2/ngx_http_v2.c @@ -810,7 +810,8 @@ ngx_http_v2_state_data(ngx_http_v2_conne "with incorrect length: %uz, padding: %uz", h2c->state.length, h2c->state.padding); - return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR); + return ngx_http_v2_connection_error(h2c, + NGX_HTTP_V2_PROTOCOL_ERROR); } h2c->state.length -= h2c->state.padding; @@ -1053,7 +1054,8 @@ ngx_http_v2_state_headers(ngx_http_v2_co "with incorrect length: %uz, padding: %uz", h2c->state.length, h2c->state.padding); - return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR); + return ngx_http_v2_connection_error(h2c, + NGX_HTTP_V2_PROTOCOL_ERROR); } h2c->state.length -= h2c->state.padding; From piotrsikora at google.com Sun Mar 26 08:41:15 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Sun, 26 Mar 2017 01:41:15 -0700 Subject: [PATCH] HTTP/2: emit PROTOCOL_ERROR on invalid WINDOW_UPDATE increments Message-ID: <9bbcacbdf6bd858a34a9.1490517675@piotrsikora.sfo.corp.google.com> # HG changeset patch # User Piotr Sikora # Date 1490516706 25200 # Sun Mar 26 01:25:06 2017 -0700 # Node ID 9bbcacbdf6bd858a34a9dfd1ac2185eb8fc8c82f # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 HTTP/2: emit PROTOCOL_ERROR on invalid WINDOW_UPDATE increments. Signed-off-by: Piotr Sikora diff -r 22be63bf21ed -r 9bbcacbdf6bd src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c +++ b/src/http/v2/ngx_http_v2.c @@ -2173,6 +2173,22 @@ ngx_http_v2_state_window_update(ngx_http stream = node->stream; + if (window == 0) { + ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, + "client sent WINDOW_UPDATE frame for stream %ui " + "with incorrect window increment 0", h2c->state.sid); + + if (ngx_http_v2_terminate_stream(h2c, stream, + NGX_HTTP_V2_PROTOCOL_ERROR) + == NGX_ERROR) + { + return ngx_http_v2_connection_error(h2c, + NGX_HTTP_V2_INTERNAL_ERROR); + } + + return ngx_http_v2_state_complete(h2c, pos, end); + } + if (window > (size_t) (NGX_HTTP_V2_MAX_WINDOW - stream->send_window)) { ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, @@ -2211,6 +2227,14 @@ ngx_http_v2_state_window_update(ngx_http return ngx_http_v2_state_complete(h2c, pos, end); } + if (window == 0) { + ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, + "client sent WINDOW_UPDATE frame " + "with incorrect window increment 0"); + + return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_PROTOCOL_ERROR); + } + if (window > NGX_HTTP_V2_MAX_WINDOW - h2c->send_window) { ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, "client violated connection flow control: " From piotrsikora at google.com Sun Mar 26 08:41:16 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Sun, 26 Mar 2017 01:41:16 -0700 Subject: [PATCH] HTTP/2: emit PROTOCOL_ERROR on invalid ENABLE_PUSH setting value Message-ID: <705897a463205ba00dce.1490517676@piotrsikora.sfo.corp.google.com> # HG changeset patch # User Piotr Sikora # Date 1490516707 25200 # Sun Mar 26 01:25:07 2017 -0700 # Node ID 705897a463205ba00dce296ff49866c6b78fc6ee # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 HTTP/2: emit PROTOCOL_ERROR on invalid ENABLE_PUSH setting value. Signed-off-by: Piotr Sikora diff -r 22be63bf21ed -r 705897a46320 src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c +++ b/src/http/v2/ngx_http_v2.c @@ -40,6 +40,7 @@ /* settings fields */ #define NGX_HTTP_V2_HEADER_TABLE_SIZE_SETTING 0x1 +#define NGX_HTTP_V2_ENABLE_PUSH_SETTING 0x2 #define NGX_HTTP_V2_MAX_STREAMS_SETTING 0x3 #define NGX_HTTP_V2_INIT_WINDOW_SIZE_SETTING 0x4 #define NGX_HTTP_V2_MAX_FRAME_SIZE_SETTING 0x5 @@ -1993,6 +1994,19 @@ ngx_http_v2_state_settings_params(ngx_ht switch (id) { + case NGX_HTTP_V2_ENABLE_PUSH_SETTING: + + if (value != 0 && value != 1) { + ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, + "client sent SETTINGS frame with incorrect " + "ENABLE_PUSH value %ui", value); + + return ngx_http_v2_connection_error(h2c, + NGX_HTTP_V2_PROTOCOL_ERROR); + } + + break; + case NGX_HTTP_V2_INIT_WINDOW_SIZE_SETTING: if (value > NGX_HTTP_V2_MAX_WINDOW) { From piotrsikora at google.com Sun Mar 26 08:41:17 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Sun, 26 Mar 2017 01:41:17 -0700 Subject: [PATCH] HTTP/2: reject HTTP/2 requests without ":scheme" pseudo-header Message-ID: <6bb029b1df11662ba11e.1490517677@piotrsikora.sfo.corp.google.com> # HG changeset patch # User Piotr Sikora # Date 1490516708 25200 # Sun Mar 26 01:25:08 2017 -0700 # Node ID 6bb029b1df11662ba11e190490cf1ed175fcfaa6 # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 HTTP/2: reject HTTP/2 requests without ":scheme" pseudo-header. While there, fix typo in error logs about it. Signed-off-by: Piotr Sikora diff -r 22be63bf21ed -r 6bb029b1df11 src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c +++ b/src/http/v2/ngx_http_v2.c @@ -3219,14 +3219,14 @@ ngx_http_v2_parse_scheme(ngx_http_reques { if (r->schema_start) { ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, - "client sent duplicate :schema header"); + "client sent duplicate :scheme header"); return NGX_DECLINED; } if (header->value.len == 0) { ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, - "client sent empty :schema header"); + "client sent empty :scheme header"); return NGX_DECLINED; } @@ -3291,6 +3291,7 @@ ngx_http_v2_construct_request_line(ngx_h static const u_char ending[] = " HTTP/2.0"; if (r->method_name.len == 0 + || r->schema_start == NULL || r->unparsed_uri.len == 0) { ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); From piotrsikora at google.com Sun Mar 26 08:41:18 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Sun, 26 Mar 2017 01:41:18 -0700 Subject: [PATCH] HTTP/2: reject HTTP/2 requests with "Connection" header Message-ID: # HG changeset patch # User Piotr Sikora # Date 1490516709 25200 # Sun Mar 26 01:25:09 2017 -0700 # Node ID b8daccea5fde213d4b7a10fa9f57070ab3b6a1ec # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 HTTP/2: reject HTTP/2 requests with "Connection" header. While there, populate r->headers_in.connection. Signed-off-by: Piotr Sikora diff -r 22be63bf21ed -r b8daccea5fde src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -1659,6 +1659,22 @@ static ngx_int_t ngx_http_process_connection(ngx_http_request_t *r, ngx_table_elt_t *h, ngx_uint_t offset) { + if (r->headers_in.connection == NULL) { + r->headers_in.connection = h; + } + +#if (NGX_HTTP_V2) + + if (r->http_version >= NGX_HTTP_VERSION_20) { + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "client sent HTTP/2 request with \"Connection\" header"); + + ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); + return NGX_ERROR; + } + +#endif + if (ngx_strcasestrn(h->value.data, "close", 5 - 1)) { r->headers_in.connection_type = NGX_HTTP_CONNECTION_CLOSE; From piotrsikora at google.com Sun Mar 26 08:41:20 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Sun, 26 Mar 2017 01:41:20 -0700 Subject: [PATCH] HTTP/2: add logging of RST_STREAM frames with NO_ERROR code Message-ID: <31dfcde3ea2ccf1a2dbd.1490517680@piotrsikora.sfo.corp.google.com> # HG changeset patch # User Piotr Sikora # Date 1490516710 25200 # Sun Mar 26 01:25:10 2017 -0700 # Node ID 31dfcde3ea2ccf1a2dbd2601ebe8f4306887fc0f # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 HTTP/2: add logging of RST_STREAM frames with NO_ERROR code. Signed-off-by: Piotr Sikora diff -r 22be63bf21ed -r 31dfcde3ea2c src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c +++ b/src/http/v2/ngx_http_v2.c @@ -1916,6 +1916,11 @@ ngx_http_v2_state_rst_stream(ngx_http_v2 switch (status) { + case NGX_HTTP_V2_NO_ERROR: + ngx_log_error(NGX_LOG_INFO, fc->log, 0, + "client closed stream %ui", h2c->state.sid); + break; + case NGX_HTTP_V2_CANCEL: ngx_log_error(NGX_LOG_INFO, fc->log, 0, "client canceled stream %ui", h2c->state.sid); From piotrsikora at google.com Sun Mar 26 08:41:21 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Sun, 26 Mar 2017 01:41:21 -0700 Subject: [PATCH] HTTP/2: add debug logging of pseudo-headers and control frames Message-ID: <6990fb6463ce47705e06.1490517681@piotrsikora.sfo.corp.google.com> # HG changeset patch # User Piotr Sikora # Date 1490516711 25200 # Sun Mar 26 01:25:11 2017 -0700 # Node ID 6990fb6463ce47705e06ff6d0fbd9ae6696aeb37 # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 HTTP/2: add debug logging of pseudo-headers and control frames. Signed-off-by: Piotr Sikora diff -r 22be63bf21ed -r 6990fb6463ce src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c +++ b/src/http/v2/ngx_http_v2.c @@ -1585,6 +1585,10 @@ ngx_http_v2_state_process_header(ngx_htt rc = ngx_http_v2_pseudo_header(r, header); if (rc == NGX_OK) { + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http2 http header: \":%V: %V\"", + &header->name, &header->value); + return ngx_http_v2_state_header_complete(h2c, pos, end); } @@ -1955,6 +1959,9 @@ ngx_http_v2_state_settings(ngx_http_v2_c return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR); } + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, + "http2 SETTINGS frame ack:1"); + h2c->settings_ack = 1; return ngx_http_v2_state_complete(h2c, pos, end); @@ -1968,6 +1975,9 @@ ngx_http_v2_state_settings(ngx_http_v2_c return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR); } + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, + "http2 SETTINGS frame ack:0"); + ngx_http_v2_send_settings(h2c, 1); return ngx_http_v2_state_settings_params(h2c, pos, end); @@ -2070,12 +2080,16 @@ ngx_http_v2_state_ping(ngx_http_v2_conne } ngx_log_debug1(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, - "http2 PING frame, flags: %ud", h2c->state.flags); + "http2 PING frame ack:%ud", + h2c->state.flags & NGX_HTTP_V2_ACK_FLAG ? 1 : 0); if (h2c->state.flags & NGX_HTTP_V2_ACK_FLAG) { return ngx_http_v2_state_skip(h2c, pos, end); } + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, + "http2 send PING frame ack:1"); + frame = ngx_http_v2_get_frame(h2c, NGX_HTTP_V2_PING_SIZE, NGX_HTTP_V2_PING_FRAME, NGX_HTTP_V2_ACK_FLAG, 0); From piotrsikora at google.com Sun Mar 26 08:41:23 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Sun, 26 Mar 2017 01:41:23 -0700 Subject: [PATCH] HTTP/2: add fast-path for HTTP/2 requests without request body Message-ID: # HG changeset patch # User Piotr Sikora # Date 1490516712 25200 # Sun Mar 26 01:25:12 2017 -0700 # Node ID f9fd6a8babce9f57f038d304dc1eef82284dde8b # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 HTTP/2: add fast-path for HTTP/2 requests without request body. Signed-off-by: Piotr Sikora diff -r 22be63bf21ed -r f9fd6a8babce src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c +++ b/src/http/v2/ngx_http_v2.c @@ -3494,7 +3494,9 @@ ngx_http_v2_read_request_body(ngx_http_r stream = r->stream; - if (stream->skip_data) { + if (stream->skip_data + || (stream->in_closed && stream->preread == NULL)) + { r->request_body_no_buffering = 0; post_handler(r); return NGX_OK; From hucong.c at foxmail.com Mon Mar 27 14:56:13 2017 From: hucong.c at foxmail.com (=?utf-8?B?6IOh6IGqIChodWNjKQ==?=) Date: Mon, 27 Mar 2017 22:56:13 +0800 Subject: [bugfix] Mp4: set single_range when ngx_http_mp4_process() returns NGX_OK. Message-ID: # HG changeset patch # User hucongcong # Date 1490618655 -28800 # Mon Mar 27 20:44:15 2017 +0800 # Node ID 84d73e16113e3fccea9a0156f8edb8e8d0e7499a # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 Mp4: set single_range when ngx_http_mp4_process() returns NGX_OK. Set single_range flag in reuqest when ngx_http_mp4_process() returns NGX_OK, because response body is going to be in more than one buffer only in this case. diff -r 22be63bf21ed -r 84d73e16113e src/http/modules/ngx_http_mp4_module.c --- a/src/http/modules/ngx_http_mp4_module.c Fri Mar 24 18:05:06 2017 +0300 +++ b/src/http/modules/ngx_http_mp4_module.c Mon Mar 27 20:44:15 2017 +0800 @@ -561,8 +561,6 @@ ngx_http_mp4_handler(ngx_http_request_t } if (start >= 0) { - r->single_range = 1; - mp4 = ngx_pcalloc(r->pool, sizeof(ngx_http_mp4_file_t)); if (mp4 == NULL) { return NGX_HTTP_INTERNAL_SERVER_ERROR; @@ -589,6 +587,7 @@ ngx_http_mp4_handler(ngx_http_request_t break; case NGX_OK: + r->single_range = 1; r->headers_out.content_length_n = mp4->content_length; break; From hucong.c at foxmail.com Mon Mar 27 14:57:51 2017 From: hucong.c at foxmail.com (=?utf-8?B?6IOh6IGqIChodWNjKQ==?=) Date: Mon, 27 Mar 2017 22:57:51 +0800 Subject: [bugfix] Mp4: fixed start time is out mp4 mdat atom. Message-ID: # HG changeset patch # User hucongcong # Date 1490619789 -28800 # Mon Mar 27 21:03:09 2017 +0800 # Node ID 67ad0b01f77ea5590d390b4b38d71ec2c739d333 # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 Mp4: fixed start time is out mp4 mdat atom. start time is already out mp4 mdat atom when start_offset is equal to file_last of mdat. diff -r 22be63bf21ed -r 67ad0b01f77e src/http/modules/ngx_http_mp4_module.c --- a/src/http/modules/ngx_http_mp4_module.c Fri Mar 24 18:05:06 2017 +0300 +++ b/src/http/modules/ngx_http_mp4_module.c Mon Mar 27 21:03:09 2017 +0800 @@ -860,7 +860,7 @@ ngx_http_mp4_process(ngx_http_mp4_file_t *prev = &mp4->mdat_atom; - if (start_offset > mp4->mdat_data.buf->file_last) { + if (start_offset >= mp4->mdat_data.buf->file_last) { ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, "start time is out mp4 mdat atom in \"%s\"", mp4->file.name.data); From mdounin at mdounin.ru Mon Mar 27 15:31:44 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 27 Mar 2017 18:31:44 +0300 Subject: [bugfix] Mp4: set single_range when ngx_http_mp4_process() returns NGX_OK. In-Reply-To: References: Message-ID: <20170327153144.GS13617@mdounin.ru> Hello! On Mon, Mar 27, 2017 at 10:56:13PM +0800, ?? (hucc) wrote: > # HG changeset patch > # User hucongcong > # Date 1490618655 -28800 > # Mon Mar 27 20:44:15 2017 +0800 > # Node ID 84d73e16113e3fccea9a0156f8edb8e8d0e7499a > # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 > Mp4: set single_range when ngx_http_mp4_process() returns NGX_OK. > > Set single_range flag in reuqest when ngx_http_mp4_process() returns NGX_OK, > because response body is going to be in more than one buffer only in this case. > > diff -r 22be63bf21ed -r 84d73e16113e src/http/modules/ngx_http_mp4_module.c > --- a/src/http/modules/ngx_http_mp4_module.c Fri Mar 24 18:05:06 2017 +0300 > +++ b/src/http/modules/ngx_http_mp4_module.c Mon Mar 27 20:44:15 2017 +0800 > @@ -561,8 +561,6 @@ ngx_http_mp4_handler(ngx_http_request_t > } > > if (start >= 0) { > - r->single_range = 1; > - > mp4 = ngx_pcalloc(r->pool, sizeof(ngx_http_mp4_file_t)); > if (mp4 == NULL) { > return NGX_HTTP_INTERNAL_SERVER_ERROR; > @@ -589,6 +587,7 @@ ngx_http_mp4_handler(ngx_http_request_t > break; > > case NGX_OK: > + r->single_range = 1; > r->headers_out.content_length_n = mp4->content_length; > break; What's the goal of this patch? Do you want mp4 to handle multi-range requests? Have you ever seen clients doing such requests? -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Mon Mar 27 15:39:11 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 27 Mar 2017 18:39:11 +0300 Subject: [bugfix] Mp4: fixed start time is out mp4 mdat atom. In-Reply-To: References: Message-ID: <20170327153911.GT13617@mdounin.ru> Hello! On Mon, Mar 27, 2017 at 10:57:51PM +0800, ?? (hucc) wrote: > # HG changeset patch > # User hucongcong > # Date 1490619789 -28800 > # Mon Mar 27 21:03:09 2017 +0800 > # Node ID 67ad0b01f77ea5590d390b4b38d71ec2c739d333 > # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 > Mp4: fixed start time is out mp4 mdat atom. > > start time is already out mp4 mdat atom when start_offset is equal to > file_last of mdat. > > diff -r 22be63bf21ed -r 67ad0b01f77e src/http/modules/ngx_http_mp4_module.c > --- a/src/http/modules/ngx_http_mp4_module.c Fri Mar 24 18:05:06 2017 +0300 > +++ b/src/http/modules/ngx_http_mp4_module.c Mon Mar 27 21:03:09 2017 +0800 > @@ -860,7 +860,7 @@ ngx_http_mp4_process(ngx_http_mp4_file_t > > *prev = &mp4->mdat_atom; > > - if (start_offset > mp4->mdat_data.buf->file_last) { > + if (start_offset >= mp4->mdat_data.buf->file_last) { > ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > "start time is out mp4 mdat atom in \"%s\"", > mp4->file.name.data); Please explain what exactly you are trying to fix here. If start_offset == file_last, the file can still contain a zero-sized mdat atom. Such atom is unlikely to be usable, but it looks still legitimate from formal point of view. -- Maxim Dounin http://nginx.org/ From hucong.c at foxmail.com Mon Mar 27 16:18:13 2017 From: hucong.c at foxmail.com (=?utf-8?B?6IOh6IGqIChodWNjKQ==?=) Date: Tue, 28 Mar 2017 00:18:13 +0800 Subject: [bugfix] Mp4: set single_range when ngx_http_mp4_process()returns NGX_OK. In-Reply-To: <20170327153144.GS13617@mdounin.ru> References: <20170327153144.GS13617@mdounin.ru> Message-ID: Hi, On Monday, Mar 27, 2017 11:31 PM +0300, Maxim Dounin wrote: >What's the goal of this patch? >Do you want mp4 to handle multi-range requests? Have you ever >seen clients doing such requests? yes, I want mp4 to handle multi-range requests is that case. If it can do it, why not? In addition, the patch ensures that the usage scenarios of single_range is consistant which helps to understand the flag. I have not seen a similar request yet. I just recently developed some modules which makes me care about this flag. Best wishes -hucc From mdounin at mdounin.ru Mon Mar 27 16:38:33 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 27 Mar 2017 19:38:33 +0300 Subject: [bugfix] Mp4: set single_range when ngx_http_mp4_process()returns NGX_OK. In-Reply-To: References: <20170327153144.GS13617@mdounin.ru> Message-ID: <20170327163833.GU13617@mdounin.ru> Hello! On Tue, Mar 28, 2017 at 12:18:13AM +0800, ?? (hucc) wrote: > On Monday, Mar 27, 2017 11:31 PM +0300, Maxim Dounin wrote: > > >What's the goal of this patch? > >Do you want mp4 to handle multi-range requests? Have you ever > >seen clients doing such requests? > > yes, I want mp4 to handle multi-range requests is that case. If it can do it, > why not? In addition, the patch ensures that the usage scenarios of single_range > is consistant which helps to understand the flag. The problem here is consistency and predictability from user point of view as well. If nginx can handle multi-range requests in some cases, but not in others, it creates a huge problem for anyone who is trying to understand why things do not work. To simplify things, nginx unconditionally disables multi-range requests if there were any start/end arguments. > I have not seen a similar request yet. I just recently developed some modules > which makes me care about this flag. Ok, thank you for confirmation. You may want to re-think your design, multi-range requests are believed to be too complicated to work properly, and just can't work in many practical cases. Using separate single-range requests may be a better idea. -- Maxim Dounin http://nginx.org/ From hucong.c at foxmail.com Mon Mar 27 16:50:45 2017 From: hucong.c at foxmail.com (=?utf-8?B?6IOh6IGqIChodWNjKQ==?=) Date: Tue, 28 Mar 2017 00:50:45 +0800 Subject: [bugfix] Mp4: fixed start time is out mp4 mdat atom. In-Reply-To: <20170327153911.GT13617@mdounin.ru> References: <20170327153911.GT13617@mdounin.ru> Message-ID: Hi, On Monday, Mar 27, 2017 11:39 PM +0300, Maxim Dounin wrote: >On Mon, Mar 27, 2017 at 10:57:51PM +0800, ?? (hucc) wrote: > >> # HG changeset patch >> # User hucongcong >> # Date 1490619789 -28800 >> # Mon Mar 27 21:03:09 2017 +0800 >> # Node ID 67ad0b01f77ea5590d390b4b38d71ec2c739d333 >> # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 >> Mp4: fixed start time is out mp4 mdat atom. >> >> start time is already out mp4 mdat atom when start_offset is equal to >> file_last of mdat. >> >> diff -r 22be63bf21ed -r 67ad0b01f77e src/http/modules/ngx_http_mp4_module.c >> --- a/src/http/modules/ngx_http_mp4_module.c Fri Mar 24 18:05:06 2017 +0300 >> +++ b/src/http/modules/ngx_http_mp4_module.c Mon Mar 27 21:03:09 2017 +0800 >> @@ -860,7 +860,7 @@ ngx_http_mp4_process(ngx_http_mp4_file_t >> >> *prev = &mp4->mdat_atom; >> >> - if (start_offset > mp4->mdat_data.buf->file_last) { >> + if (start_offset >= mp4->mdat_data.buf->file_last) { >> ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, >> "start time is out mp4 mdat atom in \"%s\"", >> mp4->file.name.data); > >Please explain what exactly you are trying to fix here. > >If start_offset == file_last, the file can still contain a >zero-sized mdat atom. Such atom is unlikely to be usable, but it >looks still legitimate from formal point of view. Yes, it is still legitimate. But here start_offset is indeed out of mdat atom. This is an issue of the accuracy of the boundary control. Understanding this error will become easier if someone want this module to support returning integral file when ngx_http_mp4_process() returns NGX_ERROR. Best wishes -hucc From vbart at nginx.com Mon Mar 27 16:58:01 2017 From: vbart at nginx.com (Valentin V. Bartenev) Date: Mon, 27 Mar 2017 19:58:01 +0300 Subject: [PATCH 1 of 2] HTTP/2: fix $bytes_sent variable In-Reply-To: <74ee816e712ee3b73143.1490517669@piotrsikora.sfo.corp.google.com> References: <74ee816e712ee3b73143.1490517669@piotrsikora.sfo.corp.google.com> Message-ID: <48088405.unp7KkgKNI@vbart-workstation> On Sunday 26 March 2017 01:41:09 Piotr Sikora via nginx-devel wrote: > # HG changeset patch > # User Piotr Sikora > # Date 1490516702 25200 > # Sun Mar 26 01:25:02 2017 -0700 > # Node ID 74ee816e712ee3b731437947470383555653338d > # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 > HTTP/2: fix $bytes_sent variable. > > Previously, its value accounted for payloads of HEADERS, CONTINUATION > and DATA frames, as well as frame headers of HEADERS and DATA frames, > but it didn't account for frame headers of CONTINUATION frames. > > Signed-off-by: Piotr Sikora > > diff -r 22be63bf21ed -r 74ee816e712e src/http/v2/ngx_http_v2_filter_module.c > --- a/src/http/v2/ngx_http_v2_filter_module.c > +++ b/src/http/v2/ngx_http_v2_filter_module.c > @@ -769,6 +769,8 @@ ngx_http_v2_create_headers_frame(ngx_htt > rest -= frame_size; > > if (rest) { > + frame->length += NGX_HTTP_V2_FRAME_HEADER_SIZE; > + > type = NGX_HTTP_V2_CONTINUATION_FRAME; > flags = NGX_HTTP_V2_NO_FLAG; > continue; Looks good. wbr, Valentin V. Bartenev From vbart at nginx.com Mon Mar 27 17:04:11 2017 From: vbart at nginx.com (Valentin V. Bartenev) Date: Mon, 27 Mar 2017 20:04:11 +0300 Subject: [PATCH 2 of 2] HTTP/2: fix $body_bytes_sent variable In-Reply-To: References: <74ee816e712ee3b73143.1490517669@piotrsikora.sfo.corp.google.com> Message-ID: <114667615.EDnl7O6XQC@vbart-workstation> On Sunday 26 March 2017 01:41:10 Piotr Sikora via nginx-devel wrote: > # HG changeset patch > # User Piotr Sikora > # Date 1490516703 25200 > # Sun Mar 26 01:25:03 2017 -0700 > # Node ID dd6c656ed7a327641b2ddfc34768f9551e44bb0f > # Parent 74ee816e712ee3b731437947470383555653338d > HTTP/2: fix $body_bytes_sent variable. > > Previously, its value included payloads and frame headers of HEADERS > and CONTINUATION frames. > > Signed-off-by: Piotr Sikora > > diff -r 74ee816e712e -r dd6c656ed7a3 src/http/v2/ngx_http_v2_filter_module.c > --- a/src/http/v2/ngx_http_v2_filter_module.c > +++ b/src/http/v2/ngx_http_v2_filter_module.c > @@ -1211,6 +1211,9 @@ ngx_http_v2_headers_frame_handler(ngx_ht > "http2:%ui HEADERS frame %p was sent", > stream->node->id, frame); > > + stream->request->header_size += NGX_HTTP_V2_FRAME_HEADER_SIZE > + + frame->length; > + > ngx_http_v2_handle_frame(stream, frame); > > ngx_http_v2_handle_stream(h2c, stream); Looks good. wbr, Valentin V. Bartenev From hucong.c at foxmail.com Mon Mar 27 17:20:10 2017 From: hucong.c at foxmail.com (=?utf-8?B?6IOh6IGqIChodWNjKQ==?=) Date: Tue, 28 Mar 2017 01:20:10 +0800 Subject: [bugfix] Mp4: set single_range when ngx_http_mp4_process()returnsNGX_OK. In-Reply-To: <20170327163833.GU13617@mdounin.ru> References: <20170327153144.GS13617@mdounin.ru> <20170327163833.GU13617@mdounin.ru> Message-ID: Hi, On Tuesday, Mar 28, 2017 0:38 AM +0300, Maxim Dounin wrote: >The problem here is consistency and predictability from user point >of view as well. If nginx can handle multi-range requests in some >cases, but not in others, it creates a huge problem for anyone who >is trying to understand why things do not work. To simplify >things, nginx unconditionally disables multi-range requests if >there were any start/end arguments. I agree with that! thank you for the explanation. From vbart at nginx.com Mon Mar 27 17:44:21 2017 From: vbart at nginx.com (Valentin V. Bartenev) Date: Mon, 27 Mar 2017 20:44:21 +0300 Subject: [PATCH] HTTP/2: fix flow control with padded DATA frames In-Reply-To: <899a53d2789b8c6bafdd.1490517671@piotrsikora.sfo.corp.google.com> References: <899a53d2789b8c6bafdd.1490517671@piotrsikora.sfo.corp.google.com> Message-ID: <3051778.jLhrlIUcRt@vbart-workstation> On Sunday 26 March 2017 01:41:11 Piotr Sikora via nginx-devel wrote: > # HG changeset patch > # User Piotr Sikora > # Date 1490516704 25200 > # Sun Mar 26 01:25:04 2017 -0700 > # Node ID 899a53d2789b8c6bafdd5e40d78b4e92dd32dd10 > # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 > HTTP/2: fix flow control with padded DATA frames. > > Previously, flow control didn't account for padding in DATA frames, > which meant that its view of the world could drift from peer's view > by up to 256 bytes per received padded DATA frame, which could lead > to a deadlock. > > Signed-off-by: Piotr Sikora > > diff -r 22be63bf21ed -r 899a53d2789b src/http/v2/ngx_http_v2.c > --- a/src/http/v2/ngx_http_v2.c > +++ b/src/http/v2/ngx_http_v2.c > @@ -783,9 +783,12 @@ ngx_http_v2_state_head(ngx_http_v2_conne > static u_char * > ngx_http_v2_state_data(ngx_http_v2_connection_t *h2c, u_char *pos, u_char *end) > { > + size_t size; > ngx_http_v2_node_t *node; > ngx_http_v2_stream_t *stream; > > + size = h2c->state.length; > + > if (h2c->state.flags & NGX_HTTP_V2_PADDED_FLAG) { > > if (h2c->state.length == 0) { > @@ -802,33 +805,32 @@ ngx_http_v2_state_data(ngx_http_v2_conne > } > > h2c->state.padding = *pos++; > - h2c->state.length--; > - > - if (h2c->state.padding > h2c->state.length) { > + > + if (h2c->state.padding >= size) { > ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, > "client sent padded DATA frame " > "with incorrect length: %uz, padding: %uz", > - h2c->state.length, h2c->state.padding); > + size, h2c->state.padding); > > return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR); > } > > - h2c->state.length -= h2c->state.padding; > + h2c->state.length -= 1 + h2c->state.padding; > } IMHO, the previous version of this fragment with explicit h2c->state.length decrement right after reading the padding size and "> h2c->state.length" condition is more readable. YMMV. > > ngx_log_debug0(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, > "http2 DATA frame"); > > - if (h2c->state.length > h2c->recv_window) { > + if (size > h2c->recv_window) { > ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, > "client violated connection flow control: " > "received DATA frame length %uz, available window %uz", > - h2c->state.length, h2c->recv_window); > + size, h2c->recv_window); > > return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_FLOW_CTRL_ERROR); > } > > - h2c->recv_window -= h2c->state.length; > + h2c->recv_window -= size; > > if (h2c->recv_window < NGX_HTTP_V2_MAX_WINDOW / 4) { > > @@ -854,11 +856,11 @@ ngx_http_v2_state_data(ngx_http_v2_conne > > stream = node->stream; > > - if (h2c->state.length > stream->recv_window) { > + if (size > stream->recv_window) { > ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, > "client violated flow control for stream %ui: " > "received DATA frame length %uz, available window %uz", > - node->id, h2c->state.length, stream->recv_window); > + node->id, size, stream->recv_window); > > if (ngx_http_v2_terminate_stream(h2c, stream, > NGX_HTTP_V2_FLOW_CTRL_ERROR) > @@ -871,7 +873,7 @@ ngx_http_v2_state_data(ngx_http_v2_conne > return ngx_http_v2_state_skip_padded(h2c, pos, end); > } > > - stream->recv_window -= h2c->state.length; > + stream->recv_window -= size; > > if (stream->no_flow_control > && stream->recv_window < NGX_HTTP_V2_MAX_WINDOW / 4) > Everything else looks good to me. wbr, Valentin V. Bartenev From piotrsikora at google.com Mon Mar 27 18:21:09 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Mon, 27 Mar 2017 13:21:09 -0500 Subject: [PATCH] HTTP/2: fix flow control with padded DATA frames In-Reply-To: <3051778.jLhrlIUcRt@vbart-workstation> References: <899a53d2789b8c6bafdd.1490517671@piotrsikora.sfo.corp.google.com> <3051778.jLhrlIUcRt@vbart-workstation> Message-ID: Hey Valentin, >> @@ -802,33 +805,32 @@ ngx_http_v2_state_data(ngx_http_v2_conne >> } >> >> h2c->state.padding = *pos++; >> - h2c->state.length--; >> - >> - if (h2c->state.padding > h2c->state.length) { >> + >> + if (h2c->state.padding >= size) { >> ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, >> "client sent padded DATA frame " >> "with incorrect length: %uz, padding: %uz", >> - h2c->state.length, h2c->state.padding); >> + size, h2c->state.padding); >> >> return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR); >> } >> >> - h2c->state.length -= h2c->state.padding; >> + h2c->state.length -= 1 + h2c->state.padding; >> } > > IMHO, the previous version of this fragment with explicit h2c->state.length > decrement right after reading the padding size and "> h2c->state.length" > condition is more readable. > > YMMV. As was pointed out during internal code review, "h2c->state.padding >= size" follows wording from RFC7540, i.e. If the length of the padding is the length of the frame payload or greater, the recipient MUST treat this as a connection error (Section 5.4.1) of type PROTOCOL_ERROR. and matching code makes it easier to avoid off-by-one errors while mentally translating this logic to the code. Also, doing "h2c->state.padding > h2c->state.length" check and using "size" value in the error log feels kind of weird. Having said that, it's a matter of preference, so please explicitly ask if you want me to change it back, and I'll send updated patch shortly. Best regards, Piotr Sikora From vbart at nginx.com Mon Mar 27 19:17:44 2017 From: vbart at nginx.com (Valentin V. Bartenev) Date: Mon, 27 Mar 2017 22:17:44 +0300 Subject: [PATCH] HTTP/2: emit PROTOCOL_ERROR on padding errors In-Reply-To: <8d3fb456411018e28634.1490517673@piotrsikora.sfo.corp.google.com> References: <8d3fb456411018e28634.1490517673@piotrsikora.sfo.corp.google.com> Message-ID: <1632559.LDnRIa0JFj@vbart-workstation> On Sunday 26 March 2017 01:41:13 Piotr Sikora via nginx-devel wrote: > # HG changeset patch > # User Piotr Sikora > # Date 1490516705 25200 > # Sun Mar 26 01:25:05 2017 -0700 > # Node ID 8d3fb456411018e286345ba92a855ca42ca8af2f > # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 > HTTP/2: emit PROTOCOL_ERROR on padding errors. > > Signed-off-by: Piotr Sikora > > diff -r 22be63bf21ed -r 8d3fb4564110 src/http/v2/ngx_http_v2.c > --- a/src/http/v2/ngx_http_v2.c > +++ b/src/http/v2/ngx_http_v2.c > @@ -810,7 +810,8 @@ ngx_http_v2_state_data(ngx_http_v2_conne > "with incorrect length: %uz, padding: %uz", > h2c->state.length, h2c->state.padding); > > - return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR); > + return ngx_http_v2_connection_error(h2c, > + NGX_HTTP_V2_PROTOCOL_ERROR); > } > > h2c->state.length -= h2c->state.padding; > @@ -1053,7 +1054,8 @@ ngx_http_v2_state_headers(ngx_http_v2_co > "with incorrect length: %uz, padding: %uz", > h2c->state.length, h2c->state.padding); > > - return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR); > + return ngx_http_v2_connection_error(h2c, > + NGX_HTTP_V2_PROTOCOL_ERROR); > } > > h2c->state.length -= h2c->state.padding; > Looks good. wbr, Valentin V. Bartenev From vbart at nginx.com Mon Mar 27 19:37:00 2017 From: vbart at nginx.com (Valentin V. Bartenev) Date: Mon, 27 Mar 2017 22:37 +0300 Subject: [PATCH] HTTP/2: emit PROTOCOL_ERROR on invalid WINDOW_UPDATE increments In-Reply-To: <9bbcacbdf6bd858a34a9.1490517675@piotrsikora.sfo.corp.google.com> References: <9bbcacbdf6bd858a34a9.1490517675@piotrsikora.sfo.corp.google.com> Message-ID: <1636129.P8FdQ216sc@vbart-workstation> On Sunday 26 March 2017 01:41:15 Piotr Sikora via nginx-devel wrote: > # HG changeset patch > # User Piotr Sikora > # Date 1490516706 25200 > # Sun Mar 26 01:25:06 2017 -0700 > # Node ID 9bbcacbdf6bd858a34a9dfd1ac2185eb8fc8c82f > # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 > HTTP/2: emit PROTOCOL_ERROR on invalid WINDOW_UPDATE increments. > > Signed-off-by: Piotr Sikora > > diff -r 22be63bf21ed -r 9bbcacbdf6bd src/http/v2/ngx_http_v2.c > --- a/src/http/v2/ngx_http_v2.c > +++ b/src/http/v2/ngx_http_v2.c > @@ -2173,6 +2173,22 @@ ngx_http_v2_state_window_update(ngx_http > > stream = node->stream; > > + if (window == 0) { > + ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, > + "client sent WINDOW_UPDATE frame for stream %ui " > + "with incorrect window increment 0", h2c->state.sid); > + > + if (ngx_http_v2_terminate_stream(h2c, stream, > + NGX_HTTP_V2_PROTOCOL_ERROR) > + == NGX_ERROR) > + { > + return ngx_http_v2_connection_error(h2c, > + NGX_HTTP_V2_INTERNAL_ERROR); > + } > + > + return ngx_http_v2_state_complete(h2c, pos, end); > + } > + > if (window > (size_t) (NGX_HTTP_V2_MAX_WINDOW - stream->send_window)) { > > ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, > @@ -2211,6 +2227,14 @@ ngx_http_v2_state_window_update(ngx_http > return ngx_http_v2_state_complete(h2c, pos, end); > } > > + if (window == 0) { > + ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, > + "client sent WINDOW_UPDATE frame " > + "with incorrect window increment 0"); > + > + return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_PROTOCOL_ERROR); > + } > + > if (window > NGX_HTTP_V2_MAX_WINDOW - h2c->send_window) { > ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, > "client violated connection flow control: " I'm not sure that strictly following RFC here is worth the effort. It seems there's no other "harm" from zero window updates except that it allows to reset timers without any progress. That's only slightly worse than 1-bytes window updates. The downside is additional code and intolerance to potential client bugs. Also note that in your implementation if zero window update is received for unknown stream then it's silently ignored. wbr, Valentin V. Bartenev From vbart at nginx.com Mon Mar 27 19:40:57 2017 From: vbart at nginx.com (Valentin V. Bartenev) Date: Mon, 27 Mar 2017 22:40:57 +0300 Subject: [PATCH] HTTP/2: emit PROTOCOL_ERROR on invalid ENABLE_PUSH setting value In-Reply-To: <705897a463205ba00dce.1490517676@piotrsikora.sfo.corp.google.com> References: <705897a463205ba00dce.1490517676@piotrsikora.sfo.corp.google.com> Message-ID: <4109898.UzcXBjqNVq@vbart-workstation> On Sunday 26 March 2017 01:41:16 Piotr Sikora via nginx-devel wrote: > # HG changeset patch > # User Piotr Sikora > # Date 1490516707 25200 > # Sun Mar 26 01:25:07 2017 -0700 > # Node ID 705897a463205ba00dce296ff49866c6b78fc6ee > # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 > HTTP/2: emit PROTOCOL_ERROR on invalid ENABLE_PUSH setting value. > > Signed-off-by: Piotr Sikora > > diff -r 22be63bf21ed -r 705897a46320 src/http/v2/ngx_http_v2.c > --- a/src/http/v2/ngx_http_v2.c > +++ b/src/http/v2/ngx_http_v2.c > @@ -40,6 +40,7 @@ > > /* settings fields */ > #define NGX_HTTP_V2_HEADER_TABLE_SIZE_SETTING 0x1 > +#define NGX_HTTP_V2_ENABLE_PUSH_SETTING 0x2 > #define NGX_HTTP_V2_MAX_STREAMS_SETTING 0x3 > #define NGX_HTTP_V2_INIT_WINDOW_SIZE_SETTING 0x4 > #define NGX_HTTP_V2_MAX_FRAME_SIZE_SETTING 0x5 > @@ -1993,6 +1994,19 @@ ngx_http_v2_state_settings_params(ngx_ht > > switch (id) { > > + case NGX_HTTP_V2_ENABLE_PUSH_SETTING: > + > + if (value != 0 && value != 1) { > + ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, > + "client sent SETTINGS frame with incorrect " > + "ENABLE_PUSH value %ui", value); > + > + return ngx_http_v2_connection_error(h2c, > + NGX_HTTP_V2_PROTOCOL_ERROR); > + } > + > + break; > + > case NGX_HTTP_V2_INIT_WINDOW_SIZE_SETTING: > > if (value > NGX_HTTP_V2_MAX_WINDOW) { Is there any practical reason for the check considering that the value is ignored anyway? wbr, Valentin V. Bartenev From vbart at nginx.com Mon Mar 27 20:01:08 2017 From: vbart at nginx.com (Valentin V. Bartenev) Date: Mon, 27 Mar 2017 23:01:08 +0300 Subject: [PATCH] HTTP/2: reject HTTP/2 requests without ":scheme" pseudo-header In-Reply-To: <6bb029b1df11662ba11e.1490517677@piotrsikora.sfo.corp.google.com> References: <6bb029b1df11662ba11e.1490517677@piotrsikora.sfo.corp.google.com> Message-ID: <10427531.mBiuJ3uUGf@vbart-workstation> On Sunday 26 March 2017 01:41:17 Piotr Sikora via nginx-devel wrote: > # HG changeset patch > # User Piotr Sikora > # Date 1490516708 25200 > # Sun Mar 26 01:25:08 2017 -0700 > # Node ID 6bb029b1df11662ba11e190490cf1ed175fcfaa6 > # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 > HTTP/2: reject HTTP/2 requests without ":scheme" pseudo-header. > > While there, fix typo in error logs about it. > > Signed-off-by: Piotr Sikora > > diff -r 22be63bf21ed -r 6bb029b1df11 src/http/v2/ngx_http_v2.c > --- a/src/http/v2/ngx_http_v2.c > +++ b/src/http/v2/ngx_http_v2.c > @@ -3219,14 +3219,14 @@ ngx_http_v2_parse_scheme(ngx_http_reques > { > if (r->schema_start) { > ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, > - "client sent duplicate :schema header"); > + "client sent duplicate :scheme header"); > > return NGX_DECLINED; > } > > if (header->value.len == 0) { > ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, > - "client sent empty :schema header"); > + "client sent empty :scheme header"); > > return NGX_DECLINED; > } This part of patch can be added to the style one: "HTTP/2: style and typos." > @@ -3291,6 +3291,7 @@ ngx_http_v2_construct_request_line(ngx_h > static const u_char ending[] = " HTTP/2.0"; > > if (r->method_name.len == 0 > + || r->schema_start == NULL > || r->unparsed_uri.len == 0) > { > ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); Is there any practical reason to force this restriction? wbr, Valentin V. Bartenev From ru at nginx.com Tue Mar 28 08:43:41 2017 From: ru at nginx.com (Ruslan Ermilov) Date: Tue, 28 Mar 2017 08:43:41 +0000 Subject: [nginx] Version bump. Message-ID: details: http://hg.nginx.org/nginx/rev/6e1a0a0d5f04 branches: changeset: 6945:6e1a0a0d5f04 user: Ruslan Ermilov date: Tue Mar 28 11:28:36 2017 +0300 description: Version bump. diffstat: src/core/nginx.h | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diffs (14 lines): diff -r 22be63bf21ed -r 6e1a0a0d5f04 src/core/nginx.h --- a/src/core/nginx.h Fri Mar 24 18:05:06 2017 +0300 +++ b/src/core/nginx.h Tue Mar 28 11:28:36 2017 +0300 @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1011012 -#define NGINX_VERSION "1.11.12" +#define nginx_version 1011013 +#define NGINX_VERSION "1.11.13" #define NGINX_VER "nginx/" NGINX_VERSION #ifdef NGX_BUILD From ru at nginx.com Tue Mar 28 08:43:44 2017 From: ru at nginx.com (Ruslan Ermilov) Date: Tue, 28 Mar 2017 08:43:44 +0000 Subject: [nginx] Use ngx_array_init() to initialize arrays. Message-ID: details: http://hg.nginx.org/nginx/rev/99c87770b81b branches: changeset: 6946:99c87770b81b user: Ruslan Ermilov date: Tue Mar 28 11:28:42 2017 +0300 description: Use ngx_array_init() to initialize arrays. diffstat: src/core/ngx_cycle.c | 34 +++++++++++++++------------------- 1 files changed, 15 insertions(+), 19 deletions(-) diffs (68 lines): diff -r 6e1a0a0d5f04 -r 99c87770b81b src/core/ngx_cycle.c --- a/src/core/ngx_cycle.c Tue Mar 28 11:28:36 2017 +0300 +++ b/src/core/ngx_cycle.c Tue Mar 28 11:28:42 2017 +0300 @@ -115,16 +115,14 @@ ngx_init_cycle(ngx_cycle_t *old_cycle) n = old_cycle->paths.nelts ? old_cycle->paths.nelts : 10; - cycle->paths.elts = ngx_pcalloc(pool, n * sizeof(ngx_path_t *)); - if (cycle->paths.elts == NULL) { + if (ngx_array_init(&cycle->paths, pool, n, sizeof(ngx_path_t *)) + != NGX_OK) + { ngx_destroy_pool(pool); return NULL; } - cycle->paths.nelts = 0; - cycle->paths.size = sizeof(ngx_path_t *); - cycle->paths.nalloc = n; - cycle->paths.pool = pool; + ngx_memzero(cycle->paths.elts, n * sizeof(ngx_path_t *)); if (ngx_array_init(&cycle->config_dump, pool, 1, sizeof(ngx_conf_dump_t)) @@ -175,16 +173,14 @@ ngx_init_cycle(ngx_cycle_t *old_cycle) n = old_cycle->listening.nelts ? old_cycle->listening.nelts : 10; - cycle->listening.elts = ngx_pcalloc(pool, n * sizeof(ngx_listening_t)); - if (cycle->listening.elts == NULL) { + if (ngx_array_init(&cycle->listening, pool, n, sizeof(ngx_listening_t)) + != NGX_OK) + { ngx_destroy_pool(pool); return NULL; } - cycle->listening.nelts = 0; - cycle->listening.size = sizeof(ngx_listening_t); - cycle->listening.nalloc = n; - cycle->listening.pool = pool; + ngx_memzero(cycle->listening.elts, n * sizeof(ngx_listening_t)); ngx_queue_init(&cycle->reusable_connections_queue); @@ -768,15 +764,15 @@ old_shm_zone_done: } n = 10; - ngx_old_cycles.elts = ngx_pcalloc(ngx_temp_pool, - n * sizeof(ngx_cycle_t *)); - if (ngx_old_cycles.elts == NULL) { + + if (ngx_array_init(&ngx_old_cycles, ngx_temp_pool, n, + sizeof(ngx_cycle_t *)) + != NGX_OK) + { exit(1); } - ngx_old_cycles.nelts = 0; - ngx_old_cycles.size = sizeof(ngx_cycle_t *); - ngx_old_cycles.nalloc = n; - ngx_old_cycles.pool = ngx_temp_pool; + + ngx_memzero(ngx_old_cycles.elts, n * sizeof(ngx_cycle_t *)); ngx_cleaner_event.handler = ngx_clean_old_cycles; ngx_cleaner_event.log = cycle->log; From ru at nginx.com Tue Mar 28 08:43:46 2017 From: ru at nginx.com (Ruslan Ermilov) Date: Tue, 28 Mar 2017 08:43:46 +0000 Subject: [nginx] Core: set nginx_shared_zone name via ngx_str_set(). Message-ID: details: http://hg.nginx.org/nginx/rev/a8d7c9139831 branches: changeset: 6947:a8d7c9139831 user: Ruslan Ermilov date: Tue Mar 28 11:28:51 2017 +0300 description: Core: set nginx_shared_zone name via ngx_str_set(). diffstat: src/event/ngx_event.c | 3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) diffs (13 lines): diff -r 99c87770b81b -r a8d7c9139831 src/event/ngx_event.c --- a/src/event/ngx_event.c Tue Mar 28 11:28:42 2017 +0300 +++ b/src/event/ngx_event.c Tue Mar 28 11:28:51 2017 +0300 @@ -500,8 +500,7 @@ ngx_event_module_init(ngx_cycle_t *cycle #endif shm.size = size; - shm.name.len = sizeof("nginx_shared_zone") - 1; - shm.name.data = (u_char *) "nginx_shared_zone"; + ngx_str_set(&shm.name, "nginx_shared_zone"); shm.log = cycle->log; if (ngx_shm_alloc(&shm) != NGX_OK) { From piotrsikora at google.com Tue Mar 28 10:36:50 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Tue, 28 Mar 2017 05:36:50 -0500 Subject: [PATCH] HTTP/2: emit PROTOCOL_ERROR on invalid WINDOW_UPDATE increments In-Reply-To: <1636129.P8FdQ216sc@vbart-workstation> References: <9bbcacbdf6bd858a34a9.1490517675@piotrsikora.sfo.corp.google.com> <1636129.P8FdQ216sc@vbart-workstation> Message-ID: Hey Valentin, > I'm not sure that strictly following RFC here is worth the effort. > > It seems there's no other "harm" from zero window updates except that it > allows to reset timers without any progress. That's only slightly worse > than 1-bytes window updates. Flow control interoperability and deadlocks between various HTTP/2 implementations are the biggest issues with the protocol, so while there is no real harm in allowing 0 window updates, they indicate broken client, and resetting stream and/or connection as soon as such thing happens makes it much easier to find issues. > The downside is additional code and intolerance to potential client bugs. Catching client bugs early on is the upside, IMHO. > Also note that in your implementation if zero window update is received > for unknown stream then it's silently ignored. Good catch, thanks! I'll send fixed version shortly. Best regards, Piotr Sikora From piotrsikora at google.com Tue Mar 28 10:38:16 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Tue, 28 Mar 2017 05:38:16 -0500 Subject: [PATCH] HTTP/2: emit PROTOCOL_ERROR on invalid ENABLE_PUSH setting value In-Reply-To: <4109898.UzcXBjqNVq@vbart-workstation> References: <705897a463205ba00dce.1490517676@piotrsikora.sfo.corp.google.com> <4109898.UzcXBjqNVq@vbart-workstation> Message-ID: Hey Valentin, > Is there any practical reason for the check considering that > the value is ignored anyway? None, other than following RFC and providing early detection of broken clients. Best regards, Piotr Sikora From piotrsikora at google.com Tue Mar 28 10:40:44 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Tue, 28 Mar 2017 05:40:44 -0500 Subject: [PATCH] HTTP/2: reject HTTP/2 requests without ":scheme" pseudo-header In-Reply-To: <10427531.mBiuJ3uUGf@vbart-workstation> References: <6bb029b1df11662ba11e.1490517677@piotrsikora.sfo.corp.google.com> <10427531.mBiuJ3uUGf@vbart-workstation> Message-ID: Hey Valentin, > This part of patch can be added to the style one: > > "HTTP/2: style and typos." Assuming that this patch gets dropped or even if it gets committed? > Is there any practical reason to force this restriction? None, other than following RFC and providing early detection of broken clients. Also, it looks that you have a test for it marked as TODO: http://hg.nginx.org/nginx-tests/annotate/a6abbfed42c0/h2_headers.t#l972 Best regards, Piotr Sikora From piotrsikora at google.com Tue Mar 28 10:52:07 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Tue, 28 Mar 2017 03:52:07 -0700 Subject: [PATCH] HTTP/2: emit PROTOCOL_ERROR on invalid WINDOW_UPDATE increments In-Reply-To: <1636129.P8FdQ216sc@vbart-workstation> References: <1636129.P8FdQ216sc@vbart-workstation> Message-ID: # HG changeset patch # User Piotr Sikora # Date 1490516706 25200 # Sun Mar 26 01:25:06 2017 -0700 # Node ID ccb36c87291e38d1a63224d143cbeaa4ee4a4287 # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 HTTP/2: emit PROTOCOL_ERROR on invalid WINDOW_UPDATE increments. Signed-off-by: Piotr Sikora diff -r 22be63bf21ed -r ccb36c87291e src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c +++ b/src/http/v2/ngx_http_v2.c @@ -2168,11 +2168,42 @@ ngx_http_v2_state_window_update(ngx_http ngx_log_debug0(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, "unknown http2 stream"); + if (window == 0) { + ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, + "client sent WINDOW_UPDATE frame for unknown " + "stream %ui with incorrect window increment 0", + h2c->state.sid); + + if (ngx_http_v2_send_rst_stream(h2c, h2c->state.sid, + NGX_HTTP_V2_PROTOCOL_ERROR) + == NGX_ERROR) + { + return ngx_http_v2_connection_error(h2c, + NGX_HTTP_V2_INTERNAL_ERROR); + } + } + return ngx_http_v2_state_complete(h2c, pos, end); } stream = node->stream; + if (window == 0) { + ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, + "client sent WINDOW_UPDATE frame for stream %ui " + "with incorrect window increment 0", h2c->state.sid); + + if (ngx_http_v2_terminate_stream(h2c, stream, + NGX_HTTP_V2_PROTOCOL_ERROR) + == NGX_ERROR) + { + return ngx_http_v2_connection_error(h2c, + NGX_HTTP_V2_INTERNAL_ERROR); + } + + return ngx_http_v2_state_complete(h2c, pos, end); + } + if (window > (size_t) (NGX_HTTP_V2_MAX_WINDOW - stream->send_window)) { ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, @@ -2211,6 +2242,14 @@ ngx_http_v2_state_window_update(ngx_http return ngx_http_v2_state_complete(h2c, pos, end); } + if (window == 0) { + ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, + "client sent WINDOW_UPDATE frame " + "with incorrect window increment 0"); + + return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_PROTOCOL_ERROR); + } + if (window > NGX_HTTP_V2_MAX_WINDOW - h2c->send_window) { ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, "client violated connection flow control: " From pluknet at nginx.com Tue Mar 28 11:23:06 2017 From: pluknet at nginx.com (Sergey Kandaurov) Date: Tue, 28 Mar 2017 11:23:06 +0000 Subject: [nginx] Fixed ngx_open_cached_file() error handling. Message-ID: details: http://hg.nginx.org/nginx/rev/3fb9b5eb75c0 branches: changeset: 6948:3fb9b5eb75c0 user: Sergey Kandaurov date: Tue Mar 28 14:21:38 2017 +0300 description: Fixed ngx_open_cached_file() error handling. If of.err is 0, it means that there was a memory allocation error and no further logging and/or processing is needed. The of.failed string can be only accessed if of.err is not 0. diffstat: src/http/modules/ngx_http_index_module.c | 6 +++--- src/http/modules/ngx_http_log_module.c | 5 +++++ src/http/ngx_http_core_module.c | 5 +++++ src/http/ngx_http_script.c | 6 ++++++ src/stream/ngx_stream_log_module.c | 5 +++++ 5 files changed, 24 insertions(+), 3 deletions(-) diffs (81 lines): diff -r a8d7c9139831 -r 3fb9b5eb75c0 src/http/modules/ngx_http_index_module.c --- a/src/http/modules/ngx_http_index_module.c Tue Mar 28 11:28:51 2017 +0300 +++ b/src/http/modules/ngx_http_index_module.c Tue Mar 28 14:21:38 2017 +0300 @@ -217,13 +217,13 @@ ngx_http_index_handler(ngx_http_request_ if (ngx_open_cached_file(clcf->open_file_cache, &path, &of, r->pool) != NGX_OK) { - ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, of.err, - "%s \"%s\" failed", of.failed, path.data); - if (of.err == 0) { return NGX_HTTP_INTERNAL_SERVER_ERROR; } + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, of.err, + "%s \"%s\" failed", of.failed, path.data); + #if (NGX_HAVE_OPENAT) if (of.err == NGX_EMLINK || of.err == NGX_ELOOP) diff -r a8d7c9139831 -r 3fb9b5eb75c0 src/http/modules/ngx_http_log_module.c --- a/src/http/modules/ngx_http_log_module.c Tue Mar 28 11:28:51 2017 +0300 +++ b/src/http/modules/ngx_http_log_module.c Tue Mar 28 14:21:38 2017 +0300 @@ -552,6 +552,11 @@ ngx_http_log_script_write(ngx_http_reque if (ngx_open_cached_file(llcf->open_file_cache, &log, &of, r->pool) != NGX_OK) { + if (of.err == 0) { + /* simulate successful logging */ + return len; + } + ngx_log_error(NGX_LOG_CRIT, r->connection->log, ngx_errno, "%s \"%s\" failed", of.failed, log.data); /* simulate successful logging */ diff -r a8d7c9139831 -r 3fb9b5eb75c0 src/http/ngx_http_core_module.c --- a/src/http/ngx_http_core_module.c Tue Mar 28 11:28:51 2017 +0300 +++ b/src/http/ngx_http_core_module.c Tue Mar 28 14:21:38 2017 +0300 @@ -1314,6 +1314,11 @@ ngx_http_core_try_files_phase(ngx_http_r if (ngx_open_cached_file(clcf->open_file_cache, &path, &of, r->pool) != NGX_OK) { + if (of.err == 0) { + ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); + return NGX_OK; + } + if (of.err != NGX_ENOENT && of.err != NGX_ENOTDIR && of.err != NGX_ENAMETOOLONG) diff -r a8d7c9139831 -r 3fb9b5eb75c0 src/http/ngx_http_script.c --- a/src/http/ngx_http_script.c Tue Mar 28 11:28:51 2017 +0300 +++ b/src/http/ngx_http_script.c Tue Mar 28 14:21:38 2017 +0300 @@ -1513,6 +1513,12 @@ ngx_http_script_file_code(ngx_http_scrip if (ngx_open_cached_file(clcf->open_file_cache, &path, &of, r->pool) != NGX_OK) { + if (of.err == 0) { + e->ip = ngx_http_script_exit; + e->status = NGX_HTTP_INTERNAL_SERVER_ERROR; + return; + } + if (of.err != NGX_ENOENT && of.err != NGX_ENOTDIR && of.err != NGX_ENAMETOOLONG) diff -r a8d7c9139831 -r 3fb9b5eb75c0 src/stream/ngx_stream_log_module.c --- a/src/stream/ngx_stream_log_module.c Tue Mar 28 11:28:51 2017 +0300 +++ b/src/stream/ngx_stream_log_module.c Tue Mar 28 14:21:38 2017 +0300 @@ -443,6 +443,11 @@ ngx_stream_log_script_write(ngx_stream_s s->connection->pool) != NGX_OK) { + if (of.err == 0) { + /* simulate successful logging */ + return len; + } + ngx_log_error(NGX_LOG_CRIT, s->connection->log, ngx_errno, "%s \"%s\" failed", of.failed, log.data); /* simulate successful logging */ From igor at sysoev.ru Tue Mar 28 16:24:56 2017 From: igor at sysoev.ru (Igor Sysoev) Date: Tue, 28 Mar 2017 16:24:56 +0000 Subject: [njs] The njs_vm_continuation() macro. Message-ID: details: http://hg.nginx.org/njs/rev/705129b55888 branches: changeset: 318:705129b55888 user: Igor Sysoev date: Tue Mar 21 16:35:22 2017 +0300 description: The njs_vm_continuation() macro. diffstat: njs/njs_array.c | 42 +++++++++++++++++++++--------------------- njs/njs_date.c | 2 +- njs/njs_function.c | 6 +++--- njs/njs_function.h | 5 ++++- njs/njs_string.c | 6 +++--- njs/njs_vm.c | 4 ++-- 6 files changed, 34 insertions(+), 31 deletions(-) diffs (302 lines): diff -r 6887b2d46f87 -r 705129b55888 njs/njs_array.c --- a/njs/njs_array.c Tue Mar 21 16:14:16 2017 +0300 +++ b/njs/njs_array.c Tue Mar 21 16:35:22 2017 +0300 @@ -701,7 +701,7 @@ njs_array_prototype_to_string(njs_vm_t * njs_continuation_t *cont; nxt_lvlhsh_query_t lhq; - cont = (njs_continuation_t *) njs_continuation(vm->frame); + cont = njs_vm_continuation(vm); cont->function = njs_array_prototype_to_string_continuation; if (njs_is_object(&args[0])) { @@ -751,7 +751,7 @@ njs_array_prototype_join(njs_vm_t *vm, n goto empty; } - join = (njs_array_join_t *) njs_continuation(vm->frame); + join = njs_vm_continuation(vm); join->values = NULL; join->max = 0; max = 0; @@ -774,7 +774,7 @@ njs_array_prototype_join(njs_vm_t *vm, n return NXT_ERROR; } - join = (njs_array_join_t *) njs_continuation(vm->frame); + join = njs_vm_continuation(vm); join->cont.function = njs_array_prototype_join_continuation; join->values = values; join->max = max; @@ -820,7 +820,7 @@ njs_array_prototype_join_continuation(nj njs_array_join_t *join; njs_string_prop_t separator, string; - join = (njs_array_join_t *) njs_continuation(vm->frame); + join = njs_vm_continuation(vm); values = join->values; max = join->max; @@ -1177,7 +1177,7 @@ njs_array_prototype_for_each(njs_vm_t *v return ret; } - iter = njs_continuation(vm->frame); + iter = njs_vm_continuation(vm); iter->u.cont.function = njs_array_prototype_for_each_continuation; return njs_array_prototype_for_each_continuation(vm, args, nargs, unused); @@ -1190,7 +1190,7 @@ njs_array_prototype_for_each_continuatio { njs_array_iter_t *iter; - iter = njs_continuation(vm->frame); + iter = njs_vm_continuation(vm); if (iter->next_index >= args[0].data.u.array->length) { vm->retval = njs_value_void; @@ -1213,7 +1213,7 @@ njs_array_prototype_some(njs_vm_t *vm, n return ret; } - iter = njs_continuation(vm->frame); + iter = njs_vm_continuation(vm); iter->u.cont.function = njs_array_prototype_some_continuation; iter->retval.data.truth = 0; @@ -1228,7 +1228,7 @@ njs_array_prototype_some_continuation(nj njs_array_iter_t *iter; const njs_value_t *retval; - iter = njs_continuation(vm->frame); + iter = njs_vm_continuation(vm); if (njs_is_true(&iter->retval)) { retval = &njs_value_true; @@ -1258,7 +1258,7 @@ njs_array_prototype_every(njs_vm_t *vm, return ret; } - iter = njs_continuation(vm->frame); + iter = njs_vm_continuation(vm); iter->u.cont.function = njs_array_prototype_every_continuation; iter->retval.data.truth = 1; @@ -1273,7 +1273,7 @@ njs_array_prototype_every_continuation(n njs_array_iter_t *iter; const njs_value_t *retval; - iter = njs_continuation(vm->frame); + iter = njs_vm_continuation(vm); if (!njs_is_true(&iter->retval)) { retval = &njs_value_false; @@ -1366,7 +1366,7 @@ njs_array_prototype_filter(njs_vm_t *vm, return ret; } - filter = njs_continuation(vm->frame); + filter = njs_vm_continuation(vm); filter->iter.u.cont.function = njs_array_prototype_filter_continuation; filter->iter.retval.data.truth = 0; @@ -1387,7 +1387,7 @@ njs_array_prototype_filter_continuation( njs_array_t *array; njs_array_filter_t *filter; - filter = njs_continuation(vm->frame); + filter = njs_vm_continuation(vm); if (njs_is_true(&filter->iter.retval)) { ret = njs_array_add(vm, filter->array, &filter->value); @@ -1428,7 +1428,7 @@ njs_array_prototype_map(njs_vm_t *vm, nj return ret; } - map = njs_continuation(vm->frame); + map = njs_vm_continuation(vm); map->iter.u.cont.function = njs_array_prototype_map_continuation; njs_set_invalid(&map->iter.retval); @@ -1458,7 +1458,7 @@ njs_array_prototype_map_continuation(njs { njs_array_map_t *map; - map = njs_continuation(vm->frame); + map = njs_vm_continuation(vm); if (njs_is_valid(&map->iter.retval)) { map->array->start[map->index] = map->iter.retval; @@ -1492,7 +1492,7 @@ njs_array_prototype_reduce(njs_vm_t *vm, return ret; } - iter = njs_continuation(vm->frame); + iter = njs_vm_continuation(vm); iter->u.cont.function = njs_array_prototype_reduce_continuation; if (nargs > 2) { @@ -1525,7 +1525,7 @@ njs_array_prototype_reduce_continuation( njs_value_t arguments[5]; njs_array_iter_t *iter; - iter = njs_continuation(vm->frame); + iter = njs_vm_continuation(vm); if (iter->next_index >= args[0].data.u.array->length) { vm->retval = iter->retval; @@ -1562,7 +1562,7 @@ njs_array_iterator_args(njs_vm_t *vm, nj if (nargs > 1 && njs_is_array(&args[0]) && njs_is_function(&args[1])) { array = args[0].data.u.array; - iter = njs_continuation(vm->frame); + iter = njs_vm_continuation(vm); iter->length = array->length; iter->next_index = njs_array_iterator_next(array, 0, array->length); @@ -1640,7 +1640,7 @@ njs_array_prototype_reduce_right(njs_vm_ goto type_error; } - iter = njs_continuation(vm->frame); + iter = njs_vm_continuation(vm); iter->u.cont.function = njs_array_prototype_reduce_right_continuation; array = args[0].data.u.array; @@ -1680,7 +1680,7 @@ njs_array_prototype_reduce_right_continu njs_value_t arguments[5]; njs_array_iter_t *iter; - iter = njs_continuation(vm->frame); + iter = njs_vm_continuation(vm); if ((int32_t) iter->next_index < 0) { vm->retval = iter->retval; @@ -1764,7 +1764,7 @@ njs_array_prototype_sort(njs_vm_t *vm, n if (njs_is_array(&args[0]) && args[0].data.u.array->length > 1) { - sort = njs_continuation(vm->frame); + sort = njs_vm_continuation(vm); sort->u.cont.function = njs_array_prototype_sort_continuation; sort->current = 0; sort->retval = njs_value_zero; @@ -1797,7 +1797,7 @@ njs_array_prototype_sort_continuation(nj array = args[0].data.u.array; start = array->start; - sort = njs_continuation(vm->frame); + sort = njs_vm_continuation(vm); if (njs_is_number(&sort->retval)) { diff -r 6887b2d46f87 -r 705129b55888 njs/njs_date.c --- a/njs/njs_date.c Tue Mar 21 16:14:16 2017 +0300 +++ b/njs/njs_date.c Tue Mar 21 16:35:22 2017 +0300 @@ -1866,7 +1866,7 @@ njs_date_prototype_to_json(njs_vm_t *vm, njs_continuation_t *cont; nxt_lvlhsh_query_t lhq; - cont = (njs_continuation_t *) njs_continuation(vm->frame); + cont = njs_vm_continuation(vm); cont->function = njs_date_prototype_to_json_continuation; if (njs_is_object(&args[0])) { diff -r 6887b2d46f87 -r 705129b55888 njs/njs_function.c --- a/njs/njs_function.c Tue Mar 21 16:14:16 2017 +0300 +++ b/njs/njs_function.c Tue Mar 21 16:35:22 2017 +0300 @@ -106,7 +106,7 @@ njs_function_native_frame(njs_vm_t *vm, frame->nargs = function->args_offset + nargs; frame->ctor = ctor; - value = (njs_value_t *) ((u_char *) njs_continuation(frame) + reserve); + value = (njs_value_t *) (njs_continuation(frame) + reserve); bound = function->bound; @@ -265,7 +265,7 @@ njs_function_apply(njs_vm_t *vm, njs_fun return ret; } - cont = njs_continuation(vm->frame); + cont = njs_vm_continuation(vm); cont->function = function->u.native; cont->args_types = function->args_types; @@ -500,7 +500,7 @@ njs_function_activate(njs_vm_t *vm, njs_ /* Skip the "call/apply" method frame. */ vm->frame->previous->skip = 1; - cont = njs_continuation(vm->frame); + cont = njs_vm_continuation(vm); cont->function = function->u.native; cont->args_types = function->args_types; diff -r 6887b2d46f87 -r 705129b55888 njs/njs_function.h --- a/njs/njs_function.h Tue Mar 21 16:14:16 2017 +0300 +++ b/njs/njs_function.h Tue Mar 21 16:35:22 2017 +0300 @@ -56,8 +56,11 @@ typedef struct { } njs_continuation_t; +#define njs_vm_continuation(vm) \ + (void *) njs_continuation((vm)->frame) + #define njs_continuation(frame) \ - (void *) ((u_char *) frame + NJS_NATIVE_FRAME_SIZE) + ((u_char *) frame + NJS_NATIVE_FRAME_SIZE) #define njs_continuation_size(size) \ nxt_align_size(sizeof(size), sizeof(njs_value_t)) diff -r 6887b2d46f87 -r 705129b55888 njs/njs_string.c --- a/njs/njs_string.c Tue Mar 21 16:14:16 2017 +0300 +++ b/njs/njs_string.c Tue Mar 21 16:35:22 2017 +0300 @@ -2274,7 +2274,7 @@ njs_string_prototype_replace(njs_vm_t *v goto original; } - r = njs_continuation(vm->frame); + r = njs_vm_continuation(vm); r->utf8 = NJS_STRING_BYTE; r->type = NJS_REGEXP_BYTE; @@ -2521,7 +2521,7 @@ njs_string_replace_regexp_continuation(n { njs_string_replace_t *r; - r = njs_continuation(vm->frame); + r = njs_vm_continuation(vm); if (njs_is_string(&r->retval)) { njs_string_replacement_copy(&r->part[1], &r->retval); @@ -2640,7 +2640,7 @@ njs_string_replace_search_continuation(n { njs_string_replace_t *r; - r = njs_continuation(vm->frame); + r = njs_vm_continuation(vm); if (njs_is_string(&r->retval)) { njs_string_replacement_copy(&r->part[1], &r->retval); diff -r 6887b2d46f87 -r 705129b55888 njs/njs_vm.c --- a/njs/njs_vm.c Tue Mar 21 16:14:16 2017 +0300 +++ b/njs/njs_vm.c Tue Mar 21 16:35:22 2017 +0300 @@ -2343,7 +2343,7 @@ njs_vmcode_function_call(njs_vm_t *vm, n } if (function->continuation_size != 0) { - cont = njs_continuation(vm->frame); + cont = njs_vm_continuation(vm); cont->function = function->u.native; cont->args_types = function->args_types; @@ -2594,8 +2594,8 @@ njs_vmcode_continuation(njs_vm_t *vm, nj njs_native_frame_t *frame; njs_continuation_t *cont; + cont = njs_vm_continuation(vm); frame = vm->frame; - cont = njs_continuation(frame); args = frame->arguments - frame->function->args_offset; if (cont->args_types != NULL) { From igor at sysoev.ru Tue Mar 28 16:24:57 2017 From: igor at sysoev.ru (Igor Sysoev) Date: Tue, 28 Mar 2017 16:24:57 +0000 Subject: [njs] The njs_vm_trap_value() macro. Message-ID: details: http://hg.nginx.org/njs/rev/8e1030bce13c branches: changeset: 319:8e1030bce13c user: Igor Sysoev date: Tue Mar 21 16:35:36 2017 +0300 description: The njs_vm_trap_value() macro. diffstat: njs/njs_array.c | 4 ++-- njs/njs_date.c | 4 ++-- njs/njs_function.h | 5 +++++ njs/njs_math.c | 6 +++--- njs/njs_string.c | 4 ++-- njs/njs_vm.c | 2 +- 6 files changed, 15 insertions(+), 10 deletions(-) diffs (120 lines): diff -r 705129b55888 -r 8e1030bce13c njs/njs_array.c --- a/njs/njs_array.c Tue Mar 21 16:35:22 2017 +0300 +++ b/njs/njs_array.c Tue Mar 21 16:35:36 2017 +0300 @@ -840,7 +840,7 @@ njs_array_prototype_join_continuation(nj value = &values[n++]; if (!njs_is_string(value)) { - vm->frame->trap_scratch.data.u.value = value; + njs_vm_trap_value(vm, value); return NJS_TRAP_STRING_ARG; } @@ -1733,7 +1733,7 @@ njs_array_string_sort(njs_vm_t *vm, njs_ for (i = 1; i < nargs; i++) { if (!njs_is_string(&args[i])) { - vm->frame->trap_scratch.data.u.value = &args[i]; + njs_vm_trap_value(vm, &args[i]); return NJS_TRAP_STRING_ARG; } } diff -r 705129b55888 -r 8e1030bce13c njs/njs_date.c --- a/njs/njs_date.c Tue Mar 21 16:35:22 2017 +0300 +++ b/njs/njs_date.c Tue Mar 21 16:35:36 2017 +0300 @@ -108,7 +108,7 @@ njs_date_constructor(njs_vm_t *vm, njs_v for (i = 1; i < n; i++) { if (!njs_is_numeric(&args[i])) { - vm->frame->trap_scratch.data.u.value = &args[i]; + njs_vm_trap_value(vm, &args[i]); return NJS_TRAP_NUMBER_ARG; } @@ -187,7 +187,7 @@ njs_date_utc(njs_vm_t *vm, njs_value_t * for (i = 1; i < n; i++) { if (!njs_is_numeric(&args[i])) { - vm->frame->trap_scratch.data.u.value = &args[i]; + njs_vm_trap_value(vm, &args[i]); return NJS_TRAP_NUMBER_ARG; } diff -r 705129b55888 -r 8e1030bce13c njs/njs_function.h --- a/njs/njs_function.h Tue Mar 21 16:35:22 2017 +0300 +++ b/njs/njs_function.h Tue Mar 21 16:35:36 2017 +0300 @@ -68,6 +68,11 @@ typedef struct { #define NJS_CONTINUATION_SIZE njs_continuation_size(njs_continuation_t) +#define njs_vm_trap_value(vm, val) \ + (vm)->frame->trap_scratch.data.u.value = val + + + typedef struct njs_exception_s njs_exception_t; struct njs_exception_s { diff -r 705129b55888 -r 8e1030bce13c njs/njs_math.c --- a/njs/njs_math.c Tue Mar 21 16:35:22 2017 +0300 +++ b/njs/njs_math.c Tue Mar 21 16:35:36 2017 +0300 @@ -376,7 +376,7 @@ njs_object_math_hypot(njs_vm_t *vm, njs_ for (i = 1; i < nargs; i++) { if (!njs_is_numeric(&args[i])) { - vm->frame->trap_scratch.data.u.value = &args[i]; + njs_vm_trap_value(vm, &args[i]); return NJS_TRAP_NUMBER_ARG; } @@ -516,7 +516,7 @@ njs_object_math_max(njs_vm_t *vm, njs_va if (nargs > 1) { for (i = 1; i < nargs; i++) { if (!njs_is_numeric(&args[i])) { - vm->frame->trap_scratch.data.u.value = &args[i]; + njs_vm_trap_value(vm, &args[i]); return NJS_TRAP_NUMBER_ARG; } } @@ -547,7 +547,7 @@ njs_object_math_min(njs_vm_t *vm, njs_va if (nargs > 1) { for (i = 1; i < nargs; i++) { if (!njs_is_numeric(&args[i])) { - vm->frame->trap_scratch.data.u.value = &args[i]; + njs_vm_trap_value(vm, &args[i]); return NJS_TRAP_NUMBER_ARG; } } diff -r 705129b55888 -r 8e1030bce13c njs/njs_string.c --- a/njs/njs_string.c Tue Mar 21 16:35:22 2017 +0300 +++ b/njs/njs_string.c Tue Mar 21 16:35:36 2017 +0300 @@ -581,7 +581,7 @@ njs_string_prototype_concat(njs_vm_t *vm for (i = 0; i < nargs; i++) { if (!njs_is_string(&args[i])) { - vm->frame->trap_scratch.data.u.value = &args[i]; + njs_vm_trap_value(vm, &args[i]); return NJS_TRAP_STRING_ARG; } @@ -1130,7 +1130,7 @@ njs_string_from_char_code(njs_vm_t *vm, for (i = 1; i < nargs; i++) { if (!njs_is_numeric(&args[i])) { - vm->frame->trap_scratch.data.u.value = &args[i]; + njs_vm_trap_value(vm, &args[i]); return NJS_TRAP_NUMBER_ARG; } } diff -r 705129b55888 -r 8e1030bce13c njs/njs_vm.c --- a/njs/njs_vm.c Tue Mar 21 16:35:22 2017 +0300 +++ b/njs/njs_vm.c Tue Mar 21 16:35:36 2017 +0300 @@ -2518,7 +2518,7 @@ njs_normalize_args(njs_vm_t *vm, njs_val trap: - vm->frame->trap_scratch.data.u.value = args; + njs_vm_trap_value(vm, args); return trap; From igor at sysoev.ru Tue Mar 28 16:24:58 2017 From: igor at sysoev.ru (Igor Sysoev) Date: Tue, 28 Mar 2017 16:24:58 +0000 Subject: [njs] The "typeof" operation changes. Message-ID: details: http://hg.nginx.org/njs/rev/0bde7f156477 branches: changeset: 320:0bde7f156477 user: Igor Sysoev date: Sat Mar 25 13:42:40 2017 +0300 description: The "typeof" operation changes. diffstat: njs/njs_variable.c | 19 +++---------------- njs/njs_vm.c | 7 ++++++- 2 files changed, 9 insertions(+), 17 deletions(-) diffs (86 lines): diff -r 8e1030bce13c -r 0bde7f156477 njs/njs_variable.c --- a/njs/njs_variable.c Tue Mar 21 16:35:36 2017 +0300 +++ b/njs/njs_variable.c Sat Mar 25 13:42:40 2017 +0300 @@ -176,14 +176,12 @@ njs_variable_t * njs_variable_get(njs_vm_t *vm, njs_parser_node_t *node, njs_name_reference_t reference) { - nxt_int_t ret; nxt_array_t *values; njs_index_t index; njs_value_t *value; njs_variable_t *var; njs_parser_scope_t *scope, *parent, *inclusive; nxt_lvlhsh_query_t lhq; - const njs_value_t *initial; lhq.key_hash = node->variable_name_hash; lhq.key = node->u.variable_name; @@ -209,8 +207,6 @@ njs_variable_get(njs_vm_t *vm, njs_parse } } - initial = &njs_value_void; - goto found; } @@ -229,23 +225,14 @@ njs_variable_get(njs_vm_t *vm, njs_parse goto not_found; } - /* Add variable referenced by typeof to the global scope. */ - var = njs_variable_alloc(vm, &lhq.key, NJS_VARIABLE_TYPEOF); if (nxt_slow_path(var == NULL)) { return NULL; } - lhq.replace = 0; - lhq.value = var; - lhq.pool = vm->mem_cache_pool; + var->index = NJS_INDEX_NONE; - ret = nxt_lvlhsh_insert(&scope->variables, &lhq); - if (nxt_slow_path(ret != NXT_OK)) { - return NULL; - } - - initial = &njs_value_invalid; + return var; found: @@ -285,7 +272,7 @@ found: *value = var->value; } else { - *value = *initial; + *value = njs_value_void; } index = scope->next_index; diff -r 8e1030bce13c -r 0bde7f156477 njs/njs_vm.c --- a/njs/njs_vm.c Tue Mar 21 16:35:36 2017 +0300 +++ b/njs/njs_vm.c Sat Mar 25 13:42:40 2017 +0300 @@ -1444,6 +1444,8 @@ njs_vmcode_post_decrement(njs_vm_t *vm, njs_ret_t njs_vmcode_typeof(njs_vm_t *vm, njs_value_t *value, njs_value_t *invld) { + nxt_uint_t type; + /* ECMAScript 5.1: null, array and regexp are objects. */ static const njs_value_t *types[] = { @@ -1466,7 +1468,10 @@ njs_vmcode_typeof(njs_vm_t *vm, njs_valu &njs_string_object, }; - vm->retval = *types[value->type]; + /* A zero index means non-declared variable. */ + type = (value != NULL) ? value->type : NJS_VOID; + + vm->retval = *types[type]; return sizeof(njs_vmcode_2addr_t); } From igor at sysoev.ru Tue Mar 28 16:25:00 2017 From: igor at sysoev.ru (Igor Sysoev) Date: Tue, 28 Mar 2017 16:25:00 +0000 Subject: [njs] Closures support. Message-ID: details: http://hg.nginx.org/njs/rev/a095dc0cd361 branches: changeset: 321:a095dc0cd361 user: Igor Sysoev date: Tue Mar 28 07:50:05 2017 +0300 description: Closures support. diffstat: njs/njs_array.c | 2 +- njs/njs_boolean.c | 2 +- njs/njs_date.c | 4 +- njs/njs_function.c | 159 +++++++++++++++++++----- njs/njs_function.h | 29 +++- njs/njs_generator.c | 109 +++++++++++++--- njs/njs_number.c | 2 +- njs/njs_parser.c | 87 ++++++++----- njs/njs_parser.h | 26 ++- njs/njs_string.c | 2 +- njs/njs_variable.c | 291 ++++++++++++++++++++++++++++++++++------------ njs/njs_variable.h | 18 +- njs/njs_vm.c | 237 ++++++++++++++++++++++++------------- njs/njs_vm.h | 68 +++++++--- njs/njscript.c | 14 +- njs/test/njs_unit_test.c | 35 +++++- 16 files changed, 773 insertions(+), 312 deletions(-) diffs (truncated from 2072 to 1000 lines): diff -r 0bde7f156477 -r a095dc0cd361 njs/njs_array.c --- a/njs/njs_array.c Sat Mar 25 13:42:40 2017 +0300 +++ b/njs/njs_array.c Tue Mar 28 07:50:05 2017 +0300 @@ -725,7 +725,7 @@ njs_array_prototype_to_string_continuati nxt_uint_t nargs, njs_index_t retval) { /* Skip retval update. */ - vm->frame->skip = 1; + vm->top_frame->skip = 1; return NXT_OK; } diff -r 0bde7f156477 -r a095dc0cd361 njs/njs_boolean.c --- a/njs/njs_boolean.c Sat Mar 25 13:42:40 2017 +0300 +++ b/njs/njs_boolean.c Tue Mar 28 07:50:05 2017 +0300 @@ -34,7 +34,7 @@ njs_boolean_constructor(njs_vm_t *vm, nj value = njs_is_true(&args[1]) ? &njs_value_true : &njs_value_false; } - if (vm->frame->ctor) { + if (vm->top_frame->ctor) { object = njs_object_value_alloc(vm, value, value->type); if (nxt_slow_path(object == NULL)) { return NXT_ERROR; diff -r 0bde7f156477 -r a095dc0cd361 njs/njs_date.c --- a/njs/njs_date.c Sat Mar 25 13:42:40 2017 +0300 +++ b/njs/njs_date.c Tue Mar 28 07:50:05 2017 +0300 @@ -91,7 +91,7 @@ njs_date_constructor(njs_vm_t *vm, njs_v njs_date_t *date; struct tm tm; - if (vm->frame->ctor) { + if (vm->top_frame->ctor) { if (nargs == 1) { time = njs_gettime(); @@ -1892,7 +1892,7 @@ njs_date_prototype_to_json_continuation( nxt_uint_t nargs, njs_index_t retval) { /* Skip retval update. */ - vm->frame->skip = 1; + vm->top_frame->skip = 1; return NXT_OK; } diff -r 0bde7f156477 -r a095dc0cd361 njs/njs_function.c --- a/njs/njs_function.c Sat Mar 25 13:42:40 2017 +0300 +++ b/njs/njs_function.c Tue Mar 28 07:50:05 2017 +0300 @@ -60,7 +60,9 @@ njs_function_alloc(njs_vm_t *vm) njs_function_t * njs_function_value_copy(njs_vm_t *vm, njs_value_t *value) { - njs_function_t *function; + size_t size; + nxt_uint_t n, nesting; + njs_function_t *function, *copy; function = value->data.u.function; @@ -68,17 +70,36 @@ njs_function_value_copy(njs_vm_t *vm, nj return function; } - function = nxt_mem_cache_alloc(vm->mem_cache_pool, sizeof(njs_function_t)); + nesting = (function->native) ? 0 : function->u.lambda->nesting; - if (nxt_fast_path(function != NULL)) { - *function = *value->data.u.function; - function->object.__proto__ = - &vm->prototypes[NJS_PROTOTYPE_FUNCTION].object; - function->object.shared = 0; - value->data.u.function = function; + size = sizeof(njs_function_t) + nesting * sizeof(njs_closure_t *); + + copy = nxt_mem_cache_alloc(vm->mem_cache_pool, size); + if (nxt_slow_path(copy == NULL)) { + return copy; } - return function; + value->data.u.function = copy; + + *copy = *function; + copy->object.__proto__ = &vm->prototypes[NJS_PROTOTYPE_FUNCTION].object; + copy->object.shared = 0; + + if (nesting == 0) { + return copy; + } + + copy->closure = 1; + + n = 0; + + do { + /* GC: retain closure. */ + copy->closures[n] = vm->active_frame->closures[n]; + n++; + } while (n < nesting); + + return copy; } @@ -107,6 +128,7 @@ njs_function_native_frame(njs_vm_t *vm, frame->ctor = ctor; value = (njs_value_t *) (njs_continuation(frame) + reserve); + frame->arguments = value; bound = function->bound; @@ -124,7 +146,6 @@ njs_function_native_frame(njs_vm_t *vm, } while (n != 0); } - frame->arguments = value; vm->scopes[NJS_SCOPE_CALLEE_ARGUMENTS] = value; if (args != NULL) { @@ -140,17 +161,23 @@ njs_function_frame(njs_vm_t *vm, njs_fun const njs_value_t *this, njs_value_t *args, nxt_uint_t nargs, nxt_bool_t ctor) { - size_t size; - nxt_uint_t n, max_args; - njs_value_t *value, *bound; - njs_frame_t *frame; - njs_native_frame_t *native_frame; + size_t size; + nxt_uint_t n, max_args, closures;; + njs_value_t *value, *bound; + njs_frame_t *frame; + njs_native_frame_t *native_frame; + njs_function_lambda_t *lambda; - max_args = nxt_max(nargs, function->u.lambda->nargs); + lambda = function->u.lambda; + + max_args = nxt_max(nargs, lambda->nargs); + + closures = lambda->nesting + lambda->block_closures; size = NJS_FRAME_SIZE + (function->args_offset + max_args) * sizeof(njs_value_t) - + function->u.lambda->local_size; + + lambda->local_size + + closures * sizeof(njs_closure_t *); native_frame = njs_function_frame_alloc(vm, size); if (nxt_slow_path(native_frame == NULL)) { @@ -161,7 +188,10 @@ njs_function_frame(njs_vm_t *vm, njs_fun native_frame->nargs = nargs; native_frame->ctor = ctor; + /* Function arguments. */ + value = (njs_value_t *) ((u_char *) native_frame + NJS_FRAME_SIZE); + native_frame->arguments = value; bound = function->bound; @@ -177,7 +207,6 @@ njs_function_frame(njs_vm_t *vm, njs_fun } while (n != 0); } - native_frame->arguments = value; vm->scopes[NJS_SCOPE_CALLEE_ARGUMENTS] = value; if (args != NULL) { @@ -196,9 +225,6 @@ njs_function_frame(njs_vm_t *vm, njs_fun frame = (njs_frame_t *) native_frame; frame->local = value; - memcpy(frame->local, function->u.lambda->local_scope, - function->u.lambda->local_size); - return NXT_OK; } @@ -213,10 +239,10 @@ njs_function_frame_alloc(njs_vm_t *vm, s size_t spare_size, chunk_size; njs_native_frame_t *frame; - spare_size = vm->frame->free_size; + spare_size = vm->top_frame->free_size; if (nxt_fast_path(size <= spare_size)) { - frame = (njs_native_frame_t *) vm->frame->free; + frame = (njs_native_frame_t *) vm->top_frame->free; chunk_size = 0; } else { @@ -244,8 +270,8 @@ njs_function_frame_alloc(njs_vm_t *vm, s frame->free_size = spare_size - size; frame->free = (u_char *) frame + size; - frame->previous = vm->frame; - vm->frame = frame; + frame->previous = vm->top_frame; + vm->top_frame = frame; return frame; } @@ -290,25 +316,86 @@ njs_function_apply(njs_vm_t *vm, njs_fun nxt_noinline njs_ret_t njs_function_call(njs_vm_t *vm, njs_index_t retval, size_t advance) { - njs_frame_t *frame; - njs_function_t *function; + size_t size; + nxt_uint_t n, nesting; + njs_frame_t *frame; + njs_value_t *value; + njs_closure_t *closure, **closures; + njs_function_t *function; + njs_function_lambda_t *lambda; - frame = (njs_frame_t *) vm->frame; + frame = (njs_frame_t *) vm->top_frame; frame->retval = retval; function = frame->native.function; frame->return_address = vm->current + advance; - vm->current = function->u.lambda->u.start; - frame->prev_arguments = vm->scopes[NJS_SCOPE_ARGUMENTS]; - vm->scopes[NJS_SCOPE_ARGUMENTS] = frame->native.arguments - - function->args_offset; + lambda = function->u.lambda; + vm->current = lambda->u.start; + #if (NXT_DEBUG) vm->scopes[NJS_SCOPE_CALLEE_ARGUMENTS] = NULL; #endif - frame->prev_local = vm->scopes[NJS_SCOPE_FUNCTION]; - vm->scopes[NJS_SCOPE_FUNCTION] = frame->local; + + vm->scopes[NJS_SCOPE_ARGUMENTS] = frame->native.arguments; + + /* Function local variables and temporary values. */ + + vm->scopes[NJS_SCOPE_LOCAL] = frame->local; + + memcpy(frame->local, lambda->local_scope, lambda->local_size); + + /* Parent closures values. */ + + n = 0; + nesting = lambda->nesting; + + if (nesting != 0) { + closures = (function->closure) ? function->closures + : vm->active_frame->closures; + do { + closure = *closures++; + + frame->closures[n] = closure; + vm->scopes[NJS_SCOPE_CLOSURE + n] = &closure->u.values; + + n++; + } while (n < nesting); + } + + /* Function closure values. */ + + if (lambda->block_closures > 0) { + closure = NULL; + + size = lambda->closure_size; + + if (size != 0) { + closure = nxt_mem_cache_align(vm->mem_cache_pool, + sizeof(njs_value_t), size); + if (nxt_slow_path(closure == NULL)) { + return NXT_ERROR; + } + + /* TODO: copy initialzed values. */ + + size -= sizeof(njs_value_t); + closure->u.count = 0; + value = closure->values; + + do { + *value++ = njs_value_void; + size -= sizeof(njs_value_t); + } while (size != 0); + } + + frame->closures[n] = closure; + vm->scopes[NJS_SCOPE_CLOSURE + n] = &closure->u.values; + } + + frame->previous_active_frame = vm->active_frame; + vm->active_frame = frame; return NJS_APPLIED; } @@ -498,7 +585,7 @@ njs_function_activate(njs_vm_t *vm, njs_ } /* Skip the "call/apply" method frame. */ - vm->frame->previous->skip = 1; + vm->top_frame->previous->skip = 1; cont = njs_vm_continuation(vm); @@ -520,7 +607,7 @@ njs_function_activate(njs_vm_t *vm, njs_ } /* Skip the "call/apply" method frame. */ - vm->frame->previous->skip = 1; + vm->top_frame->previous->skip = 1; return njs_function_call(vm, retval, sizeof(njs_vmcode_function_call_t)); } diff -r 0bde7f156477 -r a095dc0cd361 njs/njs_function.h --- a/njs/njs_function.h Sat Mar 25 13:42:40 2017 +0300 +++ b/njs/njs_function.h Tue Mar 28 07:50:05 2017 +0300 @@ -22,6 +22,13 @@ struct njs_function_lambda_s { uint32_t nargs; uint32_t local_size; + uint32_t closure_size; + + /* Function nesting level. */ + uint8_t nesting; /* 4 bits */ + + /* Function internal block closures levels. */ + uint8_t block_closures; /* 4 bits */ /* Initial values of local scope. */ njs_value_t *local_scope; @@ -57,7 +64,7 @@ typedef struct { #define njs_vm_continuation(vm) \ - (void *) njs_continuation((vm)->frame) + (void *) njs_continuation((vm)->top_frame) #define njs_continuation(frame) \ ((u_char *) frame + NJS_NATIVE_FRAME_SIZE) @@ -69,7 +76,7 @@ typedef struct { #define njs_vm_trap_value(vm, val) \ - (vm)->frame->trap_scratch.data.u.value = val + (vm)->top_frame->trap_scratch.data.u.value = val @@ -119,17 +126,21 @@ struct njs_native_frame_s { }; -typedef struct { +struct njs_frame_s { njs_native_frame_t native; + njs_index_t retval; + u_char *return_address; - njs_value_t *prev_arguments; - njs_value_t *prev_local; + njs_frame_t *previous_active_frame; + njs_value_t *local; - njs_value_t *closure; - - njs_index_t retval; -} njs_frame_t; +#if (NXT_SUNC) + njs_closure_t *closures[1]; +#else + njs_closure_t *closures[]; +#endif +}; njs_function_t *njs_function_alloc(njs_vm_t *vm); diff -r 0bde7f156477 -r a095dc0cd361 njs/njs_generator.c --- a/njs/njs_generator.c Sat Mar 25 13:42:40 2017 +0300 +++ b/njs/njs_generator.c Tue Mar 28 07:50:05 2017 +0300 @@ -92,6 +92,8 @@ static nxt_int_t njs_generate_function_d njs_parser_t *parser, njs_parser_node_t *node); static nxt_int_t njs_generate_function_scope(njs_vm_t *vm, njs_function_lambda_t *lambda, njs_parser_node_t *node); +static void njs_generate_argument_closures(njs_parser_t *parser, + njs_parser_node_t *node); static nxt_int_t njs_generate_return_statement(njs_vm_t *vm, njs_parser_t *parser, njs_parser_node_t *node); static nxt_int_t njs_generate_function_call(njs_vm_t *vm, njs_parser_t *parser, @@ -338,7 +340,7 @@ njs_generate_name(njs_vm_t *vm, njs_pars njs_variable_t *var; njs_vmcode_object_copy_t *copy; - var = njs_variable_get(vm, node, NJS_NAME_REFERENCE); + var = njs_variable_get(vm, node); if (nxt_slow_path(var == NULL)) { return NXT_ERROR; } @@ -371,7 +373,7 @@ njs_generate_builtin_object(njs_vm_t *vm njs_index_t index; njs_vmcode_object_copy_t *copy; - index = njs_variable_index(vm, node, NJS_NAME_REFERENCE); + index = njs_variable_index(vm, node); if (nxt_slow_path(index == NJS_INDEX_ERROR)) { return NXT_ERROR; } @@ -398,7 +400,7 @@ njs_generate_variable(njs_vm_t *vm, njs_ { njs_index_t index; - index = njs_variable_index(vm, node, NJS_NAME_REFERENCE); + index = njs_variable_index(vm, node); if (nxt_slow_path(index == NJS_INDEX_ERROR)) { return NXT_ERROR; } @@ -420,7 +422,7 @@ njs_generate_var_statement(njs_vm_t *vm, lvalue = node->left; - index = njs_variable_index(vm, lvalue, NJS_NAME_DECLARATION); + index = njs_variable_index(vm, lvalue); if (nxt_slow_path(index == NJS_INDEX_ERROR)) { return NXT_ERROR; } @@ -1307,7 +1309,7 @@ njs_generate_assignment(njs_vm_t *vm, nj if (lvalue->token == NJS_TOKEN_NAME) { - index = njs_variable_index(vm, lvalue, NJS_NAME_REFERENCE); + index = njs_variable_index(vm, lvalue); if (nxt_slow_path(index == NJS_INDEX_ERROR)) { return NXT_ERROR; } @@ -1813,7 +1815,7 @@ njs_generate_typeof_operation(njs_vm_t * expr = node->left; if (expr->token == NJS_TOKEN_NAME) { - index = njs_variable_index(vm, expr, NJS_NAME_TYPEOF); + index = njs_variable_typeof(vm, expr); if (nxt_slow_path(index == NJS_INDEX_ERROR)) { return NXT_ERROR; } @@ -1964,7 +1966,7 @@ njs_generate_function_declaration(njs_vm njs_variable_t *var; njs_function_lambda_t *lambda; - var = njs_variable_get(vm, node, NJS_NAME_DECLARATION); + var = njs_variable_get(vm, node); if (nxt_slow_path(var == NULL)) { return NXT_ERROR; } @@ -1979,14 +1981,34 @@ static nxt_int_t njs_generate_function_scope(njs_vm_t *vm, njs_function_lambda_t *lambda, njs_parser_node_t *node) { - nxt_int_t ret; - - ret = njs_generate_scope(vm, lambda->u.parser, node->right); + size_t size; + nxt_int_t ret; + nxt_array_t *closure; + njs_parser_t *parser; + + parser = lambda->u.parser; + node = node->right; + + parser->code_size += node->scope->argument_closures + * sizeof(njs_vmcode_move_t); + + ret = njs_generate_scope(vm, parser, node); if (nxt_fast_path(ret == NXT_OK)) { - lambda->local_size = lambda->u.parser->scope_size; - lambda->local_scope = lambda->u.parser->local_scope; - lambda->u.start = lambda->u.parser->code_start; + size = 0; + closure = node->scope->values[1]; + + if (closure != NULL) { + lambda->block_closures = 1; + size = (1 + closure->items) * sizeof(njs_value_t); + } + + lambda->nesting = node->scope->nesting; + lambda->closure_size = size; + + lambda->local_size = parser->scope_size; + lambda->local_scope = parser->local_scope; + lambda->u.start = parser->code_start; } return ret; @@ -2004,6 +2026,8 @@ njs_generate_scope(njs_vm_t *vm, njs_par njs_vm_code_t *code; njs_parser_scope_t *scope; + scope = node->scope; + p = nxt_mem_cache_alloc(vm->mem_cache_pool, parser->code_size); if (nxt_slow_path(p == NULL)) { return NXT_ERROR; @@ -2012,12 +2036,12 @@ njs_generate_scope(njs_vm_t *vm, njs_par parser->code_start = p; parser->code_end = p; + njs_generate_argument_closures(parser, node); + if (nxt_slow_path(njs_generator(vm, parser, node) != NXT_OK)) { return NXT_ERROR; } - scope = node->scope; - code_size = parser->code_end - parser->code_start; nxt_thread_log_debug("SCOPE CODE SIZE: %uz %uz", @@ -2028,7 +2052,7 @@ njs_generate_scope(njs_vm_t *vm, njs_par return NXT_ERROR; } - scope_size = njs_offset(scope->next_index); + scope_size = njs_scope_offset(scope->next_index[0]); if (scope->type == NJS_SCOPE_GLOBAL) { scope_size -= NJS_INDEX_GLOBAL_OFFSET; @@ -2041,11 +2065,11 @@ njs_generate_scope(njs_vm_t *vm, njs_par parser->scope_size = scope_size; - size = scope->values->items * sizeof(njs_value_t); + size = scope->values[0]->items * sizeof(njs_value_t); nxt_thread_log_debug("SCOPE SIZE: %uz %uz", size, scope_size); - p = memcpy(parser->local_scope, scope->values->start, size); + p = memcpy(parser->local_scope, scope->values[0]->start, size); value = (njs_value_t *) (p + size); for (n = scope_size - size; n != 0; n -= sizeof(njs_value_t)) { @@ -2072,6 +2096,44 @@ njs_generate_scope(njs_vm_t *vm, njs_par } +static void +njs_generate_argument_closures(njs_parser_t *parser, njs_parser_node_t *node) +{ + nxt_uint_t n; + njs_index_t index; + njs_variable_t *var; + njs_vmcode_move_t *move; + nxt_lvlhsh_each_t lhe; + + n = node->scope->argument_closures; + + if (n == 0) { + return; + } + + memset(&lhe, 0, sizeof(nxt_lvlhsh_each_t)); + lhe.proto = &njs_variables_hash_proto; + + do { + var = nxt_lvlhsh_each(&node->scope->variables, &lhe); + + if (var->argument != 0) { + index = njs_scope_index((var->argument - 1), NJS_SCOPE_ARGUMENTS); + + njs_generate_code(parser, njs_vmcode_move_t, move); + move->code.operation = njs_vmcode_move; + move->code.operands = NJS_VMCODE_2OPERANDS; + move->code.retval = NJS_VMCODE_RETVAL; + move->dst = var->index; + move->src = index; + + n--; + } + + } while(n != 0); +} + + static nxt_int_t njs_generate_return_statement(njs_vm_t *vm, njs_parser_t *parser, njs_parser_node_t *node) @@ -2281,7 +2343,7 @@ njs_generate_try_statement(njs_vm_t *vm, if (node->token == NJS_TOKEN_CATCH) { /* A "try/catch" case. */ - catch_index = njs_variable_index(vm, node->left, NJS_NAME_DECLARATION); + catch_index = njs_variable_index(vm, node->left); if (nxt_slow_path(catch_index == NJS_INDEX_ERROR)) { return NXT_ERROR; } @@ -2306,8 +2368,7 @@ njs_generate_try_statement(njs_vm_t *vm, if (node->left != NULL) { /* A try/catch/finally case. */ - catch_index = njs_variable_index(vm, node->left->left, - NJS_NAME_DECLARATION); + catch_index = njs_variable_index(vm, node->left->left); if (nxt_slow_path(catch_index == NJS_INDEX_ERROR)) { return NXT_ERROR; } @@ -2479,7 +2540,7 @@ njs_generator_temp_index_get(njs_vm_t *v scope = scope->parent; } - value = nxt_array_add(scope->values, &njs_array_mem_proto, + value = nxt_array_add(scope->values[0], &njs_array_mem_proto, vm->mem_cache_pool); if (nxt_slow_path(value == NULL)) { return NJS_INDEX_ERROR; @@ -2487,8 +2548,8 @@ njs_generator_temp_index_get(njs_vm_t *v *value = njs_value_invalid; - index = scope->next_index; - scope->next_index += sizeof(njs_value_t); + index = scope->next_index[0]; + scope->next_index[0] += sizeof(njs_value_t); return index; } diff -r 0bde7f156477 -r a095dc0cd361 njs/njs_number.c --- a/njs/njs_number.c Sat Mar 25 13:42:40 2017 +0300 +++ b/njs/njs_number.c Tue Mar 28 07:50:05 2017 +0300 @@ -242,7 +242,7 @@ njs_number_constructor(njs_vm_t *vm, njs value = &args[1]; } - if (vm->frame->ctor) { + if (vm->top_frame->ctor) { object = njs_object_value_alloc(vm, value, value->type); if (nxt_slow_path(object == NULL)) { return NXT_ERROR; diff -r 0bde7f156477 -r a095dc0cd361 njs/njs_parser.c --- a/njs/njs_parser.c Sat Mar 25 13:42:40 2017 +0300 +++ b/njs/njs_parser.c Tue Mar 28 07:50:05 2017 +0300 @@ -142,9 +142,32 @@ njs_parser(njs_vm_t *vm, njs_parser_t *p static njs_ret_t njs_parser_scope_begin(njs_vm_t *vm, njs_parser_t *parser, njs_scope_t type) { + nxt_uint_t nesting; nxt_array_t *values; njs_parser_scope_t *scope, *parent; + nesting = 0; + + if (type == NJS_SCOPE_FUNCTION) { + + for (scope = parser->scope; scope != NULL; scope = scope->parent) { + + if (scope->type == NJS_SCOPE_FUNCTION) { + nesting = scope->nesting + 1; + + if (nesting <= NJS_MAX_NESTING) { + break; + } + + nxt_alert(&vm->trace, NXT_LEVEL_ERROR, "SyntaxError: " + "The maximum function nesting level is \"%d\"", + NJS_MAX_NESTING); + + return NXT_ERROR; + } + } + } + scope = nxt_mem_cache_alloc(vm->mem_cache_pool, sizeof(njs_parser_scope_t)); if (nxt_slow_path(scope == NULL)) { return NXT_ERROR; @@ -152,14 +175,26 @@ njs_parser_scope_begin(njs_vm_t *vm, njs scope->type = type; - if (type == NJS_SCOPE_GLOBAL) { - type += NJS_INDEX_GLOBAL_OFFSET; + if (type == NJS_SCOPE_FUNCTION) { + scope->next_index[0] = type; + scope->next_index[1] = NJS_SCOPE_CLOSURE + nesting + + sizeof(njs_value_t);; + + } else { + if (type == NJS_SCOPE_GLOBAL) { + type += NJS_INDEX_GLOBAL_OFFSET; + } + + scope->next_index[0] = type; + scope->next_index[1] = 0; } - scope->next_index = type; - - scope->inclusive = 0; + scope->nesting = nesting; + scope->argument_closures = 0; + + nxt_queue_init(&scope->nested); nxt_lvlhsh_init(&scope->variables); + nxt_lvlhsh_init(&scope->references); values = NULL; @@ -171,17 +206,17 @@ njs_parser_scope_begin(njs_vm_t *vm, njs } } - scope->values = values; + scope->values[0] = values; + scope->values[1] = NULL; parent = parser->scope; - - if (parent != NULL) { - parent->inclusive++; - } - scope->parent = parent; parser->scope = scope; + if (parent != NULL) { + nxt_queue_insert_tail(&parent->nested, &scope->link); + } + return NXT_OK; } @@ -194,18 +229,6 @@ njs_parser_scope_end(njs_vm_t *vm, njs_p scope = parser->scope; parent = scope->parent; - -#if 0 - if (scope->inclusive == 0 - && scope->type == NJS_SCOPE_BLOCK - && nxt_lvlhsh_is_empty(&scope->variables)) - { - parent->inclusive--; - - nxt_mem_cache_free(vm->mem_cache_pool, scope); - } -#endif - parser->scope = parent; } @@ -411,7 +434,7 @@ njs_parser_function_declaration(njs_vm_t return NJS_TOKEN_ERROR; } - ret = njs_variable_reference(vm, parser, node); + ret = njs_variable_reference(vm, parser, node, 0); if (nxt_slow_path(ret != NXT_OK)) { return NJS_TOKEN_ERROR; } @@ -608,7 +631,7 @@ njs_parser_function_lambda(njs_vm_t *vm, } } - lambda->nargs = njs_index_size(index) / sizeof(njs_value_t) - 1; + lambda->nargs = njs_scope_offset(index) / sizeof(njs_value_t) - 1; token = njs_parser_token(parser); if (nxt_slow_path(token <= NJS_TOKEN_ILLEGAL)) { @@ -784,7 +807,7 @@ njs_parser_var_statement(njs_vm_t *vm, n name->token = NJS_TOKEN_NAME; - ret = njs_variable_reference(vm, parser, name); + ret = njs_variable_reference(vm, parser, name, 0); if (nxt_slow_path(ret != NXT_OK)) { return NJS_TOKEN_ERROR; } @@ -1275,7 +1298,7 @@ njs_parser_for_var_statement(njs_vm_t *v name->token = NJS_TOKEN_NAME; - ret = njs_variable_reference(vm, parser, name); + ret = njs_variable_reference(vm, parser, name, 0); if (nxt_slow_path(ret != NXT_OK)) { return NJS_TOKEN_ERROR; } @@ -1557,7 +1580,7 @@ njs_parser_try_statement(njs_vm_t *vm, n return NJS_TOKEN_ERROR; } - var = njs_variable_add(vm, parser, NJS_VARIABLE_LET); + var = njs_variable_add(vm, parser, NJS_VARIABLE_CATCH); if (nxt_slow_path(var == NULL)) { return NJS_TOKEN_ERROR; } @@ -1569,7 +1592,7 @@ njs_parser_try_statement(njs_vm_t *vm, n node->token = NJS_TOKEN_NAME; - ret = njs_variable_reference(vm, parser, node); + ret = njs_variable_reference(vm, parser, node, 0); if (nxt_slow_path(ret != NXT_OK)) { return NJS_TOKEN_ERROR; } @@ -1788,7 +1811,7 @@ njs_parser_terminal(njs_vm_t *vm, njs_pa break; } - ret = njs_variable_reference(vm, parser, node); + ret = njs_variable_reference(vm, parser, node, 1); if (nxt_slow_path(ret != NXT_OK)) { return NJS_TOKEN_ERROR; } @@ -2001,7 +2024,7 @@ njs_parser_builtin_object(njs_vm_t *vm, var->value.type = NJS_OBJECT; var->value.data.truth = 1; - ret = njs_variable_reference(vm, parser, node); + ret = njs_variable_reference(vm, parser, node, 1); if (nxt_slow_path(ret != NXT_OK)) { return NJS_TOKEN_ERROR; } @@ -2034,7 +2057,7 @@ njs_parser_builtin_function(njs_vm_t *vm var->value.type = NJS_FUNCTION; var->value.data.truth = 1; - ret = njs_variable_reference(vm, parser, node); + ret = njs_variable_reference(vm, parser, node, 1); if (nxt_slow_path(ret != NXT_OK)) { return NJS_TOKEN_ERROR; } diff -r 0bde7f156477 -r a095dc0cd361 njs/njs_parser.h --- a/njs/njs_parser.h Sat Mar 25 13:42:40 2017 +0300 +++ b/njs/njs_parser.h Tue Mar 28 07:50:05 2017 +0300 @@ -216,16 +216,20 @@ typedef struct { ((node)->token == NJS_TOKEN_NAME || (node)->token == NJS_TOKEN_PROPERTY) -typedef struct njs_parser_scope_s njs_parser_scope_t; - struct njs_parser_scope_s { - nxt_array_t *values; /* Array of njs_value_t. */ + nxt_queue_link_t link; + nxt_queue_t nested; - nxt_lvlhsh_t variables; njs_parser_scope_t *parent; - njs_index_t next_index; - uint32_t inclusive; + nxt_lvlhsh_t variables; + nxt_lvlhsh_t references; + + nxt_array_t *values[2]; /* Array of njs_value_t. */ + njs_index_t next_index[2]; + njs_scope_t type:8; + uint8_t nesting; /* 4 bits */ + uint8_t argument_closures; }; @@ -235,6 +239,7 @@ struct njs_parser_node_s { njs_token_t token:16; uint8_t ctor:1; /* 1 bit */ uint8_t temporary; /* 1 bit */ + uint8_t reference; /* 1 bit */ uint32_t token_line; uint32_t variable_name_hash; @@ -353,11 +358,10 @@ njs_token_t njs_parser_property_token(nj njs_token_t njs_parser_token(njs_parser_t *parser); nxt_int_t njs_parser_string_create(njs_vm_t *vm, njs_value_t *value); njs_ret_t njs_variable_reference(njs_vm_t *vm, njs_parser_t *parser, - njs_parser_node_t *node); -njs_variable_t *njs_variable_get(njs_vm_t *vm, njs_parser_node_t *node, - njs_name_reference_t reference); -njs_index_t njs_variable_index(njs_vm_t *vm, njs_parser_node_t *node, - njs_name_reference_t reference); + njs_parser_node_t *node, nxt_bool_t reference); +njs_variable_t *njs_variable_get(njs_vm_t *vm, njs_parser_node_t *node); +njs_index_t njs_variable_typeof(njs_vm_t *vm, njs_parser_node_t *node); +njs_index_t njs_variable_index(njs_vm_t *vm, njs_parser_node_t *node); nxt_bool_t njs_parser_has_side_effect(njs_parser_node_t *node); u_char *njs_parser_trace_handler(nxt_trace_t *trace, nxt_trace_data_t *td, u_char *start); diff -r 0bde7f156477 -r a095dc0cd361 njs/njs_string.c --- a/njs/njs_string.c Sat Mar 25 13:42:40 2017 +0300 +++ b/njs/njs_string.c Tue Mar 28 07:50:05 2017 +0300 @@ -367,7 +367,7 @@ njs_string_constructor(njs_vm_t *vm, njs value = &args[1]; } - if (vm->frame->ctor) { + if (vm->top_frame->ctor) { object = njs_object_value_alloc(vm, value, value->type); if (nxt_slow_path(object == NULL)) { return NXT_ERROR; diff -r 0bde7f156477 -r a095dc0cd361 njs/njs_variable.c --- a/njs/njs_variable.c Sat Mar 25 13:42:40 2017 +0300 +++ b/njs/njs_variable.c Tue Mar 28 07:50:05 2017 +0300 @@ -23,6 +23,15 @@ #include +typedef struct { + nxt_lvlhsh_query_t lhq; + njs_variable_t *variable; + njs_parser_scope_t *scope; +} njs_variable_scope_t; + + +static njs_ret_t njs_variable_find(njs_vm_t *vm, njs_parser_node_t *node, + njs_variable_scope_t *vs); static njs_variable_t *njs_variable_alloc(njs_vm_t *vm, nxt_str_t *name, njs_variable_type_t type); @@ -42,7 +51,7 @@ njs_variables_hash_test(nxt_lvlhsh_query } -static const nxt_lvlhsh_proto_t njs_variables_hash_proto +const nxt_lvlhsh_proto_t njs_variables_hash_proto nxt_aligned(64) = { NXT_LVLHSH_DEFAULT, @@ -155,103 +164,195 @@ njs_variable_add(njs_vm_t *vm, njs_parse } +static nxt_int_t +njs_reference_hash_test(nxt_lvlhsh_query_t *lhq, void *data) +{ + njs_parser_node_t *node; + + node = data; + + if (nxt_strstr_eq(&lhq->key, &node->u.variable_name)) { + return NXT_OK; + } + + return NXT_DECLINED; +} + + +const nxt_lvlhsh_proto_t njs_reference_hash_proto + nxt_aligned(64) = +{ + NXT_LVLHSH_DEFAULT, + 0, + njs_reference_hash_test, + njs_lvlhsh_alloc, + njs_lvlhsh_free, +}; + + njs_ret_t njs_variable_reference(njs_vm_t *vm, njs_parser_t *parser, - njs_parser_node_t *node) + njs_parser_node_t *node, nxt_bool_t reference) { - njs_ret_t ret; + njs_ret_t ret; + nxt_lvlhsh_query_t lhq; ret = njs_name_copy(vm, &node->u.variable_name, &parser->lexer->text); if (nxt_fast_path(ret == NXT_OK)) { node->variable_name_hash = parser->lexer->key_hash; node->scope = parser->scope; + node->reference = reference; + + lhq.key_hash = node->variable_name_hash; + lhq.key = node->u.variable_name; + lhq.proto = &njs_reference_hash_proto; + lhq.replace = 0; + lhq.value = node; + lhq.pool = vm->mem_cache_pool; + + ret = nxt_lvlhsh_insert(&parser->scope->references, &lhq); + + if (nxt_slow_path(ret != NXT_ERROR)) { + ret = NXT_OK; + } } return ret; } -njs_variable_t * -njs_variable_get(njs_vm_t *vm, njs_parser_node_t *node, - njs_name_reference_t reference) +njs_ret_t +njs_variables_scope_reference(njs_vm_t *vm, njs_parser_scope_t *scope) { - nxt_array_t *values; - njs_index_t index; - njs_value_t *value; From mdounin at mdounin.ru Tue Mar 28 16:25:24 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 28 Mar 2017 16:25:24 +0000 Subject: [nginx] Simplified and improved sendfile() code on Linux. Message-ID: details: http://hg.nginx.org/nginx/rev/ff0c8e11edbc branches: changeset: 6949:ff0c8e11edbc user: Maxim Dounin date: Tue Mar 28 18:15:39 2017 +0300 description: Simplified and improved sendfile() code on Linux. The ngx_linux_sendfile() function is now used for both normal sendfile() and sendfile in threads. The ngx_linux_sendfile_thread() function was modified to use the same interface as ngx_linux_sendfile(), and is simply called from ngx_linux_sendfile() when threads are enabled. Special return code NGX_DONE is used to indicate that a thread task was posted and no further actions are needed. If number of bytes sent is less that what we were sending, we now always retry sending. This is needed for sendfile() in threads as the number of bytes we are sending might have been changed since the thread task was posted. And this is also needed for Linux 4.3+, as sendfile() might be interrupted at any time and provides no indication if it was interrupted or not (ticket #1174). diffstat: src/os/unix/ngx_linux_sendfile_chain.c | 114 +++++++++++++------------------- 1 files changed, 47 insertions(+), 67 deletions(-) diffs (203 lines): diff --git a/src/os/unix/ngx_linux_sendfile_chain.c b/src/os/unix/ngx_linux_sendfile_chain.c --- a/src/os/unix/ngx_linux_sendfile_chain.c +++ b/src/os/unix/ngx_linux_sendfile_chain.c @@ -20,8 +20,8 @@ static ssize_t ngx_linux_sendfile(ngx_co #error sendfile64() is required! #endif -static ngx_int_t ngx_linux_sendfile_thread(ngx_connection_t *c, ngx_buf_t *file, - size_t size, size_t *sent); +static ssize_t ngx_linux_sendfile_thread(ngx_connection_t *c, ngx_buf_t *file, + size_t size); static void ngx_linux_sendfile_thread_handler(void *data, ngx_log_t *log); #endif @@ -56,10 +56,6 @@ ngx_linux_sendfile_chain(ngx_connection_ ngx_chain_t *cl; ngx_iovec_t header; struct iovec headers[NGX_IOVS_PREALLOCATE]; -#if (NGX_THREADS) - ngx_int_t rc; - ngx_uint_t thread_handled, thread_complete; -#endif wev = c->write; @@ -82,10 +78,6 @@ ngx_linux_sendfile_chain(ngx_connection_ for ( ;; ) { prev_send = send; -#if (NGX_THREADS) - thread_handled = 0; - thread_complete = 0; -#endif /* create the iovec and coalesce the neighbouring bufs */ @@ -179,37 +171,18 @@ ngx_linux_sendfile_chain(ngx_connection_ } #endif -#if (NGX_THREADS) - if (file->file->thread_handler) { - rc = ngx_linux_sendfile_thread(c, file, file_size, &sent); - - switch (rc) { - case NGX_OK: - thread_handled = 1; - break; - - case NGX_DONE: - thread_complete = 1; - break; + n = ngx_linux_sendfile(c, file, file_size); - case NGX_AGAIN: - break; - - default: /* NGX_ERROR */ - return NGX_CHAIN_ERROR; - } + if (n == NGX_ERROR) { + return NGX_CHAIN_ERROR; + } - } else -#endif - { - n = ngx_linux_sendfile(c, file, file_size); + if (n == NGX_DONE) { + /* thread task posted */ + return in; + } - if (n == NGX_ERROR) { - return NGX_CHAIN_ERROR; - } - - sent = (n == NGX_AGAIN) ? 0 : n; - } + sent = (n == NGX_AGAIN) ? 0 : n; } else { n = ngx_writev(c, &header); @@ -225,21 +198,27 @@ ngx_linux_sendfile_chain(ngx_connection_ in = ngx_chain_update_sent(in, sent); - if ((size_t) (send - prev_send) != sent) { -#if (NGX_THREADS) - if (thread_handled) { - return in; - } - - if (thread_complete) { - send = prev_send + sent; - continue; - } -#endif + if (n == NGX_AGAIN) { wev->ready = 0; return in; } + if ((size_t) (send - prev_send) != sent) { + + /* + * sendfile() on Linux 4.3+ might be interrupted at any time, + * and provides no indication if it was interrupted or not, + * so we have to retry till an explicit EAGAIN + * + * sendfile() in threads can also report less bytes written + * than we are prepared to send now, since it was started in + * some point in the past, so we again have to retry + */ + + send = prev_send + sent; + continue; + } + if (send >= limit || in == NULL) { return in; } @@ -258,6 +237,14 @@ ngx_linux_sendfile(ngx_connection_t *c, ssize_t n; ngx_err_t err; +#if (NGX_THREADS) + + if (file->file->thread_handler) { + return ngx_linux_sendfile_thread(c, file, size); + } + +#endif + #if (NGX_HAVE_SENDFILE64) offset = file->file_pos; #else @@ -324,9 +311,8 @@ typedef struct { } ngx_linux_sendfile_ctx_t; -static ngx_int_t -ngx_linux_sendfile_thread(ngx_connection_t *c, ngx_buf_t *file, size_t size, - size_t *sent) +static ssize_t +ngx_linux_sendfile_thread(ngx_connection_t *c, ngx_buf_t *file, size_t size) { ngx_event_t *wev; ngx_thread_task_t *task; @@ -356,10 +342,14 @@ ngx_linux_sendfile_thread(ngx_connection task->event.complete = 0; if (ctx->err == NGX_EAGAIN) { - *sent = 0; + /* + * if wev->complete is set, this means that a write event + * happened while we were waiting for the thread task, so + * we have to retry sending even on EAGAIN + */ if (wev->complete) { - return NGX_DONE; + return 0; } return NGX_AGAIN; @@ -384,13 +374,7 @@ ngx_linux_sendfile_thread(ngx_connection return NGX_ERROR; } - *sent = ctx->sent; - - if (ctx->sent == ctx->size || wev->complete) { - return NGX_DONE; - } - - return NGX_AGAIN; + return ctx->sent; } if (task->event.active && ctx->file == file) { @@ -399,9 +383,7 @@ ngx_linux_sendfile_thread(ngx_connection * or multiple calls of the next body filter from a filter */ - *sent = 0; - - return NGX_OK; + return NGX_DONE; } ctx->file = file; @@ -414,9 +396,7 @@ ngx_linux_sendfile_thread(ngx_connection return NGX_ERROR; } - *sent = 0; - - return NGX_OK; + return NGX_DONE; } From mdounin at mdounin.ru Tue Mar 28 16:25:28 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 28 Mar 2017 16:25:28 +0000 Subject: [nginx] Threads: fixed request hang with aio_write and subrequests. Message-ID: details: http://hg.nginx.org/nginx/rev/4cb4ffe06785 branches: changeset: 6950:4cb4ffe06785 user: Maxim Dounin date: Tue Mar 28 18:15:41 2017 +0300 description: Threads: fixed request hang with aio_write and subrequests. If the subrequest is already finalized, the handler set with aio_write may still be used by sendfile in threads when using range requests (see also e4c1f5b32868, and the original note in 9fd738b85fad). Calling already finalized subrequest's r->write_event_handler in practice results in request hang in some cases. Fix is to trigger connection event handler if the subrequest was already finalized. diffstat: src/http/ngx_http_upstream.c | 16 +++++++++++++--- 1 files changed, 13 insertions(+), 3 deletions(-) diffs (26 lines): diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c --- a/src/http/ngx_http_upstream.c +++ b/src/http/ngx_http_upstream.c @@ -3736,9 +3736,19 @@ ngx_http_upstream_thread_event_handler(n r->main->blocked--; r->aio = 0; - r->write_event_handler(r); - - ngx_http_run_posted_requests(c); + if (r->done) { + /* + * trigger connection event handler if the subrequest was + * already finalized; this can happen if the handler is used + * for sendfile() in threads + */ + + c->write->handler(c->write); + + } else { + r->write_event_handler(r); + ngx_http_run_posted_requests(c); + } } #endif From mdounin at mdounin.ru Tue Mar 28 16:25:30 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 28 Mar 2017 16:25:30 +0000 Subject: [nginx] Copy filter: wake up subrequests after aio operations. Message-ID: details: http://hg.nginx.org/nginx/rev/ce37362a7a70 branches: changeset: 6951:ce37362a7a70 user: Maxim Dounin date: Tue Mar 28 18:15:42 2017 +0300 description: Copy filter: wake up subrequests after aio operations. Previously, connection write handler was called, resulting in wake up of the active subrequest. This change makes it possible to read data in non-active subrequests as well. For example, this allows SSI to process instructions in non-active subrequests earlier and start additional subrequests if needed, reducing overall response time. diffstat: src/http/ngx_http_copy_filter_module.c | 32 ++++++++++++++++++++++++++++++-- 1 files changed, 30 insertions(+), 2 deletions(-) diffs (64 lines): diff --git a/src/http/ngx_http_copy_filter_module.c b/src/http/ngx_http_copy_filter_module.c --- a/src/http/ngx_http_copy_filter_module.c +++ b/src/http/ngx_http_copy_filter_module.c @@ -187,15 +187,24 @@ static void ngx_http_copy_aio_event_handler(ngx_event_t *ev) { ngx_event_aio_t *aio; + ngx_connection_t *c; ngx_http_request_t *r; aio = ev->data; r = aio->data; + c = r->connection; + + ngx_http_set_log_request(c->log, r); + + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0, + "http aio: \"%V?%V\"", &r->uri, &r->args); r->main->blocked--; r->aio = 0; - r->connection->write->handler(r->connection->write); + r->write_event_handler(r); + + ngx_http_run_posted_requests(c); } @@ -300,14 +309,33 @@ ngx_http_copy_thread_handler(ngx_thread_ static void ngx_http_copy_thread_event_handler(ngx_event_t *ev) { + ngx_connection_t *c; ngx_http_request_t *r; r = ev->data; + c = r->connection; + + ngx_http_set_log_request(c->log, r); + + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0, + "http thread: \"%V?%V\"", &r->uri, &r->args); r->main->blocked--; r->aio = 0; - r->connection->write->handler(r->connection->write); + if (r->done) { + /* + * trigger connection event handler if the subrequest was + * already finalized; this can happen if the handler is used + * for sendfile() in threads + */ + + c->write->handler(c->write); + + } else { + r->write_event_handler(r); + ngx_http_run_posted_requests(c); + } } #endif From vbart at nginx.com Tue Mar 28 17:25:42 2017 From: vbart at nginx.com (Valentin V. Bartenev) Date: Tue, 28 Mar 2017 20:25:42 +0300 Subject: [PATCH] HTTP/2: emit PROTOCOL_ERROR on invalid WINDOW_UPDATE increments In-Reply-To: References: <1636129.P8FdQ216sc@vbart-workstation> Message-ID: <1526119.187uTgWq9T@vbart-workstation> On Tuesday 28 March 2017 03:52:07 Piotr Sikora via nginx-devel wrote: > # HG changeset patch > # User Piotr Sikora > # Date 1490516706 25200 > # Sun Mar 26 01:25:06 2017 -0700 > # Node ID ccb36c87291e38d1a63224d143cbeaa4ee4a4287 > # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 > HTTP/2: emit PROTOCOL_ERROR on invalid WINDOW_UPDATE increments. > > Signed-off-by: Piotr Sikora > [..] Here's my version of the patch. It's made similar to ngx_http_v2_state_priority(). # HG changeset patch # User Valentin Bartenev # Date 1490721720 -10800 # Tue Mar 28 20:22:00 2017 +0300 # Node ID 3e798c552767068056c0251d7b6bd9ffd2587fc0 # Parent ce37362a7a70c0acd14ba01c8c2223b366b62233 HTTP/2: rejecting zero WINDOW_UPDATE with PROTOCOL_ERROR. It's required by RFC 7540. While there is no real harm from such frames, that should help to detect broken clients. Prodded by Piotr Sikora. diff -r ce37362a7a70 -r 3e798c552767 src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c Tue Mar 28 18:15:42 2017 +0300 +++ b/src/http/v2/ngx_http_v2.c Tue Mar 28 20:22:00 2017 +0300 @@ -2161,6 +2161,40 @@ ngx_http_v2_state_window_update(ngx_http "http2 WINDOW_UPDATE frame sid:%ui window:%uz", h2c->state.sid, window); + if (window == 0) { + ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, + "client sent WINDOW_UPDATE frame " + "with incorrect window increment 0"); + + if (h2c->state.sid == 0) { + return ngx_http_v2_connection_error(h2c, + NGX_HTTP_V2_PROTOCOL_ERROR); + } + + node = ngx_http_v2_get_node_by_id(h2c, h2c->state.sid, 0); + + if (node && node->stream) { + if (ngx_http_v2_terminate_stream(h2c, node->stream, + NGX_HTTP_V2_PROTOCOL_ERROR) + == NGX_ERROR) + { + return ngx_http_v2_connection_error(h2c, + NGX_HTTP_V2_INTERNAL_ERROR); + } + + } else { + if (ngx_http_v2_send_rst_stream(h2c, h2c->state.sid, + NGX_HTTP_V2_PROTOCOL_ERROR) + == NGX_ERROR) + { + return ngx_http_v2_connection_error(h2c, + NGX_HTTP_V2_INTERNAL_ERROR); + } + } + + return ngx_http_v2_state_complete(h2c, pos, end); + } + if (h2c->state.sid) { node = ngx_http_v2_get_node_by_id(h2c, h2c->state.sid, 0); From vbart at nginx.com Tue Mar 28 17:35:40 2017 From: vbart at nginx.com (Valentin V. Bartenev) Date: Tue, 28 Mar 2017 20:35:40 +0300 Subject: [PATCH] HTTP/2: add logging of RST_STREAM frames with NO_ERROR code In-Reply-To: <31dfcde3ea2ccf1a2dbd.1490517680@piotrsikora.sfo.corp.google.com> References: <31dfcde3ea2ccf1a2dbd.1490517680@piotrsikora.sfo.corp.google.com> Message-ID: <41412380.BdpqZYBBnz@vbart-workstation> On Sunday 26 March 2017 01:41:20 Piotr Sikora via nginx-devel wrote: > # HG changeset patch > # User Piotr Sikora > # Date 1490516710 25200 > # Sun Mar 26 01:25:10 2017 -0700 > # Node ID 31dfcde3ea2ccf1a2dbd2601ebe8f4306887fc0f > # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 > HTTP/2: add logging of RST_STREAM frames with NO_ERROR code. > > Signed-off-by: Piotr Sikora > > diff -r 22be63bf21ed -r 31dfcde3ea2c src/http/v2/ngx_http_v2.c > --- a/src/http/v2/ngx_http_v2.c > +++ b/src/http/v2/ngx_http_v2.c > @@ -1916,6 +1916,11 @@ ngx_http_v2_state_rst_stream(ngx_http_v2 > > switch (status) { > > + case NGX_HTTP_V2_NO_ERROR: > + ngx_log_error(NGX_LOG_INFO, fc->log, 0, > + "client closed stream %ui", h2c->state.sid); > + break; > + > case NGX_HTTP_V2_CANCEL: > ngx_log_error(NGX_LOG_INFO, fc->log, 0, > "client canceled stream %ui", h2c->state.sid); Currently such frames are logged with message: "client terminated stream %ui with status 0" Could you explain why NO_ERROR needs special handling here? I haven't found in RFC mentions about cases in which clients can send RST_STREAM with NO_ERROR. wbr, Valentin V. Bartenev From vbart at nginx.com Tue Mar 28 18:10:51 2017 From: vbart at nginx.com (Valentin V. Bartenev) Date: Tue, 28 Mar 2017 21:10:51 +0300 Subject: [PATCH] HTTP/2: reject HTTP/2 requests without ":scheme" pseudo-header In-Reply-To: References: <6bb029b1df11662ba11e.1490517677@piotrsikora.sfo.corp.google.com> <10427531.mBiuJ3uUGf@vbart-workstation> Message-ID: <10964631.oCTdTOokgi@vbart-workstation> On Tuesday 28 March 2017 05:40:44 Piotr Sikora via nginx-devel wrote: > Hey Valentin, > > > This part of patch can be added to the style one: > > > > "HTTP/2: style and typos." > > Assuming that this patch gets dropped or even if it gets committed? > IMHO it's not a good idea to combine style fixes with behavior changes. Behavior changing commits are occasionally reverted. > > Is there any practical reason to force this restriction? > > None, other than following RFC and providing early detection of broken clients. > > Also, it looks that you have a test for it marked as TODO: > http://hg.nginx.org/nginx-tests/annotate/a6abbfed42c0/h2_headers.t#l972 > That's why it's still TODO (in other words intentionally skipped). We discussed it with QA and decided to be more tolerant here. wbr, Valentin V. Bartenev From vbart at nginx.com Tue Mar 28 19:56:30 2017 From: vbart at nginx.com (Valentin V. Bartenev) Date: Tue, 28 Mar 2017 22:56:30 +0300 Subject: [PATCH] HTTP/2: add fast-path for HTTP/2 requests without request body In-Reply-To: References: Message-ID: <1959760.0ShWjv0uEp@vbart-workstation> On Sunday 26 March 2017 01:41:23 Piotr Sikora via nginx-devel wrote: > # HG changeset patch > # User Piotr Sikora > # Date 1490516712 25200 > # Sun Mar 26 01:25:12 2017 -0700 > # Node ID f9fd6a8babce9f57f038d304dc1eef82284dde8b > # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 > HTTP/2: add fast-path for HTTP/2 requests without request body. > > Signed-off-by: Piotr Sikora > > diff -r 22be63bf21ed -r f9fd6a8babce src/http/v2/ngx_http_v2.c > --- a/src/http/v2/ngx_http_v2.c > +++ b/src/http/v2/ngx_http_v2.c > @@ -3494,7 +3494,9 @@ ngx_http_v2_read_request_body(ngx_http_r > > stream = r->stream; > > - if (stream->skip_data) { > + if (stream->skip_data > + || (stream->in_closed && stream->preread == NULL)) > + { > r->request_body_no_buffering = 0; > post_handler(r); > return NGX_OK; That doesn't look like a correct patch to me as it changes behavior of ngx_http_read_client_request_body() specifically for HTTP/2 case. Note, that in case of HTTP/1.x it always allocates r->request_body for the main request unless r->discard_body is set. Even if it doesn't break something in nginx at the first glance, there's always a chance that some 3rd-party modules can depend on this. Anyway, this change should be made either for both protocols or for none of them. wbr, Valentin V. Bartenev From vbart at nginx.com Wed Mar 29 12:54:29 2017 From: vbart at nginx.com (Valentin Bartenev) Date: Wed, 29 Mar 2017 12:54:29 +0000 Subject: [nginx] HTTP/2: fix $bytes_sent variable. Message-ID: details: http://hg.nginx.org/nginx/rev/afc60bd9008f branches: changeset: 6952:afc60bd9008f user: Piotr Sikora date: Sun Mar 26 01:25:02 2017 -0700 description: HTTP/2: fix $bytes_sent variable. Previously, its value accounted for payloads of HEADERS, CONTINUATION and DATA frames, as well as frame headers of HEADERS and DATA frames, but it didn't account for frame headers of CONTINUATION frames. Signed-off-by: Piotr Sikora diffstat: src/http/v2/ngx_http_v2_filter_module.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diffs (12 lines): diff -r ce37362a7a70 -r afc60bd9008f src/http/v2/ngx_http_v2_filter_module.c --- a/src/http/v2/ngx_http_v2_filter_module.c Tue Mar 28 18:15:42 2017 +0300 +++ b/src/http/v2/ngx_http_v2_filter_module.c Sun Mar 26 01:25:02 2017 -0700 @@ -769,6 +769,8 @@ ngx_http_v2_create_headers_frame(ngx_htt rest -= frame_size; if (rest) { + frame->length += NGX_HTTP_V2_FRAME_HEADER_SIZE; + type = NGX_HTTP_V2_CONTINUATION_FRAME; flags = NGX_HTTP_V2_NO_FLAG; continue; From vbart at nginx.com Wed Mar 29 12:54:32 2017 From: vbart at nginx.com (Valentin Bartenev) Date: Wed, 29 Mar 2017 12:54:32 +0000 Subject: [nginx] HTTP/2: fix $body_bytes_sent variable. Message-ID: details: http://hg.nginx.org/nginx/rev/663e6a48bfcb branches: changeset: 6953:663e6a48bfcb user: Piotr Sikora date: Sun Mar 26 01:25:03 2017 -0700 description: HTTP/2: fix $body_bytes_sent variable. Previously, its value included payloads and frame headers of HEADERS and CONTINUATION frames. Signed-off-by: Piotr Sikora diffstat: src/http/v2/ngx_http_v2_filter_module.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diffs (13 lines): diff -r afc60bd9008f -r 663e6a48bfcb src/http/v2/ngx_http_v2_filter_module.c --- a/src/http/v2/ngx_http_v2_filter_module.c Sun Mar 26 01:25:02 2017 -0700 +++ b/src/http/v2/ngx_http_v2_filter_module.c Sun Mar 26 01:25:03 2017 -0700 @@ -1211,6 +1211,9 @@ ngx_http_v2_headers_frame_handler(ngx_ht "http2:%ui HEADERS frame %p was sent", stream->node->id, frame); + stream->request->header_size += NGX_HTTP_V2_FRAME_HEADER_SIZE + + frame->length; + ngx_http_v2_handle_frame(stream, frame); ngx_http_v2_handle_stream(h2c, stream); From igor at sysoev.ru Wed Mar 29 12:56:47 2017 From: igor at sysoev.ru (Igor Sysoev) Date: Wed, 29 Mar 2017 12:56:47 +0000 Subject: [njs] Large indexes processing has been fixed in array iterator Message-ID: details: http://hg.nginx.org/njs/rev/8cdbd57379e8 branches: changeset: 322:8cdbd57379e8 user: Igor Sysoev date: Wed Mar 29 15:54:33 2017 +0300 description: Large indexes processing has been fixed in array iterator functions. diffstat: njs/njs_array.c | 26 +++++++++++++------------- njs/njs_array.h | 4 ++++ njs/njs_vm.c | 16 +++++++++++----- njs/test/njs_unit_test.c | 9 +++++++++ 4 files changed, 37 insertions(+), 18 deletions(-) diffs (168 lines): diff -r a095dc0cd361 -r 8cdbd57379e8 njs/njs_array.c --- a/njs/njs_array.c Tue Mar 28 07:50:05 2017 +0300 +++ b/njs/njs_array.c Wed Mar 29 15:54:33 2017 +0300 @@ -75,7 +75,7 @@ typedef struct { njs_value_t retval; njs_function_t *function; - int32_t index; + uint32_t index; uint32_t current; } njs_array_sort_t; @@ -105,7 +105,7 @@ static nxt_noinline uint32_t njs_array_i uint32_t n, uint32_t length); static nxt_noinline njs_ret_t njs_array_iterator_apply(njs_vm_t *vm, njs_array_iter_t *iter, njs_value_t *args, nxt_uint_t nargs); -static uint32_t njs_array_reduce_right_next(njs_array_t *array, int32_t n); +static uint32_t njs_array_reduce_right_next(njs_array_t *array, uint32_t n); static njs_ret_t njs_array_prototype_sort_continuation(njs_vm_t *vm, njs_value_t *args, nxt_uint_t nargs, njs_index_t unused); @@ -1520,7 +1520,7 @@ static njs_ret_t njs_array_prototype_reduce_continuation(njs_vm_t *vm, njs_value_t *args, nxt_uint_t nargs, njs_index_t unused) { - nxt_int_t n; + uint32_t n; njs_array_t *array; njs_value_t arguments[5]; njs_array_iter_t *iter; @@ -1588,7 +1588,7 @@ njs_array_iterator_next(njs_array_t *arr n++; } - return -1; + return NJS_ARRAY_INVALID_INDEX; } @@ -1596,7 +1596,7 @@ static nxt_noinline njs_ret_t njs_array_iterator_apply(njs_vm_t *vm, njs_array_iter_t *iter, njs_value_t *args, nxt_uint_t nargs) { - nxt_int_t n; + uint32_t n; njs_array_t *array; njs_value_t arguments[4]; @@ -1632,7 +1632,7 @@ static njs_ret_t njs_array_prototype_reduce_right(njs_vm_t *vm, njs_value_t *args, nxt_uint_t nargs, njs_index_t unused) { - int32_t n; + uint32_t n; njs_array_t *array; njs_array_iter_t *iter; @@ -1652,7 +1652,7 @@ njs_array_prototype_reduce_right(njs_vm_ } else { n = iter->next_index; - if (n < 0) { + if (n == NJS_ARRAY_INVALID_INDEX) { goto type_error; } @@ -1675,7 +1675,7 @@ static njs_ret_t njs_array_prototype_reduce_right_continuation(njs_vm_t *vm, njs_value_t *args, nxt_uint_t nargs, njs_index_t unused) { - nxt_int_t n; + uint32_t n; njs_array_t *array; njs_value_t arguments[5]; njs_array_iter_t *iter; @@ -1708,11 +1708,11 @@ njs_array_prototype_reduce_right_continu static nxt_noinline uint32_t -njs_array_reduce_right_next(njs_array_t *array, int32_t n) +njs_array_reduce_right_next(njs_array_t *array, uint32_t n) { - n = nxt_min(n, (int32_t) array->length) - 1; - - while (n >= 0) { + n = nxt_min(n, array->length) - 1; + + while (n != NJS_ARRAY_INVALID_INDEX) { if (njs_is_valid(&array->start[n])) { return n; } @@ -1789,7 +1789,7 @@ static njs_ret_t njs_array_prototype_sort_continuation(njs_vm_t *vm, njs_value_t *args, nxt_uint_t nargs, njs_index_t unused) { - nxt_int_t n; + uint32_t n; njs_array_t *array; njs_value_t value, *start, arguments[3]; njs_array_sort_t *sort; diff -r a095dc0cd361 -r 8cdbd57379e8 njs/njs_array.h --- a/njs/njs_array.h Tue Mar 28 07:50:05 2017 +0300 +++ b/njs/njs_array.h Wed Mar 29 15:54:33 2017 +0300 @@ -8,6 +8,10 @@ #define _NJS_ARRAY_H_INCLUDED_ +#define NJS_ARRAY_MAX_LENGTH 0xffffffff +/* The maximum valid array index is the maximum array length minus 1. */ +#define NJS_ARRAY_INVALID_INDEX NJS_ARRAY_MAX_LENGTH + #define NJS_ARRAY_SPARE 8 diff -r a095dc0cd361 -r 8cdbd57379e8 njs/njs_vm.c --- a/njs/njs_vm.c Tue Mar 28 07:50:05 2017 +0300 +++ b/njs/njs_vm.c Wed Mar 29 15:54:33 2017 +0300 @@ -944,9 +944,10 @@ njs_property_query(njs_vm_t *vm, njs_pro njs_value_t *property) { double num; - int32_t index; + uint32_t index; uint32_t (*hash)(const void *, size_t); njs_ret_t ret; + nxt_bool_t valid; njs_extern_t *ext; njs_object_t *obj; njs_function_t *function; @@ -983,10 +984,15 @@ njs_property_query(njs_vm_t *vm, njs_pro return NJS_TRAP_PROPERTY; } - index = (int) num; - - if (nxt_fast_path(index >= 0 && (double) index == num)) { - return njs_array_property_query(vm, pq, object, index); + if (nxt_fast_path(num >= 0)) { + index = (uint32_t) num; + + valid = nxt_expect(1, (index < NJS_ARRAY_MAX_LENGTH + && (double) index == num)); + + if (valid) { + return njs_array_property_query(vm, pq, object, index); + } } } diff -r a095dc0cd361 -r 8cdbd57379e8 njs/test/njs_unit_test.c --- a/njs/test/njs_unit_test.c Tue Mar 28 07:50:05 2017 +0300 +++ b/njs/test/njs_unit_test.c Wed Mar 29 15:54:33 2017 +0300 @@ -2280,6 +2280,15 @@ static njs_unit_test_t njs_test[] = { nxt_string("var a = [ 1, 2, 3 ]; a[0] + a[1] + a[2]"), nxt_string("6") }, + { nxt_string("var a = [ 1, 2, 3 ]; a[-1] = 4; a + a[-1]"), + nxt_string("1,2,34") }, + + { nxt_string("var a = [ 1, 2, 3 ]; a[4294967295] = 4; a + a[4294967295]"), + nxt_string("1,2,34") }, + + { nxt_string("var a = [ 1, 2, 3 ]; a[4294967296] = 4; a + a[4294967296]"), + nxt_string("1,2,34") }, + { nxt_string("var n = 1, a = [ n += 1 ]; a"), nxt_string("2") }, From igor at sysoev.ru Wed Mar 29 12:56:49 2017 From: igor at sysoev.ru (Igor Sysoev) Date: Wed, 29 Mar 2017 12:56:49 +0000 Subject: [njs] A small Array.prototype.sort() optimization. Message-ID: details: http://hg.nginx.org/njs/rev/90743d1bb614 branches: changeset: 323:90743d1bb614 user: Igor Sysoev date: Wed Mar 29 15:54:37 2017 +0300 description: A small Array.prototype.sort() optimization. diffstat: njs/njs_array.c | 34 ++++++++++++++++++---------------- 1 files changed, 18 insertions(+), 16 deletions(-) diffs (52 lines): diff -r 8cdbd57379e8 -r 90743d1bb614 njs/njs_array.c --- a/njs/njs_array.c Wed Mar 29 15:54:33 2017 +0300 +++ b/njs/njs_array.c Wed Mar 29 15:54:37 2017 +0300 @@ -1802,9 +1802,9 @@ njs_array_prototype_sort_continuation(nj if (njs_is_number(&sort->retval)) { /* - * The sort function is impelemented with the insertion sort algorithm. + * The sort function is implemented with the insertion sort algorithm. * Its worst and average computational complexity is O^2. This point - * should be considired as return point from comparison function so + * should be considered as return point from comparison function so * "goto next" moves control to the appropriate step of the algorithm. * The first iteration also goes there because sort->retval is zero. */ @@ -1824,20 +1824,22 @@ njs_array_prototype_sort_continuation(nj do { if (n > 0) { - if (njs_is_valid(&start[n]) && njs_is_valid(&start[n - 1])) { - arguments[0] = njs_value_void; - - /* GC: array elt, array */ - arguments[1] = start[n - 1]; - arguments[2] = start[n]; - - sort->index = n; - - return njs_function_apply(vm, sort->function, arguments, 3, - (njs_index_t) &sort->retval); - } - - if (!njs_is_valid(&start[n - 1]) && njs_is_valid(&start[n])) { + if (njs_is_valid(&start[n])) { + + if (njs_is_valid(&start[n - 1])) { + arguments[0] = njs_value_void; + + /* GC: array elt, array */ + arguments[1] = start[n - 1]; + arguments[2] = start[n]; + + sort->index = n; + + return njs_function_apply(vm, sort->function, + arguments, 3, + (njs_index_t) &sort->retval); + } + /* Move invalid values to the end of array. */ goto swap; } From vbart at nginx.com Wed Mar 29 12:56:59 2017 From: vbart at nginx.com (Valentin Bartenev) Date: Wed, 29 Mar 2017 12:56:59 +0000 Subject: [nginx] HTTP/2: fix flow control with padded DATA frames. Message-ID: details: http://hg.nginx.org/nginx/rev/052305810ca4 branches: changeset: 6954:052305810ca4 user: Piotr Sikora date: Sun Mar 26 01:25:04 2017 -0700 description: HTTP/2: fix flow control with padded DATA frames. Previously, flow control didn't account for padding in DATA frames, which meant that its view of the world could drift from peer's view by up to 256 bytes per received padded DATA frame, which could lead to a deadlock. Signed-off-by: Piotr Sikora diffstat: src/http/v2/ngx_http_v2.c | 24 +++++++++++++----------- 1 files changed, 13 insertions(+), 11 deletions(-) diffs (80 lines): diff -r 663e6a48bfcb -r 052305810ca4 src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c Sun Mar 26 01:25:03 2017 -0700 +++ b/src/http/v2/ngx_http_v2.c Sun Mar 26 01:25:04 2017 -0700 @@ -783,9 +783,12 @@ ngx_http_v2_state_head(ngx_http_v2_conne static u_char * ngx_http_v2_state_data(ngx_http_v2_connection_t *h2c, u_char *pos, u_char *end) { + size_t size; ngx_http_v2_node_t *node; ngx_http_v2_stream_t *stream; + size = h2c->state.length; + if (h2c->state.flags & NGX_HTTP_V2_PADDED_FLAG) { if (h2c->state.length == 0) { @@ -802,33 +805,32 @@ ngx_http_v2_state_data(ngx_http_v2_conne } h2c->state.padding = *pos++; - h2c->state.length--; - - if (h2c->state.padding > h2c->state.length) { + + if (h2c->state.padding >= size) { ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, "client sent padded DATA frame " "with incorrect length: %uz, padding: %uz", - h2c->state.length, h2c->state.padding); + size, h2c->state.padding); return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR); } - h2c->state.length -= h2c->state.padding; + h2c->state.length -= 1 + h2c->state.padding; } ngx_log_debug0(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, "http2 DATA frame"); - if (h2c->state.length > h2c->recv_window) { + if (size > h2c->recv_window) { ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, "client violated connection flow control: " "received DATA frame length %uz, available window %uz", - h2c->state.length, h2c->recv_window); + size, h2c->recv_window); return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_FLOW_CTRL_ERROR); } - h2c->recv_window -= h2c->state.length; + h2c->recv_window -= size; if (h2c->recv_window < NGX_HTTP_V2_MAX_WINDOW / 4) { @@ -854,11 +856,11 @@ ngx_http_v2_state_data(ngx_http_v2_conne stream = node->stream; - if (h2c->state.length > stream->recv_window) { + if (size > stream->recv_window) { ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, "client violated flow control for stream %ui: " "received DATA frame length %uz, available window %uz", - node->id, h2c->state.length, stream->recv_window); + node->id, size, stream->recv_window); if (ngx_http_v2_terminate_stream(h2c, stream, NGX_HTTP_V2_FLOW_CTRL_ERROR) @@ -871,7 +873,7 @@ ngx_http_v2_state_data(ngx_http_v2_conne return ngx_http_v2_state_skip_padded(h2c, pos, end); } - stream->recv_window -= h2c->state.length; + stream->recv_window -= size; if (stream->no_flow_control && stream->recv_window < NGX_HTTP_V2_MAX_WINDOW / 4) From vbart at nginx.com Wed Mar 29 12:57:02 2017 From: vbart at nginx.com (Valentin Bartenev) Date: Wed, 29 Mar 2017 12:57:02 +0000 Subject: [nginx] HTTP/2: emit PROTOCOL_ERROR on padding errors. Message-ID: details: http://hg.nginx.org/nginx/rev/d38161da62cd branches: changeset: 6955:d38161da62cd user: Piotr Sikora date: Sun Mar 26 01:25:05 2017 -0700 description: HTTP/2: emit PROTOCOL_ERROR on padding errors. Signed-off-by: Piotr Sikora diffstat: src/http/v2/ngx_http_v2.c | 6 ++++-- 1 files changed, 4 insertions(+), 2 deletions(-) diffs (23 lines): diff -r 052305810ca4 -r d38161da62cd src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c Sun Mar 26 01:25:04 2017 -0700 +++ b/src/http/v2/ngx_http_v2.c Sun Mar 26 01:25:05 2017 -0700 @@ -812,7 +812,8 @@ ngx_http_v2_state_data(ngx_http_v2_conne "with incorrect length: %uz, padding: %uz", size, h2c->state.padding); - return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR); + return ngx_http_v2_connection_error(h2c, + NGX_HTTP_V2_PROTOCOL_ERROR); } h2c->state.length -= 1 + h2c->state.padding; @@ -1055,7 +1056,8 @@ ngx_http_v2_state_headers(ngx_http_v2_co "with incorrect length: %uz, padding: %uz", h2c->state.length, h2c->state.padding); - return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR); + return ngx_http_v2_connection_error(h2c, + NGX_HTTP_V2_PROTOCOL_ERROR); } h2c->state.length -= h2c->state.padding; From vbart at nginx.com Wed Mar 29 12:58:48 2017 From: vbart at nginx.com (Valentin V. Bartenev) Date: Wed, 29 Mar 2017 15:58:48 +0300 Subject: [PATCH 1 of 2] HTTP/2: fix $bytes_sent variable In-Reply-To: <74ee816e712ee3b73143.1490517669@piotrsikora.sfo.corp.google.com> References: <74ee816e712ee3b73143.1490517669@piotrsikora.sfo.corp.google.com> Message-ID: <1857623.qz4bfP1os8@vbart-workstation> On Sunday 26 March 2017 01:41:09 Piotr Sikora via nginx-devel wrote: > # HG changeset patch > # User Piotr Sikora > # Date 1490516702 25200 > # Sun Mar 26 01:25:02 2017 -0700 > # Node ID 74ee816e712ee3b731437947470383555653338d > # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 > HTTP/2: fix $bytes_sent variable. > > Previously, its value accounted for payloads of HEADERS, CONTINUATION > and DATA frames, as well as frame headers of HEADERS and DATA frames, > but it didn't account for frame headers of CONTINUATION frames. > > Signed-off-by: Piotr Sikora > > diff -r 22be63bf21ed -r 74ee816e712e src/http/v2/ngx_http_v2_filter_module.c > --- a/src/http/v2/ngx_http_v2_filter_module.c > +++ b/src/http/v2/ngx_http_v2_filter_module.c > @@ -769,6 +769,8 @@ ngx_http_v2_create_headers_frame(ngx_htt > rest -= frame_size; > > if (rest) { > + frame->length += NGX_HTTP_V2_FRAME_HEADER_SIZE; > + > type = NGX_HTTP_V2_CONTINUATION_FRAME; > flags = NGX_HTTP_V2_NO_FLAG; > continue; Committed. Thanks. http://hg.nginx.org/nginx/rev/afc60bd9008f wbr, Valentin V. Bartenev From vbart at nginx.com Wed Mar 29 12:59:34 2017 From: vbart at nginx.com (Valentin V. Bartenev) Date: Wed, 29 Mar 2017 15:59:34 +0300 Subject: [PATCH 2 of 2] HTTP/2: fix $body_bytes_sent variable In-Reply-To: References: <74ee816e712ee3b73143.1490517669@piotrsikora.sfo.corp.google.com> Message-ID: <1888097.esZg4PvlDX@vbart-workstation> On Sunday 26 March 2017 01:41:10 Piotr Sikora via nginx-devel wrote: > # HG changeset patch > # User Piotr Sikora > # Date 1490516703 25200 > # Sun Mar 26 01:25:03 2017 -0700 > # Node ID dd6c656ed7a327641b2ddfc34768f9551e44bb0f > # Parent 74ee816e712ee3b731437947470383555653338d > HTTP/2: fix $body_bytes_sent variable. > > Previously, its value included payloads and frame headers of HEADERS > and CONTINUATION frames. > > Signed-off-by: Piotr Sikora > > diff -r 74ee816e712e -r dd6c656ed7a3 src/http/v2/ngx_http_v2_filter_module.c > --- a/src/http/v2/ngx_http_v2_filter_module.c > +++ b/src/http/v2/ngx_http_v2_filter_module.c > @@ -1211,6 +1211,9 @@ ngx_http_v2_headers_frame_handler(ngx_ht > "http2:%ui HEADERS frame %p was sent", > stream->node->id, frame); > > + stream->request->header_size += NGX_HTTP_V2_FRAME_HEADER_SIZE > + + frame->length; > + > ngx_http_v2_handle_frame(stream, frame); > > ngx_http_v2_handle_stream(h2c, stream); Committed. Thanks. http://hg.nginx.org/nginx/rev/663e6a48bfcb wbr, Valentin V. Bartenev From vbart at nginx.com Wed Mar 29 16:15:50 2017 From: vbart at nginx.com (Valentin V. Bartenev) Date: Wed, 29 Mar 2017 19:15:50 +0300 Subject: [PATCH] HTTP/2: emit PROTOCOL_ERROR on padding errors In-Reply-To: <8d3fb456411018e28634.1490517673@piotrsikora.sfo.corp.google.com> References: <8d3fb456411018e28634.1490517673@piotrsikora.sfo.corp.google.com> Message-ID: <1830369.ehbvuRbhEq@vbart-workstation> On Sunday 26 March 2017 01:41:13 Piotr Sikora via nginx-devel wrote: > # HG changeset patch > # User Piotr Sikora > # Date 1490516705 25200 > # Sun Mar 26 01:25:05 2017 -0700 > # Node ID 8d3fb456411018e286345ba92a855ca42ca8af2f > # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 > HTTP/2: emit PROTOCOL_ERROR on padding errors. > > Signed-off-by: Piotr Sikora > > diff -r 22be63bf21ed -r 8d3fb4564110 src/http/v2/ngx_http_v2.c > --- a/src/http/v2/ngx_http_v2.c > +++ b/src/http/v2/ngx_http_v2.c > @@ -810,7 +810,8 @@ ngx_http_v2_state_data(ngx_http_v2_conne > "with incorrect length: %uz, padding: %uz", > h2c->state.length, h2c->state.padding); > > - return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR); > + return ngx_http_v2_connection_error(h2c, > + NGX_HTTP_V2_PROTOCOL_ERROR); > } > > h2c->state.length -= h2c->state.padding; > @@ -1053,7 +1054,8 @@ ngx_http_v2_state_headers(ngx_http_v2_co > "with incorrect length: %uz, padding: %uz", > h2c->state.length, h2c->state.padding); > > - return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR); > + return ngx_http_v2_connection_error(h2c, > + NGX_HTTP_V2_PROTOCOL_ERROR); > } > > h2c->state.length -= h2c->state.padding; Committed. Thanks. http://hg.nginx.org/nginx/rev/d38161da62cd wbr, Valentin V. Bartenev From vbart at nginx.com Wed Mar 29 16:16:46 2017 From: vbart at nginx.com (Valentin V. Bartenev) Date: Wed, 29 Mar 2017 19:16:46 +0300 Subject: [PATCH] HTTP/2: fix flow control with padded DATA frames In-Reply-To: <899a53d2789b8c6bafdd.1490517671@piotrsikora.sfo.corp.google.com> References: <899a53d2789b8c6bafdd.1490517671@piotrsikora.sfo.corp.google.com> Message-ID: <4781622.fjsPkMMIB0@vbart-workstation> On Sunday 26 March 2017 01:41:11 Piotr Sikora via nginx-devel wrote: > # HG changeset patch > # User Piotr Sikora > # Date 1490516704 25200 > # Sun Mar 26 01:25:04 2017 -0700 > # Node ID 899a53d2789b8c6bafdd5e40d78b4e92dd32dd10 > # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 > HTTP/2: fix flow control with padded DATA frames. > > Previously, flow control didn't account for padding in DATA frames, > which meant that its view of the world could drift from peer's view > by up to 256 bytes per received padded DATA frame, which could lead > to a deadlock. > > Signed-off-by: Piotr Sikora > [..] Committed. Thanks. http://hg.nginx.org/nginx/rev/052305810ca4 wbr, Valentin V. Bartenev From vbart at nginx.com Wed Mar 29 17:24:27 2017 From: vbart at nginx.com (Valentin Bartenev) Date: Wed, 29 Mar 2017 17:24:27 +0000 Subject: [nginx] HTTP/2: fixed stream finalization. Message-ID: details: http://hg.nginx.org/nginx/rev/9b5f31fdb850 branches: changeset: 6956:9b5f31fdb850 user: Valentin Bartenev date: Wed Mar 29 20:16:23 2017 +0300 description: HTTP/2: fixed stream finalization. In order to finalize stream the error flag is set on fake connection and either "write" or "read" event handler is called. The read events of fake connections are always ready, but it's not the case with the write events. When the ready flag isn't set, the error flag can be not checked in some cases and as a result stream isn't finalized. Now the ready flag is explicilty set on write events for proper finalization in all cases. diffstat: src/http/v2/ngx_http_v2.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diffs (14 lines): diff -r d38161da62cd -r 9b5f31fdb850 src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c Sun Mar 26 01:25:05 2017 -0700 +++ b/src/http/v2/ngx_http_v2.c Wed Mar 29 20:16:23 2017 +0300 @@ -4266,7 +4266,10 @@ ngx_http_v2_finalize_connection(ngx_http if (stream->queued) { stream->queued = 0; + ev = fc->write; + ev->active = 0; + ev->ready = 1; } else { ev = fc->read; From vbart at nginx.com Wed Mar 29 17:24:30 2017 From: vbart at nginx.com (Valentin Bartenev) Date: Wed, 29 Mar 2017 17:24:30 +0000 Subject: [nginx] HTTP/2: fixed connection finalization. Message-ID: details: http://hg.nginx.org/nginx/rev/83bae3d354ab branches: changeset: 6957:83bae3d354ab user: Valentin Bartenev date: Wed Mar 29 20:21:01 2017 +0300 description: HTTP/2: fixed connection finalization. All streams in connection must be finalized before the connection itself can be finalized and all related memory is freed. That's not always possible on the current event loop iteration. Thus when the last stream is finalized, it sets the special read event handler ngx_http_v2_handle_connection_handler() and posts the event. Previously, this handler didn't check the connection state and could call the regular event handler on a connection that was already in finalization stage. In the worst case that could lead to a segmentation fault, since some data structures aren't supposed to be used during connection finalization. Particularly, the waiting queue can contain already freed streams, so the WINDOW_UPDATE frame received by that moment could trigger accessing to these freed streams. Now, the connection error flag is explicitly checked in ngx_http_v2_handle_connection_handler(). diffstat: src/http/v2/ngx_http_v2.c | 11 ++++++++--- 1 files changed, 8 insertions(+), 3 deletions(-) diffs (28 lines): diff -r 9b5f31fdb850 -r 83bae3d354ab src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c Wed Mar 29 20:16:23 2017 +0300 +++ b/src/http/v2/ngx_http_v2.c Wed Mar 29 20:21:01 2017 +0300 @@ -4134,6 +4134,14 @@ ngx_http_v2_handle_connection_handler(ng ngx_log_debug0(NGX_LOG_DEBUG_HTTP, rev->log, 0, "http2 handle connection handler"); + c = rev->data; + h2c = c->data; + + if (c->error) { + ngx_http_v2_finalize_connection(h2c, 0); + return; + } + rev->handler = ngx_http_v2_read_handler; if (rev->ready) { @@ -4141,9 +4149,6 @@ ngx_http_v2_handle_connection_handler(ng return; } - c = rev->data; - h2c = c->data; - if (h2c->last_out && ngx_http_v2_send_output_queue(h2c) == NGX_ERROR) { ngx_http_v2_finalize_connection(h2c, 0); return; From piotrsikora at google.com Thu Mar 30 00:47:42 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Wed, 29 Mar 2017 19:47:42 -0500 Subject: [PATCH] HTTP/2: emit PROTOCOL_ERROR on invalid WINDOW_UPDATE increments In-Reply-To: <1526119.187uTgWq9T@vbart-workstation> References: <1636129.P8FdQ216sc@vbart-workstation> <1526119.187uTgWq9T@vbart-workstation> Message-ID: Hey Valentin, > Here's my version of the patch. > It's made similar to ngx_http_v2_state_priority(). > > # HG changeset patch > # User Valentin Bartenev > # Date 1490721720 -10800 > # Tue Mar 28 20:22:00 2017 +0300 > # Node ID 3e798c552767068056c0251d7b6bd9ffd2587fc0 > # Parent ce37362a7a70c0acd14ba01c8c2223b366b62233 > HTTP/2: rejecting zero WINDOW_UPDATE with PROTOCOL_ERROR. > > It's required by RFC 7540. While there is no real harm from such frames, > that should help to detect broken clients. > > Prodded by Piotr Sikora. s/Prodded/Based on a patch/. > diff -r ce37362a7a70 -r 3e798c552767 src/http/v2/ngx_http_v2.c > --- a/src/http/v2/ngx_http_v2.c Tue Mar 28 18:15:42 2017 +0300 > +++ b/src/http/v2/ngx_http_v2.c Tue Mar 28 20:22:00 2017 +0300 > @@ -2161,6 +2161,40 @@ ngx_http_v2_state_window_update(ngx_http > "http2 WINDOW_UPDATE frame sid:%ui window:%uz", > h2c->state.sid, window); > > + if (window == 0) { > + ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, > + "client sent WINDOW_UPDATE frame " > + "with incorrect window increment 0"); I don't think that omitting Stream ID is a good idea. Looks good, otherwise. Best regards, Piotr Sikora From piotrsikora at google.com Thu Mar 30 00:58:54 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Wed, 29 Mar 2017 19:58:54 -0500 Subject: [PATCH] HTTP/2: add logging of RST_STREAM frames with NO_ERROR code In-Reply-To: <41412380.BdpqZYBBnz@vbart-workstation> References: <31dfcde3ea2ccf1a2dbd.1490517680@piotrsikora.sfo.corp.google.com> <41412380.BdpqZYBBnz@vbart-workstation> Message-ID: Hey Valentin, > Currently such frames are logged with message: > > "client terminated stream %ui with status 0" > > Could you explain why NO_ERROR needs special handling here? The same reason that "client canceled stream %ui" does, it's more appropriate error message. > I haven't found in RFC mentions about cases in which clients can > send RST_STREAM with NO_ERROR. I believe that clients can send RST_STREAM with NO_ERROR when they are satisfied with the response they received, but didn't receive END_STREAM flag yet. One example of such behavior might be a client that received all DATA frames (as indicated by Content-Length or other application-level mechanism) but is still waiting on HEADERS frame (with trailers), that it doesn't care about. Note that this is more theoretical scenario and I'm not aware of any popular clients doing this right now. Best regards, Piotr Sikora From piotrsikora at google.com Thu Mar 30 01:01:55 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Wed, 29 Mar 2017 20:01:55 -0500 Subject: [PATCH] HTTP/2: reject HTTP/2 requests without ":scheme" pseudo-header In-Reply-To: <10964631.oCTdTOokgi@vbart-workstation> References: <6bb029b1df11662ba11e.1490517677@piotrsikora.sfo.corp.google.com> <10427531.mBiuJ3uUGf@vbart-workstation> <10964631.oCTdTOokgi@vbart-workstation> Message-ID: Hey Valentin, > IMHO it's not a good idea to combine style fixes with behavior changes. > Behavior changing commits are occasionally reverted. Fair enough, I'll update both patches shortly. > That's why it's still TODO (in other words intentionally skipped). > We discussed it with QA and decided to be more tolerant here. I disagree. Forgiving implementations that allow broken clients to seemingly "work", even when said clients are not obeying the specification, are the reason why we have broken clients in the first place. Best regards, Piotr Sikora From piotrsikora at google.com Thu Mar 30 01:02:48 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Wed, 29 Mar 2017 18:02:48 -0700 Subject: [PATCH] HTTP/2: style and typos In-Reply-To: References: Message-ID: # HG changeset patch # User Piotr Sikora # Date 1490516701 25200 # Sun Mar 26 01:25:01 2017 -0700 # Node ID c76c2cedb2b2a1af16d77448e81801954713961f # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 HTTP/2: style and typos. Signed-off-by: Piotr Sikora diff -r 22be63bf21ed -r c76c2cedb2b2 src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c +++ b/src/http/v2/ngx_http_v2.c @@ -938,7 +938,7 @@ ngx_http_v2_state_read_data(ngx_http_v2_ if (size >= h2c->state.length) { size = h2c->state.length; - stream->in_closed = h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG; + stream->in_closed = h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG; } r = stream->request; @@ -1901,7 +1901,7 @@ ngx_http_v2_state_rst_stream(ngx_http_v2 if (node == NULL || node->stream == NULL) { ngx_log_debug0(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, - "unknown http2 stream"); + "unknown http2 stream"); return ngx_http_v2_state_complete(h2c, pos, end); } @@ -2015,6 +2015,7 @@ ngx_http_v2_state_settings_params(ngx_ht break; case NGX_HTTP_V2_MAX_FRAME_SIZE_SETTING: + if (value > NGX_HTTP_V2_MAX_FRAME_SIZE || value < NGX_HTTP_V2_DEFAULT_FRAME_SIZE) { @@ -3072,7 +3073,7 @@ ngx_http_v2_pseudo_header(ngx_http_reque } ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, - "client sent unknown pseudo header \"%V\"", + "client sent unknown pseudo-header \":%V\"", &header->name); return NGX_DECLINED; @@ -3219,14 +3220,14 @@ ngx_http_v2_parse_scheme(ngx_http_reques { if (r->schema_start) { ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, - "client sent duplicate :schema header"); + "client sent duplicate :scheme header"); return NGX_DECLINED; } if (header->value.len == 0) { ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, - "client sent empty :schema header"); + "client sent empty :scheme header"); return NGX_DECLINED; } diff -r 22be63bf21ed -r c76c2cedb2b2 src/http/v2/ngx_http_v2.h --- a/src/http/v2/ngx_http_v2.h +++ b/src/http/v2/ngx_http_v2.h @@ -249,8 +249,8 @@ ngx_http_v2_queue_blocked_frame(ngx_http { ngx_http_v2_out_frame_t **out; - for (out = &h2c->last_out; *out; out = &(*out)->next) - { + for (out = &h2c->last_out; *out; out = &(*out)->next) { + if ((*out)->blocked || (*out)->stream == NULL) { break; } From piotrsikora at google.com Thu Mar 30 01:02:56 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Wed, 29 Mar 2017 18:02:56 -0700 Subject: [PATCH] HTTP/2: reject HTTP/2 requests without ":scheme" pseudo-header In-Reply-To: <10964631.oCTdTOokgi@vbart-workstation> References: <10964631.oCTdTOokgi@vbart-workstation> Message-ID: <970f063ddc7aa1faa646.1490835776@piotrsikora.sfo.corp.google.com> # HG changeset patch # User Piotr Sikora # Date 1490516708 25200 # Sun Mar 26 01:25:08 2017 -0700 # Node ID 970f063ddc7aa1faa646514418abd6a9b2eff889 # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 HTTP/2: reject HTTP/2 requests without ":scheme" pseudo-header. Signed-off-by: Piotr Sikora diff -r 22be63bf21ed -r 970f063ddc7a src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c +++ b/src/http/v2/ngx_http_v2.c @@ -3291,6 +3291,7 @@ ngx_http_v2_construct_request_line(ngx_h static const u_char ending[] = " HTTP/2.0"; if (r->method_name.len == 0 + || r->schema_start == NULL || r->unparsed_uri.len == 0) { ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); From piotrsikora at google.com Thu Mar 30 01:59:32 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Wed, 29 Mar 2017 20:59:32 -0500 Subject: [PATCH] HTTP/2: add fast-path for HTTP/2 requests without request body In-Reply-To: <1959760.0ShWjv0uEp@vbart-workstation> References: <1959760.0ShWjv0uEp@vbart-workstation> Message-ID: Hey Valentin, > That doesn't look like a correct patch to me as it changes behavior > of ngx_http_read_client_request_body() specifically for HTTP/2 case. Well, the behavior is already different, which is what this patch is trying to mitigate. In case of HTTP/1.x, a single buffer with headers is produced. In case of HTTP/2, two buffers are produced: one with headers and one empty with last_buf = 1. > Note, that in case of HTTP/1.x it always allocates r->request_body > for the main request unless r->discard_body is set. > > Even if it doesn't break something in nginx at the first glance, > there's always a chance that some 3rd-party modules can depend > on this. > > Anyway, this change should be made either for both protocols or > for none of them. Fair enough, I'll update patch to always allocate r->request_body. Best regards, Piotr Sikora From piotrsikora at google.com Thu Mar 30 01:59:37 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Wed, 29 Mar 2017 18:59:37 -0700 Subject: [PATCH] HTTP/2: add fast-path for HTTP/2 requests without request body In-Reply-To: <1959760.0ShWjv0uEp@vbart-workstation> References: <1959760.0ShWjv0uEp@vbart-workstation> Message-ID: <630a8209defe25add709.1490839177@piotrsikora.sfo.corp.google.com> # HG changeset patch # User Piotr Sikora # Date 1490516712 25200 # Sun Mar 26 01:25:12 2017 -0700 # Node ID 630a8209defe25add7094dfc7b9bc9bcabe0933d # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 HTTP/2: add fast-path for HTTP/2 requests without request body. Signed-off-by: Piotr Sikora diff -r 22be63bf21ed -r 630a8209defe src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c +++ b/src/http/v2/ngx_http_v2.c @@ -3520,6 +3520,12 @@ ngx_http_v2_read_request_body(ngx_http_r r->request_body = rb; + if (stream->in_closed && stream->preread == NULL) { + r->request_body_no_buffering = 0; + post_handler(r); + return NGX_OK; + } + h2scf = ngx_http_get_module_srv_conf(r, ngx_http_v2_module); clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); From maxim at nginx.com Thu Mar 30 08:14:33 2017 From: maxim at nginx.com (Maxim Konovalov) Date: Thu, 30 Mar 2017 11:14:33 +0300 Subject: [PATCH] HTTP/2: reject HTTP/2 requests without ":scheme" pseudo-header In-Reply-To: References: <6bb029b1df11662ba11e.1490517677@piotrsikora.sfo.corp.google.com> <10427531.mBiuJ3uUGf@vbart-workstation> <10964631.oCTdTOokgi@vbart-workstation> Message-ID: Hi Piotr, On 30/03/2017 04:01, Piotr Sikora via nginx-devel wrote: > Hey Valentin, > >> IMHO it's not a good idea to combine style fixes with behavior changes. >> Behavior changing commits are occasionally reverted. > > Fair enough, I'll update both patches shortly. > >> That's why it's still TODO (in other words intentionally skipped). >> We discussed it with QA and decided to be more tolerant here. > > I disagree. Forgiving implementations that allow broken clients to > seemingly "work", even when said clients are not obeying the > specification, are the reason why we have broken clients in the first > place. > How does google.com as a service behave with such clients? -- Maxim Konovalov From piotrsikora at google.com Thu Mar 30 08:34:08 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Thu, 30 Mar 2017 03:34:08 -0500 Subject: [PATCH] HTTP/2: reject HTTP/2 requests without ":scheme" pseudo-header In-Reply-To: References: <6bb029b1df11662ba11e.1490517677@piotrsikora.sfo.corp.google.com> <10427531.mBiuJ3uUGf@vbart-workstation> <10964631.oCTdTOokgi@vbart-workstation> Message-ID: Hey Maxim, > How does google.com as a service behave with such clients? It sends RST_STREAM with PROTOCOL_ERROR. Best regards, Piotr Sikora From vbart at nginx.com Thu Mar 30 13:36:30 2017 From: vbart at nginx.com (Valentin Bartenev) Date: Thu, 30 Mar 2017 13:36:30 +0000 Subject: [nginx] HTTP/2: style and typos. Message-ID: details: http://hg.nginx.org/nginx/rev/28dc369899ea branches: changeset: 6958:28dc369899ea user: Piotr Sikora date: Sun Mar 26 01:25:01 2017 -0700 description: HTTP/2: style and typos. Signed-off-by: Piotr Sikora diffstat: src/http/v2/ngx_http_v2.c | 11 ++++++----- src/http/v2/ngx_http_v2.h | 4 ++-- 2 files changed, 8 insertions(+), 7 deletions(-) diffs (69 lines): diff -r 83bae3d354ab -r 28dc369899ea src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c Wed Mar 29 20:21:01 2017 +0300 +++ b/src/http/v2/ngx_http_v2.c Sun Mar 26 01:25:01 2017 -0700 @@ -941,7 +941,7 @@ ngx_http_v2_state_read_data(ngx_http_v2_ if (size >= h2c->state.length) { size = h2c->state.length; - stream->in_closed = h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG; + stream->in_closed = h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG; } r = stream->request; @@ -1905,7 +1905,7 @@ ngx_http_v2_state_rst_stream(ngx_http_v2 if (node == NULL || node->stream == NULL) { ngx_log_debug0(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, - "unknown http2 stream"); + "unknown http2 stream"); return ngx_http_v2_state_complete(h2c, pos, end); } @@ -2019,6 +2019,7 @@ ngx_http_v2_state_settings_params(ngx_ht break; case NGX_HTTP_V2_MAX_FRAME_SIZE_SETTING: + if (value > NGX_HTTP_V2_MAX_FRAME_SIZE || value < NGX_HTTP_V2_DEFAULT_FRAME_SIZE) { @@ -3076,7 +3077,7 @@ ngx_http_v2_pseudo_header(ngx_http_reque } ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, - "client sent unknown pseudo header \"%V\"", + "client sent unknown pseudo-header \":%V\"", &header->name); return NGX_DECLINED; @@ -3223,14 +3224,14 @@ ngx_http_v2_parse_scheme(ngx_http_reques { if (r->schema_start) { ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, - "client sent duplicate :schema header"); + "client sent duplicate :scheme header"); return NGX_DECLINED; } if (header->value.len == 0) { ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, - "client sent empty :schema header"); + "client sent empty :scheme header"); return NGX_DECLINED; } diff -r 83bae3d354ab -r 28dc369899ea src/http/v2/ngx_http_v2.h --- a/src/http/v2/ngx_http_v2.h Wed Mar 29 20:21:01 2017 +0300 +++ b/src/http/v2/ngx_http_v2.h Sun Mar 26 01:25:01 2017 -0700 @@ -249,8 +249,8 @@ ngx_http_v2_queue_blocked_frame(ngx_http { ngx_http_v2_out_frame_t **out; - for (out = &h2c->last_out; *out; out = &(*out)->next) - { + for (out = &h2c->last_out; *out; out = &(*out)->next) { + if ((*out)->blocked || (*out)->stream == NULL) { break; } From vbart at nginx.com Thu Mar 30 13:38:21 2017 From: vbart at nginx.com (Valentin V. Bartenev) Date: Thu, 30 Mar 2017 16:38:21 +0300 Subject: [PATCH] HTTP/2: style and typos In-Reply-To: References: Message-ID: <4238881.IaN6UeuTyX@vbart-workstation> On Wednesday 29 March 2017 18:02:48 Piotr Sikora via nginx-devel wrote: > # HG changeset patch > # User Piotr Sikora > # Date 1490516701 25200 > # Sun Mar 26 01:25:01 2017 -0700 > # Node ID c76c2cedb2b2a1af16d77448e81801954713961f > # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061 > HTTP/2: style and typos. > > Signed-off-by: Piotr Sikora > [..] Committed. Thanks. http://hg.nginx.org/nginx/rev/28dc369899ea wbr, Valentin V. Bartenev From vbart at nginx.com Thu Mar 30 13:57:22 2017 From: vbart at nginx.com (Valentin V. Bartenev) Date: Thu, 30 Mar 2017 16:57:22 +0300 Subject: [PATCH] HTTP/2: reject HTTP/2 requests without ":scheme" pseudo-header In-Reply-To: References: <6bb029b1df11662ba11e.1490517677@piotrsikora.sfo.corp.google.com> <10964631.oCTdTOokgi@vbart-workstation> Message-ID: <17543215.oua5ZIKEOg@vbart-workstation> On Wednesday 29 March 2017 20:01:55 Piotr Sikora via nginx-devel wrote: > Hey Valentin, > > > IMHO it's not a good idea to combine style fixes with behavior changes. > > Behavior changing commits are occasionally reverted. > > Fair enough, I'll update both patches shortly. > > > That's why it's still TODO (in other words intentionally skipped). > > We discussed it with QA and decided to be more tolerant here. > > I disagree. Forgiving implementations that allow broken clients to > seemingly "work", even when said clients are not obeying the > specification, are the reason why we have broken clients in the first > place. > One of the broken clients (not in this place particularly, but in a few others) is Google Chrome. Sometimes it takes year to convince devs to do something about that, even if the issue is obvious. Here is an example: https://bugs.chromium.org/p/chromium/issues/detail?id=546991 And if something isn't working in browser-webserver combination then this is usually us who will be blamed for. Because people need their services working in the first place. As a result, you can see such commits: http://hg.nginx.org/nginx/rev/8df664ebe037 I agree with your arguments about the positive side in enforcing strict validation. On the other hand, the main goal is to keep our users setups working with any clients. The world isn't perfect and neither us, nor our users can fix it. As the 1.11 branch is going to be stable soon, it's a good idea to postpone any changes that explicitly affect interoperability (at least till 1.13). wbr, Valentin V. Bartenev From zelenkov at nginx.com Thu Mar 30 19:03:57 2017 From: zelenkov at nginx.com (Andrey Zelenkov) Date: Thu, 30 Mar 2017 19:03:57 +0000 Subject: [njs] Array.of() method. Message-ID: details: http://hg.nginx.org/njs/rev/b7d65eb7d6fa branches: changeset: 324:b7d65eb7d6fa user: Andrey Zelenkov date: Thu Mar 30 22:01:17 2017 +0300 description: Array.of() method. diffstat: njs/njs_array.c | 34 ++++++++++++++++++++++++++++++++++ njs/test/njs_unit_test.c | 12 ++++++++++++ 2 files changed, 46 insertions(+), 0 deletions(-) diffs (73 lines): diff -r 90743d1bb614 -r b7d65eb7d6fa njs/njs_array.c --- a/njs/njs_array.c Wed Mar 29 15:54:37 2017 +0300 +++ b/njs/njs_array.c Thu Mar 30 22:01:17 2017 +0300 @@ -291,6 +291,32 @@ njs_array_is_array(njs_vm_t *vm, njs_val } +static njs_ret_t +njs_array_of(njs_vm_t *vm, njs_value_t *args, + nxt_uint_t nargs, njs_index_t unused) +{ + uint32_t length, i; + njs_array_t *array; + + length = nargs > 1 ? nargs - 1 : 0; + + array = njs_array_alloc(vm, length, NJS_ARRAY_SPARE); + if (nxt_slow_path(array == NULL)) { + return NXT_ERROR; + } + + vm->retval.data.u.array = array; + vm->retval.type = NJS_ARRAY; + vm->retval.data.truth = 1; + + for (i = 0; i < length; i++) { + array->start[i] = args[i + 1]; + } + + return NXT_OK; +} + + static const njs_object_prop_t njs_array_constructor_properties[] = { /* Array.name == "Array". */ @@ -320,6 +346,14 @@ static const njs_object_prop_t njs_arra .name = njs_string("isArray"), .value = njs_native_function(njs_array_is_array, 0, 0), }, + + /* ES6. */ + /* Array.of(). */ + { + .type = NJS_METHOD, + .name = njs_string("of"), + .value = njs_native_function(njs_array_of, 0, 0), + }, }; diff -r 90743d1bb614 -r b7d65eb7d6fa njs/test/njs_unit_test.c --- a/njs/test/njs_unit_test.c Wed Mar 29 15:54:37 2017 +0300 +++ b/njs/test/njs_unit_test.c Thu Mar 30 22:01:17 2017 +0300 @@ -2499,6 +2499,18 @@ static njs_unit_test_t njs_test[] = { nxt_string("Array.isArray([])"), nxt_string("true") }, + { nxt_string("Array.of()"), + nxt_string("") }, + + { nxt_string("Array.of(1,2,3)"), + nxt_string("1,2,3") }, + + { nxt_string("Array.of(undefined,1)"), + nxt_string(",1") }, + + { nxt_string("Array.of(NaN,-1,{})"), + nxt_string("NaN,-1,[object Object]") }, + { nxt_string("var a = [1,2,3]; a.concat(4, [5, 6, 7], 8)"), nxt_string("1,2,3,4,5,6,7,8") }, From jeppojeps at gmail.com Thu Mar 30 22:01:52 2017 From: jeppojeps at gmail.com (Antonio Nappa) Date: Fri, 31 Mar 2017 00:01:52 +0200 Subject: Module connecting outside In-Reply-To: <20170321135721.GE13617@mdounin.ru> References: <20170309131602.GM23126@mdounin.ru> <20170321135721.GE13617@mdounin.ru> Message-ID: Hello, I have a module connecting to the outside through SSL with the usage of ngx_event_connect_peer and the SSL primitives of nginx. My next question is, it is better to have a separate peer and its connection for each worker, or share the same connection among all the workers? My idea is to send some information to the outside world and both ways may work, but I want to be sure to make the correct design decision. Thanks a lot, Antonio 2017-03-21 14:57 GMT+01:00 Maxim Dounin : > Hello! > > On Tue, Mar 21, 2017 at 02:42:01PM +0100, Antonio Nappa wrote: > > > By checking the ngx_http_upstream I don't see any kind of handling in > case > > the ngx_ssl_handshake returns NGX_ERROR, I am trying to catch this error > in > > order to handle network outages and subsequent reconnections attempts > from > > my module. Do you think this could be a good way to trigger reconnection > > timer? At the moment I am handling reconnections also in the read and > write > > events when if(wev->timedout || c->error || c->close). > > The ngx_http_upstream_ssl_handshake() function checks if > c->ssl->handshaked is set. If it's not, there was an error or a > timeout. > > -- > Maxim Dounin > http://nginx.org/ > _______________________________________________ > nginx-devel mailing list > nginx-devel at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From igor at sysoev.ru Fri Mar 31 13:07:59 2017 From: igor at sysoev.ru (Igor Sysoev) Date: Fri, 31 Mar 2017 13:07:59 +0000 Subject: [njs] Fixed Number.prototype.toString() method. Message-ID: details: http://hg.nginx.org/njs/rev/8e20f235b71e branches: changeset: 325:8e20f235b71e user: Andrey Zelenkov date: Fri Mar 31 14:02:38 2017 +0300 description: Fixed Number.prototype.toString() method. Found with afl-fuzz. diffstat: njs/njs_number.c | 34 +++++++++++++++++++--------------- njs/test/njs_unit_test.c | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+), 15 deletions(-) diffs (127 lines): diff -r b7d65eb7d6fa -r 8e20f235b71e njs/njs_number.c --- a/njs/njs_number.c Thu Mar 30 22:01:17 2017 +0300 +++ b/njs/njs_number.c Fri Mar 31 14:02:38 2017 +0300 @@ -34,7 +34,7 @@ static njs_ret_t njs_number_to_string_radix(njs_vm_t *vm, njs_value_t *string, - const njs_value_t *number, uint32_t radix); + double number, uint32_t radix); double @@ -483,7 +483,7 @@ static njs_ret_t njs_number_prototype_to_string(njs_vm_t *vm, njs_value_t *args, nxt_uint_t nargs, njs_index_t unused) { - double radix; + double number, radix; njs_value_t *value; value = &args[0]; @@ -499,18 +499,22 @@ njs_number_prototype_to_string(njs_vm_t } } - if (nargs == 1 || args[1].data.u.number == 10) { - return njs_number_to_string(vm, &vm->retval, value); + if (nargs > 1) { + radix = args[1].data.u.number; + + if (radix < 2 || radix > 36 || radix != (int) radix) { + vm->exception = &njs_exception_range_error; + return NXT_ERROR; + } + + number = value->data.u.number; + + if (radix != 10 && !isnan(number) && !isinf(number)) { + return njs_number_to_string_radix(vm, &vm->retval, number, radix); + } } - radix = args[1].data.u.number; - - if (radix < 2 || radix > 36 || radix != (int) radix) { - vm->exception = &njs_exception_range_error; - return NXT_ERROR; - } - - return njs_number_to_string_radix(vm, &vm->retval, value, radix); + return njs_number_to_string(vm, &vm->retval, value); } @@ -527,7 +531,7 @@ njs_number_prototype_to_string(njs_vm_t static njs_ret_t njs_number_to_string_radix(njs_vm_t *vm, njs_value_t *string, - const njs_value_t *number, uint32_t radix) + double number, uint32_t radix) { u_char *p, *f, *end; double n, next; @@ -540,7 +544,7 @@ njs_number_to_string_radix(njs_vm_t *vm, end = buf + NJS_STRING_RADIX_LEN; p = buf + NJS_STRING_RADIX_INTERGRAL_LEN; - n = number->data.u.number; + n = number; if (n < 0) { n = -n; @@ -553,7 +557,7 @@ njs_number_to_string_radix(njs_vm_t *vm, n = next; } while (n != 0); - n = number->data.u.number; + n = number; if (n < 0) { *(--p) = '-'; diff -r b7d65eb7d6fa -r 8e20f235b71e njs/test/njs_unit_test.c --- a/njs/test/njs_unit_test.c Thu Mar 30 22:01:17 2017 +0300 +++ b/njs/test/njs_unit_test.c Fri Mar 31 14:02:38 2017 +0300 @@ -156,6 +156,42 @@ static njs_unit_test_t njs_test[] = { nxt_string("1845449130881..toString(36)"), nxt_string("njscript") }, + { nxt_string("Infinity.toString()"), + nxt_string("Infinity") }, + + { nxt_string("Infinity.toString(2)"), + nxt_string("Infinity") }, + + { nxt_string("Infinity.toString(10)"), + nxt_string("Infinity") }, + + { nxt_string("Infinity.toString(NaN)"), + nxt_string("RangeError") }, + + { nxt_string("Infinity.toString({})"), + nxt_string("RangeError") }, + + { nxt_string("Infinity.toString(Infinity)"), + nxt_string("RangeError") }, + + { nxt_string("NaN.toString()"), + nxt_string("NaN") }, + + { nxt_string("NaN.toString(2)"), + nxt_string("NaN") }, + + { nxt_string("NaN.toString(10)"), + nxt_string("NaN") }, + + { nxt_string("NaN.toString(Infinity)"), + nxt_string("RangeError") }, + + { nxt_string("NaN.toString({})"), + nxt_string("RangeError") }, + + { nxt_string("NaN.toString(NaN)"), + nxt_string("RangeError") }, + /* An object "valueOf/toString" methods. */ { nxt_string("var a = { valueOf: function() { return 1 } }; +a"), From igor at sysoev.ru Fri Mar 31 13:08:01 2017 From: igor at sysoev.ru (Igor Sysoev) Date: Fri, 31 Mar 2017 13:08:01 +0000 Subject: [njs] Style fixes. Message-ID: details: http://hg.nginx.org/njs/rev/dc8af19bf47d branches: changeset: 326:dc8af19bf47d user: Andrey Zelenkov date: Fri Mar 31 14:05:44 2017 +0300 description: Style fixes. diffstat: njs/njs_regexp.c | 2 +- njs/njs_string.c | 2 +- njs/njs_vm.c | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diffs (54 lines): diff -r 8e20f235b71e -r dc8af19bf47d njs/njs_regexp.c --- a/njs/njs_regexp.c Fri Mar 31 14:02:38 2017 +0300 +++ b/njs/njs_regexp.c Fri Mar 31 14:05:44 2017 +0300 @@ -565,7 +565,7 @@ njs_regexp_prototype_to_string(njs_vm_t value = &args[0]; - if (value->type == NJS_REGEXP) { + if (njs_is_regexp(value)) { pattern = value->data.u.regexp->pattern; source = pattern->source; diff -r 8e20f235b71e -r dc8af19bf47d njs/njs_string.c --- a/njs/njs_string.c Fri Mar 31 14:02:38 2017 +0300 +++ b/njs/njs_string.c Fri Mar 31 14:05:44 2017 +0300 @@ -3573,7 +3573,7 @@ njs_values_hash_test(nxt_lvlhsh_query_t return NXT_OK; } - if (value->type == NJS_STRING + if (njs_is_string(value) && value->data.string_size == lhq->key.length && memcmp(value->data.u.string->start, lhq->key.start, lhq->key.length) == 0) diff -r 8e20f235b71e -r dc8af19bf47d njs/njs_vm.c --- a/njs/njs_vm.c Fri Mar 31 14:02:38 2017 +0300 +++ b/njs/njs_vm.c Fri Mar 31 14:05:44 2017 +0300 @@ -292,7 +292,7 @@ njs_value_retain(njs_value_t *value) { njs_string_t *string; - if (value->type == NJS_STRING) { + if (njs_is_string(value)) { if (value->data.external0 != 0xff) { string = value->data.u.string; @@ -313,7 +313,7 @@ njs_value_release(njs_vm_t *vm, njs_valu { njs_string_t *string; - if (value->type == NJS_STRING) { + if (njs_is_string(value)) { if (value->data.external0 != 0xff) { string = value->data.u.string; @@ -2071,7 +2071,7 @@ njs_values_strict_equal(const njs_value_ if (njs_is_numeric(val1)) { - if (val1->type == NJS_VOID) { + if (njs_is_void(val1)) { return 1; }