nginx-devel December 2015

nginx-devel@nginx.org

35 participants
63 discussions

[PATCH] Remove auto/lib/test, unused since nginx-0.1.2

by Piotr Sikora

# HG changeset patch # User Piotr Sikora <piotrsikora(a)google.com> # Date 1445649693 25200 # Fri Oct 23 18:21:33 2015 -0700 # Node ID a8be1943bde3ea151ade97149856684db4066fe3 # Parent ee16fb0db905cfb858a929374cf623cdf1a0f9d3 Remove auto/lib/test, unused since nginx-0.1.2. Signed-off-by: Piotr Sikora <piotrsikora(a)google.com> diff -r ee16fb0db905 -r a8be1943bde3 auto/lib/test --- a/auto/lib/test +++ /dev/null @@ -1,40 +0,0 @@ - -# Copyright (C) Igor Sysoev -# Copyright (C) Nginx, Inc. - - -echo $ngx_n "checking for $ngx_lib ...$ngx_c" - -cat << END >> $NGX_AUTOCONF_ERR - ----------------------------------------- -checking for $ngx_lib - -END - -ngx_found=no - -cat << END > $NGX_AUTOTEST.c - -$ngx_lib_incs - -int main() { - $ngx_lib_test; - return 0; -} - - -eval "$CC $cc_test_flags $ngx_lib_cflags \ - -o $NGX_AUTOTEST $NGX_AUTOTEST.c $ngx_libs \ - >> $NGX_ERR 2>&1" - -if [ -x $NGX_AUTOTEST ]; then - echo " found" - - ngx_found=yes - -else - echo " not found" -fi - -rm -rf $NGX_AUTOTEST*

6 years, 4 months

Multiple certificate support revisited

by Brandon Black

Hi all, The Wikimedia Foundation has been running nginx-1.9.3 patched for multi-certificate support for all production TLS traffic for a few weeks now without incident, for all inbound requests to Wikipedia and other associated projects of the Foundation. We initially used the older March variant of Filipe's patches ( http://mailman.nginx.org/pipermail/nginx-devel/2015-March/006734.html ), and last week we switched to using the April 27 variant ( http://mailman.nginx.org/pipermail/nginx-devel/2015-April/006863.html ), which is the last known public variant I'm aware of. These were in turn based on kyprizel's patch ( http://mailman.nginx.org/pipermail/nginx-devel/2015-March/006668.html ), which was based on Rob's patch from nearly two years ago ( http://mailman.nginx.org/pipermail/nginx-devel/2013-October/004376.html ). It has a long and colorful history at this point :) We've forward-ported Filipe's Apr 27 variant onto Debian's 1.9.3-1 package. Most of the porting was trivial (offsets / whitespace / etc). There were a couple of slightly more substantial issues around the newer OCSP Stapling valid-timestamp checking, and the porting of the general multi-cert work to the newer stream modules. The ported/updated variant of the patches we're running is available here in our repo: https://github.com/wikimedia/operations-software-nginx/blob/wmf-1.9.3-1/deb… Our configuration uses a pair of otherwise-identical RSA and ECDSA keys and an external OCSP ssl_stapling_file (certs are from GlobalSign, chain/OCSP info is identical in the pair). Our typical relevant config fragment in the server section looks like this: ------------ ssl_certificate /etc/ssl/localcerts/ecc-uni.wikimedia.org.chained.crt; ssl_certificate_key /etc/ssl/private/ecc-uni.wikimedia.org.key; ssl_certificate /etc/ssl/localcerts/uni.wikimedia.org.chained.crt; ssl_certificate_key /etc/ssl/private/uni.wikimedia.org.key; ssl_stapling on; ssl_stapling_file /var/cache/ocsp/unified.ocsp; ------------- Obviously, we'd rather get this work (or something similar) upstreamed so that we don't have to maintain local patches for this indefinitely, and so that everyone else can use it easily too. I'm assuming the reason it wasn't merged in the past is there may be other issues blocking the merge that just weren't relevant to our particular configuration, or are just matters of cleanliness or implementation detail. I'd be happy to work with whoever on resolving that and getting this patchset into a merge-able state. Does anyone know what the outstanding issues were/are? Some of the past list traffic on this is a bit fragmented. Thanks, -- Brandon

6 years, 6 months

[PATCH]add proxy_protocol_port variable for rfc6302

by 吉野純平

# HG changeset patch # User Junpei Yoshino <junpei.yoshino(a)gmail.com> # Date 1446723407 -32400 # Thu Nov 05 20:36:47 2015 +0900 # Node ID 59cadccedf402ec325b078cb72a284465639e0fe # Parent 4ccb37b04454dec6afb9476d085c06aea00adaa0 Http: add proxy_protocol_port variable for rfc6302 Logging source port is recommended in rfc6302. use case logging sending information by http request headers diff -r 4ccb37b04454 -r 59cadccedf40 src/core/ngx_connection.h --- a/src/core/ngx_connection.h Fri Oct 30 21:43:30 2015 +0300 +++ b/src/core/ngx_connection.h Thu Nov 05 20:36:47 2015 +0900 @@ -146,6 +146,7 @@ ngx_str_t addr_text; ngx_str_t proxy_protocol_addr; + ngx_str_t proxy_protocol_port; #if (NGX_SSL) ngx_ssl_connection_t *ssl; diff -r 4ccb37b04454 -r 59cadccedf40 src/core/ngx_proxy_protocol.c --- a/src/core/ngx_proxy_protocol.c Fri Oct 30 21:43:30 2015 +0300 +++ b/src/core/ngx_proxy_protocol.c Thu Nov 05 20:36:47 2015 +0900 @@ -13,7 +13,7 @@ ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last) { size_t len; - u_char ch, *p, *addr; + u_char ch, *p, *addr, *port; p = buf; len = last - buf; @@ -71,8 +71,56 @@ ngx_memcpy(c->proxy_protocol_addr.data, addr, len); c->proxy_protocol_addr.len = len; + for ( ;; ) { + if (p == last) { + goto invalid; + } + + ch = *p++; + + if (ch == ' ') { + break; + } + + if (ch != ':' && ch != '.' + && (ch < 'a' || ch > 'f') + && (ch < 'A' || ch > 'F') + && (ch < '0' || ch > '9')) + { + goto invalid; + } + } + port = p; + for ( ;; ) { + if (p == last) { + goto invalid; + } + + ch = *p++; + + if (ch == ' ') { + break; + } + + if (ch < '0' || ch > '9') + { + goto invalid; + } + } + len = p - port - 1; + c->proxy_protocol_port.data = ngx_pnalloc(c->pool, len); + + if (c->proxy_protocol_port.data == NULL) { + return NULL; + } + + ngx_memcpy(c->proxy_protocol_port.data, port, len); + c->proxy_protocol_port.len = len; + ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0, "PROXY protocol address: \"%V\"", &c->proxy_protocol_addr); + ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0, + "PROXY protocol port: \"%V\"", &c->proxy_protocol_port); skip: diff -r 4ccb37b04454 -r 59cadccedf40 src/http/ngx_http_variables.c --- a/src/http/ngx_http_variables.c Fri Oct 30 21:43:30 2015 +0300 +++ b/src/http/ngx_http_variables.c Thu Nov 05 20:36:47 2015 +0900 @@ -58,6 +58,8 @@ ngx_http_variable_value_t *v, uintptr_t data); static ngx_int_t ngx_http_variable_proxy_protocol_addr(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); +static ngx_int_t ngx_http_variable_proxy_protocol_port(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data); static ngx_int_t ngx_http_variable_server_addr(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); static ngx_int_t ngx_http_variable_server_port(ngx_http_request_t *r, @@ -192,6 +194,9 @@ { ngx_string("proxy_protocol_addr"), NULL, ngx_http_variable_proxy_protocol_addr, 0, 0, 0 }, + { ngx_string("proxy_protocol_port"), NULL, + ngx_http_variable_proxy_protocol_port, 0, 0, 0 }, + { ngx_string("server_addr"), NULL, ngx_http_variable_server_addr, 0, 0, 0 }, { ngx_string("server_port"), NULL, ngx_http_variable_server_port, 0, 0, 0 }, @@ -1250,6 +1255,20 @@ static ngx_int_t +ngx_http_variable_proxy_protocol_port(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data) +{ + v->len = r->connection->proxy_protocol_port.len; + v->valid = 1; + v->no_cacheable = 0; + v->not_found = 0; + v->data = r->connection->proxy_protocol_port.data; + + return NGX_OK; +} + + +static ngx_int_t ngx_http_variable_server_addr(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data) {

6 years, 7 months

[PATCH] HTTP/2: HPACK Huffman encoding

by Vlad Krasnov

# HG changeset patch # User Vlad Krasnov <vlad(a)cloudflare.com> # Date 1450274269 28800 # Wed Dec 16 05:57:49 2015 -0800 # Node ID d672e9c2b814710986683e050491536355c90f0d # Parent def9c9c9ae05cfa7467b0ec96e76afa180c23dfb HTTP/2: HPACK Huffman encoding Implement HPACK Huffman encoding for HTTP/2. This reduces the size of headers by over 30% on average. diff -r def9c9c9ae05 -r d672e9c2b814 src/http/v2/ngx_http_v2.h --- a/src/http/v2/ngx_http_v2.h Sat Dec 12 10:32:58 2015 +0300 +++ b/src/http/v2/ngx_http_v2.h Wed Dec 16 05:57:49 2015 -0800 @@ -51,6 +51,9 @@ #define NGX_HTTP_V2_PRIORITY_FLAG 0x20 +#define NGX_HTTP_V2_ENCODE_RAW 0 +#define NGX_HTTP_V2_ENCODE_HUFF 0x80 + typedef struct ngx_http_v2_connection_s ngx_http_v2_connection_t; typedef struct ngx_http_v2_node_s ngx_http_v2_node_t; typedef struct ngx_http_v2_out_frame_s ngx_http_v2_out_frame_t; @@ -255,6 +258,28 @@ } +static ngx_inline u_char * +ngx_http_v2_write_int(u_char *pos, ngx_uint_t prefix, ngx_uint_t value) +{ + if (value < prefix) { + *pos++ |= value; + return pos; + } + + *pos++ |= prefix; + value -= prefix; + + while (value >= 128) { + *pos++ = value % 128 + 128; + value /= 128; + } + + *pos++ = (u_char) value; + + return pos; +} + + void ngx_http_v2_init(ngx_event_t *rev); void ngx_http_v2_request_headers_init(void); @@ -275,7 +300,8 @@ ngx_int_t ngx_http_v2_huff_decode(u_char *state, u_char *src, size_t len, u_char **dst, ngx_uint_t last, ngx_log_t *log); - +u_char *ngx_http_v2_string_encode(u_char *src, size_t len, u_char *dst, + u_char *tmp, ngx_log_t *log, ngx_flag_t lower); #define ngx_http_v2_prefix(bits) ((1 << (bits)) - 1) diff -r def9c9c9ae05 -r d672e9c2b814 src/http/v2/ngx_http_v2_filter_module.c --- a/src/http/v2/ngx_http_v2_filter_module.c Sat Dec 12 10:32:58 2015 +0300 +++ b/src/http/v2/ngx_http_v2_filter_module.c Wed Dec 16 05:57:49 2015 -0800 @@ -25,9 +25,6 @@ #define ngx_http_v2_indexed(i) (128 + (i)) #define ngx_http_v2_inc_indexed(i) (64 + (i)) -#define NGX_HTTP_V2_ENCODE_RAW 0 -#define NGX_HTTP_V2_ENCODE_HUFF 0x80 - #define NGX_HTTP_V2_STATUS_INDEX 8 #define NGX_HTTP_V2_STATUS_200_INDEX 8 #define NGX_HTTP_V2_STATUS_204_INDEX 9 @@ -46,8 +43,9 @@ #define NGX_HTTP_V2_VARY_INDEX 59 -static u_char *ngx_http_v2_write_int(u_char *pos, ngx_uint_t prefix, - ngx_uint_t value); +#define ACCEPT_ENCODING "\x84\x84\x2d\x69\x5b\x05\x44\x3c\x86\xaa\x6f" + + static ngx_http_v2_out_frame_t *ngx_http_v2_create_headers_frame( ngx_http_request_t *r, u_char *pos, u_char *end); @@ -119,8 +117,8 @@ static ngx_int_t ngx_http_v2_header_filter(ngx_http_request_t *r) { - u_char status, *pos, *start, *p; - size_t len; + u_char status, *pos, *start, *p, *huff; + size_t len, hlen, nlen; ngx_str_t host, location; ngx_uint_t i, port; ngx_list_part_t *part; @@ -343,7 +341,7 @@ #if (NGX_HTTP_GZIP) if (r->gzip_vary) { if (clcf->gzip_vary) { - len += 1 + ngx_http_v2_literal_size("Accept-Encoding"); + len += 1 + ngx_http_v2_literal_size(ACCEPT_ENCODING); } else { r->gzip_vary = 0; @@ -354,6 +352,8 @@ part = &r->headers_out.headers.part; header = part->elts; + hlen = len; + for (i = 0; /* void */; i++) { if (i >= part->nelts) { @@ -384,11 +384,14 @@ return NGX_ERROR; } - len += 1 + NGX_HTTP_V2_INT_OCTETS + header[i].key.len + nlen = 1 + NGX_HTTP_V2_INT_OCTETS + header[i].key.len + NGX_HTTP_V2_INT_OCTETS + header[i].value.len; + len += nlen; + hlen = nlen > hlen ? nlen : hlen; } pos = ngx_palloc(r->pool, len); + huff = ngx_palloc(r->pool, hlen); if (pos == NULL) { return NGX_ERROR; } @@ -408,12 +411,15 @@ *pos++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_SERVER_INDEX); if (clcf->server_tokens) { - *pos++ = NGX_HTTP_V2_ENCODE_RAW | (sizeof(NGINX_VER) - 1); - pos = ngx_cpymem(pos, NGINX_VER, sizeof(NGINX_VER) - 1); + pos = ngx_http_v2_string_encode((u_char*)NGINX_VER, + sizeof(NGINX_VER) - 1, pos, huff, + r->connection->log, 0); } else { - *pos++ = NGX_HTTP_V2_ENCODE_RAW | (sizeof("nginx") - 1); - pos = ngx_cpymem(pos, "nginx", sizeof("nginx") - 1); + pos = ngx_http_v2_string_encode((u_char*)"nginx", + sizeof("nginx") - 1, pos, huff, + r->connection->log, 0); + } } @@ -453,11 +459,9 @@ r->headers_out.content_type.data = p; } else { - *pos = NGX_HTTP_V2_ENCODE_RAW; - pos = ngx_http_v2_write_int(pos, ngx_http_v2_prefix(7), - r->headers_out.content_type.len); - pos = ngx_cpymem(pos, r->headers_out.content_type.data, - r->headers_out.content_type.len); + pos = ngx_http_v2_string_encode(r->headers_out.content_type.data, + r->headers_out.content_type.len, + pos, huff, r->connection->log, 0); } } @@ -476,26 +480,27 @@ { *pos++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_LAST_MODIFIED_INDEX); - *pos++ = NGX_HTTP_V2_ENCODE_RAW - | (sizeof("Wed, 31 Dec 1986 18:00:00 GMT") - 1); - pos = ngx_http_time(pos, r->headers_out.last_modified_time); + nlen = sizeof("Wed, 31 Dec 1986 18:00:00 GMT") - 1; + ngx_http_time(pos + 1, r->headers_out.last_modified_time); + + pos = ngx_http_v2_string_encode(pos + 1, nlen, pos, huff, + r->connection->log, 0); } if (r->headers_out.location && r->headers_out.location->value.len) { *pos++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_LOCATION_INDEX); *pos = NGX_HTTP_V2_ENCODE_RAW; - pos = ngx_http_v2_write_int(pos, ngx_http_v2_prefix(7), - r->headers_out.location->value.len); - pos = ngx_cpymem(pos, r->headers_out.location->value.data, - r->headers_out.location->value.len); + pos = ngx_http_v2_string_encode(r->headers_out.location->value.data, + r->headers_out.location->value.len, + pos, huff, r->connection->log, 0); } #if (NGX_HTTP_GZIP) if (r->gzip_vary) { *pos++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_VARY_INDEX); - *pos++ = NGX_HTTP_V2_ENCODE_RAW | (sizeof("Accept-Encoding") - 1); - pos = ngx_cpymem(pos, "Accept-Encoding", sizeof("Accept-Encoding") - 1); + *pos++ = NGX_HTTP_V2_ENCODE_HUFF | (sizeof(ACCEPT_ENCODING) - 1); + pos = ngx_cpymem(pos, ACCEPT_ENCODING, sizeof(ACCEPT_ENCODING) - 1); } #endif @@ -520,16 +525,14 @@ *pos++ = 0; - *pos = NGX_HTTP_V2_ENCODE_RAW; - pos = ngx_http_v2_write_int(pos, ngx_http_v2_prefix(7), - header[i].key.len); - ngx_strlow(pos, header[i].key.data, header[i].key.len); - pos += header[i].key.len; + pos = ngx_http_v2_string_encode(header[i].key.data, + header[i].key.len, + pos, huff, r->connection->log, 1); - *pos = NGX_HTTP_V2_ENCODE_RAW; - pos = ngx_http_v2_write_int(pos, ngx_http_v2_prefix(7), - header[i].value.len); - pos = ngx_cpymem(pos, header[i].value.data, header[i].value.len); + pos = ngx_http_v2_string_encode(header[i].value.data, + header[i].value.len, + pos, huff, r->connection->log, 0); + } frame = ngx_http_v2_create_headers_frame(r, start, pos); @@ -556,28 +559,6 @@ } -static u_char * -ngx_http_v2_write_int(u_char *pos, ngx_uint_t prefix, ngx_uint_t value) -{ - if (value < prefix) { - *pos++ |= value; - return pos; - } - - *pos++ |= prefix; - value -= prefix; - - while (value >= 128) { - *pos++ = value % 128 + 128; - value /= 128; - } - - *pos++ = (u_char) value; - - return pos; -} - - static ngx_http_v2_out_frame_t * ngx_http_v2_create_headers_frame(ngx_http_request_t *r, u_char *pos, u_char *end) diff -r def9c9c9ae05 -r d672e9c2b814 src/http/v2/ngx_http_v2_huff_encode.c --- a/src/http/v2/ngx_http_v2_huff_encode.c Sat Dec 12 10:32:58 2015 +0300 +++ b/src/http/v2/ngx_http_v2_huff_encode.c Wed Dec 16 05:57:49 2015 -0800 @@ -1,10 +1,296 @@ /* * Copyright (C) Nginx, Inc. - * Copyright (C) Valentin V. Bartenev + * Copyright (C) Vlad Krasnov */ #include <ngx_config.h> #include <ngx_core.h> #include <ngx_http.h> +#if (__GNUC__) +#include <byteswap.h> +#endif + + +typedef struct { + ngx_uint_t code; + ngx_uint_t len; +} ngx_http_v2_huff_encode_code_t; + + +static ngx_http_v2_huff_encode_code_t ngx_http_v2_huff_encode_codes[256] = +{ + {0x00001ff8, 13}, {0x007fffd8, 23}, {0x0fffffe2, 28}, {0x0fffffe3, 28}, + {0x0fffffe4, 28}, {0x0fffffe5, 28}, {0x0fffffe6, 28}, {0x0fffffe7, 28}, + {0x0fffffe8, 28}, {0x00ffffea, 24}, {0x3ffffffc, 30}, {0x0fffffe9, 28}, + {0x0fffffea, 28}, {0x3ffffffd, 30}, {0x0fffffeb, 28}, {0x0fffffec, 28}, + {0x0fffffed, 28}, {0x0fffffee, 28}, {0x0fffffef, 28}, {0x0ffffff0, 28}, + {0x0ffffff1, 28}, {0x0ffffff2, 28}, {0x3ffffffe, 30}, {0x0ffffff3, 28}, + {0x0ffffff4, 28}, {0x0ffffff5, 28}, {0x0ffffff6, 28}, {0x0ffffff7, 28}, + {0x0ffffff8, 28}, {0x0ffffff9, 28}, {0x0ffffffa, 28}, {0x0ffffffb, 28}, + {0x00000014, 6}, {0x000003f8, 10}, {0x000003f9, 10}, {0x00000ffa, 12}, + {0x00001ff9, 13}, {0x00000015, 6}, {0x000000f8, 8}, {0x000007fa, 11}, + {0x000003fa, 10}, {0x000003fb, 10}, {0x000000f9, 8}, {0x000007fb, 11}, + {0x000000fa, 8}, {0x00000016, 6}, {0x00000017, 6}, {0x00000018, 6}, + {0x00000000, 5}, {0x00000001, 5}, {0x00000002, 5}, {0x00000019, 6}, + {0x0000001a, 6}, {0x0000001b, 6}, {0x0000001c, 6}, {0x0000001d, 6}, + {0x0000001e, 6}, {0x0000001f, 6}, {0x0000005c, 7}, {0x000000fb, 8}, + {0x00007ffc, 15}, {0x00000020, 6}, {0x00000ffb, 12}, {0x000003fc, 10}, + {0x00001ffa, 13}, {0x00000021, 6}, {0x0000005d, 7}, {0x0000005e, 7}, + {0x0000005f, 7}, {0x00000060, 7}, {0x00000061, 7}, {0x00000062, 7}, + {0x00000063, 7}, {0x00000064, 7}, {0x00000065, 7}, {0x00000066, 7}, + {0x00000067, 7}, {0x00000068, 7}, {0x00000069, 7}, {0x0000006a, 7}, + {0x0000006b, 7}, {0x0000006c, 7}, {0x0000006d, 7}, {0x0000006e, 7}, + {0x0000006f, 7}, {0x00000070, 7}, {0x00000071, 7}, {0x00000072, 7}, + {0x000000fc, 8}, {0x00000073, 7}, {0x000000fd, 8}, {0x00001ffb, 13}, + {0x0007fff0, 19}, {0x00001ffc, 13}, {0x00003ffc, 14}, {0x00000022, 6}, + {0x00007ffd, 15}, {0x00000003, 5}, {0x00000023, 6}, {0x00000004, 5}, + {0x00000024, 6}, {0x00000005, 5}, {0x00000025, 6}, {0x00000026, 6}, + {0x00000027, 6}, {0x00000006, 5}, {0x00000074, 7}, {0x00000075, 7}, + {0x00000028, 6}, {0x00000029, 6}, {0x0000002a, 6}, {0x00000007, 5}, + {0x0000002b, 6}, {0x00000076, 7}, {0x0000002c, 6}, {0x00000008, 5}, + {0x00000009, 5}, {0x0000002d, 6}, {0x00000077, 7}, {0x00000078, 7}, + {0x00000079, 7}, {0x0000007a, 7}, {0x0000007b, 7}, {0x00007ffe, 15}, + {0x000007fc, 11}, {0x00003ffd, 14}, {0x00001ffd, 13}, {0x0ffffffc, 28}, + {0x000fffe6, 20}, {0x003fffd2, 22}, {0x000fffe7, 20}, {0x000fffe8, 20}, + {0x003fffd3, 22}, {0x003fffd4, 22}, {0x003fffd5, 22}, {0x007fffd9, 23}, + {0x003fffd6, 22}, {0x007fffda, 23}, {0x007fffdb, 23}, {0x007fffdc, 23}, + {0x007fffdd, 23}, {0x007fffde, 23}, {0x00ffffeb, 24}, {0x007fffdf, 23}, + {0x00ffffec, 24}, {0x00ffffed, 24}, {0x003fffd7, 22}, {0x007fffe0, 23}, + {0x00ffffee, 24}, {0x007fffe1, 23}, {0x007fffe2, 23}, {0x007fffe3, 23}, + {0x007fffe4, 23}, {0x001fffdc, 21}, {0x003fffd8, 22}, {0x007fffe5, 23}, + {0x003fffd9, 22}, {0x007fffe6, 23}, {0x007fffe7, 23}, {0x00ffffef, 24}, + {0x003fffda, 22}, {0x001fffdd, 21}, {0x000fffe9, 20}, {0x003fffdb, 22}, + {0x003fffdc, 22}, {0x007fffe8, 23}, {0x007fffe9, 23}, {0x001fffde, 21}, + {0x007fffea, 23}, {0x003fffdd, 22}, {0x003fffde, 22}, {0x00fffff0, 24}, + {0x001fffdf, 21}, {0x003fffdf, 22}, {0x007fffeb, 23}, {0x007fffec, 23}, + {0x001fffe0, 21}, {0x001fffe1, 21}, {0x003fffe0, 22}, {0x001fffe2, 21}, + {0x007fffed, 23}, {0x003fffe1, 22}, {0x007fffee, 23}, {0x007fffef, 23}, + {0x000fffea, 20}, {0x003fffe2, 22}, {0x003fffe3, 22}, {0x003fffe4, 22}, + {0x007ffff0, 23}, {0x003fffe5, 22}, {0x003fffe6, 22}, {0x007ffff1, 23}, + {0x03ffffe0, 26}, {0x03ffffe1, 26}, {0x000fffeb, 20}, {0x0007fff1, 19}, + {0x003fffe7, 22}, {0x007ffff2, 23}, {0x003fffe8, 22}, {0x01ffffec, 25}, + {0x03ffffe2, 26}, {0x03ffffe3, 26}, {0x03ffffe4, 26}, {0x07ffffde, 27}, + {0x07ffffdf, 27}, {0x03ffffe5, 26}, {0x00fffff1, 24}, {0x01ffffed, 25}, + {0x0007fff2, 19}, {0x001fffe3, 21}, {0x03ffffe6, 26}, {0x07ffffe0, 27}, + {0x07ffffe1, 27}, {0x03ffffe7, 26}, {0x07ffffe2, 27}, {0x00fffff2, 24}, + {0x001fffe4, 21}, {0x001fffe5, 21}, {0x03ffffe8, 26}, {0x03ffffe9, 26}, + {0x0ffffffd, 28}, {0x07ffffe3, 27}, {0x07ffffe4, 27}, {0x07ffffe5, 27}, + {0x000fffec, 20}, {0x00fffff3, 24}, {0x000fffed, 20}, {0x001fffe6, 21}, + {0x003fffe9, 22}, {0x001fffe7, 21}, {0x001fffe8, 21}, {0x007ffff3, 23}, + {0x003fffea, 22}, {0x003fffeb, 22}, {0x01ffffee, 25}, {0x01ffffef, 25}, + {0x00fffff4, 24}, {0x00fffff5, 24}, {0x03ffffea, 26}, {0x007ffff4, 23}, + {0x03ffffeb, 26}, {0x07ffffe6, 27}, {0x03ffffec, 26}, {0x03ffffed, 26}, + {0x07ffffe7, 27}, {0x07ffffe8, 27}, {0x07ffffe9, 27}, {0x07ffffea, 27}, + {0x07ffffeb, 27}, {0x0ffffffe, 28}, {0x07ffffec, 27}, {0x07ffffed, 27}, + {0x07ffffee, 27}, {0x07ffffef, 27}, {0x07fffff0, 27}, {0x03ffffee, 26} +}; + + +/* Same as above, but embedes to lower case transformations */ +static ngx_http_v2_huff_encode_code_t ngx_http_v2_huff_encode_codes_low[256] = +{ + {0x00001ff8, 13}, {0x007fffd8, 23}, {0x0fffffe2, 28}, {0x0fffffe3, 28}, + {0x0fffffe4, 28}, {0x0fffffe5, 28}, {0x0fffffe6, 28}, {0x0fffffe7, 28}, + {0x0fffffe8, 28}, {0x00ffffea, 24}, {0x3ffffffc, 30}, {0x0fffffe9, 28}, + {0x0fffffea, 28}, {0x3ffffffd, 30}, {0x0fffffeb, 28}, {0x0fffffec, 28}, + {0x0fffffed, 28}, {0x0fffffee, 28}, {0x0fffffef, 28}, {0x0ffffff0, 28}, + {0x0ffffff1, 28}, {0x0ffffff2, 28}, {0x3ffffffe, 30}, {0x0ffffff3, 28}, + {0x0ffffff4, 28}, {0x0ffffff5, 28}, {0x0ffffff6, 28}, {0x0ffffff7, 28}, + {0x0ffffff8, 28}, {0x0ffffff9, 28}, {0x0ffffffa, 28}, {0x0ffffffb, 28}, + {0x00000014, 6}, {0x000003f8, 10}, {0x000003f9, 10}, {0x00000ffa, 12}, + {0x00001ff9, 13}, {0x00000015, 6}, {0x000000f8, 8}, {0x000007fa, 11}, + {0x000003fa, 10}, {0x000003fb, 10}, {0x000000f9, 8}, {0x000007fb, 11}, + {0x000000fa, 8}, {0x00000016, 6}, {0x00000017, 6}, {0x00000018, 6}, + {0x00000000, 5}, {0x00000001, 5}, {0x00000002, 5}, {0x00000019, 6}, + {0x0000001a, 6}, {0x0000001b, 6}, {0x0000001c, 6}, {0x0000001d, 6}, + {0x0000001e, 6}, {0x0000001f, 6}, {0x0000005c, 7}, {0x000000fb, 8}, + {0x00007ffc, 15}, {0x00000020, 6}, {0x00000ffb, 12}, {0x000003fc, 10}, + {0x00001ffa, 13}, {0x00000003, 5}, {0x00000023, 6}, {0x00000004, 5}, + {0x00000024, 6}, {0x00000005, 5}, {0x00000025, 6}, {0x00000026, 6}, + {0x00000027, 6}, {0x00000006, 5}, {0x00000074, 7}, {0x00000075, 7}, + {0x00000028, 6}, {0x00000029, 6}, {0x0000002a, 6}, {0x00000007, 5}, + {0x0000002b, 6}, {0x00000076, 7}, {0x0000002c, 6}, {0x00000008, 5}, + {0x00000009, 5}, {0x0000002d, 6}, {0x00000077, 7}, {0x00000078, 7}, + {0x00000079, 7}, {0x0000007a, 7}, {0x0000007b, 7}, {0x00001ffb, 13}, + {0x0007fff0, 19}, {0x00001ffc, 13}, {0x00003ffc, 14}, {0x00000022, 6}, + {0x00007ffd, 15}, {0x00000003, 5}, {0x00000023, 6}, {0x00000004, 5}, + {0x00000024, 6}, {0x00000005, 5}, {0x00000025, 6}, {0x00000026, 6}, + {0x00000027, 6}, {0x00000006, 5}, {0x00000074, 7}, {0x00000075, 7}, + {0x00000028, 6}, {0x00000029, 6}, {0x0000002a, 6}, {0x00000007, 5}, + {0x0000002b, 6}, {0x00000076, 7}, {0x0000002c, 6}, {0x00000008, 5}, + {0x00000009, 5}, {0x0000002d, 6}, {0x00000077, 7}, {0x00000078, 7}, + {0x00000079, 7}, {0x0000007a, 7}, {0x0000007b, 7}, {0x00007ffe, 15}, + {0x000007fc, 11}, {0x00003ffd, 14}, {0x00001ffd, 13}, {0x0ffffffc, 28}, + {0x000fffe6, 20}, {0x003fffd2, 22}, {0x000fffe7, 20}, {0x000fffe8, 20}, + {0x003fffd3, 22}, {0x003fffd4, 22}, {0x003fffd5, 22}, {0x007fffd9, 23}, + {0x003fffd6, 22}, {0x007fffda, 23}, {0x007fffdb, 23}, {0x007fffdc, 23}, + {0x007fffdd, 23}, {0x007fffde, 23}, {0x00ffffeb, 24}, {0x007fffdf, 23}, + {0x00ffffec, 24}, {0x00ffffed, 24}, {0x003fffd7, 22}, {0x007fffe0, 23}, + {0x00ffffee, 24}, {0x007fffe1, 23}, {0x007fffe2, 23}, {0x007fffe3, 23}, + {0x007fffe4, 23}, {0x001fffdc, 21}, {0x003fffd8, 22}, {0x007fffe5, 23}, + {0x003fffd9, 22}, {0x007fffe6, 23}, {0x007fffe7, 23}, {0x00ffffef, 24}, + {0x003fffda, 22}, {0x001fffdd, 21}, {0x000fffe9, 20}, {0x003fffdb, 22}, + {0x003fffdc, 22}, {0x007fffe8, 23}, {0x007fffe9, 23}, {0x001fffde, 21}, + {0x007fffea, 23}, {0x003fffdd, 22}, {0x003fffde, 22}, {0x00fffff0, 24}, + {0x001fffdf, 21}, {0x003fffdf, 22}, {0x007fffeb, 23}, {0x007fffec, 23}, + {0x001fffe0, 21}, {0x001fffe1, 21}, {0x003fffe0, 22}, {0x001fffe2, 21}, + {0x007fffed, 23}, {0x003fffe1, 22}, {0x007fffee, 23}, {0x007fffef, 23}, + {0x000fffea, 20}, {0x003fffe2, 22}, {0x003fffe3, 22}, {0x003fffe4, 22}, + {0x007ffff0, 23}, {0x003fffe5, 22}, {0x003fffe6, 22}, {0x007ffff1, 23}, + {0x03ffffe0, 26}, {0x03ffffe1, 26}, {0x000fffeb, 20}, {0x0007fff1, 19}, + {0x003fffe7, 22}, {0x007ffff2, 23}, {0x003fffe8, 22}, {0x01ffffec, 25}, + {0x03ffffe2, 26}, {0x03ffffe3, 26}, {0x03ffffe4, 26}, {0x07ffffde, 27}, + {0x07ffffdf, 27}, {0x03ffffe5, 26}, {0x00fffff1, 24}, {0x01ffffed, 25}, + {0x0007fff2, 19}, {0x001fffe3, 21}, {0x03ffffe6, 26}, {0x07ffffe0, 27}, + {0x07ffffe1, 27}, {0x03ffffe7, 26}, {0x07ffffe2, 27}, {0x00fffff2, 24}, + {0x001fffe4, 21}, {0x001fffe5, 21}, {0x03ffffe8, 26}, {0x03ffffe9, 26}, + {0x0ffffffd, 28}, {0x07ffffe3, 27}, {0x07ffffe4, 27}, {0x07ffffe5, 27}, + {0x000fffec, 20}, {0x00fffff3, 24}, {0x000fffed, 20}, {0x001fffe6, 21}, + {0x003fffe9, 22}, {0x001fffe7, 21}, {0x001fffe8, 21}, {0x007ffff3, 23}, + {0x003fffea, 22}, {0x003fffeb, 22}, {0x01ffffee, 25}, {0x01ffffef, 25}, + {0x00fffff4, 24}, {0x00fffff5, 24}, {0x03ffffea, 26}, {0x007ffff4, 23}, + {0x03ffffeb, 26}, {0x07ffffe6, 27}, {0x03ffffec, 26}, {0x03ffffed, 26}, + {0x07ffffe7, 27}, {0x07ffffe8, 27}, {0x07ffffe9, 27}, {0x07ffffea, 27}, + {0x07ffffeb, 27}, {0x0ffffffe, 28}, {0x07ffffec, 27}, {0x07ffffed, 27}, + {0x07ffffee, 27}, {0x07ffffef, 27}, {0x07fffff0, 27}, {0x03ffffee, 26} +}; + + +#if (NGX_HAVE_LITTLE_ENDIAN) +#if (__GNUC__) + +static void +put64(u_char *dst, uint64_t val) +{ + *(uint64_t*)dst = __bswap_64(val); +} + +#else /* !__GNUC__ */ + +static void +put64(u_char *dst, uint64_t val) +{ + dst[0] = val >> 56; + dst[1] = val >> 48; + dst[2] = val >> 40; + dst[3] = val >> 32; + dst[4] = val >> 24; + dst[5] = val >> 16; + dst[6] = val >> 8; + dst[7] = val; +} +#endif /* __GNUC__ */ + +#else /* !NGX_HAVE_LITTLE_ENDIAN */ + +static void +put64(u_char *dst, uint64_t val) +{ + *(uint64_t*)dst = val; +} + +#endif + + +static ngx_int_t +ngx_http_v2_huff_encode(u_char *src, size_t len, u_char *dst, ngx_log_t *log, + ngx_flag_t lower) +{ + ngx_uint_t inp, outp; + ngx_int_t pending; + uint64_t buf; + ngx_http_v2_huff_encode_code_t next; + ngx_http_v2_huff_encode_code_t *table; + + if (!lower) { + table = ngx_http_v2_huff_encode_codes; + + } else { + table = ngx_http_v2_huff_encode_codes_low; + } + + inp = 0; + outp = 0; + pending = 0; + buf = 0; + + while (inp < len) { + next = table[src[inp]]; + /* Accumulate 64 bits */ + if ((next.len + pending) < 64) { + buf ^= (uint64_t)next.code << (64 - pending - next.len); + pending += next.len; + + } else { + /* If compressed result is longer than source, no point in using it */ + if ((outp + 8) >= len) { + return NGX_ERROR; + } + + buf ^= (uint64_t)next.code >> (next.len - (64 - pending)); + put64(&dst[outp], buf); + outp += 8; + pending = (next.len - (64 - pending)); + + if (pending) { + buf = (uint64_t)next.code << (64 - pending); + + } else { + buf = 0; + } + } + + inp++; + } + + buf ^= 0xffffffffffffffffUL >> pending; + + while (pending > 0) { + dst[outp] = buf >> 56; + buf <<= 8; + pending -= 8; + outp++; + + if (outp >= len) { + return NGX_ERROR; + } + } + + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, log, 0, + "http2 huffman encoding successful; " + "input len: %d, output len %d", len, outp); + + return outp; +} + + +u_char * +ngx_http_v2_string_encode(u_char *src, size_t len, u_char *dst, u_char *tmp, + ngx_log_t *log, ngx_flag_t lower) +{ + ngx_int_t hlen; + + hlen = ngx_http_v2_huff_encode(src, len, tmp, log, lower); + + if (hlen != NGX_ERROR) { + *dst = NGX_HTTP_V2_ENCODE_HUFF; + dst = ngx_http_v2_write_int(dst, ngx_http_v2_prefix(7), hlen); + dst = ngx_cpymem(dst, tmp, hlen); + + } else { + *dst = NGX_HTTP_V2_ENCODE_RAW; + dst = ngx_http_v2_write_int(dst, ngx_http_v2_prefix(7), len); + + if (lower) { + ngx_strlow(dst, src, len); + dst += len; + + } else { + dst = ngx_cpymem(dst, src, len); + } + } + + return dst; +}

6 years, 9 months

Workaround of race condition between systemd and nginx.

by Gena Makhomed

# HG changeset patch # User Gena Makhomed <gmm(a)csdoc.com> # Date 1451482795 18000 # Wed Dec 30 08:39:55 2015 -0500 # Node ID a340d271b3ffa51c0396a5afc5270cb02b701204 # Parent 1073d7e4e430ddb53b603d151e1a403d10aa420b Workaround of race condition between systemd and nginx. Just replace network.target with network-online.target in systemd unit files. More details: http://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ diff -r 1073d7e4e430 -r a340d271b3ff rpm/SOURCES/nginx-debug.service --- a/rpm/SOURCES/nginx-debug.service Wed Dec 09 18:31:08 2015 +0300 +++ b/rpm/SOURCES/nginx-debug.service Wed Dec 30 08:39:55 2015 -0500 @@ -1,7 +1,7 @@ [Unit] Description=nginx - high performance web server Documentation=http://nginx.org/en/docs/ -After=network.target remote-fs.target nss-lookup.target +After=network-online.target remote-fs.target nss-lookup.target [Service] Type=forking diff -r 1073d7e4e430 -r a340d271b3ff rpm/SOURCES/nginx.service --- a/rpm/SOURCES/nginx.service Wed Dec 09 18:31:08 2015 +0300 +++ b/rpm/SOURCES/nginx.service Wed Dec 30 08:39:55 2015 -0500 @@ -1,7 +1,7 @@ [Unit] Description=nginx - high performance web server Documentation=http://nginx.org/en/docs/ -After=network.target remote-fs.target nss-lookup.target +After=network-online.target remote-fs.target nss-lookup.target [Service] Type=forking

6 years, 11 months

[PATCH] Fix ptr resolving with cname

by DannyAAM

# HG changeset patch # User DannyAAM <danny(a)saru.moe> # Date 1449696194 -28800 # Thu Dec 10 05:23:14 2015 +0800 # Branch fix-ptr-cname # Node ID 9d8c7332b7300908414e3bec78a90d9d14b30af8 # Parent dfe68c41f34f865bc7b45cbe6b7d0f639de283fc Fix ptr resolving with cname Make ptr process aware of cname & follow it. (This depends on resolver's recursive answer.) diff -r dfe68c41f34f -r 9d8c7332b730 src/core/ngx_resolver.c --- a/src/core/ngx_resolver.c Wed Dec 09 17:47:21 2015 +0300 +++ b/src/core/ngx_resolver.c Thu Dec 10 05:23:14 2015 +0800 @@ -2032,7 +2032,7 @@ int32_t ttl; ngx_int_t octet; ngx_str_t name; - ngx_uint_t i, mask, qident, class; + ngx_uint_t i, mask, qident, type, class; ngx_queue_t *expire_queue; ngx_rbtree_t *tree; ngx_resolver_an_t *an; @@ -2196,9 +2196,14 @@ goto invalid; } + + an = (ngx_resolver_an_t *) &buf[i + 2]; +cname_continue: + class = (an->class_hi << 8) + an->class_lo; + type = (an->type_hi << 8) + an->type_lo; len = (an->len_hi << 8) + an->len_lo; ttl = (an->ttl[0] << 24) + (an->ttl[1] << 16) + (an->ttl[2] << 8) + (an->ttl[3]); @@ -2213,6 +2218,34 @@ ttl = 0; } + /* CNAME processing */ + if (type == NGX_RESOLVE_CNAME) { + do { + if (buf[i] == 0xc0) { + i += 2; + break; + } else { + i += 1 + buf[i]; + } + } while (buf[i] != 0); + an = (ngx_resolver_an_t *) &buf[i]; + len = (an->len_hi << 8) + an->len_lo; + i += sizeof(ngx_resolver_an_t) + len; + + ngx_uint_t nameidx = i; + do { + if (buf[nameidx] == 0xc0) { + nameidx += 2; + break; + } else { + nameidx += 1 + buf[nameidx]; + } + } while (buf[nameidx] != 0); + an = (ngx_resolver_an_t *) &buf[nameidx]; + + goto cname_continue; + } + ngx_log_debug3(NGX_LOG_DEBUG_CORE, r->log, 0, "resolver qt:%ui cl:%ui len:%uz", (an->type_hi << 8) + an->type_lo,

6 years, 11 months

proxy_next_upstream default

by Tolga Ceylan

Hi All, According to documentation, default for proxy_next_upstream flag is error + timeout + invalid_header even if these are not specified: http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream However, looking at the ngx_http_proxy_module.c, I only see timeout/error as merged/set: https://github.com/nginx/nginx/blob/master/src/http/modules/ngx_http_proxy_… This means documentation is incorrect, so if "invalid_header" is not specified, nginx will not consider such cases as "unsuccessful" attempts, right? Regards, Tolga Ceylan

6 years, 11 months

Pushing HTTP/2 to stable branch

by Fasih

Hello! I currently use 1.8 (stable) nginx. Is there an expected timeline to have HTTP/2 available as nginx stable? Or backporting HTTP/2 to 1.8.x? Thanks and Regards +Fasih

6 years, 11 months

[PATCH] ngx_pstrdup() and ngx_copy() problems

by Sergey Matveychuk

Hi. * It looks like strings are supposed to finish with '\0' char to be compatible with C strings. So ngx_pstrdup() must allocate and copy len+1, not just len. * ngx_copy() returns different values for different preprocessor conditions. PS. I have no idea how trac.nginx.org works. I tried to fill a ticket, but it just lost.

6 years, 11 months

Is the limit_rate per tcp session or per HTTP request?

by Stefan Hellkvist

Hi, >From reading the code and the docs I have gotten the impression that limit_rate (and limit_rate_after) is per ngx_connection which (I think) means that it is per HTTP request and not per socket. Am I right in this conclusion or is the limit actually per socket/TCP connection? What we are observing is that the limit we configure does only kick in for requests to files that are larger than the limit_rate_after when the request is done in one GET request but not when the request is done in chunks using byte offset parameters (that is - using many GET requests for the file). So clients can easily avoid the limitations by downloading the file chunk by chunk rather than in one request. If our conclusion are right - that the limit is per HTTP request and not per socket so that a chunked download would not be limited - does anyone have any suggestion how we would go about to introduce a limit also on socket level? I don't mind hacking away at the code, but perhaps someone out there has already looked into this? /Stefan

6 years, 11 months

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

nginx-devel December 2015