nginx-devel June 2017

nginx-devel@nginx.org

29 participants
113 discussions

by Vladimir Homutov

Hello all! We are glad to share with first results of our ongoing efforts to create documentation for nginx developers: the development guide document [1]. The guide is not yet 100% complete and more parts to follow. Of course, your feedback is welcome. [1] http://nginx.org/en/docs/dev/development_guide.html

4 years, 3 months

[PATCH] $request_scheme variable

by Chris Branch

# HG changeset patch # User Chris Branch <cbranch(a)cloudflare.com> # Date 1488195909 0 # Mon Feb 27 11:45:09 2017 +0000 # Node ID 05f555d65a33ebf005fedc569fb52eba3758e1d7 # Parent 87cf6ddb41c216876d13cffa5e637a61b159362c $request_scheme variable. Contains the URI scheme supplied by the client. If no scheme supplied, equivalent to $scheme. Scheme can be supplied by the client in two ways: * HTTP/2 :scheme pseudo-header. * HTTP/1 absolute URI in request line. diff -r 87cf6ddb41c2 -r 05f555d65a33 src/http/ngx_http_variables.c --- a/src/http/ngx_http_variables.c Fri Feb 17 17:01:27 2017 +0300 +++ b/src/http/ngx_http_variables.c Mon Feb 27 11:45:09 2017 +0000 @@ -105,6 +105,8 @@ ngx_http_variable_value_t *v, uintptr_t data); static ngx_int_t ngx_http_variable_request_id(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); +static ngx_int_t ngx_http_variable_request_scheme(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data); static ngx_int_t ngx_http_variable_status(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); @@ -288,6 +290,10 @@ ngx_http_variable_request_id, 0, 0, 0 }, + { ngx_string("request_scheme"), NULL, + ngx_http_variable_request_scheme, + 0, 0, 0 }, + { ngx_string("status"), NULL, ngx_http_variable_status, 0, NGX_HTTP_VAR_NOCACHEABLE, 0 }, @@ -2158,6 +2164,24 @@ static ngx_int_t +ngx_http_variable_request_scheme(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data) +{ + if (r->schema_start) { + v->len = r->schema_end - r->schema_start; + v->valid = 1; + v->no_cacheable = 0; + v->not_found = 0; + v->data = r->schema_start; + + return NGX_OK; + } + + return ngx_http_variable_scheme(r, v, data); +} + + +static ngx_int_t ngx_http_variable_connection(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data) {

4 years, 5 months

[PATCH] Proxy: support configuration of socket buffer sizes

by Karstens, Nate

# HG changeset patch # User Nate Karstens <nate.karstens at garmin.com> # Date 1493467011 18000 # Sat Apr 29 06:56:51 2017 -0500 # Node ID 1251a543804b17941b2c96b84bd1f4e58a37bc15 # Parent 8801ff7d58e1650c9d1abb50e09f5979e4f9ffbf Proxy: support configuration of socket buffer sizes Allows the size of the buffers used by the TCP sockets for HTTP proxy connections to be configured. The new configuration directives are: * proxy_socket_rcvbuf * proxy_socket_sndbuf These correspond with the SO_RCVBUF and SO_SNDBUF socket options, respectively. This is be useful in cases where the proxy processes received data slowly. Data was being buffered in three separate TCP buffers (nginx-from-client receive, nginx- to-proxy send, and proxy-from-nginx receive). The cumulative effect is that the client thinks it has sent all of the data, but times out waiting for a reply from the proxy, which cannot reply because it is still processing the data in its buffers. Signed-off-by: Nate Karstens <nate.karstens at garmin.com> diff -r 8801ff7d58e1 -r 1251a543804b src/event/ngx_event_connect.c --- a/src/event/ngx_event_connect.c Tue Apr 25 23:39:13 2017 +0300 +++ b/src/event/ngx_event_connect.c Sat Apr 29 06:56:51 2017 -0500 @@ -73,6 +73,16 @@ } } + if (pc->sndbuf) { + if (setsockopt(s, SOL_SOCKET, SO_SNDBUF, + (const void *) &pc->sndbuf, sizeof(int)) == -1) + { + ngx_log_error(NGX_LOG_ALERT, pc->log, ngx_socket_errno, + "setsockopt(SO_SNDBUF) failed"); + goto failed; + } + } + if (ngx_nonblocking(s) == -1) { ngx_log_error(NGX_LOG_ALERT, pc->log, ngx_socket_errno, ngx_nonblocking_n " failed"); diff -r 8801ff7d58e1 -r 1251a543804b src/event/ngx_event_connect.h --- a/src/event/ngx_event_connect.h Tue Apr 25 23:39:13 2017 +0300 +++ b/src/event/ngx_event_connect.h Sat Apr 29 06:56:51 2017 -0500 @@ -57,6 +57,7 @@ int type; int rcvbuf; + int sndbuf; ngx_log_t *log; diff -r 8801ff7d58e1 -r 1251a543804b src/http/modules/ngx_http_proxy_module.c --- a/src/http/modules/ngx_http_proxy_module.c Tue Apr 25 23:39:13 2017 +0300 +++ b/src/http/modules/ngx_http_proxy_module.c Sat Apr 29 06:56:51 2017 -0500 @@ -90,6 +90,9 @@ ngx_uint_t headers_hash_max_size; ngx_uint_t headers_hash_bucket_size; + ngx_int_t rcvbuf; + ngx_int_t sndbuf; + #if (NGX_HTTP_SSL) ngx_uint_t ssl; ngx_uint_t ssl_protocols; @@ -629,6 +632,20 @@ offsetof(ngx_http_proxy_loc_conf_t, http_version), &ngx_http_proxy_http_version }, + { ngx_string("proxy_socket_rcvbuf"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_conf_set_num_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_proxy_loc_conf_t, rcvbuf), + NULL }, + + { ngx_string("proxy_socket_sndbuf"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_conf_set_num_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_proxy_loc_conf_t, sndbuf), + NULL }, + #if (NGX_HTTP_SSL) { ngx_string("proxy_ssl_session_reuse"), @@ -905,6 +922,13 @@ u->buffering = plcf->upstream.buffering; + if (plcf->rcvbuf != NGX_CONF_UNSET) { + u->peer.rcvbuf = plcf->rcvbuf; + } + if (plcf->sndbuf != NGX_CONF_UNSET) { + u->peer.sndbuf = plcf->sndbuf; + } + u->pipe = ngx_pcalloc(r->pool, sizeof(ngx_event_pipe_t)); if (u->pipe == NULL) { return NGX_HTTP_INTERNAL_SERVER_ERROR; @@ -2902,6 +2926,9 @@ conf->headers_hash_max_size = NGX_CONF_UNSET_UINT; conf->headers_hash_bucket_size = NGX_CONF_UNSET_UINT; + conf->rcvbuf = NGX_CONF_UNSET; + conf->sndbuf = NGX_CONF_UNSET; + ngx_str_set(&conf->upstream.module, "proxy"); return conf; @@ -3297,6 +3324,12 @@ ngx_conf_merge_uint_value(conf->headers_hash_bucket_size, prev->headers_hash_bucket_size, 64); + ngx_conf_merge_value(conf->rcvbuf, + prev->rcvbuf, NGX_CONF_UNSET); + + ngx_conf_merge_value(conf->sndbuf, + prev->sndbuf, NGX_CONF_UNSET); + conf->headers_hash_bucket_size = ngx_align(conf->headers_hash_bucket_size, ngx_cacheline_size); ________________________________ CONFIDENTIALITY NOTICE: This email and any attachments are for the sole use of the intended recipient(s) and contain information that may be Garmin confidential and/or Garmin legally privileged. If you have received this email in error, please notify the sender by reply email and delete the message. Any disclosure, copying, distribution or use of this communication (including attachments) by someone other than the intended recipient is prohibited. Thank you.

4 years, 8 months

[nginx] Range filter: allowed ranges on empty files (ticket #1031).

by Maxim Dounin

details: http://hg.nginx.org/nginx/rev/aeaac3ccee4f branches: changeset: 7043:aeaac3ccee4f user: Maxim Dounin <mdounin(a)mdounin.ru> date: Tue Jun 27 00:53:46 2017 +0300 description: Range filter: allowed ranges on empty files (ticket #1031). As per RFC 2616 / RFC 7233, any range request to an empty file is expected to result in 416 Range Not Satisfiable response, as there cannot be a "byte-range-spec whose first-byte-pos is less than the current length of the entity-body". On the other hand, this makes use of byte-range requests inconvenient in some cases, as reported for the slice module here: http://mailman.nginx.org/pipermail/nginx-devel/2017-June/010177.html This commit changes range filter to instead return 200 if the file is empty and the range requested starts at 0. diffstat: src/http/modules/ngx_http_range_filter_module.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diffs (13 lines): diff --git a/src/http/modules/ngx_http_range_filter_module.c b/src/http/modules/ngx_http_range_filter_module.c --- a/src/http/modules/ngx_http_range_filter_module.c +++ b/src/http/modules/ngx_http_range_filter_module.c @@ -382,6 +382,9 @@ ngx_http_range_parse(ngx_http_request_t if (ranges-- == 0) { return NGX_DECLINED; } + + } else if (start == 0) { + return NGX_DECLINED; } if (*p++ != ',') {

4 years, 9 months

[PATCH] Resolver: parse hosts file entries

by Thibault Charbonnier

Hello, Here is an attempt at parsing and caching the hosts entries from /etc/hosts. I believe that the resolver should provide such an option to allow: - saving DNS lookups - avoiding confusion from users who expect it to be resolved - the current implementation now self-documents whether the hosts file is used for a particular resolver or not Please let me know if this is of any interest. -- Thibault # HG changeset patch # User Thibault Charbonnier <thibaultcha(a)fastmail.com> # Date 1488252201 28800 # Mon Feb 27 19:23:21 2017 -0800 # Branch resolve-hostsfile # Node ID 91ef480a020bae132506052ca567fef2c4422705 # Parent 640f035293959b2d4b0ba5939d954bc517f57f77 Resolver: parse hosts file entries The resolver option can now take an optional 'hosts=<path>' option, such as: resolver 8.8.4.4 hosts=/etc/hosts; Hosts parsed from the hosts file are considered valid forever. The behavior tries to be conservative, and only parses the hosts file when the option is provided, to enforce backwards compatibility. diff -r 640f03529395 -r 91ef480a020b src/core/ngx_resolver.c --- a/src/core/ngx_resolver.c Fri Jan 27 19:06:35 2017 +0300 +++ b/src/core/ngx_resolver.c Mon Feb 27 19:23:21 2017 -0800 @@ -9,11 +9,12 @@ #include <ngx_core.h> #include <ngx_event.h> - -#define NGX_RESOLVER_UDP_SIZE 4096 - -#define NGX_RESOLVER_TCP_RSIZE (2 + 65535) -#define NGX_RESOLVER_TCP_WSIZE 8192 +#define NGX_RESOLVER_HOSTSFILE_SIZE 4096 + +#define NGX_RESOLVER_UDP_SIZE 4096 + +#define NGX_RESOLVER_TCP_RSIZE (2 + 65535) +#define NGX_RESOLVER_TCP_WSIZE 8192 typedef struct { @@ -120,6 +121,8 @@ ngx_resolver_node_t *rn); static void ngx_resolver_srv_names_handler(ngx_resolver_ctx_t *ctx); static ngx_int_t ngx_resolver_cmp_srvs(const void *one, const void *two); +static ngx_int_t ngx_resolver_parse_hostsfile(ngx_conf_t *cf, ngx_resolver_t *r, + ngx_str_t filename); #if (NGX_HAVE_INET6) static void ngx_resolver_rbtree_insert_addr6_value(ngx_rbtree_node_t *temp, @@ -128,7 +131,6 @@ struct in6_addr *addr, uint32_t hash); #endif - ngx_resolver_t * ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n) { @@ -243,6 +245,24 @@ } #endif + if (ngx_strncmp(names[i].data, "hosts=", 6) == 0) { + r->hostsfile.len = names[i].len - 6; + + if (r->hostsfile.len == 0) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "invalid parameter: %V", &names[i]); + return NULL; + } + + r->hostsfile.data = ngx_resolver_dup(r, names[i].data + 6, + r->hostsfile.len + 1); + if (r->hostsfile.data == NULL) { + return NULL; + } + + continue; + } + ngx_memzero(&u, sizeof(ngx_url_t)); u.url = names[i]; @@ -273,6 +293,13 @@ } } + if (r->hostsfile.len > 0 + && ngx_resolver_parse_hostsfile(cf, r, r->hostsfile) + != NGX_OK) + { + return NULL; + } + return r; } @@ -4660,3 +4687,264 @@ return p1 - p2; } + + +static ngx_int_t +ngx_resolver_parse_hostsfile(ngx_conf_t *cf, ngx_resolver_t *r, + ngx_str_t filename) +{ + off_t file_size; + u_char ch; + u_char *start; + size_t len; + ssize_t n, size; + ngx_int_t rc; + ngx_str_t s; + ngx_fd_t fd; + ngx_buf_t b; + ngx_file_t file; + in_addr_t addr; + ngx_resolver_node_t *rn; + enum { + scan_line = 0, + scan_skipline, + scan_addr, + scan_hosts, + scan_name + } state; + + b.start = NULL; + s.data = NULL; + s.len = 0; + rn = NULL; + + fd = ngx_open_file(filename.data, NGX_FILE_RDONLY, NGX_FILE_OPEN, 0); + if (fd == NGX_INVALID_FILE) { + ngx_log_error(NGX_LOG_ALERT, cf->log, ngx_errno, + ngx_open_file_n " \"%s\" failed", filename.data); + return NGX_ERROR; + } + + ngx_memzero(&file, sizeof(ngx_file_t)); + + if (ngx_fd_info(fd, &file.info) == NGX_FILE_ERROR) { + ngx_log_error(NGX_LOG_ALERT, cf->log, ngx_errno, + ngx_fd_info_n " \"%s\" failed", filename.data); + goto fail; + } + + file.fd = fd; + file.log = cf->log; + file.name.len = filename.len; + file.name.data = filename.data; + file.offset = 0; + + b.start = ngx_resolver_alloc(r, NGX_RESOLVER_HOSTSFILE_SIZE); + if (b.start == NULL) { + goto fail; + } + + b.pos = b.start; + b.last = b.start; + b.end = b.last + NGX_RESOLVER_HOSTSFILE_SIZE; + b.temporary = 1; + + start = b.pos; + state = scan_line; + file_size = ngx_file_size(&file.info); + + for ( ;; ) { + + if (b.pos >= b.last) { + len = b.pos - start; + + if (len) { + ngx_memmove(b.start, start, len); + } + + size = (ssize_t) (file_size - file.offset); + + if (size > b.end - (b.start + len)) { + size = b.end - (b.start + len); + + } else if (size == 0) { + rc = NGX_OK; + goto done; + } + + n = ngx_read_file(&file, b.start + len, size, file.offset); + if (n == NGX_ERROR) { + ngx_log_error(NGX_LOG_ALERT, cf->log, ngx_errno, + ngx_read_file_n, " \"%s\" failed", + filename.data); + goto fail; + } + + if (n != size) { + ngx_log_error(NGX_LOG_ERR, cf->log, ngx_errno, + ngx_read_file_n, " returned only %z bytes " + "instead of %z", n, size); + goto fail; + } + + b.pos = b.start + len; + b.last = b.pos + n; + start = b.start; + } + + ch = *b.pos; + + switch (state) { + + case scan_line: + if (ch == ' ') { + break; + } + + if (ch == '#') { + state = scan_skipline; + break; + } + + start = b.pos; + state = scan_addr; + break; + + case scan_skipline: + if (ch == LF || ch == CR) { + state = scan_line; + } + + break; + + case scan_addr: + if (ch == LF || ch == CR) { + state = scan_line; + break; + } + + if (ch == ' ' || ch == '\t') { + if (s.data) { + ngx_resolver_free(r, s.data); + } + + s.len = b.pos - start; + + s.data = ngx_resolver_dup(r, start, s.len); + if (s.data == NULL) { + goto fail; + } + + state = scan_hosts; + } + + break; + + case scan_hosts: + if (ch == LF || ch == CR) { + state = scan_line; + break; + } + + if (ch == ' ' || ch == '\t') { + break; + } + + start = b.pos; + state = scan_name; + break; + + case scan_name: + if (ch == ' ' || ch == '\t' || ch == LF || ch == CR) { + rn = ngx_resolver_calloc(r, sizeof(ngx_resolver_node_t)); + if (rn == NULL) { + goto fail; + } + + rn->nlen = b.pos - start; + + rn->name = ngx_resolver_dup(r, start, rn->nlen); + if (rn->name == NULL) { + goto fail; + } + + rn->ttl = NGX_MAX_UINT32_VALUE; + rn->valid = NGX_MAX_UINT32_VALUE; + rn->expire = NGX_MAX_UINT32_VALUE; + rn->node.key = ngx_crc32_short(rn->name, rn->nlen); + + if (ngx_strlchr(s.data, + s.data + s.len, ':') != NULL) + { + +#if (NGX_HAVE_INET6) + if (!r->ipv6 + || ngx_inet6_addr(s.data, s.len, + rn->u6.addr6.s6_addr) != NGX_OK) + { + ngx_resolver_free_node(r, rn); + state = scan_skipline; + break; + } + + rn->naddrs6 = 1; +#endif + + } else { + addr = ngx_inet_addr(s.data, s.len); + if (addr == INADDR_NONE) { + ngx_resolver_free_node(r, rn); + state = scan_skipline; + break; + } + + rn->naddrs = 1; + rn->u.addr = addr; + } + + ngx_rbtree_insert(&r->name_rbtree, &rn->node); + + ngx_queue_insert_head(&r->name_expire_queue, &rn->queue); + + if (ch == LF || ch == CR) { + state = scan_line; + break; + } + + state = scan_hosts; + } + + break; + } + + b.pos++; + } + +fail: + + rc = NGX_ERROR; + +done: + + if (s.data) { + ngx_resolver_free(r, s.data); + } + + if (b.start) { + ngx_resolver_free(r, b.start); + } + + if (ngx_close_file(fd) == NGX_FILE_ERROR) { + ngx_log_error(NGX_LOG_ALERT, cf->log, ngx_errno, + ngx_close_file_n, " \"%s\" failed", + filename.data); + rc = NGX_ERROR; + } + + if (rc == NGX_ERROR) { + return NGX_ERROR; + } + + return NGX_OK; +} + diff -r 640f03529395 -r 91ef480a020b src/core/ngx_resolver.h --- a/src/core/ngx_resolver.h Fri Jan 27 19:06:35 2017 +0300 +++ b/src/core/ngx_resolver.h Mon Feb 27 19:23:21 2017 -0800 @@ -146,6 +146,8 @@ struct ngx_resolver_s { + ngx_str_t hostsfile; + /* has to be pointer because of "incomplete type" */ ngx_event_t *event; void *dummy;

4 years, 11 months

[PATCH 01 of 14] Output chain: propagate last_buf flag to c->send_chain()

by Piotr Sikora

# HG changeset patch # User Piotr Sikora <piotrsikora(a)google.com> # Date 1491708381 25200 # Sat Apr 08 20:26:21 2017 -0700 # Node ID 5f5d70428655db0889a2111d17d912a7383df152 # Parent a39bc74873faf9e5bea616561b43f6ecc55229f9 Output chain: propagate last_buf flag to c->send_chain(). Signed-off-by: Piotr Sikora <piotrsikora(a)google.com> diff -r a39bc74873fa -r 5f5d70428655 src/core/ngx_output_chain.c --- a/src/core/ngx_output_chain.c +++ b/src/core/ngx_output_chain.c @@ -658,6 +658,7 @@ ngx_chain_writer(void *data, ngx_chain_t ngx_chain_writer_ctx_t *ctx = data; off_t size; + ngx_uint_t last; ngx_chain_t *cl, *ln, *chain; ngx_connection_t *c; @@ -689,9 +690,10 @@ ngx_chain_writer(void *data, ngx_chain_t size += ngx_buf_size(in->buf); - ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0, - "chain writer buf fl:%d s:%uO", - in->buf->flush, ngx_buf_size(in->buf)); + ngx_log_debug3(NGX_LOG_DEBUG_CORE, c->log, 0, + "chain writer buf fl:%d l:%d s:%uO", + in->buf->flush, in->buf->last_buf, + ngx_buf_size(in->buf)); cl = ngx_alloc_chain_link(ctx->pool); if (cl == NULL) { @@ -707,6 +709,8 @@ ngx_chain_writer(void *data, ngx_chain_t ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0, "chain writer in: %p", ctx->out); + last = 0; + for (cl = ctx->out; cl; cl = cl->next) { #if 1 @@ -732,9 +736,16 @@ ngx_chain_writer(void *data, ngx_chain_t #endif size += ngx_buf_size(cl->buf); + + if (cl->buf->last_buf) { + last = 1; + } } - if (size == 0 && !c->buffered) { + if (size == 0 + && !c->buffered + && !(last && c->need_last_buf)) + { return NGX_OK; }

5 years

[nginx] Fixed background requests with asynchronous operations.

by Roman Arutyunyan

details: http://hg.nginx.org/nginx/rev/5e05118678af branches: changeset: 7011:5e05118678af user: Roman Arutyunyan <arut(a)nginx.com> date: Mon May 29 23:33:38 2017 +0300 description: Fixed background requests with asynchronous operations. If the main request was finalized while a background request performed an asynchronous operation, the main request ended up in ngx_http_writer() and was not finalized until a network event or a timeout. For example, cache background update with aio enabled made nginx unable to process further client requests or close the connection, keeping it open until client closes it. Now regular finalization of the main request is not suspended because of an asynchronous operation in another request. If a background request was terminated while an asynchronous operation was in progress, background request's write event handler was changed to ngx_http_request_finalizer() and never called again. Now, whenever a request is terminated while an asynchronous operation is in progress, connection error flag is set to make further finalizations of any request with this connection lead to termination. These issues appeared in 1aeaae6e9446 (not yet released). diffstat: src/http/ngx_http_request.c | 8 +++----- 1 files changed, 3 insertions(+), 5 deletions(-) diffs (32 lines): diff -r c1524829af3d -r 5e05118678af src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c Mon May 29 16:48:30 2017 +0300 +++ b/src/http/ngx_http_request.c Mon May 29 23:33:38 2017 +0300 @@ -2331,10 +2331,6 @@ ngx_http_finalize_request(ngx_http_reque return; } - if (r->main->blocked) { - r->write_event_handler = ngx_http_request_finalizer; - } - ngx_http_terminate_request(r, rc); return; } @@ -2449,7 +2445,7 @@ ngx_http_finalize_request(ngx_http_reque return; } - if (r->buffered || c->buffered || r->postponed || r->blocked) { + if (r->buffered || c->buffered || r->postponed) { if (ngx_http_set_write_handler(r) != NGX_OK) { ngx_http_terminate_request(r, 0); @@ -2530,6 +2526,8 @@ ngx_http_terminate_request(ngx_http_requ if (mr->write_event_handler) { if (mr->blocked) { + r->connection->error = 1; + r->write_event_handler = ngx_http_request_finalizer; return; }

5 years

[PATCH 1 of 3] PSK: connection support

by Karstens, Nate

# HG changeset patch # User Nate Karstens <nate.karstens(a)garmin.com> # Date 1498137180 18000 # Thu Jun 22 08:13:00 2017 -0500 # Node ID 3fb3c4928d06029ca1d57853a163c9f56fa90bca # Parent 6169dbad37d85fa8642b9d0a51f0f0f6c19dd3d1 PSK: connection support Adds support for TLS connections using PSK cipher suites. A new configuration directive, ssl_psk_file, specifies the file that contains a list of identities and associated PSKs. Each line of the file begins with the identity, followed by a colon character (':'), and ending with the PSK. As required by RFC 4279 section 5.4, PSKs may be entered either as plain text or using hexadecimal encoding. Hexadecimal PSKs must begin with "{HEX}". PSKs without this prefix are assumed to be plain text, but they may optionally begin with "{PLAIN}" to denote this. Some examples: gary:plain_text_password min:{PLAIN}another_text_password cliff:{HEX}ab0123CD The format of the given PSK file is checked at server startup. PSK functionality can be easily tested with the OpenSSL s_client using the "-psk" and "-psk_identity" options. Signed-off-by: Nate Karstens <nate.karstens(a)garmin.com> diff -r 6169dbad37d8 -r 3fb3c4928d06 contrib/vim/syntax/nginx.vim --- a/contrib/vim/syntax/nginx.vim Wed Jun 14 20:13:41 2017 +0300 +++ b/contrib/vim/syntax/nginx.vim Thu Jun 22 08:13:00 2017 -0500 @@ -550,6 +550,7 @@ syn keyword ngxDirective contained ssl_prefer_server_ciphers syn keyword ngxDirective contained ssl_preread syn keyword ngxDirective contained ssl_protocols +syn keyword ngxDirective contained ssl_psk_file syn keyword ngxDirective contained ssl_session_cache syn keyword ngxDirective contained ssl_session_ticket_key syn keyword ngxDirective contained ssl_session_tickets diff -r 6169dbad37d8 -r 3fb3c4928d06 src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c Wed Jun 14 20:13:41 2017 +0300 +++ b/src/event/ngx_event_openssl.c Thu Jun 22 08:13:00 2017 -0500 @@ -11,6 +11,7 @@ #define NGX_SSL_PASSWORD_BUFFER_SIZE 4096 +#define NGX_SSL_PSK_BUFFER_SIZE 4096 typedef struct { @@ -23,6 +24,8 @@ static int ngx_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store); static void ngx_ssl_info_callback(const ngx_ssl_conn_t *ssl_conn, int where, int ret); +static unsigned int ngx_ssl_psk_callback(SSL *ssl, const char *identity, + unsigned char *psk, unsigned int max_psk_len); static void ngx_ssl_passwords_cleanup(void *data); static void ngx_ssl_handshake_handler(ngx_event_t *ev); static ngx_int_t ngx_ssl_handle_recv(ngx_connection_t *c, int n); @@ -65,6 +68,11 @@ #endif ASN1_TIME *asn1time); +static ngx_int_t ngx_ssl_psk_convert_hex(u_char **buf, const u_char *psk, + const u_char *last, ngx_uint_t line); +static ngx_int_t ngx_ssl_psk_read(ngx_str_t *file, const char *identity, + unsigned char *psk, int max_psk_len); + static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); static void ngx_openssl_exit(ngx_cycle_t *cycle); @@ -114,6 +122,7 @@ int ngx_ssl_next_certificate_index; int ngx_ssl_certificate_name_index; int ngx_ssl_stapling_index; +int ngx_ssl_psk_index; ngx_int_t @@ -225,6 +234,13 @@ return NGX_ERROR; } + ngx_ssl_psk_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); + + if (ngx_ssl_psk_index == -1) { + ngx_ssl_error(NGX_LOG_ALERT, log, 0, "SSL_get_ex_new_index() failed"); + return NGX_ERROR; + } + return NGX_OK; } @@ -345,6 +361,7 @@ SSL_CTX_set_read_ahead(ssl->ctx, 1); SSL_CTX_set_info_callback(ssl->ctx, ngx_ssl_info_callback); + SSL_CTX_set_psk_server_callback(ssl->ctx, ngx_ssl_psk_callback); return NGX_OK; } @@ -875,6 +892,29 @@ } +static unsigned int ngx_ssl_psk_callback(SSL *ssl, const char *identity, + unsigned char *psk, unsigned int max_psk_len) +{ + SSL_CTX *ssl_ctx; + ngx_str_t *psk_file; + ngx_int_t psk_len; + + ssl_ctx = SSL_get_SSL_CTX(ssl); + + psk_file = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_psk_index); + if (psk_file == NULL) { + return 0; + } + + psk_len = ngx_ssl_psk_read(psk_file, identity, psk, max_psk_len); + if (psk_len < 0) { + return 0; + } + + return psk_len; +} + + RSA * ngx_ssl_rsa512_key_callback(ngx_ssl_conn_t *ssl_conn, int is_export, int key_length) @@ -3137,6 +3177,24 @@ #endif +ngx_int_t +ngx_ssl_psk_file(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file) + +{ + ngx_int_t rc; + + if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_psk_index, file) == 0) { + ngx_ssl_error(NGX_LOG_ALERT, ssl->log, 0, + "SSL_CTX_set_ex_data() failed"); + return NGX_ERROR; + } + + rc = ngx_ssl_psk_read(file, NULL, NULL, 0); + + return rc == 0 ? NGX_OK : NGX_ERROR; +} + + void ngx_ssl_cleanup_ctx(void *data) { @@ -4127,6 +4185,223 @@ } +static ngx_int_t +ngx_ssl_psk_convert_hex(u_char **buf, const u_char *psk, const u_char *last, + ngx_uint_t line) +{ + ngx_int_t len; + u_char *out = NULL; + u_char val; + + if (buf != NULL) { + *buf = NULL; + } + + if ((last - psk) & 1) { + len = NGX_ERROR; + goto error; + } + + len = (last - psk) / 2; + + if (buf != NULL) { + out = ngx_alloc(len, ngx_cycle->log); + if (out == NULL) { + return NGX_ERROR; + } + *buf = out; + } + + while (psk < last) { + if (*psk >= '0' && *psk <= '9') { + val = *psk - '0'; + } else if (*psk >= 'a' && *psk <= 'f') { + val = *psk - 'a' + 10; + } else if (*psk >= 'A' && *psk <= 'F') { + val = *psk - 'A' + 10; + } else { + len = NGX_ERROR; + goto error; + } + + val <<= 4; + psk++; + + if (*psk >= '0' && *psk <= '9') { + val += *psk - '0'; + } else if (*psk >= 'a' && *psk <= 'f') { + val += *psk - 'a' + 10; + } else if (*psk >= 'A' && *psk <= 'F') { + val += *psk - 'A' + 10; + } else { + len = NGX_ERROR; + goto error; + } + + psk++; + + if (out != NULL) { + *out = val; + out++; + } + } + +error: + + if (len == NGX_ERROR) { + ngx_ssl_error(NGX_LOG_EMERG, ngx_cycle->log, 0, + "The PSK on line %ui is not valid hex", line); + if (buf != NULL) { + ngx_free(*buf); + *buf = NULL; + } + } + + return len; +} + + +static ngx_int_t +ngx_ssl_psk_read(ngx_str_t *file, const char *identity, unsigned char *psk, + int max_psk_len) +{ + ngx_int_t rc = 0; + ngx_fd_t fd; + ngx_uint_t line; + size_t len; + ssize_t n; + u_char *p, *last, *end; + u_char *psk_ptr, *hex_buf = NULL; + u_char buf[NGX_SSL_PSK_BUFFER_SIZE]; + + static const char plain_tag[7] = "{PLAIN}"; + static const char hex_tag[5] = "{HEX}"; + + fd = ngx_open_file(file->data, NGX_FILE_RDONLY, NGX_FILE_OPEN, 0); + if (fd == NGX_INVALID_FILE) { + ngx_ssl_error(NGX_LOG_EMERG, ngx_cycle->log, ngx_errno, + ngx_open_file_n " \"%V\" failed", file); + return NGX_ERROR; + } + + len = 0; + last = buf; + + do { + n = ngx_read_fd(fd, last, NGX_SSL_PSK_BUFFER_SIZE - len); + + if (n == -1) { + ngx_ssl_error(NGX_LOG_EMERG, ngx_cycle->log, ngx_errno, + ngx_read_fd_n " \"%V\" failed", file); + rc = NGX_ERROR; + goto done; + } + + end = last + n; + + if (len && n == 0) { + *end++ = LF; + } + + for (p = buf, line = 1; ; p = last, line++) { + last = ngx_strlchr(last, end, LF); + + if (last == NULL) { + break; + } + + len = last++ - p; + + if (len && p[len - 1] == CR) { + len--; + } + + if (len == 0) { + continue; + } + + psk_ptr = (u_char *) ngx_strlchr(p, p + len, ':'); + if (psk_ptr == NULL) { + ngx_ssl_error(NGX_LOG_EMERG, ngx_cycle->log, 0, + "Bad format on line %ui of PSK file \"%V\"", + line, file); + rc = NGX_ERROR; + goto done; + } + + *psk_ptr = '\0'; + psk_ptr++; + + if (identity == NULL) { + if (ngx_memcmp(psk_ptr, hex_tag, sizeof(hex_tag)) == 0) { + psk_ptr += sizeof(hex_tag); + if (ngx_ssl_psk_convert_hex(NULL, psk_ptr, p + len, line) + == NGX_ERROR) + { + rc = NGX_ERROR; + goto done; + } + } + + continue; + } + + if (ngx_strcmp(p, identity) != 0) { + continue; + } + + if (ngx_memcmp(psk_ptr, plain_tag, sizeof(plain_tag)) == 0) { + psk_ptr += sizeof(plain_tag); + rc = last - 1 - psk_ptr; + } else if (ngx_memcmp(psk_ptr, hex_tag, sizeof(hex_tag)) == 0) { + psk_ptr += sizeof(hex_tag); + rc = ngx_ssl_psk_convert_hex(&hex_buf, psk_ptr, p + len, line); + if (rc == NGX_ERROR) { + goto done; + } + psk_ptr = hex_buf; + } else { + rc = last - 1 - psk_ptr; + } + + if (rc > max_psk_len) { + rc = 0; + goto done; + } + + ngx_memcpy(psk, psk_ptr, rc); + goto done; + } + + len = end - p; + + if (len == NGX_SSL_PSK_BUFFER_SIZE) { + ngx_ssl_error(NGX_LOG_EMERG, ngx_cycle->log, 0, + "too long line in \"%V\"", file); + rc = NGX_ERROR; + goto done; + } + + ngx_memmove(buf, p, len); + last = buf + len; + + } while (n != 0); + +done: + + if (ngx_close_file(fd) == NGX_FILE_ERROR) { + ngx_ssl_error(NGX_LOG_ALERT, ngx_cycle->log, ngx_errno, + ngx_close_file_n " %V failed", file); + rc = NGX_ERROR; + } + + ngx_memzero(buf, NGX_SSL_PSK_BUFFER_SIZE); + ngx_free(hex_buf); + + return rc; +} + + static void * ngx_openssl_create_conf(ngx_cycle_t *cycle) { diff -r 6169dbad37d8 -r 3fb3c4928d06 src/event/ngx_event_openssl.h --- a/src/event/ngx_event_openssl.h Wed Jun 14 20:13:41 2017 +0300 +++ b/src/event/ngx_event_openssl.h Thu Jun 22 08:13:00 2017 -0500 @@ -171,6 +171,7 @@ ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout); ngx_int_t ngx_ssl_session_ticket_keys(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *paths); +ngx_int_t ngx_ssl_psk_file(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file); ngx_int_t ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone, void *data); ngx_int_t ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags); @@ -255,6 +256,7 @@ extern int ngx_ssl_next_certificate_index; extern int ngx_ssl_certificate_name_index; extern int ngx_ssl_stapling_index; +extern int ngx_ssl_psk_index; #endif /* _NGX_EVENT_OPENSSL_H_INCLUDED_ */ diff -r 6169dbad37d8 -r 3fb3c4928d06 src/http/modules/ngx_http_ssl_module.c --- a/src/http/modules/ngx_http_ssl_module.c Wed Jun 14 20:13:41 2017 +0300 +++ b/src/http/modules/ngx_http_ssl_module.c Thu Jun 22 08:13:00 2017 -0500 @@ -234,6 +234,13 @@ offsetof(ngx_http_ssl_srv_conf_t, stapling_verify), NULL }, + { ngx_string("ssl_psk_file"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, + ngx_conf_set_str_slot, + NGX_HTTP_SRV_CONF_OFFSET, + offsetof(ngx_http_ssl_srv_conf_t, psk_file), + NULL }, + ngx_null_command }; @@ -539,6 +546,7 @@ * sscf->shm_zone = NULL; * sscf->stapling_file = { 0, NULL }; * sscf->stapling_responder = { 0, NULL }; + * sscf->psk_file = { 0, NULL }; */ sscf->enable = NGX_CONF_UNSET; @@ -620,6 +628,8 @@ ngx_conf_merge_str_value(conf->stapling_responder, prev->stapling_responder, ""); + ngx_conf_merge_str_value(conf->psk_file, prev->psk_file, ""); + conf->ssl.log = cf->log; if (conf->enable) { @@ -800,6 +810,12 @@ } + if (ngx_ssl_psk_file(cf, &conf->ssl, &conf->psk_file) + != NGX_OK) + { + return NGX_CONF_ERROR; + } + return NGX_CONF_OK; } diff -r 6169dbad37d8 -r 3fb3c4928d06 src/http/modules/ngx_http_ssl_module.h --- a/src/http/modules/ngx_http_ssl_module.h Wed Jun 14 20:13:41 2017 +0300 +++ b/src/http/modules/ngx_http_ssl_module.h Thu Jun 22 08:13:00 2017 -0500 @@ -55,6 +55,8 @@ ngx_str_t stapling_file; ngx_str_t stapling_responder; + ngx_str_t psk_file; + u_char *file; ngx_uint_t line; } ngx_http_ssl_srv_conf_t; ________________________________ CONFIDENTIALITY NOTICE: This email and any attachments are for the sole use of the intended recipient(s) and contain information that may be Garmin confidential and/or Garmin legally privileged. If you have received this email in error, please notify the sender by reply email and delete the message. Any disclosure, copying, distribution or use of this communication (including attachments) by someone other than the intended recipient is prohibited. Thank you.

5 years

[PATCH] HTTP/2: add support for HPACK encoding

by Vlad Krasnov

# HG changeset patch # User Vlad Krasnov <vlad(a)cloudflare.com> # Date 1498167669 25200 # Thu Jun 22 14:41:09 2017 -0700 # Node ID 895cea03ac21fb18d2c2ba32389cd67dc74ddbd0 # Parent a39bc74873faf9e5bea616561b43f6ecc55229f9 HTTP/2: add support for HPACK encoding Add support for full HPACK encoding as per RFC7541. This modification improves header compression ratio by 5-10% for the first response, and by 40-95% for consequential responses on the connection. The implementation is similar to the one used by Cloudflare. diff -r a39bc74873fa -r 895cea03ac21 auto/modules --- a/auto/modules Mon Jun 19 14:25:42 2017 +0300 +++ b/auto/modules Thu Jun 22 14:41:09 2017 -0700 @@ -436,6 +436,10 @@ . auto/module fi + if [ $HTTP_V2_HPACK_ENC = YES ]; then + have=NGX_HTTP_V2_HPACK_ENC . auto/have + fi + if :; then ngx_module_name=ngx_http_static_module ngx_module_incs= diff -r a39bc74873fa -r 895cea03ac21 auto/options --- a/auto/options Mon Jun 19 14:25:42 2017 +0300 +++ b/auto/options Thu Jun 22 14:41:09 2017 -0700 @@ -59,6 +59,7 @@ HTTP_GZIP=YES HTTP_SSL=NO HTTP_V2=NO +HTTP_V2_HPACK_ENC=NO HTTP_SSI=YES HTTP_POSTPONE=NO HTTP_REALIP=NO @@ -221,6 +222,7 @@ --with-http_ssl_module) HTTP_SSL=YES ;; --with-http_v2_module) HTTP_V2=YES ;; + --with-http_v2_hpack_enc) HTTP_V2_HPACK_ENC=YES ;; --with-http_realip_module) HTTP_REALIP=YES ;; --with-http_addition_module) HTTP_ADDITION=YES ;; --with-http_xslt_module) HTTP_XSLT=YES ;; @@ -430,6 +432,7 @@ --with-http_ssl_module enable ngx_http_ssl_module --with-http_v2_module enable ngx_http_v2_module + --with-http_v2_hpack_enc enable ngx_http_v2_hpack_enc --with-http_realip_module enable ngx_http_realip_module --with-http_addition_module enable ngx_http_addition_module --with-http_xslt_module enable ngx_http_xslt_module diff -r a39bc74873fa -r 895cea03ac21 src/core/ngx_murmurhash.c --- a/src/core/ngx_murmurhash.c Mon Jun 19 14:25:42 2017 +0300 +++ b/src/core/ngx_murmurhash.c Thu Jun 22 14:41:09 2017 -0700 @@ -50,3 +50,63 @@ return h; } + + +uint64_t +ngx_murmur_hash2_64(u_char *data, size_t len, uint64_t seed) +{ + uint64_t h, k; + + h = seed ^ len; + + while (len >= 8) { + k = data[0]; + k |= data[1] << 8; + k |= data[2] << 16; + k |= data[3] << 24; + k |= (uint64_t)data[4] << 32; + k |= (uint64_t)data[5] << 40; + k |= (uint64_t)data[6] << 48; + k |= (uint64_t)data[7] << 56; + + k *= 0xc6a4a7935bd1e995ull; + k ^= k >> 47; + k *= 0xc6a4a7935bd1e995ull; + + h ^= k; + h *= 0xc6a4a7935bd1e995ull; + + data += 8; + len -= 8; + } + + switch (len) { + case 7: + h ^= (uint64_t)data[6] << 48; + /* fall through */ + case 6: + h ^= (uint64_t)data[5] << 40; + /* fall through */ + case 5: + h ^= (uint64_t)data[4] << 32; + /* fall through */ + case 4: + h ^= data[3] << 24; + /* fall through */ + case 3: + h ^= data[2] << 16; + /* fall through */ + case 2: + h ^= data[1] << 8; + /* fall through */ + case 1: + h ^= data[0]; + h *= 0xc6a4a7935bd1e995ull; + } + + h ^= h >> 47; + h *= 0xc6a4a7935bd1e995ull; + h ^= h >> 47; + + return h; +} diff -r a39bc74873fa -r 895cea03ac21 src/core/ngx_murmurhash.h --- a/src/core/ngx_murmurhash.h Mon Jun 19 14:25:42 2017 +0300 +++ b/src/core/ngx_murmurhash.h Thu Jun 22 14:41:09 2017 -0700 @@ -15,5 +15,7 @@ uint32_t ngx_murmur_hash2(u_char *data, size_t len); +uint64_t ngx_murmur_hash2_64(u_char *data, size_t len, uint64_t seed); + #endif /* _NGX_MURMURHASH_H_INCLUDED_ */ diff -r a39bc74873fa -r 895cea03ac21 src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c Mon Jun 19 14:25:42 2017 +0300 +++ b/src/http/v2/ngx_http_v2.c Thu Jun 22 14:41:09 2017 -0700 @@ -245,6 +245,8 @@ h2c->frame_size = NGX_HTTP_V2_DEFAULT_FRAME_SIZE; + h2c->max_hpack_table_size = NGX_HTTP_V2_DEFAULT_HPACK_TABLE_SIZE; + h2scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v2_module); h2c->pool = ngx_create_pool(h2scf->pool_size, h2c->connection->log); @@ -2018,6 +2020,17 @@ h2c->frame_size = value; break; + case NGX_HTTP_V2_HEADER_TABLE_SIZE_SETTING: + + if (value > NGX_HTTP_V2_MAX_HPACK_TABLE_SIZE) { + h2c->max_hpack_table_size = NGX_HTTP_V2_MAX_HPACK_TABLE_SIZE; + } else { + h2c->max_hpack_table_size = value; + } + + h2c->indicate_resize = 1; + break; + default: break; } diff -r a39bc74873fa -r 895cea03ac21 src/http/v2/ngx_http_v2.h --- a/src/http/v2/ngx_http_v2.h Mon Jun 19 14:25:42 2017 +0300 +++ b/src/http/v2/ngx_http_v2.h Thu Jun 22 14:41:09 2017 -0700 @@ -49,6 +49,13 @@ #define NGX_HTTP_V2_MAX_WINDOW ((1U << 31) - 1) #define NGX_HTTP_V2_DEFAULT_WINDOW 65535 +#define HPACK_ENC_HTABLE_SZ 128 /* better to keep a PoT < 64k */ +#define HPACK_ENC_HTABLE_ENTRIES ((HPACK_ENC_HTABLE_SZ * 100) / 128) +#define HPACK_ENC_DYNAMIC_KEY_TBL_SZ 10 /* 10 is sufficient for most */ +#define HPACK_ENC_MAX_ENTRY 512 /* longest header size to match */ + +#define NGX_HTTP_V2_DEFAULT_HPACK_TABLE_SIZE 4096 +#define NGX_HTTP_V2_MAX_HPACK_TABLE_SIZE 16384 /* < 64k */ typedef struct ngx_http_v2_connection_s ngx_http_v2_connection_t; typedef struct ngx_http_v2_node_s ngx_http_v2_node_t; @@ -110,6 +117,46 @@ } ngx_http_v2_hpack_t; +#if (NGX_HTTP_V2_HPACK_ENC) +typedef struct { + uint64_t hash_val; + uint32_t index; + uint16_t pos; + uint16_t klen, vlen; + uint16_t size; + uint16_t next; +} ngx_http_v2_hpack_enc_entry_t; + + +typedef struct { + uint64_t hash_val; + uint32_t index; + uint16_t pos; + uint16_t klen; +} ngx_http_v2_hpack_name_entry_t; + + +typedef struct { + size_t size; /* size as defined in RFC 7541 */ + uint32_t top; /* the last entry */ + uint32_t pos; + uint16_t n_elems; /* number of elements */ + uint16_t base; /* index of the oldest entry */ + uint16_t last; /* index of the newest entry */ + + /* hash table for dynamic entries, instead using a generic hash table, + which would be too slow to process a significant amount of headers, + this table is not determenistic, and might ocasionally fail to insert + a value, at the cost of slightly worse compression, but significantly + faster performance */ + ngx_http_v2_hpack_enc_entry_t htable[HPACK_ENC_HTABLE_SZ]; + ngx_http_v2_hpack_name_entry_t heads[HPACK_ENC_DYNAMIC_KEY_TBL_SZ]; + u_char storage[NGX_HTTP_V2_MAX_HPACK_TABLE_SIZE + + HPACK_ENC_MAX_ENTRY]; +} ngx_http_v2_hpack_enc_t; +#endif + + struct ngx_http_v2_connection_s { ngx_connection_t *connection; ngx_http_connection_t *http_connection; @@ -122,6 +169,8 @@ size_t frame_size; + size_t max_hpack_table_size; + ngx_queue_t waiting; ngx_http_v2_state_t state; @@ -146,6 +195,11 @@ unsigned settings_ack:1; unsigned blocked:1; unsigned goaway:1; + unsigned indicate_resize:1; + +#if (NGX_HTTP_V2_HPACK_ENC) + ngx_http_v2_hpack_enc_t hpack_enc; +#endif }; @@ -347,4 +401,31 @@ #define ngx_http_v2_write_sid ngx_http_v2_write_uint32 +u_char *ngx_http_v2_string_encode(u_char *dst, u_char *src, size_t len, + u_char *tmp, ngx_uint_t lower); + +u_char * +ngx_http_v2_write_int(u_char *pos, ngx_uint_t prefix, ngx_uint_t value); + +#define ngx_http_v2_write_name(dst, src, len, tmp) \ + ngx_http_v2_string_encode(dst, src, len, tmp, 1) +#define ngx_http_v2_write_value(dst, src, len, tmp) \ + ngx_http_v2_string_encode(dst, src, len, tmp, 0) + +u_char * +ngx_http_v2_write_header(ngx_http_v2_connection_t *h2c, u_char *pos, + u_char *key, size_t key_len, u_char *value, size_t value_len, + u_char *tmp); + +void +ngx_http_v2_table_resize(ngx_http_v2_connection_t *h2c); + +#define ngx_http_v2_write_header_str(key, value) \ + ngx_http_v2_write_header(h2c, pos, (u_char *) key, sizeof(key) - 1, \ + (u_char *) value, sizeof(value) - 1, tmp); + +#define ngx_http_v2_write_header_tbl(key, val) \ + ngx_http_v2_write_header(h2c, pos, (u_char *) key, sizeof(key) - 1, \ + val.data, val.len, tmp); + #endif /* _NGX_HTTP_V2_H_INCLUDED_ */ diff -r a39bc74873fa -r 895cea03ac21 src/http/v2/ngx_http_v2_filter_module.c --- a/src/http/v2/ngx_http_v2_filter_module.c Mon Jun 19 14:25:42 2017 +0300 +++ b/src/http/v2/ngx_http_v2_filter_module.c Thu Jun 22 14:41:09 2017 -0700 @@ -25,11 +25,6 @@ #define ngx_http_v2_indexed(i) (128 + (i)) #define ngx_http_v2_inc_indexed(i) (64 + (i)) -#define ngx_http_v2_write_name(dst, src, len, tmp) \ - ngx_http_v2_string_encode(dst, src, len, tmp, 1) -#define ngx_http_v2_write_value(dst, src, len, tmp) \ - ngx_http_v2_string_encode(dst, src, len, tmp, 0) - #define NGX_HTTP_V2_ENCODE_RAW 0 #define NGX_HTTP_V2_ENCODE_HUFF 0x80 @@ -53,10 +48,6 @@ #define NGX_HTTP_V2_NO_TRAILERS (ngx_http_v2_out_frame_t *) -1 -static u_char *ngx_http_v2_string_encode(u_char *dst, u_char *src, size_t len, - u_char *tmp, ngx_uint_t lower); -static u_char *ngx_http_v2_write_int(u_char *pos, ngx_uint_t prefix, - ngx_uint_t value); static ngx_http_v2_out_frame_t *ngx_http_v2_create_headers_frame( ngx_http_request_t *r, u_char *pos, u_char *end, ngx_uint_t fin); static ngx_http_v2_out_frame_t *ngx_http_v2_create_trailers_frame( @@ -142,6 +133,7 @@ ngx_http_core_loc_conf_t *clcf; ngx_http_core_srv_conf_t *cscf; u_char addr[NGX_SOCKADDR_STRLEN]; + ngx_http_v2_connection_t *h2c; static const u_char nginx[5] = "\x84\xaa\x63\x55\xe7"; #if (NGX_HTTP_GZIP) @@ -150,11 +142,9 @@ #endif static size_t nginx_ver_len = ngx_http_v2_literal_size(NGINX_VER); - static u_char nginx_ver[ngx_http_v2_literal_size(NGINX_VER)]; static size_t nginx_ver_build_len = ngx_http_v2_literal_size(NGINX_VER_BUILD); - static u_char nginx_ver_build[ngx_http_v2_literal_size(NGINX_VER_BUILD)]; if (!r->stream) { return ngx_http_next_header_filter(r); @@ -415,7 +405,7 @@ } tmp = ngx_palloc(r->pool, tmp_len); - pos = ngx_pnalloc(r->pool, len); + pos = ngx_pnalloc(r->pool, len + 15 + 1); if (pos == NULL || tmp == NULL) { return NGX_ERROR; @@ -423,6 +413,18 @@ start = pos; + h2c = r->stream->connection; + + if (h2c->indicate_resize) { + *pos = 32; + pos = ngx_http_v2_write_int(pos, ngx_http_v2_prefix(5), + h2c->max_hpack_table_size); + h2c->indicate_resize = 0; +#if (NGX_HTTP_V2_HPACK_ENC) + ngx_http_v2_table_resize(h2c); +#endif + } + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, fc->log, 0, "http2 output header: \":status: %03ui\"", r->headers_out.status); @@ -431,67 +433,28 @@ *pos++ = status; } else { - *pos++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_STATUS_INDEX); - *pos++ = NGX_HTTP_V2_ENCODE_RAW | 3; - pos = ngx_sprintf(pos, "%03ui", r->headers_out.status); + ngx_sprintf(pos + 8, "%O3ui", r->headers_out.status); + pos = ngx_http_v2_write_header(h2c, pos, (u_char *)":status", + sizeof(":status") - 1, pos + 8, 3, tmp); } if (r->headers_out.server == NULL) { - if (clcf->server_tokens == NGX_HTTP_SERVER_TOKENS_ON) { - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, fc->log, 0, - "http2 output header: \"server: %s\"", - NGINX_VER); + pos = ngx_http_v2_write_header_str("server", NGINX_VER); } else if (clcf->server_tokens == NGX_HTTP_SERVER_TOKENS_BUILD) { - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, fc->log, 0, - "http2 output header: \"server: %s\"", - NGINX_VER_BUILD); + pos = ngx_http_v2_write_header_str("server", NGINX_VER_BUILD); } else { - ngx_log_debug0(NGX_LOG_DEBUG_HTTP, fc->log, 0, - "http2 output header: \"server: nginx\""); - } - - *pos++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_SERVER_INDEX); - - if (clcf->server_tokens == NGX_HTTP_SERVER_TOKENS_ON) { - if (nginx_ver[0] == '\0') { - p = ngx_http_v2_write_value(nginx_ver, (u_char *) NGINX_VER, - sizeof(NGINX_VER) - 1, tmp); - nginx_ver_len = p - nginx_ver; - } - - pos = ngx_cpymem(pos, nginx_ver, nginx_ver_len); - - } else if (clcf->server_tokens == NGX_HTTP_SERVER_TOKENS_BUILD) { - if (nginx_ver_build[0] == '\0') { - p = ngx_http_v2_write_value(nginx_ver_build, - (u_char *) NGINX_VER_BUILD, - sizeof(NGINX_VER_BUILD) - 1, tmp); - nginx_ver_build_len = p - nginx_ver_build; - } - - pos = ngx_cpymem(pos, nginx_ver_build, nginx_ver_build_len); - - } else { - pos = ngx_cpymem(pos, nginx, sizeof(nginx)); + pos = ngx_http_v2_write_header_str("server", "nginx"); } } if (r->headers_out.date == NULL) { - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, fc->log, 0, - "http2 output header: \"date: %V\"", - &ngx_cached_http_time); - - *pos++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_DATE_INDEX); - pos = ngx_http_v2_write_value(pos, ngx_cached_http_time.data, - ngx_cached_http_time.len, tmp); + pos = ngx_http_v2_write_header_tbl("date", ngx_cached_http_time); } if (r->headers_out.content_type.len) { - *pos++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_CONTENT_TYPE_INDEX); - if (r->headers_out.content_type_len == r->headers_out.content_type.len && r->headers_out.charset.len) { @@ -517,64 +480,36 @@ r->headers_out.content_type.data = p - len; } - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, fc->log, 0, - "http2 output header: \"content-type: %V\"", - &r->headers_out.content_type); - - pos = ngx_http_v2_write_value(pos, r->headers_out.content_type.data, - r->headers_out.content_type.len, tmp); + pos = ngx_http_v2_write_header_tbl("content-type", + r->headers_out.content_type); } if (r->headers_out.content_length == NULL && r->headers_out.content_length_n >= 0) { - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, fc->log, 0, - "http2 output header: \"content-length: %O\"", - r->headers_out.content_length_n); - - *pos++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_CONTENT_LENGTH_INDEX); - - p = pos; - pos = ngx_sprintf(pos + 1, "%O", r->headers_out.content_length_n); - *p = NGX_HTTP_V2_ENCODE_RAW | (u_char) (pos - p - 1); + p = ngx_sprintf(pos + 15, "%O", r->headers_out.content_length_n); + pos = ngx_http_v2_write_header(h2c, pos, (u_char *)"content-length", + sizeof("content-length") - 1, pos + 15, + p - (pos + 15), tmp); } if (r->headers_out.last_modified == NULL && r->headers_out.last_modified_time != -1) { - *pos++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_LAST_MODIFIED_INDEX); - - ngx_http_time(pos, r->headers_out.last_modified_time); + ngx_http_time(pos + 14, r->headers_out.last_modified_time); len = sizeof("Wed, 31 Dec 1986 18:00:00 GMT") - 1; - - ngx_log_debug2(NGX_LOG_DEBUG_HTTP, fc->log, 0, - "http2 output header: \"last-modified: %*s\"", - len, pos); - - /* - * Date will always be encoded using huffman in the temporary buffer, - * so it's safe here to use src and dst pointing to the same address. - */ - pos = ngx_http_v2_write_value(pos, pos, len, tmp); + pos = ngx_http_v2_write_header(h2c, pos, (u_char *)"last-modified", + sizeof("last-modified") - 1, pos + 14, + len, tmp); } if (r->headers_out.location && r->headers_out.location->value.len) { - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, fc->log, 0, - "http2 output header: \"location: %V\"", - &r->headers_out.location->value); - - *pos++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_LOCATION_INDEX); - pos = ngx_http_v2_write_value(pos, r->headers_out.location->value.data, - r->headers_out.location->value.len, tmp); + pos = ngx_http_v2_write_header_tbl("location", r->headers_out.location->value); } #if (NGX_HTTP_GZIP) if (r->gzip_vary) { - ngx_log_debug0(NGX_LOG_DEBUG_HTTP, fc->log, 0, - "http2 output header: \"vary: Accept-Encoding\""); - - *pos++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_VARY_INDEX); - pos = ngx_cpymem(pos, accept_encoding, sizeof(accept_encoding)); + pos = ngx_http_v2_write_header_str("vary", "Accept-Encoding"); } #endif @@ -597,23 +532,9 @@ continue; } -#if (NGX_DEBUG) - if (fc->log->log_level & NGX_LOG_DEBUG_HTTP) { - ngx_strlow(tmp, header[i].key.data, header[i].key.len); - - ngx_log_debug3(NGX_LOG_DEBUG_HTTP, fc->log, 0, - "http2 output header: \"%*s: %V\"", - header[i].key.len, tmp, &header[i].value); - } -#endif - - *pos++ = 0; - - pos = ngx_http_v2_write_name(pos, header[i].key.data, - header[i].key.len, tmp); - - pos = ngx_http_v2_write_value(pos, header[i].value.data, - header[i].value.len, tmp); + pos = ngx_http_v2_write_header(h2c, pos, header[i].key.data, + header[i].key.len, header[i].value.data, + header[i].value.len, tmp); } frame = ngx_http_v2_create_headers_frame(r, start, pos, r->header_only); @@ -643,11 +564,12 @@ static ngx_http_v2_out_frame_t * ngx_http_v2_create_trailers_frame(ngx_http_request_t *r) { - u_char *pos, *start, *tmp; - size_t len, tmp_len; - ngx_uint_t i; - ngx_list_part_t *part; - ngx_table_elt_t *header; + u_char *pos, *start, *tmp; + size_t len, tmp_len; + ngx_uint_t i; + ngx_list_part_t *part; + ngx_table_elt_t *header; + ngx_http_v2_connection_t *h2c; len = 0; tmp_len = 0; @@ -713,6 +635,8 @@ part = &r->headers_out.trailers.part; header = part->elts; + h2c = r->stream->connection; + for (i = 0; /* void */; i++) { if (i >= part->nelts) { @@ -739,20 +663,16 @@ } #endif - *pos++ = 0; - - pos = ngx_http_v2_write_name(pos, header[i].key.data, - header[i].key.len, tmp); - - pos = ngx_http_v2_write_value(pos, header[i].value.data, - header[i].value.len, tmp); + pos = ngx_http_v2_write_header(h2c, pos, header[i].key.data, + header[i].key.len, header[i].value.data, + header[i].value.len, tmp); } return ngx_http_v2_create_headers_frame(r, start, pos, 1); } -static u_char * +u_char * ngx_http_v2_string_encode(u_char *dst, u_char *src, size_t len, u_char *tmp, ngx_uint_t lower) { @@ -778,7 +698,7 @@ } -static u_char * +u_char * ngx_http_v2_write_int(u_char *pos, ngx_uint_t prefix, ngx_uint_t value) { if (value < prefix) { diff -r a39bc74873fa -r 895cea03ac21 src/http/v2/ngx_http_v2_table.c --- a/src/http/v2/ngx_http_v2_table.c Mon Jun 19 14:25:42 2017 +0300 +++ b/src/http/v2/ngx_http_v2_table.c Thu Jun 22 14:41:09 2017 -0700 @@ -347,3 +347,434 @@ return NGX_OK; } + + +#if (NGX_HTTP_V2_HPACK_ENC) + +static ngx_int_t +hpack_get_static_index(ngx_http_v2_connection_t *h2c, u_char *val, size_t len); + +static ngx_int_t +hpack_get_dynamic_index(ngx_http_v2_connection_t *h2c, uint64_t key_hash, + uint8_t *key, size_t key_len); + + +void +ngx_http_v2_table_resize(ngx_http_v2_connection_t *h2c) +{ + ngx_http_v2_hpack_enc_entry_t *table; + uint64_t idx; + + table = h2c->hpack_enc.htable; + + while (h2c->hpack_enc.size > h2c->max_hpack_table_size) { + idx = h2c->hpack_enc.base; + h2c->hpack_enc.base = table[idx].next; + h2c->hpack_enc.size -= table[idx].size; + table[idx].hash_val = 0; + h2c->hpack_enc.n_elems--; + } +} + + +/* checks if a header is in the hpack table - if so returns the table entry, + otherwise encodes and inserts into the table and returns 0, + if failed to insert into table, returns -1 */ +static ngx_int_t +ngx_http_v2_table_encode_strings(ngx_http_v2_connection_t *h2c, + size_t key_len, size_t val_len, uint8_t *key, uint8_t *val, + ngx_int_t *header_idx) +{ + uint64_t hash_val, key_hash, idx, lru; + int i; + size_t size = key_len + val_len + 32; + uint8_t *storage = h2c->hpack_enc.storage; + + ngx_http_v2_hpack_enc_entry_t *table; + ngx_http_v2_hpack_name_entry_t *name; + + *header_idx = NGX_ERROR; + /* step 1: compute the hash value of header */ + if (size > HPACK_ENC_MAX_ENTRY || size > h2c->max_hpack_table_size) { + return NGX_ERROR; + } + + key_hash = ngx_murmur_hash2_64(key, key_len, 0x01234); + hash_val = ngx_murmur_hash2_64(val, val_len, key_hash); + + if (hash_val == 0) { + return NGX_ERROR; + } + + /* step 2: check if full header in the table */ + idx = hash_val; + i = -1; + while (idx) { + /* at most 8 locations are checked, but most will be done in 1 or 2 */ + table = &h2c->hpack_enc.htable[idx % HPACK_ENC_HTABLE_SZ]; + if (table->hash_val == hash_val + && table->klen == key_len + && table->vlen == val_len + && ngx_memcmp(key, storage + table->pos, key_len) == 0 + && ngx_memcmp(val, storage + table->pos + key_len, val_len) == 0) + { + return (h2c->hpack_enc.top - table->index) + 61; + } + + if (table->hash_val == 0 && i == -1) { + i = idx % HPACK_ENC_HTABLE_SZ; + break; + } + + idx >>= 8; + } + + /* step 3: check if key is in one of the tables */ + *header_idx = hpack_get_static_index(h2c, key, key_len); + + if (i == -1) { + return NGX_ERROR; + } + + if (*header_idx == NGX_ERROR) { + *header_idx = hpack_get_dynamic_index(h2c, key_hash, key, key_len); + } + + /* step 4: store the new entry */ + table = h2c->hpack_enc.htable; + + if (h2c->hpack_enc.top == 0xffffffff) { + /* just to be on the safe side, avoid overflow */ + ngx_memset(&h2c->hpack_enc, 0, sizeof(ngx_http_v2_hpack_enc_t)); + } + + while ((h2c->hpack_enc.size + size > h2c->max_hpack_table_size) + || h2c->hpack_enc.n_elems == HPACK_ENC_HTABLE_ENTRIES) { + /* make space for the new entry first */ + idx = h2c->hpack_enc.base; + h2c->hpack_enc.base = table[idx].next; + h2c->hpack_enc.size -= table[idx].size; + table[idx].hash_val = 0; + h2c->hpack_enc.n_elems--; + } + + table[i] = (ngx_http_v2_hpack_enc_entry_t){.hash_val = hash_val, + .index = h2c->hpack_enc.top, + .pos = h2c->hpack_enc.pos, + .klen = key_len, + .vlen = val_len, + .size = size, + .next = 0}; + + table[h2c->hpack_enc.last].next = i; + if (h2c->hpack_enc.n_elems == 0) { + h2c->hpack_enc.base = i; + } + + h2c->hpack_enc.last = i; + h2c->hpack_enc.top++; + h2c->hpack_enc.size += size; + h2c->hpack_enc.n_elems++; + + /* update header name lookup */ + if (*header_idx == NGX_ERROR ) { + lru = h2c->hpack_enc.top; + + for (i=0; i<HPACK_ENC_DYNAMIC_KEY_TBL_SZ; i++) { + + name = &h2c->hpack_enc.heads[i]; + + if ( name->hash_val == 0 || (name->hash_val == key_hash + && ngx_memcmp(storage + name->pos, key, key_len) == 0) ) + { + name->hash_val = key_hash; + name->pos = h2c->hpack_enc.pos; + name->index = h2c->hpack_enc.top - 1; + break; + } + + if (lru > name->index) { + lru = name->index; + idx = i; + } + } + + if (i == HPACK_ENC_DYNAMIC_KEY_TBL_SZ) { + name = &h2c->hpack_enc.heads[idx]; + name->hash_val = hash_val; + name->pos = h2c->hpack_enc.pos; + name->index = h2c->hpack_enc.top - 1; + } + } + + ngx_memcpy(storage + h2c->hpack_enc.pos, key, key_len); + ngx_memcpy(storage + h2c->hpack_enc.pos + key_len, val, val_len); + + h2c->hpack_enc.pos += size; + if (h2c->hpack_enc.pos > NGX_HTTP_V2_MAX_HPACK_TABLE_SIZE) { + h2c->hpack_enc.pos = 0; + } + + return NGX_OK; +} + + +u_char * +ngx_http_v2_write_header(ngx_http_v2_connection_t *h2c, u_char *pos, + u_char *key, size_t key_len, + u_char *value, size_t value_len, + u_char *tmp) +{ + ngx_int_t idx, header_idx; + + ngx_log_debug4(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, + "http2 output header: %*s: %*s", key_len, key, value_len, + value); + + /* attempt to find the value in the dynamic table */ + idx = ngx_http_v2_table_encode_strings(h2c, key_len, value_len, key, value, + &header_idx); + + if (idx > 0) { + /* positive index indicates success */ + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, + "http2 hpack encode: Indexed Header Field: %ud", idx); + + *pos = 128; + pos = ngx_http_v2_write_int(pos, ngx_http_v2_prefix(7), idx); + + } else { + + if (header_idx == NGX_ERROR) { /* if key is not present */ + + if (idx == NGX_ERROR) { /* if header was not added */ + *pos++ = 0; + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, + "http2 hpack encode: Literal Header Field without" + " Indexing — New Name"); + } else { /* if header was added */ + *pos++ = 64; + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, + "http2 hpack encode: Literal Header Field with " + "Incremental Indexing — New Name"); + } + + pos = ngx_http_v2_write_name(pos, key, key_len, tmp); + + } else { /* if key is present */ + + if (idx == NGX_ERROR) { + *pos = 0; + pos = ngx_http_v2_write_int(pos, ngx_http_v2_prefix(4), header_idx); + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, + "http2 hpack encode: Literal Header Field without" + " Indexing — Indexed Name: %ud", header_idx); + } else { + *pos = 64; + pos = ngx_http_v2_write_int(pos, ngx_http_v2_prefix(6), header_idx); + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, + "http2 hpack encode: Literal Header Field with " + "Incremental Indexing — Indexed Name: %ud", header_idx); + } + } + + pos = ngx_http_v2_write_value(pos, value, value_len, tmp); + } + + return pos; +} + + +static ngx_int_t +hpack_get_dynamic_index(ngx_http_v2_connection_t *h2c, uint64_t key_hash, + uint8_t *key, size_t key_len) +{ + ngx_http_v2_hpack_name_entry_t *name; + int i; + + for (i=0; i<HPACK_ENC_DYNAMIC_KEY_TBL_SZ; i++) { + name = &h2c->hpack_enc.heads[i]; + + if (name->hash_val == key_hash + && ngx_memcmp(h2c->hpack_enc.storage + name->pos, key, key_len) == 0) + { + if (name->index >= h2c->hpack_enc.top - h2c->hpack_enc.n_elems) { + return (h2c->hpack_enc.top - name->index) + 61; + } + break; + } + } + + return NGX_ERROR; +} + + +/* decide if a given header is present in the static dictionary, this could be + done in several ways, but it seems the fastest one is "exhaustive" search */ +static ngx_int_t +hpack_get_static_index(ngx_http_v2_connection_t *h2c, u_char *val, size_t len) +{ + /* the static dictionary of response only headers, + although response headers can be put by origin, + that would be rare */ + static const struct { + u_char len; + const u_char val[28]; + u_char idx; + } server_headers[] = { + { 3, "age", 21},//0 + { 3, "via", 60}, + { 4, "date", 33},//2 + { 4, "etag", 34}, + { 4, "link", 45}, + { 4, "vary", 59}, + { 5, "allow", 22},//6 + { 6, "server", 54},//7 + { 7, "expires", 36},//8 + { 7, "refresh", 52}, + { 8, "location", 46},//10 + {10, "set-cookie", 55},//11 + {11, "retry-after", 53},//12 + {12, "content-type", 31},//13 + {13, "content-range", 30},//14 + {13, "accept-ranges", 18}, + {13, "cache-control", 24}, + {13, "last-modified", 44}, + {14, "content-length", 28},//18 + {16, "content-encoding", 26},//19 + {16, "content-language", 27}, + {16, "content-location", 29}, + {16, "www-authenticate", 61}, + {17, "transfer-encoding", 57},//23 + {18, "proxy-authenticate", 48},//24 + {19, "content-disposition", 25},//25 + {25, "strict-transport-security", 56},//26 + {27, "access-control-allow-origin", 20},//27 + {99, "", 99}, + }, *header; + + /* for a given length, where to start the search + since minimal length is 3, the table has a -3 + offset */ + static const int8_t start_at[] = { + [3-3] = 0, + [4-3] = 2, + [5-3] = 6, + [6-3] = 7, + [7-3] = 8, + [8-3] = 10, + [9-3] = -1, + [10-3] = 11, + [11-3] = 12, + [12-3] = 13, + [13-3] = 14, + [14-3] = 18, + [15-3] = -1, + [16-3] = 19, + [17-3] = 23, + [18-3] = 24, + [19-3] = 25, + [20-3] = -1, + [21-3] = -1, + [22-3] = -1, + [23-3] = -1, + [24-3] = -1, + [25-3] = 26, + [26-3] = -1, + [27-3] = 27, + }; + + uint64_t pref; + size_t save_len = len, i; + int8_t start; + + /* early exit for out of bounds lengths */ + if (len < 3 || len > 27) { + return NGX_ERROR; + } + + start = start_at[len - 3]; + if (start == -1) { + /* exit for non existent lengths */ + return NGX_ERROR; + } + + header = &server_headers[start_at[len - 3]]; + + /* load first 8 bytes of key, for fast comparison */ + if (len < 8) { + pref = 0; + if (len >= 4) { + pref = *(uint32_t *)(val + len - 4) | 0x20202020; + len -= 4; + } + while (len > 0) { /* 3 iterations at most */ + pref = (pref << 8) ^ (val[len - 1] | 0x20); + len--; + } + } else { + pref = *(uint64_t *)val | 0x2020202020202020; + len -= 8; + } + + /* iterate over headers with the right length */ + while (header->len == save_len) { + /* quickly compare the first 8 bytes, most tests will end here */ + if (pref != *(uint64_t *) header->val) { + header++; + continue; + } + + if (len == 0) { + /* len == 0, indicates prefix held the entire key */ + return header->idx; + } + /* for longer keys compare the rest */ + i = 1 + (save_len + 7) % 8; /* align so we can compare in quadwords */ + + while (i + 8 <= save_len) { /* 3 iterations at most */ + if ( *(uint64_t *)&header->val[i] + != (*(uint64_t *) &val[i]| 0x2020202020202020) ) + { + header++; + i = 0; + break; + } + i += 8; + } + + if (i == 0) { + continue; + } + + /* found the corresponding entry in the static dictionary */ + return header->idx; + } + + return NGX_ERROR; +} + +#else + +u_char * +ngx_http_v2_write_header(ngx_http_v2_connection_t *h2c, u_char *pos, + u_char *key, size_t key_len, + u_char *value, size_t value_len, + u_char *tmp) +{ + ngx_log_debug4(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, + "http2 output header: %*s: %*s", key_len, key, value_len, + value); + + *pos++ = 64; + pos = ngx_http_v2_write_name(pos, key, key_len, tmp); + pos = ngx_http_v2_write_value(pos, value, value_len, tmp); + + return pos; +} + +#endif

5 years

Fwd: Patch. Add new directive '2square' for image_filter

by Иван Иванов

Add new directive '2square' to image_filter, which resizes and converts image in square and add white border. It's cood be usefull for convert image for facebook banners. In attach: nginx.patch - patch for main repo (http://hg.nginx.org/nginx), image_filter_2square.t - file with tests for (http://hg.nginx.org/nginx- tests) nginx_org.patch - docs for (http://hg.nginx.org/nginx.org/) -- С уважением, Иванов Иван -- С уважением, Иванов Иван

5 years, 1 month

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

nginx-devel June 2017