Compare commits
10 Commits
quic
...
stable-1.1
Author | SHA1 | Date |
---|---|---|
Maxim Dounin | 883015b3bf | |
Maxim Dounin | f3d80cff65 | |
Ruslan Ermilov | 29303436bf | |
Ruslan Ermilov | 8bcbe0db87 | |
Sergey Kandaurov | dcde2f075b | |
Maxim Dounin | 2baaba10f8 | |
Maxim Dounin | f1d14f5518 | |
Maxim Dounin | 7d5bf85113 | |
Maxim Dounin | d9666f5ff3 | |
Maxim Dounin | 7df8977172 |
389
README
389
README
|
@ -1,389 +0,0 @@
|
|||
Experimental QUIC support for nginx
|
||||
-----------------------------------
|
||||
|
||||
1. Introduction
|
||||
2. Building from sources
|
||||
3. Configuration
|
||||
4. Directives
|
||||
5. Clients
|
||||
6. Troubleshooting
|
||||
7. Contributing
|
||||
8. Links
|
||||
|
||||
1. Introduction
|
||||
|
||||
This is an experimental QUIC [1] / HTTP/3 [2] support for nginx.
|
||||
|
||||
The code is developed in a separate "quic" branch available
|
||||
at https://hg.nginx.org/nginx-quic. Currently it is based
|
||||
on nginx mainline 1.23.x. We merge new nginx releases into
|
||||
this branch regularly.
|
||||
|
||||
The project code base is under the same BSD license as nginx.
|
||||
|
||||
The code is currently at a beta level of quality, however
|
||||
there are several production deployments with it.
|
||||
|
||||
NGINX Development Team is working on improving HTTP/3 support to
|
||||
integrate it into the main NGINX codebase. Thus, expect further
|
||||
updates of this code, including features, changes in behaviour,
|
||||
bug fixes, and refactoring. NGINX Development team will be
|
||||
grateful for any feedback and code submissions.
|
||||
|
||||
Please contact NGINX Development Team via nginx-devel mailing list [3].
|
||||
|
||||
What works now:
|
||||
|
||||
IETF QUIC version 1 is supported. Internet drafts are no longer supported.
|
||||
|
||||
nginx should be able to respond to HTTP/3 requests over QUIC and
|
||||
it should be possible to upload and download big files without errors.
|
||||
|
||||
+ The handshake completes successfully
|
||||
+ One endpoint can update keys and its peer responds correctly
|
||||
+ 0-RTT data is being received and acted on
|
||||
+ Connection is established using TLS Resume Ticket
|
||||
+ A handshake that includes a Retry packet completes successfully
|
||||
+ Stream data is being exchanged and ACK'ed
|
||||
+ An H3 transaction succeeded
|
||||
+ One or both endpoints insert entries into dynamic table and
|
||||
subsequently reference them from header blocks
|
||||
+ Version Negotiation packet is sent to client with unknown version
|
||||
+ Lost packets are detected and retransmitted properly
|
||||
+ Clients may migrate to new address
|
||||
|
||||
2. Building from sources
|
||||
|
||||
The build is configured using the configure command.
|
||||
Refer to http://nginx.org/en/docs/configure.html for details.
|
||||
|
||||
When configuring nginx, it's possible to enable QUIC and HTTP/3
|
||||
using the following new configuration options:
|
||||
|
||||
--with-http_v3_module - enable QUIC and HTTP/3
|
||||
--with-stream_quic_module - enable QUIC in Stream
|
||||
|
||||
A library that provides QUIC support is recommended to build nginx, there
|
||||
are several of those available on the market:
|
||||
+ BoringSSL [4]
|
||||
+ LibreSSL [5]
|
||||
+ QuicTLS [6]
|
||||
|
||||
Alternatively, nginx can be configured with OpenSSL compatibility
|
||||
layer, which emulates BoringSSL QUIC API for OpenSSL. This mode is
|
||||
enabled by default if native QUIC support is not detected.
|
||||
0-RTT is not supported in OpenSSL compatibility mode.
|
||||
|
||||
Clone the NGINX QUIC repository
|
||||
|
||||
$ hg clone -b quic https://hg.nginx.org/nginx-quic
|
||||
$ cd nginx-quic
|
||||
|
||||
Use the following command to configure nginx with BoringSSL [4]
|
||||
|
||||
$ ./auto/configure --with-debug --with-http_v3_module \
|
||||
--with-cc-opt="-I../boringssl/include" \
|
||||
--with-ld-opt="-L../boringssl/build/ssl \
|
||||
-L../boringssl/build/crypto"
|
||||
$ make
|
||||
|
||||
Alternatively, nginx can be configured with QuicTLS [6]
|
||||
|
||||
$ ./auto/configure --with-debug --with-http_v3_module \
|
||||
--with-cc-opt="-I../quictls/build/include" \
|
||||
--with-ld-opt="-L../quictls/build/lib"
|
||||
|
||||
Alternatively, nginx can be configured with a modern version
|
||||
of LibreSSL [7]
|
||||
|
||||
$ ./auto/configure --with-debug --with-http_v3_module \
|
||||
--with-cc-opt="-I../libressl/build/include" \
|
||||
--with-ld-opt="-L../libressl/build/lib"
|
||||
|
||||
3. Configuration
|
||||
|
||||
The HTTP "listen" directive got a new option "quic" which enables
|
||||
QUIC as client transport protocol instead of TCP.
|
||||
|
||||
The Stream "listen" directive got a new option "quic" which enables
|
||||
QUIC as client transport protocol instead of TCP or plain UDP.
|
||||
|
||||
Along with "quic", it's also possible to specify "reuseport"
|
||||
option [8] to make it work properly with multiple workers.
|
||||
|
||||
To enable address validation:
|
||||
|
||||
quic_retry on;
|
||||
|
||||
To enable 0-RTT:
|
||||
|
||||
ssl_early_data on;
|
||||
|
||||
Make sure that TLS 1.3 is configured which is required for QUIC:
|
||||
|
||||
ssl_protocols TLSv1.3;
|
||||
|
||||
To enable GSO (Generic Segmentation Offloading):
|
||||
|
||||
quic_gso on;
|
||||
|
||||
To limit maximum UDP payload size on receive path:
|
||||
|
||||
quic_mtu <size>;
|
||||
|
||||
To set host key for various tokens:
|
||||
|
||||
quic_host_key <filename>;
|
||||
|
||||
|
||||
By default, GSO Linux-specific optimization [10] is disabled.
|
||||
Enable it in case a corresponding network interface is configured to
|
||||
support GSO.
|
||||
|
||||
A number of directives were added that configure HTTP/3:
|
||||
|
||||
http3
|
||||
http3_hq
|
||||
http3_stream_buffer_size
|
||||
http3_max_concurrent_pushes
|
||||
http3_max_concurrent_streams
|
||||
http3_push
|
||||
http3_push_preload
|
||||
|
||||
In http, an additional variable is available: $http3.
|
||||
The value of $http3 is "h3" for HTTP/3 connections,
|
||||
"hq" for hq connections, or an empty string otherwise.
|
||||
|
||||
In stream, an additional variable is available: $quic.
|
||||
The value of $quic is "quic" if QUIC connection is used,
|
||||
or an empty string otherwise.
|
||||
|
||||
Example configuration:
|
||||
|
||||
http {
|
||||
log_format quic '$remote_addr - $remote_user [$time_local] '
|
||||
'"$request" $status $body_bytes_sent '
|
||||
'"$http_referer" "$http_user_agent" "$http3"';
|
||||
|
||||
access_log logs/access.log quic;
|
||||
|
||||
server {
|
||||
# for better compatibility it's recommended
|
||||
# to use the same port for quic and https
|
||||
listen 8443 quic reuseport;
|
||||
listen 8443 ssl;
|
||||
|
||||
ssl_certificate certs/example.com.crt;
|
||||
ssl_certificate_key certs/example.com.key;
|
||||
ssl_protocols TLSv1.3;
|
||||
|
||||
location / {
|
||||
# required for browsers to direct them into quic port
|
||||
add_header Alt-Svc 'h3=":8443"; ma=86400';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
4. Directives
|
||||
|
||||
Syntax: quic_bpf on | off;
|
||||
Default: quic_bpf off;
|
||||
Context: main
|
||||
|
||||
Enables routing of QUIC packets using eBPF.
|
||||
When enabled, this allows to support QUIC connection migration.
|
||||
The directive is only supported on Linux 5.7+.
|
||||
|
||||
|
||||
Syntax: quic_retry on | off;
|
||||
Default: quic_retry off;
|
||||
Context: http | stream, server
|
||||
|
||||
Enables the QUIC Address Validation feature. This includes:
|
||||
- sending a new token in a Retry packet or a NEW_TOKEN frame
|
||||
- validating a token received in the Initial packet
|
||||
|
||||
|
||||
Syntax: quic_gso on | off;
|
||||
Default: quic_gso off;
|
||||
Context: http | stream, server
|
||||
|
||||
Enables sending in optimized batch mode using segmentation offloading.
|
||||
Optimized sending is only supported on Linux featuring UDP_SEGMENT.
|
||||
|
||||
|
||||
Syntax: quic_mtu size;
|
||||
Default: quic_mtu 65527;
|
||||
Context: http | stream, server
|
||||
|
||||
Sets the QUIC max_udp_payload_size transport parameter value.
|
||||
This is the maximum UDP payload that we are willing to receive.
|
||||
|
||||
|
||||
Syntax: quic_host_key file;
|
||||
Default: -
|
||||
Context: http | stream, server
|
||||
|
||||
Specifies a file with the secret key used to encrypt stateless reset and
|
||||
address validation tokens. By default, a randomly generated key is used.
|
||||
|
||||
|
||||
Syntax: quic_active_connection_id_limit number;
|
||||
Default: quic_active_connection_id_limit 2;
|
||||
Context: http | stream, server
|
||||
|
||||
Sets the QUIC active_connection_id_limit transport parameter value.
|
||||
This is the maximum number of connection IDs we are willing to store.
|
||||
|
||||
|
||||
Syntax: quic_timeout time;
|
||||
Default: quic_timeout 60s;
|
||||
Context: stream, server
|
||||
|
||||
Defines a timeout used to negotiate the QUIC idle timeout.
|
||||
In the http module, it is taken from the keepalive_timeout directive.
|
||||
|
||||
|
||||
Syntax: quic_stream_buffer_size size;
|
||||
Default: quic_stream_buffer_size 64k;
|
||||
Context: stream, server
|
||||
|
||||
Syntax: http3_stream_buffer_size size;
|
||||
Default: http3_stream_buffer_size 64k;
|
||||
Context: http, server
|
||||
|
||||
Sets buffer size for reading and writing of the QUIC STREAM payload.
|
||||
The buffer size is used to calculate initial flow control limits
|
||||
in the following QUIC transport parameters:
|
||||
- initial_max_data
|
||||
- initial_max_stream_data_bidi_local
|
||||
- initial_max_stream_data_bidi_remote
|
||||
- initial_max_stream_data_uni
|
||||
|
||||
|
||||
Syntax: http3_max_concurrent_pushes number;
|
||||
Default: http3_max_concurrent_pushes 10;
|
||||
Context: http, server
|
||||
|
||||
Limits the maximum number of concurrent push requests in a connection.
|
||||
|
||||
|
||||
Syntax: http3_max_concurrent_streams number;
|
||||
Default: http3_max_concurrent_streams 128;
|
||||
Context: http, server
|
||||
|
||||
Sets the maximum number of concurrent HTTP/3 streams in a connection.
|
||||
|
||||
|
||||
Syntax: http3_push uri | off;
|
||||
Default: http3_push off;
|
||||
Context: http, server, location
|
||||
|
||||
Pre-emptively sends (pushes) a request to the specified uri along with
|
||||
the response to the original request. Only relative URIs with absolute
|
||||
path will be processed, for example:
|
||||
|
||||
http3_push /static/css/main.css;
|
||||
|
||||
The uri value can contain variables.
|
||||
|
||||
Several http3_push directives can be specified on the same configuration
|
||||
level. The off parameter cancels the effect of the http3_push directives
|
||||
inherited from the previous configuration level.
|
||||
|
||||
|
||||
Syntax: http3_push_preload on | off;
|
||||
Default: http3_push_preload off;
|
||||
Context: http, server, location
|
||||
|
||||
Enables automatic conversion of preload links specified in the “Link”
|
||||
response header fields into push requests.
|
||||
|
||||
|
||||
Syntax: http3 on | off;
|
||||
Default: http3 on;
|
||||
Context: http, server
|
||||
|
||||
Enables HTTP/3 protocol negotiation.
|
||||
|
||||
|
||||
Syntax: http3_hq on | off;
|
||||
Default: http3_hq off;
|
||||
Context: http, server
|
||||
|
||||
Enables HTTP/0.9 protocol negotiation used in QUIC interoperability tests.
|
||||
|
||||
5. Clients
|
||||
|
||||
* Browsers
|
||||
|
||||
Known to work: Firefox 90+ and Chrome 92+ (QUIC version 1)
|
||||
|
||||
Beware of strange issues: sometimes browser may decide to ignore QUIC
|
||||
Cache clearing/restart might help. Always check access.log and
|
||||
error.log to make sure the browser is using HTTP/3 and not TCP https.
|
||||
|
||||
* Console clients
|
||||
|
||||
Known to work: ngtcp2, firefox's neqo and chromium's console clients:
|
||||
|
||||
$ examples/client 127.0.0.1 8443 https://example.com:8443/index.html
|
||||
|
||||
$ ./neqo-client https://127.0.0.1:8443/
|
||||
|
||||
$ chromium-build/out/my_build/quic_client http://example.com:8443
|
||||
|
||||
|
||||
In case everyhing is right, the access log should show something like:
|
||||
|
||||
127.0.0.1 - - [24/Apr/2020:11:27:29 +0300] "GET / HTTP/3" 200 805 "-"
|
||||
"nghttp3/ngtcp2 client" "quic"
|
||||
|
||||
|
||||
6. Troubleshooting
|
||||
|
||||
Here are some tips that may help to identify problems:
|
||||
|
||||
+ Ensure nginx is built with proper SSL library that supports QUIC
|
||||
|
||||
+ Ensure nginx is using the proper SSL library in runtime
|
||||
(`nginx -V` shows what it's using)
|
||||
|
||||
+ Ensure a client is actually sending requests over QUIC
|
||||
(see "Clients" section about browsers and cache)
|
||||
|
||||
We recommend to start with simple console client like ngtcp2
|
||||
to ensure the server is configured properly before trying
|
||||
with real browsers that may be very picky with certificates,
|
||||
for example.
|
||||
|
||||
+ Build nginx with debug support [9] and check the debug log.
|
||||
It should contain all details about connection and why it
|
||||
failed. All related messages contain "quic " prefix and can
|
||||
be easily filtered out.
|
||||
|
||||
+ For a deeper investigation, please enable additional debugging
|
||||
in src/event/quic/ngx_event_quic_connection.h:
|
||||
|
||||
#define NGX_QUIC_DEBUG_PACKETS
|
||||
#define NGX_QUIC_DEBUG_FRAMES
|
||||
#define NGX_QUIC_DEBUG_ALLOC
|
||||
#define NGX_QUIC_DEBUG_CRYPTO
|
||||
|
||||
7. Contributing
|
||||
|
||||
Please refer to
|
||||
http://nginx.org/en/docs/contributing_changes.html
|
||||
|
||||
8. Links
|
||||
|
||||
[1] https://datatracker.ietf.org/doc/html/rfc9000
|
||||
[2] https://datatracker.ietf.org/doc/html/rfc9114
|
||||
[3] https://mailman.nginx.org/mailman/listinfo/nginx-devel
|
||||
[4] https://boringssl.googlesource.com/boringssl/
|
||||
[5] https://www.libressl.org/
|
||||
[6] https://github.com/quictls/openssl
|
||||
[7] https://github.com/libressl-portable/portable/releases/tag/v3.6.0
|
||||
[8] https://nginx.org/en/docs/http/ngx_http_core_module.html#listen
|
||||
[9] https://nginx.org/en/docs/debugging_log.html
|
||||
[10] http://vger.kernel.org/lpc_net2018_talks/willemdebruijn-lpc2018-udpgso-paper-DRAFT-1.pdf
|
|
@ -117,7 +117,7 @@ else
|
|||
. auto/cc/acc
|
||||
;;
|
||||
|
||||
msvc)
|
||||
msvc*)
|
||||
# MSVC++ 6.0 SP2, MSVC++ Toolkit 2003
|
||||
|
||||
. auto/cc/msvc
|
||||
|
|
19
auto/cc/msvc
19
auto/cc/msvc
|
@ -11,8 +11,8 @@
|
|||
# MSVC 2015 (14.0) cl 19.00
|
||||
|
||||
|
||||
NGX_MSVC_VER=`$NGX_WINE $CC 2>&1 | grep 'C/C++.* [0-9][0-9]*\.[0-9]' 2>&1 \
|
||||
| sed -e 's/^.* \([0-9][0-9]*\.[0-9].*\)/\1/'`
|
||||
NGX_MSVC_VER=`$NGX_WINE $CC 2>&1 | grep 'Compiler Version' 2>&1 \
|
||||
| sed -e 's/^.* Version \(.*\)/\1/'`
|
||||
|
||||
echo " + cl version: $NGX_MSVC_VER"
|
||||
|
||||
|
@ -22,21 +22,6 @@ have=NGX_COMPILER value="\"cl $NGX_MSVC_VER\"" . auto/define
|
|||
ngx_msvc_ver=`echo $NGX_MSVC_VER | sed -e 's/^\([0-9]*\).*/\1/'`
|
||||
|
||||
|
||||
# detect x64 builds
|
||||
|
||||
case "$NGX_MSVC_VER" in
|
||||
|
||||
*x64)
|
||||
NGX_MACHINE=amd64
|
||||
;;
|
||||
|
||||
*)
|
||||
NGX_MACHINE=i386
|
||||
;;
|
||||
|
||||
esac
|
||||
|
||||
|
||||
# optimizations
|
||||
|
||||
# maximize speed, equivalent to -Og -Oi -Ot -Oy -Ob2 -Gs -GF -Gy
|
||||
|
|
|
@ -44,7 +44,6 @@ if test -z "$NGX_PLATFORM"; then
|
|||
else
|
||||
echo "building for $NGX_PLATFORM"
|
||||
NGX_SYSTEM=$NGX_PLATFORM
|
||||
NGX_MACHINE=i386
|
||||
fi
|
||||
|
||||
. auto/cc/conf
|
||||
|
@ -88,10 +87,6 @@ have=NGX_PID_PATH value="\"$NGX_PID_PATH\"" . auto/define
|
|||
have=NGX_LOCK_PATH value="\"$NGX_LOCK_PATH\"" . auto/define
|
||||
have=NGX_ERROR_LOG_PATH value="\"$NGX_ERROR_LOG_PATH\"" . auto/define
|
||||
|
||||
if [ ".$NGX_ERROR_LOG_PATH" = "." ]; then
|
||||
have=NGX_ERROR_LOG_STDERR . auto/have
|
||||
fi
|
||||
|
||||
have=NGX_HTTP_LOG_PATH value="\"$NGX_HTTP_LOG_PATH\"" . auto/define
|
||||
have=NGX_HTTP_CLIENT_TEMP_PATH value="\"$NGX_HTTP_CLIENT_TEMP_PATH\""
|
||||
. auto/define
|
||||
|
|
|
@ -48,6 +48,4 @@ default: build
|
|||
|
||||
clean:
|
||||
rm -rf Makefile $NGX_OBJS
|
||||
|
||||
.PHONY: default clean
|
||||
END
|
||||
|
|
|
@ -215,6 +215,4 @@ upgrade:
|
|||
test -f $NGX_PID_PATH.oldbin
|
||||
|
||||
kill -QUIT \`cat $NGX_PID_PATH.oldbin\`
|
||||
|
||||
.PHONY: build install modules upgrade
|
||||
END
|
||||
|
|
|
@ -5,17 +5,12 @@
|
|||
|
||||
if [ $OPENSSL != NONE ]; then
|
||||
|
||||
have=NGX_OPENSSL . auto/have
|
||||
have=NGX_SSL . auto/have
|
||||
|
||||
if [ $USE_OPENSSL_QUIC = YES ]; then
|
||||
have=NGX_QUIC . auto/have
|
||||
have=NGX_QUIC_OPENSSL_COMPAT . auto/have
|
||||
fi
|
||||
|
||||
case "$CC" in
|
||||
|
||||
cl | bcc32)
|
||||
have=NGX_OPENSSL . auto/have
|
||||
have=NGX_SSL . auto/have
|
||||
|
||||
CFLAGS="$CFLAGS -DNO_SYS_TYPES_H"
|
||||
|
||||
CORE_INCS="$CORE_INCS $OPENSSL/openssl/include"
|
||||
|
@ -38,6 +33,9 @@ if [ $OPENSSL != NONE ]; then
|
|||
;;
|
||||
|
||||
*)
|
||||
have=NGX_OPENSSL . auto/have
|
||||
have=NGX_SSL . auto/have
|
||||
|
||||
CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include"
|
||||
CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h"
|
||||
CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a"
|
||||
|
@ -125,35 +123,6 @@ else
|
|||
CORE_INCS="$CORE_INCS $ngx_feature_path"
|
||||
CORE_LIBS="$CORE_LIBS $ngx_feature_libs"
|
||||
OPENSSL=YES
|
||||
|
||||
if [ $USE_OPENSSL_QUIC = YES ]; then
|
||||
|
||||
ngx_feature="OpenSSL QUIC support"
|
||||
ngx_feature_name="NGX_QUIC"
|
||||
ngx_feature_test="SSL_set_quic_method(NULL, NULL)"
|
||||
. auto/feature
|
||||
|
||||
if [ $ngx_found = no ]; then
|
||||
have=NGX_QUIC_OPENSSL_COMPAT . auto/have
|
||||
|
||||
ngx_feature="OpenSSL QUIC compatibility"
|
||||
ngx_feature_test="SSL_CTX_add_custom_ext(NULL, 0, 0,
|
||||
NULL, NULL, NULL, NULL, NULL)"
|
||||
. auto/feature
|
||||
fi
|
||||
|
||||
if [ $ngx_found = no ]; then
|
||||
cat << END
|
||||
|
||||
$0: error: certain modules require OpenSSL QUIC support.
|
||||
You can either do not enable the modules, or install the OpenSSL library with
|
||||
QUIC support into the system, or build the OpenSSL library with QUIC support
|
||||
statically from the source with nginx by using --with-openssl=<path> option.
|
||||
|
||||
END
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
|
|
|
@ -7,24 +7,11 @@ case "$CC" in
|
|||
|
||||
cl)
|
||||
|
||||
case "$NGX_MACHINE" in
|
||||
|
||||
amd64)
|
||||
OPENSSL_TARGET=VC-WIN64A
|
||||
;;
|
||||
|
||||
*)
|
||||
OPENSSL_TARGET=VC-WIN32
|
||||
;;
|
||||
|
||||
esac
|
||||
|
||||
cat << END >> $NGX_MAKEFILE
|
||||
|
||||
$OPENSSL/openssl/include/openssl/ssl.h: $NGX_MAKEFILE
|
||||
\$(MAKE) -f auto/lib/openssl/makefile.msvc \
|
||||
OPENSSL="$OPENSSL" OPENSSL_OPT="$OPENSSL_OPT" \
|
||||
OPENSSL_TARGET="$OPENSSL_TARGET"
|
||||
OPENSSL="$OPENSSL" OPENSSL_OPT="$OPENSSL_OPT"
|
||||
|
||||
END
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
all:
|
||||
cd $(OPENSSL)
|
||||
|
||||
perl Configure $(OPENSSL_TARGET) no-shared no-threads \
|
||||
perl Configure VC-WIN32 no-shared \
|
||||
--prefix="%cd%/openssl" \
|
||||
--openssldir="%cd%/openssl/ssl" \
|
||||
$(OPENSSL_OPT)
|
||||
|
|
|
@ -4,62 +4,87 @@
|
|||
|
||||
|
||||
if [ $PCRE != NONE ]; then
|
||||
CORE_INCS="$CORE_INCS $PCRE"
|
||||
|
||||
if [ -f $PCRE/src/pcre2.h.generic ]; then
|
||||
case "$NGX_CC_NAME" in
|
||||
|
||||
PCRE_LIBRARY=PCRE2
|
||||
|
||||
have=NGX_PCRE . auto/have
|
||||
have=NGX_PCRE2 . auto/have
|
||||
|
||||
if [ "$NGX_PLATFORM" = win32 ]; then
|
||||
have=PCRE2_STATIC . auto/have
|
||||
fi
|
||||
|
||||
CORE_INCS="$CORE_INCS $PCRE/src/"
|
||||
CORE_DEPS="$CORE_DEPS $PCRE/src/pcre2.h"
|
||||
|
||||
case "$NGX_CC_NAME" in
|
||||
|
||||
msvc)
|
||||
LINK_DEPS="$LINK_DEPS $PCRE/src/pcre2-8.lib"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/src/pcre2-8.lib"
|
||||
;;
|
||||
|
||||
*)
|
||||
LINK_DEPS="$LINK_DEPS $PCRE/.libs/libpcre2-8.a"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/.libs/libpcre2-8.a"
|
||||
;;
|
||||
|
||||
esac
|
||||
|
||||
else
|
||||
|
||||
PCRE_LIBRARY=PCRE
|
||||
|
||||
have=NGX_PCRE . auto/have
|
||||
|
||||
if [ "$NGX_PLATFORM" = win32 ]; then
|
||||
msvc | owc | bcc)
|
||||
have=NGX_PCRE . auto/have
|
||||
have=PCRE_STATIC . auto/have
|
||||
fi
|
||||
CORE_DEPS="$CORE_DEPS $PCRE/pcre.h"
|
||||
LINK_DEPS="$LINK_DEPS $PCRE/pcre.lib"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre.lib"
|
||||
;;
|
||||
|
||||
CORE_INCS="$CORE_INCS $PCRE"
|
||||
CORE_DEPS="$CORE_DEPS $PCRE/pcre.h"
|
||||
icc)
|
||||
have=NGX_PCRE . auto/have
|
||||
CORE_DEPS="$CORE_DEPS $PCRE/pcre.h"
|
||||
|
||||
case "$NGX_CC_NAME" in
|
||||
LINK_DEPS="$LINK_DEPS $PCRE/.libs/libpcre.a"
|
||||
|
||||
msvc | owc | bcc)
|
||||
LINK_DEPS="$LINK_DEPS $PCRE/pcre.lib"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre.lib"
|
||||
;;
|
||||
echo $ngx_n "checking for PCRE library ...$ngx_c"
|
||||
|
||||
*)
|
||||
LINK_DEPS="$LINK_DEPS $PCRE/.libs/libpcre.a"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/.libs/libpcre.a"
|
||||
;;
|
||||
if [ -f $PCRE/pcre.h ]; then
|
||||
ngx_pcre_ver=`grep PCRE_MAJOR $PCRE/pcre.h \
|
||||
| sed -e 's/^.*PCRE_MAJOR.* \(.*\)$/\1/'`
|
||||
|
||||
else if [ -f $PCRE/configure.in ]; then
|
||||
ngx_pcre_ver=`grep PCRE_MAJOR= $PCRE/configure.in \
|
||||
| sed -e 's/^.*=\(.*\)$/\1/'`
|
||||
|
||||
else
|
||||
ngx_pcre_ver=`grep pcre_major, $PCRE/configure.ac \
|
||||
| sed -e 's/^.*pcre_major,.*\[\(.*\)\].*$/\1/'`
|
||||
fi
|
||||
fi
|
||||
|
||||
echo " $ngx_pcre_ver major version found"
|
||||
|
||||
# to allow -ipo optimization we link with the *.o but not library
|
||||
|
||||
case "$ngx_pcre_ver" in
|
||||
4|5)
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre.o"
|
||||
;;
|
||||
|
||||
6)
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre_chartables.o"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre_compile.o"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre_exec.o"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre_fullinfo.o"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre_globals.o"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre_tables.o"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre_try_flipped.o"
|
||||
;;
|
||||
|
||||
*)
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre_chartables.o"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre_compile.o"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre_exec.o"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre_fullinfo.o"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre_globals.o"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre_tables.o"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre_try_flipped.o"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/pcre_newline.o"
|
||||
;;
|
||||
|
||||
esac
|
||||
;;
|
||||
|
||||
*)
|
||||
have=NGX_PCRE . auto/have
|
||||
|
||||
if [ "$NGX_PLATFORM" = win32 ]; then
|
||||
have=PCRE_STATIC . auto/have
|
||||
fi
|
||||
|
||||
CORE_DEPS="$CORE_DEPS $PCRE/pcre.h"
|
||||
LINK_DEPS="$LINK_DEPS $PCRE/.libs/libpcre.a"
|
||||
CORE_LIBS="$CORE_LIBS $PCRE/.libs/libpcre.a"
|
||||
;;
|
||||
|
||||
esac
|
||||
|
||||
esac
|
||||
fi
|
||||
|
||||
if [ $PCRE_JIT = YES ]; then
|
||||
have=NGX_HAVE_PCRE_JIT . auto/have
|
||||
|
@ -69,48 +94,8 @@ if [ $PCRE != NONE ]; then
|
|||
else
|
||||
|
||||
if [ "$NGX_PLATFORM" != win32 ]; then
|
||||
|
||||
PCRE=NO
|
||||
fi
|
||||
|
||||
if [ $PCRE = NO -a $PCRE2 != DISABLED ]; then
|
||||
|
||||
ngx_feature="PCRE2 library"
|
||||
ngx_feature_name="NGX_PCRE2"
|
||||
ngx_feature_run=no
|
||||
ngx_feature_incs="#define PCRE2_CODE_UNIT_WIDTH 8
|
||||
#include <pcre2.h>"
|
||||
ngx_feature_path=
|
||||
ngx_feature_libs="-lpcre2-8"
|
||||
ngx_feature_test="pcre2_code *re;
|
||||
re = pcre2_compile(NULL, 0, 0, NULL, NULL, NULL);
|
||||
if (re == NULL) return 1"
|
||||
. auto/feature
|
||||
|
||||
if [ $ngx_found = no ]; then
|
||||
|
||||
# pcre2-config
|
||||
|
||||
ngx_pcre2_prefix=`pcre2-config --prefix 2>/dev/null`
|
||||
|
||||
if [ -n "$ngx_pcre2_prefix" ]; then
|
||||
ngx_feature="PCRE2 library in $ngx_pcre2_prefix"
|
||||
ngx_feature_path=`pcre2-config --cflags \
|
||||
| sed -n -e 's/.*-I *\([^ ][^ ]*\).*/\1/p'`
|
||||
ngx_feature_libs=`pcre2-config --libs8`
|
||||
. auto/feature
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ $ngx_found = yes ]; then
|
||||
have=NGX_PCRE . auto/have
|
||||
CORE_INCS="$CORE_INCS $ngx_feature_path"
|
||||
CORE_LIBS="$CORE_LIBS $ngx_feature_libs"
|
||||
PCRE=YES
|
||||
PCRE_LIBRARY=PCRE2
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ $PCRE = NO ]; then
|
||||
|
||||
ngx_feature="PCRE library"
|
||||
ngx_feature_name="NGX_PCRE"
|
||||
|
@ -186,7 +171,6 @@ else
|
|||
CORE_INCS="$CORE_INCS $ngx_feature_path"
|
||||
CORE_LIBS="$CORE_LIBS $ngx_feature_libs"
|
||||
PCRE=YES
|
||||
PCRE_LIBRARY=PCRE
|
||||
fi
|
||||
|
||||
if [ $PCRE = YES ]; then
|
||||
|
|
|
@ -3,138 +3,36 @@
|
|||
# Copyright (C) Nginx, Inc.
|
||||
|
||||
|
||||
if [ $PCRE_LIBRARY = PCRE2 ]; then
|
||||
case "$NGX_CC_NAME" in
|
||||
|
||||
# PCRE2
|
||||
msvc)
|
||||
ngx_makefile=makefile.msvc
|
||||
ngx_opt="CPU_OPT=\"$CPU_OPT\" LIBC=$LIBC"
|
||||
ngx_pcre="PCRE=\"$PCRE\""
|
||||
;;
|
||||
|
||||
if [ $NGX_CC_NAME = msvc ]; then
|
||||
owc)
|
||||
ngx_makefile=makefile.owc
|
||||
ngx_opt="CPU_OPT=\"$CPU_OPT\""
|
||||
ngx_pcre=`echo PCRE=\"$PCRE\" | sed -e "s/\//$ngx_regex_dirsep/g"`
|
||||
;;
|
||||
|
||||
# With PCRE2, it is not possible to compile all sources.
|
||||
# Since list of source files changes between versions, we
|
||||
# test files which might not be present.
|
||||
bcc)
|
||||
ngx_makefile=makefile.bcc
|
||||
ngx_opt="-DCPU_OPT=\"$CPU_OPT\""
|
||||
ngx_pcre=`echo \-DPCRE=\"$PCRE\" | sed -e "s/\//$ngx_regex_dirsep/g"`
|
||||
;;
|
||||
|
||||
ngx_pcre_srcs="pcre2_auto_possess.c \
|
||||
pcre2_chartables.c \
|
||||
pcre2_compile.c \
|
||||
pcre2_config.c \
|
||||
pcre2_context.c \
|
||||
pcre2_dfa_match.c \
|
||||
pcre2_error.c \
|
||||
pcre2_jit_compile.c \
|
||||
pcre2_maketables.c \
|
||||
pcre2_match.c \
|
||||
pcre2_match_data.c \
|
||||
pcre2_newline.c \
|
||||
pcre2_ord2utf.c \
|
||||
pcre2_pattern_info.c \
|
||||
pcre2_string_utils.c \
|
||||
pcre2_study.c \
|
||||
pcre2_substitute.c \
|
||||
pcre2_substring.c \
|
||||
pcre2_tables.c \
|
||||
pcre2_ucd.c \
|
||||
pcre2_valid_utf.c \
|
||||
pcre2_xclass.c"
|
||||
*)
|
||||
ngx_makefile=
|
||||
;;
|
||||
|
||||
ngx_pcre_test="pcre2_convert.c \
|
||||
pcre2_extuni.c \
|
||||
pcre2_find_bracket.c \
|
||||
pcre2_script_run.c \
|
||||
pcre2_serialize.c"
|
||||
|
||||
for ngx_src in $ngx_pcre_test
|
||||
do
|
||||
if [ -f $PCRE/src/$ngx_src ]; then
|
||||
ngx_pcre_srcs="$ngx_pcre_srcs $ngx_src"
|
||||
fi
|
||||
done
|
||||
|
||||
ngx_pcre_objs=`echo $ngx_pcre_srcs \
|
||||
| sed -e "s#\([^ ]*\.\)c#\1$ngx_objext#g"`
|
||||
|
||||
ngx_pcre_srcs=`echo $ngx_pcre_srcs \
|
||||
| sed -e "s/ *\([^ ][^ ]*\)/$ngx_regex_cont\1/g"`
|
||||
ngx_pcre_objs=`echo $ngx_pcre_objs \
|
||||
| sed -e "s/ *\([^ ][^ ]*\)/$ngx_regex_cont\1/g"`
|
||||
|
||||
cat << END >> $NGX_MAKEFILE
|
||||
|
||||
PCRE_CFLAGS = -O2 -Ob1 -Oi -Gs $LIBC $CPU_OPT
|
||||
PCRE_FLAGS = -DHAVE_CONFIG_H -DPCRE2_STATIC -DPCRE2_CODE_UNIT_WIDTH=8 \\
|
||||
-DHAVE_MEMMOVE
|
||||
|
||||
PCRE_SRCS = $ngx_pcre_srcs
|
||||
PCRE_OBJS = $ngx_pcre_objs
|
||||
|
||||
$PCRE/src/pcre2.h:
|
||||
cd $PCRE/src \\
|
||||
&& copy /y config.h.generic config.h \\
|
||||
&& copy /y pcre2.h.generic pcre2.h \\
|
||||
&& copy /y pcre2_chartables.c.dist pcre2_chartables.c
|
||||
|
||||
$PCRE/src/pcre2-8.lib: $PCRE/src/pcre2.h $NGX_MAKEFILE
|
||||
cd $PCRE/src \\
|
||||
&& cl -nologo -c \$(PCRE_CFLAGS) -I . \$(PCRE_FLAGS) \$(PCRE_SRCS) \\
|
||||
&& link -lib -out:pcre2-8.lib -verbose:lib \$(PCRE_OBJS)
|
||||
|
||||
END
|
||||
|
||||
else
|
||||
|
||||
cat << END >> $NGX_MAKEFILE
|
||||
|
||||
$PCRE/src/pcre2.h: $PCRE/Makefile
|
||||
|
||||
$PCRE/Makefile: $NGX_MAKEFILE
|
||||
cd $PCRE \\
|
||||
&& if [ -f Makefile ]; then \$(MAKE) distclean; fi \\
|
||||
&& CC="\$(CC)" CFLAGS="$PCRE_OPT" \\
|
||||
./configure --disable-shared $PCRE_CONF_OPT
|
||||
|
||||
$PCRE/.libs/libpcre2-8.a: $PCRE/Makefile
|
||||
cd $PCRE \\
|
||||
&& \$(MAKE) libpcre2-8.la
|
||||
|
||||
END
|
||||
|
||||
fi
|
||||
esac
|
||||
|
||||
|
||||
else
|
||||
if [ -n "$ngx_makefile" ]; then
|
||||
|
||||
# PCRE
|
||||
|
||||
case "$NGX_CC_NAME" in
|
||||
|
||||
msvc)
|
||||
ngx_makefile=makefile.msvc
|
||||
ngx_opt="CPU_OPT=\"$CPU_OPT\" LIBC=$LIBC"
|
||||
ngx_pcre="PCRE=\"$PCRE\""
|
||||
;;
|
||||
|
||||
owc)
|
||||
ngx_makefile=makefile.owc
|
||||
ngx_opt="CPU_OPT=\"$CPU_OPT\""
|
||||
ngx_pcre=`echo PCRE=\"$PCRE\" | sed -e "s/\//$ngx_regex_dirsep/g"`
|
||||
;;
|
||||
|
||||
bcc)
|
||||
ngx_makefile=makefile.bcc
|
||||
ngx_opt="-DCPU_OPT=\"$CPU_OPT\""
|
||||
ngx_pcre=`echo \-DPCRE=\"$PCRE\" \
|
||||
| sed -e "s/\//$ngx_regex_dirsep/g"`
|
||||
;;
|
||||
|
||||
*)
|
||||
ngx_makefile=
|
||||
;;
|
||||
|
||||
esac
|
||||
|
||||
|
||||
if [ -n "$ngx_makefile" ]; then
|
||||
|
||||
cat << END >> $NGX_MAKEFILE
|
||||
cat << END >> $NGX_MAKEFILE
|
||||
|
||||
`echo "$PCRE/pcre.lib: $PCRE/pcre.h $NGX_MAKEFILE" \
|
||||
| sed -e "s/\//$ngx_regex_dirsep/g"`
|
||||
|
@ -145,9 +43,9 @@ else
|
|||
|
||||
END
|
||||
|
||||
else
|
||||
else
|
||||
|
||||
cat << END >> $NGX_MAKEFILE
|
||||
cat << END >> $NGX_MAKEFILE
|
||||
|
||||
$PCRE/pcre.h: $PCRE/Makefile
|
||||
|
||||
|
@ -163,6 +61,4 @@ $PCRE/.libs/libpcre.a: $PCRE/Makefile
|
|||
|
||||
END
|
||||
|
||||
fi
|
||||
|
||||
fi
|
||||
|
|
18
auto/make
18
auto/make
|
@ -6,10 +6,9 @@
|
|||
echo "creating $NGX_MAKEFILE"
|
||||
|
||||
mkdir -p $NGX_OBJS/src/core $NGX_OBJS/src/event $NGX_OBJS/src/event/modules \
|
||||
$NGX_OBJS/src/event/quic \
|
||||
$NGX_OBJS/src/os/unix $NGX_OBJS/src/os/win32 \
|
||||
$NGX_OBJS/src/http $NGX_OBJS/src/http/v2 $NGX_OBJS/src/http/v3 \
|
||||
$NGX_OBJS/src/http/modules $NGX_OBJS/src/http/modules/perl \
|
||||
$NGX_OBJS/src/http $NGX_OBJS/src/http/v2 $NGX_OBJS/src/http/modules \
|
||||
$NGX_OBJS/src/http/modules/perl \
|
||||
$NGX_OBJS/src/mail \
|
||||
$NGX_OBJS/src/stream \
|
||||
$NGX_OBJS/src/misc
|
||||
|
@ -314,7 +313,7 @@ $ngx_obj: \$(CORE_DEPS) \$(HTTP_DEPS)$ngx_cont$ngx_src
|
|||
END
|
||||
|
||||
fi
|
||||
done
|
||||
done
|
||||
|
||||
fi
|
||||
|
||||
|
@ -344,7 +343,7 @@ $ngx_obj: \$(CORE_DEPS) \$(MAIL_DEPS)$ngx_cont$ngx_src
|
|||
$ngx_cc$ngx_tab$ngx_objout$ngx_obj$ngx_tab$ngx_src$NGX_AUX
|
||||
|
||||
END
|
||||
done
|
||||
done
|
||||
|
||||
fi
|
||||
|
||||
|
@ -374,7 +373,7 @@ $ngx_obj: \$(CORE_DEPS) \$(STREAM_DEPS)$ngx_cont$ngx_src
|
|||
$ngx_cc$ngx_tab$ngx_objout$ngx_obj$ngx_tab$ngx_src$NGX_AUX
|
||||
|
||||
END
|
||||
done
|
||||
done
|
||||
|
||||
fi
|
||||
|
||||
|
@ -400,7 +399,7 @@ $ngx_obj: \$(CORE_DEPS) $ngx_cont$ngx_src
|
|||
$ngx_cc$ngx_tab$ngx_objout$ngx_obj$ngx_tab$ngx_src$NGX_AUX
|
||||
|
||||
END
|
||||
done
|
||||
done
|
||||
|
||||
fi
|
||||
|
||||
|
@ -432,7 +431,7 @@ $ngx_obj: \$(ADDON_DEPS)$ngx_cont$ngx_src
|
|||
$ngx_cc$ngx_tab$ngx_objout$ngx_obj$ngx_tab$ngx_src$NGX_AUX
|
||||
|
||||
END
|
||||
done
|
||||
done
|
||||
|
||||
fi
|
||||
|
||||
|
@ -503,7 +502,6 @@ fi
|
|||
for ngx_module in $DYNAMIC_MODULES
|
||||
do
|
||||
eval ngx_module_srcs="\$${ngx_module}_SRCS"
|
||||
eval ngx_module_shrd="\$${ngx_module}_SHRD"
|
||||
eval eval ngx_module_libs="\\\"\$${ngx_module}_LIBS\\\""
|
||||
|
||||
eval ngx_module_modules="\$${ngx_module}_MODULES"
|
||||
|
@ -569,7 +567,7 @@ END
|
|||
| sed -e "s/\(.*\.\)c/\1$ngx_objext/"`
|
||||
|
||||
ngx_module_objs=
|
||||
for ngx_src in $ngx_module_srcs $ngx_module_shrd
|
||||
for ngx_src in $ngx_module_srcs
|
||||
do
|
||||
case "$ngx_src" in
|
||||
src/*)
|
||||
|
|
44
auto/module
44
auto/module
|
@ -17,6 +17,7 @@ if [ "$ngx_module_link" = DYNAMIC ]; then
|
|||
done
|
||||
|
||||
DYNAMIC_MODULES="$DYNAMIC_MODULES $ngx_module"
|
||||
eval ${ngx_module}_SRCS=\"$ngx_module_srcs\"
|
||||
|
||||
eval ${ngx_module}_MODULES=\"$ngx_module_name\"
|
||||
|
||||
|
@ -30,30 +31,6 @@ if [ "$ngx_module_link" = DYNAMIC ]; then
|
|||
eval ${ngx_module}_ORDER=\"$ngx_module_order\"
|
||||
fi
|
||||
|
||||
srcs=
|
||||
shrd=
|
||||
for src in $ngx_module_srcs
|
||||
do
|
||||
found=no
|
||||
for old in $DYNAMIC_MODULES_SRCS
|
||||
do
|
||||
if [ $src = $old ]; then
|
||||
found=yes
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
if [ $found = no ]; then
|
||||
srcs="$srcs $src"
|
||||
else
|
||||
shrd="$shrd $src"
|
||||
fi
|
||||
done
|
||||
eval ${ngx_module}_SRCS=\"$srcs\"
|
||||
eval ${ngx_module}_SHRD=\"$shrd\"
|
||||
|
||||
DYNAMIC_MODULES_SRCS="$DYNAMIC_MODULES_SRCS $srcs"
|
||||
|
||||
if test -n "$ngx_module_incs"; then
|
||||
CORE_INCS="$CORE_INCS $ngx_module_incs"
|
||||
fi
|
||||
|
@ -130,24 +107,7 @@ elif [ "$ngx_module_link" = ADDON ]; then
|
|||
eval ${ngx_module_type}_MODULES=\"\$${ngx_module_type}_MODULES \
|
||||
$ngx_module_name\"
|
||||
|
||||
srcs=
|
||||
for src in $ngx_module_srcs
|
||||
do
|
||||
found=no
|
||||
for old in $NGX_ADDON_SRCS
|
||||
do
|
||||
if [ $src = $old ]; then
|
||||
found=yes
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
if [ $found = no ]; then
|
||||
srcs="$srcs $src"
|
||||
fi
|
||||
done
|
||||
|
||||
NGX_ADDON_SRCS="$NGX_ADDON_SRCS $srcs"
|
||||
NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_module_srcs"
|
||||
|
||||
if test -n "$ngx_module_incs"; then
|
||||
eval ${ngx_var}_INCS=\"\$${ngx_var}_INCS $ngx_module_incs\"
|
||||
|
|
147
auto/modules
147
auto/modules
|
@ -102,8 +102,18 @@ if [ $HTTP = YES ]; then
|
|||
fi
|
||||
|
||||
|
||||
if [ $HTTP_V2 = YES -o $HTTP_V3 = YES ]; then
|
||||
HTTP_SRCS="$HTTP_SRCS $HTTP_HUFF_SRCS"
|
||||
if [ $HTTP_SSI = YES ]; then
|
||||
HTTP_POSTPONE=YES
|
||||
fi
|
||||
|
||||
|
||||
if [ $HTTP_SLICE = YES ]; then
|
||||
HTTP_POSTPONE=YES
|
||||
fi
|
||||
|
||||
|
||||
if [ $HTTP_ADDITION = YES ]; then
|
||||
HTTP_POSTPONE=YES
|
||||
fi
|
||||
|
||||
|
||||
|
@ -124,7 +134,6 @@ if [ $HTTP = YES ]; then
|
|||
# ngx_http_header_filter
|
||||
# ngx_http_chunked_filter
|
||||
# ngx_http_v2_filter
|
||||
# ngx_http_v3_filter
|
||||
# ngx_http_range_header_filter
|
||||
# ngx_http_gzip_filter
|
||||
# ngx_http_postpone_filter
|
||||
|
@ -157,7 +166,6 @@ if [ $HTTP = YES ]; then
|
|||
ngx_http_header_filter_module \
|
||||
ngx_http_chunked_filter_module \
|
||||
ngx_http_v2_filter_module \
|
||||
ngx_http_v3_filter_module \
|
||||
ngx_http_range_header_filter_module \
|
||||
ngx_http_gzip_filter_module \
|
||||
ngx_http_postpone_filter_module \
|
||||
|
@ -219,17 +227,6 @@ if [ $HTTP = YES ]; then
|
|||
. auto/module
|
||||
fi
|
||||
|
||||
if [ $HTTP_V3 = YES ]; then
|
||||
ngx_module_name=ngx_http_v3_filter_module
|
||||
ngx_module_incs=
|
||||
ngx_module_deps=
|
||||
ngx_module_srcs=src/http/v3/ngx_http_v3_filter_module.c
|
||||
ngx_module_libs=
|
||||
ngx_module_link=$HTTP_V3
|
||||
|
||||
. auto/module
|
||||
fi
|
||||
|
||||
if :; then
|
||||
ngx_module_name=ngx_http_range_header_filter_module
|
||||
ngx_module_incs=
|
||||
|
@ -255,13 +252,13 @@ if [ $HTTP = YES ]; then
|
|||
. auto/module
|
||||
fi
|
||||
|
||||
if :; then
|
||||
if [ $HTTP_POSTPONE = YES ]; then
|
||||
ngx_module_name=ngx_http_postpone_filter_module
|
||||
ngx_module_incs=
|
||||
ngx_module_deps=
|
||||
ngx_module_srcs=src/http/ngx_http_postpone_filter_module.c
|
||||
ngx_module_libs=
|
||||
ngx_module_link=YES
|
||||
ngx_module_link=$HTTP_POSTPONE
|
||||
|
||||
. auto/module
|
||||
fi
|
||||
|
@ -432,6 +429,8 @@ if [ $HTTP = YES ]; then
|
|||
ngx_module_srcs="src/http/v2/ngx_http_v2.c \
|
||||
src/http/v2/ngx_http_v2_table.c \
|
||||
src/http/v2/ngx_http_v2_encode.c \
|
||||
src/http/v2/ngx_http_v2_huff_decode.c \
|
||||
src/http/v2/ngx_http_v2_huff_encode.c \
|
||||
src/http/v2/ngx_http_v2_module.c"
|
||||
ngx_module_libs=
|
||||
ngx_module_link=$HTTP_V2
|
||||
|
@ -439,33 +438,6 @@ if [ $HTTP = YES ]; then
|
|||
. auto/module
|
||||
fi
|
||||
|
||||
if [ $HTTP_V3 = YES ]; then
|
||||
USE_OPENSSL_QUIC=YES
|
||||
HTTP_SSL=YES
|
||||
|
||||
have=NGX_HTTP_V3 . auto/have
|
||||
have=NGX_HTTP_HEADERS . auto/have
|
||||
|
||||
ngx_module_name=ngx_http_v3_module
|
||||
ngx_module_incs=src/http/v3
|
||||
ngx_module_deps="src/http/v3/ngx_http_v3.h \
|
||||
src/http/v3/ngx_http_v3_encode.h \
|
||||
src/http/v3/ngx_http_v3_parse.h \
|
||||
src/http/v3/ngx_http_v3_table.h \
|
||||
src/http/v3/ngx_http_v3_uni.h"
|
||||
ngx_module_srcs="src/http/v3/ngx_http_v3.c \
|
||||
src/http/v3/ngx_http_v3_encode.c \
|
||||
src/http/v3/ngx_http_v3_parse.c \
|
||||
src/http/v3/ngx_http_v3_table.c \
|
||||
src/http/v3/ngx_http_v3_uni.c \
|
||||
src/http/v3/ngx_http_v3_request.c \
|
||||
src/http/v3/ngx_http_v3_module.c"
|
||||
ngx_module_libs=
|
||||
ngx_module_link=$HTTP_V3
|
||||
|
||||
. auto/module
|
||||
fi
|
||||
|
||||
if :; then
|
||||
ngx_module_name=ngx_http_static_module
|
||||
ngx_module_incs=
|
||||
|
@ -1028,12 +1000,6 @@ if [ $MAIL != NO ]; then
|
|||
ngx_module_srcs=src/mail/ngx_mail_proxy_module.c
|
||||
|
||||
. auto/module
|
||||
|
||||
ngx_module_name=ngx_mail_realip_module
|
||||
ngx_module_deps=
|
||||
ngx_module_srcs=src/mail/ngx_mail_realip_module.c
|
||||
|
||||
. auto/module
|
||||
fi
|
||||
|
||||
|
||||
|
@ -1075,20 +1041,6 @@ if [ $STREAM != NO ]; then
|
|||
|
||||
ngx_module_incs=
|
||||
|
||||
if [ $STREAM_QUIC = YES ]; then
|
||||
USE_OPENSSL_QUIC=YES
|
||||
have=NGX_STREAM_QUIC . auto/have
|
||||
STREAM_SSL=YES
|
||||
|
||||
ngx_module_name=ngx_stream_quic_module
|
||||
ngx_module_deps=src/stream/ngx_stream_quic_module.h
|
||||
ngx_module_srcs=src/stream/ngx_stream_quic_module.c
|
||||
ngx_module_libs=
|
||||
ngx_module_link=$STREAM_QUIC
|
||||
|
||||
. auto/module
|
||||
fi
|
||||
|
||||
if [ $STREAM_SSL = YES ]; then
|
||||
USE_OPENSSL=YES
|
||||
have=NGX_STREAM_SSL . auto/have
|
||||
|
@ -1182,16 +1134,6 @@ if [ $STREAM != NO ]; then
|
|||
. auto/module
|
||||
fi
|
||||
|
||||
if [ $STREAM_SET = YES ]; then
|
||||
ngx_module_name=ngx_stream_set_module
|
||||
ngx_module_deps=
|
||||
ngx_module_srcs=src/stream/ngx_stream_set_module.c
|
||||
ngx_module_libs=
|
||||
ngx_module_link=$STREAM_SET
|
||||
|
||||
. auto/module
|
||||
fi
|
||||
|
||||
if [ $STREAM_UPSTREAM_HASH = YES ]; then
|
||||
ngx_module_name=ngx_stream_upstream_hash_module
|
||||
ngx_module_deps=
|
||||
|
@ -1326,63 +1268,6 @@ if [ $USE_OPENSSL = YES ]; then
|
|||
fi
|
||||
|
||||
|
||||
if [ $USE_OPENSSL_QUIC = YES ]; then
|
||||
ngx_module_type=CORE
|
||||
ngx_module_name=ngx_quic_module
|
||||
ngx_module_incs=
|
||||
ngx_module_deps="src/event/quic/ngx_event_quic.h \
|
||||
src/event/quic/ngx_event_quic_transport.h \
|
||||
src/event/quic/ngx_event_quic_protection.h \
|
||||
src/event/quic/ngx_event_quic_connection.h \
|
||||
src/event/quic/ngx_event_quic_frames.h \
|
||||
src/event/quic/ngx_event_quic_connid.h \
|
||||
src/event/quic/ngx_event_quic_migration.h \
|
||||
src/event/quic/ngx_event_quic_streams.h \
|
||||
src/event/quic/ngx_event_quic_ssl.h \
|
||||
src/event/quic/ngx_event_quic_tokens.h \
|
||||
src/event/quic/ngx_event_quic_ack.h \
|
||||
src/event/quic/ngx_event_quic_output.h \
|
||||
src/event/quic/ngx_event_quic_socket.h \
|
||||
src/event/quic/ngx_event_quic_openssl_compat.h"
|
||||
ngx_module_srcs="src/event/quic/ngx_event_quic.c \
|
||||
src/event/quic/ngx_event_quic_udp.c \
|
||||
src/event/quic/ngx_event_quic_transport.c \
|
||||
src/event/quic/ngx_event_quic_protection.c \
|
||||
src/event/quic/ngx_event_quic_frames.c \
|
||||
src/event/quic/ngx_event_quic_connid.c \
|
||||
src/event/quic/ngx_event_quic_migration.c \
|
||||
src/event/quic/ngx_event_quic_streams.c \
|
||||
src/event/quic/ngx_event_quic_ssl.c \
|
||||
src/event/quic/ngx_event_quic_tokens.c \
|
||||
src/event/quic/ngx_event_quic_ack.c \
|
||||
src/event/quic/ngx_event_quic_output.c \
|
||||
src/event/quic/ngx_event_quic_socket.c \
|
||||
src/event/quic/ngx_event_quic_openssl_compat.c"
|
||||
|
||||
ngx_module_libs=
|
||||
ngx_module_link=YES
|
||||
ngx_module_order=
|
||||
|
||||
. auto/module
|
||||
|
||||
if [ $QUIC_BPF = YES -a $SO_COOKIE_FOUND = YES ]; then
|
||||
ngx_module_type=CORE
|
||||
ngx_module_name=ngx_quic_bpf_module
|
||||
ngx_module_incs=
|
||||
ngx_module_deps=
|
||||
ngx_module_srcs="src/event/quic/ngx_event_quic_bpf.c \
|
||||
src/event/quic/ngx_event_quic_bpf_code.c"
|
||||
ngx_module_libs=
|
||||
ngx_module_link=YES
|
||||
ngx_module_order=
|
||||
|
||||
. auto/module
|
||||
|
||||
have=NGX_QUIC_BPF . auto/have
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
if [ $USE_PCRE = YES ]; then
|
||||
ngx_module_type=CORE
|
||||
ngx_module_name=ngx_regex_module
|
||||
|
|
24
auto/options
24
auto/options
|
@ -45,8 +45,6 @@ USE_THREADS=NO
|
|||
|
||||
NGX_FILE_AIO=NO
|
||||
|
||||
QUIC_BPF=NO
|
||||
|
||||
HTTP=YES
|
||||
|
||||
NGX_HTTP_LOG_PATH=
|
||||
|
@ -61,8 +59,8 @@ HTTP_CHARSET=YES
|
|||
HTTP_GZIP=YES
|
||||
HTTP_SSL=NO
|
||||
HTTP_V2=NO
|
||||
HTTP_V3=NO
|
||||
HTTP_SSI=YES
|
||||
HTTP_POSTPONE=NO
|
||||
HTTP_REALIP=NO
|
||||
HTTP_XSLT=NO
|
||||
HTTP_IMAGE_FILTER=NO
|
||||
|
@ -119,7 +117,6 @@ MAIL_SMTP=YES
|
|||
|
||||
STREAM=NO
|
||||
STREAM_SSL=NO
|
||||
STREAM_QUIC=NO
|
||||
STREAM_REALIP=NO
|
||||
STREAM_LIMIT_CONN=YES
|
||||
STREAM_ACCESS=YES
|
||||
|
@ -128,7 +125,6 @@ STREAM_GEOIP=NO
|
|||
STREAM_MAP=YES
|
||||
STREAM_SPLIT_CLIENTS=YES
|
||||
STREAM_RETURN=YES
|
||||
STREAM_SET=YES
|
||||
STREAM_UPSTREAM_HASH=YES
|
||||
STREAM_UPSTREAM_LEAST_CONN=YES
|
||||
STREAM_UPSTREAM_RANDOM=YES
|
||||
|
@ -136,10 +132,8 @@ STREAM_UPSTREAM_ZONE=YES
|
|||
STREAM_SSL_PREREAD=NO
|
||||
|
||||
DYNAMIC_MODULES=
|
||||
DYNAMIC_MODULES_SRCS=
|
||||
|
||||
NGX_ADDONS=
|
||||
NGX_ADDON_SRCS=
|
||||
NGX_ADDON_DEPS=
|
||||
DYNAMIC_ADDONS=
|
||||
|
||||
|
@ -150,10 +144,8 @@ PCRE=NONE
|
|||
PCRE_OPT=
|
||||
PCRE_CONF_OPT=
|
||||
PCRE_JIT=NO
|
||||
PCRE2=YES
|
||||
|
||||
USE_OPENSSL=NO
|
||||
USE_OPENSSL_QUIC=NO
|
||||
OPENSSL=NONE
|
||||
|
||||
USE_ZLIB=NO
|
||||
|
@ -171,8 +163,6 @@ USE_GEOIP=NO
|
|||
NGX_GOOGLE_PERFTOOLS=NO
|
||||
NGX_CPP_TEST=NO
|
||||
|
||||
SO_COOKIE_FOUND=NO
|
||||
|
||||
NGX_LIBATOMIC=NO
|
||||
|
||||
NGX_CPU_CACHE_LINE=
|
||||
|
@ -218,8 +208,6 @@ do
|
|||
|
||||
--with-file-aio) NGX_FILE_AIO=YES ;;
|
||||
|
||||
--without-quic_bpf_module) QUIC_BPF=NONE ;;
|
||||
|
||||
--with-ipv6)
|
||||
NGX_POST_CONF_MSG="$NGX_POST_CONF_MSG
|
||||
$0: warning: the \"--with-ipv6\" option is deprecated"
|
||||
|
@ -237,7 +225,6 @@ $0: warning: the \"--with-ipv6\" option is deprecated"
|
|||
|
||||
--with-http_ssl_module) HTTP_SSL=YES ;;
|
||||
--with-http_v2_module) HTTP_V2=YES ;;
|
||||
--with-http_v3_module) HTTP_V3=YES ;;
|
||||
--with-http_realip_module) HTTP_REALIP=YES ;;
|
||||
--with-http_addition_module) HTTP_ADDITION=YES ;;
|
||||
--with-http_xslt_module) HTTP_XSLT=YES ;;
|
||||
|
@ -324,7 +311,6 @@ use the \"--with-mail_ssl_module\" option instead"
|
|||
--with-stream) STREAM=YES ;;
|
||||
--with-stream=dynamic) STREAM=DYNAMIC ;;
|
||||
--with-stream_ssl_module) STREAM_SSL=YES ;;
|
||||
--with-stream_quic_module) STREAM_QUIC=YES ;;
|
||||
--with-stream_realip_module) STREAM_REALIP=YES ;;
|
||||
--with-stream_geoip_module) STREAM_GEOIP=YES ;;
|
||||
--with-stream_geoip_module=dynamic)
|
||||
|
@ -339,7 +325,6 @@ use the \"--with-mail_ssl_module\" option instead"
|
|||
--without-stream_split_clients_module)
|
||||
STREAM_SPLIT_CLIENTS=NO ;;
|
||||
--without-stream_return_module) STREAM_RETURN=NO ;;
|
||||
--without-stream_set_module) STREAM_SET=NO ;;
|
||||
--without-stream_upstream_hash_module)
|
||||
STREAM_UPSTREAM_HASH=NO ;;
|
||||
--without-stream_upstream_least_conn_module)
|
||||
|
@ -369,7 +354,6 @@ use the \"--with-mail_ssl_module\" option instead"
|
|||
--with-pcre=*) PCRE="$value" ;;
|
||||
--with-pcre-opt=*) PCRE_OPT="$value" ;;
|
||||
--with-pcre-jit) PCRE_JIT=YES ;;
|
||||
--without-pcre2) PCRE2=DISABLED ;;
|
||||
|
||||
--with-openssl=*) OPENSSL="$value" ;;
|
||||
--with-openssl-opt=*) OPENSSL_OPT="$value" ;;
|
||||
|
@ -454,11 +438,8 @@ cat << END
|
|||
|
||||
--with-file-aio enable file AIO support
|
||||
|
||||
--without-quic_bpf_module disable ngx_quic_bpf_module
|
||||
|
||||
--with-http_ssl_module enable ngx_http_ssl_module
|
||||
--with-http_v2_module enable ngx_http_v2_module
|
||||
--with-http_v3_module enable ngx_http_v3_module
|
||||
--with-http_realip_module enable ngx_http_realip_module
|
||||
--with-http_addition_module enable ngx_http_addition_module
|
||||
--with-http_xslt_module enable ngx_http_xslt_module
|
||||
|
@ -547,7 +528,6 @@ cat << END
|
|||
--with-stream enable TCP/UDP proxy module
|
||||
--with-stream=dynamic enable dynamic TCP/UDP proxy module
|
||||
--with-stream_ssl_module enable ngx_stream_ssl_module
|
||||
--with-stream_quic_module enable ngx_stream_quic_module
|
||||
--with-stream_realip_module enable ngx_stream_realip_module
|
||||
--with-stream_geoip_module enable ngx_stream_geoip_module
|
||||
--with-stream_geoip_module=dynamic enable dynamic ngx_stream_geoip_module
|
||||
|
@ -559,7 +539,6 @@ cat << END
|
|||
--without-stream_split_clients_module
|
||||
disable ngx_stream_split_clients_module
|
||||
--without-stream_return_module disable ngx_stream_return_module
|
||||
--without-stream_set_module disable ngx_stream_set_module
|
||||
--without-stream_upstream_hash_module
|
||||
disable ngx_stream_upstream_hash_module
|
||||
--without-stream_upstream_least_conn_module
|
||||
|
@ -590,7 +569,6 @@ cat << END
|
|||
--with-pcre=DIR set path to PCRE library sources
|
||||
--with-pcre-opt=OPTIONS set additional build options for PCRE
|
||||
--with-pcre-jit build PCRE with JIT compilation support
|
||||
--without-pcre2 do not use PCRE2 library
|
||||
|
||||
--with-zlib=DIR set path to zlib library sources
|
||||
--with-zlib-opt=OPTIONS set additional build options for zlib
|
||||
|
|
|
@ -110,7 +110,7 @@ case "$NGX_MACHINE" in
|
|||
NGX_MACH_CACHE_LINE=64
|
||||
;;
|
||||
|
||||
aarch64 | arm64)
|
||||
aarch64 )
|
||||
have=NGX_ALIGNMENT value=16 . auto/define
|
||||
NGX_MACH_CACHE_LINE=64
|
||||
;;
|
||||
|
|
|
@ -44,10 +44,12 @@ if [ $osreldate -gt 300007 ]; then
|
|||
CORE_SRCS="$CORE_SRCS $FREEBSD_SENDFILE_SRCS"
|
||||
fi
|
||||
|
||||
if [ $osreldate -gt 1100093 ]; then
|
||||
echo " + sendfile()'s SF_NODISKIO found"
|
||||
if [ $NGX_FILE_AIO = YES ]; then
|
||||
if [ $osreldate -gt 502103 ]; then
|
||||
echo " + sendfile()'s SF_NODISKIO found"
|
||||
|
||||
have=NGX_HAVE_SENDFILE_NODISKIO . auto/have
|
||||
have=NGX_HAVE_AIO_SENDFILE . auto/have
|
||||
fi
|
||||
fi
|
||||
|
||||
# POSIX semaphores
|
||||
|
|
|
@ -86,31 +86,6 @@ if [ $ngx_found = yes ]; then
|
|||
ee.data.ptr = NULL;
|
||||
epoll_ctl(efd, EPOLL_CTL_ADD, fd, &ee)"
|
||||
. auto/feature
|
||||
|
||||
|
||||
# eventfd()
|
||||
|
||||
ngx_feature="eventfd()"
|
||||
ngx_feature_name="NGX_HAVE_EVENTFD"
|
||||
ngx_feature_run=no
|
||||
ngx_feature_incs="#include <sys/eventfd.h>"
|
||||
ngx_feature_path=
|
||||
ngx_feature_libs=
|
||||
ngx_feature_test="(void) eventfd(0, 0)"
|
||||
. auto/feature
|
||||
|
||||
if [ $ngx_found = yes ]; then
|
||||
have=NGX_HAVE_SYS_EVENTFD_H . auto/have
|
||||
fi
|
||||
|
||||
|
||||
if [ $ngx_found = no ]; then
|
||||
|
||||
ngx_feature="eventfd() (SYS_eventfd)"
|
||||
ngx_feature_incs="#include <sys/syscall.h>"
|
||||
ngx_feature_test="(void) SYS_eventfd"
|
||||
. auto/feature
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
|
@ -232,63 +207,4 @@ ngx_feature_test="struct crypt_data cd;
|
|||
ngx_include="sys/vfs.h"; . auto/include
|
||||
|
||||
|
||||
# BPF sockhash
|
||||
|
||||
ngx_feature="BPF sockhash"
|
||||
ngx_feature_name="NGX_HAVE_BPF"
|
||||
ngx_feature_run=no
|
||||
ngx_feature_incs="#include <linux/bpf.h>
|
||||
#include <sys/syscall.h>"
|
||||
ngx_feature_path=
|
||||
ngx_feature_libs=
|
||||
ngx_feature_test="union bpf_attr attr = { 0 };
|
||||
|
||||
attr.map_flags = 0;
|
||||
attr.map_type = BPF_MAP_TYPE_SOCKHASH;
|
||||
|
||||
syscall(__NR_bpf, 0, &attr, 0);"
|
||||
. auto/feature
|
||||
|
||||
if [ $ngx_found = yes ]; then
|
||||
CORE_SRCS="$CORE_SRCS src/core/ngx_bpf.c"
|
||||
CORE_DEPS="$CORE_DEPS src/core/ngx_bpf.h"
|
||||
|
||||
if [ $QUIC_BPF != NONE ]; then
|
||||
QUIC_BPF=YES
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
ngx_feature="SO_COOKIE"
|
||||
ngx_feature_name="NGX_HAVE_SO_COOKIE"
|
||||
ngx_feature_run=no
|
||||
ngx_feature_incs="#include <sys/socket.h>
|
||||
$NGX_INCLUDE_INTTYPES_H"
|
||||
ngx_feature_path=
|
||||
ngx_feature_libs=
|
||||
ngx_feature_test="socklen_t optlen = sizeof(uint64_t);
|
||||
uint64_t cookie;
|
||||
getsockopt(0, SOL_SOCKET, SO_COOKIE, &cookie, &optlen)"
|
||||
. auto/feature
|
||||
|
||||
if [ $ngx_found = yes ]; then
|
||||
SO_COOKIE_FOUND=YES
|
||||
fi
|
||||
|
||||
|
||||
# UDP segmentation offloading
|
||||
|
||||
ngx_feature="UDP_SEGMENT"
|
||||
ngx_feature_name="NGX_HAVE_UDP_SEGMENT"
|
||||
ngx_feature_run=no
|
||||
ngx_feature_incs="#include <sys/socket.h>
|
||||
#include <netinet/udp.h>"
|
||||
ngx_feature_path=
|
||||
ngx_feature_libs=
|
||||
ngx_feature_test="socklen_t optlen = sizeof(int);
|
||||
int val;
|
||||
getsockopt(0, SOL_UDP, UDP_SEGMENT, &val, &optlen)"
|
||||
. auto/feature
|
||||
|
||||
|
||||
CC_AUX_FLAGS="$cc_aux_flags -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64"
|
||||
|
|
|
@ -83,14 +83,13 @@ CORE_SRCS="src/core/nginx.c \
|
|||
|
||||
EVENT_MODULES="ngx_events_module ngx_event_core_module"
|
||||
|
||||
EVENT_INCS="src/event src/event/modules src/event/quic"
|
||||
EVENT_INCS="src/event src/event/modules"
|
||||
|
||||
EVENT_DEPS="src/event/ngx_event.h \
|
||||
src/event/ngx_event_timer.h \
|
||||
src/event/ngx_event_posted.h \
|
||||
src/event/ngx_event_connect.h \
|
||||
src/event/ngx_event_pipe.h \
|
||||
src/event/ngx_event_udp.h"
|
||||
src/event/ngx_event_pipe.h"
|
||||
|
||||
EVENT_SRCS="src/event/ngx_event.c \
|
||||
src/event/ngx_event_timer.c \
|
||||
|
@ -256,6 +255,3 @@ NGX_WIN32_RC="src/os/win32/nginx.rc"
|
|||
|
||||
|
||||
HTTP_FILE_CACHE_SRCS=src/http/ngx_http_file_cache.c
|
||||
|
||||
HTTP_HUFF_SRCS="src/http/ngx_http_huff_decode.c
|
||||
src/http/ngx_http_huff_encode.c"
|
||||
|
|
|
@ -16,9 +16,9 @@ if [ $USE_PCRE = DISABLED ]; then
|
|||
|
||||
else
|
||||
case $PCRE in
|
||||
YES) echo " + using system $PCRE_LIBRARY library" ;;
|
||||
YES) echo " + using system PCRE library" ;;
|
||||
NONE) echo " + PCRE library is not used" ;;
|
||||
*) echo " + using $PCRE_LIBRARY library: $PCRE" ;;
|
||||
*) echo " + using PCRE library: $PCRE" ;;
|
||||
esac
|
||||
fi
|
||||
|
||||
|
|
91
auto/unix
91
auto/unix
|
@ -582,6 +582,29 @@ Currently file AIO is supported on FreeBSD 4.3+ and Linux 2.6.22+ only
|
|||
END
|
||||
exit 1
|
||||
fi
|
||||
|
||||
else
|
||||
|
||||
ngx_feature="eventfd()"
|
||||
ngx_feature_name="NGX_HAVE_EVENTFD"
|
||||
ngx_feature_run=no
|
||||
ngx_feature_incs="#include <sys/eventfd.h>"
|
||||
ngx_feature_path=
|
||||
ngx_feature_libs=
|
||||
ngx_feature_test="(void) eventfd(0, 0)"
|
||||
. auto/feature
|
||||
|
||||
if [ $ngx_found = yes ]; then
|
||||
have=NGX_HAVE_SYS_EVENTFD_H . auto/have
|
||||
fi
|
||||
|
||||
if [ $ngx_found = no ]; then
|
||||
|
||||
ngx_feature="eventfd() (SYS_eventfd)"
|
||||
ngx_feature_incs="#include <sys/syscall.h>"
|
||||
ngx_feature_test="(void) SYS_eventfd"
|
||||
. auto/feature
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
|
@ -704,33 +727,17 @@ ngx_feature_test="char buf[1]; struct iovec vec[1]; ssize_t n;
|
|||
. auto/feature
|
||||
|
||||
|
||||
# strerrordesc_np(), introduced in glibc 2.32
|
||||
|
||||
ngx_feature="strerrordesc_np()"
|
||||
ngx_feature_name="NGX_HAVE_STRERRORDESC_NP"
|
||||
ngx_feature_run=no
|
||||
ngx_feature_incs='#include <string.h>'
|
||||
ngx_feature="sys_nerr"
|
||||
ngx_feature_name="NGX_SYS_NERR"
|
||||
ngx_feature_run=value
|
||||
ngx_feature_incs='#include <errno.h>
|
||||
#include <stdio.h>'
|
||||
ngx_feature_path=
|
||||
ngx_feature_libs=
|
||||
ngx_feature_test="char *p; p = strerrordesc_np(0);
|
||||
if (p == NULL) return 1"
|
||||
ngx_feature_test='printf("%d", sys_nerr);'
|
||||
. auto/feature
|
||||
|
||||
|
||||
if [ $ngx_found = no ]; then
|
||||
|
||||
ngx_feature="sys_nerr"
|
||||
ngx_feature_name="NGX_SYS_NERR"
|
||||
ngx_feature_run=value
|
||||
ngx_feature_incs='#include <errno.h>
|
||||
#include <stdio.h>'
|
||||
ngx_feature_path=
|
||||
ngx_feature_libs=
|
||||
ngx_feature_test='printf("%d", sys_nerr);'
|
||||
. auto/feature
|
||||
fi
|
||||
|
||||
|
||||
if [ $ngx_found = no ]; then
|
||||
|
||||
# Cygiwn defines _sys_nerr
|
||||
|
@ -746,6 +753,34 @@ if [ $ngx_found = no ]; then
|
|||
fi
|
||||
|
||||
|
||||
if [ $ngx_found = no ]; then
|
||||
|
||||
# Solaris has no sys_nerr
|
||||
ngx_feature='maximum errno'
|
||||
ngx_feature_name=NGX_SYS_NERR
|
||||
ngx_feature_run=value
|
||||
ngx_feature_incs='#include <errno.h>
|
||||
#include <string.h>
|
||||
#include <stdio.h>'
|
||||
ngx_feature_path=
|
||||
ngx_feature_libs=
|
||||
ngx_feature_test='int n;
|
||||
char *p;
|
||||
for (n = 1; n < 1000; n++) {
|
||||
errno = 0;
|
||||
p = strerror(n);
|
||||
if (errno == EINVAL
|
||||
|| p == NULL
|
||||
|| strncmp(p, "Unknown error", 13) == 0)
|
||||
{
|
||||
break;
|
||||
}
|
||||
}
|
||||
printf("%d", n);'
|
||||
. auto/feature
|
||||
fi
|
||||
|
||||
|
||||
ngx_feature="localtime_r()"
|
||||
ngx_feature_name="NGX_HAVE_LOCALTIME_R"
|
||||
ngx_feature_run=no
|
||||
|
@ -908,18 +943,6 @@ ngx_feature_test="int i = FIONBIO; printf(\"%d\", i)"
|
|||
. auto/feature
|
||||
|
||||
|
||||
ngx_feature="ioctl(FIONREAD)"
|
||||
ngx_feature_name="NGX_HAVE_FIONREAD"
|
||||
ngx_feature_run=no
|
||||
ngx_feature_incs="#include <sys/ioctl.h>
|
||||
#include <stdio.h>
|
||||
$NGX_INCLUDE_SYS_FILIO_H"
|
||||
ngx_feature_path=
|
||||
ngx_feature_libs=
|
||||
ngx_feature_test="int i = FIONREAD; printf(\"%d\", i)"
|
||||
. auto/feature
|
||||
|
||||
|
||||
ngx_feature="struct tm.tm_gmtoff"
|
||||
ngx_feature_name="NGX_HAVE_GMTOFF"
|
||||
ngx_feature_run=no
|
||||
|
|
|
@ -15,7 +15,6 @@ types {
|
|||
text/vnd.wap.wml wml;
|
||||
text/x-component htc;
|
||||
|
||||
image/avif avif;
|
||||
image/png png;
|
||||
image/svg+xml svg svgz;
|
||||
image/tiff tif tiff;
|
||||
|
@ -52,7 +51,6 @@ types {
|
|||
application/vnd.openxmlformats-officedocument.wordprocessingml.document
|
||||
docx;
|
||||
application/vnd.wap.wmlc wmlc;
|
||||
application/wasm wasm;
|
||||
application/x-7z-compressed 7z;
|
||||
application/x-cocoa cco;
|
||||
application/x-java-archive-diff jardiff;
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -3,9 +3,11 @@
|
|||
<head>
|
||||
<title>Error</title>
|
||||
<style>
|
||||
html { color-scheme: light dark; }
|
||||
body { width: 35em; margin: 0 auto;
|
||||
font-family: Tahoma, Verdana, Arial, sans-serif; }
|
||||
body {
|
||||
width: 35em;
|
||||
margin: 0 auto;
|
||||
font-family: Tahoma, Verdana, Arial, sans-serif;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
|
|
|
@ -3,9 +3,11 @@
|
|||
<head>
|
||||
<title>Welcome to nginx!</title>
|
||||
<style>
|
||||
html { color-scheme: light dark; }
|
||||
body { width: 35em; margin: 0 auto;
|
||||
font-family: Tahoma, Verdana, Arial, sans-serif; }
|
||||
body {
|
||||
width: 35em;
|
||||
margin: 0 auto;
|
||||
font-family: Tahoma, Verdana, Arial, sans-serif;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
.\"
|
||||
.\" Copyright (C) 2010, 2019 Sergey A. Osokin
|
||||
.\" Copyright (C) 2010 Sergey A. Osokin
|
||||
.\" Copyright (C) Nginx, Inc.
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
|
@ -25,7 +25,7 @@
|
|||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\"
|
||||
.Dd November 5, 2020
|
||||
.Dd June 16, 2015
|
||||
.Dt NGINX 8
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -35,7 +35,6 @@
|
|||
.Nm
|
||||
.Op Fl ?hqTtVv
|
||||
.Op Fl c Ar file
|
||||
.Op Fl e Ar file
|
||||
.Op Fl g Ar directives
|
||||
.Op Fl p Ar prefix
|
||||
.Op Fl s Ar signal
|
||||
|
@ -43,8 +42,7 @@
|
|||
.Nm
|
||||
(pronounced
|
||||
.Dq engine x )
|
||||
is an HTTP and reverse proxy server, a mail proxy server, and a generic
|
||||
TCP/UDP proxy server.
|
||||
is an HTTP and reverse proxy server, as well as a mail proxy server.
|
||||
It is known for its high performance, stability, rich feature set, simple
|
||||
configuration, and low resource consumption.
|
||||
.Pp
|
||||
|
@ -55,12 +53,6 @@ Print help.
|
|||
.It Fl c Ar file
|
||||
Use an alternative configuration
|
||||
.Ar file .
|
||||
.It Fl e Ar file
|
||||
Use an alternative error log
|
||||
.Ar file .
|
||||
Special value
|
||||
.Cm stderr
|
||||
indicates that the standard error output should be used.
|
||||
.It Fl g Ar directives
|
||||
Set global configuration directives.
|
||||
See
|
||||
|
@ -90,15 +82,15 @@ The following table shows the corresponding system signals:
|
|||
.It Cm reload
|
||||
.Dv SIGHUP
|
||||
.El
|
||||
.It Fl T
|
||||
Same as
|
||||
.Fl t ,
|
||||
but additionally dump configuration files to standard output.
|
||||
.It Fl t
|
||||
Do not run, just test the configuration file.
|
||||
.Nm
|
||||
checks the configuration file syntax and then tries to open files
|
||||
referenced in the configuration file.
|
||||
.It Fl T
|
||||
Same as
|
||||
.Fl t ,
|
||||
but additionally dump configuration files to standard output.
|
||||
.It Fl V
|
||||
Print the
|
||||
.Nm
|
||||
|
@ -205,10 +197,10 @@ Development of
|
|||
started in 2002, with the first public release on October 4, 2004.
|
||||
.Sh AUTHORS
|
||||
.An -nosplit
|
||||
.An Igor Sysoev Aq Mt igor@sysoev.ru .
|
||||
.An Igor Sysoev Aq igor@sysoev.ru .
|
||||
.Pp
|
||||
This manual page was originally written by
|
||||
.An Sergey A. Osokin Aq Mt osa@FreeBSD.org.ru
|
||||
.An Sergey A. Osokin Aq osa@FreeBSD.org.ru
|
||||
as a result of compiling many
|
||||
.Nm
|
||||
documents from all over the world.
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* Copyright (C) 2002-2021 Igor Sysoev
|
||||
* Copyright (C) 2011-2022 Nginx, Inc.
|
||||
* Copyright (C) 2002-2019 Igor Sysoev
|
||||
* Copyright (C) 2011-2019 Nginx, Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -6,15 +6,21 @@ TEMP = tmp
|
|||
|
||||
CC = cl
|
||||
OBJS = objs.msvc8
|
||||
OPENSSL = openssl-1.1.1t
|
||||
ZLIB = zlib-1.2.13
|
||||
PCRE = pcre2-10.39
|
||||
OPENSSL = openssl-1.1.1c
|
||||
ZLIB = zlib-1.2.11
|
||||
PCRE = pcre-8.43
|
||||
|
||||
|
||||
release: export
|
||||
|
||||
mv $(TEMP)/$(NGINX)/auto/configure $(TEMP)/$(NGINX)
|
||||
|
||||
# delete incomplete sources
|
||||
rm $(TEMP)/$(NGINX)/src/event/ngx_event_acceptex.c
|
||||
rm $(TEMP)/$(NGINX)/src/event/ngx_event_connectex.c
|
||||
rm $(TEMP)/$(NGINX)/src/event/modules/ngx_iocp_module.*
|
||||
rm -r $(TEMP)/$(NGINX)/src/os/win32
|
||||
|
||||
mv $(TEMP)/$(NGINX)/docs/text/LICENSE $(TEMP)/$(NGINX)
|
||||
mv $(TEMP)/$(NGINX)/docs/text/README $(TEMP)/$(NGINX)
|
||||
mv $(TEMP)/$(NGINX)/docs/html $(TEMP)/$(NGINX)
|
||||
|
|
|
@ -183,7 +183,6 @@ static ngx_uint_t ngx_show_help;
|
|||
static ngx_uint_t ngx_show_version;
|
||||
static ngx_uint_t ngx_show_configure;
|
||||
static u_char *ngx_prefix;
|
||||
static u_char *ngx_error_log;
|
||||
static u_char *ngx_conf_file;
|
||||
static u_char *ngx_conf_params;
|
||||
static char *ngx_signal;
|
||||
|
@ -231,7 +230,7 @@ main(int argc, char *const *argv)
|
|||
ngx_pid = ngx_getpid();
|
||||
ngx_parent = ngx_getppid();
|
||||
|
||||
log = ngx_log_init(ngx_prefix, ngx_error_log);
|
||||
log = ngx_log_init(ngx_prefix);
|
||||
if (log == NULL) {
|
||||
return 1;
|
||||
}
|
||||
|
@ -394,9 +393,9 @@ ngx_show_version_info(void)
|
|||
|
||||
if (ngx_show_help) {
|
||||
ngx_write_stderr(
|
||||
"Usage: nginx [-?hvVtTq] [-s signal] [-p prefix]" NGX_LINEFEED
|
||||
" [-e filename] [-c filename] [-g directives]"
|
||||
NGX_LINEFEED NGX_LINEFEED
|
||||
"Usage: nginx [-?hvVtTq] [-s signal] [-c filename] "
|
||||
"[-p prefix] [-g directives]" NGX_LINEFEED
|
||||
NGX_LINEFEED
|
||||
"Options:" NGX_LINEFEED
|
||||
" -?,-h : this help" NGX_LINEFEED
|
||||
" -v : show version and exit" NGX_LINEFEED
|
||||
|
@ -414,12 +413,6 @@ ngx_show_version_info(void)
|
|||
NGX_LINEFEED
|
||||
#else
|
||||
" -p prefix : set prefix path (default: NONE)" NGX_LINEFEED
|
||||
#endif
|
||||
" -e filename : set error log file (default: "
|
||||
#ifdef NGX_ERROR_LOG_STDERR
|
||||
"stderr)" NGX_LINEFEED
|
||||
#else
|
||||
NGX_ERROR_LOG_PATH ")" NGX_LINEFEED
|
||||
#endif
|
||||
" -c filename : set configuration file (default: " NGX_CONF_PATH
|
||||
")" NGX_LINEFEED
|
||||
|
@ -499,7 +492,6 @@ ngx_add_inherited_sockets(ngx_cycle_t *cycle)
|
|||
ngx_memzero(ls, sizeof(ngx_listening_t));
|
||||
|
||||
ls->fd = (ngx_socket_t) s;
|
||||
ls->inherited = 1;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -680,9 +672,6 @@ ngx_exec_new_binary(ngx_cycle_t *cycle, char *const *argv)
|
|||
|
||||
ls = cycle->listening.elts;
|
||||
for (i = 0; i < cycle->listening.nelts; i++) {
|
||||
if (ls[i].ignore) {
|
||||
continue;
|
||||
}
|
||||
p = ngx_sprintf(p, "%ud;", ls[i].fd);
|
||||
}
|
||||
|
||||
|
@ -810,24 +799,6 @@ ngx_get_options(int argc, char *const *argv)
|
|||
ngx_log_stderr(0, "option \"-p\" requires directory name");
|
||||
return NGX_ERROR;
|
||||
|
||||
case 'e':
|
||||
if (*p) {
|
||||
ngx_error_log = p;
|
||||
|
||||
} else if (argv[++i]) {
|
||||
ngx_error_log = (u_char *) argv[i];
|
||||
|
||||
} else {
|
||||
ngx_log_stderr(0, "option \"-e\" requires file name");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (ngx_strcmp(ngx_error_log, "stderr") == 0) {
|
||||
ngx_error_log = (u_char *) "";
|
||||
}
|
||||
|
||||
goto next;
|
||||
|
||||
case 'c':
|
||||
if (*p) {
|
||||
ngx_conf_file = p;
|
||||
|
@ -1020,14 +991,6 @@ ngx_process_options(ngx_cycle_t *cycle)
|
|||
}
|
||||
}
|
||||
|
||||
if (ngx_error_log) {
|
||||
cycle->error_log.len = ngx_strlen(ngx_error_log);
|
||||
cycle->error_log.data = ngx_error_log;
|
||||
|
||||
} else {
|
||||
ngx_str_set(&cycle->error_log, NGX_ERROR_LOG_PATH);
|
||||
}
|
||||
|
||||
if (ngx_conf_params) {
|
||||
cycle->conf_param.len = ngx_strlen(ngx_conf_params);
|
||||
cycle->conf_param.data = ngx_conf_params;
|
||||
|
|
|
@ -9,8 +9,8 @@
|
|||
#define _NGINX_H_INCLUDED_
|
||||
|
||||
|
||||
#define nginx_version 1023004
|
||||
#define NGINX_VERSION "1.23.4"
|
||||
#define nginx_version 1016001
|
||||
#define NGINX_VERSION "1.16.1"
|
||||
#define NGINX_VER "nginx/" NGINX_VERSION
|
||||
|
||||
#ifdef NGX_BUILD
|
||||
|
|
|
@ -1,143 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
|
||||
#define NGX_BPF_LOGBUF_SIZE (16 * 1024)
|
||||
|
||||
|
||||
static ngx_inline int
|
||||
ngx_bpf(enum bpf_cmd cmd, union bpf_attr *attr, unsigned int size)
|
||||
{
|
||||
return syscall(__NR_bpf, cmd, attr, size);
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
ngx_bpf_program_link(ngx_bpf_program_t *program, const char *symbol, int fd)
|
||||
{
|
||||
ngx_uint_t i;
|
||||
ngx_bpf_reloc_t *rl;
|
||||
|
||||
rl = program->relocs;
|
||||
|
||||
for (i = 0; i < program->nrelocs; i++) {
|
||||
if (ngx_strcmp(rl[i].name, symbol) == 0) {
|
||||
program->ins[rl[i].offset].src_reg = 1;
|
||||
program->ins[rl[i].offset].imm = fd;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
ngx_bpf_load_program(ngx_log_t *log, ngx_bpf_program_t *program)
|
||||
{
|
||||
int fd;
|
||||
union bpf_attr attr;
|
||||
#if (NGX_DEBUG)
|
||||
char buf[NGX_BPF_LOGBUF_SIZE];
|
||||
#endif
|
||||
|
||||
ngx_memzero(&attr, sizeof(union bpf_attr));
|
||||
|
||||
attr.license = (uintptr_t) program->license;
|
||||
attr.prog_type = program->type;
|
||||
attr.insns = (uintptr_t) program->ins;
|
||||
attr.insn_cnt = program->nins;
|
||||
|
||||
#if (NGX_DEBUG)
|
||||
/* for verifier errors */
|
||||
attr.log_buf = (uintptr_t) buf;
|
||||
attr.log_size = NGX_BPF_LOGBUF_SIZE;
|
||||
attr.log_level = 1;
|
||||
#endif
|
||||
|
||||
fd = ngx_bpf(BPF_PROG_LOAD, &attr, sizeof(attr));
|
||||
if (fd < 0) {
|
||||
ngx_log_error(NGX_LOG_ALERT, log, ngx_errno,
|
||||
"failed to load BPF program");
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_CORE, log, 0,
|
||||
"bpf verifier: %s", buf);
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
||||
return fd;
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
ngx_bpf_map_create(ngx_log_t *log, enum bpf_map_type type, int key_size,
|
||||
int value_size, int max_entries, uint32_t map_flags)
|
||||
{
|
||||
int fd;
|
||||
union bpf_attr attr;
|
||||
|
||||
ngx_memzero(&attr, sizeof(union bpf_attr));
|
||||
|
||||
attr.map_type = type;
|
||||
attr.key_size = key_size;
|
||||
attr.value_size = value_size;
|
||||
attr.max_entries = max_entries;
|
||||
attr.map_flags = map_flags;
|
||||
|
||||
fd = ngx_bpf(BPF_MAP_CREATE, &attr, sizeof(attr));
|
||||
if (fd < 0) {
|
||||
ngx_log_error(NGX_LOG_ALERT, log, ngx_errno,
|
||||
"failed to create BPF map");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
return fd;
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
ngx_bpf_map_update(int fd, const void *key, const void *value, uint64_t flags)
|
||||
{
|
||||
union bpf_attr attr;
|
||||
|
||||
ngx_memzero(&attr, sizeof(union bpf_attr));
|
||||
|
||||
attr.map_fd = fd;
|
||||
attr.key = (uintptr_t) key;
|
||||
attr.value = (uintptr_t) value;
|
||||
attr.flags = flags;
|
||||
|
||||
return ngx_bpf(BPF_MAP_UPDATE_ELEM, &attr, sizeof(attr));
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
ngx_bpf_map_delete(int fd, const void *key)
|
||||
{
|
||||
union bpf_attr attr;
|
||||
|
||||
ngx_memzero(&attr, sizeof(union bpf_attr));
|
||||
|
||||
attr.map_fd = fd;
|
||||
attr.key = (uintptr_t) key;
|
||||
|
||||
return ngx_bpf(BPF_MAP_DELETE_ELEM, &attr, sizeof(attr));
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
ngx_bpf_map_lookup(int fd, const void *key, void *value)
|
||||
{
|
||||
union bpf_attr attr;
|
||||
|
||||
ngx_memzero(&attr, sizeof(union bpf_attr));
|
||||
|
||||
attr.map_fd = fd;
|
||||
attr.key = (uintptr_t) key;
|
||||
attr.value = (uintptr_t) value;
|
||||
|
||||
return ngx_bpf(BPF_MAP_LOOKUP_ELEM, &attr, sizeof(attr));
|
||||
}
|
|
@ -1,43 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _NGX_BPF_H_INCLUDED_
|
||||
#define _NGX_BPF_H_INCLUDED_
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
|
||||
#include <linux/bpf.h>
|
||||
|
||||
|
||||
typedef struct {
|
||||
char *name;
|
||||
int offset;
|
||||
} ngx_bpf_reloc_t;
|
||||
|
||||
typedef struct {
|
||||
char *license;
|
||||
enum bpf_prog_type type;
|
||||
struct bpf_insn *ins;
|
||||
size_t nins;
|
||||
ngx_bpf_reloc_t *relocs;
|
||||
size_t nrelocs;
|
||||
} ngx_bpf_program_t;
|
||||
|
||||
|
||||
void ngx_bpf_program_link(ngx_bpf_program_t *program, const char *symbol,
|
||||
int fd);
|
||||
int ngx_bpf_load_program(ngx_log_t *log, ngx_bpf_program_t *program);
|
||||
|
||||
int ngx_bpf_map_create(ngx_log_t *log, enum bpf_map_type type, int key_size,
|
||||
int value_size, int max_entries, uint32_t map_flags);
|
||||
int ngx_bpf_map_update(int fd, const void *key, const void *value,
|
||||
uint64_t flags);
|
||||
int ngx_bpf_map_delete(int fd, const void *key);
|
||||
int ngx_bpf_map_lookup(int fd, const void *key, void *value);
|
||||
|
||||
#endif /* _NGX_BPF_H_INCLUDED_ */
|
|
@ -203,16 +203,16 @@ ngx_chain_update_chains(ngx_pool_t *p, ngx_chain_t **free, ngx_chain_t **busy,
|
|||
while (*busy) {
|
||||
cl = *busy;
|
||||
|
||||
if (ngx_buf_size(cl->buf) != 0) {
|
||||
break;
|
||||
}
|
||||
|
||||
if (cl->buf->tag != tag) {
|
||||
*busy = cl->next;
|
||||
ngx_free_chain(p, cl);
|
||||
continue;
|
||||
}
|
||||
|
||||
if (ngx_buf_size(cl->buf) != 0) {
|
||||
break;
|
||||
}
|
||||
|
||||
cl->buf->pos = cl->buf->start;
|
||||
cl->buf->last = cl->buf->start;
|
||||
|
||||
|
|
|
@ -90,6 +90,9 @@ struct ngx_output_chain_ctx_s {
|
|||
|
||||
#if (NGX_HAVE_FILE_AIO || NGX_COMPAT)
|
||||
ngx_output_chain_aio_pt aio_handler;
|
||||
#if (NGX_HAVE_AIO_SENDFILE || NGX_COMPAT)
|
||||
ssize_t (*aio_preload)(ngx_buf_t *file);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if (NGX_THREADS || NGX_COMPAT)
|
||||
|
@ -122,20 +125,20 @@ typedef struct {
|
|||
#define NGX_CHAIN_ERROR (ngx_chain_t *) NGX_ERROR
|
||||
|
||||
|
||||
#define ngx_buf_in_memory(b) ((b)->temporary || (b)->memory || (b)->mmap)
|
||||
#define ngx_buf_in_memory_only(b) (ngx_buf_in_memory(b) && !(b)->in_file)
|
||||
#define ngx_buf_in_memory(b) (b->temporary || b->memory || b->mmap)
|
||||
#define ngx_buf_in_memory_only(b) (ngx_buf_in_memory(b) && !b->in_file)
|
||||
|
||||
#define ngx_buf_special(b) \
|
||||
(((b)->flush || (b)->last_buf || (b)->sync) \
|
||||
&& !ngx_buf_in_memory(b) && !(b)->in_file)
|
||||
((b->flush || b->last_buf || b->sync) \
|
||||
&& !ngx_buf_in_memory(b) && !b->in_file)
|
||||
|
||||
#define ngx_buf_sync_only(b) \
|
||||
((b)->sync && !ngx_buf_in_memory(b) \
|
||||
&& !(b)->in_file && !(b)->flush && !(b)->last_buf)
|
||||
(b->sync \
|
||||
&& !ngx_buf_in_memory(b) && !b->in_file && !b->flush && !b->last_buf)
|
||||
|
||||
#define ngx_buf_size(b) \
|
||||
(ngx_buf_in_memory(b) ? (off_t) ((b)->last - (b)->pos): \
|
||||
((b)->file_last - (b)->file_pos))
|
||||
(ngx_buf_in_memory(b) ? (off_t) (b->last - b->pos): \
|
||||
(b->file_last - b->file_pos))
|
||||
|
||||
ngx_buf_t *ngx_create_temp_buf(ngx_pool_t *pool, size_t size);
|
||||
ngx_chain_t *ngx_create_chain_of_bufs(ngx_pool_t *pool, ngx_bufs_t *bufs);
|
||||
|
@ -146,8 +149,8 @@ ngx_chain_t *ngx_create_chain_of_bufs(ngx_pool_t *pool, ngx_bufs_t *bufs);
|
|||
|
||||
ngx_chain_t *ngx_alloc_chain_link(ngx_pool_t *pool);
|
||||
#define ngx_free_chain(pool, cl) \
|
||||
(cl)->next = (pool)->chain; \
|
||||
(pool)->chain = (cl)
|
||||
cl->next = pool->chain; \
|
||||
pool->chain = cl
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -544,8 +544,8 @@ ngx_conf_read_token(ngx_conf_t *cf)
|
|||
}
|
||||
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
||||
"unexpected end of file, "
|
||||
"expecting \";\" or \"}\"");
|
||||
"unexpected end of file, "
|
||||
"expecting \";\" or \"}\"");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
|
@ -1137,7 +1137,7 @@ ngx_conf_set_keyval_slot(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
|||
|
||||
a = (ngx_array_t **) (p + cmd->offset);
|
||||
|
||||
if (*a == NGX_CONF_UNSET_PTR || *a == NULL) {
|
||||
if (*a == NULL) {
|
||||
*a = ngx_array_create(cf->pool, 4, sizeof(ngx_keyval_t));
|
||||
if (*a == NULL) {
|
||||
return NGX_CONF_ERROR;
|
||||
|
|
|
@ -49,7 +49,7 @@
|
|||
#define NGX_DIRECT_CONF 0x00010000
|
||||
|
||||
#define NGX_MAIN_CONF 0x01000000
|
||||
#define NGX_ANY_CONF 0xFF000000
|
||||
#define NGX_ANY_CONF 0x1F000000
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -72,6 +72,10 @@ ngx_create_listening(ngx_conf_t *cf, struct sockaddr *sockaddr,
|
|||
|
||||
ngx_memcpy(ls->addr_text.data, text, len);
|
||||
|
||||
#if !(NGX_WIN32)
|
||||
ngx_rbtree_init(&ls->rbtree, &ls->sentinel, ngx_udp_rbtree_insert_value);
|
||||
#endif
|
||||
|
||||
ls->fd = (ngx_socket_t) -1;
|
||||
ls->type = SOCK_STREAM;
|
||||
|
||||
|
@ -491,24 +495,21 @@ ngx_open_listening_sockets(ngx_cycle_t *cycle)
|
|||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (ls[i].type != SOCK_DGRAM || !ngx_test_config) {
|
||||
if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
|
||||
(const void *) &reuseaddr, sizeof(int))
|
||||
== -1)
|
||||
{
|
||||
ngx_log_error(NGX_LOG_EMERG, log, ngx_socket_errno,
|
||||
"setsockopt(SO_REUSEADDR) %V failed",
|
||||
&ls[i].addr_text);
|
||||
|
||||
if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
|
||||
(const void *) &reuseaddr, sizeof(int))
|
||||
== -1)
|
||||
{
|
||||
if (ngx_close_socket(s) == -1) {
|
||||
ngx_log_error(NGX_LOG_EMERG, log, ngx_socket_errno,
|
||||
"setsockopt(SO_REUSEADDR) %V failed",
|
||||
ngx_close_socket_n " %V failed",
|
||||
&ls[i].addr_text);
|
||||
|
||||
if (ngx_close_socket(s) == -1) {
|
||||
ngx_log_error(NGX_LOG_EMERG, log, ngx_socket_errno,
|
||||
ngx_close_socket_n " %V failed",
|
||||
&ls[i].addr_text);
|
||||
}
|
||||
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
#if (NGX_HAVE_REUSEPORT)
|
||||
|
@ -656,7 +657,7 @@ ngx_open_listening_sockets(ngx_cycle_t *cycle)
|
|||
/*
|
||||
* on OpenVZ after suspend/resume EADDRINUSE
|
||||
* may be returned by listen() instead of bind(), see
|
||||
* https://bugs.openvz.org/browse/OVZ-5587
|
||||
* https://bugzilla.openvz.org/show_bug.cgi?id=2470
|
||||
*/
|
||||
|
||||
if (err != NGX_EADDRINUSE || !ngx_test_config) {
|
||||
|
@ -1033,12 +1034,6 @@ ngx_close_listening_sockets(ngx_cycle_t *cycle)
|
|||
ls = cycle->listening.elts;
|
||||
for (i = 0; i < cycle->listening.nelts; i++) {
|
||||
|
||||
#if (NGX_QUIC)
|
||||
if (ls[i].quic) {
|
||||
continue;
|
||||
}
|
||||
#endif
|
||||
|
||||
c = ls[i].connection;
|
||||
|
||||
if (c) {
|
||||
|
@ -1075,8 +1070,7 @@ ngx_close_listening_sockets(ngx_cycle_t *cycle)
|
|||
|
||||
if (ls[i].sockaddr->sa_family == AF_UNIX
|
||||
&& ngx_process <= NGX_PROCESS_MASTER
|
||||
&& ngx_new_binary == 0
|
||||
&& (!ls[i].inherited || ngx_getppid() != ngx_parent))
|
||||
&& ngx_new_binary == 0)
|
||||
{
|
||||
u_char *name = ls[i].addr_text.data + sizeof("unix:") - 1;
|
||||
|
||||
|
@ -1112,10 +1106,13 @@ ngx_get_connection(ngx_socket_t s, ngx_log_t *log)
|
|||
return NULL;
|
||||
}
|
||||
|
||||
ngx_drain_connections((ngx_cycle_t *) ngx_cycle);
|
||||
|
||||
c = ngx_cycle->free_connections;
|
||||
|
||||
if (c == NULL) {
|
||||
ngx_drain_connections((ngx_cycle_t *) ngx_cycle);
|
||||
c = ngx_cycle->free_connections;
|
||||
}
|
||||
|
||||
if (c == NULL) {
|
||||
ngx_log_error(NGX_LOG_ALERT, log, 0,
|
||||
"%ui worker_connections are not enough",
|
||||
|
@ -1300,22 +1297,6 @@ ngx_drain_connections(ngx_cycle_t *cycle)
|
|||
ngx_queue_t *q;
|
||||
ngx_connection_t *c;
|
||||
|
||||
if (cycle->free_connection_n > cycle->connection_n / 16
|
||||
|| cycle->reusable_connections_n == 0)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
if (cycle->connections_reuse_time != ngx_time()) {
|
||||
cycle->connections_reuse_time = ngx_time();
|
||||
|
||||
ngx_log_error(NGX_LOG_WARN, cycle->log, 0,
|
||||
"%ui worker_connections are not enough, "
|
||||
"reusing connections",
|
||||
cycle->connection_n);
|
||||
}
|
||||
|
||||
c = NULL;
|
||||
n = ngx_max(ngx_min(32, cycle->reusable_connections_n / 8), 1);
|
||||
|
||||
for (i = 0; i < n; i++) {
|
||||
|
@ -1332,21 +1313,6 @@ ngx_drain_connections(ngx_cycle_t *cycle)
|
|||
c->close = 1;
|
||||
c->read->handler(c->read);
|
||||
}
|
||||
|
||||
if (cycle->free_connection_n == 0 && c && c->reusable) {
|
||||
|
||||
/*
|
||||
* if no connections were freed, try to reuse the last
|
||||
* connection again: this should free it as long as
|
||||
* previous reuse moved it to lingering close
|
||||
*/
|
||||
|
||||
ngx_log_debug0(NGX_LOG_DEBUG_CORE, c->log, 0,
|
||||
"reusing connection again");
|
||||
|
||||
c->close = 1;
|
||||
c->read->handler(c->read);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -45,6 +45,8 @@ struct ngx_listening_s {
|
|||
size_t pool_size;
|
||||
/* should be here because of the AcceptEx() preread */
|
||||
size_t post_accept_buffer_size;
|
||||
/* should be here because of the deferred accept */
|
||||
ngx_msec_t post_accept_timeout;
|
||||
|
||||
ngx_listening_t *previous;
|
||||
ngx_connection_t *connection;
|
||||
|
@ -73,7 +75,6 @@ struct ngx_listening_s {
|
|||
unsigned reuseport:1;
|
||||
unsigned add_reuseport:1;
|
||||
unsigned keepalive:2;
|
||||
unsigned quic:1;
|
||||
|
||||
unsigned deferred_accept:1;
|
||||
unsigned delete_deferred:1;
|
||||
|
@ -146,11 +147,8 @@ struct ngx_connection_s {
|
|||
socklen_t socklen;
|
||||
ngx_str_t addr_text;
|
||||
|
||||
ngx_proxy_protocol_t *proxy_protocol;
|
||||
|
||||
#if (NGX_QUIC || NGX_COMPAT)
|
||||
ngx_quic_stream_t *quic;
|
||||
#endif
|
||||
ngx_str_t proxy_protocol_addr;
|
||||
in_port_t proxy_protocol_port;
|
||||
|
||||
#if (NGX_SSL || NGX_COMPAT)
|
||||
ngx_ssl_connection_t *ssl;
|
||||
|
@ -167,7 +165,6 @@ struct ngx_connection_s {
|
|||
|
||||
ngx_atomic_uint_t number;
|
||||
|
||||
ngx_msec_t start_time;
|
||||
ngx_uint_t requests;
|
||||
|
||||
unsigned buffered:8;
|
||||
|
@ -177,7 +174,6 @@ struct ngx_connection_s {
|
|||
unsigned timedout:1;
|
||||
unsigned error:1;
|
||||
unsigned destroyed:1;
|
||||
unsigned pipeline:1;
|
||||
|
||||
unsigned idle:1;
|
||||
unsigned reusable:1;
|
||||
|
@ -190,9 +186,8 @@ struct ngx_connection_s {
|
|||
unsigned tcp_nopush:2; /* ngx_connection_tcp_nopush_e */
|
||||
|
||||
unsigned need_last_buf:1;
|
||||
unsigned need_flush_buf:1;
|
||||
|
||||
#if (NGX_HAVE_SENDFILE_NODISKIO || NGX_COMPAT)
|
||||
#if (NGX_HAVE_AIO_SENDFILE || NGX_COMPAT)
|
||||
unsigned busy_count:2;
|
||||
#endif
|
||||
|
||||
|
|
|
@ -26,8 +26,6 @@ typedef struct ngx_event_aio_s ngx_event_aio_t;
|
|||
typedef struct ngx_connection_s ngx_connection_t;
|
||||
typedef struct ngx_thread_task_s ngx_thread_task_t;
|
||||
typedef struct ngx_ssl_s ngx_ssl_t;
|
||||
typedef struct ngx_proxy_protocol_s ngx_proxy_protocol_t;
|
||||
typedef struct ngx_quic_stream_s ngx_quic_stream_t;
|
||||
typedef struct ngx_ssl_connection_s ngx_ssl_connection_t;
|
||||
typedef struct ngx_udp_connection_s ngx_udp_connection_t;
|
||||
|
||||
|
@ -83,9 +81,6 @@ typedef void (*ngx_connection_handler_pt)(ngx_connection_t *c);
|
|||
#include <ngx_resolver.h>
|
||||
#if (NGX_OPENSSL)
|
||||
#include <ngx_event_openssl.h>
|
||||
#if (NGX_QUIC)
|
||||
#include <ngx_event_quic.h>
|
||||
#endif
|
||||
#endif
|
||||
#include <ngx_process_cycle.h>
|
||||
#include <ngx_conf_file.h>
|
||||
|
@ -95,9 +90,6 @@ typedef void (*ngx_connection_handler_pt)(ngx_connection_t *c);
|
|||
#include <ngx_connection.h>
|
||||
#include <ngx_syslog.h>
|
||||
#include <ngx_proxy_protocol.h>
|
||||
#if (NGX_HAVE_BPF)
|
||||
#include <ngx_bpf.h>
|
||||
#endif
|
||||
|
||||
|
||||
#define LF (u_char) '\n'
|
||||
|
|
|
@ -96,15 +96,6 @@ ngx_init_cycle(ngx_cycle_t *old_cycle)
|
|||
return NULL;
|
||||
}
|
||||
|
||||
cycle->error_log.len = old_cycle->error_log.len;
|
||||
cycle->error_log.data = ngx_pnalloc(pool, old_cycle->error_log.len + 1);
|
||||
if (cycle->error_log.data == NULL) {
|
||||
ngx_destroy_pool(pool);
|
||||
return NULL;
|
||||
}
|
||||
ngx_cpystrn(cycle->error_log.data, old_cycle->error_log.data,
|
||||
old_cycle->error_log.len + 1);
|
||||
|
||||
cycle->conf_file.len = old_cycle->conf_file.len;
|
||||
cycle->conf_file.data = ngx_pnalloc(pool, old_cycle->conf_file.len + 1);
|
||||
if (cycle->conf_file.data == NULL) {
|
||||
|
@ -529,7 +520,6 @@ ngx_init_cycle(ngx_cycle_t *old_cycle)
|
|||
== NGX_OK)
|
||||
{
|
||||
nls[n].fd = ls[i].fd;
|
||||
nls[n].inherited = ls[i].inherited;
|
||||
nls[n].previous = &ls[i];
|
||||
ls[i].remain = 1;
|
||||
|
||||
|
@ -1018,7 +1008,6 @@ ngx_int_t
|
|||
ngx_create_pidfile(ngx_str_t *name, ngx_log_t *log)
|
||||
{
|
||||
size_t len;
|
||||
ngx_int_t rc;
|
||||
ngx_uint_t create;
|
||||
ngx_file_t file;
|
||||
u_char pid[NGX_INT64_LEN + 2];
|
||||
|
@ -1043,13 +1032,11 @@ ngx_create_pidfile(ngx_str_t *name, ngx_log_t *log)
|
|||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
rc = NGX_OK;
|
||||
|
||||
if (!ngx_test_config) {
|
||||
len = ngx_snprintf(pid, NGX_INT64_LEN + 2, "%P%N", ngx_pid) - pid;
|
||||
|
||||
if (ngx_write_file(&file, pid, len, 0) == NGX_ERROR) {
|
||||
rc = NGX_ERROR;
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1058,7 +1045,7 @@ ngx_create_pidfile(ngx_str_t *name, ngx_log_t *log)
|
|||
ngx_close_file_n " \"%s\" failed", file.name.data);
|
||||
}
|
||||
|
||||
return rc;
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -55,7 +55,6 @@ struct ngx_cycle_s {
|
|||
|
||||
ngx_queue_t reusable_connections_queue;
|
||||
ngx_uint_t reusable_connections_n;
|
||||
time_t connections_reuse_time;
|
||||
|
||||
ngx_array_t listening;
|
||||
ngx_array_t paths;
|
||||
|
@ -80,7 +79,6 @@ struct ngx_cycle_s {
|
|||
ngx_str_t conf_param;
|
||||
ngx_str_t conf_prefix;
|
||||
ngx_str_t prefix;
|
||||
ngx_str_t error_log;
|
||||
ngx_str_t lock_file;
|
||||
ngx_str_t hostname;
|
||||
};
|
||||
|
|
|
@ -265,19 +265,7 @@ ngx_hash_init(ngx_hash_init_t *hinit, ngx_hash_key_t *names, ngx_uint_t nelts)
|
|||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (hinit->bucket_size > 65536 - ngx_cacheline_size) {
|
||||
ngx_log_error(NGX_LOG_EMERG, hinit->pool->log, 0,
|
||||
"could not build %s, too large "
|
||||
"%s_bucket_size: %i",
|
||||
hinit->name, hinit->name, hinit->bucket_size);
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
for (n = 0; n < nelts; n++) {
|
||||
if (names[n].key.data == NULL) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (hinit->bucket_size < NGX_HASH_ELT_SIZE(&names[n]) + sizeof(void *))
|
||||
{
|
||||
ngx_log_error(NGX_LOG_EMERG, hinit->pool->log, 0,
|
||||
|
@ -312,19 +300,17 @@ ngx_hash_init(ngx_hash_init_t *hinit, ngx_hash_key_t *names, ngx_uint_t nelts)
|
|||
}
|
||||
|
||||
key = names[n].key_hash % size;
|
||||
len = test[key] + NGX_HASH_ELT_SIZE(&names[n]);
|
||||
test[key] = (u_short) (test[key] + NGX_HASH_ELT_SIZE(&names[n]));
|
||||
|
||||
#if 0
|
||||
ngx_log_error(NGX_LOG_ALERT, hinit->pool->log, 0,
|
||||
"%ui: %ui %uz \"%V\"",
|
||||
size, key, len, &names[n].key);
|
||||
"%ui: %ui %ui \"%V\"",
|
||||
size, key, test[key], &names[n].key);
|
||||
#endif
|
||||
|
||||
if (len > bucket_size) {
|
||||
if (test[key] > (u_short) bucket_size) {
|
||||
goto next;
|
||||
}
|
||||
|
||||
test[key] = (u_short) len;
|
||||
}
|
||||
|
||||
goto found;
|
||||
|
@ -355,18 +341,7 @@ found:
|
|||
}
|
||||
|
||||
key = names[n].key_hash % size;
|
||||
len = test[key] + NGX_HASH_ELT_SIZE(&names[n]);
|
||||
|
||||
if (len > 65536 - ngx_cacheline_size) {
|
||||
ngx_log_error(NGX_LOG_EMERG, hinit->pool->log, 0,
|
||||
"could not build %s, you should "
|
||||
"increase %s_max_size: %i",
|
||||
hinit->name, hinit->name, hinit->max_size);
|
||||
ngx_free(test);
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
test[key] = (u_short) len;
|
||||
test[key] = (u_short) (test[key] + NGX_HASH_ELT_SIZE(&names[n]));
|
||||
}
|
||||
|
||||
len = 0;
|
||||
|
|
|
@ -89,15 +89,12 @@ typedef struct {
|
|||
} ngx_hash_keys_arrays_t;
|
||||
|
||||
|
||||
typedef struct ngx_table_elt_s ngx_table_elt_t;
|
||||
|
||||
struct ngx_table_elt_s {
|
||||
typedef struct {
|
||||
ngx_uint_t hash;
|
||||
ngx_str_t key;
|
||||
ngx_str_t value;
|
||||
u_char *lowcase_key;
|
||||
ngx_table_elt_t *next;
|
||||
};
|
||||
} ngx_table_elt_t;
|
||||
|
||||
|
||||
void *ngx_hash_find(ngx_hash_t *hash, ngx_uint_t key, u_char *name, size_t len);
|
||||
|
|
|
@ -315,7 +315,7 @@ ngx_log_errno(u_char *buf, u_char *last, ngx_err_t err)
|
|||
|
||||
|
||||
ngx_log_t *
|
||||
ngx_log_init(u_char *prefix, u_char *error_log)
|
||||
ngx_log_init(u_char *prefix)
|
||||
{
|
||||
u_char *p, *name;
|
||||
size_t nlen, plen;
|
||||
|
@ -323,11 +323,13 @@ ngx_log_init(u_char *prefix, u_char *error_log)
|
|||
ngx_log.file = &ngx_log_file;
|
||||
ngx_log.log_level = NGX_LOG_NOTICE;
|
||||
|
||||
if (error_log == NULL) {
|
||||
error_log = (u_char *) NGX_ERROR_LOG_PATH;
|
||||
}
|
||||
name = (u_char *) NGX_ERROR_LOG_PATH;
|
||||
|
||||
/*
|
||||
* we use ngx_strlen() here since BCC warns about
|
||||
* condition is always false and unreachable code
|
||||
*/
|
||||
|
||||
name = error_log;
|
||||
nlen = ngx_strlen(name);
|
||||
|
||||
if (nlen == 0) {
|
||||
|
@ -367,7 +369,7 @@ ngx_log_init(u_char *prefix, u_char *error_log)
|
|||
*p++ = '/';
|
||||
}
|
||||
|
||||
ngx_cpystrn(p, error_log, nlen + 1);
|
||||
ngx_cpystrn(p, (u_char *) NGX_ERROR_LOG_PATH, nlen + 1);
|
||||
|
||||
p = name;
|
||||
}
|
||||
|
@ -401,7 +403,8 @@ ngx_log_init(u_char *prefix, u_char *error_log)
|
|||
ngx_int_t
|
||||
ngx_log_open_default(ngx_cycle_t *cycle)
|
||||
{
|
||||
ngx_log_t *log;
|
||||
ngx_log_t *log;
|
||||
static ngx_str_t error_log = ngx_string(NGX_ERROR_LOG_PATH);
|
||||
|
||||
if (ngx_log_get_file_log(&cycle->new_log) != NULL) {
|
||||
return NGX_OK;
|
||||
|
@ -422,7 +425,7 @@ ngx_log_open_default(ngx_cycle_t *cycle)
|
|||
|
||||
log->log_level = NGX_LOG_ERR;
|
||||
|
||||
log->file = ngx_conf_open_file(cycle, &cycle->error_log);
|
||||
log->file = ngx_conf_open_file(cycle, &error_log);
|
||||
if (log->file == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
|
|
@ -228,7 +228,7 @@ void ngx_cdecl ngx_log_debug_core(ngx_log_t *log, ngx_err_t err,
|
|||
|
||||
/*********************************/
|
||||
|
||||
ngx_log_t *ngx_log_init(u_char *prefix, u_char *error_log);
|
||||
ngx_log_t *ngx_log_init(u_char *prefix);
|
||||
void ngx_cdecl ngx_log_abort(ngx_err_t err, const char *fmt, ...);
|
||||
void ngx_cdecl ngx_log_stderr(ngx_err_t err, const char *fmt, ...);
|
||||
u_char *ngx_log_errno(u_char *buf, u_char *last, ngx_err_t err);
|
||||
|
|
|
@ -41,7 +41,7 @@
|
|||
#define NGX_MODULE_SIGNATURE_3 "0"
|
||||
#endif
|
||||
|
||||
#if (NGX_HAVE_SENDFILE_NODISKIO || NGX_COMPAT)
|
||||
#if (NGX_HAVE_AIO_SENDFILE || NGX_COMPAT)
|
||||
#define NGX_MODULE_SIGNATURE_4 "1"
|
||||
#else
|
||||
#define NGX_MODULE_SIGNATURE_4 "0"
|
||||
|
|
|
@ -29,6 +29,10 @@
|
|||
|
||||
static ngx_inline ngx_int_t
|
||||
ngx_output_chain_as_is(ngx_output_chain_ctx_t *ctx, ngx_buf_t *buf);
|
||||
#if (NGX_HAVE_AIO_SENDFILE)
|
||||
static ngx_int_t ngx_output_chain_aio_setup(ngx_output_chain_ctx_t *ctx,
|
||||
ngx_file_t *file);
|
||||
#endif
|
||||
static ngx_int_t ngx_output_chain_add_copy(ngx_pool_t *pool,
|
||||
ngx_chain_t **chain, ngx_chain_t *in);
|
||||
static ngx_int_t ngx_output_chain_align_file_buf(ngx_output_chain_ctx_t *ctx,
|
||||
|
@ -256,6 +260,10 @@ ngx_output_chain_as_is(ngx_output_chain_ctx_t *ctx, ngx_buf_t *buf)
|
|||
}
|
||||
#endif
|
||||
|
||||
if (buf->in_file && buf->file->directio) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
sendfile = ctx->sendfile;
|
||||
|
||||
#if (NGX_SENDFILE_LIMIT)
|
||||
|
@ -264,19 +272,6 @@ ngx_output_chain_as_is(ngx_output_chain_ctx_t *ctx, ngx_buf_t *buf)
|
|||
sendfile = 0;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
#if !(NGX_HAVE_SENDFILE_NODISKIO)
|
||||
|
||||
/*
|
||||
* With DIRECTIO, disable sendfile() unless sendfile(SF_NOCACHE)
|
||||
* is available.
|
||||
*/
|
||||
|
||||
if (buf->in_file && buf->file->directio) {
|
||||
sendfile = 0;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
if (!sendfile) {
|
||||
|
@ -288,6 +283,12 @@ ngx_output_chain_as_is(ngx_output_chain_ctx_t *ctx, ngx_buf_t *buf)
|
|||
buf->in_file = 0;
|
||||
}
|
||||
|
||||
#if (NGX_HAVE_AIO_SENDFILE)
|
||||
if (ctx->aio_preload && buf->in_file) {
|
||||
(void) ngx_output_chain_aio_setup(ctx, buf->file);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (ctx->need_in_memory && !ngx_buf_in_memory(buf)) {
|
||||
return 0;
|
||||
}
|
||||
|
@ -300,6 +301,28 @@ ngx_output_chain_as_is(ngx_output_chain_ctx_t *ctx, ngx_buf_t *buf)
|
|||
}
|
||||
|
||||
|
||||
#if (NGX_HAVE_AIO_SENDFILE)
|
||||
|
||||
static ngx_int_t
|
||||
ngx_output_chain_aio_setup(ngx_output_chain_ctx_t *ctx, ngx_file_t *file)
|
||||
{
|
||||
ngx_event_aio_t *aio;
|
||||
|
||||
if (file->aio == NULL && ngx_file_aio_init(file, ctx->pool) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
aio = file->aio;
|
||||
|
||||
aio->data = ctx->filter_ctx;
|
||||
aio->preload_handler = ctx->aio_preload;
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_output_chain_add_copy(ngx_pool_t *pool, ngx_chain_t **chain,
|
||||
ngx_chain_t *in)
|
||||
|
@ -780,10 +803,6 @@ ngx_chain_writer(void *data, ngx_chain_t *in)
|
|||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (chain && c->write->ready) {
|
||||
ngx_post_event(c->write, &ngx_posted_next_events);
|
||||
}
|
||||
|
||||
for (cl = ctx->out; cl && cl != chain; /* void */) {
|
||||
ln = cl;
|
||||
cl = cl->next;
|
||||
|
|
|
@ -13,15 +13,7 @@
|
|||
#define NGX_PROXY_PROTOCOL_AF_INET6 2
|
||||
|
||||
|
||||
#define ngx_proxy_protocol_parse_uint16(p) \
|
||||
( ((uint16_t) (p)[0] << 8) \
|
||||
+ ( (p)[1]) )
|
||||
|
||||
#define ngx_proxy_protocol_parse_uint32(p) \
|
||||
( ((uint32_t) (p)[0] << 24) \
|
||||
+ ( (p)[1] << 16) \
|
||||
+ ( (p)[2] << 8) \
|
||||
+ ( (p)[3]) )
|
||||
#define ngx_proxy_protocol_parse_uint16(p) ((p)[0] << 8 | (p)[1])
|
||||
|
||||
|
||||
typedef struct {
|
||||
|
@ -48,60 +40,16 @@ typedef struct {
|
|||
} ngx_proxy_protocol_inet6_addrs_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
u_char type;
|
||||
u_char len[2];
|
||||
} ngx_proxy_protocol_tlv_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
u_char client;
|
||||
u_char verify[4];
|
||||
} ngx_proxy_protocol_tlv_ssl_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
ngx_str_t name;
|
||||
ngx_uint_t type;
|
||||
} ngx_proxy_protocol_tlv_entry_t;
|
||||
|
||||
|
||||
static u_char *ngx_proxy_protocol_read_addr(ngx_connection_t *c, u_char *p,
|
||||
u_char *last, ngx_str_t *addr);
|
||||
static u_char *ngx_proxy_protocol_read_port(u_char *p, u_char *last,
|
||||
in_port_t *port, u_char sep);
|
||||
static u_char *ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf,
|
||||
u_char *last);
|
||||
static ngx_int_t ngx_proxy_protocol_lookup_tlv(ngx_connection_t *c,
|
||||
ngx_str_t *tlvs, ngx_uint_t type, ngx_str_t *value);
|
||||
|
||||
|
||||
static ngx_proxy_protocol_tlv_entry_t ngx_proxy_protocol_tlv_entries[] = {
|
||||
{ ngx_string("alpn"), 0x01 },
|
||||
{ ngx_string("authority"), 0x02 },
|
||||
{ ngx_string("unique_id"), 0x05 },
|
||||
{ ngx_string("ssl"), 0x20 },
|
||||
{ ngx_string("netns"), 0x30 },
|
||||
{ ngx_null_string, 0x00 }
|
||||
};
|
||||
|
||||
|
||||
static ngx_proxy_protocol_tlv_entry_t ngx_proxy_protocol_tlv_ssl_entries[] = {
|
||||
{ ngx_string("version"), 0x21 },
|
||||
{ ngx_string("cn"), 0x22 },
|
||||
{ ngx_string("cipher"), 0x23 },
|
||||
{ ngx_string("sig_alg"), 0x24 },
|
||||
{ ngx_string("key_alg"), 0x25 },
|
||||
{ ngx_null_string, 0x00 }
|
||||
};
|
||||
|
||||
|
||||
u_char *
|
||||
ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last)
|
||||
{
|
||||
size_t len;
|
||||
u_char *p;
|
||||
ngx_proxy_protocol_t *pp;
|
||||
size_t len;
|
||||
u_char ch, *p, *addr, *port;
|
||||
ngx_int_t n;
|
||||
|
||||
static const u_char signature[] = "\r\n\r\n\0\r\nQUIT\n";
|
||||
|
||||
|
@ -109,7 +57,7 @@ ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last)
|
|||
len = last - buf;
|
||||
|
||||
if (len >= sizeof(ngx_proxy_protocol_header_t)
|
||||
&& ngx_memcmp(p, signature, sizeof(signature) - 1) == 0)
|
||||
&& memcmp(p, signature, sizeof(signature) - 1) == 0)
|
||||
{
|
||||
return ngx_proxy_protocol_v2_read(c, buf, last);
|
||||
}
|
||||
|
@ -135,83 +83,11 @@ ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last)
|
|||
}
|
||||
|
||||
p += 5;
|
||||
|
||||
pp = ngx_pcalloc(c->pool, sizeof(ngx_proxy_protocol_t));
|
||||
if (pp == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
p = ngx_proxy_protocol_read_addr(c, p, last, &pp->src_addr);
|
||||
if (p == NULL) {
|
||||
goto invalid;
|
||||
}
|
||||
|
||||
p = ngx_proxy_protocol_read_addr(c, p, last, &pp->dst_addr);
|
||||
if (p == NULL) {
|
||||
goto invalid;
|
||||
}
|
||||
|
||||
p = ngx_proxy_protocol_read_port(p, last, &pp->src_port, ' ');
|
||||
if (p == NULL) {
|
||||
goto invalid;
|
||||
}
|
||||
|
||||
p = ngx_proxy_protocol_read_port(p, last, &pp->dst_port, CR);
|
||||
if (p == NULL) {
|
||||
goto invalid;
|
||||
}
|
||||
|
||||
if (p == last) {
|
||||
goto invalid;
|
||||
}
|
||||
|
||||
if (*p++ != LF) {
|
||||
goto invalid;
|
||||
}
|
||||
|
||||
ngx_log_debug4(NGX_LOG_DEBUG_CORE, c->log, 0,
|
||||
"PROXY protocol src: %V %d, dst: %V %d",
|
||||
&pp->src_addr, pp->src_port, &pp->dst_addr, pp->dst_port);
|
||||
|
||||
c->proxy_protocol = pp;
|
||||
|
||||
return p;
|
||||
|
||||
skip:
|
||||
|
||||
for ( /* void */ ; p < last - 1; p++) {
|
||||
if (p[0] == CR && p[1] == LF) {
|
||||
return p + 2;
|
||||
}
|
||||
}
|
||||
|
||||
invalid:
|
||||
|
||||
for (p = buf; p < last; p++) {
|
||||
if (*p == CR || *p == LF) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
ngx_log_error(NGX_LOG_ERR, c->log, 0,
|
||||
"broken header: \"%*s\"", (size_t) (p - buf), buf);
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
static u_char *
|
||||
ngx_proxy_protocol_read_addr(ngx_connection_t *c, u_char *p, u_char *last,
|
||||
ngx_str_t *addr)
|
||||
{
|
||||
size_t len;
|
||||
u_char ch, *pos;
|
||||
|
||||
pos = p;
|
||||
addr = p;
|
||||
|
||||
for ( ;; ) {
|
||||
if (p == last) {
|
||||
return NULL;
|
||||
goto invalid;
|
||||
}
|
||||
|
||||
ch = *p++;
|
||||
|
@ -225,54 +101,70 @@ ngx_proxy_protocol_read_addr(ngx_connection_t *c, u_char *p, u_char *last,
|
|||
&& (ch < 'A' || ch > 'F')
|
||||
&& (ch < '0' || ch > '9'))
|
||||
{
|
||||
return NULL;
|
||||
goto invalid;
|
||||
}
|
||||
}
|
||||
|
||||
len = p - pos - 1;
|
||||
len = p - addr - 1;
|
||||
c->proxy_protocol_addr.data = ngx_pnalloc(c->pool, len);
|
||||
|
||||
addr->data = ngx_pnalloc(c->pool, len);
|
||||
if (addr->data == NULL) {
|
||||
if (c->proxy_protocol_addr.data == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ngx_memcpy(addr->data, pos, len);
|
||||
addr->len = len;
|
||||
|
||||
return p;
|
||||
}
|
||||
|
||||
|
||||
static u_char *
|
||||
ngx_proxy_protocol_read_port(u_char *p, u_char *last, in_port_t *port,
|
||||
u_char sep)
|
||||
{
|
||||
size_t len;
|
||||
u_char *pos;
|
||||
ngx_int_t n;
|
||||
|
||||
pos = p;
|
||||
ngx_memcpy(c->proxy_protocol_addr.data, addr, len);
|
||||
c->proxy_protocol_addr.len = len;
|
||||
|
||||
for ( ;; ) {
|
||||
if (p == last) {
|
||||
return NULL;
|
||||
goto invalid;
|
||||
}
|
||||
|
||||
if (*p++ == sep) {
|
||||
if (*p++ == ' ') {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
len = p - pos - 1;
|
||||
port = p;
|
||||
|
||||
n = ngx_atoi(pos, len);
|
||||
if (n < 0 || n > 65535) {
|
||||
return NULL;
|
||||
for ( ;; ) {
|
||||
if (p == last) {
|
||||
goto invalid;
|
||||
}
|
||||
|
||||
if (*p++ == ' ') {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
*port = (in_port_t) n;
|
||||
len = p - port - 1;
|
||||
|
||||
return p;
|
||||
n = ngx_atoi(port, len);
|
||||
|
||||
if (n < 0 || n > 65535) {
|
||||
goto invalid;
|
||||
}
|
||||
|
||||
c->proxy_protocol_port = (in_port_t) n;
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0,
|
||||
"PROXY protocol address: %V %d", &c->proxy_protocol_addr,
|
||||
c->proxy_protocol_port);
|
||||
|
||||
skip:
|
||||
|
||||
for ( /* void */ ; p < last - 1; p++) {
|
||||
if (p[0] == CR && p[1] == LF) {
|
||||
return p + 2;
|
||||
}
|
||||
}
|
||||
|
||||
invalid:
|
||||
|
||||
ngx_log_error(NGX_LOG_ERR, c->log, 0,
|
||||
"broken header: \"%*s\"", (size_t) (last - buf), buf);
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
|
@ -281,9 +173,7 @@ ngx_proxy_protocol_write(ngx_connection_t *c, u_char *buf, u_char *last)
|
|||
{
|
||||
ngx_uint_t port, lport;
|
||||
|
||||
if (last - buf < NGX_PROXY_PROTOCOL_V1_MAX_HEADER) {
|
||||
ngx_log_error(NGX_LOG_ALERT, c->log, 0,
|
||||
"too small buffer for PROXY protocol");
|
||||
if (last - buf < NGX_PROXY_PROTOCOL_MAX_HEADER) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
@ -329,8 +219,7 @@ ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, u_char *last)
|
|||
size_t len;
|
||||
socklen_t socklen;
|
||||
ngx_uint_t version, command, family, transport;
|
||||
ngx_sockaddr_t src_sockaddr, dst_sockaddr;
|
||||
ngx_proxy_protocol_t *pp;
|
||||
ngx_sockaddr_t sockaddr;
|
||||
ngx_proxy_protocol_header_t *header;
|
||||
ngx_proxy_protocol_inet_addrs_t *in;
|
||||
#if (NGX_HAVE_INET6)
|
||||
|
@ -377,11 +266,6 @@ ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, u_char *last)
|
|||
return end;
|
||||
}
|
||||
|
||||
pp = ngx_pcalloc(c->pool, sizeof(ngx_proxy_protocol_t));
|
||||
if (pp == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
family = header->family_transport >> 4;
|
||||
|
||||
switch (family) {
|
||||
|
@ -394,16 +278,11 @@ ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, u_char *last)
|
|||
|
||||
in = (ngx_proxy_protocol_inet_addrs_t *) buf;
|
||||
|
||||
src_sockaddr.sockaddr_in.sin_family = AF_INET;
|
||||
src_sockaddr.sockaddr_in.sin_port = 0;
|
||||
ngx_memcpy(&src_sockaddr.sockaddr_in.sin_addr, in->src_addr, 4);
|
||||
sockaddr.sockaddr_in.sin_family = AF_INET;
|
||||
sockaddr.sockaddr_in.sin_port = 0;
|
||||
memcpy(&sockaddr.sockaddr_in.sin_addr, in->src_addr, 4);
|
||||
|
||||
dst_sockaddr.sockaddr_in.sin_family = AF_INET;
|
||||
dst_sockaddr.sockaddr_in.sin_port = 0;
|
||||
ngx_memcpy(&dst_sockaddr.sockaddr_in.sin_addr, in->dst_addr, 4);
|
||||
|
||||
pp->src_port = ngx_proxy_protocol_parse_uint16(in->src_port);
|
||||
pp->dst_port = ngx_proxy_protocol_parse_uint16(in->dst_port);
|
||||
c->proxy_protocol_port = ngx_proxy_protocol_parse_uint16(in->src_port);
|
||||
|
||||
socklen = sizeof(struct sockaddr_in);
|
||||
|
||||
|
@ -421,16 +300,11 @@ ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, u_char *last)
|
|||
|
||||
in6 = (ngx_proxy_protocol_inet6_addrs_t *) buf;
|
||||
|
||||
src_sockaddr.sockaddr_in6.sin6_family = AF_INET6;
|
||||
src_sockaddr.sockaddr_in6.sin6_port = 0;
|
||||
ngx_memcpy(&src_sockaddr.sockaddr_in6.sin6_addr, in6->src_addr, 16);
|
||||
sockaddr.sockaddr_in6.sin6_family = AF_INET6;
|
||||
sockaddr.sockaddr_in6.sin6_port = 0;
|
||||
memcpy(&sockaddr.sockaddr_in6.sin6_addr, in6->src_addr, 16);
|
||||
|
||||
dst_sockaddr.sockaddr_in6.sin6_family = AF_INET6;
|
||||
dst_sockaddr.sockaddr_in6.sin6_port = 0;
|
||||
ngx_memcpy(&dst_sockaddr.sockaddr_in6.sin6_addr, in6->dst_addr, 16);
|
||||
|
||||
pp->src_port = ngx_proxy_protocol_parse_uint16(in6->src_port);
|
||||
pp->dst_port = ngx_proxy_protocol_parse_uint16(in6->dst_port);
|
||||
c->proxy_protocol_port = ngx_proxy_protocol_parse_uint16(in6->src_port);
|
||||
|
||||
socklen = sizeof(struct sockaddr_in6);
|
||||
|
||||
|
@ -447,168 +321,23 @@ ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, u_char *last)
|
|||
return end;
|
||||
}
|
||||
|
||||
pp->src_addr.data = ngx_pnalloc(c->pool, NGX_SOCKADDR_STRLEN);
|
||||
if (pp->src_addr.data == NULL) {
|
||||
c->proxy_protocol_addr.data = ngx_pnalloc(c->pool, NGX_SOCKADDR_STRLEN);
|
||||
if (c->proxy_protocol_addr.data == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
pp->src_addr.len = ngx_sock_ntop(&src_sockaddr.sockaddr, socklen,
|
||||
pp->src_addr.data, NGX_SOCKADDR_STRLEN, 0);
|
||||
c->proxy_protocol_addr.len = ngx_sock_ntop(&sockaddr.sockaddr, socklen,
|
||||
c->proxy_protocol_addr.data,
|
||||
NGX_SOCKADDR_STRLEN, 0);
|
||||
|
||||
pp->dst_addr.data = ngx_pnalloc(c->pool, NGX_SOCKADDR_STRLEN);
|
||||
if (pp->dst_addr.data == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
pp->dst_addr.len = ngx_sock_ntop(&dst_sockaddr.sockaddr, socklen,
|
||||
pp->dst_addr.data, NGX_SOCKADDR_STRLEN, 0);
|
||||
|
||||
ngx_log_debug4(NGX_LOG_DEBUG_CORE, c->log, 0,
|
||||
"PROXY protocol v2 src: %V %d, dst: %V %d",
|
||||
&pp->src_addr, pp->src_port, &pp->dst_addr, pp->dst_port);
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0,
|
||||
"PROXY protocol v2 address: %V %d", &c->proxy_protocol_addr,
|
||||
c->proxy_protocol_port);
|
||||
|
||||
if (buf < end) {
|
||||
pp->tlvs.data = ngx_pnalloc(c->pool, end - buf);
|
||||
if (pp->tlvs.data == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ngx_memcpy(pp->tlvs.data, buf, end - buf);
|
||||
pp->tlvs.len = end - buf;
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0,
|
||||
"PROXY protocol v2 %z bytes of tlv ignored", end - buf);
|
||||
}
|
||||
|
||||
c->proxy_protocol = pp;
|
||||
|
||||
return end;
|
||||
}
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_proxy_protocol_get_tlv(ngx_connection_t *c, ngx_str_t *name,
|
||||
ngx_str_t *value)
|
||||
{
|
||||
u_char *p;
|
||||
size_t n;
|
||||
uint32_t verify;
|
||||
ngx_str_t ssl, *tlvs;
|
||||
ngx_int_t rc, type;
|
||||
ngx_proxy_protocol_tlv_ssl_t *tlv_ssl;
|
||||
ngx_proxy_protocol_tlv_entry_t *te;
|
||||
|
||||
if (c->proxy_protocol == NULL) {
|
||||
return NGX_DECLINED;
|
||||
}
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0,
|
||||
"PROXY protocol v2 get tlv \"%V\"", name);
|
||||
|
||||
te = ngx_proxy_protocol_tlv_entries;
|
||||
tlvs = &c->proxy_protocol->tlvs;
|
||||
|
||||
p = name->data;
|
||||
n = name->len;
|
||||
|
||||
if (n >= 4 && p[0] == 's' && p[1] == 's' && p[2] == 'l' && p[3] == '_') {
|
||||
|
||||
rc = ngx_proxy_protocol_lookup_tlv(c, tlvs, 0x20, &ssl);
|
||||
if (rc != NGX_OK) {
|
||||
return rc;
|
||||
}
|
||||
|
||||
if (ssl.len < sizeof(ngx_proxy_protocol_tlv_ssl_t)) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
p += 4;
|
||||
n -= 4;
|
||||
|
||||
if (n == 6 && ngx_strncmp(p, "verify", 6) == 0) {
|
||||
|
||||
tlv_ssl = (ngx_proxy_protocol_tlv_ssl_t *) ssl.data;
|
||||
verify = ngx_proxy_protocol_parse_uint32(tlv_ssl->verify);
|
||||
|
||||
value->data = ngx_pnalloc(c->pool, NGX_INT32_LEN);
|
||||
if (value->data == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
value->len = ngx_sprintf(value->data, "%uD", verify)
|
||||
- value->data;
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
ssl.data += sizeof(ngx_proxy_protocol_tlv_ssl_t);
|
||||
ssl.len -= sizeof(ngx_proxy_protocol_tlv_ssl_t);
|
||||
|
||||
te = ngx_proxy_protocol_tlv_ssl_entries;
|
||||
tlvs = &ssl;
|
||||
}
|
||||
|
||||
if (n >= 2 && p[0] == '0' && p[1] == 'x') {
|
||||
|
||||
type = ngx_hextoi(p + 2, n - 2);
|
||||
if (type == NGX_ERROR) {
|
||||
ngx_log_error(NGX_LOG_ERR, c->log, 0,
|
||||
"invalid PROXY protocol TLV \"%V\"", name);
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
return ngx_proxy_protocol_lookup_tlv(c, tlvs, type, value);
|
||||
}
|
||||
|
||||
for ( /* void */ ; te->type; te++) {
|
||||
if (te->name.len == n && ngx_strncmp(te->name.data, p, n) == 0) {
|
||||
return ngx_proxy_protocol_lookup_tlv(c, tlvs, te->type, value);
|
||||
}
|
||||
}
|
||||
|
||||
ngx_log_error(NGX_LOG_ERR, c->log, 0,
|
||||
"unknown PROXY protocol TLV \"%V\"", name);
|
||||
|
||||
return NGX_DECLINED;
|
||||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_proxy_protocol_lookup_tlv(ngx_connection_t *c, ngx_str_t *tlvs,
|
||||
ngx_uint_t type, ngx_str_t *value)
|
||||
{
|
||||
u_char *p;
|
||||
size_t n, len;
|
||||
ngx_proxy_protocol_tlv_t *tlv;
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0,
|
||||
"PROXY protocol v2 lookup tlv:%02xi", type);
|
||||
|
||||
p = tlvs->data;
|
||||
n = tlvs->len;
|
||||
|
||||
while (n) {
|
||||
if (n < sizeof(ngx_proxy_protocol_tlv_t)) {
|
||||
ngx_log_error(NGX_LOG_ERR, c->log, 0, "broken PROXY protocol TLV");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
tlv = (ngx_proxy_protocol_tlv_t *) p;
|
||||
len = ngx_proxy_protocol_parse_uint16(tlv->len);
|
||||
|
||||
p += sizeof(ngx_proxy_protocol_tlv_t);
|
||||
n -= sizeof(ngx_proxy_protocol_tlv_t);
|
||||
|
||||
if (n < len) {
|
||||
ngx_log_error(NGX_LOG_ERR, c->log, 0, "broken PROXY protocol TLV");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (tlv->type == type) {
|
||||
value->data = p;
|
||||
value->len = len;
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
p += len;
|
||||
n -= len;
|
||||
}
|
||||
|
||||
return NGX_DECLINED;
|
||||
}
|
||||
|
|
|
@ -13,25 +13,13 @@
|
|||
#include <ngx_core.h>
|
||||
|
||||
|
||||
#define NGX_PROXY_PROTOCOL_V1_MAX_HEADER 107
|
||||
#define NGX_PROXY_PROTOCOL_MAX_HEADER 4096
|
||||
|
||||
|
||||
struct ngx_proxy_protocol_s {
|
||||
ngx_str_t src_addr;
|
||||
ngx_str_t dst_addr;
|
||||
in_port_t src_port;
|
||||
in_port_t dst_port;
|
||||
ngx_str_t tlvs;
|
||||
};
|
||||
#define NGX_PROXY_PROTOCOL_MAX_HEADER 107
|
||||
|
||||
|
||||
u_char *ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf,
|
||||
u_char *last);
|
||||
u_char *ngx_proxy_protocol_write(ngx_connection_t *c, u_char *buf,
|
||||
u_char *last);
|
||||
ngx_int_t ngx_proxy_protocol_get_tlv(ngx_connection_t *c, ngx_str_t *name,
|
||||
ngx_str_t *value);
|
||||
|
||||
|
||||
#endif /* _NGX_PROXY_PROTOCOL_H_INCLUDED_ */
|
||||
|
|
|
@ -174,7 +174,12 @@ ngx_rbtree_delete(ngx_rbtree_t *tree, ngx_rbtree_node_t *node)
|
|||
|
||||
} else {
|
||||
subst = ngx_rbtree_min(node->right, sentinel);
|
||||
temp = subst->right;
|
||||
|
||||
if (subst->left != sentinel) {
|
||||
temp = subst->left;
|
||||
} else {
|
||||
temp = subst->right;
|
||||
}
|
||||
}
|
||||
|
||||
if (subst == *root) {
|
||||
|
|
|
@ -47,9 +47,6 @@ struct ngx_rbtree_s {
|
|||
(tree)->sentinel = s; \
|
||||
(tree)->insert = i
|
||||
|
||||
#define ngx_rbtree_data(node, type, link) \
|
||||
(type *) ((u_char *) (node) - offsetof(type, link))
|
||||
|
||||
|
||||
void ngx_rbtree_insert(ngx_rbtree_t *tree, ngx_rbtree_node_t *node);
|
||||
void ngx_rbtree_delete(ngx_rbtree_t *tree, ngx_rbtree_node_t *node);
|
||||
|
|
|
@ -10,22 +10,15 @@
|
|||
|
||||
|
||||
typedef struct {
|
||||
ngx_flag_t pcre_jit;
|
||||
ngx_list_t *studies;
|
||||
ngx_flag_t pcre_jit;
|
||||
} ngx_regex_conf_t;
|
||||
|
||||
|
||||
static ngx_inline void ngx_regex_malloc_init(ngx_pool_t *pool);
|
||||
static ngx_inline void ngx_regex_malloc_done(void);
|
||||
|
||||
#if (NGX_PCRE2)
|
||||
static void * ngx_libc_cdecl ngx_regex_malloc(size_t size, void *data);
|
||||
static void ngx_libc_cdecl ngx_regex_free(void *p, void *data);
|
||||
#else
|
||||
static void * ngx_libc_cdecl ngx_regex_malloc(size_t size);
|
||||
static void ngx_libc_cdecl ngx_regex_free(void *p);
|
||||
#if (NGX_HAVE_PCRE_JIT)
|
||||
static void ngx_pcre_free_studies(void *data);
|
||||
#endif
|
||||
static void ngx_regex_cleanup(void *data);
|
||||
|
||||
static ngx_int_t ngx_regex_module_init(ngx_cycle_t *cycle);
|
||||
|
||||
|
@ -72,197 +65,32 @@ ngx_module_t ngx_regex_module = {
|
|||
};
|
||||
|
||||
|
||||
static ngx_pool_t *ngx_regex_pool;
|
||||
static ngx_list_t *ngx_regex_studies;
|
||||
static ngx_uint_t ngx_regex_direct_alloc;
|
||||
|
||||
#if (NGX_PCRE2)
|
||||
static pcre2_compile_context *ngx_regex_compile_context;
|
||||
static pcre2_match_data *ngx_regex_match_data;
|
||||
static ngx_uint_t ngx_regex_match_data_size;
|
||||
#endif
|
||||
static ngx_pool_t *ngx_pcre_pool;
|
||||
static ngx_list_t *ngx_pcre_studies;
|
||||
|
||||
|
||||
void
|
||||
ngx_regex_init(void)
|
||||
{
|
||||
#if !(NGX_PCRE2)
|
||||
pcre_malloc = ngx_regex_malloc;
|
||||
pcre_free = ngx_regex_free;
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
static ngx_inline void
|
||||
ngx_regex_malloc_init(ngx_pool_t *pool)
|
||||
{
|
||||
ngx_regex_pool = pool;
|
||||
ngx_regex_direct_alloc = (pool == NULL) ? 1 : 0;
|
||||
ngx_pcre_pool = pool;
|
||||
}
|
||||
|
||||
|
||||
static ngx_inline void
|
||||
ngx_regex_malloc_done(void)
|
||||
{
|
||||
ngx_regex_pool = NULL;
|
||||
ngx_regex_direct_alloc = 0;
|
||||
ngx_pcre_pool = NULL;
|
||||
}
|
||||
|
||||
|
||||
#if (NGX_PCRE2)
|
||||
|
||||
ngx_int_t
|
||||
ngx_regex_compile(ngx_regex_compile_t *rc)
|
||||
{
|
||||
int n, errcode;
|
||||
char *p;
|
||||
u_char errstr[128];
|
||||
size_t erroff;
|
||||
uint32_t options;
|
||||
pcre2_code *re;
|
||||
ngx_regex_elt_t *elt;
|
||||
pcre2_general_context *gctx;
|
||||
pcre2_compile_context *cctx;
|
||||
|
||||
if (ngx_regex_compile_context == NULL) {
|
||||
/*
|
||||
* Allocate a compile context if not yet allocated. This uses
|
||||
* direct allocations from heap, so the result can be cached
|
||||
* even at runtime.
|
||||
*/
|
||||
|
||||
ngx_regex_malloc_init(NULL);
|
||||
|
||||
gctx = pcre2_general_context_create(ngx_regex_malloc, ngx_regex_free,
|
||||
NULL);
|
||||
if (gctx == NULL) {
|
||||
ngx_regex_malloc_done();
|
||||
goto nomem;
|
||||
}
|
||||
|
||||
cctx = pcre2_compile_context_create(gctx);
|
||||
if (cctx == NULL) {
|
||||
pcre2_general_context_free(gctx);
|
||||
ngx_regex_malloc_done();
|
||||
goto nomem;
|
||||
}
|
||||
|
||||
ngx_regex_compile_context = cctx;
|
||||
|
||||
pcre2_general_context_free(gctx);
|
||||
ngx_regex_malloc_done();
|
||||
}
|
||||
|
||||
options = 0;
|
||||
|
||||
if (rc->options & NGX_REGEX_CASELESS) {
|
||||
options |= PCRE2_CASELESS;
|
||||
}
|
||||
|
||||
if (rc->options & NGX_REGEX_MULTILINE) {
|
||||
options |= PCRE2_MULTILINE;
|
||||
}
|
||||
|
||||
if (rc->options & ~(NGX_REGEX_CASELESS|NGX_REGEX_MULTILINE)) {
|
||||
rc->err.len = ngx_snprintf(rc->err.data, rc->err.len,
|
||||
"regex \"%V\" compilation failed: invalid options",
|
||||
&rc->pattern)
|
||||
- rc->err.data;
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
ngx_regex_malloc_init(rc->pool);
|
||||
|
||||
re = pcre2_compile(rc->pattern.data, rc->pattern.len, options,
|
||||
&errcode, &erroff, ngx_regex_compile_context);
|
||||
|
||||
/* ensure that there is no current pool */
|
||||
ngx_regex_malloc_done();
|
||||
|
||||
if (re == NULL) {
|
||||
pcre2_get_error_message(errcode, errstr, 128);
|
||||
|
||||
if ((size_t) erroff == rc->pattern.len) {
|
||||
rc->err.len = ngx_snprintf(rc->err.data, rc->err.len,
|
||||
"pcre2_compile() failed: %s in \"%V\"",
|
||||
errstr, &rc->pattern)
|
||||
- rc->err.data;
|
||||
|
||||
} else {
|
||||
rc->err.len = ngx_snprintf(rc->err.data, rc->err.len,
|
||||
"pcre2_compile() failed: %s in \"%V\" at \"%s\"",
|
||||
errstr, &rc->pattern, rc->pattern.data + erroff)
|
||||
- rc->err.data;
|
||||
}
|
||||
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
rc->regex = re;
|
||||
|
||||
/* do not study at runtime */
|
||||
|
||||
if (ngx_regex_studies != NULL) {
|
||||
elt = ngx_list_push(ngx_regex_studies);
|
||||
if (elt == NULL) {
|
||||
goto nomem;
|
||||
}
|
||||
|
||||
elt->regex = rc->regex;
|
||||
elt->name = rc->pattern.data;
|
||||
}
|
||||
|
||||
n = pcre2_pattern_info(re, PCRE2_INFO_CAPTURECOUNT, &rc->captures);
|
||||
if (n < 0) {
|
||||
p = "pcre2_pattern_info(\"%V\", PCRE2_INFO_CAPTURECOUNT) failed: %d";
|
||||
goto failed;
|
||||
}
|
||||
|
||||
if (rc->captures == 0) {
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
n = pcre2_pattern_info(re, PCRE2_INFO_NAMECOUNT, &rc->named_captures);
|
||||
if (n < 0) {
|
||||
p = "pcre2_pattern_info(\"%V\", PCRE2_INFO_NAMECOUNT) failed: %d";
|
||||
goto failed;
|
||||
}
|
||||
|
||||
if (rc->named_captures == 0) {
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
n = pcre2_pattern_info(re, PCRE2_INFO_NAMEENTRYSIZE, &rc->name_size);
|
||||
if (n < 0) {
|
||||
p = "pcre2_pattern_info(\"%V\", PCRE2_INFO_NAMEENTRYSIZE) failed: %d";
|
||||
goto failed;
|
||||
}
|
||||
|
||||
n = pcre2_pattern_info(re, PCRE2_INFO_NAMETABLE, &rc->names);
|
||||
if (n < 0) {
|
||||
p = "pcre2_pattern_info(\"%V\", PCRE2_INFO_NAMETABLE) failed: %d";
|
||||
goto failed;
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
|
||||
failed:
|
||||
|
||||
rc->err.len = ngx_snprintf(rc->err.data, rc->err.len, p, &rc->pattern, n)
|
||||
- rc->err.data;
|
||||
return NGX_ERROR;
|
||||
|
||||
nomem:
|
||||
|
||||
rc->err.len = ngx_snprintf(rc->err.data, rc->err.len,
|
||||
"regex \"%V\" compilation failed: no memory",
|
||||
&rc->pattern)
|
||||
- rc->err.data;
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
ngx_int_t
|
||||
ngx_regex_compile(ngx_regex_compile_t *rc)
|
||||
{
|
||||
|
@ -270,30 +98,11 @@ ngx_regex_compile(ngx_regex_compile_t *rc)
|
|||
char *p;
|
||||
pcre *re;
|
||||
const char *errstr;
|
||||
ngx_uint_t options;
|
||||
ngx_regex_elt_t *elt;
|
||||
|
||||
options = 0;
|
||||
|
||||
if (rc->options & NGX_REGEX_CASELESS) {
|
||||
options |= PCRE_CASELESS;
|
||||
}
|
||||
|
||||
if (rc->options & NGX_REGEX_MULTILINE) {
|
||||
options |= PCRE_MULTILINE;
|
||||
}
|
||||
|
||||
if (rc->options & ~(NGX_REGEX_CASELESS|NGX_REGEX_MULTILINE)) {
|
||||
rc->err.len = ngx_snprintf(rc->err.data, rc->err.len,
|
||||
"regex \"%V\" compilation failed: invalid options",
|
||||
&rc->pattern)
|
||||
- rc->err.data;
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
ngx_regex_malloc_init(rc->pool);
|
||||
|
||||
re = pcre_compile((const char *) rc->pattern.data, (int) options,
|
||||
re = pcre_compile((const char *) rc->pattern.data, (int) rc->options,
|
||||
&errstr, &erroff, NULL);
|
||||
|
||||
/* ensure that there is no current pool */
|
||||
|
@ -304,13 +113,13 @@ ngx_regex_compile(ngx_regex_compile_t *rc)
|
|||
rc->err.len = ngx_snprintf(rc->err.data, rc->err.len,
|
||||
"pcre_compile() failed: %s in \"%V\"",
|
||||
errstr, &rc->pattern)
|
||||
- rc->err.data;
|
||||
- rc->err.data;
|
||||
|
||||
} else {
|
||||
rc->err.len = ngx_snprintf(rc->err.data, rc->err.len,
|
||||
"pcre_compile() failed: %s in \"%V\" at \"%s\"",
|
||||
errstr, &rc->pattern, rc->pattern.data + erroff)
|
||||
- rc->err.data;
|
||||
- rc->err.data;
|
||||
}
|
||||
|
||||
return NGX_ERROR;
|
||||
|
@ -325,8 +134,8 @@ ngx_regex_compile(ngx_regex_compile_t *rc)
|
|||
|
||||
/* do not study at runtime */
|
||||
|
||||
if (ngx_regex_studies != NULL) {
|
||||
elt = ngx_list_push(ngx_regex_studies);
|
||||
if (ngx_pcre_studies != NULL) {
|
||||
elt = ngx_list_push(ngx_pcre_studies);
|
||||
if (elt == NULL) {
|
||||
goto nomem;
|
||||
}
|
||||
|
@ -384,83 +193,6 @@ nomem:
|
|||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
#if (NGX_PCRE2)
|
||||
|
||||
ngx_int_t
|
||||
ngx_regex_exec(ngx_regex_t *re, ngx_str_t *s, int *captures, ngx_uint_t size)
|
||||
{
|
||||
size_t *ov;
|
||||
ngx_int_t rc;
|
||||
ngx_uint_t n, i;
|
||||
|
||||
/*
|
||||
* The pcre2_match() function might allocate memory for backtracking
|
||||
* frames, typical allocations are from 40k and above. So the allocator
|
||||
* is configured to do direct allocations from heap during matching.
|
||||
*/
|
||||
|
||||
ngx_regex_malloc_init(NULL);
|
||||
|
||||
if (ngx_regex_match_data == NULL
|
||||
|| size > ngx_regex_match_data_size)
|
||||
{
|
||||
/*
|
||||
* Allocate a match data if not yet allocated or smaller than
|
||||
* needed.
|
||||
*/
|
||||
|
||||
if (ngx_regex_match_data) {
|
||||
pcre2_match_data_free(ngx_regex_match_data);
|
||||
}
|
||||
|
||||
ngx_regex_match_data_size = size;
|
||||
ngx_regex_match_data = pcre2_match_data_create(size / 3, NULL);
|
||||
|
||||
if (ngx_regex_match_data == NULL) {
|
||||
rc = PCRE2_ERROR_NOMEMORY;
|
||||
goto failed;
|
||||
}
|
||||
}
|
||||
|
||||
rc = pcre2_match(re, s->data, s->len, 0, 0, ngx_regex_match_data, NULL);
|
||||
|
||||
if (rc < 0) {
|
||||
goto failed;
|
||||
}
|
||||
|
||||
n = pcre2_get_ovector_count(ngx_regex_match_data);
|
||||
ov = pcre2_get_ovector_pointer(ngx_regex_match_data);
|
||||
|
||||
if (n > size / 3) {
|
||||
n = size / 3;
|
||||
}
|
||||
|
||||
for (i = 0; i < n; i++) {
|
||||
captures[i * 2] = ov[i * 2];
|
||||
captures[i * 2 + 1] = ov[i * 2 + 1];
|
||||
}
|
||||
|
||||
failed:
|
||||
|
||||
ngx_regex_malloc_done();
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
ngx_int_t
|
||||
ngx_regex_exec(ngx_regex_t *re, ngx_str_t *s, int *captures, ngx_uint_t size)
|
||||
{
|
||||
return pcre_exec(re->code, re->extra, (const char *) s->data, s->len,
|
||||
0, 0, captures, size);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_regex_exec_array(ngx_array_t *a, ngx_str_t *s, ngx_log_t *log)
|
||||
|
@ -495,40 +227,14 @@ ngx_regex_exec_array(ngx_array_t *a, ngx_str_t *s, ngx_log_t *log)
|
|||
}
|
||||
|
||||
|
||||
#if (NGX_PCRE2)
|
||||
|
||||
static void * ngx_libc_cdecl
|
||||
ngx_regex_malloc(size_t size, void *data)
|
||||
{
|
||||
if (ngx_regex_pool) {
|
||||
return ngx_palloc(ngx_regex_pool, size);
|
||||
}
|
||||
|
||||
if (ngx_regex_direct_alloc) {
|
||||
return ngx_alloc(size, ngx_cycle->log);
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
static void ngx_libc_cdecl
|
||||
ngx_regex_free(void *p, void *data)
|
||||
{
|
||||
if (ngx_regex_direct_alloc) {
|
||||
ngx_free(p);
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
static void * ngx_libc_cdecl
|
||||
ngx_regex_malloc(size_t size)
|
||||
{
|
||||
if (ngx_regex_pool) {
|
||||
return ngx_palloc(ngx_regex_pool, size);
|
||||
ngx_pool_t *pool;
|
||||
pool = ngx_pcre_pool;
|
||||
|
||||
if (pool) {
|
||||
return ngx_palloc(pool, size);
|
||||
}
|
||||
|
||||
return NULL;
|
||||
|
@ -541,20 +247,19 @@ ngx_regex_free(void *p)
|
|||
return;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
#if (NGX_HAVE_PCRE_JIT)
|
||||
|
||||
static void
|
||||
ngx_regex_cleanup(void *data)
|
||||
ngx_pcre_free_studies(void *data)
|
||||
{
|
||||
#if (NGX_PCRE2 || NGX_HAVE_PCRE_JIT)
|
||||
ngx_regex_conf_t *rcf = data;
|
||||
ngx_list_t *studies = data;
|
||||
|
||||
ngx_uint_t i;
|
||||
ngx_list_part_t *part;
|
||||
ngx_regex_elt_t *elts;
|
||||
|
||||
part = &rcf->studies->part;
|
||||
part = &studies->part;
|
||||
elts = part->elts;
|
||||
|
||||
for (i = 0; /* void */ ; i++) {
|
||||
|
@ -569,83 +274,56 @@ ngx_regex_cleanup(void *data)
|
|||
i = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* The PCRE JIT compiler uses mmap for its executable codes, so we
|
||||
* have to explicitly call the pcre_free_study() function to free
|
||||
* this memory. In PCRE2, we call the pcre2_code_free() function
|
||||
* for the same reason.
|
||||
*/
|
||||
|
||||
#if (NGX_PCRE2)
|
||||
pcre2_code_free(elts[i].regex);
|
||||
#else
|
||||
if (elts[i].regex->extra != NULL) {
|
||||
pcre_free_study(elts[i].regex->extra);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* On configuration parsing errors ngx_regex_module_init() will not
|
||||
* be called. Make sure ngx_regex_studies is properly cleared anyway.
|
||||
*/
|
||||
|
||||
ngx_regex_studies = NULL;
|
||||
|
||||
#if (NGX_PCRE2)
|
||||
|
||||
/*
|
||||
* Free compile context and match data. If needed at runtime by
|
||||
* the new cycle, these will be re-allocated.
|
||||
*/
|
||||
|
||||
if (ngx_regex_compile_context) {
|
||||
pcre2_compile_context_free(ngx_regex_compile_context);
|
||||
ngx_regex_compile_context = NULL;
|
||||
}
|
||||
|
||||
if (ngx_regex_match_data) {
|
||||
pcre2_match_data_free(ngx_regex_match_data);
|
||||
ngx_regex_match_data = NULL;
|
||||
ngx_regex_match_data_size = 0;
|
||||
}
|
||||
|
||||
#endif
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_regex_module_init(ngx_cycle_t *cycle)
|
||||
{
|
||||
int opt;
|
||||
#if !(NGX_PCRE2)
|
||||
const char *errstr;
|
||||
#endif
|
||||
ngx_uint_t i;
|
||||
ngx_list_part_t *part;
|
||||
ngx_regex_elt_t *elts;
|
||||
ngx_regex_conf_t *rcf;
|
||||
int opt;
|
||||
const char *errstr;
|
||||
ngx_uint_t i;
|
||||
ngx_list_part_t *part;
|
||||
ngx_regex_elt_t *elts;
|
||||
|
||||
opt = 0;
|
||||
|
||||
#if (NGX_HAVE_PCRE_JIT)
|
||||
{
|
||||
ngx_regex_conf_t *rcf;
|
||||
ngx_pool_cleanup_t *cln;
|
||||
|
||||
rcf = (ngx_regex_conf_t *) ngx_get_conf(cycle->conf_ctx, ngx_regex_module);
|
||||
|
||||
#if (NGX_PCRE2 || NGX_HAVE_PCRE_JIT)
|
||||
|
||||
if (rcf->pcre_jit) {
|
||||
#if (NGX_PCRE2)
|
||||
opt = 1;
|
||||
#else
|
||||
opt = PCRE_STUDY_JIT_COMPILE;
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
* The PCRE JIT compiler uses mmap for its executable codes, so we
|
||||
* have to explicitly call the pcre_free_study() function to free
|
||||
* this memory.
|
||||
*/
|
||||
|
||||
cln = ngx_pool_cleanup_add(cycle->pool, 0);
|
||||
if (cln == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
cln->handler = ngx_pcre_free_studies;
|
||||
cln->data = ngx_pcre_studies;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
ngx_regex_malloc_init(cycle->pool);
|
||||
|
||||
part = &rcf->studies->part;
|
||||
part = &ngx_pcre_studies->part;
|
||||
elts = part->elts;
|
||||
|
||||
for (i = 0; /* void */ ; i++) {
|
||||
|
@ -660,23 +338,6 @@ ngx_regex_module_init(ngx_cycle_t *cycle)
|
|||
i = 0;
|
||||
}
|
||||
|
||||
#if (NGX_PCRE2)
|
||||
|
||||
if (opt) {
|
||||
int n;
|
||||
|
||||
n = pcre2_jit_compile(elts[i].regex, PCRE2_JIT_COMPLETE);
|
||||
|
||||
if (n != 0) {
|
||||
ngx_log_error(NGX_LOG_INFO, cycle->log, 0,
|
||||
"pcre2_jit_compile() failed: %d in \"%s\", "
|
||||
"ignored",
|
||||
n, elts[i].name);
|
||||
}
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
elts[i].regex->extra = pcre_study(elts[i].regex->code, opt, &errstr);
|
||||
|
||||
if (errstr != NULL) {
|
||||
|
@ -699,16 +360,12 @@ ngx_regex_module_init(ngx_cycle_t *cycle)
|
|||
elts[i].name);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
|
||||
ngx_regex_malloc_done();
|
||||
|
||||
ngx_regex_studies = NULL;
|
||||
#if (NGX_PCRE2)
|
||||
ngx_regex_compile_context = NULL;
|
||||
#endif
|
||||
ngx_pcre_studies = NULL;
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
@ -717,8 +374,7 @@ ngx_regex_module_init(ngx_cycle_t *cycle)
|
|||
static void *
|
||||
ngx_regex_create_conf(ngx_cycle_t *cycle)
|
||||
{
|
||||
ngx_regex_conf_t *rcf;
|
||||
ngx_pool_cleanup_t *cln;
|
||||
ngx_regex_conf_t *rcf;
|
||||
|
||||
rcf = ngx_pcalloc(cycle->pool, sizeof(ngx_regex_conf_t));
|
||||
if (rcf == NULL) {
|
||||
|
@ -727,21 +383,11 @@ ngx_regex_create_conf(ngx_cycle_t *cycle)
|
|||
|
||||
rcf->pcre_jit = NGX_CONF_UNSET;
|
||||
|
||||
cln = ngx_pool_cleanup_add(cycle->pool, 0);
|
||||
if (cln == NULL) {
|
||||
ngx_pcre_studies = ngx_list_create(cycle->pool, 8, sizeof(ngx_regex_elt_t));
|
||||
if (ngx_pcre_studies == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
cln->handler = ngx_regex_cleanup;
|
||||
cln->data = rcf;
|
||||
|
||||
rcf->studies = ngx_list_create(cycle->pool, 8, sizeof(ngx_regex_elt_t));
|
||||
if (rcf->studies == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ngx_regex_studies = rcf->studies;
|
||||
|
||||
return rcf;
|
||||
}
|
||||
|
||||
|
@ -766,21 +412,7 @@ ngx_regex_pcre_jit(ngx_conf_t *cf, void *post, void *data)
|
|||
return NGX_CONF_OK;
|
||||
}
|
||||
|
||||
#if (NGX_PCRE2)
|
||||
{
|
||||
int r;
|
||||
uint32_t jit;
|
||||
|
||||
jit = 0;
|
||||
r = pcre2_config(PCRE2_CONFIG_JIT, &jit);
|
||||
|
||||
if (r != 0 || jit != 1) {
|
||||
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
|
||||
"PCRE2 library does not support JIT");
|
||||
*fp = 0;
|
||||
}
|
||||
}
|
||||
#elif (NGX_HAVE_PCRE_JIT)
|
||||
#if (NGX_HAVE_PCRE_JIT)
|
||||
{
|
||||
int jit, r;
|
||||
|
||||
|
|
|
@ -12,38 +12,24 @@
|
|||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
|
||||
|
||||
#if (NGX_PCRE2)
|
||||
|
||||
#define PCRE2_CODE_UNIT_WIDTH 8
|
||||
#include <pcre2.h>
|
||||
|
||||
#define NGX_REGEX_NO_MATCHED PCRE2_ERROR_NOMATCH /* -1 */
|
||||
|
||||
typedef pcre2_code ngx_regex_t;
|
||||
|
||||
#else
|
||||
|
||||
#include <pcre.h>
|
||||
|
||||
#define NGX_REGEX_NO_MATCHED PCRE_ERROR_NOMATCH /* -1 */
|
||||
|
||||
#define NGX_REGEX_NO_MATCHED PCRE_ERROR_NOMATCH /* -1 */
|
||||
|
||||
#define NGX_REGEX_CASELESS PCRE_CASELESS
|
||||
|
||||
|
||||
typedef struct {
|
||||
pcre *code;
|
||||
pcre_extra *extra;
|
||||
} ngx_regex_t;
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
#define NGX_REGEX_CASELESS 0x00000001
|
||||
#define NGX_REGEX_MULTILINE 0x00000002
|
||||
|
||||
|
||||
typedef struct {
|
||||
ngx_str_t pattern;
|
||||
ngx_pool_t *pool;
|
||||
ngx_uint_t options;
|
||||
ngx_int_t options;
|
||||
|
||||
ngx_regex_t *regex;
|
||||
int captures;
|
||||
|
@ -63,14 +49,10 @@ typedef struct {
|
|||
void ngx_regex_init(void);
|
||||
ngx_int_t ngx_regex_compile(ngx_regex_compile_t *rc);
|
||||
|
||||
ngx_int_t ngx_regex_exec(ngx_regex_t *re, ngx_str_t *s, int *captures,
|
||||
ngx_uint_t size);
|
||||
|
||||
#if (NGX_PCRE2)
|
||||
#define ngx_regex_exec_n "pcre2_match()"
|
||||
#else
|
||||
#define ngx_regex_exec_n "pcre_exec()"
|
||||
#endif
|
||||
#define ngx_regex_exec(re, s, captures, size) \
|
||||
pcre_exec(re->code, re->extra, (const char *) (s)->data, (s)->len, 0, 0, \
|
||||
captures, size)
|
||||
#define ngx_regex_exec_n "pcre_exec()"
|
||||
|
||||
ngx_int_t ngx_regex_exec_array(ngx_array_t *a, ngx_str_t *s, ngx_log_t *log);
|
||||
|
||||
|
|
|
@ -51,7 +51,9 @@ typedef struct {
|
|||
} ngx_resolver_an_t;
|
||||
|
||||
|
||||
#define ngx_resolver_node(n) ngx_rbtree_data(n, ngx_resolver_node_t, node)
|
||||
#define ngx_resolver_node(n) \
|
||||
(ngx_resolver_node_t *) \
|
||||
((u_char *) (n) - offsetof(ngx_resolver_node_t, node))
|
||||
|
||||
|
||||
static ngx_int_t ngx_udp_connect(ngx_resolver_connection_t *rec);
|
||||
|
@ -157,8 +159,6 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n)
|
|||
cln->handler = ngx_resolver_cleanup;
|
||||
cln->data = r;
|
||||
|
||||
r->ipv4 = 1;
|
||||
|
||||
ngx_rbtree_init(&r->name_rbtree, &r->name_sentinel,
|
||||
ngx_resolver_rbtree_insert_value);
|
||||
|
||||
|
@ -227,23 +227,6 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n)
|
|||
}
|
||||
|
||||
#if (NGX_HAVE_INET6)
|
||||
if (ngx_strncmp(names[i].data, "ipv4=", 5) == 0) {
|
||||
|
||||
if (ngx_strcmp(&names[i].data[5], "on") == 0) {
|
||||
r->ipv4 = 1;
|
||||
|
||||
} else if (ngx_strcmp(&names[i].data[5], "off") == 0) {
|
||||
r->ipv4 = 0;
|
||||
|
||||
} else {
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
||||
"invalid parameter: %V", &names[i]);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
if (ngx_strncmp(names[i].data, "ipv6=", 5) == 0) {
|
||||
|
||||
if (ngx_strcmp(&names[i].data[5], "on") == 0) {
|
||||
|
@ -292,14 +275,6 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n)
|
|||
}
|
||||
}
|
||||
|
||||
#if (NGX_HAVE_INET6)
|
||||
if (r->ipv4 + r->ipv6 == 0) {
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
||||
"\"ipv4\" and \"ipv6\" cannot both be \"off\"");
|
||||
return NULL;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (n && r->connections.nelts == 0) {
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "no name servers defined");
|
||||
return NULL;
|
||||
|
@ -863,7 +838,7 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx,
|
|||
r->last_connection = 0;
|
||||
}
|
||||
|
||||
rn->naddrs = r->ipv4 ? (u_short) -1 : 0;
|
||||
rn->naddrs = (u_short) -1;
|
||||
rn->tcp = 0;
|
||||
#if (NGX_HAVE_INET6)
|
||||
rn->naddrs6 = r->ipv6 ? (u_short) -1 : 0;
|
||||
|
@ -997,8 +972,7 @@ ngx_resolve_addr(ngx_resolver_ctx_t *ctx)
|
|||
|
||||
name = ngx_resolver_dup(r, rn->name, rn->nlen);
|
||||
if (name == NULL) {
|
||||
ngx_resolver_free(r, ctx);
|
||||
return NGX_ERROR;
|
||||
goto failed;
|
||||
}
|
||||
|
||||
ctx->name.len = rn->nlen;
|
||||
|
@ -1290,7 +1264,7 @@ ngx_resolver_send_query(ngx_resolver_t *r, ngx_resolver_node_t *rn)
|
|||
rec->log.action = "resolving";
|
||||
}
|
||||
|
||||
if (rn->query && rn->naddrs == (u_short) -1) {
|
||||
if (rn->naddrs == (u_short) -1) {
|
||||
rc = rn->tcp ? ngx_resolver_send_tcp_query(r, rec, rn->query, rn->qlen)
|
||||
: ngx_resolver_send_udp_query(r, rec, rn->query, rn->qlen);
|
||||
|
||||
|
@ -1416,7 +1390,6 @@ ngx_resolver_send_tcp_query(ngx_resolver_t *r, ngx_resolver_connection_t *rec,
|
|||
|
||||
rec->tcp->data = rec;
|
||||
rec->tcp->write->handler = ngx_resolver_tcp_write;
|
||||
rec->tcp->write->cancelable = 1;
|
||||
rec->tcp->read->handler = ngx_resolver_tcp_read;
|
||||
rec->tcp->read->resolver = 1;
|
||||
|
||||
|
@ -1589,28 +1562,13 @@ ngx_resolver_udp_read(ngx_event_t *rev)
|
|||
do {
|
||||
n = ngx_udp_recv(c, buf, NGX_RESOLVER_UDP_SIZE);
|
||||
|
||||
if (n == NGX_AGAIN) {
|
||||
break;
|
||||
}
|
||||
|
||||
if (n == NGX_ERROR) {
|
||||
goto failed;
|
||||
if (n < 0) {
|
||||
return;
|
||||
}
|
||||
|
||||
ngx_resolver_process_response(rec->resolver, buf, n, 0);
|
||||
|
||||
} while (rev->ready);
|
||||
|
||||
if (ngx_handle_read_event(rev, 0) != NGX_OK) {
|
||||
goto failed;
|
||||
}
|
||||
|
||||
return;
|
||||
|
||||
failed:
|
||||
|
||||
ngx_close_connection(rec->udp);
|
||||
rec->udp = NULL;
|
||||
}
|
||||
|
||||
|
||||
|
@ -1792,13 +1750,10 @@ ngx_resolver_process_response(ngx_resolver_t *r, u_char *buf, size_t n,
|
|||
q = ngx_queue_next(q))
|
||||
{
|
||||
rn = ngx_queue_data(q, ngx_resolver_node_t, queue);
|
||||
qident = (rn->query[0] << 8) + rn->query[1];
|
||||
|
||||
if (rn->query) {
|
||||
qident = (rn->query[0] << 8) + rn->query[1];
|
||||
|
||||
if (qident == ident) {
|
||||
goto dns_error_name;
|
||||
}
|
||||
if (qident == ident) {
|
||||
goto dns_error_name;
|
||||
}
|
||||
|
||||
#if (NGX_HAVE_INET6)
|
||||
|
@ -1827,12 +1782,6 @@ ngx_resolver_process_response(ngx_resolver_t *r, u_char *buf, size_t n,
|
|||
i = sizeof(ngx_resolver_hdr_t);
|
||||
|
||||
while (i < (ngx_uint_t) n) {
|
||||
|
||||
if (buf[i] & 0xc0) {
|
||||
err = "unexpected compression pointer in DNS response";
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (buf[i] == '\0') {
|
||||
goto found;
|
||||
}
|
||||
|
@ -1968,7 +1917,7 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t n,
|
|||
|
||||
if (rn == NULL) {
|
||||
ngx_log_error(r->log_level, r->log, 0,
|
||||
"unexpected DNS response for %V", &name);
|
||||
"unexpected response for %V", &name);
|
||||
ngx_resolver_free(r, name.data);
|
||||
goto failed;
|
||||
}
|
||||
|
@ -1980,7 +1929,7 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t n,
|
|||
|
||||
if (rn->query6 == NULL || rn->naddrs6 != (u_short) -1) {
|
||||
ngx_log_error(r->log_level, r->log, 0,
|
||||
"unexpected DNS response for %V", &name);
|
||||
"unexpected response for %V", &name);
|
||||
ngx_resolver_free(r, name.data);
|
||||
goto failed;
|
||||
}
|
||||
|
@ -1999,7 +1948,7 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t n,
|
|||
|
||||
if (rn->query == NULL || rn->naddrs != (u_short) -1) {
|
||||
ngx_log_error(r->log_level, r->log, 0,
|
||||
"unexpected DNS response for %V", &name);
|
||||
"unexpected response for %V", &name);
|
||||
ngx_resolver_free(r, name.data);
|
||||
goto failed;
|
||||
}
|
||||
|
@ -2014,7 +1963,7 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t n,
|
|||
|
||||
if (ident != qident) {
|
||||
ngx_log_error(r->log_level, r->log, 0,
|
||||
"wrong ident %ui in DNS response for %V, expect %ui",
|
||||
"wrong ident %ui response for %V, expect %ui",
|
||||
ident, &name, qident);
|
||||
ngx_resolver_free(r, name.data);
|
||||
goto failed;
|
||||
|
@ -2199,7 +2148,7 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t n,
|
|||
|
||||
if (class != 1) {
|
||||
ngx_log_error(r->log_level, r->log, 0,
|
||||
"unexpected RR class %ui in DNS response", class);
|
||||
"unexpected RR class %ui", class);
|
||||
goto failed;
|
||||
}
|
||||
|
||||
|
@ -2268,7 +2217,7 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t n,
|
|||
default:
|
||||
|
||||
ngx_log_error(r->log_level, r->log, 0,
|
||||
"unexpected RR type %ui in DNS response", type);
|
||||
"unexpected RR type %ui", type);
|
||||
}
|
||||
|
||||
i += len;
|
||||
|
@ -2617,7 +2566,7 @@ ngx_resolver_process_srv(ngx_resolver_t *r, u_char *buf, size_t n,
|
|||
|
||||
if (rn == NULL || rn->query == NULL) {
|
||||
ngx_log_error(r->log_level, r->log, 0,
|
||||
"unexpected DNS response for %V", &name);
|
||||
"unexpected response for %V", &name);
|
||||
ngx_resolver_free(r, name.data);
|
||||
goto failed;
|
||||
}
|
||||
|
@ -2631,7 +2580,7 @@ ngx_resolver_process_srv(ngx_resolver_t *r, u_char *buf, size_t n,
|
|||
|
||||
if (ident != qident) {
|
||||
ngx_log_error(r->log_level, r->log, 0,
|
||||
"wrong ident %ui in DNS response for %V, expect %ui",
|
||||
"wrong ident %ui response for %V, expect %ui",
|
||||
ident, &name, qident);
|
||||
ngx_resolver_free(r, name.data);
|
||||
goto failed;
|
||||
|
@ -2741,7 +2690,7 @@ ngx_resolver_process_srv(ngx_resolver_t *r, u_char *buf, size_t n,
|
|||
|
||||
if (class != 1) {
|
||||
ngx_log_error(r->log_level, r->log, 0,
|
||||
"unexpected RR class %ui in DNS response", class);
|
||||
"unexpected RR class %ui", class);
|
||||
goto failed;
|
||||
}
|
||||
|
||||
|
@ -2784,7 +2733,7 @@ ngx_resolver_process_srv(ngx_resolver_t *r, u_char *buf, size_t n,
|
|||
default:
|
||||
|
||||
ngx_log_error(r->log_level, r->log, 0,
|
||||
"unexpected RR type %ui in DNS response", type);
|
||||
"unexpected RR type %ui", type);
|
||||
}
|
||||
|
||||
i += len;
|
||||
|
@ -3215,7 +3164,7 @@ valid:
|
|||
|
||||
if (rn == NULL || rn->query == NULL) {
|
||||
ngx_log_error(r->log_level, r->log, 0,
|
||||
"unexpected DNS response for %V", &name);
|
||||
"unexpected response for %V", &name);
|
||||
ngx_resolver_free(r, name.data);
|
||||
goto failed;
|
||||
}
|
||||
|
@ -3224,7 +3173,7 @@ valid:
|
|||
|
||||
if (ident != qident) {
|
||||
ngx_log_error(r->log_level, r->log, 0,
|
||||
"wrong ident %ui in DNS response for %V, expect %ui",
|
||||
"wrong ident %ui response for %V, expect %ui",
|
||||
ident, &name, qident);
|
||||
ngx_resolver_free(r, name.data);
|
||||
goto failed;
|
||||
|
@ -3306,7 +3255,7 @@ valid:
|
|||
|
||||
if (class != 1) {
|
||||
ngx_log_error(r->log_level, r->log, 0,
|
||||
"unexpected RR class %ui in DNS response", class);
|
||||
"unexpected RR class %ui", class);
|
||||
goto failed;
|
||||
}
|
||||
|
||||
|
@ -3333,7 +3282,7 @@ valid:
|
|||
default:
|
||||
|
||||
ngx_log_error(r->log_level, r->log, 0,
|
||||
"unexpected RR type %ui in DNS response", type);
|
||||
"unexpected RR type %ui", type);
|
||||
}
|
||||
|
||||
i += len;
|
||||
|
@ -3675,7 +3624,7 @@ ngx_resolver_create_name_query(ngx_resolver_t *r, ngx_resolver_node_t *rn,
|
|||
len = sizeof(ngx_resolver_hdr_t) + nlen + sizeof(ngx_resolver_qs_t);
|
||||
|
||||
#if (NGX_HAVE_INET6)
|
||||
p = ngx_resolver_alloc(r, len * (r->ipv4 + r->ipv6));
|
||||
p = ngx_resolver_alloc(r, r->ipv6 ? len * 2 : len);
|
||||
#else
|
||||
p = ngx_resolver_alloc(r, len);
|
||||
#endif
|
||||
|
@ -3688,21 +3637,19 @@ ngx_resolver_create_name_query(ngx_resolver_t *r, ngx_resolver_node_t *rn,
|
|||
|
||||
#if (NGX_HAVE_INET6)
|
||||
if (r->ipv6) {
|
||||
rn->query6 = r->ipv4 ? (p + len) : p;
|
||||
rn->query6 = p + len;
|
||||
}
|
||||
#endif
|
||||
|
||||
query = (ngx_resolver_hdr_t *) p;
|
||||
|
||||
if (r->ipv4) {
|
||||
ident = ngx_random();
|
||||
ident = ngx_random();
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_CORE, r->log, 0,
|
||||
"resolve: \"%V\" A %i", name, ident & 0xffff);
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_CORE, r->log, 0,
|
||||
"resolve: \"%V\" A %i", name, ident & 0xffff);
|
||||
|
||||
query->ident_hi = (u_char) ((ident >> 8) & 0xff);
|
||||
query->ident_lo = (u_char) (ident & 0xff);
|
||||
}
|
||||
query->ident_hi = (u_char) ((ident >> 8) & 0xff);
|
||||
query->ident_lo = (u_char) (ident & 0xff);
|
||||
|
||||
/* recursion query */
|
||||
query->flags_hi = 1; query->flags_lo = 0;
|
||||
|
@ -3763,9 +3710,7 @@ ngx_resolver_create_name_query(ngx_resolver_t *r, ngx_resolver_node_t *rn,
|
|||
|
||||
p = rn->query6;
|
||||
|
||||
if (r->ipv4) {
|
||||
ngx_memcpy(p, rn->query, rn->qlen);
|
||||
}
|
||||
ngx_memcpy(p, rn->query, rn->qlen);
|
||||
|
||||
query = (ngx_resolver_hdr_t *) p;
|
||||
|
||||
|
@ -3978,11 +3923,11 @@ ngx_resolver_copy(ngx_resolver_t *r, ngx_str_t *name, u_char *buf, u_char *src,
|
|||
{
|
||||
char *err;
|
||||
u_char *p, *dst;
|
||||
size_t len;
|
||||
ssize_t len;
|
||||
ngx_uint_t i, n;
|
||||
|
||||
p = src;
|
||||
len = 0;
|
||||
len = -1;
|
||||
|
||||
/*
|
||||
* compression pointers allow to create endless loop, so we set limit;
|
||||
|
@ -3997,16 +3942,6 @@ ngx_resolver_copy(ngx_resolver_t *r, ngx_str_t *name, u_char *buf, u_char *src,
|
|||
}
|
||||
|
||||
if (n & 0xc0) {
|
||||
if ((n & 0xc0) != 0xc0) {
|
||||
err = "invalid label type in DNS response";
|
||||
goto invalid;
|
||||
}
|
||||
|
||||
if (p >= last) {
|
||||
err = "name is out of DNS response";
|
||||
goto invalid;
|
||||
}
|
||||
|
||||
n = ((n & 0x3f) << 8) + *p;
|
||||
p = &buf[n];
|
||||
|
||||
|
@ -4016,12 +3951,12 @@ ngx_resolver_copy(ngx_resolver_t *r, ngx_str_t *name, u_char *buf, u_char *src,
|
|||
}
|
||||
|
||||
if (p >= last) {
|
||||
err = "name is out of DNS response";
|
||||
err = "name is out of response";
|
||||
goto invalid;
|
||||
}
|
||||
}
|
||||
|
||||
err = "compression pointers loop in DNS response";
|
||||
err = "compression pointers loop";
|
||||
|
||||
invalid:
|
||||
|
||||
|
@ -4035,7 +3970,7 @@ done:
|
|||
return NGX_OK;
|
||||
}
|
||||
|
||||
if (len == 0) {
|
||||
if (len == -1) {
|
||||
ngx_str_null(name);
|
||||
return NGX_OK;
|
||||
}
|
||||
|
@ -4047,23 +3982,30 @@ done:
|
|||
|
||||
name->data = dst;
|
||||
|
||||
n = *src++;
|
||||
|
||||
for ( ;; ) {
|
||||
n = *src++;
|
||||
|
||||
if (n == 0) {
|
||||
name->len = dst - name->data - 1;
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
if (n & 0xc0) {
|
||||
n = ((n & 0x3f) << 8) + *src;
|
||||
src = &buf[n];
|
||||
|
||||
n = *src++;
|
||||
|
||||
} else {
|
||||
ngx_strlow(dst, src, n);
|
||||
dst += n;
|
||||
src += n;
|
||||
*dst++ = '.';
|
||||
|
||||
n = *src++;
|
||||
|
||||
if (n != 0) {
|
||||
*dst++ = '.';
|
||||
}
|
||||
}
|
||||
|
||||
if (n == 0) {
|
||||
name->len = dst - name->data;
|
||||
return NGX_OK;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -4501,8 +4443,6 @@ ngx_udp_connect(ngx_resolver_connection_t *rec)
|
|||
|
||||
c->number = ngx_atomic_fetch_add(ngx_connection_counter, 1);
|
||||
|
||||
c->start_time = ngx_current_msec;
|
||||
|
||||
ngx_log_debug3(NGX_LOG_DEBUG_EVENT, &rec->log, 0,
|
||||
"connect to %V, fd:%d #%uA", &rec->server, s, c->number);
|
||||
|
||||
|
@ -4589,8 +4529,6 @@ ngx_tcp_connect(ngx_resolver_connection_t *rec)
|
|||
|
||||
c->number = ngx_atomic_fetch_add(ngx_connection_counter, 1);
|
||||
|
||||
c->start_time = ngx_current_msec;
|
||||
|
||||
if (ngx_add_conn) {
|
||||
if (ngx_add_conn(c) == NGX_ERROR) {
|
||||
goto failed;
|
||||
|
|
|
@ -175,10 +175,8 @@ struct ngx_resolver_s {
|
|||
ngx_queue_t srv_expire_queue;
|
||||
ngx_queue_t addr_expire_queue;
|
||||
|
||||
unsigned ipv4:1;
|
||||
|
||||
#if (NGX_HAVE_INET6)
|
||||
unsigned ipv6:1;
|
||||
ngx_uint_t ipv6; /* unsigned ipv6:1; */
|
||||
ngx_rbtree_t addr6_rbtree;
|
||||
ngx_rbtree_node_t addr6_sentinel;
|
||||
ngx_queue_t addr6_resend_queue;
|
||||
|
|
|
@ -89,10 +89,22 @@ ngx_rwlock_rlock(ngx_atomic_t *lock)
|
|||
void
|
||||
ngx_rwlock_unlock(ngx_atomic_t *lock)
|
||||
{
|
||||
if (*lock == NGX_RWLOCK_WLOCK) {
|
||||
ngx_atomic_uint_t readers;
|
||||
|
||||
readers = *lock;
|
||||
|
||||
if (readers == NGX_RWLOCK_WLOCK) {
|
||||
(void) ngx_atomic_cmp_set(lock, NGX_RWLOCK_WLOCK, 0);
|
||||
} else {
|
||||
(void) ngx_atomic_fetch_add(lock, -1);
|
||||
return;
|
||||
}
|
||||
|
||||
for ( ;; ) {
|
||||
|
||||
if (ngx_atomic_cmp_set(lock, readers, readers - 1)) {
|
||||
return;
|
||||
}
|
||||
|
||||
readers = *lock;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -11,8 +11,6 @@
|
|||
|
||||
static u_char *ngx_sprintf_num(u_char *buf, u_char *last, uint64_t ui64,
|
||||
u_char zero, ngx_uint_t hexadecimal, ngx_uint_t width);
|
||||
static u_char *ngx_sprintf_str(u_char *buf, u_char *last, u_char *src,
|
||||
size_t len, ngx_uint_t hexadecimal);
|
||||
static void ngx_encode_base64_internal(ngx_str_t *dst, ngx_str_t *src,
|
||||
const u_char *basis, ngx_uint_t padding);
|
||||
static ngx_int_t ngx_decode_base64_internal(ngx_str_t *dst, ngx_str_t *src,
|
||||
|
@ -103,10 +101,10 @@ ngx_pstrdup(ngx_pool_t *pool, ngx_str_t *src)
|
|||
* %M ngx_msec_t
|
||||
* %r rlim_t
|
||||
* %p void *
|
||||
* %[x|X]V ngx_str_t *
|
||||
* %[x|X]v ngx_variable_value_t *
|
||||
* %[x|X]s null-terminated string
|
||||
* %*[x|X]s length and string
|
||||
* %V ngx_str_t *
|
||||
* %v ngx_variable_value_t *
|
||||
* %s null-terminated string
|
||||
* %*s length and string
|
||||
* %Z '\0'
|
||||
* %N '\n'
|
||||
* %c char
|
||||
|
@ -167,7 +165,7 @@ ngx_vslprintf(u_char *buf, u_char *last, const char *fmt, va_list args)
|
|||
u_char *p, zero;
|
||||
int d;
|
||||
double f;
|
||||
size_t slen;
|
||||
size_t len, slen;
|
||||
int64_t i64;
|
||||
uint64_t ui64, frac;
|
||||
ngx_msec_t ms;
|
||||
|
@ -252,7 +250,8 @@ ngx_vslprintf(u_char *buf, u_char *last, const char *fmt, va_list args)
|
|||
case 'V':
|
||||
v = va_arg(args, ngx_str_t *);
|
||||
|
||||
buf = ngx_sprintf_str(buf, last, v->data, v->len, hex);
|
||||
len = ngx_min(((size_t) (last - buf)), v->len);
|
||||
buf = ngx_cpymem(buf, v->data, len);
|
||||
fmt++;
|
||||
|
||||
continue;
|
||||
|
@ -260,7 +259,8 @@ ngx_vslprintf(u_char *buf, u_char *last, const char *fmt, va_list args)
|
|||
case 'v':
|
||||
vv = va_arg(args, ngx_variable_value_t *);
|
||||
|
||||
buf = ngx_sprintf_str(buf, last, vv->data, vv->len, hex);
|
||||
len = ngx_min(((size_t) (last - buf)), vv->len);
|
||||
buf = ngx_cpymem(buf, vv->data, len);
|
||||
fmt++;
|
||||
|
||||
continue;
|
||||
|
@ -268,7 +268,16 @@ ngx_vslprintf(u_char *buf, u_char *last, const char *fmt, va_list args)
|
|||
case 's':
|
||||
p = va_arg(args, u_char *);
|
||||
|
||||
buf = ngx_sprintf_str(buf, last, p, slen, hex);
|
||||
if (slen == (size_t) -1) {
|
||||
while (*p && buf < last) {
|
||||
*buf++ = *p++;
|
||||
}
|
||||
|
||||
} else {
|
||||
len = ngx_min(((size_t) (last - buf)), slen);
|
||||
buf = ngx_cpymem(buf, p, len);
|
||||
}
|
||||
|
||||
fmt++;
|
||||
|
||||
continue;
|
||||
|
@ -567,64 +576,6 @@ ngx_sprintf_num(u_char *buf, u_char *last, uint64_t ui64, u_char zero,
|
|||
}
|
||||
|
||||
|
||||
static u_char *
|
||||
ngx_sprintf_str(u_char *buf, u_char *last, u_char *src, size_t len,
|
||||
ngx_uint_t hexadecimal)
|
||||
{
|
||||
static u_char hex[] = "0123456789abcdef";
|
||||
static u_char HEX[] = "0123456789ABCDEF";
|
||||
|
||||
if (hexadecimal == 0) {
|
||||
|
||||
if (len == (size_t) -1) {
|
||||
while (*src && buf < last) {
|
||||
*buf++ = *src++;
|
||||
}
|
||||
|
||||
} else {
|
||||
len = ngx_min((size_t) (last - buf), len);
|
||||
buf = ngx_cpymem(buf, src, len);
|
||||
}
|
||||
|
||||
} else if (hexadecimal == 1) {
|
||||
|
||||
if (len == (size_t) -1) {
|
||||
|
||||
while (*src && buf < last - 1) {
|
||||
*buf++ = hex[*src >> 4];
|
||||
*buf++ = hex[*src++ & 0xf];
|
||||
}
|
||||
|
||||
} else {
|
||||
|
||||
while (len-- && buf < last - 1) {
|
||||
*buf++ = hex[*src >> 4];
|
||||
*buf++ = hex[*src++ & 0xf];
|
||||
}
|
||||
}
|
||||
|
||||
} else { /* hexadecimal == 2 */
|
||||
|
||||
if (len == (size_t) -1) {
|
||||
|
||||
while (*src && buf < last - 1) {
|
||||
*buf++ = HEX[*src >> 4];
|
||||
*buf++ = HEX[*src++ & 0xf];
|
||||
}
|
||||
|
||||
} else {
|
||||
|
||||
while (len-- && buf < last - 1) {
|
||||
*buf++ = HEX[*src >> 4];
|
||||
*buf++ = HEX[*src++ & 0xf];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return buf;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* We use ngx_strcasecmp()/ngx_strncasecmp() for 7-bit ASCII strings only,
|
||||
* and implement our own ngx_strcasecmp()/ngx_strncasecmp()
|
||||
|
@ -1364,12 +1315,7 @@ ngx_utf8_decode(u_char **p, size_t n)
|
|||
|
||||
u = **p;
|
||||
|
||||
if (u >= 0xf8) {
|
||||
|
||||
(*p)++;
|
||||
return 0xffffffff;
|
||||
|
||||
} else if (u >= 0xf0) {
|
||||
if (u >= 0xf0) {
|
||||
|
||||
u &= 0x07;
|
||||
valid = 0xffff;
|
||||
|
@ -1498,32 +1444,19 @@ ngx_escape_uri(u_char *dst, u_char *src, size_t size, ngx_uint_t type)
|
|||
uint32_t *escape;
|
||||
static u_char hex[] = "0123456789ABCDEF";
|
||||
|
||||
/*
|
||||
* Per RFC 3986 only the following chars are allowed in URIs unescaped:
|
||||
*
|
||||
* unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
|
||||
* gen-delims = ":" / "/" / "?" / "#" / "[" / "]" / "@"
|
||||
* sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
|
||||
* / "*" / "+" / "," / ";" / "="
|
||||
*
|
||||
* And "%" can appear as a part of escaping itself. The following
|
||||
* characters are not allowed and need to be escaped: %00-%1F, %7F-%FF,
|
||||
* " ", """, "<", ">", "\", "^", "`", "{", "|", "}".
|
||||
*/
|
||||
|
||||
/* " ", "#", "%", "?", not allowed */
|
||||
/* " ", "#", "%", "?", %00-%1F, %7F-%FF */
|
||||
|
||||
static uint32_t uri[] = {
|
||||
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
|
||||
/* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */
|
||||
0xd000002d, /* 1101 0000 0000 0000 0000 0000 0010 1101 */
|
||||
0x80000029, /* 1000 0000 0000 0000 0000 0000 0010 1001 */
|
||||
|
||||
/* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */
|
||||
0x50000000, /* 0101 0000 0000 0000 0000 0000 0000 0000 */
|
||||
0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */
|
||||
|
||||
/* ~}| {zyx wvut srqp onml kjih gfed cba` */
|
||||
0xb8000001, /* 1011 1000 0000 0000 0000 0000 0000 0001 */
|
||||
0x80000000, /* 1000 0000 0000 0000 0000 0000 0000 0000 */
|
||||
|
||||
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
|
@ -1531,19 +1464,19 @@ ngx_escape_uri(u_char *dst, u_char *src, size_t size, ngx_uint_t type)
|
|||
0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
};
|
||||
|
||||
/* " ", "#", "%", "&", "+", ";", "?", not allowed */
|
||||
/* " ", "#", "%", "&", "+", "?", %00-%1F, %7F-%FF */
|
||||
|
||||
static uint32_t args[] = {
|
||||
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
|
||||
/* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */
|
||||
0xd800086d, /* 1101 1000 0000 0000 0000 1000 0110 1101 */
|
||||
0x88000869, /* 1000 1000 0000 0000 0000 1000 0110 1001 */
|
||||
|
||||
/* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */
|
||||
0x50000000, /* 0101 0000 0000 0000 0000 0000 0000 0000 */
|
||||
0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */
|
||||
|
||||
/* ~}| {zyx wvut srqp onml kjih gfed cba` */
|
||||
0xb8000001, /* 1011 1000 0000 0000 0000 0000 0000 0001 */
|
||||
0x80000000, /* 1000 0000 0000 0000 0000 0000 0000 0000 */
|
||||
|
||||
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
|
@ -1571,19 +1504,19 @@ ngx_escape_uri(u_char *dst, u_char *src, size_t size, ngx_uint_t type)
|
|||
0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
};
|
||||
|
||||
/* " ", "#", """, "%", "'", not allowed */
|
||||
/* " ", "#", """, "%", "'", %00-%1F, %7F-%FF */
|
||||
|
||||
static uint32_t html[] = {
|
||||
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
|
||||
/* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */
|
||||
0x500000ad, /* 0101 0000 0000 0000 0000 0000 1010 1101 */
|
||||
0x000000ad, /* 0000 0000 0000 0000 0000 0000 1010 1101 */
|
||||
|
||||
/* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */
|
||||
0x50000000, /* 0101 0000 0000 0000 0000 0000 0000 0000 */
|
||||
0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */
|
||||
|
||||
/* ~}| {zyx wvut srqp onml kjih gfed cba` */
|
||||
0xb8000001, /* 1011 1000 0000 0000 0000 0000 0000 0001 */
|
||||
0x80000000, /* 1000 0000 0000 0000 0000 0000 0000 0000 */
|
||||
|
||||
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
|
@ -1591,19 +1524,19 @@ ngx_escape_uri(u_char *dst, u_char *src, size_t size, ngx_uint_t type)
|
|||
0xffffffff /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
};
|
||||
|
||||
/* " ", """, "'", not allowed */
|
||||
/* " ", """, "%", "'", %00-%1F, %7F-%FF */
|
||||
|
||||
static uint32_t refresh[] = {
|
||||
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
|
||||
/* ?>=< ;:98 7654 3210 /.-, +*)( '&%$ #"! */
|
||||
0x50000085, /* 0101 0000 0000 0000 0000 0000 1000 0101 */
|
||||
0x00000085, /* 0000 0000 0000 0000 0000 0000 1000 0101 */
|
||||
|
||||
/* _^]\ [ZYX WVUT SRQP ONML KJIH GFED CBA@ */
|
||||
0x50000000, /* 0101 0000 0000 0000 0000 0000 0000 0000 */
|
||||
0x00000000, /* 0000 0000 0000 0000 0000 0000 0000 0000 */
|
||||
|
||||
/* ~}| {zyx wvut srqp onml kjih gfed cba` */
|
||||
0xd8000001, /* 1011 1000 0000 0000 0000 0000 0000 0001 */
|
||||
0x80000000, /* 1000 0000 0000 0000 0000 0000 0000 0000 */
|
||||
|
||||
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
0xffffffff, /* 1111 1111 1111 1111 1111 1111 1111 1111 */
|
||||
|
|
|
@ -140,12 +140,12 @@ ngx_copy(u_char *dst, u_char *src, size_t len)
|
|||
#endif
|
||||
|
||||
|
||||
#define ngx_memmove(dst, src, n) (void) memmove(dst, src, n)
|
||||
#define ngx_movemem(dst, src, n) (((u_char *) memmove(dst, src, n)) + (n))
|
||||
#define ngx_memmove(dst, src, n) (void) memmove(dst, src, n)
|
||||
#define ngx_movemem(dst, src, n) (((u_char *) memmove(dst, src, n)) + (n))
|
||||
|
||||
|
||||
/* msvc and icc7 compile memcmp() to the inline loop */
|
||||
#define ngx_memcmp(s1, s2, n) memcmp(s1, s2, n)
|
||||
#define ngx_memcmp(s1, s2, n) memcmp((const char *) s1, (const char *) s2, n)
|
||||
|
||||
|
||||
u_char *ngx_cpystrn(u_char *dst, u_char *src, size_t n);
|
||||
|
|
|
@ -18,7 +18,6 @@
|
|||
static char *ngx_syslog_parse_args(ngx_conf_t *cf, ngx_syslog_peer_t *peer);
|
||||
static ngx_int_t ngx_syslog_init_peer(ngx_syslog_peer_t *peer);
|
||||
static void ngx_syslog_cleanup(void *data);
|
||||
static u_char *ngx_syslog_log_error(ngx_log_t *log, u_char *buf, size_t len);
|
||||
|
||||
|
||||
static char *facilities[] = {
|
||||
|
@ -67,9 +66,6 @@ ngx_syslog_process_conf(ngx_conf_t *cf, ngx_syslog_peer_t *peer)
|
|||
ngx_str_set(&peer->tag, "nginx");
|
||||
}
|
||||
|
||||
peer->hostname = &cf->cycle->hostname;
|
||||
peer->logp = &cf->cycle->new_log;
|
||||
|
||||
peer->conn.fd = (ngx_socket_t) -1;
|
||||
|
||||
peer->conn.read = &ngx_syslog_dummy_event;
|
||||
|
@ -247,7 +243,7 @@ ngx_syslog_add_header(ngx_syslog_peer_t *peer, u_char *buf)
|
|||
}
|
||||
|
||||
return ngx_sprintf(buf, "<%ui>%V %V %V: ", pri, &ngx_cached_syslog_time,
|
||||
peer->hostname, &peer->tag);
|
||||
&ngx_cycle->hostname, &peer->tag);
|
||||
}
|
||||
|
||||
|
||||
|
@ -290,19 +286,15 @@ ngx_syslog_send(ngx_syslog_peer_t *peer, u_char *buf, size_t len)
|
|||
{
|
||||
ssize_t n;
|
||||
|
||||
if (peer->log.handler == NULL) {
|
||||
peer->log = *peer->logp;
|
||||
peer->log.handler = ngx_syslog_log_error;
|
||||
peer->log.data = peer;
|
||||
peer->log.action = "logging to syslog";
|
||||
}
|
||||
|
||||
if (peer->conn.fd == (ngx_socket_t) -1) {
|
||||
if (ngx_syslog_init_peer(peer) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
/* log syslog socket events with valid log */
|
||||
peer->conn.log = ngx_cycle->log;
|
||||
|
||||
if (ngx_send) {
|
||||
n = ngx_send(&peer->conn, buf, len);
|
||||
|
||||
|
@ -314,7 +306,7 @@ ngx_syslog_send(ngx_syslog_peer_t *peer, u_char *buf, size_t len)
|
|||
if (n == NGX_ERROR) {
|
||||
|
||||
if (ngx_close_socket(peer->conn.fd) == -1) {
|
||||
ngx_log_error(NGX_LOG_ALERT, &peer->log, ngx_socket_errno,
|
||||
ngx_log_error(NGX_LOG_ALERT, ngx_cycle->log, ngx_socket_errno,
|
||||
ngx_close_socket_n " failed");
|
||||
}
|
||||
|
||||
|
@ -332,25 +324,24 @@ ngx_syslog_init_peer(ngx_syslog_peer_t *peer)
|
|||
|
||||
fd = ngx_socket(peer->server.sockaddr->sa_family, SOCK_DGRAM, 0);
|
||||
if (fd == (ngx_socket_t) -1) {
|
||||
ngx_log_error(NGX_LOG_ALERT, &peer->log, ngx_socket_errno,
|
||||
ngx_log_error(NGX_LOG_ALERT, ngx_cycle->log, ngx_socket_errno,
|
||||
ngx_socket_n " failed");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (ngx_nonblocking(fd) == -1) {
|
||||
ngx_log_error(NGX_LOG_ALERT, &peer->log, ngx_socket_errno,
|
||||
ngx_log_error(NGX_LOG_ALERT, ngx_cycle->log, ngx_socket_errno,
|
||||
ngx_nonblocking_n " failed");
|
||||
goto failed;
|
||||
}
|
||||
|
||||
if (connect(fd, peer->server.sockaddr, peer->server.socklen) == -1) {
|
||||
ngx_log_error(NGX_LOG_ALERT, &peer->log, ngx_socket_errno,
|
||||
ngx_log_error(NGX_LOG_ALERT, ngx_cycle->log, ngx_socket_errno,
|
||||
"connect() failed");
|
||||
goto failed;
|
||||
}
|
||||
|
||||
peer->conn.fd = fd;
|
||||
peer->conn.log = &peer->log;
|
||||
|
||||
/* UDP sockets are always ready to write */
|
||||
peer->conn.write->ready = 1;
|
||||
|
@ -360,7 +351,7 @@ ngx_syslog_init_peer(ngx_syslog_peer_t *peer)
|
|||
failed:
|
||||
|
||||
if (ngx_close_socket(fd) == -1) {
|
||||
ngx_log_error(NGX_LOG_ALERT, &peer->log, ngx_socket_errno,
|
||||
ngx_log_error(NGX_LOG_ALERT, ngx_cycle->log, ngx_socket_errno,
|
||||
ngx_close_socket_n " failed");
|
||||
}
|
||||
|
||||
|
@ -381,30 +372,7 @@ ngx_syslog_cleanup(void *data)
|
|||
}
|
||||
|
||||
if (ngx_close_socket(peer->conn.fd) == -1) {
|
||||
ngx_log_error(NGX_LOG_ALERT, &peer->log, ngx_socket_errno,
|
||||
ngx_log_error(NGX_LOG_ALERT, ngx_cycle->log, ngx_socket_errno,
|
||||
ngx_close_socket_n " failed");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
static u_char *
|
||||
ngx_syslog_log_error(ngx_log_t *log, u_char *buf, size_t len)
|
||||
{
|
||||
u_char *p;
|
||||
ngx_syslog_peer_t *peer;
|
||||
|
||||
p = buf;
|
||||
|
||||
if (log->action) {
|
||||
p = ngx_snprintf(buf, len, " while %s", log->action);
|
||||
len -= p - buf;
|
||||
}
|
||||
|
||||
peer = log->data;
|
||||
|
||||
if (peer) {
|
||||
p = ngx_snprintf(p, len, ", server: %V", &peer->server.name);
|
||||
}
|
||||
|
||||
return p;
|
||||
}
|
||||
|
|
|
@ -9,20 +9,14 @@
|
|||
|
||||
|
||||
typedef struct {
|
||||
ngx_uint_t facility;
|
||||
ngx_uint_t severity;
|
||||
ngx_str_t tag;
|
||||
ngx_uint_t facility;
|
||||
ngx_uint_t severity;
|
||||
ngx_str_t tag;
|
||||
|
||||
ngx_str_t *hostname;
|
||||
|
||||
ngx_addr_t server;
|
||||
ngx_connection_t conn;
|
||||
|
||||
ngx_log_t log;
|
||||
ngx_log_t *logp;
|
||||
|
||||
unsigned busy:1;
|
||||
unsigned nohostname:1;
|
||||
ngx_addr_t server;
|
||||
ngx_connection_t conn;
|
||||
unsigned busy:1;
|
||||
unsigned nohostname:1;
|
||||
} ngx_syslog_peer_t;
|
||||
|
||||
|
||||
|
|
|
@ -200,6 +200,10 @@ ngx_monotonic_time(time_t sec, ngx_uint_t msec)
|
|||
|
||||
#if defined(CLOCK_MONOTONIC_FAST)
|
||||
clock_gettime(CLOCK_MONOTONIC_FAST, &ts);
|
||||
|
||||
#elif defined(CLOCK_MONOTONIC_COARSE)
|
||||
clock_gettime(CLOCK_MONOTONIC_COARSE, &ts);
|
||||
|
||||
#else
|
||||
clock_gettime(CLOCK_MONOTONIC, &ts);
|
||||
#endif
|
||||
|
|
|
@ -495,7 +495,6 @@ ngx_devpoll_process_events(ngx_cycle_t *cycle, ngx_msec_t timer,
|
|||
|
||||
if ((revents & POLLIN) && rev->active) {
|
||||
rev->ready = 1;
|
||||
rev->available = -1;
|
||||
|
||||
if (flags & NGX_POST_EVENTS) {
|
||||
queue = rev->accept ? &ngx_posted_accept_events
|
||||
|
|
|
@ -886,10 +886,11 @@ ngx_epoll_process_events(ngx_cycle_t *cycle, ngx_msec_t timer, ngx_uint_t flags)
|
|||
if (revents & EPOLLRDHUP) {
|
||||
rev->pending_eof = 1;
|
||||
}
|
||||
|
||||
rev->available = 1;
|
||||
#endif
|
||||
|
||||
rev->ready = 1;
|
||||
rev->available = -1;
|
||||
|
||||
if (flags & NGX_POST_EVENTS) {
|
||||
queue = rev->accept ? &ngx_posted_accept_events
|
||||
|
|
|
@ -399,7 +399,7 @@ ngx_eventport_del_event(ngx_event_t *ev, ngx_int_t event, ngx_uint_t flags)
|
|||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
} else if (ev->active) {
|
||||
} else {
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ev->log, 0,
|
||||
"eventport del event: fd:%d", c->fd);
|
||||
|
||||
|
@ -559,7 +559,6 @@ ngx_eventport_process_events(ngx_cycle_t *cycle, ngx_msec_t timer,
|
|||
|
||||
if (revents & POLLIN) {
|
||||
rev->ready = 1;
|
||||
rev->available = -1;
|
||||
|
||||
if (flags & NGX_POST_EVENTS) {
|
||||
queue = rev->accept ? &ngx_posted_accept_events
|
||||
|
|
|
@ -231,8 +231,9 @@ ngx_iocp_del_connection(ngx_connection_t *c, ngx_uint_t flags)
|
|||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_iocp_process_events(ngx_cycle_t *cycle, ngx_msec_t timer, ngx_uint_t flags)
|
||||
static
|
||||
ngx_int_t ngx_iocp_process_events(ngx_cycle_t *cycle, ngx_msec_t timer,
|
||||
ngx_uint_t flags)
|
||||
{
|
||||
int rc;
|
||||
u_int key;
|
||||
|
@ -355,7 +356,7 @@ ngx_iocp_create_conf(ngx_cycle_t *cycle)
|
|||
|
||||
cf = ngx_palloc(cycle->pool, sizeof(ngx_iocp_conf_t));
|
||||
if (cf == NULL) {
|
||||
return NULL;
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
cf->threads = NGX_CONF_UNSET;
|
||||
|
|
|
@ -370,7 +370,6 @@ ngx_poll_process_events(ngx_cycle_t *cycle, ngx_msec_t timer, ngx_uint_t flags)
|
|||
|
||||
ev = c->read;
|
||||
ev->ready = 1;
|
||||
ev->available = -1;
|
||||
|
||||
queue = ev->accept ? &ngx_posted_accept_events
|
||||
: &ngx_posted_events;
|
||||
|
|
|
@ -330,7 +330,6 @@ ngx_select_process_events(ngx_cycle_t *cycle, ngx_msec_t timer,
|
|||
|
||||
if (found) {
|
||||
ev->ready = 1;
|
||||
ev->available = -1;
|
||||
|
||||
queue = ev->accept ? &ngx_posted_accept_events
|
||||
: &ngx_posted_events;
|
||||
|
|
|
@ -380,7 +380,6 @@ ngx_poll_process_events(ngx_cycle_t *cycle, ngx_msec_t timer, ngx_uint_t flags)
|
|||
|
||||
ev = c->read;
|
||||
ev->ready = 1;
|
||||
ev->available = -1;
|
||||
|
||||
queue = ev->accept ? &ngx_posted_accept_events
|
||||
: &ngx_posted_events;
|
||||
|
|
|
@ -330,7 +330,6 @@ ngx_select_process_events(ngx_cycle_t *cycle, ngx_msec_t timer,
|
|||
|
||||
if (found) {
|
||||
ev->ready = 1;
|
||||
ev->available = -1;
|
||||
|
||||
queue = ev->accept ? &ngx_posted_accept_events
|
||||
: &ngx_posted_events;
|
||||
|
|
|
@ -55,7 +55,6 @@ ngx_uint_t ngx_accept_events;
|
|||
ngx_uint_t ngx_accept_mutex_held;
|
||||
ngx_msec_t ngx_accept_mutex_delay;
|
||||
ngx_int_t ngx_accept_disabled;
|
||||
ngx_uint_t ngx_use_exclusive_accept;
|
||||
|
||||
|
||||
#if (NGX_STAT_STUB)
|
||||
|
@ -238,11 +237,6 @@ ngx_process_events_and_timers(ngx_cycle_t *cycle)
|
|||
}
|
||||
}
|
||||
|
||||
if (!ngx_queue_empty(&ngx_posted_next_events)) {
|
||||
ngx_event_move_posted_next(cycle);
|
||||
timer = 0;
|
||||
}
|
||||
|
||||
delta = ngx_current_msec;
|
||||
|
||||
(void) ngx_process_events(cycle, timer, flags);
|
||||
|
@ -258,7 +252,9 @@ ngx_process_events_and_timers(ngx_cycle_t *cycle)
|
|||
ngx_shmtx_unlock(&ngx_accept_mutex);
|
||||
}
|
||||
|
||||
ngx_event_expire_timers();
|
||||
if (delta) {
|
||||
ngx_event_expire_timers();
|
||||
}
|
||||
|
||||
ngx_event_process_posted(cycle, &ngx_posted_events);
|
||||
}
|
||||
|
@ -267,18 +263,6 @@ ngx_process_events_and_timers(ngx_cycle_t *cycle)
|
|||
ngx_int_t
|
||||
ngx_handle_read_event(ngx_event_t *rev, ngx_uint_t flags)
|
||||
{
|
||||
#if (NGX_QUIC)
|
||||
|
||||
ngx_connection_t *c;
|
||||
|
||||
c = rev->data;
|
||||
|
||||
if (c->quic) {
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
if (ngx_event_flags & NGX_USE_CLEAR_EVENT) {
|
||||
|
||||
/* kqueue, epoll */
|
||||
|
@ -329,7 +313,7 @@ ngx_handle_read_event(ngx_event_t *rev, ngx_uint_t flags)
|
|||
return NGX_OK;
|
||||
}
|
||||
|
||||
if (rev->oneshot && rev->ready) {
|
||||
if (rev->oneshot && !rev->ready) {
|
||||
if (ngx_del_event(rev, NGX_READ_EVENT, 0) == NGX_ERROR) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
@ -349,15 +333,9 @@ ngx_handle_write_event(ngx_event_t *wev, size_t lowat)
|
|||
{
|
||||
ngx_connection_t *c;
|
||||
|
||||
c = wev->data;
|
||||
|
||||
#if (NGX_QUIC)
|
||||
if (c->quic) {
|
||||
return NGX_OK;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (lowat) {
|
||||
c = wev->data;
|
||||
|
||||
if (ngx_send_lowat(c, lowat) == NGX_ERROR) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
@ -434,7 +412,6 @@ ngx_event_init_conf(ngx_cycle_t *cycle, void *conf)
|
|||
{
|
||||
#if (NGX_HAVE_REUSEPORT)
|
||||
ngx_uint_t i;
|
||||
ngx_core_conf_t *ccf;
|
||||
ngx_listening_t *ls;
|
||||
#endif
|
||||
|
||||
|
@ -461,25 +438,20 @@ ngx_event_init_conf(ngx_cycle_t *cycle, void *conf)
|
|||
|
||||
#if (NGX_HAVE_REUSEPORT)
|
||||
|
||||
ccf = (ngx_core_conf_t *) ngx_get_conf(cycle->conf_ctx, ngx_core_module);
|
||||
ls = cycle->listening.elts;
|
||||
for (i = 0; i < cycle->listening.nelts; i++) {
|
||||
|
||||
if (!ngx_test_config && ccf->master) {
|
||||
if (!ls[i].reuseport || ls[i].worker != 0) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (ngx_clone_listening(cycle, &ls[i]) != NGX_OK) {
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
/* cloning may change cycle->listening.elts */
|
||||
|
||||
ls = cycle->listening.elts;
|
||||
for (i = 0; i < cycle->listening.nelts; i++) {
|
||||
|
||||
if (!ls[i].reuseport || ls[i].worker != 0) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (ngx_clone_listening(cycle, &ls[i]) != NGX_OK) {
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
/* cloning may change cycle->listening.elts */
|
||||
|
||||
ls = cycle->listening.elts;
|
||||
}
|
||||
}
|
||||
|
||||
#endif
|
||||
|
@ -666,10 +638,7 @@ ngx_event_process_init(ngx_cycle_t *cycle)
|
|||
|
||||
#endif
|
||||
|
||||
ngx_use_exclusive_accept = 0;
|
||||
|
||||
ngx_queue_init(&ngx_posted_accept_events);
|
||||
ngx_queue_init(&ngx_posted_next_events);
|
||||
ngx_queue_init(&ngx_posted_events);
|
||||
|
||||
if (ngx_event_timer_init(cycle->log) == NGX_ERROR) {
|
||||
|
@ -831,9 +800,7 @@ ngx_event_process_init(ngx_cycle_t *cycle)
|
|||
rev->deferred_accept = ls[i].deferred_accept;
|
||||
#endif
|
||||
|
||||
if (!(ngx_event_flags & NGX_USE_IOCP_EVENT)
|
||||
&& cycle->old_cycle)
|
||||
{
|
||||
if (!(ngx_event_flags & NGX_USE_IOCP_EVENT)) {
|
||||
if (ls[i].previous) {
|
||||
|
||||
/*
|
||||
|
@ -891,16 +858,8 @@ ngx_event_process_init(ngx_cycle_t *cycle)
|
|||
|
||||
#else
|
||||
|
||||
if (c->type == SOCK_STREAM) {
|
||||
rev->handler = ngx_event_accept;
|
||||
|
||||
#if (NGX_QUIC)
|
||||
} else if (ls[i].quic) {
|
||||
rev->handler = ngx_quic_recvmsg;
|
||||
#endif
|
||||
} else {
|
||||
rev->handler = ngx_event_recvmsg;
|
||||
}
|
||||
rev->handler = (c->type == SOCK_STREAM) ? ngx_event_accept
|
||||
: ngx_event_recvmsg;
|
||||
|
||||
#if (NGX_HAVE_REUSEPORT)
|
||||
|
||||
|
@ -923,8 +882,6 @@ ngx_event_process_init(ngx_cycle_t *cycle)
|
|||
if ((ngx_event_flags & NGX_USE_EPOLL_EVENT)
|
||||
&& ccf->worker_processes > 1)
|
||||
{
|
||||
ngx_use_exclusive_accept = 1;
|
||||
|
||||
if (ngx_add_event(rev, NGX_READ_EVENT, NGX_EXCLUSIVE_EVENT)
|
||||
== NGX_ERROR)
|
||||
{
|
||||
|
|
|
@ -91,14 +91,21 @@ struct ngx_event_s {
|
|||
* write: available space in buffer when event is ready
|
||||
* or lowat when event is set with NGX_LOWAT_EVENT flag
|
||||
*
|
||||
* epoll with EPOLLRDHUP:
|
||||
* accept: 1 if accept many, 0 otherwise
|
||||
* read: 1 if there can be data to read, 0 otherwise
|
||||
*
|
||||
* iocp: TODO
|
||||
*
|
||||
* otherwise:
|
||||
* accept: 1 if accept many, 0 otherwise
|
||||
* read: bytes to read when event is ready, -1 if not known
|
||||
*/
|
||||
|
||||
#if (NGX_HAVE_KQUEUE) || (NGX_HAVE_IOCP)
|
||||
int available;
|
||||
#else
|
||||
unsigned available:1;
|
||||
#endif
|
||||
|
||||
ngx_event_handler_pt handler;
|
||||
|
||||
|
@ -147,6 +154,10 @@ struct ngx_event_aio_s {
|
|||
|
||||
ngx_fd_t fd;
|
||||
|
||||
#if (NGX_HAVE_AIO_SENDFILE || NGX_COMPAT)
|
||||
ssize_t (*preload_handler)(ngx_buf_t *file);
|
||||
#endif
|
||||
|
||||
#if (NGX_HAVE_EVENTFD)
|
||||
int64_t res;
|
||||
#endif
|
||||
|
@ -462,7 +473,6 @@ extern ngx_uint_t ngx_accept_events;
|
|||
extern ngx_uint_t ngx_accept_mutex_held;
|
||||
extern ngx_msec_t ngx_accept_mutex_delay;
|
||||
extern ngx_int_t ngx_accept_disabled;
|
||||
extern ngx_uint_t ngx_use_exclusive_accept;
|
||||
|
||||
|
||||
#if (NGX_STAT_STUB)
|
||||
|
@ -494,6 +504,12 @@ extern ngx_module_t ngx_event_core_module;
|
|||
|
||||
|
||||
void ngx_event_accept(ngx_event_t *ev);
|
||||
#if !(NGX_WIN32)
|
||||
void ngx_event_recvmsg(ngx_event_t *ev);
|
||||
void ngx_udp_rbtree_insert_value(ngx_rbtree_node_t *temp,
|
||||
ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel);
|
||||
#endif
|
||||
void ngx_delete_udp_connection(void *data);
|
||||
ngx_int_t ngx_trylock_accept_mutex(ngx_cycle_t *cycle);
|
||||
ngx_int_t ngx_enable_accept_events(ngx_cycle_t *cycle);
|
||||
u_char *ngx_accept_log_error(ngx_log_t *log, u_char *buf, size_t len);
|
||||
|
@ -523,7 +539,6 @@ ngx_int_t ngx_send_lowat(ngx_connection_t *c, size_t lowat);
|
|||
|
||||
#include <ngx_event_timer.h>
|
||||
#include <ngx_event_posted.h>
|
||||
#include <ngx_event_udp.h>
|
||||
|
||||
#if (NGX_WIN32)
|
||||
#include <ngx_iocp_module.h>
|
||||
|
|
|
@ -11,9 +11,6 @@
|
|||
|
||||
|
||||
static ngx_int_t ngx_disable_accept_events(ngx_cycle_t *cycle, ngx_uint_t all);
|
||||
#if (NGX_HAVE_EPOLLEXCLUSIVE)
|
||||
static void ngx_reorder_accept_events(ngx_listening_t *ls);
|
||||
#endif
|
||||
static void ngx_close_accepted_connection(ngx_connection_t *c);
|
||||
|
||||
|
||||
|
@ -259,8 +256,6 @@ ngx_event_accept(ngx_event_t *ev)
|
|||
|
||||
c->number = ngx_atomic_fetch_add(ngx_connection_counter, 1);
|
||||
|
||||
c->start_time = ngx_current_msec;
|
||||
|
||||
#if (NGX_STAT_STUB)
|
||||
(void) ngx_atomic_fetch_add(ngx_stat_handled, 1);
|
||||
#endif
|
||||
|
@ -317,10 +312,6 @@ ngx_event_accept(ngx_event_t *ev)
|
|||
}
|
||||
|
||||
} while (ev->available);
|
||||
|
||||
#if (NGX_HAVE_EPOLLEXCLUSIVE)
|
||||
ngx_reorder_accept_events(ls);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
|
@ -427,57 +418,6 @@ ngx_disable_accept_events(ngx_cycle_t *cycle, ngx_uint_t all)
|
|||
}
|
||||
|
||||
|
||||
#if (NGX_HAVE_EPOLLEXCLUSIVE)
|
||||
|
||||
static void
|
||||
ngx_reorder_accept_events(ngx_listening_t *ls)
|
||||
{
|
||||
ngx_connection_t *c;
|
||||
|
||||
/*
|
||||
* Linux with EPOLLEXCLUSIVE usually notifies only the process which
|
||||
* was first to add the listening socket to the epoll instance. As
|
||||
* a result most of the connections are handled by the first worker
|
||||
* process. To fix this, we re-add the socket periodically, so other
|
||||
* workers will get a chance to accept connections.
|
||||
*/
|
||||
|
||||
if (!ngx_use_exclusive_accept) {
|
||||
return;
|
||||
}
|
||||
|
||||
#if (NGX_HAVE_REUSEPORT)
|
||||
|
||||
if (ls->reuseport) {
|
||||
return;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
c = ls->connection;
|
||||
|
||||
if (c->requests++ % 16 != 0
|
||||
&& ngx_accept_disabled <= 0)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
if (ngx_del_event(c->read, NGX_READ_EVENT, NGX_DISABLE_EVENT)
|
||||
== NGX_ERROR)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
if (ngx_add_event(c->read, NGX_READ_EVENT, NGX_EXCLUSIVE_EVENT)
|
||||
== NGX_ERROR)
|
||||
{
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
static void
|
||||
ngx_close_accepted_connection(ngx_connection_t *c)
|
||||
{
|
||||
|
|
|
@ -80,8 +80,6 @@ ngx_event_acceptex(ngx_event_t *rev)
|
|||
|
||||
c->number = ngx_atomic_fetch_add(ngx_connection_counter, 1);
|
||||
|
||||
c->start_time = ngx_current_msec;
|
||||
|
||||
ls->handler(c);
|
||||
|
||||
return;
|
||||
|
|
|
@ -179,8 +179,6 @@ ngx_event_connect_peer(ngx_peer_connection_t *pc)
|
|||
c->recv = ngx_udp_recv;
|
||||
c->send = ngx_send;
|
||||
c->send_chain = ngx_udp_send_chain;
|
||||
|
||||
c->need_flush_buf = 1;
|
||||
}
|
||||
|
||||
c->log_error = pc->log_error;
|
||||
|
@ -195,8 +193,6 @@ ngx_event_connect_peer(ngx_peer_connection_t *pc)
|
|||
|
||||
c->number = ngx_atomic_fetch_add(ngx_connection_counter, 1);
|
||||
|
||||
c->start_time = ngx_current_msec;
|
||||
|
||||
if (ngx_add_conn) {
|
||||
if (ngx_add_conn(c) == NGX_ERROR) {
|
||||
goto failed;
|
||||
|
|
|
@ -127,8 +127,8 @@ void ngx_iocp_wait_events(int main)
|
|||
conn[0] = NULL;
|
||||
|
||||
for ( ;; ) {
|
||||
offset = (nevents == WSA_MAXIMUM_WAIT_EVENTS + 1) ? 1 : 0;
|
||||
timeout = (nevents == 1 && !first) ? 60000 : INFINITE;
|
||||
offset = (nevents == WSA_MAXIMUM_WAIT_EVENTS + 1) ? 1: 0;
|
||||
timeout = (nevents == 1 && !first) ? 60000: INFINITE;
|
||||
|
||||
n = WSAWaitForMultipleEvents(nevents - offset, events[offset],
|
||||
0, timeout, 0);
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -12,8 +12,6 @@
|
|||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
|
||||
#define OPENSSL_SUPPRESS_DEPRECATED
|
||||
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/bn.h>
|
||||
|
@ -24,19 +22,12 @@
|
|||
#include <openssl/engine.h>
|
||||
#endif
|
||||
#include <openssl/evp.h>
|
||||
#if (NGX_QUIC)
|
||||
#ifdef OPENSSL_IS_BORINGSSL
|
||||
#include <openssl/hkdf.h>
|
||||
#include <openssl/chacha.h>
|
||||
#else
|
||||
#include <openssl/kdf.h>
|
||||
#endif
|
||||
#endif
|
||||
#include <openssl/hmac.h>
|
||||
#ifndef OPENSSL_NO_OCSP
|
||||
#include <openssl/ocsp.h>
|
||||
#endif
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/x509v3.h>
|
||||
|
||||
|
@ -73,19 +64,6 @@
|
|||
#endif
|
||||
|
||||
|
||||
#if (OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined SSL_get_peer_certificate)
|
||||
#define SSL_get_peer_certificate(s) SSL_get1_peer_certificate(s)
|
||||
#endif
|
||||
|
||||
|
||||
#if (OPENSSL_VERSION_NUMBER < 0x30000000L && !defined ERR_peek_error_data)
|
||||
#define ERR_peek_error_data(d, f) ERR_peek_error_line_data(NULL, NULL, d, f)
|
||||
#endif
|
||||
|
||||
|
||||
typedef struct ngx_ssl_ocsp_s ngx_ssl_ocsp_t;
|
||||
|
||||
|
||||
struct ngx_ssl_s {
|
||||
SSL_CTX *ctx;
|
||||
ngx_log_t *log;
|
||||
|
@ -109,23 +87,16 @@ struct ngx_ssl_connection_s {
|
|||
ngx_event_handler_pt saved_read_handler;
|
||||
ngx_event_handler_pt saved_write_handler;
|
||||
|
||||
ngx_ssl_ocsp_t *ocsp;
|
||||
|
||||
u_char early_buf;
|
||||
|
||||
unsigned handshaked:1;
|
||||
unsigned handshake_rejected:1;
|
||||
unsigned renegotiation:1;
|
||||
unsigned buffer:1;
|
||||
unsigned sendfile:1;
|
||||
unsigned no_wait_shutdown:1;
|
||||
unsigned no_send_shutdown:1;
|
||||
unsigned shutdown_without_free:1;
|
||||
unsigned handshake_buffer_set:1;
|
||||
unsigned session_timeout_set:1;
|
||||
unsigned try_early_data:1;
|
||||
unsigned in_early:1;
|
||||
unsigned in_ocsp:1;
|
||||
unsigned early_preread:1;
|
||||
unsigned write_blocked:1;
|
||||
};
|
||||
|
@ -143,37 +114,37 @@ typedef struct ngx_ssl_sess_id_s ngx_ssl_sess_id_t;
|
|||
|
||||
struct ngx_ssl_sess_id_s {
|
||||
ngx_rbtree_node_t node;
|
||||
u_char *id;
|
||||
size_t len;
|
||||
u_char *session;
|
||||
ngx_queue_t queue;
|
||||
time_t expire;
|
||||
u_char id[32];
|
||||
#if (NGX_PTR_SIZE == 8)
|
||||
u_char *session;
|
||||
#else
|
||||
u_char session[1];
|
||||
void *stub;
|
||||
u_char sess_id[32];
|
||||
#endif
|
||||
};
|
||||
|
||||
|
||||
typedef struct {
|
||||
u_char name[16];
|
||||
u_char hmac_key[32];
|
||||
u_char aes_key[32];
|
||||
time_t expire;
|
||||
unsigned size:8;
|
||||
unsigned shared:1;
|
||||
} ngx_ssl_ticket_key_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
ngx_rbtree_t session_rbtree;
|
||||
ngx_rbtree_node_t sentinel;
|
||||
ngx_queue_t expire_queue;
|
||||
ngx_ssl_ticket_key_t ticket_keys[3];
|
||||
time_t fail_time;
|
||||
} ngx_ssl_session_cache_t;
|
||||
|
||||
|
||||
#ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
|
||||
|
||||
typedef struct {
|
||||
size_t size;
|
||||
u_char name[16];
|
||||
u_char hmac_key[32];
|
||||
u_char aes_key[32];
|
||||
} ngx_ssl_session_ticket_key_t;
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
#define NGX_SSL_SSLv2 0x0002
|
||||
#define NGX_SSL_SSLv3 0x0004
|
||||
#define NGX_SSL_TLSv1 0x0008
|
||||
|
@ -209,16 +180,8 @@ ngx_int_t ngx_ssl_stapling(ngx_conf_t *cf, ngx_ssl_t *ssl,
|
|||
ngx_str_t *file, ngx_str_t *responder, ngx_uint_t verify);
|
||||
ngx_int_t ngx_ssl_stapling_resolver(ngx_conf_t *cf, ngx_ssl_t *ssl,
|
||||
ngx_resolver_t *resolver, ngx_msec_t resolver_timeout);
|
||||
ngx_int_t ngx_ssl_ocsp(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *responder,
|
||||
ngx_uint_t depth, ngx_shm_zone_t *shm_zone);
|
||||
ngx_int_t ngx_ssl_ocsp_resolver(ngx_conf_t *cf, ngx_ssl_t *ssl,
|
||||
ngx_resolver_t *resolver, ngx_msec_t resolver_timeout);
|
||||
|
||||
ngx_int_t ngx_ssl_ocsp_validate(ngx_connection_t *c);
|
||||
ngx_int_t ngx_ssl_ocsp_get_status(ngx_connection_t *c, const char **s);
|
||||
void ngx_ssl_ocsp_cleanup(ngx_connection_t *c);
|
||||
ngx_int_t ngx_ssl_ocsp_cache_init(ngx_shm_zone_t *shm_zone, void *data);
|
||||
|
||||
RSA *ngx_ssl_rsa512_key_callback(ngx_ssl_conn_t *ssl_conn, int is_export,
|
||||
int key_length);
|
||||
ngx_array_t *ngx_ssl_read_password_file(ngx_conf_t *cf, ngx_str_t *file);
|
||||
ngx_array_t *ngx_ssl_preserve_passwords(ngx_conf_t *cf,
|
||||
ngx_array_t *passwords);
|
||||
|
@ -226,9 +189,6 @@ ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file);
|
|||
ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name);
|
||||
ngx_int_t ngx_ssl_early_data(ngx_conf_t *cf, ngx_ssl_t *ssl,
|
||||
ngx_uint_t enable);
|
||||
ngx_int_t ngx_ssl_conf_commands(ngx_conf_t *cf, ngx_ssl_t *ssl,
|
||||
ngx_array_t *commands);
|
||||
|
||||
ngx_int_t ngx_ssl_client_session_cache(ngx_conf_t *cf, ngx_ssl_t *ssl,
|
||||
ngx_uint_t enable);
|
||||
ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
|
||||
|
@ -237,7 +197,6 @@ ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
|
|||
ngx_int_t ngx_ssl_session_ticket_keys(ngx_conf_t *cf, ngx_ssl_t *ssl,
|
||||
ngx_array_t *paths);
|
||||
ngx_int_t ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone, void *data);
|
||||
|
||||
ngx_int_t ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c,
|
||||
ngx_uint_t flags);
|
||||
|
||||
|
@ -267,8 +226,6 @@ ngx_int_t ngx_ssl_get_cipher_name(ngx_connection_t *c, ngx_pool_t *pool,
|
|||
ngx_str_t *s);
|
||||
ngx_int_t ngx_ssl_get_ciphers(ngx_connection_t *c, ngx_pool_t *pool,
|
||||
ngx_str_t *s);
|
||||
ngx_int_t ngx_ssl_get_curve(ngx_connection_t *c, ngx_pool_t *pool,
|
||||
ngx_str_t *s);
|
||||
ngx_int_t ngx_ssl_get_curves(ngx_connection_t *c, ngx_pool_t *pool,
|
||||
ngx_str_t *s);
|
||||
ngx_int_t ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool,
|
||||
|
@ -279,8 +236,6 @@ ngx_int_t ngx_ssl_get_early_data(ngx_connection_t *c, ngx_pool_t *pool,
|
|||
ngx_str_t *s);
|
||||
ngx_int_t ngx_ssl_get_server_name(ngx_connection_t *c, ngx_pool_t *pool,
|
||||
ngx_str_t *s);
|
||||
ngx_int_t ngx_ssl_get_alpn_protocol(ngx_connection_t *c, ngx_pool_t *pool,
|
||||
ngx_str_t *s);
|
||||
ngx_int_t ngx_ssl_get_raw_certificate(ngx_connection_t *c, ngx_pool_t *pool,
|
||||
ngx_str_t *s);
|
||||
ngx_int_t ngx_ssl_get_certificate(ngx_connection_t *c, ngx_pool_t *pool,
|
||||
|
@ -310,9 +265,6 @@ ngx_int_t ngx_ssl_get_client_v_remain(ngx_connection_t *c, ngx_pool_t *pool,
|
|||
|
||||
|
||||
ngx_int_t ngx_ssl_handshake(ngx_connection_t *c);
|
||||
#if (NGX_DEBUG)
|
||||
void ngx_ssl_handshake_log(ngx_connection_t *c);
|
||||
#endif
|
||||
ssize_t ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size);
|
||||
ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size);
|
||||
ssize_t ngx_ssl_recv_chain(ngx_connection_t *c, ngx_chain_t *cl, off_t limit);
|
||||
|
@ -328,8 +280,7 @@ void ngx_ssl_cleanup_ctx(void *data);
|
|||
extern int ngx_ssl_connection_index;
|
||||
extern int ngx_ssl_server_conf_index;
|
||||
extern int ngx_ssl_session_cache_index;
|
||||
extern int ngx_ssl_ticket_keys_index;
|
||||
extern int ngx_ssl_ocsp_index;
|
||||
extern int ngx_ssl_session_ticket_keys_index;
|
||||
extern int ngx_ssl_certificate_index;
|
||||
extern int ngx_ssl_next_certificate_index;
|
||||
extern int ngx_ssl_certificate_name_index;
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -172,11 +172,7 @@ ngx_event_pipe_read_upstream(ngx_event_pipe_t *p)
|
|||
*/
|
||||
|
||||
if (p->upstream->read->available == 0
|
||||
&& p->upstream->read->pending_eof
|
||||
#if (NGX_SSL)
|
||||
&& !p->upstream->ssl
|
||||
#endif
|
||||
)
|
||||
&& p->upstream->read->pending_eof)
|
||||
{
|
||||
p->upstream->read->ready = 0;
|
||||
p->upstream->read->eof = 1;
|
||||
|
@ -960,22 +956,6 @@ ngx_event_pipe_copy_input_filter(ngx_event_pipe_t *p, ngx_buf_t *buf)
|
|||
return NGX_OK;
|
||||
}
|
||||
|
||||
if (p->upstream_done) {
|
||||
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, p->log, 0,
|
||||
"input data after close");
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
if (p->length == 0) {
|
||||
p->upstream_done = 1;
|
||||
|
||||
ngx_log_error(NGX_LOG_WARN, p->log, 0,
|
||||
"upstream sent more data than specified in "
|
||||
"\"Content-Length\" header");
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
cl = ngx_chain_get_free_buf(p->pool, &p->free);
|
||||
if (cl == NULL) {
|
||||
return NGX_ERROR;
|
||||
|
@ -1003,18 +983,6 @@ ngx_event_pipe_copy_input_filter(ngx_event_pipe_t *p, ngx_buf_t *buf)
|
|||
return NGX_OK;
|
||||
}
|
||||
|
||||
if (b->last - b->pos > p->length) {
|
||||
|
||||
ngx_log_error(NGX_LOG_WARN, p->log, 0,
|
||||
"upstream sent more data than specified in "
|
||||
"\"Content-Length\" header");
|
||||
|
||||
b->last = b->pos + p->length;
|
||||
p->upstream_done = 1;
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
p->length -= b->last - b->pos;
|
||||
|
||||
return NGX_OK;
|
||||
|
|
|
@ -11,7 +11,6 @@
|
|||
|
||||
|
||||
ngx_queue_t ngx_posted_accept_events;
|
||||
ngx_queue_t ngx_posted_next_events;
|
||||
ngx_queue_t ngx_posted_events;
|
||||
|
||||
|
||||
|
@ -34,27 +33,3 @@ ngx_event_process_posted(ngx_cycle_t *cycle, ngx_queue_t *posted)
|
|||
ev->handler(ev);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
ngx_event_move_posted_next(ngx_cycle_t *cycle)
|
||||
{
|
||||
ngx_queue_t *q;
|
||||
ngx_event_t *ev;
|
||||
|
||||
for (q = ngx_queue_head(&ngx_posted_next_events);
|
||||
q != ngx_queue_sentinel(&ngx_posted_next_events);
|
||||
q = ngx_queue_next(q))
|
||||
{
|
||||
ev = ngx_queue_data(q, ngx_event_t, queue);
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
|
||||
"posted next event %p", ev);
|
||||
|
||||
ev->ready = 1;
|
||||
ev->available = -1;
|
||||
}
|
||||
|
||||
ngx_queue_add(&ngx_posted_events, &ngx_posted_next_events);
|
||||
ngx_queue_init(&ngx_posted_next_events);
|
||||
}
|
||||
|
|
|
@ -39,11 +39,9 @@
|
|||
|
||||
|
||||
void ngx_event_process_posted(ngx_cycle_t *cycle, ngx_queue_t *posted);
|
||||
void ngx_event_move_posted_next(ngx_cycle_t *cycle);
|
||||
|
||||
|
||||
extern ngx_queue_t ngx_posted_accept_events;
|
||||
extern ngx_queue_t ngx_posted_next_events;
|
||||
extern ngx_queue_t ngx_posted_events;
|
||||
|
||||
|
||||
|
|
|
@ -73,7 +73,7 @@ ngx_event_expire_timers(void)
|
|||
return;
|
||||
}
|
||||
|
||||
ev = ngx_rbtree_data(node, ngx_event_t, timer);
|
||||
ev = (ngx_event_t *) ((char *) node - offsetof(ngx_event_t, timer));
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ev->log, 0,
|
||||
"event timer del: %d: %M",
|
||||
|
@ -113,7 +113,7 @@ ngx_event_no_timers_left(void)
|
|||
node;
|
||||
node = ngx_rbtree_next(&ngx_event_timer_rbtree, node))
|
||||
{
|
||||
ev = ngx_rbtree_data(node, ngx_event_t, timer);
|
||||
ev = (ngx_event_t *) ((char *) node - offsetof(ngx_event_t, timer));
|
||||
|
||||
if (!ev->cancelable) {
|
||||
return NGX_AGAIN;
|
||||
|
|
|
@ -12,6 +12,13 @@
|
|||
|
||||
#if !(NGX_WIN32)
|
||||
|
||||
struct ngx_udp_connection_s {
|
||||
ngx_rbtree_node_t node;
|
||||
ngx_connection_t *connection;
|
||||
ngx_buf_t *buffer;
|
||||
};
|
||||
|
||||
|
||||
static void ngx_close_accepted_udp_connection(ngx_connection_t *c);
|
||||
static ssize_t ngx_udp_shared_recv(ngx_connection_t *c, u_char *buf,
|
||||
size_t size);
|
||||
|
@ -39,8 +46,18 @@ ngx_event_recvmsg(ngx_event_t *ev)
|
|||
ngx_connection_t *c, *lc;
|
||||
static u_char buffer[65535];
|
||||
|
||||
#if (NGX_HAVE_ADDRINFO_CMSG)
|
||||
u_char msg_control[CMSG_SPACE(sizeof(ngx_addrinfo_t))];
|
||||
#if (NGX_HAVE_MSGHDR_MSG_CONTROL)
|
||||
|
||||
#if (NGX_HAVE_IP_RECVDSTADDR)
|
||||
u_char msg_control[CMSG_SPACE(sizeof(struct in_addr))];
|
||||
#elif (NGX_HAVE_IP_PKTINFO)
|
||||
u_char msg_control[CMSG_SPACE(sizeof(struct in_pktinfo))];
|
||||
#endif
|
||||
|
||||
#if (NGX_HAVE_INET6 && NGX_HAVE_IPV6_RECVPKTINFO)
|
||||
u_char msg_control6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
||||
if (ev->timedout) {
|
||||
|
@ -75,13 +92,25 @@ ngx_event_recvmsg(ngx_event_t *ev)
|
|||
msg.msg_iov = iov;
|
||||
msg.msg_iovlen = 1;
|
||||
|
||||
#if (NGX_HAVE_ADDRINFO_CMSG)
|
||||
if (ls->wildcard) {
|
||||
msg.msg_control = &msg_control;
|
||||
msg.msg_controllen = sizeof(msg_control);
|
||||
#if (NGX_HAVE_MSGHDR_MSG_CONTROL)
|
||||
|
||||
ngx_memzero(&msg_control, sizeof(msg_control));
|
||||
if (ls->wildcard) {
|
||||
|
||||
#if (NGX_HAVE_IP_RECVDSTADDR || NGX_HAVE_IP_PKTINFO)
|
||||
if (ls->sockaddr->sa_family == AF_INET) {
|
||||
msg.msg_control = &msg_control;
|
||||
msg.msg_controllen = sizeof(msg_control);
|
||||
}
|
||||
#endif
|
||||
|
||||
#if (NGX_HAVE_INET6 && NGX_HAVE_IPV6_RECVPKTINFO)
|
||||
if (ls->sockaddr->sa_family == AF_INET6) {
|
||||
msg.msg_control = &msg_control6;
|
||||
msg.msg_controllen = sizeof(msg_control6);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
n = recvmsg(lc->fd, &msg, 0);
|
||||
|
@ -100,7 +129,7 @@ ngx_event_recvmsg(ngx_event_t *ev)
|
|||
return;
|
||||
}
|
||||
|
||||
#if (NGX_HAVE_ADDRINFO_CMSG)
|
||||
#if (NGX_HAVE_MSGHDR_MSG_CONTROL)
|
||||
if (msg.msg_flags & (MSG_TRUNC|MSG_CTRUNC)) {
|
||||
ngx_log_error(NGX_LOG_ALERT, ev->log, 0,
|
||||
"recvmsg() truncated data");
|
||||
|
@ -130,7 +159,7 @@ ngx_event_recvmsg(ngx_event_t *ev)
|
|||
local_sockaddr = ls->sockaddr;
|
||||
local_socklen = ls->socklen;
|
||||
|
||||
#if (NGX_HAVE_ADDRINFO_CMSG)
|
||||
#if (NGX_HAVE_MSGHDR_MSG_CONTROL)
|
||||
|
||||
if (ls->wildcard) {
|
||||
struct cmsghdr *cmsg;
|
||||
|
@ -142,9 +171,59 @@ ngx_event_recvmsg(ngx_event_t *ev)
|
|||
cmsg != NULL;
|
||||
cmsg = CMSG_NXTHDR(&msg, cmsg))
|
||||
{
|
||||
if (ngx_get_srcaddr_cmsg(cmsg, local_sockaddr) == NGX_OK) {
|
||||
|
||||
#if (NGX_HAVE_IP_RECVDSTADDR)
|
||||
|
||||
if (cmsg->cmsg_level == IPPROTO_IP
|
||||
&& cmsg->cmsg_type == IP_RECVDSTADDR
|
||||
&& local_sockaddr->sa_family == AF_INET)
|
||||
{
|
||||
struct in_addr *addr;
|
||||
struct sockaddr_in *sin;
|
||||
|
||||
addr = (struct in_addr *) CMSG_DATA(cmsg);
|
||||
sin = (struct sockaddr_in *) local_sockaddr;
|
||||
sin->sin_addr = *addr;
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
#elif (NGX_HAVE_IP_PKTINFO)
|
||||
|
||||
if (cmsg->cmsg_level == IPPROTO_IP
|
||||
&& cmsg->cmsg_type == IP_PKTINFO
|
||||
&& local_sockaddr->sa_family == AF_INET)
|
||||
{
|
||||
struct in_pktinfo *pkt;
|
||||
struct sockaddr_in *sin;
|
||||
|
||||
pkt = (struct in_pktinfo *) CMSG_DATA(cmsg);
|
||||
sin = (struct sockaddr_in *) local_sockaddr;
|
||||
sin->sin_addr = pkt->ipi_addr;
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
#if (NGX_HAVE_INET6 && NGX_HAVE_IPV6_RECVPKTINFO)
|
||||
|
||||
if (cmsg->cmsg_level == IPPROTO_IPV6
|
||||
&& cmsg->cmsg_type == IPV6_PKTINFO
|
||||
&& local_sockaddr->sa_family == AF_INET6)
|
||||
{
|
||||
struct in6_pktinfo *pkt6;
|
||||
struct sockaddr_in6 *sin6;
|
||||
|
||||
pkt6 = (struct in6_pktinfo *) CMSG_DATA(cmsg);
|
||||
sin6 = (struct sockaddr_in6 *) local_sockaddr;
|
||||
sin6->sin6_addr = pkt6->ipi6_addr;
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -239,8 +318,6 @@ ngx_event_recvmsg(ngx_event_t *ev)
|
|||
c->send = ngx_udp_send;
|
||||
c->send_chain = ngx_udp_send_chain;
|
||||
|
||||
c->need_flush_buf = 1;
|
||||
|
||||
c->log = log;
|
||||
c->pool->log = log;
|
||||
c->listening = ls;
|
||||
|
@ -286,8 +363,6 @@ ngx_event_recvmsg(ngx_event_t *ev)
|
|||
|
||||
c->number = ngx_atomic_fetch_add(ngx_connection_counter, 1);
|
||||
|
||||
c->start_time = ngx_current_msec;
|
||||
|
||||
#if (NGX_STAT_STUB)
|
||||
(void) ngx_atomic_fetch_add(ngx_stat_handled, 1);
|
||||
#endif
|
||||
|
|
|
@ -1,65 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _NGX_EVENT_UDP_H_INCLUDED_
|
||||
#define _NGX_EVENT_UDP_H_INCLUDED_
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
|
||||
|
||||
#if !(NGX_WIN32)
|
||||
|
||||
#if ((NGX_HAVE_MSGHDR_MSG_CONTROL) \
|
||||
&& (NGX_HAVE_IP_SENDSRCADDR || NGX_HAVE_IP_RECVDSTADDR \
|
||||
|| NGX_HAVE_IP_PKTINFO \
|
||||
|| (NGX_HAVE_INET6 && NGX_HAVE_IPV6_RECVPKTINFO)))
|
||||
#define NGX_HAVE_ADDRINFO_CMSG 1
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
struct ngx_udp_connection_s {
|
||||
ngx_rbtree_node_t node;
|
||||
ngx_connection_t *connection;
|
||||
ngx_buf_t *buffer;
|
||||
};
|
||||
|
||||
|
||||
#if (NGX_HAVE_ADDRINFO_CMSG)
|
||||
|
||||
typedef union {
|
||||
#if (NGX_HAVE_IP_SENDSRCADDR || NGX_HAVE_IP_RECVDSTADDR)
|
||||
struct in_addr addr;
|
||||
#endif
|
||||
|
||||
#if (NGX_HAVE_IP_PKTINFO)
|
||||
struct in_pktinfo pkt;
|
||||
#endif
|
||||
|
||||
#if (NGX_HAVE_INET6 && NGX_HAVE_IPV6_RECVPKTINFO)
|
||||
struct in6_pktinfo pkt6;
|
||||
#endif
|
||||
} ngx_addrinfo_t;
|
||||
|
||||
size_t ngx_set_srcaddr_cmsg(struct cmsghdr *cmsg,
|
||||
struct sockaddr *local_sockaddr);
|
||||
ngx_int_t ngx_get_srcaddr_cmsg(struct cmsghdr *cmsg,
|
||||
struct sockaddr *local_sockaddr);
|
||||
|
||||
#endif
|
||||
|
||||
void ngx_event_recvmsg(ngx_event_t *ev);
|
||||
ssize_t ngx_sendmsg(ngx_connection_t *c, struct msghdr *msg, int flags);
|
||||
void ngx_udp_rbtree_insert_value(ngx_rbtree_node_t *temp,
|
||||
ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel);
|
||||
#endif
|
||||
|
||||
void ngx_delete_udp_connection(void *data);
|
||||
|
||||
|
||||
#endif /* _NGX_EVENT_UDP_H_INCLUDED_ */
|
|
@ -1,113 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
export LANG=C
|
||||
|
||||
set -e
|
||||
|
||||
if [ $# -lt 1 ]; then
|
||||
echo "Usage: PROGNAME=foo LICENSE=bar $0 <bpf object file>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
self=$0
|
||||
filename=$1
|
||||
funcname=$PROGNAME
|
||||
|
||||
generate_head()
|
||||
{
|
||||
cat << END
|
||||
/* AUTO-GENERATED, DO NOT EDIT. */
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#include "ngx_bpf.h"
|
||||
|
||||
|
||||
END
|
||||
}
|
||||
|
||||
generate_tail()
|
||||
{
|
||||
cat << END
|
||||
|
||||
ngx_bpf_program_t $PROGNAME = {
|
||||
.relocs = bpf_reloc_prog_$funcname,
|
||||
.nrelocs = sizeof(bpf_reloc_prog_$funcname)
|
||||
/ sizeof(bpf_reloc_prog_$funcname[0]),
|
||||
.ins = bpf_insn_prog_$funcname,
|
||||
.nins = sizeof(bpf_insn_prog_$funcname)
|
||||
/ sizeof(bpf_insn_prog_$funcname[0]),
|
||||
.license = "$LICENSE",
|
||||
.type = BPF_PROG_TYPE_SK_REUSEPORT,
|
||||
};
|
||||
|
||||
END
|
||||
}
|
||||
|
||||
process_relocations()
|
||||
{
|
||||
echo "static ngx_bpf_reloc_t bpf_reloc_prog_$funcname[] = {"
|
||||
|
||||
objdump -r $filename | awk '{
|
||||
|
||||
if (enabled && $NF > 0) {
|
||||
off = strtonum(sprintf("0x%s", $1));
|
||||
name = $3;
|
||||
|
||||
printf(" { \"%s\", %d },\n", name, off/8);
|
||||
}
|
||||
|
||||
if ($1 == "OFFSET") {
|
||||
enabled=1;
|
||||
}
|
||||
}'
|
||||
echo "};"
|
||||
echo
|
||||
}
|
||||
|
||||
process_section()
|
||||
{
|
||||
echo "static struct bpf_insn bpf_insn_prog_$funcname[] = {"
|
||||
echo " /* opcode dst src offset imm */"
|
||||
|
||||
section_info=$(objdump -h $filename --section=$funcname | grep "1 $funcname")
|
||||
|
||||
# dd doesn't know hex
|
||||
length=$(printf "%d" 0x$(echo $section_info | cut -d ' ' -f3))
|
||||
offset=$(printf "%d" 0x$(echo $section_info | cut -d ' ' -f6))
|
||||
|
||||
for ins in $(dd if="$filename" bs=1 count=$length skip=$offset status=none | xxd -p -c 8)
|
||||
do
|
||||
opcode=0x${ins:0:2}
|
||||
srcdst=0x${ins:2:2}
|
||||
|
||||
# bytes are dumped in LE order
|
||||
offset=0x${ins:6:2}${ins:4:2} # short
|
||||
immedi=0x${ins:14:2}${ins:12:2}${ins:10:2}${ins:8:2} # int
|
||||
|
||||
dst="$(($srcdst & 0xF))"
|
||||
src="$(($srcdst & 0xF0))"
|
||||
src="$(($src >> 4))"
|
||||
|
||||
opcode=$(printf "0x%x" $opcode)
|
||||
dst=$(printf "BPF_REG_%d" $dst)
|
||||
src=$(printf "BPF_REG_%d" $src)
|
||||
offset=$(printf "%d" $offset)
|
||||
immedi=$(printf "0x%x" $immedi)
|
||||
|
||||
printf " { %4s, %11s, %11s, (int16_t) %6s, %10s },\n" $opcode $dst $src $offset $immedi
|
||||
done
|
||||
|
||||
cat << END
|
||||
};
|
||||
|
||||
END
|
||||
}
|
||||
|
||||
generate_head
|
||||
process_relocations
|
||||
process_section
|
||||
generate_tail
|
||||
|
|
@ -1,30 +0,0 @@
|
|||
CFLAGS=-O2 -Wall
|
||||
|
||||
LICENSE=BSD
|
||||
|
||||
PROGNAME=ngx_quic_reuseport_helper
|
||||
RESULT=ngx_event_quic_bpf_code
|
||||
DEST=../$(RESULT).c
|
||||
|
||||
all: $(RESULT)
|
||||
|
||||
$(RESULT): $(PROGNAME).o
|
||||
LICENSE=$(LICENSE) PROGNAME=$(PROGNAME) bash ./bpfgen.sh $< > $@
|
||||
|
||||
DEFS=-DPROGNAME=\"$(PROGNAME)\" \
|
||||
-DLICENSE_$(LICENSE) \
|
||||
-DLICENSE=\"$(LICENSE)\" \
|
||||
|
||||
$(PROGNAME).o: $(PROGNAME).c
|
||||
clang $(CFLAGS) $(DEFS) -target bpf -c $< -o $@
|
||||
|
||||
install: $(RESULT)
|
||||
cp $(RESULT) $(DEST)
|
||||
|
||||
clean:
|
||||
@rm -f $(RESULT) *.o
|
||||
|
||||
debug: $(PROGNAME).o
|
||||
llvm-objdump -S -no-show-raw-insn $<
|
||||
|
||||
.DELETE_ON_ERROR:
|
|
@ -1,140 +0,0 @@
|
|||
#include <errno.h>
|
||||
#include <linux/string.h>
|
||||
#include <linux/udp.h>
|
||||
#include <linux/bpf.h>
|
||||
/*
|
||||
* the bpf_helpers.h is not included into linux-headers, only available
|
||||
* with kernel sources in "tools/lib/bpf/bpf_helpers.h" or in libbpf.
|
||||
*/
|
||||
#include <bpf/bpf_helpers.h>
|
||||
|
||||
|
||||
#if !defined(SEC)
|
||||
#define SEC(NAME) __attribute__((section(NAME), used))
|
||||
#endif
|
||||
|
||||
|
||||
#if defined(LICENSE_GPL)
|
||||
|
||||
/*
|
||||
* To see debug:
|
||||
*
|
||||
* echo 1 > /sys/kernel/debug/tracing/events/bpf_trace/enable
|
||||
* cat /sys/kernel/debug/tracing/trace_pipe
|
||||
* echo 0 > /sys/kernel/debug/tracing/events/bpf_trace/enable
|
||||
*/
|
||||
|
||||
#define debugmsg(fmt, ...) \
|
||||
do { \
|
||||
char __buf[] = fmt; \
|
||||
bpf_trace_printk(__buf, sizeof(__buf), ##__VA_ARGS__); \
|
||||
} while (0)
|
||||
|
||||
#else
|
||||
|
||||
#define debugmsg(fmt, ...)
|
||||
|
||||
#endif
|
||||
|
||||
char _license[] SEC("license") = LICENSE;
|
||||
|
||||
/*****************************************************************************/
|
||||
|
||||
#define NGX_QUIC_PKT_LONG 0x80 /* header form */
|
||||
#define NGX_QUIC_SERVER_CID_LEN 20
|
||||
|
||||
|
||||
#define advance_data(nbytes) \
|
||||
offset += nbytes; \
|
||||
if (start + offset > end) { \
|
||||
debugmsg("cannot read %ld bytes at offset %ld", nbytes, offset); \
|
||||
goto failed; \
|
||||
} \
|
||||
data = start + offset - 1;
|
||||
|
||||
|
||||
#define ngx_quic_parse_uint64(p) \
|
||||
(((__u64)(p)[0] << 56) | \
|
||||
((__u64)(p)[1] << 48) | \
|
||||
((__u64)(p)[2] << 40) | \
|
||||
((__u64)(p)[3] << 32) | \
|
||||
((__u64)(p)[4] << 24) | \
|
||||
((__u64)(p)[5] << 16) | \
|
||||
((__u64)(p)[6] << 8) | \
|
||||
((__u64)(p)[7]))
|
||||
|
||||
/*
|
||||
* actual map object is created by the "bpf" system call,
|
||||
* all pointers to this variable are replaced by the bpf loader
|
||||
*/
|
||||
struct bpf_map_def SEC("maps") ngx_quic_sockmap;
|
||||
|
||||
|
||||
SEC(PROGNAME)
|
||||
int ngx_quic_select_socket_by_dcid(struct sk_reuseport_md *ctx)
|
||||
{
|
||||
int rc;
|
||||
__u64 key;
|
||||
size_t len, offset;
|
||||
unsigned char *start, *end, *data, *dcid;
|
||||
|
||||
start = ctx->data;
|
||||
end = (unsigned char *) ctx->data_end;
|
||||
offset = 0;
|
||||
|
||||
advance_data(sizeof(struct udphdr)); /* data at UDP header */
|
||||
advance_data(1); /* data at QUIC flags */
|
||||
|
||||
if (data[0] & NGX_QUIC_PKT_LONG) {
|
||||
|
||||
advance_data(4); /* data at QUIC version */
|
||||
advance_data(1); /* data at DCID len */
|
||||
|
||||
len = data[0]; /* read DCID length */
|
||||
|
||||
if (len < 8) {
|
||||
/* it's useless to search for key in such short DCID */
|
||||
return SK_PASS;
|
||||
}
|
||||
|
||||
} else {
|
||||
len = NGX_QUIC_SERVER_CID_LEN;
|
||||
}
|
||||
|
||||
dcid = &data[1];
|
||||
advance_data(len); /* we expect the packet to have full DCID */
|
||||
|
||||
/* make verifier happy */
|
||||
if (dcid + sizeof(__u64) > end) {
|
||||
goto failed;
|
||||
}
|
||||
|
||||
key = ngx_quic_parse_uint64(dcid);
|
||||
|
||||
rc = bpf_sk_select_reuseport(ctx, &ngx_quic_sockmap, &key, 0);
|
||||
|
||||
switch (rc) {
|
||||
case 0:
|
||||
debugmsg("nginx quic socket selected by key 0x%llx", key);
|
||||
return SK_PASS;
|
||||
|
||||
/* kernel returns positive error numbers, errno.h defines positive */
|
||||
case -ENOENT:
|
||||
debugmsg("nginx quic default route for key 0x%llx", key);
|
||||
/* let the default reuseport logic decide which socket to choose */
|
||||
return SK_PASS;
|
||||
|
||||
default:
|
||||
debugmsg("nginx quic bpf_sk_select_reuseport err: %d key 0x%llx",
|
||||
rc, key);
|
||||
goto failed;
|
||||
}
|
||||
|
||||
failed:
|
||||
/*
|
||||
* SK_DROP will generate ICMP, but we may want to process "invalid" packet
|
||||
* in userspace quic to investigate further and finally react properly
|
||||
* (maybe ignore, maybe send something in response or close connection)
|
||||
*/
|
||||
return SK_PASS;
|
||||
}
|
File diff suppressed because it is too large
Load Diff
|
@ -1,131 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _NGX_EVENT_QUIC_H_INCLUDED_
|
||||
#define _NGX_EVENT_QUIC_H_INCLUDED_
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
|
||||
|
||||
#define NGX_QUIC_MAX_UDP_PAYLOAD_SIZE 65527
|
||||
|
||||
#define NGX_QUIC_DEFAULT_ACK_DELAY_EXPONENT 3
|
||||
#define NGX_QUIC_DEFAULT_MAX_ACK_DELAY 25
|
||||
#define NGX_QUIC_DEFAULT_HOST_KEY_LEN 32
|
||||
#define NGX_QUIC_SR_KEY_LEN 32
|
||||
#define NGX_QUIC_AV_KEY_LEN 32
|
||||
|
||||
#define NGX_QUIC_SR_TOKEN_LEN 16
|
||||
|
||||
#define NGX_QUIC_MIN_INITIAL_SIZE 1200
|
||||
|
||||
#define NGX_QUIC_STREAM_SERVER_INITIATED 0x01
|
||||
#define NGX_QUIC_STREAM_UNIDIRECTIONAL 0x02
|
||||
|
||||
|
||||
typedef ngx_int_t (*ngx_quic_init_pt)(ngx_connection_t *c);
|
||||
typedef void (*ngx_quic_shutdown_pt)(ngx_connection_t *c);
|
||||
|
||||
|
||||
typedef enum {
|
||||
NGX_QUIC_STREAM_SEND_READY = 0,
|
||||
NGX_QUIC_STREAM_SEND_SEND,
|
||||
NGX_QUIC_STREAM_SEND_DATA_SENT,
|
||||
NGX_QUIC_STREAM_SEND_DATA_RECVD,
|
||||
NGX_QUIC_STREAM_SEND_RESET_SENT,
|
||||
NGX_QUIC_STREAM_SEND_RESET_RECVD
|
||||
} ngx_quic_stream_send_state_e;
|
||||
|
||||
|
||||
typedef enum {
|
||||
NGX_QUIC_STREAM_RECV_RECV = 0,
|
||||
NGX_QUIC_STREAM_RECV_SIZE_KNOWN,
|
||||
NGX_QUIC_STREAM_RECV_DATA_RECVD,
|
||||
NGX_QUIC_STREAM_RECV_DATA_READ,
|
||||
NGX_QUIC_STREAM_RECV_RESET_RECVD,
|
||||
NGX_QUIC_STREAM_RECV_RESET_READ
|
||||
} ngx_quic_stream_recv_state_e;
|
||||
|
||||
|
||||
typedef struct {
|
||||
uint64_t size;
|
||||
uint64_t offset;
|
||||
uint64_t last_offset;
|
||||
ngx_chain_t *chain;
|
||||
ngx_chain_t *last_chain;
|
||||
} ngx_quic_buffer_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
ngx_ssl_t *ssl;
|
||||
|
||||
ngx_flag_t retry;
|
||||
ngx_flag_t gso_enabled;
|
||||
ngx_flag_t disable_active_migration;
|
||||
ngx_msec_t timeout;
|
||||
ngx_str_t host_key;
|
||||
size_t mtu;
|
||||
size_t stream_buffer_size;
|
||||
ngx_uint_t max_concurrent_streams_bidi;
|
||||
ngx_uint_t max_concurrent_streams_uni;
|
||||
ngx_uint_t active_connection_id_limit;
|
||||
ngx_int_t stream_close_code;
|
||||
ngx_int_t stream_reject_code_uni;
|
||||
ngx_int_t stream_reject_code_bidi;
|
||||
|
||||
ngx_quic_init_pt init;
|
||||
ngx_quic_shutdown_pt shutdown;
|
||||
|
||||
u_char av_token_key[NGX_QUIC_AV_KEY_LEN];
|
||||
u_char sr_token_key[NGX_QUIC_SR_KEY_LEN];
|
||||
} ngx_quic_conf_t;
|
||||
|
||||
|
||||
struct ngx_quic_stream_s {
|
||||
ngx_rbtree_node_t node;
|
||||
ngx_queue_t queue;
|
||||
ngx_connection_t *parent;
|
||||
ngx_connection_t *connection;
|
||||
uint64_t id;
|
||||
uint64_t sent;
|
||||
uint64_t acked;
|
||||
uint64_t send_max_data;
|
||||
uint64_t send_offset;
|
||||
uint64_t send_final_size;
|
||||
uint64_t recv_max_data;
|
||||
uint64_t recv_offset;
|
||||
uint64_t recv_window;
|
||||
uint64_t recv_last;
|
||||
uint64_t recv_final_size;
|
||||
ngx_quic_buffer_t send;
|
||||
ngx_quic_buffer_t recv;
|
||||
ngx_quic_stream_send_state_e send_state;
|
||||
ngx_quic_stream_recv_state_e recv_state;
|
||||
unsigned cancelable:1;
|
||||
unsigned fin_acked:1;
|
||||
};
|
||||
|
||||
|
||||
void ngx_quic_recvmsg(ngx_event_t *ev);
|
||||
void ngx_quic_rbtree_insert_value(ngx_rbtree_node_t *temp,
|
||||
ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel);
|
||||
void ngx_quic_run(ngx_connection_t *c, ngx_quic_conf_t *conf);
|
||||
ngx_connection_t *ngx_quic_open_stream(ngx_connection_t *c, ngx_uint_t bidi);
|
||||
void ngx_quic_finalize_connection(ngx_connection_t *c, ngx_uint_t err,
|
||||
const char *reason);
|
||||
void ngx_quic_shutdown_connection(ngx_connection_t *c, ngx_uint_t err,
|
||||
const char *reason);
|
||||
ngx_int_t ngx_quic_reset_stream(ngx_connection_t *c, ngx_uint_t err);
|
||||
ngx_int_t ngx_quic_shutdown_stream(ngx_connection_t *c, int how);
|
||||
void ngx_quic_cancelable_stream(ngx_connection_t *c);
|
||||
ngx_int_t ngx_quic_get_packet_dcid(ngx_log_t *log, u_char *data, size_t len,
|
||||
ngx_str_t *dcid);
|
||||
ngx_int_t ngx_quic_derive_key(ngx_log_t *log, const char *label,
|
||||
ngx_str_t *secret, ngx_str_t *salt, u_char *out, size_t len);
|
||||
|
||||
#endif /* _NGX_EVENT_QUIC_H_INCLUDED_ */
|
File diff suppressed because it is too large
Load Diff
|
@ -1,30 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _NGX_EVENT_QUIC_ACK_H_INCLUDED_
|
||||
#define _NGX_EVENT_QUIC_ACK_H_INCLUDED_
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
|
||||
|
||||
ngx_int_t ngx_quic_handle_ack_frame(ngx_connection_t *c,
|
||||
ngx_quic_header_t *pkt, ngx_quic_frame_t *f);
|
||||
|
||||
void ngx_quic_congestion_ack(ngx_connection_t *c,
|
||||
ngx_quic_frame_t *frame);
|
||||
void ngx_quic_resend_frames(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx);
|
||||
void ngx_quic_set_lost_timer(ngx_connection_t *c);
|
||||
void ngx_quic_pto_handler(ngx_event_t *ev);
|
||||
ngx_msec_t ngx_quic_pto(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx);
|
||||
|
||||
ngx_int_t ngx_quic_ack_packet(ngx_connection_t *c,
|
||||
ngx_quic_header_t *pkt);
|
||||
ngx_int_t ngx_quic_generate_ack(ngx_connection_t *c,
|
||||
ngx_quic_send_ctx_t *ctx);
|
||||
|
||||
#endif /* _NGX_EVENT_QUIC_ACK_H_INCLUDED_ */
|
|
@ -1,657 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
|
||||
|
||||
#define NGX_QUIC_BPF_VARNAME "NGINX_BPF_MAPS"
|
||||
#define NGX_QUIC_BPF_VARSEP ';'
|
||||
#define NGX_QUIC_BPF_ADDRSEP '#'
|
||||
|
||||
|
||||
#define ngx_quic_bpf_get_conf(cycle) \
|
||||
(ngx_quic_bpf_conf_t *) ngx_get_conf(cycle->conf_ctx, ngx_quic_bpf_module)
|
||||
|
||||
#define ngx_quic_bpf_get_old_conf(cycle) \
|
||||
cycle->old_cycle->conf_ctx ? ngx_quic_bpf_get_conf(cycle->old_cycle) \
|
||||
: NULL
|
||||
|
||||
#define ngx_core_get_conf(cycle) \
|
||||
(ngx_core_conf_t *) ngx_get_conf(cycle->conf_ctx, ngx_core_module)
|
||||
|
||||
|
||||
typedef struct {
|
||||
ngx_queue_t queue;
|
||||
int map_fd;
|
||||
|
||||
struct sockaddr *sockaddr;
|
||||
socklen_t socklen;
|
||||
ngx_uint_t unused; /* unsigned unused:1; */
|
||||
} ngx_quic_sock_group_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
ngx_flag_t enabled;
|
||||
ngx_uint_t map_size;
|
||||
ngx_queue_t groups; /* of ngx_quic_sock_group_t */
|
||||
} ngx_quic_bpf_conf_t;
|
||||
|
||||
|
||||
static void *ngx_quic_bpf_create_conf(ngx_cycle_t *cycle);
|
||||
static ngx_int_t ngx_quic_bpf_module_init(ngx_cycle_t *cycle);
|
||||
|
||||
static void ngx_quic_bpf_cleanup(void *data);
|
||||
static ngx_inline void ngx_quic_bpf_close(ngx_log_t *log, int fd,
|
||||
const char *name);
|
||||
|
||||
static ngx_quic_sock_group_t *ngx_quic_bpf_find_group(ngx_quic_bpf_conf_t *bcf,
|
||||
ngx_listening_t *ls);
|
||||
static ngx_quic_sock_group_t *ngx_quic_bpf_alloc_group(ngx_cycle_t *cycle,
|
||||
struct sockaddr *sa, socklen_t socklen);
|
||||
static ngx_quic_sock_group_t *ngx_quic_bpf_create_group(ngx_cycle_t *cycle,
|
||||
ngx_listening_t *ls);
|
||||
static ngx_quic_sock_group_t *ngx_quic_bpf_get_group(ngx_cycle_t *cycle,
|
||||
ngx_listening_t *ls);
|
||||
static ngx_int_t ngx_quic_bpf_group_add_socket(ngx_cycle_t *cycle,
|
||||
ngx_listening_t *ls);
|
||||
static uint64_t ngx_quic_bpf_socket_key(ngx_fd_t fd, ngx_log_t *log);
|
||||
|
||||
static ngx_int_t ngx_quic_bpf_export_maps(ngx_cycle_t *cycle);
|
||||
static ngx_int_t ngx_quic_bpf_import_maps(ngx_cycle_t *cycle);
|
||||
|
||||
extern ngx_bpf_program_t ngx_quic_reuseport_helper;
|
||||
|
||||
|
||||
static ngx_command_t ngx_quic_bpf_commands[] = {
|
||||
|
||||
{ ngx_string("quic_bpf"),
|
||||
NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_FLAG,
|
||||
ngx_conf_set_flag_slot,
|
||||
0,
|
||||
offsetof(ngx_quic_bpf_conf_t, enabled),
|
||||
NULL },
|
||||
|
||||
ngx_null_command
|
||||
};
|
||||
|
||||
|
||||
static ngx_core_module_t ngx_quic_bpf_module_ctx = {
|
||||
ngx_string("quic_bpf"),
|
||||
ngx_quic_bpf_create_conf,
|
||||
NULL
|
||||
};
|
||||
|
||||
|
||||
ngx_module_t ngx_quic_bpf_module = {
|
||||
NGX_MODULE_V1,
|
||||
&ngx_quic_bpf_module_ctx, /* module context */
|
||||
ngx_quic_bpf_commands, /* module directives */
|
||||
NGX_CORE_MODULE, /* module type */
|
||||
NULL, /* init master */
|
||||
ngx_quic_bpf_module_init, /* init module */
|
||||
NULL, /* init process */
|
||||
NULL, /* init thread */
|
||||
NULL, /* exit thread */
|
||||
NULL, /* exit process */
|
||||
NULL, /* exit master */
|
||||
NGX_MODULE_V1_PADDING
|
||||
};
|
||||
|
||||
|
||||
static void *
|
||||
ngx_quic_bpf_create_conf(ngx_cycle_t *cycle)
|
||||
{
|
||||
ngx_quic_bpf_conf_t *bcf;
|
||||
|
||||
bcf = ngx_pcalloc(cycle->pool, sizeof(ngx_quic_bpf_conf_t));
|
||||
if (bcf == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
bcf->enabled = NGX_CONF_UNSET;
|
||||
bcf->map_size = NGX_CONF_UNSET_UINT;
|
||||
|
||||
ngx_queue_init(&bcf->groups);
|
||||
|
||||
return bcf;
|
||||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_quic_bpf_module_init(ngx_cycle_t *cycle)
|
||||
{
|
||||
ngx_uint_t i;
|
||||
ngx_listening_t *ls;
|
||||
ngx_core_conf_t *ccf;
|
||||
ngx_pool_cleanup_t *cln;
|
||||
ngx_quic_bpf_conf_t *bcf;
|
||||
|
||||
if (ngx_test_config) {
|
||||
/*
|
||||
* during config test, SO_REUSEPORT socket option is
|
||||
* not set, thus making further processing meaningless
|
||||
*/
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
ccf = ngx_core_get_conf(cycle);
|
||||
bcf = ngx_quic_bpf_get_conf(cycle);
|
||||
|
||||
ngx_conf_init_value(bcf->enabled, 0);
|
||||
|
||||
bcf->map_size = ccf->worker_processes * 4;
|
||||
|
||||
cln = ngx_pool_cleanup_add(cycle->pool, 0);
|
||||
if (cln == NULL) {
|
||||
goto failed;
|
||||
}
|
||||
|
||||
cln->data = bcf;
|
||||
cln->handler = ngx_quic_bpf_cleanup;
|
||||
|
||||
if (ngx_inherited && ngx_is_init_cycle(cycle->old_cycle)) {
|
||||
if (ngx_quic_bpf_import_maps(cycle) != NGX_OK) {
|
||||
goto failed;
|
||||
}
|
||||
}
|
||||
|
||||
ls = cycle->listening.elts;
|
||||
|
||||
for (i = 0; i < cycle->listening.nelts; i++) {
|
||||
if (ls[i].quic && ls[i].reuseport) {
|
||||
if (ngx_quic_bpf_group_add_socket(cycle, &ls[i]) != NGX_OK) {
|
||||
goto failed;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (ngx_quic_bpf_export_maps(cycle) != NGX_OK) {
|
||||
goto failed;
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
|
||||
failed:
|
||||
|
||||
if (ngx_is_init_cycle(cycle->old_cycle)) {
|
||||
ngx_log_error(NGX_LOG_EMERG, cycle->log, 0,
|
||||
"ngx_quic_bpf_module failed to initialize, check limits");
|
||||
|
||||
/* refuse to start */
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
/*
|
||||
* returning error now will lead to master process exiting immediately
|
||||
* leaving worker processes orphaned, what is really unexpected.
|
||||
* Instead, just issue a not about failed initialization and try
|
||||
* to cleanup a bit. Still program can be already loaded to kernel
|
||||
* for some reuseport groups, and there is no way to revert, so
|
||||
* behaviour may be inconsistent.
|
||||
*/
|
||||
|
||||
ngx_log_error(NGX_LOG_EMERG, cycle->log, 0,
|
||||
"ngx_quic_bpf_module failed to initialize properly, ignored."
|
||||
"please check limits and note that nginx state now "
|
||||
"can be inconsistent and restart may be required");
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
ngx_quic_bpf_cleanup(void *data)
|
||||
{
|
||||
ngx_quic_bpf_conf_t *bcf = (ngx_quic_bpf_conf_t *) data;
|
||||
|
||||
ngx_queue_t *q;
|
||||
ngx_quic_sock_group_t *grp;
|
||||
|
||||
for (q = ngx_queue_head(&bcf->groups);
|
||||
q != ngx_queue_sentinel(&bcf->groups);
|
||||
q = ngx_queue_next(q))
|
||||
{
|
||||
grp = ngx_queue_data(q, ngx_quic_sock_group_t, queue);
|
||||
|
||||
ngx_quic_bpf_close(ngx_cycle->log, grp->map_fd, "map");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
static ngx_inline void
|
||||
ngx_quic_bpf_close(ngx_log_t *log, int fd, const char *name)
|
||||
{
|
||||
if (close(fd) != -1) {
|
||||
return;
|
||||
}
|
||||
|
||||
ngx_log_error(NGX_LOG_EMERG, log, ngx_errno,
|
||||
"quic bpf close %s fd:%d failed", name, fd);
|
||||
}
|
||||
|
||||
|
||||
static ngx_quic_sock_group_t *
|
||||
ngx_quic_bpf_find_group(ngx_quic_bpf_conf_t *bcf, ngx_listening_t *ls)
|
||||
{
|
||||
ngx_queue_t *q;
|
||||
ngx_quic_sock_group_t *grp;
|
||||
|
||||
for (q = ngx_queue_head(&bcf->groups);
|
||||
q != ngx_queue_sentinel(&bcf->groups);
|
||||
q = ngx_queue_next(q))
|
||||
{
|
||||
grp = ngx_queue_data(q, ngx_quic_sock_group_t, queue);
|
||||
|
||||
if (ngx_cmp_sockaddr(ls->sockaddr, ls->socklen,
|
||||
grp->sockaddr, grp->socklen, 1)
|
||||
== NGX_OK)
|
||||
{
|
||||
return grp;
|
||||
}
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
static ngx_quic_sock_group_t *
|
||||
ngx_quic_bpf_alloc_group(ngx_cycle_t *cycle, struct sockaddr *sa,
|
||||
socklen_t socklen)
|
||||
{
|
||||
ngx_quic_bpf_conf_t *bcf;
|
||||
ngx_quic_sock_group_t *grp;
|
||||
|
||||
bcf = ngx_quic_bpf_get_conf(cycle);
|
||||
|
||||
grp = ngx_pcalloc(cycle->pool, sizeof(ngx_quic_sock_group_t));
|
||||
if (grp == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
grp->socklen = socklen;
|
||||
grp->sockaddr = ngx_palloc(cycle->pool, socklen);
|
||||
if (grp->sockaddr == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
ngx_memcpy(grp->sockaddr, sa, socklen);
|
||||
|
||||
ngx_queue_insert_tail(&bcf->groups, &grp->queue);
|
||||
|
||||
return grp;
|
||||
}
|
||||
|
||||
|
||||
static ngx_quic_sock_group_t *
|
||||
ngx_quic_bpf_create_group(ngx_cycle_t *cycle, ngx_listening_t *ls)
|
||||
{
|
||||
int progfd, failed, flags, rc;
|
||||
ngx_quic_bpf_conf_t *bcf;
|
||||
ngx_quic_sock_group_t *grp;
|
||||
|
||||
bcf = ngx_quic_bpf_get_conf(cycle);
|
||||
|
||||
if (!bcf->enabled) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
grp = ngx_quic_bpf_alloc_group(cycle, ls->sockaddr, ls->socklen);
|
||||
if (grp == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
grp->map_fd = ngx_bpf_map_create(cycle->log, BPF_MAP_TYPE_SOCKHASH,
|
||||
sizeof(uint64_t), sizeof(uint64_t),
|
||||
bcf->map_size, 0);
|
||||
if (grp->map_fd == -1) {
|
||||
goto failed;
|
||||
}
|
||||
|
||||
flags = fcntl(grp->map_fd, F_GETFD);
|
||||
if (flags == -1) {
|
||||
ngx_log_error(NGX_LOG_EMERG, cycle->log, errno,
|
||||
"quic bpf getfd failed");
|
||||
goto failed;
|
||||
}
|
||||
|
||||
/* need to inherit map during binary upgrade after exec */
|
||||
flags &= ~FD_CLOEXEC;
|
||||
|
||||
rc = fcntl(grp->map_fd, F_SETFD, flags);
|
||||
if (rc == -1) {
|
||||
ngx_log_error(NGX_LOG_EMERG, cycle->log, errno,
|
||||
"quic bpf setfd failed");
|
||||
goto failed;
|
||||
}
|
||||
|
||||
ngx_bpf_program_link(&ngx_quic_reuseport_helper,
|
||||
"ngx_quic_sockmap", grp->map_fd);
|
||||
|
||||
progfd = ngx_bpf_load_program(cycle->log, &ngx_quic_reuseport_helper);
|
||||
if (progfd < 0) {
|
||||
goto failed;
|
||||
}
|
||||
|
||||
failed = 0;
|
||||
|
||||
if (setsockopt(ls->fd, SOL_SOCKET, SO_ATTACH_REUSEPORT_EBPF,
|
||||
&progfd, sizeof(int))
|
||||
== -1)
|
||||
{
|
||||
ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_socket_errno,
|
||||
"quic bpf setsockopt(SO_ATTACH_REUSEPORT_EBPF) failed");
|
||||
failed = 1;
|
||||
}
|
||||
|
||||
ngx_quic_bpf_close(cycle->log, progfd, "program");
|
||||
|
||||
if (failed) {
|
||||
goto failed;
|
||||
}
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
|
||||
"quic bpf sockmap created fd:%d", grp->map_fd);
|
||||
return grp;
|
||||
|
||||
failed:
|
||||
|
||||
if (grp->map_fd != -1) {
|
||||
ngx_quic_bpf_close(cycle->log, grp->map_fd, "map");
|
||||
}
|
||||
|
||||
ngx_queue_remove(&grp->queue);
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
static ngx_quic_sock_group_t *
|
||||
ngx_quic_bpf_get_group(ngx_cycle_t *cycle, ngx_listening_t *ls)
|
||||
{
|
||||
ngx_quic_bpf_conf_t *bcf, *old_bcf;
|
||||
ngx_quic_sock_group_t *grp, *ogrp;
|
||||
|
||||
bcf = ngx_quic_bpf_get_conf(cycle);
|
||||
|
||||
grp = ngx_quic_bpf_find_group(bcf, ls);
|
||||
if (grp) {
|
||||
return grp;
|
||||
}
|
||||
|
||||
old_bcf = ngx_quic_bpf_get_old_conf(cycle);
|
||||
|
||||
if (old_bcf == NULL) {
|
||||
return ngx_quic_bpf_create_group(cycle, ls);
|
||||
}
|
||||
|
||||
ogrp = ngx_quic_bpf_find_group(old_bcf, ls);
|
||||
if (ogrp == NULL) {
|
||||
return ngx_quic_bpf_create_group(cycle, ls);
|
||||
}
|
||||
|
||||
grp = ngx_quic_bpf_alloc_group(cycle, ls->sockaddr, ls->socklen);
|
||||
if (grp == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
grp->map_fd = dup(ogrp->map_fd);
|
||||
if (grp->map_fd == -1) {
|
||||
ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
|
||||
"quic bpf failed to duplicate bpf map descriptor");
|
||||
|
||||
ngx_queue_remove(&grp->queue);
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
|
||||
"quic bpf sockmap fd duplicated old:%d new:%d",
|
||||
ogrp->map_fd, grp->map_fd);
|
||||
|
||||
return grp;
|
||||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_quic_bpf_group_add_socket(ngx_cycle_t *cycle, ngx_listening_t *ls)
|
||||
{
|
||||
uint64_t cookie;
|
||||
ngx_quic_bpf_conf_t *bcf;
|
||||
ngx_quic_sock_group_t *grp;
|
||||
|
||||
bcf = ngx_quic_bpf_get_conf(cycle);
|
||||
|
||||
grp = ngx_quic_bpf_get_group(cycle, ls);
|
||||
|
||||
if (grp == NULL) {
|
||||
if (!bcf->enabled) {
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
grp->unused = 0;
|
||||
|
||||
cookie = ngx_quic_bpf_socket_key(ls->fd, cycle->log);
|
||||
if (cookie == (uint64_t) NGX_ERROR) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
/* map[cookie] = socket; for use in kernel helper */
|
||||
if (ngx_bpf_map_update(grp->map_fd, &cookie, &ls->fd, BPF_ANY) == -1) {
|
||||
ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
|
||||
"quic bpf failed to update socket map key=%xL", cookie);
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
ngx_log_debug4(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
|
||||
"quic bpf sockmap fd:%d add socket:%d cookie:0x%xL worker:%ui",
|
||||
grp->map_fd, ls->fd, cookie, ls->worker);
|
||||
|
||||
/* do not inherit this socket */
|
||||
ls->ignore = 1;
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
static uint64_t
|
||||
ngx_quic_bpf_socket_key(ngx_fd_t fd, ngx_log_t *log)
|
||||
{
|
||||
uint64_t cookie;
|
||||
socklen_t optlen;
|
||||
|
||||
optlen = sizeof(cookie);
|
||||
|
||||
if (getsockopt(fd, SOL_SOCKET, SO_COOKIE, &cookie, &optlen) == -1) {
|
||||
ngx_log_error(NGX_LOG_EMERG, log, ngx_socket_errno,
|
||||
"quic bpf getsockopt(SO_COOKIE) failed");
|
||||
|
||||
return (ngx_uint_t) NGX_ERROR;
|
||||
}
|
||||
|
||||
return cookie;
|
||||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_quic_bpf_export_maps(ngx_cycle_t *cycle)
|
||||
{
|
||||
u_char *p, *buf;
|
||||
size_t len;
|
||||
ngx_str_t *var;
|
||||
ngx_queue_t *q;
|
||||
ngx_core_conf_t *ccf;
|
||||
ngx_quic_bpf_conf_t *bcf;
|
||||
ngx_quic_sock_group_t *grp;
|
||||
|
||||
ccf = ngx_core_get_conf(cycle);
|
||||
bcf = ngx_quic_bpf_get_conf(cycle);
|
||||
|
||||
len = sizeof(NGX_QUIC_BPF_VARNAME) + 1;
|
||||
|
||||
q = ngx_queue_head(&bcf->groups);
|
||||
|
||||
while (q != ngx_queue_sentinel(&bcf->groups)) {
|
||||
|
||||
grp = ngx_queue_data(q, ngx_quic_sock_group_t, queue);
|
||||
|
||||
q = ngx_queue_next(q);
|
||||
|
||||
if (grp->unused) {
|
||||
/*
|
||||
* map was inherited, but it is not used in this configuration;
|
||||
* do not pass such map further and drop the group to prevent
|
||||
* interference with changes during reload
|
||||
*/
|
||||
|
||||
ngx_quic_bpf_close(cycle->log, grp->map_fd, "map");
|
||||
ngx_queue_remove(&grp->queue);
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
len += NGX_INT32_LEN + 1 + NGX_SOCKADDR_STRLEN + 1;
|
||||
}
|
||||
|
||||
len++;
|
||||
|
||||
buf = ngx_palloc(cycle->pool, len);
|
||||
if (buf == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
p = ngx_cpymem(buf, NGX_QUIC_BPF_VARNAME "=",
|
||||
sizeof(NGX_QUIC_BPF_VARNAME));
|
||||
|
||||
for (q = ngx_queue_head(&bcf->groups);
|
||||
q != ngx_queue_sentinel(&bcf->groups);
|
||||
q = ngx_queue_next(q))
|
||||
{
|
||||
grp = ngx_queue_data(q, ngx_quic_sock_group_t, queue);
|
||||
|
||||
p = ngx_sprintf(p, "%ud", grp->map_fd);
|
||||
|
||||
*p++ = NGX_QUIC_BPF_ADDRSEP;
|
||||
|
||||
p += ngx_sock_ntop(grp->sockaddr, grp->socklen, p,
|
||||
NGX_SOCKADDR_STRLEN, 1);
|
||||
|
||||
*p++ = NGX_QUIC_BPF_VARSEP;
|
||||
}
|
||||
|
||||
*p = '\0';
|
||||
|
||||
var = ngx_array_push(&ccf->env);
|
||||
if (var == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
var->data = buf;
|
||||
var->len = sizeof(NGX_QUIC_BPF_VARNAME) - 1;
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_quic_bpf_import_maps(ngx_cycle_t *cycle)
|
||||
{
|
||||
int s;
|
||||
u_char *inherited, *p, *v;
|
||||
ngx_uint_t in_fd;
|
||||
ngx_addr_t tmp;
|
||||
ngx_quic_bpf_conf_t *bcf;
|
||||
ngx_quic_sock_group_t *grp;
|
||||
|
||||
inherited = (u_char *) getenv(NGX_QUIC_BPF_VARNAME);
|
||||
|
||||
if (inherited == NULL) {
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
bcf = ngx_quic_bpf_get_conf(cycle);
|
||||
|
||||
#if (NGX_SUPPRESS_WARN)
|
||||
s = -1;
|
||||
#endif
|
||||
|
||||
in_fd = 1;
|
||||
|
||||
for (p = inherited, v = p; *p; p++) {
|
||||
|
||||
switch (*p) {
|
||||
|
||||
case NGX_QUIC_BPF_ADDRSEP:
|
||||
|
||||
if (!in_fd) {
|
||||
ngx_log_error(NGX_LOG_EMERG, cycle->log, 0,
|
||||
"quic bpf failed to parse inherited env");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
in_fd = 0;
|
||||
|
||||
s = ngx_atoi(v, p - v);
|
||||
if (s == NGX_ERROR) {
|
||||
ngx_log_error(NGX_LOG_EMERG, cycle->log, 0,
|
||||
"quic bpf failed to parse inherited map fd");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
v = p + 1;
|
||||
break;
|
||||
|
||||
case NGX_QUIC_BPF_VARSEP:
|
||||
|
||||
if (in_fd) {
|
||||
ngx_log_error(NGX_LOG_EMERG, cycle->log, 0,
|
||||
"quic bpf failed to parse inherited env");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
in_fd = 1;
|
||||
|
||||
grp = ngx_pcalloc(cycle->pool,
|
||||
sizeof(ngx_quic_sock_group_t));
|
||||
if (grp == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
grp->map_fd = s;
|
||||
|
||||
if (ngx_parse_addr_port(cycle->pool, &tmp, v, p - v)
|
||||
!= NGX_OK)
|
||||
{
|
||||
ngx_log_error(NGX_LOG_EMERG, cycle->log, 0,
|
||||
"quic bpf failed to parse inherited"
|
||||
" address '%*s'", p - v , v);
|
||||
|
||||
ngx_quic_bpf_close(cycle->log, s, "inherited map");
|
||||
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
grp->sockaddr = tmp.sockaddr;
|
||||
grp->socklen = tmp.socklen;
|
||||
|
||||
grp->unused = 1;
|
||||
|
||||
ngx_queue_insert_tail(&bcf->groups, &grp->queue);
|
||||
|
||||
ngx_log_debug3(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
|
||||
"quic bpf sockmap inherited with "
|
||||
"fd:%d address:%*s",
|
||||
grp->map_fd, p - v, v);
|
||||
v = p + 1;
|
||||
break;
|
||||
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
}
|
|
@ -1,88 +0,0 @@
|
|||
/* AUTO-GENERATED, DO NOT EDIT. */
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#include "ngx_bpf.h"
|
||||
|
||||
|
||||
static ngx_bpf_reloc_t bpf_reloc_prog_ngx_quic_reuseport_helper[] = {
|
||||
{ "ngx_quic_sockmap", 55 },
|
||||
};
|
||||
|
||||
static struct bpf_insn bpf_insn_prog_ngx_quic_reuseport_helper[] = {
|
||||
/* opcode dst src offset imm */
|
||||
{ 0x79, BPF_REG_4, BPF_REG_1, (int16_t) 0, 0x0 },
|
||||
{ 0x79, BPF_REG_3, BPF_REG_1, (int16_t) 8, 0x0 },
|
||||
{ 0xbf, BPF_REG_2, BPF_REG_4, (int16_t) 0, 0x0 },
|
||||
{ 0x7, BPF_REG_2, BPF_REG_0, (int16_t) 0, 0x8 },
|
||||
{ 0x2d, BPF_REG_2, BPF_REG_3, (int16_t) 54, 0x0 },
|
||||
{ 0xbf, BPF_REG_5, BPF_REG_4, (int16_t) 0, 0x0 },
|
||||
{ 0x7, BPF_REG_5, BPF_REG_0, (int16_t) 0, 0x9 },
|
||||
{ 0x2d, BPF_REG_5, BPF_REG_3, (int16_t) 51, 0x0 },
|
||||
{ 0xb7, BPF_REG_5, BPF_REG_0, (int16_t) 0, 0x14 },
|
||||
{ 0xb7, BPF_REG_0, BPF_REG_0, (int16_t) 0, 0x9 },
|
||||
{ 0x71, BPF_REG_6, BPF_REG_2, (int16_t) 0, 0x0 },
|
||||
{ 0x67, BPF_REG_6, BPF_REG_0, (int16_t) 0, 0x38 },
|
||||
{ 0xc7, BPF_REG_6, BPF_REG_0, (int16_t) 0, 0x38 },
|
||||
{ 0x65, BPF_REG_6, BPF_REG_0, (int16_t) 10, 0xffffffff },
|
||||
{ 0xbf, BPF_REG_2, BPF_REG_4, (int16_t) 0, 0x0 },
|
||||
{ 0x7, BPF_REG_2, BPF_REG_0, (int16_t) 0, 0xd },
|
||||
{ 0x2d, BPF_REG_2, BPF_REG_3, (int16_t) 42, 0x0 },
|
||||
{ 0xbf, BPF_REG_5, BPF_REG_4, (int16_t) 0, 0x0 },
|
||||
{ 0x7, BPF_REG_5, BPF_REG_0, (int16_t) 0, 0xe },
|
||||
{ 0x2d, BPF_REG_5, BPF_REG_3, (int16_t) 39, 0x0 },
|
||||
{ 0xb7, BPF_REG_0, BPF_REG_0, (int16_t) 0, 0xe },
|
||||
{ 0x71, BPF_REG_5, BPF_REG_2, (int16_t) 0, 0x0 },
|
||||
{ 0xb7, BPF_REG_6, BPF_REG_0, (int16_t) 0, 0x8 },
|
||||
{ 0x2d, BPF_REG_6, BPF_REG_5, (int16_t) 35, 0x0 },
|
||||
{ 0xf, BPF_REG_5, BPF_REG_0, (int16_t) 0, 0x0 },
|
||||
{ 0xf, BPF_REG_4, BPF_REG_5, (int16_t) 0, 0x0 },
|
||||
{ 0x2d, BPF_REG_4, BPF_REG_3, (int16_t) 32, 0x0 },
|
||||
{ 0xbf, BPF_REG_4, BPF_REG_2, (int16_t) 0, 0x0 },
|
||||
{ 0x7, BPF_REG_4, BPF_REG_0, (int16_t) 0, 0x9 },
|
||||
{ 0x2d, BPF_REG_4, BPF_REG_3, (int16_t) 29, 0x0 },
|
||||
{ 0x71, BPF_REG_4, BPF_REG_2, (int16_t) 1, 0x0 },
|
||||
{ 0x67, BPF_REG_4, BPF_REG_0, (int16_t) 0, 0x38 },
|
||||
{ 0x71, BPF_REG_3, BPF_REG_2, (int16_t) 2, 0x0 },
|
||||
{ 0x67, BPF_REG_3, BPF_REG_0, (int16_t) 0, 0x30 },
|
||||
{ 0x4f, BPF_REG_3, BPF_REG_4, (int16_t) 0, 0x0 },
|
||||
{ 0x71, BPF_REG_4, BPF_REG_2, (int16_t) 3, 0x0 },
|
||||
{ 0x67, BPF_REG_4, BPF_REG_0, (int16_t) 0, 0x28 },
|
||||
{ 0x4f, BPF_REG_3, BPF_REG_4, (int16_t) 0, 0x0 },
|
||||
{ 0x71, BPF_REG_4, BPF_REG_2, (int16_t) 4, 0x0 },
|
||||
{ 0x67, BPF_REG_4, BPF_REG_0, (int16_t) 0, 0x20 },
|
||||
{ 0x4f, BPF_REG_3, BPF_REG_4, (int16_t) 0, 0x0 },
|
||||
{ 0x71, BPF_REG_4, BPF_REG_2, (int16_t) 5, 0x0 },
|
||||
{ 0x67, BPF_REG_4, BPF_REG_0, (int16_t) 0, 0x18 },
|
||||
{ 0x4f, BPF_REG_3, BPF_REG_4, (int16_t) 0, 0x0 },
|
||||
{ 0x71, BPF_REG_4, BPF_REG_2, (int16_t) 6, 0x0 },
|
||||
{ 0x67, BPF_REG_4, BPF_REG_0, (int16_t) 0, 0x10 },
|
||||
{ 0x4f, BPF_REG_3, BPF_REG_4, (int16_t) 0, 0x0 },
|
||||
{ 0x71, BPF_REG_4, BPF_REG_2, (int16_t) 7, 0x0 },
|
||||
{ 0x67, BPF_REG_4, BPF_REG_0, (int16_t) 0, 0x8 },
|
||||
{ 0x4f, BPF_REG_3, BPF_REG_4, (int16_t) 0, 0x0 },
|
||||
{ 0x71, BPF_REG_2, BPF_REG_2, (int16_t) 8, 0x0 },
|
||||
{ 0x4f, BPF_REG_3, BPF_REG_2, (int16_t) 0, 0x0 },
|
||||
{ 0x7b, BPF_REG_10, BPF_REG_3, (int16_t) 65528, 0x0 },
|
||||
{ 0xbf, BPF_REG_3, BPF_REG_10, (int16_t) 0, 0x0 },
|
||||
{ 0x7, BPF_REG_3, BPF_REG_0, (int16_t) 0, 0xfffffff8 },
|
||||
{ 0x18, BPF_REG_2, BPF_REG_0, (int16_t) 0, 0x0 },
|
||||
{ 0x0, BPF_REG_0, BPF_REG_0, (int16_t) 0, 0x0 },
|
||||
{ 0xb7, BPF_REG_4, BPF_REG_0, (int16_t) 0, 0x0 },
|
||||
{ 0x85, BPF_REG_0, BPF_REG_0, (int16_t) 0, 0x52 },
|
||||
{ 0xb7, BPF_REG_0, BPF_REG_0, (int16_t) 0, 0x1 },
|
||||
{ 0x95, BPF_REG_0, BPF_REG_0, (int16_t) 0, 0x0 },
|
||||
};
|
||||
|
||||
|
||||
ngx_bpf_program_t ngx_quic_reuseport_helper = {
|
||||
.relocs = bpf_reloc_prog_ngx_quic_reuseport_helper,
|
||||
.nrelocs = sizeof(bpf_reloc_prog_ngx_quic_reuseport_helper)
|
||||
/ sizeof(bpf_reloc_prog_ngx_quic_reuseport_helper[0]),
|
||||
.ins = bpf_insn_prog_ngx_quic_reuseport_helper,
|
||||
.nins = sizeof(bpf_insn_prog_ngx_quic_reuseport_helper)
|
||||
/ sizeof(bpf_insn_prog_ngx_quic_reuseport_helper[0]),
|
||||
.license = "BSD",
|
||||
.type = BPF_PROG_TYPE_SK_REUSEPORT,
|
||||
};
|
|
@ -1,283 +0,0 @@
|
|||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _NGX_EVENT_QUIC_CONNECTION_H_INCLUDED_
|
||||
#define _NGX_EVENT_QUIC_CONNECTION_H_INCLUDED_
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
#include <ngx_event.h>
|
||||
|
||||
|
||||
/* #define NGX_QUIC_DEBUG_PACKETS */ /* dump packet contents */
|
||||
/* #define NGX_QUIC_DEBUG_FRAMES */ /* dump frames contents */
|
||||
/* #define NGX_QUIC_DEBUG_ALLOC */ /* log frames and bufs alloc */
|
||||
/* #define NGX_QUIC_DEBUG_CRYPTO */
|
||||
|
||||
typedef struct ngx_quic_connection_s ngx_quic_connection_t;
|
||||
typedef struct ngx_quic_server_id_s ngx_quic_server_id_t;
|
||||
typedef struct ngx_quic_client_id_s ngx_quic_client_id_t;
|
||||
typedef struct ngx_quic_send_ctx_s ngx_quic_send_ctx_t;
|
||||
typedef struct ngx_quic_socket_s ngx_quic_socket_t;
|
||||
typedef struct ngx_quic_path_s ngx_quic_path_t;
|
||||
typedef struct ngx_quic_keys_s ngx_quic_keys_t;
|
||||
|
||||
#if (NGX_QUIC_OPENSSL_COMPAT)
|
||||
#include <ngx_event_quic_openssl_compat.h>
|
||||
#endif
|
||||
#include <ngx_event_quic_transport.h>
|
||||
#include <ngx_event_quic_protection.h>
|
||||
#include <ngx_event_quic_frames.h>
|
||||
#include <ngx_event_quic_migration.h>
|
||||
#include <ngx_event_quic_connid.h>
|
||||
#include <ngx_event_quic_streams.h>
|
||||
#include <ngx_event_quic_ssl.h>
|
||||
#include <ngx_event_quic_tokens.h>
|
||||
#include <ngx_event_quic_ack.h>
|
||||
#include <ngx_event_quic_output.h>
|
||||
#include <ngx_event_quic_socket.h>
|
||||
|
||||
|
||||
/* RFC 9002, 6.2.2. Handshakes and New Paths: kInitialRtt */
|
||||
#define NGX_QUIC_INITIAL_RTT 333 /* ms */
|
||||
|
||||
#define NGX_QUIC_UNSET_PN (uint64_t) -1
|
||||
|
||||
#define NGX_QUIC_SEND_CTX_LAST (NGX_QUIC_ENCRYPTION_LAST - 1)
|
||||
|
||||
/* 0-RTT and 1-RTT data exist in the same packet number space,
|
||||
* so we have 3 packet number spaces:
|
||||
*
|
||||
* 0 - Initial
|
||||
* 1 - Handshake
|
||||
* 2 - 0-RTT and 1-RTT
|
||||
*/
|
||||
#define ngx_quic_get_send_ctx(qc, level) \
|
||||
((level) == ssl_encryption_initial) ? &((qc)->send_ctx[0]) \
|
||||
: (((level) == ssl_encryption_handshake) ? &((qc)->send_ctx[1]) \
|
||||
: &((qc)->send_ctx[2]))
|
||||
|
||||
#define ngx_quic_get_connection(c) \
|
||||
(((c)->udp) ? (((ngx_quic_socket_t *)((c)->udp))->quic) : NULL)
|
||||
|
||||
#define ngx_quic_get_socket(c) ((ngx_quic_socket_t *)((c)->udp))
|
||||
|
||||
|
||||
struct ngx_quic_client_id_s {
|
||||
ngx_queue_t queue;
|
||||
uint64_t seqnum;
|
||||
size_t len;
|
||||
u_char id[NGX_QUIC_CID_LEN_MAX];
|
||||
u_char sr_token[NGX_QUIC_SR_TOKEN_LEN];
|
||||
ngx_uint_t used; /* unsigned used:1; */
|
||||
};
|
||||
|
||||
|
||||
struct ngx_quic_server_id_s {
|
||||
uint64_t seqnum;
|
||||
size_t len;
|
||||
u_char id[NGX_QUIC_CID_LEN_MAX];
|
||||
};
|
||||
|
||||
|
||||
struct ngx_quic_path_s {
|
||||
ngx_queue_t queue;
|
||||
struct sockaddr *sockaddr;
|
||||
ngx_sockaddr_t sa;
|
||||
socklen_t socklen;
|
||||
ngx_quic_client_id_t *cid;
|
||||
ngx_msec_t expires;
|
||||
ngx_uint_t tries;
|
||||
ngx_uint_t tag;
|
||||
off_t sent;
|
||||
off_t received;
|
||||
u_char challenge1[8];
|
||||
u_char challenge2[8];
|
||||
uint64_t seqnum;
|
||||
ngx_str_t addr_text;
|
||||
u_char text[NGX_SOCKADDR_STRLEN];
|
||||
unsigned validated:1;
|
||||
unsigned validating:1;
|
||||
unsigned limited:1;
|
||||
};
|
||||
|
||||
|
||||
struct ngx_quic_socket_s {
|
||||
ngx_udp_connection_t udp;
|
||||
ngx_quic_connection_t *quic;
|
||||
ngx_queue_t queue;
|
||||
ngx_quic_server_id_t sid;
|
||||
ngx_sockaddr_t sockaddr;
|
||||
socklen_t socklen;
|
||||
ngx_uint_t used; /* unsigned used:1; */
|
||||
};
|
||||
|
||||
|
||||
typedef struct {
|
||||
ngx_rbtree_t tree;
|
||||
ngx_rbtree_node_t sentinel;
|
||||
|
||||
ngx_queue_t uninitialized;
|
||||
ngx_queue_t free;
|
||||
|
||||
uint64_t sent;
|
||||
uint64_t recv_offset;
|
||||
uint64_t recv_window;
|
||||
uint64_t recv_last;
|
||||
uint64_t recv_max_data;
|
||||
uint64_t send_offset;
|
||||
uint64_t send_max_data;
|
||||
|
||||
uint64_t server_max_streams_uni;
|
||||
uint64_t server_max_streams_bidi;
|
||||
uint64_t server_streams_uni;
|
||||
uint64_t server_streams_bidi;
|
||||
|
||||
uint64_t client_max_streams_uni;
|
||||
uint64_t client_max_streams_bidi;
|
||||
uint64_t client_streams_uni;
|
||||
uint64_t client_streams_bidi;
|
||||
|
||||
ngx_uint_t initialized;
|
||||
/* unsigned initialized:1; */
|
||||
} ngx_quic_streams_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
size_t in_flight;
|
||||
size_t window;
|
||||
size_t ssthresh;
|
||||
ngx_msec_t recovery_start;
|
||||
} ngx_quic_congestion_t;
|
||||
|
||||
|
||||
/*
|
||||
* RFC 9000, 12.3. Packet Numbers
|
||||
*
|
||||
* Conceptually, a packet number space is the context in which a packet
|
||||
* can be processed and acknowledged. Initial packets can only be sent
|
||||
* with Initial packet protection keys and acknowledged in packets that
|
||||
* are also Initial packets.
|
||||
*/
|
||||
struct ngx_quic_send_ctx_s {
|
||||
enum ssl_encryption_level_t level;
|
||||
|
||||
ngx_quic_buffer_t crypto;
|
||||
uint64_t crypto_sent;
|
||||
|
||||
uint64_t pnum; /* to be sent */
|
||||
uint64_t largest_ack; /* received from peer */
|
||||
uint64_t largest_pn; /* received from peer */
|
||||
|
||||
ngx_queue_t frames; /* generated frames */
|
||||
ngx_queue_t sending; /* frames assigned to pkt */
|
||||
ngx_queue_t sent; /* frames waiting ACK */
|
||||
|
||||
uint64_t pending_ack; /* non sent ack-eliciting */
|
||||
uint64_t largest_range;
|
||||
uint64_t first_range;
|
||||
ngx_msec_t largest_received;
|
||||
ngx_msec_t ack_delay_start;
|
||||
ngx_uint_t nranges;
|
||||
ngx_quic_ack_range_t ranges[NGX_QUIC_MAX_RANGES];
|
||||
ngx_uint_t send_ack;
|
||||
};
|
||||
|
||||
|
||||
struct ngx_quic_connection_s {
|
||||
uint32_t version;
|
||||
|
||||
ngx_quic_path_t *path;
|
||||
|
||||
ngx_queue_t sockets;
|
||||
ngx_queue_t paths;
|
||||
ngx_queue_t client_ids;
|
||||
ngx_queue_t free_sockets;
|
||||
ngx_queue_t free_paths;
|
||||
ngx_queue_t free_client_ids;
|
||||
|
||||
ngx_uint_t nsockets;
|
||||
ngx_uint_t nclient_ids;
|
||||
uint64_t max_retired_seqnum;
|
||||
uint64_t client_seqnum;
|
||||
uint64_t server_seqnum;
|
||||
uint64_t path_seqnum;
|
||||
|
||||
ngx_quic_tp_t tp;
|
||||
ngx_quic_tp_t ctp;
|
||||
|
||||
ngx_quic_send_ctx_t send_ctx[NGX_QUIC_SEND_CTX_LAST];
|
||||
|
||||
ngx_quic_keys_t *keys;
|
||||
|
||||
ngx_quic_conf_t *conf;
|
||||
|
||||
ngx_event_t push;
|
||||
ngx_event_t pto;
|
||||
ngx_event_t close;
|
||||
ngx_event_t path_validation;
|
||||
ngx_msec_t last_cc;
|
||||
|
||||
ngx_msec_t first_rtt;
|
||||
ngx_msec_t latest_rtt;
|
||||
ngx_msec_t avg_rtt;
|
||||
ngx_msec_t min_rtt;
|
||||
ngx_msec_t rttvar;
|
||||
|
||||
ngx_uint_t pto_count;
|
||||
|
||||
ngx_queue_t free_frames;
|
||||
ngx_buf_t *free_bufs;
|
||||
ngx_buf_t *free_shadow_bufs;
|
||||
|
||||
ngx_uint_t nframes;
|
||||
#ifdef NGX_QUIC_DEBUG_ALLOC
|
||||
ngx_uint_t nbufs;
|
||||
ngx_uint_t nshadowbufs;
|
||||
#endif
|
||||
|
||||
#if (NGX_QUIC_OPENSSL_COMPAT)
|
||||
ngx_quic_compat_t *compat;
|
||||
#endif
|
||||
|
||||
ngx_quic_streams_t streams;
|
||||
ngx_quic_congestion_t congestion;
|
||||
|
||||
off_t received;
|
||||
|
||||
ngx_uint_t error;
|
||||
enum ssl_encryption_level_t error_level;
|
||||
ngx_uint_t error_ftype;
|
||||
const char *error_reason;
|
||||
|
||||
ngx_uint_t shutdown_code;
|
||||
const char *shutdown_reason;
|
||||
|
||||
unsigned error_app:1;
|
||||
unsigned send_timer_set:1;
|
||||
unsigned closing:1;
|
||||
unsigned shutdown:1;
|
||||
unsigned draining:1;
|
||||
unsigned key_phase:1;
|
||||
unsigned validated:1;
|
||||
unsigned client_tp_done:1;
|
||||
};
|
||||
|
||||
|
||||
ngx_int_t ngx_quic_apply_transport_params(ngx_connection_t *c,
|
||||
ngx_quic_tp_t *ctp);
|
||||
void ngx_quic_discard_ctx(ngx_connection_t *c,
|
||||
enum ssl_encryption_level_t level);
|
||||
void ngx_quic_close_connection(ngx_connection_t *c, ngx_int_t rc);
|
||||
void ngx_quic_shutdown_quic(ngx_connection_t *c);
|
||||
|
||||
#if (NGX_DEBUG)
|
||||
void ngx_quic_connstate_dbg(ngx_connection_t *c);
|
||||
#else
|
||||
#define ngx_quic_connstate_dbg(c)
|
||||
#endif
|
||||
|
||||
#endif /* _NGX_EVENT_QUIC_CONNECTION_H_INCLUDED_ */
|
|
@ -1,502 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
#include <ngx_event.h>
|
||||
#include <ngx_event_quic_connection.h>
|
||||
|
||||
#define NGX_QUIC_MAX_SERVER_IDS 8
|
||||
|
||||
|
||||
#if (NGX_QUIC_BPF)
|
||||
static ngx_int_t ngx_quic_bpf_attach_id(ngx_connection_t *c, u_char *id);
|
||||
#endif
|
||||
static ngx_int_t ngx_quic_retire_client_id(ngx_connection_t *c,
|
||||
ngx_quic_client_id_t *cid);
|
||||
static ngx_quic_client_id_t *ngx_quic_alloc_client_id(ngx_connection_t *c,
|
||||
ngx_quic_connection_t *qc);
|
||||
static ngx_int_t ngx_quic_send_server_id(ngx_connection_t *c,
|
||||
ngx_quic_server_id_t *sid);
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_create_server_id(ngx_connection_t *c, u_char *id)
|
||||
{
|
||||
if (RAND_bytes(id, NGX_QUIC_SERVER_CID_LEN) != 1) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
#if (NGX_QUIC_BPF)
|
||||
if (ngx_quic_bpf_attach_id(c, id) != NGX_OK) {
|
||||
ngx_log_error(NGX_LOG_ERR, c->log, 0,
|
||||
"quic bpf failed to generate socket key");
|
||||
/* ignore error, things still may work */
|
||||
}
|
||||
#endif
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
#if (NGX_QUIC_BPF)
|
||||
|
||||
static ngx_int_t
|
||||
ngx_quic_bpf_attach_id(ngx_connection_t *c, u_char *id)
|
||||
{
|
||||
int fd;
|
||||
uint64_t cookie;
|
||||
socklen_t optlen;
|
||||
|
||||
fd = c->listening->fd;
|
||||
|
||||
optlen = sizeof(cookie);
|
||||
|
||||
if (getsockopt(fd, SOL_SOCKET, SO_COOKIE, &cookie, &optlen) == -1) {
|
||||
ngx_log_error(NGX_LOG_ERR, c->log, ngx_socket_errno,
|
||||
"quic getsockopt(SO_COOKIE) failed");
|
||||
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
ngx_quic_dcid_encode_key(id, cookie);
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_handle_new_connection_id_frame(ngx_connection_t *c,
|
||||
ngx_quic_new_conn_id_frame_t *f)
|
||||
{
|
||||
ngx_str_t id;
|
||||
ngx_queue_t *q;
|
||||
ngx_quic_frame_t *frame;
|
||||
ngx_quic_client_id_t *cid, *item;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
if (f->seqnum < qc->max_retired_seqnum) {
|
||||
/*
|
||||
* RFC 9000, 19.15. NEW_CONNECTION_ID Frame
|
||||
*
|
||||
* An endpoint that receives a NEW_CONNECTION_ID frame with
|
||||
* a sequence number smaller than the Retire Prior To field
|
||||
* of a previously received NEW_CONNECTION_ID frame MUST send
|
||||
* a corresponding RETIRE_CONNECTION_ID frame that retires
|
||||
* the newly received connection ID, unless it has already
|
||||
* done so for that sequence number.
|
||||
*/
|
||||
|
||||
frame = ngx_quic_alloc_frame(c);
|
||||
if (frame == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
frame->level = ssl_encryption_application;
|
||||
frame->type = NGX_QUIC_FT_RETIRE_CONNECTION_ID;
|
||||
frame->u.retire_cid.sequence_number = f->seqnum;
|
||||
|
||||
ngx_quic_queue_frame(qc, frame);
|
||||
|
||||
goto retire;
|
||||
}
|
||||
|
||||
cid = NULL;
|
||||
|
||||
for (q = ngx_queue_head(&qc->client_ids);
|
||||
q != ngx_queue_sentinel(&qc->client_ids);
|
||||
q = ngx_queue_next(q))
|
||||
{
|
||||
item = ngx_queue_data(q, ngx_quic_client_id_t, queue);
|
||||
|
||||
if (item->seqnum == f->seqnum) {
|
||||
cid = item;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (cid) {
|
||||
/*
|
||||
* Transmission errors, timeouts, and retransmissions might cause the
|
||||
* same NEW_CONNECTION_ID frame to be received multiple times.
|
||||
*/
|
||||
|
||||
if (cid->len != f->len
|
||||
|| ngx_strncmp(cid->id, f->cid, f->len) != 0
|
||||
|| ngx_strncmp(cid->sr_token, f->srt, NGX_QUIC_SR_TOKEN_LEN) != 0)
|
||||
{
|
||||
/*
|
||||
* ..if a sequence number is used for different connection IDs,
|
||||
* the endpoint MAY treat that receipt as a connection error
|
||||
* of type PROTOCOL_VIOLATION.
|
||||
*/
|
||||
qc->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION;
|
||||
qc->error_reason = "seqnum refers to different connection id/token";
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
} else {
|
||||
|
||||
id.data = f->cid;
|
||||
id.len = f->len;
|
||||
|
||||
if (ngx_quic_create_client_id(c, &id, f->seqnum, f->srt) == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
retire:
|
||||
|
||||
if (qc->max_retired_seqnum && f->retire <= qc->max_retired_seqnum) {
|
||||
/*
|
||||
* Once a sender indicates a Retire Prior To value, smaller values sent
|
||||
* in subsequent NEW_CONNECTION_ID frames have no effect. A receiver
|
||||
* MUST ignore any Retire Prior To fields that do not increase the
|
||||
* largest received Retire Prior To value.
|
||||
*/
|
||||
goto done;
|
||||
}
|
||||
|
||||
qc->max_retired_seqnum = f->retire;
|
||||
|
||||
q = ngx_queue_head(&qc->client_ids);
|
||||
|
||||
while (q != ngx_queue_sentinel(&qc->client_ids)) {
|
||||
|
||||
cid = ngx_queue_data(q, ngx_quic_client_id_t, queue);
|
||||
q = ngx_queue_next(q);
|
||||
|
||||
if (cid->seqnum >= f->retire) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (ngx_quic_retire_client_id(c, cid) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
done:
|
||||
|
||||
if (qc->nclient_ids > qc->tp.active_connection_id_limit) {
|
||||
/*
|
||||
* RFC 9000, 5.1.1. Issuing Connection IDs
|
||||
*
|
||||
* After processing a NEW_CONNECTION_ID frame and
|
||||
* adding and retiring active connection IDs, if the number of active
|
||||
* connection IDs exceeds the value advertised in its
|
||||
* active_connection_id_limit transport parameter, an endpoint MUST
|
||||
* close the connection with an error of type CONNECTION_ID_LIMIT_ERROR.
|
||||
*/
|
||||
qc->error = NGX_QUIC_ERR_CONNECTION_ID_LIMIT_ERROR;
|
||||
qc->error_reason = "too many connection ids received";
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_quic_retire_client_id(ngx_connection_t *c, ngx_quic_client_id_t *cid)
|
||||
{
|
||||
ngx_queue_t *q;
|
||||
ngx_quic_path_t *path;
|
||||
ngx_quic_client_id_t *new_cid;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
if (!cid->used) {
|
||||
return ngx_quic_free_client_id(c, cid);
|
||||
}
|
||||
|
||||
/* we are going to retire client id which is in use */
|
||||
|
||||
q = ngx_queue_head(&qc->paths);
|
||||
|
||||
while (q != ngx_queue_sentinel(&qc->paths)) {
|
||||
|
||||
path = ngx_queue_data(q, ngx_quic_path_t, queue);
|
||||
q = ngx_queue_next(q);
|
||||
|
||||
if (path->cid != cid) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (path == qc->path) {
|
||||
/* this is the active path: update it with new CID */
|
||||
new_cid = ngx_quic_next_client_id(c);
|
||||
if (new_cid == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
qc->path->cid = new_cid;
|
||||
new_cid->used = 1;
|
||||
|
||||
return ngx_quic_free_client_id(c, cid);
|
||||
}
|
||||
|
||||
return ngx_quic_free_path(c, path);
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
static ngx_quic_client_id_t *
|
||||
ngx_quic_alloc_client_id(ngx_connection_t *c, ngx_quic_connection_t *qc)
|
||||
{
|
||||
ngx_queue_t *q;
|
||||
ngx_quic_client_id_t *cid;
|
||||
|
||||
if (!ngx_queue_empty(&qc->free_client_ids)) {
|
||||
|
||||
q = ngx_queue_head(&qc->free_client_ids);
|
||||
cid = ngx_queue_data(q, ngx_quic_client_id_t, queue);
|
||||
|
||||
ngx_queue_remove(&cid->queue);
|
||||
|
||||
ngx_memzero(cid, sizeof(ngx_quic_client_id_t));
|
||||
|
||||
} else {
|
||||
|
||||
cid = ngx_pcalloc(c->pool, sizeof(ngx_quic_client_id_t));
|
||||
if (cid == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
return cid;
|
||||
}
|
||||
|
||||
|
||||
ngx_quic_client_id_t *
|
||||
ngx_quic_create_client_id(ngx_connection_t *c, ngx_str_t *id,
|
||||
uint64_t seqnum, u_char *token)
|
||||
{
|
||||
ngx_quic_client_id_t *cid;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
cid = ngx_quic_alloc_client_id(c, qc);
|
||||
if (cid == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
cid->seqnum = seqnum;
|
||||
|
||||
cid->len = id->len;
|
||||
ngx_memcpy(cid->id, id->data, id->len);
|
||||
|
||||
if (token) {
|
||||
ngx_memcpy(cid->sr_token, token, NGX_QUIC_SR_TOKEN_LEN);
|
||||
}
|
||||
|
||||
ngx_queue_insert_tail(&qc->client_ids, &cid->queue);
|
||||
qc->nclient_ids++;
|
||||
|
||||
if (seqnum > qc->client_seqnum) {
|
||||
qc->client_seqnum = seqnum;
|
||||
}
|
||||
|
||||
ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic cid seq:%uL received id:%uz:%xV:%*xs",
|
||||
cid->seqnum, id->len, id,
|
||||
(size_t) NGX_QUIC_SR_TOKEN_LEN, cid->sr_token);
|
||||
|
||||
return cid;
|
||||
}
|
||||
|
||||
|
||||
ngx_quic_client_id_t *
|
||||
ngx_quic_next_client_id(ngx_connection_t *c)
|
||||
{
|
||||
ngx_queue_t *q;
|
||||
ngx_quic_client_id_t *cid;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
for (q = ngx_queue_head(&qc->client_ids);
|
||||
q != ngx_queue_sentinel(&qc->client_ids);
|
||||
q = ngx_queue_next(q))
|
||||
{
|
||||
cid = ngx_queue_data(q, ngx_quic_client_id_t, queue);
|
||||
|
||||
if (!cid->used) {
|
||||
return cid;
|
||||
}
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_handle_retire_connection_id_frame(ngx_connection_t *c,
|
||||
ngx_quic_retire_cid_frame_t *f)
|
||||
{
|
||||
ngx_quic_socket_t *qsock;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
if (f->sequence_number >= qc->server_seqnum) {
|
||||
/*
|
||||
* RFC 9000, 19.16.
|
||||
*
|
||||
* Receipt of a RETIRE_CONNECTION_ID frame containing a sequence
|
||||
* number greater than any previously sent to the peer MUST be
|
||||
* treated as a connection error of type PROTOCOL_VIOLATION.
|
||||
*/
|
||||
qc->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION;
|
||||
qc->error_reason = "sequence number of id to retire was never issued";
|
||||
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
qsock = ngx_quic_get_socket(c);
|
||||
|
||||
if (qsock->sid.seqnum == f->sequence_number) {
|
||||
|
||||
/*
|
||||
* RFC 9000, 19.16.
|
||||
*
|
||||
* The sequence number specified in a RETIRE_CONNECTION_ID frame MUST
|
||||
* NOT refer to the Destination Connection ID field of the packet in
|
||||
* which the frame is contained. The peer MAY treat this as a
|
||||
* connection error of type PROTOCOL_VIOLATION.
|
||||
*/
|
||||
|
||||
qc->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION;
|
||||
qc->error_reason = "sequence number of id to retire refers DCID";
|
||||
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
qsock = ngx_quic_find_socket(c, f->sequence_number);
|
||||
if (qsock == NULL) {
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic socket seq:%uL is retired", qsock->sid.seqnum);
|
||||
|
||||
ngx_quic_close_socket(c, qsock);
|
||||
|
||||
/* restore socket count up to a limit after deletion */
|
||||
if (ngx_quic_create_sockets(c) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_create_sockets(ngx_connection_t *c)
|
||||
{
|
||||
ngx_uint_t n;
|
||||
ngx_quic_socket_t *qsock;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
n = ngx_min(NGX_QUIC_MAX_SERVER_IDS, qc->ctp.active_connection_id_limit);
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic create sockets has:%ui max:%ui", qc->nsockets, n);
|
||||
|
||||
while (qc->nsockets < n) {
|
||||
|
||||
qsock = ngx_quic_create_socket(c, qc);
|
||||
if (qsock == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (ngx_quic_listen(c, qc, qsock) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (ngx_quic_send_server_id(c, &qsock->sid) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_quic_send_server_id(ngx_connection_t *c, ngx_quic_server_id_t *sid)
|
||||
{
|
||||
ngx_str_t dcid;
|
||||
ngx_quic_frame_t *frame;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
dcid.len = sid->len;
|
||||
dcid.data = sid->id;
|
||||
|
||||
frame = ngx_quic_alloc_frame(c);
|
||||
if (frame == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
frame->level = ssl_encryption_application;
|
||||
frame->type = NGX_QUIC_FT_NEW_CONNECTION_ID;
|
||||
frame->u.ncid.seqnum = sid->seqnum;
|
||||
frame->u.ncid.retire = 0;
|
||||
frame->u.ncid.len = NGX_QUIC_SERVER_CID_LEN;
|
||||
ngx_memcpy(frame->u.ncid.cid, sid->id, NGX_QUIC_SERVER_CID_LEN);
|
||||
|
||||
if (ngx_quic_new_sr_token(c, &dcid, qc->conf->sr_token_key,
|
||||
frame->u.ncid.srt)
|
||||
!= NGX_OK)
|
||||
{
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
ngx_quic_queue_frame(qc, frame);
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_free_client_id(ngx_connection_t *c, ngx_quic_client_id_t *cid)
|
||||
{
|
||||
ngx_quic_frame_t *frame;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
frame = ngx_quic_alloc_frame(c);
|
||||
if (frame == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
frame->level = ssl_encryption_application;
|
||||
frame->type = NGX_QUIC_FT_RETIRE_CONNECTION_ID;
|
||||
frame->u.retire_cid.sequence_number = cid->seqnum;
|
||||
|
||||
ngx_quic_queue_frame(qc, frame);
|
||||
|
||||
/* we are no longer going to use this client id */
|
||||
|
||||
ngx_queue_remove(&cid->queue);
|
||||
ngx_queue_insert_head(&qc->free_client_ids, &cid->queue);
|
||||
|
||||
qc->nclient_ids--;
|
||||
|
||||
return NGX_OK;
|
||||
}
|
|
@ -1,29 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _NGX_EVENT_QUIC_CONNID_H_INCLUDED_
|
||||
#define _NGX_EVENT_QUIC_CONNID_H_INCLUDED_
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
|
||||
|
||||
ngx_int_t ngx_quic_handle_retire_connection_id_frame(ngx_connection_t *c,
|
||||
ngx_quic_retire_cid_frame_t *f);
|
||||
ngx_int_t ngx_quic_handle_new_connection_id_frame(ngx_connection_t *c,
|
||||
ngx_quic_new_conn_id_frame_t *f);
|
||||
|
||||
ngx_int_t ngx_quic_create_sockets(ngx_connection_t *c);
|
||||
ngx_int_t ngx_quic_create_server_id(ngx_connection_t *c, u_char *id);
|
||||
|
||||
ngx_quic_client_id_t *ngx_quic_create_client_id(ngx_connection_t *c,
|
||||
ngx_str_t *id, uint64_t seqnum, u_char *token);
|
||||
ngx_quic_client_id_t *ngx_quic_next_client_id(ngx_connection_t *c);
|
||||
ngx_int_t ngx_quic_free_client_id(ngx_connection_t *c,
|
||||
ngx_quic_client_id_t *cid);
|
||||
|
||||
#endif /* _NGX_EVENT_QUIC_CONNID_H_INCLUDED_ */
|
|
@ -1,891 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
#include <ngx_event.h>
|
||||
#include <ngx_event_quic_connection.h>
|
||||
|
||||
|
||||
#define NGX_QUIC_BUFFER_SIZE 4096
|
||||
|
||||
#define ngx_quic_buf_refs(b) (b)->shadow->num
|
||||
#define ngx_quic_buf_inc_refs(b) ngx_quic_buf_refs(b)++
|
||||
#define ngx_quic_buf_dec_refs(b) ngx_quic_buf_refs(b)--
|
||||
#define ngx_quic_buf_set_refs(b, v) ngx_quic_buf_refs(b) = v
|
||||
|
||||
|
||||
static ngx_buf_t *ngx_quic_alloc_buf(ngx_connection_t *c);
|
||||
static void ngx_quic_free_buf(ngx_connection_t *c, ngx_buf_t *b);
|
||||
static ngx_buf_t *ngx_quic_clone_buf(ngx_connection_t *c, ngx_buf_t *b);
|
||||
static ngx_int_t ngx_quic_split_chain(ngx_connection_t *c, ngx_chain_t *cl,
|
||||
off_t offset);
|
||||
|
||||
|
||||
static ngx_buf_t *
|
||||
ngx_quic_alloc_buf(ngx_connection_t *c)
|
||||
{
|
||||
u_char *p;
|
||||
ngx_buf_t *b;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
b = qc->free_bufs;
|
||||
|
||||
if (b) {
|
||||
qc->free_bufs = b->shadow;
|
||||
p = b->start;
|
||||
|
||||
} else {
|
||||
b = qc->free_shadow_bufs;
|
||||
|
||||
if (b) {
|
||||
qc->free_shadow_bufs = b->shadow;
|
||||
|
||||
#ifdef NGX_QUIC_DEBUG_ALLOC
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic use shadow buffer n:%ui %ui",
|
||||
++qc->nbufs, --qc->nshadowbufs);
|
||||
#endif
|
||||
|
||||
} else {
|
||||
b = ngx_palloc(c->pool, sizeof(ngx_buf_t));
|
||||
if (b == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
#ifdef NGX_QUIC_DEBUG_ALLOC
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic new buffer n:%ui", ++qc->nbufs);
|
||||
#endif
|
||||
}
|
||||
|
||||
p = ngx_pnalloc(c->pool, NGX_QUIC_BUFFER_SIZE);
|
||||
if (p == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef NGX_QUIC_DEBUG_ALLOC
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "quic alloc buffer %p", b);
|
||||
#endif
|
||||
|
||||
ngx_memzero(b, sizeof(ngx_buf_t));
|
||||
|
||||
b->tag = (ngx_buf_tag_t) &ngx_quic_alloc_buf;
|
||||
b->temporary = 1;
|
||||
b->shadow = b;
|
||||
|
||||
b->start = p;
|
||||
b->pos = p;
|
||||
b->last = p;
|
||||
b->end = p + NGX_QUIC_BUFFER_SIZE;
|
||||
|
||||
ngx_quic_buf_set_refs(b, 1);
|
||||
|
||||
return b;
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
ngx_quic_free_buf(ngx_connection_t *c, ngx_buf_t *b)
|
||||
{
|
||||
ngx_buf_t *shadow;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
ngx_quic_buf_dec_refs(b);
|
||||
|
||||
#ifdef NGX_QUIC_DEBUG_ALLOC
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic free buffer %p r:%ui",
|
||||
b, (ngx_uint_t) ngx_quic_buf_refs(b));
|
||||
#endif
|
||||
|
||||
shadow = b->shadow;
|
||||
|
||||
if (ngx_quic_buf_refs(b) == 0) {
|
||||
shadow->shadow = qc->free_bufs;
|
||||
qc->free_bufs = shadow;
|
||||
}
|
||||
|
||||
if (b != shadow) {
|
||||
b->shadow = qc->free_shadow_bufs;
|
||||
qc->free_shadow_bufs = b;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
static ngx_buf_t *
|
||||
ngx_quic_clone_buf(ngx_connection_t *c, ngx_buf_t *b)
|
||||
{
|
||||
ngx_buf_t *nb;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
nb = qc->free_shadow_bufs;
|
||||
|
||||
if (nb) {
|
||||
qc->free_shadow_bufs = nb->shadow;
|
||||
|
||||
} else {
|
||||
nb = ngx_palloc(c->pool, sizeof(ngx_buf_t));
|
||||
if (nb == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
#ifdef NGX_QUIC_DEBUG_ALLOC
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic new shadow buffer n:%ui", ++qc->nshadowbufs);
|
||||
#endif
|
||||
}
|
||||
|
||||
*nb = *b;
|
||||
|
||||
ngx_quic_buf_inc_refs(b);
|
||||
|
||||
#ifdef NGX_QUIC_DEBUG_ALLOC
|
||||
ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic clone buffer %p %p r:%ui",
|
||||
b, nb, (ngx_uint_t) ngx_quic_buf_refs(b));
|
||||
#endif
|
||||
|
||||
return nb;
|
||||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_quic_split_chain(ngx_connection_t *c, ngx_chain_t *cl, off_t offset)
|
||||
{
|
||||
ngx_buf_t *b, *tb;
|
||||
ngx_chain_t *tail;
|
||||
|
||||
b = cl->buf;
|
||||
|
||||
tail = ngx_alloc_chain_link(c->pool);
|
||||
if (tail == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
tb = ngx_quic_clone_buf(c, b);
|
||||
if (tb == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
tail->buf = tb;
|
||||
|
||||
tb->pos += offset;
|
||||
|
||||
b->last = tb->pos;
|
||||
b->last_buf = 0;
|
||||
|
||||
tail->next = cl->next;
|
||||
cl->next = tail;
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
ngx_quic_frame_t *
|
||||
ngx_quic_alloc_frame(ngx_connection_t *c)
|
||||
{
|
||||
ngx_queue_t *q;
|
||||
ngx_quic_frame_t *frame;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
if (!ngx_queue_empty(&qc->free_frames)) {
|
||||
|
||||
q = ngx_queue_head(&qc->free_frames);
|
||||
frame = ngx_queue_data(q, ngx_quic_frame_t, queue);
|
||||
|
||||
ngx_queue_remove(&frame->queue);
|
||||
|
||||
#ifdef NGX_QUIC_DEBUG_ALLOC
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic reuse frame n:%ui", qc->nframes);
|
||||
#endif
|
||||
|
||||
} else if (qc->nframes < 10000) {
|
||||
frame = ngx_palloc(c->pool, sizeof(ngx_quic_frame_t));
|
||||
if (frame == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
++qc->nframes;
|
||||
|
||||
#ifdef NGX_QUIC_DEBUG_ALLOC
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic alloc frame n:%ui", qc->nframes);
|
||||
#endif
|
||||
|
||||
} else {
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic flood detected");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ngx_memzero(frame, sizeof(ngx_quic_frame_t));
|
||||
|
||||
return frame;
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
ngx_quic_free_frame(ngx_connection_t *c, ngx_quic_frame_t *frame)
|
||||
{
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
if (frame->data) {
|
||||
ngx_quic_free_chain(c, frame->data);
|
||||
}
|
||||
|
||||
ngx_queue_insert_head(&qc->free_frames, &frame->queue);
|
||||
|
||||
#ifdef NGX_QUIC_DEBUG_ALLOC
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic free frame n:%ui", qc->nframes);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
ngx_quic_free_chain(ngx_connection_t *c, ngx_chain_t *in)
|
||||
{
|
||||
ngx_chain_t *cl;
|
||||
|
||||
while (in) {
|
||||
cl = in;
|
||||
in = in->next;
|
||||
|
||||
ngx_quic_free_buf(c, cl->buf);
|
||||
ngx_free_chain(c->pool, cl);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
ngx_quic_free_frames(ngx_connection_t *c, ngx_queue_t *frames)
|
||||
{
|
||||
ngx_queue_t *q;
|
||||
ngx_quic_frame_t *f;
|
||||
|
||||
do {
|
||||
q = ngx_queue_head(frames);
|
||||
|
||||
if (q == ngx_queue_sentinel(frames)) {
|
||||
break;
|
||||
}
|
||||
|
||||
ngx_queue_remove(q);
|
||||
|
||||
f = ngx_queue_data(q, ngx_quic_frame_t, queue);
|
||||
|
||||
ngx_quic_free_frame(c, f);
|
||||
} while (1);
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
ngx_quic_queue_frame(ngx_quic_connection_t *qc, ngx_quic_frame_t *frame)
|
||||
{
|
||||
ngx_quic_send_ctx_t *ctx;
|
||||
|
||||
ctx = ngx_quic_get_send_ctx(qc, frame->level);
|
||||
|
||||
ngx_queue_insert_tail(&ctx->frames, &frame->queue);
|
||||
|
||||
frame->len = ngx_quic_create_frame(NULL, frame);
|
||||
/* always succeeds */
|
||||
|
||||
if (qc->closing) {
|
||||
return;
|
||||
}
|
||||
|
||||
ngx_post_event(&qc->push, &ngx_posted_events);
|
||||
}
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_split_frame(ngx_connection_t *c, ngx_quic_frame_t *f, size_t len)
|
||||
{
|
||||
size_t shrink;
|
||||
ngx_quic_frame_t *nf;
|
||||
ngx_quic_buffer_t qb;
|
||||
ngx_quic_ordered_frame_t *of, *onf;
|
||||
|
||||
switch (f->type) {
|
||||
case NGX_QUIC_FT_CRYPTO:
|
||||
case NGX_QUIC_FT_STREAM:
|
||||
break;
|
||||
|
||||
default:
|
||||
return NGX_DECLINED;
|
||||
}
|
||||
|
||||
if ((size_t) f->len <= len) {
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
shrink = f->len - len;
|
||||
|
||||
ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic split frame now:%uz need:%uz shrink:%uz",
|
||||
f->len, len, shrink);
|
||||
|
||||
of = &f->u.ord;
|
||||
|
||||
if (of->length <= shrink) {
|
||||
return NGX_DECLINED;
|
||||
}
|
||||
|
||||
of->length -= shrink;
|
||||
f->len = ngx_quic_create_frame(NULL, f);
|
||||
|
||||
if ((size_t) f->len > len) {
|
||||
ngx_log_error(NGX_LOG_ERR, c->log, 0, "could not split QUIC frame");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
ngx_memzero(&qb, sizeof(ngx_quic_buffer_t));
|
||||
qb.chain = f->data;
|
||||
|
||||
f->data = ngx_quic_read_buffer(c, &qb, of->length);
|
||||
if (f->data == NGX_CHAIN_ERROR) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
nf = ngx_quic_alloc_frame(c);
|
||||
if (nf == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
*nf = *f;
|
||||
onf = &nf->u.ord;
|
||||
onf->offset += of->length;
|
||||
onf->length = shrink;
|
||||
nf->len = ngx_quic_create_frame(NULL, nf);
|
||||
nf->data = qb.chain;
|
||||
|
||||
if (f->type == NGX_QUIC_FT_STREAM) {
|
||||
f->u.stream.fin = 0;
|
||||
}
|
||||
|
||||
ngx_queue_insert_after(&f->queue, &nf->queue);
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
ngx_chain_t *
|
||||
ngx_quic_copy_buffer(ngx_connection_t *c, u_char *data, size_t len)
|
||||
{
|
||||
ngx_buf_t buf;
|
||||
ngx_chain_t cl, *out;
|
||||
ngx_quic_buffer_t qb;
|
||||
|
||||
ngx_memzero(&buf, sizeof(ngx_buf_t));
|
||||
|
||||
buf.pos = data;
|
||||
buf.last = buf.pos + len;
|
||||
buf.temporary = 1;
|
||||
|
||||
cl.buf = &buf;
|
||||
cl.next = NULL;
|
||||
|
||||
ngx_memzero(&qb, sizeof(ngx_quic_buffer_t));
|
||||
|
||||
if (ngx_quic_write_buffer(c, &qb, &cl, len, 0) == NGX_CHAIN_ERROR) {
|
||||
return NGX_CHAIN_ERROR;
|
||||
}
|
||||
|
||||
out = ngx_quic_read_buffer(c, &qb, len);
|
||||
if (out == NGX_CHAIN_ERROR) {
|
||||
return NGX_CHAIN_ERROR;
|
||||
}
|
||||
|
||||
ngx_quic_free_buffer(c, &qb);
|
||||
|
||||
return out;
|
||||
}
|
||||
|
||||
|
||||
ngx_chain_t *
|
||||
ngx_quic_read_buffer(ngx_connection_t *c, ngx_quic_buffer_t *qb, uint64_t limit)
|
||||
{
|
||||
uint64_t n;
|
||||
ngx_buf_t *b;
|
||||
ngx_chain_t *out, **ll;
|
||||
|
||||
out = qb->chain;
|
||||
|
||||
for (ll = &out; *ll; ll = &(*ll)->next) {
|
||||
b = (*ll)->buf;
|
||||
|
||||
if (b->sync) {
|
||||
/* hole */
|
||||
break;
|
||||
}
|
||||
|
||||
if (limit == 0) {
|
||||
break;
|
||||
}
|
||||
|
||||
n = b->last - b->pos;
|
||||
|
||||
if (n > limit) {
|
||||
if (ngx_quic_split_chain(c, *ll, limit) != NGX_OK) {
|
||||
return NGX_CHAIN_ERROR;
|
||||
}
|
||||
|
||||
n = limit;
|
||||
}
|
||||
|
||||
limit -= n;
|
||||
qb->offset += n;
|
||||
}
|
||||
|
||||
if (qb->offset >= qb->last_offset) {
|
||||
qb->last_chain = NULL;
|
||||
}
|
||||
|
||||
qb->chain = *ll;
|
||||
*ll = NULL;
|
||||
|
||||
return out;
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
ngx_quic_skip_buffer(ngx_connection_t *c, ngx_quic_buffer_t *qb,
|
||||
uint64_t offset)
|
||||
{
|
||||
size_t n;
|
||||
ngx_buf_t *b;
|
||||
ngx_chain_t *cl;
|
||||
|
||||
while (qb->chain) {
|
||||
if (qb->offset >= offset) {
|
||||
break;
|
||||
}
|
||||
|
||||
cl = qb->chain;
|
||||
b = cl->buf;
|
||||
n = b->last - b->pos;
|
||||
|
||||
if (qb->offset + n > offset) {
|
||||
n = offset - qb->offset;
|
||||
b->pos += n;
|
||||
qb->offset += n;
|
||||
break;
|
||||
}
|
||||
|
||||
qb->offset += n;
|
||||
qb->chain = cl->next;
|
||||
|
||||
cl->next = NULL;
|
||||
ngx_quic_free_chain(c, cl);
|
||||
}
|
||||
|
||||
if (qb->chain == NULL) {
|
||||
qb->offset = offset;
|
||||
}
|
||||
|
||||
if (qb->offset >= qb->last_offset) {
|
||||
qb->last_chain = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
ngx_chain_t *
|
||||
ngx_quic_alloc_chain(ngx_connection_t *c)
|
||||
{
|
||||
ngx_chain_t *cl;
|
||||
|
||||
cl = ngx_alloc_chain_link(c->pool);
|
||||
if (cl == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
cl->buf = ngx_quic_alloc_buf(c);
|
||||
if (cl->buf == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return cl;
|
||||
}
|
||||
|
||||
|
||||
ngx_chain_t *
|
||||
ngx_quic_write_buffer(ngx_connection_t *c, ngx_quic_buffer_t *qb,
|
||||
ngx_chain_t *in, uint64_t limit, uint64_t offset)
|
||||
{
|
||||
u_char *p;
|
||||
uint64_t n, base;
|
||||
ngx_buf_t *b;
|
||||
ngx_chain_t *cl, **chain;
|
||||
|
||||
if (qb->last_chain && offset >= qb->last_offset) {
|
||||
base = qb->last_offset;
|
||||
chain = &qb->last_chain;
|
||||
|
||||
} else {
|
||||
base = qb->offset;
|
||||
chain = &qb->chain;
|
||||
}
|
||||
|
||||
while (in && limit) {
|
||||
|
||||
if (offset < base) {
|
||||
n = ngx_min((uint64_t) (in->buf->last - in->buf->pos),
|
||||
ngx_min(base - offset, limit));
|
||||
|
||||
in->buf->pos += n;
|
||||
offset += n;
|
||||
limit -= n;
|
||||
|
||||
if (in->buf->pos == in->buf->last) {
|
||||
in = in->next;
|
||||
}
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
cl = *chain;
|
||||
|
||||
if (cl == NULL) {
|
||||
cl = ngx_quic_alloc_chain(c);
|
||||
if (cl == NULL) {
|
||||
return NGX_CHAIN_ERROR;
|
||||
}
|
||||
|
||||
cl->buf->last = cl->buf->end;
|
||||
cl->buf->sync = 1; /* hole */
|
||||
cl->next = NULL;
|
||||
*chain = cl;
|
||||
}
|
||||
|
||||
b = cl->buf;
|
||||
n = b->last - b->pos;
|
||||
|
||||
if (base + n <= offset) {
|
||||
base += n;
|
||||
chain = &cl->next;
|
||||
continue;
|
||||
}
|
||||
|
||||
if (b->sync && offset > base) {
|
||||
if (ngx_quic_split_chain(c, cl, offset - base) != NGX_OK) {
|
||||
return NGX_CHAIN_ERROR;
|
||||
}
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
p = b->pos + (offset - base);
|
||||
|
||||
while (in) {
|
||||
|
||||
if (!ngx_buf_in_memory(in->buf) || in->buf->pos == in->buf->last) {
|
||||
in = in->next;
|
||||
continue;
|
||||
}
|
||||
|
||||
if (p == b->last || limit == 0) {
|
||||
break;
|
||||
}
|
||||
|
||||
n = ngx_min(b->last - p, in->buf->last - in->buf->pos);
|
||||
n = ngx_min(n, limit);
|
||||
|
||||
if (b->sync) {
|
||||
ngx_memcpy(p, in->buf->pos, n);
|
||||
qb->size += n;
|
||||
}
|
||||
|
||||
p += n;
|
||||
in->buf->pos += n;
|
||||
offset += n;
|
||||
limit -= n;
|
||||
}
|
||||
|
||||
if (b->sync && p == b->last) {
|
||||
b->sync = 0;
|
||||
continue;
|
||||
}
|
||||
|
||||
if (b->sync && p != b->pos) {
|
||||
if (ngx_quic_split_chain(c, cl, p - b->pos) != NGX_OK) {
|
||||
return NGX_CHAIN_ERROR;
|
||||
}
|
||||
|
||||
b->sync = 0;
|
||||
}
|
||||
}
|
||||
|
||||
qb->last_offset = base;
|
||||
qb->last_chain = *chain;
|
||||
|
||||
return in;
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
ngx_quic_free_buffer(ngx_connection_t *c, ngx_quic_buffer_t *qb)
|
||||
{
|
||||
ngx_quic_free_chain(c, qb->chain);
|
||||
|
||||
qb->chain = NULL;
|
||||
}
|
||||
|
||||
|
||||
#if (NGX_DEBUG)
|
||||
|
||||
void
|
||||
ngx_quic_log_frame(ngx_log_t *log, ngx_quic_frame_t *f, ngx_uint_t tx)
|
||||
{
|
||||
u_char *p, *last, *pos, *end;
|
||||
ssize_t n;
|
||||
uint64_t gap, range, largest, smallest;
|
||||
ngx_uint_t i;
|
||||
u_char buf[NGX_MAX_ERROR_STR];
|
||||
|
||||
p = buf;
|
||||
last = buf + sizeof(buf);
|
||||
|
||||
switch (f->type) {
|
||||
|
||||
case NGX_QUIC_FT_CRYPTO:
|
||||
p = ngx_slprintf(p, last, "CRYPTO len:%uL off:%uL",
|
||||
f->u.crypto.length, f->u.crypto.offset);
|
||||
|
||||
#ifdef NGX_QUIC_DEBUG_FRAMES
|
||||
{
|
||||
ngx_chain_t *cl;
|
||||
|
||||
p = ngx_slprintf(p, last, " data:");
|
||||
|
||||
for (cl = f->data; cl; cl = cl->next) {
|
||||
p = ngx_slprintf(p, last, "%*xs",
|
||||
cl->buf->last - cl->buf->pos, cl->buf->pos);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_PADDING:
|
||||
p = ngx_slprintf(p, last, "PADDING");
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_ACK:
|
||||
case NGX_QUIC_FT_ACK_ECN:
|
||||
|
||||
p = ngx_slprintf(p, last, "ACK n:%ui delay:%uL ",
|
||||
f->u.ack.range_count, f->u.ack.delay);
|
||||
|
||||
if (f->data) {
|
||||
pos = f->data->buf->pos;
|
||||
end = f->data->buf->last;
|
||||
|
||||
} else {
|
||||
pos = NULL;
|
||||
end = NULL;
|
||||
}
|
||||
|
||||
largest = f->u.ack.largest;
|
||||
smallest = f->u.ack.largest - f->u.ack.first_range;
|
||||
|
||||
if (largest == smallest) {
|
||||
p = ngx_slprintf(p, last, "%uL", largest);
|
||||
|
||||
} else {
|
||||
p = ngx_slprintf(p, last, "%uL-%uL", largest, smallest);
|
||||
}
|
||||
|
||||
for (i = 0; i < f->u.ack.range_count; i++) {
|
||||
n = ngx_quic_parse_ack_range(log, pos, end, &gap, &range);
|
||||
if (n == NGX_ERROR) {
|
||||
break;
|
||||
}
|
||||
|
||||
pos += n;
|
||||
|
||||
largest = smallest - gap - 2;
|
||||
smallest = largest - range;
|
||||
|
||||
if (largest == smallest) {
|
||||
p = ngx_slprintf(p, last, " %uL", largest);
|
||||
|
||||
} else {
|
||||
p = ngx_slprintf(p, last, " %uL-%uL", largest, smallest);
|
||||
}
|
||||
}
|
||||
|
||||
if (f->type == NGX_QUIC_FT_ACK_ECN) {
|
||||
p = ngx_slprintf(p, last, " ECN counters ect0:%uL ect1:%uL ce:%uL",
|
||||
f->u.ack.ect0, f->u.ack.ect1, f->u.ack.ce);
|
||||
}
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_PING:
|
||||
p = ngx_slprintf(p, last, "PING");
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_NEW_CONNECTION_ID:
|
||||
p = ngx_slprintf(p, last,
|
||||
"NEW_CONNECTION_ID seq:%uL retire:%uL len:%ud",
|
||||
f->u.ncid.seqnum, f->u.ncid.retire, f->u.ncid.len);
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_RETIRE_CONNECTION_ID:
|
||||
p = ngx_slprintf(p, last, "RETIRE_CONNECTION_ID seqnum:%uL",
|
||||
f->u.retire_cid.sequence_number);
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_CONNECTION_CLOSE:
|
||||
case NGX_QUIC_FT_CONNECTION_CLOSE_APP:
|
||||
p = ngx_slprintf(p, last, "CONNECTION_CLOSE%s err:%ui",
|
||||
f->type == NGX_QUIC_FT_CONNECTION_CLOSE ? "" : "_APP",
|
||||
f->u.close.error_code);
|
||||
|
||||
if (f->u.close.reason.len) {
|
||||
p = ngx_slprintf(p, last, " %V", &f->u.close.reason);
|
||||
}
|
||||
|
||||
if (f->type == NGX_QUIC_FT_CONNECTION_CLOSE) {
|
||||
p = ngx_slprintf(p, last, " ft:%ui", f->u.close.frame_type);
|
||||
}
|
||||
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_STREAM:
|
||||
p = ngx_slprintf(p, last, "STREAM id:0x%xL", f->u.stream.stream_id);
|
||||
|
||||
if (f->u.stream.off) {
|
||||
p = ngx_slprintf(p, last, " off:%uL", f->u.stream.offset);
|
||||
}
|
||||
|
||||
if (f->u.stream.len) {
|
||||
p = ngx_slprintf(p, last, " len:%uL", f->u.stream.length);
|
||||
}
|
||||
|
||||
if (f->u.stream.fin) {
|
||||
p = ngx_slprintf(p, last, " fin:1");
|
||||
}
|
||||
|
||||
#ifdef NGX_QUIC_DEBUG_FRAMES
|
||||
{
|
||||
ngx_chain_t *cl;
|
||||
|
||||
p = ngx_slprintf(p, last, " data:");
|
||||
|
||||
for (cl = f->data; cl; cl = cl->next) {
|
||||
p = ngx_slprintf(p, last, "%*xs",
|
||||
cl->buf->last - cl->buf->pos, cl->buf->pos);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_MAX_DATA:
|
||||
p = ngx_slprintf(p, last, "MAX_DATA max_data:%uL on recv",
|
||||
f->u.max_data.max_data);
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_RESET_STREAM:
|
||||
p = ngx_slprintf(p, last, "RESET_STREAM"
|
||||
" id:0x%xL error_code:0x%xL final_size:0x%xL",
|
||||
f->u.reset_stream.id, f->u.reset_stream.error_code,
|
||||
f->u.reset_stream.final_size);
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_STOP_SENDING:
|
||||
p = ngx_slprintf(p, last, "STOP_SENDING id:0x%xL err:0x%xL",
|
||||
f->u.stop_sending.id, f->u.stop_sending.error_code);
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_STREAMS_BLOCKED:
|
||||
case NGX_QUIC_FT_STREAMS_BLOCKED2:
|
||||
p = ngx_slprintf(p, last, "STREAMS_BLOCKED limit:%uL bidi:%ui",
|
||||
f->u.streams_blocked.limit, f->u.streams_blocked.bidi);
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_MAX_STREAMS:
|
||||
case NGX_QUIC_FT_MAX_STREAMS2:
|
||||
p = ngx_slprintf(p, last, "MAX_STREAMS limit:%uL bidi:%ui",
|
||||
f->u.max_streams.limit, f->u.max_streams.bidi);
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_MAX_STREAM_DATA:
|
||||
p = ngx_slprintf(p, last, "MAX_STREAM_DATA id:0x%xL limit:%uL",
|
||||
f->u.max_stream_data.id, f->u.max_stream_data.limit);
|
||||
break;
|
||||
|
||||
|
||||
case NGX_QUIC_FT_DATA_BLOCKED:
|
||||
p = ngx_slprintf(p, last, "DATA_BLOCKED limit:%uL",
|
||||
f->u.data_blocked.limit);
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_STREAM_DATA_BLOCKED:
|
||||
p = ngx_slprintf(p, last, "STREAM_DATA_BLOCKED id:0x%xL limit:%uL",
|
||||
f->u.stream_data_blocked.id,
|
||||
f->u.stream_data_blocked.limit);
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_PATH_CHALLENGE:
|
||||
p = ngx_slprintf(p, last, "PATH_CHALLENGE data:0x%*xs",
|
||||
sizeof(f->u.path_challenge.data),
|
||||
f->u.path_challenge.data);
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_PATH_RESPONSE:
|
||||
p = ngx_slprintf(p, last, "PATH_RESPONSE data:0x%*xs",
|
||||
sizeof(f->u.path_challenge.data),
|
||||
f->u.path_challenge.data);
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_NEW_TOKEN:
|
||||
p = ngx_slprintf(p, last, "NEW_TOKEN");
|
||||
|
||||
#ifdef NGX_QUIC_DEBUG_FRAMES
|
||||
{
|
||||
ngx_chain_t *cl;
|
||||
|
||||
p = ngx_slprintf(p, last, " token:");
|
||||
|
||||
for (cl = f->data; cl; cl = cl->next) {
|
||||
p = ngx_slprintf(p, last, "%*xs",
|
||||
cl->buf->last - cl->buf->pos, cl->buf->pos);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
break;
|
||||
|
||||
case NGX_QUIC_FT_HANDSHAKE_DONE:
|
||||
p = ngx_slprintf(p, last, "HANDSHAKE DONE");
|
||||
break;
|
||||
|
||||
default:
|
||||
p = ngx_slprintf(p, last, "unknown type 0x%xi", f->type);
|
||||
break;
|
||||
}
|
||||
|
||||
ngx_log_debug4(NGX_LOG_DEBUG_EVENT, log, 0, "quic frame %s %s %*s",
|
||||
tx ? "tx" : "rx", ngx_quic_level_name(f->level),
|
||||
p - buf, buf);
|
||||
}
|
||||
|
||||
#endif
|
|
@ -1,45 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#ifndef _NGX_EVENT_QUIC_FRAMES_H_INCLUDED_
|
||||
#define _NGX_EVENT_QUIC_FRAMES_H_INCLUDED_
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
|
||||
|
||||
typedef ngx_int_t (*ngx_quic_frame_handler_pt)(ngx_connection_t *c,
|
||||
ngx_quic_frame_t *frame, void *data);
|
||||
|
||||
|
||||
ngx_quic_frame_t *ngx_quic_alloc_frame(ngx_connection_t *c);
|
||||
void ngx_quic_free_frame(ngx_connection_t *c, ngx_quic_frame_t *frame);
|
||||
void ngx_quic_free_frames(ngx_connection_t *c, ngx_queue_t *frames);
|
||||
void ngx_quic_queue_frame(ngx_quic_connection_t *qc, ngx_quic_frame_t *frame);
|
||||
ngx_int_t ngx_quic_split_frame(ngx_connection_t *c, ngx_quic_frame_t *f,
|
||||
size_t len);
|
||||
|
||||
ngx_chain_t *ngx_quic_alloc_chain(ngx_connection_t *c);
|
||||
void ngx_quic_free_chain(ngx_connection_t *c, ngx_chain_t *in);
|
||||
|
||||
ngx_chain_t *ngx_quic_copy_buffer(ngx_connection_t *c, u_char *data,
|
||||
size_t len);
|
||||
ngx_chain_t *ngx_quic_read_buffer(ngx_connection_t *c, ngx_quic_buffer_t *qb,
|
||||
uint64_t limit);
|
||||
ngx_chain_t *ngx_quic_write_buffer(ngx_connection_t *c, ngx_quic_buffer_t *qb,
|
||||
ngx_chain_t *in, uint64_t limit, uint64_t offset);
|
||||
void ngx_quic_skip_buffer(ngx_connection_t *c, ngx_quic_buffer_t *qb,
|
||||
uint64_t offset);
|
||||
void ngx_quic_free_buffer(ngx_connection_t *c, ngx_quic_buffer_t *qb);
|
||||
|
||||
#if (NGX_DEBUG)
|
||||
void ngx_quic_log_frame(ngx_log_t *log, ngx_quic_frame_t *f, ngx_uint_t tx);
|
||||
#else
|
||||
#define ngx_quic_log_frame(log, f, tx)
|
||||
#endif
|
||||
|
||||
#endif /* _NGX_EVENT_QUIC_FRAMES_H_INCLUDED_ */
|
|
@ -1,671 +0,0 @@
|
|||
|
||||
/*
|
||||
* Copyright (C) Nginx, Inc.
|
||||
*/
|
||||
|
||||
|
||||
#include <ngx_config.h>
|
||||
#include <ngx_core.h>
|
||||
#include <ngx_event.h>
|
||||
#include <ngx_event_quic_connection.h>
|
||||
|
||||
|
||||
static void ngx_quic_set_connection_path(ngx_connection_t *c,
|
||||
ngx_quic_path_t *path);
|
||||
static ngx_int_t ngx_quic_validate_path(ngx_connection_t *c,
|
||||
ngx_quic_path_t *path);
|
||||
static ngx_int_t ngx_quic_send_path_challenge(ngx_connection_t *c,
|
||||
ngx_quic_path_t *path);
|
||||
static ngx_quic_path_t *ngx_quic_get_path(ngx_connection_t *c, ngx_uint_t tag);
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_handle_path_challenge_frame(ngx_connection_t *c,
|
||||
ngx_quic_header_t *pkt, ngx_quic_path_challenge_frame_t *f)
|
||||
{
|
||||
ngx_quic_frame_t frame, *fp;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
ngx_memzero(&frame, sizeof(ngx_quic_frame_t));
|
||||
|
||||
frame.level = ssl_encryption_application;
|
||||
frame.type = NGX_QUIC_FT_PATH_RESPONSE;
|
||||
frame.u.path_response = *f;
|
||||
|
||||
/*
|
||||
* RFC 9000, 8.2.2. Path Validation Responses
|
||||
*
|
||||
* A PATH_RESPONSE frame MUST be sent on the network path where the
|
||||
* PATH_CHALLENGE frame was received.
|
||||
*/
|
||||
|
||||
/*
|
||||
* An endpoint MUST expand datagrams that contain a PATH_RESPONSE frame
|
||||
* to at least the smallest allowed maximum datagram size of 1200 bytes.
|
||||
*/
|
||||
if (ngx_quic_frame_sendto(c, &frame, 1200, pkt->path) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (pkt->path == qc->path) {
|
||||
/*
|
||||
* RFC 9000, 9.3.3. Off-Path Packet Forwarding
|
||||
*
|
||||
* An endpoint that receives a PATH_CHALLENGE on an active path SHOULD
|
||||
* send a non-probing packet in response.
|
||||
*/
|
||||
|
||||
fp = ngx_quic_alloc_frame(c);
|
||||
if (fp == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
fp->level = ssl_encryption_application;
|
||||
fp->type = NGX_QUIC_FT_PING;
|
||||
|
||||
ngx_quic_queue_frame(qc, fp);
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_handle_path_response_frame(ngx_connection_t *c,
|
||||
ngx_quic_path_challenge_frame_t *f)
|
||||
{
|
||||
ngx_uint_t rst;
|
||||
ngx_queue_t *q;
|
||||
ngx_quic_path_t *path, *prev;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
/*
|
||||
* RFC 9000, 8.2.3. Successful Path Validation
|
||||
*
|
||||
* A PATH_RESPONSE frame received on any network path validates the path
|
||||
* on which the PATH_CHALLENGE was sent.
|
||||
*/
|
||||
|
||||
for (q = ngx_queue_head(&qc->paths);
|
||||
q != ngx_queue_sentinel(&qc->paths);
|
||||
q = ngx_queue_next(q))
|
||||
{
|
||||
path = ngx_queue_data(q, ngx_quic_path_t, queue);
|
||||
|
||||
if (!path->validating) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (ngx_memcmp(path->challenge1, f->data, sizeof(f->data)) == 0
|
||||
|| ngx_memcmp(path->challenge2, f->data, sizeof(f->data)) == 0)
|
||||
{
|
||||
goto valid;
|
||||
}
|
||||
}
|
||||
|
||||
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic stale PATH_RESPONSE ignored");
|
||||
|
||||
return NGX_OK;
|
||||
|
||||
valid:
|
||||
|
||||
/*
|
||||
* RFC 9000, 9.4. Loss Detection and Congestion Control
|
||||
*
|
||||
* On confirming a peer's ownership of its new address,
|
||||
* an endpoint MUST immediately reset the congestion controller
|
||||
* and round-trip time estimator for the new path to initial values
|
||||
* unless the only change in the peer's address is its port number.
|
||||
*/
|
||||
|
||||
rst = 1;
|
||||
|
||||
prev = ngx_quic_get_path(c, NGX_QUIC_PATH_BACKUP);
|
||||
|
||||
if (prev != NULL) {
|
||||
|
||||
if (ngx_cmp_sockaddr(prev->sockaddr, prev->socklen,
|
||||
path->sockaddr, path->socklen, 0)
|
||||
== NGX_OK)
|
||||
{
|
||||
/* address did not change */
|
||||
rst = 0;
|
||||
}
|
||||
}
|
||||
|
||||
if (rst) {
|
||||
ngx_memzero(&qc->congestion, sizeof(ngx_quic_congestion_t));
|
||||
|
||||
qc->congestion.window = ngx_min(10 * qc->tp.max_udp_payload_size,
|
||||
ngx_max(2 * qc->tp.max_udp_payload_size,
|
||||
14720));
|
||||
qc->congestion.ssthresh = (size_t) -1;
|
||||
qc->congestion.recovery_start = ngx_current_msec;
|
||||
}
|
||||
|
||||
/*
|
||||
* RFC 9000, 9.3. Responding to Connection Migration
|
||||
*
|
||||
* After verifying a new client address, the server SHOULD
|
||||
* send new address validation tokens (Section 8) to the client.
|
||||
*/
|
||||
|
||||
if (ngx_quic_send_new_token(c, path) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
||||
"quic path seq:%uL addr:%V successfully validated",
|
||||
path->seqnum, &path->addr_text);
|
||||
|
||||
ngx_quic_path_dbg(c, "is validated", path);
|
||||
|
||||
path->validated = 1;
|
||||
path->validating = 0;
|
||||
path->limited = 0;
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
ngx_quic_path_t *
|
||||
ngx_quic_new_path(ngx_connection_t *c,
|
||||
struct sockaddr *sockaddr, socklen_t socklen, ngx_quic_client_id_t *cid)
|
||||
{
|
||||
ngx_queue_t *q;
|
||||
ngx_quic_path_t *path;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
if (!ngx_queue_empty(&qc->free_paths)) {
|
||||
|
||||
q = ngx_queue_head(&qc->free_paths);
|
||||
path = ngx_queue_data(q, ngx_quic_path_t, queue);
|
||||
|
||||
ngx_queue_remove(&path->queue);
|
||||
|
||||
ngx_memzero(path, sizeof(ngx_quic_path_t));
|
||||
|
||||
} else {
|
||||
|
||||
path = ngx_pcalloc(c->pool, sizeof(ngx_quic_path_t));
|
||||
if (path == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
ngx_queue_insert_tail(&qc->paths, &path->queue);
|
||||
|
||||
path->cid = cid;
|
||||
cid->used = 1;
|
||||
|
||||
path->limited = 1;
|
||||
|
||||
path->seqnum = qc->path_seqnum++;
|
||||
|
||||
path->sockaddr = &path->sa.sockaddr;
|
||||
path->socklen = socklen;
|
||||
ngx_memcpy(path->sockaddr, sockaddr, socklen);
|
||||
|
||||
path->addr_text.data = path->text;
|
||||
path->addr_text.len = ngx_sock_ntop(sockaddr, socklen, path->text,
|
||||
NGX_SOCKADDR_STRLEN, 1);
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic path seq:%uL created addr:%V",
|
||||
path->seqnum, &path->addr_text);
|
||||
return path;
|
||||
}
|
||||
|
||||
|
||||
static ngx_quic_path_t *
|
||||
ngx_quic_get_path(ngx_connection_t *c, ngx_uint_t tag)
|
||||
{
|
||||
ngx_queue_t *q;
|
||||
ngx_quic_path_t *path;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
for (q = ngx_queue_head(&qc->paths);
|
||||
q != ngx_queue_sentinel(&qc->paths);
|
||||
q = ngx_queue_next(q))
|
||||
{
|
||||
path = ngx_queue_data(q, ngx_quic_path_t, queue);
|
||||
|
||||
if (path->tag == tag) {
|
||||
return path;
|
||||
}
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_set_path(ngx_connection_t *c, ngx_quic_header_t *pkt)
|
||||
{
|
||||
off_t len;
|
||||
ngx_queue_t *q;
|
||||
ngx_quic_path_t *path, *probe;
|
||||
ngx_quic_socket_t *qsock;
|
||||
ngx_quic_send_ctx_t *ctx;
|
||||
ngx_quic_client_id_t *cid;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
qsock = ngx_quic_get_socket(c);
|
||||
|
||||
len = pkt->raw->last - pkt->raw->start;
|
||||
|
||||
if (c->udp->buffer == NULL) {
|
||||
/* first ever packet in connection, path already exists */
|
||||
path = qc->path;
|
||||
goto update;
|
||||
}
|
||||
|
||||
probe = NULL;
|
||||
|
||||
for (q = ngx_queue_head(&qc->paths);
|
||||
q != ngx_queue_sentinel(&qc->paths);
|
||||
q = ngx_queue_next(q))
|
||||
{
|
||||
path = ngx_queue_data(q, ngx_quic_path_t, queue);
|
||||
|
||||
if (ngx_cmp_sockaddr(&qsock->sockaddr.sockaddr, qsock->socklen,
|
||||
path->sockaddr, path->socklen, 1)
|
||||
== NGX_OK)
|
||||
{
|
||||
goto update;
|
||||
}
|
||||
|
||||
if (path->tag == NGX_QUIC_PATH_PROBE) {
|
||||
probe = path;
|
||||
}
|
||||
}
|
||||
|
||||
/* packet from new path, drop current probe, if any */
|
||||
|
||||
ctx = ngx_quic_get_send_ctx(qc, pkt->level);
|
||||
|
||||
/*
|
||||
* only accept highest-numbered packets to prevent connection id
|
||||
* exhaustion by excessive probing packets from unknown paths
|
||||
*/
|
||||
if (pkt->pn != ctx->largest_pn) {
|
||||
return NGX_DONE;
|
||||
}
|
||||
|
||||
if (probe && ngx_quic_free_path(c, probe) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
/* new path requires new client id */
|
||||
cid = ngx_quic_next_client_id(c);
|
||||
if (cid == NULL) {
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
||||
"quic no available client ids for new path");
|
||||
/* stop processing of this datagram */
|
||||
return NGX_DONE;
|
||||
}
|
||||
|
||||
path = ngx_quic_new_path(c, &qsock->sockaddr.sockaddr, qsock->socklen, cid);
|
||||
if (path == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
path->tag = NGX_QUIC_PATH_PROBE;
|
||||
|
||||
/*
|
||||
* client arrived using new path and previously seen DCID,
|
||||
* this indicates NAT rebinding (or bad client)
|
||||
*/
|
||||
if (qsock->used) {
|
||||
pkt->rebound = 1;
|
||||
}
|
||||
|
||||
update:
|
||||
|
||||
qsock->used = 1;
|
||||
pkt->path = path;
|
||||
|
||||
/* TODO: this may be too late in some cases;
|
||||
* for example, if error happens during decrypt(), we cannot
|
||||
* send CC, if error happens in 1st packet, due to amplification
|
||||
* limit, because path->received = 0
|
||||
*
|
||||
* should we account garbage as received or only decrypting packets?
|
||||
*/
|
||||
path->received += len;
|
||||
|
||||
ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic packet len:%O via sock seq:%L path seq:%uL",
|
||||
len, (int64_t) qsock->sid.seqnum, path->seqnum);
|
||||
ngx_quic_path_dbg(c, "status", path);
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_free_path(ngx_connection_t *c, ngx_quic_path_t *path)
|
||||
{
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
ngx_queue_remove(&path->queue);
|
||||
ngx_queue_insert_head(&qc->free_paths, &path->queue);
|
||||
|
||||
/*
|
||||
* invalidate CID that is no longer usable for any other path;
|
||||
* this also requests new CIDs from client
|
||||
*/
|
||||
if (path->cid) {
|
||||
if (ngx_quic_free_client_id(c, path->cid) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic path seq:%uL addr:%V retired",
|
||||
path->seqnum, &path->addr_text);
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
ngx_quic_set_connection_path(ngx_connection_t *c, ngx_quic_path_t *path)
|
||||
{
|
||||
size_t len;
|
||||
|
||||
ngx_memcpy(c->sockaddr, path->sockaddr, path->socklen);
|
||||
c->socklen = path->socklen;
|
||||
|
||||
if (c->addr_text.data) {
|
||||
len = ngx_min(c->addr_text.len, path->addr_text.len);
|
||||
|
||||
ngx_memcpy(c->addr_text.data, path->addr_text.data, len);
|
||||
c->addr_text.len = len;
|
||||
}
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic send path set to seq:%uL addr:%V",
|
||||
path->seqnum, &path->addr_text);
|
||||
}
|
||||
|
||||
|
||||
ngx_int_t
|
||||
ngx_quic_handle_migration(ngx_connection_t *c, ngx_quic_header_t *pkt)
|
||||
{
|
||||
ngx_quic_path_t *next, *bkp;
|
||||
ngx_quic_send_ctx_t *ctx;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
/* got non-probing packet via non-active path */
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
ctx = ngx_quic_get_send_ctx(qc, pkt->level);
|
||||
|
||||
/*
|
||||
* RFC 9000, 9.3. Responding to Connection Migration
|
||||
*
|
||||
* An endpoint only changes the address to which it sends packets in
|
||||
* response to the highest-numbered non-probing packet.
|
||||
*/
|
||||
if (pkt->pn != ctx->largest_pn) {
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
next = pkt->path;
|
||||
|
||||
/*
|
||||
* RFC 9000, 9.3.3:
|
||||
*
|
||||
* In response to an apparent migration, endpoints MUST validate the
|
||||
* previously active path using a PATH_CHALLENGE frame.
|
||||
*/
|
||||
if (pkt->rebound) {
|
||||
|
||||
/* NAT rebinding: client uses new path with old SID */
|
||||
if (ngx_quic_validate_path(c, qc->path) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
if (qc->path->validated) {
|
||||
|
||||
if (next->tag != NGX_QUIC_PATH_BACKUP) {
|
||||
/* can delete backup path, if any */
|
||||
bkp = ngx_quic_get_path(c, NGX_QUIC_PATH_BACKUP);
|
||||
|
||||
if (bkp && ngx_quic_free_path(c, bkp) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
qc->path->tag = NGX_QUIC_PATH_BACKUP;
|
||||
ngx_quic_path_dbg(c, "is now backup", qc->path);
|
||||
|
||||
} else {
|
||||
if (ngx_quic_free_path(c, qc->path) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
/* switch active path to migrated */
|
||||
qc->path = next;
|
||||
qc->path->tag = NGX_QUIC_PATH_ACTIVE;
|
||||
|
||||
ngx_quic_set_connection_path(c, next);
|
||||
|
||||
if (!next->validated && !next->validating) {
|
||||
if (ngx_quic_validate_path(c, next) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
||||
"quic migrated to path seq:%uL addr:%V",
|
||||
qc->path->seqnum, &qc->path->addr_text);
|
||||
|
||||
ngx_quic_path_dbg(c, "is now active", qc->path);
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_quic_validate_path(ngx_connection_t *c, ngx_quic_path_t *path)
|
||||
{
|
||||
ngx_msec_t pto;
|
||||
ngx_quic_send_ctx_t *ctx;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic initiated validation of path seq:%uL", path->seqnum);
|
||||
|
||||
path->validating = 1;
|
||||
|
||||
if (RAND_bytes(path->challenge1, 8) != 1) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (RAND_bytes(path->challenge2, 8) != 1) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (ngx_quic_send_path_challenge(c, path) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
|
||||
pto = ngx_quic_pto(c, ctx);
|
||||
|
||||
path->expires = ngx_current_msec + pto;
|
||||
path->tries = NGX_QUIC_PATH_RETRIES;
|
||||
|
||||
if (!qc->path_validation.timer_set) {
|
||||
ngx_add_timer(&qc->path_validation, pto);
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
static ngx_int_t
|
||||
ngx_quic_send_path_challenge(ngx_connection_t *c, ngx_quic_path_t *path)
|
||||
{
|
||||
ngx_quic_frame_t frame;
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"quic path seq:%uL send path_challenge tries:%ui",
|
||||
path->seqnum, path->tries);
|
||||
|
||||
ngx_memzero(&frame, sizeof(ngx_quic_frame_t));
|
||||
|
||||
frame.level = ssl_encryption_application;
|
||||
frame.type = NGX_QUIC_FT_PATH_CHALLENGE;
|
||||
|
||||
ngx_memcpy(frame.u.path_challenge.data, path->challenge1, 8);
|
||||
|
||||
/*
|
||||
* RFC 9000, 8.2.1. Initiating Path Validation
|
||||
*
|
||||
* An endpoint MUST expand datagrams that contain a PATH_CHALLENGE frame
|
||||
* to at least the smallest allowed maximum datagram size of 1200 bytes,
|
||||
* unless the anti-amplification limit for the path does not permit
|
||||
* sending a datagram of this size.
|
||||
*/
|
||||
|
||||
/* same applies to PATH_RESPONSE frames */
|
||||
if (ngx_quic_frame_sendto(c, &frame, 1200, path) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
ngx_memcpy(frame.u.path_challenge.data, path->challenge2, 8);
|
||||
|
||||
if (ngx_quic_frame_sendto(c, &frame, 1200, path) != NGX_OK) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
ngx_quic_path_validation_handler(ngx_event_t *ev)
|
||||
{
|
||||
ngx_msec_t now;
|
||||
ngx_queue_t *q;
|
||||
ngx_msec_int_t left, next, pto;
|
||||
ngx_quic_path_t *path, *bkp;
|
||||
ngx_connection_t *c;
|
||||
ngx_quic_send_ctx_t *ctx;
|
||||
ngx_quic_connection_t *qc;
|
||||
|
||||
c = ev->data;
|
||||
qc = ngx_quic_get_connection(c);
|
||||
|
||||
ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
|
||||
pto = ngx_quic_pto(c, ctx);
|
||||
|
||||
next = -1;
|
||||
now = ngx_current_msec;
|
||||
|
||||
q = ngx_queue_head(&qc->paths);
|
||||
|
||||
while (q != ngx_queue_sentinel(&qc->paths)) {
|
||||
|
||||
path = ngx_queue_data(q, ngx_quic_path_t, queue);
|
||||
q = ngx_queue_next(q);
|
||||
|
||||
if (!path->validating) {
|
||||
continue;
|
||||
}
|
||||
|
||||
left = path->expires - now;
|
||||
|
||||
if (left > 0) {
|
||||
|
||||
if (next == -1 || left < next) {
|
||||
next = left;
|
||||
}
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
if (--path->tries) {
|
||||
path->expires = ngx_current_msec + pto;
|
||||
|
||||
if (next == -1 || pto < next) {
|
||||
next = pto;
|
||||
}
|
||||
|
||||
/* retransmit */
|
||||
(void) ngx_quic_send_path_challenge(c, path);
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ev->log, 0,
|
||||
"quic path seq:%uL validation failed", path->seqnum);
|
||||
|
||||
/* found expired path */
|
||||
|
||||
path->validated = 0;
|
||||
path->validating = 0;
|
||||
path->limited = 1;
|
||||
|
||||
|
||||
/* RFC 9000, 9.3.2. On-Path Address Spoofing
|
||||
*
|
||||
* To protect the connection from failing due to such a spurious
|
||||
* migration, an endpoint MUST revert to using the last validated
|
||||
* peer address when validation of a new peer address fails.
|
||||
*/
|
||||
|
||||
if (qc->path == path) {
|
||||
/* active path validation failed */
|
||||
|
||||
bkp = ngx_quic_get_path(c, NGX_QUIC_PATH_BACKUP);
|
||||
|
||||
if (bkp == NULL) {
|
||||
qc->error = NGX_QUIC_ERR_NO_VIABLE_PATH;
|
||||
qc->error_reason = "no viable path";
|
||||
ngx_quic_close_connection(c, NGX_ERROR);
|
||||
return;
|
||||
}
|
||||
|
||||
qc->path = bkp;
|
||||
qc->path->tag = NGX_QUIC_PATH_ACTIVE;
|
||||
|
||||
ngx_quic_set_connection_path(c, qc->path);
|
||||
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
||||
"quic path seq:%uL addr:%V is restored from backup",
|
||||
qc->path->seqnum, &qc->path->addr_text);
|
||||
|
||||
ngx_quic_path_dbg(c, "is active", qc->path);
|
||||
}
|
||||
|
||||
if (ngx_quic_free_path(c, path) != NGX_OK) {
|
||||
ngx_quic_close_connection(c, NGX_ERROR);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if (next != -1) {
|
||||
ngx_add_timer(&qc->path_validation, next);
|
||||
}
|
||||
}
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue