]> git.kaiwu.me - nginx.git/log
nginx.git
5 years agoMerged with the default branch.
Roman Arutyunyan [Tue, 18 Aug 2020 13:22:00 +0000 (16:22 +0300)]
Merged with the default branch.

5 years agoQUIC: coalesce neighbouring stream send buffers.
Roman Arutyunyan [Tue, 18 Aug 2020 09:28:33 +0000 (12:28 +0300)]
QUIC: coalesce neighbouring stream send buffers.

Previously a single STREAM frame was created for each buffer in stream output
chain which is wasteful with respect to memory.  The following changes were
made in the stream send code:

- ngx_quic_stream_send_chain() no longer calls ngx_quic_stream_send() and got
  a separate implementation that coalesces neighbouring buffers into a single
  frame
- the new ngx_quic_stream_send_chain() respects the limit argument, which fixes
  sendfile_max_chunk and limit_rate
- ngx_quic_stream_send() is reimplemented to call ngx_quic_stream_send_chain()
- stream frame size limit is moved out to a separate function
  ngx_quic_max_stream_frame()
- flow control is moved out to a separate function ngx_quic_max_stream_flow()
- ngx_quic_stream_send_chain() is relocated next to ngx_quic_stream_send()

5 years agoQUIC: packet based bytes_in_flight accounting.
Sergey Kandaurov [Fri, 14 Aug 2020 13:54:13 +0000 (16:54 +0300)]
QUIC: packet based bytes_in_flight accounting.

A packet size is kept in one of the frames belonging to the packet.

5 years agoQUIC: fixed leak of bytes_in_flight on keys discard.
Sergey Kandaurov [Fri, 14 Aug 2020 13:54:06 +0000 (16:54 +0300)]
QUIC: fixed leak of bytes_in_flight on keys discard.

This applies to discarding Initial and Handshake keys.

5 years agoQUIC: fixed leak of bytes_in_flight attributed to lost packets.
Sergey Kandaurov [Fri, 14 Aug 2020 13:53:56 +0000 (16:53 +0300)]
QUIC: fixed leak of bytes_in_flight attributed to lost packets.

5 years agorelease-1.19.2 tag
Maxim Dounin [Tue, 11 Aug 2020 14:52:30 +0000 (17:52 +0300)]
release-1.19.2 tag

5 years agonginx-1.19.2-RELEASE release-1.19.2
Maxim Dounin [Tue, 11 Aug 2020 14:52:30 +0000 (17:52 +0300)]
nginx-1.19.2-RELEASE

5 years agoCore: reusing connections in advance.
Maxim Dounin [Mon, 10 Aug 2020 15:53:07 +0000 (18:53 +0300)]
Core: reusing connections in advance.

Reworked connections reuse, so closing connections is attempted in
advance, as long as number of free connections is less than 1/16 of
worker connections configured.  This ensures that new connections can
be handled even if closing a reusable connection requires some time,
for example, for a lingering close (ticket #2017).

The 1/16 ratio is selected to be smaller than 1/8 used for disabling
accept when working with accept mutex, so nginx will try to balance
new connections to different workers first, and will start reusing
connections only if this won't help.

5 years agoCore: added a warning about reusing connections.
Maxim Dounin [Mon, 10 Aug 2020 15:52:59 +0000 (18:52 +0300)]
Core: added a warning about reusing connections.

Previously, reusing connections happened silently and was only
visible in monitoring systems.  This was shown to be not very user-friendly,
and administrators often didn't realize there were too few connections
available to withstand the load, and configured timeouts (keepalive_timeout
and http2_idle_timeout) were effectively reduced to keep things running.

To provide at least some information about this, a warning is now logged
(at most once per second, to avoid flooding the logs).

5 years agoSSL: disabled sending shutdown after ngx_http_test_reading().
Maxim Dounin [Mon, 10 Aug 2020 15:52:34 +0000 (18:52 +0300)]
SSL: disabled sending shutdown after ngx_http_test_reading().

Sending shutdown when ngx_http_test_reading() detects the connection is
closed can result in "SSL_shutdown() failed (SSL: ... bad write retry)"
critical log messages if there are blocked writes.

Fix is to avoid sending shutdown via the c->ssl->no_send_shutdown flag,
similarly to how it is done in ngx_http_keepalive_handler() for kqueue
when pending EOF is detected.

Reported by Jan Prachaƙ
(http://mailman.nginx.org/pipermail/nginx-devel/2018-December/011702.html).

5 years agoHTTP/2: fixed c->timedout flag on timed out connections.
Maxim Dounin [Mon, 10 Aug 2020 15:52:20 +0000 (18:52 +0300)]
HTTP/2: fixed c->timedout flag on timed out connections.

Without the flag, SSL shutdown is attempted on such connections,
resulting in useless work and/or bogus "SSL_shutdown() failed
(SSL: ... bad write retry)" critical log messages if there are
blocked writes.

5 years agoSSL: fixed shutdown handling.
Maxim Dounin [Mon, 10 Aug 2020 15:52:09 +0000 (18:52 +0300)]
SSL: fixed shutdown handling.

Previously, bidirectional shutdown never worked, due to two issues
in the code:

1. The code only tested SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE
   when there was an error in the error queue, which cannot happen.
   The bug was introduced in an attempt to fix unexpected error logging
   as reported with OpenSSL 0.9.8g
   (http://mailman.nginx.org/pipermail/nginx/2008-January/003084.html).

2. The code never called SSL_shutdown() for the second time to wait for
   the peer's close_notify alert.

This change fixes both issues.

Note that after this change bidirectional shutdown is expected to work for
the first time, so c->ssl->no_wait_shutdown now makes a difference.  This
is not a problem for HTTP code which always uses c->ssl->no_wait_shutdown,
but might be a problem for stream and mail code, as well as 3rd party
modules.

To minimize the effect of the change, the timeout, which was used to be 30
seconds and not configurable, though never actually used, is now set to
3 seconds.  It is also expanded to apply to both SSL_ERROR_WANT_READ and
SSL_ERROR_WANT_WRITE, so timeout is properly set if writing to the socket
buffer is not possible.

5 years agoRequest body: optimized handling of small chunks.
Maxim Dounin [Thu, 6 Aug 2020 02:02:57 +0000 (05:02 +0300)]
Request body: optimized handling of small chunks.

If there is a previous buffer, copy small chunks into it instead of
allocating additional buffer.

5 years agoRequest body: allowed large reads on chunk boundaries.
Maxim Dounin [Thu, 6 Aug 2020 02:02:55 +0000 (05:02 +0300)]
Request body: allowed large reads on chunk boundaries.

If some additional data from a pipelined request happens to be
read into the body buffer, we copy it to r->header_in or allocate
an additional large client header buffer for it.

5 years agoRequest body: all read data are now sent to filters.
Maxim Dounin [Thu, 6 Aug 2020 02:02:44 +0000 (05:02 +0300)]
Request body: all read data are now sent to filters.

This is a prerequisite for the next change to allow large reads
on chunk boundaries.

5 years agoAdded size check to ngx_http_alloc_large_header_buffer().
Maxim Dounin [Thu, 6 Aug 2020 02:02:22 +0000 (05:02 +0300)]
Added size check to ngx_http_alloc_large_header_buffer().

This ensures that copying won't write more than the buffer size
even if the buffer comes from hc->free and it is smaller than the large
client header buffer size in the virtual host configuration.  This might
happen if size of large client header buffers is different in name-based
virtual hosts, similarly to the problem with number of buffers fixed
in 6926:e662cbf1b932.

5 years agoQUIC: handle client RESET_STREAM and STOP_SENDING.
Roman Arutyunyan [Mon, 3 Aug 2020 10:31:48 +0000 (13:31 +0300)]
QUIC: handle client RESET_STREAM and STOP_SENDING.

For RESET_STREAM the c->read->error flag is set.
For STOP_SENDING the c->write->error flag is set.

5 years agoQUIC: create streams for STREAM_DATA_BLOCKED and MAX_STREAM_DATA.
Roman Arutyunyan [Tue, 11 Aug 2020 16:10:57 +0000 (19:10 +0300)]
QUIC: create streams for STREAM_DATA_BLOCKED and MAX_STREAM_DATA.

Creating client-initiated streams is moved from ngx_quic_handle_stream_frame()
to a separate function ngx_quic_create_client_stream().  This function is
responsible for creating streams with lower ids as well.

Also, simplified and fixed initial data buffering in
ngx_quic_handle_stream_frame().  It is now done before calling the initial
handler as the handler can destroy the stream.

5 years agoQUIC: fixed ngx_http_test_reading() for QUIC streams.
Roman Arutyunyan [Tue, 11 Aug 2020 07:41:39 +0000 (10:41 +0300)]
QUIC: fixed ngx_http_test_reading() for QUIC streams.

Previously this function generated an error trying to figure out if client shut
down the write end of the connection.  The reason for this error was that a
QUIC stream has no socket descriptor.  However checking for eof is not the
right thing to do for an HTTP/3 QUIC stream since HTTP/3 clients are expected
to shut down the write end of the stream after sending the request.

Now the function handles QUIC streams separately.  It checks if c->read->error
is set.  The error flags for c->read and c->write are now set for all streams
when closing the QUIC connection instead of setting the pending_eof flag.

5 years agoQUIC: fixed ACK Ranges processing.
Sergey Kandaurov [Fri, 7 Aug 2020 09:34:15 +0000 (12:34 +0300)]
QUIC: fixed ACK Ranges processing.

According to quic-transport draft 29, section 19.3.1:

   The value of the Gap field establishes the largest packet number
   value for the subsequent ACK Range using the following formula:

      largest = previous_smallest - gap - 2

   Thus, given a largest packet number for the range, the smallest value
   is determined by the formula:

      smallest = largest - ack_range

While here, changed min/max to uint64_t for consistency.

5 years agoQUIC: fixed possible use-after-free on stream cleanup.
Sergey Kandaurov [Fri, 7 Aug 2020 09:34:11 +0000 (12:34 +0300)]
QUIC: fixed possible use-after-free on stream cleanup.

A QUIC stream could be destroyed by handler while in ngx_quic_stream_input().
To detect this, ngx_quic_find_stream() is used to check that it still exists.

Previously, a stream id was passed to this routine off the frame structure.
In case of stream cleanup, it is freed along with other frames belonging to
the stream on cleanup.  Then, a cleanup handler reuses last frames to update
MAX_STREAMS and serve other purpose.  Thus, ngx_quic_find_stream() is passed
a reused frame with zeroed out part pointed by stream_id.  If a stream with
id 0x0 still exists, this leads to use-after-free.

5 years agoQUIC: fixed format specifiers and removed casts.
Sergey Kandaurov [Tue, 28 Jul 2020 15:54:20 +0000 (18:54 +0300)]
QUIC: fixed format specifiers and removed casts.

5 years agoQUIC: consistent Stream ID logging format.
Sergey Kandaurov [Tue, 28 Jul 2020 14:11:25 +0000 (17:11 +0300)]
QUIC: consistent Stream ID logging format.

5 years agoQUIC: added HTTP/3 directives list to README.
Roman Arutyunyan [Tue, 28 Jul 2020 12:53:42 +0000 (15:53 +0300)]
QUIC: added HTTP/3 directives list to README.

Also removed server push from TODO list.

5 years agoFastCGI: fixed zero size buf alerts on extra data (ticket #2018).
Maxim Dounin [Mon, 27 Jul 2020 13:02:15 +0000 (16:02 +0300)]
FastCGI: fixed zero size buf alerts on extra data (ticket #2018).

After 05e42236e95b (1.19.1) responses with extra data might result in
zero size buffers being generated and "zero size buf" alerts in writer
(if f->rest happened to be 0 when processing additional stdout data).

5 years agoCore: enclosed parameters of the ngx_buf.h macros in parentheses.
balus [Mon, 27 Jul 2020 10:21:51 +0000 (13:21 +0300)]
Core: enclosed parameters of the ngx_buf.h macros in parentheses.

5 years agoOCSP: fixed certificate reference leak.
Sergey Kandaurov [Thu, 23 Jul 2020 14:31:09 +0000 (17:31 +0300)]
OCSP: fixed certificate reference leak.

5 years agoHTTP/3: server pushes.
Roman Arutyunyan [Thu, 23 Jul 2020 10:41:24 +0000 (13:41 +0300)]
HTTP/3: server pushes.

New directives are added:
- http3_max_concurrent_pushes
- http3_push
- http3_push_preload

5 years agoQUIC: limited the number of client-initiated streams.
Roman Arutyunyan [Mon, 27 Jul 2020 16:15:17 +0000 (19:15 +0300)]
QUIC: limited the number of client-initiated streams.

The limits on active bidi and uni client streams are maintained at their
initial values initial_max_streams_bidi and initial_max_streams_uni by sending
a MAX_STREAMS frame upon each client stream closure.

Also, the following is changed for data arriving to non-existing streams:

- if a stream was already closed, such data is ignored
- when creating a new stream, all streams of the same type with lower ids are
  created too

5 years agoQUIC: limited the number of server-initiated streams.
Roman Arutyunyan [Mon, 27 Jul 2020 15:51:42 +0000 (18:51 +0300)]
QUIC: limited the number of server-initiated streams.

Also, ngx_quic_create_uni_stream() is replaced with
ngx_quic_open_stream() which is capable of creating a bidi stream.

5 years agoXslt: disabled ranges.
Roman Arutyunyan [Wed, 22 Jul 2020 19:16:19 +0000 (22:16 +0300)]
Xslt: disabled ranges.

Previously, the document generated by the xslt filter was always fully sent
to client even if a range was requested and response status was 206 with
appropriate Content-Range.

The xslt module is unable to serve a range because of suspending the header
filter chain.  By the moment full response xml is buffered by the xslt filter,
range header filter is not called yet, but the range body filter has already
been called and did nothing.

The fix is to disable ranges by resetting the r->allow_ranges flag much like
the image filter that employs a similar technique.

5 years agoCore: close PID file when writing fails.
Ruslan Ermilov [Tue, 21 Jul 2020 17:34:29 +0000 (20:34 +0300)]
Core: close PID file when writing fails.

Reported by Jinhua Tan.

5 years agoHTTP/3: support $server_protocol variable.
Roman Arutyunyan [Tue, 14 Jul 2020 13:52:44 +0000 (16:52 +0300)]
HTTP/3: support $server_protocol variable.

Now it holds "HTTP/3.0".  Previously it was empty.

5 years agoStyle: moved function declarations to match usual code style.
Roman Arutyunyan [Thu, 23 Jul 2020 08:40:10 +0000 (11:40 +0300)]
Style: moved function declarations to match usual code style.

Plus a few other minor style changes.

5 years agoHTTP/3: renamed server configuration variables from v3cf to h3scf.
Roman Arutyunyan [Thu, 23 Jul 2020 10:12:01 +0000 (13:12 +0300)]
HTTP/3: renamed server configuration variables from v3cf to h3scf.

Now they are similar to HTTP/2 where they are called h2scf.

5 years agoHTTP/3: renamed ngx_http_v3.c to ngx_http_v3_encode.c.
Roman Arutyunyan [Mon, 13 Jul 2020 09:38:08 +0000 (12:38 +0300)]
HTTP/3: renamed ngx_http_v3.c to ngx_http_v3_encode.c.

The file contains only encoding functions.

5 years agoHTTP/3: encode frame ids with ngx_http_v3_encode_varlen_int().
Roman Arutyunyan [Mon, 13 Jul 2020 09:33:00 +0000 (12:33 +0300)]
HTTP/3: encode frame ids with ngx_http_v3_encode_varlen_int().

Even though typically frame ids fit into a single byte, calling
ngx_http_v3_encode_varlen_int() adds to the code clarity.

5 years agoHTTP/3: generate Location response header for absolute redirects.
Roman Arutyunyan [Thu, 23 Jul 2020 09:31:40 +0000 (12:31 +0300)]
HTTP/3: generate Location response header for absolute redirects.

5 years agoHTTP/3: header encoding functions.
Roman Arutyunyan [Mon, 13 Jul 2020 13:00:00 +0000 (16:00 +0300)]
HTTP/3: header encoding functions.

5 years agoQUIC: updated README to mention "quic" listen parameter.
Roman Arutyunyan [Wed, 22 Jul 2020 10:45:34 +0000 (13:45 +0300)]
QUIC: updated README to mention "quic" listen parameter.

5 years agoQUIC: fixed bulding perl module by reducing header pollution.
Sergey Kandaurov [Wed, 22 Jul 2020 11:48:49 +0000 (14:48 +0300)]
QUIC: fixed bulding perl module by reducing header pollution.

The ngx_http_perl_module module doesn't have a notion of including additional
search paths through --with-cc-opt, which results in compile error incomplete
type 'enum ssl_encryption_level_t' when building nginx without QUIC support.
The enum is visible from quic event headers and eventually pollutes ngx_core.h.

The fix is to limit including headers to compile units that are real consumers.

5 years agoSSL: fixed compilation without QUIC after 0d2b2664b41c.
Roman Arutyunyan [Wed, 22 Jul 2020 10:34:48 +0000 (13:34 +0300)]
SSL: fixed compilation without QUIC after 0d2b2664b41c.

5 years agoHTTP/3: do not call shutdown() for QUIC streams.
Roman Arutyunyan [Wed, 22 Jul 2020 08:03:42 +0000 (11:03 +0300)]
HTTP/3: do not call shutdown() for QUIC streams.

Previously, this triggered an alert "shutdown() failed" in error log.

5 years agoQUIC: eliminated connection handler argument in ngx_quic_run().
Roman Arutyunyan [Tue, 21 Jul 2020 20:08:23 +0000 (23:08 +0300)]
QUIC: eliminated connection handler argument in ngx_quic_run().

Now c->listening->handler() is called instead.

5 years agoQUIC: added "quic" listen parameter in Stream.
Roman Arutyunyan [Tue, 21 Jul 2020 20:08:39 +0000 (23:08 +0300)]
QUIC: added "quic" listen parameter in Stream.

Also, introduced ngx_stream_quic_module.

5 years agoQUIC: added "quic" listen parameter.
Roman Arutyunyan [Tue, 21 Jul 2020 20:09:22 +0000 (23:09 +0300)]
QUIC: added "quic" listen parameter.

The parameter allows processing HTTP/0.9-2 over QUIC.

Also, introduced ngx_http_quic_module and moved QUIC settings there

5 years agoQUIC: do not verify the selected ALPN protocol.
Roman Arutyunyan [Fri, 17 Jul 2020 21:08:04 +0000 (00:08 +0300)]
QUIC: do not verify the selected ALPN protocol.

The right protocol is selected by the HTTP code.  In the QUIC code only verify
that some protocol was selected and trigger an error otherwise.

5 years agoQUIC: fixed stream read event log.
Roman Arutyunyan [Fri, 17 Jul 2020 21:08:29 +0000 (00:08 +0300)]
QUIC: fixed stream read event log.

Previously, the main connection log was there.  Now it's the stream connection
log.

5 years agoFixed format specifiers.
Sergey Kandaurov [Mon, 20 Jul 2020 12:19:03 +0000 (15:19 +0300)]
Fixed format specifiers.

5 years agoQUIC: added anti-amplification limit.
Vladimir Homutov [Thu, 16 Jul 2020 13:36:02 +0000 (16:36 +0300)]
QUIC: added anti-amplification limit.

According to quic-transport draft 29, section 21.12.1.1:

   Prior to validation, endpoints are limited in what they are able to
   send.  During the handshake, a server cannot send more than three
   times the data it receives; clients that initiate new connections or
   migrate to a new network path are limited.

5 years agoQUIC: added limit of queued data.
Vladimir Homutov [Thu, 16 Jul 2020 12:02:38 +0000 (15:02 +0300)]
QUIC: added limit of queued data.

The ngx_quic_queue_frame() functions puts a frame into send queue and
schedules a push timer to actually send data.

The patch adds tracking for data amount in the queue and sends data
immediately if amount of data exceeds limit.

5 years agoQUIC: implemented probe timeout (PTO) calculation.
Vladimir Homutov [Thu, 16 Jul 2020 13:05:44 +0000 (16:05 +0300)]
QUIC: implemented probe timeout (PTO) calculation.

5 years agoQUIC: reworked retransmission mechanism.
Vladimir Homutov [Mon, 13 Jul 2020 14:31:29 +0000 (17:31 +0300)]
QUIC: reworked retransmission mechanism.

Instead of timer-based retransmissions with constant packet lifetime,
this patch implements ack-based loss detection and probe timeout
for the cases, when no ack is received, according to the quic-recovery
draft 29.

5 years agoQUIC: reworked ngx_quic_send_frames() function.
Vladimir Homutov [Wed, 15 Jul 2020 12:10:17 +0000 (15:10 +0300)]
QUIC: reworked ngx_quic_send_frames() function.

Instead of returning NGX_DONE/NGX_OK, the function now itself moves
passed frames range into sent queue and sets PTO timer if required.

5 years agoQUIC: renaming.
Vladimir Homutov [Mon, 13 Jul 2020 07:07:15 +0000 (10:07 +0300)]
QUIC: renaming.

The c->quic->retransmit timer is now called "pto".
The ngx_quic_retransmit() function is renamed to "ngx_quic_detect_lost()".

This is a preparation for the following patches.

5 years agoQUIC: caching c->quic in the ngx_quic_handle_ack_frame() function.
Vladimir Homutov [Mon, 13 Jul 2020 07:07:20 +0000 (10:07 +0300)]
QUIC: caching c->quic in the ngx_quic_handle_ack_frame() function.

To minimize difference with the following changes.

5 years agoQUIC: delay field of an ACK frame is now calculated.
Vladimir Homutov [Fri, 10 Jul 2020 12:33:51 +0000 (15:33 +0300)]
QUIC: delay field of an ACK frame is now calculated.

5 years agoQUIC: added rtt estimation.
Vladimir Homutov [Thu, 16 Jul 2020 12:44:06 +0000 (15:44 +0300)]
QUIC: added rtt estimation.

According to the quic-recovery 29, Section 5: Estimating the Round-Trip Time.

Currently, integer arithmetics is used, which loses sub-millisecond accuracy.

5 years agoMerged with the default branch.
Sergey Kandaurov [Mon, 13 Jul 2020 12:34:22 +0000 (15:34 +0300)]
Merged with the default branch.

5 years agoSlice filter: clear original Accept-Ranges.
Roman Arutyunyan [Thu, 9 Jul 2020 13:21:37 +0000 (16:21 +0300)]
Slice filter: clear original Accept-Ranges.

The slice filter allows ranges for the response by setting the r->allow_ranges
flag, which enables the range filter.  If the range was not requested, the
range filter adds an Accept-Ranges header to the response to signal the
support for ranges.

Previously, if an Accept-Ranges header was already present in the first slice
response, client received two copies of this header.  Now, the slice filter
removes the Accept-Ranges header from the response prior to setting the
r->allow_ranges flag.

5 years agoVersion bump.
Roman Arutyunyan [Thu, 9 Jul 2020 14:33:22 +0000 (17:33 +0300)]
Version bump.

5 years agorelease-1.19.1 tag
Maxim Dounin [Tue, 7 Jul 2020 15:56:06 +0000 (18:56 +0300)]
release-1.19.1 tag

5 years agonginx-1.19.1-RELEASE release-1.19.1
Maxim Dounin [Tue, 7 Jul 2020 15:56:05 +0000 (18:56 +0300)]
nginx-1.19.1-RELEASE

6 years agogRPC: generate error when response size is wrong.
Maxim Dounin [Mon, 6 Jul 2020 15:36:25 +0000 (18:36 +0300)]
gRPC: generate error when response size is wrong.

As long as the "Content-Length" header is given, we now make sure
it exactly matches the size of the response.  If it doesn't,
the response is considered malformed and must not be forwarded
(https://tools.ietf.org/html/rfc7540#section-8.1.2.6).  While it
is not really possible to "not forward" the response which is already
being forwarded, we generate an error instead, which is the closest
equivalent.

Previous behaviour was to pass everything to the client, but this
seems to be suboptimal and causes issues (ticket #1695).  Also this
directly contradicts HTTP/2 specification requirements.

Note that the new behaviour for the gRPC proxy is more strict than that
applied in other variants of proxying.  This is intentional, as HTTP/2
specification requires us to do so, while in other types of proxying
malformed responses from backends are well known and historically
tolerated.

6 years agoFastCGI: protection from responses with wrong length.
Maxim Dounin [Mon, 6 Jul 2020 15:36:23 +0000 (18:36 +0300)]
FastCGI: protection from responses with wrong length.

Previous behaviour was to pass everything to the client, but this
seems to be suboptimal and causes issues (ticket #1695).  Fix is to
drop extra data instead, as it naturally happens in most clients.

Additionally, we now also issue a warning if the response is too
short, and make sure the fact it is truncated is propagated to the
client.  The u->error flag is introduced to make it possible to
propagate the error to the client in case of unbuffered proxying.

For responses to HEAD requests there is an exception: we do allow
both responses without body and responses with body matching the
Content-Length header.

6 years agoUpstream: drop extra data sent by upstream.
Maxim Dounin [Mon, 6 Jul 2020 15:36:22 +0000 (18:36 +0300)]
Upstream: drop extra data sent by upstream.

Previous behaviour was to pass everything to the client, but this
seems to be suboptimal and causes issues (ticket #1695).  Fix is to
drop extra data instead, as it naturally happens in most clients.

This change covers generic buffered and unbuffered filters as used
in the scgi and uwsgi modules.  Appropriate input filter init
handlers are provided by the scgi and uwsgi modules to set corresponding
lengths.

Note that for responses to HEAD requests there is an exception:
we do allow any response length.  This is because responses to HEAD
requests might be actual full responses, and it is up to nginx
to remove the response body.  If caching is enabled, only full
responses matching the Content-Length header will be cached
(see b779728b180c).

6 years agoProxy: style.
Maxim Dounin [Mon, 6 Jul 2020 15:36:21 +0000 (18:36 +0300)]
Proxy: style.

6 years agoProxy: detection of data after final chunk.
Maxim Dounin [Mon, 6 Jul 2020 15:36:20 +0000 (18:36 +0300)]
Proxy: detection of data after final chunk.

Previously, additional data after final chunk was either ignored
(in the same buffer, or during unbuffered proxying) or sent to the
client (in the next buffer already if it was already read from the
socket).  Now additional data are properly detected and ignored
in all cases.  Additionally, a warning is now logged and keepalive
is disabled in the connection.

6 years agoProxy: drop extra data sent by upstream.
Maxim Dounin [Mon, 6 Jul 2020 15:36:19 +0000 (18:36 +0300)]
Proxy: drop extra data sent by upstream.

Previous behaviour was to pass everything to the client, but this
seems to be suboptimal and causes issues (ticket #1695).  Fix is to
drop extra data instead, as it naturally happens in most clients.

6 years agoMemcached: protect from too long responses.
Maxim Dounin [Mon, 6 Jul 2020 15:36:17 +0000 (18:36 +0300)]
Memcached: protect from too long responses.

If a memcached response was followed by a correct trailer, and then
the NUL character followed by some extra data - this was accepted by
the trailer checking code.  This in turn resulted in ctx->rest underflow
and caused negative size buffer on the next reading from the upstream,
followed by the "negative size buf in writer" alert.

Fix is to always check for too long responses, so a correct trailer cannot
be followed by extra data.

6 years agoHTTP/2: lingering close after GOAWAY.
Ruslan Ermilov [Fri, 3 Jul 2020 13:16:47 +0000 (16:16 +0300)]
HTTP/2: lingering close after GOAWAY.

After sending the GOAWAY frame, a connection is now closed using
the lingering close mechanism.

This allows for the reliable delivery of the GOAWAY frames, while
also fixing connection resets observed when http2_max_requests is
reached (ticket #1250), or with graceful shutdown (ticket #1544),
when some additional data from the client is received on a fully
closed connection.

For HTTP/2, the settings lingering_close, lingering_timeout, and
lingering_time are taken from the "server" level.

6 years agoHTTP/3: simplified handling return codes from parse functions.
Roman Arutyunyan [Thu, 2 Jul 2020 17:07:24 +0000 (20:07 +0300)]
HTTP/3: simplified handling return codes from parse functions.

6 years agoHTTP/3: put ngx_http_v3_parse_varlen_int() return code in variable.
Roman Arutyunyan [Fri, 3 Jul 2020 09:07:43 +0000 (12:07 +0300)]
HTTP/3: put ngx_http_v3_parse_varlen_int() return code in variable.

This makes calling this function similar to other parse functions.

6 years agoHTTP/3: simplifed handling ngx_http_v3_parse_literal() return code.
Roman Arutyunyan [Fri, 3 Jul 2020 09:05:05 +0000 (12:05 +0300)]
HTTP/3: simplifed handling ngx_http_v3_parse_literal() return code.

6 years agoHTTP/3: limited prefixed integer size by 62 bits.
Roman Arutyunyan [Fri, 3 Jul 2020 06:26:12 +0000 (09:26 +0300)]
HTTP/3: limited prefixed integer size by 62 bits.

6 years agoHTTP/3: fixed overflow in prefixed integer parser.
Roman Arutyunyan [Fri, 3 Jul 2020 13:41:31 +0000 (16:41 +0300)]
HTTP/3: fixed overflow in prefixed integer parser.

Previously, the expression (ch & 0x7f) was promoted to a signed integer.
Depending on the platform, the size of this integer could be less than 8 bytes,
leading to overflow when handling the higher bits of the result.  Also, sign
bit of this integer could be replicated when adding to the 64-bit st->value.

6 years agoHTTP/3: fixed prefix in decoding Section Acknowledgement.
Sergey Kandaurov [Thu, 2 Jul 2020 14:35:57 +0000 (17:35 +0300)]
HTTP/3: fixed prefix in decoding Section Acknowledgement.

6 years agoHTTP/3: set r->headers_in.chunked flag after parsing headers.
Roman Arutyunyan [Tue, 30 Jun 2020 12:32:09 +0000 (15:32 +0300)]
HTTP/3: set r->headers_in.chunked flag after parsing headers.

Previously it was set when creating the request object.  The side-effect was
trying to discard the request body in case of header parse error.

6 years agoHTTP/3: close QUIC connection with HTTP/QPACK errors when needed.
Roman Arutyunyan [Thu, 2 Jul 2020 13:47:51 +0000 (16:47 +0300)]
HTTP/3: close QUIC connection with HTTP/QPACK errors when needed.

Previously errors led only to closing streams.

To simplify closing QUIC connection from a QUIC stream context, new macro
ngx_http_v3_finalize_connection() is introduced.  It calls
ngx_quic_finalize_connection() for the parent connection.

6 years agoHTTP/3: error code definitions for HTTP/3 and QPACK.
Roman Arutyunyan [Tue, 30 Jun 2020 09:30:57 +0000 (12:30 +0300)]
HTTP/3: error code definitions for HTTP/3 and QPACK.

6 years agoQUIC: Introduced ngx_quic_finalize_connection().
Roman Arutyunyan [Thu, 2 Jul 2020 13:33:59 +0000 (16:33 +0300)]
QUIC: Introduced ngx_quic_finalize_connection().

The function finalizes QUIC connection with an application protocol error
code and sends a CONNECTION_CLOSE frame with type=0x1d.

Also, renamed NGX_QUIC_FT_CONNECTION_CLOSE2 to NGX_QUIC_FT_CONNECTION_CLOSE_APP.

6 years agoHTTP/3: downgraded literal size error level to NGX_LOG_INFO.
Roman Arutyunyan [Thu, 2 Jul 2020 13:33:36 +0000 (16:33 +0300)]
HTTP/3: downgraded literal size error level to NGX_LOG_INFO.

Now it's similar to HTTP/2.

6 years agoHTTP/3: refactored dynamic table implementation.
Roman Arutyunyan [Thu, 2 Jul 2020 12:34:05 +0000 (15:34 +0300)]
HTTP/3: refactored dynamic table implementation.

Previously dynamic table was not functional because of zero limit on its size
set by default.  Now the following changes enable it:

- new directives to set SETTINGS_QPACK_MAX_TABLE_CAPACITY and
  SETTINGS_QPACK_BLOCKED_STREAMS
- send settings with SETTINGS_QPACK_MAX_TABLE_CAPACITY and
  SETTINGS_QPACK_BLOCKED_STREAMS to the client
- send Insert Count Increment to the client
- send Header Acknowledgement to the client
- evict old dynamic table entries on overflow
- decode Required Insert Count from client
- block stream if Required Insert Count is not reached

6 years agoHTTP/3: fixed prefixed integer encoding and decoding.
Roman Arutyunyan [Thu, 2 Jul 2020 12:15:55 +0000 (15:15 +0300)]
HTTP/3: fixed prefixed integer encoding and decoding.

Previously bytes were ordered from MSB to LSB, but the right order is the
reverse.

6 years agoSSL: fixed unexpected certificate requests (ticket #2008).
Maxim Dounin [Mon, 29 Jun 2020 14:15:51 +0000 (17:15 +0300)]
SSL: fixed unexpected certificate requests (ticket #2008).

Using SSL_CTX_set_verify(SSL_VERIFY_PEER) implies that OpenSSL will
send a certificate request during an SSL handshake, leading to unexpected
certificate requests from browsers as long as there are any client
certificates installed.  Given that ngx_ssl_trusted_certificate()
is called unconditionally by the ngx_http_ssl_module, this affected
all HTTPS servers.  Broken by 699f6e55bbb4 (not released yet).

Fix is to set verify callback in the ngx_ssl_trusted_certificate() function
without changing the verify mode.

6 years agoHTTP/3: http3_max_field_size directive to limit string size.
Roman Arutyunyan [Mon, 29 Jun 2020 12:56:14 +0000 (15:56 +0300)]
HTTP/3: http3_max_field_size directive to limit string size.

Client streams may send literal strings which are now limited in size by the
new directive.  The default value is 4096.

The directive is similar to HTTP/2 directive http2_max_field_size.

6 years agoHTTP/3: introduced ngx_http_v3_get_module_srv_conf() macro.
Roman Arutyunyan [Fri, 26 Jun 2020 08:58:00 +0000 (11:58 +0300)]
HTTP/3: introduced ngx_http_v3_get_module_srv_conf() macro.

The macro helps to access a module's server configuration from a QUIC
stream context.

6 years agoHTTP/3: fixed dropping first non-pseudo header.
Roman Arutyunyan [Fri, 26 Jun 2020 07:05:28 +0000 (10:05 +0300)]
HTTP/3: fixed dropping first non-pseudo header.

6 years agoHTTP/3: do not emit a DATA frame header for header_only responses.
Sergey Kandaurov [Thu, 25 Jun 2020 17:31:13 +0000 (20:31 +0300)]
HTTP/3: do not emit a DATA frame header for header_only responses.

This resulted in the frame error due to the invalid DATA frame length.

6 years agoStyle.
Vladimir Homutov [Fri, 19 Jun 2020 08:29:30 +0000 (11:29 +0300)]
Style.

6 years agoREADME: documented draft-28, draft-29 support.
Sergey Kandaurov [Tue, 23 Jun 2020 08:57:00 +0000 (11:57 +0300)]
README: documented draft-28, draft-29 support.

6 years agoUpdate Initial salt and Retry secret from quic-tls-29.
Sergey Kandaurov [Tue, 23 Jun 2020 08:57:00 +0000 (11:57 +0300)]
Update Initial salt and Retry secret from quic-tls-29.

See sections 5.2 and 5.8 for the current values.

6 years agoGet rid of hardcoded numbers used for quic handshake errors.
Sergey Kandaurov [Tue, 23 Jun 2020 08:57:00 +0000 (11:57 +0300)]
Get rid of hardcoded numbers used for quic handshake errors.

6 years agoDiscard short packets which could not be decrypted.
Sergey Kandaurov [Tue, 23 Jun 2020 08:57:00 +0000 (11:57 +0300)]
Discard short packets which could not be decrypted.

So that connections are protected from failing from on-path attacks.
Decryption failure of long packets used during handshake still leads
to connection close since it barely makes sense to handle them there.

6 years agoClose connection with PROTOCOL_VIOLATION on decryption failure.
Sergey Kandaurov [Tue, 23 Jun 2020 08:57:00 +0000 (11:57 +0300)]
Close connection with PROTOCOL_VIOLATION on decryption failure.

A previously used undefined error code is now replaced with the generic one.

Note that quic-transport prescribes keeping connection intact, discarding such
QUIC packets individually, in the sense that coalesced packets could be there.
This is selectively handled in the next change.

6 years agoDefine KEY_UPDATE_ERROR from quic-tls-24.
Sergey Kandaurov [Tue, 23 Jun 2020 08:57:00 +0000 (11:57 +0300)]
Define KEY_UPDATE_ERROR from quic-tls-24.

6 years agoReject new QUIC connection with CONNECTION_REFUSED on shutdown.
Sergey Kandaurov [Tue, 23 Jun 2020 08:57:00 +0000 (11:57 +0300)]
Reject new QUIC connection with CONNECTION_REFUSED on shutdown.

6 years agoClose QUIC connection with NO_ERROR on c->close.
Sergey Kandaurov [Tue, 23 Jun 2020 08:57:00 +0000 (11:57 +0300)]
Close QUIC connection with NO_ERROR on c->close.

That way it makes more sense.  Previously it was closed with INTERNAL_ERROR.

6 years agoDo not close QUIC sockets in ngx_close_listening_sockets().
Sergey Kandaurov [Tue, 23 Jun 2020 08:57:00 +0000 (11:57 +0300)]
Do not close QUIC sockets in ngx_close_listening_sockets().

This breaks graceful shutdown of QUIC connections in terms of quic-transport.

6 years agoQUIC error SERVER_BUSY renamed to CONNECTION_REFUSED in draft-29.
Sergey Kandaurov [Tue, 23 Jun 2020 08:57:00 +0000 (11:57 +0300)]
QUIC error SERVER_BUSY renamed to CONNECTION_REFUSED in draft-29.