Commit Graph

1730 Commits

Author SHA1 Message Date
Maxim Dounin
6c3838f9ed Core: ngx_explicit_memzero(). 2018-11-15 21:28:02 +03:00
Ruslan Ermilov
841c899a9e Core: free shared memory on cycle initialization failure. 2018-11-15 15:28:54 +03:00
Vladimir Homutov
6351d8306f Version bump. 2018-11-13 14:42:47 +03:00
Vladimir Homutov
ae1e6e5ec0 Version bump. 2018-10-03 17:02:44 +03:00
Ruslan Ermilov
df0dfa634d Fixed off-by-one error in shared zone initialization.
On systems without atomic ops, not enough space was allocated
for mutex's file name during shared zone initialization.
2018-10-02 13:32:52 +03:00
Ruslan Ermilov
99e06c69c5 Version bump. 2018-09-27 13:05:39 +03:00
Roman Arutyunyan
09cb553c7f Version bump. 2018-08-30 14:42:15 +03:00
Maxim Dounin
dd8e1e178c Skipping spaces in configuration files (ticket #1557).
Previously, a chunk of spaces larger than NGX_CONF_BUFFER (4096 bytes)
resulted in the "too long parameter" error during parsing such a
configuration.  This was because the code only set start and start_line
on non-whitespace characters, and hence adjacent whitespace characters
were preserved when reading additional data from the configuration file.
Fix is to always move start and start_line if the last character was
a space.
2018-08-09 12:15:42 +03:00
Maxim Dounin
9e0d1236f1 Dav: changed ngx_copy_file() to preserve access and mtime.
This fixes wrong permissions and file time after cross-device MOVE
in the DAV module (ticket #1577).  Broken in 8101d9101ed8 (0.8.9) when
cross-device copying was introduced in ngx_ext_rename_file().

With this change, ngx_copy_file() always calls ngx_set_file_time(),
either with the time provided, or with the time from the original file.
This is considered acceptable given that copying the file is costly anyway,
and optimizing cases when we do not need to preserve time will require
interface changes.
2018-08-01 02:12:11 +03:00
Maxim Dounin
6bff9c9967 Dav: fixed ngx_copy_file() to truncate destination file.
Previously, ngx_open_file(NGX_FILE_CREATE_OR_OPEN) was used, resulting
in destination file being partially rewritten if exists.  Notably,
this affected WebDAV COPY command (ticket #1576).
2018-08-01 02:11:58 +03:00
Sergey Kandaurov
a1e2c5566c Version bump. 2018-07-24 18:46:18 +03:00
Maxim Dounin
751bdd3bb2 Events: moved sockets cloning to ngx_event_init_conf().
Previously, listenings sockets were not cloned if the worker_processes
directive was specified after "listen ... reuseport".

This also simplifies upcoming configuration check on the number
of worker connections, as it needs to know the number of listening
sockets before cloning.
2018-07-12 19:50:02 +03:00
Maxim Dounin
f62d460d5b Resolver: retry sending queries on errors (ticket #1511).
Errors when sending UDP datagrams can happen, e.g., when local IP address
changes (see fa0e093b64d7), or an unavailable DNS server on the LAN can cause
send() to fail with EHOSTDOWN on BSD systems.  If this happens during
initial query, retry sending immediately, to a different DNS server when
possible.  If this is not enough, allow normal resend to happen by ignoring
the return code of the second ngx_resolver_send_query() call, much like we
do in ngx_resolver_resend().
2018-07-05 22:21:14 +03:00
Maxim Dounin
c62f9c914f Version bump. 2018-07-05 20:44:58 +03:00
Ruslan Ermilov
468e37734c Added FreeBSD support for "listen ... reuseport". 2018-07-02 13:54:33 +03:00
Ruslan Ermilov
63e8a1d926 Resolver: require name servers. 2018-06-13 22:37:49 +03:00
Ruslan Ermilov
4542898917 Resolver: allocate resolver from configuration pool.
Before 4a8c9139e579, ngx_resolver_create() didn't use configuration
pool, and allocations were done using malloc().

In 016352c19049, when resolver gained support of several servers,
new allocations were done from the pool.
2018-06-13 22:37:42 +03:00
Maxim Dounin
8dc0f75d0b Added missing space after ngx_close_socket_n. 2018-06-05 17:41:34 +03:00
Maxim Dounin
82b0fe21d6 Version bump. 2018-06-05 17:13:17 +03:00
Roman Arutyunyan
96b6f215b8 Stream: udp streams.
Previously, only one client packet could be processed in a udp stream session
even though multiple response packets were supported.  Now multiple packets
coming from the same client address and port are delivered to the same stream
session.

If it's required to maintain a single stream of data, nginx should be
configured in a way that all packets from a client are delivered to the same
worker.  On Linux and DragonFly BSD the "reuseport" parameter should be
specified for this.  Other systems do not currently provide appropriate
mechanisms.  For these systems a single stream of udp packets is only
guaranteed in single-worker configurations.

The proxy_response directive now specifies how many packets are expected in
response to a single client packet.
2018-06-04 19:50:00 +03:00
Sergey Kandaurov
dac90a4bff Leave chain in ngx_chain_add_copy() in consistent state on errors. 2018-06-04 18:47:54 +03:00
Ruslan Ermilov
e4d173cc88 Core: fixed comment about ngx_current_msec after 81fae70d6cb8.
The value is no longer guaranteed to be based on milliseconds
elapsed since Epoch.
2018-05-29 16:15:19 +03:00
Vladimir Homutov
5568a6598d Syslog: install cleanup handler only once.
If a socket was re-opened due to an error (02c2352d5b01 and fa0e093b64d7),
additional cleanup handler was installed each time.
2018-05-14 22:50:57 +03:00
Ruslan Ermilov
4ac8036e78 Resolver: close UDP socket on error or incomplete send. 2018-05-23 10:41:38 +03:00
Ruslan Ermilov
4fca5bf1e1 Resolver: style. 2018-05-23 10:41:29 +03:00
Maxim Dounin
4f9d83d6d7 Core: silenced getsockopt(TCP_FASTOPEN) messages on FreeBSD.
FreeBSD returns EINVAL when getsockopt(TCP_FASTOPEN) is called on a unix
domain socket, resulting in "getsockopt(TCP_FASTOPEN) ... failed" messages
during binary upgrade when unix domain listen sockets are present in
the configuration.  Added EINVAL to the list of ignored error codes.
2018-05-21 23:11:27 +03:00
Vladimir Homutov
644d26e841 Syslog: re-open syslog udp socket on send error (ticket #1477).
Previously, only unix domain sockets were reopened to tolerate cases when
local syslog server was restarted.  It makes sense to treat other cases
(for example, local IP address changes) similarly.
2018-05-08 19:35:56 +03:00
Maxim Dounin
59d806b56f Version bump. 2018-04-18 16:09:08 +03:00
Maxim Dounin
923c9d5f3b Version bump. 2018-04-05 16:53:27 +03:00
Vladimir Homutov
cadc8ca306 Core: fixed build, broken by 63e91f263a49.
Both Solaris and Windows define "s_addr" as a macro.
2018-04-02 20:38:43 +03:00
Ruslan Ermilov
55f08fc9f7 Core: revised the PROXY protocol v2 code.
- use normal prefixes for types and macros
- removed some macros and types
- revised debug messages
- removed useless check of ngx_sock_ntop() returning 0
- removed special processing of AF_UNSPEC
2018-04-02 18:40:04 +03:00
Vladimir Homutov
ecd6e243b6 Core: style. 2018-03-27 18:39:38 +03:00
Vladimir Homutov
9207cc84b2 Core: added processing of version 2 of the PROXY protocol.
The protocol used on inbound connection is auto-detected and corresponding
parser is used to extract passed addresses.  TLV parameters are ignored.

The maximum supported size of PROXY protocol header is 107 bytes
(similar to version 1).
2018-03-22 15:55:28 +03:00
Ruslan Ermilov
8e8734ec82 Improved code readability (closes #1512). 2018-03-22 18:13:33 +03:00
Maxim Dounin
25a26bbce4 Version bump. 2018-03-22 15:55:52 +03:00
Maxim Dounin
c7e8a6f212 Core: ngx_current_msec now uses monotonic time if available.
When clock_gettime(CLOCK_MONOTONIC) (or faster variants, _FAST on FreeBSD,
and _COARSE on Linux) is available, we now use it for ngx_current_msec.
This should improve handling of timers if system time changes (ticket #189).
2018-03-01 20:25:50 +03:00
Ruslan Ermilov
864d93965b Version bump. 2018-02-21 15:50:35 +03:00
Vladimir Homutov
9d00f9e449 Core: added a stub for additional zone configuration. 2018-02-15 16:08:05 +03:00
Maxim Dounin
742f413e91 Version bump. 2017-12-30 00:15:07 +03:00
Roman Arutyunyan
0ad556fe59 Allowed configuration token to start with a variable.
Specifically, it is now allowed to start with a variable expression with braces:
${name}.  The opening curly bracket in such a token was previously considered
the start of a new block.  Variables located anywhere else in a token worked
fine: foo${name}.
2017-12-21 13:29:40 +03:00
Roman Arutyunyan
752f66bf7d Retain CAP_NET_RAW capability for transparent proxying.
The capability is retained automatically in unprivileged worker processes after
changing UID if transparent proxying is enabled at least once in nginx
configuration.

The feature is only available in Linux.
2017-12-13 20:40:53 +03:00
Ruslan Ermilov
afad219175 Fixed "changing binary" when reaper is not init.
On some systems, it's possible that reaper of orphaned processes is
set to something other than "init" process.  On such systems, the
changing binary procedure did not work.

The fix is to check if PPID has changed, instead of assuming it's
always 1 for orphaned processes.
2017-11-28 12:00:24 +03:00
Maxim Dounin
3656f2eb63 Version bump. 2017-11-23 16:32:58 +03:00
Maxim Dounin
9cb9ce78b1 Core: free shared memory zones only after reconfiguration.
This is what usually happens for zones no longer used in the new
configuration, but zones where size or tag were changed were freed
when creating new memory zones.  If reconfiguration failed (for
example, due to a conflicting listening socket), this resulted in a
segmentation fault in the master process.

Reported by Zhihua Cao,
http://mailman.nginx.org/pipermail/nginx-devel/2017-October/010536.html.
2017-10-17 19:52:16 +03:00
Ruslan Ermilov
77c7875a7b Fixed type of ngx_conf_t.handler_conf.
The type should have been changed in c9b243802a17 along with
changing ngx_conf_handler_pt.
2017-10-13 00:32:26 +03:00
Ruslan Ermilov
211d20a230 Version bump. 2017-10-11 22:04:11 +03:00
Maxim Dounin
3a2ca34548 Fixed build without IPv6, broken by 874171c3c71a. 2017-10-05 16:50:35 +03:00
Maxim Dounin
cba23f88ec Fixed handling of non-null-terminated unix sockets.
At least FreeBSD, macOS, NetBSD, and OpenBSD can return unix sockets
with non-null-terminated sun_path.  Additionally, the address may become
non-null-terminated if it does not fit into the buffer provided and was
truncated (may happen on macOS, NetBSD, and Solaris, which allow unix socket
addresess larger than struct sockaddr_un).  As such, ngx_sock_ntop() might
overread the sockaddr provided, as it used "%s" format and thus assumed
null-terminated string.

To fix this, the ngx_strnlen() function was introduced, and it is now used
to calculate correct length of sun_path.
2017-10-04 21:19:38 +03:00
Maxim Dounin
2e1e65a5c0 Fixed buffer overread with unix sockets after accept().
Some OSes (notably macOS, NetBSD, and Solaris) allow unix socket addresses
larger than struct sockaddr_un.  Moreover, some of them (macOS, Solaris)
return socklen of the socket address before it was truncated to fit the
buffer provided.  As such, on these systems socklen must not be used without
additional check that it is within the buffer provided.

Appropriate checks added to ngx_event_accept() (after accept()),
ngx_event_recvmsg() (after recvmsg()), and ngx_set_inherited_sockets()
(after getsockname()).

We also obtain socket addresses via getsockname() in
ngx_connection_local_sockaddr(), but it does not need any checks as
it is only used for INET and INET6 sockets (as there can be no
wildcard unix sockets).
2017-10-04 21:19:33 +03:00
Ruslan Ermilov
316a34951a Fixed the NGX_UNIX_ADDRSTRLEN macro. 2017-09-25 15:19:24 +03:00