mirror of
https://github.com/nginx/nginx.git
synced 2025-01-07 06:33:00 -06:00
09c684b2d5
*) Security: nginx now checks URI got from a backend in
"X-Accel-Redirect" header line or in SSI file for the "/../" paths
and zeroes.
*) Change: nginx now does not treat the empty user name in the
"Authorization" header line as valid one.
*) Feature: the "ssl_session_timeout" directives of the
ngx_http_ssl_module and ngx_imap_ssl_module.
*) Feature: the "auth_http_header" directive of the
ngx_imap_auth_http_module.
*) Feature: the "add_header" directive.
*) Feature: the ngx_http_realip_module.
*) Feature: the new variables to use in the "log_format" directive:
$bytes_sent, $apache_bytes_sent, $status, $time_gmt, $uri,
$request_time, $request_length, $upstream_status,
$upstream_response_time, $gzip_ratio, $uid_got, $uid_set,
$connection, $pipe, and $msec. The parameters in the "%name" form
will be canceled soon.
*) Change: now the false variable values in the "if" directive are the
empty string "" and string starting with "0".
*) Bugfix: while using proxied or FastCGI-server nginx may leave
connections and temporary files with client requests in open state.
*) Bugfix: the worker processes did not flush the buffered logs on
graceful exit.
*) Bugfix: if the request URI was changes by the "rewrite" directive
and the request was proxied in location given by regular expression,
then the incorrect request was transferred to backend; the bug had
appeared in 0.2.6.
*) Bugfix: the "expires" directive did not remove the previous
"Expires" header.
*) Bugfix: nginx may stop to accept requests if the "rtsig" method and
several worker processes were used.
*) Bugfix: the "\"" and "\'" escape symbols were incorrectly handled in
SSI commands.
*) Bugfix: if the response was ended just after the SSI command and
gzipping was used, then the response did not transferred complete or
did not transferred at all.
396 lines
9.5 KiB
C
396 lines
9.5 KiB
C
|
|
/*
|
|
* Copyright (C) Igor Sysoev
|
|
*/
|
|
|
|
|
|
#include <ngx_config.h>
|
|
#include <ngx_core.h>
|
|
#include <ngx_event.h>
|
|
|
|
|
|
/* the buffer size is enough to hold "struct sockaddr_un" */
|
|
#define NGX_SOCKLEN 512
|
|
|
|
|
|
static ngx_int_t ngx_enable_accept_events(ngx_cycle_t *cycle);
|
|
static ngx_int_t ngx_disable_accept_events(ngx_cycle_t *cycle);
|
|
static void ngx_close_accepted_connection(ngx_connection_t *c);
|
|
|
|
|
|
void
|
|
ngx_event_accept(ngx_event_t *ev)
|
|
{
|
|
socklen_t sl;
|
|
ngx_err_t err;
|
|
ngx_log_t *log;
|
|
ngx_socket_t s;
|
|
ngx_event_t *rev, *wev;
|
|
ngx_listening_t *ls;
|
|
ngx_connection_t *c, *lc;
|
|
ngx_event_conf_t *ecf;
|
|
char sa[NGX_SOCKLEN];
|
|
|
|
ecf = ngx_event_get_conf(ngx_cycle->conf_ctx, ngx_event_core_module);
|
|
|
|
if (ngx_event_flags & NGX_USE_RTSIG_EVENT) {
|
|
ev->available = 1;
|
|
|
|
} else if (!(ngx_event_flags & NGX_USE_KQUEUE_EVENT)) {
|
|
ev->available = ecf->multi_accept;
|
|
}
|
|
|
|
lc = ev->data;
|
|
ls = lc->listening;
|
|
ev->ready = 0;
|
|
|
|
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ev->log, 0,
|
|
"accept on %V, ready: %d", &ls->addr_text, ev->available);
|
|
|
|
do {
|
|
sl = NGX_SOCKLEN;
|
|
|
|
s = accept(lc->fd, (struct sockaddr *) sa, &sl);
|
|
|
|
if (s == -1) {
|
|
err = ngx_socket_errno;
|
|
|
|
if (err == NGX_EAGAIN) {
|
|
return;
|
|
}
|
|
|
|
ngx_log_error((err == NGX_ECONNABORTED) ? NGX_LOG_CRIT:
|
|
NGX_LOG_ALERT,
|
|
ev->log, err, "accept() failed");
|
|
|
|
if (err == NGX_ECONNABORTED) {
|
|
if (ngx_event_flags & NGX_USE_KQUEUE_EVENT) {
|
|
ev->available--;
|
|
}
|
|
|
|
if (ev->available) {
|
|
continue;
|
|
}
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
#if (NGX_STAT_STUB)
|
|
ngx_atomic_fetch_add(ngx_stat_accepted, 1);
|
|
ngx_atomic_fetch_add(ngx_stat_active, 1);
|
|
#endif
|
|
|
|
ngx_accept_disabled = NGX_ACCEPT_THRESHOLD
|
|
- ngx_cycle->free_connection_n;
|
|
|
|
c = ngx_get_connection(s, ev->log);
|
|
|
|
if (c == NULL) {
|
|
if (ngx_close_socket(s) == -1) {
|
|
ngx_log_error(NGX_LOG_ALERT, ev->log, ngx_socket_errno,
|
|
ngx_close_socket_n " failed");
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
c->pool = ngx_create_pool(ls->pool_size, ev->log);
|
|
if (c->pool == NULL) {
|
|
ngx_close_accepted_connection(c);
|
|
return;
|
|
}
|
|
|
|
c->sockaddr = ngx_palloc(c->pool, sl);
|
|
if (c->sockaddr == NULL) {
|
|
ngx_close_accepted_connection(c);
|
|
return;
|
|
}
|
|
|
|
ngx_memcpy(c->sockaddr, sa, sl);
|
|
|
|
log = ngx_palloc(c->pool, sizeof(ngx_log_t));
|
|
if (log == NULL) {
|
|
ngx_close_accepted_connection(c);
|
|
return;
|
|
}
|
|
|
|
/* set a blocking mode for aio and non-blocking mode for others */
|
|
|
|
if (ngx_inherited_nonblocking) {
|
|
if (ngx_event_flags & NGX_USE_AIO_EVENT) {
|
|
if (ngx_blocking(s) == -1) {
|
|
ngx_log_error(NGX_LOG_ALERT, ev->log, ngx_socket_errno,
|
|
ngx_blocking_n " failed");
|
|
ngx_close_accepted_connection(c);
|
|
return;
|
|
}
|
|
}
|
|
|
|
} else {
|
|
if (!(ngx_event_flags & (NGX_USE_AIO_EVENT|NGX_USE_RTSIG_EVENT))) {
|
|
if (ngx_nonblocking(s) == -1) {
|
|
ngx_log_error(NGX_LOG_ALERT, ev->log, ngx_socket_errno,
|
|
ngx_nonblocking_n " failed");
|
|
ngx_close_accepted_connection(c);
|
|
return;
|
|
}
|
|
}
|
|
}
|
|
|
|
*log = ls->log;
|
|
|
|
c->recv = ngx_recv;
|
|
c->send = ngx_send;
|
|
c->send_chain = ngx_send_chain;
|
|
|
|
c->log = log;
|
|
c->pool->log = log;
|
|
|
|
c->listening = ls;
|
|
c->socklen = sl;
|
|
|
|
c->unexpected_eof = 1;
|
|
|
|
c->ctx = lc->ctx;
|
|
c->servers = lc->servers;
|
|
|
|
rev = c->read;
|
|
wev = c->write;
|
|
|
|
wev->ready = 1;
|
|
|
|
if (ngx_event_flags & (NGX_USE_AIO_EVENT|NGX_USE_RTSIG_EVENT)) {
|
|
/* rtsig, aio, iocp */
|
|
rev->ready = 1;
|
|
}
|
|
|
|
if (ev->deferred_accept) {
|
|
rev->ready = 1;
|
|
#if (NGX_HAVE_KQUEUE)
|
|
rev->available = 1;
|
|
#endif
|
|
}
|
|
|
|
rev->log = log;
|
|
wev->log = log;
|
|
|
|
/*
|
|
* TODO: MT: - ngx_atomic_fetch_add()
|
|
* or protection by critical section or light mutex
|
|
*
|
|
* TODO: MP: - allocated in a shared memory
|
|
* - ngx_atomic_fetch_add()
|
|
* or protection by critical section or light mutex
|
|
*/
|
|
|
|
c->number = ngx_atomic_fetch_add(ngx_connection_counter, 1);
|
|
|
|
#if (NGX_STAT_STUB)
|
|
ngx_atomic_fetch_add(ngx_stat_handled, 1);
|
|
#endif
|
|
|
|
#if (NGX_THREADS)
|
|
rev->lock = &c->lock;
|
|
wev->lock = &c->lock;
|
|
rev->own_lock = &c->lock;
|
|
wev->own_lock = &c->lock;
|
|
#endif
|
|
|
|
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, log, 0,
|
|
"accept: fd:%d c:%d", s, c->number);
|
|
|
|
if (ls->addr_ntop) {
|
|
c->addr_text.data = ngx_palloc(c->pool, ls->addr_text_max_len);
|
|
if (c->addr_text.data == NULL) {
|
|
ngx_close_accepted_connection(c);
|
|
return;
|
|
}
|
|
|
|
c->addr_text.len = ngx_sock_ntop(ls->family, c->sockaddr,
|
|
c->addr_text.data,
|
|
ls->addr_text_max_len);
|
|
if (c->addr_text.len == 0) {
|
|
ngx_close_accepted_connection(c);
|
|
return;
|
|
}
|
|
}
|
|
|
|
#if (NGX_DEBUG)
|
|
{
|
|
|
|
uint32_t *addr;
|
|
in_addr_t i;
|
|
struct sockaddr_in *sin;
|
|
|
|
sin = (struct sockaddr_in *) sa;
|
|
addr = ecf->debug_connection.elts;
|
|
for (i = 0; i < ecf->debug_connection.nelts; i++) {
|
|
if (addr[i] == sin->sin_addr.s_addr) {
|
|
log->log_level = NGX_LOG_DEBUG_CONNECTION|NGX_LOG_DEBUG_ALL;
|
|
break;
|
|
}
|
|
}
|
|
|
|
}
|
|
#endif
|
|
|
|
if (ngx_add_conn && (ngx_event_flags & NGX_USE_EPOLL_EVENT) == 0) {
|
|
if (ngx_add_conn(c) == NGX_ERROR) {
|
|
ngx_close_accepted_connection(c);
|
|
return;
|
|
}
|
|
}
|
|
|
|
log->data = NULL;
|
|
log->handler = NULL;
|
|
|
|
ls->handler(c);
|
|
|
|
if (ngx_event_flags & NGX_USE_KQUEUE_EVENT) {
|
|
ev->available--;
|
|
}
|
|
|
|
} while (ev->available);
|
|
}
|
|
|
|
|
|
ngx_int_t
|
|
ngx_trylock_accept_mutex(ngx_cycle_t *cycle)
|
|
{
|
|
if (*ngx_accept_mutex == 0
|
|
&& ngx_atomic_cmp_set(ngx_accept_mutex, 0, ngx_pid))
|
|
{
|
|
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
|
|
"accept mutex locked");
|
|
|
|
if (ngx_accept_mutex_held
|
|
&& (!(ngx_event_flags & NGX_USE_RTSIG_EVENT)
|
|
|| *ngx_accept_mutex_last_owner == (ngx_atomic_t) ngx_pid))
|
|
{
|
|
return NGX_OK;
|
|
}
|
|
|
|
if (ngx_enable_accept_events(cycle) == NGX_ERROR) {
|
|
*ngx_accept_mutex = 0;
|
|
return NGX_ERROR;
|
|
}
|
|
|
|
ngx_accept_mutex_held = 1;
|
|
|
|
return NGX_OK;
|
|
}
|
|
|
|
if (ngx_accept_mutex_held) {
|
|
if (ngx_disable_accept_events(cycle) == NGX_ERROR) {
|
|
return NGX_ERROR;
|
|
}
|
|
|
|
ngx_accept_mutex_held = 0;
|
|
}
|
|
|
|
return NGX_OK;
|
|
}
|
|
|
|
|
|
static ngx_int_t
|
|
ngx_enable_accept_events(ngx_cycle_t *cycle)
|
|
{
|
|
ngx_uint_t i;
|
|
ngx_listening_t *ls;
|
|
ngx_connection_t *c;
|
|
|
|
ls = cycle->listening.elts;
|
|
for (i = 0; i < cycle->listening.nelts; i++) {
|
|
|
|
c = ls[i].connection;
|
|
|
|
if (ngx_event_flags & NGX_USE_RTSIG_EVENT) {
|
|
|
|
if (ngx_accept_mutex_held) {
|
|
c->read->disabled = 1;
|
|
}
|
|
|
|
if (ngx_add_conn(c) == NGX_ERROR) {
|
|
return NGX_ERROR;
|
|
}
|
|
|
|
*ngx_accept_mutex_last_owner = ngx_pid;
|
|
|
|
} else {
|
|
if (ngx_add_event(c->read, NGX_READ_EVENT, 0) == NGX_ERROR) {
|
|
return NGX_ERROR;
|
|
}
|
|
}
|
|
}
|
|
|
|
return NGX_OK;
|
|
}
|
|
|
|
|
|
static ngx_int_t
|
|
ngx_disable_accept_events(ngx_cycle_t *cycle)
|
|
{
|
|
ngx_uint_t i;
|
|
ngx_listening_t *ls;
|
|
ngx_connection_t *c;
|
|
|
|
ls = cycle->listening.elts;
|
|
for (i = 0; i < cycle->listening.nelts; i++) {
|
|
|
|
c = ls[i].connection;
|
|
|
|
if (!c->read->active) {
|
|
continue;
|
|
}
|
|
|
|
if (ngx_event_flags & NGX_USE_RTSIG_EVENT) {
|
|
if (ngx_del_conn(c, NGX_DISABLE_EVENT) == NGX_ERROR) {
|
|
return NGX_ERROR;
|
|
}
|
|
|
|
} else {
|
|
if (ngx_del_event(c->read, NGX_READ_EVENT, NGX_DISABLE_EVENT)
|
|
== NGX_ERROR)
|
|
{
|
|
return NGX_ERROR;
|
|
}
|
|
}
|
|
}
|
|
|
|
return NGX_OK;
|
|
}
|
|
|
|
|
|
static void
|
|
ngx_close_accepted_connection(ngx_connection_t *c)
|
|
{
|
|
ngx_socket_t fd;
|
|
|
|
ngx_free_connection(c);
|
|
|
|
fd = c->fd;
|
|
c->fd = (ngx_socket_t) -1;
|
|
|
|
if (ngx_close_socket(fd) == -1) {
|
|
ngx_log_error(NGX_LOG_ALERT, c->log, ngx_socket_errno,
|
|
ngx_close_socket_n " failed");
|
|
}
|
|
|
|
if (c->pool) {
|
|
ngx_destroy_pool(c->pool);
|
|
}
|
|
|
|
#if (NGX_STAT_STUB)
|
|
ngx_atomic_fetch_add(ngx_stat_active, -1);
|
|
#endif
|
|
}
|
|
|
|
|
|
u_char *
|
|
ngx_accept_log_error(ngx_log_t *log, u_char *buf, size_t len)
|
|
{
|
|
return ngx_snprintf(buf, len, " while accepting new connection on %V",
|
|
log->data);
|
|
}
|