nginx.git/src/core, branch release-1.21.4 nginx Changed ngx_chain_update_chains() to test tag first (ticket #2248). 2021-10-29T23:39:19+00:00 Maxim Dounin mdounin@mdounin.ru 2021-10-29T23:39:19+00:00 2c8dd1c33e19842fcf1e87b53cb86aeeea094dda Without this change, aio used with HTTP/2 can result in connection hang, as observed with "aio threads; aio_write on;" and proxying (ticket #2248). The problem is that HTTP/2 updates buffers outside of the output filters (notably, marks them as sent), and then posts a write event to call output filters. If a filter does not call the next one for some reason (for example, because of an AIO operation in progress), this might result in a state when the owner of a buffer already called ngx_chain_update_chains() and can reuse the buffer, while the same buffer is still sitting in the busy chain of some other filter. In the particular case a buffer was sitting in output chain's ctx->busy, and was reused by event pipe. Output chain's ctx->busy was permanently blocked by it, and this resulted in connection hang. Fix is to change ngx_chain_update_chains() to skip buffers from other modules unconditionally, without trying to wait for these buffers to become empty. 
Without this change, aio used with HTTP/2 can result in connection hang,
as observed with "aio threads; aio_write on;" and proxying (ticket #2248).

The problem is that HTTP/2 updates buffers outside of the output filters
(notably, marks them as sent), and then posts a write event to call
output filters.  If a filter does not call the next one for some reason
(for example, because of an AIO operation in progress), this might
result in a state when the owner of a buffer already called
ngx_chain_update_chains() and can reuse the buffer, while the same buffer
is still sitting in the busy chain of some other filter.

In the particular case a buffer was sitting in output chain's ctx->busy,
and was reused by event pipe.  Output chain's ctx->busy was permanently
blocked by it, and this resulted in connection hang.

Fix is to change ngx_chain_update_chains() to skip buffers from other
modules unconditionally, without trying to wait for these buffers to
become empty.
Upstream: sendfile_max_chunk support. 2021-10-29T17:21:54+00:00 Maxim Dounin mdounin@mdounin.ru 2021-10-29T17:21:54+00:00 b3b368184b1e3c82da6703e8d7367f38fdc98d1a Previously, connections to upstream servers used sendfile() if it was enabled, but never honored sendfile_max_chunk. This might result in worker monopolization for a long time if large request bodies are allowed. 
Previously, connections to upstream servers used sendfile() if it was
enabled, but never honored sendfile_max_chunk.  This might result
in worker monopolization for a long time if large request bodies
are allowed.
Core: removed unnecessary restriction in hash initialization. 2021-08-19T17:51:27+00:00 Alexey Radkov alexey.radkov@gmail.com 2021-08-19T17:51:27+00:00 3253b346fb8b067d68a79ae72e08a376f234b0b3 Hash initialization ignores elements with key.data set to NULL. Nevertheless, the initial hash bucket size check didn't skip them, resulting in unnecessary restrictions on, for example, variables with long names and with the NGX_HTTP_VARIABLE_NOHASH flag. Fix is to update the initial hash bucket size check to skip elements with key.data set to NULL, similarly to how it is done in other parts of the code. 
Hash initialization ignores elements with key.data set to NULL.
Nevertheless, the initial hash bucket size check didn't skip them,
resulting in unnecessary restrictions on, for example, variables with
long names and with the NGX_HTTP_VARIABLE_NOHASH flag.

Fix is to update the initial hash bucket size check to skip elements
with key.data set to NULL, similarly to how it is done in other parts
of the code.
Removed CLOCK_MONOTONIC_COARSE support. 2021-10-21T15:38:38+00:00 Maxim Dounin mdounin@mdounin.ru 2021-10-21T15:38:38+00:00 f29d7ade54f8baa117f7c40fec58683952c46cdb While clock_gettime(CLOCK_MONOTONIC_COARSE) is faster than clock_gettime(CLOCK_MONOTONIC), the latter is fast enough on Linux for practical usage, and the difference is negligible compared to other costs at each event loop iteration. On the other hand, CLOCK_MONOTONIC_COARSE causes various issues with typical CONFIG_HZ=250, notably very inaccurate limit_rate handling in some edge cases (ticket #1678) and negative difference between $request_time and $upstream_response_time (ticket #1965). 
While clock_gettime(CLOCK_MONOTONIC_COARSE) is faster than
clock_gettime(CLOCK_MONOTONIC), the latter is fast enough on Linux for
practical usage, and the difference is negligible compared to other costs
at each event loop iteration.  On the other hand, CLOCK_MONOTONIC_COARSE
causes various issues with typical CONFIG_HZ=250, notably very inaccurate
limit_rate handling in some edge cases (ticket #1678) and negative difference
between $request_time and $upstream_response_time (ticket #1965).
Version bump. 2021-09-14T09:12:02+00:00 Roman Arutyunyan arut@nginx.com 2021-09-14T09:12:02+00:00 8165597cf6b52d0129057185e19e37a83621c51e 






Version bump.
2021-09-03T14:19:33+00:00

Roman Arutyunyan
arut@nginx.com

2021-09-03T14:19:33+00:00

3575f44a17cb533e19616a6f730ca077a68e2b0a












Version bump.
2021-08-03T17:50:08+00:00

Maxim Dounin
mdounin@mdounin.ru

2021-08-03T17:50:08+00:00

f8394db6fe9c73858032bd202bf0809d459a2f2f












Core: escaping of chars not allowed in URIs per RFC 3986.
2021-06-28T15:01:11+00:00

Maxim Dounin
mdounin@mdounin.ru

2021-06-28T15:01:11+00:00

fee09fc49d510de0078f9bc7fc18dc179cceb62b

Per RFC 3986 only the following characters are allowed in URIs unescaped:

unreserved    = ALPHA / DIGIT / "-" / "." / "_" / "~"
gen-delims    = ":" / "/" / "?" / "#" / "[" / "]" / "@"
sub-delims    = "!" / "$" / "&" / "'" / "(" / ")"
              / "*" / "+" / "," / ";" / "="

And "%" can appear as a part of escaping itself.  The following
characters are not allowed and need to be escaped: %00-%1F, %7F-%FF,
" ", """, "<", ">", "\", "^", "`", "{", "|", "}".

Not escaping ">" is known to cause problems at least with MS Exchange (see
http://nginx.org/pipermail/nginx-ru/2010-January/031261.html) and in
Tomcat (ticket #2191).

The patch adds escaping of the following chars in all URI parts: """, "<",
">", "\", "^", "`", "{", "|", "}".  Note that comments are mostly preserved
to outline important characters being escaped.





Per RFC 3986 only the following characters are allowed in URIs unescaped:

unreserved    = ALPHA / DIGIT / "-" / "." / "_" / "~"
gen-delims    = ":" / "/" / "?" / "#" / "[" / "]" / "@"
sub-delims    = "!" / "$" / "&" / "'" / "(" / ")"
              / "*" / "+" / "," / ";" / "="

And "%" can appear as a part of escaping itself.  The following
characters are not allowed and need to be escaped: %00-%1F, %7F-%FF,
" ", """, "<", ">", "\", "^", "`", "{", "|", "}".

Not escaping ">" is known to cause problems at least with MS Exchange (see
http://nginx.org/pipermail/nginx-ru/2010-January/031261.html) and in
Tomcat (ticket #2191).

The patch adds escaping of the following chars in all URI parts: """, "<",
">", "\", "^", "`", "{", "|", "}".  Note that comments are mostly preserved
to outline important characters being escaped.







Core: fixed comment about escaping in arguments.
2021-06-28T15:01:09+00:00

Maxim Dounin
mdounin@mdounin.ru

2021-06-28T15:01:09+00:00

31d1c34b394ee30b30084ff160133708d0d3b030

After 4954530db2af, the ";" character is escaped by
ngx_escape_uri(NGX_ESCAPE_ARGS).





After 4954530db2af, the ";" character is escaped by
ngx_escape_uri(NGX_ESCAPE_ARGS).







Core: added the ngx_rbtree_data() macro.
2021-06-21T06:42:43+00:00

Vladimir Homutov
vl@nginx.com

2021-06-21T06:42:43+00:00

8b927107287094f018cc6f5addc543e79f88ec74