nginx.git/src/event, branch release-1.11.3 nginx Events: support for EPOLLEXCLUSIVE. 2016-07-15T12:18:57+00:00 Valentin Bartenev vbart@nginx.com 2016-07-15T12:18:57+00:00 5c2dd3913aad5c4bf7d9056e1336025c2703586b This flag appeared in Linux 4.5 and is useful for avoiding thundering herd problem. The current Linux kernel implementation walks the list of exclusive waiters, and queues an event to each epfd, until it finds the first waiter that has threads blocked on it via epoll_wait(). 
This flag appeared in Linux 4.5 and is useful for avoiding thundering herd
problem.

The current Linux kernel implementation walks the list of exclusive waiters,
and queues an event to each epfd, until it finds the first waiter that has
threads blocked on it via epoll_wait().
Style: sorted epoll flags. 2016-07-15T12:18:57+00:00 Valentin Bartenev vbart@nginx.com 2016-07-15T12:18:57+00:00 b60534e0d8f943740fb6847ac0a1ff3091a373d0 






Events: the "accept_mutex" directive is turned off by default.
2016-07-15T12:18:57+00:00

Valentin Bartenev
vbart@nginx.com

2016-07-15T12:18:57+00:00

46dd747c9e2bc47c0689f62f9cba3d470d898b43

Now it is believed that the accept mutex brings more harm than benefits.
Especially in various benchmarks it often results in situation where only
one worker grabs all connections.





Now it is believed that the accept mutex brings more harm than benefits.
Especially in various benchmarks it often results in situation where only
one worker grabs all connections.







Removed unused flag accept_context_updated from ngx_event_t.
2016-06-29T11:30:00+00:00

Ruslan Ermilov
ru@nginx.com

2016-06-29T11:30:00+00:00

fb6c764921dff3322b33ed2f5169b4c23f84bd9c

Also, removed practically unused flag accept_context_updated from
ngx_connection_t.





Also, removed practically unused flag accept_context_updated from
ngx_connection_t.







Stream: set SO_REUSEADDR for UDP upstream sockets.
2016-06-20T09:48:47+00:00

Roman Arutyunyan
arut@nginx.com

2016-06-20T09:48:47+00:00

4c03c80e12158bd6daf3c6608aca3e3acce56640

The option is only set if the socket is bound to a specific port to allow
several such sockets coexist at the same time.  This is required, for example,
when nginx acts as a transparent proxy and receives two datagrams from the same
client in a short time.

The feature is only implemented for Linux.





The option is only set if the socket is bound to a specific port to allow
several such sockets coexist at the same time.  This is required, for example,
when nginx acts as a transparent proxy and receives two datagrams from the same
client in a short time.

The feature is only implemented for Linux.







Introduced ngx_inet_get_port() and ngx_inet_set_port() functions.
2016-06-20T08:50:39+00:00

Roman Arutyunyan
arut@nginx.com

2016-06-20T08:50:39+00:00

5b201ac31f968d13f1165e7f29967e5826ccb9a1












Set IP_BIND_ADDRESS_NO_PORT socket option for upstream sockets.
2016-06-20T07:41:17+00:00

Andrei Belov
defan@nginx.com

2016-06-20T07:41:17+00:00

72d4e5d7930a07a8753640061bbe9210c6a1f890












SSL: ngx_ssl_ciphers() to set list of ciphers.
2016-06-15T20:05:30+00:00

Tim Taubert
tim@timtaubert.de

2016-06-15T20:05:30+00:00

4f578bfcab740fcfbbb8824822803ad9b3f176cc

This patch moves various OpenSSL-specific function calls into the
OpenSSL module and introduces ngx_ssl_ciphers() to make nginx more
crypto-library-agnostic.





This patch moves various OpenSSL-specific function calls into the
OpenSSL module and introduces ngx_ssl_ciphers() to make nginx more
crypto-library-agnostic.







Introduced the ngx_sockaddr_t type.
2016-05-23T13:37:20+00:00

Ruslan Ermilov
ru@nginx.com

2016-05-23T13:37:20+00:00

fd064d3b88e59ee71aec508687403539b01d643c

It's properly aligned and can hold any supported sockaddr.





It's properly aligned and can hold any supported sockaddr.







SSL: removed default DH parameters.
2016-05-19T11:46:32+00:00

Maxim Dounin
mdounin@mdounin.ru

2016-05-19T11:46:32+00:00

61ec58a9bed5ec0cae60c3f3b8d46382beecc5c6

Using the same DH parameters on multiple servers is believed to be subject
to precomputation attacks, see http://weakdh.org/.  Additionally, 1024 bits
are not enough in the modern world as well.  Let users provide their own
DH parameters with the ssl_dhparam directive if they want to use EDH ciphers.

Note that SSL_CTX_set_dh_auto() as provided by OpenSSL 1.1.0 uses fixed
DH parameters from RFC 5114 and RFC 3526, and therefore subject to the same
precomputation attacks.  We avoid using it as well.

This change also fixes compilation with OpenSSL 1.1.0-pre5 (aka Beta 2),
as OpenSSL developers changed their policy after releasing Beta 1 and
broke API once again by making the DH struct opaque (see ticket #860).





Using the same DH parameters on multiple servers is believed to be subject
to precomputation attacks, see http://weakdh.org/.  Additionally, 1024 bits
are not enough in the modern world as well.  Let users provide their own
DH parameters with the ssl_dhparam directive if they want to use EDH ciphers.

Note that SSL_CTX_set_dh_auto() as provided by OpenSSL 1.1.0 uses fixed
DH parameters from RFC 5114 and RFC 3526, and therefore subject to the same
precomputation attacks.  We avoid using it as well.

This change also fixes compilation with OpenSSL 1.1.0-pre5 (aka Beta 2),
as OpenSSL developers changed their policy after releasing Beta 1 and
broke API once again by making the DH struct opaque (see ticket #860).