nginx.git/src/event, branch release-1.2.2 nginx Merge of r4697: disabled gzip in OpenSSL prior to 1.0.0. 2012-07-02T17:25:51+00:00 Maxim Dounin mdounin@mdounin.ru 2012-07-02T17:25:51+00:00 d4ee957632ed27aa26e1351cb3a3bb400fac30d1 Disabled gzip compression in OpenSSL prior to 1.0.0 version. This saves about 522K per connection. 
Disabled gzip compression in OpenSSL prior to 1.0.0 version.
This saves about 522K per connection.
Merge of r4652: ssl without buffer should not set c->buffered. 2012-07-02T15:51:02+00:00 Maxim Dounin mdounin@mdounin.ru 2012-07-02T15:51:02+00:00 fb6e7626f6aa3fb9e627e1a2dbcf1d92dfc99557 Removed mistaken setting of NGX_SSL_BUFFERED flag in ngx_ssl_send_chain() if SSL buffer is not used. 
Removed mistaken setting of NGX_SSL_BUFFERED flag in ngx_ssl_send_chain()
if SSL buffer is not used.
Merge of r4630: fixed c->sent with unbuffered ssl. 2012-06-04T12:00:38+00:00 Maxim Dounin mdounin@mdounin.ru 2012-06-04T12:00:38+00:00 88050e54616809dcaeebbb60ad61d56ddb50e494 Update c->sent in ngx_ssl_send_chain() even if SSL buffer is not used. 
Update c->sent in ngx_ssl_send_chain() even if SSL buffer is not used.
Merge of r4614, r4624-r4629, r4631: proxy recursive changes. 2012-06-04T11:58:12+00:00 Maxim Dounin mdounin@mdounin.ru 2012-06-04T11:58:12+00:00 8acd40c4951ca822e2fb4672de9e4f23c6b6a97a *) Added IPv6 and UNIX-domain socket support in "debug_connection" directive. *) New function ngx_http_get_forwarded_addr() to look up real client address. On input it takes an original address, string in the X-Forwarded-For format and its length, list of trusted proxies, and a flag indicating to perform the recursive search. On output it returns NGX_OK and the "deepest" valid address in a chain, or NGX_DECLINED. It supports AF_INET and AF_INET6. Additionally, original address and/or proxy may be specified as AF_UNIX. *) Realip: chains of trusted proxies and IPv6 support. The module now supports recursive search of client address through the chain of trusted proxies, controlled by the "real_ip_recursive" directive (closes #2). It also gets full IPv6 support (closes #44) and canonical value of the $client_addr variable on address change. Example: real_ip_header X-Forwarded-For; set_real_ip_from 127.0.0.0/8; set_real_ip_from ::1; set_real_ip_from unix:; real_ip_recursive on; *) Geo: chains of trusted proxies and partial IPv6 support. The module now supports recursive search of client address through the chain of trusted proxies, controlled by the "proxy_recursive" directive in the "geo" block. It also gets partial IPv6 support: now proxies may be specified with IPv6 addresses. Example: geo $test { ... proxy 127.0.0.1; proxy ::1; proxy_recursive; } There's also a slight change in behavior. When original client address (as specified by the "geo" directive) is one of the trusted proxies, and the value of the X-Forwarded-For request header cannot not be parsed as a valid address, an original client address will be used for lookup. Previously, 255.255.255.255 was used in this case. *) Geoip: trusted proxies support and partial IPv6 support. The module now supports recursive search of client address through the chain of trusted proxies (closes #100), in the same scope as the geo module. Proxies are listed by the "geoip_proxy" directive, recursive search is enabled by the "geoip_proxy_recursive" directive. IPv6 is partially supported: proxies may be specified with IPv6 addresses. Example: geoip_country .../GeoIP.dat; geoip_proxy 127.0.0.1; geoip_proxy ::1; geoip_proxy 10.0.0.0/8; geoip_proxy_recursive on; 
*) Added IPv6 and UNIX-domain socket support in "debug_connection"
   directive.

*) New function ngx_http_get_forwarded_addr() to look up real client
   address.

   On input it takes an original address, string in the X-Forwarded-For format
   and its length, list of trusted proxies, and a flag indicating to perform
   the recursive search.  On output it returns NGX_OK and the "deepest" valid
   address in a chain, or NGX_DECLINED.  It supports AF_INET and AF_INET6.
   Additionally, original address and/or proxy may be specified as AF_UNIX.

*) Realip: chains of trusted proxies and IPv6 support.

   The module now supports recursive search of client address through
   the chain of trusted proxies, controlled by the "real_ip_recursive"
   directive (closes #2).  It also gets full IPv6 support (closes #44)
   and canonical value of the $client_addr variable on address change.

   Example:

       real_ip_header X-Forwarded-For;
       set_real_ip_from 127.0.0.0/8;
       set_real_ip_from ::1;
       set_real_ip_from unix:;
       real_ip_recursive on;

*) Geo: chains of trusted proxies and partial IPv6 support.

   The module now supports recursive search of client address through
   the chain of trusted proxies, controlled by the "proxy_recursive"
   directive in the "geo" block.  It also gets partial IPv6 support:
   now proxies may be specified with IPv6 addresses.

   Example:

       geo $test {
           ...
           proxy 127.0.0.1;
           proxy ::1;
           proxy_recursive;
       }

   There's also a slight change in behavior.  When original client
   address (as specified by the "geo" directive) is one of the
   trusted proxies, and the value of the X-Forwarded-For request
   header cannot not be parsed as a valid address, an original client
   address will be used for lookup.  Previously, 255.255.255.255 was
   used in this case.

*) Geoip: trusted proxies support and partial IPv6 support.

   The module now supports recursive search of client address through the
   chain of trusted proxies (closes #100), in the same scope as the geo
   module.  Proxies are listed by the "geoip_proxy" directive, recursive
   search is enabled by the "geoip_proxy_recursive" directive.  IPv6 is
   partially supported: proxies may be specified with IPv6 addresses.

   Example:

        geoip_country .../GeoIP.dat;
        geoip_proxy 127.0.0.1;
        geoip_proxy ::1;
        geoip_proxy 10.0.0.0/8;
        geoip_proxy_recursive on;
Merge of r4619: accept moderation on EMFILE/ENFILE. 2012-06-04T11:10:36+00:00 Maxim Dounin mdounin@mdounin.ru 2012-06-04T11:10:36+00:00 9732c655154b182497fb47fa47fbba69ffd25897 In case of EMFILE/ENFILE returned from accept() we disable accept events, and (in case of no accept mutex used) arm timer to re-enable them later. With accept mutex we just drop it, and rely on normal accept mutex handling to re-enable accept events once it's acquired again. As we now handle errors in question, logging level was changed to "crit" (instead of "alert" used for unknown errors). Note: the code might call ngx_enable_accept_events() multiple times if there are many listen sockets. The ngx_enable_accept_events() function was modified to check if connection is already active (via c->read->active) and skip it then, thus making multiple calls safe. 
In case of EMFILE/ENFILE returned from accept() we disable accept events,
and (in case of no accept mutex used) arm timer to re-enable them later.
With accept mutex we just drop it, and rely on normal accept mutex handling
to re-enable accept events once it's acquired again.

As we now handle errors in question, logging level was changed to "crit"
(instead of "alert" used for unknown errors).

Note: the code might call ngx_enable_accept_events() multiple times if
there are many listen sockets.  The ngx_enable_accept_events() function was
modified to check if connection is already active (via c->read->active) and
skip it then, thus making multiple calls safe.
Fixed master exit if there is no events section (ticket #150). 2012-04-18T14:47:10+00:00 Maxim Dounin mdounin@mdounin.ru 2012-04-18T14:47:10+00:00 a73ce28e0a6d855daaf2cd2a40bbf65762e58f2a Instead of checking if there is events{} section present in configuration in init_module handler we now do the same in init_conf handler. This allows master process to detect incorrect configuration early and reject it. 
Instead of checking if there is events{} section present in configuration
in init_module handler we now do the same in init_conf handler.  This
allows master process to detect incorrect configuration early and
reject it.
Fixed grammar in error messages. 2012-04-12T19:35:41+00:00 Ruslan Ermilov ru@nginx.com 2012-04-12T19:35:41+00:00 43d2b1c04562dbd7c651d8d135d93bb8116b9133 






Fixed signed integer overflows in timer code (ticket #145).
2012-04-06T23:46:09+00:00

Maxim Dounin
mdounin@mdounin.ru

2012-04-06T23:46:09+00:00

baa239c4870ba2236aeb8c54b892dd25d43d780a

Integer overflow is undefined behaviour in C and this indeed caused
problems on Solaris/SPARC (at least in some cases).  Fix is to
subtract unsigned integers instead, and then cast result to a signed
one, which is implementation-defined behaviour and used to work.

Strictly speaking, we should compare (unsigned) result with the maximum
value of the corresponding signed integer type instead, this will be
defined behaviour.  This will require much more changes though, and
considered to be overkill for now.





Integer overflow is undefined behaviour in C and this indeed caused
problems on Solaris/SPARC (at least in some cases).  Fix is to
subtract unsigned integers instead, and then cast result to a signed
one, which is implementation-defined behaviour and used to work.

Strictly speaking, we should compare (unsigned) result with the maximum
value of the corresponding signed integer type instead, this will be
defined behaviour.  This will require much more changes though, and
considered to be overkill for now.







Fixed spelling in multiline C comments.
2012-04-03T07:37:31+00:00

Ruslan Ermilov
ru@nginx.com

2012-04-03T07:37:31+00:00

47a04aaa275d1a9b4a51997910f2b2a881464943












Whitespace fixes.
2012-03-05T18:09:06+00:00

Maxim Dounin
mdounin@mdounin.ru

2012-03-05T18:09:06+00:00

ee187436afcaaeef4bb8bcb65b3f5f815920761e