nginx.git/src/event, branch release-1.2.4 nginx Merge of r4785, r4795, r4811, r4812, r4816, r4822: coverity. 2012-09-24T18:54:28+00:00 Maxim Dounin mdounin@mdounin.ru 2012-09-24T18:54:28+00:00 191e31938e81f2a59a4ba4dc6b3f4f28bc232187 *) Resolver: fixed possible memory leak in ngx_resolver_create(). *) Explicitly ignore returned value from unlink() in ngx_open_tempfile(). *) Explicitly ignore returned value from close() in ngx_event_core_init_conf(). *) Added three missing checks for NULL after ngx_array_push() calls. *) Crypt: fixed handling of corrupted SSHA entries in password file. *) Mark logically dead code with corresponding comment. Found by / prodded by Coverity. 
*) Resolver: fixed possible memory leak in ngx_resolver_create().

*) Explicitly ignore returned value from unlink() in ngx_open_tempfile().

*) Explicitly ignore returned value from close() in ngx_event_core_init_conf().

*) Added three missing checks for NULL after ngx_array_push() calls.

*) Crypt: fixed handling of corrupted SSHA entries in password file.

*) Mark logically dead code with corresponding comment.

Found by / prodded by Coverity.
Merge of r4764: debug_connection with a domain name change. 2012-08-06T17:13:20+00:00 Maxim Dounin mdounin@mdounin.ru 2012-08-06T17:13:20+00:00 f3959db1e773a7d5fef3009f04b1afb2c2d4c744 When "debug_connection" is configured with a domain name, only the first resolved address was used. Now all addresses will be used. 
When "debug_connection" is configured with a domain name, only the first
resolved address was used.  Now all addresses will be used.
Merge of r4760, r4761: -Wmissing-prototypes. 2012-08-06T17:07:28+00:00 Maxim Dounin mdounin@mdounin.ru 2012-08-06T17:07:28+00:00 20ce4fcbbf7c1504cc520905dfde1b2790011e31 Fixed compilation with -Wmissing-prototypes. Added a commented out -Wmissing-prototypes to CFLAGS. It is commented out to not break builds with 3rd party modules. 
Fixed compilation with -Wmissing-prototypes.  Added a commented
out -Wmissing-prototypes to CFLAGS.  It is commented out to not break
builds with 3rd party modules.
Merge of r4697: disabled gzip in OpenSSL prior to 1.0.0. 2012-07-02T17:25:51+00:00 Maxim Dounin mdounin@mdounin.ru 2012-07-02T17:25:51+00:00 d4ee957632ed27aa26e1351cb3a3bb400fac30d1 Disabled gzip compression in OpenSSL prior to 1.0.0 version. This saves about 522K per connection. 
Disabled gzip compression in OpenSSL prior to 1.0.0 version.
This saves about 522K per connection.
Merge of r4652: ssl without buffer should not set c->buffered. 2012-07-02T15:51:02+00:00 Maxim Dounin mdounin@mdounin.ru 2012-07-02T15:51:02+00:00 fb6e7626f6aa3fb9e627e1a2dbcf1d92dfc99557 Removed mistaken setting of NGX_SSL_BUFFERED flag in ngx_ssl_send_chain() if SSL buffer is not used. 
Removed mistaken setting of NGX_SSL_BUFFERED flag in ngx_ssl_send_chain()
if SSL buffer is not used.
Merge of r4630: fixed c->sent with unbuffered ssl. 2012-06-04T12:00:38+00:00 Maxim Dounin mdounin@mdounin.ru 2012-06-04T12:00:38+00:00 88050e54616809dcaeebbb60ad61d56ddb50e494 Update c->sent in ngx_ssl_send_chain() even if SSL buffer is not used. 
Update c->sent in ngx_ssl_send_chain() even if SSL buffer is not used.
Merge of r4614, r4624-r4629, r4631: proxy recursive changes. 2012-06-04T11:58:12+00:00 Maxim Dounin mdounin@mdounin.ru 2012-06-04T11:58:12+00:00 8acd40c4951ca822e2fb4672de9e4f23c6b6a97a *) Added IPv6 and UNIX-domain socket support in "debug_connection" directive. *) New function ngx_http_get_forwarded_addr() to look up real client address. On input it takes an original address, string in the X-Forwarded-For format and its length, list of trusted proxies, and a flag indicating to perform the recursive search. On output it returns NGX_OK and the "deepest" valid address in a chain, or NGX_DECLINED. It supports AF_INET and AF_INET6. Additionally, original address and/or proxy may be specified as AF_UNIX. *) Realip: chains of trusted proxies and IPv6 support. The module now supports recursive search of client address through the chain of trusted proxies, controlled by the "real_ip_recursive" directive (closes #2). It also gets full IPv6 support (closes #44) and canonical value of the $client_addr variable on address change. Example: real_ip_header X-Forwarded-For; set_real_ip_from 127.0.0.0/8; set_real_ip_from ::1; set_real_ip_from unix:; real_ip_recursive on; *) Geo: chains of trusted proxies and partial IPv6 support. The module now supports recursive search of client address through the chain of trusted proxies, controlled by the "proxy_recursive" directive in the "geo" block. It also gets partial IPv6 support: now proxies may be specified with IPv6 addresses. Example: geo $test { ... proxy 127.0.0.1; proxy ::1; proxy_recursive; } There's also a slight change in behavior. When original client address (as specified by the "geo" directive) is one of the trusted proxies, and the value of the X-Forwarded-For request header cannot not be parsed as a valid address, an original client address will be used for lookup. Previously, 255.255.255.255 was used in this case. *) Geoip: trusted proxies support and partial IPv6 support. The module now supports recursive search of client address through the chain of trusted proxies (closes #100), in the same scope as the geo module. Proxies are listed by the "geoip_proxy" directive, recursive search is enabled by the "geoip_proxy_recursive" directive. IPv6 is partially supported: proxies may be specified with IPv6 addresses. Example: geoip_country .../GeoIP.dat; geoip_proxy 127.0.0.1; geoip_proxy ::1; geoip_proxy 10.0.0.0/8; geoip_proxy_recursive on; 
*) Added IPv6 and UNIX-domain socket support in "debug_connection"
   directive.

*) New function ngx_http_get_forwarded_addr() to look up real client
   address.

   On input it takes an original address, string in the X-Forwarded-For format
   and its length, list of trusted proxies, and a flag indicating to perform
   the recursive search.  On output it returns NGX_OK and the "deepest" valid
   address in a chain, or NGX_DECLINED.  It supports AF_INET and AF_INET6.
   Additionally, original address and/or proxy may be specified as AF_UNIX.

*) Realip: chains of trusted proxies and IPv6 support.

   The module now supports recursive search of client address through
   the chain of trusted proxies, controlled by the "real_ip_recursive"
   directive (closes #2).  It also gets full IPv6 support (closes #44)
   and canonical value of the $client_addr variable on address change.

   Example:

       real_ip_header X-Forwarded-For;
       set_real_ip_from 127.0.0.0/8;
       set_real_ip_from ::1;
       set_real_ip_from unix:;
       real_ip_recursive on;

*) Geo: chains of trusted proxies and partial IPv6 support.

   The module now supports recursive search of client address through
   the chain of trusted proxies, controlled by the "proxy_recursive"
   directive in the "geo" block.  It also gets partial IPv6 support:
   now proxies may be specified with IPv6 addresses.

   Example:

       geo $test {
           ...
           proxy 127.0.0.1;
           proxy ::1;
           proxy_recursive;
       }

   There's also a slight change in behavior.  When original client
   address (as specified by the "geo" directive) is one of the
   trusted proxies, and the value of the X-Forwarded-For request
   header cannot not be parsed as a valid address, an original client
   address will be used for lookup.  Previously, 255.255.255.255 was
   used in this case.

*) Geoip: trusted proxies support and partial IPv6 support.

   The module now supports recursive search of client address through the
   chain of trusted proxies (closes #100), in the same scope as the geo
   module.  Proxies are listed by the "geoip_proxy" directive, recursive
   search is enabled by the "geoip_proxy_recursive" directive.  IPv6 is
   partially supported: proxies may be specified with IPv6 addresses.

   Example:

        geoip_country .../GeoIP.dat;
        geoip_proxy 127.0.0.1;
        geoip_proxy ::1;
        geoip_proxy 10.0.0.0/8;
        geoip_proxy_recursive on;
Merge of r4619: accept moderation on EMFILE/ENFILE. 2012-06-04T11:10:36+00:00 Maxim Dounin mdounin@mdounin.ru 2012-06-04T11:10:36+00:00 9732c655154b182497fb47fa47fbba69ffd25897 In case of EMFILE/ENFILE returned from accept() we disable accept events, and (in case of no accept mutex used) arm timer to re-enable them later. With accept mutex we just drop it, and rely on normal accept mutex handling to re-enable accept events once it's acquired again. As we now handle errors in question, logging level was changed to "crit" (instead of "alert" used for unknown errors). Note: the code might call ngx_enable_accept_events() multiple times if there are many listen sockets. The ngx_enable_accept_events() function was modified to check if connection is already active (via c->read->active) and skip it then, thus making multiple calls safe. 
In case of EMFILE/ENFILE returned from accept() we disable accept events,
and (in case of no accept mutex used) arm timer to re-enable them later.
With accept mutex we just drop it, and rely on normal accept mutex handling
to re-enable accept events once it's acquired again.

As we now handle errors in question, logging level was changed to "crit"
(instead of "alert" used for unknown errors).

Note: the code might call ngx_enable_accept_events() multiple times if
there are many listen sockets.  The ngx_enable_accept_events() function was
modified to check if connection is already active (via c->read->active) and
skip it then, thus making multiple calls safe.
Fixed master exit if there is no events section (ticket #150). 2012-04-18T14:47:10+00:00 Maxim Dounin mdounin@mdounin.ru 2012-04-18T14:47:10+00:00 a73ce28e0a6d855daaf2cd2a40bbf65762e58f2a Instead of checking if there is events{} section present in configuration in init_module handler we now do the same in init_conf handler. This allows master process to detect incorrect configuration early and reject it. 
Instead of checking if there is events{} section present in configuration
in init_module handler we now do the same in init_conf handler.  This
allows master process to detect incorrect configuration early and
reject it.
Fixed grammar in error messages. 2012-04-12T19:35:41+00:00 Ruslan Ermilov ru@nginx.com 2012-04-12T19:35:41+00:00 43d2b1c04562dbd7c651d8d135d93bb8116b9133