nginx.git/src/http/ngx_http_core_module.c, branch release-1.28.1 nginx Use NGX_CONF_OK in some function return checks. 2025-12-23T18:40:33+00:00 Andrew Clayton a.clayton@nginx.com 2025-05-21T21:19:32+00:00 36744831036cc4f68b32f02d1cd1bd33352bd298 The functions ngx_http_merge_types() & ngx_conf_merge_path_value() return either NGX_CONF_OK aka NULL aka ((void *)0) (probably) or NGX_CONF_ERROR aka ((void *)-1). They don't return an integer constant which is what NGX_OK aka (0) is. Lets use the right thing in the function return check. This was found with -Wzero-as-null-pointer-constant which was enabled for C in GCC 15 (not enabled with Wall or Wextra... yet). Link: <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117059> 
The functions ngx_http_merge_types() & ngx_conf_merge_path_value()
return either NGX_CONF_OK aka NULL aka ((void *)0) (probably) or
NGX_CONF_ERROR aka ((void *)-1).

They don't return an integer constant which is what NGX_OK aka (0) is.

Lets use the right thing in the function return check.

This was found with -Wzero-as-null-pointer-constant which was enabled
for C in GCC 15 (not enabled with Wall or Wextra... yet).

Link: <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117059>
Improved ngx_http_subrequest() error handling. 2025-02-20T20:04:12+00:00 Sergey Kandaurov pluknet@nginx.com 2025-02-11T18:54:04+00:00 d25139db01b636a8212c13e1feeca37eaadad0b5 Previously, request might be left in inconsistent state in case of error, which manifested in "http request count is zero" alerts when used by SSI filter. The fix is to reshuffle initialization order to postpone committing state changes until after any potentially failing parts. Found by bad memory allocator simulation. 
Previously, request might be left in inconsistent state in case of error,
which manifested in "http request count is zero" alerts when used by SSI
filter.

The fix is to reshuffle initialization order to postpone committing state
changes until after any potentially failing parts.

Found by bad memory allocator simulation.
Added "keepalive_min_timeout" directive. 2025-02-05T10:08:01+00:00 Roman Arutyunyan arut@nginx.com 2025-01-15T08:42:39+00:00 22a2a225ba87029f0e7bbc09a80ff7cdad23399d The directive sets a timeout during which a keepalive connection will not be closed by nginx for connection reuse or graceful shutdown. The change allows clients that send multiple requests over the same connection without delay or with a small delay between them, to avoid receiving a TCP RST in response to one of them. This excludes network issues and non-graceful shutdown. As a side-effect, it also addresses the TCP reset problem described in RFC 9112, Section 9.6, when the last sent HTTP response could be damaged by a followup TCP RST. It is important for non-idempotent requests, which cannot be retried by client. It is not recommended to set keepalive_min_timeout to large values as this can introduce an additional delay during graceful shutdown and may restrict nginx from effective connection reuse. 
The directive sets a timeout during which a keepalive connection will
not be closed by nginx for connection reuse or graceful shutdown.

The change allows clients that send multiple requests over the same
connection without delay or with a small delay between them, to avoid
receiving a TCP RST in response to one of them.  This excludes network
issues and non-graceful shutdown.  As a side-effect, it also addresses
the TCP reset problem described in RFC 9112, Section 9.6, when the last
sent HTTP response could be damaged by a followup TCP RST.  It is important
for non-idempotent requests, which cannot be retried by client.

It is not recommended to set keepalive_min_timeout to large values as
this can introduce an additional delay during graceful shutdown and may
restrict nginx from effective connection reuse.
HTTP/3: added more compatibility checks for "listen ... quic". 2024-01-30T15:19:26+00:00 Sergey Kandaurov pluknet@nginx.com 2024-01-30T15:19:26+00:00 71a0a4acdbb9ed0a8ef269a28218365cde00415d Now "fastopen", "backlog", "accept_filter", "deferred", and "so_keepalive" parameters are not allowed with "quic" in the "listen" directive. Reported by Izorkin. 
Now "fastopen", "backlog", "accept_filter", "deferred", and "so_keepalive"
parameters are not allowed with "quic" in the "listen" directive.

Reported by Izorkin.
HTTP/2: "http2" directive. 2023-05-16T12:30:08+00:00 Roman Arutyunyan arut@nginx.com 2023-05-16T12:30:08+00:00 aefd862ab197c3ab49001fcf69be478aab5b0f4e The directive enables HTTP/2 in the current server. The previous way to enable HTTP/2 via "listen ... http2" is now deprecated. The new approach allows to share HTTP/2 and HTTP/0.9-1.1 on the same port. For SSL connections, HTTP/2 is now selected by ALPN callback based on whether the protocol is enabled in the virtual server chosen by SNI. This however only works since OpenSSL 1.0.2h, where ALPN callback is invoked after SNI callback. For older versions of OpenSSL, HTTP/2 is enabled based on the default virtual server configuration. For plain TCP connections, HTTP/2 is now auto-detected by HTTP/2 preface, if HTTP/2 is enabled in the default virtual server. If preface is not matched, HTTP/0.9-1.1 is assumed. 
The directive enables HTTP/2 in the current server.  The previous way to
enable HTTP/2 via "listen ... http2" is now deprecated.  The new approach
allows to share HTTP/2 and HTTP/0.9-1.1 on the same port.

For SSL connections, HTTP/2 is now selected by ALPN callback based on whether
the protocol is enabled in the virtual server chosen by SNI.  This however only
works since OpenSSL 1.0.2h, where ALPN callback is invoked after SNI callback.
For older versions of OpenSSL, HTTP/2 is enabled based on the default virtual
server configuration.

For plain TCP connections, HTTP/2 is now auto-detected by HTTP/2 preface, if
HTTP/2 is enabled in the default virtual server.  If preface is not matched,
HTTP/0.9-1.1 is assumed.
HTTP/3: removed "http3" parameter of "listen" directive. 2023-05-11T09:22:10+00:00 Roman Arutyunyan arut@nginx.com 2023-05-11T09:22:10+00:00 2ce3eeeeb76318e414b62d399da70872d2de23d8 The parameter has been deprecated since c851a2ed5ce8. 
The parameter has been deprecated since c851a2ed5ce8.
Merged with the default branch. 2023-03-29T07:14:25+00:00 Sergey Kandaurov pluknet@nginx.com 2023-03-29T07:14:25+00:00 e8fbc967470b39513248cd961ccccf7a032831ea 






Fixed "zero size buf" alerts with subrequests.
2023-01-28T02:23:33+00:00

Maxim Dounin
mdounin@mdounin.ru

2023-01-28T02:23:33+00:00

384a8d8dfbf817b98715e8ed5ec7bf3cb545d501

Since 4611:2b6cb7528409 responses from the gzip static, flv, and mp4 modules
can be used with subrequests, though empty files were not properly handled.
Empty gzipped, flv, and mp4 files thus resulted in "zero size buf in output"
alerts.  While valid corresponding files are not expected to be empty, such
files shouldn't result in alerts.

Fix is to set b->sync on such empty subrequest responses, similarly to what
ngx_http_send_special() does.

Additionally, the static module, the ngx_http_send_response() function, and
file cache are modified to do the same instead of not sending the response
body at all in such cases, since not sending the response body at all is
believed to be at least questionable, and might break various filters
which do not expect such behaviour.





Since 4611:2b6cb7528409 responses from the gzip static, flv, and mp4 modules
can be used with subrequests, though empty files were not properly handled.
Empty gzipped, flv, and mp4 files thus resulted in "zero size buf in output"
alerts.  While valid corresponding files are not expected to be empty, such
files shouldn't result in alerts.

Fix is to set b->sync on such empty subrequest responses, similarly to what
ngx_http_send_special() does.

Additionally, the static module, the ngx_http_send_response() function, and
file cache are modified to do the same instead of not sending the response
body at all in such cases, since not sending the response body at all is
believed to be at least questionable, and might break various filters
which do not expect such behaviour.







HTTP/3: trigger more compatibility errors for "listen quic".
2023-01-26T11:25:33+00:00

Roman Arutyunyan
arut@nginx.com

2023-01-26T11:25:33+00:00

a5f9b45aee3c2bdbd3fcd4f8fc6b6903b1214705

Now "ssl", "proxy_protocol" and "http2" are not allowed with "quic" in "listen"
directive.  Previously, only "ssl" was not allowed.





Now "ssl", "proxy_protocol" and "http2" are not allowed with "quic" in "listen"
directive.  Previously, only "ssl" was not allowed.







HTTP/3: "quic" parameter of "listen" directive.
2023-02-27T10:00:56+00:00

Roman Arutyunyan
arut@nginx.com

2023-02-27T10:00:56+00:00

815ef96124176baef4e940c4beaec158305b368a

Now "listen" directve has a new "quic" parameter which enables QUIC protocol
for the address.  Further, to enable HTTP/3, a new directive "http3" is
introduced.  The hq-interop protocol is enabled by "http3_hq" as before.
Now application protocol is chosen by ALPN.

Previously used "http3" parameter of "listen" is deprecated.





Now "listen" directve has a new "quic" parameter which enables QUIC protocol
for the address.  Further, to enable HTTP/3, a new directive "http3" is
introduced.  The hq-interop protocol is enabled by "http3_hq" as before.
Now application protocol is chosen by ALPN.

Previously used "http3" parameter of "listen" is deprecated.