nginx.git/src/http/v2, branch release-1.19.4 nginx HTTP/2: run posted requests after reading body. 2020-09-23T16:52:31+00:00 Maxim Dounin mdounin@mdounin.ru 2020-09-23T16:52:31+00:00 6c89d752c8ab3a3cc0832927484808b68153f8c4 HTTP/2 code failed to run posted requests after calling the request body handler, and this resulted in connection hang if a subrequest was created in the body handler and no other actions were made. 
HTTP/2 code failed to run posted requests after calling the request body
handler, and this resulted in connection hang if a subrequest was created
in the body handler and no other actions were made.
HTTP/2: fixed segfault on DATA frames after 400 errors. 2020-09-23T16:50:49+00:00 Maxim Dounin mdounin@mdounin.ru 2020-09-23T16:50:49+00:00 7c67ff73634acde729ceb151110f8db10322a33e If 400 errors were redirected to an upstream server using the error_page directive, DATA frames from the client might cause segmentation fault due to null pointer dereference. The bug had appeared in 6989:2c4dbcd6f2e4 (1.13.0). Fix is to skip such frames in ngx_http_v2_state_read_data() (similarly to 7561:9f1f9d6e056a). With the fix, behaviour of 400 errors in HTTP/2 is now similar to one in HTTP/1.x, that is, nginx doesn't try to read the request body. Note that proxying 400 errors, as well as other early stage errors, to upstream servers might not be a good idea anyway. These errors imply that reading and processing of the request (and the request headers) wasn't complete, and proxying of such incomplete request might lead to various errors. Reported by Chenglong Zhang. 
If 400 errors were redirected to an upstream server using the error_page
directive, DATA frames from the client might cause segmentation fault
due to null pointer dereference.  The bug had appeared in 6989:2c4dbcd6f2e4
(1.13.0).

Fix is to skip such frames in ngx_http_v2_state_read_data() (similarly
to 7561:9f1f9d6e056a).  With the fix, behaviour of 400 errors in HTTP/2
is now similar to one in HTTP/1.x, that is, nginx doesn't try to read the
request body.

Note that proxying 400 errors, as well as other early stage errors, to
upstream servers might not be a good idea anyway.  These errors imply
that reading and processing of the request (and the request headers)
wasn't complete, and proxying of such incomplete request might lead to
various errors.

Reported by Chenglong Zhang.
HTTP/2: rejecting invalid stream identifiers with PROTOCOL_ERROR. 2020-09-02T20:13:36+00:00 Sergey Kandaurov pluknet@nginx.com 2020-09-02T20:13:36+00:00 b1274232db13e97c159272bf916366fca0c9feee Prodded by Xu Yang. 
Prodded by Xu Yang.
HTTP/2: fixed c->timedout flag on timed out connections. 2020-08-10T15:52:20+00:00 Maxim Dounin mdounin@mdounin.ru 2020-08-10T15:52:20+00:00 1d696cd37947ef816bde4d54d7b6f97374f1151d Without the flag, SSL shutdown is attempted on such connections, resulting in useless work and/or bogus "SSL_shutdown() failed (SSL: ... bad write retry)" critical log messages if there are blocked writes. 
Without the flag, SSL shutdown is attempted on such connections,
resulting in useless work and/or bogus "SSL_shutdown() failed
(SSL: ... bad write retry)" critical log messages if there are
blocked writes.
HTTP/2: lingering close after GOAWAY. 2020-07-03T13:16:47+00:00 Ruslan Ermilov ru@nginx.com 2020-07-03T13:16:47+00:00 829c9d5981da1abc81dd7e2fb563da592203e54a After sending the GOAWAY frame, a connection is now closed using the lingering close mechanism. This allows for the reliable delivery of the GOAWAY frames, while also fixing connection resets observed when http2_max_requests is reached (ticket #1250), or with graceful shutdown (ticket #1544), when some additional data from the client is received on a fully closed connection. For HTTP/2, the settings lingering_close, lingering_timeout, and lingering_time are taken from the "server" level. 
After sending the GOAWAY frame, a connection is now closed using
the lingering close mechanism.

This allows for the reliable delivery of the GOAWAY frames, while
also fixing connection resets observed when http2_max_requests is
reached (ticket #1250), or with graceful shutdown (ticket #1544),
when some additional data from the client is received on a fully
closed connection.

For HTTP/2, the settings lingering_close, lingering_timeout, and
lingering_time are taken from the "server" level.
HTTP/2: invalid connection preface logging (ticket #1981). 2020-05-25T15:33:42+00:00 Maxim Dounin mdounin@mdounin.ru 2020-05-25T15:33:42+00:00 4056ce4f4ee4d80d41c56af8c1b4fd41b76144c8 Previously, invalid connection preface errors were only logged at debug level, providing no visible feedback, in particular, when a plain text HTTP/2 listening socket is erroneously used for HTTP/1.x connections. Now these are explicitly logged at the info level, much like other client-related errors. 
Previously, invalid connection preface errors were only logged at debug
level, providing no visible feedback, in particular, when a plain text
HTTP/2 listening socket is erroneously used for HTTP/1.x connections.
Now these are explicitly logged at the info level, much like other
client-related errors.
HTTP/2: fixed socket leak with an incomplete HEADERS frame. 2020-02-05T13:29:23+00:00 Sergey Kandaurov pluknet@nginx.com 2020-02-05T13:29:23+00:00 16168dcb01ed5dbf6365be0d9ea0da68bf479194 A connection could get stuck without timers if a client has partially sent the HEADERS frame such that it was split on the individual header boundary. In this case, it cannot be processed without the rest of the HEADERS frame. The fix is to call ngx_http_v2_state_headers_save() in this case. Normally, it would be called from the ngx_http_v2_state_header_block() handler on the next iteration, when there is not enough data to continue processing. This isn't the case if recv_buffer became empty and there's no more data to read. 
A connection could get stuck without timers if a client has partially sent
the HEADERS frame such that it was split on the individual header boundary.
In this case, it cannot be processed without the rest of the HEADERS frame.

The fix is to call ngx_http_v2_state_headers_save() in this case.  Normally,
it would be called from the ngx_http_v2_state_header_block() handler on the
next iteration, when there is not enough data to continue processing.  This
isn't the case if recv_buffer became empty and there's no more data to read.
HTTP/2: removed ngx_debug_point() call. 2020-01-14T11:20:08+00:00 Daniil Bondarev bondarev@amazon.com 2020-01-14T11:20:08+00:00 60f648f035fa05667b9ccbbea1b3a60d83534d9a      With the recent change to prevent frames flood in d4448892a294, nginx will finalize the connection with NGX_HTTP_V2_INTERNAL_ERROR whenever flood is detected, causing nginx aborting or stopping if the debug_points directive is used in nginx config. 
    
With the recent change to prevent frames flood in d4448892a294,
nginx will finalize the connection with NGX_HTTP_V2_INTERNAL_ERROR
whenever flood is detected, causing nginx aborting or stopping if
the debug_points directive is used in nginx config.
HTTP/2: introduced separate handler to retry stream close. 2019-12-23T18:25:21+00:00 Maxim Dounin mdounin@mdounin.ru 2019-12-23T18:25:21+00:00 810559665a704957431b387572af99a82039162a When ngx_http_v2_close_stream_handler() is used to retry stream close after queued frames are sent, client timeouts on the stream can be logged multiple times and/or in addition to already happened errors. To resolve this, separate ngx_http_v2_retry_close_stream_handler() was introduced, which does not try to log timeouts. 
When ngx_http_v2_close_stream_handler() is used to retry stream close
after queued frames are sent, client timeouts on the stream can be
logged multiple times and/or in addition to already happened errors.
To resolve this, separate ngx_http_v2_retry_close_stream_handler()
was introduced, which does not try to log timeouts.
HTTP/2: fixed socket leak with queued frames (ticket #1689). 2019-12-23T18:25:17+00:00 Maxim Dounin mdounin@mdounin.ru 2019-12-23T18:25:17+00:00 49709f75b262c483550cc826471839f624765ab1 If a stream is closed with queued frames, it is possible that no further write events will occur on the stream, leading to the socket leak. To fix this, the stream's fake connection read handler is set to ngx_http_v2_close_stream_handler(), to make sure that finalizing the connection with ngx_http_v2_finalize_connection() will be able to close the stream regardless of the current number of queued frames. Additionally, the stream's fake connection fc->error flag is explicitly set, so ngx_http_v2_handle_stream() will post a write event when queued frames are finally sent even if stream flow control window is exhausted. 
If a stream is closed with queued frames, it is possible that no further
write events will occur on the stream, leading to the socket leak.
To fix this, the stream's fake connection read handler is set to
ngx_http_v2_close_stream_handler(), to make sure that finalizing the
connection with ngx_http_v2_finalize_connection() will be able to
close the stream regardless of the current number of queued frames.

Additionally, the stream's fake connection fc->error flag is explicitly
set, so ngx_http_v2_handle_stream() will post a write event when queued
frames are finally sent even if stream flow control window is exhausted.