nginx.git/src/http, branch release-1.11.0 nginx HTTP/2: implemented preread buffer for request body (closes #959). 2016-05-24T14:37:52+00:00 Valentin Bartenev vbart@nginx.com 2016-05-24T14:37:52+00:00 5429140c018726e8b28c724b06daaf0fe33d2205 Previously, the stream's window was kept zero in order to prevent a client from sending the request body before it was requested (see 887cca40ba6a for details). Until such initial window was acknowledged all requests with data were rejected (see 0aa07850922f for details). That approach revealed a number of problems: 1. Some clients (notably MS IE/Edge, Safari, iOS applications) show an error or even crash if a stream is rejected; 2. This requires at least one RTT for every request with body before the client receives window update and able to send data. To overcome these problems the new directive "http2_body_preread_size" is introduced. It sets the initial window and configures a special per stream preread buffer that is used to save all incoming data before the body is requested and processed. If the directive's value is lower than the default initial window (65535), as previously, all streams with data will be rejected until the new window is acknowledged. Otherwise, no special processing is used and all requests with data are welcome right from the connection start. The default value is chosen to be 64k, which is bigger than the default initial window. Setting it to zero is fully complaint to the previous behavior. 
Previously, the stream's window was kept zero in order to prevent a client
from sending the request body before it was requested (see 887cca40ba6a for
details).  Until such initial window was acknowledged all requests with
data were rejected (see 0aa07850922f for details).

That approach revealed a number of problems:

 1. Some clients (notably MS IE/Edge, Safari, iOS applications) show an error
    or even crash if a stream is rejected;

 2. This requires at least one RTT for every request with body before the
    client receives window update and able to send data.

To overcome these problems the new directive "http2_body_preread_size" is
introduced.  It sets the initial window and configures a special per stream
preread buffer that is used to save all incoming data before the body is
requested and processed.

If the directive's value is lower than the default initial window (65535),
as previously, all streams with data will be rejected until the new window
is acknowledged.  Otherwise, no special processing is used and all requests
with data are welcome right from the connection start.

The default value is chosen to be 64k, which is bigger than the default
initial window.  Setting it to zero is fully complaint to the previous
behavior.
Realip: detect duplicate real_ip_header directive. 2016-05-23T16:17:24+00:00 Ruslan Ermilov ru@nginx.com 2016-05-23T16:17:24+00:00 adfd0b065cca23d2ca61ad43c5b8fdaa23957da9 






Realip: port support in X-Real-IP and X-Forwarded-For.
2016-05-23T15:44:23+00:00

Dmitry Volyntsev
xeioex@nginx.com

2016-05-23T15:44:23+00:00

06176bce918ea25bce8e4cc3adcc0e692bf1eac6

Now, the module extracts optional port which may accompany an
IP address.  This custom extension is introduced, among other
things, in order to facilitate logging of original client ports.
Addresses with ports are expected to be in the RFC 3986 format,
that is, with IPv6 addresses in square brackets.  E.g.,
"X-Real-IP: [2001:0db8::1]:12345" sets client port ($remote_port)
to 12345.





Now, the module extracts optional port which may accompany an
IP address.  This custom extension is introduced, among other
things, in order to facilitate logging of original client ports.
Addresses with ports are expected to be in the RFC 3986 format,
that is, with IPv6 addresses in square brackets.  E.g.,
"X-Real-IP: [2001:0db8::1]:12345" sets client port ($remote_port)
to 12345.







Realip: take client port from PROXY protocol header.
2016-05-23T15:44:22+00:00

Dmitry Volyntsev
xeioex@nginx.com

2016-05-23T15:44:22+00:00

19140c8c4f7f16747df4a7e3bf4299a6a8d75a81

Previously, when the client address was changed to the one from
the PROXY protocol header, the client port ($remote_port) was
reset to zero.  Now the client port is also changed to the one
from the PROXY protocol header.





Previously, when the client address was changed to the one from
the PROXY protocol header, the client port ($remote_port) was
reset to zero.  Now the client port is also changed to the one
from the PROXY protocol header.







Added the $realip_remote_port variable.
2016-05-23T15:44:22+00:00

Dmitry Volyntsev
xeioex@nginx.com

2016-05-23T15:44:22+00:00

97495b662f378bad2a9df05d4c4b4e0977b1d309












Added the $proxy_protocol_port variable.
2016-05-23T15:44:21+00:00

Dmitry Volyntsev
xeioex@nginx.com

2016-05-23T15:44:21+00:00

f56cf3ddc7740ea94e41457cd1f1fd47b97cdb3d












Renamed "u" to "sockaddr" in listen options types.
2016-05-23T13:37:28+00:00

Maxim Dounin
mdounin@mdounin.ru

2016-05-23T13:37:28+00:00

5b267a55bc27f35f38d6d04d2f6284ed4d6156c0












Introduced the ngx_sockaddr_t type.
2016-05-23T13:37:20+00:00

Ruslan Ermilov
ru@nginx.com

2016-05-23T13:37:20+00:00

fd064d3b88e59ee71aec508687403539b01d643c

It's properly aligned and can hold any supported sockaddr.





It's properly aligned and can hold any supported sockaddr.







Use ngx_cmp_sockaddr() where appropriate.
2016-05-20T16:10:42+00:00

Ruslan Ermilov
ru@nginx.com

2016-05-20T16:10:42+00:00

48a16463fa41e508810a6914a126cfce87273cc8












HTTP/2: the "421 Misdirected Request" response (closes #848).
2016-05-20T15:41:17+00:00

Valentin Bartenev
vbart@nginx.com

2016-05-20T15:41:17+00:00

f7673bb50f758cb421ca3a5186c49292a85d08ae

Since 4fbef397c753 nginx rejects with the 400 error any attempts of
requesting different host over the same connection, if the relevant
virtual server requires verification of a client certificate.

While requesting hosts other than negotiated isn't something legal
in HTTP/1.x, the HTTP/2 specification explicitly permits such requests
for connection reuse and has introduced a special response code 421.

According to RFC 7540 Section 9.1.2 this code can be sent by a server
that is not configured to produce responses for the combination of
scheme and authority that are included in the request URI.  And the
client may retry the request over a different connection.

Now this code is used for requests that aren't authorized in current
connection.  After receiving the 421 response a client will be able
to open a new connection, provide the required certificate and retry
the request.

Unfortunately, not all clients currently are able to handle it well.
Notably Chrome just shows an error, while at least the latest version
of Firefox retries the request over a new connection.





Since 4fbef397c753 nginx rejects with the 400 error any attempts of
requesting different host over the same connection, if the relevant
virtual server requires verification of a client certificate.

While requesting hosts other than negotiated isn't something legal
in HTTP/1.x, the HTTP/2 specification explicitly permits such requests
for connection reuse and has introduced a special response code 421.

According to RFC 7540 Section 9.1.2 this code can be sent by a server
that is not configured to produce responses for the combination of
scheme and authority that are included in the request URI.  And the
client may retry the request over a different connection.

Now this code is used for requests that aren't authorized in current
connection.  After receiving the 421 response a client will be able
to open a new connection, provide the required certificate and retry
the request.

Unfortunately, not all clients currently are able to handle it well.
Notably Chrome just shows an error, while at least the latest version
of Firefox retries the request over a new connection.