nginx.git/src/http, branch release-1.15.0 nginx Limit req: improved handling of negative times. 2018-05-30T12:40:34+00:00 Maxim Dounin mdounin@mdounin.ru 2018-05-30T12:40:34+00:00 7b9bc5d4d1c061095a2391dbe32cf4d205c031bc Negative times can appear since workers only update time on an event loop iteration start. If a worker was blocked for a long time during an event loop iteration, it is possible that another worker already updated the time stored in the node. As such, time since last update of the node (ms) will be negative. Previous code used ngx_abs(ms) in the calculations. That is, negative times were effectively treated as positive ones. As a result, it was not possible to maintain high request rates, where the same node can be updated multiple times from during an event loop iteration. In particular, this affected setups with many SSL handshakes, see http://mailman.nginx.org/pipermail/nginx/2018-May/056291.html. Fix is to only update the last update time stored in the node if the new time is larger than previously stored one. If a future time is stored in the node, we preserve this time as is. To prevent breaking things on platforms without monotonic time available if system time is updated backwards, a safety limit of 60 seconds is used. If the time stored in the node is more than 60 seconds in the future, we assume that the time was changed backwards and update lr->last to the current time. 
Negative times can appear since workers only update time on an event
loop iteration start.  If a worker was blocked for a long time during
an event loop iteration, it is possible that another worker already
updated the time stored in the node.  As such, time since last update
of the node (ms) will be negative.

Previous code used ngx_abs(ms) in the calculations.  That is, negative
times were effectively treated as positive ones.  As a result, it was
not possible to maintain high request rates, where the same node can be
updated multiple times from during an event loop iteration.
In particular, this affected setups with many SSL handshakes, see
http://mailman.nginx.org/pipermail/nginx/2018-May/056291.html.

Fix is to only update the last update time stored in the node if the
new time is larger than previously stored one.  If a future time is
stored in the node, we preserve this time as is.

To prevent breaking things on platforms without monotonic time available
if system time is updated backwards, a safety limit of 60 seconds is
used.  If the time stored in the node is more than 60 seconds in the future,
we assume that the time was changed backwards and update lr->last
to the current time.
Silenced -Wcast-function-type warnings (closes #1546). 2018-05-07T09:54:37+00:00 Sergey Kandaurov pluknet@nginx.com 2018-05-07T09:54:37+00:00 68b50f71e193e58ee117ef36f25387cbaa75edf3 Cast to intermediate "void *" to lose compiler knowledge about the original type and pass the warning. This is not a real fix but rather a workaround. Found by gcc8. 
Cast to intermediate "void *" to lose compiler knowledge about the original
type and pass the warning.  This is not a real fix but rather a workaround.

Found by gcc8.
SSL: deprecated the "ssl" directive. 2018-04-25T11:57:24+00:00 Ruslan Ermilov ru@nginx.com 2018-04-25T11:57:24+00:00 658a84f4252b65ef060b1d33b2ff0e749902978b 






SSL: detect "listen ... ssl" without certificates (ticket #178).
2018-04-24T12:29:01+00:00

Maxim Dounin
mdounin@mdounin.ru

2018-04-24T12:29:01+00:00

76be1ea9de13c5e8bb0d9523c6a2ad4009a5d7cf

In mail and stream modules, no certificate provided is a fatal condition,
much like with the "ssl" and "starttls" directives.

In http, "listen ... ssl" can be used in a non-default server without
certificates as long as there is a certificate in the default one, so
missing certificate is only fatal for default servers.





In mail and stream modules, no certificate provided is a fatal condition,
much like with the "ssl" and "starttls" directives.

In http, "listen ... ssl" can be used in a non-default server without
certificates as long as there is a certificate in the default one, so
missing certificate is only fatal for default servers.







Cache: fixed cache valid slot to reject incorrect statuses.
2018-04-18T13:11:41+00:00

Maxim Dounin
mdounin@mdounin.ru

2018-04-18T13:11:41+00:00

8b4c7725d2015637584c4fa66667ad1ced21edb8

Previously, result of ngx_atoi() was assigned to an ngx_uint_t variable,
and errors reported by ngx_atoi() became positive, so the following check
in "status < 100" failed to catch them.  This resulted in the configurations
like "proxy_cache_valid 2xx 30s" being accepted as correct, while they
in fact do nothing.  Changing type to ngx_int_t fixes this, and such
configurations are now properly rejected.





Previously, result of ngx_atoi() was assigned to an ngx_uint_t variable,
and errors reported by ngx_atoi() became positive, so the following check
in "status < 100" failed to catch them.  This resulted in the configurations
like "proxy_cache_valid 2xx 30s" being accepted as correct, while they
in fact do nothing.  Changing type to ngx_int_t fixes this, and such
configurations are now properly rejected.







Upstream: fixed u->conf->preserve_output (ticket #1519).
2018-04-05T13:56:12+00:00

Maxim Dounin
mdounin@mdounin.ru

2018-04-05T13:56:12+00:00

f9e43a31544bb67f24703e1dad91ea51f49c7a16

Previously, ngx_http_upstream_process_header() might be called after
we've finished reading response headers and switched to a different read
event handler, leading to errors with gRPC proxying.  Additionally,
the u->conf->read_timeout timer might be re-armed during reading response
headers (while this is expected to be a single timeout on reading
the whole response header).





Previously, ngx_http_upstream_process_header() might be called after
we've finished reading response headers and switched to a different read
event handler, leading to errors with gRPC proxying.  Additionally,
the u->conf->read_timeout timer might be re-armed during reading response
headers (while this is expected to be a single timeout on reading
the whole response header).







Upstream: fixed ngx_http_upstream_test_next() conditions.
2018-04-02T23:43:18+00:00

Maxim Dounin
mdounin@mdounin.ru

2018-04-02T23:43:18+00:00

d90a75b7cdc70ddb2aa1880dc09301c5f1a279ae

Previously, ngx_http_upstream_test_next() used an outdated condition on
whether it will be possible to switch to a different server or not.  It
did not take into account restrictions on non-idempotent requests, requests
with non-buffered request body, and the next upstream timeout.

For such requests, switching to the next upstream server was rejected
later in ngx_http_upstream_next(), resulting in nginx own error page
being returned instead of the original upstream response.





Previously, ngx_http_upstream_test_next() used an outdated condition on
whether it will be possible to switch to a different server or not.  It
did not take into account restrictions on non-idempotent requests, requests
with non-buffered request body, and the next upstream timeout.

For such requests, switching to the next upstream server was rejected
later in ngx_http_upstream_next(), resulting in nginx own error page
being returned instead of the original upstream response.







gRPC: fixed possible sign extension of error and setting_value.
2018-03-22T16:26:25+00:00

Maxim Dounin
mdounin@mdounin.ru

2018-03-22T16:26:25+00:00

0ac57648ebc93358e977939bfcb9d1e67485b98e

All cases are harmless and should not happen on valid values, though can
result in bad values being shown incorrectly in logs.

Found by Coverity (CID 1430311, 1430312, 1430313).





All cases are harmless and should not happen on valid values, though can
result in bad values being shown incorrectly in logs.

Found by Coverity (CID 1430311, 1430312, 1430313).







gRPC: fixed missing state save in frame header parsing.
2018-03-20T12:58:11+00:00

Sergey Kandaurov
pluknet@nginx.com

2018-03-20T12:58:11+00:00

e232421266416ed841272847ea307e935852230d

Previously, frame state wasn't saved if HEADERS frame payload
that begins with header fragment was not received at once.





Previously, frame state wasn't saved if HEADERS frame payload
that begins with header fragment was not received at once.







HTTP/2: improved frame info debugging.
2018-03-19T18:32:15+00:00

Ruslan Ermilov
ru@nginx.com

2018-03-19T18:32:15+00:00

74ea120f7d7445f0874add2c4f40f13de3bd5723