nginx.git/src/http, branch release-1.25.1 nginx HTTP/2: removed server push (ticket #2432). 2023-06-08T12:56:46+00:00 Sergey Kandaurov pluknet@nginx.com 2023-06-08T12:56:46+00:00 6915d2fb2e88e0c339fe37b37ce14f5fe446c1c6 Although it has better implementation status than HTTP/3 server push, it remains of limited use, with adoption numbers seen as negligible. Per IETF 102 materials, server push was used only in 0.04% of sessions. It was considered to be "difficult to use effectively" in RFC 9113. Its use is further limited by badly matching to fetch/cache/connection models in browsers, see related discussions linked from [1]. Server push was disabled in Chrome 106 [2]. The http2_push, http2_push_preload, and http2_max_concurrent_pushes directives are made obsolete. In particular, this essentially reverts 7201:641306096f5b and 7207:3d2b0b02bd3d. [1] https://jakearchibald.com/2017/h2-push-tougher-than-i-thought/ [2] https://chromestatus.com/feature/6302414934114304 
Although it has better implementation status than HTTP/3 server push,
it remains of limited use, with adoption numbers seen as negligible.
Per IETF 102 materials, server push was used only in 0.04% of sessions.
It was considered to be "difficult to use effectively" in RFC 9113.
Its use is further limited by badly matching to fetch/cache/connection
models in browsers, see related discussions linked from [1].

Server push was disabled in Chrome 106 [2].

The http2_push, http2_push_preload, and http2_max_concurrent_pushes
directives are made obsolete.  In particular, this essentially reverts
7201:641306096f5b and 7207:3d2b0b02bd3d.

[1] https://jakearchibald.com/2017/h2-push-tougher-than-i-thought/
[2] https://chromestatus.com/feature/6302414934114304
SSL: removed the "ssl" directive. 2023-06-08T10:49:27+00:00 Roman Arutyunyan arut@nginx.com 2023-06-08T10:49:27+00:00 d32f66f1e8dc81a0edbadbacf74191684a653d09 It has been deprecated since 7270:46c0c7ef4913 (1.15.0) in favour of the "ssl" parameter of the "listen" directive, which has been available since 2224:109849282793 (0.7.14). 
It has been deprecated since 7270:46c0c7ef4913 (1.15.0) in favour of
the "ssl" parameter of the "listen" directive, which has been available
since 2224:109849282793 (0.7.14).
HTTP/2: "http2" directive. 2023-05-16T12:30:08+00:00 Roman Arutyunyan arut@nginx.com 2023-05-16T12:30:08+00:00 aefd862ab197c3ab49001fcf69be478aab5b0f4e The directive enables HTTP/2 in the current server. The previous way to enable HTTP/2 via "listen ... http2" is now deprecated. The new approach allows to share HTTP/2 and HTTP/0.9-1.1 on the same port. For SSL connections, HTTP/2 is now selected by ALPN callback based on whether the protocol is enabled in the virtual server chosen by SNI. This however only works since OpenSSL 1.0.2h, where ALPN callback is invoked after SNI callback. For older versions of OpenSSL, HTTP/2 is enabled based on the default virtual server configuration. For plain TCP connections, HTTP/2 is now auto-detected by HTTP/2 preface, if HTTP/2 is enabled in the default virtual server. If preface is not matched, HTTP/0.9-1.1 is assumed. 
The directive enables HTTP/2 in the current server.  The previous way to
enable HTTP/2 via "listen ... http2" is now deprecated.  The new approach
allows to share HTTP/2 and HTTP/0.9-1.1 on the same port.

For SSL connections, HTTP/2 is now selected by ALPN callback based on whether
the protocol is enabled in the virtual server chosen by SNI.  This however only
works since OpenSSL 1.0.2h, where ALPN callback is invoked after SNI callback.
For older versions of OpenSSL, HTTP/2 is enabled based on the default virtual
server configuration.

For plain TCP connections, HTTP/2 is now auto-detected by HTTP/2 preface, if
HTTP/2 is enabled in the default virtual server.  If preface is not matched,
HTTP/0.9-1.1 is assumed.
Merged with the quic branch. 2023-05-19T17:46:36+00:00 Roman Arutyunyan arut@nginx.com 2023-05-19T17:46:36+00:00 4b0266174814e6cf60a275321121dbaab084ee64 






HTTP/3: removed server push support.
2023-05-12T06:02:10+00:00

Roman Arutyunyan
arut@nginx.com

2023-05-12T06:02:10+00:00

e4edf78bac950213e00bb97ac46ece807f3cc073












Common tree insert function for QUIC and UDP connections.
2023-05-14T08:30:11+00:00

Roman Arutyunyan
arut@nginx.com

2023-05-14T08:30:11+00:00

0a3c79614521d7612b63eff4e09c25ed219fb65b

Previously, ngx_udp_rbtree_insert_value() was used for plain UDP and
ngx_quic_rbtree_insert_value() was used for QUIC.  Because of this it was
impossible to initialize connection tree in ngx_create_listening() since
this function is not aware what kind of listening it creates.

Now ngx_udp_rbtree_insert_value() is used for both QUIC and UDP.  To make
is possible, a generic key field is added to ngx_udp_connection_t.  It keeps
client address for UDP and connection ID for QUIC.





Previously, ngx_udp_rbtree_insert_value() was used for plain UDP and
ngx_quic_rbtree_insert_value() was used for QUIC.  Because of this it was
impossible to initialize connection tree in ngx_create_listening() since
this function is not aware what kind of listening it creates.

Now ngx_udp_rbtree_insert_value() is used for both QUIC and UDP.  To make
is possible, a generic key field is added to ngx_udp_connection_t.  It keeps
client address for UDP and connection ID for QUIC.







QUIC: style.
2023-05-11T15:48:01+00:00

Maxim Dounin
mdounin@mdounin.ru

2023-05-11T15:48:01+00:00

089d1f653001419ea9d0b463434a89007ec805bd












HTTP/3: removed "http3" parameter of "listen" directive.
2023-05-11T09:22:10+00:00

Roman Arutyunyan
arut@nginx.com

2023-05-11T09:22:10+00:00

2ce3eeeeb76318e414b62d399da70872d2de23d8

The parameter has been deprecated since c851a2ed5ce8.





The parameter has been deprecated since c851a2ed5ce8.







QUIC: removed "quic_mtu" directive.
2023-05-11T06:37:51+00:00

Roman Arutyunyan
arut@nginx.com

2023-05-11T06:37:51+00:00

6cc803e713698b4b09ab46ccd7ae986faa55c386

The directive used to set the value of the "max_udp_payload_size" transport
parameter.  According to RFC 9000, Section 18.2, the value specifies the size
of buffer for reading incoming datagrams:

    This limit does act as an additional constraint on datagram size in
    the same way as the path MTU, but it is a property of the endpoint
    and not the path; see Section 14. It is expected that this is the
    space an endpoint dedicates to holding incoming packets.

Current QUIC implementation uses the maximum possible buffer size (65527) for
reading datagrams.





The directive used to set the value of the "max_udp_payload_size" transport
parameter.  According to RFC 9000, Section 18.2, the value specifies the size
of buffer for reading incoming datagrams:

    This limit does act as an additional constraint on datagram size in
    the same way as the path MTU, but it is a property of the endpoint
    and not the path; see Section 14. It is expected that this is the
    space an endpoint dedicates to holding incoming packets.

Current QUIC implementation uses the maximum possible buffer size (65527) for
reading datagrams.







Variables: avoid possible buffer overrun with some "$sent_http_*".
2023-05-01T15:16:05+00:00

Sergey Kandaurov
pluknet@nginx.com

2023-05-01T15:16:05+00:00

1a8ef991d92d22eb8aded7f49595dd31a639e8a4

The existing logic to evaluate multi header "$sent_http_*" variables,
such as $sent_http_cache_control, as previously introduced in 1.23.0,
doesn't take into account that one or more elements can be cleared,
yet still present in a linked list, pointed to by the next field.
Such elements don't contribute to the resulting variable length, an
attempt to append a separator for them ends up in out of bounds write.

This is not possible with standard modules, though at least one third
party module is known to override multi header values this way, so it
makes sense to harden the logic.

The fix restores a generic boundary check.





The existing logic to evaluate multi header "$sent_http_*" variables,
such as $sent_http_cache_control, as previously introduced in 1.23.0,
doesn't take into account that one or more elements can be cleared,
yet still present in a linked list, pointed to by the next field.
Such elements don't contribute to the resulting variable length, an
attempt to append a separator for them ends up in out of bounds write.

This is not possible with standard modules, though at least one third
party module is known to override multi header values this way, so it
makes sense to harden the logic.

The fix restores a generic boundary check.