nginx.git/src/http, branch release-1.9.12 nginx HTTP/2: implemented per request timeouts (closes #626). 2016-02-24T12:58:07+00:00 Valentin Bartenev vbart@nginx.com 2016-02-24T12:58:07+00:00 f72bcf8285bceb07bdf2ce5736f10645a75619f7 Previously, there were only three timeouts used globally for the whole HTTP/2 connection: 1. Idle timeout for inactivity when there are no streams in processing (the "http2_idle_timeout" directive); 2. Receive timeout for incomplete frames when there are no streams in processing (the "http2_recv_timeout" directive); 3. Send timeout when there are frames waiting in the output queue (the "send_timeout" directive on a server level). Reaching one of these timeouts leads to HTTP/2 connection close. This left a number of scenarios when a connection can get stuck without any processing and timeouts: 1. A client has sent the headers block partially so nginx starts processing a new stream but cannot continue without the rest of HEADERS and/or CONTINUATION frames; 2. When nginx waits for the request body; 3. All streams are stuck on exhausted connection or stream windows. The first idea that was rejected was to detect when the whole connection gets stuck because of these situations and set the global receive timeout. The disadvantage of such approach would be inconsistent behaviour in some typical use cases. For example, if a user never replies to the browser's question about where to save the downloaded file, the stream will be eventually closed by a timeout. On the other hand, this will not happen if there's some activity in other concurrent streams. Now almost all the request timeouts work like in HTTP/1.x connections, so the "client_header_timeout", "client_body_timeout", and "send_timeout" are respected. These timeouts close the request. The global timeouts work as before. Previously, the c->write->delayed flag was abused to avoid setting timeouts on stream events. Now, the "active" and "ready" flags are manipulated instead to control the processing of individual streams. 
Previously, there were only three timeouts used globally for the whole HTTP/2
connection:

 1. Idle timeout for inactivity when there are no streams in processing
    (the "http2_idle_timeout" directive);

 2. Receive timeout for incomplete frames when there are no streams in
    processing (the "http2_recv_timeout" directive);

 3. Send timeout when there are frames waiting in the output queue
    (the "send_timeout" directive on a server level).

Reaching one of these timeouts leads to HTTP/2 connection close.

This left a number of scenarios when a connection can get stuck without any
processing and timeouts:

 1. A client has sent the headers block partially so nginx starts processing
    a new stream but cannot continue without the rest of HEADERS and/or
    CONTINUATION frames;

 2. When nginx waits for the request body;

 3. All streams are stuck on exhausted connection or stream windows.

The first idea that was rejected was to detect when the whole connection
gets stuck because of these situations and set the global receive timeout.
The disadvantage of such approach would be inconsistent behaviour in some
typical use cases.  For example, if a user never replies to the browser's
question about where to save the downloaded file, the stream will be
eventually closed by a timeout.  On the other hand, this will not happen
if there's some activity in other concurrent streams.

Now almost all the request timeouts work like in HTTP/1.x connections, so
the "client_header_timeout", "client_body_timeout", and "send_timeout" are
respected.  These timeouts close the request.

The global timeouts work as before.

Previously, the c->write->delayed flag was abused to avoid setting timeouts on
stream events.  Now, the "active" and "ready" flags are manipulated instead to
control the processing of individual streams.
HTTP/2: always use temporary pool for processing headers. 2016-02-24T13:05:47+00:00 Valentin Bartenev vbart@nginx.com 2016-02-24T13:05:47+00:00 4e6a490fa7ecb227296e277e2c3b7664441e5b40 This is required for implementing per request timeouts. Previously, the temporary pool was used only during skipping of headers and the request pool was used otherwise. That required switching of pools if the request was closed while parsing. It wasn't a problem since the request could be closed only after the validation of the fully parsed header. With the per request timeouts, the request can be closed at any moment, and switching of pools in the middle of parsing header name or value becomes a problem. To overcome this, the temporary pool is now always created and used. Special checks are added to keep it when either the stream is being processed or until header block is fully parsed. 
This is required for implementing per request timeouts.

Previously, the temporary pool was used only during skipping of
headers and the request pool was used otherwise.  That required
switching of pools if the request was closed while parsing.

It wasn't a problem since the request could be closed only after
the validation of the fully parsed header.  With the per request
timeouts, the request can be closed at any moment, and switching
of pools in the middle of parsing header name or value becomes a
problem.

To overcome this, the temporary pool is now always created and
used.  Special checks are added to keep it when either the stream
is being processed or until header block is fully parsed.
HTTP/2: cleaned up state while closing stream. 2016-02-24T13:05:46+00:00 Valentin Bartenev vbart@nginx.com 2016-02-24T13:05:46+00:00 8b40f1eaec90be72e791904b345db15f536dca45 Without this the state might keep pointing to already closed stream. 
Without this the state might keep pointing to already closed stream.
Fixed buffer over-read while logging invalid request headers. 2016-02-24T13:01:23+00:00 Valentin Bartenev vbart@nginx.com 2016-02-24T13:01:23+00:00 1d294eea3eff92d62057eecdba5024cf273b76ca Since 667aaf61a778 (1.1.17) the ngx_http_parse_header_line() function can return NGX_HTTP_PARSE_INVALID_HEADER when a header contains NUL character. In this case the r->header_end pointer isn't properly initialized, but the log message in ngx_http_process_request_headers() hasn't been adjusted. It used the pointer in size calculation, which might result in up to 2k buffer over-read. Found with afl-fuzz. 
Since 667aaf61a778 (1.1.17) the ngx_http_parse_header_line() function can return
NGX_HTTP_PARSE_INVALID_HEADER when a header contains NUL character.  In this
case the r->header_end pointer isn't properly initialized, but the log message
in ngx_http_process_request_headers() hasn't been adjusted.  It used the pointer
in size calculation, which might result in up to 2k buffer over-read.

Found with afl-fuzz.
Headers filter: fixed "add_header ... '' always". 2016-02-18T12:49:11+00:00 Ruslan Ermilov ru@nginx.com 2016-02-18T12:49:11+00:00 73f815e48996ff5ab3a0b7a5fa436bf315371e25 The "always" parameter was ignored if the header value was empty. 
The "always" parameter was ignored if the header value was empty.
HTTP/2: added debug logging of response headers. 2016-02-16T14:49:14+00:00 Valentin Bartenev vbart@nginx.com 2016-02-16T14:49:14+00:00 b5d7d3f024f587682e320d891e52e693939a5f14 Because of HPACK compression it's hard to see what headers are actually sent by the server. 
Because of HPACK compression it's hard to see what headers are actually
sent by the server.
HTTP/2: use local pointer instead of r->connection. 2016-02-16T14:49:14+00:00 Valentin Bartenev vbart@nginx.com 2016-02-16T14:49:14+00:00 fcfe4832927557087365bb5d2e2a296336966317 No functional changes. 
No functional changes.
HTTP/2: fixed undefined behavior in ngx_http_v2_huff_encode(). 2016-02-12T13:36:20+00:00 Valentin Bartenev vbart@nginx.com 2016-02-12T13:36:20+00:00 822fc91b093b85a94ca54fc8c7e2d85fc5a4daf8 When the "pending" value is zero, the "buf" will be right shifted by the width of its type, which results in undefined behavior. Found by Coverity (CID 1352150). 
When the "pending" value is zero, the "buf" will be right shifted
by the width of its type, which results in undefined behavior.

Found by Coverity (CID 1352150).
HTTP/2: implemented HPACK Huffman encoding for response headers. 2016-02-11T12:35:36+00:00 Valentin Bartenev vbart@nginx.com 2016-02-11T12:35:36+00:00 531e6fbfd6c785a7b42c285c12d3f0721cc989c7 This reduces the size of headers by over 30% on average. Based on the patch by Vlad Krasnov: http://mailman.nginx.org/pipermail/nginx-devel/2015-December/007682.html 
This reduces the size of headers by over 30% on average.

Based on the patch by Vlad Krasnov:
http://mailman.nginx.org/pipermail/nginx-devel/2015-December/007682.html
Dynamic modules: changed ngx_modules to cycle->modules. 2016-02-04T15:30:21+00:00 Maxim Dounin mdounin@mdounin.ru 2016-02-04T15:30:21+00:00 0f67d6355cb365983820d3c268e25424509b2ef6