nginx.git/src/stream/ngx_stream_core_module.c, branch release-1.30.0 nginx The "multipath" parameter of the "listen" directive. 2026-03-18T21:13:51+00:00 Sergey Kandaurov pluknet@nginx.com 2025-10-16T15:22:56+00:00 920dc099c130e0ea23eb36becd157a95901aa5a2 When configured, it enables Multipath TCP support on a listen socket. As of now it works on Linux starting with Linux 5.6 and glibc 2.32, where it is enabled with an IPPROTO_MPTCP socket(2) protocol. To avoid EADDRINUSE errors in bind() and listen() when transitioning between sockets with different protocols, SO_REUSEPORT is set on both sockets. See f7f1607bf for potential implications. Based on previous work by Maxime Dourov and Anthony Doeraene. 
When configured, it enables Multipath TCP support on a listen socket.
As of now it works on Linux starting with Linux 5.6 and glibc 2.32,
where it is enabled with an IPPROTO_MPTCP socket(2) protocol.

To avoid EADDRINUSE errors in bind() and listen() when transitioning
between sockets with different protocols, SO_REUSEPORT is set on both
sockets.  See f7f1607bf for potential implications.

Based on previous work by Maxime Dourov and Anthony Doeraene.
Improved host header validation. 2025-11-26T15:51:40+00:00 Sergey Kandaurov pluknet@nginx.com 2025-11-04T12:34:32+00:00 511abb19e1e1b127f6d0943ccac346211a490a35 Validation is rewritten to follow RFC 3986 host syntax, based on ngx_http_parse_request_line(). The following is now rejected: - the rest of gen-delims "#", "?", "@", "[", "]" - other unwise delims <">, "<", ">", "\", "^", "`', "{", "|", "}" - IP literals with a trailing dot, missing closing bracket, or pct-encoded - a port subcomponent with invalid values - characters in upper half 
Validation is rewritten to follow RFC 3986 host syntax, based on
ngx_http_parse_request_line().  The following is now rejected:
- the rest of gen-delims "#", "?", "@", "[", "]"
- other unwise delims <">, "<", ">", "\", "^", "`', "{", "|", "}"
- IP literals with a trailing dot, missing closing bracket, or pct-encoded
- a port subcomponent with invalid values
- characters in upper half
Stream: allow servers with no handler. 2024-06-27T13:29:56+00:00 Roman Arutyunyan arut@nginx.com 2024-06-27T13:29:56+00:00 788e462c5b81f5f1aee475488e10f01680c530e9 Previously handlers were mandatory. However they are not always needed. For example, a server configured with ssl_reject_handshake does not need a handler. Such servers required a fake handler to pass the check. Now handler absence check is moved to runtime. If handler is missing, the connection is closed with 500 code. 
Previously handlers were mandatory.  However they are not always needed.
For example, a server configured with ssl_reject_handshake does not need a
handler.  Such servers required a fake handler to pass the check.  Now handler
absence check is moved to runtime.  If handler is missing, the connection is
closed with 500 code.
Stream: moved fastopen compatibility check. 2024-01-18T15:12:38+00:00 Roman Arutyunyan arut@nginx.com 2024-01-18T15:12:38+00:00 45e166b4a4a0e8d0e0f8adeb3438e4745261e8da The move makes the code look similar to the corresponding code in http module. 
The move makes the code look similar to the corresponding code in http module.
Stream: the "setfib" parameter of the "listen" directive. 2024-03-22T10:53:19+00:00 Sergey Kandaurov pluknet@nginx.com 2024-03-22T10:53:19+00:00 bd190d825ceeacf105a2392d88734f21df35d89a The FreeBSD SO_SETFIB support. 
The FreeBSD SO_SETFIB support.
Stream: the "accept_filter" parameter of the "listen" directive. 2024-03-22T10:53:19+00:00 Sergey Kandaurov pluknet@nginx.com 2024-03-22T10:53:19+00:00 04b9bfe55d414bfed8a7aefa3162d81af26532b4 The FreeBSD accept filters support. 
The FreeBSD accept filters support.
Stream: the "deferred" parameter of the "listen" directive. 2024-03-22T10:53:19+00:00 Sergey Kandaurov pluknet@nginx.com 2024-03-22T10:53:19+00:00 03eba69013eb4f4499a5c09f72338ab95ce00801 The Linux TCP_DEFER_ACCEPT support. 
The Linux TCP_DEFER_ACCEPT support.
Overhauled some diagnostic messages akin to 1b05b9bbcebf. 2024-03-22T10:51:14+00:00 Sergey Kandaurov pluknet@nginx.com 2024-03-22T10:51:14+00:00 ae1948aa40c48a97f2e171acb84eb04bfcbe1307 






Stream: virtual servers.
2023-12-14T17:58:39+00:00

Roman Arutyunyan
arut@nginx.com

2023-12-14T17:58:39+00:00

d21675228a0ba8d4331e05c60660228a5d3326de

Server name is taken either from ngx_stream_ssl_module or
ngx_stream_ssl_preread_module.

The change adds "default_server" parameter to the "listen" directive,
as well as the following directives: "server_names_hash_max_size",
"server_names_hash_bucket_size", "server_name" and "ssl_reject_handshake".





Server name is taken either from ngx_stream_ssl_module or
ngx_stream_ssl_preread_module.

The change adds "default_server" parameter to the "listen" directive,
as well as the following directives: "server_names_hash_max_size",
"server_names_hash_bucket_size", "server_name" and "ssl_reject_handshake".







Stream: socket peek in preread phase.
2023-12-13T14:04:55+00:00

Roman Arutyunyan
arut@nginx.com

2023-12-13T14:04:55+00:00

72e5d6ac19a93c9fb64678dd33ea185757a6021a

Previously, preread buffer was always read out from socket, which made it
impossible to terminate SSL on the connection without introducing additional
SSL BIOs.  The following patches will rely on this.

Now, when possible, recv(MSG_PEEK) is used instead, which keeps data in socket.
It's called if SSL is not already terminated and if an egde-triggered event
method is used.  For epoll, EPOLLRDHUP support is also required.





Previously, preread buffer was always read out from socket, which made it
impossible to terminate SSL on the connection without introducing additional
SSL BIOs.  The following patches will rely on this.

Now, when possible, recv(MSG_PEEK) is used instead, which keeps data in socket.
It's called if SSL is not already terminated and if an egde-triggered event
method is used.  For epoll, EPOLLRDHUP support is also required.