nginx.git/src, branch release-1.17.5 nginx Win32: silenced -Wcast-function-type GCC warning (ticket #1865). 2019-10-21T16:07:03+00:00 Maxim Dounin mdounin@mdounin.ru 2019-10-21T16:07:03+00:00 2393e25acb89f7434e6330a7754c076575a297fd With MinGW-w64, building 64-bit nginx binary with GCC 8 and above results in warning due to cast of GetProcAddress() result to ngx_wsapoll_pt, which GCC thinks is incorrect. Added intermediate cast to "void *" to silence the warning. 
With MinGW-w64, building 64-bit nginx binary with GCC 8 and above
results in warning due to cast of GetProcAddress() result to ngx_wsapoll_pt,
which GCC thinks is incorrect.  Added intermediate cast to "void *" to
silence the warning.
Win32: improved fallback on FormatMessage() errors. 2019-10-21T16:06:12+00:00 Maxim Dounin mdounin@mdounin.ru 2019-10-21T16:06:12+00:00 9aa906a684111a2f61ee841067cc0023ebcfa269 FormatMessage() seems to return many errors which essentially indicate that the language in question is not available. At least the following were observed in the wild and during testing: ERROR_MUI_FILE_NOT_FOUND (15100) (ticket #1868), ERROR_RESOURCE_TYPE_NOT_FOUND (1813). While documentation says it should be ERROR_RESOURCE_LANG_NOT_FOUND (1815), this doesn't seem to be the case. As such, checking error code was removed, and as long as FormatMessage() returns an error, we now always try the default language. 
FormatMessage() seems to return many errors which essentially indicate that
the language in question is not available.  At least the following were
observed in the wild and during testing: ERROR_MUI_FILE_NOT_FOUND (15100)
(ticket #1868), ERROR_RESOURCE_TYPE_NOT_FOUND (1813).  While documentation
says it should be ERROR_RESOURCE_LANG_NOT_FOUND (1815), this doesn't seem
to be the case.

As such, checking error code was removed, and as long as FormatMessage()
returns an error, we now always try the default language.
SSL: available bytes handling (ticket #1431). 2019-10-17T13:02:24+00:00 Maxim Dounin mdounin@mdounin.ru 2019-10-17T13:02:24+00:00 798fcf1ab4b77441a4cdf368a6cb11dc1c0c39c8 Added code to track number of bytes available in the socket. This makes it possible to avoid looping for a long time while working with fast enough peer when data are added to the socket buffer faster than we are able to read and process data. When kernel does not provide number of bytes available, it is retrieved using ioctl(FIONREAD) as long as a buffer is filled by SSL_read(). It is assumed that number of bytes returned by SSL_read() is close to the number of bytes read from the socket, as we do not use SSL compression. But even if it is not true for some reason, this is not important, as we post an additional reading event anyway. Note that data can be buffered at SSL layer, and it is not possible to simply stop reading at some point and wait till the event will be reported by the kernel again. This can be only done when there are no data in SSL buffers, and there is no good way to find out if it's the case. Instead of trying to figure out if SSL buffers are empty, this patch introduces events posted for the next event loop iteration - such events will be processed only on the next event loop iteration, after going into the kernel and retrieving additional events. This seems to be simple and reliable approach. 
Added code to track number of bytes available in the socket.
This makes it possible to avoid looping for a long time while
working with fast enough peer when data are added to the socket buffer
faster than we are able to read and process data.

When kernel does not provide number of bytes available, it is
retrieved using ioctl(FIONREAD) as long as a buffer is filled by
SSL_read().

It is assumed that number of bytes returned by SSL_read() is close
to the number of bytes read from the socket, as we do not use
SSL compression.  But even if it is not true for some reason, this
is not important, as we post an additional reading event anyway.

Note that data can be buffered at SSL layer, and it is not possible
to simply stop reading at some point and wait till the event will
be reported by the kernel again.  This can be only done when there
are no data in SSL buffers, and there is no good way to find out if
it's the case.

Instead of trying to figure out if SSL buffers are empty, this patch
introduces events posted for the next event loop iteration - such
events will be processed only on the next event loop iteration,
after going into the kernel and retrieving additional events.  This
seems to be simple and reliable approach.
Events: available bytes calculation via ioctl(FIONREAD). 2019-10-17T13:02:19+00:00 Maxim Dounin mdounin@mdounin.ru 2019-10-17T13:02:19+00:00 fac4c7bdf53ee7d8fec6568f1e9fecefcde6feba This makes it possible to avoid looping for a long time while working with a fast enough peer when data are added to the socket buffer faster than we are able to read and process them (ticket #1431). This is basically what we already do on FreeBSD with kqueue, where information about the number of bytes in the socket buffer is returned by the kevent() call. With other event methods rev->available is now set to -1 when the socket is ready for reading. Later in ngx_recv() and ngx_recv_chain(), if full buffer is received, real number of bytes in the socket buffer is retrieved using ioctl(FIONREAD). Reading more than this number of bytes ensures that even with edge-triggered event methods the event will be triggered again, so it is safe to stop processing of the socket and switch to other connections. Using ioctl(FIONREAD) only after reading a full buffer is an optimization. With this approach we only call ioctl(FIONREAD) when there are at least two recv()/readv() calls. 
This makes it possible to avoid looping for a long time while working
with a fast enough peer when data are added to the socket buffer faster
than we are able to read and process them (ticket #1431).  This is
basically what we already do on FreeBSD with kqueue, where information
about the number of bytes in the socket buffer is returned by
the kevent() call.

With other event methods rev->available is now set to -1 when the socket
is ready for reading.  Later in ngx_recv() and ngx_recv_chain(), if
full buffer is received, real number of bytes in the socket buffer is
retrieved using ioctl(FIONREAD).  Reading more than this number of bytes
ensures that even with edge-triggered event methods the event will be
triggered again, so it is safe to stop processing of the socket and
switch to other connections.

Using ioctl(FIONREAD) only after reading a full buffer is an optimization.
With this approach we only call ioctl(FIONREAD) when there are at least
two recv()/readv() calls.
SSL: improved ngx_ssl_recv_chain() to stop if c->read->ready is 0. 2019-10-17T13:02:13+00:00 Maxim Dounin mdounin@mdounin.ru 2019-10-17T13:02:13+00:00 d2ea226229f4039953af48bb7e0599c076f01c1f As long as there are data to read in the socket, yet the amount of data is less than total size of the buffers in the chain, this saves one unneeded read() syscall. Before this change, reading only stopped if ngx_ssl_recv() returned no data, that is, two read() syscalls in a row returned EAGAIN. 
As long as there are data to read in the socket, yet the amount of data
is less than total size of the buffers in the chain, this saves one
unneeded read() syscall.  Before this change, reading only stopped if
ngx_ssl_recv() returned no data, that is, two read() syscalls in a row
returned EAGAIN.
Event pipe: disabled c->read->available checking for SSL. 2019-10-17T13:02:03+00:00 Maxim Dounin mdounin@mdounin.ru 2019-10-17T13:02:03+00:00 60609f2372f62628191bf01ed856a46cd488921b In SSL connections, data can be buffered by the SSL layer, and it is wrong to avoid doing c->recv_chain() if c->read->available is 0 and c->read->pending_eof is set. And tests show that the optimization in question indeed can result in incorrect detection of premature connection close if upstream closes the connection without sending a close notify alert at the same time. Fix is to disable c->read->available optimization for SSL connections. 
In SSL connections, data can be buffered by the SSL layer, and it is
wrong to avoid doing c->recv_chain() if c->read->available is 0 and
c->read->pending_eof is set.  And tests show that the optimization in
question indeed can result in incorrect detection of premature connection
close if upstream closes the connection without sending a close notify
alert at the same time.  Fix is to disable c->read->available optimization
for SSL connections.
Fixed header parsing with ignore_invalid_headers switched off. 2019-10-15T11:46:10+00:00 Ruslan Ermilov ru@nginx.com 2019-10-15T11:46:10+00:00 3c84e4b70584b78e6a34a3233465cfa99d26b107 The parsing was broken when the first character of the header name was invalid. Based on a patch by Alan Kemp. 
The parsing was broken when the first character of the header name was invalid.

Based on a patch by Alan Kemp.
Fixed URI normalization with merge_slashes switched off. 2019-10-08T18:56:14+00:00 Maxim Dounin mdounin@mdounin.ru 2019-10-08T18:56:14+00:00 85137dd2a639bea7424f742cdebd9773ce7a2081 Previously, "/foo///../bar" was normalized into "/foo/bar" instead of "/foo//bar". 
Previously, "/foo///../bar" was normalized into "/foo/bar"
instead of "/foo//bar".
The "/." and "/.." at the end of URI should be normalized. 2019-10-08T18:56:14+00:00 Ruslan Ermilov ru@nginx.com 2019-10-08T18:56:14+00:00 ed42131da63a106f91e5f8416a9add3720850827 






Improved detection of broken percent encoding in URI.
2019-10-08T18:56:14+00:00

Ruslan Ermilov
ru@nginx.com

2019-10-08T18:56:14+00:00

2ac24f1c88b7cd85ee7e9b189fc524fae74e78af