| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
No functional changes.
|
|
|
|
These are needed to detect overflows.
|
|
Initial size as calculated from the number of elements may be bigger
than max_size. If this happens, make sure to set size to max_size.
Reported by Chris West.
|
|
The mtx->wait counter was not decremented if we were able to obtain the lock
right after incrementing it. This resulted in unneeded sem_post() calls,
eventually leading to EOVERFLOW errors being logged, "sem_post() failed
while wake shmtx (75: Value too large for defined data type)".
To close the race, mtx->wait is now decremented if we obtain the lock right
after incrementing it in ngx_shmtx_lock(). The result can become -1 if a
concurrent ngx_shmtx_unlock() decrements mtx->wait before the added code does.
However, that only leads to one extra iteration in the next call of
ngx_shmtx_lock().
|
|
In 954867a2f0a6, we switched to using resolver node as the
timer event data, so make sure we do not free resolver node
memory until the corresponding timer is deleted.
|
|
|
|
|
|
If a "resolver_timeout" occurs, only the first waiting request
was notified. Other requests may hang forever.
|
|
DNS request resend on malformed responses was broken in 98876ce2a7fd (1.5.8).
Reported by Pramod Korathota.
|
|
|
|
|
|
|
|
|
|
Previously, maximum size of a hash table built was (max_size - 1).
|
|
|
|
The flag allows to suppress "ngx_slab_alloc() failed: no memory" messages
from a slab allocator, e.g., if an LRU expiration is used by a consumer
and allocation failures aren't fatal.
The flag is now used in the SSL session cache code, and in the limit_req
module.
|
|
|
|
Client address specified in the PROXY protocol header is now
saved in the $proxy_protocol_addr variable and can be used in
the realip module.
This is currently not implemented for mail.
|
|
Proper use is "ls[i]" and "nls[n]". Previous code used it wrong in
several places, likely due to cut-n-paste errors.
|
|
|
|
|
|
|
|
If initial attempt to connect() the UDP socket failed, e.g.
due to network unreachable, no further attempts were made.
|
|
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
|
|
|
|
|
|
Linux returns EOPNOTSUPP for non-TCP sockets and ENOPROTOOPT for TCP
sockets, because getsockopt(TCP_FASTOPEN) is not implemented so far.
While there, lower the log level from ALERT to NOTICE to match other
getsockopt() failures.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
|
|
Backed out 05a56ebb084a, as it turns out that kernel can return connections
without any delay if syncookies are used. This basically means we can't
assume anything about connections returned with deferred accept set.
To solve original problem the 05a56ebb084a tried to solve, i.e. to don't
wait longer than needed if a connection was accepted after deferred accept
timeout, this patch changes a timeout set with setsockopt(TCP_DEFER_ACCEPT)
to 1 second, unconditionally. This is believed to be enough for speed
improvements, and doesn't imply major changes to timeouts used.
Note that before 2.6.32 connections were dropped after a timeout. Though
it is believed that 1s is still appropriate for kernels before 2.6.32,
as previously tcp_synack_retries controlled the actual timeout and 1s results
in more than 1 minute actual timeout by default.
|
|
|
|
Previously pool->current wasn't moved back to pool, resulting in blocks
not used for further allocations if pool->current was already moved at the
time of ngx_reset_pool(). Additionally, to preserve logic of moving
pool->current, the p->d.failed counters are now properly cleared. While
here, pool->chain is also cleared.
This change is essentially a nop with current code, but generally improves
things.
|
|
It allows to use ngx_http_write_filter() and all its rate limiting logic.
|
|
|
|
Fallback to synchronous sendfile() now only done on 3rd EBUSY without
any progress in a row. Not falling back is believed to be better
in case of occasional EBUSY, though protection is still needed to
make sure there will be no infinite loop.
|
|
While here, always initialize the last argument.
|
|
|
|
|
|
|
|
When set to "off", only IPv4 addresses will be resolved,
and no AAAA queries are ever sent.
|
|
|
|
|
|
|
|
|
|
It's also extended with the "cmp_port" argument to indicate
whether ports should be compared as well, or only addresses.
|
|
Verify that class of RR is "IN".
Verify that RR data length is non-zero.
|
|
Verify that class of RR is "IN".
Verify that RR data length is exactly four octets.
Correctly shift to the next RR if RR type is unknown.
|
|
Stricten response header checks: ensure that reserved bits are zeroes,
and that the opcode is "standard query".
Fixed the "zero-length domain name in DNS response" condition.
|
|
|
