unit.git/src/test, branch 1.22.0 Universal Web Application Server Libunit: improving logging consistency. 2020-11-18T19:33:53+00:00 Max Romanov max.romanov@nginx.com 2020-11-18T19:33:53+00:00 8340ca0b9c7ad4109033ccb028f87cc1b73396bc Debug logging depends on macros defined in nxt_auto_config.h. 
Debug logging depends on macros defined in nxt_auto_config.h.
HTTP parser: allowed more characters in header field names. 2020-11-17T13:50:06+00:00 Valentin Bartenev vbart@nginx.com 2020-11-17T13:50:06+00:00 fb80502513bf0140c5e595714967f75ea3e1e5d3 Previously, all requests that contained in header field names characters other than alphanumeric, or "-", or "_" were rejected with a 400 "Bad Request" error response. Now, the parser allows the same set of characters as specified in RFC 7230, including: "!", "#", "$", "%", "&", "'", "*", "+", ".", "^", "`", "|", and "~". Header field names that contain only these characters are considered valid. Also, there's a new option introduced: "discard_unsafe_fields". It accepts boolean value and it is set to "true" by default. When this option is "true", all header field names that contain characters in valid range, but other than alphanumeric or "-" are skipped during parsing. When the option is "false", these header fields aren't skipped. Requests with non-valid characters in header field names according to RFC 7230 are rejected regardless of "discard_unsafe_fields" setting. This closes #422 issue on GitHub. 
Previously, all requests that contained in header field names characters other
than alphanumeric, or "-", or "_" were rejected with a 400 "Bad Request" error
response.

Now, the parser allows the same set of characters as specified in RFC 7230,
including: "!", "#", "$", "%", "&", "'", "*", "+", ".", "^", "`", "|", and "~".
Header field names that contain only these characters are considered valid.

Also, there's a new option introduced: "discard_unsafe_fields".  It accepts
boolean value and it is set to "true" by default.

When this option is "true", all header field names that contain characters
in valid range, but other than alphanumeric or "-" are skipped during parsing.
When the option is "false", these header fields aren't skipped.

Requests with non-valid characters in header field names according to
RFC 7230 are rejected regardless of "discard_unsafe_fields" setting.

This closes #422 issue on GitHub.
Fixed building test app without debug. 2020-11-01T10:22:11+00:00 Valentin Bartenev vbart@nginx.com 2020-11-01T10:22:11+00:00 d03b217f33db21d9af28d58d92ba02c2a2e48f5e Compilers complained about unused variables after 37e2a3ea1bf1. 
Compilers complained about unused variables after 37e2a3ea1bf1.
Added threading to the libunit test app. 2020-10-27T21:01:46+00:00 Max Romanov max.romanov@nginx.com 2020-10-27T21:01:46+00:00 f007ad4dcfee0037cd86bf31804795e5f60cb2d9 






Basic variables support.
2020-08-12T23:46:54+00:00

Valentin Bartenev
vbart@nginx.com

2020-08-12T23:46:54+00:00

93146616cf56a94fc2979cb978c7b451c5592594












Circular queues implementations and a test.
2020-08-11T16:20:32+00:00

Max Romanov
max.romanov@nginx.com

2020-08-11T16:20:32+00:00

a82cf4ffb68126f2831ab9877a7ef283dd517690

- naive circular queue, described in the article "A Scalable, Portable, and
 Memory-Efficient Lock-Free FIFO Queue" by Ruslan Nikolaev:
https://drops.dagstuhl.de/opus/volltexte/2019/11335/pdf/LIPIcs-DISC-2019-28.pdf
- circular queue, proposed by Valentin Bartenev in the "Unit router application
IPC" design draft





- naive circular queue, described in the article "A Scalable, Portable, and
 Memory-Efficient Lock-Free FIFO Queue" by Ruslan Nikolaev:
https://drops.dagstuhl.de/opus/volltexte/2019/11335/pdf/LIPIcs-DISC-2019-28.pdf
- circular queue, proposed by Valentin Bartenev in the "Unit router application
IPC" design draft







Using malloc/free for the http fields hash.
2020-04-16T14:09:23+00:00

Max Romanov
max.romanov@nginx.com

2020-04-16T14:09:23+00:00

6bda9b5eeb2b6c99c54f5b314b8eb96d72af3542

This is required due to lack of a graceful shutdown: there is a small gap
between the runtime's memory pool release and router process's exit. Thus, a
worker thread may start processing a request between these two operations,
which may result in an http fields hash access and subsequent crash.

To simplify issue reproduction, it makes sense to add a 2 sec sleep before
exit() in nxt_runtime_exit().





This is required due to lack of a graceful shutdown: there is a small gap
between the runtime's memory pool release and router process's exit. Thus, a
worker thread may start processing a request between these two operations,
which may result in an http fields hash access and subsequent crash.

To simplify issue reproduction, it makes sense to add a 2 sec sleep before
exit() in nxt_runtime_exit().







Configuration: support for rational numbers.
2020-03-30T16:37:58+00:00

Valentin Bartenev
vbart@nginx.com

2020-03-30T16:37:58+00:00

68c6b67ffc840c78eddd27a65e9bf1370aaf5631












Isolation: allowed the use of credentials with unpriv userns.
2019-12-06T16:52:50+00:00

Tiago Natel
t.nateldemoura@f5.com

2019-12-06T16:52:50+00:00

411daeaa532c47328ab901a7ba9ea5dcd876be06

The setuid/setgid syscalls requires root capabilities but if the kernel
supports unprivileged user namespace then the child process has the full
set of capabilities in the new namespace, then we can allow setting "user"
and "group" in such cases (this is a common security use case).

Tests were added to ensure user gets meaningful error messages for
uid/gid mapping misconfigurations.





The setuid/setgid syscalls requires root capabilities but if the kernel
supports unprivileged user namespace then the child process has the full
set of capabilities in the new namespace, then we can allow setting "user"
and "group" in such cases (this is a common security use case).

Tests were added to ensure user gets meaningful error messages for
uid/gid mapping misconfigurations.







Fixing libunit 'off by 2' issue in library.
2019-11-11T15:04:17+00:00

Max Romanov
max.romanov@nginx.com

2019-11-11T15:04:17+00:00

f2610d216059fd2dfced37442ea4e76f0b88a33b

Name and value in each header are 0-terminated, so additional 2 bytes
should be allocated for them.  There were several attempts to add these
2 bytes to headers in language modules, but some modules weren't updated.
Also, adding these 2 bytes is specific to the implementation which may be
changed later, so extending this mechanics to modules may cause errors.





Name and value in each header are 0-terminated, so additional 2 bytes
should be allocated for them.  There were several attempts to add these
2 bytes to headers in language modules, but some modules weren't updated.
Also, adding these 2 bytes is specific to the implementation which may be
changed later, so extending this mechanics to modules may cause errors.