summaryrefslogtreecommitdiff
path: root/usr.sbin/nginx
diff options
context:
space:
mode:
authorRobert Nagy <robert@cvs.openbsd.org>2012-05-13 09:14:59 +0000
committerRobert Nagy <robert@cvs.openbsd.org>2012-05-13 09:14:59 +0000
commitf939b758f1c469a3c6f7305fc788c5ffc29dbffe (patch)
treee3fd61d4112b4577e4afd9036b7de700fad9fb54 /usr.sbin/nginx
parent530053e003eb12ce7182895fcceef65346227fa5 (diff)
update to nginx-1.2.0
Diffstat (limited to 'usr.sbin/nginx')
-rw-r--r--usr.sbin/nginx/CHANGES401
-rw-r--r--usr.sbin/nginx/CHANGES.ru403
-rw-r--r--usr.sbin/nginx/auto/lib/pcre/conf29
-rw-r--r--usr.sbin/nginx/auto/lib/pcre/make2
-rw-r--r--usr.sbin/nginx/auto/modules17
-rw-r--r--usr.sbin/nginx/auto/options20
-rw-r--r--usr.sbin/nginx/auto/os/freebsd8
-rw-r--r--usr.sbin/nginx/auto/os/linux9
-rw-r--r--usr.sbin/nginx/auto/os/solaris3
-rw-r--r--usr.sbin/nginx/auto/sources13
-rw-r--r--usr.sbin/nginx/auto/summary2
-rw-r--r--usr.sbin/nginx/auto/types/sizeof3
-rw-r--r--usr.sbin/nginx/auto/types/typedef2
-rw-r--r--usr.sbin/nginx/auto/types/uintptr_t11
-rwxr-xr-xusr.sbin/nginx/auto/unix103
-rw-r--r--usr.sbin/nginx/conf/fastcgi.conf1
-rw-r--r--usr.sbin/nginx/conf/fastcgi_params1
-rw-r--r--usr.sbin/nginx/conf/scgi_params1
-rw-r--r--usr.sbin/nginx/conf/uwsgi_params1
-rw-r--r--usr.sbin/nginx/man/nginx.88
-rw-r--r--usr.sbin/nginx/src/core/nginx.c22
-rw-r--r--usr.sbin/nginx/src/core/nginx.h4
-rw-r--r--usr.sbin/nginx/src/core/ngx_buf.c16
-rw-r--r--usr.sbin/nginx/src/core/ngx_buf.h4
-rw-r--r--usr.sbin/nginx/src/core/ngx_conf_file.c15
-rw-r--r--usr.sbin/nginx/src/core/ngx_conf_file.h2
-rw-r--r--usr.sbin/nginx/src/core/ngx_connection.c53
-rw-r--r--usr.sbin/nginx/src/core/ngx_connection.h6
-rw-r--r--usr.sbin/nginx/src/core/ngx_core.h5
-rw-r--r--usr.sbin/nginx/src/core/ngx_cycle.c2
-rw-r--r--usr.sbin/nginx/src/core/ngx_cycle.h4
-rw-r--r--usr.sbin/nginx/src/core/ngx_file.c2
-rw-r--r--usr.sbin/nginx/src/core/ngx_inet.c19
-rw-r--r--usr.sbin/nginx/src/core/ngx_murmurhash.h2
-rw-r--r--usr.sbin/nginx/src/core/ngx_open_file_cache.c381
-rw-r--r--usr.sbin/nginx/src/core/ngx_open_file_cache.h10
-rw-r--r--usr.sbin/nginx/src/core/ngx_output_chain.c3
-rw-r--r--usr.sbin/nginx/src/core/ngx_parse.h3
-rw-r--r--usr.sbin/nginx/src/core/ngx_rbtree.c3
-rw-r--r--usr.sbin/nginx/src/core/ngx_regex.c268
-rw-r--r--usr.sbin/nginx/src/core/ngx_regex.h8
-rw-r--r--usr.sbin/nginx/src/core/ngx_resolver.c109
-rw-r--r--usr.sbin/nginx/src/core/ngx_resolver.h15
-rw-r--r--usr.sbin/nginx/src/core/ngx_shmtx.c113
-rw-r--r--usr.sbin/nginx/src/core/ngx_shmtx.h13
-rw-r--r--usr.sbin/nginx/src/core/ngx_slab.c6
-rw-r--r--usr.sbin/nginx/src/core/ngx_slab.h2
-rw-r--r--usr.sbin/nginx/src/core/ngx_string.c43
-rw-r--r--usr.sbin/nginx/src/core/ngx_times.c4
-rw-r--r--usr.sbin/nginx/src/event/modules/ngx_epoll_module.c4
-rw-r--r--usr.sbin/nginx/src/event/modules/ngx_eventport_module.c2
-rw-r--r--usr.sbin/nginx/src/event/modules/ngx_kqueue_module.c2
-rw-r--r--usr.sbin/nginx/src/event/ngx_event.c42
-rw-r--r--usr.sbin/nginx/src/event/ngx_event_openssl.c4
-rw-r--r--usr.sbin/nginx/src/event/ngx_event_pipe.c193
-rw-r--r--usr.sbin/nginx/src/event/ngx_event_pipe.h3
-rw-r--r--usr.sbin/nginx/src/event/ngx_event_timer.c5
-rw-r--r--usr.sbin/nginx/src/http/modules/ngx_http_access_module.c13
-rw-r--r--usr.sbin/nginx/src/http/modules/ngx_http_browser_module.c8
-rw-r--r--usr.sbin/nginx/src/http/modules/ngx_http_chunked_filter_module.c2
-rw-r--r--usr.sbin/nginx/src/http/modules/ngx_http_degradation_module.c2
-rw-r--r--usr.sbin/nginx/src/http/modules/ngx_http_fastcgi_module.c166
-rw-r--r--usr.sbin/nginx/src/http/modules/ngx_http_flv_module.c8
-rw-r--r--usr.sbin/nginx/src/http/modules/ngx_http_geo_module.c6
-rw-r--r--usr.sbin/nginx/src/http/modules/ngx_http_gzip_filter_module.c26
-rw-r--r--usr.sbin/nginx/src/http/modules/ngx_http_gzip_static_module.c8
-rw-r--r--usr.sbin/nginx/src/http/modules/ngx_http_headers_filter_module.c50
-rw-r--r--usr.sbin/nginx/src/http/modules/ngx_http_image_filter_module.c4
-rw-r--r--usr.sbin/nginx/src/http/modules/ngx_http_index_module.c24
-rw-r--r--usr.sbin/nginx/src/http/modules/ngx_http_limit_conn_module.c747
-rw-r--r--usr.sbin/nginx/src/http/modules/ngx_http_limit_req_module.c422
-rw-r--r--usr.sbin/nginx/src/http/modules/ngx_http_limit_zone_module.c553
-rw-r--r--usr.sbin/nginx/src/http/modules/ngx_http_log_module.c40
-rw-r--r--usr.sbin/nginx/src/http/modules/ngx_http_memcached_module.c22
-rw-r--r--usr.sbin/nginx/src/http/modules/ngx_http_mp4_module.c8
-rw-r--r--usr.sbin/nginx/src/http/modules/ngx_http_proxy_module.c1461
-rw-r--r--usr.sbin/nginx/src/http/modules/ngx_http_realip_module.c14
-rw-r--r--usr.sbin/nginx/src/http/modules/ngx_http_scgi_module.c111
-rw-r--r--usr.sbin/nginx/src/http/modules/ngx_http_split_clients_module.c19
-rw-r--r--usr.sbin/nginx/src/http/modules/ngx_http_ssi_filter_module.c22
-rw-r--r--usr.sbin/nginx/src/http/modules/ngx_http_static_module.c8
-rw-r--r--usr.sbin/nginx/src/http/modules/ngx_http_upstream_ip_hash_module.c4
-rw-r--r--usr.sbin/nginx/src/http/modules/ngx_http_upstream_keepalive_module.c570
-rw-r--r--usr.sbin/nginx/src/http/modules/ngx_http_userid_filter_module.c6
-rw-r--r--usr.sbin/nginx/src/http/modules/ngx_http_uwsgi_module.c103
-rw-r--r--usr.sbin/nginx/src/http/modules/ngx_http_xslt_filter_module.c208
-rw-r--r--usr.sbin/nginx/src/http/modules/perl/nginx.pm3
-rw-r--r--usr.sbin/nginx/src/http/modules/perl/nginx.xs4
-rw-r--r--usr.sbin/nginx/src/http/ngx_http.c9
-rw-r--r--usr.sbin/nginx/src/http/ngx_http.h1
-rw-r--r--usr.sbin/nginx/src/http/ngx_http_busy_lock.c4
-rw-r--r--usr.sbin/nginx/src/http/ngx_http_cache.h13
-rw-r--r--usr.sbin/nginx/src/http/ngx_http_copy_filter_module.c7
-rw-r--r--usr.sbin/nginx/src/http/ngx_http_core_module.c340
-rw-r--r--usr.sbin/nginx/src/http/ngx_http_core_module.h15
-rw-r--r--usr.sbin/nginx/src/http/ngx_http_file_cache.c278
-rw-r--r--usr.sbin/nginx/src/http/ngx_http_parse.c72
-rw-r--r--usr.sbin/nginx/src/http/ngx_http_postpone_filter_module.c8
-rw-r--r--usr.sbin/nginx/src/http/ngx_http_request.c88
-rw-r--r--usr.sbin/nginx/src/http/ngx_http_request.h6
-rw-r--r--usr.sbin/nginx/src/http/ngx_http_request_body.c2
-rw-r--r--usr.sbin/nginx/src/http/ngx_http_script.c6
-rw-r--r--usr.sbin/nginx/src/http/ngx_http_upstream.c247
-rw-r--r--usr.sbin/nginx/src/http/ngx_http_upstream.h21
-rw-r--r--usr.sbin/nginx/src/http/ngx_http_upstream_round_robin.c28
-rw-r--r--usr.sbin/nginx/src/http/ngx_http_upstream_round_robin.h1
-rw-r--r--usr.sbin/nginx/src/http/ngx_http_variables.c127
-rw-r--r--usr.sbin/nginx/src/mail/ngx_mail.c13
-rw-r--r--usr.sbin/nginx/src/mail/ngx_mail.h12
-rw-r--r--usr.sbin/nginx/src/mail/ngx_mail_core_module.c115
-rw-r--r--usr.sbin/nginx/src/os/unix/ngx_daemon.c3
-rw-r--r--usr.sbin/nginx/src/os/unix/ngx_darwin.h3
-rw-r--r--usr.sbin/nginx/src/os/unix/ngx_darwin_config.h1
-rw-r--r--usr.sbin/nginx/src/os/unix/ngx_darwin_init.c30
-rw-r--r--usr.sbin/nginx/src/os/unix/ngx_darwin_sendfile_chain.c16
-rw-r--r--usr.sbin/nginx/src/os/unix/ngx_errno.h5
-rw-r--r--usr.sbin/nginx/src/os/unix/ngx_files.h51
-rw-r--r--usr.sbin/nginx/src/os/unix/ngx_freebsd.h3
-rw-r--r--usr.sbin/nginx/src/os/unix/ngx_freebsd_config.h2
-rw-r--r--usr.sbin/nginx/src/os/unix/ngx_freebsd_init.c7
-rw-r--r--usr.sbin/nginx/src/os/unix/ngx_freebsd_rfork_thread.c4
-rw-r--r--usr.sbin/nginx/src/os/unix/ngx_freebsd_sendfile_chain.c18
-rw-r--r--usr.sbin/nginx/src/os/unix/ngx_gcc_atomic_sparc64.h2
-rw-r--r--usr.sbin/nginx/src/os/unix/ngx_linux_config.h1
-rw-r--r--usr.sbin/nginx/src/os/unix/ngx_linux_sendfile_chain.c10
-rw-r--r--usr.sbin/nginx/src/os/unix/ngx_os.h1
-rw-r--r--usr.sbin/nginx/src/os/unix/ngx_posix_config.h3
-rw-r--r--usr.sbin/nginx/src/os/unix/ngx_process.c61
-rw-r--r--usr.sbin/nginx/src/os/unix/ngx_process.h1
-rw-r--r--usr.sbin/nginx/src/os/unix/ngx_process_cycle.c21
-rw-r--r--usr.sbin/nginx/src/os/unix/ngx_readv_chain.c8
-rw-r--r--usr.sbin/nginx/src/os/unix/ngx_setaffinity.c69
-rw-r--r--usr.sbin/nginx/src/os/unix/ngx_setaffinity.h23
-rw-r--r--usr.sbin/nginx/src/os/unix/ngx_setproctitle.c2
-rw-r--r--usr.sbin/nginx/src/os/unix/ngx_solaris_config.h2
-rw-r--r--usr.sbin/nginx/src/os/unix/ngx_solaris_sendfilev_chain.c14
-rw-r--r--usr.sbin/nginx/src/os/unix/ngx_writev_chain.c10
-rw-r--r--usr.sbin/nginx/src/pcre/pcre_study.c1527
138 files changed, 8565 insertions, 1818 deletions
diff --git a/usr.sbin/nginx/CHANGES b/usr.sbin/nginx/CHANGES
index e5ceff6d112..75026b6bc5d 100644
--- a/usr.sbin/nginx/CHANGES
+++ b/usr.sbin/nginx/CHANGES
@@ -1,22 +1,80 @@
-Changes with nginx 1.0.15 12 Apr 2012
+Changes with nginx 1.2.0 23 Apr 2012
+
+ *) Bugfix: a segmentation fault might occur in a worker process if the
+ "try_files" directive was used; the bug had appeared in 1.1.19.
+
+ *) Bugfix: response might be truncated if there were more than IOV_MAX
+ buffers used.
+
+ *) Bugfix: in the "crop" parameter of the "image_filter" directive.
+ Thanks to Maxim Bublis.
+
+
+Changes with nginx 1.1.19 12 Apr 2012
*) Security: specially crafted mp4 file might allow to overwrite memory
locations in a worker process if the ngx_http_mp4_module was used,
potentially resulting in arbitrary code execution (CVE-2012-2089).
Thanks to Matthew Daley.
+ *) Bugfix: nginx/Windows might be terminated abnormally.
+ Thanks to Vincent Lee.
+
+ *) Bugfix: nginx hogged CPU if all servers in an upstream were marked as
+ "backup".
+
+ *) Bugfix: the "allow" and "deny" directives might be inherited
+ incorrectly if they were used with IPv6 addresses.
+
+ *) Bugfix: the "modern_browser" and "ancient_browser" directives might
+ be inherited incorrectly.
+
+ *) Bugfix: timeouts might be handled incorrectly on Solaris/SPARC.
+
*) Bugfix: in the ngx_http_mp4_module.
-Changes with nginx 1.0.14 15 Mar 2012
+Changes with nginx 1.1.18 28 Mar 2012
+
+ *) Change: keepalive connections are no longer disabled for Safari by
+ default.
+
+ *) Feature: the $connection_requests variable.
+
+ *) Feature: $tcpinfo_rtt, $tcpinfo_rttvar, $tcpinfo_snd_cwnd and
+ $tcpinfo_rcv_space variables.
+
+ *) Feature: the "worker_cpu_affinity" directive now works on FreeBSD.
+
+ *) Feature: the "xslt_param" and "xslt_string_param" directives.
+ Thanks to Samuel Behan.
+
+ *) Bugfix: in configure tests.
+ Thanks to Piotr Sikora.
+
+ *) Bugfix: in the ngx_http_xslt_filter_module.
+
+ *) Bugfix: nginx could not be built on Debian GNU/Hurd.
+
+
+Changes with nginx 1.1.17 15 Mar 2012
*) Security: content of previously freed memory might be sent to a
client if backend returned specially crafted response.
Thanks to Matthew Daley.
+ *) Bugfix: in the embedded perl module if used from SSI.
+ Thanks to Matthew Daley.
+
+ *) Bugfix: in the ngx_http_uwsgi_module.
+
+
+Changes with nginx 1.1.16 29 Feb 2012
+
+ *) Change: the simultaneous subrequest limit has been raised to 200.
-Changes with nginx 1.0.13 05 Mar 2012
+ *) Feature: the "from" parameter of the "disable_symlinks" directive.
*) Feature: the "return" and "error_page" directives can now be used to
return 307 redirections.
@@ -26,74 +84,113 @@ Changes with nginx 1.0.13 05 Mar 2012
specified at global level.
Thanks to Roman Arutyunyan.
+ *) Bugfix: a segmentation fault might occur in a worker process if the
+ "proxy_http_version 1.1" or "fastcgi_keep_conn on" directives were
+ used.
+
*) Bugfix: memory leaks.
Thanks to Lanshun Zhou.
+ *) Bugfix: in the "disable_symlinks" directive.
+
+ *) Bugfix: on ZFS filesystem disk cache size might be calculated
+ incorrectly; the bug had appeared in 1.0.1.
+
+ *) Bugfix: nginx could not be built by the icc 12.1 compiler.
+
+ *) Bugfix: nginx could not be built by gcc on Solaris; the bug had
+ appeared in 1.1.15.
+
+
+Changes with nginx 1.1.15 15 Feb 2012
+
+ *) Feature: the "disable_symlinks" directive.
+
+ *) Feature: the "proxy_cookie_domain" and "proxy_cookie_path"
+ directives.
+
*) Bugfix: nginx might log incorrect error "upstream prematurely closed
connection" instead of correct "upstream sent too big header" one.
Thanks to Feibo Li.
- *) Bugfix: on ZFS filesystem disk cache size might be calculated
- incorrectly; the bug had appeared in 1.0.1.
+ *) Bugfix: nginx could not be built with the ngx_http_perl_module if the
+ --with-openssl option was used.
*) Bugfix: the number of internal redirects to named locations was not
limited.
+ *) Bugfix: calling $r->flush() multiple times might cause errors in the
+ ngx_http_gzip_filter_module.
+
*) Bugfix: temporary files might be not removed if the "proxy_store"
directive was used with SSI includes.
*) Bugfix: in some cases non-cacheable variables (such as the $args
variable) returned old empty cached value.
+ *) Bugfix: a segmentation fault might occur in a worker process if too
+ many SSI subrequests were issued simultaneously; the bug had appeared
+ in 0.7.25.
+
+
+Changes with nginx 1.1.14 30 Jan 2012
+
+ *) Feature: multiple "limit_req" limits may be used simultaneously.
+
+ *) Bugfix: in error handling while connecting to a backend.
+ Thanks to Piotr Sikora.
+
+ *) Bugfix: in AIO error handling on FreeBSD.
+
+ *) Bugfix: in the OpenSSL library initialization.
+
*) Bugfix: the "proxy_redirect" directives might be inherited
incorrectly.
- *) Bugfix: nginx could not be built with the ngx_http_perl_module if the
- --with-openssl option was used.
-
- *) Bugfix: nginx could not be built by the icc 12.1 compiler.
+ *) Bugfix: memory leak during reconfiguration if the "pcre_jit"
+ directive was used.
-Changes with nginx 1.0.12 06 Feb 2012
+Changes with nginx 1.1.13 16 Jan 2012
*) Feature: the "TLSv1.1" and "TLSv1.2" parameters of the
"ssl_protocols" directive.
- *) Feature: the "if" SSI command supports captures in regular
- expressions.
-
- *) Bugfix: the "if" SSI command did not work inside the "block" command.
+ *) Bugfix: the "limit_req" directive parameters were not inherited
+ correctly; the bug had appeared in 1.1.12.
- *) Bugfix: in AIO error handling on FreeBSD.
+ *) Bugfix: the "proxy_redirect" directive incorrectly processed
+ "Refresh" header if regular expression were used.
- *) Bugfix: in the OpenSSL library initialization.
+ *) Bugfix: the "proxy_cache_use_stale" directive with "error" parameter
+ did not return answer from cache if there were no live upstreams.
*) Bugfix: the "worker_cpu_affinity" directive might not work.
- *) Bugfix: the "limit_conn_log_level" and "limit_req_log_level"
- directives might not work.
+ *) Bugfix: nginx could not be built on Solaris; the bug had appeared in
+ 1.1.12.
- *) Bugfix: the "read_ahead" directive might not work combined with
- "try_files" and "open_file_cache".
+ *) Bugfix: in the ngx_http_mp4_module.
- *) Bugfix: the "proxy_cache_use_stale" directive with "error" parameter
- did not return answer from cache if there were no live upstreams.
- *) Bugfix: a segmentation fault might occur in a worker process if small
- time was used in the "inactive" parameter of the "proxy_cache_path"
- directive.
+Changes with nginx 1.1.12 26 Dec 2011
- *) Bugfix: responses from cache might hang.
+ *) Change: a "proxy_pass" directive without URI part now uses changed
+ URI after redirection with the "error_page" directive.
+ Thanks to Lanshun Zhou.
- *) Bugfix: in error handling while connecting to a backend.
- Thanks to Piotr Sikora.
+ *) Feature: the "proxy/fastcgi/scgi/uwsgi_cache_lock",
+ "proxy/fastcgi/scgi/uwsgi_cache_lock_timeout" directives.
- *) Bugfix: in the "epoll" event method.
- Thanks to Yichun Zhang.
+ *) Feature: the "pcre_jit" directive.
- *) Bugfix: the $sent_http_cache_control variable might contain a wrong
- value if the "expires" directive was used.
- Thanks to Yichun Zhang.
+ *) Feature: the "if" SSI command supports captures in regular
+ expressions.
+
+ *) Bugfix: the "if" SSI command did not work inside the "block" command.
+
+ *) Bugfix: the "limit_conn_log_level" and "limit_req_log_level"
+ directives might not work.
*) Bugfix: the "limit_rate" directive did not allow to use full
throughput, even if limit value was very high.
@@ -101,52 +198,114 @@ Changes with nginx 1.0.12 06 Feb 2012
*) Bugfix: the "sendfile_max_chunk" directive did not work, if the
"limit_rate" directive was used.
- *) Bugfix: nginx could not be built on Solaris; the bug had appeared in
- 1.0.11.
+ *) Bugfix: a "proxy_pass" directive without URI part always used
+ original request URI if variables were used.
+
+ *) Bugfix: a "proxy_pass" directive without URI part might use original
+ request after redirection with the "try_files" directive.
+ Thanks to Lanshun Zhou.
*) Bugfix: in the ngx_http_scgi_module.
*) Bugfix: in the ngx_http_mp4_module.
+ *) Bugfix: nginx could not be built on Solaris; the bug had appeared in
+ 1.1.9.
+
+
+Changes with nginx 1.1.11 12 Dec 2011
+
+ *) Feature: the "so_keepalive" parameter of the "listen" directive.
+ Thanks to Vsevolod Stakhov.
+
+ *) Feature: the "if_not_empty" parameter of the
+ "fastcgi/scgi/uwsgi_param" directives.
+
+ *) Feature: the $https variable.
+
+ *) Feature: the "proxy_redirect" directive supports variables in the
+ first parameter.
+
+ *) Feature: the "proxy_redirect" directive supports regular expressions.
+
+ *) Bugfix: the $sent_http_cache_control variable might contain a wrong
+ value if the "expires" directive was used.
+ Thanks to Yichun Zhang.
+
+ *) Bugfix: the "read_ahead" directive might not work combined with
+ "try_files" and "open_file_cache".
+
+ *) Bugfix: a segmentation fault might occur in a worker process if small
+ time was used in the "inactive" parameter of the "proxy_cache_path"
+ directive.
+
+ *) Bugfix: responses from cache might hang.
+
+
+Changes with nginx 1.1.10 30 Nov 2011
-Changes with nginx 1.0.11 15 Dec 2011
+ *) Bugfix: a segmentation fault occured in a worker process if AIO was
+ used on Linux; the bug had appeared in 1.1.9.
+
+
+Changes with nginx 1.1.9 28 Nov 2011
*) Change: now double quotes are encoded in an "echo" SSI-command
output.
Thanks to Zaur Abasmirzoev.
- *) Feature: the "image_filter_sharpen" directive.
+ *) Feature: the "valid" parameter of the "resolver" directive. By
+ default TTL returned by a DNS server is used.
+ Thanks to Kirill A. Korinskiy.
+
+ *) Bugfix: nginx might hang after a worker process abnormal termination.
*) Bugfix: a segmentation fault might occur in a worker process if SNI
- was used; the bug had appeared in 1.0.9.
+ was used; the bug had appeared in 1.1.2.
+
+ *) Bugfix: in the "keepalive_disable" directive; the bug had appeared in
+ 1.1.8.
+ Thanks to Alexander Usov.
*) Bugfix: SIGWINCH signal did not work after first binary upgrade; the
- bug had appeared in 1.0.9.
+ bug had appeared in 1.1.1.
- *) Bugfix: the "If-Modified-Since", "If-Range", etc. client request
- header lines might be passed to backend while caching; or not passed
- without caching if caching was enabled in another part of the
- configuration.
+ *) Bugfix: backend responses with length not matching "Content-Length"
+ header line are no longer cached.
*) Bugfix: in the "scgi_param" directive, if complex parameters were
used.
- *) Bugfix: "add_header" and "expires" directives did not work if a
- request was proxied and response status code was 206.
-
- *) Bugfix: in the "expires @time" directive.
+ *) Bugfix: in the "epoll" event method.
+ Thanks to Yichun Zhang.
*) Bugfix: in the ngx_http_flv_module.
Thanks to Piotr Sikora.
*) Bugfix: in the ngx_http_mp4_module.
+ *) Bugfix: IPv6 addresses are now handled properly in a request line and
+ in a "Host" request header line.
+
+ *) Bugfix: "add_header" and "expires" directives did not work if a
+ request was proxied and response status code was 206.
+
*) Bugfix: nginx could not be built on FreeBSD 10.
*) Bugfix: nginx could not be built on AIX.
-Changes with nginx 1.0.10 15 Nov 2011
+Changes with nginx 1.1.8 14 Nov 2011
+
+ *) Change: the ngx_http_limit_zone_module was renamed to the
+ ngx_http_limit_conn_module.
+
+ *) Change: the "limit_zone" directive was superseded by the
+ "limit_conn_zone" directive with a new syntax.
+
+ *) Feature: support for multiple "limit_conn" limits on the same level.
+
+ *) Feature: the "image_filter_sharpen" directive.
*) Bugfix: a segmentation fault might occur in a worker process if
resolver got a big DNS response.
@@ -155,34 +314,54 @@ Changes with nginx 1.0.10 15 Nov 2011
*) Bugfix: in cache key calculation if internal MD5 implementation was
used; the bug had appeared in 1.0.4.
+ *) Bugfix: the "If-Modified-Since", "If-Range", etc. client request
+ header lines might be passed to backend while caching; or not passed
+ without caching if caching was enabled in another part of the
+ configuration.
+
*) Bugfix: the module ngx_http_mp4_module sent incorrect
"Content-Length" response header line if the "start" argument was
used.
Thanks to Piotr Sikora.
-Changes with nginx 1.0.9 01 Nov 2011
+Changes with nginx 1.1.7 31 Oct 2011
+
+ *) Feature: support of several DNS servers in the "resolver" directive.
+ Thanks to Kirill A. Korinskiy.
+
+ *) Bugfix: a segmentation fault occurred on start or during
+ reconfiguration if the "ssl" directive was used at http level and
+ there was no "ssl_certificate" defined.
+
+ *) Bugfix: reduced memory consumption while proxying big files if they
+ were buffered to disk.
+
+ *) Bugfix: a segmentation fault might occur in a worker process if
+ "proxy_http_version 1.1" directive was used.
+
+ *) Bugfix: in the "expires @time" directive.
+
+
+Changes with nginx 1.1.6 17 Oct 2011
+
+ *) Change in internal API: now module context data are cleared while
+ internal redirect to named location.
+ Requested by Yichun Zhang.
+
+ *) Change: if a server in an upstream failed, only one request will be
+ sent to it after fail_timeout; the server will be considered alive if
+ it will successfully respond to the request.
*) Change: now the 0x7F-0x1F characters are escaped as \xXX in an
access_log.
- *) Change: now SIGWINCH signal works only in daemon mode.
-
*) Feature: "proxy/fastcgi/scgi/uwsgi_ignore_headers" directives support
the following additional values: X-Accel-Limit-Rate,
X-Accel-Buffering, X-Accel-Charset.
*) Feature: decrease of memory consumption if SSL is used.
- *) Feature: accept filters are now supported on NetBSD.
-
- *) Feature: the "uwsgi_buffering" and "scgi_buffering" directives.
- Thanks to Peter Smit.
-
- *) Bugfix: a segmentation fault occurred on start or while
- reconfiguration if the "ssl" directive was used at http level and
- there was no "ssl_certificate" defined.
-
*) Bugfix: some UTF-8 characters were processed incorrectly.
Thanks to Alexey Kuts.
@@ -199,10 +378,18 @@ Changes with nginx 1.0.9 01 Nov 2011
*) Bugfix: the module ngx_http_mp4_module did not support seeking on
32-bit platforms.
+
+Changes with nginx 1.1.5 05 Oct 2011
+
+ *) Feature: the "uwsgi_buffering" and "scgi_buffering" directives.
+ Thanks to Peter Smit.
+
*) Bugfix: non-cacheable responses might be cached if
"proxy_cache_bypass" directive was used.
Thanks to John Ferlito.
+ *) Bugfix: in HTTP/1.1 support in the ngx_http_proxy_module.
+
*) Bugfix: cached responses with an empty body were returned
incorrectly; the bug had appeared in 0.8.31.
@@ -211,26 +398,17 @@ Changes with nginx 1.0.9 01 Nov 2011
*) Bugfix: in the "return" directive.
- *) Bugfix: the "ssl_verify_client", "ssl_verify_depth", and
- "ssl_prefer_server_ciphers" directives might work incorrectly if SNI
- was used.
+ *) Bugfix: the "ssl_session_cache builtin" directive caused segmentation
+ fault; the bug had appeared in 1.1.1.
-Changes with nginx 1.0.8 01 Oct 2011
+Changes with nginx 1.1.4 20 Sep 2011
- *) Bugfix: nginx could not be built --with-http_mp4_module and without
- --with-debug option.
-
-
-Changes with nginx 1.0.7 30 Sep 2011
-
- *) Change: now if total size of all ranges is greater than source
- response size, then nginx disables ranges and returns just the source
- response.
+ *) Feature: the ngx_http_upstream_keepalive module.
- *) Feature: the "max_ranges" directive.
+ *) Feature: the "proxy_http_version" directive.
- *) Feature: the module ngx_http_mp4_module.
+ *) Feature: the "fastcgi_keep_conn" directive.
*) Feature: the "worker_aio_requests" directive.
@@ -240,17 +418,57 @@ Changes with nginx 1.0.7 30 Sep 2011
*) Bugfix: in Linux AIO error processing.
Thanks to Hagai Avrahami.
+ *) Bugfix: reduced memory consumption for long-lived requests.
+
+ *) Bugfix: the module ngx_http_mp4_module did not support 64-bit MP4
+ "co64" atom.
+
+
+Changes with nginx 1.1.3 14 Sep 2011
+
+ *) Feature: the module ngx_http_mp4_module.
+
*) Bugfix: in Linux AIO combined with open_file_cache.
*) Bugfix: open_file_cache did not update file info on retest if file
was not atomically changed.
- *) Bugfix: reduced memory consumption for long-lived requests.
+ *) Bugfix: nginx could not be built on MacOSX 10.7.
+
+
+Changes with nginx 1.1.2 05 Sep 2011
+
+ *) Change: now if total size of all ranges is greater than source
+ response size, then nginx disables ranges and returns just the source
+ response.
+
+ *) Feature: the "max_ranges" directive.
+
+ *) Bugfix: the "ssl_verify_client", "ssl_verify_depth", and
+ "ssl_prefer_server_ciphers" directives might work incorrectly if SNI
+ was used.
*) Bugfix: in the "proxy/fastcgi/scgi/uwsgi_ignore_client_abort"
directives.
- *) Bugfix: nginx could not be built on MacOSX 10.7.
+
+Changes with nginx 1.1.1 22 Aug 2011
+
+ *) Change: now cache loader processes either as many files as specified
+ by "loader_files" parameter or works no longer than time specified by
+ the "loader_threshold" parameter during each iteration.
+
+ *) Change: now SIGWINCH signal works only in daemon mode.
+
+ *) Feature: now shared zones and caches use POSIX semaphores on Solaris.
+ Thanks to Den Ivanov.
+
+ *) Feature: accept filters are now supported on NetBSD.
+
+ *) Bugfix: nginx could not be built on Linux 3.0.
+
+ *) Bugfix: nginx did not use gzipping in some cases; the bug had
+ appeared in 1.1.0.
*) Bugfix: request body might be processed incorrectly if client used
pipelining.
@@ -269,11 +487,18 @@ Changes with nginx 1.0.7 30 Sep 2011
*) Bugfix: a segmentation fault might occur in a worker process if many
backup servers were used in an upstream.
+ *) Bugfix: a segmentation fault might occur in a worker process if
+ "fastcgi/scgi/uwsgi_param" directives were used with values starting
+ with "HTTP_"; the bug had appeared in 0.8.40.
+
-Changes with nginx 1.0.6 29 Aug 2011
+Changes with nginx 1.1.0 01 Aug 2011
*) Feature: cache loader run time decrease.
+ *) Feature: "loader_files", "loader_sleep", and "loader_threshold"
+ options of the "proxy/fastcgi/scgi/uwsgi_cache_path" directives.
+
*) Feature: loading time decrease of configuration with large number of
HTTPS sites.
@@ -281,31 +506,27 @@ Changes with nginx 1.0.6 29 Aug 2011
Thanks to Adrian Kotelba.
*) Feature: the "lingering_close" directive.
-
- *) Feature: now shared zones and caches use POSIX semaphores on Solaris.
- Thanks to Den Ivanov.
-
- *) Bugfix: nginx could not be built on Linux 3.0.
-
- *) Bugfix: a segmentation fault might occur in a worker process if
- "fastcgi/scgi/uwsgi_param" directives were used with values starting
- with "HTTP_"; the bug had appeared in 0.8.40.
+ Thanks to Maxim Dounin.
*) Bugfix: in closing connection for pipelined requests.
+ Thanks to Maxim Dounin.
*) Bugfix: nginx did not disable gzipping if client sent "gzip;q=0" in
"Accept-Encoding" request header line.
*) Bugfix: in timeout in unbuffered proxied mode.
+ Thanks to Maxim Dounin.
*) Bugfix: memory leaks when a "proxy_pass" directive contains variables
and proxies to an HTTPS backend.
+ Thanks to Maxim Dounin.
*) Bugfix: in parameter validaiton of a "proxy_pass" directive with
variables.
Thanks to Lanshun Zhou.
*) Bugfix: SSL did not work on QNX.
+ Thanks to Maxim Dounin.
*) Bugfix: SSL modules could not be built by gcc 4.6 without
--with-debug option.
@@ -365,8 +586,8 @@ Changes with nginx 1.0.3 25 May 2011
testing IPv4 address mapped to IPv6 address, if access or deny rules
were defined only for IPv6; the bug had appeared in 0.8.22.
- *) Bugfix: a cached response may be broken if proxy/fastcgi/scgi/
- uwsgi_cache_bypass and proxy/fastcgi/scgi/uwsgi_no_cache directive
+ *) Bugfix: a cached response may be broken if "proxy/fastcgi/scgi/
+ uwsgi_cache_bypass" and "proxy/fastcgi/scgi/uwsgi_no_cache" directive
values were different; the bug had appeared in 0.8.46.
@@ -2132,7 +2353,7 @@ Changes with nginx 0.7.15 08 Sep 2008
Changes with nginx 0.7.14 01 Sep 2008
*) Change: now the ssl_certificate and ssl_certificate_key directives
- have not default values.
+ have no default values.
*) Feature: the "listen" directive supports the "ssl" parameter.
diff --git a/usr.sbin/nginx/CHANGES.ru b/usr.sbin/nginx/CHANGES.ru
index 0bfe8f75ac8..9d62688079d 100644
--- a/usr.sbin/nginx/CHANGES.ru
+++ b/usr.sbin/nginx/CHANGES.ru
@@ -1,5 +1,17 @@
-Изменения в nginx 1.0.15 12.04.2012
+Изменения в nginx 1.2.0 23.04.2012
+
+ *) Исправление: в рабочем процессе мог произойти segmentation fault,
+ если использовалась директива try_files; ошибка появилась в 1.1.19.
+
+ *) Исправление: ответ мог быть передан не полностью, если использовалось
+ больше IOV_MAX буферов.
+
+ *) Исправление: в работе параметра crop директивы image_filter.
+ Спасибо Maxim Bublis.
+
+
+Изменения в nginx 1.1.19 12.04.2012
*) Безопасность: при обработке специально созданного mp4 файла модулем
ngx_http_mp4_module могли перезаписываться области памяти рабочего
@@ -7,17 +19,64 @@
(CVE-2012-2089).
Спасибо Matthew Daley.
+ *) Исправление: nginx/Windows мог завершаться аварийно.
+ Спасибо Vincent Lee.
+
+ *) Исправление: nginx нагружал процессор, если все серверы в upstream'е
+ были помечены флагом backup.
+
+ *) Исправление: директивы allow и deny могли наследоваться некорректно,
+ если в них использовались IPv6 адреса.
+
+ *) Исправление: директивы modern_browser и ancient_browser могли
+ наследоваться некорректно.
+
+ *) Исправление: таймауты могли работать некорректно на Solaris/SPARC.
+
*) Исправление: в модуле ngx_http_mp4_module.
-Изменения в nginx 1.0.14 15.03.2012
+Изменения в nginx 1.1.18 28.03.2012
+
+ *) Изменение: теперь keepalive соединения не запрещены для Safari по
+ умолчанию.
+
+ *) Добавление: переменная $connection_requests.
+
+ *) Добавление: переменные $tcpinfo_rtt, $tcpinfo_rttvar,
+ $tcpinfo_snd_cwnd и $tcpinfo_rcv_space.
+
+ *) Добавление: директива worker_cpu_affinity теперь работает на FreeBSD.
+
+ *) Добавление: директивы xslt_param и xslt_string_param.
+ Спасибо Samuel Behan.
+
+ *) Исправление: в configure.
+ Спасибо Piotr Sikora.
+
+ *) Исправление: в модуле ngx_http_xslt_filter_module.
+
+ *) Исправление: nginx не собирался на Debian GNU/Hurd.
+
+
+Изменения в nginx 1.1.17 15.03.2012
*) Безопасность: содержимое ранее освобождённой памяти могло быть
отправлено клиенту, если бэкенд возвращал специально созданный ответ.
Спасибо Matthew Daley.
+ *) Исправление: при использовании встроенного перла из SSI.
+ Спасибо Matthew Daley.
+
+ *) Исправление: в модуле ngx_http_uwsgi_module.
+
+
+Изменения в nginx 1.1.16 29.02.2012
-Изменения в nginx 1.0.13 05.03.2012
+ *) Изменение: ограничение на количество одновременных подзапросов
+ поднято до 200.
+
+ *) Добавление: параметр from в директиве disable_symlinks.
*) Добавление: директивы return и error_page теперь могут использоваться
для возврата перенаправлений с кодом 307.
@@ -27,74 +86,114 @@
задана директива error_log.
Спасибо Роману Арутюняну.
+ *) Исправление: в рабочем процессе мог произойти segmentation fault,
+ если использовались директивы "proxy_http_version 1.1" или
+ "fastcgi_keep_conn on".
+
*) Исправление: утечек памяти.
Спасибо Lanshun Zhou.
+ *) Исправление: в директиве disable_symlinks.
+
+ *) Исправление: при использовании ZFS размер кэша на диске мог считаться
+ некорректно; ошибка появилась в 1.0.1.
+
+ *) Исправление: nginx не собирался компилятором icc 12.1.
+
+ *) Исправление: nginx не собирался gcc на Solaris; ошибка появилась в
+ 1.1.15.
+
+
+Изменения в nginx 1.1.15 15.02.2012
+
+ *) Добавление: директива disable_symlinks.
+
+ *) Добавление: директивы proxy_cookie_domain и proxy_cookie_path.
+
*) Исправление: nginx мог некорректно сообщать об ошибке "upstream
prematurely closed connection" вместо "upstream sent too big header".
Спасибо Feibo Li.
- *) Исправление: при использовании ZFS размер кэша на диске мог считаться
- некорректно; ошибка появилась в 1.0.1.
+ *) Исправление: nginx не собирался с модулем ngx_http_perl_module, если
+ использовался параметр --with-openssl.
*) Исправление: количество внутренних перенаправлений в именованные
location'ы не ограничивалось.
+ *) Исправление: вызов $r->flush() несколько раз подряд мог приводить к
+ ошибкам в модуле ngx_http_gzip_filter_module.
+
*) Исправление: при использовании директивы proxy_store с
SSI-подзапросами временные файлы могли не удаляться.
*) Исправление: в некоторых случаях некэшируемые переменные (такие, как
$args) возвращали старое пустое закэшированное значение.
- *) Исправление: директивы proxy_redirect могли наследоваться
- некорректно.
+ *) Исправление: в рабочем процессе мог произойти segmentation fault,
+ если одновременно создавалось слишком много SSI-подзапросов; ошибка
+ появилась в 0.7.25.
- *) Исправление: nginx не собирался с модулем ngx_http_perl_module, если
- использовался параметр --with-openssl.
- *) Исправление: nginx не собирался компилятором icc 12.1.
+Изменения в nginx 1.1.14 30.01.2012
+ *) Добавление: теперь можно указать несколько ограничений limit_req
+ одновременно.
-Изменения в nginx 1.0.12 06.02.2012
+ *) Исправление: в обработке ошибок при соединении с бэкендом.
+ Спасибо Piotr Sikora.
- *) Добавление: параметры TLSv1.1 и TLSv1.2 в директиве ssl_protocols.
+ *) Исправление: в обработке ошибок при использовании AIO на FreeBSD.
- *) Добавление: SSI команда if поддерживает выделения в регулярных
- выражениях.
+ *) Исправление: в инициализации библиотеки OpenSSL.
- *) Исправление: SSI команда if не работала внутри команды block.
+ *) Исправление: директивы proxy_redirect могли наследоваться
+ некорректно.
- *) Исправление: в обработке ошибок при использовании AIO на FreeBSD.
+ *) Исправление: утечки памяти при переконфигурации, если использовалась
+ директива pcre_jit.
- *) Исправление: в инициализации библиотеки OpenSSL.
- *) Исправление: директива worker_cpu_affinity могла не работать.
+Изменения в nginx 1.1.13 16.01.2012
- *) Исправление: директивы limit_conn_log_level и limit_req_log_level
- могли не работать.
+ *) Добавление: параметры TLSv1.1 и TLSv1.2 в директиве ssl_protocols.
- *) Исправление: директива read_ahead могла не работать при использовании
- совместно с try_files и open_file_cache.
+ *) Исправление: параметры директивы limit_req наследовались некорректно;
+ ошибка появилась в 1.1.12.
+
+ *) Исправление: директива proxy_redirect некорректно обрабатывала
+ заголовок Refresh при использовании регулярных выражений.
*) Исправление: директива proxy_cache_use_stale с параметром error не
возвращала ответ из кэша, если все бэкенды были признаны
неработающими.
- *) Исправление: если в параметре inactive директивы proxy_cache_path
- было указано малое время, в рабочем процессе мог произойти
- segmentation fault.
+ *) Исправление: директива worker_cpu_affinity могла не работать.
- *) Исправление: ответы из кэша могли зависать.
+ *) Исправление: nginx не собирался на Solaris; ошибка появилась в
+ 1.1.12.
- *) Исправление: в обработке ошибок при соединении с бэкендом.
- Спасибо Piotr Sikora.
+ *) Исправление: в модуле ngx_http_mp4_module.
- *) Исправление: в методе epoll.
- Спасибо Yichun Zhang.
- *) Исправление: переменная $sent_http_cache_control могла содержать
- неверное значение при использовании директивы expires.
- Спасибо Yichun Zhang.
+Изменения в nginx 1.1.12 26.12.2011
+
+ *) Изменение: после перенаправления запроса с помощью директивы
+ error_page директива proxy_pass без URI теперь использует изменённый
+ URI.
+ Спасибо Lanshun Zhou.
+
+ *) Добавление: директивы proxy/fastcgi/scgi/uwsgi_cache_lock,
+ proxy/fastcgi/scgi/uwsgi_cache_lock_timeout.
+
+ *) Добавление: директива pcre_jit.
+
+ *) Добавление: SSI команда if поддерживает выделения в регулярных
+ выражениях.
+
+ *) Исправление: SSI команда if не работала внутри команды block.
+
+ *) Исправление: директивы limit_conn_log_level и limit_req_log_level
+ могли не работать.
*) Исправление: директива limit_rate не позволяла передавать на полной
скорости, даже если был указан очень большой лимит.
@@ -102,52 +201,116 @@
*) Исправление: директива sendfile_max_chunk не работала, если
использовалась директива limit_rate.
- *) Исправление: nginx не собирался на Solaris; ошибка появилась в
- 1.0.11.
+ *) Исправление: если в директиве proxy_pass использовались переменные и
+ не был указан URI, всегда использовался URI исходного запроса.
+
+ *) Исправление: после перенаправления запроса с помощью директивы
+ try_files директива proxy_pass без URI могла использовать URI
+ исходного запроса.
+ Спасибо Lanshun Zhou.
*) Исправление: в модуле ngx_http_scgi_module.
*) Исправление: в модуле ngx_http_mp4_module.
+ *) Исправление: nginx не собирался на Solaris; ошибка появилась в 1.1.9.
+
+
+Изменения в nginx 1.1.11 12.12.2011
+
+ *) Добавление: параметр so_keepalive в директиве listen.
+ Спасибо Всеволоду Стахову.
+
+ *) Добавление: параметр if_not_empty в директивах
+ fastcgi/scgi/uwsgi_param.
+
+ *) Добавление: переменная $https.
+
+ *) Добавление: директива proxy_redirect поддерживает переменные в первом
+ параметре.
+
+ *) Добавление: директива proxy_redirect поддерживает регулярные
+ выражения.
+
+ *) Исправление: переменная $sent_http_cache_control могла содержать
+ неверное значение при использовании директивы expires.
+ Спасибо Yichun Zhang.
+
+ *) Исправление: директива read_ahead могла не работать при использовании
+ совместно с try_files и open_file_cache.
+
+ *) Исправление: если в параметре inactive директивы proxy_cache_path
+ было указано малое время, в рабочем процессе мог произойти
+ segmentation fault.
+
+ *) Исправление: ответы из кэша могли зависать.
+
+
+Изменения в nginx 1.1.10 30.11.2011
+
+ *) Исправление: при использовании AIO на Linux в рабочем процессе
+ происходил segmentation fault; ошибка появилась в 1.1.9.
+
-Изменения в nginx 1.0.11 15.12.2011
+Изменения в nginx 1.1.9 28.11.2011
*) Изменение: теперь двойные кавычки экранируется при выводе
SSI-командой echo.
Спасибо Зауру Абасмирзоеву.
- *) Добавление: директива image_filter_sharpen.
+ *) Добавление: параметр valid в директиве resolver. По умолчанию теперь
+ используется TTL, возвращённый DNS-сервером.
+ Спасибо Кириллу Коринскому.
+
+ *) Исправление: nginx мог перестать отвечать, если рабочий процесс
+ завершался аварийно.
*) Исправление: в рабочем процессе мог произойти segmentation fault,
- если использовалось SNI; ошибка появилась в 1.0.9.
+ если использовалось SNI; ошибка появилась в 1.1.2.
+
+ *) Исправление: в директиве keepalive_disable; ошибка появилась в 1.1.8.
+ Спасибо Александру Усову.
*) Исправление: сигнал SIGWINCH переставал работать после первого
- обновления исполняемого файла; ошибка появилась в 1.0.9.
+ обновления исполняемого файла; ошибка появилась в 1.1.1.
- *) Исправление: строки "If-Modified-Since", "If-Range" и им подобные в
- заголовке запроса клиента могли передаваться бэкенду при кэшировании;
- или не передаваться при выключенном кэшировании, если кэширование
- было включено в другой части конфигурации.
+ *) Исправление: теперь ответы бэкендов, длина которых не соответствует
+ заголовку Content-Length, не кэширутся.
*) Исправление: в директиве scgi_param при использовании составных
параметров.
- *) Исправление: директивы add_header и expires не работали для ответов с
- кодом 206, если запрос проксировался.
-
- *) Исправление: в директиве "expires @time".
+ *) Исправление: в методе epoll.
+ Спасибо Yichun Zhang.
*) Исправление: в модуле ngx_http_flv_module.
Спасибо Piotr Sikora.
*) Исправление: в модуле ngx_http_mp4_module.
+ *) Исправление: теперь nginx понимает IPv6-адреса в строке запроса и в
+ заголовке Host.
+
+ *) Исправление: директивы add_header и expires не работали для ответов с
+ кодом 206, если запрос проксировался.
+
*) Исправление: nginx не собирался на FreeBSD 10.
*) Исправление: nginx не собирался на AIX.
-Изменения в nginx 1.0.10 15.11.2011
+Изменения в nginx 1.1.8 14.11.2011
+
+ *) Изменение: модуль ngx_http_limit_zone_module переименован в
+ ngx_http_limit_conn_module.
+
+ *) Изменение: директива limit_zone заменена директивой limit_conn_zone с
+ новым синтаксисом.
+
+ *) Добавление: поддержка ограничения по нескольким limit_conn на одном
+ уровне.
+
+ *) Добавление: директива image_filter_sharpen.
*) Исправление: в рабочем процессе мог произойти segmentation fault,
если resolver получил большой DNS-ответ.
@@ -156,33 +319,54 @@
*) Исправление: в вычислении ключа для кэширования, если использовалась
внутренняя реализация MD5; ошибка появилась в 1.0.4.
+ *) Исправление: строки "If-Modified-Since", "If-Range" и им подобные в
+ заголовке запроса клиента могли передаваться бэкенду при кэшировании;
+ или не передаваться при выключенном кэшировании, если кэширование
+ было включено в другой части конфигурации.
+
*) Исправление: модуль ngx_http_mp4_module выдавал неверную строку
"Content-Length" в заголовке ответа, использовался аргумент start.
Спасибо Piotr Sikora.
-Изменения в nginx 1.0.9 01.11.2011
+Изменения в nginx 1.1.7 31.10.2011
+
+ *) Добавление: поддержка нескольких DNS серверов в директиве "resolver".
+ Спасибо Кириллу Коринскому.
+
+ *) Исправление: на старте или во время переконфигурации происходил
+ segmentation fault, если директива ssl использовалась на уровне http
+ и не был указан ssl_certificate.
+
+ *) Исправление: уменьшено потребление памяти при проксировании больших
+ файлов, если они буферизировались на диск.
+
+ *) Исправление: в рабочем процессе мог произойти segmentation fault,
+ если использовалась директива "proxy_http_version 1.1".
+
+ *) Исправление: в директиве "expires @time".
+
+
+Изменения в nginx 1.1.6 17.10.2011
+
+ *) Изменение во внутреннем API: теперь при внутреннем редиректе в
+ именованный location контексты модулей очищаются.
+ По запросу Yichun Zhang.
+
+ *) Изменение: теперь если сервер, описанный в блоке upstream, был
+ признан неработающим, то после истечения fail_timeout на него будет
+ отправлен только один запрос; сервер будет считаться работающим, если
+ успешно ответит на этот запрос.
*) Изменение: теперь символы 0x7F-0xFF в access_log записываются в виде
\xXX.
- *) Изменение: SIGWINCH сигнал теперь работает только в режиме демона.
-
*) Добавление: директивы "proxy/fastcgi/scgi/uwsgi_ignore_headers"
теперь поддерживают значения X-Accel-Limit-Rate, X-Accel-Buffering и
X-Accel-Charset.
*) Добавление: уменьшение потребления памяти при использовании SSL.
- *) Добавление: теперь на NetBSD поддерживаются accept фильтры.
-
- *) Добавление: директивы uwsgi_buffering и scgi_buffering.
- Спасибо Peter Smit.
-
- *) Исправление: на старте или во время переконфигурации происходил
- segmentation fault, если директива ssl использовалась на уровне http
- и не был указан ssl_certificate.
-
*) Исправление: некоторые UTF-8 символы обрабатывались неправильно.
Спасибо Алексею Куцу.
@@ -201,10 +385,19 @@
*) Исправление: модуль ngx_http_mp4_module не поддерживал перемотку на
32-битных платформах.
+
+Изменения в nginx 1.1.5 05.10.2011
+
+ *) Добавление: директивы uwsgi_buffering и scgi_buffering.
+ Спасибо Peter Smit.
+
*) Исправление: при использовании proxy_cache_bypass могли быть
закэшированы некэшируемые ответы.
Спасибо John Ferlito.
+ *) Исправление: в модуле ngx_http_proxy_module при работе с бэкендами по
+ HTTP/1.1.
+
*) Исправление: закэшированные ответы с пустым телом возвращались
некорректно; ошибка появилась в 0.8.31.
@@ -213,26 +406,17 @@
*) Исправление: в директиве return.
- *) Исправление: директивы ssl_verify_client, ssl_verify_depth и
- ssl_prefer_server_cipher могли работать некорректно, если
- использовался SNI.
-
-
-Изменения в nginx 1.0.8 01.10.2011
+ *) Исправление: при использовании директивы "ssl_session_cache builtin"
+ происходил segmentation fault; ошибка появилась в 1.1.1.
- *) Исправление: nginx не собирался с модулем ngx_http_mp4_module и без
- параметра --with-debug.
+Изменения в nginx 1.1.4 20.09.2011
-Изменения в nginx 1.0.7 30.09.2011
-
- *) Изменение: теперь, если суммарный размер всех диапазонов больше
- размера исходного ответа, то nginx возвращает только исходный ответ,
- не обрабатывая диапазоны.
+ *) Добавление: модуль ngx_http_upstream_keepalive.
- *) Добавление: директива max_ranges.
+ *) Добавление: директива proxy_http_version.
- *) Добавление: модуль ngx_http_mp4_module.
+ *) Добавление: директива fastcgi_keep_conn.
*) Добавление: директива worker_aio_requests.
@@ -242,17 +426,58 @@
*) Исправление: в обработке ошибок при работе с Linux AIO.
Спасибо Hagai Avrahami.
+ *) Исправление: уменьшено потребление памяти для долгоживущих запросов.
+
+ *) Исправление: модуль ngx_http_mp4_module не поддерживал 64-битный
+ MP4-атом co64.
+
+
+Изменения в nginx 1.1.3 14.09.2011
+
+ *) Добавление: модуль ngx_http_mp4_module.
+
*) Исправление: в Linux AIO, используемым совместно с open_file_cache.
*) Исправление: open_file_cache не обновлял информацию о файле, если
файл был изменён не атомарно.
- *) Исправление: уменьшено потребление памяти для долгоживущих запросов.
+ *) Исправление: nginx не собирался на MacOSX 10.7.
+
+
+Изменения в nginx 1.1.2 05.09.2011
+
+ *) Изменение: теперь, если суммарный размер всех диапазонов больше
+ размера исходного ответа, то nginx возвращает только исходный ответ,
+ не обрабатывая диапазоны.
+
+ *) Добавление: директива max_ranges.
+
+ *) Исправление: директивы ssl_verify_client, ssl_verify_depth и
+ ssl_prefer_server_cipher могли работать некорректно, если
+ использовался SNI.
*) Исправление: в директивах proxy/fastcgi/scgi/
uwsgi_ignore_client_abort.
- *) Исправление: nginx не собирался на MacOSX 10.7.
+
+Изменения в nginx 1.1.1 22.08.2011
+
+ *) Изменение: теперь загрузчик кэша за каждую итерацию либо обрабатывает
+ число файлов, указанное в параметре load_files, либо работает не
+ дольше времени, указанного в параметре loader_threshold.
+
+ *) Изменение: SIGWINCH сигнал теперь работает только в режиме демона.
+
+ *) Добавление: теперь разделяемые зоны и кэши используют семафоры POSIX
+ на Solaris.
+ Спасибо Денису Иванову.
+
+ *) Добавление: теперь на NetBSD поддерживаются accept фильтры.
+
+ *) Исправление: nginx не собирался на Linux 3.0.
+
+ *) Исправление: в некоторых случаях nginx не использовал сжатие; ошибка
+ появилась в 1.1.0.
*) Исправление: обработка тела запроса могла быть неверной, если клиент
использовал pipelining.
@@ -272,11 +497,18 @@
*) Исправление: при использовании большого количества backup-серверов в
рабочем процессе мог произойти segmentation fault.
+ *) Исправление: при использовании директив fastcgi/scgi/uwsgi_param со
+ значениями, начинающимися со строки "HTTP_", в рабочем процессе мог
+ произойти segmentation fault; ошибка появилась в 0.8.40.
+
-Изменения в nginx 1.0.6 29.08.2011
+Изменения в nginx 1.1.0 01.08.2011
*) Добавление: уменьшение времени работы загрузчика кэша.
+ *) Добавление: параметры loader_files, loader_sleep и loader_threshold
+ директив proxy/fastcgi/scgi/uwsgi_cache_path.
+
*) Добавление: уменьшение времени загрузки конфигураций с большим
количеством HTTPS серверов.
@@ -284,32 +516,27 @@
Спасибо Adrian Kotelba.
*) Добавление: директива lingering_close.
-
- *) Добавление: теперь разделяемые зоны и кэши используют семафоры POSIX
- на Solaris.
- Спасибо Денису Иванову.
-
- *) Исправление: nginx не собирался на Linux 3.0.
-
- *) Исправление: при использовании директив fastcgi/scgi/uwsgi_param со
- значениями, начинающимися со строки "HTTP_", в рабочем процессе мог
- произойти segmentation fault; ошибка появилась в 0.8.40.
+ Спасибо Максиму Дунину.
*) Исправление: закрытия соединения для pipelined-запросов.
+ Спасибо Максиму Дунину.
*) Исправление: nginx не запрещал сжатие при получении значения
"gzip;q=0" в строке "Accept-Encoding" в заголовке запроса клиента.
*) Исправление: таймаута при небуферизированном проксировании.
+ Спасибо Максиму Дунину.
*) Исправление: утечки памяти при использовании переменных в директиве
proxy_pass при работе с бэкендом по HTTPS.
+ Спасибо Максиму Дунину.
*) Исправление: в проверке параметра директивы proxy_pass, заданного
переменными.
Спасибо Lanshun Zhou.
*) Исправление: SSL не работал на QNX.
+ Спасибо Максиму Дунину.
*) Исправление: SSL модули не собирались gcc 4.6 без параметра
--with-debug.
diff --git a/usr.sbin/nginx/auto/lib/pcre/conf b/usr.sbin/nginx/auto/lib/pcre/conf
index d183079e93d..69dae0425e6 100644
--- a/usr.sbin/nginx/auto/lib/pcre/conf
+++ b/usr.sbin/nginx/auto/lib/pcre/conf
@@ -5,8 +5,6 @@
if [ $PCRE != NONE ]; then
CORE_INCS="$CORE_INCS $PCRE"
- CORE_DEPS="$CORE_DEPS $REGEX_DEPS"
- CORE_SRCS="$CORE_SRCS $REGEX_SRCS"
case "$NGX_CC_NAME" in
@@ -82,6 +80,12 @@ if [ $PCRE != NONE ]; then
esac
+
+ if [ $PCRE_JIT = YES ]; then
+ have=NGX_HAVE_PCRE_JIT . auto/have
+ PCRE_CONF_OPT="$PCRE_CONF_OPT --enable-jit"
+ fi
+
else
if [ "$NGX_PLATFORM" != win32 -a `uname -s` != OpenBSD ]; then
@@ -94,7 +98,9 @@ else
ngx_feature_incs="#include <pcre.h>"
ngx_feature_path=
ngx_feature_libs="-lpcre"
- ngx_feature_test="pcre *re; re = pcre_compile(NULL, 0, NULL, 0, NULL)"
+ ngx_feature_test="pcre *re;
+ re = pcre_compile(NULL, 0, NULL, 0, NULL);
+ if (re == NULL) return 1"
. auto/feature
if [ $ngx_found = no ]; then
@@ -157,16 +163,27 @@ else
fi
if [ $ngx_found = yes ]; then
- CORE_DEPS="$CORE_DEPS $REGEX_DEPS"
- CORE_SRCS="$CORE_SRCS $REGEX_SRCS"
CORE_INCS="$CORE_INCS $ngx_feature_path"
CORE_LIBS="$CORE_LIBS $ngx_feature_libs"
PCRE=YES
fi
+
+ if [ $PCRE = YES ]; then
+ ngx_feature="PCRE JIT support"
+ ngx_feature_name="NGX_HAVE_PCRE_JIT"
+ ngx_feature_test="int jit = 0;
+ pcre_config(PCRE_CONFIG_JIT, &jit);
+ if (jit != 1) return 1;"
+ . auto/feature
+
+ if [ $ngx_found = yes ]; then
+ PCRE_JIT=YES
+ fi
+ fi
fi
have=NGX_PCRE . auto/have
- CORE_SRCS="$CORE_SRCS $PCRE_SRCS $REGEX_SRCS"
+ CORE_SRCS="$CORE_SRCS $PCRE_SRCS"
CORE_INCS="$CORE_INCS src/pcre"
CFLAGS="$CFLAGS -DHAVE_CONFIG_H -DPCRE_STATIC -DPOSIX_MALLOC_THRESHOLD=10"
PCRE=YES
diff --git a/usr.sbin/nginx/auto/lib/pcre/make b/usr.sbin/nginx/auto/lib/pcre/make
index 1695b934073..834779b9cce 100644
--- a/usr.sbin/nginx/auto/lib/pcre/make
+++ b/usr.sbin/nginx/auto/lib/pcre/make
@@ -51,7 +51,7 @@ $PCRE/Makefile: $NGX_MAKEFILE
cd $PCRE \\
&& if [ -f Makefile ]; then \$(MAKE) distclean; fi \\
&& CC="\$(CC)" CFLAGS="$PCRE_OPT" \\
- ./configure --disable-shared
+ ./configure --disable-shared $PCRE_CONF_OPT
$PCRE/.libs/libpcre.a: $PCRE/Makefile
cd $PCRE \\
diff --git a/usr.sbin/nginx/auto/modules b/usr.sbin/nginx/auto/modules
index f8d31a3833e..dab660f8733 100644
--- a/usr.sbin/nginx/auto/modules
+++ b/usr.sbin/nginx/auto/modules
@@ -211,9 +211,9 @@ if [ $HTTP_ACCESS = YES ]; then
HTTP_SRCS="$HTTP_SRCS $HTTP_ACCESS_SRCS"
fi
-if [ $HTTP_LIMIT_ZONE = YES ]; then
- HTTP_MODULES="$HTTP_MODULES $HTTP_LIMIT_ZONE_MODULE"
- HTTP_SRCS="$HTTP_SRCS $HTTP_LIMIT_ZONE_SRCS"
+if [ $HTTP_LIMIT_CONN = YES ]; then
+ HTTP_MODULES="$HTTP_MODULES $HTTP_LIMIT_CONN_MODULE"
+ HTTP_SRCS="$HTTP_SRCS $HTTP_LIMIT_CONN_SRCS"
fi
if [ $HTTP_LIMIT_REQ = YES ]; then
@@ -345,6 +345,11 @@ if [ $HTTP_UPSTREAM_IP_HASH = YES ]; then
HTTP_SRCS="$HTTP_SRCS $HTTP_UPSTREAM_IP_HASH_SRCS"
fi
+if [ $HTTP_UPSTREAM_KEEPALIVE = YES ]; then
+ HTTP_MODULES="$HTTP_MODULES $HTTP_UPSTREAM_KEEPALIVE_MODULE"
+ HTTP_SRCS="$HTTP_SRCS $HTTP_UPSTREAM_KEEPALIVE_SRCS"
+fi
+
if [ $HTTP_STUB_STATUS = YES ]; then
have=NGX_STAT_STUB . auto/have
HTTP_MODULES="$HTTP_MODULES ngx_http_stub_status_module"
@@ -392,6 +397,12 @@ if [ $USE_OPENSSL = YES ]; then
CORE_SRCS="$CORE_SRCS $OPENSSL_SRCS"
fi
+if [ $USE_PCRE = YES ]; then
+ modules="$modules $REGEX_MODULE"
+ CORE_DEPS="$CORE_DEPS $REGEX_DEPS"
+ CORE_SRCS="$CORE_SRCS $REGEX_SRCS"
+fi
+
if [ $HTTP = YES ]; then
modules="$modules $HTTP_MODULES $HTTP_FILTER_MODULES \
$HTTP_HEADERS_FILTER_MODULE \
diff --git a/usr.sbin/nginx/auto/options b/usr.sbin/nginx/auto/options
index 6eea8c4a8b8..393be406616 100644
--- a/usr.sbin/nginx/auto/options
+++ b/usr.sbin/nginx/auto/options
@@ -86,7 +86,7 @@ HTTP_UWSGI=YES
HTTP_SCGI=YES
HTTP_PERL=NO
HTTP_MEMCACHED=YES
-HTTP_LIMIT_ZONE=YES
+HTTP_LIMIT_CONN=YES
HTTP_LIMIT_REQ=YES
HTTP_EMPTY_GIF=YES
HTTP_BROWSER=YES
@@ -96,6 +96,7 @@ HTTP_FLV=NO
HTTP_MP4=NO
HTTP_GZIP_STATIC=NO
HTTP_UPSTREAM_IP_HASH=YES
+HTTP_UPSTREAM_KEEPALIVE=YES
# STUB
HTTP_STUB_STATUS=NO
@@ -111,6 +112,8 @@ NGX_ADDONS=
USE_PCRE=NO
PCRE=NONE
PCRE_OPT=
+PCRE_CONF_OPT=
+PCRE_JIT=NO
USE_OPENSSL=NO
OPENSSL=NONE
@@ -143,6 +146,8 @@ NGX_LIBATOMIC=NO
NGX_CPU_CACHE_LINE=
+NGX_POST_CONF_MSG=
+
opt=
for option
@@ -227,11 +232,18 @@ do
--without-http_uwsgi_module) HTTP_UWSGI=NO ;;
--without-http_scgi_module) HTTP_SCGI=NO ;;
--without-http_memcached_module) HTTP_MEMCACHED=NO ;;
- --without-http_limit_zone_module) HTTP_LIMIT_ZONE=NO ;;
+ --without-http_limit_zone_module)
+ HTTP_LIMIT_CONN=NO
+ NGX_POST_CONF_MSG="$NGX_POST_CONF_MSG
+$0: warning: the \"--without-http_limit_zone_module\" option is deprecated, \
+use the \"--without-http_limit_conn_module\" option instead"
+ ;;
+ --without-http_limit_conn_module) HTTP_LIMIT_CONN=NO ;;
--without-http_limit_req_module) HTTP_LIMIT_REQ=NO ;;
--without-http_empty_gif_module) HTTP_EMPTY_GIF=NO ;;
--without-http_browser_module) HTTP_BROWSER=NO ;;
--without-http_upstream_ip_hash_module) HTTP_UPSTREAM_IP_HASH=NO ;;
+ --without-http_upstream_keepalive_module) HTTP_UPSTREAM_KEEPALIVE=NO ;;
--with-http_perl_module) HTTP_PERL=YES ;;
--with-perl_modules_path=*) NGX_PERL_MODULES="$value" ;;
@@ -265,6 +277,7 @@ do
--with-pcre) USE_PCRE=YES ;;
--with-pcre=*) PCRE="$value" ;;
--with-pcre-opt=*) PCRE_OPT="$value" ;;
+ --with-pcre-jit) PCRE_JIT=YES ;;
--with-openssl=*) OPENSSL="$value" ;;
--with-openssl-opt=*) OPENSSL_OPT="$value" ;;
@@ -363,7 +376,7 @@ cat << END
--without-http_uwsgi_module disable ngx_http_uwsgi_module
--without-http_scgi_module disable ngx_http_scgi_module
--without-http_memcached_module disable ngx_http_memcached_module
- --without-http_limit_zone_module disable ngx_http_limit_zone_module
+ --without-http_limit_conn_module disable ngx_http_limit_conn_module
--without-http_limit_req_module disable ngx_http_limit_req_module
--without-http_empty_gif_module disable ngx_http_empty_gif_module
--without-http_browser_module disable ngx_http_browser_module
@@ -412,6 +425,7 @@ cat << END
--with-pcre force PCRE library usage
--with-pcre=DIR set path to PCRE library sources
--with-pcre-opt=OPTIONS set additional build options for PCRE
+ --with-pcre-jit build PCRE with JIT compilation support
--with-md5=DIR set path to md5 library sources
--with-md5-opt=OPTIONS set additional build options for md5
diff --git a/usr.sbin/nginx/auto/os/freebsd b/usr.sbin/nginx/auto/os/freebsd
index 88654ba60fb..6aa823f9250 100644
--- a/usr.sbin/nginx/auto/os/freebsd
+++ b/usr.sbin/nginx/auto/os/freebsd
@@ -134,3 +134,11 @@ END
exit 1
fi
fi
+
+
+# cpuset_setaffinity()
+
+if [ $version -ge 701000 ]; then
+ echo " + cpuset_setaffinity() found"
+ have=NGX_HAVE_CPUSET_SETAFFINITY . auto/have
+fi
diff --git a/usr.sbin/nginx/auto/os/linux b/usr.sbin/nginx/auto/os/linux
index 0b2173cae9c..c506d3dc3ad 100644
--- a/usr.sbin/nginx/auto/os/linux
+++ b/usr.sbin/nginx/auto/os/linux
@@ -52,7 +52,7 @@ ngx_feature_run=yes
ngx_feature_incs="#include <sys/epoll.h>"
ngx_feature_path=
ngx_feature_libs=
-ngx_feature_test="int efd = 0, fd = 1, n;
+ngx_feature_test="int efd = 0;
struct epoll_event ee;
ee.events = EPOLLIN|EPOLLOUT|EPOLLET;
ee.data.ptr = NULL;
@@ -128,8 +128,9 @@ ngx_feature_run=no
ngx_feature_incs="#include <sched.h>"
ngx_feature_path=
ngx_feature_libs=
-ngx_feature_test="long mask = 0;
- sched_setaffinity(0, 32, (cpu_set_t *) &mask)"
+ngx_feature_test="cpu_set_t mask;
+ CPU_ZERO(&mask);
+ sched_setaffinity(0, sizeof(cpu_set_t), &mask)"
. auto/feature
@@ -142,7 +143,7 @@ ngx_feature_incs="#include <crypt.h>"
ngx_feature_path=
ngx_feature_libs=-lcrypt
ngx_feature_test="struct crypt_data cd;
- crypt_r(NULL, NULL, &cd);"
+ crypt_r(\"key\", \"salt\", &cd);"
. auto/feature
diff --git a/usr.sbin/nginx/auto/os/solaris b/usr.sbin/nginx/auto/os/solaris
index 16da4b3fd31..d39df0bf713 100644
--- a/usr.sbin/nginx/auto/os/solaris
+++ b/usr.sbin/nginx/auto/os/solaris
@@ -35,7 +35,8 @@ ngx_feature_path=
ngx_feature_libs="-lsendfile"
ngx_feature_test="int fd = 1; sendfilevec_t vec[1];
size_t sent; ssize_t n;
- n = sendfilev(fd, vec, 1, &sent)"
+ n = sendfilev(fd, vec, 1, &sent);
+ if (n == -1) return 1"
. auto/feature
diff --git a/usr.sbin/nginx/auto/sources b/usr.sbin/nginx/auto/sources
index 2036776cf3e..d95f3badffe 100644
--- a/usr.sbin/nginx/auto/sources
+++ b/usr.sbin/nginx/auto/sources
@@ -70,6 +70,7 @@ CORE_SRCS="src/core/nginx.c \
src/core/ngx_crypt.c"
+REGEX_MODULE=ngx_regex_module
REGEX_DEPS=src/core/ngx_regex.h
REGEX_SRCS=src/core/ngx_regex.c
@@ -80,6 +81,7 @@ PCRE_SRCS="src/pcre/pcre_chartables.c \
src/pcre/pcre_globals.c \
src/pcre/pcre_newline.c \
src/pcre/pcre_ord2utf8.c \
+ src/pcre/pcre_study.c \
src/pcre/pcre_tables.c \
src/pcre/pcre_ucd.c \
src/pcre/pcre_valid_utf8.c \
@@ -155,6 +157,7 @@ UNIX_DEPS="$CORE_DEPS $EVENT_DEPS \
src/os/unix/ngx_channel.h \
src/os/unix/ngx_shmem.h \
src/os/unix/ngx_process.h \
+ src/os/unix/ngx_setaffinity.h \
src/os/unix/ngx_setproctitle.h \
src/os/unix/ngx_atomic.h \
src/os/unix/ngx_gcc_atomic_x86.h \
@@ -189,6 +192,7 @@ UNIX_SRCS="$CORE_SRCS $EVENT_SRCS \
src/os/unix/ngx_shmem.c \
src/os/unix/ngx_process.c \
src/os/unix/ngx_daemon.c \
+ src/os/unix/ngx_setaffinity.c \
src/os/unix/ngx_setproctitle.c \
src/os/unix/ngx_posix_init.c \
src/os/unix/ngx_user.c \
@@ -447,8 +451,8 @@ HTTP_MEMCACHED_MODULE=ngx_http_memcached_module
HTTP_MEMCACHED_SRCS=src/http/modules/ngx_http_memcached_module.c
-HTTP_LIMIT_ZONE_MODULE=ngx_http_limit_zone_module
-HTTP_LIMIT_ZONE_SRCS=src/http/modules/ngx_http_limit_zone_module.c
+HTTP_LIMIT_CONN_MODULE=ngx_http_limit_conn_module
+HTTP_LIMIT_CONN_SRCS=src/http/modules/ngx_http_limit_conn_module.c
HTTP_LIMIT_REQ_MODULE=ngx_http_limit_req_module
@@ -487,6 +491,11 @@ HTTP_UPSTREAM_IP_HASH_MODULE=ngx_http_upstream_ip_hash_module
HTTP_UPSTREAM_IP_HASH_SRCS=src/http/modules/ngx_http_upstream_ip_hash_module.c
+HTTP_UPSTREAM_KEEPALIVE_MODULE=ngx_http_upstream_keepalive_module
+HTTP_UPSTREAM_KEEPALIVE_SRCS=" \
+ src/http/modules/ngx_http_upstream_keepalive_module.c"
+
+
MAIL_INCS="src/mail"
MAIL_DEPS="src/mail/ngx_mail.h"
diff --git a/usr.sbin/nginx/auto/summary b/usr.sbin/nginx/auto/summary
index f7f32a442a4..dcebec9f0fe 100644
--- a/usr.sbin/nginx/auto/summary
+++ b/usr.sbin/nginx/auto/summary
@@ -112,3 +112,5 @@ fi
if [ $HTTP_SCGI = YES ]; then
echo " nginx http scgi temporary files: \"$NGX_HTTP_SCGI_TEMP_PATH\""
fi
+
+echo "$NGX_POST_CONF_MSG"
diff --git a/usr.sbin/nginx/auto/types/sizeof b/usr.sbin/nginx/auto/types/sizeof
index e84a0905ef9..e1d405c6500 100644
--- a/usr.sbin/nginx/auto/types/sizeof
+++ b/usr.sbin/nginx/auto/types/sizeof
@@ -20,12 +20,13 @@ cat << END > $NGX_AUTOTEST.c
#include <sys/time.h>
$NGX_INCLUDE_UNISTD_H
#include <signal.h>
+#include <stdio.h>
#include <sys/resource.h>
$NGX_INCLUDE_INTTYPES_H
$NGX_INCLUDE_AUTO_CONFIG_H
int main() {
- printf("%d", sizeof($ngx_type));
+ printf("%d", (int) sizeof($ngx_type));
return 0;
}
diff --git a/usr.sbin/nginx/auto/types/typedef b/usr.sbin/nginx/auto/types/typedef
index f121e8fc2ea..d81229331fd 100644
--- a/usr.sbin/nginx/auto/types/typedef
+++ b/usr.sbin/nginx/auto/types/typedef
@@ -29,7 +29,7 @@ $NGX_INCLUDE_INTTYPES_H
int main() {
$ngx_try i = 0;
- return 0;
+ return (int) i;
}
END
diff --git a/usr.sbin/nginx/auto/types/uintptr_t b/usr.sbin/nginx/auto/types/uintptr_t
index 07f7e7d7dba..2f19080352b 100644
--- a/usr.sbin/nginx/auto/types/uintptr_t
+++ b/usr.sbin/nginx/auto/types/uintptr_t
@@ -4,8 +4,8 @@
echo $ngx_n "checking for uintptr_t ...$ngx_c"
-echo >> $NGX_ERR
-echo "checking for uintptr_t" >> $NGX_ERR
+echo >> $NGX_AUTOCONF_ERR
+echo "checking for uintptr_t" >> $NGX_AUTOCONF_ERR
found=no
@@ -16,12 +16,15 @@ $NGX_INTTYPES_H
int main() {
uintptr_t i = 0;
- return 0;
+ return (int) i;
}
END
-eval "$CC -o $NGX_AUTOTEST $NGX_AUTOTEST.c >> $NGX_ERR 2>&1"
+ngx_test="$CC $CC_TEST_FLAGS $CC_AUX_FLAGS \
+ -o $NGX_AUTOTEST $NGX_AUTOTEST.c $NGX_LD_OPT"
+
+eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>&1"
if [ -x $NGX_AUTOTEST ]; then
echo " uintptr_t found"
diff --git a/usr.sbin/nginx/auto/unix b/usr.sbin/nginx/auto/unix
index 78f82593d2f..783219e2db7 100755
--- a/usr.sbin/nginx/auto/unix
+++ b/usr.sbin/nginx/auto/unix
@@ -33,12 +33,12 @@ ngx_feature_run=no
ngx_feature_incs="#include <poll.h>"
ngx_feature_path=
ngx_feature_libs=
-ngx_feature_test="int n, dp; struct pollfd pl;
- dp = 0;
+ngx_feature_test="int n; struct pollfd pl;
pl.fd = 0;
pl.events = 0;
pl.revents = 0;
- n = poll(&pl, 1, 0)"
+ n = poll(&pl, 1, 0);
+ if (n == -1) return 1"
. auto/feature
if [ $ngx_found = no ]; then
@@ -57,7 +57,8 @@ ngx_feature_test="int n, dp; struct dvpoll dvp;
dvp.dp_fds = NULL;
dvp.dp_nfds = 0;
dvp.dp_timeout = 0;
- n = ioctl(dp, DP_POLL, &dvp)"
+ n = ioctl(dp, DP_POLL, &dvp);
+ if (n == -1) return 1"
. auto/feature
if [ $ngx_found = yes ]; then
@@ -237,7 +238,7 @@ ngx_feature_incs="$NGX_INCLUDE_SYS_PARAM_H
ngx_feature_path=
ngx_feature_libs=
ngx_feature_test="struct statfs fs;
- statfs(NULL, &fs);"
+ statfs(\".\", &fs);"
. auto/feature
@@ -249,7 +250,7 @@ ngx_feature_incs="#include <sys/types.h>
ngx_feature_path=
ngx_feature_libs=
ngx_feature_test="struct statvfs fs;
- statvfs(NULL, &fs);"
+ statvfs(\".\", &fs);"
. auto/feature
@@ -329,6 +330,38 @@ ngx_feature_test="setsockopt(0, IPPROTO_TCP, TCP_DEFER_ACCEPT, NULL, 0)"
. auto/feature
+ngx_feature="TCP_KEEPIDLE, TCP_KEEPINTVL, TCP_KEEPCNT"
+ngx_feature_name="NGX_HAVE_KEEPALIVE_TUNABLE"
+ngx_feature_run=no
+ngx_feature_incs="#include <sys/socket.h>
+ #include <netinet/in.h>
+ #include <netinet/tcp.h>"
+ngx_feature_path=
+ngx_feature_libs=
+ngx_feature_test="setsockopt(0, IPPROTO_TCP, TCP_KEEPIDLE, NULL, 0);
+ setsockopt(0, IPPROTO_TCP, TCP_KEEPINTVL, NULL, 0);
+ setsockopt(0, IPPROTO_TCP, TCP_KEEPCNT, NULL, 0)"
+. auto/feature
+
+
+ngx_feature="TCP_INFO"
+ngx_feature_name="NGX_HAVE_TCP_INFO"
+ngx_feature_run=no
+ngx_feature_incs="#include <sys/socket.h>
+ #include <netinet/in.h>
+ #include <netinet/tcp.h>"
+ngx_feature_path=
+ngx_feature_libs=
+ngx_feature_test="socklen_t optlen = sizeof(struct tcp_info);
+ struct tcp_info ti;
+ ti.tcpi_rtt = 0;
+ ti.tcpi_rttvar = 0;
+ ti.tcpi_snd_cwnd = 0;
+ ti.tcpi_rcv_space = 0;
+ getsockopt(0, IPPROTO_TCP, TCP_INFO, &ti, &optlen)"
+. auto/feature
+
+
ngx_feature="accept4()"
ngx_feature_name="NGX_HAVE_ACCEPT4"
ngx_feature_run=no
@@ -467,7 +500,7 @@ fi
ngx_feature="setproctitle()"
ngx_feature_name="NGX_HAVE_SETPROCTITLE"
ngx_feature_run=no
-ngx_feature_incs=
+ngx_feature_incs="#include <stdlib.h>"
ngx_feature_path=
ngx_feature_libs=$NGX_SETPROCTITLE_LIB
ngx_feature_test="setproctitle(\"test\");"
@@ -480,7 +513,8 @@ ngx_feature_run=no
ngx_feature_incs=
ngx_feature_path=
ngx_feature_libs=
-ngx_feature_test="char buf[1]; ssize_t n; n = pread(0, buf, 1, 0)"
+ngx_feature_test="char buf[1]; ssize_t n; n = pread(0, buf, 1, 0);
+ if (n == -1) return 1"
. auto/feature
@@ -490,7 +524,8 @@ ngx_feature_run=no
ngx_feature_incs=
ngx_feature_path=
ngx_feature_libs=
-ngx_feature_test="char buf[1]; ssize_t n; n = pwrite(1, buf, 1, 0)"
+ngx_feature_test="char buf[1]; ssize_t n; n = pwrite(1, buf, 1, 0);
+ if (n == -1) return 1"
. auto/feature
@@ -564,17 +599,20 @@ ngx_feature_run=no
ngx_feature_incs="#include <stdlib.h>"
ngx_feature_path=
ngx_feature_libs=
-ngx_feature_test="void *p; int n; n = posix_memalign(&p, 4096, 4096)"
+ngx_feature_test="void *p; int n; n = posix_memalign(&p, 4096, 4096);
+ if (n != 0) return 1"
. auto/feature
ngx_feature="memalign()"
ngx_feature_name="NGX_HAVE_MEMALIGN"
ngx_feature_run=no
-ngx_feature_incs="#include <stdlib.h>"
+ngx_feature_incs="#include <stdlib.h>
+ #include <malloc.h>"
ngx_feature_path=
ngx_feature_libs=
-ngx_feature_test="void *p; p = memalign(4096, 4096)"
+ngx_feature_test="void *p; p = memalign(4096, 4096);
+ if (p == NULL) return 1"
. auto/feature
@@ -661,10 +699,12 @@ fi
ngx_feature="struct msghdr.msg_control"
ngx_feature_name="NGX_HAVE_MSGHDR_MSG_CONTROL"
ngx_feature_run=no
-ngx_feature_incs="#include <sys/socket.h>"
+ngx_feature_incs="#include <sys/socket.h>
+ #include <stdio.h>"
ngx_feature_path=
ngx_feature_libs=
-ngx_feature_test="struct msghdr msg; msg.msg_control = NULL"
+ngx_feature_test="struct msghdr msg;
+ printf(\"%d\", (int) sizeof(msg.msg_control))"
. auto/feature
@@ -672,40 +712,47 @@ ngx_feature="ioctl(FIONBIO)"
ngx_feature_name="NGX_HAVE_FIONBIO"
ngx_feature_run=no
ngx_feature_incs="#include <sys/ioctl.h>
+ #include <stdio.h>
$NGX_INCLUDE_SYS_FILIO_H"
ngx_feature_path=
ngx_feature_libs=
-ngx_feature_test="int i; i = FIONBIO"
+ngx_feature_test="int i = FIONBIO; printf(\"%d\", i)"
. auto/feature
ngx_feature="struct tm.tm_gmtoff"
ngx_feature_name="NGX_HAVE_GMTOFF"
ngx_feature_run=no
-ngx_feature_incs="#include <time.h>"
+ngx_feature_incs="#include <time.h>
+ #include <stdio.h>"
ngx_feature_path=
ngx_feature_libs=
-ngx_feature_test="struct tm tm; tm.tm_gmtoff = 0"
+ngx_feature_test="struct tm tm; tm.tm_gmtoff = 0;
+ printf(\"%d\", (int) tm.tm_gmtoff)"
. auto/feature
ngx_feature="struct dirent.d_namlen"
ngx_feature_name="NGX_HAVE_D_NAMLEN"
ngx_feature_run=no
-ngx_feature_incs="#include <dirent.h>"
+ngx_feature_incs="#include <dirent.h>
+ #include <stdio.h>"
ngx_feature_path=
ngx_feature_libs=
-ngx_feature_test="struct dirent dir; dir.d_namlen = 0"
+ngx_feature_test="struct dirent dir; dir.d_namlen = 0;
+ printf(\"%d\", (int) dir.d_namlen)"
. auto/feature
ngx_feature="struct dirent.d_type"
ngx_feature_name="NGX_HAVE_D_TYPE"
ngx_feature_run=no
-ngx_feature_incs="#include <dirent.h>"
+ngx_feature_incs="#include <dirent.h>
+ #include <stdio.h>"
ngx_feature_path=
ngx_feature_libs=
-ngx_feature_test="struct dirent dir; dir.d_type = DT_REG"
+ngx_feature_test="struct dirent dir; dir.d_type = DT_REG;
+ printf(\"%d\", (int) dir.d_type)"
. auto/feature
@@ -717,3 +764,17 @@ ngx_feature_path=
ngx_feature_libs=
ngx_feature_test="sysconf(_SC_NPROCESSORS_ONLN)"
. auto/feature
+
+
+ngx_feature="openat(), fstatat()"
+ngx_feature_name="NGX_HAVE_OPENAT"
+ngx_feature_run=no
+ngx_feature_incs="#include <sys/types.h>
+ #include <sys/stat.h>
+ #include <fcntl.h>"
+ngx_feature_path=
+ngx_feature_libs=
+ngx_feature_test="struct stat sb;
+ openat(AT_FDCWD, \".\", O_RDONLY|O_NOFOLLOW);
+ fstatat(AT_FDCWD, \".\", &sb, AT_SYMLINK_NOFOLLOW);"
+. auto/feature
diff --git a/usr.sbin/nginx/conf/fastcgi.conf b/usr.sbin/nginx/conf/fastcgi.conf
index fab09eb2455..ac9ff92049f 100644
--- a/usr.sbin/nginx/conf/fastcgi.conf
+++ b/usr.sbin/nginx/conf/fastcgi.conf
@@ -10,6 +10,7 @@ fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
+fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
diff --git a/usr.sbin/nginx/conf/fastcgi_params b/usr.sbin/nginx/conf/fastcgi_params
index 201c686e251..71e2c2e3bed 100644
--- a/usr.sbin/nginx/conf/fastcgi_params
+++ b/usr.sbin/nginx/conf/fastcgi_params
@@ -9,6 +9,7 @@ fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
+fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
diff --git a/usr.sbin/nginx/conf/scgi_params b/usr.sbin/nginx/conf/scgi_params
index 257167eb7b3..47348ca381c 100644
--- a/usr.sbin/nginx/conf/scgi_params
+++ b/usr.sbin/nginx/conf/scgi_params
@@ -8,6 +8,7 @@ scgi_param DOCUMENT_URI $document_uri;
scgi_param DOCUMENT_ROOT $document_root;
scgi_param SCGI 1;
scgi_param SERVER_PROTOCOL $server_protocol;
+scgi_param HTTPS $https if_not_empty;
scgi_param REMOTE_ADDR $remote_addr;
scgi_param REMOTE_PORT $remote_port;
diff --git a/usr.sbin/nginx/conf/uwsgi_params b/usr.sbin/nginx/conf/uwsgi_params
index b57e8e78ea2..f539451b6f5 100644
--- a/usr.sbin/nginx/conf/uwsgi_params
+++ b/usr.sbin/nginx/conf/uwsgi_params
@@ -8,6 +8,7 @@ uwsgi_param REQUEST_URI $request_uri;
uwsgi_param PATH_INFO $document_uri;
uwsgi_param DOCUMENT_ROOT $document_root;
uwsgi_param SERVER_PROTOCOL $server_protocol;
+uwsgi_param HTTPS $https if_not_empty;
uwsgi_param REMOTE_ADDR $remote_addr;
uwsgi_param REMOTE_PORT $remote_port;
diff --git a/usr.sbin/nginx/man/nginx.8 b/usr.sbin/nginx/man/nginx.8
index 9d7fc1e9254..229dca91613 100644
--- a/usr.sbin/nginx/man/nginx.8
+++ b/usr.sbin/nginx/man/nginx.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: nginx.8,v 1.5 2012/04/05 10:28:03 sthen Exp $
+.\" $OpenBSD: nginx.8,v 1.6 2012/05/13 09:14:58 robert Exp $
.\"
.\" Copyright (c) 2010 Sergey A. Osokin
.\" Copyright (c) 2011,2012 Nginx, Inc.
@@ -26,7 +26,7 @@
.\" SUCH DAMAGE.
.\"
.\"
-.Dd $Mdocdate: April 5 2012 $
+.Dd $Mdocdate: May 13 2012 $
.Dt NGINX 8
.Os
.Sh NAME
@@ -195,9 +195,7 @@ nginx -t -c ~/mynginx.conf \e
.\"Xr nginx.conf 5
.\"Pp
Documentation at
-.Pa http://nginx.org/
-and
-.Pa http://sysoev.ru/nginx/ .
+.Pa http://nginx.org/en/docs/ .
.Pp
For questions and technical support, please refer to
.Pa http://nginx.org/en/support.html .
diff --git a/usr.sbin/nginx/src/core/nginx.c b/usr.sbin/nginx/src/core/nginx.c
index bb539e55a13..a59de2dbedf 100644
--- a/usr.sbin/nginx/src/core/nginx.c
+++ b/usr.sbin/nginx/src/core/nginx.c
@@ -204,9 +204,7 @@ main(int argc, char *const *argv)
ngx_cycle_t *cycle, init_cycle;
ngx_core_conf_t *ccf;
-#if (NGX_FREEBSD)
ngx_debug_init();
-#endif
if (ngx_strerror_init() != NGX_OK) {
return 1;
@@ -653,7 +651,7 @@ ngx_exec_new_binary(ngx_cycle_t *cycle, char *const *argv)
if (ngx_rename_file(ccf->oldpid.data, ccf->pid.data) != NGX_OK) {
ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno,
ngx_rename_file_n " %s back to %s failed after "
- "the try to execute the new binary process \"%s\"",
+ "an attempt to execute new binary process \"%s\"",
ccf->oldpid.data, ccf->pid.data, argv[0]);
}
}
@@ -991,15 +989,15 @@ ngx_core_module_init_conf(ngx_cycle_t *cycle, void *conf)
ngx_conf_init_value(ccf->worker_processes, 1);
ngx_conf_init_value(ccf->debug_points, 0);
-#if (NGX_HAVE_SCHED_SETAFFINITY)
+#if (NGX_HAVE_CPU_AFFINITY)
if (ccf->cpu_affinity_n
&& ccf->cpu_affinity_n != 1
&& ccf->cpu_affinity_n != (ngx_uint_t) ccf->worker_processes)
{
ngx_log_error(NGX_LOG_WARN, cycle->log, 0,
- "number of the \"worker_processes\" is not equal to "
- "the number of the \"worker_cpu_affinity\" mask, "
+ "the number of \"worker_processes\" is not equal to "
+ "the number of \"worker_cpu_affinity\" masks, "
"using last mask for remaining worker processes");
}
@@ -1250,11 +1248,11 @@ ngx_set_priority(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
static char *
ngx_set_cpu_affinity(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
-#if (NGX_HAVE_SCHED_SETAFFINITY)
+#if (NGX_HAVE_CPU_AFFINITY)
ngx_core_conf_t *ccf = conf;
u_char ch;
- u_long *mask;
+ uint64_t *mask;
ngx_str_t *value;
ngx_uint_t i, n;
@@ -1262,7 +1260,7 @@ ngx_set_cpu_affinity(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
return "is duplicate";
}
- mask = ngx_palloc(cf->pool, (cf->args->nelts - 1) * sizeof(long));
+ mask = ngx_palloc(cf->pool, (cf->args->nelts - 1) * sizeof(uint64_t));
if (mask == NULL) {
return NGX_CONF_ERROR;
}
@@ -1274,9 +1272,9 @@ ngx_set_cpu_affinity(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
for (n = 1; n < cf->args->nelts; n++) {
- if (value[n].len > 32) {
+ if (value[n].len > 64) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "\"worker_cpu_affinity\" supports up to 32 CPU only");
+ "\"worker_cpu_affinity\" supports up to 64 CPUs only");
return NGX_CONF_ERROR;
}
@@ -1319,7 +1317,7 @@ ngx_set_cpu_affinity(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
}
-u_long
+uint64_t
ngx_get_cpu_affinity(ngx_uint_t n)
{
ngx_core_conf_t *ccf;
diff --git a/usr.sbin/nginx/src/core/nginx.h b/usr.sbin/nginx/src/core/nginx.h
index fdc2c925cd8..ca777f6d5ac 100644
--- a/usr.sbin/nginx/src/core/nginx.h
+++ b/usr.sbin/nginx/src/core/nginx.h
@@ -9,8 +9,8 @@
#define _NGINX_H_INCLUDED_
-#define nginx_version 1000015
-#define NGINX_VERSION "1.0.15"
+#define nginx_version 1002000
+#define NGINX_VERSION "1.2.0"
#define NGINX_VER "nginx/" NGINX_VERSION
#define NGINX_VAR "NGINX"
diff --git a/usr.sbin/nginx/src/core/ngx_buf.c b/usr.sbin/nginx/src/core/ngx_buf.c
index 817a96cda7c..835c76ced6b 100644
--- a/usr.sbin/nginx/src/core/ngx_buf.c
+++ b/usr.sbin/nginx/src/core/ngx_buf.c
@@ -181,7 +181,7 @@ ngx_chain_get_free_buf(ngx_pool_t *p, ngx_chain_t **free)
void
-ngx_chain_update_chains(ngx_chain_t **free, ngx_chain_t **busy,
+ngx_chain_update_chains(ngx_pool_t *p, ngx_chain_t **free, ngx_chain_t **busy,
ngx_chain_t **out, ngx_buf_tag_t tag)
{
ngx_chain_t *cl;
@@ -198,19 +198,21 @@ ngx_chain_update_chains(ngx_chain_t **free, ngx_chain_t **busy,
*out = NULL;
while (*busy) {
- if (ngx_buf_size((*busy)->buf) != 0) {
+ cl = *busy;
+
+ if (ngx_buf_size(cl->buf) != 0) {
break;
}
- if ((*busy)->buf->tag != tag) {
- *busy = (*busy)->next;
+ if (cl->buf->tag != tag) {
+ *busy = cl->next;
+ ngx_free_chain(p, cl);
continue;
}
- (*busy)->buf->pos = (*busy)->buf->start;
- (*busy)->buf->last = (*busy)->buf->start;
+ cl->buf->pos = cl->buf->start;
+ cl->buf->last = cl->buf->start;
- cl = *busy;
*busy = cl->next;
cl->next = *free;
*free = cl;
diff --git a/usr.sbin/nginx/src/core/ngx_buf.h b/usr.sbin/nginx/src/core/ngx_buf.h
index 39f31b34f2c..ffc53109433 100644
--- a/usr.sbin/nginx/src/core/ngx_buf.h
+++ b/usr.sbin/nginx/src/core/ngx_buf.h
@@ -155,8 +155,8 @@ ngx_int_t ngx_chain_writer(void *ctx, ngx_chain_t *in);
ngx_int_t ngx_chain_add_copy(ngx_pool_t *pool, ngx_chain_t **chain,
ngx_chain_t *in);
ngx_chain_t *ngx_chain_get_free_buf(ngx_pool_t *p, ngx_chain_t **free);
-void ngx_chain_update_chains(ngx_chain_t **free, ngx_chain_t **busy,
- ngx_chain_t **out, ngx_buf_tag_t tag);
+void ngx_chain_update_chains(ngx_pool_t *p, ngx_chain_t **free,
+ ngx_chain_t **busy, ngx_chain_t **out, ngx_buf_tag_t tag);
#endif /* _NGX_BUF_H_INCLUDED_ */
diff --git a/usr.sbin/nginx/src/core/ngx_conf_file.c b/usr.sbin/nginx/src/core/ngx_conf_file.c
index 83265014127..892fa4719a8 100644
--- a/usr.sbin/nginx/src/core/ngx_conf_file.c
+++ b/usr.sbin/nginx/src/core/ngx_conf_file.c
@@ -465,7 +465,7 @@ ngx_conf_read_token(ngx_conf_t *cf)
if (cf->conf_file->file.offset >= file_size) {
- if (cf->args->nelts > 0) {
+ if (cf->args->nelts > 0 || !last_space) {
if (cf->conf_file->file.fd == NGX_INVALID_FILE) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
@@ -1295,10 +1295,6 @@ ngx_conf_set_msec_slot(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
return "invalid value";
}
- if (*msp == (ngx_msec_t) NGX_PARSE_LARGE_TIME) {
- return "value must be less than 597 hours";
- }
-
if (cmd->post) {
post = cmd->post;
return post->post_handler(cf, post, msp);
@@ -1326,14 +1322,10 @@ ngx_conf_set_sec_slot(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
value = cf->args->elts;
*sp = ngx_parse_time(&value[1], 1);
- if (*sp == NGX_ERROR) {
+ if (*sp == (time_t) NGX_ERROR) {
return "invalid value";
}
- if (*sp == NGX_PARSE_LARGE_TIME) {
- return "value must be less than 68 years";
- }
-
if (cmd->post) {
post = cmd->post;
return post->post_handler(cf, post, sp);
@@ -1489,7 +1481,8 @@ ngx_conf_check_num_bounds(ngx_conf_t *cf, void *post, void *data)
}
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "value must be equal or more than %i", bounds->low);
+ "value must be equal to or greater than %i",
+ bounds->low);
return NGX_CONF_ERROR;
}
diff --git a/usr.sbin/nginx/src/core/ngx_conf_file.h b/usr.sbin/nginx/src/core/ngx_conf_file.h
index e92668cd465..4b87f1aad48 100644
--- a/usr.sbin/nginx/src/core/ngx_conf_file.h
+++ b/usr.sbin/nginx/src/core/ngx_conf_file.h
@@ -14,7 +14,7 @@
/*
- * AAAA number of agruments
+ * AAAA number of arguments
* FF command flags
* TT command type, i.e. HTTP "location" or "server" command
*/
diff --git a/usr.sbin/nginx/src/core/ngx_connection.c b/usr.sbin/nginx/src/core/ngx_connection.c
index b16c5572086..ba1b3f9e2bc 100644
--- a/usr.sbin/nginx/src/core/ngx_connection.c
+++ b/usr.sbin/nginx/src/core/ngx_connection.c
@@ -463,6 +463,7 @@ ngx_open_listening_sockets(ngx_cycle_t *cycle)
void
ngx_configure_listening_sockets(ngx_cycle_t *cycle)
{
+ int keepalive;
ngx_uint_t i;
ngx_listening_t *ls;
@@ -500,6 +501,56 @@ ngx_configure_listening_sockets(ngx_cycle_t *cycle)
}
}
+ if (ls[i].keepalive) {
+ keepalive = (ls[i].keepalive == 1) ? 1 : 0;
+
+ if (setsockopt(ls[i].fd, SOL_SOCKET, SO_KEEPALIVE,
+ (const void *) &keepalive, sizeof(int))
+ == -1)
+ {
+ ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_socket_errno,
+ "setsockopt(SO_KEEPALIVE, %d) %V failed, ignored",
+ keepalive, &ls[i].addr_text);
+ }
+ }
+
+#if (NGX_HAVE_KEEPALIVE_TUNABLE)
+
+ if (ls[i].keepidle) {
+ if (setsockopt(ls[i].fd, IPPROTO_TCP, TCP_KEEPIDLE,
+ (const void *) &ls[i].keepidle, sizeof(int))
+ == -1)
+ {
+ ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_socket_errno,
+ "setsockopt(TCP_KEEPIDLE, %d) %V failed, ignored",
+ ls[i].keepidle, &ls[i].addr_text);
+ }
+ }
+
+ if (ls[i].keepintvl) {
+ if (setsockopt(ls[i].fd, IPPROTO_TCP, TCP_KEEPINTVL,
+ (const void *) &ls[i].keepintvl, sizeof(int))
+ == -1)
+ {
+ ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_socket_errno,
+ "setsockopt(TCP_KEEPINTVL, %d) %V failed, ignored",
+ ls[i].keepintvl, &ls[i].addr_text);
+ }
+ }
+
+ if (ls[i].keepcnt) {
+ if (setsockopt(ls[i].fd, IPPROTO_TCP, TCP_KEEPCNT,
+ (const void *) &ls[i].keepcnt, sizeof(int))
+ == -1)
+ {
+ ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_socket_errno,
+ "setsockopt(TCP_KEEPCNT, %d) %V failed, ignored",
+ ls[i].keepcnt, &ls[i].addr_text);
+ }
+ }
+
+#endif
+
#if (NGX_HAVE_SETFIB)
if (ls[i].setfib != -1) {
if (setsockopt(ls[i].fd, SOL_SOCKET, SO_SETFIB,
@@ -657,7 +708,7 @@ ngx_close_listening_sockets(ngx_cycle_t *cycle)
/*
* it seems that Linux-2.6.x OpenVZ sends events
* for closed shared listening sockets unless
- * the events was explicity deleted
+ * the events was explicitly deleted
*/
ngx_del_event(c->read, NGX_READ_EVENT, 0);
diff --git a/usr.sbin/nginx/src/core/ngx_connection.h b/usr.sbin/nginx/src/core/ngx_connection.h
index 928d661c0a5..34af12e4f34 100644
--- a/usr.sbin/nginx/src/core/ngx_connection.h
+++ b/usr.sbin/nginx/src/core/ngx_connection.h
@@ -28,6 +28,11 @@ struct ngx_listening_s {
int backlog;
int rcvbuf;
int sndbuf;
+#if (NGX_HAVE_KEEPALIVE_TUNABLE)
+ int keepidle;
+ int keepintvl;
+ int keepcnt;
+#endif
/* handler of accepted connection */
ngx_connection_handler_pt handler;
@@ -61,6 +66,7 @@ struct ngx_listening_s {
#if (NGX_HAVE_INET6 && defined IPV6_V6ONLY)
unsigned ipv6only:2;
#endif
+ unsigned keepalive:2;
#if (NGX_HAVE_DEFERRED_ACCEPT)
unsigned deferred_accept:1;
diff --git a/usr.sbin/nginx/src/core/ngx_core.h b/usr.sbin/nginx/src/core/ngx_core.h
index 1ae55163d53..435ce64e7bb 100644
--- a/usr.sbin/nginx/src/core/ngx_core.h
+++ b/usr.sbin/nginx/src/core/ngx_core.h
@@ -91,5 +91,10 @@ typedef void (*ngx_connection_handler_pt)(ngx_connection_t *c);
void ngx_cpuinfo(void);
+#if (NGX_HAVE_OPENAT)
+#define NGX_DISABLE_SYMLINKS_OFF 0
+#define NGX_DISABLE_SYMLINKS_ON 1
+#define NGX_DISABLE_SYMLINKS_NOTOWNER 2
+#endif
#endif /* _NGX_CORE_H_INCLUDED_ */
diff --git a/usr.sbin/nginx/src/core/ngx_cycle.c b/usr.sbin/nginx/src/core/ngx_cycle.c
index a706138203e..4b04d320c1c 100644
--- a/usr.sbin/nginx/src/core/ngx_cycle.c
+++ b/usr.sbin/nginx/src/core/ngx_cycle.c
@@ -953,7 +953,7 @@ ngx_init_zone_pool(ngx_cycle_t *cycle, ngx_shm_zone_t *zn)
#endif
- if (ngx_shmtx_create(&sp->mutex, (void *) &sp->lock, file) != NGX_OK) {
+ if (ngx_shmtx_create(&sp->mutex, &sp->lock, file) != NGX_OK) {
return NGX_ERROR;
}
diff --git a/usr.sbin/nginx/src/core/ngx_cycle.h b/usr.sbin/nginx/src/core/ngx_cycle.h
index dbc6e195e93..551b6288ec0 100644
--- a/usr.sbin/nginx/src/core/ngx_cycle.h
+++ b/usr.sbin/nginx/src/core/ngx_cycle.h
@@ -86,7 +86,7 @@ typedef struct {
int priority;
ngx_uint_t cpu_affinity_n;
- u_long *cpu_affinity;
+ uint64_t *cpu_affinity;
char *username;
ngx_uid_t user;
@@ -124,7 +124,7 @@ ngx_int_t ngx_signal_process(ngx_cycle_t *cycle, char *sig);
void ngx_reopen_files(ngx_cycle_t *cycle, ngx_uid_t user);
char **ngx_set_environment(ngx_cycle_t *cycle, ngx_uint_t *last);
ngx_pid_t ngx_exec_new_binary(ngx_cycle_t *cycle, char *const *argv);
-u_long ngx_get_cpu_affinity(ngx_uint_t n);
+uint64_t ngx_get_cpu_affinity(ngx_uint_t n);
ngx_shm_zone_t *ngx_shared_memory_add(ngx_conf_t *cf, ngx_str_t *name,
size_t size, void *tag);
diff --git a/usr.sbin/nginx/src/core/ngx_file.c b/usr.sbin/nginx/src/core/ngx_file.c
index 56d5a2aa75c..e37f5f57f1b 100644
--- a/usr.sbin/nginx/src/core/ngx_file.c
+++ b/usr.sbin/nginx/src/core/ngx_file.c
@@ -820,7 +820,7 @@ failed:
* reallocated if ctx->alloc is nonzero
*
* ctx->alloc - a size of data structure that is allocated at every level
- * and is initilialized by ctx->init_handler()
+ * and is initialized by ctx->init_handler()
*
* ctx->log - a log
*
diff --git a/usr.sbin/nginx/src/core/ngx_inet.c b/usr.sbin/nginx/src/core/ngx_inet.c
index 2785c8c8cf6..d2bbbfb58bb 100644
--- a/usr.sbin/nginx/src/core/ngx_inet.c
+++ b/usr.sbin/nginx/src/core/ngx_inet.c
@@ -44,11 +44,7 @@ ngx_inet_addr(u_char *text, size_t len)
return INADDR_NONE;
}
- if (n != 3) {
- return INADDR_NONE;
- }
-
- if (octet < 256) {
+ if (n == 3 && octet < 256) {
addr = (addr << 8) + octet;
return htonl(addr);
}
@@ -407,6 +403,10 @@ ngx_ptocidr(ngx_str_t *text, ngx_cidr_t *cidr)
#if (NGX_HAVE_INET6)
case AF_INET6:
+ if (shift > 128) {
+ return NGX_ERROR;
+ }
+
addr = cidr->u.in6.addr.s6_addr;
mask = cidr->u.in6.mask.s6_addr;
rc = NGX_OK;
@@ -416,7 +416,7 @@ ngx_ptocidr(ngx_str_t *text, ngx_cidr_t *cidr)
s = (shift > 8) ? 8 : shift;
shift -= s;
- mask[i] = (u_char) (0 - (1 << (8 - s)));
+ mask[i] = (u_char) (0xffu << (8 - s));
if (addr[i] != (addr[i] & mask[i])) {
rc = NGX_DONE;
@@ -428,9 +428,12 @@ ngx_ptocidr(ngx_str_t *text, ngx_cidr_t *cidr)
#endif
default: /* AF_INET */
+ if (shift > 32) {
+ return NGX_ERROR;
+ }
if (shift) {
- cidr->u.in.mask = htonl((ngx_uint_t) (0 - (1 << (32 - shift))));
+ cidr->u.in.mask = htonl((uint32_t) (0xffffffffu << (32 - shift)));
} else {
/* x86 compilers use a shl instruction that shifts by modulo 32 */
@@ -459,7 +462,7 @@ ngx_parse_addr(ngx_pool_t *pool, ngx_addr_t *addr, u_char *text, size_t len)
struct sockaddr_in6 *sin6;
/*
- * prevent MSVC8 waring:
+ * prevent MSVC8 warning:
* potentially uninitialized local variable 'inaddr6' used
*/
ngx_memzero(inaddr6.s6_addr, sizeof(struct in6_addr));
diff --git a/usr.sbin/nginx/src/core/ngx_murmurhash.h b/usr.sbin/nginx/src/core/ngx_murmurhash.h
index 2b2b70d6ccf..54e867d303a 100644
--- a/usr.sbin/nginx/src/core/ngx_murmurhash.h
+++ b/usr.sbin/nginx/src/core/ngx_murmurhash.h
@@ -16,4 +16,4 @@
uint32_t ngx_murmur_hash2(u_char *data, size_t len);
-#endif /* _NGX_CRC_H_INCLUDED_ */
+#endif /* _NGX_MURMURHASH_H_INCLUDED_ */
diff --git a/usr.sbin/nginx/src/core/ngx_open_file_cache.c b/usr.sbin/nginx/src/core/ngx_open_file_cache.c
index 9a98fccf233..c44ac96b8b7 100644
--- a/usr.sbin/nginx/src/core/ngx_open_file_cache.c
+++ b/usr.sbin/nginx/src/core/ngx_open_file_cache.c
@@ -22,8 +22,17 @@
static void ngx_open_file_cache_cleanup(void *data);
-static ngx_int_t ngx_open_and_stat_file(u_char *name, ngx_open_file_info_t *of,
- ngx_log_t *log);
+#if (NGX_HAVE_OPENAT)
+static ngx_fd_t ngx_openat_file_owner(ngx_fd_t at_fd, const u_char *name,
+ ngx_int_t mode, ngx_int_t create, ngx_int_t access, ngx_log_t *log);
+#endif
+static ngx_fd_t ngx_open_file_wrapper(ngx_str_t *name,
+ ngx_open_file_info_t *of, ngx_int_t mode, ngx_int_t create,
+ ngx_int_t access, ngx_log_t *log);
+static ngx_int_t ngx_file_info_wrapper(ngx_str_t *name,
+ ngx_open_file_info_t *of, ngx_file_info_t *fi, ngx_log_t *log);
+static ngx_int_t ngx_open_and_stat_file(ngx_str_t *name,
+ ngx_open_file_info_t *of, ngx_log_t *log);
static void ngx_open_file_add_event(ngx_open_file_cache_t *cache,
ngx_cached_open_file_t *file, ngx_open_file_info_t *of, ngx_log_t *log);
static void ngx_open_file_cleanup(void *data);
@@ -147,9 +156,9 @@ ngx_open_cached_file(ngx_open_file_cache_t *cache, ngx_str_t *name,
if (of->test_only) {
- if (ngx_file_info(name->data, &fi) == NGX_FILE_ERROR) {
- of->err = ngx_errno;
- of->failed = ngx_file_info_n;
+ if (ngx_file_info_wrapper(name, of, &fi, pool->log)
+ == NGX_FILE_ERROR)
+ {
return NGX_ERROR;
}
@@ -170,7 +179,7 @@ ngx_open_cached_file(ngx_open_file_cache_t *cache, ngx_str_t *name,
return NGX_ERROR;
}
- rc = ngx_open_and_stat_file(name->data, of, pool->log);
+ rc = ngx_open_and_stat_file(name, of, pool->log);
if (rc == NGX_OK && !of->is_dir) {
cln->handler = ngx_pool_cleanup_file;
@@ -205,7 +214,7 @@ ngx_open_cached_file(ngx_open_file_cache_t *cache, ngx_str_t *name,
/* file was not used often enough to keep open */
- rc = ngx_open_and_stat_file(name->data, of, pool->log);
+ rc = ngx_open_and_stat_file(name, of, pool->log);
if (rc != NGX_OK && (of->err == 0 || !of->errors)) {
goto failed;
@@ -217,7 +226,12 @@ ngx_open_cached_file(ngx_open_file_cache_t *cache, ngx_str_t *name,
if (file->use_event
|| (file->event == NULL
&& (of->uniq == 0 || of->uniq == file->uniq)
- && now - file->created < of->valid))
+ && now - file->created < of->valid
+#if (NGX_HAVE_OPENAT)
+ && of->disable_symlinks == file->disable_symlinks
+ && of->disable_symlinks_from == file->disable_symlinks_from
+#endif
+ ))
{
if (file->err == 0) {
@@ -239,7 +253,12 @@ ngx_open_cached_file(ngx_open_file_cache_t *cache, ngx_str_t *name,
} else {
of->err = file->err;
+#if (NGX_HAVE_OPENAT)
+ of->failed = file->disable_symlinks ? ngx_openat_file_n
+ : ngx_open_file_n;
+#else
of->failed = ngx_open_file_n;
+#endif
}
goto found;
@@ -263,7 +282,7 @@ ngx_open_cached_file(ngx_open_file_cache_t *cache, ngx_str_t *name,
of->fd = file->fd;
of->uniq = file->uniq;
- rc = ngx_open_and_stat_file(name->data, of, pool->log);
+ rc = ngx_open_and_stat_file(name, of, pool->log);
if (rc != NGX_OK && (of->err == 0 || !of->errors)) {
goto failed;
@@ -311,8 +330,7 @@ ngx_open_cached_file(ngx_open_file_cache_t *cache, ngx_str_t *name,
if (ngx_close_file(file->fd) == NGX_FILE_ERROR) {
ngx_log_error(NGX_LOG_ALERT, pool->log, ngx_errno,
- ngx_close_file_n " \"%s\" failed",
- name->data);
+ ngx_close_file_n " \"%V\" failed", name);
}
goto add_event;
@@ -329,7 +347,7 @@ ngx_open_cached_file(ngx_open_file_cache_t *cache, ngx_str_t *name,
/* not found */
- rc = ngx_open_and_stat_file(name->data, of, pool->log);
+ rc = ngx_open_and_stat_file(name, of, pool->log);
if (rc != NGX_OK && (of->err == 0 || !of->errors)) {
goto failed;
@@ -376,6 +394,10 @@ update:
file->fd = of->fd;
file->err = of->err;
+#if (NGX_HAVE_OPENAT)
+ file->disable_symlinks = of->disable_symlinks;
+ file->disable_symlinks_from = of->disable_symlinks_from;
+#endif
if (of->err == 0) {
file->uniq = of->uniq;
@@ -452,7 +474,7 @@ failed:
if (of->fd != NGX_INVALID_FILE) {
if (ngx_close_file(of->fd) == NGX_FILE_ERROR) {
ngx_log_error(NGX_LOG_ALERT, pool->log, ngx_errno,
- ngx_close_file_n " \"%s\" failed", name->data);
+ ngx_close_file_n " \"%V\" failed", name);
}
}
@@ -460,17 +482,306 @@ failed:
}
+#if (NGX_HAVE_OPENAT)
+
+static ngx_fd_t
+ngx_openat_file_owner(ngx_fd_t at_fd, const u_char *name,
+ ngx_int_t mode, ngx_int_t create, ngx_int_t access, ngx_log_t *log)
+{
+ ngx_fd_t fd;
+ ngx_err_t err;
+ ngx_file_info_t fi, atfi;
+
+ /*
+ * To allow symlinks with the same owner, use openat() (followed
+ * by fstat()) and fstatat(AT_SYMLINK_NOFOLLOW), and then compare
+ * uids between fstat() and fstatat().
+ *
+ * As there is a race between openat() and fstatat() we don't
+ * know if openat() in fact opened symlink or not. Therefore,
+ * we have to compare uids even if fstatat() reports the opened
+ * component isn't a symlink (as we don't know whether it was
+ * symlink during openat() or not).
+ */
+
+ fd = ngx_openat_file(at_fd, name, mode, create, access);
+
+ if (fd == NGX_INVALID_FILE) {
+ return NGX_INVALID_FILE;
+ }
+
+ if (ngx_file_at_info(at_fd, name, &atfi, AT_SYMLINK_NOFOLLOW)
+ == NGX_FILE_ERROR)
+ {
+ err = ngx_errno;
+ goto failed;
+ }
+
+ if (ngx_fd_info(fd, &fi) == NGX_FILE_ERROR) {
+ err = ngx_errno;
+ goto failed;
+ }
+
+ if (fi.st_uid != atfi.st_uid) {
+ err = NGX_ELOOP;
+ goto failed;
+ }
+
+ return fd;
+
+failed:
+
+ if (ngx_close_file(fd) == NGX_FILE_ERROR) {
+ ngx_log_error(NGX_LOG_ALERT, log, ngx_errno,
+ ngx_close_file_n " \"%V\" failed", name);
+ }
+
+ ngx_set_errno(err);
+
+ return NGX_INVALID_FILE;
+}
+
+#endif
+
+
+static ngx_fd_t
+ngx_open_file_wrapper(ngx_str_t *name, ngx_open_file_info_t *of,
+ ngx_int_t mode, ngx_int_t create, ngx_int_t access, ngx_log_t *log)
+{
+ ngx_fd_t fd;
+
+#if !(NGX_HAVE_OPENAT)
+
+ fd = ngx_open_file(name->data, mode, create, access);
+
+ if (fd == NGX_INVALID_FILE) {
+ of->err = ngx_errno;
+ of->failed = ngx_open_file_n;
+ return NGX_INVALID_FILE;
+ }
+
+ return fd;
+
+#else
+
+ u_char *p, *cp, *end;
+ ngx_fd_t at_fd;
+ ngx_str_t at_name;
+
+ if (of->disable_symlinks == NGX_DISABLE_SYMLINKS_OFF) {
+ fd = ngx_open_file(name->data, mode, create, access);
+
+ if (fd == NGX_INVALID_FILE) {
+ of->err = ngx_errno;
+ of->failed = ngx_open_file_n;
+ return NGX_INVALID_FILE;
+ }
+
+ return fd;
+ }
+
+ p = name->data;
+ end = p + name->len;
+
+ at_name = *name;
+
+ if (of->disable_symlinks_from) {
+
+ cp = p + of->disable_symlinks_from;
+
+ *cp = '\0';
+
+ at_fd = ngx_open_file(p, NGX_FILE_SEARCH|NGX_FILE_NONBLOCK,
+ NGX_FILE_OPEN, 0);
+
+ *cp = '/';
+
+ if (at_fd == NGX_INVALID_FILE) {
+ of->err = ngx_errno;
+ of->failed = ngx_open_file_n;
+ return NGX_INVALID_FILE;
+ }
+
+ at_name.len = of->disable_symlinks_from;
+ p = cp + 1;
+
+ } else if (*p == '/') {
+
+ at_fd = ngx_open_file("/",
+ NGX_FILE_SEARCH|NGX_FILE_NONBLOCK,
+ NGX_FILE_OPEN, 0);
+
+ if (at_fd == NGX_INVALID_FILE) {
+ of->err = ngx_errno;
+ of->failed = ngx_openat_file_n;
+ return NGX_INVALID_FILE;
+ }
+
+ at_name.len = 1;
+ p++;
+
+ } else {
+ at_fd = NGX_AT_FDCWD;
+ }
+
+ for ( ;; ) {
+ cp = ngx_strlchr(p, end, '/');
+ if (cp == NULL) {
+ break;
+ }
+
+ if (cp == p) {
+ p++;
+ continue;
+ }
+
+ *cp = '\0';
+
+ if (of->disable_symlinks == NGX_DISABLE_SYMLINKS_NOTOWNER) {
+ fd = ngx_openat_file_owner(at_fd, p,
+ NGX_FILE_SEARCH|NGX_FILE_NONBLOCK,
+ NGX_FILE_OPEN, 0, log);
+
+ } else {
+ fd = ngx_openat_file(at_fd, p,
+ NGX_FILE_SEARCH|NGX_FILE_NONBLOCK|NGX_FILE_NOFOLLOW,
+ NGX_FILE_OPEN, 0);
+ }
+
+ *cp = '/';
+
+ if (fd == NGX_INVALID_FILE) {
+ of->err = ngx_errno;
+ of->failed = ngx_openat_file_n;
+ goto failed;
+ }
+
+ if (at_fd != NGX_AT_FDCWD && ngx_close_file(at_fd) == NGX_FILE_ERROR) {
+ ngx_log_error(NGX_LOG_ALERT, log, ngx_errno,
+ ngx_close_file_n " \"%V\" failed", &at_name);
+ }
+
+ p = cp + 1;
+ at_fd = fd;
+ at_name.len = cp - at_name.data;
+ }
+
+ if (p == end) {
+
+ /*
+ * If pathname ends with a trailing slash, assume the last path
+ * component is a directory and reopen it with requested flags;
+ * if not, fail with ENOTDIR as per POSIX.
+ *
+ * We cannot rely on O_DIRECTORY in the loop above to check
+ * that the last path component is a directory because
+ * O_DIRECTORY doesn't work on FreeBSD 8. Fortunately, by
+ * reopening a directory, we don't depend on it at all.
+ */
+
+ fd = ngx_openat_file(at_fd, ".", mode, create, access);
+ goto done;
+ }
+
+ if (of->disable_symlinks == NGX_DISABLE_SYMLINKS_NOTOWNER
+ && !(create & (NGX_FILE_CREATE_OR_OPEN|NGX_FILE_TRUNCATE)))
+ {
+ fd = ngx_openat_file_owner(at_fd, p, mode, create, access, log);
+
+ } else {
+ fd = ngx_openat_file(at_fd, p, mode|NGX_FILE_NOFOLLOW, create, access);
+ }
+
+done:
+
+ if (fd == NGX_INVALID_FILE) {
+ of->err = ngx_errno;
+ of->failed = ngx_openat_file_n;
+ }
+
+failed:
+
+ if (at_fd != NGX_AT_FDCWD && ngx_close_file(at_fd) == NGX_FILE_ERROR) {
+ ngx_log_error(NGX_LOG_ALERT, log, ngx_errno,
+ ngx_close_file_n " \"%V\" failed", &at_name);
+ }
+
+ return fd;
+#endif
+}
+
+
static ngx_int_t
-ngx_open_and_stat_file(u_char *name, ngx_open_file_info_t *of, ngx_log_t *log)
+ngx_file_info_wrapper(ngx_str_t *name, ngx_open_file_info_t *of,
+ ngx_file_info_t *fi, ngx_log_t *log)
+{
+ ngx_int_t rc;
+
+#if !(NGX_HAVE_OPENAT)
+
+ rc = ngx_file_info(name->data, fi);
+
+ if (rc == NGX_FILE_ERROR) {
+ of->err = ngx_errno;
+ of->failed = ngx_file_info_n;
+ return NGX_FILE_ERROR;
+ }
+
+ return rc;
+
+#else
+
+ ngx_fd_t fd;
+
+ if (of->disable_symlinks == NGX_DISABLE_SYMLINKS_OFF) {
+
+ rc = ngx_file_info(name->data, fi);
+
+ if (rc == NGX_FILE_ERROR) {
+ of->err = ngx_errno;
+ of->failed = ngx_file_info_n;
+ return NGX_FILE_ERROR;
+ }
+
+ return rc;
+ }
+
+ fd = ngx_open_file_wrapper(name, of, NGX_FILE_RDONLY|NGX_FILE_NONBLOCK,
+ NGX_FILE_OPEN, 0, log);
+
+ if (fd == NGX_INVALID_FILE) {
+ return NGX_FILE_ERROR;
+ }
+
+ rc = ngx_fd_info(fd, fi);
+
+ if (rc == NGX_FILE_ERROR) {
+ of->err = ngx_errno;
+ of->failed = ngx_fd_info_n;
+ }
+
+ if (ngx_close_file(fd) == NGX_FILE_ERROR) {
+ ngx_log_error(NGX_LOG_ALERT, log, ngx_errno,
+ ngx_close_file_n " \"%V\" failed", name);
+ }
+
+ return rc;
+#endif
+}
+
+
+static ngx_int_t
+ngx_open_and_stat_file(ngx_str_t *name, ngx_open_file_info_t *of,
+ ngx_log_t *log)
{
ngx_fd_t fd;
ngx_file_info_t fi;
if (of->fd != NGX_INVALID_FILE) {
- if (ngx_file_info(name, &fi) == NGX_FILE_ERROR) {
- of->failed = ngx_file_info_n;
- goto failed;
+ if (ngx_file_info_wrapper(name, of, &fi, log) == NGX_FILE_ERROR) {
+ of->fd = NGX_INVALID_FILE;
+ return NGX_ERROR;
}
if (of->uniq == ngx_file_uniq(&fi)) {
@@ -479,9 +790,9 @@ ngx_open_and_stat_file(u_char *name, ngx_open_file_info_t *of, ngx_log_t *log)
} else if (of->test_dir) {
- if (ngx_file_info(name, &fi) == NGX_FILE_ERROR) {
- of->failed = ngx_file_info_n;
- goto failed;
+ if (ngx_file_info_wrapper(name, of, &fi, log) == NGX_FILE_ERROR) {
+ of->fd = NGX_INVALID_FILE;
+ return NGX_ERROR;
}
if (ngx_is_dir(&fi)) {
@@ -496,26 +807,27 @@ ngx_open_and_stat_file(u_char *name, ngx_open_file_info_t *of, ngx_log_t *log)
* This flag has no effect on a regular files.
*/
- fd = ngx_open_file(name, NGX_FILE_RDONLY|NGX_FILE_NONBLOCK,
- NGX_FILE_OPEN, 0);
+ fd = ngx_open_file_wrapper(name, of, NGX_FILE_RDONLY|NGX_FILE_NONBLOCK,
+ NGX_FILE_OPEN, 0, log);
} else {
- fd = ngx_open_file(name, NGX_FILE_APPEND, NGX_FILE_CREATE_OR_OPEN,
- NGX_FILE_DEFAULT_ACCESS);
+ fd = ngx_open_file_wrapper(name, of, NGX_FILE_APPEND,
+ NGX_FILE_CREATE_OR_OPEN,
+ NGX_FILE_DEFAULT_ACCESS, log);
}
if (fd == NGX_INVALID_FILE) {
- of->failed = ngx_open_file_n;
- goto failed;
+ of->fd = NGX_INVALID_FILE;
+ return NGX_ERROR;
}
if (ngx_fd_info(fd, &fi) == NGX_FILE_ERROR) {
ngx_log_error(NGX_LOG_CRIT, log, ngx_errno,
- ngx_fd_info_n " \"%s\" failed", name);
+ ngx_fd_info_n " \"%V\" failed", name);
if (ngx_close_file(fd) == NGX_FILE_ERROR) {
ngx_log_error(NGX_LOG_ALERT, log, ngx_errno,
- ngx_close_file_n " \"%s\" failed", name);
+ ngx_close_file_n " \"%V\" failed", name);
}
of->fd = NGX_INVALID_FILE;
@@ -526,7 +838,7 @@ ngx_open_and_stat_file(u_char *name, ngx_open_file_info_t *of, ngx_log_t *log)
if (ngx_is_dir(&fi)) {
if (ngx_close_file(fd) == NGX_FILE_ERROR) {
ngx_log_error(NGX_LOG_ALERT, log, ngx_errno,
- ngx_close_file_n " \"%s\" failed", name);
+ ngx_close_file_n " \"%V\" failed", name);
}
of->fd = NGX_INVALID_FILE;
@@ -537,14 +849,14 @@ ngx_open_and_stat_file(u_char *name, ngx_open_file_info_t *of, ngx_log_t *log)
if (of->read_ahead && ngx_file_size(&fi) > NGX_MIN_READ_AHEAD) {
if (ngx_read_ahead(fd, of->read_ahead) == NGX_ERROR) {
ngx_log_error(NGX_LOG_ALERT, log, ngx_errno,
- ngx_read_ahead_n " \"%s\" failed", name);
+ ngx_read_ahead_n " \"%V\" failed", name);
}
}
if (of->directio <= ngx_file_size(&fi)) {
if (ngx_directio_on(fd) == NGX_FILE_ERROR) {
ngx_log_error(NGX_LOG_ALERT, log, ngx_errno,
- ngx_directio_on_n " \"%s\" failed", name);
+ ngx_directio_on_n " \"%V\" failed", name);
} else {
of->is_directio = 1;
@@ -564,13 +876,6 @@ done:
of->is_exec = ngx_is_exec(&fi);
return NGX_OK;
-
-failed:
-
- of->fd = NGX_INVALID_FILE;
- of->err = ngx_errno;
-
- return NGX_ERROR;
}
diff --git a/usr.sbin/nginx/src/core/ngx_open_file_cache.h b/usr.sbin/nginx/src/core/ngx_open_file_cache.h
index 436de30609d..d119c1296f4 100644
--- a/usr.sbin/nginx/src/core/ngx_open_file_cache.h
+++ b/usr.sbin/nginx/src/core/ngx_open_file_cache.h
@@ -32,6 +32,11 @@ typedef struct {
ngx_uint_t min_uses;
+#if (NGX_HAVE_OPENAT)
+ size_t disable_symlinks_from;
+ unsigned disable_symlinks:2;
+#endif
+
unsigned test_dir:1;
unsigned test_only:1;
unsigned log:1;
@@ -64,6 +69,11 @@ struct ngx_cached_open_file_s {
uint32_t uses;
+#if (NGX_HAVE_OPENAT)
+ size_t disable_symlinks_from;
+ unsigned disable_symlinks:2;
+#endif
+
unsigned count:24;
unsigned close:1;
unsigned use_event:1;
diff --git a/usr.sbin/nginx/src/core/ngx_output_chain.c b/usr.sbin/nginx/src/core/ngx_output_chain.c
index 64500d52886..3cb60ea73dd 100644
--- a/usr.sbin/nginx/src/core/ngx_output_chain.c
+++ b/usr.sbin/nginx/src/core/ngx_output_chain.c
@@ -209,7 +209,8 @@ ngx_output_chain(ngx_output_chain_ctx_t *ctx, ngx_chain_t *in)
return last;
}
- ngx_chain_update_chains(&ctx->free, &ctx->busy, &out, ctx->tag);
+ ngx_chain_update_chains(ctx->pool, &ctx->free, &ctx->busy, &out,
+ ctx->tag);
last_out = &out;
}
}
diff --git a/usr.sbin/nginx/src/core/ngx_parse.h b/usr.sbin/nginx/src/core/ngx_parse.h
index 0c8114fb693..ec093b5a2be 100644
--- a/usr.sbin/nginx/src/core/ngx_parse.h
+++ b/usr.sbin/nginx/src/core/ngx_parse.h
@@ -13,9 +13,6 @@
#include <ngx_core.h>
-#define NGX_PARSE_LARGE_TIME -2
-
-
ssize_t ngx_parse_size(ngx_str_t *line);
off_t ngx_parse_offset(ngx_str_t *line);
ngx_int_t ngx_parse_time(ngx_str_t *line, ngx_uint_t is_sec);
diff --git a/usr.sbin/nginx/src/core/ngx_rbtree.c b/usr.sbin/nginx/src/core/ngx_rbtree.c
index 6ae4d5c05ab..914ca7e884b 100644
--- a/usr.sbin/nginx/src/core/ngx_rbtree.c
+++ b/usr.sbin/nginx/src/core/ngx_rbtree.c
@@ -136,8 +136,7 @@ ngx_rbtree_insert_timer_value(ngx_rbtree_node_t *temp, ngx_rbtree_node_t *node,
/* node->key < temp->key */
- p = ((ngx_rbtree_key_int_t) node->key - (ngx_rbtree_key_int_t) temp->key
- < 0)
+ p = ((ngx_rbtree_key_int_t) (node->key - temp->key) < 0)
? &temp->left : &temp->right;
if (*p == sentinel) {
diff --git a/usr.sbin/nginx/src/core/ngx_regex.c b/usr.sbin/nginx/src/core/ngx_regex.c
index 979110e75cc..677f862bf17 100644
--- a/usr.sbin/nginx/src/core/ngx_regex.c
+++ b/usr.sbin/nginx/src/core/ngx_regex.c
@@ -9,11 +9,64 @@
#include <ngx_core.h>
+typedef struct {
+ ngx_flag_t pcre_jit;
+} ngx_regex_conf_t;
+
+
static void * ngx_libc_cdecl ngx_regex_malloc(size_t size);
static void ngx_libc_cdecl ngx_regex_free(void *p);
+#if (NGX_HAVE_PCRE_JIT)
+static void ngx_pcre_free_studies(void *data);
+#endif
+
+static ngx_int_t ngx_regex_module_init(ngx_cycle_t *cycle);
+
+static void *ngx_regex_create_conf(ngx_cycle_t *cycle);
+static char *ngx_regex_init_conf(ngx_cycle_t *cycle, void *conf);
+
+static char *ngx_regex_pcre_jit(ngx_conf_t *cf, void *post, void *data);
+static ngx_conf_post_t ngx_regex_pcre_jit_post = { ngx_regex_pcre_jit };
+
+
+static ngx_command_t ngx_regex_commands[] = {
+
+ { ngx_string("pcre_jit"),
+ NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_flag_slot,
+ 0,
+ offsetof(ngx_regex_conf_t, pcre_jit),
+ &ngx_regex_pcre_jit_post },
+
+ ngx_null_command
+};
+
+
+static ngx_core_module_t ngx_regex_module_ctx = {
+ ngx_string("regex"),
+ ngx_regex_create_conf,
+ ngx_regex_init_conf
+};
+
+
+ngx_module_t ngx_regex_module = {
+ NGX_MODULE_V1,
+ &ngx_regex_module_ctx, /* module context */
+ ngx_regex_commands, /* module directives */
+ NGX_CORE_MODULE, /* module type */
+ NULL, /* init master */
+ ngx_regex_module_init, /* init module */
+ NULL, /* init process */
+ NULL, /* init thread */
+ NULL, /* exit thread */
+ NULL, /* exit process */
+ NULL, /* exit master */
+ NGX_MODULE_V1_PADDING
+};
static ngx_pool_t *ngx_pcre_pool;
+static ngx_list_t *ngx_pcre_studies;
void
@@ -63,10 +116,11 @@ ngx_regex_malloc_done(void)
ngx_int_t
ngx_regex_compile(ngx_regex_compile_t *rc)
{
- int n, erroff;
- char *p;
- const char *errstr;
- ngx_regex_t *re;
+ int n, erroff;
+ char *p;
+ pcre *re;
+ const char *errstr;
+ ngx_regex_elt_t *elt;
ngx_regex_malloc_init(rc->pool);
@@ -93,7 +147,24 @@ ngx_regex_compile(ngx_regex_compile_t *rc)
return NGX_ERROR;
}
- rc->regex = re;
+ rc->regex = ngx_pcalloc(rc->pool, sizeof(ngx_regex_t));
+ if (rc->regex == NULL) {
+ return NGX_ERROR;
+ }
+
+ rc->regex->pcre = re;
+
+ /* do not study at runtime */
+
+ if (ngx_pcre_studies != NULL) {
+ elt = ngx_list_push(ngx_pcre_studies);
+ if (elt == NULL) {
+ return NGX_ERROR;
+ }
+
+ elt->regex = rc->regex;
+ elt->name = rc->pattern.data;
+ }
n = pcre_fullinfo(re, NULL, PCRE_INFO_CAPTURECOUNT, &rc->captures);
if (n < 0) {
@@ -204,3 +275,190 @@ ngx_regex_free(void *p)
{
return;
}
+
+
+#if (NGX_HAVE_PCRE_JIT)
+
+static void
+ngx_pcre_free_studies(void *data)
+{
+ ngx_list_t *studies = data;
+
+ ngx_uint_t i;
+ ngx_list_part_t *part;
+ ngx_regex_elt_t *elts;
+
+ part = &studies->part;
+ elts = part->elts;
+
+ for (i = 0 ; /* void */ ; i++) {
+
+ if (i >= part->nelts) {
+ if (part->next == NULL) {
+ break;
+ }
+
+ part = part->next;
+ elts = part->elts;
+ i = 0;
+ }
+
+ if (elts[i].regex->extra != NULL) {
+ pcre_free_study(elts[i].regex->extra);
+ }
+ }
+}
+
+#endif
+
+
+static ngx_int_t
+ngx_regex_module_init(ngx_cycle_t *cycle)
+{
+ int opt;
+ const char *errstr;
+ ngx_uint_t i;
+ ngx_list_part_t *part;
+ ngx_regex_elt_t *elts;
+
+ opt = 0;
+
+#if (NGX_HAVE_PCRE_JIT)
+ {
+ ngx_regex_conf_t *rcf;
+ ngx_pool_cleanup_t *cln;
+
+ rcf = (ngx_regex_conf_t *) ngx_get_conf(cycle->conf_ctx, ngx_regex_module);
+
+ if (rcf->pcre_jit) {
+ opt = PCRE_STUDY_JIT_COMPILE;
+
+ /*
+ * The PCRE JIT compiler uses mmap for its executable codes, so we
+ * have to explicitly call the pcre_free_study() function to free
+ * this memory.
+ */
+
+ cln = ngx_pool_cleanup_add(cycle->pool, 0);
+ if (cln == NULL) {
+ return NGX_ERROR;
+ }
+
+ cln->handler = ngx_pcre_free_studies;
+ cln->data = ngx_pcre_studies;
+ }
+ }
+#endif
+
+ ngx_regex_malloc_init(cycle->pool);
+
+ part = &ngx_pcre_studies->part;
+ elts = part->elts;
+
+ for (i = 0 ; /* void */ ; i++) {
+
+ if (i >= part->nelts) {
+ if (part->next == NULL) {
+ break;
+ }
+
+ part = part->next;
+ elts = part->elts;
+ i = 0;
+ }
+
+ elts[i].regex->extra = pcre_study(elts[i].regex->pcre, opt, &errstr);
+
+ if (errstr != NULL) {
+ ngx_log_error(NGX_LOG_ALERT, cycle->log, 0,
+ "pcre_study() failed: %s in \"%s\"",
+ errstr, elts[i].name);
+ }
+
+#if (NGX_HAVE_PCRE_JIT)
+ if (opt & PCRE_STUDY_JIT_COMPILE) {
+ int jit, n;
+
+ jit = 0;
+ n = pcre_fullinfo(elts[i].regex->pcre, elts[i].regex->extra,
+ PCRE_INFO_JIT, &jit);
+
+ if (n != 0 || jit != 1) {
+ ngx_log_error(NGX_LOG_INFO, cycle->log, 0,
+ "JIT compiler does not support pattern: \"%s\"",
+ elts[i].name);
+ }
+ }
+#endif
+ }
+
+ ngx_regex_malloc_done();
+
+ ngx_pcre_studies = NULL;
+
+ return NGX_OK;
+}
+
+
+static void *
+ngx_regex_create_conf(ngx_cycle_t *cycle)
+{
+ ngx_regex_conf_t *rcf;
+
+ rcf = ngx_pcalloc(cycle->pool, sizeof(ngx_regex_conf_t));
+ if (rcf == NULL) {
+ return NULL;
+ }
+
+ rcf->pcre_jit = NGX_CONF_UNSET;
+
+ ngx_pcre_studies = ngx_list_create(cycle->pool, 8, sizeof(ngx_regex_elt_t));
+ if (ngx_pcre_studies == NULL) {
+ return NULL;
+ }
+
+ return rcf;
+}
+
+
+static char *
+ngx_regex_init_conf(ngx_cycle_t *cycle, void *conf)
+{
+ ngx_regex_conf_t *rcf = conf;
+
+ ngx_conf_init_value(rcf->pcre_jit, 0);
+
+ return NGX_CONF_OK;
+}
+
+
+static char *
+ngx_regex_pcre_jit(ngx_conf_t *cf, void *post, void *data)
+{
+ ngx_flag_t *fp = data;
+
+ if (*fp == 0) {
+ return NGX_CONF_OK;
+ }
+
+#if (NGX_HAVE_PCRE_JIT)
+ {
+ int jit, r;
+
+ jit = 0;
+ r = pcre_config(PCRE_CONFIG_JIT, &jit);
+
+ if (r != 0 || jit != 1) {
+ ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
+ "PCRE library does not support JIT");
+ *fp = 0;
+ }
+ }
+#else
+ ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
+ "nginx was built without PCRE JIT support");
+ *fp = 0;
+#endif
+
+ return NGX_CONF_OK;
+}
diff --git a/usr.sbin/nginx/src/core/ngx_regex.h b/usr.sbin/nginx/src/core/ngx_regex.h
index 58b9eef7621..55bd331bb69 100644
--- a/usr.sbin/nginx/src/core/ngx_regex.h
+++ b/usr.sbin/nginx/src/core/ngx_regex.h
@@ -19,7 +19,11 @@
#define NGX_REGEX_CASELESS PCRE_CASELESS
-typedef pcre ngx_regex_t;
+
+typedef struct {
+ pcre *pcre;
+ pcre_extra *extra;
+} ngx_regex_t;
typedef struct {
@@ -46,7 +50,7 @@ void ngx_regex_init(void);
ngx_int_t ngx_regex_compile(ngx_regex_compile_t *rc);
#define ngx_regex_exec(re, s, captures, size) \
- pcre_exec(re, NULL, (const char *) (s)->data, (s)->len, 0, 0, \
+ pcre_exec(re->pcre, re->extra, (const char *) (s)->data, (s)->len, 0, 0, \
captures, size)
#define ngx_regex_exec_n "pcre_exec()"
diff --git a/usr.sbin/nginx/src/core/ngx_resolver.c b/usr.sbin/nginx/src/core/ngx_resolver.c
index 817e65df101..02c484da694 100644
--- a/usr.sbin/nginx/src/core/ngx_resolver.c
+++ b/usr.sbin/nginx/src/core/ngx_resolver.c
@@ -92,8 +92,11 @@ static u_char *ngx_resolver_log_error(ngx_log_t *log, u_char *buf, size_t len);
ngx_resolver_t *
-ngx_resolver_create(ngx_conf_t *cf, ngx_addr_t *addr)
+ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n)
{
+ ngx_str_t s;
+ ngx_url_t u;
+ ngx_uint_t i;
ngx_resolver_t *r;
ngx_pool_cleanup_t *cln;
ngx_udp_connection_t *uc;
@@ -110,6 +113,15 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_addr_t *addr)
return NULL;
}
+ if (n) {
+ if (ngx_array_init(&r->udp_connections, cf->pool, n,
+ sizeof(ngx_udp_connection_t))
+ != NGX_OK)
+ {
+ return NULL;
+ }
+ }
+
cln->data = r;
r->event = ngx_calloc(sizeof(ngx_event_t), cf->log);
@@ -136,22 +148,47 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_addr_t *addr)
r->resend_timeout = 5;
r->expire = 30;
- r->valid = 300;
+ r->valid = 0;
r->log = &cf->cycle->new_log;
r->log_level = NGX_LOG_ERR;
- if (addr) {
- uc = ngx_calloc(sizeof(ngx_udp_connection_t), cf->log);
+ for (i = 0; i < n; i++) {
+ if (ngx_strncmp(names[i].data, "valid=", 6) == 0) {
+ s.len = names[i].len - 6;
+ s.data = names[i].data + 6;
+
+ r->valid = ngx_parse_time(&s, 1);
+
+ if (r->valid == (time_t) NGX_ERROR) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "invalid parameter: %V", &names[i]);
+ return NULL;
+ }
+
+ continue;
+ }
+
+ ngx_memzero(&u, sizeof(ngx_url_t));
+
+ u.host = names[i];
+ u.port = 53;
+
+ if (ngx_inet_resolve_host(cf->pool, &u) != NGX_OK) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "%V: %s", &u.host, u.err);
+ return NULL;
+ }
+
+ uc = ngx_array_push(&r->udp_connections);
if (uc == NULL) {
return NULL;
}
- r->udp_connection = uc;
+ ngx_memzero(uc, sizeof(ngx_udp_connection_t));
- uc->sockaddr = addr->sockaddr;
- uc->socklen = addr->socklen;
- uc->server = addr->name;
+ uc->sockaddr = u.addrs->sockaddr;
+ uc->socklen = u.addrs->socklen;
+ uc->server = u.addrs->name;
}
return r;
@@ -163,6 +200,9 @@ ngx_resolver_cleanup(void *data)
{
ngx_resolver_t *r = data;
+ ngx_uint_t i;
+ ngx_udp_connection_t *uc;
+
if (r) {
ngx_log_debug0(NGX_LOG_DEBUG_CORE, ngx_cycle->log, 0,
"cleanup resolver");
@@ -175,12 +215,13 @@ ngx_resolver_cleanup(void *data)
ngx_free(r->event);
}
- if (r->udp_connection) {
- if (r->udp_connection->connection) {
- ngx_close_connection(r->udp_connection->connection);
- }
- ngx_free(r->udp_connection);
+ uc = r->udp_connections.elts;
+
+ for (i = 0; i < r->udp_connections.nelts; i++) {
+ if (uc[i].connection) {
+ ngx_close_connection(uc[i].connection);
+ }
}
ngx_free(r);
@@ -238,7 +279,7 @@ ngx_resolve_start(ngx_resolver_t *r, ngx_resolver_ctx_t *temp)
}
}
- if (r->udp_connection == NULL) {
+ if (r->udp_connections.nelts == 0) {
return NGX_NO_RESOLVER;
}
@@ -822,7 +863,12 @@ ngx_resolver_send_query(ngx_resolver_t *r, ngx_resolver_node_t *rn)
ssize_t n;
ngx_udp_connection_t *uc;
- uc = r->udp_connection;
+ uc = r->udp_connections.elts;
+
+ uc = &uc[r->last_connection++];
+ if (r->last_connection == r->udp_connections.nelts) {
+ r->last_connection = 0;
+ }
if (uc->connection == NULL) {
@@ -1121,6 +1167,7 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t last,
char *err;
u_char *cname;
size_t len;
+ int32_t ttl;
uint32_t hash;
in_addr_t addr, *addrs;
ngx_str_t name;
@@ -1191,6 +1238,7 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t last,
addrs = NULL;
cname = NULL;
qtype = 0;
+ ttl = 0;
for (a = 0; a < nan; a++) {
@@ -1230,6 +1278,12 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t last,
qtype = (an->type_hi << 8) + an->type_lo;
len = (an->len_hi << 8) + an->len_lo;
+ ttl = (an->ttl[0] << 24) + (an->ttl[1] << 16)
+ + (an->ttl[2] << 8) + (an->ttl[3]);
+
+ if (ttl < 0) {
+ ttl = 0;
+ }
if (qtype == NGX_RESOLVE_A) {
@@ -1259,8 +1313,9 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t last,
}
}
- ngx_log_debug2(NGX_LOG_DEBUG_CORE, r->log, 0,
- "resolver naddrs:%ui cname:%p", naddrs, cname);
+ ngx_log_debug3(NGX_LOG_DEBUG_CORE, r->log, 0,
+ "resolver naddrs:%ui cname:%p ttl:%d",
+ naddrs, cname, ttl);
if (naddrs) {
@@ -1329,7 +1384,7 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t last,
ngx_queue_remove(&rn->queue);
- rn->valid = ngx_time() + r->valid;
+ rn->valid = ngx_time() + (r->valid ? r->valid : ttl);
rn->expire = ngx_time() + r->expire;
ngx_queue_insert_head(&r->name_expire_queue, &rn->queue);
@@ -1371,7 +1426,8 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t last,
rn->cnlen = (u_short) name.len;
rn->u.cname = name.data;
- rn->valid = ngx_time() + r->valid;
+
+ rn->valid = ngx_time() + (r->valid ? r->valid : ttl);
rn->expire = ngx_time() + r->expire;
ngx_queue_insert_head(&r->name_expire_queue, &rn->queue);
@@ -1422,6 +1478,7 @@ ngx_resolver_process_ptr(ngx_resolver_t *r, u_char *buf, size_t n,
char *err;
size_t len;
in_addr_t addr;
+ int32_t ttl;
ngx_int_t digit;
ngx_str_t name;
ngx_uint_t i, mask, qident;
@@ -1517,6 +1574,12 @@ ngx_resolver_process_ptr(ngx_resolver_t *r, u_char *buf, size_t n,
an = (ngx_resolver_an_t *) &buf[i + 2];
len = (an->len_hi << 8) + an->len_lo;
+ ttl = (an->ttl[0] << 24) + (an->ttl[1] << 16)
+ + (an->ttl[2] << 8) + (an->ttl[3]);
+
+ if (ttl < 0) {
+ ttl = 0;
+ }
ngx_log_debug3(NGX_LOG_DEBUG_CORE, r->log, 0,
"resolver qt:%ui cl:%ui len:%uz",
@@ -1553,7 +1616,7 @@ ngx_resolver_process_ptr(ngx_resolver_t *r, u_char *buf, size_t n,
ngx_queue_remove(&rn->queue);
- rn->valid = ngx_time() + r->valid;
+ rn->valid = ngx_time() + (r->valid ? r->valid : ttl);
rn->expire = ngx_time() + r->expire;
ngx_queue_insert_head(&r->addr_expire_queue, &rn->queue);
@@ -1777,7 +1840,7 @@ ngx_resolver_create_name_query(ngx_resolver_node_t *rn, ngx_resolver_ctx_t *ctx)
len++;
} else {
- if (len == 0) {
+ if (len == 0 || len > 255) {
return NGX_DECLINED;
}
@@ -1788,6 +1851,10 @@ ngx_resolver_create_name_query(ngx_resolver_node_t *rn, ngx_resolver_ctx_t *ctx)
p--;
}
+ if (len == 0 || len > 255) {
+ return NGX_DECLINED;
+ }
+
*p = (u_char) len;
return NGX_OK;
diff --git a/usr.sbin/nginx/src/core/ngx_resolver.h b/usr.sbin/nginx/src/core/ngx_resolver.h
index 2301623df94..ae34ca56d3a 100644
--- a/usr.sbin/nginx/src/core/ngx_resolver.h
+++ b/usr.sbin/nginx/src/core/ngx_resolver.h
@@ -78,16 +78,16 @@ typedef struct {
typedef struct {
/* has to be pointer because of "incomplete type" */
ngx_event_t *event;
-
- /* TODO: DNS peers balancer */
- /* STUB */
- ngx_udp_connection_t *udp_connection;
-
+ void *dummy;
ngx_log_t *log;
/* ident must be after 3 pointers */
ngx_int_t ident;
+ /* simple round robin DNS peers balancer */
+ ngx_array_t udp_connections;
+ ngx_uint_t last_connection;
+
ngx_rbtree_t name_rbtree;
ngx_rbtree_node_t name_sentinel;
@@ -124,8 +124,6 @@ struct ngx_resolver_ctx_s {
in_addr_t *addrs;
in_addr_t addr;
- /* TODO: DNS peers balancer ctx */
-
ngx_resolver_handler_pt handler;
void *data;
ngx_msec_t timeout;
@@ -136,7 +134,8 @@ struct ngx_resolver_ctx_s {
};
-ngx_resolver_t *ngx_resolver_create(ngx_conf_t *cf, ngx_addr_t *addr);
+ngx_resolver_t *ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names,
+ ngx_uint_t n);
ngx_resolver_ctx_t *ngx_resolve_start(ngx_resolver_t *r,
ngx_resolver_ctx_t *temp);
ngx_int_t ngx_resolve_name(ngx_resolver_ctx_t *ctx);
diff --git a/usr.sbin/nginx/src/core/ngx_shmtx.c b/usr.sbin/nginx/src/core/ngx_shmtx.c
index 368456e14f8..085294a914a 100644
--- a/usr.sbin/nginx/src/core/ngx_shmtx.c
+++ b/usr.sbin/nginx/src/core/ngx_shmtx.c
@@ -12,10 +12,13 @@
#if (NGX_HAVE_ATOMIC_OPS)
+static void ngx_shmtx_wakeup(ngx_shmtx_t *mtx);
+
+
ngx_int_t
-ngx_shmtx_create(ngx_shmtx_t *mtx, void *addr, u_char *name)
+ngx_shmtx_create(ngx_shmtx_t *mtx, ngx_shmtx_sh_t *addr, u_char *name)
{
- mtx->lock = addr;
+ mtx->lock = &addr->lock;
if (mtx->spin == (ngx_uint_t) -1) {
return NGX_OK;
@@ -25,6 +28,8 @@ ngx_shmtx_create(ngx_shmtx_t *mtx, void *addr, u_char *name)
#if (NGX_HAVE_POSIX_SEM)
+ mtx->wait = &addr->wait;
+
if (sem_init(&mtx->sem, 1, 0) == -1) {
ngx_log_error(NGX_LOG_ALERT, ngx_cycle->log, ngx_errno,
"sem_init() failed");
@@ -57,12 +62,7 @@ ngx_shmtx_destory(ngx_shmtx_t *mtx)
ngx_uint_t
ngx_shmtx_trylock(ngx_shmtx_t *mtx)
{
- ngx_atomic_uint_t val;
-
- val = *mtx->lock;
-
- return ((val & 0x80000000) == 0
- && ngx_atomic_cmp_set(mtx->lock, val, val | 0x80000000));
+ return (*mtx->lock == 0 && ngx_atomic_cmp_set(mtx->lock, 0, ngx_pid));
}
@@ -70,17 +70,12 @@ void
ngx_shmtx_lock(ngx_shmtx_t *mtx)
{
ngx_uint_t i, n;
- ngx_atomic_uint_t val;
ngx_log_debug0(NGX_LOG_DEBUG_CORE, ngx_cycle->log, 0, "shmtx lock");
for ( ;; ) {
- val = *mtx->lock;
-
- if ((val & 0x80000000) == 0
- && ngx_atomic_cmp_set(mtx->lock, val, val | 0x80000000))
- {
+ if (*mtx->lock == 0 && ngx_atomic_cmp_set(mtx->lock, 0, ngx_pid)) {
return;
}
@@ -92,10 +87,8 @@ ngx_shmtx_lock(ngx_shmtx_t *mtx)
ngx_cpu_pause();
}
- val = *mtx->lock;
-
- if ((val & 0x80000000) == 0
- && ngx_atomic_cmp_set(mtx->lock, val, val | 0x80000000))
+ if (*mtx->lock == 0
+ && ngx_atomic_cmp_set(mtx->lock, 0, ngx_pid))
{
return;
}
@@ -105,24 +98,24 @@ ngx_shmtx_lock(ngx_shmtx_t *mtx)
#if (NGX_HAVE_POSIX_SEM)
if (mtx->semaphore) {
- val = *mtx->lock;
+ (void) ngx_atomic_fetch_add(mtx->wait, 1);
- if ((val & 0x80000000)
- && ngx_atomic_cmp_set(mtx->lock, val, val + 1))
- {
- ngx_log_debug1(NGX_LOG_DEBUG_CORE, ngx_cycle->log, 0,
- "shmtx wait %XA", val);
+ if (*mtx->lock == 0 && ngx_atomic_cmp_set(mtx->lock, 0, ngx_pid)) {
+ return;
+ }
- while (sem_wait(&mtx->sem) == -1) {
- ngx_err_t err;
+ ngx_log_debug1(NGX_LOG_DEBUG_CORE, ngx_cycle->log, 0,
+ "shmtx wait %uA", *mtx->wait);
- err = ngx_errno;
+ while (sem_wait(&mtx->sem) == -1) {
+ ngx_err_t err;
- if (err != NGX_EINTR) {
- ngx_log_error(NGX_LOG_ALERT, ngx_cycle->log, err,
- "sem_wait() failed while waiting on shmtx");
- break;
- }
+ err = ngx_errno;
+
+ if (err != NGX_EINTR) {
+ ngx_log_error(NGX_LOG_ALERT, ngx_cycle->log, err,
+ "sem_wait() failed while waiting on shmtx");
+ break;
}
ngx_log_debug0(NGX_LOG_DEBUG_CORE, ngx_cycle->log, 0,
@@ -142,31 +135,56 @@ ngx_shmtx_lock(ngx_shmtx_t *mtx)
void
ngx_shmtx_unlock(ngx_shmtx_t *mtx)
{
- ngx_atomic_uint_t val, old, wait;
-
if (mtx->spin != (ngx_uint_t) -1) {
ngx_log_debug0(NGX_LOG_DEBUG_CORE, ngx_cycle->log, 0, "shmtx unlock");
}
- for ( ;; ) {
+ if (ngx_atomic_cmp_set(mtx->lock, ngx_pid, 0)) {
+ ngx_shmtx_wakeup(mtx);
+ }
+}
- old = *mtx->lock;
- wait = old & 0x7fffffff;
- val = wait ? wait - 1 : 0;
- if (ngx_atomic_cmp_set(mtx->lock, old, val)) {
- break;
- }
+ngx_uint_t
+ngx_shmtx_force_unlock(ngx_shmtx_t *mtx, ngx_pid_t pid)
+{
+ ngx_log_debug0(NGX_LOG_DEBUG_CORE, ngx_cycle->log, 0,
+ "shmtx forced unlock");
+
+ if (ngx_atomic_cmp_set(mtx->lock, pid, 0)) {
+ ngx_shmtx_wakeup(mtx);
+ return 1;
}
+ return 0;
+}
+
+
+static void
+ngx_shmtx_wakeup(ngx_shmtx_t *mtx)
+{
#if (NGX_HAVE_POSIX_SEM)
+ ngx_atomic_uint_t wait;
- if (wait == 0 || !mtx->semaphore) {
+ if (!mtx->semaphore) {
return;
}
+ for ( ;; ) {
+
+ wait = *mtx->wait;
+
+ if (wait == 0) {
+ return;
+ }
+
+ if (ngx_atomic_cmp_set(mtx->wait, wait, wait - 1)) {
+ break;
+ }
+ }
+
ngx_log_debug1(NGX_LOG_DEBUG_CORE, ngx_cycle->log, 0,
- "shmtx wake %XA", old);
+ "shmtx wake %uA", wait);
if (sem_post(&mtx->sem) == -1) {
ngx_log_error(NGX_LOG_ALERT, ngx_cycle->log, ngx_errno,
@@ -181,7 +199,7 @@ ngx_shmtx_unlock(ngx_shmtx_t *mtx)
ngx_int_t
-ngx_shmtx_create(ngx_shmtx_t *mtx, void *addr, u_char *name)
+ngx_shmtx_create(ngx_shmtx_t *mtx, ngx_shmtx_sh_t *addr, u_char *name)
{
if (mtx->name) {
@@ -281,4 +299,11 @@ ngx_shmtx_unlock(ngx_shmtx_t *mtx)
ngx_log_abort(err, ngx_unlock_fd_n " %s failed", mtx->name);
}
+
+ngx_uint_t
+ngx_shmtx_force_unlock(ngx_shmtx_t *mtx, ngx_pid_t pid)
+{
+ return 0;
+}
+
#endif
diff --git a/usr.sbin/nginx/src/core/ngx_shmtx.h b/usr.sbin/nginx/src/core/ngx_shmtx.h
index 70a44cbc5fb..830b6f5b198 100644
--- a/usr.sbin/nginx/src/core/ngx_shmtx.h
+++ b/usr.sbin/nginx/src/core/ngx_shmtx.h
@@ -14,9 +14,18 @@
typedef struct {
+ ngx_atomic_t lock;
+#if (NGX_HAVE_POSIX_SEM)
+ ngx_atomic_t wait;
+#endif
+} ngx_shmtx_sh_t;
+
+
+typedef struct {
#if (NGX_HAVE_ATOMIC_OPS)
ngx_atomic_t *lock;
#if (NGX_HAVE_POSIX_SEM)
+ ngx_atomic_t *wait;
ngx_uint_t semaphore;
sem_t sem;
#endif
@@ -28,11 +37,13 @@ typedef struct {
} ngx_shmtx_t;
-ngx_int_t ngx_shmtx_create(ngx_shmtx_t *mtx, void *addr, u_char *name);
+ngx_int_t ngx_shmtx_create(ngx_shmtx_t *mtx, ngx_shmtx_sh_t *addr,
+ u_char *name);
void ngx_shmtx_destory(ngx_shmtx_t *mtx);
ngx_uint_t ngx_shmtx_trylock(ngx_shmtx_t *mtx);
void ngx_shmtx_lock(ngx_shmtx_t *mtx);
void ngx_shmtx_unlock(ngx_shmtx_t *mtx);
+ngx_uint_t ngx_shmtx_force_unlock(ngx_shmtx_t *mtx, ngx_pid_t pid);
#endif /* _NGX_SHMTX_H_INCLUDED_ */
diff --git a/usr.sbin/nginx/src/core/ngx_slab.c b/usr.sbin/nginx/src/core/ngx_slab.c
index 74f23a35e19..3d566037708 100644
--- a/usr.sbin/nginx/src/core/ngx_slab.c
+++ b/usr.sbin/nginx/src/core/ngx_slab.c
@@ -43,14 +43,14 @@
#if (NGX_DEBUG_MALLOC)
-#define ngx_slab_junk(p, size) ngx_memset(p, 0xD0, size)
+#define ngx_slab_junk(p, size) ngx_memset(p, 0xA5, size)
#else
-#if (NGX_FREEBSD)
+#if (NGX_HAVE_DEBUG_MALLOC)
#define ngx_slab_junk(p, size) \
- if (ngx_freebsd_debug_malloc) ngx_memset(p, 0xD0, size)
+ if (ngx_debug_malloc) ngx_memset(p, 0xA5, size)
#else
diff --git a/usr.sbin/nginx/src/core/ngx_slab.h b/usr.sbin/nginx/src/core/ngx_slab.h
index efb5d01f3b3..c5e420bfa8e 100644
--- a/usr.sbin/nginx/src/core/ngx_slab.h
+++ b/usr.sbin/nginx/src/core/ngx_slab.h
@@ -23,7 +23,7 @@ struct ngx_slab_page_s {
typedef struct {
- ngx_atomic_t lock;
+ ngx_shmtx_sh_t lock;
size_t min_size;
size_t min_shift;
diff --git a/usr.sbin/nginx/src/core/ngx_string.c b/usr.sbin/nginx/src/core/ngx_string.c
index 05184479c96..53cb946fee0 100644
--- a/usr.sbin/nginx/src/core/ngx_string.c
+++ b/usr.sbin/nginx/src/core/ngx_string.c
@@ -146,12 +146,12 @@ ngx_vslprintf(u_char *buf, u_char *last, const char *fmt, va_list args)
{
u_char *p, zero;
int d;
- double f, scale;
+ double f;
size_t len, slen;
int64_t i64;
- uint64_t ui64;
+ uint64_t ui64, frac;
ngx_msec_t ms;
- ngx_uint_t width, sign, hex, max_width, frac_width, n;
+ ngx_uint_t width, sign, hex, max_width, frac_width, scale, n;
ngx_str_t *v;
ngx_variable_value_t *vv;
@@ -365,28 +365,31 @@ ngx_vslprintf(u_char *buf, u_char *last, const char *fmt, va_list args)
}
ui64 = (int64_t) f;
-
- buf = ngx_sprintf_num(buf, last, ui64, zero, 0, width);
+ frac = 0;
if (frac_width) {
- if (buf < last) {
- *buf++ = '.';
+ scale = 1;
+ for (n = frac_width; n; n--) {
+ scale *= 10;
}
- scale = 1.0;
+ frac = (uint64_t) ((f - (double) ui64) * scale + 0.5);
- for (n = frac_width; n; n--) {
- scale *= 10.0;
+ if (frac == scale) {
+ ui64++;
+ frac = 0;
}
+ }
- /*
- * (int64_t) cast is required for msvc6:
- * it cannot convert uint64_t to double
- */
- ui64 = (uint64_t) ((f - (int64_t) ui64) * scale + 0.5);
+ buf = ngx_sprintf_num(buf, last, ui64, zero, 0, width);
+
+ if (frac_width) {
+ if (buf < last) {
+ *buf++ = '.';
+ }
- buf = ngx_sprintf_num(buf, last, ui64, '0', 0, frac_width);
+ buf = ngx_sprintf_num(buf, last, frac, '0', 0, frac_width);
}
fmt++;
@@ -1841,9 +1844,9 @@ ngx_strip_chroot(ngx_str_t *path)
{
if (!ngx_strncmp(path->data, NGX_PREFIX, strlen(NGX_PREFIX))) {
char *x, *buf = malloc(path->len);
- x = ngx_cpystrn(buf, path->data + strlen(NGX_PREFIX) - 1,
- path->len);
- path->len = (x - buf);
- path->data = buf;
+ x = ngx_cpystrn(buf, path->data + strlen(NGX_PREFIX) - 1,
+ path->len);
+ path->len = (x - buf);
+ path->data = buf;
}
}
diff --git a/usr.sbin/nginx/src/core/ngx_times.c b/usr.sbin/nginx/src/core/ngx_times.c
index 6a5808fe2ea..ed1bf64bc08 100644
--- a/usr.sbin/nginx/src/core/ngx_times.c
+++ b/usr.sbin/nginx/src/core/ngx_times.c
@@ -33,7 +33,7 @@ volatile ngx_str_t ngx_cached_http_log_iso8601;
#if !(NGX_WIN32)
/*
- * locatime() and localtime_r() are not Async-Signal-Safe functions, therefore,
+ * localtime() and localtime_r() are not Async-Signal-Safe functions, therefore,
* they must not be called by a signal handler, so we use the cached
* GMT offset value. Fortunately the value is changed only two times a year.
*/
@@ -308,7 +308,7 @@ ngx_gmtime(time_t t, ngx_tm_t *tp)
/*
* The "days" should be adjusted to 1 only, however, some March 1st's go
* to previous year, so we adjust them to 2. This causes also shift of the
- * last Feburary days to next year, but we catch the case when "yday"
+ * last February days to next year, but we catch the case when "yday"
* becomes negative.
*/
diff --git a/usr.sbin/nginx/src/event/modules/ngx_epoll_module.c b/usr.sbin/nginx/src/event/modules/ngx_epoll_module.c
index ddf178927b4..a73394906d1 100644
--- a/usr.sbin/nginx/src/event/modules/ngx_epoll_module.c
+++ b/usr.sbin/nginx/src/event/modules/ngx_epoll_module.c
@@ -445,7 +445,7 @@ ngx_epoll_del_event(ngx_event_t *ev, ngx_int_t event, ngx_uint_t flags)
/*
* when the file descriptor is closed, the epoll automatically deletes
- * it from its queue, so we do not need to delete explicity the event
+ * it from its queue, so we do not need to delete explicitly the event
* before the closing the file descriptor
*/
@@ -524,7 +524,7 @@ ngx_epoll_del_connection(ngx_connection_t *c, ngx_uint_t flags)
/*
* when the file descriptor is closed the epoll automatically deletes
- * it from its queue so we do not need to delete explicity the event
+ * it from its queue so we do not need to delete explicitly the event
* before the closing the file descriptor
*/
diff --git a/usr.sbin/nginx/src/event/modules/ngx_eventport_module.c b/usr.sbin/nginx/src/event/modules/ngx_eventport_module.c
index 0bfb47e5ca3..bbcd6dd6bae 100644
--- a/usr.sbin/nginx/src/event/modules/ngx_eventport_module.c
+++ b/usr.sbin/nginx/src/event/modules/ngx_eventport_module.c
@@ -322,7 +322,7 @@ ngx_eventport_del_event(ngx_event_t *ev, ngx_int_t event, ngx_uint_t flags)
/*
* when the file descriptor is closed, the event port automatically
- * dissociates it from the port, so we do not need to dissociate explicity
+ * dissociates it from the port, so we do not need to dissociate explicitly
* the event before the closing the file descriptor
*/
diff --git a/usr.sbin/nginx/src/event/modules/ngx_kqueue_module.c b/usr.sbin/nginx/src/event/modules/ngx_kqueue_module.c
index c0f70752f01..30e456c4da0 100644
--- a/usr.sbin/nginx/src/event/modules/ngx_kqueue_module.c
+++ b/usr.sbin/nginx/src/event/modules/ngx_kqueue_module.c
@@ -377,7 +377,7 @@ ngx_kqueue_del_event(ngx_event_t *ev, ngx_int_t event, ngx_uint_t flags)
/*
* when the file descriptor is closed the kqueue automatically deletes
- * its filters so we do not need to delete explicity the event
+ * its filters so we do not need to delete explicitly the event
* before the closing the file descriptor.
*/
diff --git a/usr.sbin/nginx/src/event/ngx_event.c b/usr.sbin/nginx/src/event/ngx_event.c
index 88e151cc4b5..a0a9d743b5e 100644
--- a/usr.sbin/nginx/src/event/ngx_event.c
+++ b/usr.sbin/nginx/src/event/ngx_event.c
@@ -21,6 +21,7 @@ extern ngx_module_t ngx_rtsig_module;
extern ngx_module_t ngx_select_module;
+static char *ngx_event_init_conf(ngx_cycle_t *cycle, void *conf);
static ngx_int_t ngx_event_module_init(ngx_cycle_t *cycle);
static ngx_int_t ngx_event_process_init(ngx_cycle_t *cycle);
static char *ngx_events_block(ngx_conf_t *cf, ngx_command_t *cmd, void *conf);
@@ -31,8 +32,8 @@ static char *ngx_event_use(ngx_conf_t *cf, ngx_command_t *cmd, void *conf);
static char *ngx_event_debug_connection(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
-static void *ngx_event_create_conf(ngx_cycle_t *cycle);
-static char *ngx_event_init_conf(ngx_cycle_t *cycle, void *conf);
+static void *ngx_event_core_create_conf(ngx_cycle_t *cycle);
+static char *ngx_event_core_init_conf(ngx_cycle_t *cycle, void *conf);
static ngx_uint_t ngx_timer_resolution;
@@ -93,7 +94,7 @@ static ngx_command_t ngx_events_commands[] = {
static ngx_core_module_t ngx_events_module_ctx = {
ngx_string("events"),
NULL,
- NULL
+ ngx_event_init_conf
};
@@ -173,8 +174,8 @@ static ngx_command_t ngx_event_core_commands[] = {
ngx_event_module_t ngx_event_core_module_ctx = {
&event_core_name,
- ngx_event_create_conf, /* create configuration */
- ngx_event_init_conf, /* init configuration */
+ ngx_event_core_create_conf, /* create configuration */
+ ngx_event_core_init_conf, /* init configuration */
{ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }
};
@@ -423,6 +424,19 @@ ngx_handle_write_event(ngx_event_t *wev, size_t lowat)
}
+static char *
+ngx_event_init_conf(ngx_cycle_t *cycle, void *conf)
+{
+ if (ngx_get_conf(cycle->conf_ctx, ngx_events_module) == NULL) {
+ ngx_log_error(NGX_LOG_EMERG, cycle->log, 0,
+ "no \"events\" section in configuration");
+ return NGX_CONF_ERROR;
+ }
+
+ return NGX_CONF_OK;
+}
+
+
static ngx_int_t
ngx_event_module_init(ngx_cycle_t *cycle)
{
@@ -435,13 +449,6 @@ ngx_event_module_init(ngx_cycle_t *cycle)
ngx_event_conf_t *ecf;
cf = ngx_get_conf(cycle->conf_ctx, ngx_events_module);
-
- if (cf == NULL) {
- ngx_log_error(NGX_LOG_EMERG, cycle->log, 0,
- "no \"events\" section in configuration");
- return NGX_ERROR;
- }
-
ecf = (*cf)[ngx_event_core_module.ctx_index];
if (!ngx_test_config && ngx_process <= NGX_PROCESS_MASTER) {
@@ -471,7 +478,7 @@ ngx_event_module_init(ngx_cycle_t *cycle)
(ngx_int_t) rlmt.rlim_cur : ccf->rlimit_nofile;
ngx_log_error(NGX_LOG_WARN, cycle->log, 0,
- "%ui worker_connections are more than "
+ "%ui worker_connections exceed "
"open file resource limit: %i",
ecf->connections, limit);
}
@@ -489,7 +496,7 @@ ngx_event_module_init(ngx_cycle_t *cycle)
}
- /* cl should be equal or bigger than cache line size */
+ /* cl should be equal to or greater than cache line size */
cl = 128;
@@ -522,7 +529,8 @@ ngx_event_module_init(ngx_cycle_t *cycle)
ngx_accept_mutex_ptr = (ngx_atomic_t *) shared;
ngx_accept_mutex.spin = (ngx_uint_t) -1;
- if (ngx_shmtx_create(&ngx_accept_mutex, shared, cycle->lock_file.data)
+ if (ngx_shmtx_create(&ngx_accept_mutex, (ngx_shmtx_sh_t *) shared,
+ cycle->lock_file.data)
!= NGX_OK)
{
return NGX_ERROR;
@@ -1115,7 +1123,7 @@ ngx_event_debug_connection(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
static void *
-ngx_event_create_conf(ngx_cycle_t *cycle)
+ngx_event_core_create_conf(ngx_cycle_t *cycle)
{
ngx_event_conf_t *ecf;
@@ -1146,7 +1154,7 @@ ngx_event_create_conf(ngx_cycle_t *cycle)
static char *
-ngx_event_init_conf(ngx_cycle_t *cycle, void *conf)
+ngx_event_core_init_conf(ngx_cycle_t *cycle, void *conf)
{
ngx_event_conf_t *ecf = conf;
diff --git a/usr.sbin/nginx/src/event/ngx_event_openssl.c b/usr.sbin/nginx/src/event/ngx_event_openssl.c
index 6b9dba16b71..21deefda926 100644
--- a/usr.sbin/nginx/src/event/ngx_event_openssl.c
+++ b/usr.sbin/nginx/src/event/ngx_event_openssl.c
@@ -478,6 +478,7 @@ ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file)
return NGX_OK;
}
+
ngx_int_t
ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name)
{
@@ -488,7 +489,7 @@ ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name)
/*
* Elliptic-Curve Diffie-Hellman parameters are either "named curves"
- * from RFC 4492 section 5.1.1, or explicitely described curves over
+ * from RFC 4492 section 5.1.1, or explicitly described curves over
* binary fields. OpenSSL only supports the "named curves", which provide
* maximum interoperability.
*/
@@ -518,6 +519,7 @@ ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name)
return NGX_OK;
}
+
ngx_int_t
ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags)
{
diff --git a/usr.sbin/nginx/src/event/ngx_event_pipe.c b/usr.sbin/nginx/src/event/ngx_event_pipe.c
index 7af5a63fc24..c2c79837fcf 100644
--- a/usr.sbin/nginx/src/event/ngx_event_pipe.c
+++ b/usr.sbin/nginx/src/event/ngx_event_pipe.c
@@ -16,8 +16,6 @@ static ngx_int_t ngx_event_pipe_write_to_downstream(ngx_event_pipe_t *p);
static ngx_int_t ngx_event_pipe_write_chain_to_temp_file(ngx_event_pipe_t *p);
static ngx_inline void ngx_event_pipe_remove_shadow_links(ngx_buf_t *buf);
-static ngx_inline void ngx_event_pipe_free_shadow_raw_buf(ngx_chain_t **free,
- ngx_buf_t *buf);
static ngx_int_t ngx_event_pipe_drain_chains(ngx_event_pipe_t *p);
@@ -150,7 +148,7 @@ ngx_event_pipe_read_upstream(ngx_event_pipe_t *p)
&& p->upstream->read->pending_eof)
{
p->upstream->read->ready = 0;
- p->upstream->read->eof = 0;
+ p->upstream->read->eof = 1;
p->upstream_eof = 1;
p->read = 1;
@@ -393,8 +391,33 @@ ngx_event_pipe_read_upstream(ngx_event_pipe_t *p)
cl->buf->file_last - cl->buf->file_pos);
}
+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, p->log, 0,
+ "pipe length: %O", p->length);
+
#endif
+ if (p->free_raw_bufs && p->length != -1) {
+ cl = p->free_raw_bufs;
+
+ if (cl->buf->last - cl->buf->pos >= p->length) {
+
+ p->free_raw_bufs = cl->next;
+
+ /* STUB */ cl->buf->num = p->num++;
+
+ if (p->input_filter(p, cl->buf) == NGX_ERROR) {
+ return NGX_ABORT;
+ }
+
+ ngx_free_chain(p->pool, cl);
+ }
+ }
+
+ if (p->length == 0) {
+ p->upstream_done = 1;
+ p->read = 1;
+ }
+
if ((p->upstream_eof || p->upstream_error) && p->free_raw_bufs) {
/* STUB */ p->free_raw_bufs->buf->num = p->num++;
@@ -553,17 +576,13 @@ ngx_event_pipe_write_to_downstream(ngx_event_pipe_t *p)
if (p->out) {
cl = p->out;
- if (cl->buf->recycled
- && bsize + cl->buf->last - cl->buf->pos > p->busy_size)
- {
- flush = 1;
- break;
+ if (cl->buf->recycled) {
+ ngx_log_error(NGX_LOG_ALERT, p->log, 0,
+ "recycled buffer in pipe out chain");
}
p->out = p->out->next;
- ngx_event_pipe_free_shadow_raw_buf(&p->free_raw_bufs, cl->buf);
-
} else if (!p->cacheable && p->in) {
cl = p->in;
@@ -573,24 +592,13 @@ ngx_event_pipe_write_to_downstream(ngx_event_pipe_t *p)
cl->buf->pos,
cl->buf->last - cl->buf->pos);
- if (cl->buf->recycled
- && cl->buf->last_shadow
- && bsize + cl->buf->last - cl->buf->pos > p->busy_size)
- {
- if (!prev_last_shadow) {
- p->in = p->in->next;
-
- cl->next = NULL;
-
- if (out) {
- *ll = cl;
- } else {
- out = cl;
- }
+ if (cl->buf->recycled && prev_last_shadow) {
+ if (bsize + cl->buf->end - cl->buf->start > p->busy_size) {
+ flush = 1;
+ break;
}
- flush = 1;
- break;
+ bsize += cl->buf->end - cl->buf->start;
}
prev_last_shadow = cl->buf->last_shadow;
@@ -601,10 +609,6 @@ ngx_event_pipe_write_to_downstream(ngx_event_pipe_t *p)
break;
}
- if (cl->buf->recycled) {
- bsize += cl->buf->last - cl->buf->pos;
- }
-
cl->next = NULL;
if (out) {
@@ -634,7 +638,7 @@ ngx_event_pipe_write_to_downstream(ngx_event_pipe_t *p)
rc = p->output_filter(p->output_ctx, out);
- ngx_chain_update_chains(&p->free, &p->busy, &out, p->tag);
+ ngx_chain_update_chains(p->pool, &p->free, &p->busy, &out, p->tag);
if (rc == NGX_ERROR) {
p->downstream_error = 1;
@@ -678,9 +682,10 @@ ngx_event_pipe_write_to_downstream(ngx_event_pipe_t *p)
static ngx_int_t
ngx_event_pipe_write_chain_to_temp_file(ngx_event_pipe_t *p)
{
- ssize_t size, bsize;
+ ssize_t size, bsize, n;
ngx_buf_t *b;
- ngx_chain_t *cl, *tl, *next, *out, **ll, **last_free, fl;
+ ngx_uint_t prev_last_shadow;
+ ngx_chain_t *cl, *tl, *next, *out, **ll, **last_out, **last_free, fl;
if (p->buf_to_file) {
fl.buf = p->buf_to_file;
@@ -696,6 +701,7 @@ ngx_event_pipe_write_chain_to_temp_file(ngx_event_pipe_t *p)
size = 0;
cl = out;
ll = NULL;
+ prev_last_shadow = 1;
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, p->log, 0,
"pipe offset: %O", p->temp_file->offset);
@@ -703,16 +709,21 @@ ngx_event_pipe_write_chain_to_temp_file(ngx_event_pipe_t *p)
do {
bsize = cl->buf->last - cl->buf->pos;
- ngx_log_debug3(NGX_LOG_DEBUG_EVENT, p->log, 0,
- "pipe buf %p, pos %p, size: %z",
- cl->buf->start, cl->buf->pos, bsize);
+ ngx_log_debug4(NGX_LOG_DEBUG_EVENT, p->log, 0,
+ "pipe buf ls:%d %p, pos %p, size: %z",
+ cl->buf->last_shadow, cl->buf->start,
+ cl->buf->pos, bsize);
- if ((size + bsize > p->temp_file_write_size)
- || (p->temp_file->offset + size + bsize > p->max_temp_file_size))
+ if (prev_last_shadow
+ && ((size + bsize > p->temp_file_write_size)
+ || (p->temp_file->offset + size + bsize
+ > p->max_temp_file_size)))
{
break;
}
+ prev_last_shadow = cl->buf->last_shadow;
+
size += bsize;
ll = &cl->next;
cl = cl->next;
@@ -739,42 +750,77 @@ ngx_event_pipe_write_chain_to_temp_file(ngx_event_pipe_t *p)
p->last_in = &p->in;
}
- if (ngx_write_chain_to_temp_file(p->temp_file, out) == NGX_ERROR) {
- return NGX_ABORT;
- }
+ n = ngx_write_chain_to_temp_file(p->temp_file, out);
- for (last_free = &p->free_raw_bufs;
- *last_free != NULL;
- last_free = &(*last_free)->next)
- {
- /* void */
+ if (n == NGX_ERROR) {
+ return NGX_ABORT;
}
if (p->buf_to_file) {
p->temp_file->offset = p->buf_to_file->last - p->buf_to_file->pos;
+ n -= p->buf_to_file->last - p->buf_to_file->pos;
p->buf_to_file = NULL;
out = out->next;
}
- for (cl = out; cl; cl = next) {
- next = cl->next;
- cl->next = NULL;
+ if (n > 0) {
+ /* update previous buffer or add new buffer */
+
+ if (p->out) {
+ for (cl = p->out; cl->next; cl = cl->next) { /* void */ }
+
+ b = cl->buf;
+
+ if (b->file_last == p->temp_file->offset) {
+ p->temp_file->offset += n;
+ b->file_last = p->temp_file->offset;
+ goto free;
+ }
+
+ last_out = &cl->next;
+
+ } else {
+ last_out = &p->out;
+ }
+
+ cl = ngx_chain_get_free_buf(p->pool, &p->free);
+ if (cl == NULL) {
+ return NGX_ABORT;
+ }
b = cl->buf;
+
+ ngx_memzero(b, sizeof(ngx_buf_t));
+
+ b->tag = p->tag;
+
b->file = &p->temp_file->file;
b->file_pos = p->temp_file->offset;
- p->temp_file->offset += b->last - b->pos;
+ p->temp_file->offset += n;
b->file_last = p->temp_file->offset;
b->in_file = 1;
b->temp_file = 1;
- if (p->out) {
- *p->last_out = cl;
- } else {
- p->out = cl;
- }
- p->last_out = &cl->next;
+ *last_out = cl;
+ }
+
+free:
+
+ for (last_free = &p->free_raw_bufs;
+ *last_free != NULL;
+ last_free = &(*last_free)->next)
+ {
+ /* void */
+ }
+
+ for (cl = out; cl; cl = next) {
+ next = cl->next;
+
+ cl->next = p->free;
+ p->free = cl;
+
+ b = cl->buf;
if (b->last_shadow) {
@@ -849,6 +895,12 @@ ngx_event_pipe_copy_input_filter(ngx_event_pipe_t *p, ngx_buf_t *buf)
}
p->last_in = &cl->next;
+ if (p->length == -1) {
+ return NGX_OK;
+ }
+
+ p->length -= b->last - b->pos;
+
return NGX_OK;
}
@@ -884,35 +936,6 @@ ngx_event_pipe_remove_shadow_links(ngx_buf_t *buf)
}
-static ngx_inline void
-ngx_event_pipe_free_shadow_raw_buf(ngx_chain_t **free, ngx_buf_t *buf)
-{
- ngx_buf_t *s;
- ngx_chain_t *cl, **ll;
-
- if (buf->shadow == NULL) {
- return;
- }
-
- for (s = buf->shadow; !s->last_shadow; s = s->shadow) { /* void */ }
-
- ll = free;
-
- for (cl = *free; cl; cl = cl->next) {
- if (cl->buf == s) {
- *ll = cl->next;
- break;
- }
-
- if (cl->buf->shadow) {
- break;
- }
-
- ll = &cl->next;
- }
-}
-
-
ngx_int_t
ngx_event_pipe_add_free_buf(ngx_event_pipe_t *p, ngx_buf_t *b)
{
diff --git a/usr.sbin/nginx/src/event/ngx_event_pipe.h b/usr.sbin/nginx/src/event/ngx_event_pipe.h
index ff63cf64af3..f24e6d148f5 100644
--- a/usr.sbin/nginx/src/event/ngx_event_pipe.h
+++ b/usr.sbin/nginx/src/event/ngx_event_pipe.h
@@ -31,8 +31,6 @@ struct ngx_event_pipe_s {
ngx_chain_t **last_in;
ngx_chain_t *out;
- ngx_chain_t **last_out;
-
ngx_chain_t *free;
ngx_chain_t *busy;
@@ -66,6 +64,7 @@ struct ngx_event_pipe_s {
ssize_t busy_size;
off_t read_length;
+ off_t length;
off_t max_temp_file_size;
ssize_t temp_file_write_size;
diff --git a/usr.sbin/nginx/src/event/ngx_event_timer.c b/usr.sbin/nginx/src/event/ngx_event_timer.c
index 7a810720930..177ac1cf113 100644
--- a/usr.sbin/nginx/src/event/ngx_event_timer.c
+++ b/usr.sbin/nginx/src/event/ngx_event_timer.c
@@ -67,7 +67,7 @@ ngx_event_find_timer(void)
ngx_mutex_unlock(ngx_event_timer_mutex);
- timer = (ngx_msec_int_t) node->key - (ngx_msec_int_t) ngx_current_msec;
+ timer = (ngx_msec_int_t) (node->key - ngx_current_msec);
return (ngx_msec_t) (timer > 0 ? timer : 0);
}
@@ -95,8 +95,7 @@ ngx_event_expire_timers(void)
/* node->key <= ngx_current_time */
- if ((ngx_msec_int_t) node->key - (ngx_msec_int_t) ngx_current_msec <= 0)
- {
+ if ((ngx_msec_int_t) (node->key - ngx_current_msec) <= 0) {
ev = (ngx_event_t *) ((char *) node - offsetof(ngx_event_t, timer));
#if (NGX_THREADS)
diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_access_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_access_module.c
index 84a75d777ab..70a4262fccb 100644
--- a/usr.sbin/nginx/src/http/modules/ngx_http_access_module.c
+++ b/usr.sbin/nginx/src/http/modules/ngx_http_access_module.c
@@ -351,14 +351,19 @@ ngx_http_access_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_http_access_loc_conf_t *prev = parent;
ngx_http_access_loc_conf_t *conf = child;
- if (conf->rules == NULL) {
+#if (NGX_HAVE_INET6)
+
+ if (conf->rules == NULL && conf->rules6 == NULL) {
conf->rules = prev->rules;
+ conf->rules6 = prev->rules6;
}
-#if (NGX_HAVE_INET6)
- if (conf->rules6 == NULL) {
- conf->rules6 = prev->rules6;
+#else
+
+ if (conf->rules == NULL) {
+ conf->rules = prev->rules;
}
+
#endif
return NGX_CONF_OK;
diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_browser_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_browser_module.c
index 13a7145385e..80da0d8fa86 100644
--- a/usr.sbin/nginx/src/http/modules/ngx_http_browser_module.c
+++ b/usr.sbin/nginx/src/http/modules/ngx_http_browser_module.c
@@ -458,10 +458,11 @@ ngx_http_browser_merge_conf(ngx_conf_t *cf, void *parent, void *child)
* with a real skip value. The zero value means Opera.
*/
- if (conf->modern_browsers == NULL) {
+ if (conf->modern_browsers == NULL && conf->modern_unlisted_browsers == 0) {
conf->modern_browsers = prev->modern_browsers;
+ conf->modern_unlisted_browsers = prev->modern_unlisted_browsers;
- } else {
+ } else if (conf->modern_browsers != NULL) {
browsers = conf->modern_browsers->elts;
for (i = 0; i < conf->modern_browsers->nelts; i++) {
@@ -501,8 +502,9 @@ found:
}
}
- if (conf->ancient_browsers == NULL) {
+ if (conf->ancient_browsers == NULL && conf->netscape4 == 0) {
conf->ancient_browsers = prev->ancient_browsers;
+ conf->netscape4 = prev->netscape4;
}
if (conf->modern_browser_value == NULL) {
diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_chunked_filter_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_chunked_filter_module.c
index f07a8442e4d..94313a8f650 100644
--- a/usr.sbin/nginx/src/http/modules/ngx_http_chunked_filter_module.c
+++ b/usr.sbin/nginx/src/http/modules/ngx_http_chunked_filter_module.c
@@ -222,7 +222,7 @@ ngx_http_chunked_body_filter(ngx_http_request_t *r, ngx_chain_t *in)
rc = ngx_http_next_body_filter(r, out);
- ngx_chain_update_chains(&ctx->free, &ctx->busy, &out,
+ ngx_chain_update_chains(r->pool, &ctx->free, &ctx->busy, &out,
(ngx_buf_tag_t) &ngx_http_chunked_filter_module);
return rc;
diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_degradation_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_degradation_module.c
index 0b1368f3b5a..b9c65cdc9e0 100644
--- a/usr.sbin/nginx/src/http/modules/ngx_http_degradation_module.c
+++ b/usr.sbin/nginx/src/http/modules/ngx_http_degradation_module.c
@@ -126,7 +126,7 @@ ngx_http_degraded(ngx_http_request_t *r)
* ELF/i386 is loaded at 0x08000000, 128M
* ELF/amd64 is loaded at 0x00400000, 4M
*
- * use a function address to substract the loading address
+ * use a function address to subtract the loading address
*/
sbrk_size = (size_t) sbrk(0) - ((uintptr_t) ngx_palloc & ~0x3FFFFF);
diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_fastcgi_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_fastcgi_module.c
index 23ef2957f6b..3bc994a8004 100644
--- a/usr.sbin/nginx/src/http/modules/ngx_http_fastcgi_module.c
+++ b/usr.sbin/nginx/src/http/modules/ngx_http_fastcgi_module.c
@@ -27,6 +27,8 @@ typedef struct {
ngx_hash_t headers_hash;
ngx_uint_t header_params;
+ ngx_flag_t keep_conn;
+
#if (NGX_HTTP_CACHE)
ngx_http_complex_value_t cache_key;
#endif
@@ -78,6 +80,8 @@ typedef struct {
#define NGX_HTTP_FASTCGI_RESPONDER 1
+#define NGX_HTTP_FASTCGI_KEEP_CONN 1
+
#define NGX_HTTP_FASTCGI_BEGIN_REQUEST 1
#define NGX_HTTP_FASTCGI_ABORT_REQUEST 2
#define NGX_HTTP_FASTCGI_END_REQUEST 3
@@ -131,6 +135,7 @@ static ngx_int_t ngx_http_fastcgi_create_key(ngx_http_request_t *r);
static ngx_int_t ngx_http_fastcgi_create_request(ngx_http_request_t *r);
static ngx_int_t ngx_http_fastcgi_reinit_request(ngx_http_request_t *r);
static ngx_int_t ngx_http_fastcgi_process_header(ngx_http_request_t *r);
+static ngx_int_t ngx_http_fastcgi_input_filter_init(void *data);
static ngx_int_t ngx_http_fastcgi_input_filter(ngx_event_pipe_t *p,
ngx_buf_t *buf);
static ngx_int_t ngx_http_fastcgi_process_record(ngx_http_request_t *r,
@@ -376,6 +381,20 @@ static ngx_command_t ngx_http_fastcgi_commands[] = {
offsetof(ngx_http_fastcgi_loc_conf_t, upstream.cache_methods),
&ngx_http_upstream_cache_method_mask },
+ { ngx_string("fastcgi_cache_lock"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+ ngx_conf_set_flag_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_fastcgi_loc_conf_t, upstream.cache_lock),
+ NULL },
+
+ { ngx_string("fastcgi_cache_lock_timeout"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_msec_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_fastcgi_loc_conf_t, upstream.cache_lock_timeout),
+ NULL },
+
#endif
{ ngx_string("fastcgi_temp_path"),
@@ -407,8 +426,8 @@ static ngx_command_t ngx_http_fastcgi_commands[] = {
&ngx_http_fastcgi_next_upstream_masks },
{ ngx_string("fastcgi_param"),
- NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE2,
- ngx_conf_set_keyval_slot,
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE23,
+ ngx_http_upstream_param_set_slot,
NGX_HTTP_LOC_CONF_OFFSET,
offsetof(ngx_http_fastcgi_loc_conf_t, params_source),
NULL },
@@ -441,6 +460,13 @@ static ngx_command_t ngx_http_fastcgi_commands[] = {
offsetof(ngx_http_fastcgi_loc_conf_t, catch_stderr),
NULL },
+ { ngx_string("fastcgi_keep_conn"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+ ngx_conf_set_flag_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_fastcgi_loc_conf_t, keep_conn),
+ NULL },
+
ngx_null_command
};
@@ -604,6 +630,8 @@ ngx_http_fastcgi_handler(ngx_http_request_t *r)
u->pipe->input_filter = ngx_http_fastcgi_input_filter;
u->pipe->input_ctx = r;
+ u->input_filter_init = ngx_http_fastcgi_input_filter_init;
+
rc = ngx_http_read_client_request_body(r, ngx_http_upstream_init);
if (rc >= NGX_HTTP_SPECIAL_RESPONSE) {
@@ -695,7 +723,7 @@ ngx_http_fastcgi_create_request(ngx_http_request_t *r)
u_char ch, *pos, *lowcase_key;
size_t size, len, key_len, val_len, padding,
allocated;
- ngx_uint_t i, n, next, hash, header_params;
+ ngx_uint_t i, n, next, hash, skip_empty, header_params;
ngx_buf_t *b;
ngx_chain_t *cl, *body;
ngx_list_part_t *part;
@@ -726,11 +754,18 @@ ngx_http_fastcgi_create_request(ngx_http_request_t *r)
lcode = *(ngx_http_script_len_code_pt *) le.ip;
key_len = lcode(&le);
+ lcode = *(ngx_http_script_len_code_pt *) le.ip;
+ skip_empty = lcode(&le);
+
for (val_len = 0; *(uintptr_t *) le.ip; val_len += lcode(&le)) {
lcode = *(ngx_http_script_len_code_pt *) le.ip;
}
le.ip += sizeof(uintptr_t);
+ if (skip_empty && val_len == 0) {
+ continue;
+ }
+
len += 1 + key_len + ((val_len > 127) ? 4 : 1) + val_len;
}
}
@@ -845,6 +880,9 @@ ngx_http_fastcgi_create_request(ngx_http_request_t *r)
cl->buf = b;
+ ngx_http_fastcgi_request_start.br.flags =
+ flcf->keep_conn ? NGX_HTTP_FASTCGI_KEEP_CONN : 0;
+
ngx_memcpy(b->pos, &ngx_http_fastcgi_request_start,
sizeof(ngx_http_fastcgi_request_start_t));
@@ -877,11 +915,28 @@ ngx_http_fastcgi_create_request(ngx_http_request_t *r)
lcode = *(ngx_http_script_len_code_pt *) le.ip;
key_len = (u_char) lcode(&le);
+ lcode = *(ngx_http_script_len_code_pt *) le.ip;
+ skip_empty = lcode(&le);
+
for (val_len = 0; *(uintptr_t *) le.ip; val_len += lcode(&le)) {
lcode = *(ngx_http_script_len_code_pt *) le.ip;
}
le.ip += sizeof(uintptr_t);
+ if (skip_empty && val_len == 0) {
+ e.skip = 1;
+
+ while (*(uintptr_t *) e.ip) {
+ code = *(ngx_http_script_code_pt *) e.ip;
+ code((ngx_http_script_engine_t *) &e);
+ }
+ e.ip += sizeof(uintptr_t);
+
+ e.skip = 0;
+
+ continue;
+ }
+
*e.pos++ = (u_char) key_len;
if (val_len > 127) {
@@ -1199,7 +1254,7 @@ ngx_http_fastcgi_process_header(ngx_http_request_t *r)
if (f->type == NGX_HTTP_FASTCGI_STDOUT && f->length == 0) {
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
- "upstream closed prematurely FastCGI stdout");
+ "upstream prematurely closed FastCGI stdout");
return NGX_HTTP_UPSTREAM_INVALID_HEADER;
}
@@ -1578,14 +1633,30 @@ ngx_http_fastcgi_process_header(ngx_http_request_t *r)
static ngx_int_t
+ngx_http_fastcgi_input_filter_init(void *data)
+{
+ ngx_http_request_t *r = data;
+ ngx_http_fastcgi_loc_conf_t *flcf;
+
+ flcf = ngx_http_get_module_loc_conf(r, ngx_http_fastcgi_module);
+
+ r->upstream->pipe->length = flcf->keep_conn ?
+ (off_t) sizeof(ngx_http_fastcgi_header_t) : -1;
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
ngx_http_fastcgi_input_filter(ngx_event_pipe_t *p, ngx_buf_t *buf)
{
- u_char *m, *msg;
- ngx_int_t rc;
- ngx_buf_t *b, **prev;
- ngx_chain_t *cl;
- ngx_http_request_t *r;
- ngx_http_fastcgi_ctx_t *f;
+ u_char *m, *msg;
+ ngx_int_t rc;
+ ngx_buf_t *b, **prev;
+ ngx_chain_t *cl;
+ ngx_http_request_t *r;
+ ngx_http_fastcgi_ctx_t *f;
+ ngx_http_fastcgi_loc_conf_t *flcf;
if (buf->pos == buf->last) {
return NGX_OK;
@@ -1593,6 +1664,7 @@ ngx_http_fastcgi_input_filter(ngx_event_pipe_t *p, ngx_buf_t *buf)
r = p->input_ctx;
f = ngx_http_get_module_ctx(r, ngx_http_fastcgi_module);
+ flcf = ngx_http_get_module_loc_conf(r, ngx_http_fastcgi_module);
b = NULL;
prev = &buf->shadow;
@@ -1615,7 +1687,10 @@ ngx_http_fastcgi_input_filter(ngx_event_pipe_t *p, ngx_buf_t *buf)
if (f->type == NGX_HTTP_FASTCGI_STDOUT && f->length == 0) {
f->state = ngx_http_fastcgi_st_version;
- p->upstream_done = 1;
+
+ if (!flcf->keep_conn) {
+ p->upstream_done = 1;
+ }
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, p->log, 0,
"http fastcgi closed stdout");
@@ -1627,6 +1702,10 @@ ngx_http_fastcgi_input_filter(ngx_event_pipe_t *p, ngx_buf_t *buf)
f->state = ngx_http_fastcgi_st_version;
p->upstream_done = 1;
+ if (flcf->keep_conn) {
+ r->upstream->keepalive = 1;
+ }
+
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, p->log, 0,
"http fastcgi sent end request");
@@ -1787,6 +1866,23 @@ ngx_http_fastcgi_input_filter(ngx_event_pipe_t *p, ngx_buf_t *buf)
}
+ if (flcf->keep_conn) {
+
+ /* set p->length, minimal amount of data we want to see */
+
+ if (f->state < ngx_http_fastcgi_st_data) {
+ p->length = 1;
+
+ } else if (f->state == ngx_http_fastcgi_st_padding) {
+ p->length = f->padding;
+
+ } else {
+ /* ngx_http_fastcgi_st_data */
+
+ p->length = f->length;
+ }
+ }
+
if (b) {
b->shadow = buf;
b->last_shadow = 1;
@@ -2005,6 +2101,8 @@ ngx_http_fastcgi_create_loc_conf(ngx_conf_t *cf)
conf->upstream.cache_bypass = NGX_CONF_UNSET_PTR;
conf->upstream.no_cache = NGX_CONF_UNSET_PTR;
conf->upstream.cache_valid = NGX_CONF_UNSET_PTR;
+ conf->upstream.cache_lock = NGX_CONF_UNSET;
+ conf->upstream.cache_lock_timeout = NGX_CONF_UNSET_MSEC;
#endif
conf->upstream.hide_headers = NGX_CONF_UNSET_PTR;
@@ -2017,6 +2115,8 @@ ngx_http_fastcgi_create_loc_conf(ngx_conf_t *cf)
conf->catch_stderr = NGX_CONF_UNSET_PTR;
+ conf->keep_conn = NGX_CONF_UNSET;
+
ngx_str_set(&conf->upstream.module, "fastcgi");
return conf;
@@ -2098,8 +2198,8 @@ ngx_http_fastcgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
if (conf->upstream.busy_buffers_size < size) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "\"fastcgi_busy_buffers_size\" must be equal or bigger than "
- "maximum of the value of \"fastcgi_buffer_size\" and "
+ "\"fastcgi_busy_buffers_size\" must be equal to or greater than "
+ "the maximum of the value of \"fastcgi_buffer_size\" and "
"one of the \"fastcgi_buffers\"");
return NGX_CONF_ERROR;
@@ -2129,8 +2229,8 @@ ngx_http_fastcgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
if (conf->upstream.temp_file_write_size < size) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "\"fastcgi_temp_file_write_size\" must be equal or bigger than "
- "maximum of the value of \"fastcgi_buffer_size\" and "
+ "\"fastcgi_temp_file_write_size\" must be equal to or greater "
+ "than the maximum of the value of \"fastcgi_buffer_size\" and "
"one of the \"fastcgi_buffers\"");
return NGX_CONF_ERROR;
@@ -2153,8 +2253,8 @@ ngx_http_fastcgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
{
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"\"fastcgi_max_temp_file_size\" must be equal to zero to disable "
- "the temporary files usage or must be equal or bigger than "
- "maximum of the value of \"fastcgi_buffer_size\" and "
+ "temporary files usage or must be equal to or greater than "
+ "the maximum of the value of \"fastcgi_buffer_size\" and "
"one of the \"fastcgi_buffers\"");
return NGX_CONF_ERROR;
@@ -2244,6 +2344,12 @@ ngx_http_fastcgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
conf->cache_key = prev->cache_key;
}
+ ngx_conf_merge_value(conf->upstream.cache_lock,
+ prev->upstream.cache_lock, 0);
+
+ ngx_conf_merge_msec_value(conf->upstream.cache_lock_timeout,
+ prev->upstream.cache_lock_timeout, 5000);
+
#endif
ngx_conf_merge_value(conf->upstream.pass_request_headers,
@@ -2256,6 +2362,8 @@ ngx_http_fastcgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_conf_merge_ptr_value(conf->catch_stderr, prev->catch_stderr, NULL);
+ ngx_conf_merge_value(conf->keep_conn, prev->keep_conn, 0);
+
ngx_conf_merge_str_value(conf->index, prev->index, "");
@@ -2313,9 +2421,9 @@ ngx_http_fastcgi_merge_params(ngx_conf_t *cf,
#if (NGX_HTTP_CACHE)
ngx_array_t params_merged;
#endif
- ngx_keyval_t *src;
ngx_hash_key_t *hk;
ngx_hash_init_t hash;
+ ngx_http_upstream_param_t *src;
ngx_http_script_compile_t sc;
ngx_http_script_copy_code_t *copy;
@@ -2324,7 +2432,8 @@ ngx_http_fastcgi_merge_params(ngx_conf_t *cf,
if (prev->headers_hash.buckets
#if (NGX_HTTP_CACHE)
- && ((conf->upstream.cache == NULL) == (prev->upstream.cache == NULL))
+ && ((conf->upstream.cache == NULL)
+ == (prev->upstream.cache == NULL))
#endif
)
{
@@ -2376,9 +2485,11 @@ ngx_http_fastcgi_merge_params(ngx_conf_t *cf,
#if (NGX_HTTP_CACHE)
if (conf->upstream.cache) {
- ngx_keyval_t *h, *s;
+ ngx_keyval_t *h;
+ ngx_http_upstream_param_t *s;
- if (ngx_array_init(&params_merged, cf->temp_pool, 4, sizeof(ngx_keyval_t))
+ if (ngx_array_init(&params_merged, cf->temp_pool, 4,
+ sizeof(ngx_http_upstream_param_t))
!= NGX_OK)
{
return NGX_ERROR;
@@ -2412,7 +2523,9 @@ ngx_http_fastcgi_merge_params(ngx_conf_t *cf,
return NGX_ERROR;
}
- *s = *h;
+ s->key = h->key;
+ s->value = h->value;
+ s->skip_empty = 0;
next:
@@ -2454,6 +2567,15 @@ ngx_http_fastcgi_merge_params(ngx_conf_t *cf,
copy->code = (ngx_http_script_code_pt) ngx_http_script_copy_len_code;
copy->len = src[i].key.len;
+ copy = ngx_array_push_n(conf->params_len,
+ sizeof(ngx_http_script_copy_code_t));
+ if (copy == NULL) {
+ return NGX_ERROR;
+ }
+
+ copy->code = (ngx_http_script_code_pt) ngx_http_script_copy_len_code;
+ copy->len = src[i].skip_empty;
+
size = (sizeof(ngx_http_script_copy_code_t)
+ src[i].key.len + sizeof(uintptr_t) - 1)
diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_flv_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_flv_module.c
index f6870235b34..719a0112499 100644
--- a/usr.sbin/nginx/src/http/modules/ngx_http_flv_module.c
+++ b/usr.sbin/nginx/src/http/modules/ngx_http_flv_module.c
@@ -110,6 +110,10 @@ ngx_http_flv_handler(ngx_http_request_t *r)
of.errors = clcf->open_file_cache_errors;
of.events = clcf->open_file_cache_events;
+ if (ngx_http_set_disable_symlinks(r, clcf, &path, &of) != NGX_OK) {
+ return NGX_HTTP_INTERNAL_SERVER_ERROR;
+ }
+
if (ngx_open_cached_file(clcf->open_file_cache, &path, &of, r->pool)
!= NGX_OK)
{
@@ -127,6 +131,10 @@ ngx_http_flv_handler(ngx_http_request_t *r)
break;
case NGX_EACCES:
+#if (NGX_HAVE_OPENAT)
+ case NGX_EMLINK:
+ case NGX_ELOOP:
+#endif
level = NGX_LOG_ERR;
rc = NGX_HTTP_FORBIDDEN;
diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_geo_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_geo_module.c
index 1d7599e5551..30b0e35a9aa 100644
--- a/usr.sbin/nginx/src/http/modules/ngx_http_geo_module.c
+++ b/usr.sbin/nginx/src/http/modules/ngx_http_geo_module.c
@@ -566,7 +566,7 @@ ngx_http_geo_range(ngx_conf_t *cf, ngx_http_geo_conf_ctx_t *ctx,
if (ctx->binary_include) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "binary geo range base \"%s\" may not be mixed with usual entries",
+ "binary geo range base \"%s\" cannot be mixed with usual entries",
ctx->include_name.data);
return NGX_CONF_ERROR;
}
@@ -1195,7 +1195,7 @@ ngx_http_geo_include_binary_base(ngx_conf_t *cf, ngx_http_geo_conf_ctx_t *ctx,
if (ctx->outside_entries) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "binary geo range base \"%s\" may not be mixed with usual entries",
+ "binary geo range base \"%s\" cannot be mixed with usual entries",
name->data);
rc = NGX_ERROR;
goto done;
@@ -1203,7 +1203,7 @@ ngx_http_geo_include_binary_base(ngx_conf_t *cf, ngx_http_geo_conf_ctx_t *ctx,
if (ctx->binary_include) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "second binary geo range base \"%s\" may not be mixed with \"%s\"",
+ "second binary geo range base \"%s\" cannot be mixed with \"%s\"",
name->data, ctx->include_name.data);
rc = NGX_ERROR;
goto done;
diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_gzip_filter_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_gzip_filter_module.c
index dccc554a312..128d3d9c89d 100644
--- a/usr.sbin/nginx/src/http/modules/ngx_http_gzip_filter_module.c
+++ b/usr.sbin/nginx/src/http/modules/ngx_http_gzip_filter_module.c
@@ -379,7 +379,7 @@ ngx_http_gzip_body_filter(ngx_http_request_t *r, ngx_chain_t *in)
cl = NULL;
- ngx_chain_update_chains(&ctx->free, &ctx->busy, &cl,
+ ngx_chain_update_chains(r->pool, &ctx->free, &ctx->busy, &cl,
(ngx_buf_tag_t) &ngx_http_gzip_filter_module);
ctx->nomem = 0;
}
@@ -449,7 +449,7 @@ ngx_http_gzip_body_filter(ngx_http_request_t *r, ngx_chain_t *in)
ngx_http_gzip_filter_free_copy_buf(r, ctx);
- ngx_chain_update_chains(&ctx->free, &ctx->busy, &ctx->out,
+ ngx_chain_update_chains(r->pool, &ctx->free, &ctx->busy, &ctx->out,
(ngx_buf_tag_t) &ngx_http_gzip_filter_module);
ctx->last_out = &ctx->out;
@@ -759,6 +759,7 @@ static ngx_int_t
ngx_http_gzip_filter_deflate(ngx_http_request_t *r, ngx_http_gzip_ctx_t *ctx)
{
int rc;
+ ngx_buf_t *b;
ngx_chain_t *cl;
ngx_http_gzip_conf_t *conf;
@@ -770,7 +771,7 @@ ngx_http_gzip_filter_deflate(ngx_http_request_t *r, ngx_http_gzip_ctx_t *ctx)
rc = deflate(&ctx->zstream, ctx->flush);
- if (rc != Z_OK && rc != Z_STREAM_END) {
+ if (rc != Z_OK && rc != Z_STREAM_END && rc != Z_BUF_ERROR) {
ngx_log_error(NGX_LOG_ALERT, r->connection->log, 0,
"deflate() failed: %d, %d", ctx->flush, rc);
return NGX_ERROR;
@@ -819,8 +820,6 @@ ngx_http_gzip_filter_deflate(ngx_http_request_t *r, ngx_http_gzip_ctx_t *ctx)
if (ctx->flush == Z_SYNC_FLUSH) {
- ctx->zstream.avail_out = 0;
- ctx->out_buf->flush = 1;
ctx->flush = Z_NO_FLUSH;
cl = ngx_alloc_chain_link(r->pool);
@@ -828,7 +827,22 @@ ngx_http_gzip_filter_deflate(ngx_http_request_t *r, ngx_http_gzip_ctx_t *ctx)
return NGX_ERROR;
}
- cl->buf = ctx->out_buf;
+ b = ctx->out_buf;
+
+ if (ngx_buf_size(b) == 0) {
+
+ b = ngx_calloc_buf(ctx->request->pool);
+ if (b == NULL) {
+ return NGX_ERROR;
+ }
+
+ } else {
+ ctx->zstream.avail_out = 0;
+ }
+
+ b->flush = 1;
+
+ cl->buf = b;
cl->next = NULL;
*ctx->last_out = cl;
ctx->last_out = &cl->next;
diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_gzip_static_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_gzip_static_module.c
index 18c28d8f581..46ce8f3f327 100644
--- a/usr.sbin/nginx/src/http/modules/ngx_http_gzip_static_module.c
+++ b/usr.sbin/nginx/src/http/modules/ngx_http_gzip_static_module.c
@@ -130,6 +130,10 @@ ngx_http_gzip_static_handler(ngx_http_request_t *r)
of.errors = clcf->open_file_cache_errors;
of.events = clcf->open_file_cache_events;
+ if (ngx_http_set_disable_symlinks(r, clcf, &path, &of) != NGX_OK) {
+ return NGX_HTTP_INTERNAL_SERVER_ERROR;
+ }
+
if (ngx_open_cached_file(clcf->open_file_cache, &path, &of, r->pool)
!= NGX_OK)
{
@@ -145,6 +149,10 @@ ngx_http_gzip_static_handler(ngx_http_request_t *r)
return NGX_DECLINED;
case NGX_EACCES:
+#if (NGX_HAVE_OPENAT)
+ case NGX_EMLINK:
+ case NGX_ELOOP:
+#endif
level = NGX_LOG_ERR;
break;
diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_headers_filter_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_headers_filter_module.c
index a7065946305..93899343437 100644
--- a/usr.sbin/nginx/src/http/modules/ngx_http_headers_filter_module.c
+++ b/usr.sbin/nginx/src/http/modules/ngx_http_headers_filter_module.c
@@ -25,23 +25,25 @@ typedef struct {
struct ngx_http_header_val_s {
ngx_http_complex_value_t value;
- ngx_uint_t hash;
ngx_str_t key;
ngx_http_set_header_pt handler;
ngx_uint_t offset;
};
-#define NGX_HTTP_EXPIRES_OFF 0
-#define NGX_HTTP_EXPIRES_EPOCH 1
-#define NGX_HTTP_EXPIRES_MAX 2
-#define NGX_HTTP_EXPIRES_ACCESS 3
-#define NGX_HTTP_EXPIRES_MODIFIED 4
-#define NGX_HTTP_EXPIRES_DAILY 5
+typedef enum {
+ NGX_HTTP_EXPIRES_OFF,
+ NGX_HTTP_EXPIRES_EPOCH,
+ NGX_HTTP_EXPIRES_MAX,
+ NGX_HTTP_EXPIRES_ACCESS,
+ NGX_HTTP_EXPIRES_MODIFIED,
+ NGX_HTTP_EXPIRES_DAILY,
+ NGX_HTTP_EXPIRES_UNSET
+} ngx_http_expires_t;
typedef struct {
- ngx_uint_t expires;
+ ngx_http_expires_t expires;
time_t expires_time;
ngx_array_t *headers;
} ngx_http_headers_conf_t;
@@ -51,6 +53,8 @@ static ngx_int_t ngx_http_set_expires(ngx_http_request_t *r,
ngx_http_headers_conf_t *conf);
static ngx_int_t ngx_http_add_cache_control(ngx_http_request_t *r,
ngx_http_header_val_t *hv, ngx_str_t *value);
+static ngx_int_t ngx_http_add_header(ngx_http_request_t *r,
+ ngx_http_header_val_t *hv, ngx_str_t *value);
static ngx_int_t ngx_http_set_last_modified(ngx_http_request_t *r,
ngx_http_header_val_t *hv, ngx_str_t *value);
@@ -313,7 +317,7 @@ ngx_http_add_header(ngx_http_request_t *r, ngx_http_header_val_t *hv,
return NGX_ERROR;
}
- h->hash = hv->hash;
+ h->hash = 1;
h->key = hv->key;
h->value = *value;
}
@@ -366,16 +370,11 @@ ngx_http_set_last_modified(ngx_http_request_t *r, ngx_http_header_val_t *hv,
{
ngx_table_elt_t *h, **old;
- if (hv->offset) {
- old = (ngx_table_elt_t **) ((char *) &r->headers_out + hv->offset);
-
- } else {
- old = NULL;
- }
+ old = (ngx_table_elt_t **) ((char *) &r->headers_out + hv->offset);
r->headers_out.last_modified_time = -1;
- if (old == NULL || *old == NULL) {
+ if (*old == NULL) {
if (value->len == 0) {
return NGX_OK;
@@ -386,6 +385,8 @@ ngx_http_set_last_modified(ngx_http_request_t *r, ngx_http_header_val_t *hv,
return NGX_ERROR;
}
+ *old = h;
+
} else {
h = *old;
@@ -395,7 +396,7 @@ ngx_http_set_last_modified(ngx_http_request_t *r, ngx_http_header_val_t *hv,
}
}
- h->hash = hv->hash;
+ h->hash = 1;
h->key = hv->key;
h->value = *value;
@@ -420,7 +421,7 @@ ngx_http_headers_create_conf(ngx_conf_t *cf)
* conf->expires_time = 0;
*/
- conf->expires = NGX_CONF_UNSET_UINT;
+ conf->expires = NGX_HTTP_EXPIRES_UNSET;
return conf;
}
@@ -432,11 +433,11 @@ ngx_http_headers_merge_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_http_headers_conf_t *prev = parent;
ngx_http_headers_conf_t *conf = child;
- if (conf->expires == NGX_CONF_UNSET_UINT) {
+ if (conf->expires == NGX_HTTP_EXPIRES_UNSET) {
conf->expires = prev->expires;
conf->expires_time = prev->expires_time;
- if (conf->expires == NGX_CONF_UNSET_UINT) {
+ if (conf->expires == NGX_HTTP_EXPIRES_UNSET) {
conf->expires = NGX_HTTP_EXPIRES_OFF;
}
}
@@ -467,7 +468,7 @@ ngx_http_headers_expires(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
ngx_uint_t minus, n;
ngx_str_t *value;
- if (hcf->expires != NGX_CONF_UNSET_UINT) {
+ if (hcf->expires != NGX_HTTP_EXPIRES_UNSET) {
return "is duplicate";
}
@@ -532,7 +533,7 @@ ngx_http_headers_expires(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
hcf->expires_time = ngx_parse_time(&value[n], 1);
- if (hcf->expires_time == NGX_ERROR) {
+ if (hcf->expires_time == (time_t) NGX_ERROR) {
return "invalid value";
}
@@ -542,10 +543,6 @@ ngx_http_headers_expires(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
return "daily time value must be less than 24 hours";
}
- if (hcf->expires_time == NGX_PARSE_LARGE_TIME) {
- return "value must be less than 68 years";
- }
-
if (minus) {
hcf->expires_time = - hcf->expires_time;
}
@@ -580,7 +577,6 @@ ngx_http_headers_add(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
return NGX_CONF_ERROR;
}
- hv->hash = 1;
hv->key = value[1];
hv->handler = ngx_http_add_header;
hv->offset = 0;
diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_image_filter_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_image_filter_module.c
index dd3c9cee5ae..c853c33d092 100644
--- a/usr.sbin/nginx/src/http/modules/ngx_http_image_filter_module.c
+++ b/usr.sbin/nginx/src/http/modules/ngx_http_image_filter_module.c
@@ -817,9 +817,7 @@ transparent:
resize = 0;
- if ((ngx_uint_t) (dx * 100 / dy)
- < ctx->max_width * 100 / ctx->max_height)
- {
+ if ((double) dx / dy < (double) ctx->max_width / ctx->max_height) {
if ((ngx_uint_t) dx > ctx->max_width) {
dy = dy * ctx->max_width / dx;
dy = dy ? dy : 1;
diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_index_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_index_module.c
index 5d91b011820..cfe4ba6cc63 100644
--- a/usr.sbin/nginx/src/http/modules/ngx_http_index_module.c
+++ b/usr.sbin/nginx/src/http/modules/ngx_http_index_module.c
@@ -210,6 +210,10 @@ ngx_http_index_handler(ngx_http_request_t *r)
of.errors = clcf->open_file_cache_errors;
of.events = clcf->open_file_cache_events;
+ if (ngx_http_set_disable_symlinks(r, clcf, &path, &of) != NGX_OK) {
+ return NGX_HTTP_INTERNAL_SERVER_ERROR;
+ }
+
if (ngx_open_cached_file(clcf->open_file_cache, &path, &of, r->pool)
!= NGX_OK)
{
@@ -220,6 +224,14 @@ ngx_http_index_handler(ngx_http_request_t *r)
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
+#if (NGX_HAVE_OPENAT)
+ if (of.err == NGX_EMLINK
+ || of.err == NGX_ELOOP)
+ {
+ return NGX_HTTP_FORBIDDEN;
+ }
+#endif
+
if (of.err == NGX_ENOTDIR
|| of.err == NGX_ENAMETOOLONG
|| of.err == NGX_EACCES)
@@ -297,11 +309,23 @@ ngx_http_index_test_dir(ngx_http_request_t *r, ngx_http_core_loc_conf_t *clcf,
of.valid = clcf->open_file_cache_valid;
of.errors = clcf->open_file_cache_errors;
+ if (ngx_http_set_disable_symlinks(r, clcf, &dir, &of) != NGX_OK) {
+ return NGX_HTTP_INTERNAL_SERVER_ERROR;
+ }
+
if (ngx_open_cached_file(clcf->open_file_cache, &dir, &of, r->pool)
!= NGX_OK)
{
if (of.err) {
+#if (NGX_HAVE_OPENAT)
+ if (of.err == NGX_EMLINK
+ || of.err == NGX_ELOOP)
+ {
+ return NGX_HTTP_FORBIDDEN;
+ }
+#endif
+
if (of.err == NGX_ENOENT) {
*last = c;
return ngx_http_index_error(r, clcf, dir.data, NGX_ENOENT);
diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_limit_conn_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_limit_conn_module.c
new file mode 100644
index 00000000000..c23c046ed4d
--- /dev/null
+++ b/usr.sbin/nginx/src/http/modules/ngx_http_limit_conn_module.c
@@ -0,0 +1,747 @@
+
+/*
+ * Copyright (C) Igor Sysoev
+ * Copyright (C) Nginx, Inc.
+ */
+
+
+#include <ngx_config.h>
+#include <ngx_core.h>
+#include <ngx_http.h>
+
+
+typedef struct {
+ u_char color;
+ u_char len;
+ u_short conn;
+ u_char data[1];
+} ngx_http_limit_conn_node_t;
+
+
+typedef struct {
+ ngx_shm_zone_t *shm_zone;
+ ngx_rbtree_node_t *node;
+} ngx_http_limit_conn_cleanup_t;
+
+
+typedef struct {
+ ngx_rbtree_t *rbtree;
+ ngx_int_t index;
+ ngx_str_t var;
+} ngx_http_limit_conn_ctx_t;
+
+
+typedef struct {
+ ngx_shm_zone_t *shm_zone;
+ ngx_uint_t conn;
+} ngx_http_limit_conn_limit_t;
+
+
+typedef struct {
+ ngx_array_t limits;
+ ngx_uint_t log_level;
+} ngx_http_limit_conn_conf_t;
+
+
+static ngx_rbtree_node_t *ngx_http_limit_conn_lookup(ngx_rbtree_t *rbtree,
+ ngx_http_variable_value_t *vv, uint32_t hash);
+static void ngx_http_limit_conn_cleanup(void *data);
+static ngx_inline void ngx_http_limit_conn_cleanup_all(ngx_pool_t *pool);
+
+static void *ngx_http_limit_conn_create_conf(ngx_conf_t *cf);
+static char *ngx_http_limit_conn_merge_conf(ngx_conf_t *cf, void *parent,
+ void *child);
+static char *ngx_http_limit_conn_zone(ngx_conf_t *cf, ngx_command_t *cmd,
+ void *conf);
+static char *ngx_http_limit_zone(ngx_conf_t *cf, ngx_command_t *cmd,
+ void *conf);
+static char *ngx_http_limit_conn(ngx_conf_t *cf, ngx_command_t *cmd,
+ void *conf);
+static ngx_int_t ngx_http_limit_conn_init(ngx_conf_t *cf);
+
+
+static ngx_conf_deprecated_t ngx_conf_deprecated_limit_zone = {
+ ngx_conf_deprecated, "limit_zone", "limit_conn_zone"
+};
+
+
+static ngx_conf_enum_t ngx_http_limit_conn_log_levels[] = {
+ { ngx_string("info"), NGX_LOG_INFO },
+ { ngx_string("notice"), NGX_LOG_NOTICE },
+ { ngx_string("warn"), NGX_LOG_WARN },
+ { ngx_string("error"), NGX_LOG_ERR },
+ { ngx_null_string, 0 }
+};
+
+
+static ngx_command_t ngx_http_limit_conn_commands[] = {
+
+ { ngx_string("limit_conn_zone"),
+ NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE2,
+ ngx_http_limit_conn_zone,
+ 0,
+ 0,
+ NULL },
+
+ { ngx_string("limit_zone"),
+ NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE3,
+ ngx_http_limit_zone,
+ 0,
+ 0,
+ NULL },
+
+ { ngx_string("limit_conn"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE2,
+ ngx_http_limit_conn,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ 0,
+ NULL },
+
+ { ngx_string("limit_conn_log_level"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_enum_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_limit_conn_conf_t, log_level),
+ &ngx_http_limit_conn_log_levels },
+
+ ngx_null_command
+};
+
+
+static ngx_http_module_t ngx_http_limit_conn_module_ctx = {
+ NULL, /* preconfiguration */
+ ngx_http_limit_conn_init, /* postconfiguration */
+
+ NULL, /* create main configuration */
+ NULL, /* init main configuration */
+
+ NULL, /* create server configuration */
+ NULL, /* merge server configuration */
+
+ ngx_http_limit_conn_create_conf, /* create location configuration */
+ ngx_http_limit_conn_merge_conf /* merge location configuration */
+};
+
+
+ngx_module_t ngx_http_limit_conn_module = {
+ NGX_MODULE_V1,
+ &ngx_http_limit_conn_module_ctx, /* module context */
+ ngx_http_limit_conn_commands, /* module directives */
+ NGX_HTTP_MODULE, /* module type */
+ NULL, /* init master */
+ NULL, /* init module */
+ NULL, /* init process */
+ NULL, /* init thread */
+ NULL, /* exit thread */
+ NULL, /* exit process */
+ NULL, /* exit master */
+ NGX_MODULE_V1_PADDING
+};
+
+
+static ngx_int_t
+ngx_http_limit_conn_handler(ngx_http_request_t *r)
+{
+ size_t len, n;
+ uint32_t hash;
+ ngx_uint_t i;
+ ngx_slab_pool_t *shpool;
+ ngx_rbtree_node_t *node;
+ ngx_pool_cleanup_t *cln;
+ ngx_http_variable_value_t *vv;
+ ngx_http_limit_conn_ctx_t *ctx;
+ ngx_http_limit_conn_node_t *lc;
+ ngx_http_limit_conn_conf_t *lccf;
+ ngx_http_limit_conn_limit_t *limits;
+ ngx_http_limit_conn_cleanup_t *lccln;
+
+ if (r->main->limit_conn_set) {
+ return NGX_DECLINED;
+ }
+
+ lccf = ngx_http_get_module_loc_conf(r, ngx_http_limit_conn_module);
+ limits = lccf->limits.elts;
+
+ for (i = 0; i < lccf->limits.nelts; i++) {
+ ctx = limits[i].shm_zone->data;
+
+ vv = ngx_http_get_indexed_variable(r, ctx->index);
+
+ if (vv == NULL || vv->not_found) {
+ continue;
+ }
+
+ len = vv->len;
+
+ if (len == 0) {
+ continue;
+ }
+
+ if (len > 255) {
+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+ "the value of the \"%V\" variable "
+ "is more than 255 bytes: \"%v\"",
+ &ctx->var, vv);
+ continue;
+ }
+
+ r->main->limit_conn_set = 1;
+
+ hash = ngx_crc32_short(vv->data, len);
+
+ shpool = (ngx_slab_pool_t *) limits[i].shm_zone->shm.addr;
+
+ ngx_shmtx_lock(&shpool->mutex);
+
+ node = ngx_http_limit_conn_lookup(ctx->rbtree, vv, hash);
+
+ if (node == NULL) {
+
+ n = offsetof(ngx_rbtree_node_t, color)
+ + offsetof(ngx_http_limit_conn_node_t, data)
+ + len;
+
+ node = ngx_slab_alloc_locked(shpool, n);
+
+ if (node == NULL) {
+ ngx_shmtx_unlock(&shpool->mutex);
+ ngx_http_limit_conn_cleanup_all(r->pool);
+ return NGX_HTTP_SERVICE_UNAVAILABLE;
+ }
+
+ lc = (ngx_http_limit_conn_node_t *) &node->color;
+
+ node->key = hash;
+ lc->len = (u_char) len;
+ lc->conn = 1;
+ ngx_memcpy(lc->data, vv->data, len);
+
+ ngx_rbtree_insert(ctx->rbtree, node);
+
+ } else {
+
+ lc = (ngx_http_limit_conn_node_t *) &node->color;
+
+ if ((ngx_uint_t) lc->conn >= limits[i].conn) {
+
+ ngx_shmtx_unlock(&shpool->mutex);
+
+ ngx_log_error(lccf->log_level, r->connection->log, 0,
+ "limiting connections by zone \"%V\"",
+ &limits[i].shm_zone->shm.name);
+
+ ngx_http_limit_conn_cleanup_all(r->pool);
+ return NGX_HTTP_SERVICE_UNAVAILABLE;
+ }
+
+ lc->conn++;
+ }
+
+ ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+ "limit zone: %08XD %d", node->key, lc->conn);
+
+ ngx_shmtx_unlock(&shpool->mutex);
+
+ cln = ngx_pool_cleanup_add(r->pool,
+ sizeof(ngx_http_limit_conn_cleanup_t));
+ if (cln == NULL) {
+ return NGX_HTTP_INTERNAL_SERVER_ERROR;
+ }
+
+ cln->handler = ngx_http_limit_conn_cleanup;
+ lccln = cln->data;
+
+ lccln->shm_zone = limits[i].shm_zone;
+ lccln->node = node;
+ }
+
+ return NGX_DECLINED;
+}
+
+
+static void
+ngx_http_limit_conn_rbtree_insert_value(ngx_rbtree_node_t *temp,
+ ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel)
+{
+ ngx_rbtree_node_t **p;
+ ngx_http_limit_conn_node_t *lcn, *lcnt;
+
+ for ( ;; ) {
+
+ if (node->key < temp->key) {
+
+ p = &temp->left;
+
+ } else if (node->key > temp->key) {
+
+ p = &temp->right;
+
+ } else { /* node->key == temp->key */
+
+ lcn = (ngx_http_limit_conn_node_t *) &node->color;
+ lcnt = (ngx_http_limit_conn_node_t *) &temp->color;
+
+ p = (ngx_memn2cmp(lcn->data, lcnt->data, lcn->len, lcnt->len) < 0)
+ ? &temp->left : &temp->right;
+ }
+
+ if (*p == sentinel) {
+ break;
+ }
+
+ temp = *p;
+ }
+
+ *p = node;
+ node->parent = temp;
+ node->left = sentinel;
+ node->right = sentinel;
+ ngx_rbt_red(node);
+}
+
+
+static ngx_rbtree_node_t *
+ngx_http_limit_conn_lookup(ngx_rbtree_t *rbtree, ngx_http_variable_value_t *vv,
+ uint32_t hash)
+{
+ ngx_int_t rc;
+ ngx_rbtree_node_t *node, *sentinel;
+ ngx_http_limit_conn_node_t *lcn;
+
+ node = rbtree->root;
+ sentinel = rbtree->sentinel;
+
+ while (node != sentinel) {
+
+ if (hash < node->key) {
+ node = node->left;
+ continue;
+ }
+
+ if (hash > node->key) {
+ node = node->right;
+ continue;
+ }
+
+ /* hash == node->key */
+
+ lcn = (ngx_http_limit_conn_node_t *) &node->color;
+
+ rc = ngx_memn2cmp(vv->data, lcn->data,
+ (size_t) vv->len, (size_t) lcn->len);
+ if (rc == 0) {
+ return node;
+ }
+
+ node = (rc < 0) ? node->left : node->right;
+ }
+
+ return NULL;
+}
+
+
+static void
+ngx_http_limit_conn_cleanup(void *data)
+{
+ ngx_http_limit_conn_cleanup_t *lccln = data;
+
+ ngx_slab_pool_t *shpool;
+ ngx_rbtree_node_t *node;
+ ngx_http_limit_conn_ctx_t *ctx;
+ ngx_http_limit_conn_node_t *lc;
+
+ ctx = lccln->shm_zone->data;
+ shpool = (ngx_slab_pool_t *) lccln->shm_zone->shm.addr;
+ node = lccln->node;
+ lc = (ngx_http_limit_conn_node_t *) &node->color;
+
+ ngx_shmtx_lock(&shpool->mutex);
+
+ ngx_log_debug2(NGX_LOG_DEBUG_HTTP, lccln->shm_zone->shm.log, 0,
+ "limit zone cleanup: %08XD %d", node->key, lc->conn);
+
+ lc->conn--;
+
+ if (lc->conn == 0) {
+ ngx_rbtree_delete(ctx->rbtree, node);
+ ngx_slab_free_locked(shpool, node);
+ }
+
+ ngx_shmtx_unlock(&shpool->mutex);
+}
+
+
+static ngx_inline void
+ngx_http_limit_conn_cleanup_all(ngx_pool_t *pool)
+{
+ ngx_pool_cleanup_t *cln;
+
+ cln = pool->cleanup;
+
+ while (cln && cln->handler == ngx_http_limit_conn_cleanup) {
+ ngx_http_limit_conn_cleanup(cln->data);
+ cln = cln->next;
+ }
+
+ pool->cleanup = cln;
+}
+
+
+static ngx_int_t
+ngx_http_limit_conn_init_zone(ngx_shm_zone_t *shm_zone, void *data)
+{
+ ngx_http_limit_conn_ctx_t *octx = data;
+
+ size_t len;
+ ngx_slab_pool_t *shpool;
+ ngx_rbtree_node_t *sentinel;
+ ngx_http_limit_conn_ctx_t *ctx;
+
+ ctx = shm_zone->data;
+
+ if (octx) {
+ if (ngx_strcmp(ctx->var.data, octx->var.data) != 0) {
+ ngx_log_error(NGX_LOG_EMERG, shm_zone->shm.log, 0,
+ "limit_conn_zone \"%V\" uses the \"%V\" variable "
+ "while previously it used the \"%V\" variable",
+ &shm_zone->shm.name, &ctx->var, &octx->var);
+ return NGX_ERROR;
+ }
+
+ ctx->rbtree = octx->rbtree;
+
+ return NGX_OK;
+ }
+
+ shpool = (ngx_slab_pool_t *) shm_zone->shm.addr;
+
+ if (shm_zone->shm.exists) {
+ ctx->rbtree = shpool->data;
+
+ return NGX_OK;
+ }
+
+ ctx->rbtree = ngx_slab_alloc(shpool, sizeof(ngx_rbtree_t));
+ if (ctx->rbtree == NULL) {
+ return NGX_ERROR;
+ }
+
+ shpool->data = ctx->rbtree;
+
+ sentinel = ngx_slab_alloc(shpool, sizeof(ngx_rbtree_node_t));
+ if (sentinel == NULL) {
+ return NGX_ERROR;
+ }
+
+ ngx_rbtree_init(ctx->rbtree, sentinel,
+ ngx_http_limit_conn_rbtree_insert_value);
+
+ len = sizeof(" in limit_conn_zone \"\"") + shm_zone->shm.name.len;
+
+ shpool->log_ctx = ngx_slab_alloc(shpool, len);
+ if (shpool->log_ctx == NULL) {
+ return NGX_ERROR;
+ }
+
+ ngx_sprintf(shpool->log_ctx, " in limit_conn_zone \"%V\"%Z",
+ &shm_zone->shm.name);
+
+ return NGX_OK;
+}
+
+
+static void *
+ngx_http_limit_conn_create_conf(ngx_conf_t *cf)
+{
+ ngx_http_limit_conn_conf_t *conf;
+
+ conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_limit_conn_conf_t));
+ if (conf == NULL) {
+ return NULL;
+ }
+
+ /*
+ * set by ngx_pcalloc():
+ *
+ * conf->limits.elts = NULL;
+ */
+
+ conf->log_level = NGX_CONF_UNSET_UINT;
+
+ return conf;
+}
+
+
+static char *
+ngx_http_limit_conn_merge_conf(ngx_conf_t *cf, void *parent, void *child)
+{
+ ngx_http_limit_conn_conf_t *prev = parent;
+ ngx_http_limit_conn_conf_t *conf = child;
+
+ if (conf->limits.elts == NULL) {
+ conf->limits = prev->limits;
+ }
+
+ ngx_conf_merge_uint_value(conf->log_level, prev->log_level, NGX_LOG_ERR);
+
+ return NGX_CONF_OK;
+}
+
+
+static char *
+ngx_http_limit_conn_zone(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+ u_char *p;
+ ssize_t size;
+ ngx_str_t *value, name, s;
+ ngx_uint_t i;
+ ngx_shm_zone_t *shm_zone;
+ ngx_http_limit_conn_ctx_t *ctx;
+
+ value = cf->args->elts;
+
+ ctx = NULL;
+ size = 0;
+ name.len = 0;
+
+ for (i = 1; i < cf->args->nelts; i++) {
+
+ if (ngx_strncmp(value[i].data, "zone=", 5) == 0) {
+
+ name.data = value[i].data + 5;
+
+ p = (u_char *) ngx_strchr(name.data, ':');
+
+ if (p == NULL) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "invalid zone size \"%V\"", &value[i]);
+ return NGX_CONF_ERROR;
+ }
+
+ name.len = p - name.data;
+
+ s.data = p + 1;
+ s.len = value[i].data + value[i].len - s.data;
+
+ size = ngx_parse_size(&s);
+
+ if (size == NGX_ERROR) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "invalid zone size \"%V\"", &value[i]);
+ return NGX_CONF_ERROR;
+ }
+
+ if (size < (ssize_t) (8 * ngx_pagesize)) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "zone \"%V\" is too small", &value[i]);
+ return NGX_CONF_ERROR;
+ }
+
+ continue;
+ }
+
+ if (value[i].data[0] == '$') {
+
+ value[i].len--;
+ value[i].data++;
+
+ ctx = ngx_pcalloc(cf->pool, sizeof(ngx_http_limit_conn_ctx_t));
+ if (ctx == NULL) {
+ return NGX_CONF_ERROR;
+ }
+
+ ctx->index = ngx_http_get_variable_index(cf, &value[i]);
+ if (ctx->index == NGX_ERROR) {
+ return NGX_CONF_ERROR;
+ }
+
+ ctx->var = value[i];
+
+ continue;
+ }
+
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "invalid parameter \"%V\"", &value[i]);
+ return NGX_CONF_ERROR;
+ }
+
+ if (name.len == 0) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "\"%V\" must have \"zone\" parameter",
+ &cmd->name);
+ return NGX_CONF_ERROR;
+ }
+
+ if (ctx == NULL) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "no variable is defined for %V \"%V\"",
+ &cmd->name, &name);
+ return NGX_CONF_ERROR;
+ }
+
+ shm_zone = ngx_shared_memory_add(cf, &name, size,
+ &ngx_http_limit_conn_module);
+ if (shm_zone == NULL) {
+ return NGX_CONF_ERROR;
+ }
+
+ if (shm_zone->data) {
+ ctx = shm_zone->data;
+
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "%V \"%V\" is already bound to variable \"%V\"",
+ &cmd->name, &name, &ctx->var);
+ return NGX_CONF_ERROR;
+ }
+
+ shm_zone->init = ngx_http_limit_conn_init_zone;
+ shm_zone->data = ctx;
+
+ return NGX_CONF_OK;
+}
+
+
+static char *
+ngx_http_limit_zone(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+ ssize_t n;
+ ngx_str_t *value;
+ ngx_shm_zone_t *shm_zone;
+ ngx_http_limit_conn_ctx_t *ctx;
+
+ ngx_conf_deprecated(cf, &ngx_conf_deprecated_limit_zone, NULL);
+
+ value = cf->args->elts;
+
+ if (value[2].data[0] != '$') {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "invalid variable name \"%V\"", &value[2]);
+ return NGX_CONF_ERROR;
+ }
+
+ value[2].len--;
+ value[2].data++;
+
+ ctx = ngx_pcalloc(cf->pool, sizeof(ngx_http_limit_conn_ctx_t));
+ if (ctx == NULL) {
+ return NGX_CONF_ERROR;
+ }
+
+ ctx->index = ngx_http_get_variable_index(cf, &value[2]);
+ if (ctx->index == NGX_ERROR) {
+ return NGX_CONF_ERROR;
+ }
+
+ ctx->var = value[2];
+
+ n = ngx_parse_size(&value[3]);
+
+ if (n == NGX_ERROR) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "invalid size of limit_zone \"%V\"", &value[3]);
+ return NGX_CONF_ERROR;
+ }
+
+ if (n < (ngx_int_t) (8 * ngx_pagesize)) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "limit_zone \"%V\" is too small", &value[1]);
+ return NGX_CONF_ERROR;
+ }
+
+
+ shm_zone = ngx_shared_memory_add(cf, &value[1], n,
+ &ngx_http_limit_conn_module);
+ if (shm_zone == NULL) {
+ return NGX_CONF_ERROR;
+ }
+
+ if (shm_zone->data) {
+ ctx = shm_zone->data;
+
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "limit_zone \"%V\" is already bound to variable \"%V\"",
+ &value[1], &ctx->var);
+ return NGX_CONF_ERROR;
+ }
+
+ shm_zone->init = ngx_http_limit_conn_init_zone;
+ shm_zone->data = ctx;
+
+ return NGX_CONF_OK;
+}
+
+
+static char *
+ngx_http_limit_conn(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+ ngx_shm_zone_t *shm_zone;
+ ngx_http_limit_conn_conf_t *lccf = conf;
+ ngx_http_limit_conn_limit_t *limit, *limits;
+
+ ngx_str_t *value;
+ ngx_int_t n;
+ ngx_uint_t i;
+
+ value = cf->args->elts;
+
+ shm_zone = ngx_shared_memory_add(cf, &value[1], 0,
+ &ngx_http_limit_conn_module);
+ if (shm_zone == NULL) {
+ return NGX_CONF_ERROR;
+ }
+
+ limits = lccf->limits.elts;
+
+ if (limits == NULL) {
+ if (ngx_array_init(&lccf->limits, cf->pool, 1,
+ sizeof(ngx_http_limit_conn_limit_t))
+ != NGX_OK)
+ {
+ return NGX_CONF_ERROR;
+ }
+ }
+
+ for (i = 0; i < lccf->limits.nelts; i++) {
+ if (shm_zone == limits[i].shm_zone) {
+ return "is duplicate";
+ }
+ }
+
+ n = ngx_atoi(value[2].data, value[2].len);
+ if (n <= 0) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "invalid number of connections \"%V\"", &value[2]);
+ return NGX_CONF_ERROR;
+ }
+
+ if (n > 65535) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "connection limit must be less 65536");
+ return NGX_CONF_ERROR;
+ }
+
+ limit = ngx_array_push(&lccf->limits);
+ limit->conn = n;
+ limit->shm_zone = shm_zone;
+
+ return NGX_CONF_OK;
+}
+
+
+static ngx_int_t
+ngx_http_limit_conn_init(ngx_conf_t *cf)
+{
+ ngx_http_handler_pt *h;
+ ngx_http_core_main_conf_t *cmcf;
+
+ cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module);
+
+ h = ngx_array_push(&cmcf->phases[NGX_HTTP_PREACCESS_PHASE].handlers);
+ if (h == NULL) {
+ return NGX_ERROR;
+ }
+
+ *h = ngx_http_limit_conn_handler;
+
+ return NGX_OK;
+}
diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_limit_req_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_limit_req_module.c
index 24707ee7f4f..18db7154958 100644
--- a/usr.sbin/nginx/src/http/modules/ngx_http_limit_req_module.c
+++ b/usr.sbin/nginx/src/http/modules/ngx_http_limit_req_module.c
@@ -18,6 +18,7 @@ typedef struct {
ngx_msec_t last;
/* integer value, 1 corresponds to 0.001 r/s */
ngx_uint_t excess;
+ ngx_uint_t count;
u_char data[1];
} ngx_http_limit_req_node_t;
@@ -36,6 +37,7 @@ typedef struct {
ngx_uint_t rate;
ngx_int_t index;
ngx_str_t var;
+ ngx_http_limit_req_node_t *node;
} ngx_http_limit_req_ctx_t;
@@ -43,16 +45,23 @@ typedef struct {
ngx_shm_zone_t *shm_zone;
/* integer value, 1 corresponds to 0.001 r/s */
ngx_uint_t burst;
+ ngx_uint_t nodelay; /* unsigned nodelay:1 */
+} ngx_http_limit_req_limit_t;
+
+
+typedef struct {
+ ngx_array_t limits;
ngx_uint_t limit_log_level;
ngx_uint_t delay_log_level;
-
- ngx_uint_t nodelay; /* unsigned nodelay:1 */
} ngx_http_limit_req_conf_t;
static void ngx_http_limit_req_delay(ngx_http_request_t *r);
-static ngx_int_t ngx_http_limit_req_lookup(ngx_http_limit_req_conf_t *lrcf,
- ngx_uint_t hash, u_char *data, size_t len, ngx_uint_t *ep);
+static ngx_int_t ngx_http_limit_req_lookup(ngx_http_limit_req_limit_t *limit,
+ ngx_uint_t hash, u_char *data, size_t len, ngx_uint_t *ep,
+ ngx_uint_t account);
+static ngx_msec_t ngx_http_limit_req_account(ngx_http_limit_req_limit_t *limits,
+ ngx_uint_t n, ngx_uint_t *ep, ngx_http_limit_req_limit_t **limit);
static void ngx_http_limit_req_expire(ngx_http_limit_req_ctx_t *ctx,
ngx_uint_t n);
@@ -136,123 +145,124 @@ ngx_module_t ngx_http_limit_req_module = {
static ngx_int_t
ngx_http_limit_req_handler(ngx_http_request_t *r)
{
- size_t len, n;
- uint32_t hash;
- ngx_int_t rc;
- ngx_uint_t excess;
- ngx_time_t *tp;
- ngx_rbtree_node_t *node;
- ngx_http_variable_value_t *vv;
- ngx_http_limit_req_ctx_t *ctx;
- ngx_http_limit_req_node_t *lr;
- ngx_http_limit_req_conf_t *lrcf;
+ size_t len;
+ uint32_t hash;
+ ngx_int_t rc;
+ ngx_uint_t n, excess;
+ ngx_msec_t delay;
+ ngx_http_variable_value_t *vv;
+ ngx_http_limit_req_ctx_t *ctx;
+ ngx_http_limit_req_conf_t *lrcf;
+ ngx_http_limit_req_limit_t *limit, *limits;
if (r->main->limit_req_set) {
return NGX_DECLINED;
}
lrcf = ngx_http_get_module_loc_conf(r, ngx_http_limit_req_module);
+ limits = lrcf->limits.elts;
- if (lrcf->shm_zone == NULL) {
- return NGX_DECLINED;
- }
+ excess = 0;
- ctx = lrcf->shm_zone->data;
+ rc = NGX_DECLINED;
- vv = ngx_http_get_indexed_variable(r, ctx->index);
+#if (NGX_SUPPRESS_WARN)
+ limit = NULL;
+#endif
- if (vv == NULL || vv->not_found) {
- return NGX_DECLINED;
- }
+ for (n = 0; n < lrcf->limits.nelts; n++) {
- len = vv->len;
+ limit = &limits[n];
- if (len == 0) {
- return NGX_DECLINED;
- }
+ ctx = limit->shm_zone->data;
- if (len > 65535) {
- ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
- "the value of the \"%V\" variable "
- "is more than 65535 bytes: \"%v\"",
- &ctx->var, vv);
- return NGX_DECLINED;
- }
+ vv = ngx_http_get_indexed_variable(r, ctx->index);
- r->main->limit_req_set = 1;
-
- hash = ngx_crc32_short(vv->data, len);
+ if (vv == NULL || vv->not_found) {
+ continue;
+ }
- ngx_shmtx_lock(&ctx->shpool->mutex);
+ len = vv->len;
- ngx_http_limit_req_expire(ctx, 1);
+ if (len == 0) {
+ continue;
+ }
- rc = ngx_http_limit_req_lookup(lrcf, hash, vv->data, len, &excess);
+ if (len > 65535) {
+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+ "the value of the \"%V\" variable "
+ "is more than 65535 bytes: \"%v\"",
+ &ctx->var, vv);
+ continue;
+ }
- ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
- "limit_req: %i %ui.%03ui", rc, excess / 1000, excess % 1000);
+ hash = ngx_crc32_short(vv->data, len);
- if (rc == NGX_DECLINED) {
+ ngx_shmtx_lock(&ctx->shpool->mutex);
- n = offsetof(ngx_rbtree_node_t, color)
- + offsetof(ngx_http_limit_req_node_t, data)
- + len;
+ rc = ngx_http_limit_req_lookup(limit, hash, vv->data, len, &excess,
+ (n == lrcf->limits.nelts - 1));
- node = ngx_slab_alloc_locked(ctx->shpool, n);
- if (node == NULL) {
+ ngx_shmtx_unlock(&ctx->shpool->mutex);
- ngx_http_limit_req_expire(ctx, 0);
+ ngx_log_debug4(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+ "limit_req[%ui]: %i %ui.%03ui",
+ n, rc, excess / 1000, excess % 1000);
- node = ngx_slab_alloc_locked(ctx->shpool, n);
- if (node == NULL) {
- ngx_shmtx_unlock(&ctx->shpool->mutex);
- return NGX_HTTP_SERVICE_UNAVAILABLE;
- }
+ if (rc != NGX_AGAIN) {
+ break;
}
+ }
- lr = (ngx_http_limit_req_node_t *) &node->color;
+ if (rc == NGX_DECLINED) {
+ return NGX_DECLINED;
+ }
- node->key = hash;
- lr->len = (u_char) len;
+ r->main->limit_req_set = 1;
- tp = ngx_timeofday();
- lr->last = (ngx_msec_t) (tp->sec * 1000 + tp->msec);
+ if (rc == NGX_BUSY || rc == NGX_ERROR) {
- lr->excess = 0;
- ngx_memcpy(lr->data, vv->data, len);
+ if (rc == NGX_BUSY) {
+ ngx_log_error(lrcf->limit_log_level, r->connection->log, 0,
+ "limiting requests, excess: %ui.%03ui by zone \"%V\"",
+ excess / 1000, excess % 1000,
+ &limit->shm_zone->shm.name);
+ }
- ngx_rbtree_insert(&ctx->sh->rbtree, node);
+ while (n--) {
+ ctx = limits[n].shm_zone->data;
- ngx_queue_insert_head(&ctx->sh->queue, &lr->queue);
+ if (ctx->node == NULL) {
+ continue;
+ }
- ngx_shmtx_unlock(&ctx->shpool->mutex);
+ ngx_shmtx_lock(&ctx->shpool->mutex);
- return NGX_DECLINED;
- }
+ ctx->node->count--;
- ngx_shmtx_unlock(&ctx->shpool->mutex);
+ ngx_shmtx_unlock(&ctx->shpool->mutex);
- if (rc == NGX_OK) {
- return NGX_DECLINED;
+ ctx->node = NULL;
+ }
+
+ return NGX_HTTP_SERVICE_UNAVAILABLE;
}
- if (rc == NGX_BUSY) {
- ngx_log_error(lrcf->limit_log_level, r->connection->log, 0,
- "limiting requests, excess: %ui.%03ui by zone \"%V\"",
- excess / 1000, excess % 1000, &lrcf->shm_zone->shm.name);
+ /* rc == NGX_AGAIN || rc == NGX_OK */
- return NGX_HTTP_SERVICE_UNAVAILABLE;
+ if (rc == NGX_AGAIN) {
+ excess = 0;
}
- /* rc == NGX_AGAIN */
+ delay = ngx_http_limit_req_account(limits, n, &excess, &limit);
- if (lrcf->nodelay) {
+ if (!delay) {
return NGX_DECLINED;
}
ngx_log_error(lrcf->delay_log_level, r->connection->log, 0,
"delaying request, excess: %ui.%03ui, by zone \"%V\"",
- excess / 1000, excess % 1000, &lrcf->shm_zone->shm.name);
+ excess / 1000, excess % 1000, &limit->shm_zone->shm.name);
if (ngx_handle_read_event(r->connection->read, 0) != NGX_OK) {
return NGX_HTTP_INTERNAL_SERVER_ERROR;
@@ -260,8 +270,7 @@ ngx_http_limit_req_handler(ngx_http_request_t *r)
r->read_event_handler = ngx_http_test_reading;
r->write_event_handler = ngx_http_limit_req_delay;
- ngx_add_timer(r->connection->write,
- (ngx_msec_t) excess * 1000 / ctx->rate);
+ ngx_add_timer(r->connection->write, delay);
return NGX_AGAIN;
}
@@ -342,9 +351,10 @@ ngx_http_limit_req_rbtree_insert_value(ngx_rbtree_node_t *temp,
static ngx_int_t
-ngx_http_limit_req_lookup(ngx_http_limit_req_conf_t *lrcf, ngx_uint_t hash,
- u_char *data, size_t len, ngx_uint_t *ep)
+ngx_http_limit_req_lookup(ngx_http_limit_req_limit_t *limit, ngx_uint_t hash,
+ u_char *data, size_t len, ngx_uint_t *ep, ngx_uint_t account)
{
+ size_t size;
ngx_int_t rc, excess;
ngx_time_t *tp;
ngx_msec_t now;
@@ -353,7 +363,10 @@ ngx_http_limit_req_lookup(ngx_http_limit_req_conf_t *lrcf, ngx_uint_t hash,
ngx_http_limit_req_ctx_t *ctx;
ngx_http_limit_req_node_t *lr;
- ctx = lrcf->shm_zone->data;
+ tp = ngx_timeofday();
+ now = (ngx_msec_t) (tp->sec * 1000 + tp->msec);
+
+ ctx = limit->shm_zone->data;
node = ctx->sh->rbtree.root;
sentinel = ctx->sh->rbtree.sentinel;
@@ -380,9 +393,6 @@ ngx_http_limit_req_lookup(ngx_http_limit_req_conf_t *lrcf, ngx_uint_t hash,
ngx_queue_remove(&lr->queue);
ngx_queue_insert_head(&ctx->sh->queue, &lr->queue);
- tp = ngx_timeofday();
-
- now = (ngx_msec_t) (tp->sec * 1000 + tp->msec);
ms = (ngx_msec_int_t) (now - lr->last);
excess = lr->excess - ctx->rate * ngx_abs(ms) / 1000 + 1000;
@@ -393,18 +403,21 @@ ngx_http_limit_req_lookup(ngx_http_limit_req_conf_t *lrcf, ngx_uint_t hash,
*ep = excess;
- if ((ngx_uint_t) excess > lrcf->burst) {
+ if ((ngx_uint_t) excess > limit->burst) {
return NGX_BUSY;
}
- lr->excess = excess;
- lr->last = now;
-
- if (excess) {
- return NGX_AGAIN;
+ if (account) {
+ lr->excess = excess;
+ lr->last = now;
+ return NGX_OK;
}
- return NGX_OK;
+ lr->count++;
+
+ ctx->node = lr;
+
+ return NGX_AGAIN;
}
node = (rc < 0) ? node->left : node->right;
@@ -412,7 +425,115 @@ ngx_http_limit_req_lookup(ngx_http_limit_req_conf_t *lrcf, ngx_uint_t hash,
*ep = 0;
- return NGX_DECLINED;
+ size = offsetof(ngx_rbtree_node_t, color)
+ + offsetof(ngx_http_limit_req_node_t, data)
+ + len;
+
+ ngx_http_limit_req_expire(ctx, 1);
+
+ node = ngx_slab_alloc_locked(ctx->shpool, size);
+
+ if (node == NULL) {
+ ngx_http_limit_req_expire(ctx, 0);
+
+ node = ngx_slab_alloc_locked(ctx->shpool, size);
+ if (node == NULL) {
+ return NGX_ERROR;
+ }
+ }
+
+ node->key = hash;
+
+ ngx_rbtree_insert(&ctx->sh->rbtree, node);
+
+ lr = (ngx_http_limit_req_node_t *) &node->color;
+
+ ngx_queue_insert_head(&ctx->sh->queue, &lr->queue);
+
+ lr->len = (u_char) len;
+ lr->excess = 0;
+
+ ngx_memcpy(lr->data, data, len);
+
+ if (account) {
+ lr->last = now;
+ lr->count = 0;
+ return NGX_OK;
+ }
+
+ lr->last = 0;
+ lr->count = 1;
+
+ ctx->node = lr;
+
+ return NGX_AGAIN;
+}
+
+
+static ngx_msec_t
+ngx_http_limit_req_account(ngx_http_limit_req_limit_t *limits, ngx_uint_t n,
+ ngx_uint_t *ep, ngx_http_limit_req_limit_t **limit)
+{
+ ngx_int_t excess;
+ ngx_time_t *tp;
+ ngx_msec_t now, delay, max_delay;
+ ngx_msec_int_t ms;
+ ngx_http_limit_req_ctx_t *ctx;
+ ngx_http_limit_req_node_t *lr;
+
+ excess = *ep;
+
+ if (excess == 0 || (*limit)->nodelay) {
+ max_delay = 0;
+
+ } else {
+ ctx = (*limit)->shm_zone->data;
+ max_delay = excess * 1000 / ctx->rate;
+ }
+
+ while (n--) {
+ ctx = limits[n].shm_zone->data;
+ lr = ctx->node;
+
+ if (lr == NULL) {
+ continue;
+ }
+
+ ngx_shmtx_lock(&ctx->shpool->mutex);
+
+ tp = ngx_timeofday();
+
+ now = (ngx_msec_t) (tp->sec * 1000 + tp->msec);
+ ms = (ngx_msec_int_t) (now - lr->last);
+
+ excess = lr->excess - ctx->rate * ngx_abs(ms) / 1000 + 1000;
+
+ if (excess < 0) {
+ excess = 0;
+ }
+
+ lr->last = now;
+ lr->excess = excess;
+ lr->count--;
+
+ ngx_shmtx_unlock(&ctx->shpool->mutex);
+
+ ctx->node = NULL;
+
+ if (limits[n].nodelay) {
+ continue;
+ }
+
+ delay = excess * 1000 / ctx->rate;
+
+ if (delay > max_delay) {
+ max_delay = delay;
+ *ep = excess;
+ *limit = &limits[n];
+ }
+ }
+
+ return max_delay;
}
@@ -447,6 +568,16 @@ ngx_http_limit_req_expire(ngx_http_limit_req_ctx_t *ctx, ngx_uint_t n)
lr = ngx_queue_data(q, ngx_http_limit_req_node_t, queue);
+ if (lr->count) {
+
+ /*
+ * There is not much sense in looking further,
+ * because we bump nodes on the lookup stage.
+ */
+
+ return;
+ }
+
if (n++ != 0) {
ms = (ngx_msec_int_t) (now - lr->last);
@@ -547,9 +678,7 @@ ngx_http_limit_req_create_conf(ngx_conf_t *cf)
/*
* set by ngx_pcalloc():
*
- * conf->shm_zone = NULL;
- * conf->burst = 0;
- * conf->nodelay = 0;
+ * conf->limits.elts = NULL;
*/
conf->limit_log_level = NGX_CONF_UNSET_UINT;
@@ -564,10 +693,8 @@ ngx_http_limit_req_merge_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_http_limit_req_conf_t *prev = parent;
ngx_http_limit_req_conf_t *conf = child;
- if (conf->shm_zone == NULL) {
- conf->shm_zone = prev->shm_zone;
- conf->burst = prev->burst;
- conf->nodelay = prev->nodelay;
+ if (conf->limits.elts == NULL) {
+ conf->limits = prev->limits;
}
ngx_conf_merge_uint_value(conf->limit_log_level, prev->limit_log_level,
@@ -584,7 +711,8 @@ static char *
ngx_http_limit_req_zone(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
u_char *p;
- size_t size, len;
+ size_t len;
+ ssize_t size;
ngx_str_t *value, name, s;
ngx_int_t rate, scale;
ngx_uint_t i;
@@ -607,25 +735,32 @@ ngx_http_limit_req_zone(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
p = (u_char *) ngx_strchr(name.data, ':');
- if (p) {
- *p = '\0';
+ if (p == NULL) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "invalid zone size \"%V\"", &value[i]);
+ return NGX_CONF_ERROR;
+ }
- name.len = p - name.data;
+ name.len = p - name.data;
- p++;
+ s.data = p + 1;
+ s.len = value[i].data + value[i].len - s.data;
- s.len = value[i].data + value[i].len - p;
- s.data = p;
+ size = ngx_parse_size(&s);
- size = ngx_parse_size(&s);
- if (size > 8191) {
- continue;
- }
+ if (size == NGX_ERROR) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "invalid zone size \"%V\"", &value[i]);
+ return NGX_CONF_ERROR;
}
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "invalid zone size \"%V\"", &value[i]);
- return NGX_CONF_ERROR;
+ if (size < (ssize_t) (8 * ngx_pagesize)) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "zone \"%V\" is too small", &value[i]);
+ return NGX_CONF_ERROR;
+ }
+
+ continue;
}
if (ngx_strncmp(value[i].data, "rate=", 5) == 0) {
@@ -677,7 +812,7 @@ ngx_http_limit_req_zone(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
return NGX_CONF_ERROR;
}
- if (name.len == 0 || size == 0) {
+ if (name.len == 0) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"\"%V\" must have \"zone\" parameter",
&cmd->name);
@@ -686,8 +821,8 @@ ngx_http_limit_req_zone(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
if (ctx == NULL) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "no variable is defined for limit_req_zone \"%V\"",
- &cmd->name);
+ "no variable is defined for %V \"%V\"",
+ &cmd->name, &name);
return NGX_CONF_ERROR;
}
@@ -703,8 +838,8 @@ ngx_http_limit_req_zone(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
ctx = shm_zone->data;
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "limit_req_zone \"%V\" is already bound to variable \"%V\"",
- &value[1], &ctx->var);
+ "%V \"%V\" is already bound to variable \"%V\"",
+ &cmd->name, &name, &ctx->var);
return NGX_CONF_ERROR;
}
@@ -720,17 +855,17 @@ ngx_http_limit_req(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_http_limit_req_conf_t *lrcf = conf;
- ngx_int_t burst;
- ngx_str_t *value, s;
- ngx_uint_t i;
-
- if (lrcf->shm_zone) {
- return "is duplicate";
- }
+ ngx_int_t burst;
+ ngx_str_t *value, s;
+ ngx_uint_t i, nodelay;
+ ngx_shm_zone_t *shm_zone;
+ ngx_http_limit_req_limit_t *limit, *limits;
value = cf->args->elts;
+ shm_zone = NULL;
burst = 0;
+ nodelay = 0;
for (i = 1; i < cf->args->nelts; i++) {
@@ -739,9 +874,9 @@ ngx_http_limit_req(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
s.len = value[i].len - 5;
s.data = value[i].data + 5;
- lrcf->shm_zone = ngx_shared_memory_add(cf, &s, 0,
- &ngx_http_limit_req_module);
- if (lrcf->shm_zone == NULL) {
+ shm_zone = ngx_shared_memory_add(cf, &s, 0,
+ &ngx_http_limit_req_module);
+ if (shm_zone == NULL) {
return NGX_CONF_ERROR;
}
@@ -761,7 +896,7 @@ ngx_http_limit_req(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
}
if (ngx_strncmp(value[i].data, "nodelay", 7) == 0) {
- lrcf->nodelay = 1;
+ nodelay = 1;
continue;
}
@@ -770,21 +905,42 @@ ngx_http_limit_req(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
return NGX_CONF_ERROR;
}
- if (lrcf->shm_zone == NULL) {
+ if (shm_zone == NULL) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"\"%V\" must have \"zone\" parameter",
&cmd->name);
return NGX_CONF_ERROR;
}
- if (lrcf->shm_zone->data == NULL) {
+ if (shm_zone->data == NULL) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"unknown limit_req_zone \"%V\"",
- &lrcf->shm_zone->shm.name);
+ &shm_zone->shm.name);
return NGX_CONF_ERROR;
}
- lrcf->burst = burst * 1000;
+ limits = lrcf->limits.elts;
+
+ if (limits == NULL) {
+ if (ngx_array_init(&lrcf->limits, cf->pool, 1,
+ sizeof(ngx_http_limit_req_limit_t))
+ != NGX_OK)
+ {
+ return NGX_CONF_ERROR;
+ }
+ }
+
+ for (i = 0; i < lrcf->limits.nelts; i++) {
+ if (shm_zone == limits[i].shm_zone) {
+ return "is duplicate";
+ }
+ }
+
+ limit = ngx_array_push(&lrcf->limits);
+
+ limit->shm_zone = shm_zone;
+ limit->burst = burst * 1000;
+ limit->nodelay = nodelay;
return NGX_CONF_OK;
}
diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_limit_zone_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_limit_zone_module.c
deleted file mode 100644
index 5ebedcd902b..00000000000
--- a/usr.sbin/nginx/src/http/modules/ngx_http_limit_zone_module.c
+++ /dev/null
@@ -1,553 +0,0 @@
-
-/*
- * Copyright (C) Igor Sysoev
- * Copyright (C) Nginx, Inc.
- */
-
-
-#include <ngx_config.h>
-#include <ngx_core.h>
-#include <ngx_http.h>
-
-
-typedef struct {
- u_char color;
- u_char len;
- u_short conn;
- u_char data[1];
-} ngx_http_limit_zone_node_t;
-
-
-typedef struct {
- ngx_shm_zone_t *shm_zone;
- ngx_rbtree_node_t *node;
-} ngx_http_limit_zone_cleanup_t;
-
-
-typedef struct {
- ngx_rbtree_t *rbtree;
- ngx_int_t index;
- ngx_str_t var;
-} ngx_http_limit_zone_ctx_t;
-
-
-typedef struct {
- ngx_shm_zone_t *shm_zone;
- ngx_uint_t conn;
- ngx_uint_t log_level;
-} ngx_http_limit_zone_conf_t;
-
-
-static void ngx_http_limit_zone_cleanup(void *data);
-
-static void *ngx_http_limit_zone_create_conf(ngx_conf_t *cf);
-static char *ngx_http_limit_zone_merge_conf(ngx_conf_t *cf, void *parent,
- void *child);
-static char *ngx_http_limit_zone(ngx_conf_t *cf, ngx_command_t *cmd,
- void *conf);
-static char *ngx_http_limit_conn(ngx_conf_t *cf, ngx_command_t *cmd,
- void *conf);
-static ngx_int_t ngx_http_limit_zone_init(ngx_conf_t *cf);
-
-
-static ngx_conf_enum_t ngx_http_limit_conn_log_levels[] = {
- { ngx_string("info"), NGX_LOG_INFO },
- { ngx_string("notice"), NGX_LOG_NOTICE },
- { ngx_string("warn"), NGX_LOG_WARN },
- { ngx_string("error"), NGX_LOG_ERR },
- { ngx_null_string, 0 }
-};
-
-
-static ngx_command_t ngx_http_limit_zone_commands[] = {
-
- { ngx_string("limit_zone"),
- NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE3,
- ngx_http_limit_zone,
- 0,
- 0,
- NULL },
-
- { ngx_string("limit_conn"),
- NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE2,
- ngx_http_limit_conn,
- NGX_HTTP_LOC_CONF_OFFSET,
- 0,
- NULL },
-
- { ngx_string("limit_conn_log_level"),
- NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
- ngx_conf_set_enum_slot,
- NGX_HTTP_LOC_CONF_OFFSET,
- offsetof(ngx_http_limit_zone_conf_t, log_level),
- &ngx_http_limit_conn_log_levels },
-
- ngx_null_command
-};
-
-
-static ngx_http_module_t ngx_http_limit_zone_module_ctx = {
- NULL, /* preconfiguration */
- ngx_http_limit_zone_init, /* postconfiguration */
-
- NULL, /* create main configuration */
- NULL, /* init main configuration */
-
- NULL, /* create server configuration */
- NULL, /* merge server configuration */
-
- ngx_http_limit_zone_create_conf, /* create location configuration */
- ngx_http_limit_zone_merge_conf /* merge location configuration */
-};
-
-
-ngx_module_t ngx_http_limit_zone_module = {
- NGX_MODULE_V1,
- &ngx_http_limit_zone_module_ctx, /* module context */
- ngx_http_limit_zone_commands, /* module directives */
- NGX_HTTP_MODULE, /* module type */
- NULL, /* init master */
- NULL, /* init module */
- NULL, /* init process */
- NULL, /* init thread */
- NULL, /* exit thread */
- NULL, /* exit process */
- NULL, /* exit master */
- NGX_MODULE_V1_PADDING
-};
-
-
-static ngx_int_t
-ngx_http_limit_zone_handler(ngx_http_request_t *r)
-{
- size_t len, n;
- uint32_t hash;
- ngx_int_t rc;
- ngx_slab_pool_t *shpool;
- ngx_rbtree_node_t *node, *sentinel;
- ngx_pool_cleanup_t *cln;
- ngx_http_variable_value_t *vv;
- ngx_http_limit_zone_ctx_t *ctx;
- ngx_http_limit_zone_node_t *lz;
- ngx_http_limit_zone_conf_t *lzcf;
- ngx_http_limit_zone_cleanup_t *lzcln;
-
- if (r->main->limit_zone_set) {
- return NGX_DECLINED;
- }
-
- lzcf = ngx_http_get_module_loc_conf(r, ngx_http_limit_zone_module);
-
- if (lzcf->shm_zone == NULL) {
- return NGX_DECLINED;
- }
-
- ctx = lzcf->shm_zone->data;
-
- vv = ngx_http_get_indexed_variable(r, ctx->index);
-
- if (vv == NULL || vv->not_found) {
- return NGX_DECLINED;
- }
-
- len = vv->len;
-
- if (len == 0) {
- return NGX_DECLINED;
- }
-
- if (len > 255) {
- ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
- "the value of the \"%V\" variable "
- "is more than 255 bytes: \"%v\"",
- &ctx->var, vv);
- return NGX_DECLINED;
- }
-
- r->main->limit_zone_set = 1;
-
- hash = ngx_crc32_short(vv->data, len);
-
- cln = ngx_pool_cleanup_add(r->pool, sizeof(ngx_http_limit_zone_cleanup_t));
- if (cln == NULL) {
- return NGX_HTTP_INTERNAL_SERVER_ERROR;
- }
-
- shpool = (ngx_slab_pool_t *) lzcf->shm_zone->shm.addr;
-
- ngx_shmtx_lock(&shpool->mutex);
-
- node = ctx->rbtree->root;
- sentinel = ctx->rbtree->sentinel;
-
- while (node != sentinel) {
-
- if (hash < node->key) {
- node = node->left;
- continue;
- }
-
- if (hash > node->key) {
- node = node->right;
- continue;
- }
-
- /* hash == node->key */
-
- lz = (ngx_http_limit_zone_node_t *) &node->color;
-
- rc = ngx_memn2cmp(vv->data, lz->data, len, (size_t) lz->len);
-
- if (rc == 0) {
- if ((ngx_uint_t) lz->conn < lzcf->conn) {
- lz->conn++;
- goto done;
- }
-
- ngx_shmtx_unlock(&shpool->mutex);
-
- ngx_log_error(lzcf->log_level, r->connection->log, 0,
- "limiting connections by zone \"%V\"",
- &lzcf->shm_zone->shm.name);
-
- return NGX_HTTP_SERVICE_UNAVAILABLE;
- }
-
- node = (rc < 0) ? node->left : node->right;
- }
-
- n = offsetof(ngx_rbtree_node_t, color)
- + offsetof(ngx_http_limit_zone_node_t, data)
- + len;
-
- node = ngx_slab_alloc_locked(shpool, n);
- if (node == NULL) {
- ngx_shmtx_unlock(&shpool->mutex);
- return NGX_HTTP_SERVICE_UNAVAILABLE;
- }
-
- lz = (ngx_http_limit_zone_node_t *) &node->color;
-
- node->key = hash;
- lz->len = (u_char) len;
- lz->conn = 1;
- ngx_memcpy(lz->data, vv->data, len);
-
- ngx_rbtree_insert(ctx->rbtree, node);
-
-done:
-
- ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
- "limit zone: %08XD %d", node->key, lz->conn);
-
- ngx_shmtx_unlock(&shpool->mutex);
-
- cln->handler = ngx_http_limit_zone_cleanup;
- lzcln = cln->data;
-
- lzcln->shm_zone = lzcf->shm_zone;
- lzcln->node = node;
-
- return NGX_DECLINED;
-}
-
-
-static void
-ngx_http_limit_zone_rbtree_insert_value(ngx_rbtree_node_t *temp,
- ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel)
-{
- ngx_rbtree_node_t **p;
- ngx_http_limit_zone_node_t *lzn, *lznt;
-
- for ( ;; ) {
-
- if (node->key < temp->key) {
-
- p = &temp->left;
-
- } else if (node->key > temp->key) {
-
- p = &temp->right;
-
- } else { /* node->key == temp->key */
-
- lzn = (ngx_http_limit_zone_node_t *) &node->color;
- lznt = (ngx_http_limit_zone_node_t *) &temp->color;
-
- p = (ngx_memn2cmp(lzn->data, lznt->data, lzn->len, lznt->len) < 0)
- ? &temp->left : &temp->right;
- }
-
- if (*p == sentinel) {
- break;
- }
-
- temp = *p;
- }
-
- *p = node;
- node->parent = temp;
- node->left = sentinel;
- node->right = sentinel;
- ngx_rbt_red(node);
-}
-
-
-static void
-ngx_http_limit_zone_cleanup(void *data)
-{
- ngx_http_limit_zone_cleanup_t *lzcln = data;
-
- ngx_slab_pool_t *shpool;
- ngx_rbtree_node_t *node;
- ngx_http_limit_zone_ctx_t *ctx;
- ngx_http_limit_zone_node_t *lz;
-
- ctx = lzcln->shm_zone->data;
- shpool = (ngx_slab_pool_t *) lzcln->shm_zone->shm.addr;
- node = lzcln->node;
- lz = (ngx_http_limit_zone_node_t *) &node->color;
-
- ngx_shmtx_lock(&shpool->mutex);
-
- ngx_log_debug2(NGX_LOG_DEBUG_HTTP, lzcln->shm_zone->shm.log, 0,
- "limit zone cleanup: %08XD %d", node->key, lz->conn);
-
- lz->conn--;
-
- if (lz->conn == 0) {
- ngx_rbtree_delete(ctx->rbtree, node);
- ngx_slab_free_locked(shpool, node);
- }
-
- ngx_shmtx_unlock(&shpool->mutex);
-}
-
-
-static ngx_int_t
-ngx_http_limit_zone_init_zone(ngx_shm_zone_t *shm_zone, void *data)
-{
- ngx_http_limit_zone_ctx_t *octx = data;
-
- size_t len;
- ngx_slab_pool_t *shpool;
- ngx_rbtree_node_t *sentinel;
- ngx_http_limit_zone_ctx_t *ctx;
-
- ctx = shm_zone->data;
-
- if (octx) {
- if (ngx_strcmp(ctx->var.data, octx->var.data) != 0) {
- ngx_log_error(NGX_LOG_EMERG, shm_zone->shm.log, 0,
- "limit_zone \"%V\" uses the \"%V\" variable "
- "while previously it used the \"%V\" variable",
- &shm_zone->shm.name, &ctx->var, &octx->var);
- return NGX_ERROR;
- }
-
- ctx->rbtree = octx->rbtree;
-
- return NGX_OK;
- }
-
- shpool = (ngx_slab_pool_t *) shm_zone->shm.addr;
-
- if (shm_zone->shm.exists) {
- ctx->rbtree = shpool->data;
-
- return NGX_OK;
- }
-
- ctx->rbtree = ngx_slab_alloc(shpool, sizeof(ngx_rbtree_t));
- if (ctx->rbtree == NULL) {
- return NGX_ERROR;
- }
-
- shpool->data = ctx->rbtree;
-
- sentinel = ngx_slab_alloc(shpool, sizeof(ngx_rbtree_node_t));
- if (sentinel == NULL) {
- return NGX_ERROR;
- }
-
- ngx_rbtree_init(ctx->rbtree, sentinel,
- ngx_http_limit_zone_rbtree_insert_value);
-
- len = sizeof(" in limit_zone \"\"") + shm_zone->shm.name.len;
-
- shpool->log_ctx = ngx_slab_alloc(shpool, len);
- if (shpool->log_ctx == NULL) {
- return NGX_ERROR;
- }
-
- ngx_sprintf(shpool->log_ctx, " in limit_zone \"%V\"%Z",
- &shm_zone->shm.name);
-
- return NGX_OK;
-}
-
-
-static void *
-ngx_http_limit_zone_create_conf(ngx_conf_t *cf)
-{
- ngx_http_limit_zone_conf_t *conf;
-
- conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_limit_zone_conf_t));
- if (conf == NULL) {
- return NULL;
- }
-
- /*
- * set by ngx_pcalloc():
- *
- * conf->shm_zone = NULL;
- * conf->conn = 0;
- */
-
- conf->log_level = NGX_CONF_UNSET_UINT;
-
- return conf;
-}
-
-
-static char *
-ngx_http_limit_zone_merge_conf(ngx_conf_t *cf, void *parent, void *child)
-{
- ngx_http_limit_zone_conf_t *prev = parent;
- ngx_http_limit_zone_conf_t *conf = child;
-
- if (conf->shm_zone == NULL) {
- conf->shm_zone = prev->shm_zone;
- conf->conn = prev->conn;
- }
-
- ngx_conf_merge_uint_value(conf->log_level, prev->log_level, NGX_LOG_ERR);
-
- return NGX_CONF_OK;
-}
-
-
-static char *
-ngx_http_limit_zone(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
-{
- ssize_t n;
- ngx_str_t *value;
- ngx_shm_zone_t *shm_zone;
- ngx_http_limit_zone_ctx_t *ctx;
-
- value = cf->args->elts;
-
- if (value[2].data[0] != '$') {
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "invalid variable name \"%V\"", &value[2]);
- return NGX_CONF_ERROR;
- }
-
- value[2].len--;
- value[2].data++;
-
- ctx = ngx_pcalloc(cf->pool, sizeof(ngx_http_limit_zone_ctx_t));
- if (ctx == NULL) {
- return NGX_CONF_ERROR;
- }
-
- ctx->index = ngx_http_get_variable_index(cf, &value[2]);
- if (ctx->index == NGX_ERROR) {
- return NGX_CONF_ERROR;
- }
-
- ctx->var = value[2];
-
- n = ngx_parse_size(&value[3]);
-
- if (n == NGX_ERROR) {
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "invalid size of limit_zone \"%V\"", &value[3]);
- return NGX_CONF_ERROR;
- }
-
- if (n < (ngx_int_t) (8 * ngx_pagesize)) {
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "limit_zone \"%V\" is too small", &value[1]);
- return NGX_CONF_ERROR;
- }
-
-
- shm_zone = ngx_shared_memory_add(cf, &value[1], n,
- &ngx_http_limit_zone_module);
- if (shm_zone == NULL) {
- return NGX_CONF_ERROR;
- }
-
- if (shm_zone->data) {
- ctx = shm_zone->data;
-
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "limit_zone \"%V\" is already bound to variable \"%V\"",
- &value[1], &ctx->var);
- return NGX_CONF_ERROR;
- }
-
- shm_zone->init = ngx_http_limit_zone_init_zone;
- shm_zone->data = ctx;
-
- return NGX_CONF_OK;
-}
-
-
-static char *
-ngx_http_limit_conn(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
-{
- ngx_http_limit_zone_conf_t *lzcf = conf;
-
- ngx_int_t n;
- ngx_str_t *value;
-
- if (lzcf->shm_zone) {
- return "is duplicate";
- }
-
- value = cf->args->elts;
-
- lzcf->shm_zone = ngx_shared_memory_add(cf, &value[1], 0,
- &ngx_http_limit_zone_module);
- if (lzcf->shm_zone == NULL) {
- return NGX_CONF_ERROR;
- }
-
- n = ngx_atoi(value[2].data, value[2].len);
- if (n <= 0) {
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "invalid number of connections \"%V\"", &value[2]);
- return NGX_CONF_ERROR;
- }
-
- if (n > 65535) {
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "connection limit must be less 65536");
- return NGX_CONF_ERROR;
- }
-
- lzcf->conn = n;
-
- return NGX_CONF_OK;
-}
-
-
-static ngx_int_t
-ngx_http_limit_zone_init(ngx_conf_t *cf)
-{
- ngx_http_handler_pt *h;
- ngx_http_core_main_conf_t *cmcf;
-
- cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module);
-
- h = ngx_array_push(&cmcf->phases[NGX_HTTP_PREACCESS_PHASE].handlers);
- if (h == NULL) {
- return NGX_ERROR;
- }
-
- *h = ngx_http_limit_zone_handler;
-
- return NGX_OK;
-}
diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_log_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_log_module.c
index b40bdd4e59a..2d412853bd9 100644
--- a/usr.sbin/nginx/src/http/modules/ngx_http_log_module.c
+++ b/usr.sbin/nginx/src/http/modules/ngx_http_log_module.c
@@ -80,6 +80,8 @@ static ssize_t ngx_http_log_script_write(ngx_http_request_t *r,
static u_char *ngx_http_log_connection(ngx_http_request_t *r, u_char *buf,
ngx_http_log_op_t *op);
+static u_char *ngx_http_log_connection_requests(ngx_http_request_t *r,
+ u_char *buf, ngx_http_log_op_t *op);
static u_char *ngx_http_log_pipe(ngx_http_request_t *r, u_char *buf,
ngx_http_log_op_t *op);
static u_char *ngx_http_log_time(ngx_http_request_t *r, u_char *buf,
@@ -193,6 +195,8 @@ static ngx_str_t ngx_http_combined_fmt =
static ngx_http_log_var_t ngx_http_log_vars[] = {
{ ngx_string("connection"), NGX_ATOMIC_T_LEN, ngx_http_log_connection },
+ { ngx_string("connection_requests"), NGX_INT_T_LEN,
+ ngx_http_log_connection_requests },
{ ngx_string("pipe"), 1, ngx_http_log_pipe },
{ ngx_string("time_local"), sizeof("28/Sep/1970:12:00:00 +0600") - 1,
ngx_http_log_time },
@@ -373,6 +377,8 @@ ngx_http_log_script_write(ngx_http_request_t *r, ngx_http_log_script_t *script,
ngx_http_log_loc_conf_t *llcf;
ngx_http_core_loc_conf_t *clcf;
+ clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
+
if (!r->root_tested) {
/* test root directory existence */
@@ -384,8 +390,6 @@ ngx_http_log_script_write(ngx_http_request_t *r, ngx_http_log_script_t *script,
path.data[root] = '\0';
- clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
-
ngx_memzero(&of, sizeof(ngx_open_file_info_t));
of.valid = clcf->open_file_cache_valid;
@@ -395,6 +399,11 @@ ngx_http_log_script_write(ngx_http_request_t *r, ngx_http_log_script_t *script,
of.errors = clcf->open_file_cache_errors;
of.events = clcf->open_file_cache_events;
+ if (ngx_http_set_disable_symlinks(r, clcf, &path, &of) != NGX_OK) {
+ /* simulate successful logging */
+ return len;
+ }
+
if (ngx_open_cached_file(clcf->open_file_cache, &path, &of, r->pool)
!= NGX_OK)
{
@@ -442,6 +451,11 @@ ngx_http_log_script_write(ngx_http_request_t *r, ngx_http_log_script_t *script,
of.min_uses = llcf->open_file_cache_min_uses;
of.directio = NGX_OPEN_FILE_DIRECTIO_OFF;
+ if (ngx_http_set_disable_symlinks(r, clcf, &log, &of) != NGX_OK) {
+ /* simulate successful logging */
+ return len;
+ }
+
if (ngx_open_cached_file(llcf->open_file_cache, &log, &of, r->pool)
!= NGX_OK)
{
@@ -491,7 +505,15 @@ static u_char *
ngx_http_log_connection(ngx_http_request_t *r, u_char *buf,
ngx_http_log_op_t *op)
{
- return ngx_sprintf(buf, "%ui", r->connection->number);
+ return ngx_sprintf(buf, "%uA", r->connection->number);
+}
+
+
+static u_char *
+ngx_http_log_connection_requests(ngx_http_request_t *r, u_char *buf,
+ ngx_http_log_op_t *op)
+{
+ return ngx_sprintf(buf, "%ui", r->connection->requests);
}
@@ -972,7 +994,7 @@ buffer:
if (buf == NGX_ERROR) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "invalid parameter \"%V\"", &value[3]);
+ "invalid buffer value \"%V\"", &name);
return NGX_CONF_ERROR;
}
@@ -1005,6 +1027,12 @@ ngx_http_log_set_format(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
ngx_uint_t i;
ngx_http_log_fmt_t *fmt;
+ if (cf->cmd_type != NGX_HTTP_MAIN_CONF) {
+ ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
+ "the \"log_format\" directive may be used "
+ "only on \"http\" level");
+ }
+
value = cf->args->elts;
fmt = lmcf->formats.elts;
@@ -1243,7 +1271,7 @@ ngx_http_log_open_file_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
s.data = value[i].data + 9;
inactive = ngx_parse_time(&s, 1);
- if (inactive < 0) {
+ if (inactive == (time_t) NGX_ERROR) {
goto failed;
}
@@ -1266,7 +1294,7 @@ ngx_http_log_open_file_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
s.data = value[i].data + 6;
valid = ngx_parse_time(&s, 1);
- if (valid < 0) {
+ if (valid == (time_t) NGX_ERROR) {
goto failed;
}
diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_memcached_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_memcached_module.c
index 604334be77e..5077ded9acb 100644
--- a/usr.sbin/nginx/src/http/modules/ngx_http_memcached_module.c
+++ b/usr.sbin/nginx/src/http/modules/ngx_http_memcached_module.c
@@ -345,8 +345,8 @@ found:
while (*p && *p++ != CR) { /* void */ }
- r->headers_out.content_length_n = ngx_atoof(len, p - len - 1);
- if (r->headers_out.content_length_n == -1) {
+ u->headers_in.content_length_n = ngx_atoof(len, p - len - 1);
+ if (u->headers_in.content_length_n == -1) {
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
"memcached sent invalid length in response \"%V\" "
"for key \"%V\"",
@@ -367,6 +367,7 @@ found:
u->headers_in.status_n = 404;
u->state->status = 404;
+ u->keepalive = 1;
return NGX_OK;
}
@@ -408,7 +409,7 @@ ngx_http_memcached_filter(void *data, ssize_t bytes)
u = ctx->request->upstream;
b = &u->buffer;
- if (u->length == ctx->rest) {
+ if (u->length == (ssize_t) ctx->rest) {
if (ngx_strncmp(b->last,
ngx_http_memcached_end + NGX_HTTP_MEMCACHED_END - ctx->rest,
@@ -427,6 +428,10 @@ ngx_http_memcached_filter(void *data, ssize_t bytes)
u->length -= bytes;
ctx->rest -= bytes;
+ if (u->length == 0) {
+ u->keepalive = 1;
+ }
+
return NGX_OK;
}
@@ -464,6 +469,13 @@ ngx_http_memcached_filter(void *data, ssize_t bytes)
if (ngx_strncmp(last, ngx_http_memcached_end, b->last - last) != 0) {
ngx_log_error(NGX_LOG_ERR, ctx->request->connection->log, 0,
"memcached sent invalid trailer");
+
+ b->last = last;
+ cl->buf->last = last;
+ u->length = 0;
+ ctx->rest = 0;
+
+ return NGX_OK;
}
ctx->rest -= b->last - last;
@@ -471,6 +483,10 @@ ngx_http_memcached_filter(void *data, ssize_t bytes)
cl->buf->last = last;
u->length = ctx->rest;
+ if (u->length == 0) {
+ u->keepalive = 1;
+ }
+
return NGX_OK;
}
diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_mp4_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_mp4_module.c
index 92dfbd4116a..433e118a227 100644
--- a/usr.sbin/nginx/src/http/modules/ngx_http_mp4_module.c
+++ b/usr.sbin/nginx/src/http/modules/ngx_http_mp4_module.c
@@ -442,6 +442,10 @@ ngx_http_mp4_handler(ngx_http_request_t *r)
of.errors = clcf->open_file_cache_errors;
of.events = clcf->open_file_cache_events;
+ if (ngx_http_set_disable_symlinks(r, clcf, &path, &of) != NGX_OK) {
+ return NGX_HTTP_INTERNAL_SERVER_ERROR;
+ }
+
if (ngx_open_cached_file(clcf->open_file_cache, &path, &of, r->pool)
!= NGX_OK)
{
@@ -459,6 +463,10 @@ ngx_http_mp4_handler(ngx_http_request_t *r)
break;
case NGX_EACCES:
+#if (NGX_HAVE_OPENAT)
+ case NGX_EMLINK:
+ case NGX_ELOOP:
+#endif
level = NGX_LOG_ERR;
rc = NGX_HTTP_FORBIDDEN;
diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_proxy_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_proxy_module.c
index 75249b74969..387f77f9b34 100644
--- a/usr.sbin/nginx/src/http/modules/ngx_http_proxy_module.c
+++ b/usr.sbin/nginx/src/http/modules/ngx_http_proxy_module.c
@@ -10,25 +10,23 @@
#include <ngx_http.h>
-typedef struct ngx_http_proxy_redirect_s ngx_http_proxy_redirect_t;
+typedef struct ngx_http_proxy_rewrite_s ngx_http_proxy_rewrite_t;
-typedef ngx_int_t (*ngx_http_proxy_redirect_pt)(ngx_http_request_t *r,
- ngx_table_elt_t *h, size_t prefix, ngx_http_proxy_redirect_t *pr);
+typedef ngx_int_t (*ngx_http_proxy_rewrite_pt)(ngx_http_request_t *r,
+ ngx_table_elt_t *h, size_t prefix, size_t len,
+ ngx_http_proxy_rewrite_t *pr);
-struct ngx_http_proxy_redirect_s {
- ngx_http_proxy_redirect_pt handler;
- ngx_str_t redirect;
+struct ngx_http_proxy_rewrite_s {
+ ngx_http_proxy_rewrite_pt handler;
union {
- ngx_str_t text;
-
- struct {
- void *lengths;
- void *values;
- } vars;
+ ngx_http_complex_value_t complex;
+#if (NGX_PCRE)
+ ngx_http_regex_t *regex;
+#endif
+ } pattern;
- void *regex;
- } replacement;
+ ngx_http_complex_value_t replacement;
};
@@ -57,6 +55,8 @@ typedef struct {
ngx_array_t *proxy_values;
ngx_array_t *redirects;
+ ngx_array_t *cookie_domains;
+ ngx_array_t *cookie_paths;
ngx_str_t body_source;
@@ -72,6 +72,8 @@ typedef struct {
ngx_flag_t redirect;
+ ngx_uint_t http_version;
+
ngx_uint_t headers_hash_max_size;
ngx_uint_t headers_hash_bucket_size;
} ngx_http_proxy_loc_conf_t;
@@ -81,6 +83,12 @@ typedef struct {
ngx_http_status_t status;
ngx_http_proxy_vars_t vars;
size_t internal_body_length;
+
+ ngx_uint_t state;
+ off_t size;
+ off_t length;
+
+ ngx_uint_t head; /* unsigned head:1 */
} ngx_http_proxy_ctx_t;
@@ -93,6 +101,15 @@ static ngx_int_t ngx_http_proxy_create_request(ngx_http_request_t *r);
static ngx_int_t ngx_http_proxy_reinit_request(ngx_http_request_t *r);
static ngx_int_t ngx_http_proxy_process_status_line(ngx_http_request_t *r);
static ngx_int_t ngx_http_proxy_process_header(ngx_http_request_t *r);
+static ngx_int_t ngx_http_proxy_input_filter_init(void *data);
+static ngx_int_t ngx_http_proxy_copy_filter(ngx_event_pipe_t *p,
+ ngx_buf_t *buf);
+static ngx_int_t ngx_http_proxy_chunked_filter(ngx_event_pipe_t *p,
+ ngx_buf_t *buf);
+static ngx_int_t ngx_http_proxy_non_buffered_copy_filter(void *data,
+ ssize_t bytes);
+static ngx_int_t ngx_http_proxy_non_buffered_chunked_filter(void *data,
+ ssize_t bytes);
static void ngx_http_proxy_abort_request(ngx_http_request_t *r);
static void ngx_http_proxy_finalize_request(ngx_http_request_t *r,
ngx_int_t rc);
@@ -109,6 +126,12 @@ static ngx_int_t
ngx_http_variable_value_t *v, uintptr_t data);
static ngx_int_t ngx_http_proxy_rewrite_redirect(ngx_http_request_t *r,
ngx_table_elt_t *h, size_t prefix);
+static ngx_int_t ngx_http_proxy_rewrite_cookie(ngx_http_request_t *r,
+ ngx_table_elt_t *h);
+static ngx_int_t ngx_http_proxy_rewrite_cookie_value(ngx_http_request_t *r,
+ ngx_table_elt_t *h, u_char *value, ngx_array_t *rewrites);
+static ngx_int_t ngx_http_proxy_rewrite(ngx_http_request_t *r,
+ ngx_table_elt_t *h, size_t prefix, size_t len, ngx_str_t *replacement);
static ngx_int_t ngx_http_proxy_add_variables(ngx_conf_t *cf);
static void *ngx_http_proxy_create_loc_conf(ngx_conf_t *cf);
@@ -121,6 +144,10 @@ static char *ngx_http_proxy_pass(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
static char *ngx_http_proxy_redirect(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
+static char *ngx_http_proxy_cookie_domain(ngx_conf_t *cf, ngx_command_t *cmd,
+ void *conf);
+static char *ngx_http_proxy_cookie_path(ngx_conf_t *cf, ngx_command_t *cmd,
+ void *conf);
static char *ngx_http_proxy_store(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
#if (NGX_HTTP_CACHE)
@@ -132,6 +159,9 @@ static char *ngx_http_proxy_cache_key(ngx_conf_t *cf, ngx_command_t *cmd,
static char *ngx_http_proxy_lowat_check(ngx_conf_t *cf, void *post, void *data);
+static ngx_int_t ngx_http_proxy_rewrite_regex(ngx_conf_t *cf,
+ ngx_http_proxy_rewrite_t *pr, ngx_str_t *regex, ngx_uint_t caseless);
+
#if (NGX_HTTP_SSL)
static ngx_int_t ngx_http_proxy_set_ssl(ngx_conf_t *cf,
ngx_http_proxy_loc_conf_t *plcf);
@@ -158,6 +188,13 @@ static ngx_conf_bitmask_t ngx_http_proxy_next_upstream_masks[] = {
};
+static ngx_conf_enum_t ngx_http_proxy_http_version[] = {
+ { ngx_string("1.0"), NGX_HTTP_VERSION_10 },
+ { ngx_string("1.1"), NGX_HTTP_VERSION_11 },
+ { ngx_null_string, 0 }
+};
+
+
ngx_module_t ngx_http_proxy_module;
@@ -177,6 +214,20 @@ static ngx_command_t ngx_http_proxy_commands[] = {
0,
NULL },
+ { ngx_string("proxy_cookie_domain"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE12,
+ ngx_http_proxy_cookie_domain,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ 0,
+ NULL },
+
+ { ngx_string("proxy_cookie_path"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE12,
+ ngx_http_proxy_cookie_path,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ 0,
+ NULL },
+
{ ngx_string("proxy_store"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
ngx_http_proxy_store,
@@ -382,6 +433,20 @@ static ngx_command_t ngx_http_proxy_commands[] = {
offsetof(ngx_http_proxy_loc_conf_t, upstream.cache_methods),
&ngx_http_upstream_cache_method_mask },
+ { ngx_string("proxy_cache_lock"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+ ngx_conf_set_flag_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_proxy_loc_conf_t, upstream.cache_lock),
+ NULL },
+
+ { ngx_string("proxy_cache_lock_timeout"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_msec_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_proxy_loc_conf_t, upstream.cache_lock_timeout),
+ NULL },
+
#endif
{ ngx_string("proxy_temp_path"),
@@ -433,6 +498,13 @@ static ngx_command_t ngx_http_proxy_commands[] = {
offsetof(ngx_http_proxy_loc_conf_t, upstream.ignore_headers),
&ngx_http_upstream_ignore_headers_masks },
+ { ngx_string("proxy_http_version"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_enum_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_proxy_loc_conf_t, http_version),
+ &ngx_http_proxy_http_version },
+
#if (NGX_HTTP_SSL)
{ ngx_string("proxy_ssl_session_reuse"),
@@ -480,6 +552,7 @@ ngx_module_t ngx_http_proxy_module = {
static char ngx_http_proxy_version[] = " HTTP/1.0" CRLF;
+static char ngx_http_proxy_version_11[] = " HTTP/1.1" CRLF;
static ngx_keyval_t ngx_http_proxy_headers[] = {
@@ -487,6 +560,7 @@ static ngx_keyval_t ngx_http_proxy_headers[] = {
{ ngx_string("Connection"), ngx_string("close") },
{ ngx_string("Keep-Alive"), ngx_string("") },
{ ngx_string("Expect"), ngx_string("") },
+ { ngx_string("Upgrade"), ngx_string("") },
{ ngx_null_string, ngx_null_string }
};
@@ -511,6 +585,7 @@ static ngx_keyval_t ngx_http_proxy_cache_headers[] = {
{ ngx_string("Connection"), ngx_string("close") },
{ ngx_string("Keep-Alive"), ngx_string("") },
{ ngx_string("Expect"), ngx_string("") },
+ { ngx_string("Upgrade"), ngx_string("") },
{ ngx_string("If-Modified-Since"), ngx_string("") },
{ ngx_string("If-Unmodified-Since"), ngx_string("") },
{ ngx_string("If-None-Match"), ngx_string("") },
@@ -604,6 +679,10 @@ ngx_http_proxy_handler(ngx_http_request_t *r)
u->rewrite_redirect = ngx_http_proxy_rewrite_redirect;
}
+ if (plcf->cookie_domains || plcf->cookie_paths) {
+ u->rewrite_cookie = ngx_http_proxy_rewrite_cookie;
+ }
+
u->buffering = plcf->upstream.buffering;
u->pipe = ngx_pcalloc(r->pool, sizeof(ngx_event_pipe_t));
@@ -611,7 +690,12 @@ ngx_http_proxy_handler(ngx_http_request_t *r)
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
- u->pipe->input_filter = ngx_event_pipe_copy_input_filter;
+ u->pipe->input_filter = ngx_http_proxy_copy_filter;
+ u->pipe->input_ctx = r;
+
+ u->input_filter_init = ngx_http_proxy_input_filter_init;
+ u->input_filter = ngx_http_proxy_non_buffered_copy_filter;
+ u->input_filter_ctx = r;
u->accel = 1;
@@ -701,9 +785,6 @@ ngx_http_proxy_eval(ngx_http_request_t *r, ngx_http_proxy_ctx_t *ctx,
url.uri.len++;
url.uri.data = p - 1;
}
-
- } else {
- url.uri = r->unparsed_uri;
}
ctx->vars.key_start = u->schema;
@@ -771,7 +852,7 @@ ngx_http_proxy_create_key(ngx_http_request_t *r)
return NGX_ERROR;
}
- if (plcf->proxy_lengths) {
+ if (plcf->proxy_lengths && ctx->vars.uri.len) {
*key = ctx->vars.uri;
u->uri = ctx->vars.uri;
@@ -867,15 +948,21 @@ ngx_http_proxy_create_request(ngx_http_request_t *r)
method.len++;
}
+ ctx = ngx_http_get_module_ctx(r, ngx_http_proxy_module);
+
+ if (method.len == 5
+ && ngx_strncasecmp(method.data, (u_char *) "HEAD ", 5) == 0)
+ {
+ ctx->head = 1;
+ }
+
len = method.len + sizeof(ngx_http_proxy_version) - 1 + sizeof(CRLF) - 1;
escape = 0;
loc_len = 0;
unparsed_uri = 0;
- ctx = ngx_http_get_module_ctx(r, ngx_http_proxy_module);
-
- if (plcf->proxy_lengths) {
+ if (plcf->proxy_lengths && ctx->vars.uri.len) {
uri_len = ctx->vars.uri.len;
} else if (ctx->vars.uri.len == 0 && r->valid_unparsed_uri && r == r->main)
@@ -981,7 +1068,7 @@ ngx_http_proxy_create_request(ngx_http_request_t *r)
u->uri.data = b->last;
- if (plcf->proxy_lengths) {
+ if (plcf->proxy_lengths && ctx->vars.uri.len) {
b->last = ngx_copy(b->last, ctx->vars.uri.data, ctx->vars.uri.len);
} else if (unparsed_uri) {
@@ -1010,8 +1097,14 @@ ngx_http_proxy_create_request(ngx_http_request_t *r)
u->uri.len = b->last - u->uri.data;
- b->last = ngx_cpymem(b->last, ngx_http_proxy_version,
- sizeof(ngx_http_proxy_version) - 1);
+ if (plcf->http_version == NGX_HTTP_VERSION_11) {
+ b->last = ngx_cpymem(b->last, ngx_http_proxy_version_11,
+ sizeof(ngx_http_proxy_version_11) - 1);
+
+ } else {
+ b->last = ngx_cpymem(b->last, ngx_http_proxy_version,
+ sizeof(ngx_http_proxy_version) - 1);
+ }
ngx_memzero(&e, sizeof(ngx_http_script_engine_t));
@@ -1159,8 +1252,11 @@ ngx_http_proxy_reinit_request(ngx_http_request_t *r)
ctx->status.count = 0;
ctx->status.start = NULL;
ctx->status.end = NULL;
+ ctx->state = 0;
r->upstream->process_header = ngx_http_proxy_process_status_line;
+ r->upstream->pipe->input_filter = ngx_http_proxy_copy_filter;
+ r->upstream->input_filter = ngx_http_proxy_non_buffered_copy_filter;
r->state = 0;
return NGX_OK;
@@ -1211,6 +1307,7 @@ ngx_http_proxy_process_status_line(ngx_http_request_t *r)
r->http_version = NGX_HTTP_VERSION_9;
u->state->status = NGX_HTTP_OK;
+ u->headers_in.connection_close = 1;
return NGX_OK;
}
@@ -1235,6 +1332,10 @@ ngx_http_proxy_process_status_line(ngx_http_request_t *r)
"http proxy status %ui \"%V\"",
u->headers_in.status_n, &u->headers_in.status_line);
+ if (ctx->status.http_version < NGX_HTTP_VERSION_11) {
+ u->headers_in.connection_close = 1;
+ }
+
u->process_header = ngx_http_proxy_process_header;
return ngx_http_proxy_process_header(r);
@@ -1246,6 +1347,8 @@ ngx_http_proxy_process_header(ngx_http_request_t *r)
{
ngx_int_t rc;
ngx_table_elt_t *h;
+ ngx_http_upstream_t *u;
+ ngx_http_proxy_ctx_t *ctx;
ngx_http_upstream_header_t *hh;
ngx_http_upstream_main_conf_t *umcf;
@@ -1343,6 +1446,30 @@ ngx_http_proxy_process_header(ngx_http_request_t *r)
h->lowcase_key = (u_char *) "date";
}
+ /* clear content length if response is chunked */
+
+ u = r->upstream;
+
+ if (u->headers_in.chunked) {
+ u->headers_in.content_length_n = -1;
+ }
+
+ /*
+ * set u->keepalive if response has no body; this allows to keep
+ * connections alive in case of r->header_only or X-Accel-Redirect
+ */
+
+ ctx = ngx_http_get_module_ctx(r, ngx_http_proxy_module);
+
+ if (u->headers_in.status_n == NGX_HTTP_NO_CONTENT
+ || u->headers_in.status_n == NGX_HTTP_NOT_MODIFIED
+ || ctx->head
+ || (!u->headers_in.chunked
+ && u->headers_in.content_length_n == 0))
+ {
+ u->keepalive = !u->headers_in.connection_close;
+ }
+
return NGX_OK;
}
@@ -1360,6 +1487,709 @@ ngx_http_proxy_process_header(ngx_http_request_t *r)
}
+static ngx_int_t
+ngx_http_proxy_input_filter_init(void *data)
+{
+ ngx_http_request_t *r = data;
+ ngx_http_upstream_t *u;
+ ngx_http_proxy_ctx_t *ctx;
+
+ u = r->upstream;
+ ctx = ngx_http_get_module_ctx(r, ngx_http_proxy_module);
+
+ if (ctx == NULL) {
+ return NGX_ERROR;
+ }
+
+ ngx_log_debug4(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+ "http proxy filter init s:%d h:%d c:%d l:%O",
+ u->headers_in.status_n, ctx->head, u->headers_in.chunked,
+ u->headers_in.content_length_n);
+
+ /* as per RFC2616, 4.4 Message Length */
+
+ if (u->headers_in.status_n == NGX_HTTP_NO_CONTENT
+ || u->headers_in.status_n == NGX_HTTP_NOT_MODIFIED
+ || ctx->head)
+ {
+ /* 1xx, 204, and 304 and replies to HEAD requests */
+ /* no 1xx since we don't send Expect and Upgrade */
+
+ u->pipe->length = 0;
+ u->length = 0;
+ u->keepalive = !u->headers_in.connection_close;
+
+ } else if (u->headers_in.chunked) {
+ /* chunked */
+
+ u->pipe->input_filter = ngx_http_proxy_chunked_filter;
+ u->pipe->length = 3; /* "0" LF LF */
+
+ u->input_filter = ngx_http_proxy_non_buffered_chunked_filter;
+ u->length = -1;
+
+ } else if (u->headers_in.content_length_n == 0) {
+ /* empty body: special case as filter won't be called */
+
+ u->pipe->length = 0;
+ u->length = 0;
+ u->keepalive = !u->headers_in.connection_close;
+
+ } else {
+ /* content length or connection close */
+
+ u->pipe->length = u->headers_in.content_length_n;
+ u->length = u->headers_in.content_length_n;
+ }
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_http_proxy_copy_filter(ngx_event_pipe_t *p, ngx_buf_t *buf)
+{
+ ngx_buf_t *b;
+ ngx_chain_t *cl;
+ ngx_http_request_t *r;
+
+ if (buf->pos == buf->last) {
+ return NGX_OK;
+ }
+
+ if (p->free) {
+ cl = p->free;
+ b = cl->buf;
+ p->free = cl->next;
+ ngx_free_chain(p->pool, cl);
+
+ } else {
+ b = ngx_alloc_buf(p->pool);
+ if (b == NULL) {
+ return NGX_ERROR;
+ }
+ }
+
+ ngx_memcpy(b, buf, sizeof(ngx_buf_t));
+ b->shadow = buf;
+ b->tag = p->tag;
+ b->last_shadow = 1;
+ b->recycled = 1;
+ buf->shadow = b;
+
+ cl = ngx_alloc_chain_link(p->pool);
+ if (cl == NULL) {
+ return NGX_ERROR;
+ }
+
+ cl->buf = b;
+ cl->next = NULL;
+
+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, p->log, 0, "input buf #%d", b->num);
+
+ if (p->in) {
+ *p->last_in = cl;
+ } else {
+ p->in = cl;
+ }
+ p->last_in = &cl->next;
+
+ if (p->length == -1) {
+ return NGX_OK;
+ }
+
+ p->length -= b->last - b->pos;
+
+ if (p->length == 0) {
+ r = p->input_ctx;
+ p->upstream_done = 1;
+ r->upstream->keepalive = !r->upstream->headers_in.connection_close;
+
+ } else if (p->length < 0) {
+ r = p->input_ctx;
+ p->upstream_done = 1;
+
+ ngx_log_error(NGX_LOG_WARN, r->connection->log, 0,
+ "upstream sent too much data");
+ }
+
+ return NGX_OK;
+}
+
+
+static ngx_inline ngx_int_t
+ngx_http_proxy_parse_chunked(ngx_http_request_t *r, ngx_buf_t *buf)
+{
+ u_char *pos, ch, c;
+ ngx_int_t rc;
+ ngx_http_proxy_ctx_t *ctx;
+ enum {
+ sw_chunk_start = 0,
+ sw_chunk_size,
+ sw_chunk_extension,
+ sw_chunk_extension_almost_done,
+ sw_chunk_data,
+ sw_after_data,
+ sw_after_data_almost_done,
+ sw_last_chunk_extension,
+ sw_last_chunk_extension_almost_done,
+ sw_trailer,
+ sw_trailer_almost_done,
+ sw_trailer_header,
+ sw_trailer_header_almost_done
+ } state;
+
+ ctx = ngx_http_get_module_ctx(r, ngx_http_proxy_module);
+
+ if (ctx == NULL) {
+ return NGX_ERROR;
+ }
+
+ state = ctx->state;
+
+ if (state == sw_chunk_data && ctx->size == 0) {
+ state = sw_after_data;
+ }
+
+ rc = NGX_AGAIN;
+
+ for (pos = buf->pos; pos < buf->last; pos++) {
+
+ ch = *pos;
+
+ ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+ "http proxy chunked byte: %02Xd s:%d", ch, state);
+
+ switch (state) {
+
+ case sw_chunk_start:
+ if (ch >= '0' && ch <= '9') {
+ state = sw_chunk_size;
+ ctx->size = ch - '0';
+ break;
+ }
+
+ c = (u_char) (ch | 0x20);
+
+ if (c >= 'a' && c <= 'f') {
+ state = sw_chunk_size;
+ ctx->size = c - 'a' + 10;
+ break;
+ }
+
+ goto invalid;
+
+ case sw_chunk_size:
+ if (ch >= '0' && ch <= '9') {
+ ctx->size = ctx->size * 16 + (ch - '0');
+ break;
+ }
+
+ c = (u_char) (ch | 0x20);
+
+ if (c >= 'a' && c <= 'f') {
+ ctx->size = ctx->size * 16 + (c - 'a' + 10);
+ break;
+ }
+
+ if (ctx->size == 0) {
+
+ switch (ch) {
+ case CR:
+ state = sw_last_chunk_extension_almost_done;
+ break;
+ case LF:
+ state = sw_trailer;
+ break;
+ case ';':
+ case ' ':
+ case '\t':
+ state = sw_last_chunk_extension;
+ break;
+ default:
+ goto invalid;
+ }
+
+ break;
+ }
+
+ switch (ch) {
+ case CR:
+ state = sw_chunk_extension_almost_done;
+ break;
+ case LF:
+ state = sw_chunk_data;
+ break;
+ case ';':
+ case ' ':
+ case '\t':
+ state = sw_chunk_extension;
+ break;
+ default:
+ goto invalid;
+ }
+
+ break;
+
+ case sw_chunk_extension:
+ switch (ch) {
+ case CR:
+ state = sw_chunk_extension_almost_done;
+ break;
+ case LF:
+ state = sw_chunk_data;
+ }
+ break;
+
+ case sw_chunk_extension_almost_done:
+ if (ch == LF) {
+ state = sw_chunk_data;
+ break;
+ }
+ goto invalid;
+
+ case sw_chunk_data:
+ rc = NGX_OK;
+ goto data;
+
+ case sw_after_data:
+ switch (ch) {
+ case CR:
+ state = sw_after_data_almost_done;
+ break;
+ case LF:
+ state = sw_chunk_start;
+ }
+ break;
+
+ case sw_after_data_almost_done:
+ if (ch == LF) {
+ state = sw_chunk_start;
+ break;
+ }
+ goto invalid;
+
+ case sw_last_chunk_extension:
+ switch (ch) {
+ case CR:
+ state = sw_last_chunk_extension_almost_done;
+ break;
+ case LF:
+ state = sw_trailer;
+ }
+ break;
+
+ case sw_last_chunk_extension_almost_done:
+ if (ch == LF) {
+ state = sw_trailer;
+ break;
+ }
+ goto invalid;
+
+ case sw_trailer:
+ switch (ch) {
+ case CR:
+ state = sw_trailer_almost_done;
+ break;
+ case LF:
+ goto done;
+ default:
+ state = sw_trailer_header;
+ }
+ break;
+
+ case sw_trailer_almost_done:
+ if (ch == LF) {
+ goto done;
+ }
+ goto invalid;
+
+ case sw_trailer_header:
+ switch (ch) {
+ case CR:
+ state = sw_trailer_header_almost_done;
+ break;
+ case LF:
+ state = sw_trailer;
+ }
+ break;
+
+ case sw_trailer_header_almost_done:
+ if (ch == LF) {
+ state = sw_trailer;
+ break;
+ }
+ goto invalid;
+
+ }
+ }
+
+data:
+
+ ctx->state = state;
+ buf->pos = pos;
+
+ switch (state) {
+
+ case sw_chunk_start:
+ ctx->length = 3 /* "0" LF LF */;
+ break;
+ case sw_chunk_size:
+ ctx->length = 2 /* LF LF */
+ + (ctx->size ? ctx->size + 4 /* LF "0" LF LF */ : 0);
+ break;
+ case sw_chunk_extension:
+ case sw_chunk_extension_almost_done:
+ ctx->length = 1 /* LF */ + ctx->size + 4 /* LF "0" LF LF */;
+ break;
+ case sw_chunk_data:
+ ctx->length = ctx->size + 4 /* LF "0" LF LF */;
+ break;
+ case sw_after_data:
+ case sw_after_data_almost_done:
+ ctx->length = 4 /* LF "0" LF LF */;
+ break;
+ case sw_last_chunk_extension:
+ case sw_last_chunk_extension_almost_done:
+ ctx->length = 2 /* LF LF */;
+ break;
+ case sw_trailer:
+ case sw_trailer_almost_done:
+ ctx->length = 1 /* LF */;
+ break;
+ case sw_trailer_header:
+ case sw_trailer_header_almost_done:
+ ctx->length = 2 /* LF LF */;
+ break;
+
+ }
+
+ return rc;
+
+done:
+
+ return NGX_DONE;
+
+invalid:
+
+ return NGX_ERROR;
+}
+
+
+static ngx_int_t
+ngx_http_proxy_chunked_filter(ngx_event_pipe_t *p, ngx_buf_t *buf)
+{
+ ngx_int_t rc;
+ ngx_buf_t *b, **prev;
+ ngx_chain_t *cl;
+ ngx_http_request_t *r;
+ ngx_http_proxy_ctx_t *ctx;
+
+ if (buf->pos == buf->last) {
+ return NGX_OK;
+ }
+
+ r = p->input_ctx;
+ ctx = ngx_http_get_module_ctx(r, ngx_http_proxy_module);
+
+ if (ctx == NULL) {
+ return NGX_ERROR;
+ }
+
+ b = NULL;
+ prev = &buf->shadow;
+
+ for ( ;; ) {
+
+ rc = ngx_http_proxy_parse_chunked(r, buf);
+
+ if (rc == NGX_OK) {
+
+ /* a chunk has been parsed successfully */
+
+ if (p->free) {
+ cl = p->free;
+ b = cl->buf;
+ p->free = cl->next;
+ ngx_free_chain(p->pool, cl);
+
+ } else {
+ b = ngx_alloc_buf(p->pool);
+ if (b == NULL) {
+ return NGX_ERROR;
+ }
+ }
+
+ ngx_memzero(b, sizeof(ngx_buf_t));
+
+ b->pos = buf->pos;
+ b->start = buf->start;
+ b->end = buf->end;
+ b->tag = p->tag;
+ b->temporary = 1;
+ b->recycled = 1;
+
+ *prev = b;
+ prev = &b->shadow;
+
+ cl = ngx_alloc_chain_link(p->pool);
+ if (cl == NULL) {
+ return NGX_ERROR;
+ }
+
+ cl->buf = b;
+ cl->next = NULL;
+
+ if (p->in) {
+ *p->last_in = cl;
+ } else {
+ p->in = cl;
+ }
+ p->last_in = &cl->next;
+
+ /* STUB */ b->num = buf->num;
+
+ ngx_log_debug2(NGX_LOG_DEBUG_EVENT, p->log, 0,
+ "input buf #%d %p", b->num, b->pos);
+
+ if (buf->last - buf->pos >= ctx->size) {
+
+ buf->pos += ctx->size;
+ b->last = buf->pos;
+ ctx->size = 0;
+
+ continue;
+ }
+
+ ctx->size -= buf->last - buf->pos;
+ buf->pos = buf->last;
+ b->last = buf->last;
+
+ continue;
+ }
+
+ if (rc == NGX_DONE) {
+
+ /* a whole response has been parsed successfully */
+
+ p->upstream_done = 1;
+ r->upstream->keepalive = !r->upstream->headers_in.connection_close;
+
+ break;
+ }
+
+ if (rc == NGX_AGAIN) {
+
+ /* set p->length, minimal amount of data we want to see */
+
+ p->length = ctx->length;
+
+ break;
+ }
+
+ /* invalid response */
+
+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+ "upstream sent invalid chunked response");
+
+ return NGX_ERROR;
+ }
+
+ ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+ "http proxy chunked state %d, length %d",
+ ctx->state, p->length);
+
+ if (b) {
+ b->shadow = buf;
+ b->last_shadow = 1;
+
+ ngx_log_debug2(NGX_LOG_DEBUG_EVENT, p->log, 0,
+ "input buf %p %z", b->pos, b->last - b->pos);
+
+ return NGX_OK;
+ }
+
+ /* there is no data record in the buf, add it to free chain */
+
+ if (ngx_event_pipe_add_free_buf(p, buf) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_http_proxy_non_buffered_copy_filter(void *data, ssize_t bytes)
+{
+ ngx_http_request_t *r = data;
+
+ ngx_buf_t *b;
+ ngx_chain_t *cl, **ll;
+ ngx_http_upstream_t *u;
+
+ u = r->upstream;
+
+ for (cl = u->out_bufs, ll = &u->out_bufs; cl; cl = cl->next) {
+ ll = &cl->next;
+ }
+
+ cl = ngx_chain_get_free_buf(r->pool, &u->free_bufs);
+ if (cl == NULL) {
+ return NGX_ERROR;
+ }
+
+ *ll = cl;
+
+ cl->buf->flush = 1;
+ cl->buf->memory = 1;
+
+ b = &u->buffer;
+
+ cl->buf->pos = b->last;
+ b->last += bytes;
+ cl->buf->last = b->last;
+ cl->buf->tag = u->output.tag;
+
+ if (u->length == -1) {
+ return NGX_OK;
+ }
+
+ u->length -= bytes;
+
+ if (u->length == 0) {
+ u->keepalive = !u->headers_in.connection_close;
+ }
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_http_proxy_non_buffered_chunked_filter(void *data, ssize_t bytes)
+{
+ ngx_http_request_t *r = data;
+
+ ngx_int_t rc;
+ ngx_buf_t *b, *buf;
+ ngx_chain_t *cl, **ll;
+ ngx_http_upstream_t *u;
+ ngx_http_proxy_ctx_t *ctx;
+
+ ctx = ngx_http_get_module_ctx(r, ngx_http_proxy_module);
+
+ if (ctx == NULL) {
+ return NGX_ERROR;
+ }
+
+ u = r->upstream;
+ buf = &u->buffer;
+
+ buf->pos = buf->last;
+ buf->last += bytes;
+
+ for (cl = u->out_bufs, ll = &u->out_bufs; cl; cl = cl->next) {
+ ll = &cl->next;
+ }
+
+ for ( ;; ) {
+
+ rc = ngx_http_proxy_parse_chunked(r, buf);
+
+ if (rc == NGX_OK) {
+
+ /* a chunk has been parsed successfully */
+
+ cl = ngx_chain_get_free_buf(r->pool, &u->free_bufs);
+ if (cl == NULL) {
+ return NGX_ERROR;
+ }
+
+ *ll = cl;
+ ll = &cl->next;
+
+ b = cl->buf;
+
+ b->flush = 1;
+ b->memory = 1;
+
+ b->pos = buf->pos;
+ b->tag = u->output.tag;
+
+ if (buf->last - buf->pos >= ctx->size) {
+ buf->pos += ctx->size;
+ b->last = buf->pos;
+ ctx->size = 0;
+
+ } else {
+ ctx->size -= buf->last - buf->pos;
+ buf->pos = buf->last;
+ b->last = buf->last;
+ }
+
+ ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+ "http proxy out buf %p %z",
+ b->pos, b->last - b->pos);
+
+ continue;
+ }
+
+ if (rc == NGX_DONE) {
+
+ /* a whole response has been parsed successfully */
+
+ u->keepalive = !u->headers_in.connection_close;
+ u->length = 0;
+
+ break;
+ }
+
+ if (rc == NGX_AGAIN) {
+ break;
+ }
+
+ /* invalid response */
+
+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+ "upstream sent invalid chunked response");
+
+ return NGX_ERROR;
+ }
+
+ /* provide continuous buffer for subrequests in memory */
+
+ if (r->subrequest_in_memory) {
+
+ cl = u->out_bufs;
+
+ if (cl) {
+ buf->pos = cl->buf->pos;
+ }
+
+ buf->last = buf->pos;
+
+ for (cl = u->out_bufs; cl; cl = cl->next) {
+ ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+ "http proxy in memory %p-%p %uz",
+ cl->buf->pos, cl->buf->last, ngx_buf_size(cl->buf));
+
+ if (buf->last == cl->buf->pos) {
+ buf->last = cl->buf->last;
+ continue;
+ }
+
+ buf->last = ngx_movemem(buf->last, cl->buf->pos,
+ cl->buf->last - cl->buf->pos);
+
+ cl->buf->pos = buf->last - (cl->buf->last - cl->buf->pos);
+ cl->buf->last = buf->last;
+ }
+ }
+
+ return NGX_OK;
+}
+
+
static void
ngx_http_proxy_abort_request(ngx_http_request_t *r)
{
@@ -1496,10 +2326,11 @@ static ngx_int_t
ngx_http_proxy_rewrite_redirect(ngx_http_request_t *r, ngx_table_elt_t *h,
size_t prefix)
{
+ size_t len;
ngx_int_t rc;
ngx_uint_t i;
+ ngx_http_proxy_rewrite_t *pr;
ngx_http_proxy_loc_conf_t *plcf;
- ngx_http_proxy_redirect_t *pr;
plcf = ngx_http_get_module_loc_conf(r, ngx_http_proxy_module);
@@ -1509,8 +2340,10 @@ ngx_http_proxy_rewrite_redirect(ngx_http_request_t *r, ngx_table_elt_t *h,
return NGX_DECLINED;
}
+ len = h->value.len - prefix;
+
for (i = 0; i < plcf->redirects->nelts; i++) {
- rc = pr[i].handler(r, h, prefix, &pr[i]);
+ rc = pr[i].handler(r, h, prefix, len, &pr[i]);
if (rc != NGX_DECLINED) {
return rc;
@@ -1522,91 +2355,209 @@ ngx_http_proxy_rewrite_redirect(ngx_http_request_t *r, ngx_table_elt_t *h,
static ngx_int_t
-ngx_http_proxy_rewrite_redirect_text(ngx_http_request_t *r, ngx_table_elt_t *h,
- size_t prefix, ngx_http_proxy_redirect_t *pr)
+ngx_http_proxy_rewrite_cookie(ngx_http_request_t *r, ngx_table_elt_t *h)
{
- size_t len;
- u_char *data, *p;
+ size_t prefix;
+ u_char *p;
+ ngx_int_t rc, rv;
+ ngx_http_proxy_loc_conf_t *plcf;
- if (pr->redirect.len > h->value.len - prefix
- || ngx_rstrncmp(h->value.data + prefix, pr->redirect.data,
- pr->redirect.len) != 0)
- {
+ p = (u_char *) ngx_strchr(h->value.data, ';');
+ if (p == NULL) {
return NGX_DECLINED;
}
- len = pr->replacement.text.len + h->value.len - pr->redirect.len;
+ prefix = p + 1 - h->value.data;
- data = ngx_pnalloc(r->pool, len);
- if (data == NULL) {
- return NGX_ERROR;
+ rv = NGX_DECLINED;
+
+ plcf = ngx_http_get_module_loc_conf(r, ngx_http_proxy_module);
+
+ if (plcf->cookie_domains) {
+ p = ngx_strcasestrn(h->value.data + prefix, "domain=", 7 - 1);
+
+ if (p) {
+ rc = ngx_http_proxy_rewrite_cookie_value(r, h, p + 7,
+ plcf->cookie_domains);
+ if (rc == NGX_ERROR) {
+ return NGX_ERROR;
+ }
+
+ if (rc != NGX_DECLINED) {
+ rv = rc;
+ }
+ }
}
- p = ngx_copy(data, h->value.data, prefix);
+ if (plcf->cookie_paths) {
+ p = ngx_strcasestrn(h->value.data + prefix, "path=", 5 - 1);
+
+ if (p) {
+ rc = ngx_http_proxy_rewrite_cookie_value(r, h, p + 5,
+ plcf->cookie_paths);
+ if (rc == NGX_ERROR) {
+ return NGX_ERROR;
+ }
- if (pr->replacement.text.len) {
- p = ngx_copy(p, pr->replacement.text.data, pr->replacement.text.len);
+ if (rc != NGX_DECLINED) {
+ rv = rc;
+ }
+ }
}
- ngx_memcpy(p, h->value.data + prefix + pr->redirect.len,
- h->value.len - pr->redirect.len - prefix);
+ return rv;
+}
- h->value.len = len;
- h->value.data = data;
- return NGX_OK;
+static ngx_int_t
+ngx_http_proxy_rewrite_cookie_value(ngx_http_request_t *r, ngx_table_elt_t *h,
+ u_char *value, ngx_array_t *rewrites)
+{
+ size_t len, prefix;
+ u_char *p;
+ ngx_int_t rc;
+ ngx_uint_t i;
+ ngx_http_proxy_rewrite_t *pr;
+
+ prefix = value - h->value.data;
+
+ p = (u_char *) ngx_strchr(value, ';');
+
+ len = p ? (size_t) (p - value) : (h->value.len - prefix);
+
+ pr = rewrites->elts;
+
+ for (i = 0; i < rewrites->nelts; i++) {
+ rc = pr[i].handler(r, h, prefix, len, &pr[i]);
+
+ if (rc != NGX_DECLINED) {
+ return rc;
+ }
+ }
+
+ return NGX_DECLINED;
}
static ngx_int_t
-ngx_http_proxy_rewrite_redirect_vars(ngx_http_request_t *r, ngx_table_elt_t *h,
- size_t prefix, ngx_http_proxy_redirect_t *pr)
+ngx_http_proxy_rewrite_complex_handler(ngx_http_request_t *r,
+ ngx_table_elt_t *h, size_t prefix, size_t len, ngx_http_proxy_rewrite_t *pr)
{
- size_t len;
- u_char *data, *p;
- ngx_http_script_code_pt code;
- ngx_http_script_engine_t e;
- ngx_http_script_len_code_pt lcode;
+ ngx_str_t pattern, replacement;
- if (pr->redirect.len > h->value.len - prefix
- || ngx_rstrncmp(h->value.data + prefix, pr->redirect.data,
- pr->redirect.len) != 0)
+ if (ngx_http_complex_value(r, &pr->pattern.complex, &pattern) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ if (pattern.len > len
+ || ngx_rstrncmp(h->value.data + prefix, pattern.data,
+ pattern.len) != 0)
{
return NGX_DECLINED;
}
- ngx_memzero(&e, sizeof(ngx_http_script_engine_t));
+ if (ngx_http_complex_value(r, &pr->replacement, &replacement) != NGX_OK) {
+ return NGX_ERROR;
+ }
- e.ip = pr->replacement.vars.lengths;
- e.request = r;
+ return ngx_http_proxy_rewrite(r, h, prefix, pattern.len, &replacement);
+}
+
+
+#if (NGX_PCRE)
+
+static ngx_int_t
+ngx_http_proxy_rewrite_regex_handler(ngx_http_request_t *r, ngx_table_elt_t *h,
+ size_t prefix, size_t len, ngx_http_proxy_rewrite_t *pr)
+{
+ ngx_str_t pattern, replacement;
+
+ pattern.len = len;
+ pattern.data = h->value.data + prefix;
- len = h->value.len - pr->redirect.len;
+ if (ngx_http_regex_exec(r, pr->pattern.regex, &pattern) != NGX_OK) {
+ return NGX_DECLINED;
+ }
+
+ if (ngx_http_complex_value(r, &pr->replacement, &replacement) != NGX_OK) {
+ return NGX_ERROR;
+ }
- while (*(uintptr_t *) e.ip) {
- lcode = *(ngx_http_script_len_code_pt *) e.ip;
- len += lcode(&e);
+ if (prefix == 0 && h->value.len == len) {
+ h->value = replacement;
+ return NGX_OK;
}
- data = ngx_pnalloc(r->pool, len);
- if (data == NULL) {
+ return ngx_http_proxy_rewrite(r, h, prefix, len, &replacement);
+}
+
+#endif
+
+
+static ngx_int_t
+ngx_http_proxy_rewrite_domain_handler(ngx_http_request_t *r,
+ ngx_table_elt_t *h, size_t prefix, size_t len, ngx_http_proxy_rewrite_t *pr)
+{
+ u_char *p;
+ ngx_str_t pattern, replacement;
+
+ if (ngx_http_complex_value(r, &pr->pattern.complex, &pattern) != NGX_OK) {
return NGX_ERROR;
}
- p = ngx_copy(data, h->value.data, prefix);
+ p = h->value.data + prefix;
+
+ if (p[0] == '.') {
+ p++;
+ prefix++;
+ len--;
+ }
- e.ip = pr->replacement.vars.values;
- e.pos = p;
+ if (pattern.len != len || ngx_rstrncasecmp(pattern.data, p, len) != 0) {
+ return NGX_DECLINED;
+ }
- while (*(uintptr_t *) e.ip) {
- code = *(ngx_http_script_code_pt *) e.ip;
- code(&e);
+ if (ngx_http_complex_value(r, &pr->replacement, &replacement) != NGX_OK) {
+ return NGX_ERROR;
}
- ngx_memcpy(e.pos, h->value.data + prefix + pr->redirect.len,
- h->value.len - pr->redirect.len - prefix);
+ return ngx_http_proxy_rewrite(r, h, prefix, len, &replacement);
+}
+
+
+static ngx_int_t
+ngx_http_proxy_rewrite(ngx_http_request_t *r, ngx_table_elt_t *h, size_t prefix,
+ size_t len, ngx_str_t *replacement)
+{
+ u_char *p, *data;
+ size_t new_len;
+
+ new_len = replacement->len + h->value.len - len;
+
+ if (replacement->len > len) {
+
+ data = ngx_pnalloc(r->pool, new_len);
+ if (data == NULL) {
+ return NGX_ERROR;
+ }
+
+ p = ngx_copy(data, h->value.data, prefix);
+ p = ngx_copy(p, replacement->data, replacement->len);
+
+ ngx_memcpy(p, h->value.data + prefix + len,
+ h->value.len - len - prefix);
+
+ h->value.data = data;
+
+ } else {
+ p = ngx_copy(h->value.data + prefix, replacement->data,
+ replacement->len);
+
+ ngx_memmove(p, h->value.data + prefix + len,
+ h->value.len - len - prefix);
+ }
- h->value.len = len;
- h->value.data = data;
+ h->value.len = new_len;
return NGX_OK;
}
@@ -1692,6 +2643,8 @@ ngx_http_proxy_create_loc_conf(ngx_conf_t *cf)
conf->upstream.cache_bypass = NGX_CONF_UNSET_PTR;
conf->upstream.no_cache = NGX_CONF_UNSET_PTR;
conf->upstream.cache_valid = NGX_CONF_UNSET_PTR;
+ conf->upstream.cache_lock = NGX_CONF_UNSET;
+ conf->upstream.cache_lock_timeout = NGX_CONF_UNSET_MSEC;
#endif
conf->upstream.hide_headers = NGX_CONF_UNSET_PTR;
@@ -1708,6 +2661,11 @@ ngx_http_proxy_create_loc_conf(ngx_conf_t *cf)
conf->redirect = NGX_CONF_UNSET;
conf->upstream.change_buffering = 1;
+ conf->cookie_domains = NGX_CONF_UNSET_PTR;
+ conf->cookie_paths = NGX_CONF_UNSET_PTR;
+
+ conf->http_version = NGX_CONF_UNSET_UINT;
+
conf->headers_hash_max_size = NGX_CONF_UNSET_UINT;
conf->headers_hash_bucket_size = NGX_CONF_UNSET_UINT;
@@ -1727,7 +2685,7 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
size_t size;
ngx_hash_init_t hash;
ngx_http_core_loc_conf_t *clcf;
- ngx_http_proxy_redirect_t *pr;
+ ngx_http_proxy_rewrite_t *pr;
ngx_http_script_compile_t sc;
if (conf->upstream.store != 0) {
@@ -1794,8 +2752,8 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
if (conf->upstream.busy_buffers_size < size) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "\"proxy_busy_buffers_size\" must be equal or bigger than "
- "maximum of the value of \"proxy_buffer_size\" and "
+ "\"proxy_busy_buffers_size\" must be equal to or greater than "
+ "the maximum of the value of \"proxy_buffer_size\" and "
"one of the \"proxy_buffers\"");
return NGX_CONF_ERROR;
@@ -1825,8 +2783,8 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
if (conf->upstream.temp_file_write_size < size) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "\"proxy_temp_file_write_size\" must be equal or bigger than "
- "maximum of the value of \"proxy_buffer_size\" and "
+ "\"proxy_temp_file_write_size\" must be equal to or greater "
+ "than the maximum of the value of \"proxy_buffer_size\" and "
"one of the \"proxy_buffers\"");
return NGX_CONF_ERROR;
@@ -1848,8 +2806,8 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
{
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"\"proxy_max_temp_file_size\" must be equal to zero to disable "
- "the temporary files usage or must be equal or bigger than "
- "maximum of the value of \"proxy_buffer_size\" and "
+ "temporary files usage or must be equal to or greater than "
+ "the maximum of the value of \"proxy_buffer_size\" and "
"one of the \"proxy_buffers\"");
return NGX_CONF_ERROR;
@@ -1940,6 +2898,12 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
conf->cache_key = prev->cache_key;
}
+ ngx_conf_merge_value(conf->upstream.cache_lock,
+ prev->upstream.cache_lock, 0);
+
+ ngx_conf_merge_msec_value(conf->upstream.cache_lock_timeout,
+ prev->upstream.cache_lock_timeout, 5000);
+
#endif
if (conf->method.len == 0) {
@@ -1974,7 +2938,7 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
if (conf->redirects == NULL && conf->url.data) {
conf->redirects = ngx_array_create(cf->pool, 1,
- sizeof(ngx_http_proxy_redirect_t));
+ sizeof(ngx_http_proxy_rewrite_t));
if (conf->redirects == NULL) {
return NGX_CONF_ERROR;
}
@@ -1984,36 +2948,49 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
return NGX_CONF_ERROR;
}
- pr->handler = ngx_http_proxy_rewrite_redirect_text;
+ ngx_memzero(&pr->pattern.complex,
+ sizeof(ngx_http_complex_value_t));
+
+ ngx_memzero(&pr->replacement, sizeof(ngx_http_complex_value_t));
+
+ pr->handler = ngx_http_proxy_rewrite_complex_handler;
if (conf->vars.uri.len) {
- pr->redirect = conf->url;
- pr->replacement.text = conf->location;
+ pr->pattern.complex.value = conf->url;
+ pr->replacement.value = conf->location;
} else {
- pr->redirect.len = conf->url.len + sizeof("/") - 1;
+ pr->pattern.complex.value.len = conf->url.len
+ + sizeof("/") - 1;
- p = ngx_pnalloc(cf->pool, pr->redirect.len);
+ p = ngx_pnalloc(cf->pool, pr->pattern.complex.value.len);
if (p == NULL) {
return NGX_CONF_ERROR;
}
- pr->redirect.data = p;
+ pr->pattern.complex.value.data = p;
p = ngx_cpymem(p, conf->url.data, conf->url.len);
*p = '/';
- ngx_str_set(&pr->replacement.text, "/");
+ ngx_str_set(&pr->replacement.value, "/");
}
}
}
+ ngx_conf_merge_ptr_value(conf->cookie_domains, prev->cookie_domains, NULL);
+
+ ngx_conf_merge_ptr_value(conf->cookie_paths, prev->cookie_paths, NULL);
+
#if (NGX_HTTP_SSL)
if (conf->upstream.ssl == NULL) {
conf->upstream.ssl = prev->upstream.ssl;
}
#endif
+ ngx_conf_merge_uint_value(conf->http_version, prev->http_version,
+ NGX_HTTP_VERSION_10);
+
ngx_conf_merge_uint_value(conf->headers_hash_max_size,
prev->headers_hash_max_size, 512);
@@ -2466,11 +3443,11 @@ ngx_http_proxy_pass(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
if (plcf->vars.uri.len) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "\"proxy_pass\" may not have URI part in "
+ "\"proxy_pass\" cannot have URI part in "
"location given by regular expression, "
"or inside named location, "
- "or inside the \"if\" statement, "
- "or inside the \"limit_except\" block");
+ "or inside \"if\" statement, "
+ "or inside \"limit_except\" block");
return NGX_CONF_ERROR;
}
@@ -2488,11 +3465,10 @@ ngx_http_proxy_redirect(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_http_proxy_loc_conf_t *plcf = conf;
- u_char *p;
- ngx_str_t *value;
- ngx_array_t *vars_lengths, *vars_values;
- ngx_http_script_compile_t sc;
- ngx_http_proxy_redirect_t *pr;
+ u_char *p;
+ ngx_str_t *value;
+ ngx_http_proxy_rewrite_t *pr;
+ ngx_http_compile_complex_value_t ccv;
if (plcf->redirect == 0) {
return NGX_CONF_OK;
@@ -2526,7 +3502,7 @@ ngx_http_proxy_redirect(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
if (plcf->redirects == NULL) {
plcf->redirects = ngx_array_create(cf->pool, 1,
- sizeof(ngx_http_proxy_redirect_t));
+ sizeof(ngx_http_proxy_rewrite_t));
if (plcf->redirects == NULL) {
return NGX_CONF_ERROR;
}
@@ -2540,76 +3516,307 @@ ngx_http_proxy_redirect(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
if (ngx_strcmp(value[1].data, "default") == 0) {
if (plcf->proxy_lengths) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "\"proxy_redirect default\" may not be used "
+ "\"proxy_redirect default\" cannot be used "
"with \"proxy_pass\" directive with variables");
return NGX_CONF_ERROR;
}
if (plcf->url.data == NULL) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "\"proxy_redirect default\" must go "
+ "\"proxy_redirect default\" should be placed "
"after the \"proxy_pass\" directive");
return NGX_CONF_ERROR;
}
- pr->handler = ngx_http_proxy_rewrite_redirect_text;
+ pr->handler = ngx_http_proxy_rewrite_complex_handler;
+
+ ngx_memzero(&pr->pattern.complex, sizeof(ngx_http_complex_value_t));
+
+ ngx_memzero(&pr->replacement, sizeof(ngx_http_complex_value_t));
if (plcf->vars.uri.len) {
- pr->redirect = plcf->url;
- pr->replacement.text = plcf->location;
+ pr->pattern.complex.value = plcf->url;
+ pr->replacement.value = plcf->location;
} else {
- pr->redirect.len = plcf->url.len + sizeof("/") - 1;
+ pr->pattern.complex.value.len = plcf->url.len + sizeof("/") - 1;
- p = ngx_pnalloc(cf->pool, pr->redirect.len);
+ p = ngx_pnalloc(cf->pool, pr->pattern.complex.value.len);
if (p == NULL) {
return NGX_CONF_ERROR;
}
- pr->redirect.data = p;
+ pr->pattern.complex.value.data = p;
p = ngx_cpymem(p, plcf->url.data, plcf->url.len);
*p = '/';
- ngx_str_set(&pr->replacement.text, "/");
+ ngx_str_set(&pr->replacement.value, "/");
+ }
+
+ return NGX_CONF_OK;
+ }
+
+
+ if (value[1].data[0] == '~') {
+ value[1].len--;
+ value[1].data++;
+
+ if (value[1].data[0] == '*') {
+ value[1].len--;
+ value[1].data++;
+
+ if (ngx_http_proxy_rewrite_regex(cf, pr, &value[1], 1) != NGX_OK) {
+ return NGX_CONF_ERROR;
+ }
+
+ } else {
+ if (ngx_http_proxy_rewrite_regex(cf, pr, &value[1], 0) != NGX_OK) {
+ return NGX_CONF_ERROR;
+ }
}
+ } else {
+
+ ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t));
+
+ ccv.cf = cf;
+ ccv.value = &value[1];
+ ccv.complex_value = &pr->pattern.complex;
+
+ if (ngx_http_compile_complex_value(&ccv) != NGX_OK) {
+ return NGX_CONF_ERROR;
+ }
+
+ pr->handler = ngx_http_proxy_rewrite_complex_handler;
+ }
+
+
+ ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t));
+
+ ccv.cf = cf;
+ ccv.value = &value[2];
+ ccv.complex_value = &pr->replacement;
+
+ if (ngx_http_compile_complex_value(&ccv) != NGX_OK) {
+ return NGX_CONF_ERROR;
+ }
+
+ return NGX_CONF_OK;
+}
+
+
+static char *
+ngx_http_proxy_cookie_domain(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+ ngx_http_proxy_loc_conf_t *plcf = conf;
+
+ ngx_str_t *value;
+ ngx_http_proxy_rewrite_t *pr;
+ ngx_http_compile_complex_value_t ccv;
+
+ if (plcf->cookie_domains == NULL) {
return NGX_CONF_OK;
}
- if (ngx_http_script_variables_count(&value[2]) == 0) {
- pr->handler = ngx_http_proxy_rewrite_redirect_text;
- pr->redirect = value[1];
- pr->replacement.text = value[2];
+ value = cf->args->elts;
+ if (cf->args->nelts == 2) {
+
+ if (ngx_strcmp(value[1].data, "off") == 0) {
+ plcf->cookie_domains = NULL;
+ return NGX_CONF_OK;
+ }
+
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "invalid parameter \"%V\"", &value[1]);
+ return NGX_CONF_ERROR;
+ }
+
+ if (plcf->cookie_domains == NGX_CONF_UNSET_PTR) {
+ plcf->cookie_domains = ngx_array_create(cf->pool, 1,
+ sizeof(ngx_http_proxy_rewrite_t));
+ if (plcf->cookie_domains == NULL) {
+ return NGX_CONF_ERROR;
+ }
+ }
+
+ pr = ngx_array_push(plcf->cookie_domains);
+ if (pr == NULL) {
+ return NGX_CONF_ERROR;
+ }
+
+ if (value[1].data[0] == '~') {
+ value[1].len--;
+ value[1].data++;
+
+ if (ngx_http_proxy_rewrite_regex(cf, pr, &value[1], 1) != NGX_OK) {
+ return NGX_CONF_ERROR;
+ }
+
+ } else {
+
+ if (value[1].data[0] == '.') {
+ value[1].len--;
+ value[1].data++;
+ }
+
+ ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t));
+
+ ccv.cf = cf;
+ ccv.value = &value[1];
+ ccv.complex_value = &pr->pattern.complex;
+
+ if (ngx_http_compile_complex_value(&ccv) != NGX_OK) {
+ return NGX_CONF_ERROR;
+ }
+
+ pr->handler = ngx_http_proxy_rewrite_domain_handler;
+
+ if (value[2].data[0] == '.') {
+ value[2].len--;
+ value[2].data++;
+ }
+ }
+
+ ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t));
+
+ ccv.cf = cf;
+ ccv.value = &value[2];
+ ccv.complex_value = &pr->replacement;
+
+ if (ngx_http_compile_complex_value(&ccv) != NGX_OK) {
+ return NGX_CONF_ERROR;
+ }
+
+ return NGX_CONF_OK;
+}
+
+
+static char *
+ngx_http_proxy_cookie_path(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+ ngx_http_proxy_loc_conf_t *plcf = conf;
+
+ ngx_str_t *value;
+ ngx_http_proxy_rewrite_t *pr;
+ ngx_http_compile_complex_value_t ccv;
+
+ if (plcf->cookie_paths == NULL) {
return NGX_CONF_OK;
}
- ngx_memzero(&sc, sizeof(ngx_http_script_compile_t));
+ value = cf->args->elts;
- vars_lengths = NULL;
- vars_values = NULL;
+ if (cf->args->nelts == 2) {
- sc.cf = cf;
- sc.source = &value[2];
- sc.lengths = &vars_lengths;
- sc.values = &vars_values;
- sc.complete_lengths = 1;
- sc.complete_values = 1;
+ if (ngx_strcmp(value[1].data, "off") == 0) {
+ plcf->cookie_paths = NULL;
+ return NGX_CONF_OK;
+ }
- if (ngx_http_script_compile(&sc) != NGX_OK) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "invalid parameter \"%V\"", &value[1]);
+ return NGX_CONF_ERROR;
+ }
+
+ if (plcf->cookie_paths == NGX_CONF_UNSET_PTR) {
+ plcf->cookie_paths = ngx_array_create(cf->pool, 1,
+ sizeof(ngx_http_proxy_rewrite_t));
+ if (plcf->cookie_paths == NULL) {
+ return NGX_CONF_ERROR;
+ }
+ }
+
+ pr = ngx_array_push(plcf->cookie_paths);
+ if (pr == NULL) {
return NGX_CONF_ERROR;
}
- pr->handler = ngx_http_proxy_rewrite_redirect_vars;
- pr->redirect = value[1];
- pr->replacement.vars.lengths = vars_lengths->elts;
- pr->replacement.vars.values = vars_values->elts;
+ if (value[1].data[0] == '~') {
+ value[1].len--;
+ value[1].data++;
+
+ if (value[1].data[0] == '*') {
+ value[1].len--;
+ value[1].data++;
+
+ if (ngx_http_proxy_rewrite_regex(cf, pr, &value[1], 1) != NGX_OK) {
+ return NGX_CONF_ERROR;
+ }
+
+ } else {
+ if (ngx_http_proxy_rewrite_regex(cf, pr, &value[1], 0) != NGX_OK) {
+ return NGX_CONF_ERROR;
+ }
+ }
+
+ } else {
+
+ ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t));
+
+ ccv.cf = cf;
+ ccv.value = &value[1];
+ ccv.complex_value = &pr->pattern.complex;
+
+ if (ngx_http_compile_complex_value(&ccv) != NGX_OK) {
+ return NGX_CONF_ERROR;
+ }
+
+ pr->handler = ngx_http_proxy_rewrite_complex_handler;
+ }
+
+ ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t));
+
+ ccv.cf = cf;
+ ccv.value = &value[2];
+ ccv.complex_value = &pr->replacement;
+
+ if (ngx_http_compile_complex_value(&ccv) != NGX_OK) {
+ return NGX_CONF_ERROR;
+ }
return NGX_CONF_OK;
}
+static ngx_int_t
+ngx_http_proxy_rewrite_regex(ngx_conf_t *cf, ngx_http_proxy_rewrite_t *pr,
+ ngx_str_t *regex, ngx_uint_t caseless)
+{
+#if (NGX_PCRE)
+ u_char errstr[NGX_MAX_CONF_ERRSTR];
+ ngx_regex_compile_t rc;
+
+ ngx_memzero(&rc, sizeof(ngx_regex_compile_t));
+
+ rc.pattern = *regex;
+ rc.err.len = NGX_MAX_CONF_ERRSTR;
+ rc.err.data = errstr;
+
+ if (caseless) {
+ rc.options = NGX_REGEX_CASELESS;
+ }
+
+ pr->pattern.regex = ngx_http_regex_compile(cf, &rc);
+ if (pr->pattern.regex == NULL) {
+ return NGX_ERROR;
+ }
+
+ pr->handler = ngx_http_proxy_rewrite_regex_handler;
+
+ return NGX_OK;
+
+#else
+
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "using regex \"%V\" requires PCRE library", regex);
+ return NGX_ERROR;
+
+#endif
+}
+
+
static char *
ngx_http_proxy_store(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_realip_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_realip_module.c
index bb606beb74c..c54c2ffa14c 100644
--- a/usr.sbin/nginx/src/http/modules/ngx_http_realip_module.c
+++ b/usr.sbin/nginx/src/http/modules/ngx_http_realip_module.c
@@ -16,13 +16,7 @@
typedef struct {
- in_addr_t mask;
- in_addr_t addr;
-} ngx_http_realip_from_t;
-
-
-typedef struct {
- ngx_array_t *from; /* array of ngx_http_realip_from_t */
+ ngx_array_t *from; /* array of ngx_in_cidr_t */
ngx_uint_t type;
ngx_uint_t hash;
ngx_str_t header;
@@ -114,9 +108,9 @@ ngx_http_realip_handler(ngx_http_request_t *r)
ngx_list_part_t *part;
ngx_table_elt_t *header;
struct sockaddr_in *sin;
+ ngx_in_cidr_t *from;
ngx_connection_t *c;
ngx_http_realip_ctx_t *ctx;
- ngx_http_realip_from_t *from;
ngx_http_realip_loc_conf_t *rlcf;
ctx = ngx_http_get_module_ctx(r, ngx_http_realip_module);
@@ -317,7 +311,7 @@ ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
ngx_int_t rc;
ngx_str_t *value;
ngx_cidr_t cidr;
- ngx_http_realip_from_t *from;
+ ngx_in_cidr_t *from;
value = cf->args->elts;
@@ -332,7 +326,7 @@ ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
if (rlcf->from == NULL) {
rlcf->from = ngx_array_create(cf->pool, 2,
- sizeof(ngx_http_realip_from_t));
+ sizeof(ngx_in_cidr_t));
if (rlcf->from == NULL) {
return NGX_CONF_ERROR;
}
diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_scgi_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_scgi_module.c
index 5fb2ac5ae68..239da6b941e 100644
--- a/usr.sbin/nginx/src/http/modules/ngx_http_scgi_module.c
+++ b/usr.sbin/nginx/src/http/modules/ngx_http_scgi_module.c
@@ -247,6 +247,20 @@ static ngx_command_t ngx_http_scgi_commands[] = {
offsetof(ngx_http_scgi_loc_conf_t, upstream.cache_methods),
&ngx_http_upstream_cache_method_mask },
+ { ngx_string("scgi_cache_lock"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+ ngx_conf_set_flag_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_scgi_loc_conf_t, upstream.cache_lock),
+ NULL },
+
+ { ngx_string("scgi_cache_lock_timeout"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_msec_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_scgi_loc_conf_t, upstream.cache_lock_timeout),
+ NULL },
+
#endif
{ ngx_string("scgi_temp_path"),
@@ -278,8 +292,8 @@ static ngx_command_t ngx_http_scgi_commands[] = {
&ngx_http_scgi_next_upstream_masks },
{ ngx_string("scgi_param"),
- NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE2,
- ngx_conf_set_keyval_slot,
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE23,
+ ngx_http_upstream_param_set_slot,
NGX_HTTP_LOC_CONF_OFFSET,
offsetof(ngx_http_scgi_loc_conf_t, params_source),
NULL },
@@ -519,10 +533,10 @@ static ngx_int_t
ngx_http_scgi_create_request(ngx_http_request_t *r)
{
u_char ch, *key, *val, *lowcase_key;
- size_t len, allocated;
+ size_t len, key_len, val_len, allocated;
ngx_buf_t *b;
ngx_str_t *content_length;
- ngx_uint_t i, n, hash, header_params;
+ ngx_uint_t i, n, hash, skip_empty, header_params;
ngx_chain_t *cl, *body;
ngx_list_part_t *part;
ngx_table_elt_t *header, **ignored;
@@ -554,15 +568,21 @@ ngx_http_scgi_create_request(ngx_http_request_t *r)
while (*(uintptr_t *) le.ip) {
lcode = *(ngx_http_script_len_code_pt *) le.ip;
- len += lcode(&le);
+ key_len = lcode(&le);
- while (*(uintptr_t *) le.ip) {
+ lcode = *(ngx_http_script_len_code_pt *) le.ip;
+ skip_empty = lcode(&le);
+
+ for (val_len = 0; *(uintptr_t *) le.ip; val_len += lcode(&le)) {
lcode = *(ngx_http_script_len_code_pt *) le.ip;
- len += lcode(&le);
}
- len++;
-
le.ip += sizeof(uintptr_t);
+
+ if (skip_empty && val_len == 0) {
+ continue;
+ }
+
+ len += key_len + val_len + 1;
}
}
@@ -665,7 +685,34 @@ ngx_http_scgi_create_request(ngx_http_request_t *r)
e.request = r;
e.flushed = 1;
- while (*(uintptr_t *) e.ip) {
+ le.ip = scf->params_len->elts;
+
+ while (*(uintptr_t *) le.ip) {
+
+ lcode = *(ngx_http_script_len_code_pt *) le.ip;
+ lcode(&le); /* key length */
+
+ lcode = *(ngx_http_script_len_code_pt *) le.ip;
+ skip_empty = lcode(&le);
+
+ for (val_len = 0; *(uintptr_t *) le.ip; val_len += lcode(&le)) {
+ lcode = *(ngx_http_script_len_code_pt *) le.ip;
+ }
+ le.ip += sizeof(uintptr_t);
+
+ if (skip_empty && val_len == 0) {
+ e.skip = 1;
+
+ while (*(uintptr_t *) e.ip) {
+ code = *(ngx_http_script_code_pt *) e.ip;
+ code((ngx_http_script_engine_t *) &e);
+ }
+ e.ip += sizeof(uintptr_t);
+
+ e.skip = 0;
+
+ continue;
+ }
#if (NGX_DEBUG)
key = e.pos;
@@ -1032,6 +1079,8 @@ ngx_http_scgi_create_loc_conf(ngx_conf_t *cf)
conf->upstream.cache_bypass = NGX_CONF_UNSET_PTR;
conf->upstream.no_cache = NGX_CONF_UNSET_PTR;
conf->upstream.cache_valid = NGX_CONF_UNSET_PTR;
+ conf->upstream.cache_lock = NGX_CONF_UNSET;
+ conf->upstream.cache_lock_timeout = NGX_CONF_UNSET_MSEC;
#endif
conf->upstream.hide_headers = NGX_CONF_UNSET_PTR;
@@ -1124,8 +1173,8 @@ ngx_http_scgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
if (conf->upstream.busy_buffers_size < size) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "\"scgi_busy_buffers_size\" must be equal or bigger "
- "than maximum of the value of \"scgi_buffer_size\" and "
+ "\"scgi_busy_buffers_size\" must be equal to or greater "
+ "than the maximum of the value of \"scgi_buffer_size\" and "
"one of the \"scgi_buffers\"");
return NGX_CONF_ERROR;
@@ -1155,8 +1204,8 @@ ngx_http_scgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
if (conf->upstream.temp_file_write_size < size) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "\"scgi_temp_file_write_size\" must be equal or bigger than "
- "maximum of the value of \"scgi_buffer_size\" and "
+ "\"scgi_temp_file_write_size\" must be equal to or greater than "
+ "the maximum of the value of \"scgi_buffer_size\" and "
"one of the \"scgi_buffers\"");
return NGX_CONF_ERROR;
@@ -1178,8 +1227,8 @@ ngx_http_scgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
&& conf->upstream.max_temp_file_size < size) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"\"scgi_max_temp_file_size\" must be equal to zero to disable "
- "the temporary files usage or must be equal or bigger than "
- "maximum of the value of \"scgi_buffer_size\" and "
+ "temporary files usage or must be equal to or greater than "
+ "the maximum of the value of \"scgi_buffer_size\" and "
"one of the \"scgi_buffers\"");
return NGX_CONF_ERROR;
@@ -1263,6 +1312,12 @@ ngx_http_scgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
conf->cache_key = prev->cache_key;
}
+ ngx_conf_merge_value(conf->upstream.cache_lock,
+ prev->upstream.cache_lock, 0);
+
+ ngx_conf_merge_msec_value(conf->upstream.cache_lock_timeout,
+ prev->upstream.cache_lock_timeout, 5000);
+
#endif
ngx_conf_merge_value(conf->upstream.pass_request_headers,
@@ -1320,9 +1375,9 @@ ngx_http_scgi_merge_params(ngx_conf_t *cf, ngx_http_scgi_loc_conf_t *conf,
#if (NGX_HTTP_CACHE)
ngx_array_t params_merged;
#endif
- ngx_keyval_t *src;
ngx_hash_key_t *hk;
ngx_hash_init_t hash;
+ ngx_http_upstream_param_t *src;
ngx_http_script_compile_t sc;
ngx_http_script_copy_code_t *copy;
@@ -1331,7 +1386,8 @@ ngx_http_scgi_merge_params(ngx_conf_t *cf, ngx_http_scgi_loc_conf_t *conf,
if (prev->headers_hash.buckets
#if (NGX_HTTP_CACHE)
- && ((conf->upstream.cache == NULL) == (prev->upstream.cache == NULL))
+ && ((conf->upstream.cache == NULL)
+ == (prev->upstream.cache == NULL))
#endif
)
{
@@ -1383,9 +1439,11 @@ ngx_http_scgi_merge_params(ngx_conf_t *cf, ngx_http_scgi_loc_conf_t *conf,
#if (NGX_HTTP_CACHE)
if (conf->upstream.cache) {
- ngx_keyval_t *h, *s;
+ ngx_keyval_t *h;
+ ngx_http_upstream_param_t *s;
- if (ngx_array_init(&params_merged, cf->temp_pool, 4, sizeof(ngx_keyval_t))
+ if (ngx_array_init(&params_merged, cf->temp_pool, 4,
+ sizeof(ngx_http_upstream_param_t))
!= NGX_OK)
{
return NGX_ERROR;
@@ -1419,7 +1477,9 @@ ngx_http_scgi_merge_params(ngx_conf_t *cf, ngx_http_scgi_loc_conf_t *conf,
return NGX_ERROR;
}
- *s = *h;
+ s->key = h->key;
+ s->value = h->value;
+ s->skip_empty = 0;
next:
@@ -1461,6 +1521,15 @@ ngx_http_scgi_merge_params(ngx_conf_t *cf, ngx_http_scgi_loc_conf_t *conf,
copy->code = (ngx_http_script_code_pt) ngx_http_script_copy_len_code;
copy->len = src[i].key.len + 1;
+ copy = ngx_array_push_n(conf->params_len,
+ sizeof(ngx_http_script_copy_code_t));
+ if (copy == NULL) {
+ return NGX_ERROR;
+ }
+
+ copy->code = (ngx_http_script_code_pt) ngx_http_script_copy_len_code;
+ copy->len = src[i].skip_empty;
+
size = (sizeof(ngx_http_script_copy_code_t)
+ src[i].key.len + 1 + sizeof(uintptr_t) - 1)
diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_split_clients_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_split_clients_module.c
index f2160b149de..726269c3c73 100644
--- a/usr.sbin/nginx/src/http/modules/ngx_http_split_clients_module.c
+++ b/usr.sbin/nginx/src/http/modules/ngx_http_split_clients_module.c
@@ -97,7 +97,7 @@ ngx_http_split_clients_variable(ngx_http_request_t *r,
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"http split: %uD %uD", hash, part[i].percent);
- if (hash < part[i].percent) {
+ if (hash < part[i].percent || part[i].percent == 0) {
*v = part[i].value;
return NGX_OK;
}
@@ -111,8 +111,9 @@ static char *
ngx_conf_split_clients_block(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
char *rv;
+ uint32_t sum, last;
ngx_str_t *value, name;
- ngx_uint_t i, sum, last;
+ ngx_uint_t i;
ngx_conf_t save;
ngx_http_variable_t *var;
ngx_http_split_clients_ctx_t *ctx;
@@ -175,19 +176,15 @@ ngx_conf_split_clients_block(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
for (i = 0; i < ctx->parts.nelts; i++) {
sum = part[i].percent ? sum + part[i].percent : 10000;
if (sum > 10000) {
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "percent sum is more than 100%%");
- return NGX_CONF_ERROR;
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "percent total is greater than 100%%");
+ return NGX_CONF_ERROR;
}
if (part[i].percent) {
- part[i].percent = (uint32_t)
- (last + 0xffffffff / 10000 * part[i].percent);
- } else {
- part[i].percent = 0xffffffff;
+ last += part[i].percent * (uint64_t) 0xffffffff / 10000;
+ part[i].percent = last;
}
-
- last = part[i].percent;
}
return rv;
diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_ssi_filter_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_ssi_filter_module.c
index b02300f39f7..219465ae909 100644
--- a/usr.sbin/nginx/src/http/modules/ngx_http_ssi_filter_module.c
+++ b/usr.sbin/nginx/src/http/modules/ngx_http_ssi_filter_module.c
@@ -714,7 +714,7 @@ ngx_http_ssi_body_filter(ngx_http_request_t *r, ngx_chain_t *in)
if (ctx->params.nelts > NGX_HTTP_SSI_MAX_PARAMS) {
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
- "too many SSI command paramters: \"%V\"",
+ "too many SSI command parameters: \"%V\"",
&ctx->command);
goto ssi_error;
}
@@ -1204,7 +1204,7 @@ ngx_http_ssi_parse(ngx_http_request_t *r, ngx_http_ssi_ctx_t *ctx)
if (ctx->value_buf == NULL) {
ctx->param->value.data = ngx_pnalloc(r->pool,
- ctx->value_len);
+ ctx->value_len + 1);
if (ctx->param->value.data == NULL) {
return NGX_ERROR;
}
@@ -1375,6 +1375,16 @@ ngx_http_ssi_parse(ngx_http_request_t *r, ngx_http_ssi_ctx_t *ctx)
case ssi_quoted_symbol_state:
state = ctx->saved_state;
+ if (ctx->param->value.len == ctx->value_len) {
+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+ "too long \"%V%c...\" value of \"%V\" "
+ "parameter in \"%V\" SSI command",
+ &ctx->param->value, ch, &ctx->param->key,
+ &ctx->command);
+ state = ssi_error_state;
+ break;
+ }
+
ctx->param->value.data[ctx->param->value.len++] = ch;
break;
@@ -1993,7 +2003,7 @@ ngx_http_ssi_include(ngx_http_request_t *r, ngx_http_ssi_ctx_t *ctx,
if (set && stub) {
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
- "\"set\" and \"stub\" may not be used together "
+ "\"set\" and \"stub\" cannot be used together "
"in \"include\" SSI command");
return NGX_HTTP_SSI_ERROR;
}
@@ -2001,7 +2011,7 @@ ngx_http_ssi_include(ngx_http_request_t *r, ngx_http_ssi_ctx_t *ctx,
if (wait) {
if (uri == NULL) {
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
- "\"wait\" may not be used with file=\"%V\"", file);
+ "\"wait\" cannot be used with file=\"%V\"", file);
return NGX_HTTP_SSI_ERROR;
}
@@ -2178,7 +2188,7 @@ ngx_http_ssi_include(ngx_http_request_t *r, ngx_http_ssi_ctx_t *ctx,
} else {
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
- "only one subrequest may be waited at the same time");
+ "can only wait for one subrequest at a time");
}
return NGX_OK;
@@ -2886,7 +2896,7 @@ ngx_http_ssi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
prev->ignore_recycled_buffers, 0);
ngx_conf_merge_size_value(conf->min_file_chunk, prev->min_file_chunk, 1024);
- ngx_conf_merge_size_value(conf->value_len, prev->value_len, 256);
+ ngx_conf_merge_size_value(conf->value_len, prev->value_len, 255);
if (ngx_http_merge_types(cf, &conf->types_keys, &conf->types,
&prev->types_keys, &prev->types,
diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_static_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_static_module.c
index a0e302ad1d5..9d77e43b119 100644
--- a/usr.sbin/nginx/src/http/modules/ngx_http_static_module.c
+++ b/usr.sbin/nginx/src/http/modules/ngx_http_static_module.c
@@ -95,6 +95,10 @@ ngx_http_static_handler(ngx_http_request_t *r)
of.errors = clcf->open_file_cache_errors;
of.events = clcf->open_file_cache_events;
+ if (ngx_http_set_disable_symlinks(r, clcf, &path, &of) != NGX_OK) {
+ return NGX_HTTP_INTERNAL_SERVER_ERROR;
+ }
+
if (ngx_open_cached_file(clcf->open_file_cache, &path, &of, r->pool)
!= NGX_OK)
{
@@ -112,6 +116,10 @@ ngx_http_static_handler(ngx_http_request_t *r)
break;
case NGX_EACCES:
+#if (NGX_HAVE_OPENAT)
+ case NGX_EMLINK:
+ case NGX_ELOOP:
+#endif
level = NGX_LOG_ERR;
rc = NGX_HTTP_FORBIDDEN;
diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_upstream_ip_hash_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_upstream_ip_hash_module.c
index fd9ecbe0bff..100ea34dd04 100644
--- a/usr.sbin/nginx/src/http/modules/ngx_http_upstream_ip_hash_module.c
+++ b/usr.sbin/nginx/src/http/modules/ngx_http_upstream_ip_hash_module.c
@@ -186,8 +186,8 @@ ngx_http_upstream_get_ip_hash_peer(ngx_peer_connection_t *pc, void *data)
break;
}
- if (now - peer->accessed > peer->fail_timeout) {
- peer->fails = 0;
+ if (now - peer->checked > peer->fail_timeout) {
+ peer->checked = now;
break;
}
}
diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_upstream_keepalive_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_upstream_keepalive_module.c
new file mode 100644
index 00000000000..6fd9ac70a34
--- /dev/null
+++ b/usr.sbin/nginx/src/http/modules/ngx_http_upstream_keepalive_module.c
@@ -0,0 +1,570 @@
+
+/*
+ * Copyright (C) Maxim Dounin
+ * Copyright (C) Nginx, Inc.
+ */
+
+
+#include <ngx_config.h>
+#include <ngx_core.h>
+#include <ngx_http.h>
+
+
+typedef struct {
+ ngx_uint_t max_cached;
+ ngx_uint_t single; /* unsigned:1 */
+
+ ngx_queue_t cache;
+ ngx_queue_t free;
+
+ ngx_http_upstream_init_pt original_init_upstream;
+ ngx_http_upstream_init_peer_pt original_init_peer;
+
+} ngx_http_upstream_keepalive_srv_conf_t;
+
+
+typedef struct {
+ ngx_http_upstream_keepalive_srv_conf_t *conf;
+
+ ngx_http_upstream_t *upstream;
+
+ void *data;
+
+ ngx_event_get_peer_pt original_get_peer;
+ ngx_event_free_peer_pt original_free_peer;
+
+#if (NGX_HTTP_SSL)
+ ngx_event_set_peer_session_pt original_set_session;
+ ngx_event_save_peer_session_pt original_save_session;
+#endif
+
+ ngx_uint_t failed; /* unsigned:1 */
+
+} ngx_http_upstream_keepalive_peer_data_t;
+
+
+typedef struct {
+ ngx_http_upstream_keepalive_srv_conf_t *conf;
+
+ ngx_queue_t queue;
+ ngx_connection_t *connection;
+
+ socklen_t socklen;
+ u_char sockaddr[NGX_SOCKADDRLEN];
+
+} ngx_http_upstream_keepalive_cache_t;
+
+
+static ngx_int_t ngx_http_upstream_init_keepalive_peer(ngx_http_request_t *r,
+ ngx_http_upstream_srv_conf_t *us);
+static ngx_int_t ngx_http_upstream_get_keepalive_peer(ngx_peer_connection_t *pc,
+ void *data);
+static void ngx_http_upstream_free_keepalive_peer(ngx_peer_connection_t *pc,
+ void *data, ngx_uint_t state);
+
+static void ngx_http_upstream_keepalive_dummy_handler(ngx_event_t *ev);
+static void ngx_http_upstream_keepalive_close_handler(ngx_event_t *ev);
+static void ngx_http_upstream_keepalive_close(ngx_connection_t *c);
+
+
+#if (NGX_HTTP_SSL)
+static ngx_int_t ngx_http_upstream_keepalive_set_session(
+ ngx_peer_connection_t *pc, void *data);
+static void ngx_http_upstream_keepalive_save_session(ngx_peer_connection_t *pc,
+ void *data);
+#endif
+
+static void *ngx_http_upstream_keepalive_create_conf(ngx_conf_t *cf);
+static char *ngx_http_upstream_keepalive(ngx_conf_t *cf, ngx_command_t *cmd,
+ void *conf);
+
+
+static ngx_command_t ngx_http_upstream_keepalive_commands[] = {
+
+ { ngx_string("keepalive"),
+ NGX_HTTP_UPS_CONF|NGX_CONF_TAKE12,
+ ngx_http_upstream_keepalive,
+ 0,
+ 0,
+ NULL },
+
+ ngx_null_command
+};
+
+
+static ngx_http_module_t ngx_http_upstream_keepalive_module_ctx = {
+ NULL, /* preconfiguration */
+ NULL, /* postconfiguration */
+
+ NULL, /* create main configuration */
+ NULL, /* init main configuration */
+
+ ngx_http_upstream_keepalive_create_conf, /* create server configuration */
+ NULL, /* merge server configuration */
+
+ NULL, /* create location configuration */
+ NULL /* merge location configuration */
+};
+
+
+ngx_module_t ngx_http_upstream_keepalive_module = {
+ NGX_MODULE_V1,
+ &ngx_http_upstream_keepalive_module_ctx, /* module context */
+ ngx_http_upstream_keepalive_commands, /* module directives */
+ NGX_HTTP_MODULE, /* module type */
+ NULL, /* init master */
+ NULL, /* init module */
+ NULL, /* init process */
+ NULL, /* init thread */
+ NULL, /* exit thread */
+ NULL, /* exit process */
+ NULL, /* exit master */
+ NGX_MODULE_V1_PADDING
+};
+
+
+static ngx_int_t
+ngx_http_upstream_init_keepalive(ngx_conf_t *cf,
+ ngx_http_upstream_srv_conf_t *us)
+{
+ ngx_uint_t i;
+ ngx_http_upstream_keepalive_srv_conf_t *kcf;
+ ngx_http_upstream_keepalive_cache_t *cached;
+
+ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, cf->log, 0,
+ "init keepalive");
+
+ kcf = ngx_http_conf_upstream_srv_conf(us,
+ ngx_http_upstream_keepalive_module);
+
+ if (kcf->original_init_upstream(cf, us) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ kcf->original_init_peer = us->peer.init;
+
+ us->peer.init = ngx_http_upstream_init_keepalive_peer;
+
+ /* allocate cache items and add to free queue */
+
+ cached = ngx_pcalloc(cf->pool,
+ sizeof(ngx_http_upstream_keepalive_cache_t) * kcf->max_cached);
+ if (cached == NULL) {
+ return NGX_ERROR;
+ }
+
+ ngx_queue_init(&kcf->cache);
+ ngx_queue_init(&kcf->free);
+
+ for (i = 0; i < kcf->max_cached; i++) {
+ ngx_queue_insert_head(&kcf->free, &cached[i].queue);
+ cached[i].conf = kcf;
+ }
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_http_upstream_init_keepalive_peer(ngx_http_request_t *r,
+ ngx_http_upstream_srv_conf_t *us)
+{
+ ngx_http_upstream_keepalive_peer_data_t *kp;
+ ngx_http_upstream_keepalive_srv_conf_t *kcf;
+
+ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+ "init keepalive peer");
+
+ kcf = ngx_http_conf_upstream_srv_conf(us,
+ ngx_http_upstream_keepalive_module);
+
+ kp = ngx_palloc(r->pool, sizeof(ngx_http_upstream_keepalive_peer_data_t));
+ if (kp == NULL) {
+ return NGX_ERROR;
+ }
+
+ if (kcf->original_init_peer(r, us) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ kp->conf = kcf;
+ kp->upstream = r->upstream;
+ kp->data = r->upstream->peer.data;
+ kp->original_get_peer = r->upstream->peer.get;
+ kp->original_free_peer = r->upstream->peer.free;
+
+ r->upstream->peer.data = kp;
+ r->upstream->peer.get = ngx_http_upstream_get_keepalive_peer;
+ r->upstream->peer.free = ngx_http_upstream_free_keepalive_peer;
+
+#if (NGX_HTTP_SSL)
+ kp->original_set_session = r->upstream->peer.set_session;
+ kp->original_save_session = r->upstream->peer.save_session;
+ r->upstream->peer.set_session = ngx_http_upstream_keepalive_set_session;
+ r->upstream->peer.save_session = ngx_http_upstream_keepalive_save_session;
+#endif
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_http_upstream_get_keepalive_peer(ngx_peer_connection_t *pc, void *data)
+{
+ ngx_http_upstream_keepalive_peer_data_t *kp = data;
+ ngx_http_upstream_keepalive_cache_t *item;
+
+ ngx_int_t rc;
+ ngx_queue_t *q, *cache;
+ ngx_connection_t *c;
+
+ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, pc->log, 0,
+ "get keepalive peer");
+
+ kp->failed = 0;
+
+ /* single pool of cached connections */
+
+ if (kp->conf->single && !ngx_queue_empty(&kp->conf->cache)) {
+
+ q = ngx_queue_head(&kp->conf->cache);
+
+ item = ngx_queue_data(q, ngx_http_upstream_keepalive_cache_t, queue);
+ c = item->connection;
+
+ ngx_queue_remove(q);
+ ngx_queue_insert_head(&kp->conf->free, q);
+
+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0,
+ "get keepalive peer: using connection %p", c);
+
+ c->idle = 0;
+ c->log = pc->log;
+ c->read->log = pc->log;
+ c->write->log = pc->log;
+ c->pool->log = pc->log;
+
+ pc->connection = c;
+ pc->cached = 1;
+
+ return NGX_DONE;
+ }
+
+ rc = kp->original_get_peer(pc, kp->data);
+
+ if (kp->conf->single || rc != NGX_OK) {
+ return rc;
+ }
+
+ /* search cache for suitable connection */
+
+ cache = &kp->conf->cache;
+
+ for (q = ngx_queue_head(cache);
+ q != ngx_queue_sentinel(cache);
+ q = ngx_queue_next(q))
+ {
+ item = ngx_queue_data(q, ngx_http_upstream_keepalive_cache_t, queue);
+ c = item->connection;
+
+ if (ngx_memn2cmp((u_char *) &item->sockaddr, (u_char *) pc->sockaddr,
+ item->socklen, pc->socklen)
+ == 0)
+ {
+ ngx_queue_remove(q);
+ ngx_queue_insert_head(&kp->conf->free, q);
+
+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0,
+ "get keepalive peer: using connection %p", c);
+
+ c->idle = 0;
+ c->log = pc->log;
+ c->read->log = pc->log;
+ c->write->log = pc->log;
+ c->pool->log = pc->log;
+
+ pc->connection = c;
+ pc->cached = 1;
+
+ return NGX_DONE;
+ }
+ }
+
+ return NGX_OK;
+}
+
+
+static void
+ngx_http_upstream_free_keepalive_peer(ngx_peer_connection_t *pc, void *data,
+ ngx_uint_t state)
+{
+ ngx_http_upstream_keepalive_peer_data_t *kp = data;
+ ngx_http_upstream_keepalive_cache_t *item;
+
+ ngx_queue_t *q;
+ ngx_connection_t *c;
+ ngx_http_upstream_t *u;
+
+ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, pc->log, 0,
+ "free keepalive peer");
+
+ /* remember failed state - peer.free() may be called more than once */
+
+ if (state & NGX_PEER_FAILED) {
+ kp->failed = 1;
+ }
+
+ /* cache valid connections */
+
+ u = kp->upstream;
+ c = pc->connection;
+
+ if (kp->failed
+ || c == NULL
+ || c->read->eof
+ || c->read->error
+ || c->read->timedout
+ || c->write->error
+ || c->write->timedout)
+ {
+ goto invalid;
+ }
+
+ if (!u->keepalive) {
+ goto invalid;
+ }
+
+ if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
+ goto invalid;
+ }
+
+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0,
+ "free keepalive peer: saving connection %p", c);
+
+ if (ngx_queue_empty(&kp->conf->free)) {
+
+ q = ngx_queue_last(&kp->conf->cache);
+ ngx_queue_remove(q);
+
+ item = ngx_queue_data(q, ngx_http_upstream_keepalive_cache_t, queue);
+
+ ngx_http_upstream_keepalive_close(item->connection);
+
+ } else {
+ q = ngx_queue_head(&kp->conf->free);
+ ngx_queue_remove(q);
+
+ item = ngx_queue_data(q, ngx_http_upstream_keepalive_cache_t, queue);
+ }
+
+ item->connection = c;
+ ngx_queue_insert_head(&kp->conf->cache, q);
+
+ pc->connection = NULL;
+
+ if (c->read->timer_set) {
+ ngx_del_timer(c->read);
+ }
+ if (c->write->timer_set) {
+ ngx_del_timer(c->write);
+ }
+
+ c->write->handler = ngx_http_upstream_keepalive_dummy_handler;
+ c->read->handler = ngx_http_upstream_keepalive_close_handler;
+
+ c->data = item;
+ c->idle = 1;
+ c->log = ngx_cycle->log;
+ c->read->log = ngx_cycle->log;
+ c->write->log = ngx_cycle->log;
+ c->pool->log = ngx_cycle->log;
+
+ item->socklen = pc->socklen;
+ ngx_memcpy(&item->sockaddr, pc->sockaddr, pc->socklen);
+
+ if (c->read->ready) {
+ ngx_http_upstream_keepalive_close_handler(c->read);
+ }
+
+invalid:
+
+ kp->original_free_peer(pc, kp->data, state);
+}
+
+
+static void
+ngx_http_upstream_keepalive_dummy_handler(ngx_event_t *ev)
+{
+ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, ev->log, 0,
+ "keepalive dummy handler");
+}
+
+
+static void
+ngx_http_upstream_keepalive_close_handler(ngx_event_t *ev)
+{
+ ngx_http_upstream_keepalive_srv_conf_t *conf;
+ ngx_http_upstream_keepalive_cache_t *item;
+
+ int n;
+ char buf[1];
+ ngx_connection_t *c;
+
+ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, ev->log, 0,
+ "keepalive close handler");
+
+ c = ev->data;
+
+ if (c->close) {
+ goto close;
+ }
+
+ n = recv(c->fd, buf, 1, MSG_PEEK);
+
+ if (n == -1 && ngx_socket_errno == NGX_EAGAIN) {
+ /* stale event */
+
+ if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
+ goto close;
+ }
+
+ return;
+ }
+
+close:
+
+ item = c->data;
+ conf = item->conf;
+
+ ngx_http_upstream_keepalive_close(c);
+
+ ngx_queue_remove(&item->queue);
+ ngx_queue_insert_head(&conf->free, &item->queue);
+}
+
+
+static void
+ngx_http_upstream_keepalive_close(ngx_connection_t *c)
+{
+
+#if (NGX_HTTP_SSL)
+
+ if (c->ssl) {
+ c->ssl->no_wait_shutdown = 1;
+ c->ssl->no_send_shutdown = 1;
+
+ if (ngx_ssl_shutdown(c) == NGX_AGAIN) {
+ c->ssl->handler = ngx_http_upstream_keepalive_close;
+ return;
+ }
+ }
+
+#endif
+
+ ngx_destroy_pool(c->pool);
+ ngx_close_connection(c);
+}
+
+
+#if (NGX_HTTP_SSL)
+
+static ngx_int_t
+ngx_http_upstream_keepalive_set_session(ngx_peer_connection_t *pc, void *data)
+{
+ ngx_http_upstream_keepalive_peer_data_t *kp = data;
+
+ return kp->original_set_session(pc, kp->data);
+}
+
+
+static void
+ngx_http_upstream_keepalive_save_session(ngx_peer_connection_t *pc, void *data)
+{
+ ngx_http_upstream_keepalive_peer_data_t *kp = data;
+
+ kp->original_save_session(pc, kp->data);
+ return;
+}
+
+#endif
+
+
+static void *
+ngx_http_upstream_keepalive_create_conf(ngx_conf_t *cf)
+{
+ ngx_http_upstream_keepalive_srv_conf_t *conf;
+
+ conf = ngx_pcalloc(cf->pool,
+ sizeof(ngx_http_upstream_keepalive_srv_conf_t));
+ if (conf == NULL) {
+ return NULL;
+ }
+
+ /*
+ * set by ngx_pcalloc():
+ *
+ * conf->original_init_upstream = NULL;
+ * conf->original_init_peer = NULL;
+ */
+
+ conf->max_cached = 1;
+
+ return conf;
+}
+
+
+static char *
+ngx_http_upstream_keepalive(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+ ngx_http_upstream_srv_conf_t *uscf;
+ ngx_http_upstream_keepalive_srv_conf_t *kcf;
+
+ ngx_int_t n;
+ ngx_str_t *value;
+ ngx_uint_t i;
+
+ uscf = ngx_http_conf_get_module_srv_conf(cf, ngx_http_upstream_module);
+
+ kcf = ngx_http_conf_upstream_srv_conf(uscf,
+ ngx_http_upstream_keepalive_module);
+
+ kcf->original_init_upstream = uscf->peer.init_upstream
+ ? uscf->peer.init_upstream
+ : ngx_http_upstream_init_round_robin;
+
+ uscf->peer.init_upstream = ngx_http_upstream_init_keepalive;
+
+ /* read options */
+
+ value = cf->args->elts;
+
+ n = ngx_atoi(value[1].data, value[1].len);
+
+ if (n == NGX_ERROR || n == 0) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "invalid value \"%V\" in \"%V\" directive",
+ &value[1], &cmd->name);
+ return NGX_CONF_ERROR;
+ }
+
+ kcf->max_cached = n;
+
+ for (i = 2; i < cf->args->nelts; i++) {
+
+ if (ngx_strcmp(value[i].data, "single") == 0) {
+ kcf->single = 1;
+ continue;
+ }
+
+ goto invalid;
+ }
+
+ return NGX_CONF_OK;
+
+invalid:
+
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "invalid parameter \"%V\"", &value[i]);
+
+ return NGX_CONF_ERROR;
+}
diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_userid_filter_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_userid_filter_module.c
index 05343f2f1a4..1487c091eee 100644
--- a/usr.sbin/nginx/src/http/modules/ngx_http_userid_filter_module.c
+++ b/usr.sbin/nginx/src/http/modules/ngx_http_userid_filter_module.c
@@ -774,14 +774,10 @@ ngx_http_userid_expires(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
}
ucf->expires = ngx_parse_time(&value[1], 1);
- if (ucf->expires == NGX_ERROR) {
+ if (ucf->expires == (time_t) NGX_ERROR) {
return "invalid value";
}
- if (ucf->expires == NGX_PARSE_LARGE_TIME) {
- return "value must be less than 68 years";
- }
-
return NGX_CONF_OK;
}
diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_uwsgi_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_uwsgi_module.c
index fb5ff0d7876..0c999ca6299 100644
--- a/usr.sbin/nginx/src/http/modules/ngx_http_uwsgi_module.c
+++ b/usr.sbin/nginx/src/http/modules/ngx_http_uwsgi_module.c
@@ -43,7 +43,6 @@ static ngx_int_t ngx_http_uwsgi_create_request(ngx_http_request_t *r);
static ngx_int_t ngx_http_uwsgi_reinit_request(ngx_http_request_t *r);
static ngx_int_t ngx_http_uwsgi_process_status_line(ngx_http_request_t *r);
static ngx_int_t ngx_http_uwsgi_process_header(ngx_http_request_t *r);
-static ngx_int_t ngx_http_uwsgi_process_header(ngx_http_request_t *r);
static void ngx_http_uwsgi_abort_request(ngx_http_request_t *r);
static void ngx_http_uwsgi_finalize_request(ngx_http_request_t *r,
ngx_int_t rc);
@@ -275,6 +274,20 @@ static ngx_command_t ngx_http_uwsgi_commands[] = {
offsetof(ngx_http_uwsgi_loc_conf_t, upstream.cache_methods),
&ngx_http_upstream_cache_method_mask },
+ { ngx_string("uwsgi_cache_lock"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+ ngx_conf_set_flag_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_uwsgi_loc_conf_t, upstream.cache_lock),
+ NULL },
+
+ { ngx_string("uwsgi_cache_lock_timeout"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_msec_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_uwsgi_loc_conf_t, upstream.cache_lock_timeout),
+ NULL },
+
#endif
{ ngx_string("uwsgi_temp_path"),
@@ -306,8 +319,8 @@ static ngx_command_t ngx_http_uwsgi_commands[] = {
&ngx_http_uwsgi_next_upstream_masks },
{ ngx_string("uwsgi_param"),
- NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE2,
- ngx_conf_set_keyval_slot,
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE23,
+ ngx_http_upstream_param_set_slot,
NGX_HTTP_LOC_CONF_OFFSET,
offsetof(ngx_http_uwsgi_loc_conf_t, params_source),
NULL },
@@ -554,7 +567,7 @@ ngx_http_uwsgi_create_request(ngx_http_request_t *r)
{
u_char ch, *lowcase_key;
size_t key_len, val_len, len, allocated;
- ngx_uint_t i, n, hash, header_params;
+ ngx_uint_t i, n, hash, skip_empty, header_params;
ngx_buf_t *b;
ngx_chain_t *cl, *body;
ngx_list_part_t *part;
@@ -584,11 +597,18 @@ ngx_http_uwsgi_create_request(ngx_http_request_t *r)
lcode = *(ngx_http_script_len_code_pt *) le.ip;
key_len = lcode(&le);
+ lcode = *(ngx_http_script_len_code_pt *) le.ip;
+ skip_empty = lcode(&le);
+
for (val_len = 0; *(uintptr_t *) le.ip; val_len += lcode (&le)) {
lcode = *(ngx_http_script_len_code_pt *) le.ip;
}
le.ip += sizeof(uintptr_t);
+ if (skip_empty && val_len == 0) {
+ continue;
+ }
+
len += 2 + key_len + 2 + val_len;
}
}
@@ -707,11 +727,28 @@ ngx_http_uwsgi_create_request(ngx_http_request_t *r)
lcode = *(ngx_http_script_len_code_pt *) le.ip;
key_len = (u_char) lcode (&le);
+ lcode = *(ngx_http_script_len_code_pt *) le.ip;
+ skip_empty = lcode(&le);
+
for (val_len = 0; *(uintptr_t *) le.ip; val_len += lcode(&le)) {
lcode = *(ngx_http_script_len_code_pt *) le.ip;
}
le.ip += sizeof(uintptr_t);
+ if (skip_empty && val_len == 0) {
+ e.skip = 1;
+
+ while (*(uintptr_t *) e.ip) {
+ code = *(ngx_http_script_code_pt *) e.ip;
+ code((ngx_http_script_engine_t *) &e);
+ }
+ e.ip += sizeof(uintptr_t);
+
+ e.skip = 0;
+
+ continue;
+ }
+
*e.pos++ = (u_char) (key_len & 0xff);
*e.pos++ = (u_char) ((key_len >> 8) & 0xff);
@@ -874,10 +911,7 @@ ngx_http_uwsgi_process_status_line(ngx_http_request_t *r)
}
if (rc == NGX_ERROR) {
- r->http_version = NGX_HTTP_VERSION_9;
-
u->process_header = ngx_http_uwsgi_process_header;
-
return ngx_http_uwsgi_process_header(r);
}
@@ -979,12 +1013,12 @@ ngx_http_uwsgi_process_header(ngx_http_request_t *r)
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"http uwsgi header done");
- if (r->http_version > NGX_HTTP_VERSION_9) {
+ u = r->upstream;
+
+ if (u->headers_in.status_n) {
return NGX_OK;
}
- u = r->upstream;
-
if (u->headers_in.status) {
status_line = &u->headers_in.status->value;
@@ -996,20 +1030,15 @@ ngx_http_uwsgi_process_header(ngx_http_request_t *r)
return NGX_HTTP_UPSTREAM_INVALID_HEADER;
}
- r->http_version = NGX_HTTP_VERSION_10;
u->headers_in.status_n = status;
u->headers_in.status_line = *status_line;
} else if (u->headers_in.location) {
- r->http_version = NGX_HTTP_VERSION_10;
u->headers_in.status_n = 302;
ngx_str_set(&u->headers_in.status_line,
"302 Moved Temporarily");
} else {
- ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
- "upstream sent neither valid HTTP/1.0 header "
- "nor \"Status\" header line");
u->headers_in.status_n = 200;
ngx_str_set(&u->headers_in.status_line, "200 OK");
}
@@ -1093,6 +1122,8 @@ ngx_http_uwsgi_create_loc_conf(ngx_conf_t *cf)
conf->upstream.cache_bypass = NGX_CONF_UNSET_PTR;
conf->upstream.no_cache = NGX_CONF_UNSET_PTR;
conf->upstream.cache_valid = NGX_CONF_UNSET_PTR;
+ conf->upstream.cache_lock = NGX_CONF_UNSET;
+ conf->upstream.cache_lock_timeout = NGX_CONF_UNSET_MSEC;
#endif
conf->upstream.hide_headers = NGX_CONF_UNSET_PTR;
@@ -1185,8 +1216,8 @@ ngx_http_uwsgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
if (conf->upstream.busy_buffers_size < size) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "\"uwsgi_busy_buffers_size\" must be equal or bigger "
- "than maximum of the value of \"uwsgi_buffer_size\" and "
+ "\"uwsgi_busy_buffers_size\" must be equal to or greater "
+ "than the maximum of the value of \"uwsgi_buffer_size\" and "
"one of the \"uwsgi_buffers\"");
return NGX_CONF_ERROR;
@@ -1216,8 +1247,8 @@ ngx_http_uwsgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
if (conf->upstream.temp_file_write_size < size) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "\"uwsgi_temp_file_write_size\" must be equal or bigger than "
- "maximum of the value of \"uwsgi_buffer_size\" and "
+ "\"uwsgi_temp_file_write_size\" must be equal to or greater than "
+ "the maximum of the value of \"uwsgi_buffer_size\" and "
"one of the \"uwsgi_buffers\"");
return NGX_CONF_ERROR;
@@ -1239,8 +1270,8 @@ ngx_http_uwsgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
&& conf->upstream.max_temp_file_size < size) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"\"uwsgi_max_temp_file_size\" must be equal to zero to disable "
- "the temporary files usage or must be equal or bigger than "
- "maximum of the value of \"uwsgi_buffer_size\" and "
+ "temporary files usage or must be equal to or greater than "
+ "the maximum of the value of \"uwsgi_buffer_size\" and "
"one of the \"uwsgi_buffers\"");
return NGX_CONF_ERROR;
@@ -1324,6 +1355,12 @@ ngx_http_uwsgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
conf->cache_key = prev->cache_key;
}
+ ngx_conf_merge_value(conf->upstream.cache_lock,
+ prev->upstream.cache_lock, 0);
+
+ ngx_conf_merge_msec_value(conf->upstream.cache_lock_timeout,
+ prev->upstream.cache_lock_timeout, 5000);
+
#endif
ngx_conf_merge_value(conf->upstream.pass_request_headers,
@@ -1386,9 +1423,9 @@ ngx_http_uwsgi_merge_params(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *conf,
#if (NGX_HTTP_CACHE)
ngx_array_t params_merged;
#endif
- ngx_keyval_t *src;
ngx_hash_key_t *hk;
ngx_hash_init_t hash;
+ ngx_http_upstream_param_t *src;
ngx_http_script_compile_t sc;
ngx_http_script_copy_code_t *copy;
@@ -1397,7 +1434,8 @@ ngx_http_uwsgi_merge_params(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *conf,
if (prev->headers_hash.buckets
#if (NGX_HTTP_CACHE)
- && ((conf->upstream.cache == NULL) == (prev->upstream.cache == NULL))
+ && ((conf->upstream.cache == NULL)
+ == (prev->upstream.cache == NULL))
#endif
)
{
@@ -1449,9 +1487,11 @@ ngx_http_uwsgi_merge_params(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *conf,
#if (NGX_HTTP_CACHE)
if (conf->upstream.cache) {
- ngx_keyval_t *h, *s;
+ ngx_keyval_t *h;
+ ngx_http_upstream_param_t *s;
- if (ngx_array_init(&params_merged, cf->temp_pool, 4, sizeof(ngx_keyval_t))
+ if (ngx_array_init(&params_merged, cf->temp_pool, 4,
+ sizeof(ngx_http_upstream_param_t))
!= NGX_OK)
{
return NGX_ERROR;
@@ -1485,7 +1525,9 @@ ngx_http_uwsgi_merge_params(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *conf,
return NGX_ERROR;
}
- *s = *h;
+ s->key = h->key;
+ s->value = h->value;
+ s->skip_empty = 0;
next:
@@ -1527,6 +1569,15 @@ ngx_http_uwsgi_merge_params(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *conf,
copy->code = (ngx_http_script_code_pt) ngx_http_script_copy_len_code;
copy->len = src[i].key.len;
+ copy = ngx_array_push_n(conf->params_len,
+ sizeof(ngx_http_script_copy_code_t));
+ if (copy == NULL) {
+ return NGX_ERROR;
+ }
+
+ copy->code = (ngx_http_script_code_pt) ngx_http_script_copy_len_code;
+ copy->len = src[i].skip_empty;
+
size = (sizeof(ngx_http_script_copy_code_t)
+ src[i].key.len + sizeof(uintptr_t) - 1)
diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_xslt_filter_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_xslt_filter_module.c
index f86c3038102..4309a448908 100644
--- a/usr.sbin/nginx/src/http/modules/ngx_http_xslt_filter_module.c
+++ b/usr.sbin/nginx/src/http/modules/ngx_http_xslt_filter_module.c
@@ -14,6 +14,7 @@
#include <libxslt/xslt.h>
#include <libxslt/xsltInternals.h>
#include <libxslt/transform.h>
+#include <libxslt/variables.h>
#include <libxslt/xsltutils.h>
#if (NGX_HAVE_EXSLT)
@@ -27,38 +28,47 @@
typedef struct {
- u_char *name;
- void *data;
+ u_char *name;
+ void *data;
} ngx_http_xslt_file_t;
typedef struct {
- ngx_array_t dtd_files; /* ngx_http_xslt_file_t */
- ngx_array_t sheet_files; /* ngx_http_xslt_file_t */
+ ngx_array_t dtd_files; /* ngx_http_xslt_file_t */
+ ngx_array_t sheet_files; /* ngx_http_xslt_file_t */
} ngx_http_xslt_filter_main_conf_t;
typedef struct {
- xsltStylesheetPtr stylesheet;
- ngx_array_t params; /* ngx_http_complex_value_t */
+ u_char *name;
+ ngx_http_complex_value_t value;
+ ngx_uint_t quote; /* unsigned quote:1; */
+} ngx_http_xslt_param_t;
+
+
+typedef struct {
+ xsltStylesheetPtr stylesheet;
+ ngx_array_t params; /* ngx_http_xslt_param_t */
} ngx_http_xslt_sheet_t;
typedef struct {
- xmlDtdPtr dtd;
- ngx_array_t sheets; /* ngx_http_xslt_sheet_t */
- ngx_hash_t types;
- ngx_array_t *types_keys;
+ xmlDtdPtr dtd;
+ ngx_array_t sheets; /* ngx_http_xslt_sheet_t */
+ ngx_hash_t types;
+ ngx_array_t *types_keys;
+ ngx_array_t *params; /* ngx_http_xslt_param_t */
} ngx_http_xslt_filter_loc_conf_t;
typedef struct {
- xmlDocPtr doc;
- xmlParserCtxtPtr ctxt;
- ngx_http_request_t *request;
- ngx_array_t params;
+ xmlDocPtr doc;
+ xmlParserCtxtPtr ctxt;
+ xsltTransformContextPtr transform;
+ ngx_http_request_t *request;
+ ngx_array_t params;
- ngx_uint_t done; /* unsigned done:1; */
+ ngx_uint_t done; /* unsigned done:1; */
} ngx_http_xslt_filter_ctx_t;
@@ -76,7 +86,7 @@ static void ngx_cdecl ngx_http_xslt_sax_error(void *data, const char *msg, ...);
static ngx_buf_t *ngx_http_xslt_apply_stylesheet(ngx_http_request_t *r,
ngx_http_xslt_filter_ctx_t *ctx);
static ngx_int_t ngx_http_xslt_params(ngx_http_request_t *r,
- ngx_http_xslt_filter_ctx_t *ctx, ngx_array_t *params);
+ ngx_http_xslt_filter_ctx_t *ctx, ngx_array_t *params, ngx_uint_t final);
static u_char *ngx_http_xslt_content_type(xsltStylesheetPtr s);
static u_char *ngx_http_xslt_encoding(xsltStylesheetPtr s);
static void ngx_http_xslt_cleanup(void *data);
@@ -85,6 +95,8 @@ static char *ngx_http_xslt_entities(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
static char *ngx_http_xslt_stylesheet(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
+static char *ngx_http_xslt_param(ngx_conf_t *cf, ngx_command_t *cmd,
+ void *conf);
static void ngx_http_xslt_cleanup_dtd(void *data);
static void ngx_http_xslt_cleanup_stylesheet(void *data);
static void *ngx_http_xslt_filter_create_main_conf(ngx_conf_t *cf);
@@ -117,6 +129,20 @@ static ngx_command_t ngx_http_xslt_filter_commands[] = {
0,
NULL },
+ { ngx_string("xslt_param"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE2,
+ ngx_http_xslt_param,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ 0,
+ NULL },
+
+ { ngx_string("xslt_string_param"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE2,
+ ngx_http_xslt_param,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ 0,
+ (void *) 1 },
+
{ ngx_string("xslt_types"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE,
ngx_http_types_slot,
@@ -336,15 +362,14 @@ ngx_http_xslt_add_chunk(ngx_http_request_t *r, ngx_http_xslt_filter_ctx_t *ctx,
"xmlCreatePushParserCtxt() failed");
return NGX_ERROR;
}
+ xmlCtxtUseOptions(ctxt, XML_PARSE_NOENT|XML_PARSE_DTDLOAD
+ |XML_PARSE_NOWARNING);
ctxt->sax->externalSubset = ngx_http_xslt_sax_external_subset;
ctxt->sax->setDocumentLocator = NULL;
- ctxt->sax->warning = NULL;
ctxt->sax->error = ngx_http_xslt_sax_error;
ctxt->sax->fatalError = ngx_http_xslt_sax_error;
ctxt->sax->_private = ctx;
- ctxt->replaceEntities = 1;
- ctxt->loadsubset = 1;
ctx->ctxt = ctxt;
ctx->request = r;
@@ -469,13 +494,31 @@ ngx_http_xslt_apply_stylesheet(ngx_http_request_t *r,
for (i = 0; i < conf->sheets.nelts; i++) {
- if (ngx_http_xslt_params(r, ctx, &sheet[i].params) != NGX_OK) {
+ ctx->transform = xsltNewTransformContext(sheet[i].stylesheet, doc);
+ if (ctx->transform == NULL) {
xmlFreeDoc(doc);
return NULL;
}
- res = xsltApplyStylesheet(sheet[i].stylesheet, doc, ctx->params.elts);
+ if (conf->params
+ && ngx_http_xslt_params(r, ctx, conf->params, 0) != NGX_OK)
+ {
+ xsltFreeTransformContext(ctx->transform);
+ xmlFreeDoc(doc);
+ return NULL;
+ }
+ if (ngx_http_xslt_params(r, ctx, &sheet[i].params, 1) != NGX_OK) {
+ xsltFreeTransformContext(ctx->transform);
+ xmlFreeDoc(doc);
+ return NULL;
+ }
+
+ res = xsltApplyStylesheetUser(sheet[i].stylesheet, doc,
+ ctx->params.elts, NULL, NULL,
+ ctx->transform);
+
+ xsltFreeTransformContext(ctx->transform);
xmlFreeDoc(doc);
if (res == NULL) {
@@ -565,27 +608,68 @@ ngx_http_xslt_apply_stylesheet(ngx_http_request_t *r,
static ngx_int_t
ngx_http_xslt_params(ngx_http_request_t *r, ngx_http_xslt_filter_ctx_t *ctx,
- ngx_array_t *params)
+ ngx_array_t *params, ngx_uint_t final)
{
- u_char *p, *last, *value, *dst, *src, **s;
- size_t len;
- ngx_uint_t i;
- ngx_str_t string;
- ngx_http_complex_value_t *param;
+ u_char *p, *last, *value, *dst, *src, **s;
+ size_t len;
+ ngx_uint_t i;
+ ngx_str_t string;
+ ngx_http_xslt_param_t *param;
param = params->elts;
for (i = 0; i < params->nelts; i++) {
- if (ngx_http_complex_value(r, &param[i], &string) != NGX_OK) {
+ if (ngx_http_complex_value(r, &param[i].value, &string) != NGX_OK) {
return NGX_ERROR;
}
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"xslt filter param: \"%s\"", string.data);
+ if (param[i].name) {
+
+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+ "xslt filter param name: \"%s\"", param[i].name);
+
+ if (param[i].quote) {
+ if (xsltQuoteOneUserParam(ctx->transform, param[i].name,
+ string.data)
+ != 0)
+ {
+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+ "xsltQuoteOneUserParam(\"%s\", \"%s\") failed",
+ param[i].name, string.data);
+ return NGX_ERROR;
+ }
+
+ continue;
+ }
+
+ s = ngx_array_push(&ctx->params);
+ if (s == NULL) {
+ return NGX_ERROR;
+ }
+
+ *s = param[i].name;
+
+ s = ngx_array_push(&ctx->params);
+ if (s == NULL) {
+ return NGX_ERROR;
+ }
+
+ *s = string.data;
+
+ continue;
+ }
+
+ /*
+ * parse param1=value1:param2=value2 syntax as used by parameters
+ * specified in xslt_stylesheet directives
+ */
+
p = string.data;
- last = string.data + string.len - 1;
+ last = string.data + string.len;
while (p && *p) {
@@ -641,12 +725,14 @@ ngx_http_xslt_params(ngx_http_request_t *r, ngx_http_xslt_filter_ctx_t *ctx,
}
}
- s = ngx_array_push(&ctx->params);
- if (s == NULL) {
- return NGX_ERROR;
- }
+ if (final) {
+ s = ngx_array_push(&ctx->params);
+ if (s == NULL) {
+ return NGX_ERROR;
+ }
- *s = NULL;
+ *s = NULL;
+ }
return NGX_OK;
}
@@ -768,7 +854,7 @@ ngx_http_xslt_stylesheet(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
ngx_pool_cleanup_t *cln;
ngx_http_xslt_file_t *file;
ngx_http_xslt_sheet_t *sheet;
- ngx_http_complex_value_t *param;
+ ngx_http_xslt_param_t *param;
ngx_http_compile_complex_value_t ccv;
ngx_http_xslt_filter_main_conf_t *xmcf;
@@ -837,7 +923,7 @@ found:
}
if (ngx_array_init(&sheet->params, cf->pool, n - 2,
- sizeof(ngx_http_complex_value_t))
+ sizeof(ngx_http_xslt_param_t))
!= NGX_OK)
{
return NGX_CONF_ERROR;
@@ -850,11 +936,12 @@ found:
return NGX_CONF_ERROR;
}
+ ngx_memzero(param, sizeof(ngx_http_xslt_param_t));
ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t));
ccv.cf = cf;
ccv.value = &value[i];
- ccv.complex_value = param;
+ ccv.complex_value = &param->value;
ccv.zero = 1;
if (ngx_http_compile_complex_value(&ccv) != NGX_OK) {
@@ -866,6 +953,48 @@ found:
}
+static char *
+ngx_http_xslt_param(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+ ngx_http_xslt_filter_loc_conf_t *xlcf = conf;
+
+ ngx_http_xslt_param_t *param;
+ ngx_http_compile_complex_value_t ccv;
+ ngx_str_t *value;
+
+ value = cf->args->elts;
+
+ if (xlcf->params == NULL) {
+ xlcf->params = ngx_array_create(cf->pool, 2,
+ sizeof(ngx_http_xslt_param_t));
+ if (xlcf->params == NULL) {
+ return NGX_CONF_ERROR;
+ }
+ }
+
+ param = ngx_array_push(xlcf->params);
+ if (param == NULL) {
+ return NGX_CONF_ERROR;
+ }
+
+ param->name = value[1].data;
+ param->quote = (cmd->post == NULL) ? 0 : 1;
+
+ ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t));
+
+ ccv.cf = cf;
+ ccv.value = &value[2];
+ ccv.complex_value = &param->value;
+ ccv.zero = 1;
+
+ if (ngx_http_compile_complex_value(&ccv) != NGX_OK) {
+ return NGX_CONF_ERROR;
+ }
+
+ return NGX_CONF_OK;
+}
+
+
static void
ngx_http_xslt_cleanup_dtd(void *data)
{
@@ -925,6 +1054,7 @@ ngx_http_xslt_filter_create_conf(ngx_conf_t *cf)
* conf->sheets = { NULL };
* conf->types = { NULL };
* conf->types_keys = NULL;
+ * conf->params = NULL;
*/
return conf;
@@ -945,6 +1075,10 @@ ngx_http_xslt_filter_merge_conf(ngx_conf_t *cf, void *parent, void *child)
conf->sheets = prev->sheets;
}
+ if (conf->params == NULL) {
+ conf->params = prev->params;
+ }
+
if (ngx_http_merge_types(cf, &conf->types_keys, &conf->types,
&prev->types_keys, &prev->types,
ngx_http_xslt_default_types)
diff --git a/usr.sbin/nginx/src/http/modules/perl/nginx.pm b/usr.sbin/nginx/src/http/modules/perl/nginx.pm
index 76ec1d3915b..766b8101787 100644
--- a/usr.sbin/nginx/src/http/modules/perl/nginx.pm
+++ b/usr.sbin/nginx/src/http/modules/perl/nginx.pm
@@ -50,7 +50,7 @@ our @EXPORT = qw(
HTTP_INSUFFICIENT_STORAGE
);
-our $VERSION = '1.0.15';
+our $VERSION = '1.2.0';
require XSLoader;
XSLoader::load('nginx', $VERSION);
@@ -132,6 +132,7 @@ Igor Sysoev
=head1 COPYRIGHT AND LICENSE
Copyright (C) Igor Sysoev
+Copyright (C) Nginx, Inc.
=cut
diff --git a/usr.sbin/nginx/src/http/modules/perl/nginx.xs b/usr.sbin/nginx/src/http/modules/perl/nginx.xs
index dc69d509ae3..ecd11ffbc07 100644
--- a/usr.sbin/nginx/src/http/modules/perl/nginx.xs
+++ b/usr.sbin/nginx/src/http/modules/perl/nginx.xs
@@ -663,6 +663,10 @@ sendfile(r, filename, offset = -1, bytes = 0)
of.errors = clcf->open_file_cache_errors;
of.events = clcf->open_file_cache_events;
+ if (ngx_http_set_disable_symlinks(r, clcf, &path, &of) != NGX_OK) {
+ XSRETURN_EMPTY;
+ }
+
if (ngx_open_cached_file(clcf->open_file_cache, &path, &of, r->pool)
!= NGX_OK)
{
diff --git a/usr.sbin/nginx/src/http/ngx_http.c b/usr.sbin/nginx/src/http/ngx_http.c
index 8f45b71c9ed..3e077fb95ab 100644
--- a/usr.sbin/nginx/src/http/ngx_http.c
+++ b/usr.sbin/nginx/src/http/ngx_http.c
@@ -1417,7 +1417,7 @@ ngx_http_optimize_servers(ngx_conf_t *cf, ngx_http_core_main_conf_t *cmcf,
/*
* check whether all name-based servers have the same
- * configuraiton as a default server for given address:port
+ * configuration as a default server for given address:port
*/
addr = port[p].addrs.elts;
@@ -1763,6 +1763,13 @@ ngx_http_add_listening(ngx_conf_t *cf, ngx_http_conf_addr_t *addr)
ls->rcvbuf = addr->opt.rcvbuf;
ls->sndbuf = addr->opt.sndbuf;
+ ls->keepalive = addr->opt.so_keepalive;
+#if (NGX_HAVE_KEEPALIVE_TUNABLE)
+ ls->keepidle = addr->opt.tcp_keepidle;
+ ls->keepintvl = addr->opt.tcp_keepintvl;
+ ls->keepcnt = addr->opt.tcp_keepcnt;
+#endif
+
#if (NGX_HAVE_DEFERRED_ACCEPT && defined SO_ACCEPTFILTER)
ls->accept_filter = addr->opt.accept_filter;
#endif
diff --git a/usr.sbin/nginx/src/http/ngx_http.h b/usr.sbin/nginx/src/http/ngx_http.h
index 930ac71ce06..f152006a005 100644
--- a/usr.sbin/nginx/src/http/ngx_http.h
+++ b/usr.sbin/nginx/src/http/ngx_http.h
@@ -53,6 +53,7 @@ struct ngx_http_log_ctx_s {
typedef struct {
+ ngx_uint_t http_version;
ngx_uint_t code;
ngx_uint_t count;
u_char *start;
diff --git a/usr.sbin/nginx/src/http/ngx_http_busy_lock.c b/usr.sbin/nginx/src/http/ngx_http_busy_lock.c
index 35a03acaac9..3b4b28c8b32 100644
--- a/usr.sbin/nginx/src/http/ngx_http_busy_lock.c
+++ b/usr.sbin/nginx/src/http/ngx_http_busy_lock.c
@@ -274,7 +274,7 @@ char *ngx_http_set_busy_lock_slot(ngx_conf_t *cf, ngx_command_t *cmd,
line.data = value[i].data + 2;
bl->timeout = ngx_parse_time(&line, 1);
- if (bl->timeout == NGX_ERROR) {
+ if (bl->timeout == (time_t) NGX_ERROR) {
invalid = 1;
break;
}
@@ -300,7 +300,7 @@ char *ngx_http_set_busy_lock_slot(ngx_conf_t *cf, ngx_command_t *cmd,
if (bl->timeout == 0 && bl->max_waiting) {
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
- "busy lock waiting is useless with zero timeout, ignoring");
+ "busy lock waiting is useless with zero timeout, ignoring");
}
return NGX_CONF_OK;
diff --git a/usr.sbin/nginx/src/http/ngx_http_cache.h b/usr.sbin/nginx/src/http/ngx_http_cache.h
index cb5d766882f..2a2d7229153 100644
--- a/usr.sbin/nginx/src/http/ngx_http_cache.h
+++ b/usr.sbin/nginx/src/http/ngx_http_cache.h
@@ -80,6 +80,14 @@ struct ngx_http_cache_s {
ngx_http_file_cache_t *file_cache;
ngx_http_file_cache_node_t *node;
+ ngx_msec_t lock_timeout;
+ ngx_msec_t wait_time;
+
+ ngx_event_t wait_event;
+
+ unsigned lock:1;
+ unsigned waiting:1;
+
unsigned updated:1;
unsigned updating:1;
unsigned exists:1;
@@ -119,8 +127,11 @@ struct ngx_http_file_cache_s {
time_t inactive;
- ngx_msec_t last;
ngx_uint_t files;
+ ngx_uint_t loader_files;
+ ngx_msec_t last;
+ ngx_msec_t loader_sleep;
+ ngx_msec_t loader_threshold;
ngx_shm_zone_t *shm_zone;
};
diff --git a/usr.sbin/nginx/src/http/ngx_http_copy_filter_module.c b/usr.sbin/nginx/src/http/ngx_http_copy_filter_module.c
index d52fbebe869..95bc0b83564 100644
--- a/usr.sbin/nginx/src/http/ngx_http_copy_filter_module.c
+++ b/usr.sbin/nginx/src/http/ngx_http_copy_filter_module.c
@@ -74,7 +74,7 @@ ngx_module_t ngx_http_copy_filter_module = {
};
-static ngx_http_output_body_filter_pt ngx_http_next_filter;
+static ngx_http_output_body_filter_pt ngx_http_next_body_filter;
static ngx_int_t
@@ -115,7 +115,8 @@ ngx_http_copy_filter(ngx_http_request_t *r, ngx_chain_t *in)
ctx->bufs = conf->bufs;
ctx->tag = (ngx_buf_tag_t) &ngx_http_copy_filter_module;
- ctx->output_filter = (ngx_output_chain_filter_pt) ngx_http_next_filter;
+ ctx->output_filter = (ngx_output_chain_filter_pt)
+ ngx_http_next_body_filter;
ctx->filter_ctx = r;
#if (NGX_HAVE_FILE_AIO)
@@ -292,7 +293,7 @@ ngx_http_copy_filter_merge_conf(ngx_conf_t *cf, void *parent, void *child)
static ngx_int_t
ngx_http_copy_filter_init(ngx_conf_t *cf)
{
- ngx_http_next_filter = ngx_http_top_body_filter;
+ ngx_http_next_body_filter = ngx_http_top_body_filter;
ngx_http_top_body_filter = ngx_http_copy_filter;
return NGX_OK;
diff --git a/usr.sbin/nginx/src/http/ngx_http_core_module.c b/usr.sbin/nginx/src/http/ngx_http_core_module.c
index 82bb1275c5e..04620229459 100644
--- a/usr.sbin/nginx/src/http/ngx_http_core_module.c
+++ b/usr.sbin/nginx/src/http/ngx_http_core_module.c
@@ -76,6 +76,10 @@ static ngx_uint_t ngx_http_gzip_quantity(u_char *p, u_char *last);
static char *ngx_http_gzip_disable(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
#endif
+#if (NGX_HAVE_OPENAT)
+static char *ngx_http_disable_symlinks(ngx_conf_t *cf, ngx_command_t *cmd,
+ void *conf);
+#endif
static char *ngx_http_core_lowat_check(ngx_conf_t *cf, void *post, void *data);
static char *ngx_http_core_pool_size(ngx_conf_t *cf, void *post, void *data);
@@ -719,7 +723,7 @@ static ngx_command_t ngx_http_core_commands[] = {
NULL },
{ ngx_string("resolver"),
- NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE,
ngx_http_core_resolver,
NGX_HTTP_LOC_CONF_OFFSET,
0,
@@ -764,6 +768,17 @@ static ngx_command_t ngx_http_core_commands[] = {
#endif
+#if (NGX_HAVE_OPENAT)
+
+ { ngx_string("disable_symlinks"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE12,
+ ngx_http_disable_symlinks,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ 0,
+ NULL },
+
+#endif
+
ngx_null_command
};
@@ -1213,20 +1228,29 @@ ngx_http_core_try_files_phase(ngx_http_request_t *r,
len = tf->name.len;
}
- /* 16 bytes are preallocation */
- reserve = ngx_abs((ssize_t) (len - r->uri.len)) + alias + 16;
+ if (!alias) {
+ reserve = len > r->uri.len ? len - r->uri.len : 0;
- if (reserve > allocated) {
+#if (NGX_PCRE)
+ } else if (clcf->regex) {
+ reserve = len;
+#endif
- /* we just need to allocate path and to copy a root */
+ } else {
+ reserve = len > r->uri.len - alias ? len - (r->uri.len - alias) : 0;
+ }
- if (ngx_http_map_uri_to_path(r, &path, &root, reserve) == NULL) {
+ if (reserve > allocated || !allocated) {
+
+ /* 16 bytes are preallocation */
+ allocated = reserve + 16;
+
+ if (ngx_http_map_uri_to_path(r, &path, &root, allocated) == NULL) {
ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
return NGX_OK;
}
name = path.data + root;
- allocated = path.len - root - (r->uri.len - alias);
}
if (tf->values == NULL) {
@@ -1298,6 +1322,11 @@ ngx_http_core_try_files_phase(ngx_http_request_t *r,
of.errors = clcf->open_file_cache_errors;
of.events = clcf->open_file_cache_events;
+ if (ngx_http_set_disable_symlinks(r, clcf, &path, &of) != NGX_OK) {
+ ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
+ return NGX_OK;
+ }
+
if (ngx_open_cached_file(clcf->open_file_cache, &path, &of, r->pool)
!= NGX_OK)
{
@@ -2456,7 +2485,6 @@ ngx_http_subrequest(ngx_http_request_t *r,
sr->start_sec = tp->sec;
sr->start_msec = tp->msec;
- r->main->subrequests++;
r->main->count++;
*psr = sr;
@@ -2510,6 +2538,7 @@ ngx_http_internal_redirect(ngx_http_request_t *r,
#endif
r->internal = 1;
+ r->valid_unparsed_uri = 0;
r->add_uri_to_alias = 0;
r->main->count++;
@@ -2561,6 +2590,9 @@ ngx_http_named_location(ngx_http_request_t *r, ngx_str_t *name)
r->content_handler = NULL;
r->loc_conf = (*clcfp)->loc_conf;
+ /* clear the modules contexts */
+ ngx_memzero(r->ctx, sizeof(void *) * ngx_http_max_module);
+
ngx_http_update_location_config(r);
cmcf = ngx_http_get_module_main_conf(r, ngx_http_core_module);
@@ -2616,6 +2648,56 @@ ngx_http_cleanup_add(ngx_http_request_t *r, size_t size)
}
+ngx_int_t
+ngx_http_set_disable_symlinks(ngx_http_request_t *r,
+ ngx_http_core_loc_conf_t *clcf, ngx_str_t *path, ngx_open_file_info_t *of)
+{
+#if (NGX_HAVE_OPENAT)
+ u_char *p;
+ ngx_str_t from;
+
+ of->disable_symlinks = clcf->disable_symlinks;
+
+ if (clcf->disable_symlinks_from == NULL) {
+ return NGX_OK;
+ }
+
+ if (ngx_http_complex_value(r, clcf->disable_symlinks_from, &from)
+ != NGX_OK)
+ {
+ return NGX_ERROR;
+ }
+
+ if (from.len == 0
+ || from.len > path->len
+ || ngx_memcmp(path->data, from.data, from.len) != 0)
+ {
+ return NGX_OK;
+ }
+
+ if (from.len == path->len) {
+ of->disable_symlinks = NGX_DISABLE_SYMLINKS_OFF;
+ return NGX_OK;
+ }
+
+ p = path->data + from.len;
+
+ if (*p == '/') {
+ of->disable_symlinks_from = from.len;
+ return NGX_OK;
+ }
+
+ p--;
+
+ if (*p == '/') {
+ of->disable_symlinks_from = from.len - 1;
+ }
+#endif
+
+ return NGX_OK;
+}
+
+
static char *
ngx_http_core_server(ngx_conf_t *cf, ngx_command_t *cmd, void *dummy)
{
@@ -3344,6 +3426,11 @@ ngx_http_core_create_loc_conf(ngx_conf_t *cf)
#endif
#endif
+#if (NGX_HAVE_OPENAT)
+ clcf->disable_symlinks = NGX_CONF_UNSET_UINT;
+ clcf->disable_symlinks_from = NGX_CONF_UNSET_PTR;
+#endif
+
return clcf;
}
@@ -3494,8 +3581,7 @@ ngx_http_core_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_conf_merge_bitmask_value(conf->keepalive_disable,
prev->keepalive_disable,
(NGX_CONF_BITMASK_SET
- |NGX_HTTP_KEEPALIVE_DISABLE_MSIE6
- |NGX_HTTP_KEEPALIVE_DISABLE_SAFARI));
+ |NGX_HTTP_KEEPALIVE_DISABLE_MSIE6));
ngx_conf_merge_uint_value(conf->satisfy, prev->satisfy,
NGX_HTTP_SATISFY_ALL);
ngx_conf_merge_uint_value(conf->if_modified_since, prev->if_modified_since,
@@ -3553,7 +3639,7 @@ ngx_http_core_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
* to inherit it in all servers
*/
- prev->resolver = ngx_resolver_create(cf, NULL);
+ prev->resolver = ngx_resolver_create(cf, NULL, 0);
if (prev->resolver == NULL) {
return NGX_CONF_ERROR;
}
@@ -3627,6 +3713,13 @@ ngx_http_core_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
#endif
#endif
+#if (NGX_HAVE_OPENAT)
+ ngx_conf_merge_uint_value(conf->disable_symlinks, prev->disable_symlinks,
+ NGX_DISABLE_SYMLINKS_OFF);
+ ngx_conf_merge_ptr_value(conf->disable_symlinks_from,
+ prev->disable_symlinks_from, NULL);
+#endif
+
return NGX_CONF_OK;
}
@@ -3831,6 +3924,97 @@ ngx_http_core_listen(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
#endif
}
+ if (ngx_strncmp(value[n].data, "so_keepalive=", 13) == 0) {
+
+ if (ngx_strcmp(&value[n].data[13], "on") == 0) {
+ lsopt.so_keepalive = 1;
+
+ } else if (ngx_strcmp(&value[n].data[13], "off") == 0) {
+ lsopt.so_keepalive = 2;
+
+ } else {
+
+#if (NGX_HAVE_KEEPALIVE_TUNABLE)
+ u_char *p, *end;
+ ngx_str_t s;
+
+ end = value[n].data + value[n].len;
+ s.data = value[n].data + 13;
+
+ p = ngx_strlchr(s.data, end, ':');
+ if (p == NULL) {
+ p = end;
+ }
+
+ if (p > s.data) {
+ s.len = p - s.data;
+
+ lsopt.tcp_keepidle = ngx_parse_time(&s, 1);
+ if (lsopt.tcp_keepidle == (time_t) NGX_ERROR) {
+ goto invalid_so_keepalive;
+ }
+ }
+
+ s.data = (p < end) ? (p + 1) : end;
+
+ p = ngx_strlchr(s.data, end, ':');
+ if (p == NULL) {
+ p = end;
+ }
+
+ if (p > s.data) {
+ s.len = p - s.data;
+
+ lsopt.tcp_keepintvl = ngx_parse_time(&s, 1);
+ if (lsopt.tcp_keepintvl == (time_t) NGX_ERROR) {
+ goto invalid_so_keepalive;
+ }
+ }
+
+ s.data = (p < end) ? (p + 1) : end;
+
+ if (s.data < end) {
+ s.len = end - s.data;
+
+ lsopt.tcp_keepcnt = ngx_atoi(s.data, s.len);
+ if (lsopt.tcp_keepcnt == NGX_ERROR) {
+ goto invalid_so_keepalive;
+ }
+ }
+
+ if (lsopt.tcp_keepidle == 0 && lsopt.tcp_keepintvl == 0
+ && lsopt.tcp_keepcnt == 0)
+ {
+ goto invalid_so_keepalive;
+ }
+
+ lsopt.so_keepalive = 1;
+
+#else
+
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "the \"so_keepalive\" parameter accepts "
+ "only \"on\" or \"off\" on this platform");
+ return NGX_CONF_ERROR;
+
+#endif
+ }
+
+ lsopt.set = 1;
+ lsopt.bind = 1;
+
+ continue;
+
+#if (NGX_HAVE_KEEPALIVE_TUNABLE)
+ invalid_so_keepalive:
+
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "invalid so_keepalive value: \"%s\"",
+ &value[n].data[13]);
+ return NGX_CONF_ERROR;
+#endif
+ }
+
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"invalid parameter \"%V\"", &value[n]);
return NGX_CONF_ERROR;
@@ -4429,7 +4613,7 @@ ngx_http_core_open_file_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
s.data = value[i].data + 9;
inactive = ngx_parse_time(&s, 1);
- if (inactive < 0) {
+ if (inactive == (time_t) NGX_ERROR) {
goto failed;
}
@@ -4457,7 +4641,7 @@ ngx_http_core_open_file_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
if (max == 0) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "\"open_file_cache\" must have the \"max\" parameter");
+ "\"open_file_cache\" must have the \"max\" parameter");
return NGX_CONF_ERROR;
}
@@ -4475,7 +4659,7 @@ ngx_http_core_error_log(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_http_core_loc_conf_t *clcf = conf;
- ngx_str_t *value;
+ ngx_str_t *value, name;
if (clcf->error_log) {
return "is duplicate";
@@ -4483,7 +4667,14 @@ ngx_http_core_error_log(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
value = cf->args->elts;
- clcf->error_log = ngx_log_create(cf->cycle, &value[1]);
+ if (ngx_strcmp(value[1].data, "stderr") == 0) {
+ ngx_str_null(&name);
+
+ } else {
+ name = value[1];
+ }
+
+ clcf->error_log = ngx_log_create(cf->cycle, &name);
if (clcf->error_log == NULL) {
return NGX_CONF_ERROR;
}
@@ -4516,24 +4707,16 @@ ngx_http_core_keepalive(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
return "invalid value";
}
- if (clcf->keepalive_timeout == (ngx_msec_t) NGX_PARSE_LARGE_TIME) {
- return "value must be less than 597 hours";
- }
-
if (cf->args->nelts == 2) {
return NGX_CONF_OK;
}
clcf->keepalive_header = ngx_parse_time(&value[2], 1);
- if (clcf->keepalive_header == NGX_ERROR) {
+ if (clcf->keepalive_header == (time_t) NGX_ERROR) {
return "invalid value";
}
- if (clcf->keepalive_header == NGX_PARSE_LARGE_TIME) {
- return "value must be less than 68 years";
- }
-
return NGX_CONF_OK;
}
@@ -4558,7 +4741,6 @@ ngx_http_core_resolver(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_http_core_loc_conf_t *clcf = conf;
- ngx_url_t u;
ngx_str_t *value;
if (clcf->resolver) {
@@ -4567,19 +4749,9 @@ ngx_http_core_resolver(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
value = cf->args->elts;
- ngx_memzero(&u, sizeof(ngx_url_t));
-
- u.host = value[1];
- u.port = 53;
-
- if (ngx_inet_resolve_host(cf->pool, &u) != NGX_OK) {
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "%V: %s", &u.host, u.err);
- return NGX_CONF_ERROR;
- }
-
- clcf->resolver = ngx_resolver_create(cf, &u.addrs[0]);
+ clcf->resolver = ngx_resolver_create(cf, &value[1], cf->args->nelts - 1);
if (clcf->resolver == NULL) {
- return NGX_OK;
+ return NGX_CONF_ERROR;
}
return NGX_CONF_OK;
@@ -4688,6 +4860,100 @@ ngx_http_gzip_disable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
#endif
+#if (NGX_HAVE_OPENAT)
+
+static char *
+ngx_http_disable_symlinks(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+ ngx_http_core_loc_conf_t *clcf = conf;
+
+ ngx_str_t *value;
+ ngx_uint_t i;
+ ngx_http_compile_complex_value_t ccv;
+
+ if (clcf->disable_symlinks != NGX_CONF_UNSET_UINT) {
+ return "is duplicate";
+ }
+
+ value = cf->args->elts;
+
+ for (i = 1; i < cf->args->nelts; i++) {
+
+ if (ngx_strcmp(value[i].data, "off") == 0) {
+ clcf->disable_symlinks = NGX_DISABLE_SYMLINKS_OFF;
+ continue;
+ }
+
+ if (ngx_strcmp(value[i].data, "if_not_owner") == 0) {
+ clcf->disable_symlinks = NGX_DISABLE_SYMLINKS_NOTOWNER;
+ continue;
+ }
+
+ if (ngx_strcmp(value[i].data, "on") == 0) {
+ clcf->disable_symlinks = NGX_DISABLE_SYMLINKS_ON;
+ continue;
+ }
+
+ if (ngx_strncmp(value[i].data, "from=", 5) == 0) {
+ value[i].len -= 5;
+ value[i].data += 5;
+
+ ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t));
+
+ ccv.cf = cf;
+ ccv.value = &value[i];
+ ccv.complex_value = ngx_palloc(cf->pool,
+ sizeof(ngx_http_complex_value_t));
+ if (ccv.complex_value == NULL) {
+ return NGX_CONF_ERROR;
+ }
+
+ if (ngx_http_compile_complex_value(&ccv) != NGX_OK) {
+ return NGX_CONF_ERROR;
+ }
+
+ clcf->disable_symlinks_from = ccv.complex_value;
+
+ continue;
+ }
+
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "invalid parameter \"%V\"", &value[i]);
+ return NGX_CONF_ERROR;
+ }
+
+ if (clcf->disable_symlinks == NGX_CONF_UNSET_UINT) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "\"%V\" must have \"off\", \"on\" "
+ "or \"if_not_owner\" parameter",
+ &cmd->name);
+ return NGX_CONF_ERROR;
+ }
+
+ if (cf->args->nelts == 2) {
+ clcf->disable_symlinks_from = NULL;
+ return NGX_CONF_OK;
+ }
+
+ if (clcf->disable_symlinks_from == NGX_CONF_UNSET_PTR) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "duplicate parameters \"%V %V\"",
+ &value[1], &value[2]);
+ return NGX_CONF_ERROR;
+ }
+
+ if (clcf->disable_symlinks == NGX_DISABLE_SYMLINKS_OFF) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "\"from=\" cannot be used with \"off\" parameter");
+ return NGX_CONF_ERROR;
+ }
+
+ return NGX_CONF_OK;
+}
+
+#endif
+
+
static char *
ngx_http_core_lowat_check(ngx_conf_t *cf, void *post, void *data)
{
diff --git a/usr.sbin/nginx/src/http/ngx_http_core_module.h b/usr.sbin/nginx/src/http/ngx_http_core_module.h
index ffe04a2075c..bfa0b419ece 100644
--- a/usr.sbin/nginx/src/http/ngx_http_core_module.h
+++ b/usr.sbin/nginx/src/http/ngx_http_core_module.h
@@ -78,6 +78,7 @@ typedef struct {
#if (NGX_HAVE_INET6 && defined IPV6_V6ONLY)
unsigned ipv6only:2;
#endif
+ unsigned so_keepalive:2;
int backlog;
int rcvbuf;
@@ -85,6 +86,11 @@ typedef struct {
#if (NGX_HAVE_SETFIB)
int setfib;
#endif
+#if (NGX_HAVE_KEEPALIVE_TUNABLE)
+ int tcp_keepidle;
+ int tcp_keepintvl;
+ int tcp_keepcnt;
+#endif
#if (NGX_HAVE_DEFERRED_ACCEPT && defined SO_ACCEPTFILTER)
char *accept_filter;
@@ -398,6 +404,11 @@ struct ngx_http_core_loc_conf_s {
#endif
#endif
+#if (NGX_HAVE_OPENAT)
+ ngx_uint_t disable_symlinks; /* disable_symlinks */
+ ngx_http_complex_value_t *disable_symlinks_from;
+#endif
+
ngx_array_t *error_pages; /* error_page */
ngx_http_try_file_t *try_files; /* try_files */
@@ -499,6 +510,10 @@ ngx_int_t ngx_http_output_filter(ngx_http_request_t *r, ngx_chain_t *chain);
ngx_int_t ngx_http_write_filter(ngx_http_request_t *r, ngx_chain_t *chain);
+ngx_int_t ngx_http_set_disable_symlinks(ngx_http_request_t *r,
+ ngx_http_core_loc_conf_t *clcf, ngx_str_t *path, ngx_open_file_info_t *of);
+
+
extern ngx_module_t ngx_http_core_module;
extern ngx_uint_t ngx_http_max_module;
diff --git a/usr.sbin/nginx/src/http/ngx_http_file_cache.c b/usr.sbin/nginx/src/http/ngx_http_file_cache.c
index 68943a87bb4..bd6cebadd12 100644
--- a/usr.sbin/nginx/src/http/ngx_http_file_cache.c
+++ b/usr.sbin/nginx/src/http/ngx_http_file_cache.c
@@ -11,6 +11,9 @@
#include <ngx_md5.h>
+static ngx_int_t ngx_http_file_cache_lock(ngx_http_request_t *r,
+ ngx_http_cache_t *c);
+static void ngx_http_file_cache_lock_wait_handler(ngx_event_t *ev);
static ngx_int_t ngx_http_file_cache_read(ngx_http_request_t *r,
ngx_http_cache_t *c);
static ssize_t ngx_http_file_cache_aio_read(ngx_http_request_t *r,
@@ -31,8 +34,7 @@ static time_t ngx_http_file_cache_forced_expire(ngx_http_file_cache_t *cache);
static time_t ngx_http_file_cache_expire(ngx_http_file_cache_t *cache);
static void ngx_http_file_cache_delete(ngx_http_file_cache_t *cache,
ngx_queue_t *q, u_char *name);
-static ngx_int_t
- ngx_http_file_cache_loader_sleep(ngx_http_file_cache_t *cache);
+static void ngx_http_file_cache_loader_sleep(ngx_http_file_cache_t *cache);
static ngx_int_t ngx_http_file_cache_noop(ngx_tree_ctx_t *ctx,
ngx_str_t *path);
static ngx_int_t ngx_http_file_cache_manage_file(ngx_tree_ctx_t *ctx,
@@ -183,13 +185,13 @@ ngx_http_file_cache_create(ngx_http_request_t *r)
return NGX_ERROR;
}
+ cln->handler = ngx_http_file_cache_cleanup;
+ cln->data = c;
+
if (ngx_http_file_cache_exists(cache, c) == NGX_ERROR) {
return NGX_ERROR;
}
- cln->handler = ngx_http_file_cache_cleanup;
- cln->data = c;
-
if (ngx_http_file_cache_name(r, cache->path) != NGX_OK) {
return NGX_ERROR;
}
@@ -246,15 +248,24 @@ ngx_http_file_cache_open(ngx_http_request_t *r)
c = r->cache;
+ if (c->waiting) {
+ return NGX_AGAIN;
+ }
+
if (c->buf) {
return ngx_http_file_cache_read(r, c);
}
cache = c->file_cache;
- cln = ngx_pool_cleanup_add(r->pool, 0);
- if (cln == NULL) {
- return NGX_ERROR;
+ if (c->node == NULL) {
+ cln = ngx_pool_cleanup_add(r->pool, 0);
+ if (cln == NULL) {
+ return NGX_ERROR;
+ }
+
+ cln->handler = ngx_http_file_cache_cleanup;
+ cln->data = c;
}
rc = ngx_http_file_cache_exists(cache, c);
@@ -266,9 +277,6 @@ ngx_http_file_cache_open(ngx_http_request_t *r)
return rc;
}
- cln->handler = ngx_http_file_cache_cleanup;
- cln->data = c;
-
if (rc == NGX_AGAIN) {
return NGX_HTTP_CACHE_SCARCE;
}
@@ -308,7 +316,7 @@ ngx_http_file_cache_open(ngx_http_request_t *r)
}
if (!test) {
- return NGX_DECLINED;
+ goto done;
}
clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
@@ -332,7 +340,7 @@ ngx_http_file_cache_open(ngx_http_request_t *r)
case NGX_ENOENT:
case NGX_ENOTDIR:
- return rv;
+ goto done;
default:
ngx_log_error(NGX_LOG_CRIT, r->connection->log, of.err,
@@ -356,6 +364,114 @@ ngx_http_file_cache_open(ngx_http_request_t *r)
}
return ngx_http_file_cache_read(r, c);
+
+done:
+
+ if (rv == NGX_DECLINED) {
+ return ngx_http_file_cache_lock(r, c);
+ }
+
+ return rv;
+}
+
+
+static ngx_int_t
+ngx_http_file_cache_lock(ngx_http_request_t *r, ngx_http_cache_t *c)
+{
+ ngx_msec_t now, timer;
+ ngx_http_file_cache_t *cache;
+
+ if (!c->lock) {
+ return NGX_DECLINED;
+ }
+
+ cache = c->file_cache;
+
+ ngx_shmtx_lock(&cache->shpool->mutex);
+
+ if (!c->node->updating) {
+ c->node->updating = 1;
+ c->updating = 1;
+ }
+
+ ngx_shmtx_unlock(&cache->shpool->mutex);
+
+ ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+ "http file cache lock u:%d wt:%M",
+ c->updating, c->wait_time);
+
+ if (c->updating) {
+ return NGX_DECLINED;
+ }
+
+ c->waiting = 1;
+
+ now = ngx_current_msec;
+
+ if (c->wait_time == 0) {
+ c->wait_time = now + c->lock_timeout;
+
+ c->wait_event.handler = ngx_http_file_cache_lock_wait_handler;
+ c->wait_event.data = r;
+ c->wait_event.log = r->connection->log;
+ }
+
+ timer = c->wait_time - now;
+
+ ngx_add_timer(&c->wait_event, (timer > 500) ? 500 : timer);
+
+ r->main->blocked++;
+
+ return NGX_AGAIN;
+}
+
+
+static void
+ngx_http_file_cache_lock_wait_handler(ngx_event_t *ev)
+{
+ ngx_uint_t wait;
+ ngx_msec_t timer;
+ ngx_http_cache_t *c;
+ ngx_http_request_t *r;
+ ngx_http_file_cache_t *cache;
+
+ r = ev->data;
+ c = r->cache;
+
+ ngx_log_debug2(NGX_LOG_DEBUG_HTTP, ev->log, 0,
+ "http file cache wait handler wt:%M cur:%M",
+ c->wait_time, ngx_current_msec);
+
+ timer = c->wait_time - ngx_current_msec;
+
+ if ((ngx_msec_int_t) timer <= 0) {
+ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, ev->log, 0,
+ "http file cache lock timeout");
+ c->lock = 0;
+ goto wakeup;
+ }
+
+ cache = c->file_cache;
+ wait = 0;
+
+ ngx_shmtx_lock(&cache->shpool->mutex);
+
+ if (c->node->updating) {
+ wait = 1;
+ }
+
+ ngx_shmtx_unlock(&cache->shpool->mutex);
+
+ if (wait) {
+ ngx_add_timer(ev, (timer > 500) ? 500 : timer);
+ return;
+ }
+
+wakeup:
+
+ c->waiting = 0;
+ r->main->blocked--;
+ r->connection->write->handler(r->connection->write);
}
@@ -520,13 +636,19 @@ ngx_http_file_cache_exists(ngx_http_file_cache_t *cache, ngx_http_cache_t *c)
ngx_shmtx_lock(&cache->shpool->mutex);
- fcn = ngx_http_file_cache_lookup(cache, c->key);
+ fcn = c->node;
+
+ if (fcn == NULL) {
+ fcn = ngx_http_file_cache_lookup(cache, c->key);
+ }
if (fcn) {
ngx_queue_remove(&fcn->queue);
- fcn->uses++;
- fcn->count++;
+ if (c->node == NULL) {
+ fcn->uses++;
+ fcn->count++;
+ }
if (fcn->error) {
@@ -623,6 +745,10 @@ ngx_http_file_cache_name(ngx_http_request_t *r, ngx_path_t *path)
c = r->cache;
+ if (c->file.name.len) {
+ return NGX_OK;
+ }
+
c->file.name.len = path->name.len + 1 + path->len
+ 2 * NGX_HTTP_CACHE_KEY_LEN;
@@ -954,6 +1080,10 @@ ngx_http_file_cache_free(ngx_http_cache_t *c, ngx_temp_file_t *tf)
}
}
}
+
+ if (c->wait_event.timer_set) {
+ ngx_del_timer(&c->wait_event);
+ }
}
@@ -1267,59 +1397,53 @@ ngx_http_file_cache_loader(void *data)
static ngx_int_t
-ngx_http_file_cache_loader_sleep(ngx_http_file_cache_t *cache)
+ngx_http_file_cache_noop(ngx_tree_ctx_t *ctx, ngx_str_t *path)
+{
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_http_file_cache_manage_file(ngx_tree_ctx_t *ctx, ngx_str_t *path)
{
- ngx_msec_t elapsed;
+ ngx_msec_t elapsed;
+ ngx_http_file_cache_t *cache;
- if (cache->files++ > 100) {
+ cache = ctx->data;
+
+ if (ngx_http_file_cache_add_file(ctx, path) != NGX_OK) {
+ (void) ngx_http_file_cache_delete_file(ctx, path);
+ }
+ if (++cache->files >= cache->loader_files) {
+ ngx_http_file_cache_loader_sleep(cache);
+
+ } else {
ngx_time_update();
elapsed = ngx_abs((ngx_msec_int_t) (ngx_current_msec - cache->last));
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, ngx_cycle->log, 0,
- "http file cache manager time: %M", elapsed);
-
- if (elapsed > 200) {
-
- /*
- * if processing 100 files takes more than 200ms,
- * it seems that many operations require disk i/o,
- * therefore sleep 200ms
- */
-
- ngx_msleep(200);
+ "http file cache loader time elapsed: %M", elapsed);
- ngx_time_update();
+ if (elapsed >= cache->loader_threshold) {
+ ngx_http_file_cache_loader_sleep(cache);
}
-
- cache->last = ngx_current_msec;
- cache->files = 0;
}
return (ngx_quit || ngx_terminate) ? NGX_ABORT : NGX_OK;
}
-static ngx_int_t
-ngx_http_file_cache_noop(ngx_tree_ctx_t *ctx, ngx_str_t *path)
-{
- return NGX_OK;
-}
-
-
-static ngx_int_t
-ngx_http_file_cache_manage_file(ngx_tree_ctx_t *ctx, ngx_str_t *path)
+static void
+ngx_http_file_cache_loader_sleep(ngx_http_file_cache_t *cache)
{
- ngx_http_file_cache_t *cache;
+ ngx_msleep(cache->loader_sleep);
- cache = ctx->data;
+ ngx_time_update();
- if (ngx_http_file_cache_add_file(ctx, path) != NGX_OK) {
- (void) ngx_http_file_cache_delete_file(ctx, path);
- }
-
- return ngx_http_file_cache_loader_sleep(cache);
+ cache->last = ngx_current_msec;
+ cache->files = 0;
}
@@ -1468,6 +1592,8 @@ ngx_http_file_cache_set_slot(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
time_t inactive;
ssize_t size;
ngx_str_t s, name, *value;
+ ngx_int_t loader_files;
+ ngx_msec_t loader_sleep, loader_threshold;
ngx_uint_t i, n;
ngx_http_file_cache_t *cache;
@@ -1482,6 +1608,9 @@ ngx_http_file_cache_set_slot(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
}
inactive = 600;
+ loader_files = 100;
+ loader_sleep = 50;
+ loader_threshold = 200;
name.len = 0;
size = 0;
@@ -1571,7 +1700,7 @@ ngx_http_file_cache_set_slot(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
s.data = value[i].data + 9;
inactive = ngx_parse_time(&s, 1);
- if (inactive < 0) {
+ if (inactive == (time_t) NGX_ERROR) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"invalid inactive value \"%V\"", &value[i]);
return NGX_CONF_ERROR;
@@ -1595,6 +1724,48 @@ ngx_http_file_cache_set_slot(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
continue;
}
+ if (ngx_strncmp(value[i].data, "loader_files=", 13) == 0) {
+
+ loader_files = ngx_atoi(value[i].data + 13, value[i].len - 13);
+ if (loader_files == NGX_ERROR) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "invalid loader_files value \"%V\"", &value[i]);
+ return NGX_CONF_ERROR;
+ }
+
+ continue;
+ }
+
+ if (ngx_strncmp(value[i].data, "loader_sleep=", 13) == 0) {
+
+ s.len = value[i].len - 13;
+ s.data = value[i].data + 13;
+
+ loader_sleep = ngx_parse_time(&s, 0);
+ if (loader_sleep == (ngx_msec_t) NGX_ERROR) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "invalid loader_sleep value \"%V\"", &value[i]);
+ return NGX_CONF_ERROR;
+ }
+
+ continue;
+ }
+
+ if (ngx_strncmp(value[i].data, "loader_threshold=", 17) == 0) {
+
+ s.len = value[i].len - 17;
+ s.data = value[i].data + 17;
+
+ loader_threshold = ngx_parse_time(&s, 0);
+ if (loader_threshold == (ngx_msec_t) NGX_ERROR) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "invalid loader_threshold value \"%V\"", &value[i]);
+ return NGX_CONF_ERROR;
+ }
+
+ continue;
+ }
+
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"invalid parameter \"%V\"", &value[i]);
return NGX_CONF_ERROR;
@@ -1612,6 +1783,9 @@ ngx_http_file_cache_set_slot(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
cache->path->data = cache;
cache->path->conf_file = cf->conf_file->file.name.data;
cache->path->line = cf->conf_file->line;
+ cache->loader_files = loader_files;
+ cache->loader_sleep = loader_sleep;
+ cache->loader_threshold = loader_threshold;
if (ngx_add_path(cf, &cache->path) != NGX_OK) {
return NGX_CONF_ERROR;
@@ -1665,7 +1839,7 @@ ngx_http_file_cache_valid_set_slot(ngx_conf_t *cf, ngx_command_t *cmd,
n = cf->args->nelts - 1;
valid = ngx_parse_time(&value[n], 1);
- if (valid < 0) {
+ if (valid == (time_t) NGX_ERROR) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"invalid time value \"%V\"", &value[n]);
return NGX_CONF_ERROR;
diff --git a/usr.sbin/nginx/src/http/ngx_http_parse.c b/usr.sbin/nginx/src/http/ngx_http_parse.c
index 420c9275f4f..0a10a340ed9 100644
--- a/usr.sbin/nginx/src/http/ngx_http_parse.c
+++ b/usr.sbin/nginx/src/http/ngx_http_parse.c
@@ -111,7 +111,10 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
sw_schema,
sw_schema_slash,
sw_schema_slash_slash,
+ sw_host_start,
sw_host,
+ sw_host_end,
+ sw_host_ip_literal,
sw_port,
sw_host_http_09,
sw_after_slash_in_uri,
@@ -324,14 +327,26 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
case sw_schema_slash_slash:
switch (ch) {
case '/':
- r->host_start = p + 1;
- state = sw_host;
+ state = sw_host_start;
break;
default:
return NGX_HTTP_PARSE_INVALID_REQUEST;
}
break;
+ case sw_host_start:
+
+ r->host_start = p;
+
+ if (ch == '[') {
+ state = sw_host_ip_literal;
+ break;
+ }
+
+ state = sw_host;
+
+ /* fall through */
+
case sw_host:
c = (u_char) (ch | 0x20);
@@ -343,6 +358,10 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
break;
}
+ /* fall through */
+
+ case sw_host_end:
+
r->host_end = p;
switch (ch) {
@@ -367,6 +386,47 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
}
break;
+ case sw_host_ip_literal:
+
+ if (ch >= '0' && ch <= '9') {
+ break;
+ }
+
+ c = (u_char) (ch | 0x20);
+ if (c >= 'a' && c <= 'z') {
+ break;
+ }
+
+ switch (ch) {
+ case ':':
+ break;
+ case ']':
+ state = sw_host_end;
+ break;
+ case '-':
+ case '.':
+ case '_':
+ case '~':
+ /* unreserved */
+ break;
+ case '!':
+ case '$':
+ case '&':
+ case '\'':
+ case '(':
+ case ')':
+ case '*':
+ case '+':
+ case ',':
+ case ';':
+ case '=':
+ /* sub-delims */
+ break;
+ default:
+ return NGX_HTTP_PARSE_INVALID_REQUEST;
+ }
+ break;
+
case sw_port:
if (ch >= '0' && ch <= '9') {
break;
@@ -1037,7 +1097,7 @@ ngx_http_parse_complex_uri(ngx_http_request_t *r, ngx_uint_t merge_slashes)
/*
* we use "ch = *p++" inside the cycle, but this operation is safe,
- * because after the URI there is always at least one charcter:
+ * because after the URI there is always at least one character:
* the line feed
*/
@@ -1093,6 +1153,7 @@ ngx_http_parse_complex_uri(ngx_http_request_t *r, ngx_uint_t merge_slashes)
break;
case '+':
r->plus_in_uri = 1;
+ /* fall through */
default:
*u++ = ch;
break;
@@ -1418,6 +1479,7 @@ ngx_http_parse_status_line(ngx_http_request_t *r, ngx_buf_t *b,
return NGX_ERROR;
}
+ r->http_major = ch - '0';
state = sw_major_digit;
break;
@@ -1432,6 +1494,7 @@ ngx_http_parse_status_line(ngx_http_request_t *r, ngx_buf_t *b,
return NGX_ERROR;
}
+ r->http_major = r->http_major * 10 + ch - '0';
break;
/* the first digit of minor HTTP version */
@@ -1440,6 +1503,7 @@ ngx_http_parse_status_line(ngx_http_request_t *r, ngx_buf_t *b,
return NGX_ERROR;
}
+ r->http_minor = ch - '0';
state = sw_minor_digit;
break;
@@ -1454,6 +1518,7 @@ ngx_http_parse_status_line(ngx_http_request_t *r, ngx_buf_t *b,
return NGX_ERROR;
}
+ r->http_minor = r->http_minor * 10 + ch - '0';
break;
/* HTTP status code */
@@ -1531,6 +1596,7 @@ done:
status->end = p;
}
+ status->http_version = r->http_major * 1000 + r->http_minor;
r->state = sw_start;
return NGX_OK;
diff --git a/usr.sbin/nginx/src/http/ngx_http_postpone_filter_module.c b/usr.sbin/nginx/src/http/ngx_http_postpone_filter_module.c
index cf49b2fa8ce..85c4b84d027 100644
--- a/usr.sbin/nginx/src/http/ngx_http_postpone_filter_module.c
+++ b/usr.sbin/nginx/src/http/ngx_http_postpone_filter_module.c
@@ -46,7 +46,7 @@ ngx_module_t ngx_http_postpone_filter_module = {
};
-static ngx_http_output_body_filter_pt ngx_http_next_filter;
+static ngx_http_output_body_filter_pt ngx_http_next_body_filter;
static ngx_int_t
@@ -80,7 +80,7 @@ ngx_http_postpone_filter(ngx_http_request_t *r, ngx_chain_t *in)
if (r->postponed == NULL) {
if (in || c->buffered) {
- return ngx_http_next_filter(r->main, in);
+ return ngx_http_next_body_filter(r->main, in);
}
return NGX_OK;
@@ -116,7 +116,7 @@ ngx_http_postpone_filter(ngx_http_request_t *r, ngx_chain_t *in)
"http postpone filter output \"%V?%V\"",
&r->uri, &r->args);
- if (ngx_http_next_filter(r->main, pr->out) == NGX_ERROR) {
+ if (ngx_http_next_body_filter(r->main, pr->out) == NGX_ERROR) {
return NGX_ERROR;
}
}
@@ -171,7 +171,7 @@ found:
static ngx_int_t
ngx_http_postpone_filter_init(ngx_conf_t *cf)
{
- ngx_http_next_filter = ngx_http_top_body_filter;
+ ngx_http_next_body_filter = ngx_http_top_body_filter;
ngx_http_top_body_filter = ngx_http_postpone_filter;
return NGX_OK;
diff --git a/usr.sbin/nginx/src/http/ngx_http_request.c b/usr.sbin/nginx/src/http/ngx_http_request.c
index 04c4165dedd..052f379ac3d 100644
--- a/usr.sbin/nginx/src/http/ngx_http_request.c
+++ b/usr.sbin/nginx/src/http/ngx_http_request.c
@@ -612,6 +612,8 @@ ngx_http_ssl_handshake_handler(ngx_connection_t *c)
c->ssl->no_wait_shutdown = 1;
+ c->log->action = "reading client request line";
+
c->read->handler = ngx_http_process_request_line;
/* STUB: epoll edge */ c->write->handler = ngx_http_empty_handler;
@@ -1175,7 +1177,7 @@ ngx_http_read_request_header(ngx_http_request_t *r)
if (n == 0) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
- "client closed prematurely connection");
+ "client prematurely closed connection");
}
if (n == 0 || n == NGX_ERROR) {
@@ -1493,7 +1495,9 @@ ngx_http_process_user_agent(ngx_http_request_t *r, ngx_table_elt_t *h,
} else if (ngx_strstrn(user_agent, "Chrome/", 7 - 1)) {
r->headers_in.chrome = 1;
- } else if (ngx_strstrn(user_agent, "Safari/", 7 - 1)) {
+ } else if (ngx_strstrn(user_agent, "Safari/", 7 - 1)
+ && ngx_strstrn(user_agent, "Mac OS X", 8 - 1))
+ {
r->headers_in.safari = 1;
} else if (ngx_strstrn(user_agent, "Konqueror", 9 - 1)) {
@@ -1675,56 +1679,85 @@ static ssize_t
ngx_http_validate_host(ngx_http_request_t *r, u_char **host, size_t len,
ngx_uint_t alloc)
{
- u_char *h, ch;
- size_t i, last;
- ngx_uint_t dot;
+ u_char *h, ch;
+ size_t i, dot_pos, host_len;
+
+ enum {
+ sw_usual = 0,
+ sw_literal,
+ sw_rest
+ } state;
+
+ dot_pos = len;
+ host_len = len;
- last = len;
h = *host;
- dot = 0;
+
+ state = sw_usual;
for (i = 0; i < len; i++) {
ch = h[i];
- if (ch == '.') {
- if (dot) {
+ switch (ch) {
+
+ case '.':
+ if (dot_pos == i - 1) {
return 0;
}
+ dot_pos = i;
+ break;
- dot = 1;
- continue;
- }
+ case ':':
+ if (state == sw_usual) {
+ host_len = i;
+ state = sw_rest;
+ }
+ break;
- dot = 0;
+ case '[':
+ if (i == 0) {
+ state = sw_literal;
+ }
+ break;
- if (ch == ':') {
- last = i;
- continue;
- }
+ case ']':
+ if (state == sw_literal) {
+ host_len = i + 1;
+ state = sw_rest;
+ }
+ break;
- if (ngx_path_separator(ch) || ch == '\0') {
+ case '\0':
return 0;
- }
- if (ch >= 'A' || ch < 'Z') {
- alloc = 1;
+ default:
+
+ if (ngx_path_separator(ch)) {
+ return 0;
+ }
+
+ if (ch >= 'A' && ch <= 'Z') {
+ alloc = 1;
+ }
+
+ break;
}
}
- if (dot) {
- last--;
+ if (dot_pos == host_len - 1) {
+ host_len--;
}
if (alloc) {
- *host = ngx_pnalloc(r->pool, last) ;
+ *host = ngx_pnalloc(r->pool, host_len);
if (*host == NULL) {
return -1;
}
- ngx_strlow(*host, h, last);
+ ngx_strlow(*host, h, host_len);
}
- return last;
+ return host_len;
}
@@ -1981,6 +2014,7 @@ ngx_http_finalize_request(ngx_http_request_t *r, ngx_int_t rc)
if (r == c->data) {
r->main->count--;
+ r->main->subrequests++;
if (!r->logged) {
@@ -2394,7 +2428,7 @@ closed:
}
ngx_log_error(NGX_LOG_INFO, c->log, err,
- "client closed prematurely connection");
+ "client prematurely closed connection");
ngx_http_finalize_request(r, 0);
}
diff --git a/usr.sbin/nginx/src/http/ngx_http_request.h b/usr.sbin/nginx/src/http/ngx_http_request.h
index f9d449dd1de..70ca6097efa 100644
--- a/usr.sbin/nginx/src/http/ngx_http_request.h
+++ b/usr.sbin/nginx/src/http/ngx_http_request.h
@@ -10,7 +10,7 @@
#define NGX_HTTP_MAX_URI_CHANGES 10
-#define NGX_HTTP_MAX_SUBREQUESTS 50
+#define NGX_HTTP_MAX_SUBREQUESTS 200
/* must be 2^n */
#define NGX_HTTP_LC_HEADER_LEN 32
@@ -479,10 +479,10 @@ struct ngx_http_request_s {
/*
* instead of using the request context data in
- * ngx_http_limit_zone_module and ngx_http_limit_req_module
+ * ngx_http_limit_conn_module and ngx_http_limit_req_module
* we use the single bits in the request structure
*/
- unsigned limit_zone_set:1;
+ unsigned limit_conn_set:1;
unsigned limit_req_set:1;
#if 0
diff --git a/usr.sbin/nginx/src/http/ngx_http_request_body.c b/usr.sbin/nginx/src/http/ngx_http_request_body.c
index ac09d56f197..bddd7c580a8 100644
--- a/usr.sbin/nginx/src/http/ngx_http_request_body.c
+++ b/usr.sbin/nginx/src/http/ngx_http_request_body.c
@@ -303,7 +303,7 @@ ngx_http_do_read_client_request_body(ngx_http_request_t *r)
if (n == 0) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
- "client closed prematurely connection");
+ "client prematurely closed connection");
}
if (n == 0 || n == NGX_ERROR) {
diff --git a/usr.sbin/nginx/src/http/ngx_http_script.c b/usr.sbin/nginx/src/http/ngx_http_script.c
index 77ac9a629f5..ce290f4ef67 100644
--- a/usr.sbin/nginx/src/http/ngx_http_script.c
+++ b/usr.sbin/nginx/src/http/ngx_http_script.c
@@ -1506,6 +1506,12 @@ ngx_http_script_file_code(ngx_http_script_engine_t *e)
of.errors = clcf->open_file_cache_errors;
of.events = clcf->open_file_cache_events;
+ if (ngx_http_set_disable_symlinks(r, clcf, &path, &of) != NGX_OK) {
+ e->ip = ngx_http_script_exit;
+ e->status = NGX_HTTP_INTERNAL_SERVER_ERROR;
+ return;
+ }
+
if (ngx_open_cached_file(clcf->open_file_cache, &path, &of, r->pool)
!= NGX_OK)
{
diff --git a/usr.sbin/nginx/src/http/ngx_http_upstream.c b/usr.sbin/nginx/src/http/ngx_http_upstream.c
index ffbbc11ce91..70a4e166856 100644
--- a/usr.sbin/nginx/src/http/ngx_http_upstream.c
+++ b/usr.sbin/nginx/src/http/ngx_http_upstream.c
@@ -73,6 +73,8 @@ static void ngx_http_upstream_finalize_request(ngx_http_request_t *r,
static ngx_int_t ngx_http_upstream_process_header_line(ngx_http_request_t *r,
ngx_table_elt_t *h, ngx_uint_t offset);
+static ngx_int_t ngx_http_upstream_process_content_length(ngx_http_request_t *r,
+ ngx_table_elt_t *h, ngx_uint_t offset);
static ngx_int_t ngx_http_upstream_process_set_cookie(ngx_http_request_t *r,
ngx_table_elt_t *h, ngx_uint_t offset);
static ngx_int_t
@@ -90,6 +92,11 @@ static ngx_int_t ngx_http_upstream_process_buffering(ngx_http_request_t *r,
ngx_table_elt_t *h, ngx_uint_t offset);
static ngx_int_t ngx_http_upstream_process_charset(ngx_http_request_t *r,
ngx_table_elt_t *h, ngx_uint_t offset);
+static ngx_int_t ngx_http_upstream_process_connection(ngx_http_request_t *r,
+ ngx_table_elt_t *h, ngx_uint_t offset);
+static ngx_int_t
+ ngx_http_upstream_process_transfer_encoding(ngx_http_request_t *r,
+ ngx_table_elt_t *h, ngx_uint_t offset);
static ngx_int_t ngx_http_upstream_copy_header_line(ngx_http_request_t *r,
ngx_table_elt_t *h, ngx_uint_t offset);
static ngx_int_t
@@ -97,14 +104,14 @@ static ngx_int_t
ngx_table_elt_t *h, ngx_uint_t offset);
static ngx_int_t ngx_http_upstream_copy_content_type(ngx_http_request_t *r,
ngx_table_elt_t *h, ngx_uint_t offset);
-static ngx_int_t ngx_http_upstream_copy_content_length(ngx_http_request_t *r,
- ngx_table_elt_t *h, ngx_uint_t offset);
static ngx_int_t ngx_http_upstream_copy_last_modified(ngx_http_request_t *r,
ngx_table_elt_t *h, ngx_uint_t offset);
static ngx_int_t ngx_http_upstream_rewrite_location(ngx_http_request_t *r,
ngx_table_elt_t *h, ngx_uint_t offset);
static ngx_int_t ngx_http_upstream_rewrite_refresh(ngx_http_request_t *r,
ngx_table_elt_t *h, ngx_uint_t offset);
+static ngx_int_t ngx_http_upstream_rewrite_set_cookie(ngx_http_request_t *r,
+ ngx_table_elt_t *h, ngx_uint_t offset);
static ngx_int_t ngx_http_upstream_copy_allow_ranges(ngx_http_request_t *r,
ngx_table_elt_t *h, ngx_uint_t offset);
@@ -150,9 +157,9 @@ ngx_http_upstream_header_t ngx_http_upstream_headers_in[] = {
ngx_http_upstream_copy_content_type, 0, 1 },
{ ngx_string("Content-Length"),
- ngx_http_upstream_process_header_line,
+ ngx_http_upstream_process_content_length,
offsetof(ngx_http_upstream_headers_in_t, content_length),
- ngx_http_upstream_copy_content_length, 0, 0 },
+ ngx_http_upstream_ignore_header_line, 0, 0 },
{ ngx_string("Date"),
ngx_http_upstream_process_header_line,
@@ -193,7 +200,7 @@ ngx_http_upstream_header_t ngx_http_upstream_headers_in[] = {
{ ngx_string("Set-Cookie"),
ngx_http_upstream_process_set_cookie, 0,
- ngx_http_upstream_copy_header_line, 0, 1 },
+ ngx_http_upstream_rewrite_set_cookie, 0, 1 },
{ ngx_string("Content-Disposition"),
ngx_http_upstream_ignore_header_line, 0,
@@ -216,7 +223,7 @@ ngx_http_upstream_header_t ngx_http_upstream_headers_in[] = {
offsetof(ngx_http_headers_out_t, accept_ranges), 1 },
{ ngx_string("Connection"),
- ngx_http_upstream_ignore_header_line, 0,
+ ngx_http_upstream_process_connection, 0,
ngx_http_upstream_ignore_header_line, 0, 0 },
{ ngx_string("Keep-Alive"),
@@ -248,6 +255,10 @@ ngx_http_upstream_header_t ngx_http_upstream_headers_in[] = {
ngx_http_upstream_process_charset, 0,
ngx_http_upstream_copy_header_line, 0, 0 },
+ { ngx_string("Transfer-Encoding"),
+ ngx_http_upstream_process_transfer_encoding, 0,
+ ngx_http_upstream_ignore_header_line, 0, 0 },
+
#if (NGX_HTTP_GZIP)
{ ngx_string("Content-Encoding"),
ngx_http_upstream_process_header_line,
@@ -400,6 +411,8 @@ ngx_http_upstream_create(ngx_http_request_t *r)
r->cache = NULL;
#endif
+ u->headers_in.content_length_n = -1;
+
return NGX_OK;
}
@@ -697,6 +710,9 @@ ngx_http_upstream_cache(ngx_http_request_t *r, ngx_http_upstream_t *u)
c->body_start = u->conf->buffer_size;
c->file_cache = u->conf->cache->data;
+ c->lock = u->conf->cache_lock;
+ c->lock_timeout = u->conf->cache_lock_timeout;
+
u->cache_status = NGX_HTTP_CACHE_MISS;
}
@@ -804,6 +820,7 @@ ngx_http_upstream_cache_send(ngx_http_request_t *r, ngx_http_upstream_t *u)
u->buffer.pos += c->header_start;
ngx_memzero(&u->headers_in, sizeof(ngx_http_upstream_headers_in_t));
+ u->headers_in.content_length_n = -1;
if (ngx_list_init(&u->headers_in.headers, r->pool, 8,
sizeof(ngx_table_elt_t))
@@ -1140,8 +1157,20 @@ ngx_http_upstream_connect(ngx_http_request_t *r, ngx_http_upstream_t *u)
c->sendfile &= r->connection->sendfile;
u->output.sendfile = c->sendfile;
- c->pool = r->pool;
+ if (c->pool == NULL) {
+
+ /* we need separate pool here to be able to cache SSL connections */
+
+ c->pool = ngx_create_pool(128, r->connection->log);
+ if (c->pool == NULL) {
+ ngx_http_upstream_finalize_request(r, u,
+ NGX_HTTP_INTERNAL_SERVER_ERROR);
+ return;
+ }
+ }
+
c->log = r->connection->log;
+ c->pool->log = c->log;
c->read->log = c->log;
c->write->log = c->log;
@@ -1167,7 +1196,7 @@ ngx_http_upstream_connect(ngx_http_request_t *r, ngx_http_upstream_t *u)
{
/*
* the r->request_body->buf can be reused for one request only,
- * the subrequests should allocate their own temporay bufs
+ * the subrequests should allocate their own temporary bufs
*/
u->output.free = ngx_alloc_chain_link(r->pool);
@@ -1286,7 +1315,10 @@ ngx_http_upstream_reinit(ngx_http_request_t *r, ngx_http_upstream_t *u)
return NGX_ERROR;
}
+ u->keepalive = 0;
+
ngx_memzero(&u->headers_in, sizeof(ngx_http_upstream_headers_in_t));
+ u->headers_in.content_length_n = -1;
if (ngx_list_init(&u->headers_in.headers, r->pool, 8,
sizeof(ngx_table_elt_t))
@@ -1869,8 +1901,6 @@ ngx_http_upstream_process_headers(ngx_http_request_t *r, ngx_http_upstream_t *u)
r->method = NGX_HTTP_GET;
}
- r->valid_unparsed_uri = 0;
-
ngx_http_internal_redirect(r, uri, &args);
ngx_http_finalize_request(r, NGX_DONE);
return NGX_DONE;
@@ -1928,14 +1958,9 @@ ngx_http_upstream_process_headers(ngx_http_request_t *r, ngx_http_upstream_t *u)
r->headers_out.status = u->headers_in.status_n;
r->headers_out.status_line = u->headers_in.status_line;
- u->headers_in.content_length_n = r->headers_out.content_length_n;
+ r->headers_out.content_length_n = u->headers_in.content_length_n;
- if (r->headers_out.content_length_n != -1) {
- u->length = (size_t) r->headers_out.content_length_n;
-
- } else {
- u->length = NGX_MAX_SIZE_T_VALUE;
- }
+ u->length = u->headers_in.content_length_n;
return NGX_OK;
}
@@ -1999,6 +2024,11 @@ ngx_http_upstream_process_body_in_memory(ngx_http_request_t *r,
}
}
+ if (u->length == 0) {
+ ngx_http_upstream_finalize_request(r, u, 0);
+ return;
+ }
+
if (ngx_handle_read_event(rev, 0) != NGX_OK) {
ngx_http_upstream_finalize_request(r, u, NGX_ERROR);
return;
@@ -2119,7 +2149,7 @@ ngx_http_upstream_send_response(ngx_http_request_t *r, ngx_http_upstream_t *u)
return;
}
- if (u->peer.connection->read->ready) {
+ if (u->peer.connection->read->ready || u->length == 0) {
ngx_http_upstream_process_non_buffered_upstream(r, u);
}
}
@@ -2295,6 +2325,15 @@ ngx_http_upstream_send_response(ngx_http_request_t *r, ngx_http_upstream_t *u)
p->send_timeout = clcf->send_timeout;
p->send_lowat = clcf->send_lowat;
+ p->length = -1;
+
+ if (u->input_filter_init
+ && u->input_filter_init(p->input_ctx) != NGX_OK)
+ {
+ ngx_http_upstream_finalize_request(r, u, 0);
+ return;
+ }
+
u->read_event_handler = ngx_http_upstream_process_upstream;
r->write_event_handler = ngx_http_upstream_process_downstream;
@@ -2384,7 +2423,7 @@ ngx_http_upstream_process_non_buffered_request(ngx_http_request_t *r,
return;
}
- ngx_chain_update_chains(&u->free_bufs, &u->busy_bufs,
+ ngx_chain_update_chains(r->pool, &u->free_bufs, &u->busy_bufs,
&u->out_bufs, u->output.tag);
}
@@ -2405,10 +2444,6 @@ ngx_http_upstream_process_non_buffered_request(ngx_http_request_t *r,
size = b->end - b->last;
- if (size > u->length) {
- size = u->length;
- }
-
if (size && upstream->read->ready) {
n = upstream->recv(upstream, b->last, size);
@@ -2505,7 +2540,7 @@ ngx_http_upstream_non_buffered_filter(void *data, ssize_t bytes)
cl->buf->last = b->last;
cl->buf->tag = u->output.tag;
- if (u->length == NGX_MAX_SIZE_T_VALUE) {
+ if (u->length == -1) {
return NGX_OK;
}
@@ -2650,9 +2685,17 @@ ngx_http_upstream_process_request(ngx_http_request_t *r)
} else if (p->upstream_eof) {
- /* TODO: check length & update cache */
+ tf = u->pipe->temp_file;
- ngx_http_file_cache_update(r, u->pipe->temp_file);
+ if (u->headers_in.content_length_n == -1
+ || u->headers_in.content_length_n
+ == tf->offset - (off_t) r->cache->body_start)
+ {
+ ngx_http_file_cache_update(r, tf);
+
+ } else {
+ ngx_http_file_cache_free(r->cache, tf);
+ }
} else if (p->upstream_error) {
ngx_http_file_cache_free(r->cache, u->pipe->temp_file);
@@ -2799,6 +2842,10 @@ ngx_http_upstream_next(ngx_http_request_t *r, ngx_http_upstream_t *u,
if (u->peer.cached && ft_type == NGX_HTTP_UPSTREAM_FT_ERROR) {
status = 0;
+ /* TODO: inform balancer instead */
+
+ u->peer.tries++;
+
} else {
switch(ft_type) {
@@ -2873,6 +2920,10 @@ ngx_http_upstream_next(ngx_http_request_t *r, ngx_http_upstream_t *u,
}
#endif
+ if (u->peer.connection->pool) {
+ ngx_destroy_pool(u->peer.connection->pool);
+ }
+
ngx_close_connection(u->peer.connection);
u->peer.connection = NULL;
}
@@ -2968,6 +3019,10 @@ ngx_http_upstream_finalize_request(ngx_http_request_t *r,
"close http upstream connection: %d",
u->peer.connection->fd);
+ if (u->peer.connection->pool) {
+ ngx_destroy_pool(u->peer.connection->pool);
+ }
+
ngx_close_connection(u->peer.connection);
}
@@ -3065,6 +3120,21 @@ ngx_http_upstream_ignore_header_line(ngx_http_request_t *r, ngx_table_elt_t *h,
static ngx_int_t
+ngx_http_upstream_process_content_length(ngx_http_request_t *r,
+ ngx_table_elt_t *h, ngx_uint_t offset)
+{
+ ngx_http_upstream_t *u;
+
+ u = r->upstream;
+
+ u->headers_in.content_length = h;
+ u->headers_in.content_length_n = ngx_atoof(h->value.data, h->value.len);
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
ngx_http_upstream_process_set_cookie(ngx_http_request_t *r, ngx_table_elt_t *h,
ngx_uint_t offset)
{
@@ -3242,6 +3312,8 @@ ngx_http_upstream_process_accel_expires(ngx_http_request_t *r,
switch (n) {
case 0:
u->cacheable = 0;
+ /* fall through */
+
case NGX_ERROR:
return NGX_OK;
@@ -3343,6 +3415,40 @@ ngx_http_upstream_process_charset(ngx_http_request_t *r, ngx_table_elt_t *h,
static ngx_int_t
+ngx_http_upstream_process_connection(ngx_http_request_t *r, ngx_table_elt_t *h,
+ ngx_uint_t offset)
+{
+ r->upstream->headers_in.connection = h;
+
+ if (ngx_strlcasestrn(h->value.data, h->value.data + h->value.len,
+ (u_char *) "close", 5 - 1)
+ != NULL)
+ {
+ r->upstream->headers_in.connection_close = 1;
+ }
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_http_upstream_process_transfer_encoding(ngx_http_request_t *r,
+ ngx_table_elt_t *h, ngx_uint_t offset)
+{
+ r->upstream->headers_in.transfer_encoding = h;
+
+ if (ngx_strlcasestrn(h->value.data, h->value.data + h->value.len,
+ (u_char *) "chunked", 7 - 1)
+ != NULL)
+ {
+ r->upstream->headers_in.chunked = 1;
+ }
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
ngx_http_upstream_copy_header_line(ngx_http_request_t *r, ngx_table_elt_t *h,
ngx_uint_t offset)
{
@@ -3450,26 +3556,6 @@ ngx_http_upstream_copy_content_type(ngx_http_request_t *r, ngx_table_elt_t *h,
static ngx_int_t
-ngx_http_upstream_copy_content_length(ngx_http_request_t *r, ngx_table_elt_t *h,
- ngx_uint_t offset)
-{
- ngx_table_elt_t *ho;
-
- ho = ngx_list_push(&r->headers_out.headers);
- if (ho == NULL) {
- return NGX_ERROR;
- }
-
- *ho = *h;
-
- r->headers_out.content_length = ho;
- r->headers_out.content_length_n = ngx_atoof(h->value.data, h->value.len);
-
- return NGX_OK;
-}
-
-
-static ngx_int_t
ngx_http_upstream_copy_last_modified(ngx_http_request_t *r, ngx_table_elt_t *h,
ngx_uint_t offset)
{
@@ -3588,6 +3674,27 @@ ngx_http_upstream_rewrite_refresh(ngx_http_request_t *r, ngx_table_elt_t *h,
static ngx_int_t
+ngx_http_upstream_rewrite_set_cookie(ngx_http_request_t *r, ngx_table_elt_t *h,
+ ngx_uint_t offset)
+{
+ ngx_table_elt_t *ho;
+
+ ho = ngx_list_push(&r->headers_out.headers);
+ if (ho == NULL) {
+ return NGX_ERROR;
+ }
+
+ *ho = *h;
+
+ if (r->upstream->rewrite_cookie) {
+ return r->upstream->rewrite_cookie(r, ho);
+ }
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
ngx_http_upstream_copy_allow_ranges(ngx_http_request_t *r,
ngx_table_elt_t *h, ngx_uint_t offset)
{
@@ -4163,7 +4270,7 @@ ngx_http_upstream_server(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
fail_timeout = ngx_parse_time(&s, 1);
- if (fail_timeout == NGX_ERROR) {
+ if (fail_timeout == (time_t) NGX_ERROR) {
goto invalid;
}
@@ -4355,12 +4462,58 @@ ngx_http_upstream_bind_set_slot(ngx_conf_t *cf, ngx_command_t *cmd,
case NGX_DECLINED:
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"invalid address \"%V\"", &value[1]);
+ /* fall through */
+
default:
return NGX_CONF_ERROR;
}
}
+char *
+ngx_http_upstream_param_set_slot(ngx_conf_t *cf, ngx_command_t *cmd,
+ void *conf)
+{
+ char *p = conf;
+
+ ngx_str_t *value;
+ ngx_array_t **a;
+ ngx_http_upstream_param_t *param;
+
+ a = (ngx_array_t **) (p + cmd->offset);
+
+ if (*a == NULL) {
+ *a = ngx_array_create(cf->pool, 4, sizeof(ngx_http_upstream_param_t));
+ if (*a == NULL) {
+ return NGX_CONF_ERROR;
+ }
+ }
+
+ param = ngx_array_push(*a);
+ if (param == NULL) {
+ return NGX_CONF_ERROR;
+ }
+
+ value = cf->args->elts;
+
+ param->key = value[1];
+ param->value = value[2];
+ param->skip_empty = 0;
+
+ if (cf->args->nelts == 4) {
+ if (ngx_strcmp(value[3].data, "if_not_empty") != 0) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "invalid parameter \"%V\"", &value[3]);
+ return NGX_CONF_ERROR;
+ }
+
+ param->skip_empty = 1;
+ }
+
+ return NGX_CONF_OK;
+}
+
+
ngx_int_t
ngx_http_upstream_hide_headers_hash(ngx_conf_t *cf,
ngx_http_upstream_conf_t *conf, ngx_http_upstream_conf_t *prev,
diff --git a/usr.sbin/nginx/src/http/ngx_http_upstream.h b/usr.sbin/nginx/src/http/ngx_http_upstream.h
index 17fe538bdbf..f32c9852269 100644
--- a/usr.sbin/nginx/src/http/ngx_http_upstream.h
+++ b/usr.sbin/nginx/src/http/ngx_http_upstream.h
@@ -166,6 +166,9 @@ typedef struct {
ngx_uint_t cache_use_stale;
ngx_uint_t cache_methods;
+ ngx_flag_t cache_lock;
+ ngx_msec_t cache_lock_timeout;
+
ngx_array_t *cache_valid;
ngx_array_t *cache_bypass;
ngx_array_t *no_cache;
@@ -221,6 +224,7 @@ typedef struct {
ngx_table_elt_t *location;
ngx_table_elt_t *accept_ranges;
ngx_table_elt_t *www_authenticate;
+ ngx_table_elt_t *transfer_encoding;
#if (NGX_HTTP_GZIP)
ngx_table_elt_t *content_encoding;
@@ -229,6 +233,9 @@ typedef struct {
off_t content_length_n;
ngx_array_t cache_control;
+
+ unsigned connection_close:1;
+ unsigned chunked:1;
} ngx_http_upstream_headers_in_t;
@@ -271,7 +278,7 @@ struct ngx_http_upstream_s {
ngx_http_upstream_resolved_t *resolved;
ngx_buf_t buffer;
- size_t length;
+ off_t length;
ngx_chain_t *out_bufs;
ngx_chain_t *busy_bufs;
@@ -292,6 +299,8 @@ struct ngx_http_upstream_s {
ngx_int_t rc);
ngx_int_t (*rewrite_redirect)(ngx_http_request_t *r,
ngx_table_elt_t *h, size_t prefix);
+ ngx_int_t (*rewrite_cookie)(ngx_http_request_t *r,
+ ngx_table_elt_t *h);
ngx_msec_t timeout;
@@ -312,6 +321,7 @@ struct ngx_http_upstream_s {
#endif
unsigned buffering:1;
+ unsigned keepalive:1;
unsigned request_sent:1;
unsigned header_sent:1;
@@ -324,6 +334,13 @@ typedef struct {
} ngx_http_upstream_next_t;
+typedef struct {
+ ngx_str_t key;
+ ngx_str_t value;
+ ngx_uint_t skip_empty;
+} ngx_http_upstream_param_t;
+
+
ngx_int_t ngx_http_upstream_header_variable(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data);
@@ -333,6 +350,8 @@ ngx_http_upstream_srv_conf_t *ngx_http_upstream_add(ngx_conf_t *cf,
ngx_url_t *u, ngx_uint_t flags);
char *ngx_http_upstream_bind_set_slot(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
+char *ngx_http_upstream_param_set_slot(ngx_conf_t *cf, ngx_command_t *cmd,
+ void *conf);
ngx_int_t ngx_http_upstream_hide_headers_hash(ngx_conf_t *cf,
ngx_http_upstream_conf_t *conf, ngx_http_upstream_conf_t *prev,
ngx_str_t *default_hide_headers, ngx_hash_init_t *hash);
diff --git a/usr.sbin/nginx/src/http/ngx_http_upstream_round_robin.c b/usr.sbin/nginx/src/http/ngx_http_upstream_round_robin.c
index afc9b2e085a..f0fac873699 100644
--- a/usr.sbin/nginx/src/http/ngx_http_upstream_round_robin.c
+++ b/usr.sbin/nginx/src/http/ngx_http_upstream_round_robin.c
@@ -49,6 +49,13 @@ ngx_http_upstream_init_round_robin(ngx_conf_t *cf,
n += server[i].naddrs;
}
+ if (n == 0) {
+ ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
+ "no servers in upstream \"%V\" in %s:%ui",
+ &us->host, us->file_name, us->line);
+ return NGX_ERROR;
+ }
+
peers = ngx_pcalloc(cf->pool, sizeof(ngx_http_upstream_rr_peers_t)
+ sizeof(ngx_http_upstream_rr_peer_t) * (n - 1));
if (peers == NULL) {
@@ -444,8 +451,8 @@ ngx_http_upstream_get_round_robin_peer(ngx_peer_connection_t *pc, void *data)
break;
}
- if (now - peer->accessed > peer->fail_timeout) {
- peer->fails = 0;
+ if (now - peer->checked > peer->fail_timeout) {
+ peer->checked = now;
break;
}
@@ -492,8 +499,8 @@ ngx_http_upstream_get_round_robin_peer(ngx_peer_connection_t *pc, void *data)
break;
}
- if (now - peer->accessed > peer->fail_timeout) {
- peer->fails = 0;
+ if (now - peer->checked > peer->fail_timeout) {
+ peer->checked = now;
break;
}
@@ -664,15 +671,16 @@ ngx_http_upstream_free_round_robin_peer(ngx_peer_connection_t *pc, void *data,
return;
}
+ peer = &rrp->peers->peer[rrp->current];
+
if (state & NGX_PEER_FAILED) {
now = ngx_time();
- peer = &rrp->peers->peer[rrp->current];
-
/* ngx_lock_mutex(rrp->peers->mutex); */
peer->fails++;
peer->accessed = now;
+ peer->checked = now;
if (peer->max_fails) {
peer->current_weight -= peer->weight / peer->max_fails;
@@ -687,6 +695,14 @@ ngx_http_upstream_free_round_robin_peer(ngx_peer_connection_t *pc, void *data,
}
/* ngx_unlock_mutex(rrp->peers->mutex); */
+
+ } else {
+
+ /* mark peer live if check passed */
+
+ if (peer->accessed < peer->checked) {
+ peer->fails = 0;
+ }
}
rrp->current++;
diff --git a/usr.sbin/nginx/src/http/ngx_http_upstream_round_robin.h b/usr.sbin/nginx/src/http/ngx_http_upstream_round_robin.h
index 6d285ab75e1..4b70f2f5bac 100644
--- a/usr.sbin/nginx/src/http/ngx_http_upstream_round_robin.h
+++ b/usr.sbin/nginx/src/http/ngx_http_upstream_round_robin.h
@@ -24,6 +24,7 @@ typedef struct {
ngx_uint_t fails;
time_t accessed;
+ time_t checked;
ngx_uint_t max_fails;
time_t fail_timeout;
diff --git a/usr.sbin/nginx/src/http/ngx_http_variables.c b/usr.sbin/nginx/src/http/ngx_http_variables.c
index a9eb0afb719..949cef9107c 100644
--- a/usr.sbin/nginx/src/http/ngx_http_variables.c
+++ b/usr.sbin/nginx/src/http/ngx_http_variables.c
@@ -34,6 +34,10 @@ static ngx_int_t ngx_http_variable_cookie(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data);
static ngx_int_t ngx_http_variable_argument(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data);
+#if (NGX_HAVE_TCP_INFO)
+static ngx_int_t ngx_http_variable_tcpinfo(ngx_http_request_t *r,
+ ngx_http_variable_value_t *v, uintptr_t data);
+#endif
static ngx_int_t ngx_http_variable_host(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data);
@@ -49,6 +53,8 @@ static ngx_int_t ngx_http_variable_server_port(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data);
static ngx_int_t ngx_http_variable_scheme(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data);
+static ngx_int_t ngx_http_variable_https(ngx_http_request_t *r,
+ ngx_http_variable_value_t *v, uintptr_t data);
static ngx_int_t ngx_http_variable_is_args(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data);
static ngx_int_t ngx_http_variable_document_root(ngx_http_request_t *r,
@@ -106,7 +112,7 @@ static ngx_int_t ngx_http_variable_pid(ngx_http_request_t *r,
/*
* the $http_host, $http_user_agent, $http_referer, $http_via,
* and $http_x_forwarded_for variables may be handled by generic
- * ngx_http_variable_unknown_header_in(), but for perfomance reasons
+ * ngx_http_variable_unknown_header_in(), but for performance reasons
* they are handled using dedicated entries
*/
@@ -158,6 +164,8 @@ static ngx_http_variable_t ngx_http_core_variables[] = {
{ ngx_string("scheme"), NULL, ngx_http_variable_scheme, 0, 0, 0 },
+ { ngx_string("https"), NULL, ngx_http_variable_https, 0, 0, 0 },
+
{ ngx_string("request_uri"), NULL, ngx_http_variable_request,
offsetof(ngx_http_request_t, unparsed_uri), 0, 0 },
@@ -255,6 +263,20 @@ static ngx_http_variable_t ngx_http_core_variables[] = {
{ ngx_string("pid"), NULL, ngx_http_variable_pid,
0, 0, 0 },
+#if (NGX_HAVE_TCP_INFO)
+ { ngx_string("tcpinfo_rtt"), NULL, ngx_http_variable_tcpinfo,
+ 0, NGX_HTTP_VAR_NOCACHEABLE, 0 },
+
+ { ngx_string("tcpinfo_rttvar"), NULL, ngx_http_variable_tcpinfo,
+ 1, NGX_HTTP_VAR_NOCACHEABLE, 0 },
+
+ { ngx_string("tcpinfo_snd_cwnd"), NULL, ngx_http_variable_tcpinfo,
+ 2, NGX_HTTP_VAR_NOCACHEABLE, 0 },
+
+ { ngx_string("tcpinfo_rcv_space"), NULL, ngx_http_variable_tcpinfo,
+ 3, NGX_HTTP_VAR_NOCACHEABLE, 0 },
+#endif
+
{ ngx_null_string, NULL, NULL, 0, 0, 0 }
};
@@ -380,7 +402,7 @@ ngx_http_get_variable_index(ngx_conf_t *cf, ngx_str_t *name)
v->flags = 0;
v->index = cmcf->variables.nelts - 1;
- return cmcf->variables.nelts - 1;
+ return v->index;
}
@@ -880,6 +902,61 @@ ngx_http_variable_argument(ngx_http_request_t *r, ngx_http_variable_value_t *v,
}
+#if (NGX_HAVE_TCP_INFO)
+
+static ngx_int_t
+ngx_http_variable_tcpinfo(ngx_http_request_t *r, ngx_http_variable_value_t *v,
+ uintptr_t data)
+{
+ struct tcp_info ti;
+ socklen_t len;
+ uint32_t value;
+
+ len = sizeof(struct tcp_info);
+ if (getsockopt(r->connection->fd, IPPROTO_TCP, TCP_INFO, &ti, &len) == -1) {
+ v->not_found = 1;
+ return NGX_OK;
+ }
+
+ v->data = ngx_pnalloc(r->pool, NGX_INT32_LEN);
+ if (v->data == NULL) {
+ return NGX_ERROR;
+ }
+
+ switch (data) {
+ case 0:
+ value = ti.tcpi_rtt;
+ break;
+
+ case 1:
+ value = ti.tcpi_rttvar;
+ break;
+
+ case 2:
+ value = ti.tcpi_snd_cwnd;
+ break;
+
+ case 3:
+ value = ti.tcpi_rcv_space;
+ break;
+
+ /* suppress warning */
+ default:
+ value = 0;
+ break;
+ }
+
+ v->len = ngx_sprintf(v->data, "%uD", value) - v->data;
+ v->valid = 1;
+ v->no_cacheable = 0;
+ v->not_found = 0;
+
+ return NGX_OK;
+}
+
+#endif
+
+
static ngx_int_t
ngx_http_variable_host(ngx_http_request_t *r, ngx_http_variable_value_t *v,
uintptr_t data)
@@ -1109,6 +1186,30 @@ ngx_http_variable_scheme(ngx_http_request_t *r,
static ngx_int_t
+ngx_http_variable_https(ngx_http_request_t *r,
+ ngx_http_variable_value_t *v, uintptr_t data)
+{
+#if (NGX_HTTP_SSL)
+
+ if (r->connection->ssl) {
+ v->len = sizeof("on") - 1;
+ v->valid = 1;
+ v->no_cacheable = 0;
+ v->not_found = 0;
+ v->data = (u_char *) "on";
+
+ return NGX_OK;
+ }
+
+#endif
+
+ *v = ngx_http_variable_null_value;
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
ngx_http_variable_is_args(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data)
{
@@ -1172,10 +1273,13 @@ static ngx_int_t
ngx_http_variable_realpath_root(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data)
{
+ u_char *real;
size_t len;
ngx_str_t path;
ngx_http_core_loc_conf_t *clcf;
- u_char real[NGX_MAX_PATH];
+#if (NGX_HAVE_MAX_PATH)
+ u_char buffer[NGX_MAX_PATH];
+#endif
clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
@@ -1197,7 +1301,15 @@ ngx_http_variable_realpath_root(ngx_http_request_t *r,
}
}
- if (ngx_realpath(path.data, real) == NULL) {
+#if (NGX_HAVE_MAX_PATH)
+ real = buffer;
+#else
+ real = NULL;
+#endif
+
+ real = ngx_realpath(path.data, real);
+
+ if (real == NULL) {
ngx_log_error(NGX_LOG_CRIT, r->connection->log, ngx_errno,
ngx_realpath_n " \"%s\" failed", path.data);
return NGX_ERROR;
@@ -1207,6 +1319,9 @@ ngx_http_variable_realpath_root(ngx_http_request_t *r,
v->data = ngx_pnalloc(r->pool, len);
if (v->data == NULL) {
+#if !(NGX_HAVE_MAX_PATH)
+ ngx_free(real);
+#endif
return NGX_ERROR;
}
@@ -1217,6 +1332,10 @@ ngx_http_variable_realpath_root(ngx_http_request_t *r,
ngx_memcpy(v->data, real, len);
+#if !(NGX_HAVE_MAX_PATH)
+ ngx_free(real);
+#endif
+
return NGX_OK;
}
diff --git a/usr.sbin/nginx/src/mail/ngx_mail.c b/usr.sbin/nginx/src/mail/ngx_mail.c
index c94281a15a2..49ec2e05b4d 100644
--- a/usr.sbin/nginx/src/mail/ngx_mail.c
+++ b/usr.sbin/nginx/src/mail/ngx_mail.c
@@ -309,6 +309,12 @@ found:
addr->ctx = listen->ctx;
addr->bind = listen->bind;
addr->wildcard = listen->wildcard;
+ addr->so_keepalive = listen->so_keepalive;
+#if (NGX_HAVE_KEEPALIVE_TUNABLE)
+ addr->tcp_keepidle = listen->tcp_keepidle;
+ addr->tcp_keepintvl = listen->tcp_keepintvl;
+ addr->tcp_keepcnt = listen->tcp_keepcnt;
+#endif
#if (NGX_MAIL_SSL)
addr->ssl = listen->ssl;
#endif
@@ -374,6 +380,13 @@ ngx_mail_optimize_servers(ngx_conf_t *cf, ngx_array_t *ports)
ls->log.data = &ls->addr_text;
ls->log.handler = ngx_accept_log_error;
+ ls->keepalive = addr[i].so_keepalive;
+#if (NGX_HAVE_KEEPALIVE_TUNABLE)
+ ls->keepidle = addr[i].tcp_keepidle;
+ ls->keepintvl = addr[i].tcp_keepintvl;
+ ls->keepcnt = addr[i].tcp_keepcnt;
+#endif
+
#if (NGX_HAVE_INET6 && defined IPV6_V6ONLY)
ls->ipv6only = addr[i].ipv6only;
#endif
diff --git a/usr.sbin/nginx/src/mail/ngx_mail.h b/usr.sbin/nginx/src/mail/ngx_mail.h
index 46a42dff62c..1fceb42856e 100644
--- a/usr.sbin/nginx/src/mail/ngx_mail.h
+++ b/usr.sbin/nginx/src/mail/ngx_mail.h
@@ -41,6 +41,12 @@ typedef struct {
#if (NGX_HAVE_INET6 && defined IPV6_V6ONLY)
unsigned ipv6only:2;
#endif
+ unsigned so_keepalive:2;
+#if (NGX_HAVE_KEEPALIVE_TUNABLE)
+ int tcp_keepidle;
+ int tcp_keepintvl;
+ int tcp_keepcnt;
+#endif
} ngx_mail_listen_t;
@@ -96,6 +102,12 @@ typedef struct {
#if (NGX_HAVE_INET6 && defined IPV6_V6ONLY)
unsigned ipv6only:2;
#endif
+ unsigned so_keepalive:2;
+#if (NGX_HAVE_KEEPALIVE_TUNABLE)
+ int tcp_keepidle;
+ int tcp_keepintvl;
+ int tcp_keepcnt;
+#endif
} ngx_mail_conf_addr_t;
diff --git a/usr.sbin/nginx/src/mail/ngx_mail_core_module.c b/usr.sbin/nginx/src/mail/ngx_mail_core_module.c
index c3528599cb0..f79913b0a46 100644
--- a/usr.sbin/nginx/src/mail/ngx_mail_core_module.c
+++ b/usr.sbin/nginx/src/mail/ngx_mail_core_module.c
@@ -25,6 +25,12 @@ static char *ngx_mail_core_resolver(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
+static ngx_conf_deprecated_t ngx_conf_deprecated_so_keepalive = {
+ ngx_conf_deprecated, "so_keepalive",
+ "so_keepalive\" parameter of the \"listen"
+};
+
+
static ngx_command_t ngx_mail_core_commands[] = {
{ ngx_string("server"),
@@ -53,7 +59,7 @@ static ngx_command_t ngx_mail_core_commands[] = {
ngx_conf_set_flag_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_core_srv_conf_t, so_keepalive),
- NULL },
+ &ngx_conf_deprecated_so_keepalive },
{ ngx_string("timeout"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
@@ -70,7 +76,7 @@ static ngx_command_t ngx_mail_core_commands[] = {
NULL },
{ ngx_string("resolver"),
- NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
+ NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_1MORE,
ngx_mail_core_resolver,
NGX_MAIL_SRV_CONF_OFFSET,
0,
@@ -447,6 +453,96 @@ ngx_mail_core_listen(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
#endif
}
+ if (ngx_strncmp(value[i].data, "so_keepalive=", 13) == 0) {
+
+ if (ngx_strcmp(&value[i].data[13], "on") == 0) {
+ ls->so_keepalive = 1;
+
+ } else if (ngx_strcmp(&value[i].data[13], "off") == 0) {
+ ls->so_keepalive = 2;
+
+ } else {
+
+#if (NGX_HAVE_KEEPALIVE_TUNABLE)
+ u_char *p, *end;
+ ngx_str_t s;
+
+ end = value[i].data + value[i].len;
+ s.data = value[i].data + 13;
+
+ p = ngx_strlchr(s.data, end, ':');
+ if (p == NULL) {
+ p = end;
+ }
+
+ if (p > s.data) {
+ s.len = p - s.data;
+
+ ls->tcp_keepidle = ngx_parse_time(&s, 1);
+ if (ls->tcp_keepidle == (time_t) NGX_ERROR) {
+ goto invalid_so_keepalive;
+ }
+ }
+
+ s.data = (p < end) ? (p + 1) : end;
+
+ p = ngx_strlchr(s.data, end, ':');
+ if (p == NULL) {
+ p = end;
+ }
+
+ if (p > s.data) {
+ s.len = p - s.data;
+
+ ls->tcp_keepintvl = ngx_parse_time(&s, 1);
+ if (ls->tcp_keepintvl == (time_t) NGX_ERROR) {
+ goto invalid_so_keepalive;
+ }
+ }
+
+ s.data = (p < end) ? (p + 1) : end;
+
+ if (s.data < end) {
+ s.len = end - s.data;
+
+ ls->tcp_keepcnt = ngx_atoi(s.data, s.len);
+ if (ls->tcp_keepcnt == NGX_ERROR) {
+ goto invalid_so_keepalive;
+ }
+ }
+
+ if (ls->tcp_keepidle == 0 && ls->tcp_keepintvl == 0
+ && ls->tcp_keepcnt == 0)
+ {
+ goto invalid_so_keepalive;
+ }
+
+ ls->so_keepalive = 1;
+
+#else
+
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "the \"so_keepalive\" parameter accepts "
+ "only \"on\" or \"off\" on this platform");
+ return NGX_CONF_ERROR;
+
+#endif
+ }
+
+ ls->bind = 1;
+
+ continue;
+
+#if (NGX_HAVE_KEEPALIVE_TUNABLE)
+ invalid_so_keepalive:
+
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "invalid so_keepalive value: \"%s\"",
+ &value[i].data[13]);
+ return NGX_CONF_ERROR;
+#endif
+ }
+
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"the invalid \"%V\" parameter", &value[i]);
return NGX_CONF_ERROR;
@@ -494,7 +590,6 @@ ngx_mail_core_resolver(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_mail_core_srv_conf_t *cscf = conf;
- ngx_url_t u;
ngx_str_t *value;
value = cf->args->elts;
@@ -508,19 +603,9 @@ ngx_mail_core_resolver(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
return NGX_CONF_OK;
}
- ngx_memzero(&u, sizeof(ngx_url_t));
-
- u.host = value[1];
- u.port = 53;
-
- if (ngx_inet_resolve_host(cf->pool, &u) != NGX_OK) {
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "%V: %s", &u.host, u.err);
- return NGX_CONF_ERROR;
- }
-
- cscf->resolver = ngx_resolver_create(cf, &u.addrs[0]);
+ cscf->resolver = ngx_resolver_create(cf, &value[1], cf->args->nelts - 1);
if (cscf->resolver == NULL) {
- return NGX_CONF_OK;
+ return NGX_CONF_ERROR;
}
return NGX_CONF_OK;
diff --git a/usr.sbin/nginx/src/os/unix/ngx_daemon.c b/usr.sbin/nginx/src/os/unix/ngx_daemon.c
index f18860bbe2f..ab672110838 100644
--- a/usr.sbin/nginx/src/os/unix/ngx_daemon.c
+++ b/usr.sbin/nginx/src/os/unix/ngx_daemon.c
@@ -9,7 +9,8 @@
#include <ngx_core.h>
-ngx_int_t ngx_daemon(ngx_log_t *log)
+ngx_int_t
+ngx_daemon(ngx_log_t *log)
{
int fd;
diff --git a/usr.sbin/nginx/src/os/unix/ngx_darwin.h b/usr.sbin/nginx/src/os/unix/ngx_darwin.h
index b3aba906be7..4d01b26ea54 100644
--- a/usr.sbin/nginx/src/os/unix/ngx_darwin.h
+++ b/usr.sbin/nginx/src/os/unix/ngx_darwin.h
@@ -9,6 +9,7 @@
#define _NGX_DARWIN_H_INCLUDED_
+void ngx_debug_init(void);
ngx_chain_t *ngx_darwin_sendfile_chain(ngx_connection_t *c, ngx_chain_t *in,
off_t limit);
@@ -16,5 +17,7 @@ extern int ngx_darwin_kern_osreldate;
extern int ngx_darwin_hw_ncpu;
extern u_long ngx_darwin_net_inet_tcp_sendspace;
+extern ngx_uint_t ngx_debug_malloc;
+
#endif /* _NGX_DARWIN_H_INCLUDED_ */
diff --git a/usr.sbin/nginx/src/os/unix/ngx_darwin_config.h b/usr.sbin/nginx/src/os/unix/ngx_darwin_config.h
index a24e43c2002..149778c29ad 100644
--- a/usr.sbin/nginx/src/os/unix/ngx_darwin_config.h
+++ b/usr.sbin/nginx/src/os/unix/ngx_darwin_config.h
@@ -88,6 +88,7 @@
#define NGX_HAVE_OS_SPECIFIC_INIT 1
+#define NGX_HAVE_DEBUG_MALLOC 1
extern char **environ;
diff --git a/usr.sbin/nginx/src/os/unix/ngx_darwin_init.c b/usr.sbin/nginx/src/os/unix/ngx_darwin_init.c
index 5c542cda818..e3cc5fe3eec 100644
--- a/usr.sbin/nginx/src/os/unix/ngx_darwin_init.c
+++ b/usr.sbin/nginx/src/os/unix/ngx_darwin_init.c
@@ -15,6 +15,8 @@ int ngx_darwin_hw_ncpu;
int ngx_darwin_kern_ipc_somaxconn;
u_long ngx_darwin_net_inet_tcp_sendspace;
+ngx_uint_t ngx_debug_malloc;
+
static ngx_os_io_t ngx_darwin_io = {
ngx_unix_recv,
@@ -56,6 +58,34 @@ sysctl_t sysctls[] = {
};
+void
+ngx_debug_init()
+{
+#if (NGX_DEBUG_MALLOC)
+
+ /*
+ * MacOSX 10.6, 10.7: MallocScribble fills freed memory with 0x55
+ * and fills allocated memory with 0xAA.
+ * MacOSX 10.4, 10.5: MallocScribble fills freed memory with 0x55,
+ * MallocPreScribble fills allocated memory with 0xAA.
+ * MacOSX 10.3: MallocScribble fills freed memory with 0x55,
+ * and no way to fill allocated memory.
+ */
+
+ setenv("MallocScribble", "1", 0);
+
+ ngx_debug_malloc = 1;
+
+#else
+
+ if (getenv("MallocScribble")) {
+ ngx_debug_malloc = 1;
+ }
+
+#endif
+}
+
+
ngx_int_t
ngx_os_specific_init(ngx_log_t *log)
{
diff --git a/usr.sbin/nginx/src/os/unix/ngx_darwin_sendfile_chain.c b/usr.sbin/nginx/src/os/unix/ngx_darwin_sendfile_chain.c
index ec247d21bfe..078d10b2429 100644
--- a/usr.sbin/nginx/src/os/unix/ngx_darwin_sendfile_chain.c
+++ b/usr.sbin/nginx/src/os/unix/ngx_darwin_sendfile_chain.c
@@ -103,10 +103,8 @@ ngx_darwin_sendfile_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit)
prev = NULL;
iov = NULL;
- for (cl = in;
- cl && header.nelts < IOV_MAX && send < limit;
- cl = cl->next)
- {
+ for (cl = in; cl && send < limit; cl = cl->next) {
+
if (ngx_buf_special(cl->buf)) {
continue;
}
@@ -125,6 +123,10 @@ ngx_darwin_sendfile_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit)
iov->iov_len += (size_t) size;
} else {
+ if (header.nelts >= IOV_MAX) {
+ break;
+ }
+
iov = ngx_array_push(&header);
if (iov == NULL) {
return NGX_CHAIN_ERROR;
@@ -178,7 +180,7 @@ ngx_darwin_sendfile_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit)
prev = NULL;
iov = NULL;
- while (cl && header.nelts < IOV_MAX && send < limit) {
+ while (cl && send < limit) {
if (ngx_buf_special(cl->buf)) {
cl = cl->next;
@@ -199,6 +201,10 @@ ngx_darwin_sendfile_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit)
iov->iov_len += (size_t) size;
} else {
+ if (trailer.nelts >= IOV_MAX) {
+ break;
+ }
+
iov = ngx_array_push(&trailer);
if (iov == NULL) {
return NGX_CHAIN_ERROR;
diff --git a/usr.sbin/nginx/src/os/unix/ngx_errno.h b/usr.sbin/nginx/src/os/unix/ngx_errno.h
index 092d05a0b7c..78af40bfe50 100644
--- a/usr.sbin/nginx/src/os/unix/ngx_errno.h
+++ b/usr.sbin/nginx/src/os/unix/ngx_errno.h
@@ -48,6 +48,11 @@ typedef int ngx_err_t;
#define NGX_EILSEQ EILSEQ
#define NGX_ENOMOREFILES 0
+#if (NGX_HAVE_OPENAT)
+#define NGX_EMLINK EMLINK
+#define NGX_ELOOP ELOOP
+#endif
+
#if (__hpux__)
#define NGX_EAGAIN EWOULDBLOCK
#else
diff --git a/usr.sbin/nginx/src/os/unix/ngx_files.h b/usr.sbin/nginx/src/os/unix/ngx_files.h
index 12988245a08..9c97e2bb789 100644
--- a/usr.sbin/nginx/src/os/unix/ngx_files.h
+++ b/usr.sbin/nginx/src/os/unix/ngx_files.h
@@ -76,6 +76,27 @@ typedef struct {
#define NGX_FILE_APPEND O_WRONLY|O_APPEND
#define NGX_FILE_NONBLOCK O_NONBLOCK
+#if (NGX_HAVE_OPENAT)
+#define NGX_FILE_NOFOLLOW O_NOFOLLOW
+
+#if defined(O_DIRECTORY)
+#define NGX_FILE_DIRECTORY O_DIRECTORY
+#else
+#define NGX_FILE_DIRECTORY 0
+#endif
+
+#if defined(O_SEARCH)
+#define NGX_FILE_SEARCH O_SEARCH|NGX_FILE_DIRECTORY
+
+#elif defined(O_EXEC)
+#define NGX_FILE_SEARCH O_EXEC|NGX_FILE_DIRECTORY
+
+#else
+#define NGX_FILE_SEARCH O_RDONLY|NGX_FILE_DIRECTORY
+#endif
+
+#endif /* NGX_HAVE_OPENAT */
+
#define NGX_FILE_DEFAULT_ACCESS 0644
#define NGX_FILE_OWNER_ACCESS 0600
@@ -179,14 +200,25 @@ void ngx_close_file_mapping(ngx_file_mapping_t *fm);
#endif
-#define ngx_realpath(p, r) realpath((char *) p, (char *) r)
+#define ngx_realpath(p, r) (u_char *) realpath((char *) p, (char *) r)
#define ngx_realpath_n "realpath()"
#define ngx_getcwd(buf, size) (getcwd((char *) buf, size) != NULL)
#define ngx_getcwd_n "getcwd()"
#define ngx_path_separator(c) ((c) == '/')
+
+#if defined(PATH_MAX)
+
+#define NGX_HAVE_MAX_PATH 1
#define NGX_MAX_PATH PATH_MAX
+#else
+
+#define NGX_MAX_PATH 4096
+
+#endif
+
+
#define NGX_DIR_MASK_LEN 0
@@ -325,6 +357,23 @@ ngx_int_t ngx_directio_off(ngx_fd_t fd);
size_t ngx_fs_bsize(u_char *name);
+#if (NGX_HAVE_OPENAT)
+
+#define ngx_openat_file(fd, name, mode, create, access) \
+ openat(fd, (const char *) name, mode|create, access)
+
+#define ngx_openat_file_n "openat()"
+
+#define ngx_file_at_info(fd, name, sb, flag) \
+ fstatat(fd, (const char *) name, sb, flag)
+
+#define ngx_file_at_info_n "fstatat()"
+
+#define NGX_AT_FDCWD (ngx_fd_t) AT_FDCWD
+
+#endif
+
+
#define ngx_stderr STDERR_FILENO
#define ngx_set_stderr(fd) dup2(fd, STDERR_FILENO)
#define ngx_set_stderr_n "dup2(STDERR_FILENO)"
diff --git a/usr.sbin/nginx/src/os/unix/ngx_freebsd.h b/usr.sbin/nginx/src/os/unix/ngx_freebsd.h
index 95bf57a702f..4f93da55cd2 100644
--- a/usr.sbin/nginx/src/os/unix/ngx_freebsd.h
+++ b/usr.sbin/nginx/src/os/unix/ngx_freebsd.h
@@ -9,6 +9,7 @@
#define _NGX_FREEBSD_H_INCLUDED_
+void ngx_debug_init(void);
ngx_chain_t *ngx_freebsd_sendfile_chain(ngx_connection_t *c, ngx_chain_t *in,
off_t limit);
@@ -18,7 +19,7 @@ extern u_long ngx_freebsd_net_inet_tcp_sendspace;
extern ngx_uint_t ngx_freebsd_sendfile_nbytes_bug;
extern ngx_uint_t ngx_freebsd_use_tcp_nopush;
-extern ngx_uint_t ngx_freebsd_debug_malloc;
+extern ngx_uint_t ngx_debug_malloc;
#endif /* _NGX_FREEBSD_H_INCLUDED_ */
diff --git a/usr.sbin/nginx/src/os/unix/ngx_freebsd_config.h b/usr.sbin/nginx/src/os/unix/ngx_freebsd_config.h
index f13793619b0..5b3ff278c01 100644
--- a/usr.sbin/nginx/src/os/unix/ngx_freebsd_config.h
+++ b/usr.sbin/nginx/src/os/unix/ngx_freebsd_config.h
@@ -23,6 +23,7 @@
#include <grp.h>
#include <dirent.h>
#include <glob.h>
+#include <time.h>
#include <sys/param.h> /* ALIGN() */
#include <sys/mount.h> /* statfs() */
@@ -110,6 +111,7 @@ pid_t rfork_thread(int flags, void *stack, int (*func)(void *arg), void *arg);
#define NGX_HAVE_OS_SPECIFIC_INIT 1
+#define NGX_HAVE_DEBUG_MALLOC 1
extern char **environ;
diff --git a/usr.sbin/nginx/src/os/unix/ngx_freebsd_init.c b/usr.sbin/nginx/src/os/unix/ngx_freebsd_init.c
index 02b3f2a7890..57af44a20cf 100644
--- a/usr.sbin/nginx/src/os/unix/ngx_freebsd_init.c
+++ b/usr.sbin/nginx/src/os/unix/ngx_freebsd_init.c
@@ -23,7 +23,8 @@ int ngx_freebsd_machdep_hlt_logical_cpus;
ngx_uint_t ngx_freebsd_sendfile_nbytes_bug;
ngx_uint_t ngx_freebsd_use_tcp_nopush;
-ngx_uint_t ngx_freebsd_debug_malloc;
+
+ngx_uint_t ngx_debug_malloc;
static ngx_os_io_t ngx_freebsd_io = {
@@ -81,7 +82,7 @@ ngx_debug_init()
malloc_options = "J";
#endif
- ngx_freebsd_debug_malloc = 1;
+ ngx_debug_malloc = 1;
#else
char *mo;
@@ -89,7 +90,7 @@ ngx_debug_init()
mo = getenv("MALLOC_OPTIONS");
if (mo && ngx_strchr(mo, 'J')) {
- ngx_freebsd_debug_malloc = 1;
+ ngx_debug_malloc = 1;
}
#endif
}
diff --git a/usr.sbin/nginx/src/os/unix/ngx_freebsd_rfork_thread.c b/usr.sbin/nginx/src/os/unix/ngx_freebsd_rfork_thread.c
index 9506b9de3ea..530ec4a53bb 100644
--- a/usr.sbin/nginx/src/os/unix/ngx_freebsd_rfork_thread.c
+++ b/usr.sbin/nginx/src/os/unix/ngx_freebsd_rfork_thread.c
@@ -11,14 +11,14 @@
/*
* The threads implementation uses the rfork(RFPROC|RFTHREAD|RFMEM) syscall
* to create threads. All threads use the stacks of the same size mmap()ed
- * below the main stack. Thus the current thread id is determinated via
+ * below the main stack. Thus the current thread id is determined via
* the stack pointer value.
*
* The mutex implementation uses the ngx_atomic_cmp_set() operation
* to acquire a mutex and the SysV semaphore to wait on a mutex and to wake up
* the waiting threads. The light mutex does not use semaphore, so after
* spinning in the lock the thread calls sched_yield(). However the light
- * mutecies are intended to be used with the "trylock" operation only.
+ * mutexes are intended to be used with the "trylock" operation only.
* The SysV semop() is a cheap syscall, particularly if it has little sembuf's
* and does not use SEM_UNDO.
*
diff --git a/usr.sbin/nginx/src/os/unix/ngx_freebsd_sendfile_chain.c b/usr.sbin/nginx/src/os/unix/ngx_freebsd_sendfile_chain.c
index 26b326705c5..f58b5c20fe1 100644
--- a/usr.sbin/nginx/src/os/unix/ngx_freebsd_sendfile_chain.c
+++ b/usr.sbin/nginx/src/os/unix/ngx_freebsd_sendfile_chain.c
@@ -18,7 +18,7 @@
* as the 11 full 1460-bytes packets, then one incomplete 324-bytes packet,
* and then again the 11 full 1460-bytes packets.
*
- * Threfore we use the TCP_NOPUSH option (similar to Linux's TCP_CORK)
+ * Therefore we use the TCP_NOPUSH option (similar to Linux's TCP_CORK)
* to postpone the sending - it not only sends a header and the first part of
* the file in one packet, but also sends the file pages in the full packets.
*
@@ -107,10 +107,8 @@ ngx_freebsd_sendfile_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit)
prev = NULL;
iov = NULL;
- for (cl = in;
- cl && header.nelts < IOV_MAX && send < limit;
- cl = cl->next)
- {
+ for (cl = in; cl && send < limit; cl = cl->next) {
+
if (ngx_buf_special(cl->buf)) {
continue;
}
@@ -129,6 +127,10 @@ ngx_freebsd_sendfile_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit)
iov->iov_len += (size_t) size;
} else {
+ if (header.nelts >= IOV_MAX){
+ break;
+ }
+
iov = ngx_array_push(&header);
if (iov == NULL) {
return NGX_CHAIN_ERROR;
@@ -183,7 +185,7 @@ ngx_freebsd_sendfile_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit)
prev = NULL;
iov = NULL;
- while (cl && header.nelts < IOV_MAX && send < limit) {
+ while (cl && send < limit) {
if (ngx_buf_special(cl->buf)) {
cl = cl->next;
@@ -204,6 +206,10 @@ ngx_freebsd_sendfile_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit)
iov->iov_len += (size_t) size;
} else {
+ if (trailer.nelts >= IOV_MAX){
+ break;
+ }
+
iov = ngx_array_push(&trailer);
if (iov == NULL) {
return NGX_CHAIN_ERROR;
diff --git a/usr.sbin/nginx/src/os/unix/ngx_gcc_atomic_sparc64.h b/usr.sbin/nginx/src/os/unix/ngx_gcc_atomic_sparc64.h
index d26e1307cb5..a84db354482 100644
--- a/usr.sbin/nginx/src/os/unix/ngx_gcc_atomic_sparc64.h
+++ b/usr.sbin/nginx/src/os/unix/ngx_gcc_atomic_sparc64.h
@@ -15,7 +15,7 @@
* r0 = [r1];
* }
*
- * so "r0 == r2" means that the operation was successfull.
+ * so "r0 == r2" means that the operation was successful.
*
*
* The "r" means the general register.
diff --git a/usr.sbin/nginx/src/os/unix/ngx_linux_config.h b/usr.sbin/nginx/src/os/unix/ngx_linux_config.h
index 7cf4eac4179..2834032dea0 100644
--- a/usr.sbin/nginx/src/os/unix/ngx_linux_config.h
+++ b/usr.sbin/nginx/src/os/unix/ngx_linux_config.h
@@ -109,6 +109,7 @@ typedef struct iocb ngx_aiocb_t;
#define NGX_HAVE_OS_SPECIFIC_INIT 1
+#define ngx_debug_init()
extern char **environ;
diff --git a/usr.sbin/nginx/src/os/unix/ngx_linux_sendfile_chain.c b/usr.sbin/nginx/src/os/unix/ngx_linux_sendfile_chain.c
index 4f6fdf5876c..e8f3d5a894e 100644
--- a/usr.sbin/nginx/src/os/unix/ngx_linux_sendfile_chain.c
+++ b/usr.sbin/nginx/src/os/unix/ngx_linux_sendfile_chain.c
@@ -89,10 +89,8 @@ ngx_linux_sendfile_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit)
/* create the iovec and coalesce the neighbouring bufs */
- for (cl = in;
- cl && header.nelts < IOV_MAX && send < limit;
- cl = cl->next)
- {
+ for (cl = in; cl && send < limit; cl = cl->next) {
+
if (ngx_buf_special(cl->buf)) {
continue;
}
@@ -132,6 +130,10 @@ ngx_linux_sendfile_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit)
iov->iov_len += (size_t) size;
} else {
+ if (header.nelts >= IOV_MAX) {
+ break;
+ }
+
iov = ngx_array_push(&header);
if (iov == NULL) {
return NGX_CHAIN_ERROR;
diff --git a/usr.sbin/nginx/src/os/unix/ngx_os.h b/usr.sbin/nginx/src/os/unix/ngx_os.h
index 705bc5870c3..c646e2aa5a8 100644
--- a/usr.sbin/nginx/src/os/unix/ngx_os.h
+++ b/usr.sbin/nginx/src/os/unix/ngx_os.h
@@ -32,7 +32,6 @@ typedef struct {
} ngx_os_io_t;
-void ngx_debug_init(void);
ngx_int_t ngx_os_init(ngx_log_t *log);
void ngx_os_status(ngx_log_t *log);
ngx_int_t ngx_os_specific_init(ngx_log_t *log);
diff --git a/usr.sbin/nginx/src/os/unix/ngx_posix_config.h b/usr.sbin/nginx/src/os/unix/ngx_posix_config.h
index 263ee69f889..4d432a7e32e 100644
--- a/usr.sbin/nginx/src/os/unix/ngx_posix_config.h
+++ b/usr.sbin/nginx/src/os/unix/ngx_posix_config.h
@@ -45,6 +45,7 @@
#include <grp.h>
#include <dirent.h>
#include <glob.h>
+#include <time.h>
#if (NGX_HAVE_SYS_PARAM_H)
#include <sys/param.h> /* statfs() */
#endif
@@ -126,6 +127,8 @@ typedef struct aiocb ngx_aiocb_t;
#define NGX_LISTEN_BACKLOG 511
+#define ngx_debug_init()
+
#if (__FreeBSD__) && (__FreeBSD_version < 400017)
diff --git a/usr.sbin/nginx/src/os/unix/ngx_process.c b/usr.sbin/nginx/src/os/unix/ngx_process.c
index f771b5aeda3..5713ca8e1b3 100644
--- a/usr.sbin/nginx/src/os/unix/ngx_process.c
+++ b/usr.sbin/nginx/src/os/unix/ngx_process.c
@@ -23,6 +23,7 @@ typedef struct {
static void ngx_execute_proc(ngx_cycle_t *cycle, void *data);
static void ngx_signal_handler(int signo);
static void ngx_process_get_status(void);
+static void ngx_unlock_mutexes(ngx_pid_t pid);
int ngx_argc;
@@ -498,17 +499,6 @@ ngx_process_get_status(void)
}
- if (ngx_accept_mutex_ptr) {
-
- /*
- * unlock the accept mutex if the abnormally exited process
- * held it
- */
-
- ngx_atomic_cmp_set(ngx_accept_mutex_ptr, pid, 0);
- }
-
-
one = 1;
process = "unknown process";
@@ -546,6 +536,55 @@ ngx_process_get_status(void)
process, pid, WEXITSTATUS(status));
ngx_processes[i].respawn = 0;
}
+
+ ngx_unlock_mutexes(pid);
+ }
+}
+
+
+static void
+ngx_unlock_mutexes(ngx_pid_t pid)
+{
+ ngx_uint_t i;
+ ngx_shm_zone_t *shm_zone;
+ ngx_list_part_t *part;
+ ngx_slab_pool_t *sp;
+
+ /*
+ * unlock the accept mutex if the abnormally exited process
+ * held it
+ */
+
+ if (ngx_accept_mutex_ptr) {
+ (void) ngx_shmtx_force_unlock(&ngx_accept_mutex, pid);
+ }
+
+ /*
+ * unlock shared memory mutexes if held by the abnormally exited
+ * process
+ */
+
+ part = (ngx_list_part_t *) &ngx_cycle->shared_memory.part;
+ shm_zone = part->elts;
+
+ for (i = 0; /* void */ ; i++) {
+
+ if (i >= part->nelts) {
+ if (part->next == NULL) {
+ break;
+ }
+ part = part->next;
+ shm_zone = part->elts;
+ i = 0;
+ }
+
+ sp = (ngx_slab_pool_t *) shm_zone[i].shm.addr;
+
+ if (ngx_shmtx_force_unlock(&sp->mutex, pid)) {
+ ngx_log_error(NGX_LOG_ALERT, ngx_cycle->log, 0,
+ "shared memory zone \"%V\" was locked by %P",
+ &shm_zone[i].shm.name, pid);
+ }
}
}
diff --git a/usr.sbin/nginx/src/os/unix/ngx_process.h b/usr.sbin/nginx/src/os/unix/ngx_process.h
index bd0252bd85f..7b5e8c0c25e 100644
--- a/usr.sbin/nginx/src/os/unix/ngx_process.h
+++ b/usr.sbin/nginx/src/os/unix/ngx_process.h
@@ -9,6 +9,7 @@
#define _NGX_PROCESS_H_INCLUDED_
+#include <ngx_setaffinity.h>
#include <ngx_setproctitle.h>
diff --git a/usr.sbin/nginx/src/os/unix/ngx_process_cycle.c b/usr.sbin/nginx/src/os/unix/ngx_process_cycle.c
index 7718483017d..b9d4c8c7ec5 100644
--- a/usr.sbin/nginx/src/os/unix/ngx_process_cycle.c
+++ b/usr.sbin/nginx/src/os/unix/ngx_process_cycle.c
@@ -63,7 +63,7 @@ ngx_int_t ngx_threads_n;
#endif
-u_long cpu_affinity;
+uint64_t cpu_affinity;
static u_char master_process[] = "master process";
@@ -251,6 +251,10 @@ ngx_master_process_cycle(ngx_cycle_t *cycle)
ngx_start_worker_processes(cycle, ccf->worker_processes,
NGX_PROCESS_JUST_RESPAWN);
ngx_start_cache_manager_processes(cycle, 1);
+
+ /* allow new processes to start */
+ ngx_msleep(100);
+
live = 1;
ngx_signal_worker_processes(cycle,
ngx_signal_value(NGX_SHUTDOWN_SIGNAL));
@@ -952,23 +956,10 @@ nochroot:
}
}
-#if (NGX_HAVE_SCHED_SETAFFINITY)
-
if (cpu_affinity) {
- ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0,
- "sched_setaffinity(0x%08Xl)", cpu_affinity);
-
- if (sched_setaffinity(0, sizeof(cpu_affinity),
- (cpu_set_t *) &cpu_affinity)
- == -1)
- {
- ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno,
- "sched_setaffinity(0x%08Xl) failed", cpu_affinity);
- }
+ ngx_setaffinity(cpu_affinity, cycle->log);
}
-#endif
-
#if (NGX_HAVE_PR_SET_DUMPABLE)
/* allow coredump after setuid() in Linux 2.4.x */
diff --git a/usr.sbin/nginx/src/os/unix/ngx_readv_chain.c b/usr.sbin/nginx/src/os/unix/ngx_readv_chain.c
index 373c4027cb3..7b6badfa825 100644
--- a/usr.sbin/nginx/src/os/unix/ngx_readv_chain.c
+++ b/usr.sbin/nginx/src/os/unix/ngx_readv_chain.c
@@ -71,6 +71,10 @@ ngx_readv_chain(ngx_connection_t *c, ngx_chain_t *chain)
iov->iov_len += chain->buf->end - chain->buf->last;
} else {
+ if (vec.nelts >= IOV_MAX) {
+ break;
+ }
+
iov = ngx_array_push(&vec);
if (iov == NULL) {
return NGX_ERROR;
@@ -195,6 +199,10 @@ ngx_readv_chain(ngx_connection_t *c, ngx_chain_t *chain)
iov->iov_len += chain->buf->end - chain->buf->last;
} else {
+ if (vec.nelts >= IOV_MAX) {
+ break;
+ }
+
iov = ngx_array_push(&vec);
if (iov == NULL) {
return NGX_ERROR;
diff --git a/usr.sbin/nginx/src/os/unix/ngx_setaffinity.c b/usr.sbin/nginx/src/os/unix/ngx_setaffinity.c
new file mode 100644
index 00000000000..8f6cf35948a
--- /dev/null
+++ b/usr.sbin/nginx/src/os/unix/ngx_setaffinity.c
@@ -0,0 +1,69 @@
+
+/*
+ * Copyright (C) Nginx, Inc.
+ */
+
+
+#include <ngx_config.h>
+#include <ngx_core.h>
+
+
+#if (NGX_HAVE_CPUSET_SETAFFINITY)
+
+#include <sys/cpuset.h>
+
+void
+ngx_setaffinity(uint64_t cpu_affinity, ngx_log_t *log)
+{
+ cpuset_t mask;
+ ngx_uint_t i;
+
+ ngx_log_error(NGX_LOG_NOTICE, log, 0,
+ "cpuset_setaffinity(0x%08Xl)", cpu_affinity);
+
+ CPU_ZERO(&mask);
+ i = 0;
+ do {
+ if (cpu_affinity & 1) {
+ CPU_SET(i, &mask);
+ }
+ i++;
+ cpu_affinity >>= 1;
+ } while (cpu_affinity);
+
+ if (cpuset_setaffinity(CPU_LEVEL_WHICH, CPU_WHICH_PID, -1,
+ sizeof(cpuset_t), &mask) == -1)
+ {
+ ngx_log_error(NGX_LOG_ALERT, log, ngx_errno,
+ "cpuset_setaffinity() failed");
+ }
+}
+
+#elif (NGX_HAVE_SCHED_SETAFFINITY)
+
+void
+ngx_setaffinity(uint64_t cpu_affinity, ngx_log_t *log)
+{
+ cpu_set_t mask;
+ ngx_uint_t i;
+
+ ngx_log_error(NGX_LOG_NOTICE, log, 0,
+ "sched_setaffinity(0x%08Xl)", cpu_affinity);
+
+ CPU_ZERO(&mask);
+ i = 0;
+ do {
+ if (cpu_affinity & 1) {
+ CPU_SET(i, &mask);
+ }
+ i++;
+ cpu_affinity >>= 1;
+ } while (cpu_affinity);
+
+ if (sched_setaffinity(0, sizeof(cpu_set_t), &mask) == -1) {
+ ngx_log_error(NGX_LOG_ALERT, log, ngx_errno,
+ "sched_setaffinity() failed");
+ }
+}
+
+#endif
diff --git a/usr.sbin/nginx/src/os/unix/ngx_setaffinity.h b/usr.sbin/nginx/src/os/unix/ngx_setaffinity.h
new file mode 100644
index 00000000000..33f5835dee6
--- /dev/null
+++ b/usr.sbin/nginx/src/os/unix/ngx_setaffinity.h
@@ -0,0 +1,23 @@
+
+/*
+ * Copyright (C) Nginx, Inc.
+ */
+
+#ifndef _NGX_SETAFFINITY_H_INCLUDED_
+#define _NGX_SETAFFINITY_H_INCLUDED_
+
+
+#if (NGX_HAVE_SCHED_SETAFFINITY || NGX_HAVE_CPUSET_SETAFFINITY)
+
+#define NGX_HAVE_CPU_AFFINITY 1
+
+void ngx_setaffinity(uint64_t cpu_affinity, ngx_log_t *log);
+
+#else
+
+#define ngx_setaffinity(cpu_affinity, log)
+
+#endif
+
+
+#endif /* _NGX_SETAFFINITY_H_INCLUDED_ */
diff --git a/usr.sbin/nginx/src/os/unix/ngx_setproctitle.c b/usr.sbin/nginx/src/os/unix/ngx_setproctitle.c
index a61fe1b9427..91afa519142 100644
--- a/usr.sbin/nginx/src/os/unix/ngx_setproctitle.c
+++ b/usr.sbin/nginx/src/os/unix/ngx_setproctitle.c
@@ -21,7 +21,7 @@
* from argv[0] for our process title.
*
* The Solaris's standard /bin/ps does not show the changed process title.
- * You have to use "/usr/ucb/ps -w" instead. Besides, the UCB ps dos not
+ * You have to use "/usr/ucb/ps -w" instead. Besides, the UCB ps does not
* show a new title if its length less than the origin command line length.
* To avoid it we append to a new title the origin command line in the
* parenthesis.
diff --git a/usr.sbin/nginx/src/os/unix/ngx_solaris_config.h b/usr.sbin/nginx/src/os/unix/ngx_solaris_config.h
index 278bfd29556..e664ba826c0 100644
--- a/usr.sbin/nginx/src/os/unix/ngx_solaris_config.h
+++ b/usr.sbin/nginx/src/os/unix/ngx_solaris_config.h
@@ -29,6 +29,7 @@
#include <grp.h>
#include <dirent.h>
#include <glob.h>
+#include <time.h>
#include <sys/statvfs.h> /* statvfs() */
#include <sys/filio.h> /* FIONBIO */
@@ -99,6 +100,7 @@
#define NGX_HAVE_OS_SPECIFIC_INIT 1
+#define ngx_debug_init()
extern char **environ;
diff --git a/usr.sbin/nginx/src/os/unix/ngx_solaris_sendfilev_chain.c b/usr.sbin/nginx/src/os/unix/ngx_solaris_sendfilev_chain.c
index d68220dc32f..f800c15f5c9 100644
--- a/usr.sbin/nginx/src/os/unix/ngx_solaris_sendfilev_chain.c
+++ b/usr.sbin/nginx/src/os/unix/ngx_solaris_sendfilev_chain.c
@@ -74,7 +74,6 @@ ngx_solaris_sendfilev_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit)
send = 0;
- complete = 0;
vec.elts = sfvs;
vec.size = sizeof(sendfilevec_t);
@@ -87,6 +86,7 @@ ngx_solaris_sendfilev_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit)
fprev = 0;
sfv = NULL;
eintr = 0;
+ complete = 0;
sent = 0;
prev_send = send;
@@ -94,8 +94,8 @@ ngx_solaris_sendfilev_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit)
/* create the sendfilevec and coalesce the neighbouring bufs */
- for (cl = in; cl && vec.nelts < IOV_MAX && send < limit; cl = cl->next)
- {
+ for (cl = in; cl && send < limit; cl = cl->next) {
+
if (ngx_buf_special(cl->buf)) {
continue;
}
@@ -113,6 +113,10 @@ ngx_solaris_sendfilev_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit)
sfv->sfv_len += (size_t) size;
} else {
+ if (vec.nelts >= IOV_MAX) {
+ break;
+ }
+
sfv = ngx_array_push(&vec);
if (sfv == NULL) {
return NGX_CHAIN_ERROR;
@@ -147,6 +151,10 @@ ngx_solaris_sendfilev_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit)
sfv->sfv_len += (size_t) size;
} else {
+ if (vec.nelts >= IOV_MAX) {
+ break;
+ }
+
sfv = ngx_array_push(&vec);
if (sfv == NULL) {
return NGX_CHAIN_ERROR;
diff --git a/usr.sbin/nginx/src/os/unix/ngx_writev_chain.c b/usr.sbin/nginx/src/os/unix/ngx_writev_chain.c
index 579fdecc897..805982d6558 100644
--- a/usr.sbin/nginx/src/os/unix/ngx_writev_chain.c
+++ b/usr.sbin/nginx/src/os/unix/ngx_writev_chain.c
@@ -54,7 +54,6 @@ ngx_writev_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit)
}
send = 0;
- complete = 0;
vec.elts = iovs;
vec.size = sizeof(struct iovec);
@@ -65,14 +64,15 @@ ngx_writev_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit)
prev = NULL;
iov = NULL;
eintr = 0;
+ complete = 0;
prev_send = send;
vec.nelts = 0;
/* create the iovec and coalesce the neighbouring bufs */
- for (cl = in; cl && vec.nelts < IOV_MAX && send < limit; cl = cl->next)
- {
+ for (cl = in; cl && send < limit; cl = cl->next) {
+
if (ngx_buf_special(cl->buf)) {
continue;
}
@@ -93,6 +93,10 @@ ngx_writev_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit)
iov->iov_len += size;
} else {
+ if (vec.nelts >= IOV_MAX) {
+ break;
+ }
+
iov = ngx_array_push(&vec);
if (iov == NULL) {
return NGX_CHAIN_ERROR;
diff --git a/usr.sbin/nginx/src/pcre/pcre_study.c b/usr.sbin/nginx/src/pcre/pcre_study.c
new file mode 100644
index 00000000000..61deb56f053
--- /dev/null
+++ b/usr.sbin/nginx/src/pcre/pcre_study.c
@@ -0,0 +1,1527 @@
+/*************************************************
+* Perl-Compatible Regular Expressions *
+*************************************************/
+
+/* PCRE is a library of functions to support regular expressions whose syntax
+and semantics are as close as possible to those of the Perl 5 language.
+
+ Written by Philip Hazel
+ Copyright (c) 1997-2012 University of Cambridge
+
+-----------------------------------------------------------------------------
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+ * Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ * Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ * Neither the name of the University of Cambridge nor the names of its
+ contributors may be used to endorse or promote products derived from
+ this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+-----------------------------------------------------------------------------
+*/
+
+
+/* This module contains the external function pcre_study(), along with local
+supporting functions. */
+
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "pcre_internal.h"
+
+#define SET_BIT(c) start_bits[c/8] |= (1 << (c&7))
+
+/* Returns from set_start_bits() */
+
+enum { SSB_FAIL, SSB_DONE, SSB_CONTINUE, SSB_UNKNOWN };
+
+
+
+/*************************************************
+* Find the minimum subject length for a group *
+*************************************************/
+
+/* Scan a parenthesized group and compute the minimum length of subject that
+is needed to match it. This is a lower bound; it does not mean there is a
+string of that length that matches. In UTF8 mode, the result is in characters
+rather than bytes.
+
+Arguments:
+ code pointer to start of group (the bracket)
+ startcode pointer to start of the whole pattern
+ options the compiling options
+ int RECURSE depth
+
+Returns: the minimum length
+ -1 if \C in UTF-8 mode or (*ACCEPT) was encountered
+ -2 internal error (missing capturing bracket)
+ -3 internal error (opcode not listed)
+*/
+
+static int
+find_minlength(const pcre_uchar *code, const pcre_uchar *startcode, int options,
+ int recurse_depth)
+{
+int length = -1;
+/* PCRE_UTF16 has the same value as PCRE_UTF8. */
+BOOL utf = (options & PCRE_UTF8) != 0;
+BOOL had_recurse = FALSE;
+register int branchlength = 0;
+register pcre_uchar *cc = (pcre_uchar *)code + 1 + LINK_SIZE;
+
+if (*code == OP_CBRA || *code == OP_SCBRA ||
+ *code == OP_CBRAPOS || *code == OP_SCBRAPOS) cc += IMM2_SIZE;
+
+/* Scan along the opcodes for this branch. If we get to the end of the
+branch, check the length against that of the other branches. */
+
+for (;;)
+ {
+ int d, min;
+ pcre_uchar *cs, *ce;
+ register int op = *cc;
+
+ switch (op)
+ {
+ case OP_COND:
+ case OP_SCOND:
+
+ /* If there is only one branch in a condition, the implied branch has zero
+ length, so we don't add anything. This covers the DEFINE "condition"
+ automatically. */
+
+ cs = cc + GET(cc, 1);
+ if (*cs != OP_ALT)
+ {
+ cc = cs + 1 + LINK_SIZE;
+ break;
+ }
+
+ /* Otherwise we can fall through and treat it the same as any other
+ subpattern. */
+
+ case OP_CBRA:
+ case OP_SCBRA:
+ case OP_BRA:
+ case OP_SBRA:
+ case OP_CBRAPOS:
+ case OP_SCBRAPOS:
+ case OP_BRAPOS:
+ case OP_SBRAPOS:
+ case OP_ONCE:
+ case OP_ONCE_NC:
+ d = find_minlength(cc, startcode, options, recurse_depth);
+ if (d < 0) return d;
+ branchlength += d;
+ do cc += GET(cc, 1); while (*cc == OP_ALT);
+ cc += 1 + LINK_SIZE;
+ break;
+
+ /* ACCEPT makes things far too complicated; we have to give up. */
+
+ case OP_ACCEPT:
+ case OP_ASSERT_ACCEPT:
+ return -1;
+
+ /* Reached end of a branch; if it's a ket it is the end of a nested
+ call. If it's ALT it is an alternation in a nested call. If it is END it's
+ the end of the outer call. All can be handled by the same code. If an
+ ACCEPT was previously encountered, use the length that was in force at that
+ time, and pass back the shortest ACCEPT length. */
+
+ case OP_ALT:
+ case OP_KET:
+ case OP_KETRMAX:
+ case OP_KETRMIN:
+ case OP_KETRPOS:
+ case OP_END:
+ if (length < 0 || (!had_recurse && branchlength < length))
+ length = branchlength;
+ if (op != OP_ALT) return length;
+ cc += 1 + LINK_SIZE;
+ branchlength = 0;
+ had_recurse = FALSE;
+ break;
+
+ /* Skip over assertive subpatterns */
+
+ case OP_ASSERT:
+ case OP_ASSERT_NOT:
+ case OP_ASSERTBACK:
+ case OP_ASSERTBACK_NOT:
+ do cc += GET(cc, 1); while (*cc == OP_ALT);
+ /* Fall through */
+
+ /* Skip over things that don't match chars */
+
+ case OP_REVERSE:
+ case OP_CREF:
+ case OP_NCREF:
+ case OP_RREF:
+ case OP_NRREF:
+ case OP_DEF:
+ case OP_CALLOUT:
+ case OP_SOD:
+ case OP_SOM:
+ case OP_EOD:
+ case OP_EODN:
+ case OP_CIRC:
+ case OP_CIRCM:
+ case OP_DOLL:
+ case OP_DOLLM:
+ case OP_NOT_WORD_BOUNDARY:
+ case OP_WORD_BOUNDARY:
+ cc += PRIV(OP_lengths)[*cc];
+ break;
+
+ /* Skip over a subpattern that has a {0} or {0,x} quantifier */
+
+ case OP_BRAZERO:
+ case OP_BRAMINZERO:
+ case OP_BRAPOSZERO:
+ case OP_SKIPZERO:
+ cc += PRIV(OP_lengths)[*cc];
+ do cc += GET(cc, 1); while (*cc == OP_ALT);
+ cc += 1 + LINK_SIZE;
+ break;
+
+ /* Handle literal characters and + repetitions */
+
+ case OP_CHAR:
+ case OP_CHARI:
+ case OP_NOT:
+ case OP_NOTI:
+ case OP_PLUS:
+ case OP_PLUSI:
+ case OP_MINPLUS:
+ case OP_MINPLUSI:
+ case OP_POSPLUS:
+ case OP_POSPLUSI:
+ case OP_NOTPLUS:
+ case OP_NOTPLUSI:
+ case OP_NOTMINPLUS:
+ case OP_NOTMINPLUSI:
+ case OP_NOTPOSPLUS:
+ case OP_NOTPOSPLUSI:
+ branchlength++;
+ cc += 2;
+#ifdef SUPPORT_UTF
+ if (utf && HAS_EXTRALEN(cc[-1])) cc += GET_EXTRALEN(cc[-1]);
+#endif
+ break;
+
+ case OP_TYPEPLUS:
+ case OP_TYPEMINPLUS:
+ case OP_TYPEPOSPLUS:
+ branchlength++;
+ cc += (cc[1] == OP_PROP || cc[1] == OP_NOTPROP)? 4 : 2;
+ break;
+
+ /* Handle exact repetitions. The count is already in characters, but we
+ need to skip over a multibyte character in UTF8 mode. */
+
+ case OP_EXACT:
+ case OP_EXACTI:
+ case OP_NOTEXACT:
+ case OP_NOTEXACTI:
+ branchlength += GET2(cc,1);
+ cc += 2 + IMM2_SIZE;
+#ifdef SUPPORT_UTF
+ if (utf && HAS_EXTRALEN(cc[-1])) cc += GET_EXTRALEN(cc[-1]);
+#endif
+ break;
+
+ case OP_TYPEEXACT:
+ branchlength += GET2(cc,1);
+ cc += 2 + IMM2_SIZE + ((cc[1 + IMM2_SIZE] == OP_PROP
+ || cc[1 + IMM2_SIZE] == OP_NOTPROP)? 2 : 0);
+ break;
+
+ /* Handle single-char non-literal matchers */
+
+ case OP_PROP:
+ case OP_NOTPROP:
+ cc += 2;
+ /* Fall through */
+
+ case OP_NOT_DIGIT:
+ case OP_DIGIT:
+ case OP_NOT_WHITESPACE:
+ case OP_WHITESPACE:
+ case OP_NOT_WORDCHAR:
+ case OP_WORDCHAR:
+ case OP_ANY:
+ case OP_ALLANY:
+ case OP_EXTUNI:
+ case OP_HSPACE:
+ case OP_NOT_HSPACE:
+ case OP_VSPACE:
+ case OP_NOT_VSPACE:
+ branchlength++;
+ cc++;
+ break;
+
+ /* "Any newline" might match two characters, but it also might match just
+ one. */
+
+ case OP_ANYNL:
+ branchlength += 1;
+ cc++;
+ break;
+
+ /* The single-byte matcher means we can't proceed in UTF-8 mode. (In
+ non-UTF-8 mode \C will actually be turned into OP_ALLANY, so won't ever
+ appear, but leave the code, just in case.) */
+
+ case OP_ANYBYTE:
+#ifdef SUPPORT_UTF
+ if (utf) return -1;
+#endif
+ branchlength++;
+ cc++;
+ break;
+
+ /* For repeated character types, we have to test for \p and \P, which have
+ an extra two bytes of parameters. */
+
+ case OP_TYPESTAR:
+ case OP_TYPEMINSTAR:
+ case OP_TYPEQUERY:
+ case OP_TYPEMINQUERY:
+ case OP_TYPEPOSSTAR:
+ case OP_TYPEPOSQUERY:
+ if (cc[1] == OP_PROP || cc[1] == OP_NOTPROP) cc += 2;
+ cc += PRIV(OP_lengths)[op];
+ break;
+
+ case OP_TYPEUPTO:
+ case OP_TYPEMINUPTO:
+ case OP_TYPEPOSUPTO:
+ if (cc[1 + IMM2_SIZE] == OP_PROP
+ || cc[1 + IMM2_SIZE] == OP_NOTPROP) cc += 2;
+ cc += PRIV(OP_lengths)[op];
+ break;
+
+ /* Check a class for variable quantification */
+
+#if defined SUPPORT_UTF || !defined COMPILE_PCRE8
+ case OP_XCLASS:
+ cc += GET(cc, 1) - PRIV(OP_lengths)[OP_CLASS];
+ /* Fall through */
+#endif
+
+ case OP_CLASS:
+ case OP_NCLASS:
+ cc += PRIV(OP_lengths)[OP_CLASS];
+
+ switch (*cc)
+ {
+ case OP_CRPLUS:
+ case OP_CRMINPLUS:
+ branchlength++;
+ /* Fall through */
+
+ case OP_CRSTAR:
+ case OP_CRMINSTAR:
+ case OP_CRQUERY:
+ case OP_CRMINQUERY:
+ cc++;
+ break;
+
+ case OP_CRRANGE:
+ case OP_CRMINRANGE:
+ branchlength += GET2(cc,1);
+ cc += 1 + 2 * IMM2_SIZE;
+ break;
+
+ default:
+ branchlength++;
+ break;
+ }
+ break;
+
+ /* Backreferences and subroutine calls are treated in the same way: we find
+ the minimum length for the subpattern. A recursion, however, causes an
+ a flag to be set that causes the length of this branch to be ignored. The
+ logic is that a recursion can only make sense if there is another
+ alternation that stops the recursing. That will provide the minimum length
+ (when no recursion happens). A backreference within the group that it is
+ referencing behaves in the same way.
+
+ If PCRE_JAVASCRIPT_COMPAT is set, a backreference to an unset bracket
+ matches an empty string (by default it causes a matching failure), so in
+ that case we must set the minimum length to zero. */
+
+ case OP_REF:
+ case OP_REFI:
+ if ((options & PCRE_JAVASCRIPT_COMPAT) == 0)
+ {
+ ce = cs = (pcre_uchar *)PRIV(find_bracket)(startcode, utf, GET2(cc, 1));
+ if (cs == NULL) return -2;
+ do ce += GET(ce, 1); while (*ce == OP_ALT);
+ if (cc > cs && cc < ce)
+ {
+ d = 0;
+ had_recurse = TRUE;
+ }
+ else
+ {
+ d = find_minlength(cs, startcode, options, recurse_depth);
+ }
+ }
+ else d = 0;
+ cc += 1 + IMM2_SIZE;
+
+ /* Handle repeated back references */
+
+ switch (*cc)
+ {
+ case OP_CRSTAR:
+ case OP_CRMINSTAR:
+ case OP_CRQUERY:
+ case OP_CRMINQUERY:
+ min = 0;
+ cc++;
+ break;
+
+ case OP_CRPLUS:
+ case OP_CRMINPLUS:
+ min = 1;
+ cc++;
+ break;
+
+ case OP_CRRANGE:
+ case OP_CRMINRANGE:
+ min = GET2(cc, 1);
+ cc += 1 + 2 * IMM2_SIZE;
+ break;
+
+ default:
+ min = 1;
+ break;
+ }
+
+ branchlength += min * d;
+ break;
+
+ /* We can easily detect direct recursion, but not mutual recursion. This is
+ caught by a recursion depth count. */
+
+ case OP_RECURSE:
+ cs = ce = (pcre_uchar *)startcode + GET(cc, 1);
+ do ce += GET(ce, 1); while (*ce == OP_ALT);
+ if ((cc > cs && cc < ce) || recurse_depth > 10)
+ had_recurse = TRUE;
+ else
+ {
+ branchlength += find_minlength(cs, startcode, options, recurse_depth + 1);
+ }
+ cc += 1 + LINK_SIZE;
+ break;
+
+ /* Anything else does not or need not match a character. We can get the
+ item's length from the table, but for those that can match zero occurrences
+ of a character, we must take special action for UTF-8 characters. As it
+ happens, the "NOT" versions of these opcodes are used at present only for
+ ASCII characters, so they could be omitted from this list. However, in
+ future that may change, so we include them here so as not to leave a
+ gotcha for a future maintainer. */
+
+ case OP_UPTO:
+ case OP_UPTOI:
+ case OP_NOTUPTO:
+ case OP_NOTUPTOI:
+ case OP_MINUPTO:
+ case OP_MINUPTOI:
+ case OP_NOTMINUPTO:
+ case OP_NOTMINUPTOI:
+ case OP_POSUPTO:
+ case OP_POSUPTOI:
+ case OP_NOTPOSUPTO:
+ case OP_NOTPOSUPTOI:
+
+ case OP_STAR:
+ case OP_STARI:
+ case OP_NOTSTAR:
+ case OP_NOTSTARI:
+ case OP_MINSTAR:
+ case OP_MINSTARI:
+ case OP_NOTMINSTAR:
+ case OP_NOTMINSTARI:
+ case OP_POSSTAR:
+ case OP_POSSTARI:
+ case OP_NOTPOSSTAR:
+ case OP_NOTPOSSTARI:
+
+ case OP_QUERY:
+ case OP_QUERYI:
+ case OP_NOTQUERY:
+ case OP_NOTQUERYI:
+ case OP_MINQUERY:
+ case OP_MINQUERYI:
+ case OP_NOTMINQUERY:
+ case OP_NOTMINQUERYI:
+ case OP_POSQUERY:
+ case OP_POSQUERYI:
+ case OP_NOTPOSQUERY:
+ case OP_NOTPOSQUERYI:
+
+ cc += PRIV(OP_lengths)[op];
+#ifdef SUPPORT_UTF
+ if (utf && HAS_EXTRALEN(cc[-1])) cc += GET_EXTRALEN(cc[-1]);
+#endif
+ break;
+
+ /* Skip these, but we need to add in the name length. */
+
+ case OP_MARK:
+ case OP_PRUNE_ARG:
+ case OP_SKIP_ARG:
+ case OP_THEN_ARG:
+ cc += PRIV(OP_lengths)[op] + cc[1];
+ break;
+
+ /* The remaining opcodes are just skipped over. */
+
+ case OP_CLOSE:
+ case OP_COMMIT:
+ case OP_FAIL:
+ case OP_PRUNE:
+ case OP_SET_SOM:
+ case OP_SKIP:
+ case OP_THEN:
+ cc += PRIV(OP_lengths)[op];
+ break;
+
+ /* This should not occur: we list all opcodes explicitly so that when
+ new ones get added they are properly considered. */
+
+ default:
+ return -3;
+ }
+ }
+/* Control never gets here */
+}
+
+
+
+/*************************************************
+* Set a bit and maybe its alternate case *
+*************************************************/
+
+/* Given a character, set its first byte's bit in the table, and also the
+corresponding bit for the other version of a letter if we are caseless. In
+UTF-8 mode, for characters greater than 127, we can only do the caseless thing
+when Unicode property support is available.
+
+Arguments:
+ start_bits points to the bit map
+ p points to the character
+ caseless the caseless flag
+ cd the block with char table pointers
+ utf TRUE for UTF-8 / UTF-16 mode
+
+Returns: pointer after the character
+*/
+
+static const pcre_uchar *
+set_table_bit(pcre_uint8 *start_bits, const pcre_uchar *p, BOOL caseless,
+ compile_data *cd, BOOL utf)
+{
+unsigned int c = *p;
+
+#ifdef COMPILE_PCRE8
+SET_BIT(c);
+
+#ifdef SUPPORT_UTF
+if (utf && c > 127)
+ {
+ GETCHARINC(c, p);
+#ifdef SUPPORT_UCP
+ if (caseless)
+ {
+ pcre_uchar buff[6];
+ c = UCD_OTHERCASE(c);
+ (void)PRIV(ord2utf)(c, buff);
+ SET_BIT(buff[0]);
+ }
+#endif
+ return p;
+ }
+#endif
+
+/* Not UTF-8 mode, or character is less than 127. */
+
+if (caseless && (cd->ctypes[c] & ctype_letter) != 0) SET_BIT(cd->fcc[c]);
+return p + 1;
+#endif
+
+#ifdef COMPILE_PCRE16
+if (c > 0xff)
+ {
+ c = 0xff;
+ caseless = FALSE;
+ }
+SET_BIT(c);
+
+#ifdef SUPPORT_UTF
+if (utf && c > 127)
+ {
+ GETCHARINC(c, p);
+#ifdef SUPPORT_UCP
+ if (caseless)
+ {
+ c = UCD_OTHERCASE(c);
+ if (c > 0xff)
+ c = 0xff;
+ SET_BIT(c);
+ }
+#endif
+ return p;
+ }
+#endif
+
+if (caseless && (cd->ctypes[c] & ctype_letter) != 0) SET_BIT(cd->fcc[c]);
+return p + 1;
+#endif
+}
+
+
+
+/*************************************************
+* Set bits for a positive character type *
+*************************************************/
+
+/* This function sets starting bits for a character type. In UTF-8 mode, we can
+only do a direct setting for bytes less than 128, as otherwise there can be
+confusion with bytes in the middle of UTF-8 characters. In a "traditional"
+environment, the tables will only recognize ASCII characters anyway, but in at
+least one Windows environment, some higher bytes bits were set in the tables.
+So we deal with that case by considering the UTF-8 encoding.
+
+Arguments:
+ start_bits the starting bitmap
+ cbit type the type of character wanted
+ table_limit 32 for non-UTF-8; 16 for UTF-8
+ cd the block with char table pointers
+
+Returns: nothing
+*/
+
+static void
+set_type_bits(pcre_uint8 *start_bits, int cbit_type, int table_limit,
+ compile_data *cd)
+{
+register int c;
+for (c = 0; c < table_limit; c++) start_bits[c] |= cd->cbits[c+cbit_type];
+#if defined SUPPORT_UTF && defined COMPILE_PCRE8
+if (table_limit == 32) return;
+for (c = 128; c < 256; c++)
+ {
+ if ((cd->cbits[c/8] & (1 << (c&7))) != 0)
+ {
+ pcre_uchar buff[6];
+ (void)PRIV(ord2utf)(c, buff);
+ SET_BIT(buff[0]);
+ }
+ }
+#endif
+}
+
+
+/*************************************************
+* Set bits for a negative character type *
+*************************************************/
+
+/* This function sets starting bits for a negative character type such as \D.
+In UTF-8 mode, we can only do a direct setting for bytes less than 128, as
+otherwise there can be confusion with bytes in the middle of UTF-8 characters.
+Unlike in the positive case, where we can set appropriate starting bits for
+specific high-valued UTF-8 characters, in this case we have to set the bits for
+all high-valued characters. The lowest is 0xc2, but we overkill by starting at
+0xc0 (192) for simplicity.
+
+Arguments:
+ start_bits the starting bitmap
+ cbit type the type of character wanted
+ table_limit 32 for non-UTF-8; 16 for UTF-8
+ cd the block with char table pointers
+
+Returns: nothing
+*/
+
+static void
+set_nottype_bits(pcre_uint8 *start_bits, int cbit_type, int table_limit,
+ compile_data *cd)
+{
+register int c;
+for (c = 0; c < table_limit; c++) start_bits[c] |= ~cd->cbits[c+cbit_type];
+#if defined SUPPORT_UTF && defined COMPILE_PCRE8
+if (table_limit != 32) for (c = 24; c < 32; c++) start_bits[c] = 0xff;
+#endif
+}
+
+
+
+/*************************************************
+* Create bitmap of starting bytes *
+*************************************************/
+
+/* This function scans a compiled unanchored expression recursively and
+attempts to build a bitmap of the set of possible starting bytes. As time goes
+by, we may be able to get more clever at doing this. The SSB_CONTINUE return is
+useful for parenthesized groups in patterns such as (a*)b where the group
+provides some optional starting bytes but scanning must continue at the outer
+level to find at least one mandatory byte. At the outermost level, this
+function fails unless the result is SSB_DONE.
+
+Arguments:
+ code points to an expression
+ start_bits points to a 32-byte table, initialized to 0
+ utf TRUE if in UTF-8 / UTF-16 mode
+ cd the block with char table pointers
+
+Returns: SSB_FAIL => Failed to find any starting bytes
+ SSB_DONE => Found mandatory starting bytes
+ SSB_CONTINUE => Found optional starting bytes
+ SSB_UNKNOWN => Hit an unrecognized opcode
+*/
+
+static int
+set_start_bits(const pcre_uchar *code, pcre_uint8 *start_bits, BOOL utf,
+ compile_data *cd)
+{
+register int c;
+int yield = SSB_DONE;
+#if defined SUPPORT_UTF && defined COMPILE_PCRE8
+int table_limit = utf? 16:32;
+#else
+int table_limit = 32;
+#endif
+
+#if 0
+/* ========================================================================= */
+/* The following comment and code was inserted in January 1999. In May 2006,
+when it was observed to cause compiler warnings about unused values, I took it
+out again. If anybody is still using OS/2, they will have to put it back
+manually. */
+
+/* This next statement and the later reference to dummy are here in order to
+trick the optimizer of the IBM C compiler for OS/2 into generating correct
+code. Apparently IBM isn't going to fix the problem, and we would rather not
+disable optimization (in this module it actually makes a big difference, and
+the pcre module can use all the optimization it can get). */
+
+volatile int dummy;
+/* ========================================================================= */
+#endif
+
+do
+ {
+ BOOL try_next = TRUE;
+ const pcre_uchar *tcode = code + 1 + LINK_SIZE;
+
+ if (*code == OP_CBRA || *code == OP_SCBRA ||
+ *code == OP_CBRAPOS || *code == OP_SCBRAPOS) tcode += IMM2_SIZE;
+
+ while (try_next) /* Loop for items in this branch */
+ {
+ int rc;
+
+ switch(*tcode)
+ {
+ /* If we reach something we don't understand, it means a new opcode has
+ been created that hasn't been added to this code. Hopefully this problem
+ will be discovered during testing. */
+
+ default:
+ return SSB_UNKNOWN;
+
+ /* Fail for a valid opcode that implies no starting bits. */
+
+ case OP_ACCEPT:
+ case OP_ASSERT_ACCEPT:
+ case OP_ALLANY:
+ case OP_ANY:
+ case OP_ANYBYTE:
+ case OP_CIRC:
+ case OP_CIRCM:
+ case OP_CLOSE:
+ case OP_COMMIT:
+ case OP_COND:
+ case OP_CREF:
+ case OP_DEF:
+ case OP_DOLL:
+ case OP_DOLLM:
+ case OP_END:
+ case OP_EOD:
+ case OP_EODN:
+ case OP_EXTUNI:
+ case OP_FAIL:
+ case OP_MARK:
+ case OP_NCREF:
+ case OP_NOT:
+ case OP_NOTEXACT:
+ case OP_NOTEXACTI:
+ case OP_NOTI:
+ case OP_NOTMINPLUS:
+ case OP_NOTMINPLUSI:
+ case OP_NOTMINQUERY:
+ case OP_NOTMINQUERYI:
+ case OP_NOTMINSTAR:
+ case OP_NOTMINSTARI:
+ case OP_NOTMINUPTO:
+ case OP_NOTMINUPTOI:
+ case OP_NOTPLUS:
+ case OP_NOTPLUSI:
+ case OP_NOTPOSPLUS:
+ case OP_NOTPOSPLUSI:
+ case OP_NOTPOSQUERY:
+ case OP_NOTPOSQUERYI:
+ case OP_NOTPOSSTAR:
+ case OP_NOTPOSSTARI:
+ case OP_NOTPOSUPTO:
+ case OP_NOTPOSUPTOI:
+ case OP_NOTPROP:
+ case OP_NOTQUERY:
+ case OP_NOTQUERYI:
+ case OP_NOTSTAR:
+ case OP_NOTSTARI:
+ case OP_NOTUPTO:
+ case OP_NOTUPTOI:
+ case OP_NOT_HSPACE:
+ case OP_NOT_VSPACE:
+ case OP_NRREF:
+ case OP_PROP:
+ case OP_PRUNE:
+ case OP_PRUNE_ARG:
+ case OP_RECURSE:
+ case OP_REF:
+ case OP_REFI:
+ case OP_REVERSE:
+ case OP_RREF:
+ case OP_SCOND:
+ case OP_SET_SOM:
+ case OP_SKIP:
+ case OP_SKIP_ARG:
+ case OP_SOD:
+ case OP_SOM:
+ case OP_THEN:
+ case OP_THEN_ARG:
+#if defined SUPPORT_UTF || !defined COMPILE_PCRE8
+ case OP_XCLASS:
+#endif
+ return SSB_FAIL;
+
+ /* We can ignore word boundary tests. */
+
+ case OP_WORD_BOUNDARY:
+ case OP_NOT_WORD_BOUNDARY:
+ tcode++;
+ break;
+
+ /* If we hit a bracket or a positive lookahead assertion, recurse to set
+ bits from within the subpattern. If it can't find anything, we have to
+ give up. If it finds some mandatory character(s), we are done for this
+ branch. Otherwise, carry on scanning after the subpattern. */
+
+ case OP_BRA:
+ case OP_SBRA:
+ case OP_CBRA:
+ case OP_SCBRA:
+ case OP_BRAPOS:
+ case OP_SBRAPOS:
+ case OP_CBRAPOS:
+ case OP_SCBRAPOS:
+ case OP_ONCE:
+ case OP_ONCE_NC:
+ case OP_ASSERT:
+ rc = set_start_bits(tcode, start_bits, utf, cd);
+ if (rc == SSB_FAIL || rc == SSB_UNKNOWN) return rc;
+ if (rc == SSB_DONE) try_next = FALSE; else
+ {
+ do tcode += GET(tcode, 1); while (*tcode == OP_ALT);
+ tcode += 1 + LINK_SIZE;
+ }
+ break;
+
+ /* If we hit ALT or KET, it means we haven't found anything mandatory in
+ this branch, though we might have found something optional. For ALT, we
+ continue with the next alternative, but we have to arrange that the final
+ result from subpattern is SSB_CONTINUE rather than SSB_DONE. For KET,
+ return SSB_CONTINUE: if this is the top level, that indicates failure,
+ but after a nested subpattern, it causes scanning to continue. */
+
+ case OP_ALT:
+ yield = SSB_CONTINUE;
+ try_next = FALSE;
+ break;
+
+ case OP_KET:
+ case OP_KETRMAX:
+ case OP_KETRMIN:
+ case OP_KETRPOS:
+ return SSB_CONTINUE;
+
+ /* Skip over callout */
+
+ case OP_CALLOUT:
+ tcode += 2 + 2*LINK_SIZE;
+ break;
+
+ /* Skip over lookbehind and negative lookahead assertions */
+
+ case OP_ASSERT_NOT:
+ case OP_ASSERTBACK:
+ case OP_ASSERTBACK_NOT:
+ do tcode += GET(tcode, 1); while (*tcode == OP_ALT);
+ tcode += 1 + LINK_SIZE;
+ break;
+
+ /* BRAZERO does the bracket, but carries on. */
+
+ case OP_BRAZERO:
+ case OP_BRAMINZERO:
+ case OP_BRAPOSZERO:
+ rc = set_start_bits(++tcode, start_bits, utf, cd);
+ if (rc == SSB_FAIL || rc == SSB_UNKNOWN) return rc;
+/* =========================================================================
+ See the comment at the head of this function concerning the next line,
+ which was an old fudge for the benefit of OS/2.
+ dummy = 1;
+ ========================================================================= */
+ do tcode += GET(tcode,1); while (*tcode == OP_ALT);
+ tcode += 1 + LINK_SIZE;
+ break;
+
+ /* SKIPZERO skips the bracket. */
+
+ case OP_SKIPZERO:
+ tcode++;
+ do tcode += GET(tcode,1); while (*tcode == OP_ALT);
+ tcode += 1 + LINK_SIZE;
+ break;
+
+ /* Single-char * or ? sets the bit and tries the next item */
+
+ case OP_STAR:
+ case OP_MINSTAR:
+ case OP_POSSTAR:
+ case OP_QUERY:
+ case OP_MINQUERY:
+ case OP_POSQUERY:
+ tcode = set_table_bit(start_bits, tcode + 1, FALSE, cd, utf);
+ break;
+
+ case OP_STARI:
+ case OP_MINSTARI:
+ case OP_POSSTARI:
+ case OP_QUERYI:
+ case OP_MINQUERYI:
+ case OP_POSQUERYI:
+ tcode = set_table_bit(start_bits, tcode + 1, TRUE, cd, utf);
+ break;
+
+ /* Single-char upto sets the bit and tries the next */
+
+ case OP_UPTO:
+ case OP_MINUPTO:
+ case OP_POSUPTO:
+ tcode = set_table_bit(start_bits, tcode + 1 + IMM2_SIZE, FALSE, cd, utf);
+ break;
+
+ case OP_UPTOI:
+ case OP_MINUPTOI:
+ case OP_POSUPTOI:
+ tcode = set_table_bit(start_bits, tcode + 1 + IMM2_SIZE, TRUE, cd, utf);
+ break;
+
+ /* At least one single char sets the bit and stops */
+
+ case OP_EXACT:
+ tcode += IMM2_SIZE;
+ /* Fall through */
+ case OP_CHAR:
+ case OP_PLUS:
+ case OP_MINPLUS:
+ case OP_POSPLUS:
+ (void)set_table_bit(start_bits, tcode + 1, FALSE, cd, utf);
+ try_next = FALSE;
+ break;
+
+ case OP_EXACTI:
+ tcode += IMM2_SIZE;
+ /* Fall through */
+ case OP_CHARI:
+ case OP_PLUSI:
+ case OP_MINPLUSI:
+ case OP_POSPLUSI:
+ (void)set_table_bit(start_bits, tcode + 1, TRUE, cd, utf);
+ try_next = FALSE;
+ break;
+
+ /* Special spacing and line-terminating items. These recognize specific
+ lists of characters. The difference between VSPACE and ANYNL is that the
+ latter can match the two-character CRLF sequence, but that is not
+ relevant for finding the first character, so their code here is
+ identical. */
+
+ case OP_HSPACE:
+ SET_BIT(0x09);
+ SET_BIT(0x20);
+#ifdef SUPPORT_UTF
+ if (utf)
+ {
+#ifdef COMPILE_PCRE8
+ SET_BIT(0xC2); /* For U+00A0 */
+ SET_BIT(0xE1); /* For U+1680, U+180E */
+ SET_BIT(0xE2); /* For U+2000 - U+200A, U+202F, U+205F */
+ SET_BIT(0xE3); /* For U+3000 */
+#endif
+#ifdef COMPILE_PCRE16
+ SET_BIT(0xA0);
+ SET_BIT(0xFF); /* For characters > 255 */
+#endif
+ }
+ else
+#endif /* SUPPORT_UTF */
+ {
+ SET_BIT(0xA0);
+#ifdef COMPILE_PCRE16
+ SET_BIT(0xFF); /* For characters > 255 */
+#endif
+ }
+ try_next = FALSE;
+ break;
+
+ case OP_ANYNL:
+ case OP_VSPACE:
+ SET_BIT(0x0A);
+ SET_BIT(0x0B);
+ SET_BIT(0x0C);
+ SET_BIT(0x0D);
+#ifdef SUPPORT_UTF
+ if (utf)
+ {
+#ifdef COMPILE_PCRE8
+ SET_BIT(0xC2); /* For U+0085 */
+ SET_BIT(0xE2); /* For U+2028, U+2029 */
+#endif
+#ifdef COMPILE_PCRE16
+ SET_BIT(0x85);
+ SET_BIT(0xFF); /* For characters > 255 */
+#endif
+ }
+ else
+#endif /* SUPPORT_UTF */
+ {
+ SET_BIT(0x85);
+#ifdef COMPILE_PCRE16
+ SET_BIT(0xFF); /* For characters > 255 */
+#endif
+ }
+ try_next = FALSE;
+ break;
+
+ /* Single character types set the bits and stop. Note that if PCRE_UCP
+ is set, we do not see these op codes because \d etc are converted to
+ properties. Therefore, these apply in the case when only characters less
+ than 256 are recognized to match the types. */
+
+ case OP_NOT_DIGIT:
+ set_nottype_bits(start_bits, cbit_digit, table_limit, cd);
+ try_next = FALSE;
+ break;
+
+ case OP_DIGIT:
+ set_type_bits(start_bits, cbit_digit, table_limit, cd);
+ try_next = FALSE;
+ break;
+
+ /* The cbit_space table has vertical tab as whitespace; we have to
+ ensure it is set as not whitespace. */
+
+ case OP_NOT_WHITESPACE:
+ set_nottype_bits(start_bits, cbit_space, table_limit, cd);
+ start_bits[1] |= 0x08;
+ try_next = FALSE;
+ break;
+
+ /* The cbit_space table has vertical tab as whitespace; we have to
+ not set it from the table. */
+
+ case OP_WHITESPACE:
+ c = start_bits[1]; /* Save in case it was already set */
+ set_type_bits(start_bits, cbit_space, table_limit, cd);
+ start_bits[1] = (start_bits[1] & ~0x08) | c;
+ try_next = FALSE;
+ break;
+
+ case OP_NOT_WORDCHAR:
+ set_nottype_bits(start_bits, cbit_word, table_limit, cd);
+ try_next = FALSE;
+ break;
+
+ case OP_WORDCHAR:
+ set_type_bits(start_bits, cbit_word, table_limit, cd);
+ try_next = FALSE;
+ break;
+
+ /* One or more character type fudges the pointer and restarts, knowing
+ it will hit a single character type and stop there. */
+
+ case OP_TYPEPLUS:
+ case OP_TYPEMINPLUS:
+ case OP_TYPEPOSPLUS:
+ tcode++;
+ break;
+
+ case OP_TYPEEXACT:
+ tcode += 1 + IMM2_SIZE;
+ break;
+
+ /* Zero or more repeats of character types set the bits and then
+ try again. */
+
+ case OP_TYPEUPTO:
+ case OP_TYPEMINUPTO:
+ case OP_TYPEPOSUPTO:
+ tcode += IMM2_SIZE; /* Fall through */
+
+ case OP_TYPESTAR:
+ case OP_TYPEMINSTAR:
+ case OP_TYPEPOSSTAR:
+ case OP_TYPEQUERY:
+ case OP_TYPEMINQUERY:
+ case OP_TYPEPOSQUERY:
+ switch(tcode[1])
+ {
+ default:
+ case OP_ANY:
+ case OP_ALLANY:
+ return SSB_FAIL;
+
+ case OP_HSPACE:
+ SET_BIT(0x09);
+ SET_BIT(0x20);
+#ifdef COMPILE_PCRE8
+ if (utf)
+ {
+#ifdef COMPILE_PCRE8
+ SET_BIT(0xC2); /* For U+00A0 */
+ SET_BIT(0xE1); /* For U+1680, U+180E */
+ SET_BIT(0xE2); /* For U+2000 - U+200A, U+202F, U+205F */
+ SET_BIT(0xE3); /* For U+3000 */
+#endif
+#ifdef COMPILE_PCRE16
+ SET_BIT(0xA0);
+ SET_BIT(0xFF); /* For characters > 255 */
+#endif
+ }
+ else
+#endif /* SUPPORT_UTF */
+ SET_BIT(0xA0);
+ break;
+
+ case OP_ANYNL:
+ case OP_VSPACE:
+ SET_BIT(0x0A);
+ SET_BIT(0x0B);
+ SET_BIT(0x0C);
+ SET_BIT(0x0D);
+#ifdef COMPILE_PCRE8
+ if (utf)
+ {
+#ifdef COMPILE_PCRE8
+ SET_BIT(0xC2); /* For U+0085 */
+ SET_BIT(0xE2); /* For U+2028, U+2029 */
+#endif
+#ifdef COMPILE_PCRE16
+ SET_BIT(0x85);
+ SET_BIT(0xFF); /* For characters > 255 */
+#endif
+ }
+ else
+#endif /* SUPPORT_UTF */
+ SET_BIT(0x85);
+ break;
+
+ case OP_NOT_DIGIT:
+ set_nottype_bits(start_bits, cbit_digit, table_limit, cd);
+ break;
+
+ case OP_DIGIT:
+ set_type_bits(start_bits, cbit_digit, table_limit, cd);
+ break;
+
+ /* The cbit_space table has vertical tab as whitespace; we have to
+ ensure it gets set as not whitespace. */
+
+ case OP_NOT_WHITESPACE:
+ set_nottype_bits(start_bits, cbit_space, table_limit, cd);
+ start_bits[1] |= 0x08;
+ break;
+
+ /* The cbit_space table has vertical tab as whitespace; we have to
+ avoid setting it. */
+
+ case OP_WHITESPACE:
+ c = start_bits[1]; /* Save in case it was already set */
+ set_type_bits(start_bits, cbit_space, table_limit, cd);
+ start_bits[1] = (start_bits[1] & ~0x08) | c;
+ break;
+
+ case OP_NOT_WORDCHAR:
+ set_nottype_bits(start_bits, cbit_word, table_limit, cd);
+ break;
+
+ case OP_WORDCHAR:
+ set_type_bits(start_bits, cbit_word, table_limit, cd);
+ break;
+ }
+
+ tcode += 2;
+ break;
+
+ /* Character class where all the information is in a bit map: set the
+ bits and either carry on or not, according to the repeat count. If it was
+ a negative class, and we are operating with UTF-8 characters, any byte
+ with a value >= 0xc4 is a potentially valid starter because it starts a
+ character with a value > 255. */
+
+ case OP_NCLASS:
+#if defined SUPPORT_UTF && defined COMPILE_PCRE8
+ if (utf)
+ {
+ start_bits[24] |= 0xf0; /* Bits for 0xc4 - 0xc8 */
+ memset(start_bits+25, 0xff, 7); /* Bits for 0xc9 - 0xff */
+ }
+#endif
+#ifdef COMPILE_PCRE16
+ SET_BIT(0xFF); /* For characters > 255 */
+#endif
+ /* Fall through */
+
+ case OP_CLASS:
+ {
+ pcre_uint8 *map;
+ tcode++;
+ map = (pcre_uint8 *)tcode;
+
+ /* In UTF-8 mode, the bits in a bit map correspond to character
+ values, not to byte values. However, the bit map we are constructing is
+ for byte values. So we have to do a conversion for characters whose
+ value is > 127. In fact, there are only two possible starting bytes for
+ characters in the range 128 - 255. */
+
+#if defined SUPPORT_UTF && defined COMPILE_PCRE8
+ if (utf)
+ {
+ for (c = 0; c < 16; c++) start_bits[c] |= map[c];
+ for (c = 128; c < 256; c++)
+ {
+ if ((map[c/8] && (1 << (c&7))) != 0)
+ {
+ int d = (c >> 6) | 0xc0; /* Set bit for this starter */
+ start_bits[d/8] |= (1 << (d&7)); /* and then skip on to the */
+ c = (c & 0xc0) + 0x40 - 1; /* next relevant character. */
+ }
+ }
+ }
+ else
+#endif
+ {
+ /* In non-UTF-8 mode, the two bit maps are completely compatible. */
+ for (c = 0; c < 32; c++) start_bits[c] |= map[c];
+ }
+
+ /* Advance past the bit map, and act on what follows. For a zero
+ minimum repeat, continue; otherwise stop processing. */
+
+ tcode += 32 / sizeof(pcre_uchar);
+ switch (*tcode)
+ {
+ case OP_CRSTAR:
+ case OP_CRMINSTAR:
+ case OP_CRQUERY:
+ case OP_CRMINQUERY:
+ tcode++;
+ break;
+
+ case OP_CRRANGE:
+ case OP_CRMINRANGE:
+ if (GET2(tcode, 1) == 0) tcode += 1 + 2 * IMM2_SIZE;
+ else try_next = FALSE;
+ break;
+
+ default:
+ try_next = FALSE;
+ break;
+ }
+ }
+ break; /* End of bitmap class handling */
+
+ } /* End of switch */
+ } /* End of try_next loop */
+
+ code += GET(code, 1); /* Advance to next branch */
+ }
+while (*code == OP_ALT);
+return yield;
+}
+
+
+
+
+
+/*************************************************
+* Study a compiled expression *
+*************************************************/
+
+/* This function is handed a compiled expression that it must study to produce
+information that will speed up the matching. It returns a pcre[16]_extra block
+which then gets handed back to pcre_exec().
+
+Arguments:
+ re points to the compiled expression
+ options contains option bits
+ errorptr points to where to place error messages;
+ set NULL unless error
+
+Returns: pointer to a pcre[16]_extra block, with study_data filled in and
+ the appropriate flags set;
+ NULL on error or if no optimization possible
+*/
+
+#ifdef COMPILE_PCRE8
+PCRE_EXP_DEFN pcre_extra * PCRE_CALL_CONVENTION
+pcre_study(const pcre *external_re, int options, const char **errorptr)
+#else
+PCRE_EXP_DEFN pcre16_extra * PCRE_CALL_CONVENTION
+pcre16_study(const pcre16 *external_re, int options, const char **errorptr)
+#endif
+{
+int min;
+BOOL bits_set = FALSE;
+pcre_uint8 start_bits[32];
+PUBL(extra) *extra = NULL;
+pcre_study_data *study;
+const pcre_uint8 *tables;
+pcre_uchar *code;
+compile_data compile_block;
+const REAL_PCRE *re = (const REAL_PCRE *)external_re;
+
+*errorptr = NULL;
+
+if (re == NULL || re->magic_number != MAGIC_NUMBER)
+ {
+ *errorptr = "argument is not a compiled regular expression";
+ return NULL;
+ }
+
+if ((re->flags & PCRE_MODE) == 0)
+ {
+#ifdef COMPILE_PCRE8
+ *errorptr = "argument is compiled in 16 bit mode";
+#else
+ *errorptr = "argument is compiled in 8 bit mode";
+#endif
+ return NULL;
+ }
+
+if ((options & ~PUBLIC_STUDY_OPTIONS) != 0)
+ {
+ *errorptr = "unknown or incorrect option bit(s) set";
+ return NULL;
+ }
+
+code = (pcre_uchar *)re + re->name_table_offset +
+ (re->name_count * re->name_entry_size);
+
+/* For an anchored pattern, or an unanchored pattern that has a first char, or
+a multiline pattern that matches only at "line starts", there is no point in
+seeking a list of starting bytes. */
+
+if ((re->options & PCRE_ANCHORED) == 0 &&
+ (re->flags & (PCRE_FIRSTSET|PCRE_STARTLINE)) == 0)
+ {
+ int rc;
+
+ /* Set the character tables in the block that is passed around */
+
+ tables = re->tables;
+
+#ifdef COMPILE_PCRE8
+ if (tables == NULL)
+ (void)pcre_fullinfo(external_re, NULL, PCRE_INFO_DEFAULT_TABLES,
+ (void *)(&tables));
+#else
+ if (tables == NULL)
+ (void)pcre16_fullinfo(external_re, NULL, PCRE_INFO_DEFAULT_TABLES,
+ (void *)(&tables));
+#endif
+
+ compile_block.lcc = tables + lcc_offset;
+ compile_block.fcc = tables + fcc_offset;
+ compile_block.cbits = tables + cbits_offset;
+ compile_block.ctypes = tables + ctypes_offset;
+
+ /* See if we can find a fixed set of initial characters for the pattern. */
+
+ memset(start_bits, 0, 32 * sizeof(pcre_uint8));
+ rc = set_start_bits(code, start_bits, (re->options & PCRE_UTF8) != 0,
+ &compile_block);
+ bits_set = rc == SSB_DONE;
+ if (rc == SSB_UNKNOWN)
+ {
+ *errorptr = "internal error: opcode not recognized";
+ return NULL;
+ }
+ }
+
+/* Find the minimum length of subject string. */
+
+switch(min = find_minlength(code, code, re->options, 0))
+ {
+ case -2: *errorptr = "internal error: missing capturing bracket"; return NULL;
+ case -3: *errorptr = "internal error: opcode not recognized"; return NULL;
+ default: break;
+ }
+
+/* If a set of starting bytes has been identified, or if the minimum length is
+greater than zero, or if JIT optimization has been requested, get a
+pcre[16]_extra block and a pcre_study_data block. The study data is put in the
+latter, which is pointed to by the former, which may also get additional data
+set later by the calling program. At the moment, the size of pcre_study_data
+is fixed. We nevertheless save it in a field for returning via the
+pcre_fullinfo() function so that if it becomes variable in the future,
+we don't have to change that code. */
+
+if (bits_set || min > 0
+#ifdef SUPPORT_JIT
+ || (options & PCRE_STUDY_JIT_COMPILE) != 0
+#endif
+ )
+ {
+ extra = (PUBL(extra) *)(PUBL(malloc))
+ (sizeof(PUBL(extra)) + sizeof(pcre_study_data));
+ if (extra == NULL)
+ {
+ *errorptr = "failed to get memory";
+ return NULL;
+ }
+
+ study = (pcre_study_data *)((char *)extra + sizeof(PUBL(extra)));
+ extra->flags = PCRE_EXTRA_STUDY_DATA;
+ extra->study_data = study;
+
+ study->size = sizeof(pcre_study_data);
+ study->flags = 0;
+
+ /* Set the start bits always, to avoid unset memory errors if the
+ study data is written to a file, but set the flag only if any of the bits
+ are set, to save time looking when none are. */
+
+ if (bits_set)
+ {
+ study->flags |= PCRE_STUDY_MAPPED;
+ memcpy(study->start_bits, start_bits, sizeof(start_bits));
+ }
+ else memset(study->start_bits, 0, 32 * sizeof(pcre_uint8));
+
+#ifdef PCRE_DEBUG
+ if (bits_set)
+ {
+ pcre_uint8 *ptr = start_bits;
+ int i;
+
+ printf("Start bits:\n");
+ for (i = 0; i < 32; i++)
+ printf("%3d: %02x%s", i * 8, *ptr++, ((i + 1) & 0x7) != 0? " " : "\n");
+ }
+#endif
+
+ /* Always set the minlength value in the block, because the JIT compiler
+ makes use of it. However, don't set the bit unless the length is greater than
+ zero - the interpretive pcre_exec() and pcre_dfa_exec() needn't waste time
+ checking the zero case. */
+
+ if (min > 0)
+ {
+ study->flags |= PCRE_STUDY_MINLEN;
+ study->minlength = min;
+ }
+ else study->minlength = 0;
+
+ /* If JIT support was compiled and requested, attempt the JIT compilation.
+ If no starting bytes were found, and the minimum length is zero, and JIT
+ compilation fails, abandon the extra block and return NULL. */
+
+#ifdef SUPPORT_JIT
+ extra->executable_jit = NULL;
+ if ((options & PCRE_STUDY_JIT_COMPILE) != 0) PRIV(jit_compile)(re, extra);
+ if (study->flags == 0 && (extra->flags & PCRE_EXTRA_EXECUTABLE_JIT) == 0)
+ {
+#ifdef COMPILE_PCRE8
+ pcre_free_study(extra);
+#endif
+#ifdef COMPILE_PCRE16
+ pcre16_free_study(extra);
+#endif
+ extra = NULL;
+ }
+#endif
+ }
+
+return extra;
+}
+
+
+/*************************************************
+* Free the study data *
+*************************************************/
+
+/* This function frees the memory that was obtained by pcre_study().
+
+Argument: a pointer to the pcre[16]_extra block
+Returns: nothing
+*/
+
+#ifdef COMPILE_PCRE8
+PCRE_EXP_DEFN void
+pcre_free_study(pcre_extra *extra)
+#else
+PCRE_EXP_DEFN void
+pcre16_free_study(pcre16_extra *extra)
+#endif
+{
+if (extra == NULL)
+ return;
+#ifdef SUPPORT_JIT
+if ((extra->flags & PCRE_EXTRA_EXECUTABLE_JIT) != 0 &&
+ extra->executable_jit != NULL)
+ PRIV(jit_free)(extra->executable_jit);
+#endif
+PUBL(free)(extra);
+}
+
+/* End of pcre_study.c */