# HG changeset patch # User Igor Sysoev # Date 1338840000 -14400 # Node ID bfa81a0490a2e32fce8dd963c3403b210d69ae73 # Parent 7052a9379344b1ae398501e530607614523ad6aa nginx 1.3.1 *) Security: now nginx/Windows ignores trailing dot in URI path component, and does not allow URIs with ":$" in it. Thanks to Vladimir Kochetkov, Positive Research Center. *) Feature: the "proxy_pass", "fastcgi_pass", "scgi_pass", "uwsgi_pass" directives, and the "server" directive inside the "upstream" block, now support IPv6 addresses. *) Feature: the "resolver" directive now support IPv6 addresses and an optional port specification. *) Feature: the "least_conn" directive inside the "upstream" block. *) Feature: it is now possible to specify a weight for servers while using the "ip_hash" directive. *) Bugfix: a segmentation fault might occur in a worker process if the "image_filter" directive was used; the bug had appeared in 1.3.0. *) Bugfix: nginx could not be built with ngx_cpp_test_module; the bug had appeared in 1.1.12. *) Bugfix: access to variables from SSI and embedded perl module might not work after reconfiguration. Thanks to Yichun Zhang. *) Bugfix: in the ngx_http_xslt_filter_module. Thanks to Kuramoto Eiji. *) Bugfix: memory leak if $geoip_org variable was used. Thanks to Denis F. Latypoff. *) Bugfix: in the "proxy_cookie_domain" and "proxy_cookie_path" directives. diff --git a/CHANGES b/CHANGES --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,42 @@ +Changes with nginx 1.3.1 05 Jun 2012 + + *) Security: now nginx/Windows ignores trailing dot in URI path + component, and does not allow URIs with ":$" in it. + Thanks to Vladimir Kochetkov, Positive Research Center. + + *) Feature: the "proxy_pass", "fastcgi_pass", "scgi_pass", "uwsgi_pass" + directives, and the "server" directive inside the "upstream" block, + now support IPv6 addresses. + + *) Feature: the "resolver" directive now support IPv6 addresses and an + optional port specification. + + *) Feature: the "least_conn" directive inside the "upstream" block. + + *) Feature: it is now possible to specify a weight for servers while + using the "ip_hash" directive. + + *) Bugfix: a segmentation fault might occur in a worker process if the + "image_filter" directive was used; the bug had appeared in 1.3.0. + + *) Bugfix: nginx could not be built with ngx_cpp_test_module; the bug + had appeared in 1.1.12. + + *) Bugfix: access to variables from SSI and embedded perl module might + not work after reconfiguration. + Thanks to Yichun Zhang. + + *) Bugfix: in the ngx_http_xslt_filter_module. + Thanks to Kuramoto Eiji. + + *) Bugfix: memory leak if $geoip_org variable was used. + Thanks to Denis F. Latypoff. + + *) Bugfix: in the "proxy_cookie_domain" and "proxy_cookie_path" + directives. + + Changes with nginx 1.3.0 15 May 2012 *) Feature: the "debug_connection" directive now supports IPv6 addresses diff --git a/CHANGES.ru b/CHANGES.ru --- a/CHANGES.ru +++ b/CHANGES.ru @@ -1,4 +1,41 @@ +Изменения в nginx 1.3.1 05.06.2012 + + *) Безопасность: теперь nginx/Windows игнорирует точку в конце + компонента URI и не разрешает URI, содержащие последовательность + ":$". + Спасибо Владимиру Кочеткову, Positive Research Center. + + *) Добавление: директивы proxy_pass, fastcgi_pass, scgi_pass, uwsgi_pass + и директива server в блоке upstream теперь поддерживают IPv6-адреса. + + *) Добавление: в директиве resolver теперь можно указывать порт и + задавать IPv6-адреса DNS-серверов. + + *) Добавление: директива least_conn в блоке upstream. + + *) Добавление: при использовании директивы ip_hash теперь можно задавать + веса серверов. + + *) Исправление: в рабочем процессе мог произойти segmentation fault, + если использовалась директива image_filter; ошибка появилась в 1.3.0. + + *) Исправление: nginx не собирался с модулем ngx_cpp_test_module; ошибка + появилась в 1.1.12. + + *) Исправление: доступ к переменным из SSI и встроенного перла мог не + работать после переконфигурации. + Спасибо Yichun Zhang. + + *) Исправление: в модуле ngx_http_xslt_filter_module. + Спасибо Kuramoto Eiji. + + *) Исправление: утечки памяти при использовании переменной $geoip_org. + Спасибо Денису Латыпову. + + *) Исправление: в директивах proxy_cookie_domain и proxy_cookie_path. + + Изменения в nginx 1.3.0 15.05.2012 *) Добавление: директива debug_connection теперь поддерживает diff --git a/auto/modules b/auto/modules --- a/auto/modules +++ b/auto/modules @@ -345,6 +345,11 @@ if [ $HTTP_UPSTREAM_IP_HASH = YES ]; the HTTP_SRCS="$HTTP_SRCS $HTTP_UPSTREAM_IP_HASH_SRCS" fi +if [ $HTTP_UPSTREAM_LEAST_CONN = YES ]; then + HTTP_MODULES="$HTTP_MODULES $HTTP_UPSTREAM_LEAST_CONN_MODULE" + HTTP_SRCS="$HTTP_SRCS $HTTP_UPSTREAM_LEAST_CONN_SRCS" +fi + if [ $HTTP_UPSTREAM_KEEPALIVE = YES ]; then HTTP_MODULES="$HTTP_MODULES $HTTP_UPSTREAM_KEEPALIVE_MODULE" HTTP_SRCS="$HTTP_SRCS $HTTP_UPSTREAM_KEEPALIVE_SRCS" @@ -458,6 +463,7 @@ fi if [ $NGX_CPP_TEST = YES ]; then NGX_MISC_SRCS="$NGX_MISC_SRCS $NGX_CPP_TEST_SRCS" + CORE_LIBS="$CORE_LIBS -lstdc++" fi diff --git a/auto/options b/auto/options --- a/auto/options +++ b/auto/options @@ -96,6 +96,7 @@ HTTP_FLV=NO HTTP_MP4=NO HTTP_GZIP_STATIC=NO HTTP_UPSTREAM_IP_HASH=YES +HTTP_UPSTREAM_LEAST_CONN=YES HTTP_UPSTREAM_KEEPALIVE=YES # STUB @@ -243,6 +244,8 @@ use the \"--without-http_limit_conn_modu --without-http_empty_gif_module) HTTP_EMPTY_GIF=NO ;; --without-http_browser_module) HTTP_BROWSER=NO ;; --without-http_upstream_ip_hash_module) HTTP_UPSTREAM_IP_HASH=NO ;; + --without-http_upstream_least_conn_module) + HTTP_UPSTREAM_LEAST_CONN=NO ;; --without-http_upstream_keepalive_module) HTTP_UPSTREAM_KEEPALIVE=NO ;; --with-http_perl_module) HTTP_PERL=YES ;; diff --git a/auto/sources b/auto/sources --- a/auto/sources +++ b/auto/sources @@ -479,6 +479,11 @@ HTTP_UPSTREAM_IP_HASH_MODULE=ngx_http_up HTTP_UPSTREAM_IP_HASH_SRCS=src/http/modules/ngx_http_upstream_ip_hash_module.c +HTTP_UPSTREAM_LEAST_CONN_MODULE=ngx_http_upstream_least_conn_module +HTTP_UPSTREAM_LEAST_CONN_SRCS=" \ + src/http/modules/ngx_http_upstream_least_conn_module.c" + + HTTP_UPSTREAM_KEEPALIVE_MODULE=ngx_http_upstream_keepalive_module HTTP_UPSTREAM_KEEPALIVE_SRCS=" \ src/http/modules/ngx_http_upstream_keepalive_module.c" diff --git a/src/core/nginx.h b/src/core/nginx.h --- a/src/core/nginx.h +++ b/src/core/nginx.h @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1003000 -#define NGINX_VERSION "1.3.0" +#define nginx_version 1003001 +#define NGINX_VERSION "1.3.1" #define NGINX_VER "nginx/" NGINX_VERSION #define NGINX_VAR "NGINX" diff --git a/src/core/ngx_inet.c b/src/core/ngx_inet.c --- a/src/core/ngx_inet.c +++ b/src/core/ngx_inet.c @@ -522,11 +522,6 @@ ngx_parse_url(ngx_pool_t *pool, ngx_url_ return ngx_parse_unix_domain_url(pool, u); } - if ((p[0] == ':' || p[0] == '/') && !u->listen) { - u->err = "invalid host"; - return NGX_ERROR; - } - if (p[0] == '[') { return ngx_parse_inet6_url(pool, u); } @@ -639,10 +634,7 @@ ngx_parse_inet_url(ngx_pool_t *pool, ngx args = ngx_strlchr(host, last, '?'); if (args) { - if (uri == NULL) { - uri = args; - - } else if (args < uri) { + if (uri == NULL || args < uri) { uri = args; } } @@ -668,11 +660,6 @@ ngx_parse_inet_url(ngx_pool_t *pool, ngx len = last - port; - if (len == 0) { - u->err = "invalid port"; - return NGX_ERROR; - } - n = ngx_atoi(port, len); if (n < 1 || n > 65535) { @@ -779,11 +766,7 @@ ngx_parse_inet_url(ngx_pool_t *pool, ngx return NGX_OK; } - if (ngx_inet_resolve_host(pool, u) != NGX_OK) { - return NGX_ERROR; - } - - return NGX_OK; + return ngx_inet_resolve_host(pool, u); } @@ -825,6 +808,8 @@ ngx_parse_inet6_url(ngx_pool_t *pool, ng u->uri.len = last - uri; u->uri.data = uri; + + last = uri; } if (*port == ':') { @@ -832,11 +817,6 @@ ngx_parse_inet6_url(ngx_pool_t *pool, ng len = last - port; - if (len == 0) { - u->err = "invalid port"; - return NGX_ERROR; - } - n = ngx_atoi(port, len); if (n < 1 || n > 65535) { @@ -862,8 +842,8 @@ ngx_parse_inet6_url(ngx_pool_t *pool, ng return NGX_ERROR; } - u->host.len = len; - u->host.data = host; + u->host.len = len + 2; + u->host.data = host - 1; if (ngx_inet6_addr(host, len, sin6->sin6_addr.s6_addr) != NGX_OK) { u->err = "invalid IPv6 address"; @@ -874,17 +854,38 @@ ngx_parse_inet6_url(ngx_pool_t *pool, ng u->wildcard = 1; } - u->family = AF_INET6; - - if (u->no_resolve) { - return NGX_OK; - } - if (u->no_port) { u->port = u->default_port; sin6->sin6_port = htons(u->default_port); } + u->family = AF_INET6; + u->naddrs = 1; + + u->addrs = ngx_pcalloc(pool, sizeof(ngx_addr_t)); + if (u->addrs == NULL) { + return NGX_ERROR; + } + + sin6 = ngx_pcalloc(pool, sizeof(struct sockaddr_in6)); + if (sin6 == NULL) { + return NGX_ERROR; + } + + ngx_memcpy(sin6, u->sockaddr, sizeof(struct sockaddr_in6)); + + u->addrs[0].sockaddr = (struct sockaddr *) sin6; + u->addrs[0].socklen = sizeof(struct sockaddr_in6); + + p = ngx_pnalloc(pool, u->host.len + sizeof(":65535") - 1); + if (p == NULL) { + return NGX_ERROR; + } + + u->addrs[0].name.len = ngx_sprintf(p, "%V:%d", + &u->host, u->port) - p; + u->addrs[0].name.data = p; + return NGX_OK; #else diff --git a/src/core/ngx_regex.c b/src/core/ngx_regex.c --- a/src/core/ngx_regex.c +++ b/src/core/ngx_regex.c @@ -152,7 +152,7 @@ ngx_regex_compile(ngx_regex_compile_t *r return NGX_ERROR; } - rc->regex->pcre = re; + rc->regex->code = re; /* do not study at runtime */ @@ -367,7 +367,7 @@ ngx_regex_module_init(ngx_cycle_t *cycle i = 0; } - elts[i].regex->extra = pcre_study(elts[i].regex->pcre, opt, &errstr); + elts[i].regex->extra = pcre_study(elts[i].regex->code, opt, &errstr); if (errstr != NULL) { ngx_log_error(NGX_LOG_ALERT, cycle->log, 0, @@ -380,7 +380,7 @@ ngx_regex_module_init(ngx_cycle_t *cycle int jit, n; jit = 0; - n = pcre_fullinfo(elts[i].regex->pcre, elts[i].regex->extra, + n = pcre_fullinfo(elts[i].regex->code, elts[i].regex->extra, PCRE_INFO_JIT, &jit); if (n != 0 || jit != 1) { diff --git a/src/core/ngx_regex.h b/src/core/ngx_regex.h --- a/src/core/ngx_regex.h +++ b/src/core/ngx_regex.h @@ -21,7 +21,7 @@ typedef struct { - pcre *pcre; + pcre *code; pcre_extra *extra; } ngx_regex_t; @@ -50,7 +50,7 @@ void ngx_regex_init(void); ngx_int_t ngx_regex_compile(ngx_regex_compile_t *rc); #define ngx_regex_exec(re, s, captures, size) \ - pcre_exec(re->pcre, re->extra, (const char *) (s)->data, (s)->len, 0, 0, \ + pcre_exec(re->code, re->extra, (const char *) (s)->data, (s)->len, 0, 0, \ captures, size) #define ngx_regex_exec_n "pcre_exec()" diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c --- a/src/core/ngx_resolver.c +++ b/src/core/ngx_resolver.c @@ -171,11 +171,16 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_ ngx_memzero(&u, sizeof(ngx_url_t)); - u.host = names[i]; - u.port = 53; - - if (ngx_inet_resolve_host(cf->pool, &u) != NGX_OK) { - ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "%V: %s", &u.host, u.err); + u.url = names[i]; + u.default_port = 53; + + if (ngx_parse_url(cf->pool, &u) != NGX_OK) { + if (u.err) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "%s in resolver \"%V\"", + u.err, &u.url); + } + return NULL; } @@ -1035,7 +1040,7 @@ ngx_resolver_process_response(ngx_resolv nan = (query->nan_hi << 8) + query->nan_lo; ngx_log_debug6(NGX_LOG_DEBUG_CORE, r->log, 0, - "resolver DNS response %ui fl:%04Xui %ui/%ui/%ui/%ui", + "resolver DNS response %ui fl:%04Xui %ui/%ui/%ud/%ud", ident, flags, nqs, nan, (query->nns_hi << 8) + query->nns_lo, (query->nar_hi << 8) + query->nar_lo); @@ -2184,7 +2189,7 @@ ngx_udp_connect(ngx_udp_connection_t *uc ngx_socket_t s; ngx_connection_t *c; - s = ngx_socket(AF_INET, SOCK_DGRAM, 0); + s = ngx_socket(uc->sockaddr->sa_family, SOCK_DGRAM, 0); ngx_log_debug1(NGX_LOG_DEBUG_EVENT, &uc->log, 0, "UDP socket %d", s); diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -990,7 +990,6 @@ ngx_ssl_send_chain(ngx_connection_t *c, } if (n == NGX_AGAIN) { - c->buffered |= NGX_SSL_BUFFERED; return in; } diff --git a/src/http/modules/ngx_http_geoip_module.c b/src/http/modules/ngx_http_geoip_module.c --- a/src/http/modules/ngx_http_geoip_module.c +++ b/src/http/modules/ngx_http_geoip_module.c @@ -28,7 +28,7 @@ typedef struct { } ngx_http_geoip_var_t; -typedef const char *(*ngx_http_geoip_variable_handler_pt)(GeoIP *, u_long addr); +typedef char *(*ngx_http_geoip_variable_handler_pt)(GeoIP *, u_long addr); static u_long ngx_http_geoip_addr(ngx_http_request_t *r, ngx_http_geoip_conf_t *gcf); @@ -291,7 +291,8 @@ ngx_http_geoip_org_variable(ngx_http_req ngx_http_geoip_variable_handler_pt handler = (ngx_http_geoip_variable_handler_pt) data; - const char *val; + size_t len; + char *val; ngx_http_geoip_conf_t *gcf; gcf = ngx_http_get_module_main_conf(r, ngx_http_geoip_module); @@ -306,11 +307,21 @@ ngx_http_geoip_org_variable(ngx_http_req goto not_found; } - v->len = ngx_strlen(val); + len = ngx_strlen(val); + v->data = ngx_pnalloc(r->pool, len); + if (v->data == NULL) { + ngx_free(val); + return NGX_ERROR; + } + + ngx_memcpy(v->data, val, len); + + v->len = len; v->valid = 1; v->no_cacheable = 0; v->not_found = 0; - v->data = (u_char *) val; + + ngx_free(val); return NGX_OK; diff --git a/src/http/modules/ngx_http_log_module.c b/src/http/modules/ngx_http_log_module.c --- a/src/http/modules/ngx_http_log_module.c +++ b/src/http/modules/ngx_http_log_module.c @@ -205,7 +205,7 @@ static ngx_http_log_var_t ngx_http_log_ { ngx_string("msec"), NGX_TIME_T_LEN + 4, ngx_http_log_msec }, { ngx_string("request_time"), NGX_TIME_T_LEN + 4, ngx_http_log_request_time }, - { ngx_string("status"), 3, ngx_http_log_status }, + { ngx_string("status"), NGX_INT_T_LEN, ngx_http_log_status }, { ngx_string("bytes_sent"), NGX_OFF_T_LEN, ngx_http_log_bytes_sent }, { ngx_string("body_bytes_sent"), NGX_OFF_T_LEN, ngx_http_log_body_bytes_sent }, @@ -593,7 +593,7 @@ ngx_http_log_status(ngx_http_request_t * status = 0; } - return ngx_sprintf(buf, "%ui", status); + return ngx_sprintf(buf, "%03ui", status); } diff --git a/src/http/modules/ngx_http_rewrite_module.c b/src/http/modules/ngx_http_rewrite_module.c --- a/src/http/modules/ngx_http_rewrite_module.c +++ b/src/http/modules/ngx_http_rewrite_module.c @@ -485,6 +485,12 @@ ngx_http_rewrite_return(ngx_conf_t *cf, } else { + if (ret->status > 999) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "invalid return code \"%V\"", &value[1]); + return NGX_CONF_ERROR; + } + if (cf->args->nelts == 2) { return NGX_CONF_OK; } diff --git a/src/http/modules/ngx_http_split_clients_module.c b/src/http/modules/ngx_http_split_clients_module.c --- a/src/http/modules/ngx_http_split_clients_module.c +++ b/src/http/modules/ngx_http_split_clients_module.c @@ -138,6 +138,13 @@ ngx_conf_split_clients_block(ngx_conf_t } name = value[2]; + + if (name.len < 2 || name.data[0] != '$') { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "invalid variable name \"%V\"", &name); + return NGX_CONF_ERROR; + } + name.len--; name.data++; diff --git a/src/http/modules/ngx_http_upstream_ip_hash_module.c b/src/http/modules/ngx_http_upstream_ip_hash_module.c --- a/src/http/modules/ngx_http_upstream_ip_hash_module.c +++ b/src/http/modules/ngx_http_upstream_ip_hash_module.c @@ -140,6 +140,7 @@ ngx_http_upstream_get_ip_hash_peer(ngx_p ngx_http_upstream_ip_hash_peer_data_t *iphp = data; time_t now; + ngx_int_t w; uintptr_t m; ngx_uint_t i, n, p, hash; ngx_http_upstream_rr_peer_t *peer; @@ -166,7 +167,21 @@ ngx_http_upstream_get_ip_hash_peer(ngx_p hash = (hash * 113 + iphp->addr[i]) % 6271; } - p = hash % iphp->rrp.peers->number; + if (!iphp->rrp.peers->weighted) { + p = hash % iphp->rrp.peers->number; + + } else { + w = hash % iphp->rrp.peers->total_weight; + + for (i = 0; i < iphp->rrp.peers->number; i++) { + w -= iphp->rrp.peers->peer[i].weight; + if (w < 0) { + break; + } + } + + p = i; + } n = p / (8 * sizeof(uintptr_t)); m = (uintptr_t) 1 << p % (8 * sizeof(uintptr_t)); @@ -229,6 +244,7 @@ ngx_http_upstream_ip_hash(ngx_conf_t *cf uscf->peer.init_upstream = ngx_http_upstream_init_ip_hash; uscf->flags = NGX_HTTP_UPSTREAM_CREATE + |NGX_HTTP_UPSTREAM_WEIGHT |NGX_HTTP_UPSTREAM_MAX_FAILS |NGX_HTTP_UPSTREAM_FAIL_TIMEOUT |NGX_HTTP_UPSTREAM_DOWN; diff --git a/src/http/modules/ngx_http_upstream_least_conn_module.c b/src/http/modules/ngx_http_upstream_least_conn_module.c new file mode 100644 --- /dev/null +++ b/src/http/modules/ngx_http_upstream_least_conn_module.c @@ -0,0 +1,402 @@ + +/* + * Copyright (C) Maxim Dounin + * Copyright (C) Nginx, Inc. + */ + + +#include +#include +#include + + +typedef struct { + ngx_uint_t *conns; +} ngx_http_upstream_least_conn_conf_t; + + +typedef struct { + /* the round robin data must be first */ + ngx_http_upstream_rr_peer_data_t rrp; + + ngx_uint_t *conns; + + ngx_event_get_peer_pt get_rr_peer; + ngx_event_free_peer_pt free_rr_peer; +} ngx_http_upstream_lc_peer_data_t; + + +static ngx_int_t ngx_http_upstream_init_least_conn_peer(ngx_http_request_t *r, + ngx_http_upstream_srv_conf_t *us); +static ngx_int_t ngx_http_upstream_get_least_conn_peer( + ngx_peer_connection_t *pc, void *data); +static void ngx_http_upstream_free_least_conn_peer(ngx_peer_connection_t *pc, + void *data, ngx_uint_t state); +static void *ngx_http_upstream_least_conn_create_conf(ngx_conf_t *cf); +static char *ngx_http_upstream_least_conn(ngx_conf_t *cf, ngx_command_t *cmd, + void *conf); + + +static ngx_command_t ngx_http_upstream_least_conn_commands[] = { + + { ngx_string("least_conn"), + NGX_HTTP_UPS_CONF|NGX_CONF_NOARGS, + ngx_http_upstream_least_conn, + 0, + 0, + NULL }, + + ngx_null_command +}; + + +static ngx_http_module_t ngx_http_upstream_least_conn_module_ctx = { + NULL, /* preconfiguration */ + NULL, /* postconfiguration */ + + NULL, /* create main configuration */ + NULL, /* init main configuration */ + + ngx_http_upstream_least_conn_create_conf, /* create server configuration */ + NULL, /* merge server configuration */ + + NULL, /* create location configuration */ + NULL /* merge location configuration */ +}; + + +ngx_module_t ngx_http_upstream_least_conn_module = { + NGX_MODULE_V1, + &ngx_http_upstream_least_conn_module_ctx, /* module context */ + ngx_http_upstream_least_conn_commands, /* module directives */ + NGX_HTTP_MODULE, /* module type */ + NULL, /* init master */ + NULL, /* init module */ + NULL, /* init process */ + NULL, /* init thread */ + NULL, /* exit thread */ + NULL, /* exit process */ + NULL, /* exit master */ + NGX_MODULE_V1_PADDING +}; + + +ngx_int_t +ngx_http_upstream_init_least_conn(ngx_conf_t *cf, + ngx_http_upstream_srv_conf_t *us) +{ + ngx_uint_t n; + ngx_http_upstream_rr_peers_t *peers; + ngx_http_upstream_least_conn_conf_t *lcf; + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, cf->log, 0, + "init least conn"); + + if (ngx_http_upstream_init_round_robin(cf, us) != NGX_OK) { + return NGX_ERROR; + } + + peers = us->peer.data; + + n = peers->number; + + if (peers->next) { + n += peers->next->number; + } + + lcf = ngx_http_conf_upstream_srv_conf(us, + ngx_http_upstream_least_conn_module); + + lcf->conns = ngx_pcalloc(cf->pool, sizeof(ngx_uint_t) * n); + if (lcf->conns == NULL) { + return NGX_ERROR; + } + + us->peer.init = ngx_http_upstream_init_least_conn_peer; + + return NGX_OK; +} + + +static ngx_int_t +ngx_http_upstream_init_least_conn_peer(ngx_http_request_t *r, + ngx_http_upstream_srv_conf_t *us) +{ + ngx_http_upstream_lc_peer_data_t *lcp; + ngx_http_upstream_least_conn_conf_t *lcf; + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "init least conn peer"); + + lcf = ngx_http_conf_upstream_srv_conf(us, + ngx_http_upstream_least_conn_module); + + lcp = ngx_palloc(r->pool, sizeof(ngx_http_upstream_lc_peer_data_t)); + if (lcp == NULL) { + return NGX_ERROR; + } + + lcp->conns = lcf->conns; + + r->upstream->peer.data = &lcp->rrp; + + if (ngx_http_upstream_init_round_robin_peer(r, us) != NGX_OK) { + return NGX_ERROR; + } + + r->upstream->peer.get = ngx_http_upstream_get_least_conn_peer; + r->upstream->peer.free = ngx_http_upstream_free_least_conn_peer; + + lcp->get_rr_peer = ngx_http_upstream_get_round_robin_peer; + lcp->free_rr_peer = ngx_http_upstream_free_round_robin_peer; + + return NGX_OK; +} + + +static ngx_int_t +ngx_http_upstream_get_least_conn_peer(ngx_peer_connection_t *pc, void *data) +{ + ngx_http_upstream_lc_peer_data_t *lcp = data; + + time_t now; + uintptr_t m; + ngx_int_t rc, total; + ngx_uint_t i, n, p, many; + ngx_http_upstream_rr_peer_t *peer, *best; + ngx_http_upstream_rr_peers_t *peers; + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, + "get least conn peer, try: %ui", pc->tries); + + if (lcp->rrp.peers->single) { + return lcp->get_rr_peer(pc, &lcp->rrp); + } + + pc->cached = 0; + pc->connection = NULL; + + now = ngx_time(); + + peers = lcp->rrp.peers; + + best = NULL; + total = 0; + +#if (NGX_SUPPRESS_WARN) + many = 0; + p = 0; +#endif + + for (i = 0; i < peers->number; i++) { + + n = i / (8 * sizeof(uintptr_t)); + m = (uintptr_t) 1 << i % (8 * sizeof(uintptr_t)); + + if (lcp->rrp.tried[n] & m) { + continue; + } + + peer = &peers->peer[i]; + + if (peer->down) { + continue; + } + + if (peer->max_fails + && peer->fails >= peer->max_fails + && now - peer->checked <= peer->fail_timeout) + { + continue; + } + + /* + * select peer with least number of connections; if there are + * multiple peers with the same number of connections, select + * based on round-robin + */ + + if (best == NULL + || lcp->conns[i] * best->weight < lcp->conns[p] * peer->weight) + { + best = peer; + many = 0; + p = i; + + } else if (lcp->conns[i] * best->weight + == lcp->conns[p] * peer->weight) + { + many = 1; + } + } + + if (best == NULL) { + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, pc->log, 0, + "get least conn peer, no peer found"); + + goto failed; + } + + if (many) { + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, pc->log, 0, + "get least conn peer, many"); + + for (i = p; i < peers->number; i++) { + + n = i / (8 * sizeof(uintptr_t)); + m = (uintptr_t) 1 << i % (8 * sizeof(uintptr_t)); + + if (lcp->rrp.tried[n] & m) { + continue; + } + + peer = &peers->peer[i]; + + if (peer->down) { + continue; + } + + if (lcp->conns[i] * best->weight != lcp->conns[p] * peer->weight) { + continue; + } + + if (peer->max_fails + && peer->fails >= peer->max_fails + && now - peer->checked <= peer->fail_timeout) + { + continue; + } + + peer->current_weight += peer->effective_weight; + total += peer->effective_weight; + + if (peer->effective_weight < peer->weight) { + peer->effective_weight++; + } + + if (peer->current_weight > best->current_weight) { + best = peer; + p = i; + } + } + } + + best->current_weight -= total; + best->checked = now; + + pc->sockaddr = best->sockaddr; + pc->socklen = best->socklen; + pc->name = &best->name; + + lcp->rrp.current = p; + + n = p / (8 * sizeof(uintptr_t)); + m = (uintptr_t) 1 << p % (8 * sizeof(uintptr_t)); + + lcp->rrp.tried[n] |= m; + lcp->conns[p]++; + + if (pc->tries == 1 && peers->next) { + pc->tries += peers->next->number; + } + + return NGX_OK; + +failed: + + if (peers->next) { + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, pc->log, 0, + "get least conn peer, backup servers"); + + lcp->conns += peers->number; + + lcp->rrp.peers = peers->next; + pc->tries = lcp->rrp.peers->number; + + n = lcp->rrp.peers->number / (8 * sizeof(uintptr_t)) + 1; + for (i = 0; i < n; i++) { + lcp->rrp.tried[i] = 0; + } + + rc = ngx_http_upstream_get_least_conn_peer(pc, lcp); + + if (rc != NGX_BUSY) { + return rc; + } + } + + /* all peers failed, mark them as live for quick recovery */ + + for (i = 0; i < peers->number; i++) { + peers->peer[i].fails = 0; + } + + pc->name = peers->name; + + return NGX_BUSY; +} + + +static void +ngx_http_upstream_free_least_conn_peer(ngx_peer_connection_t *pc, + void *data, ngx_uint_t state) +{ + ngx_http_upstream_lc_peer_data_t *lcp = data; + + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, pc->log, 0, + "free least conn peer %ui %ui", pc->tries, state); + + if (lcp->rrp.peers->single) { + lcp->free_rr_peer(pc, &lcp->rrp, state); + return; + } + + if (state == 0 && pc->tries == 0) { + return; + } + + lcp->conns[lcp->rrp.current]--; + + lcp->free_rr_peer(pc, &lcp->rrp, state); +} + + +static void * +ngx_http_upstream_least_conn_create_conf(ngx_conf_t *cf) +{ + ngx_http_upstream_least_conn_conf_t *conf; + + conf = ngx_pcalloc(cf->pool, + sizeof(ngx_http_upstream_least_conn_conf_t)); + if (conf == NULL) { + return NULL; + } + + /* + * set by ngx_pcalloc(): + * + * conf->conns = NULL; + */ + + return conf; +} + + +static char * +ngx_http_upstream_least_conn(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +{ + ngx_http_upstream_srv_conf_t *uscf; + + uscf = ngx_http_conf_get_module_srv_conf(cf, ngx_http_upstream_module); + + uscf->peer.init_upstream = ngx_http_upstream_init_least_conn; + + uscf->flags = NGX_HTTP_UPSTREAM_CREATE + |NGX_HTTP_UPSTREAM_WEIGHT + |NGX_HTTP_UPSTREAM_MAX_FAILS + |NGX_HTTP_UPSTREAM_FAIL_TIMEOUT + |NGX_HTTP_UPSTREAM_DOWN + |NGX_HTTP_UPSTREAM_BACKUP; + + return NGX_CONF_OK; +} diff --git a/src/http/modules/ngx_http_xslt_filter_module.c b/src/http/modules/ngx_http_xslt_filter_module.c --- a/src/http/modules/ngx_http_xslt_filter_module.c +++ b/src/http/modules/ngx_http_xslt_filter_module.c @@ -810,7 +810,7 @@ ngx_http_xslt_entities(ngx_conf_t *cf, n file = xmcf->dtd_files.elts; for (i = 0; i < xmcf->dtd_files.nelts; i++) { - if (ngx_strcmp(file[i].name, &value[1].data) == 0) { + if (ngx_strcmp(file[i].name, value[1].data) == 0) { xlcf->dtd = file[i].data; return NGX_CONF_OK; } @@ -884,7 +884,7 @@ ngx_http_xslt_stylesheet(ngx_conf_t *cf, file = xmcf->sheet_files.elts; for (i = 0; i < xmcf->sheet_files.nelts; i++) { - if (ngx_strcmp(file[i].name, &value[1].data) == 0) { + if (ngx_strcmp(file[i].name, value[1].data) == 0) { sheet->stylesheet = file[i].data; goto found; } diff --git a/src/http/modules/perl/nginx.pm b/src/http/modules/perl/nginx.pm --- a/src/http/modules/perl/nginx.pm +++ b/src/http/modules/perl/nginx.pm @@ -50,7 +50,7 @@ our @EXPORT = qw( HTTP_INSUFFICIENT_STORAGE ); -our $VERSION = '1.3.0'; +our $VERSION = '1.3.1'; require XSLoader; XSLoader::load('nginx', $VERSION); diff --git a/src/http/modules/perl/nginx.xs b/src/http/modules/perl/nginx.xs --- a/src/http/modules/perl/nginx.xs +++ b/src/http/modules/perl/nginx.xs @@ -476,7 +476,7 @@ header_out(r, key, value) } if (header->key.len == sizeof("Content-Encoding") - 1 - && ngx_strncasecmp(header->key.data, "Content-Encoding", + && ngx_strncasecmp(header->key.data, (u_char *) "Content-Encoding", sizeof("Content-Encoding") - 1) == 0) { r->headers_out.content_encoding = header; diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c --- a/src/http/ngx_http_core_module.c +++ b/src/http/ngx_http_core_module.c @@ -4662,7 +4662,7 @@ ngx_http_core_try_files(ngx_conf_t *cf, code = ngx_atoi(tf[i - 1].name.data + 1, tf[i - 1].name.len - 2); - if (code == NGX_ERROR) { + if (code == NGX_ERROR || code > 999) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid code \"%*s\"", tf[i - 1].name.len - 1, tf[i - 1].name.data); diff --git a/src/http/ngx_http_header_filter_module.c b/src/http/ngx_http_header_filter_module.c --- a/src/http/ngx_http_header_filter_module.c +++ b/src/http/ngx_http_header_filter_module.c @@ -445,7 +445,7 @@ ngx_http_header_filter(ngx_http_request_ b->last = ngx_copy(b->last, status_line->data, status_line->len); } else { - b->last = ngx_sprintf(b->last, "%ui", status); + b->last = ngx_sprintf(b->last, "%03ui", status); } *b->last++ = CR; *b->last++ = LF; diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c --- a/src/http/ngx_http_parse.c +++ b/src/http/ngx_http_parse.c @@ -543,6 +543,13 @@ ngx_http_parse_request_line(ngx_http_req switch (ch) { case '/': +#if (NGX_WIN32) + if (r->uri_ext == p) { + r->complex_uri = 1; + state = sw_uri; + break; + } +#endif r->uri_ext = NULL; state = sw_after_slash_in_uri; break; @@ -1117,6 +1124,12 @@ ngx_http_parse_complex_uri(ngx_http_requ switch(ch) { #if (NGX_WIN32) case '\\': + if (u - 2 >= r->uri.data + && *(u - 1) == '.' && *(u - 2) != '.') + { + u--; + } + r->uri_ext = NULL; if (p == r->uri_start + r->uri.len) { @@ -1134,6 +1147,13 @@ ngx_http_parse_complex_uri(ngx_http_requ break; #endif case '/': +#if (NGX_WIN32) + if (u - 2 >= r->uri.data + && *(u - 1) == '.' && *(u - 2) != '.') + { + u--; + } +#endif r->uri_ext = NULL; state = sw_slash; *u++ = ch; diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -812,7 +812,28 @@ ngx_http_process_request_line(ngx_event_ #if (NGX_WIN32) { - u_char *p; + u_char *p, *last; + + p = r->uri.data; + last = r->uri.data + r->uri.len; + + while (p < last) { + + if (*p++ == ':') { + + /* + * this check covers "::$data", "::$index_allocation" and + * ":$i30:$index_allocation" + */ + + if (p < last && *p == '$') { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "client sent unsafe win32 URI"); + ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); + return; + } + } + } p = r->uri.data + r->uri.len - 1; @@ -828,11 +849,6 @@ ngx_http_process_request_line(ngx_event_ continue; } - if (ngx_strncasecmp(p - 6, (u_char *) "::$data", 7) == 0) { - p -= 7; - continue; - } - break; } @@ -1933,8 +1949,6 @@ ngx_http_finalize_request(ngx_http_reque if (rc == NGX_OK && r->filter_finalize) { c->error = 1; - ngx_http_finalize_connection(r); - return; } if (rc == NGX_DECLINED) { diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c --- a/src/http/ngx_http_upstream.c +++ b/src/http/ngx_http_upstream.c @@ -3677,6 +3677,7 @@ static ngx_int_t ngx_http_upstream_rewrite_set_cookie(ngx_http_request_t *r, ngx_table_elt_t *h, ngx_uint_t offset) { + ngx_int_t rc; ngx_table_elt_t *ho; ho = ngx_list_push(&r->headers_out.headers); @@ -3687,7 +3688,20 @@ ngx_http_upstream_rewrite_set_cookie(ngx *ho = *h; if (r->upstream->rewrite_cookie) { - return r->upstream->rewrite_cookie(r, ho); + rc = r->upstream->rewrite_cookie(r, ho); + + if (rc == NGX_DECLINED) { + return NGX_OK; + } + +#if (NGX_DEBUG) + if (rc == NGX_OK) { + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "rewritten cookie: \"%V\"", &ho->value); + } +#endif + + return rc; } return NGX_OK; diff --git a/src/http/ngx_http_upstream_round_robin.c b/src/http/ngx_http_upstream_round_robin.c --- a/src/http/ngx_http_upstream_round_robin.c +++ b/src/http/ngx_http_upstream_round_robin.c @@ -30,7 +30,7 @@ ngx_http_upstream_init_round_robin(ngx_c ngx_http_upstream_srv_conf_t *us) { ngx_url_t u; - ngx_uint_t i, j, n; + ngx_uint_t i, j, n, w; ngx_http_upstream_server_t *server; ngx_http_upstream_rr_peers_t *peers, *backup; @@ -40,6 +40,7 @@ ngx_http_upstream_init_round_robin(ngx_c server = us->servers->elts; n = 0; + w = 0; for (i = 0; i < us->servers->nelts; i++) { if (server[i].backup) { @@ -47,6 +48,7 @@ ngx_http_upstream_init_round_robin(ngx_c } n += server[i].naddrs; + w += server[i].naddrs * server[i].weight; } if (n == 0) { @@ -64,6 +66,8 @@ ngx_http_upstream_init_round_robin(ngx_c peers->single = (n == 1); peers->number = n; + peers->weighted = (w != n); + peers->total_weight = w; peers->name = &us->host; n = 0; @@ -96,6 +100,7 @@ ngx_http_upstream_init_round_robin(ngx_c /* backup servers */ n = 0; + w = 0; for (i = 0; i < us->servers->nelts; i++) { if (!server[i].backup) { @@ -103,6 +108,7 @@ ngx_http_upstream_init_round_robin(ngx_c } n += server[i].naddrs; + w += server[i].naddrs * server[i].weight; } if (n == 0) { @@ -118,6 +124,8 @@ ngx_http_upstream_init_round_robin(ngx_c peers->single = 0; backup->single = 0; backup->number = n; + backup->weighted = (w != n); + backup->total_weight = w; backup->name = &us->host; n = 0; @@ -185,6 +193,8 @@ ngx_http_upstream_init_round_robin(ngx_c peers->single = (n == 1); peers->number = n; + peers->weighted = 0; + peers->total_weight = n; peers->name = &us->host; for (i = 0; i < u.naddrs; i++) { diff --git a/src/http/ngx_http_upstream_round_robin.h b/src/http/ngx_http_upstream_round_robin.h --- a/src/http/ngx_http_upstream_round_robin.h +++ b/src/http/ngx_http_upstream_round_robin.h @@ -41,13 +41,17 @@ typedef struct { typedef struct ngx_http_upstream_rr_peers_s ngx_http_upstream_rr_peers_t; struct ngx_http_upstream_rr_peers_s { - ngx_uint_t single; /* unsigned single:1; */ ngx_uint_t number; ngx_uint_t last_cached; /* ngx_mutex_t *mutex; */ ngx_connection_t **cached; + ngx_uint_t total_weight; + + unsigned single:1; + unsigned weighted:1; + ngx_str_t *name; ngx_http_upstream_rr_peers_t *next; diff --git a/src/http/ngx_http_variables.c b/src/http/ngx_http_variables.c --- a/src/http/ngx_http_variables.c +++ b/src/http/ngx_http_variables.c @@ -2016,7 +2016,7 @@ ngx_int_t ngx_http_variables_add_core_vars(ngx_conf_t *cf) { ngx_int_t rc; - ngx_http_variable_t *v; + ngx_http_variable_t *cv, *v; ngx_http_core_main_conf_t *cmcf; cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module); @@ -2036,7 +2036,14 @@ ngx_http_variables_add_core_vars(ngx_con return NGX_ERROR; } - for (v = ngx_http_core_variables; v->name.len; v++) { + for (cv = ngx_http_core_variables; cv->name.len; cv++) { + v = ngx_palloc(cf->pool, sizeof(ngx_http_variable_t)); + if (v == NULL) { + return NGX_ERROR; + } + + *v = *cv; + rc = ngx_hash_add_key(cmcf->variables_keys, &v->name, v, NGX_HASH_READONLY_KEY); diff --git a/src/os/unix/ngx_freebsd_init.c b/src/os/unix/ngx_freebsd_init.c --- a/src/os/unix/ngx_freebsd_init.c +++ b/src/os/unix/ngx_freebsd_init.c @@ -76,9 +76,9 @@ ngx_debug_init() { #if (NGX_DEBUG_MALLOC) -#if __FreeBSD_version >= 500014 +#if __FreeBSD_version >= 500014 && __FreeBSD_version < 1000011 _malloc_options = "J"; -#else +#elif __FreeBSD_version < 500014 malloc_options = "J"; #endif