Mercurial > hg > nginx

changeset 9207:73eb75bee30f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
HTTP/3: added more compatibility checks for "listen ... quic". Now "fastopen", "backlog", "accept_filter", "deferred", and "so_keepalive" parameters are not allowed with "quic" in the "listen" directive. Reported by Izorkin.
author Sergey Kandaurov <pluknet@nginx.com>
date Tue, 30 Jan 2024 19:19:26 +0400
parents 43fc897bbab8
children 2ed3f57dca0a
files src/http/ngx_http_core_module.c
diffstat 1 files changed, 31 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/src/http/ngx_http_core_module.c
+++ b/src/http/ngx_http_core_module.c
@@ -3961,7 +3961,7 @@ ngx_http_core_listen(ngx_conf_t *cf, ngx
 
     ngx_str_t              *value, size;
     ngx_url_t               u;
-    ngx_uint_t              n, i;
+    ngx_uint_t              n, i, backlog;
     ngx_http_listen_opt_t   lsopt;
 
     cscf->listen = 1;
@@ -4000,6 +4000,8 @@ ngx_http_core_listen(ngx_conf_t *cf, ngx
     lsopt.ipv6only = 1;
 #endif
 
+    backlog = 0;
+
     for (n = 2; n < cf->args->nelts; n++) {
 
         if (ngx_strcmp(value[n].data, "default_server") == 0
@@ -4058,6 +4060,8 @@ ngx_http_core_listen(ngx_conf_t *cf, ngx
                 return NGX_CONF_ERROR;
             }
 
+            backlog = 1;
+
             continue;
         }
 
@@ -4305,9 +4309,29 @@ ngx_http_core_listen(ngx_conf_t *cf, ngx
         return NGX_CONF_ERROR;
     }
 
-#if (NGX_HTTP_V3)
-
     if (lsopt.quic) {
+#if (NGX_HAVE_TCP_FASTOPEN)
+        if (lsopt.fastopen != -1) {
+            return "\"fastopen\" parameter is incompatible with \"quic\"";
+        }
+#endif
+
+        if (backlog) {
+            return "\"backlog\" parameter is incompatible with \"quic\"";
+        }
+
+#if (NGX_HAVE_DEFERRED_ACCEPT && defined SO_ACCEPTFILTER)
+        if (lsopt.accept_filter) {
+            return "\"accept_filter\" parameter is incompatible with \"quic\"";
+        }
+#endif
+
+#if (NGX_HAVE_DEFERRED_ACCEPT && defined TCP_DEFER_ACCEPT)
+        if (lsopt.deferred_accept) {
+            return "\"deferred\" parameter is incompatible with \"quic\"";
+        }
+#endif
+
 #if (NGX_HTTP_SSL)
         if (lsopt.ssl) {
             return "\"ssl\" parameter is incompatible with \"quic\"";
@@ -4320,13 +4344,15 @@ ngx_http_core_listen(ngx_conf_t *cf, ngx
         }
 #endif
 
+        if (lsopt.so_keepalive) {
+            return "\"so_keepalive\" parameter is incompatible with \"quic\"";
+        }
+
         if (lsopt.proxy_protocol) {
             return "\"proxy_protocol\" parameter is incompatible with \"quic\"";
         }
     }
 
-#endif
-
     for (n = 0; n < u.naddrs; n++) {
 
         for (i = 0; i < n; i++) {