# HG changeset patch # User Igor Sysoev # Date 1132002000 -10800 # Node ID df17fbafec8fd870ca0d8e1073c0845521565ce1 # Parent 97504de1f89e37cebccb98259901cf3c037ab6b6 nginx 0.3.10 *) Change: the "valid_referers" directive and the "$invalid_referer" variable were moved to the new ngx_http_referer_module from the ngx_http_rewrite_module. *) Change: the "$apache_bytes_sent" variable name was changed to "$body_bytes_sent". *) Feature: the "$sent_http_..." variables. *) Feature: the "if" directive supports the "=" and "!=" operations. *) Feature: the "proxy_pass" directive supports the HTTPS protocol. *) Feature: the "proxy_set_body" directive. *) Feature: the "post_action" directive. *) Feature: the ngx_http_empty_gif_module. *) Feature: the "worker_cpu_affinity" directive for Linux. *) Bugfix: the "rewrite" directive did not unescape URI part in redirect, now it is unescaped except the %00-%25 and %7F-%FF characters. *) Bugfix: nginx could not be built by the icc 9.0 compiler. *) Bugfix: if the SSI was enabled for zero size static file, then the chunked response was encoded incorrectly. diff --git a/CHANGES b/CHANGES --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,36 @@ + +Changes with nginx 0.3.10 15 Nov 2005 + + *) Change: the "valid_referers" directive and the "$invalid_referer" + variable was moved to the new ngx_http_referer_module from the + ngx_http_rewrite_module. + + *) Change: the "$apache_bytes_sent" variable name was changed to + "$body_bytes_sent". + + *) Feature: the "$sent_http_..." variables. + + *) Feature: the "if" directive supports the "=" and "!=" operations. + + *) Feature: the "proxy_set_body" directive supports the HTTPS protocol. + + *) Feature: the "proxy_set_body" directive. + + *) Feature: the "post_action" directive. + + *) Feature: the ngx_http_empty_gif_module. + + *) Feature: the "worker_cpu_affinity" directive for Linux. + + *) Bugfix: the "rewrite" directive did not unescape URI part in + redirect, now it is unescaped except the %00-%25 and %7F-%FF + characters. + + *) Bugfix: nginx could not be built by the icc 9.0 compiler. + + *) Bugfix: if the SSI was enabled for zero size static file, then the + chunked response was encoded incorrectly. + Changes with nginx 0.3.9 10 Nov 2005 @@ -22,7 +55,7 @@ Changes with nginx 0.3.8 *) Feature: the "add_header" directive. - *) Feature: the ngx_http_realip_module. directives. + *) Feature: the ngx_http_realip_module. *) Feature: the new variables to use in the "log_format" directive: $bytes_sent, $apache_bytes_sent, $status, $time_gmt, $uri, diff --git a/CHANGES.ru b/CHANGES.ru --- a/CHANGES.ru +++ b/CHANGES.ru @@ -1,3 +1,36 @@ + +Изменения в nginx 0.3.10 15.11.2005 + + *) Изменение: директива valid_referers и переменная $invalid_referer + перенесены из модуля ngx_http_rewrite_module в новый модуль + ngx_http_referer_module. + + *) Изменение: имя переменной "$apache_bytes_sent" изменено на + "$body_bytes_sent". + + *) Добавление: переменные "$sent_http_...". + + *) Добавление: директива if поддерживает операции "=" и "!=". + + *) Добавление: директива proxy_pass поддерживает протокол HTTPS. + + *) Добавление: директива proxy_set_body. + + *) Добавление: директива post_action. + + *) Добавление: модуль ngx_http_empty_gif_module. + + *) Добавление: директива worker_cpu_affinity для Linux. + + *) Исправление: директива rewrite не раскодировала символы в редиректах + в URI, теперь символы раскодируются, кроме символов %00-%25 и + %7F-%FF. + + *) Исправление: nginx не собирался компилятором icc 9.0. + + *) Исправление: если для статического файла нулевого размера был + разрешён SSI, то ответ передавался неверно при кодировании chunk'ами. + Изменения в nginx 0.3.9 10.11.2005 diff --git a/auto/cc/gcc b/auto/cc/gcc --- a/auto/cc/gcc +++ b/auto/cc/gcc @@ -19,7 +19,7 @@ have=NGX_COMPILER value="\"gcc $NGX_GCC_ CC_TEST_FLAGS="-pipe" -ngx_feature="gcc -pipe switch" +ngx_feature="gcc -pipe switch" ngx_feature_name= ngx_feature_run=no ngx_feature_incs= @@ -125,7 +125,7 @@ fi CFLAGS="$CFLAGS ${NGX_GCC_OPT:-O} -W" CFLAGS="$CFLAGS -Wall -Wpointer-arith" -#CFLAGS="$CFLAGS -Wconversion" +#CFLAGS="$CFLAGS -Wconversion" #CFLAGS="$CFLAGS -Winline" diff --git a/auto/cc/icc b/auto/cc/icc --- a/auto/cc/icc +++ b/auto/cc/icc @@ -106,7 +106,7 @@ CFLAGS="$CFLAGS -wd1419" case "$NGX_ICC_VER" in 9.*) - # "cc" clobber ignored, warnings for Liunx's htons() + # "cc" clobber ignored, warnings for Liunx's htonl()/htons() CFLAGS="$CFLAGS -wd1469" # explicit conversion of a 64-bit integral type to a smaller # integral type @@ -114,19 +114,11 @@ case "$NGX_ICC_VER" in # conversion from pointer to same-sized integral type, # warning on offsetof() CFLAGS="$CFLAGS -wd1684" - - # STUB - # non-POD class type passed through ellipsis, Linux only ? - CFLAGS="$CFLAGS -wd1595" ;; 8.*) - # "cc" clobber ignored, warnings for Liunx's htons() + # "cc" clobber ignored, warnings for Liunx's htonl()/htons() CFLAGS="$CFLAGS -wd1469" - - # STUB - # non-POD class type passed through ellipsis, Linux only ? - CFLAGS="$CFLAGS -wd1595" ;; *) diff --git a/auto/cc/name b/auto/cc/name --- a/auto/cc/name +++ b/auto/cc/name @@ -5,7 +5,7 @@ echo $ngx_n "checking for C compiler ...$ngx_c" -if [ $CC = cl ]; then +if [ "$CC" = cl ]; then if `$NGX_WINE $CC -v 2>&1 \ | grep '^Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 13' \ 2>&1 >/dev/null`; then @@ -19,12 +19,12 @@ if [ $CC = cl ]; then fi else -if [ $CC = wcl386 ]; then +if [ "$CC" = wcl386 ]; then NGX_CC_NAME=owc echo " Open Watcom C compiler" else -if [ $CC = bcc32 ]; then +if [ "$CC" = bcc32 ]; then NGX_CC_NAME=bcc echo " Borland C++ compiler" diff --git a/auto/cc/owc b/auto/cc/owc --- a/auto/cc/owc +++ b/auto/cc/owc @@ -8,7 +8,7 @@ # maximize speed CFLAGS="$CFLAGS -ot" -# reorder instructions for best pipeline usage +# reorder instructions for best pipeline usage CFLAGS="$CFLAGS -op" # inline intrinsic functions CFLAGS="$CFLAGS -oi" @@ -24,7 +24,7 @@ case $CPU in CPU_OPT="-5r" # stack-based arguments passing conventions #CPU_OPT="-5s" - ;; + ;; pentiumpro) # optimize for Pentium Pro, Pentium II and Pentium III @@ -63,7 +63,7 @@ CFLAGS="$CFLAGS -zq" #have=NGX_HAVE_C99_VARIADIC_MACROS . auto/have -# the precompiled headers +# the precompiled headers CORE_DEPS="$CORE_DEPS $NGX_OBJS/ngx_config.pch" NGX_PCH="$NGX_OBJS/ngx_config.pch" NGX_BUILD_PCH="-fhq=$NGX_OBJS/ngx_config.pch" diff --git a/auto/endianess b/auto/endianess --- a/auto/endianess +++ b/auto/endianess @@ -20,7 +20,10 @@ int main() { END -eval "${CC} -o $NGX_AUTOTEST $NGX_AUTOTEST.c >> $NGX_ERR 2>&1" +ngx_test="$CC $CC_TEST_FLAGS $CC_WARN $CC_AUX_FLAGS \ + -o $NGX_AUTOTEST $NGX_AUTOTEST.c $NGX_LD_OPT $ngx_feature_libs" + +eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>&1" if [ -x $NGX_AUTOTEST ]; then if $NGX_AUTOTEST 2>&1 > /dev/null; then diff --git a/auto/include b/auto/include --- a/auto/include +++ b/auto/include @@ -43,7 +43,7 @@ if [ -x $NGX_AUTOTEST ]; then eval "NGX_INCLUDE_$ngx_name='#include <$ngx_include>'" - #STUB + #STUB eval "NGX_$ngx_name='#include <$ngx_include>'" else diff --git a/auto/lib/openssl/conf b/auto/lib/openssl/conf --- a/auto/lib/openssl/conf +++ b/auto/lib/openssl/conf @@ -8,6 +8,7 @@ if [ $OPENSSL != NONE ]; then case "$CC" in *) have=NGX_OPENSSL . auto/have + have=NGX_SSL . auto/have LINK_DEPS="$LINK_DEPS $OPENSSL/libssl.a $OPENSSL/libcrypto.a" CORE_LIBS="$CORE_LIBS $OPENSSL/libssl.a $OPENSSL/libcrypto.a" ;; @@ -34,6 +35,7 @@ else . auto/feature if [ $ngx_found = yes ]; then + have=NGX_SSL . auto/have CORE_LIBS="$CORE_LIBS $ngx_feature_libs" OPENSSL=YES diff --git a/auto/lib/pcre/conf b/auto/lib/pcre/conf --- a/auto/lib/pcre/conf +++ b/auto/lib/pcre/conf @@ -66,7 +66,7 @@ else # FreeBSD PCRE port requires --with-cc-opt="-I /usr/local/include" # --with-ld-opt="-L /usr/local/lib" - + ngx_feature="PCRE library" ngx_feature_name="NGX_PCRE" ngx_feature_run=no diff --git a/auto/modules b/auto/modules --- a/auto/modules +++ b/auto/modules @@ -65,6 +65,9 @@ fi # ngx_http_autoindex_module # ngx_http_index_module # +# ngx_http_access_module +# ngx_http_realip_module +# # # the filter order is important # ngx_http_write_filter @@ -157,6 +160,11 @@ if [ $HTTP_GEO = YES ]; then HTTP_SRCS="$HTTP_SRCS $HTTP_GEO_SRCS" fi +if [ $HTTP_REFERER = YES ]; then + HTTP_MODULES="$HTTP_MODULES $HTTP_REFERER_MODULE" + HTTP_SRCS="$HTTP_SRCS $HTTP_REFERER_SRCS" +fi + if [ $HTTP_REWRITE = YES -a $USE_PCRE != DISABLED ]; then have=NGX_HTTP_REWRITE . auto/have USE_PCRE=YES @@ -186,6 +194,11 @@ if [ $HTTP_FASTCGI = YES ]; then HTTP_SRCS="$HTTP_SRCS $HTTP_FASTCGI_SRCS" fi +if [ $HTTP_EMPTY_GIF = YES ]; then + HTTP_MODULES="$HTTP_MODULES $HTTP_EMPTY_GIF_MODULE" + HTTP_SRCS="$HTTP_SRCS $HTTP_EMPTY_GIF_SRCS" +fi + # STUB #USE_MD5=YES #HTTP_SRCS="$HTTP_SRCS $HTPP_CACHE_SRCS" @@ -243,6 +256,7 @@ fi if [ $HTTP = YES ]; then modules="$modules $HTTP_MODULES $HTTP_FILTER_MODULES \ $HTTP_HEADERS_FILTER_MODULE \ + $HTTP_AUX_FILTER_MODULES \ $HTTP_COPY_FILTER_MODULE \ $HTTP_RANGE_BODY_FILTER_MODULE \ $HTTP_NOT_MODIFIED_FILTER_MODULE" diff --git a/auto/options b/auto/options --- a/auto/options +++ b/auto/options @@ -57,9 +57,11 @@ HTTP_USERID=YES HTTP_AUTOINDEX=YES HTTP_STATUS=NO HTTP_GEO=YES +HTTP_REFERER=YES HTTP_REWRITE=YES HTTP_PROXY=YES HTTP_FASTCGI=YES +HTTP_EMPTY_GIF=YES # STUB HTTP_STUB_STATUS=NO @@ -136,9 +138,11 @@ do --without-http_autoindex_module) HTTP_AUTOINDEX=NO ;; --without-http_status_module) HTTP_STATUS=NO ;; --without-http_geo_module) HTTP_GEO=NO ;; + --without-http_referer) HTTP_REFERER=NO ;; --without-http_rewrite_module) HTTP_REWRITE=NO ;; --without-http_proxy_module) HTTP_PROXY=NO ;; --without-http_fastcgi_module) HTTP_FASTCGI=NO ;; + --without-http_epmty_gif_module) HTTP_EMPTY_GIF=NO ;; # STUB --with-http_stub_status_module) HTTP_STUB_STATUS=YES ;; diff --git a/auto/os/features b/auto/os/features --- a/auto/os/features +++ b/auto/os/features @@ -14,7 +14,7 @@ if [ -z "$NGX_GROUP" -a $NGX_USER = nobo if grep nogroup /etc/group 2>&1 >/dev/null; then echo "checking for nogroup group ... found" NGX_GROUP=nogroup - else + else echo "checking for nogroup group ... not found" NGX_GROUP=nobody fi @@ -23,7 +23,7 @@ if [ -z "$NGX_GROUP" -a $NGX_USER = nobo else NGX_GROUP=$NGX_USER fi - + ngx_feature="poll()" ngx_feature_name= @@ -31,17 +31,17 @@ ngx_feature_run=no ngx_feature_incs="#include " ngx_feature_libs= ngx_feature_test="int n, dp; struct pollfd pl; - dp = 0; + dp = 0; pl.fd = 0; pl.events = 0; pl.revents = 0; n = poll(&pl, 1, 0)" . auto/feature - + if [ $ngx_found = no ]; then EVENT_POLL=NONE fi - + ngx_feature="/dev/poll" ngx_feature_name="NGX_HAVE_DEVPOLL" diff --git a/auto/os/linux b/auto/os/linux --- a/auto/os/linux +++ b/auto/os/linux @@ -100,3 +100,15 @@ ngx_feature_incs="#include ngx_feature_libs= ngx_feature_test="if (prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) == -1) return 1" . auto/feature + + +# sched_setaffinity() + +ngx_feature="sched_setaffinity()" +ngx_feature_name="NGX_HAVE_SCHED_SETAFFINITY" +ngx_feature_run=no +ngx_feature_incs="#include " +ngx_feature_libs= +ngx_feature_test="long mask = 0; + sched_setaffinity(0, 32, &mask)" +. auto/feature diff --git a/auto/sources b/auto/sources --- a/auto/sources +++ b/auto/sources @@ -334,6 +334,10 @@ HTTP_GEO_MODULE=ngx_http_geo_module HTTP_GEO_SRCS=src/http/modules/ngx_http_geo_module.c +HTTP_REFERER_MODULE=ngx_http_referer_module +HTTP_REFERER_SRCS=src/http/modules/ngx_http_referer_module.c + + HTTP_REWRITE_MODULE=ngx_http_rewrite_module HTTP_REWRITE_SRCS=src/http/modules/ngx_http_rewrite_module.c @@ -351,6 +355,10 @@ HTTP_FASTCGI_MODULE=ngx_http_fastcgi_mod HTTP_FASTCGI_SRCS=src/http/modules/ngx_http_fastcgi_module.c +HTTP_EMPTY_GIF_MODULE=ngx_http_empty_gif_module +HTTP_EMPTY_GIF_SRCS=src/http/modules/ngx_http_empty_gif_module.c + + IMAP_INCS="src/imap" IMAP_DEPS="src/imap/ngx_imap.h" diff --git a/auto/types/sizeof b/auto/types/sizeof --- a/auto/types/sizeof +++ b/auto/types/sizeof @@ -31,7 +31,9 @@ int main() { END -ngx_test="$CC $CC_TEST_FLAGS $CC_AUX_FLAGS -o $NGX_AUTOTEST $NGX_AUTOTEST.c" +ngx_test="$CC $CC_TEST_FLAGS $CC_WARN $CC_AUX_FLAGS \ + -o $NGX_AUTOTEST $NGX_AUTOTEST.c $NGX_LD_OPT $ngx_feature_libs" + eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>&1" diff --git a/conf/nginx.conf b/conf/nginx.conf --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -3,6 +3,9 @@ worker_processes 1; #error_log logs/error.log; +#error_log logs/error.log notice; +#error_log logs/error.log info; + #pid logs/nginx.pid; @@ -15,7 +18,14 @@ http { include conf/mime.types; default_type application/octet-stream; + #log_format main '$remote_addr - $remote_user [$time_gmt] $status ' + # '"$request" $body_bytes_sent "$http_referer" ' + # '"$http_user_agent" "http_x_forwarded_for"'; + + #access_log logs/access.log main; + sendfile on; + #tcp_nopush on; #tcp_nodelay on; #keepalive_timeout 0; @@ -23,11 +33,12 @@ http { #gzip on; server { - listen 80; + listen 80; + server_name localhost; #charset koi8-r; - #access_log logs/access.log; + #access_log logs/host.access.log main; location / { root html; @@ -40,10 +51,60 @@ http { # proxy_pass http://127.0.0.1; #} + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param PATH_TRANSLATED /scripts$fastcgi_script_name; + # include conf/fastcgi_params; + #} + # deny access to .htaccess files # #location ~ /\.ht { # deny all; #} + + #error_page 404 /404.html; + #error_page 500 502 503 504 /50x.html; } + + + # another virtual host using mix of IP-, name-, and port-based configuration + # + #server { + # listen 8000; + # listen somename:8080; + # server_name somename alias another.alias; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + + + # HTTPS server + # + #server { + # listen 443; + # server_name localhost; + + # ssl on; + # ssl_certificate cert.pem; + # ssl_certificate_key cert.key; + + # ssl_session_timeout 5m; + + # ssl_protocols SSLv2 SSLv3 TLSv1; + # ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; + # ssl_prefer_server_ciphers on; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + } diff --git a/src/core/nginx.c b/src/core/nginx.c --- a/src/core/nginx.c +++ b/src/core/nginx.c @@ -17,13 +17,15 @@ static void *ngx_core_module_create_conf static char *ngx_core_module_init_conf(ngx_cycle_t *cycle, void *conf); static char *ngx_set_user(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); static char *ngx_set_priority(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); +static char *ngx_set_cpu_affinity(ngx_conf_t *cf, ngx_command_t *cmd, + void *conf); static ngx_conf_enum_t ngx_debug_points[] = { { ngx_string("stop"), NGX_DEBUG_POINTS_STOP }, { ngx_string("abort"), NGX_DEBUG_POINTS_ABORT }, { ngx_null_string, 0 } -}; +}; static ngx_command_t ngx_core_commands[] = { @@ -84,6 +86,13 @@ static ngx_command_t ngx_core_commands[ 0, NULL }, + { ngx_string("worker_cpu_affinity"), + NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_1MORE, + ngx_set_cpu_affinity, + 0, + 0, + NULL }, + { ngx_string("worker_rlimit_nofile"), NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1, ngx_conf_set_num_slot, @@ -537,6 +546,8 @@ ngx_core_module_create_conf(ngx_cycle_t * ccf->pid = NULL; * ccf->oldpid = NULL; * ccf->priority = 0; + * ccf->cpu_affinity_n = 0; + * ccf->cpu_affinity = NULL; */ ccf->daemon = NGX_CONF_UNSET; @@ -578,10 +589,26 @@ ngx_core_module_init_conf(ngx_cycle_t *c ngx_conf_init_value(ccf->worker_processes, 1); ngx_conf_init_value(ccf->debug_points, 0); +#if (NGX_HAVE_SCHED_SETAFFINITY) + + if (ccf->cpu_affinity_n + && ccf->cpu_affinity_n != 1 + && ccf->cpu_affinity_n != (ngx_uint_t) ccf->worker_processes) + { + ngx_log_error(NGX_LOG_WARN, cycle->log, 0, + "number of the \"worker_processes\" is not equal to " + "the number of the \"worker_cpu_affinity\" mask, " + "using last mask for remaining worker processes"); + } + +#endif + #if (NGX_THREADS) + ngx_conf_init_value(ccf->worker_threads, 0); ngx_threads_n = ccf->worker_threads; ngx_conf_init_size_value(ccf->thread_stack_size, 2 * 1024 * 1024); + #endif #if !(NGX_WIN32) @@ -732,3 +759,95 @@ ngx_set_priority(ngx_conf_t *cf, ngx_com return NGX_CONF_OK; } + + +static char * +ngx_set_cpu_affinity(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +{ +#if (NGX_HAVE_SCHED_SETAFFINITY) + ngx_core_conf_t *ccf = conf; + + u_char ch; + u_long *mask; + ngx_str_t *value; + ngx_uint_t i, n; + + if (ccf->cpu_affinity) { + return "is duplicate"; + } + + mask = ngx_palloc(cf->pool, (cf->args->nelts - 1) * sizeof(long)); + if (mask == NULL) { + return NGX_CONF_ERROR; + } + + ccf->cpu_affinity_n = cf->args->nelts - 1; + ccf->cpu_affinity = mask; + + value = cf->args->elts; + + for (n = 1; n < cf->args->nelts; n++) { + + if (value[n].len > 32) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "\"worker_cpu_affinity\" supports up to 32 CPU only"); + return NGX_CONF_ERROR; + } + + mask[n - 1] = 0; + + for (i = 0; i < value[n].len; i++) { + + ch = value[n].data[i]; + + if (ch == ' ') { + continue; + } + + mask[n - 1] <<= 1; + + if (ch == '0') { + continue; + } + + if (ch == '1') { + mask[n - 1] |= 1; + continue; + } + + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "invalid character \"%c\" in \"worker_cpu_affinity\"", + ch); + return NGX_CONF_ERROR ; + } + } + +#else + + ngx_conf_log_error(NGX_LOG_WARN, cf, 0, + "\"worker_cpu_affinity\" is not supported " + "on this platform, ignored"); +#endif + + return NGX_CONF_OK; +} + + +u_long +ngx_get_cpu_affinity(ngx_uint_t n) +{ + ngx_core_conf_t *ccf; + + ccf = (ngx_core_conf_t *) ngx_get_conf(ngx_cycle->conf_ctx, + ngx_core_module); + + if (ccf->cpu_affinity == NULL) { + return 0; + } + + if (ccf->cpu_affinity_n > n) { + return ccf->cpu_affinity[n]; + } + + return ccf->cpu_affinity[ccf->cpu_affinity_n - 1]; +} diff --git a/src/core/nginx.h b/src/core/nginx.h --- a/src/core/nginx.h +++ b/src/core/nginx.h @@ -8,7 +8,7 @@ #define _NGINX_H_INCLUDED_ -#define NGINX_VER "nginx/0.3.9" +#define NGINX_VER "nginx/0.3.10" #define NGINX_VAR "NGINX" #define NGX_OLDPID_EXT ".oldbin" diff --git a/src/core/ngx_conf_file.h b/src/core/ngx_conf_file.h --- a/src/core/ngx_conf_file.h +++ b/src/core/ngx_conf_file.h @@ -147,7 +147,7 @@ typedef struct { ngx_str_t name; void *(*create_conf)(ngx_cycle_t *cycle); char *(*init_conf)(ngx_cycle_t *cycle, void *conf); -} ngx_core_module_t; +} ngx_core_module_t; typedef struct { diff --git a/src/core/ngx_connection.c b/src/core/ngx_connection.c --- a/src/core/ngx_connection.c +++ b/src/core/ngx_connection.c @@ -467,7 +467,7 @@ ngx_configure_listening_socket(ngx_cycle } } - if (ls->add_deferred) { + if (ls->add_deferred) { ls->deferred_accept = 1; } @@ -625,11 +625,11 @@ ngx_close_connection(ngx_connection_t *c if (c->read->timer_set) { ngx_del_timer(c->read); } - + if (c->write->timer_set) { ngx_del_timer(c->write); } - + if (ngx_del_conn) { ngx_del_conn(c, NGX_CLOSE_EVENT); diff --git a/src/core/ngx_connection.h b/src/core/ngx_connection.h --- a/src/core/ngx_connection.h +++ b/src/core/ngx_connection.h @@ -102,6 +102,7 @@ struct ngx_connection_s { ngx_recv_pt recv; ngx_send_pt send; + ngx_recv_chain_pt recv_chain; ngx_send_chain_pt send_chain; ngx_listening_t *listening; @@ -120,7 +121,7 @@ struct ngx_connection_s { socklen_t socklen; ngx_str_t addr_text; -#if (NGX_OPENSSL) +#if (NGX_SSL) ngx_ssl_connection_t *ssl; #endif diff --git a/src/core/ngx_core.h b/src/core/ngx_core.h --- a/src/core/ngx_core.h +++ b/src/core/ngx_core.h @@ -12,7 +12,7 @@ typedef struct ngx_module_s ngx_mod typedef struct ngx_conf_s ngx_conf_t; typedef struct ngx_cycle_s ngx_cycle_t; typedef struct ngx_pool_s ngx_pool_t; -typedef struct ngx_chain_s ngx_chain_t; +typedef struct ngx_chain_s ngx_chain_t; typedef struct ngx_log_s ngx_log_t; typedef struct ngx_array_s ngx_array_t; typedef struct ngx_open_file_s ngx_open_file_t; diff --git a/src/core/ngx_cycle.c b/src/core/ngx_cycle.c --- a/src/core/ngx_cycle.c +++ b/src/core/ngx_cycle.c @@ -615,7 +615,7 @@ ngx_create_pidfile(ngx_cycle_t *cycle, n /* * do not create the pid file in the first ngx_init_cycle() call - * because we need to write the demonized process pid + * because we need to write the demonized process pid */ return NGX_OK; @@ -674,7 +674,7 @@ ngx_create_pidfile(ngx_cycle_t *cycle, n void ngx_delete_pidfile(ngx_cycle_t *cycle) -{ +{ u_char *name; ngx_core_conf_t *ccf; diff --git a/src/core/ngx_cycle.h b/src/core/ngx_cycle.h --- a/src/core/ngx_cycle.h +++ b/src/core/ngx_cycle.h @@ -64,6 +64,9 @@ typedef struct { int priority; + ngx_uint_t cpu_affinity_n; + u_long *cpu_affinity; + char *username; ngx_uid_t user; ngx_gid_t group; @@ -91,6 +94,7 @@ ngx_int_t ngx_create_pidfile(ngx_cycle_t void ngx_delete_pidfile(ngx_cycle_t *cycle); void ngx_reopen_files(ngx_cycle_t *cycle, ngx_uid_t user); ngx_pid_t ngx_exec_new_binary(ngx_cycle_t *cycle, char *const *argv); +u_long ngx_get_cpu_affinity(ngx_uint_t n); extern volatile ngx_cycle_t *ngx_cycle; diff --git a/src/core/ngx_inet.c b/src/core/ngx_inet.c --- a/src/core/ngx_inet.c +++ b/src/core/ngx_inet.c @@ -326,7 +326,7 @@ ngx_inet_upstream_parse(ngx_conf_t *cf, peers->peer[i].socklen = sizeof(struct sockaddr_in); len = INET_ADDRSTRLEN - 1 + 1 + u->port_text.len; - + peers->peer[i].name.data = ngx_palloc(cf->pool, len); if (peers->peer[i].name.data == NULL) { return NULL; diff --git a/src/core/ngx_log.c b/src/core/ngx_log.c --- a/src/core/ngx_log.c +++ b/src/core/ngx_log.c @@ -26,7 +26,7 @@ static ngx_command_t ngx_errlog_command static ngx_core_module_t ngx_errlog_module_ctx = { ngx_string("errlog"), - NULL, + NULL, NULL }; diff --git a/src/core/ngx_output_chain.c b/src/core/ngx_output_chain.c --- a/src/core/ngx_output_chain.c +++ b/src/core/ngx_output_chain.c @@ -473,7 +473,8 @@ ngx_chain_writer(void *data, ngx_chain_t return NGX_OK; } - ctx->out = ngx_send_chain(ctx->connection, ctx->out, ctx->limit); + ctx->out = ctx->connection->send_chain(ctx->connection, ctx->out, + ctx->limit); ngx_log_debug1(NGX_LOG_DEBUG_CORE, ctx->connection->log, 0, "chain writer out: %p", ctx->out); diff --git a/src/core/ngx_string.c b/src/core/ngx_string.c --- a/src/core/ngx_string.c +++ b/src/core/ngx_string.c @@ -928,3 +928,111 @@ ngx_escape_uri(u_char *dst, u_char *src, return (uintptr_t) dst; } + + +void +ngx_unescape_uri(u_char **dst, u_char **src, size_t size) +{ + u_char *d, *s, ch, c, decoded; + enum { + sw_usual = 0, + sw_quoted, + sw_quoted_second + } state; + + d = *dst; + s = *src; + + state = 0; + decoded = 0; + + while (size--) { + + ch = *s++; + + switch (state) { + case sw_usual: + if (ch == '?') { + *d++ = ch; + goto done; + } + + if (ch == '%') { + state = sw_quoted; + break; + } + + *d++ = ch; + break; + + case sw_quoted: + + if (ch >= '0' && ch <= '9') { + decoded = (u_char) (ch - '0'); + state = sw_quoted_second; + break; + } + + c = (u_char) (ch | 0x20); + if (c >= 'a' && c <= 'f') { + decoded = (u_char) (c - 'a' + 10); + state = sw_quoted_second; + break; + } + + /* skip the invalid quoted character */ + + s++; + size--; + + break; + + case sw_quoted_second: + + if (ch >= '0' && ch <= '9') { + ch = (u_char) ((decoded << 4) + ch - '0'); + + state = sw_usual; + + if (ch > '%' && ch < 0x7f) { + *d++ = ch; + break; + } + + *d++ = '%'; *d++ = *(s - 2); *d++ = *(s - 1); + + break; + } + + c = (u_char) (ch | 0x20); + if (c >= 'a' && c <= 'f') { + ch = (u_char) ((decoded << 4) + c - 'a' + 10); + + if (ch == '?') { + *d++ = ch; + goto done; + } + + state = sw_usual; + + if (ch > '%' && ch < 0x7f) { + *d++ = ch; + break; + } + + *d++ = '%'; *d++ = *(s - 2); *d++ = *(s - 1); + + break; + } + + /* skip the invalid quoted character */ + + break; + } + } + +done: + + *dst = d; + *src = s; +} diff --git a/src/core/ngx_string.h b/src/core/ngx_string.h --- a/src/core/ngx_string.h +++ b/src/core/ngx_string.h @@ -141,6 +141,7 @@ u_char * ngx_utf_cpystrn(u_char *dst, u_ uintptr_t ngx_escape_uri(u_char *dst, u_char *src, size_t size, ngx_uint_t type); +void ngx_unescape_uri(u_char **dst, u_char **src, size_t size); #define ngx_qsort qsort diff --git a/src/event/modules/ngx_devpoll_module.c b/src/event/modules/ngx_devpoll_module.c --- a/src/event/modules/ngx_devpoll_module.c +++ b/src/event/modules/ngx_devpoll_module.c @@ -374,10 +374,10 @@ ngx_devpoll_process_events(ngx_cycle_t * ngx_event_timer_alarm = 0; return NGX_OK; } - + level = NGX_LOG_INFO; - - } else { + + } else { level = NGX_LOG_ALERT; } @@ -434,7 +434,7 @@ ngx_devpoll_process_events(ngx_cycle_t * /* * if the error events were returned without POLLIN or POLLOUT, * then add these flags to handle the events at least in one - * active handler + * active handler */ revents |= POLLIN|POLLOUT; diff --git a/src/event/modules/ngx_epoll_module.c b/src/event/modules/ngx_epoll_module.c --- a/src/event/modules/ngx_epoll_module.c +++ b/src/event/modules/ngx_epoll_module.c @@ -418,10 +418,10 @@ ngx_epoll_process_events(ngx_cycle_t *cy ngx_event_timer_alarm = 0; return NGX_OK; } - + level = NGX_LOG_INFO; - - } else { + + } else { level = NGX_LOG_ALERT; } @@ -471,7 +471,7 @@ ngx_epoll_process_events(ngx_cycle_t *cy ngx_log_debug3(NGX_LOG_DEBUG_EVENT, log, 0, "epoll: fd:%d ev:%04XD d:%p", - c->fd, revents, event_list[i].data); + c->fd, revents, event_list[i].data.ptr); if (revents & (EPOLLERR|EPOLLHUP)) { ngx_log_debug2(NGX_LOG_DEBUG_EVENT, log, 0, diff --git a/src/event/modules/ngx_poll_module.c b/src/event/modules/ngx_poll_module.c --- a/src/event/modules/ngx_poll_module.c +++ b/src/event/modules/ngx_poll_module.c @@ -280,10 +280,10 @@ ngx_poll_process_events(ngx_cycle_t *cyc ngx_event_timer_alarm = 0; return NGX_OK; } - + level = NGX_LOG_INFO; - - } else { + + } else { level = NGX_LOG_ALERT; } @@ -388,7 +388,7 @@ ngx_poll_process_events(ngx_cycle_t *cyc queue = (ngx_event_t **) (ev->accept ? &ngx_posted_accept_events: &ngx_posted_events); - ngx_locked_post_event(ev, queue); + ngx_locked_post_event(ev, queue); } if (revents & POLLOUT) { diff --git a/src/event/modules/ngx_rtsig_module.c b/src/event/modules/ngx_rtsig_module.c --- a/src/event/modules/ngx_rtsig_module.c +++ b/src/event/modules/ngx_rtsig_module.c @@ -327,7 +327,7 @@ ngx_rtsig_process_events(ngx_cycle_t *cy if (timer != NGX_TIMER_INFINITE) { return NGX_AGAIN; } - + ngx_log_error(NGX_LOG_ALERT, cycle->log, err, "sigtimedwait() returned EAGAIN without timeout"); return NGX_ERROR; @@ -390,7 +390,7 @@ ngx_rtsig_process_events(ngx_cycle_t *cy ngx_locked_post_event(rev, queue); - } else { + } else { rev->handler(rev); } } diff --git a/src/event/modules/ngx_select_module.c b/src/event/modules/ngx_select_module.c --- a/src/event/modules/ngx_select_module.c +++ b/src/event/modules/ngx_select_module.c @@ -353,10 +353,10 @@ ngx_select_process_events(ngx_cycle_t *c ngx_event_timer_alarm = 0; return NGX_OK; } - + level = NGX_LOG_INFO; - - } else { + + } else { level = NGX_LOG_ALERT; } @@ -405,7 +405,7 @@ ngx_select_process_events(ngx_cycle_t *c queue = (ngx_event_t **) (ev->accept ? &ngx_posted_accept_events: &ngx_posted_events); - ngx_locked_post_event(ev, queue); + ngx_locked_post_event(ev, queue); nready++; } diff --git a/src/event/ngx_event.c b/src/event/ngx_event.c --- a/src/event/ngx_event.c +++ b/src/event/ngx_event.c @@ -87,12 +87,12 @@ static ngx_command_t ngx_events_command ngx_null_command }; - + static ngx_core_module_t ngx_events_module_ctx = { ngx_string("events"), NULL, NULL -}; +}; ngx_module_t ngx_events_module = { @@ -280,7 +280,7 @@ ngx_int_t ngx_handle_read_event(ngx_event_t *rev, u_int flags) { if (ngx_event_flags & NGX_USE_CLEAR_EVENT) { - + /* kqueue, epoll */ if (!rev->active && !rev->ready) { @@ -290,7 +290,7 @@ ngx_handle_read_event(ngx_event_t *rev, return NGX_ERROR; } } - + return NGX_OK; } else if (ngx_event_flags & NGX_USE_LEVEL_EVENT) { @@ -328,7 +328,7 @@ ngx_handle_read_event(ngx_event_t *rev, return NGX_ERROR; } } - + return NGX_OK; } @@ -401,7 +401,7 @@ ngx_handle_write_event(ngx_event_t *wev, return NGX_ERROR; } } - + return NGX_OK; } @@ -613,7 +613,7 @@ ngx_event_process_init(ngx_cycle_t *cycl if (setitimer(ITIMER_REAL, &itv, NULL) == -1) { ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno, "setitimer() failed"); - } + } } if (ngx_event_flags & NGX_USE_FD_EVENT) { @@ -809,7 +809,7 @@ ngx_send_lowat(ngx_connection_t *c, size } #endif - + if (lowat == 0 || c->sndlowat) { return NGX_OK; } diff --git a/src/event/ngx_event_accept.c b/src/event/ngx_event_accept.c --- a/src/event/ngx_event_accept.c +++ b/src/event/ngx_event_accept.c @@ -142,6 +142,7 @@ ngx_event_accept(ngx_event_t *ev) c->recv = ngx_recv; c->send = ngx_send; + c->recv_chain = ngx_recv_chain; c->send_chain = ngx_send_chain; c->log = log; @@ -206,7 +207,7 @@ ngx_event_accept(ngx_event_t *ev) ngx_close_accepted_connection(c); return; } - + c->addr_text.len = ngx_sock_ntop(ls->family, c->sockaddr, c->addr_text.data, ls->addr_text_max_len); diff --git a/src/event/ngx_event_connect.c b/src/event/ngx_event_connect.c --- a/src/event/ngx_event_connect.c +++ b/src/event/ngx_event_connect.c @@ -173,6 +173,7 @@ ngx_event_connect_peer(ngx_peer_connecti c->recv = ngx_recv; c->send = ngx_send; + c->recv_chain = ngx_recv_chain; c->send_chain = ngx_send_chain; c->log_error = pc->log_error; @@ -212,7 +213,7 @@ ngx_event_connect_peer(ngx_peer_connecti if (ngx_add_conn(c) == NGX_ERROR) { return NGX_ERROR; } - } + } ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pc->log, 0, "connect to %V, fd:%d #%d", &peer->name, s, c->number); @@ -246,7 +247,7 @@ ngx_event_connect_peer(ngx_peer_connecti return NGX_AGAIN; } - + ngx_log_debug0(NGX_LOG_DEBUG_EVENT, pc->log, 0, "connected"); wev->ready = 1; @@ -270,10 +271,10 @@ ngx_event_connect_peer(ngx_peer_connecti /* * FreeBSD's aio allows to post an operation on non-connected socket. * NT does not support it. - * + * * TODO: check in Win32, etc. As workaround we can use NGX_ONESHOT_EVENT */ - + rev->ready = 1; wev->ready = 1; diff --git a/src/event/ngx_event_connect.h b/src/event/ngx_event_connect.h --- a/src/event/ngx_event_connect.h +++ b/src/event/ngx_event_connect.h @@ -27,6 +27,10 @@ typedef struct { ngx_uint_t max_fails; time_t fail_timeout; + +#if (NGX_SSL) + ngx_ssl_session_t *ssl_session; +#endif } ngx_peer_t; diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -18,6 +18,7 @@ static void ngx_ssl_handshake_handler(ng static ngx_int_t ngx_ssl_handle_recv(ngx_connection_t *c, int n); static void ngx_ssl_write_handler(ngx_event_t *wev); static void ngx_ssl_read_handler(ngx_event_t *rev); +static void ngx_ssl_shutdown_handler(ngx_event_t *ev); static void ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err, char *text); static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); @@ -51,7 +52,7 @@ static ngx_core_module_t ngx_openssl_mo ngx_string("openssl"), ngx_openssl_create_conf, ngx_openssl_init_conf -}; +}; ngx_module_t ngx_openssl_module = { @@ -99,19 +100,20 @@ ngx_ssl_init(ngx_log_t *log) ngx_int_t ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols) { - ssl->ctx = SSL_CTX_new(SSLv23_server_method()); + ssl->ctx = SSL_CTX_new(SSLv23_method()); if (ssl->ctx == NULL) { ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "SSL_CTX_new() failed"); return NGX_ERROR; } - /* - * these options are needed on client side only: - * SSL_OP_MICROSOFT_SESS_ID_BUG - * SSL_OP_NETSCAPE_CHALLENGE_BUG - * SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - */ + /* client side options */ + + SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_SESS_ID_BUG); + SSL_CTX_set_options(ssl->ctx, SSL_OP_NETSCAPE_CHALLENGE_BUG); + SSL_CTX_set_options(ssl->ctx, SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG); + + /* server side options */ SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG); SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER); @@ -195,7 +197,7 @@ ngx_ssl_generate_rsa512_key(ngx_ssl_t *s ngx_int_t ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags) -{ +{ ngx_ssl_connection_t *sc; sc = ngx_pcalloc(c->pool, sizeof(ngx_ssl_connection_t)); @@ -224,7 +226,12 @@ ngx_ssl_create_connection(ngx_ssl_t *ssl return NGX_ERROR; } - SSL_set_accept_state(sc->connection); + if (flags & NGX_SSL_CLIENT) { + SSL_set_connect_state(sc->connection); + + } else { + SSL_set_accept_state(sc->connection); + } c->ssl = sc; @@ -233,6 +240,20 @@ ngx_ssl_create_connection(ngx_ssl_t *ssl ngx_int_t +ngx_ssl_set_session(ngx_connection_t *c, ngx_ssl_session_t *session) +{ + if (session) { + if (SSL_set_session(c->ssl->connection, session) == 0) { + ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_session() failed"); + return NGX_ERROR; + } + } + + return NGX_OK; +} + + +ngx_int_t ngx_ssl_handshake(ngx_connection_t *c) { int n, sslerr; @@ -240,7 +261,7 @@ ngx_ssl_handshake(ngx_connection_t *c) n = SSL_do_handshake(c->ssl->connection); - ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); + ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); if (n == 1) { @@ -282,7 +303,7 @@ ngx_ssl_handshake(ngx_connection_t *c) ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL: %s, cipher: \"%s\"", - SSL_get_version(c->ssl->connection), &buf[1]); + SSL_get_version(c->ssl->connection), &buf[1]); if (SSL_session_reused(c->ssl->connection)) { ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, @@ -291,7 +312,7 @@ ngx_ssl_handshake(ngx_connection_t *c) } else { ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, - "SSL no shared ciphers"); + "SSL no shared ciphers"); } } #endif @@ -300,7 +321,8 @@ ngx_ssl_handshake(ngx_connection_t *c) c->recv = ngx_ssl_recv; c->send = ngx_ssl_write; - c->send_chain = ngx_ssl_send_chain; + c->recv_chain = ngx_ssl_recv_chain; + c->send_chain = ngx_ssl_send_chain; return NGX_OK; } @@ -338,7 +360,7 @@ ngx_ssl_handshake(ngx_connection_t *c) if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) { ngx_log_error(NGX_LOG_INFO, c->log, err, - "client closed connection in SSL handshake"); + "peer closed connection in SSL handshake"); return NGX_ERROR; } @@ -357,7 +379,7 @@ ngx_ssl_handshake_handler(ngx_event_t *e c = ev->data; ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, - "ssl handshake handler: %d", ev->write); + "SSL handshake handler: %d", ev->write); if (ngx_ssl_handshake(c) == NGX_AGAIN) { return; @@ -368,6 +390,41 @@ ngx_ssl_handshake_handler(ngx_event_t *e ssize_t +ngx_ssl_recv_chain(ngx_connection_t *c, ngx_chain_t *cl) +{ + ssize_t n, bytes; + ngx_buf_t *b; + + bytes = 0; + + while (cl) { + b = cl->buf; + + n = ngx_ssl_recv(c, b->last, b->end - b->last); + + if (n > 0) { + b->last += n; + bytes += n; + + if (b->last == b->end) { + cl = cl->next; + } + + continue; + } + + if (bytes) { + return bytes; + } + + return n; + } + + return bytes; +} + + +ssize_t ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size) { int n, bytes; @@ -376,6 +433,10 @@ ngx_ssl_recv(ngx_connection_t *c, u_char return NGX_ERROR; } + if (c->ssl->last == NGX_DONE) { + return 0; + } + bytes = 0; /* @@ -387,7 +448,7 @@ ngx_ssl_recv(ngx_connection_t *c, u_char n = SSL_read(c->ssl->connection, buf, size); - ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_read: %d", n); + ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_read: %d", n); if (n > 0) { bytes += n; @@ -399,10 +460,13 @@ ngx_ssl_recv(ngx_connection_t *c, u_char if (bytes) { return bytes; + } - } else { - return c->ssl->last; + if (c->ssl->last == NGX_DONE) { + return 0; } + + return c->ssl->last; } size -= n; @@ -454,7 +518,7 @@ ngx_ssl_handle_recv(ngx_connection_t *c, if (sslerr == SSL_ERROR_WANT_WRITE) { ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client started SSL renegotiation"); + "peer started SSL renegotiation"); c->write->ready = 0; @@ -478,9 +542,9 @@ ngx_ssl_handle_recv(ngx_connection_t *c, c->ssl->no_send_shutdown = 1; if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) { - ngx_log_error(NGX_LOG_INFO, c->log, err, "client closed connection"); - - return NGX_ERROR; + ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, + "peer shutdown SSL cleanly"); + return NGX_DONE; } ngx_ssl_connection_error(c, sslerr, err, "SSL_read() failed"); @@ -516,28 +580,38 @@ ngx_ssl_send_chain(ngx_connection_t *c, ssize_t send, size; ngx_buf_t *buf; - buf = c->ssl->buf; - - if (in && in->next == NULL && !c->buffered && !c->ssl->buffer) { + if (!c->ssl->buffer || (in && in->next == NULL && !c->buffered)) { /* - * we avoid a buffer copy if the incoming buf is a single, - * our buffer is empty, and we do not need to buffer the output + * we avoid a buffer copy if + * we do not need to buffer the output + * or the incoming buf is a single and our buffer is empty */ - n = ngx_ssl_write(c, in->buf->pos, in->buf->last - in->buf->pos); + while (in) { + if (ngx_buf_special(in->buf)) { + in = in->next; + continue; + } - if (n == NGX_ERROR) { - return NGX_CHAIN_ERROR; - } + n = ngx_ssl_write(c, in->buf->pos, in->buf->last - in->buf->pos); + + if (n == NGX_ERROR) { + return NGX_CHAIN_ERROR; + } - if (n == NGX_AGAIN) { - c->buffered = 1; - return in; + if (n == NGX_AGAIN) { + c->buffered = 1; + return in; + } + + in->buf->pos += n; + + if (in->buf->pos == in->buf->last) { + in = in->next; + } } - in->buf->pos += n; - return in; } @@ -549,6 +623,7 @@ ngx_ssl_send_chain(ngx_connection_t *c, } + buf = c->ssl->buf; send = 0; flush = (in == NULL) ? 1 : 0; @@ -576,7 +651,7 @@ ngx_ssl_send_chain(ngx_connection_t *c, */ if (send + size > limit) { - size = limit - send; + size = (ssize_t) (limit - send); flush = 1; } @@ -588,6 +663,7 @@ ngx_ssl_send_chain(ngx_connection_t *c, buf->last += size; in->buf->pos += size; + if (in->buf->pos == in->buf->last) { in = in->next; } @@ -678,7 +754,7 @@ ngx_ssl_write(ngx_connection_t *c, u_cha if (sslerr == SSL_ERROR_WANT_READ) { ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client started SSL renegotiation"); + "peer started SSL renegotiation"); c->read->ready = 0; @@ -725,7 +801,7 @@ ngx_ssl_shutdown(ngx_connection_t *c) int n, sslerr, mode; ngx_uint_t again; - if (c->read->timedout) { + if (c->timedout) { mode = SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN; } else { @@ -752,7 +828,7 @@ ngx_ssl_shutdown(ngx_connection_t *c) ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_shutdown: %d", n); - if (n == 1 || (n == 0 && c->read->timedout)) { + if (n == 1 || (n == 0 && c->timedout)) { SSL_free(c->ssl->connection); c->ssl = NULL; @@ -778,6 +854,8 @@ ngx_ssl_shutdown(ngx_connection_t *c) ngx_add_timer(c->read, 30000); + c->read->handler = ngx_ssl_shutdown_handler; + if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { return NGX_ERROR; } @@ -787,6 +865,8 @@ ngx_ssl_shutdown(ngx_connection_t *c) if (sslerr == SSL_ERROR_WANT_WRITE) { + c->write->handler = ngx_ssl_shutdown_handler; + if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { return NGX_ERROR; } @@ -804,6 +884,29 @@ ngx_ssl_shutdown(ngx_connection_t *c) static void +ngx_ssl_shutdown_handler(ngx_event_t *ev) +{ + ngx_connection_t *c; + ngx_connection_handler_pt handler; + + c = ev->data; + handler = c->ssl->handler; + + if (ev->timedout) { + c->timedout = 1; + } + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, ev->log, 0, "SSL shutdown handler"); + + if (ngx_ssl_shutdown(c) == NGX_AGAIN) { + return; + } + + handler(c); +} + + +static void ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err, char *text) { @@ -842,7 +945,7 @@ ngx_ssl_connection_error(ngx_connection_ void ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...) -{ +{ u_long n; va_list args; u_char errstr[NGX_MAX_CONF_ERRSTR], *p, *last; @@ -887,18 +990,18 @@ static void * ngx_openssl_create_conf(ngx_cycle_t *cycle) { ngx_openssl_conf_t *oscf; - + oscf = ngx_pcalloc(cycle->pool, sizeof(ngx_openssl_conf_t)); if (oscf == NULL) { return NGX_CONF_ERROR; } - + /* * set by ngx_pcalloc(): - * + * * oscf->engine.len = 0; * oscf->engine.data = NULL; - */ + */ return oscf; } @@ -915,7 +1018,7 @@ ngx_openssl_init_conf(ngx_cycle_t *cycle if (oscf->engine.len == 0) { return NGX_CONF_OK; } - + engine = ENGINE_by_id((const char *) oscf->engine.data); if (engine == NULL) { diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h --- a/src/event/ngx_event_openssl.h +++ b/src/event/ngx_event_openssl.h @@ -46,12 +46,16 @@ typedef struct { } ngx_ssl_connection_t; +#define ngx_ssl_session_t SSL_SESSION + + #define NGX_SSL_SSLv2 2 #define NGX_SSL_SSLv3 4 #define NGX_SSL_TLSv1 8 #define NGX_SSL_BUFFER 1 +#define NGX_SSL_CLIENT 2 #define NGX_SSL_BUFSIZE 16384 @@ -63,9 +67,15 @@ ngx_int_t ngx_ssl_certificate(ngx_conf_t ngx_int_t ngx_ssl_generate_rsa512_key(ngx_ssl_t *ssl); ngx_int_t ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags); + +ngx_int_t ngx_ssl_set_session(ngx_connection_t *c, ngx_ssl_session_t *session); +#define ngx_ssl_get_session(c) SSL_get1_session(c->ssl->connection) +#define ngx_ssl_free_session SSL_SESSION_free + ngx_int_t ngx_ssl_handshake(ngx_connection_t *c); ssize_t ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size); ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size); +ssize_t ngx_ssl_recv_chain(ngx_connection_t *c, ngx_chain_t *cl); ngx_chain_t *ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit); ngx_int_t ngx_ssl_shutdown(ngx_connection_t *c); diff --git a/src/event/ngx_event_pipe.c b/src/event/ngx_event_pipe.c --- a/src/event/ngx_event_pipe.c +++ b/src/event/ngx_event_pipe.c @@ -20,7 +20,8 @@ static ngx_inline void ngx_event_pipe_fr static ngx_int_t ngx_event_pipe_drain_chains(ngx_event_pipe_t *p); -ngx_int_t ngx_event_pipe(ngx_event_pipe_t *p, int do_write) +ngx_int_t +ngx_event_pipe(ngx_event_pipe_t *p, int do_write) { u_int flags; ngx_event_t *rev, *wev; @@ -79,7 +80,8 @@ ngx_int_t ngx_event_pipe(ngx_event_pipe_ } -static ngx_int_t ngx_event_pipe_read_upstream(ngx_event_pipe_t *p) +static ngx_int_t +ngx_event_pipe_read_upstream(ngx_event_pipe_t *p) { ssize_t n, size; ngx_int_t rc; @@ -123,7 +125,7 @@ static ngx_int_t ngx_event_pipe_read_ups /* * kqueue notifies about the end of file or a pending error. * This test allows not to allocate a buf on these conditions - * and not to call ngx_recv_chain(). + * and not to call c->recv_chain(). */ if (p->upstream->read->available == 0 @@ -221,7 +223,7 @@ static ngx_int_t ngx_event_pipe_read_ups && p->upstream->read->ready) { if (ngx_del_event(p->upstream->read, NGX_READ_EVENT, 0) - == NGX_ERROR) + == NGX_ERROR) { return NGX_ABORT; } @@ -246,11 +248,11 @@ static ngx_int_t ngx_event_pipe_read_ups ngx_log_debug0(NGX_LOG_DEBUG_EVENT, p->log, 0, "no pipe bufs to read in"); - + break; } - n = ngx_recv_chain(p->upstream, chain); + n = p->upstream->recv_chain(p->upstream, chain); ngx_log_debug1(NGX_LOG_DEBUG_EVENT, p->log, 0, "pipe recv chain: %z", n); @@ -382,7 +384,7 @@ static ngx_int_t ngx_event_pipe_read_ups if (p->free_bufs) { for (cl = p->free_raw_bufs; cl; cl = cl->next) { if (cl->buf->shadow == NULL) { - ngx_pfree(p->pool, cl->buf->start); + ngx_pfree(p->pool, cl->buf->start); } } } @@ -398,7 +400,8 @@ static ngx_int_t ngx_event_pipe_read_ups } -static ngx_int_t ngx_event_pipe_write_to_downstream(ngx_event_pipe_t *p) +static ngx_int_t +ngx_event_pipe_write_to_downstream(ngx_event_pipe_t *p) { size_t bsize; ngx_uint_t flush; @@ -578,7 +581,8 @@ static ngx_int_t ngx_event_pipe_write_to } -static ngx_int_t ngx_event_pipe_write_chain_to_temp_file(ngx_event_pipe_t *p) +static ngx_int_t +ngx_event_pipe_write_chain_to_temp_file(ngx_event_pipe_t *p) { ssize_t size, bsize; ngx_buf_t *b; @@ -704,7 +708,8 @@ static ngx_int_t ngx_event_pipe_write_ch /* the copy input filter */ -ngx_int_t ngx_event_pipe_copy_input_filter(ngx_event_pipe_t *p, ngx_buf_t *buf) +ngx_int_t +ngx_event_pipe_copy_input_filter(ngx_event_pipe_t *p, ngx_buf_t *buf) { ngx_buf_t *b; ngx_chain_t *cl; @@ -754,7 +759,8 @@ ngx_int_t ngx_event_pipe_copy_input_filt } -static ngx_inline void ngx_event_pipe_remove_shadow_links(ngx_buf_t *buf) +static ngx_inline void +ngx_event_pipe_remove_shadow_links(ngx_buf_t *buf) { ngx_buf_t *b, *next; @@ -784,8 +790,8 @@ static ngx_inline void ngx_event_pipe_re } -static ngx_inline void ngx_event_pipe_free_shadow_raw_buf(ngx_chain_t **free, - ngx_buf_t *buf) +static ngx_inline void +ngx_event_pipe_free_shadow_raw_buf(ngx_chain_t **free, ngx_buf_t *buf) { ngx_buf_t *s; ngx_chain_t *cl, **ll; @@ -813,7 +819,8 @@ static ngx_inline void ngx_event_pipe_fr } -ngx_int_t ngx_event_pipe_add_free_buf(ngx_event_pipe_t *p, ngx_buf_t *b) +ngx_int_t +ngx_event_pipe_add_free_buf(ngx_event_pipe_t *p, ngx_buf_t *b) { ngx_chain_t *cl; @@ -854,7 +861,8 @@ ngx_int_t ngx_event_pipe_add_free_buf(ng } -static ngx_int_t ngx_event_pipe_drain_chains(ngx_event_pipe_t *p) +static ngx_int_t +ngx_event_pipe_drain_chains(ngx_event_pipe_t *p) { ngx_chain_t *cl, *tl; diff --git a/src/http/modules/ngx_http_autoindex_module.c b/src/http/modules/ngx_http_autoindex_module.c --- a/src/http/modules/ngx_http_autoindex_module.c +++ b/src/http/modules/ngx_http_autoindex_module.c @@ -98,7 +98,7 @@ ngx_http_module_t ngx_http_autoindex_mo ngx_module_t ngx_http_autoindex_module = { NGX_MODULE_V1, - &ngx_http_autoindex_module_ctx, /* module context */ + &ngx_http_autoindex_module_ctx, /* module context */ ngx_http_autoindex_commands, /* module directives */ NGX_HTTP_MODULE, /* module type */ NULL, /* init master */ @@ -248,7 +248,7 @@ ngx_http_autoindex_handler(ngx_http_requ return ngx_http_autoindex_error(r, &dir, &path); } - break; + break; } ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, @@ -302,7 +302,7 @@ ngx_http_autoindex_handler(ngx_http_requ return ngx_http_autoindex_error(r, &dir, &path); } - entry->name.len = len; + entry->name.len = len; entry->name.data = ngx_palloc(pool, len + 1); if (entry->name.data == NULL) { @@ -446,7 +446,7 @@ ngx_http_autoindex_handler(ngx_http_requ sizeof(" -") - 1); } else { b->last = ngx_sprintf(b->last, "%19O", entry[i].size); - } + } } else { if (entry[i].dir) { @@ -460,7 +460,7 @@ ngx_http_autoindex_handler(ngx_http_requ size = (ngx_int_t) (length / (1024 * 1024 * 1024)); if ((length % (1024 * 1024 * 1024)) > (1024 * 1024 * 1024 / 2 - 1)) - { + { size++; } scale = 'G'; diff --git a/src/http/modules/ngx_http_empty_gif_module.c b/src/http/modules/ngx_http_empty_gif_module.c new file mode 100644 --- /dev/null +++ b/src/http/modules/ngx_http_empty_gif_module.c @@ -0,0 +1,173 @@ + +/* + * Copyright (C) Igor Sysoev + */ + +#include +#include +#include + + +static char *ngx_http_empty_gif(ngx_conf_t *cf, ngx_command_t *cmd, + void *conf); + +static ngx_command_t ngx_http_empty_gif_commands[] = { + + { ngx_string("empty_gif"), + NGX_HTTP_LOC_CONF|NGX_CONF_NOARGS, + ngx_http_empty_gif, + 0, + 0, + NULL }, + + ngx_null_command +}; + + +/* the minimal single pixel transparent GIF, 43 bytes */ + +static u_char ngx_empty_gif[] = { + + 'G', 'I', 'F', '8', '9', 'a', /* header */ + + /* logical screen descriptor */ + 0x01, 0x00, /* logical screen width */ + 0x01, 0x00, /* logical screen height */ + 0x80, /* global 1-bit color table */ + 0x01, /* background color #1 */ + 0x00, /* no aspect ratio */ + + /* global color table */ + 0x00, 0x00, 0x00, /* #0: black */ + 0xff, 0xff, 0xff, /* #1: white */ + + /* graphic control extension */ + 0x21, /* extension introducer */ + 0xf9, /* graphic control label */ + 0x04, /* block size */ + 0x01, /* transparent color is given, */ + /* no disposal specified, */ + /* user input is not expected */ + 0x00, 0x00, /* delay time */ + 0x01, /* transparent color #1 */ + 0x00, /* block terminator */ + + /* image descriptor */ + 0x2c, /* image separator */ + 0x00, 0x00, /* image left position */ + 0x00, 0x00, /* image top position */ + 0x01, 0x00, /* image width */ + 0x01, 0x00, /* image height */ + 0x00, /* no local color table, no interlaced */ + + /* table based image data */ + 0x02, /* LZW minimum code size, */ + /* must be at least 2-bit */ + 0x02, /* block size */ + 0x4c, 0x01, /* compressed bytes 01_001_100, 0000000_1 */ + /* 100: clear code */ + /* 001: 1 */ + /* 101: end of information code */ + 0x00, /* block terminator */ + + 0x3B /* trailer */ +}; + + +ngx_http_module_t ngx_http_empty_gif_module_ctx = { + NULL, /* preconfiguration */ + NULL, /* postconfiguration */ + + NULL, /* create main configuration */ + NULL, /* init main configuration */ + + NULL, /* create server configuration */ + NULL, /* merge server configuration */ + + NULL, /* create location configuration */ + NULL /* merge location configuration */ +}; + + +ngx_module_t ngx_http_empty_gif_module = { + NGX_MODULE_V1, + &ngx_http_empty_gif_module_ctx, /* module context */ + ngx_http_empty_gif_commands, /* module directives */ + NGX_HTTP_MODULE, /* module type */ + NULL, /* init master */ + NULL, /* init module */ + NULL, /* init process */ + NULL, /* init thread */ + NULL, /* exit thread */ + NULL, /* exit process */ + NULL, /* exit master */ + NGX_MODULE_V1_PADDING +}; + + +static ngx_int_t +ngx_http_empty_gif_handler(ngx_http_request_t *r) +{ + ngx_int_t rc; + ngx_buf_t *b; + ngx_chain_t out; + + if (r->method != NGX_HTTP_GET && r->method != NGX_HTTP_HEAD) { + return NGX_HTTP_NOT_ALLOWED; + } + + rc = ngx_http_discard_body(r); + + if (rc != NGX_OK && rc != NGX_AGAIN) { + return rc; + } + + r->headers_out.content_type.len = sizeof("image/gif") - 1; + r->headers_out.content_type.data = (u_char *) "image/gif"; + + if (r->method == NGX_HTTP_HEAD) { + r->headers_out.status = NGX_HTTP_OK; + + rc = ngx_http_send_header(r); + + if (rc == NGX_ERROR || rc > NGX_OK || r->header_only) { + return rc; + } + } + + b = ngx_create_temp_buf(r->pool, sizeof(ngx_empty_gif)); + if (b == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + out.buf = b; + out.next = NULL; + + b->pos = ngx_empty_gif; + b->last = ngx_empty_gif + sizeof(ngx_empty_gif); + b->last_buf = 1; + + r->headers_out.status = NGX_HTTP_OK; + r->headers_out.content_length_n = b->last - b->pos; + r->headers_out.last_modified_time = 23349600; + + rc = ngx_http_send_header(r); + + if (rc == NGX_ERROR || rc > NGX_OK || r->header_only) { + return rc; + } + + return ngx_http_output_filter(r, &out);; +} + + +static char * +ngx_http_empty_gif(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +{ + ngx_http_core_loc_conf_t *clcf; + + clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module); + clcf->handler = ngx_http_empty_gif_handler; + + return NGX_CONF_OK; +} diff --git a/src/http/modules/ngx_http_fastcgi_module.c b/src/http/modules/ngx_http_fastcgi_module.c --- a/src/http/modules/ngx_http_fastcgi_module.c +++ b/src/http/modules/ngx_http_fastcgi_module.c @@ -556,9 +556,9 @@ ngx_http_fastcgi_create_request(ngx_http if (i >= part->nelts) { if (part->next == NULL) { - break; + break; } - + part = part->next; header = part->elts; i = 0; @@ -570,7 +570,7 @@ ngx_http_fastcgi_create_request(ngx_http *b->last++ = (u_char) ((len >> 16) & 0xff); *b->last++ = (u_char) ((len >> 8) & 0xff); *b->last++ = (u_char) (len & 0xff); - + } else { *b->last++ = (u_char) len; } @@ -876,7 +876,7 @@ ngx_http_fastcgi_process_header(ngx_http f->length = 0; f->state = ngx_http_fastcgi_st_padding; - } else { + } else { line.len = u->header_in.last - u->header_in.pos; f->length -= u->header_in.last - u->header_in.pos; u->header_in.pos = u->header_in.last; @@ -1145,7 +1145,7 @@ ngx_http_fastcgi_input_filter(ngx_event_ f->length = 0; f->state = ngx_http_fastcgi_st_padding; - } else { + } else { line.len = f->last - f->pos; f->length -= f->last - f->pos; f->pos = f->last; @@ -1447,7 +1447,7 @@ ngx_http_fastcgi_create_loc_conf(ngx_con conf->upstream.header_buffer_size = NGX_CONF_UNSET_SIZE; conf->upstream.busy_buffers_size_conf = NGX_CONF_UNSET_SIZE; - conf->upstream.max_temp_file_size_conf = NGX_CONF_UNSET_SIZE; + conf->upstream.max_temp_file_size_conf = NGX_CONF_UNSET_SIZE; conf->upstream.temp_file_write_size_conf = NGX_CONF_UNSET_SIZE; conf->upstream.max_fails = NGX_CONF_UNSET_UINT; @@ -1497,7 +1497,7 @@ ngx_http_fastcgi_merge_loc_conf(ngx_conf ngx_conf_merge_size_value(conf->upstream.send_lowat, prev->upstream.send_lowat, 0); - ngx_conf_merge_size_value(conf->upstream.header_buffer_size, + ngx_conf_merge_size_value(conf->upstream.header_buffer_size, prev->upstream.header_buffer_size, (size_t) ngx_pagesize); @@ -1693,7 +1693,7 @@ ngx_http_fastcgi_merge_loc_conf(ngx_conf if (copy == NULL) { return NGX_CONF_ERROR; } - + copy->code = ngx_http_script_copy_code; copy->len = src[i].key.len + src[i].value.len; @@ -1722,7 +1722,7 @@ ngx_http_fastcgi_merge_loc_conf(ngx_conf if (copy == NULL) { return NGX_CONF_ERROR; } - + copy->code = ngx_http_script_copy_code; copy->len = src[i].key.len; @@ -1777,7 +1777,7 @@ ngx_http_fastcgi_script_name_variable(ng u_char *p; ngx_http_fastcgi_loc_conf_t *flcf; - v->valid = 1; + v->valid = 1; v->no_cachable = 0; v->not_found = 0; @@ -1850,7 +1850,7 @@ ngx_http_fastcgi_pass(ngx_conf_t *cf, ng inet_upstream.name = value[1]; inet_upstream.url = value[1]; - + lcf->peers = ngx_inet_upstream_parse(cf, &inet_upstream); if (lcf->peers == NULL) { return NGX_CONF_ERROR; diff --git a/src/http/modules/ngx_http_geo_module.c b/src/http/modules/ngx_http_geo_module.c --- a/src/http/modules/ngx_http_geo_module.c +++ b/src/http/modules/ngx_http_geo_module.c @@ -64,10 +64,6 @@ ngx_module_t ngx_http_geo_module = { }; -static ngx_http_variable_value_t ngx_http_geo_null_value = - ngx_http_variable(""); - - /* AF_INET only */ static ngx_int_t @@ -171,7 +167,8 @@ ngx_http_geo_block(ngx_conf_t *cf, ngx_c } if (ngx_radix32tree_insert(tree, 0, 0, - (uintptr_t) &ngx_http_geo_null_value) == NGX_ERROR) + (uintptr_t) &ngx_http_variable_null_value) + == NGX_ERROR) { return NGX_CONF_ERROR; } diff --git a/src/http/modules/ngx_http_gzip_filter_module.c b/src/http/modules/ngx_http_gzip_filter_module.c --- a/src/http/modules/ngx_http_gzip_filter_module.c +++ b/src/http/modules/ngx_http_gzip_filter_module.c @@ -301,7 +301,7 @@ ngx_http_gzip_header_filter(ngx_http_req type = conf->types->elts; for (i = 0; i < conf->types->nelts; i++) { if (r->headers_out.content_type.len >= type[i].len - && ngx_strncasecmp(r->headers_out.content_type.data, + && ngx_strncasecmp(r->headers_out.content_type.data, type[i].data, type[i].len) == 0) { goto found; @@ -358,15 +358,12 @@ found: r->headers_out.content_encoding->value.data = (u_char *) "gzip"; ctx->length = r->headers_out.content_length_n; - r->headers_out.content_length_n = -1; - - if (r->headers_out.content_length) { - r->headers_out.content_length->hash = 0; - r->headers_out.content_length = NULL; - } r->main_filter_need_in_memory = 1; + ngx_http_clear_content_length(r); + ngx_http_clear_accept_ranges(r); + return ngx_http_next_header_filter(r); } @@ -993,7 +990,7 @@ ngx_http_gzip_ratio_variable(ngx_http_re ngx_uint_t zint, zfrac; ngx_http_gzip_ctx_t *ctx; - v->valid = 1; + v->valid = 1; v->no_cachable = 0; v->not_found = 0; @@ -1096,7 +1093,7 @@ ngx_http_gzip_merge_conf(ngx_conf_t *cf, ngx_conf_merge_size_value(conf->wbits, prev->wbits, MAX_WBITS); ngx_conf_merge_size_value(conf->memlevel, prev->memlevel, MAX_MEM_LEVEL - 1); - ngx_conf_merge_value(conf->min_length, prev->min_length, 0); + ngx_conf_merge_value(conf->min_length, prev->min_length, 20); ngx_conf_merge_value(conf->no_buffer, prev->no_buffer, 0); if (conf->types == NULL) { diff --git a/src/http/modules/ngx_http_headers_filter_module.c b/src/http/modules/ngx_http_headers_filter_module.c --- a/src/http/modules/ngx_http_headers_filter_module.c +++ b/src/http/modules/ngx_http_headers_filter_module.c @@ -262,7 +262,7 @@ ngx_http_headers_filter_init(ngx_cycle_t static void * ngx_http_headers_create_conf(ngx_conf_t *cf) -{ +{ ngx_http_headers_conf_t *conf; conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_headers_conf_t)); @@ -350,7 +350,7 @@ ngx_http_headers_expires(ngx_conf_t *cf, if (hcf->expires == NGX_ERROR) { return "invalid value"; } - + if (hcf->expires == NGX_PARSE_LARGE_TIME) { return "value must be less than 68 years"; } diff --git a/src/http/modules/ngx_http_index_module.c b/src/http/modules/ngx_http_index_module.c --- a/src/http/modules/ngx_http_index_module.c +++ b/src/http/modules/ngx_http_index_module.c @@ -356,7 +356,7 @@ ngx_http_index_error(ngx_http_request_t if (err == NGX_EACCES) { ngx_log_error(NGX_LOG_ERR, r->connection->log, err, "\"%s\" is forbidden", ctx->path.data); - + return NGX_HTTP_FORBIDDEN; } diff --git a/src/http/modules/ngx_http_log_module.c b/src/http/modules/ngx_http_log_module.c --- a/src/http/modules/ngx_http_log_module.c +++ b/src/http/modules/ngx_http_log_module.c @@ -55,7 +55,7 @@ static u_char *ngx_http_log_status(ngx_h ngx_http_log_op_t *op); static u_char *ngx_http_log_bytes_sent(ngx_http_request_t *r, u_char *buf, ngx_http_log_op_t *op); -static u_char *ngx_http_log_apache_bytes_sent(ngx_http_request_t *r, +static u_char *ngx_http_log_body_bytes_sent(ngx_http_request_t *r, u_char *buf, ngx_http_log_op_t *op); static u_char *ngx_http_log_request_length(ngx_http_request_t *r, u_char *buf, ngx_http_log_op_t *op); @@ -173,7 +173,7 @@ static ngx_str_t http_access_log = ngx_ static ngx_str_t ngx_http_combined_fmt = ngx_string("$remote_addr - $remote_user [$time_gmt] " - "\"$request\" $status $apache_bytes_sent " + "\"$request\" $status $body_bytes_sent " "\"$http_referer\" \"$http_user_agent\""); @@ -186,8 +186,10 @@ static ngx_http_log_var_t ngx_http_log_ { ngx_string("request_time"), NGX_TIME_T_LEN, ngx_http_log_request_time }, { ngx_string("status"), 3, ngx_http_log_status }, { ngx_string("bytes_sent"), NGX_OFF_T_LEN, ngx_http_log_bytes_sent }, + { ngx_string("body_bytes_sent"), NGX_OFF_T_LEN, + ngx_http_log_body_bytes_sent }, { ngx_string("apache_bytes_sent"), NGX_OFF_T_LEN, - ngx_http_log_apache_bytes_sent }, + ngx_http_log_body_bytes_sent }, { ngx_string("request_length"), NGX_SIZE_T_LEN, ngx_http_log_request_length }, @@ -209,7 +211,7 @@ ngx_http_log_op_name_t ngx_http_log_fmt { ngx_string("length"), NGX_OFF_T_LEN, NULL, NULL, ngx_http_log_bytes_sent }, { ngx_string("apache_length"), NGX_OFF_T_LEN, - NULL, NULL, ngx_http_log_apache_bytes_sent }, + NULL, NULL, ngx_http_log_body_bytes_sent }, { ngx_string("request_length"), NGX_SIZE_T_LEN, NULL, NULL, ngx_http_log_request_length }, @@ -429,7 +431,7 @@ ngx_http_log_bytes_sent(ngx_http_request static u_char * -ngx_http_log_apache_bytes_sent(ngx_http_request_t *r, u_char *buf, +ngx_http_log_body_bytes_sent(ngx_http_request_t *r, u_char *buf, ngx_http_log_op_t *op) { off_t length; @@ -811,7 +813,7 @@ ngx_http_log_transfer_encoding_header_ou } -static ngx_int_t +static ngx_int_t ngx_http_log_variable_compile(ngx_conf_t *cf, ngx_http_log_op_t *op, ngx_str_t *value) { @@ -1220,7 +1222,7 @@ ngx_http_log_compile_format(ngx_conf_t * if (arg_len == 0) { fname[fname_len] = '\0'; ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, - "\"%s\" requires argument", + "\"%s\" requires argument", data); return NGX_CONF_ERROR; } @@ -1298,6 +1300,12 @@ ngx_http_log_compile_format(ngx_conf_t * goto invalid; } + if (ngx_strncmp(var.data, "apache_bytes_sent", 17) == 0) { + ngx_conf_log_error(NGX_LOG_WARN, cf, 0, + "use \"$body_bytes_sent\" instead of " + "\"$apache_bytes_sent\""); + } + for (v = ngx_http_log_vars; v->name.len; v++) { if (v->name.len == var.len diff --git a/src/http/modules/ngx_http_not_modified_filter_module.c b/src/http/modules/ngx_http_not_modified_filter_module.c --- a/src/http/modules/ngx_http_not_modified_filter_module.c +++ b/src/http/modules/ngx_http_not_modified_filter_module.c @@ -61,7 +61,7 @@ static ngx_int_t ngx_http_not_modified_h ims = ngx_http_parse_time(r->headers_in.if_modified_since->value.data, r->headers_in.if_modified_since->value.len); - + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http ims:%d lm:%d", ims, r->headers_out.last_modified_time); @@ -72,11 +72,8 @@ static ngx_int_t ngx_http_not_modified_h if (ims != NGX_ERROR && ims == r->headers_out.last_modified_time) { r->headers_out.status = NGX_HTTP_NOT_MODIFIED; r->headers_out.content_type.len = 0; - r->headers_out.content_length_n = -1; - r->headers_out.content_length = NULL; -#if 0 - r->headers_out.accept_ranges->hash = 0; -#endif + ngx_http_clear_content_length(r); + ngx_http_clear_accept_ranges(r); } return ngx_http_next_header_filter(r); diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c --- a/src/http/modules/ngx_http_proxy_module.c +++ b/src/http/modules/ngx_http_proxy_module.c @@ -1,5 +1,5 @@ -/* +/* * Copyright (C) Igor Sysoev */ @@ -38,6 +38,8 @@ typedef struct { ngx_peers_t *peers; ngx_array_t *flushes; + ngx_array_t *body_set_len; + ngx_array_t *body_set; ngx_array_t *headers_set_len; ngx_array_t *headers_set; ngx_hash_t *headers_set_hash; @@ -47,6 +49,8 @@ typedef struct { ngx_array_t *redirects; + ngx_str_t body_source; + ngx_str_t method; ngx_str_t host_header; ngx_str_t port_text; @@ -60,6 +64,8 @@ typedef struct { ngx_uint_t status_count; u_char *status_start; u_char *status_end; + + size_t internal_body_length; } ngx_http_proxy_ctx_t; @@ -83,6 +89,9 @@ static ngx_int_t ngx_http_proxy_port_var static ngx_int_t ngx_http_proxy_add_x_forwarded_for_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); +static ngx_int_t + ngx_http_proxy_internal_body_length_variable(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data); static ngx_int_t ngx_http_proxy_rewrite_redirect(ngx_http_request_t *r, ngx_table_elt_t *h, size_t prefix); @@ -164,6 +173,13 @@ static ngx_command_t ngx_http_proxy_com offsetof(ngx_http_proxy_loc_conf_t, headers_source), NULL }, + { ngx_string("proxy_set_body"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_conf_set_str_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_proxy_loc_conf_t, body_source), + NULL }, + { ngx_string("proxy_method"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, ngx_conf_set_str_slot, @@ -336,24 +352,27 @@ static ngx_http_variable_t ngx_http_pro { ngx_string("proxy_add_via"), NULL, 0, 0, 0 }, #endif + { ngx_string("proxy_internal_body_length"), + ngx_http_proxy_internal_body_length_variable, 0, 0, 0 }, + { ngx_null_string, NULL, 0, 0, 0 } }; static ngx_int_t ngx_http_proxy_handler(ngx_http_request_t *r) -{ +{ ngx_int_t rc; ngx_http_upstream_t *u; ngx_http_proxy_loc_conf_t *plcf; - + plcf = ngx_http_get_module_loc_conf(r, ngx_http_proxy_module); - + u = ngx_pcalloc(r->pool, sizeof(ngx_http_upstream_t)); if (u == NULL) { return NGX_HTTP_INTERNAL_SERVER_ERROR; } - + u->peer.log = r->connection->log; u->peer.log_error = NGX_ERROR_ERR; u->peer.peers = plcf->peers; @@ -379,7 +398,7 @@ ngx_http_proxy_handler(ngx_http_request_ u->pipe.input_filter = ngx_event_pipe_copy_input_filter; u->accel = 1; - + r->upstream = u; rc = ngx_http_read_client_request_body(r, ngx_http_upstream_init); @@ -395,7 +414,7 @@ ngx_http_proxy_handler(ngx_http_request_ static ngx_int_t ngx_http_proxy_create_request(ngx_http_request_t *r) { - size_t len, loc_len; + size_t len, loc_len, body_len; ngx_uint_t i, key; uintptr_t escape; ngx_buf_t *b; @@ -404,6 +423,7 @@ ngx_http_proxy_create_request(ngx_http_r ngx_list_part_t *part; ngx_table_elt_t *header; ngx_http_upstream_t *u; + ngx_http_proxy_ctx_t *p; ngx_http_script_code_pt code; ngx_http_script_engine_t e, le; ngx_http_proxy_loc_conf_t *plcf; @@ -413,6 +433,13 @@ ngx_http_proxy_create_request(ngx_http_r plcf = ngx_http_get_module_loc_conf(r, ngx_http_proxy_module); + p = ngx_pcalloc(r->pool, sizeof(ngx_http_proxy_ctx_t)); + if (p == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + ngx_http_set_ctx(r, p, ngx_http_proxy_module); + len = sizeof(ngx_http_proxy_version) - 1 + sizeof(CRLF) - 1; if (u->method.len) { @@ -446,10 +473,23 @@ ngx_http_proxy_create_request(ngx_http_r len += r->uri.len - loc_len + escape + sizeof("?") - 1 + r->args.len; } - ngx_memzero(&e, sizeof(ngx_http_script_engine_t)); - ngx_http_script_flush_no_cachable_variables(r, plcf->flushes); + if (plcf->body_set_len) { + le.ip = plcf->body_set_len->elts; + le.request = r; + le.flushed = 1; + body_len = 0; + + while (*(uintptr_t *) le.ip) { + lcode = *(ngx_http_script_len_code_pt *) le.ip; + body_len += lcode(&le); + } + + p->internal_body_length = body_len; + len += body_len; + } + le.ip = plcf->headers_set_len->elts; le.request = r; le.flushed = 1; @@ -478,7 +518,7 @@ ngx_http_proxy_create_request(ngx_http_r part = part->next; header = part->elts; - i = 0; + i = 0; } key = header[i].hash % plcf->headers_set_hash->hash_size; @@ -527,7 +567,7 @@ ngx_http_proxy_create_request(ngx_http_r r->uri.len - loc_len, NGX_ESCAPE_URI); b->last += r->uri.len - loc_len + escape; - } else { + } else { b->last = ngx_copy(b->last, r->uri.data + loc_len, r->uri.len - loc_len); } @@ -543,6 +583,7 @@ ngx_http_proxy_create_request(ngx_http_r b->last = ngx_cpymem(b->last, ngx_http_proxy_version, sizeof(ngx_http_proxy_version) - 1); + ngx_memzero(&e, sizeof(ngx_http_script_engine_t)); e.ip = plcf->headers_set->elts; e.pos = b->last; @@ -574,7 +615,7 @@ ngx_http_proxy_create_request(ngx_http_r while (*(uintptr_t *) e.ip) { code = *(ngx_http_script_code_pt *) e.ip; code((ngx_http_script_engine_t *) &e); - } + } e.ip += sizeof(uintptr_t); } @@ -584,7 +625,7 @@ ngx_http_proxy_create_request(ngx_http_r if (plcf->upstream.pass_request_headers) { part = &r->headers_in.headers.part; header = part->elts; - + for (i = 0; /* void */; i++) { if (i >= part->nelts) { @@ -594,7 +635,7 @@ ngx_http_proxy_create_request(ngx_http_r part = part->next; header = part->elts; - i = 0; + i = 0; } key = header[i].hash % plcf->headers_set_hash->hash_size; @@ -620,9 +661,22 @@ ngx_http_proxy_create_request(ngx_http_r } } + /* add "\r\n" at the header end */ *b->last++ = CR; *b->last++ = LF; + if (plcf->body_set) { + e.ip = plcf->body_set->elts; + e.pos = b->last; + + while (*(uintptr_t *) e.ip) { + code = *(ngx_http_script_code_pt *) e.ip; + code((ngx_http_script_engine_t *) &e); + } + } + + b->last = e.pos; + #if (NGX_DEBUG) { ngx_str_t s; @@ -634,7 +688,7 @@ ngx_http_proxy_create_request(ngx_http_r } #endif - if (plcf->upstream.pass_request_body) { + if (plcf->body_set == NULL && plcf->upstream.pass_request_body) { body = u->request_bufs; u->request_bufs = cl; @@ -700,12 +754,7 @@ ngx_http_proxy_process_status_line(ngx_h p = ngx_http_get_module_ctx(r, ngx_http_proxy_module); if (p == NULL) { - p = ngx_pcalloc(r->pool, sizeof(ngx_http_proxy_ctx_t)); - if (p == NULL) { - return NGX_HTTP_INTERNAL_SERVER_ERROR; - } - - ngx_http_set_ctx(r, p, ngx_http_proxy_module); + return NGX_HTTP_INTERNAL_SERVER_ERROR; } rc = ngx_http_proxy_parse_status_line(r, p); @@ -718,7 +767,7 @@ ngx_http_proxy_process_status_line(ngx_h if (rc == NGX_HTTP_PROXY_PARSE_NO_HEADER) { ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, - "upstream sent no valid HTTP/1.0 header"); + "upstream sent no valid HTTP/1.0 header"); if (u->accel) { return NGX_HTTP_UPSTREAM_INVALID_HEADER; @@ -726,7 +775,7 @@ ngx_http_proxy_process_status_line(ngx_h r->http_version = NGX_HTTP_VERSION_9; p->status = NGX_HTTP_OK; - + return NGX_OK; } @@ -773,7 +822,7 @@ ngx_http_proxy_parse_status_line(ngx_htt sw_space_after_status, sw_status_text, sw_almost_done - } state; + } state; u = r->upstream; @@ -787,7 +836,7 @@ ngx_http_proxy_parse_status_line(ngx_htt /* "HTTP/" */ case sw_start: switch (ch) { - case 'H': + case 'H': state = sw_H; break; default: @@ -795,9 +844,9 @@ ngx_http_proxy_parse_status_line(ngx_htt } break; - case sw_H: + case sw_H: switch (ch) { - case 'T': + case 'T': state = sw_HT; break; default: @@ -807,7 +856,7 @@ ngx_http_proxy_parse_status_line(ngx_htt case sw_HT: switch (ch) { - case 'T': + case 'T': state = sw_HTT; break; default: @@ -817,7 +866,7 @@ ngx_http_proxy_parse_status_line(ngx_htt case sw_HTT: switch (ch) { - case 'P': + case 'P': state = sw_HTTP; break; default: @@ -827,7 +876,7 @@ ngx_http_proxy_parse_status_line(ngx_htt case sw_HTTP: switch (ch) { - case '/': + case '/': state = sw_first_major_digit; break; default: @@ -897,7 +946,7 @@ ngx_http_proxy_parse_status_line(ngx_htt /* space or end of line */ case sw_space_after_status: switch (ch) { - case ' ': + case ' ': state = sw_status_text; break; case '.': /* IIS may send 403.1, 403.2, etc */ @@ -1044,14 +1093,14 @@ ngx_http_proxy_abort_request(ngx_http_re { ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "abort http proxy request"); - + return; } static void ngx_http_proxy_finalize_request(ngx_http_request_t *r, ngx_int_t rc) -{ +{ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "finalize http proxy request"); @@ -1068,7 +1117,7 @@ ngx_http_proxy_host_variable(ngx_http_re plcf = ngx_http_get_module_loc_conf(r, ngx_http_proxy_module); v->len = plcf->host_header.len; - v->valid = 1; + v->valid = 1; v->no_cachable = 0; v->not_found = 0; v->data = plcf->host_header.data; @@ -1086,7 +1135,7 @@ ngx_http_proxy_port_variable(ngx_http_re plcf = ngx_http_get_module_loc_conf(r, ngx_http_proxy_module); v->len = plcf->port_text.len; - v->valid = 1; + v->valid = 1; v->no_cachable = 0; v->not_found = 0; v->data = plcf->port_text.data; @@ -1097,12 +1146,11 @@ ngx_http_proxy_port_variable(ngx_http_re static ngx_int_t ngx_http_proxy_add_x_forwarded_for_variable(ngx_http_request_t *r, - ngx_http_variable_value_t *v, uintptr_t data) { u_char *p; - v->valid = 1; + v->valid = 1; v->no_cachable = 0; v->not_found = 0; @@ -1134,6 +1182,35 @@ ngx_http_proxy_add_x_forwarded_for_varia static ngx_int_t +ngx_http_proxy_internal_body_length_variable(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data) +{ + ngx_http_proxy_ctx_t *p; + + p = ngx_http_get_module_ctx(r, ngx_http_proxy_module); + + if (p == NULL) { + v->not_found = 1; + return NGX_OK; + } + + v->valid = 1; + v->no_cachable = 0; + v->not_found = 0; + + v->data = ngx_palloc(r->connection->pool, NGX_SIZE_T_LEN); + + if (v->data == NULL) { + return NGX_ERROR; + } + + v->len = ngx_sprintf(v->data, "%uz", p->internal_body_length) - v->data; + + return NGX_OK; +} + + +static ngx_int_t ngx_http_proxy_rewrite_redirect(ngx_http_request_t *r, ngx_table_elt_t *h, size_t prefix) { @@ -1294,9 +1371,12 @@ ngx_http_proxy_create_loc_conf(ngx_conf_ * conf->headers_set_len = NULL; * conf->headers_set = NULL; * conf->headers_set_hash = NULL; + * conf->body_set_len = NULL; + * conf->body_set = NULL; + * conf->body_source = { 0, NULL }; * conf->rewrite_locations = NULL; */ - + conf->upstream.connect_timeout = NGX_CONF_UNSET_MSEC; conf->upstream.send_timeout = NGX_CONF_UNSET_MSEC; conf->upstream.read_timeout = NGX_CONF_UNSET_MSEC; @@ -1305,7 +1385,7 @@ ngx_http_proxy_create_loc_conf(ngx_conf_ conf->upstream.header_buffer_size = NGX_CONF_UNSET_SIZE; conf->upstream.busy_buffers_size_conf = NGX_CONF_UNSET_SIZE; - conf->upstream.max_temp_file_size_conf = NGX_CONF_UNSET_SIZE; + conf->upstream.max_temp_file_size_conf = NGX_CONF_UNSET_SIZE; conf->upstream.temp_file_write_size_conf = NGX_CONF_UNSET_SIZE; conf->upstream.max_fails = NGX_CONF_UNSET_UINT; @@ -1366,14 +1446,14 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t 8, ngx_pagesize); if (conf->upstream.bufs.num < 2) { - ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "there must be at least 2 \"proxy_buffers\""); return NGX_CONF_ERROR; } - + size = conf->upstream.header_buffer_size; - if (size < conf->upstream.bufs.size) { + if (size < conf->upstream.bufs.size) { size = conf->upstream.bufs.size; } @@ -1388,7 +1468,7 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t conf->upstream.busy_buffers_size = conf->upstream.busy_buffers_size_conf; } - + if (conf->upstream.busy_buffers_size < size) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "\"proxy_busy_buffers_size\" must be equal or bigger than " @@ -1419,7 +1499,7 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t conf->upstream.temp_file_write_size = conf->upstream.temp_file_write_size_conf; } - + if (conf->upstream.temp_file_write_size < size) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "\"proxy_temp_file_write_size\" must be equal or bigger than " @@ -1534,6 +1614,50 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t conf->peers = prev->peers; } + + if (conf->body_source.data == NULL) { + conf->body_source = prev->body_source; + conf->body_set_len = prev->body_set_len; + conf->body_set = prev->body_set; + } + + if (conf->body_set_len == 0) { + + ngx_memzero(&sc, sizeof(ngx_http_script_compile_t)); + + sc.cf = cf; + sc.source = &conf->body_source; + sc.flushes = &conf->flushes; + sc.lengths = &conf->body_set_len; + sc.values = &conf->body_set; + sc.complete_lengths = 1; + sc.complete_values = 1; + + if (ngx_http_script_compile(&sc) != NGX_OK) { + return NGX_CONF_ERROR; + } + + if (conf->headers_source == NULL) { + conf->headers_source = ngx_array_create(cf->pool, 4, + sizeof(ngx_table_elt_t)); + if (conf->headers_source == NULL) { + return NGX_CONF_ERROR; + } + } + + s = ngx_array_push(conf->headers_source); + if (s == NULL) { + return NGX_CONF_ERROR; + } + + s->hash = 0; + s->key.len = sizeof("Content-Length") - 1; + s->key.data = (u_char *) "Content-Length"; + s->value.len = sizeof("$proxy_internal_body_length") - 1; + s->value.data = (u_char *) "$proxy_internal_body_length"; + } + + if (conf->headers_source == NULL) { conf->flushes = prev->flushes; conf->headers_set_len = prev->headers_set_len; @@ -1595,6 +1719,8 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t continue; } + + src = conf->headers_source->elts; for (i = 0; i < conf->headers_source->nelts; i++) { name = ngx_array_push(conf->headers_names); @@ -1766,9 +1892,13 @@ ngx_http_proxy_pass(ngx_conf_t *cf, ngx_ { ngx_http_proxy_loc_conf_t *plcf = conf; + size_t add; ngx_str_t *value, *url; ngx_inet_upstream_t inet_upstream; ngx_http_core_loc_conf_t *clcf; +#if (NGX_HTTP_SSL) + ngx_pool_cleanup_t *cln; +#endif #if (NGX_HAVE_UNIX_DOMAIN) ngx_unix_domain_upstream_t unix_upstream; #endif @@ -1781,20 +1911,57 @@ ngx_http_proxy_pass(ngx_conf_t *cf, ngx_ url = &value[1]; - if (ngx_strncasecmp(url->data, "http://", 7) != 0) { + if (ngx_strncasecmp(url->data, "http://", 7) == 0) { + add = 7; + + } else if (ngx_strncasecmp(url->data, "https://", 8) == 0) { + +#if (NGX_HTTP_SSL) + + add = 8; + + plcf->upstream.ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t)); + if (plcf->upstream.ssl == NULL) { + return NGX_CONF_ERROR; + } + + plcf->upstream.ssl->log = cf->log; + + if (ngx_ssl_create(plcf->upstream.ssl, + NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1) + != NGX_OK) + { + return NGX_CONF_ERROR; + } + + cln = ngx_pool_cleanup_add(cf->pool, 0); + if (cln == NULL) { + return NGX_CONF_ERROR; + } + + cln->handler = ngx_ssl_cleanup_ctx; + cln->data = plcf->upstream.ssl; + +#else + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "https protocol requires SSL support"); + return NGX_CONF_ERROR; +#endif + + } else { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid URL prefix"); return NGX_CONF_ERROR; } - if (ngx_strncasecmp(url->data + 7, "unix:", 5) == 0) { + if (ngx_strncasecmp(url->data + add, "unix:", 5) == 0) { #if (NGX_HAVE_UNIX_DOMAIN) ngx_memzero(&unix_upstream, sizeof(ngx_unix_domain_upstream_t)); unix_upstream.name = *url; - unix_upstream.url.len = url->len - 7; - unix_upstream.url.data = url->data + 7; + unix_upstream.url.len = url->len - add; + unix_upstream.url.data = url->data + add; unix_upstream.uri_part = 1; plcf->peers = ngx_unix_upstream_parse(cf, &unix_upstream); @@ -1818,8 +1985,8 @@ ngx_http_proxy_pass(ngx_conf_t *cf, ngx_ ngx_memzero(&inet_upstream, sizeof(ngx_inet_upstream_t)); inet_upstream.name = *url; - inet_upstream.url.len = url->len - 7; - inet_upstream.url.data = url->data + 7; + inet_upstream.url.len = url->len - add; + inet_upstream.url.data = url->data + add; inet_upstream.default_port_value = 80; inet_upstream.uri_part = 1; diff --git a/src/http/modules/ngx_http_range_filter_module.c b/src/http/modules/ngx_http_range_filter_module.c --- a/src/http/modules/ngx_http_range_filter_module.c +++ b/src/http/modules/ngx_http_range_filter_module.c @@ -300,11 +300,7 @@ ngx_http_range_header_filter(ngx_http_re r->headers_out.content_length_n) - content_range->value.data; - r->headers_out.content_length_n = -1; - if (r->headers_out.content_length) { - r->headers_out.content_length->key.len = 0; - r->headers_out.content_length = NULL; - } + ngx_http_clear_content_length(r); return rc; } @@ -350,7 +346,7 @@ ngx_http_range_header_filter(ngx_http_re if (ctx == NULL) { return NGX_ERROR; } - + ngx_http_set_ctx(r, ctx, ngx_http_range_body_filter_module); diff --git a/src/http/modules/ngx_http_referer_module.c b/src/http/modules/ngx_http_referer_module.c new file mode 100644 --- /dev/null +++ b/src/http/modules/ngx_http_referer_module.c @@ -0,0 +1,309 @@ + +/* + * Copyright (C) Igor Sysoev + */ + + +#include +#include +#include + + +typedef struct { + ngx_str_t name; + ngx_uint_t wildcard; +} ngx_http_referer_t; + +typedef struct { + ngx_array_t *referers; /* ngx_http_referer_t */ + + ngx_flag_t no_referer; + ngx_flag_t blocked_referer; +} ngx_http_referer_conf_t; + + +static void * ngx_http_referer_create_conf(ngx_conf_t *cf); +static char * ngx_http_referer_merge_conf(ngx_conf_t *cf, void *parent, + void *child); +static char *ngx_http_valid_referers(ngx_conf_t *cf, ngx_command_t *cmd, + void *conf); + + +static ngx_command_t ngx_http_referer_commands[] = { + + { ngx_string("valid_referers"), + NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE, + ngx_http_valid_referers, + NGX_HTTP_LOC_CONF_OFFSET, + 0, + NULL }, + + ngx_null_command +}; + + +static ngx_http_module_t ngx_http_referer_module_ctx = { + NULL, /* preconfiguration */ + NULL, /* postconfiguration */ + + NULL, /* create main configuration */ + NULL, /* init main configuration */ + + NULL, /* create server configuration */ + NULL, /* merge server configuration */ + + ngx_http_referer_create_conf, /* create location configuration */ + ngx_http_referer_merge_conf /* merge location configuration */ +}; + + +ngx_module_t ngx_http_referer_module = { + NGX_MODULE_V1, + &ngx_http_referer_module_ctx, /* module context */ + ngx_http_referer_commands, /* module directives */ + NGX_HTTP_MODULE, /* module type */ + NULL, /* init master */ + NULL, /* init module */ + NULL, /* init process */ + NULL, /* init thread */ + NULL, /* exit thread */ + NULL, /* exit process */ + NULL, /* exit master */ + NGX_MODULE_V1_PADDING +}; + + +static ngx_int_t +ngx_http_referer_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v, + uintptr_t data) +{ + u_char *ref; + size_t len; + ngx_uint_t i, n; + ngx_http_referer_t *refs; + ngx_http_referer_conf_t *cf; + + cf = ngx_http_get_module_loc_conf(r, ngx_http_referer_module); + + if (cf->referers == NULL) { + *v = ngx_http_variable_null_value; + return NGX_OK; + } + + if (r->headers_in.referer == NULL) { + if (cf->no_referer) { + *v = ngx_http_variable_null_value; + return NGX_OK; + + } else { + *v = ngx_http_variable_true_value; + return NGX_OK; + } + } + + len = r->headers_in.referer->value.len; + ref = r->headers_in.referer->value.data; + + if (len < sizeof("http://i.ru") - 1 + || (ngx_strncasecmp(ref, "http://", 7) != 0)) + { + if (cf->blocked_referer) { + *v = ngx_http_variable_null_value; + return NGX_OK; + + } else { + *v = ngx_http_variable_true_value; + return NGX_OK; + } + } + + len -= 7; + ref += 7; + + refs = cf->referers->elts; + for (i = 0; i < cf->referers->nelts; i++ ){ + + if (refs[i].name.len > len) { + continue; + } + + if (refs[i].wildcard) { + for (n = 0; n < len; n++) { + if (ref[n] == '/' || ref[n] == ':') { + break; + } + + if (ref[n] != '.') { + continue; + } + + if (ngx_strncmp(&ref[n], refs[i].name.data, + refs[i].name.len) == 0) + { + *v = ngx_http_variable_null_value; + return NGX_OK; + } + } + + } else { + if (ngx_strncasecmp(refs[i].name.data, ref, refs[i].name.len) == 0) + { + *v = ngx_http_variable_null_value; + return NGX_OK; + } + } + } + + *v = ngx_http_variable_true_value; + + return NGX_OK; +} + + +static void * +ngx_http_referer_create_conf(ngx_conf_t *cf) +{ + ngx_http_referer_conf_t *conf; + + conf = ngx_palloc(cf->pool, sizeof(ngx_http_referer_conf_t)); + if (conf == NULL) { + return NGX_CONF_ERROR; + } + + conf->referers = NULL; + conf->no_referer = NGX_CONF_UNSET; + conf->blocked_referer = NGX_CONF_UNSET; + + return conf; +} + + +static char * +ngx_http_referer_merge_conf(ngx_conf_t *cf, void *parent, void *child) +{ + ngx_http_referer_conf_t *prev = parent; + ngx_http_referer_conf_t *conf = child; + + if (conf->referers == NULL) { + conf->referers = prev->referers; + ngx_conf_merge_value(conf->no_referer, prev->no_referer, 0); + ngx_conf_merge_value(conf->blocked_referer, prev->blocked_referer, 0); + } + + if (conf->no_referer == NGX_CONF_UNSET) { + conf->no_referer = 0; + } + + if (conf->blocked_referer == NGX_CONF_UNSET) { + conf->blocked_referer = 0; + } + + return NGX_CONF_OK; +} + + +static char * +ngx_http_valid_referers(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +{ + ngx_http_referer_conf_t *lcf = conf; + + ngx_uint_t i, server_names; + ngx_str_t *value, name; + ngx_http_referer_t *ref; + ngx_http_variable_t *var; + ngx_http_server_name_t *sn; + ngx_http_core_srv_conf_t *cscf; + + name.len = sizeof("invalid_referer") - 1; + name.data = (u_char *) "invalid_referer"; + + var = ngx_http_add_variable(cf, &name, NGX_HTTP_VAR_CHANGABLE); + if (var == NULL) { + return NGX_CONF_ERROR; + } + + var->handler = ngx_http_referer_variable; + + cscf = ngx_http_conf_get_module_srv_conf(cf, ngx_http_core_module); + + if (lcf->referers == NULL) { + lcf->referers = ngx_array_create(cf->pool, + cf->args->nelts + cscf->server_names.nelts, + sizeof(ngx_http_referer_t)); + if (lcf->referers == NULL) { + return NGX_CONF_ERROR; + } + } + + value = cf->args->elts; + server_names = 0; + + for (i = 1; i < cf->args->nelts; i++) { + if (value[i].len == 0) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "invalid referer \"%V\"", &value[i]); + return NGX_CONF_ERROR; + } + + if (ngx_strcmp(value[i].data, "none") == 0) { + lcf->no_referer = 1; + continue; + } + + if (ngx_strcmp(value[i].data, "blocked") == 0) { + lcf->blocked_referer = 1; + continue; + } + + if (ngx_strcmp(value[i].data, "server_names") == 0) { + server_names = 1; + continue; + } + + ref = ngx_array_push(lcf->referers); + if (ref == NULL) { + return NGX_CONF_ERROR; + } + + if (value[i].data[0] != '*') { + ref->name = value[i]; + ref->wildcard = 0; + continue; + } + + + if (value[i].data[1] != '.') { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "invalid wildcard referer \"%V\"", &value[i]); + return NGX_CONF_ERROR; + } + + ref->name.len = value[i].len - 1; + ref->name.data = value[i].data + 1; + ref->wildcard = 1; + } + + if (!server_names) { + return NGX_CONF_OK; + } + + sn = cscf->server_names.elts; + for (i = 0; i < cscf->server_names.nelts; i++) { + ref = ngx_array_push(lcf->referers); + if (ref == NULL) { + return NGX_CONF_ERROR; + } + + ref->name.len = sn[i].name.len + 1; + ref->name.data = ngx_palloc(cf->pool, ref->name.len); + if (ref->name.data == NULL) { + return NGX_CONF_ERROR; + } + + ngx_memcpy(ref->name.data, sn[i].name.data, sn[i].name.len); + ref->name.data[sn[i].name.len] = '/'; + ref->wildcard = sn[i].wildcard; + } + + return NGX_CONF_OK; +} diff --git a/src/http/modules/ngx_http_rewrite_module.c b/src/http/modules/ngx_http_rewrite_module.c --- a/src/http/modules/ngx_http_rewrite_module.c +++ b/src/http/modules/ngx_http_rewrite_module.c @@ -10,22 +10,12 @@ typedef struct { - ngx_str_t name; - ngx_uint_t wildcard; -} ngx_http_rewrite_referer_t; - + ngx_array_t *codes; /* uintptr_t */ -typedef struct { - ngx_array_t *codes; /* uintptr_t */ - ngx_array_t *referers; /* ngx_http_rewrite_referer_t */ + ngx_uint_t captures; + ngx_uint_t stack_size; - ngx_uint_t captures; - ngx_uint_t stack_size; - - ngx_flag_t log; - - ngx_flag_t no_referer; - ngx_flag_t blocked_referer; + ngx_flag_t log; } ngx_http_rewrite_loc_conf_t; @@ -44,10 +34,10 @@ static char * ngx_http_rewrite_if_condit ngx_http_rewrite_loc_conf_t *lcf); static char *ngx_http_rewrite_variable(ngx_conf_t *cf, ngx_http_rewrite_loc_conf_t *lcf, ngx_str_t *value); -static char *ngx_http_rewrite_valid_referers(ngx_conf_t *cf, - ngx_command_t *cmd, void *conf); static char *ngx_http_rewrite_set(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); +static char * ngx_http_rewrite_value(ngx_conf_t *cf, + ngx_http_rewrite_loc_conf_t *lcf, ngx_str_t *value); static ngx_command_t ngx_http_rewrite_commands[] = { @@ -83,12 +73,14 @@ static ngx_command_t ngx_http_rewrite_c 0, NULL }, +#if 0 { ngx_string("valid_referers"), NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE, ngx_http_rewrite_valid_referers, NGX_HTTP_LOC_CONF_OFFSET, 0, NULL }, +#endif { ngx_string("set"), NGX_HTTP_SRV_CONF|NGX_HTTP_SIF_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF @@ -127,7 +119,7 @@ ngx_http_module_t ngx_http_rewrite_modu ngx_module_t ngx_http_rewrite_module = { NGX_MODULE_V1, - &ngx_http_rewrite_module_ctx, /* module context */ + &ngx_http_rewrite_module_ctx, /* module context */ ngx_http_rewrite_commands, /* module directives */ NGX_HTTP_MODULE, /* module type */ NULL, /* init master */ @@ -141,10 +133,6 @@ ngx_module_t ngx_http_rewrite_module = }; -static ngx_http_variable_value_t ngx_http_rewrite_null_value = - ngx_http_variable(""); - - static ngx_int_t ngx_http_rewrite_handler(ngx_http_request_t *r) { @@ -194,121 +182,6 @@ ngx_http_rewrite_handler(ngx_http_reques } -static void -ngx_http_rewrite_invalid_referer_code(ngx_http_script_engine_t *e) -{ - u_char *ref; - size_t len; - ngx_uint_t i, n; - ngx_http_request_t *r; - ngx_http_rewrite_referer_t *refs; - ngx_http_rewrite_loc_conf_t *cf; - - r = e->request; - - ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, - "http rewrite invalid referer"); - - cf = ngx_http_get_module_loc_conf(r, ngx_http_rewrite_module); - - e->ip += sizeof(uintptr_t); - - if (cf->referers == NULL) { - e->sp->data = (u_char *) ""; - e->sp->len = 0; - e->sp++; - - return; - } - - if (r->headers_in.referer == NULL) { - if (cf->no_referer) { - e->sp->data = (u_char *) ""; - e->sp->len = 0; - e->sp++; - - return; - - } else { - e->sp->data = (u_char *) "1"; - e->sp->len = 1; - e->sp++; - - return; - } - } - - len = r->headers_in.referer->value.len; - ref = r->headers_in.referer->value.data; - - if (len < sizeof("http://i.ru") - 1 - || (ngx_strncasecmp(ref, "http://", 7) != 0)) - { - if (cf->blocked_referer) { - e->sp->data = (u_char *) ""; - e->sp->len = 0; - e->sp++; - - return; - - } else { - e->sp->data = (u_char *) "1"; - e->sp->len = 1; - e->sp++; - - return; - } - } - - len -= 7; - ref += 7; - - refs = cf->referers->elts; - for (i = 0; i < cf->referers->nelts; i++ ){ - - if (refs[i].name.len > len) { - continue; - } - - if (refs[i].wildcard) { - for (n = 0; n < len; n++) { - if (ref[n] == '/' || ref[n] == ':') { - break; - } - - if (ref[n] != '.') { - continue; - } - - if (ngx_strncmp(&ref[n], refs[i].name.data, - refs[i].name.len) == 0) - { - e->sp->data = (u_char *) ""; - e->sp->len = 0; - e->sp++; - - return; - } - } - - } else { - if (ngx_strncasecmp(refs[i].name.data, ref, refs[i].name.len) == 0) - { - e->sp->data = (u_char *) ""; - e->sp->len = 0; - e->sp++; - - return; - } - } - } - - e->sp->data = (u_char *) "1"; - e->sp->len = 1; - e->sp++; -} - - static ngx_int_t ngx_http_rewrite_var(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data) @@ -329,7 +202,7 @@ ngx_http_rewrite_var(ngx_http_request_t ngx_log_error(NGX_LOG_ALERT, r->connection->log, 0, "using uninitialized \"%V\" variable", &var[data].name); - *v = ngx_http_rewrite_null_value; + *v = ngx_http_variable_null_value; return NGX_OK; } @@ -347,8 +220,6 @@ ngx_http_rewrite_create_loc_conf(ngx_con conf->stack_size = NGX_CONF_UNSET_UINT; conf->log = NGX_CONF_UNSET; - conf->no_referer = NGX_CONF_UNSET; - conf->blocked_referer = NGX_CONF_UNSET; return conf; } @@ -365,20 +236,6 @@ ngx_http_rewrite_merge_loc_conf(ngx_conf ngx_conf_merge_value(conf->log, prev->log, 0); ngx_conf_merge_unsigned_value(conf->stack_size, prev->stack_size, 10); - if (conf->referers == NULL) { - conf->referers = prev->referers; - ngx_conf_merge_value(conf->no_referer, prev->no_referer, 0); - ngx_conf_merge_value(conf->blocked_referer, prev->blocked_referer, 0); - } - - if (conf->no_referer == NGX_CONF_UNSET) { - conf->no_referer = 0; - } - - if (conf->blocked_referer == NGX_CONF_UNSET) { - conf->blocked_referer = 0; - } - if (conf->codes == NULL) { return NGX_CONF_OK; } @@ -400,7 +257,7 @@ ngx_http_rewrite_merge_loc_conf(ngx_conf static ngx_int_t ngx_http_rewrite_init(ngx_cycle_t *cycle) -{ +{ ngx_http_handler_pt *h; ngx_http_core_main_conf_t *cmcf; @@ -421,14 +278,14 @@ ngx_http_rewrite_init(ngx_cycle_t *cycle *h = ngx_http_rewrite_handler; return NGX_OK; -} +} static char * ngx_http_rewrite(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { - ngx_http_rewrite_loc_conf_t *lcf = conf; - + ngx_http_rewrite_loc_conf_t *lcf = conf; + ngx_str_t *value, err; ngx_int_t n; ngx_uint_t last; @@ -592,7 +449,7 @@ ngx_http_rewrite(ngx_conf_t *cf, ngx_com static char * ngx_http_rewrite_return(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { - ngx_http_rewrite_loc_conf_t *lcf = conf; + ngx_http_rewrite_loc_conf_t *lcf = conf; ngx_str_t *value; ngx_http_script_return_code_t *ret; @@ -639,7 +496,7 @@ ngx_http_rewrite_break(ngx_conf_t *cf, n static char * ngx_http_rewrite_if(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { - ngx_http_rewrite_loc_conf_t *lcf = conf; + ngx_http_rewrite_loc_conf_t *lcf = conf; void *mconf; char *rv; @@ -659,7 +516,7 @@ ngx_http_rewrite_if(ngx_conf_t *cf, ngx_ pctx = cf->ctx; ctx->main_conf = pctx->main_conf; - ctx->srv_conf = pctx->srv_conf; + ctx->srv_conf = pctx->srv_conf; ctx->loc_conf = ngx_pcalloc(cf->pool, sizeof(void *) * ngx_http_max_module); if (ctx->loc_conf == NULL) { @@ -672,7 +529,7 @@ ngx_http_rewrite_if(ngx_conf_t *cf, ngx_ } module = ngx_modules[i]->ctx; - + if (module->create_loc_conf) { mconf = module->create_loc_conf(cf); @@ -774,6 +631,7 @@ ngx_http_rewrite_if_condition(ngx_conf_t { ngx_str_t *value, err; ngx_uint_t cur, last, n; + ngx_http_script_code_pt *code; ngx_http_script_regex_code_t *regex; u_char errstr[NGX_MAX_CONF_ERRSTR]; @@ -817,7 +675,7 @@ ngx_http_rewrite_if_condition(ngx_conf_t return NGX_CONF_ERROR; } - if (ngx_http_rewrite_variable(cf, lcf, &value[cur])!= NGX_CONF_OK) { + if (ngx_http_rewrite_variable(cf, lcf, &value[cur]) != NGX_CONF_OK) { return NGX_CONF_ERROR; } @@ -827,51 +685,85 @@ ngx_http_rewrite_if_condition(ngx_conf_t cur++; - if ((value[cur].len == 1 && value[cur].data[0] != '~') - || (value[cur].len == 2 - && value[cur].data[0] != '~' && value[cur].data[1] != '*')) - { - ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, - "unexpected \"%V\" in condition", &value[cur]); - return NGX_CONF_ERROR; + if (value[cur].len == 1 && value[cur].data[0] == '=') { + + if (ngx_http_rewrite_value(cf, lcf, &value[last]) != NGX_CONF_OK) { + return NGX_CONF_ERROR; + } + + code = ngx_http_script_start_code(cf->pool, &lcf->codes, + sizeof(uintptr_t)); + if (code == NULL) { + return NGX_CONF_ERROR; + } + + *code = ngx_http_script_equal_code; + + return NGX_CONF_OK; } - regex = ngx_http_script_start_code(cf->pool, &lcf->codes, - sizeof(ngx_http_script_regex_code_t)); - if (regex == NULL) { - return NGX_CONF_ERROR; + if (value[cur].len == 2 + && value[cur].data[0] == '!' && value[cur].data[1] == '=') + { + if (ngx_http_rewrite_value(cf, lcf, &value[last]) != NGX_CONF_OK) { + return NGX_CONF_ERROR; + } + + code = ngx_http_script_start_code(cf->pool, &lcf->codes, + sizeof(uintptr_t)); + if (code == NULL) { + return NGX_CONF_ERROR; + } + + *code = ngx_http_script_not_equal_code; + return NGX_CONF_OK; } - ngx_memzero(regex, sizeof(ngx_http_script_regex_code_t)); + if ((value[cur].len == 1 && value[cur].data[0] == '~') + || (value[cur].len == 2 + && value[cur].data[0] == '~' && value[cur].data[1] == '*')) + { + regex = ngx_http_script_start_code(cf->pool, &lcf->codes, + sizeof(ngx_http_script_regex_code_t)); + if (regex == NULL) { + return NGX_CONF_ERROR; + } - err.len = NGX_MAX_CONF_ERRSTR; - err.data = errstr; + ngx_memzero(regex, sizeof(ngx_http_script_regex_code_t)); + + err.len = NGX_MAX_CONF_ERRSTR; + err.data = errstr; + + regex->regex = ngx_regex_compile(&value[last], + (value[cur].len == 2) ? NGX_REGEX_CASELESS : 0, + cf->pool, &err); - regex->regex = ngx_regex_compile(&value[last], - (value[cur].len == 2) ? NGX_REGEX_CASELESS : 0, - cf->pool, &err); + if (regex->regex == NULL) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "%s", err.data); + return NGX_CONF_ERROR; + } + + regex->code = ngx_http_script_regex_start_code; + regex->next = sizeof(ngx_http_script_regex_code_t); + regex->test = 1; + regex->name = value[last]; - if (regex->regex == NULL) { - ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "%s", err.data); - return NGX_CONF_ERROR; + n = ngx_regex_capture_count(regex->regex); + + if (n) { + regex->ncaptures = (n + 1) * 3; + + if (lcf->captures < regex->ncaptures) { + lcf->captures = regex->ncaptures; + } + } + + return NGX_CONF_OK; } - regex->code = ngx_http_script_regex_start_code; - regex->next = sizeof(ngx_http_script_regex_code_t); - regex->test = 1; - regex->name = value[last]; - - n = ngx_regex_capture_count(regex->regex); - - if (n) { - regex->ncaptures = (n + 1) * 3; - - if (lcf->captures < regex->ncaptures) { - lcf->captures = regex->ncaptures; - } - } - - return NGX_CONF_OK; + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "unexpected \"%V\" in condition", &value[cur]); + return NGX_CONF_ERROR; } ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, @@ -886,135 +778,25 @@ ngx_http_rewrite_variable(ngx_conf_t *cf ngx_str_t *value) { ngx_int_t index; - ngx_http_script_code_pt *code; ngx_http_script_var_code_t *var_code; value->len--; value->data++; - if (value->len == sizeof("invalid_referer") - 1 - && ngx_strncmp(value->data, "invalid_referer", - sizeof("invalid_referer") - 1) == 0) - { - code = ngx_http_script_start_code(cf->pool, &lcf->codes, - sizeof(ngx_http_script_code_pt)); - if (code == NULL) { - return NGX_CONF_ERROR; - } - - *code = ngx_http_rewrite_invalid_referer_code; - - } else { - index = ngx_http_get_variable_index(cf, value); - - if (index == NGX_ERROR) { - return NGX_CONF_ERROR; - } - - var_code = ngx_http_script_start_code(cf->pool, &lcf->codes, - sizeof(ngx_http_script_var_code_t)); - if (var_code == NULL) { - return NGX_CONF_ERROR; - } + index = ngx_http_get_variable_index(cf, value); - var_code->code = ngx_http_script_var_code; - var_code->index = index; - } - - return NGX_CONF_OK; -} - - -static char * -ngx_http_rewrite_valid_referers(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) -{ - ngx_http_rewrite_loc_conf_t *lcf = conf; - - ngx_uint_t i, server_names; - ngx_str_t *value; - ngx_http_server_name_t *sn; - ngx_http_core_srv_conf_t *cscf; - ngx_http_rewrite_referer_t *ref; - - cscf = ngx_http_conf_get_module_srv_conf(cf, ngx_http_core_module); - - if (lcf->referers == NULL) { - lcf->referers = ngx_array_create(cf->pool, - cf->args->nelts + cscf->server_names.nelts, - sizeof(ngx_http_rewrite_referer_t)); - if (lcf->referers == NULL) { - return NGX_CONF_ERROR; - } + if (index == NGX_ERROR) { + return NGX_CONF_ERROR; } - value = cf->args->elts; - server_names = 0; - - for (i = 1; i < cf->args->nelts; i++) { - if (value[i].len == 0) { - ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, - "invalid referer \"%V\"", &value[i]); - return NGX_CONF_ERROR; - } - - if (ngx_strcmp(value[i].data, "none") == 0) { - lcf->no_referer = 1; - continue; - } - - if (ngx_strcmp(value[i].data, "blocked") == 0) { - lcf->blocked_referer = 1; - continue; - } - - if (ngx_strcmp(value[i].data, "server_names") == 0) { - server_names = 1; - continue; - } - - ref = ngx_array_push(lcf->referers); - if (ref == NULL) { - return NGX_CONF_ERROR; - } - - if (value[i].data[0] != '*') { - ref->name = value[i]; - ref->wildcard = 0; - continue; - } - - if (value[i].data[1] != '.') { - ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, - "invalid wildcard referer \"%V\"", &value[i]); - return NGX_CONF_ERROR; - } - - ref->name.len = value[i].len - 1; - ref->name.data = value[i].data + 1; - ref->wildcard = 1; + var_code = ngx_http_script_start_code(cf->pool, &lcf->codes, + sizeof(ngx_http_script_var_code_t)); + if (var_code == NULL) { + return NGX_CONF_ERROR; } - if (!server_names) { - return NGX_CONF_OK; - } - - sn = cscf->server_names.elts; - for (i = 0; i < cscf->server_names.nelts; i++) { - ref = ngx_array_push(lcf->referers); - if (ref == NULL) { - return NGX_CONF_ERROR; - } - - ref->name.len = sn[i].name.len + 1; - ref->name.data = ngx_palloc(cf->pool, ref->name.len); - if (ref->name.data == NULL) { - return NGX_CONF_ERROR; - } - - ngx_memcpy(ref->name.data, sn[i].name.data, sn[i].name.len); - ref->name.data[sn[i].name.len] = '/'; - ref->wildcard = sn[i].wildcard; - } + var_code->code = ngx_http_script_var_code; + var_code->index = index; return NGX_CONF_OK; } @@ -1023,15 +805,12 @@ ngx_http_rewrite_valid_referers(ngx_conf static char * ngx_http_rewrite_set(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { - ngx_http_rewrite_loc_conf_t *lcf = conf; + ngx_http_rewrite_loc_conf_t *lcf = conf; - ngx_int_t n, index; - ngx_str_t *value; - ngx_http_variable_t *v; - ngx_http_script_compile_t sc; - ngx_http_script_var_code_t *var; - ngx_http_script_value_code_t *val; - ngx_http_script_complex_value_code_t *complex; + ngx_int_t index; + ngx_str_t *value; + ngx_http_variable_t *v; + ngx_http_script_var_code_t *var; value = cf->args->elts; @@ -1059,48 +838,8 @@ ngx_http_rewrite_set(ngx_conf_t *cf, ngx v->data = index; } - n = ngx_http_script_variables_count(&value[2]); - - if (n == 0) { - val = ngx_http_script_start_code(cf->pool, &lcf->codes, - sizeof(ngx_http_script_value_code_t)); - if (val == NULL) { - return NGX_CONF_ERROR; - } - - n = ngx_atoi(value[2].data, value[2].len); - - if (n == NGX_ERROR) { - n = 0; - } - - val->code = ngx_http_script_value_code; - val->value = (uintptr_t) n; - val->text_len = (uintptr_t) value[2].len; - val->text_data = (uintptr_t) value[2].data; - - } else { - complex = ngx_http_script_start_code(cf->pool, &lcf->codes, - sizeof(ngx_http_script_complex_value_code_t)); - if (complex == NULL) { - return NGX_CONF_ERROR; - } - - complex->code = ngx_http_script_complex_value_code; - complex->lengths = NULL; - - ngx_memzero(&sc, sizeof(ngx_http_script_compile_t)); - - sc.cf = cf; - sc.source = &value[2]; - sc.lengths = &complex->lengths; - sc.values = &lcf->codes; - sc.variables = n; - sc.complete_lengths = 1; - - if (ngx_http_script_compile(&sc) != NGX_OK) { - return NGX_CONF_ERROR; - } + if (ngx_http_rewrite_value(cf, lcf, &value[2]) != NGX_CONF_OK) { + return NGX_CONF_ERROR; } var = ngx_http_script_start_code(cf->pool, &lcf->codes, @@ -1114,3 +853,61 @@ ngx_http_rewrite_set(ngx_conf_t *cf, ngx return NGX_CONF_OK; } + + +static char * +ngx_http_rewrite_value(ngx_conf_t *cf, ngx_http_rewrite_loc_conf_t *lcf, + ngx_str_t *value) +{ + ngx_int_t n; + ngx_http_script_compile_t sc; + ngx_http_script_value_code_t *val; + ngx_http_script_complex_value_code_t *complex; + + n = ngx_http_script_variables_count(value); + + if (n == 0) { + val = ngx_http_script_start_code(cf->pool, &lcf->codes, + sizeof(ngx_http_script_value_code_t)); + if (val == NULL) { + return NGX_CONF_ERROR; + } + + n = ngx_atoi(value->data, value->len); + + if (n == NGX_ERROR) { + n = 0; + } + + val->code = ngx_http_script_value_code; + val->value = (uintptr_t) n; + val->text_len = (uintptr_t) value->len; + val->text_data = (uintptr_t) value->data; + + return NGX_CONF_OK; + } + + complex = ngx_http_script_start_code(cf->pool, &lcf->codes, + sizeof(ngx_http_script_complex_value_code_t)); + if (complex == NULL) { + return NGX_CONF_ERROR; + } + + complex->code = ngx_http_script_complex_value_code; + complex->lengths = NULL; + + ngx_memzero(&sc, sizeof(ngx_http_script_compile_t)); + + sc.cf = cf; + sc.source = value; + sc.lengths = &complex->lengths; + sc.values = &lcf->codes; + sc.variables = n; + sc.complete_lengths = 1; + + if (ngx_http_script_compile(&sc) != NGX_OK) { + return NGX_CONF_ERROR; + } + + return NGX_CONF_OK; +} diff --git a/src/http/modules/ngx_http_ssi_filter_module.c b/src/http/modules/ngx_http_ssi_filter_module.c --- a/src/http/modules/ngx_http_ssi_filter_module.c +++ b/src/http/modules/ngx_http_ssi_filter_module.c @@ -197,7 +197,7 @@ static ngx_command_t ngx_http_ssi_filte }; - + static ngx_http_module_t ngx_http_ssi_filter_module_ctx = { ngx_http_ssi_add_variables, /* preconfiguration */ NULL, /* postconfiguration */ @@ -210,7 +210,7 @@ static ngx_http_module_t ngx_http_ssi_f ngx_http_ssi_create_conf, /* create location configuration */ ngx_http_ssi_merge_conf /* merge location configuration */ -}; +}; ngx_module_t ngx_http_ssi_filter_module = { @@ -331,7 +331,8 @@ ngx_http_ssi_header_filter(ngx_http_requ conf = ngx_http_get_module_loc_conf(r, ngx_http_ssi_filter_module); if (!conf->enable - || r->headers_out.content_type.len == 0) + || r->headers_out.content_type.len == 0 + || r->headers_out.content_length_n == 0) { return ngx_http_next_header_filter(r); } @@ -381,17 +382,8 @@ found: r->filter_need_in_memory = 1; if (r->main == r) { - r->headers_out.content_length_n = -1; - if (r->headers_out.content_length) { - r->headers_out.content_length->hash = 0; - r->headers_out.content_length = NULL; - } - - r->headers_out.last_modified_time = -1; - if (r->headers_out.last_modified) { - r->headers_out.last_modified->hash = 0; - r->headers_out.last_modified = NULL; - } + ngx_http_clear_content_length(r); + ngx_http_clear_last_modified(r); } return ngx_http_next_header_filter(r); @@ -1485,7 +1477,7 @@ ngx_http_ssi_evaluate_string(ngx_http_re return NGX_ERROR; } - if (var.len == 0) { + if (var.len == 0) { goto invalid_variable; } @@ -1983,7 +1975,7 @@ ngx_http_ssi_date_gmt_local_variable(ngx struct tm tm; char buf[NGX_HTTP_SSI_DATE_LEN]; - v->valid = 1; + v->valid = 1; v->no_cachable = 0; v->not_found = 0; @@ -2092,7 +2084,7 @@ ngx_http_ssi_add_variables(ngx_conf_t *c var->data = v->data; } - return NGX_OK; + return NGX_OK; } diff --git a/src/http/modules/ngx_http_static_module.c b/src/http/modules/ngx_http_static_module.c --- a/src/http/modules/ngx_http_static_module.c +++ b/src/http/modules/ngx_http_static_module.c @@ -44,13 +44,13 @@ ngx_http_module_t ngx_http_static_modul NULL, /* create main configuration */ NULL, /* init main configuration */ - + NULL, /* create server configuration */ NULL, /* merge server configuration */ - + ngx_http_static_create_loc_conf, /* create location configuration */ ngx_http_static_merge_loc_conf /* merge location configuration */ -}; +}; ngx_module_t ngx_http_static_module = { @@ -240,33 +240,23 @@ ngx_http_static_handler(ngx_http_request r->headers_out.content_length_n = ngx_file_size(&fi); r->headers_out.last_modified_time = ngx_file_mtime(&fi); - if (r->headers_out.content_length_n == 0) { - r->header_only = 1; - } - if (ngx_http_set_content_type(r) != NGX_OK) { return NGX_HTTP_INTERNAL_SERVER_ERROR; } -#if (NGX_SUPPRESS_WARN) - b = NULL; -#endif + /* we need to allocate all before the header would be sent */ - if (!r->header_only) { - /* we need to allocate all before the header would be sent */ + b = ngx_pcalloc(r->pool, sizeof(ngx_buf_t)); + if (b == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } - b = ngx_pcalloc(r->pool, sizeof(ngx_buf_t)); - if (b == NULL) { - return NGX_HTTP_INTERNAL_SERVER_ERROR; - } + b->file = ngx_pcalloc(r->pool, sizeof(ngx_file_t)); + if (b->file == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } - b->file = ngx_pcalloc(r->pool, sizeof(ngx_file_t)); - if (b->file == NULL) { - return NGX_HTTP_INTERNAL_SERVER_ERROR; - } - - r->filter_allow_ranges = 1; - } + r->filter_allow_ranges = 1; rc = ngx_http_send_header(r); @@ -274,17 +264,13 @@ ngx_http_static_handler(ngx_http_request return rc; } - b->in_file = 1; - - if (r->main == r) { - b->last_buf = 1; - } - - b->last_in_chain = 1; - b->file_pos = 0; b->file_last = ngx_file_size(&fi); + b->in_file = b->file_last ? 1: 0; + b->last_buf = (r->main == r) ? 1: 0; + b->last_in_chain = 1; + b->file->fd = fd; b->file->name = path; b->file->log = log; @@ -333,7 +319,7 @@ ngx_http_static_init(ngx_cycle_t *cycle) ngx_http_core_main_conf_t *cmcf; cmcf = ngx_http_cycle_get_module_main_conf(cycle, ngx_http_core_module); - + h = ngx_array_push(&cmcf->phases[NGX_HTTP_CONTENT_PHASE].handlers); if (h == NULL) { return NGX_ERROR; diff --git a/src/http/modules/ngx_http_stub_status_module.c b/src/http/modules/ngx_http_stub_status_module.c --- a/src/http/modules/ngx_http_stub_status_module.c +++ b/src/http/modules/ngx_http_stub_status_module.c @@ -1,3 +1,8 @@ + +/* + * Copyright (C) Igor Sysoev + */ + #include #include @@ -6,7 +11,7 @@ static char *ngx_http_set_status(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); - + static ngx_command_t ngx_http_status_commands[] = { { ngx_string("stub_status"), @@ -17,20 +22,20 @@ static ngx_command_t ngx_http_status_co NULL }, ngx_null_command -}; +}; - + ngx_http_module_t ngx_http_stub_status_module_ctx = { NULL, /* preconfiguration */ NULL, /* postconfiguration */ NULL, /* create main configuration */ NULL, /* init main configuration */ - + NULL, /* create server configuration */ NULL, /* merge server configuration */ - + NULL, /* create location configuration */ NULL /* merge location configuration */ }; @@ -59,7 +64,7 @@ static ngx_int_t ngx_http_status_handler ngx_buf_t *b; ngx_chain_t out; ngx_atomic_int_t ap, hn, ac, rq, rd, wr; - + if (r->method != NGX_HTTP_GET && r->method != NGX_HTTP_HEAD) { return NGX_HTTP_NOT_ALLOWED; } diff --git a/src/http/modules/ngx_http_userid_filter_module.c b/src/http/modules/ngx_http_userid_filter_module.c --- a/src/http/modules/ngx_http_userid_filter_module.c +++ b/src/http/modules/ngx_http_userid_filter_module.c @@ -594,7 +594,7 @@ ngx_http_userid_variable(ngx_http_reques ngx_http_userid_ctx_t *ctx; ngx_http_userid_conf_t *conf; - v->valid = 1; + v->valid = 1; v->no_cachable = 0; v->not_found = 0; @@ -634,7 +634,7 @@ ngx_http_userid_init(ngx_cycle_t *cycle) static void * ngx_http_userid_create_conf(ngx_conf_t *cf) -{ +{ ngx_http_userid_conf_t *conf; conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_userid_conf_t)); @@ -661,7 +661,7 @@ ngx_http_userid_create_conf(ngx_conf_t * conf->mark = (u_char) '\xFF'; return conf; -} +} static char * diff --git a/src/http/ngx_http.c b/src/http/ngx_http.c --- a/src/http/ngx_http.c +++ b/src/http/ngx_http.c @@ -44,12 +44,12 @@ static ngx_command_t ngx_http_commands[ ngx_null_command }; - + static ngx_core_module_t ngx_http_module_ctx = { ngx_string("http"), NULL, NULL -}; +}; ngx_module_t ngx_http_module = { @@ -438,7 +438,7 @@ ngx_http_block(ngx_conf_t *cf, ngx_comma } /* - * check the duplicate "default" server + * check the duplicate "default" server * for this address:port */ diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c --- a/src/http/ngx_http_core_module.c +++ b/src/http/ngx_http_core_module.c @@ -343,6 +343,14 @@ static ngx_command_t ngx_http_core_comm 0, NULL }, + { ngx_string("post_action"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF + |NGX_CONF_TAKE1, + ngx_conf_set_str_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_core_loc_conf_t, post_action), + NULL }, + { ngx_string("error_log"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE, ngx_http_core_error_log, @@ -514,7 +522,7 @@ ngx_http_core_run_phases(ngx_http_reques if (rc == NGX_DONE) { /* - * we should never use r here because + * we should never use r here because * it may point to already freed data */ @@ -1034,9 +1042,9 @@ ngx_http_auth_basic_user(ngx_http_reques r->headers_in.user.data = (u_char *) ""; return NGX_DECLINED; } - + auth.len = ngx_base64_decoded_length(encoded.len); - auth.data = ngx_palloc(r->pool, auth.len + 1); + auth.data = ngx_palloc(r->pool, auth.len + 1); if (auth.data == NULL) { return NGX_ERROR; } @@ -1045,15 +1053,15 @@ ngx_http_auth_basic_user(ngx_http_reques r->headers_in.user.data = (u_char *) ""; return NGX_DECLINED; } - + auth.data[auth.len] = '\0'; - - for (len = 0; len < auth.len; len++) { + + for (len = 0; len < auth.len; len++) { if (auth.data[len] == ':') { break; } } - + if (len == 0 || len == auth.len) { r->headers_in.user.data = (u_char *) ""; return NGX_DECLINED; @@ -1105,8 +1113,10 @@ ngx_http_subrequest(ngx_http_request_t * sr->headers_in = r->headers_in; sr->start_time = ngx_time(); - sr->headers_out.content_length_n = -1; - sr->headers_out.last_modified_time = -1; + + ngx_http_clear_content_length(sr); + ngx_http_clear_accept_ranges(sr); + ngx_http_clear_last_modified(sr); sr->request_body = r->request_body; @@ -1859,11 +1869,10 @@ ngx_http_core_create_loc_conf(ngx_conf_t /* * set by ngx_pcalloc(): * - * lcf->root.len = 0; - * lcf->root.data = NULL; + * lcf->root = { 0, NULL }; + * lcf->post_action = { 0, NULL }; * lcf->types = NULL; - * lcf->default_type.len = 0; - * lcf->default_type.data = NULL; + * lcf->default_type = { 0, NULL }; * lcf->err_log = NULL; * lcf->error_pages = NULL; * lcf->client_body_path = NULL; @@ -1923,13 +1932,17 @@ ngx_http_core_merge_loc_conf(ngx_conf_t return NGX_CONF_ERROR; } + if (conf->post_action.data == NULL) { + conf->post_action = prev->post_action; + } + if (conf->types == NULL) { if (prev->types) { conf->types = prev->types; } else { conf->types = ngx_palloc(cf->pool, NGX_HTTP_TYPES_HASH_PRIME - * sizeof(ngx_array_t)); + * sizeof(ngx_array_t)); if (conf->types == NULL) { return NGX_CONF_ERROR; } @@ -2038,7 +2051,7 @@ ngx_http_core_listen(ngx_conf_t *cf, ngx */ value = cf->args->elts; - + ngx_memzero(&inet_upstream, sizeof(ngx_inet_upstream_t)); inet_upstream.url = value[1]; @@ -2050,7 +2063,7 @@ ngx_http_core_listen(ngx_conf_t *cf, ngx ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "%s in \"%V\" of the \"listen\" directive", err, &inet_upstream.url); - return NGX_CONF_ERROR; + return NGX_CONF_ERROR; } ls = ngx_array_push(&scf->listen); @@ -2084,7 +2097,7 @@ ngx_http_core_listen(ngx_conf_t *cf, ngx inet_upstream.host.data); return NGX_CONF_ERROR; } - + ls->addr = *(in_addr_t *)(h->h_addr_list[0]); } diff --git a/src/http/ngx_http_core_module.h b/src/http/ngx_http_core_module.h --- a/src/http/ngx_http_core_module.h +++ b/src/http/ngx_http_core_module.h @@ -145,9 +145,9 @@ typedef struct { #define ngx_http_server_names_hash_key(key, name, len, prime) \ { \ - ngx_uint_t n; \ - for (key = 0, n = 0; n < len; n++) { \ - key += name[n]; \ + ngx_uint_t n0; \ + for (key = 0, n0 = 0; n0 < len; n0++) { \ + key += name[n0]; \ } \ key %= prime; \ } @@ -202,11 +202,12 @@ struct ngx_http_core_loc_conf_s { ngx_http_handler_pt handler; - ngx_str_t root; /* root, alias */ - ngx_array_t *types; ngx_str_t default_type; + ngx_str_t root; /* root, alias */ + ngx_str_t post_action; + size_t client_max_body_size; /* client_max_body_size */ size_t client_body_buffer_size; /* client_body_buffer_size */ size_t send_lowat; /* send_lowat */ @@ -245,14 +246,6 @@ struct ngx_http_core_loc_conf_s { }; - -extern ngx_http_module_t ngx_http_core_module_ctx; -extern ngx_module_t ngx_http_core_module; - -extern ngx_uint_t ngx_http_max_module; - - - ngx_int_t ngx_http_find_location_config(ngx_http_request_t *r); ngx_int_t ngx_http_set_content_type(ngx_http_request_t *r); @@ -278,4 +271,35 @@ ngx_int_t ngx_http_output_filter(ngx_htt ngx_int_t ngx_http_write_filter(ngx_http_request_t *r, ngx_chain_t *chain); +extern ngx_http_module_t ngx_http_core_module_ctx; +extern ngx_module_t ngx_http_core_module; + +extern ngx_uint_t ngx_http_max_module; + + +#define ngx_http_clear_content_length(r) \ + \ + r->headers_out.content_length_n = -1; \ + if (r->headers_out.content_length) { \ + r->headers_out.content_length->hash = 0; \ + r->headers_out.content_length = NULL; \ + } + \ +#define ngx_http_clear_accept_ranges(r) \ + \ + r->filter_allow_ranges = 0; \ + if (r->headers_out.accept_ranges) { \ + r->headers_out.accept_ranges->hash = 0 ; \ + r->headers_out.accept_ranges = NULL; \ + } + +#define ngx_http_clear_last_modified(r) \ + \ + r->headers_out.last_modified_time = -1; \ + if (r->headers_out.last_modified) { \ + r->headers_out.last_modified->hash = 0; \ + r->headers_out.last_modified = NULL; \ + } + + #endif /* _NGX_HTTP_CORE_H_INCLUDED_ */ diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c --- a/src/http/ngx_http_parse.c +++ b/src/http/ngx_http_parse.c @@ -1109,7 +1109,7 @@ ngx_http_parse_multi_header_lines(ngx_ar if (name->len > h[i]->value.len) { continue; } - + start = h[i]->value.data; end = h[i]->value.data + h[i]->value.len; diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -51,7 +51,6 @@ static u_char *ngx_http_log_error_handle #if (NGX_HTTP_SSL) static void ngx_http_ssl_handshake(ngx_event_t *rev); static void ngx_http_ssl_handshake_handler(ngx_connection_t *c); -static void ngx_http_ssl_close_handler(ngx_event_t *ev); #endif @@ -451,7 +450,7 @@ ngx_http_ssl_handshake(ngx_event_t *rev) return; } - n = recv(c->fd, buf, 1, MSG_PEEK); + n = recv(c->fd, buf, 1, MSG_PEEK); if (n == -1 && ngx_socket_errno == NGX_EAGAIN) { return; @@ -1346,7 +1345,7 @@ ngx_http_find_virtual_server(ngx_http_re } if (rc < 0) { - /* the server names are lexicographically sorted */ + /* the server names are lexicographically sorted */ break; } } @@ -1520,6 +1519,13 @@ ngx_http_finalize_request(ngx_http_reque return; } + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); + + if (clcf->post_action.data) { + ngx_http_internal_redirect(r, &clcf->post_action, NULL); + return; + } + if (r->connection->read->timer_set) { ngx_del_timer(r->connection->read); } @@ -1539,8 +1545,6 @@ ngx_http_finalize_request(ngx_http_reque return; } - clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); - if (!ngx_terminate && !ngx_exiting && r->keepalive != 0 @@ -1894,7 +1898,7 @@ ngx_http_set_keepalive(ngx_http_request_ * If the large header buffers were allocated while the previous * request processing then we do not use c->buffer for * the pipelined request (see ngx_http_init_request()). - * + * * Now we would move the large header buffers to the free list. */ @@ -2178,7 +2182,7 @@ ngx_http_keepalive_handler(ngx_event_t * static void ngx_http_set_lingering_close(ngx_http_request_t *r) -{ +{ ngx_event_t *rev, *wev; ngx_connection_t *c; ngx_http_core_loc_conf_t *clcf; @@ -2248,6 +2252,7 @@ ngx_http_lingering_close_handler(ngx_eve "http lingering close handler"); if (rev->timedout) { + c->timedout = 1; ngx_http_close_request(r, 0); return; } @@ -2423,8 +2428,7 @@ ngx_http_close_connection(ngx_connection if (c->ssl) { if (ngx_ssl_shutdown(c) == NGX_AGAIN) { - c->read->handler = ngx_http_ssl_close_handler; - c->write->handler = ngx_http_ssl_close_handler; + c->ssl->handler = ngx_http_close_connection; return; } } @@ -2443,27 +2447,6 @@ ngx_http_close_connection(ngx_connection } -#if (NGX_HTTP_SSL) - -static void -ngx_http_ssl_close_handler(ngx_event_t *ev) -{ - ngx_connection_t *c; - - c = ev->data; - - ngx_log_debug0(NGX_LOG_DEBUG_HTTP, ev->log, 0, "http ssl close handler"); - - if (ngx_ssl_shutdown(c) == NGX_AGAIN) { - return; - } - - ngx_http_close_connection(c); -} - -#endif - - static u_char * ngx_http_log_error(ngx_log_t *log, u_char *buf, size_t len) { diff --git a/src/http/ngx_http_request.h b/src/http/ngx_http_request.h --- a/src/http/ngx_http_request.h +++ b/src/http/ngx_http_request.h @@ -69,13 +69,13 @@ /* * We use the special code for the plain HTTP requests that are sent to - * HTTPS port to distinguish it from 4XX in an error page redirection + * HTTPS port to distinguish it from 4XX in an error page redirection */ #define NGX_HTTP_TO_HTTPS 497 /* * We use the special code for the requests with invalid host name - * to distinguish it from 4XX in an error page redirection + * to distinguish it from 4XX in an error page redirection */ #define NGX_HTTP_INVALID_HOST 498 @@ -300,7 +300,7 @@ struct ngx_http_request_s { ngx_uint_t http_version; ngx_uint_t http_major; ngx_uint_t http_minor; - + ngx_str_t request_line; ngx_str_t uri; ngx_str_t args; @@ -309,7 +309,7 @@ struct ngx_http_request_s { ngx_str_t method_name; ngx_str_t http_protocol; - + ngx_chain_t *out; ngx_http_request_t *main; ngx_http_request_t *parent; diff --git a/src/http/ngx_http_request_body.c b/src/http/ngx_http_request_body.c --- a/src/http/ngx_http_request_body.c +++ b/src/http/ngx_http_request_body.c @@ -143,6 +143,7 @@ ngx_http_read_client_request_body_handle ngx_int_t rc; if (r->connection->read->timedout) { + r->connection->timedout = 1; ngx_http_finalize_request(r, NGX_HTTP_REQUEST_TIME_OUT); return; } diff --git a/src/http/ngx_http_script.c b/src/http/ngx_http_script.c --- a/src/http/ngx_http_script.c +++ b/src/http/ngx_http_script.c @@ -503,7 +503,7 @@ ngx_http_script_start_args_code(ngx_http { ngx_log_debug0(NGX_LOG_DEBUG_HTTP, e->request->connection->log, 0, "http script args"); - + e->args = e->pos; e->ip += sizeof(uintptr_t); } @@ -664,6 +664,7 @@ ngx_http_script_regex_start_code(ngx_htt void ngx_http_script_regex_end_code(ngx_http_script_engine_t *e) { + u_char *dst, *src; ngx_http_request_t *r; ngx_http_script_regex_end_code_t *code; @@ -678,7 +679,18 @@ ngx_http_script_regex_end_code(ngx_http_ if (code->redirect) { - if (code->add_args && r->args.len) { + dst = e->buf.data; + src = e->buf.data; + + ngx_unescape_uri(&dst, &src, e->pos - e->buf.data); + + if (src < e->pos) { + dst = ngx_copy(dst, src, e->pos - src); + } + + e->pos = dst; + + if (code->add_args && r->args.len) { *e->pos++ = (u_char) (code->args ? '&' : '?'); e->pos = ngx_copy(e->pos, r->args.data, r->args.len); } @@ -697,7 +709,7 @@ ngx_http_script_regex_end_code(ngx_http_ return; } - r->headers_out.location->hash = 1; + r->headers_out.location->hash = 1; r->headers_out.location->key.len = sizeof("Location") - 1; r->headers_out.location->key.data = (u_char *) "Location"; r->headers_out.location->value = e->buf; @@ -706,7 +718,7 @@ ngx_http_script_regex_end_code(ngx_http_ return; } - if (e->args) { + if (e->args) { e->buf.len = e->args - e->buf.data; if (code->add_args && r->args.len) { @@ -755,9 +767,9 @@ ngx_http_script_regex_end_code(ngx_http_ void ngx_http_script_return_code(ngx_http_script_engine_t *e) -{ +{ ngx_http_script_return_code_t *code; - + code = (ngx_http_script_return_code_t *) e->ip; e->status = code->status; @@ -798,13 +810,69 @@ ngx_http_script_if_code(ngx_http_script_ } ngx_log_debug0(NGX_LOG_DEBUG_HTTP, e->request->connection->log, 0, - "http script if false"); + "http script if: false"); e->ip += code->next; } void +ngx_http_script_equal_code(ngx_http_script_engine_t *e) +{ + ngx_http_variable_value_t *val, *res; + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, e->request->connection->log, 0, + "http script equal"); + + e->sp--; + val = e->sp; + res = e->sp - 1; + + e->ip += sizeof(uintptr_t); + + if (val->len == res->len && ngx_strncmp(val->data, res->data, res->len) + == 0) + { + *res = ngx_http_variable_true_value; + return; + } + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, e->request->connection->log, 0, + "http script equal: no"); + + *res = ngx_http_variable_null_value; +} + + +void +ngx_http_script_not_equal_code(ngx_http_script_engine_t *e) +{ + ngx_http_variable_value_t *val, *res; + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, e->request->connection->log, 0, + "http script not equal"); + + e->sp--; + val = e->sp; + res = e->sp - 1; + + e->ip += sizeof(uintptr_t); + + if (val->len == res->len && ngx_strncmp(val->data, res->data, res->len) + == 0) + { + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, e->request->connection->log, 0, + "http script not equal: no"); + + *res = ngx_http_variable_null_value; + return; + } + + *res = ngx_http_variable_true_value; +} + + +void ngx_http_script_complex_value_code(ngx_http_script_engine_t *e) { size_t len; @@ -840,8 +908,8 @@ ngx_http_script_complex_value_code(ngx_h e->pos = e->buf.data; + e->sp->len = e->buf.len; e->sp->data = e->buf.data; - e->sp->len = e->buf.len; e->sp++; } @@ -855,11 +923,12 @@ ngx_http_script_value_code(ngx_http_scri e->ip += sizeof(ngx_http_script_value_code_t); - ngx_log_debug0(NGX_LOG_DEBUG_HTTP, e->request->connection->log, 0, - "http script value"); - e->sp->len = code->text_len; e->sp->data = (u_char *) code->text_data; + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, e->request->connection->log, 0, + "http script value: \"%V\"", e->sp); + e->sp++; } @@ -914,8 +983,7 @@ ngx_http_script_var_code(ngx_http_script return; } - e->sp->data = (u_char *) ""; - e->sp->len = 0; + *e->sp = ngx_http_variable_null_value; e->sp++; } diff --git a/src/http/ngx_http_script.h b/src/http/ngx_http_script.h --- a/src/http/ngx_http_script.h +++ b/src/http/ngx_http_script.h @@ -99,7 +99,7 @@ typedef struct { /* add the r->args to the new arguments */ uintptr_t add_args:1; - + uintptr_t redirect:1; uintptr_t break_cycle:1; @@ -173,6 +173,8 @@ void ngx_http_script_regex_end_code(ngx_ void ngx_http_script_return_code(ngx_http_script_engine_t *e); void ngx_http_script_break_code(ngx_http_script_engine_t *e); void ngx_http_script_if_code(ngx_http_script_engine_t *e); +void ngx_http_script_equal_code(ngx_http_script_engine_t *e); +void ngx_http_script_not_equal_code(ngx_http_script_engine_t *e); void ngx_http_script_complex_value_code(ngx_http_script_engine_t *e); void ngx_http_script_value_code(ngx_http_script_engine_t *e); void ngx_http_script_set_var_code(ngx_http_script_engine_t *e); diff --git a/src/http/ngx_http_special_response.c b/src/http/ngx_http_special_response.c --- a/src/http/ngx_http_special_response.c +++ b/src/http/ngx_http_special_response.c @@ -371,6 +371,9 @@ ngx_http_special_response_handler(ngx_ht r->headers_out.content_length = NULL; } + ngx_http_clear_accept_ranges(r); + ngx_http_clear_last_modified(r); + rc = ngx_http_send_header(r); if (rc == NGX_ERROR || r->header_only) { diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c --- a/src/http/ngx_http_upstream.c +++ b/src/http/ngx_http_upstream.c @@ -84,6 +84,12 @@ static ngx_int_t ngx_http_upstream_respo static void *ngx_http_upstream_create_main_conf(ngx_conf_t *cf); static char *ngx_http_core_init_main_conf(ngx_conf_t *cf, void *conf); +#if (NGX_HTTP_SSL) +static void ngx_http_upstream_ssl_handshake(ngx_connection_t *c); +static void ngx_http_upstream_ssl_shutdown(ngx_connection_t *c, + ngx_peer_t *peer); +#endif + ngx_http_upstream_header_t ngx_http_upstream_headers_in[] = { @@ -147,6 +153,12 @@ ngx_http_upstream_header_t ngx_http_ups ngx_http_upstream_copy_header_line, offsetof(ngx_http_headers_out_t, expires), 1 }, + { ngx_string("Accept-Ranges"), + ngx_http_upstream_process_header_line, + offsetof(ngx_http_upstream_headers_in_t, accept_ranges), + ngx_http_upstream_copy_header_line, + offsetof(ngx_http_headers_out_t, accept_ranges), 1 }, + { ngx_string("Connection"), ngx_http_upstream_ignore_header_line, 0, ngx_http_upstream_ignore_header_line, 0, 0 }, @@ -199,7 +211,7 @@ ngx_http_module_t ngx_http_upstream_mod NULL, /* create location configuration */ NULL /* merge location configuration */ }; - + ngx_module_t ngx_http_upstream_module = { NGX_MODULE_V1, @@ -266,7 +278,7 @@ ngx_http_upstream_init(ngx_http_request_ r->read_event_handler = ngx_http_upstream_rd_check_broken_connection; r->write_event_handler = ngx_http_upstream_wr_check_broken_connection; - + if (ngx_event_flags & NGX_USE_CLEAR_EVENT) { if (!c->write->active) { @@ -359,7 +371,7 @@ ngx_http_upstream_check_broken_connectio { int n; char buf[1]; - ngx_err_t err; + ngx_err_t err; ngx_connection_t *c; ngx_http_upstream_t *u; @@ -482,6 +494,7 @@ static void ngx_http_upstream_connect(ngx_http_request_t *r, ngx_http_upstream_t *u) { ngx_int_t rc; + ngx_peer_t *peer; ngx_connection_t *c; r->connection->log->action = "connecting to upstream"; @@ -499,7 +512,8 @@ ngx_http_upstream_connect(ngx_http_reque return; } - u->state->peer = &u->peer.peers->peer[u->peer.cur_peer].name; + peer = &u->peer.peers->peer[u->peer.cur_peer]; + u->state->peer = &peer->name; if (rc == NGX_BUSY) { ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "no live upstreams"); @@ -510,6 +524,8 @@ ngx_http_upstream_connect(ngx_http_reque return; } + /* rc == NGX_OK || rc == NGX_AGAIN */ + c = u->peer.connection; c->data = r; @@ -568,10 +584,75 @@ ngx_http_upstream_connect(ngx_http_reque /* rc == NGX_OK */ +#if (NGX_HTTP_SSL) + + if (u->conf->ssl) { + if (c->ssl == NULL) { + + if (ngx_ssl_create_connection(u->conf->ssl, c, + NGX_SSL_BUFFER|NGX_SSL_CLIENT) + == NGX_ERROR) + { + ngx_http_upstream_finalize_request(r, u, + NGX_HTTP_INTERNAL_SERVER_ERROR); + return; + } + + c->sendfile = 0; + } + + if (ngx_ssl_set_session(c, peer->ssl_session) != NGX_OK) { + ngx_http_upstream_finalize_request(r, u, + NGX_HTTP_INTERNAL_SERVER_ERROR); + return; + } + + rc = ngx_ssl_handshake(c); + + if (rc == NGX_AGAIN) { + c->ssl->handler = ngx_http_upstream_ssl_handshake; + return; + } + + ngx_http_upstream_ssl_handshake(c); + + return; + } + +#endif + ngx_http_upstream_send_request(r, u); } +#if (NGX_HTTP_SSL) + +static void +ngx_http_upstream_ssl_handshake(ngx_connection_t *c) +{ + ngx_http_request_t *r; + ngx_http_upstream_t *u; + + r = c->data; + u = r->upstream; + + if (c->ssl->handshaked) { + + c->write->handler = ngx_http_upstream_send_request_handler; + c->read->handler = ngx_http_upstream_process_header; + + ngx_http_upstream_send_request(r, u); + + return; + } + + ngx_http_upstream_next(r, u, NGX_HTTP_UPSTREAM_FT_ERROR); + +} + +#endif + + static ngx_int_t ngx_http_upstream_reinit(ngx_http_request_t *r, ngx_http_upstream_t *u) { @@ -591,7 +672,7 @@ ngx_http_upstream_reinit(ngx_http_reques } /* reinit the request chain */ - + for (cl = u->request_bufs; cl; cl = cl->next) { cl->buf->pos = cl->buf->start; cl->buf->file_pos = 0; @@ -617,9 +698,9 @@ ngx_http_upstream_reinit(ngx_http_reques u->output.buf = NULL; u->output.in = NULL; u->output.busy = NULL; - + /* reinit u->header_in buffer */ - + #if 0 if (u->cache) { u->header_in.pos = u->header_in.start + u->cache->ctx.header_size; @@ -654,7 +735,7 @@ ngx_http_upstream_send_request(ngx_http_ { int rc; ngx_connection_t *c; - + c = u->peer.connection; ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, @@ -710,17 +791,17 @@ ngx_http_upstream_send_request(ngx_http_ ngx_tcp_push_n " failed"); ngx_http_upstream_finalize_request(r, u, NGX_HTTP_INTERNAL_SERVER_ERROR); - return; + return; } c->tcp_nopush = NGX_TCP_NOPUSH_UNSET; } - + ngx_add_timer(c->read, u->conf->read_timeout); #if 1 if (c->read->ready) { - + /* post aio operation */ /* @@ -799,7 +880,7 @@ ngx_http_upstream_process_header(ngx_eve ngx_http_upstream_next(r, u, NGX_HTTP_UPSTREAM_FT_TIMEOUT); return; } - + if (u->header_in.start == NULL) { u->header_in.start = ngx_palloc(r->pool, u->conf->header_buffer_size); if (u->header_in.start == NULL) { @@ -831,8 +912,8 @@ ngx_http_upstream_process_header(ngx_eve #endif } - n = ngx_recv(u->peer.connection, u->header_in.last, - u->header_in.end - u->header_in.last); + n = u->peer.connection->recv(u->peer.connection, u->header_in.last, + u->header_in.end - u->header_in.last); if (n == NGX_AGAIN) { #if 0 @@ -958,7 +1039,7 @@ ngx_http_upstream_process_header(ngx_eve return; } - *r->headers_out.www_authenticate = + *r->headers_out.www_authenticate = *u->headers_in.www_authenticate; } @@ -985,7 +1066,7 @@ ngx_http_upstream_process_header(ngx_eve if (part->next == NULL) { break; } - + part = part->next; h = part->elts; i = 0; @@ -1054,7 +1135,7 @@ ngx_http_upstream_send_response(ngx_http if (part->next == NULL) { break; } - + part = part->next; h = part->elts; i = 0; @@ -1140,13 +1221,13 @@ ngx_http_upstream_send_response(ngx_http p->output_filter = (ngx_event_pipe_output_filter_pt) ngx_http_output_filter; p->output_ctx = r; p->tag = u->output.tag; - p->bufs = u->conf->bufs; + p->bufs = u->conf->bufs; p->busy_size = u->conf->busy_buffers_size; p->upstream = u->peer.connection; p->downstream = r->connection; p->pool = r->pool; p->log = r->connection->log; - + p->cachable = u->cachable; p->temp_file = ngx_pcalloc(r->pool, sizeof(ngx_temp_file_t)); @@ -1159,7 +1240,7 @@ ngx_http_upstream_send_response(ngx_http p->temp_file->file.log = r->connection->log; p->temp_file->path = u->conf->temp_path; p->temp_file->pool = r->pool; - + if (u->cachable) { p->temp_file->persistent = 1; } else { @@ -1257,13 +1338,13 @@ ngx_http_upstream_process_body(ngx_event ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "http upstream process downstream"); c->log->action = "sending to client"; - + } else { ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "http upstream process upstream"); c->log->action = "reading upstream"; } - + p = &u->pipe; if (ev->timedout) { @@ -1292,12 +1373,13 @@ ngx_http_upstream_process_body(ngx_event } else { p->downstream_error = 1; + c->timedout = 1; ngx_log_error(NGX_LOG_ERR, c->log, NGX_ETIMEDOUT, "client timed out"); } } else { - p->upstream_error = 1; + p->upstream_error = 1; ngx_log_error(NGX_LOG_ERR, c->log, NGX_ETIMEDOUT, "upstream timed out"); } @@ -1319,7 +1401,7 @@ ngx_http_upstream_process_body(ngx_event return; } } - + if (u->peer.connection) { #if (NGX_HTTP_FILE_CACHE) @@ -1399,7 +1481,7 @@ ngx_http_upstream_next(ngx_http_request_ ngx_log_error(NGX_LOG_ERR, r->connection->log, NGX_ETIMEDOUT, "upstream timed out"); } - + if (u->peer.cached && ft_type == NGX_HTTP_UPSTREAM_FT_ERROR) { status = 0; @@ -1458,7 +1540,12 @@ ngx_http_upstream_next(ngx_http_request_ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "close http upstream connection: %d", u->peer.connection->fd); - +#if (NGX_HTTP_SSL) + if (u->peer.connection->ssl) { + ngx_http_upstream_ssl_shutdown(u->peer.connection, + &u->peer.peers->peer[u->peer.cur_peer]); + } +#endif ngx_close_connection(u->peer.connection); } @@ -1508,7 +1595,15 @@ ngx_http_upstream_finalize_request(ngx_h ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "close http upstream connection: %d", u->peer.connection->fd); - +#if (NGX_HTTP_SSL) + + /* TODO: do not shutdown persistent connection */ + + if (u->peer.connection->ssl) { + ngx_http_upstream_ssl_shutdown(u->peer.connection, + &u->peer.peers->peer[u->peer.cur_peer]); + } +#endif ngx_close_connection(u->peer.connection); } @@ -1549,12 +1644,41 @@ ngx_http_upstream_finalize_request(ngx_h } +#if (NGX_HTTP_SSL) + +static void +ngx_http_upstream_ssl_shutdown(ngx_connection_t *c, ngx_peer_t *peer) +{ + /* lock peer mutex */ + + if (peer->ssl_session) { + ngx_ssl_free_session(peer->ssl_session); + } + + peer->ssl_session = ngx_ssl_get_session(c); + + /* unlock peer mutex */ + + /* + * We send the "close notify" shutdown alert to the upstream only + * and do not wait its "close notify" shutdown alert. + * It is acceptable according to the TLS standard. + */ + + c->ssl->no_wait_shutdown = 1; + + (void) ngx_ssl_shutdown(c); +} + +#endif + + static ngx_int_t ngx_http_upstream_process_header_line(ngx_http_request_t *r, ngx_table_elt_t *h, ngx_uint_t offset) -{ +{ ngx_table_elt_t **ph; - + ph = (ngx_table_elt_t **) ((char *) &r->upstream->headers_in + offset); if (*ph == NULL) { @@ -1603,7 +1727,7 @@ ngx_http_upstream_ignore_header_line(ngx static ngx_int_t ngx_http_upstream_process_limit_rate(ngx_http_request_t *r, ngx_table_elt_t *h, ngx_uint_t offset) -{ +{ ngx_int_t n; r->upstream->headers_in.x_accel_limit_rate = h; @@ -2119,7 +2243,7 @@ ngx_http_core_init_main_conf(ngx_conf_t { ngx_http_upstream_main_conf_t *umcf = conf; - umcf->headers_in_hash.max_size = 100; + umcf->headers_in_hash.max_size = 100; umcf->headers_in_hash.bucket_limit = 1; umcf->headers_in_hash.bucket_size = sizeof(ngx_http_upstream_header_t); umcf->headers_in_hash.name = "upstream_headers_in"; diff --git a/src/http/ngx_http_upstream.h b/src/http/ngx_http_upstream.h --- a/src/http/ngx_http_upstream.h +++ b/src/http/ngx_http_upstream.h @@ -85,6 +85,11 @@ typedef struct { ngx_str_t uri; ngx_str_t location; ngx_str_t url; /* used in proxy_rewrite_location */ + +#if (NGX_HTTP_SSL) + ngx_ssl_t *ssl; +#endif + } ngx_http_upstream_conf_t; diff --git a/src/http/ngx_http_variables.c b/src/http/ngx_http_variables.c --- a/src/http/ngx_http_variables.c +++ b/src/http/ngx_http_variables.c @@ -16,8 +16,14 @@ static ngx_int_t ngx_http_variable_heade ngx_http_variable_value_t *v, uintptr_t data); static ngx_int_t ngx_http_variable_headers(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); -static ngx_int_t ngx_http_variable_unknown_header(ngx_http_request_t *r, + +static ngx_int_t ngx_http_variable_unknown_header_in(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); +static ngx_int_t ngx_http_variable_unknown_header_out(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data); +static ngx_int_t ngx_http_variable_unknown_header(ngx_http_variable_value_t *v, + ngx_str_t *var, ngx_list_part_t *part, size_t prefix); + static ngx_int_t ngx_http_variable_host(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); static ngx_int_t ngx_http_variable_remote_addr(ngx_http_request_t *r, @@ -124,6 +130,12 @@ static ngx_http_variable_t ngx_http_cor }; +ngx_http_variable_value_t ngx_http_variable_null_value = + ngx_http_variable(""); +ngx_http_variable_value_t ngx_http_variable_true_value = + ngx_http_variable("1"); + + ngx_http_variable_t * ngx_http_add_variable(ngx_conf_t *cf, ngx_str_t *name, ngx_uint_t flags) { @@ -324,7 +336,19 @@ ngx_http_get_variable(ngx_http_request_t if (ngx_strncmp(name->data, "http_", 5) == 0) { - if (ngx_http_variable_unknown_header(r, vv, (uintptr_t) name) == NGX_OK) + if (ngx_http_variable_unknown_header_in(r, vv, (uintptr_t) name) + == NGX_OK) + { + return vv; + } + + return NULL; + } + + if (ngx_strncmp(name->data, "sent_http_", 10) == 0) { + + if (ngx_http_variable_unknown_header_out(r, vv, (uintptr_t) name) + == NGX_OK) { return vv; } @@ -446,17 +470,33 @@ ngx_http_variable_headers(ngx_http_reque static ngx_int_t -ngx_http_variable_unknown_header(ngx_http_request_t *r, +ngx_http_variable_unknown_header_in(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data) +{ + return ngx_http_variable_unknown_header(v, (ngx_str_t *) data, + &r->headers_in.headers.part, + sizeof("http_") - 1); +} + + +static ngx_int_t +ngx_http_variable_unknown_header_out(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data) { - ngx_str_t *var = (ngx_str_t *) data; + return ngx_http_variable_unknown_header(v, (ngx_str_t *) data, + &r->headers_out.headers.part, + sizeof("sent_http_") - 1); +} + +static ngx_int_t +ngx_http_variable_unknown_header(ngx_http_variable_value_t *v, ngx_str_t *var, + ngx_list_part_t *part, size_t prefix) +{ u_char ch; ngx_uint_t i, n; - ngx_list_part_t *part; ngx_table_elt_t *header; - part = &r->headers_in.headers.part; header = part->elts; for (i = 0; /* void */ ; i++) { @@ -471,7 +511,7 @@ ngx_http_variable_unknown_header(ngx_htt i = 0; } - for (n = 0; n + 5 < var->len && n < header[i].key.len; n++) { + for (n = 0; n + prefix < var->len && n < header[i].key.len; n++) { ch = header[i].key.data[n]; if (ch >= 'A' && ch <= 'Z') { @@ -481,12 +521,12 @@ ngx_http_variable_unknown_header(ngx_htt ch = '_'; } - if (var->data[n + 5] != ch) { + if (var->data[n + prefix] != ch) { break; } } - if (n + 5 == var->len) { + if (n + prefix == var->len) { v->len = header[i].value.len; v->valid = 1; v->no_cachable = 0; @@ -556,12 +596,12 @@ ngx_http_variable_remote_port(ngx_http_r } /* AF_INET only */ - + if (r->connection->sockaddr->sa_family == AF_INET) { sin = (struct sockaddr_in *) r->connection->sockaddr; - + port = ntohs(sin->sin_port); - + if (port > 0 && port < 65536) { v->len = ngx_sprintf(v->data, "%ui", port) - v->data; } @@ -777,7 +817,14 @@ ngx_http_variables_init_vars(ngx_conf_t } if (ngx_strncmp(v[i].name.data, "http_", 5) == 0) { - v[i].handler = ngx_http_variable_unknown_header; + v[i].handler = ngx_http_variable_unknown_header_in; + v[i].data = (uintptr_t) &v[i].name; + + continue; + } + + if (ngx_strncmp(v[i].name.data, "sent_http_", 10) == 0) { + v[i].handler = ngx_http_variable_unknown_header_out; v[i].data = (uintptr_t) &v[i].name; continue; diff --git a/src/http/ngx_http_variables.h b/src/http/ngx_http_variables.h --- a/src/http/ngx_http_variables.h +++ b/src/http/ngx_http_variables.h @@ -64,4 +64,8 @@ ngx_int_t ngx_http_variables_add_core_va ngx_int_t ngx_http_variables_init_vars(ngx_conf_t *cf); +extern ngx_http_variable_value_t ngx_http_variable_null_value; +extern ngx_http_variable_value_t ngx_http_variable_true_value; + + #endif /* _NGX_HTTP_VARIABLES_H_INCLUDED_ */ diff --git a/src/imap/ngx_imap.c b/src/imap/ngx_imap.c --- a/src/imap/ngx_imap.c +++ b/src/imap/ngx_imap.c @@ -28,12 +28,12 @@ static ngx_command_t ngx_imap_commands[ ngx_null_command }; - + static ngx_core_module_t ngx_imap_module_ctx = { ngx_string("imap"), NULL, NULL -}; +}; ngx_module_t ngx_imap_module = { @@ -164,7 +164,7 @@ ngx_imap_block(ngx_conf_t *cf, ngx_comma /* init imap{} main_conf's */ if (module->init_main_conf) { - rv = module->init_main_conf(cf, ctx->main_conf[mi]); + rv = module->init_main_conf(cf, ctx->main_conf[mi]); if (rv != NGX_CONF_OK) { *cf = pcf; return rv; @@ -172,9 +172,9 @@ ngx_imap_block(ngx_conf_t *cf, ngx_comma } for (s = 0; s < cmcf->servers.nelts; s++) { - + /* merge the server{}s' srv_conf's */ - + if (module->merge_srv_conf) { rv = module->merge_srv_conf(cf, ctx->srv_conf[mi], @@ -187,9 +187,9 @@ ngx_imap_block(ngx_conf_t *cf, ngx_comma } } - /* imap{}'s cf->ctx was needed while the configuration merging */ - - *cf = pcf; + /* imap{}'s cf->ctx was needed while the configuration merging */ + + *cf = pcf; return NGX_CONF_OK; } diff --git a/src/imap/ngx_imap_auth_http_module.c b/src/imap/ngx_imap_auth_http_module.c --- a/src/imap/ngx_imap_auth_http_module.c +++ b/src/imap/ngx_imap_auth_http_module.c @@ -217,7 +217,7 @@ ngx_imap_auth_http_write_handler(ngx_eve ngx_log_debug0(NGX_LOG_DEBUG_IMAP, wev->log, 0, "imap auth http write handler"); - if (wev->timedout) { + if (wev->timedout) { ngx_log_error(NGX_LOG_ERR, wev->log, NGX_ETIMEDOUT, "auth http server %V timed out", &ctx->peer.peers->peer[0].name); @@ -275,7 +275,7 @@ ngx_imap_auth_http_read_handler(ngx_even ctx = ngx_imap_get_module_ctx(s, ngx_imap_auth_http_module); - if (rev->timedout) { + if (rev->timedout) { ngx_log_error(NGX_LOG_ERR, rev->log, NGX_ETIMEDOUT, "auth http server %V timed out", &ctx->peer.peers->peer[0].name); @@ -384,7 +384,7 @@ ngx_imap_auth_http_ignore_status_line(ng state = sw_almost_done; break; - case LF: + case LF: goto done; } break; @@ -767,11 +767,11 @@ ngx_imap_auth_http_parse_header_line(ngx sw_space_before_value, sw_value, sw_space_after_value, - sw_almost_done, + sw_almost_done, sw_header_almost_done } state; - state = ctx->state; + state = ctx->state; hash = ctx->hash; for (p = ctx->response->pos; p < ctx->response->last; p++) { @@ -784,10 +784,10 @@ ngx_imap_auth_http_parse_header_line(ngx switch (ch) { case CR: - ctx->header_end = p; + ctx->header_end = p; state = sw_header_almost_done; break; - case LF: + case LF: ctx->header_end = p; goto header_done; default: @@ -1061,9 +1061,9 @@ ngx_imap_auth_http_create_request(ngx_im static void * ngx_imap_auth_http_create_conf(ngx_conf_t *cf) -{ +{ ngx_imap_auth_http_conf_t *ahcf; - + ahcf = ngx_pcalloc(cf->pool, sizeof(ngx_imap_auth_http_conf_t)); if (ahcf == NULL) { return NGX_CONF_ERROR; @@ -1128,7 +1128,7 @@ ngx_imap_auth_http_merge_conf(ngx_conf_t static char * ngx_imap_auth_http(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) -{ +{ ngx_imap_auth_http_conf_t *ahcf = conf; ngx_str_t *value, *url; @@ -1159,13 +1159,13 @@ ngx_imap_auth_http(ngx_conf_t *cf, ngx_c ahcf->host_header.len = sizeof("localhost") - 1; ahcf->host_header.data = (u_char *) "localhost"; ahcf->uri = unix_upstream.uri; - + #else ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "the unix domain sockets are not supported " "on this platform"); return NGX_CONF_ERROR; - + #endif } else { @@ -1196,7 +1196,7 @@ ngx_imap_auth_http(ngx_conf_t *cf, ngx_c static char * ngx_imap_auth_http_header(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) -{ +{ ngx_imap_auth_http_conf_t *ahcf = conf; ngx_str_t *value; diff --git a/src/imap/ngx_imap_core_module.c b/src/imap/ngx_imap_core_module.c --- a/src/imap/ngx_imap_core_module.c +++ b/src/imap/ngx_imap_core_module.c @@ -127,7 +127,7 @@ ngx_module_t ngx_imap_core_module = { static void * ngx_imap_core_create_main_conf(ngx_conf_t *cf) -{ +{ ngx_imap_core_main_conf_t *cmcf; cmcf = ngx_pcalloc(cf->pool, sizeof(ngx_imap_core_main_conf_t)); @@ -147,9 +147,9 @@ ngx_imap_core_create_main_conf(ngx_conf_ static void * ngx_imap_core_create_srv_conf(ngx_conf_t *cf) -{ +{ ngx_imap_core_srv_conf_t *cscf; - + cscf = ngx_pcalloc(cf->pool, sizeof(ngx_imap_core_srv_conf_t)); if (cscf == NULL) { return NULL; @@ -299,7 +299,7 @@ ngx_imap_core_server(ngx_conf_t *cf, ngx imap_ctx = cf->ctx; ctx->main_conf = imap_ctx->main_conf; - + /* the server{}'s srv_conf */ ctx->srv_conf = ngx_pcalloc(cf->pool, sizeof(void *) * ngx_imap_max_module); @@ -388,7 +388,7 @@ ngx_imap_core_listen(ngx_conf_t *cf, ngx if (in_addr == INADDR_NONE) { h = gethostbyname((const char *) inet_upstream.host.data); - + if (h == NULL || h->h_addr_list[0] == NULL) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "can not resolve host \"%s\" " @@ -407,7 +407,7 @@ ngx_imap_core_listen(ngx_conf_t *cf, ngx ls = ngx_listening_inet_stream_socket(cf, in_addr, inet_upstream.port); if (ls == NULL) { - return NGX_CONF_ERROR; + return NGX_CONF_ERROR; } ls->backlog = -1; diff --git a/src/imap/ngx_imap_handler.c b/src/imap/ngx_imap_handler.c --- a/src/imap/ngx_imap_handler.c +++ b/src/imap/ngx_imap_handler.c @@ -17,7 +17,6 @@ static u_char *ngx_imap_log_error(ngx_lo #if (NGX_IMAP_SSL) static void ngx_imap_ssl_handshake_handler(ngx_connection_t *c); -static void ngx_imap_ssl_close_handler(ngx_event_t *ev); #endif @@ -58,7 +57,7 @@ ngx_imap_init_connection(ngx_connection_ if (lctx == NULL) { ngx_imap_close_connection(c); return; - } + } lctx->client = &c->addr_text; lctx->session = NULL; @@ -106,7 +105,7 @@ ngx_imap_init_connection(ngx_connection_ static void ngx_imap_ssl_handshake_handler(ngx_connection_t *c) -{ +{ if (c->ssl->handshaked) { ngx_imap_init_session(c); return; @@ -181,6 +180,7 @@ ngx_imap_send(ngx_event_t *wev) if (wev->timedout) { ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); + c->timedout = 1; ngx_imap_close_connection(c); return; } @@ -246,6 +246,7 @@ ngx_imap_init_protocol(ngx_event_t *rev) if (rev->timedout) { ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); + c->timedout = 1; ngx_imap_close_connection(c); return; } @@ -298,6 +299,7 @@ ngx_imap_auth_state(ngx_event_t *rev) if (rev->timedout) { ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); + c->timedout = 1; ngx_imap_close_connection(c); return; } @@ -498,6 +500,7 @@ ngx_pop3_auth_state(ngx_event_t *rev) if (rev->timedout) { ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); + c->timedout = 1; ngx_imap_close_connection(c); return; } @@ -725,8 +728,7 @@ ngx_imap_close_connection(ngx_connection if (c->ssl) { if (ngx_ssl_shutdown(c) == NGX_AGAIN) { - c->read->handler = ngx_imap_ssl_close_handler; - c->write->handler = ngx_imap_ssl_close_handler; + c->ssl->handler = ngx_imap_close_connection; return; } } @@ -743,27 +745,6 @@ ngx_imap_close_connection(ngx_connection } -#if (NGX_IMAP_SSL) - -static void -ngx_imap_ssl_close_handler(ngx_event_t *ev) -{ - ngx_connection_t *c; - - c = ev->data; - - ngx_log_debug0(NGX_LOG_DEBUG_IMAP, ev->log, 0, "http ssl close handler"); - - if (ngx_ssl_shutdown(c) == NGX_AGAIN) { - return; - } - - ngx_imap_close_connection(c); -} - -#endif - - static u_char * ngx_imap_log_error(ngx_log_t *log, u_char *buf, size_t len) { @@ -776,7 +757,7 @@ ngx_imap_log_error(ngx_log_t *log, u_cha len -= p - buf; buf = p; } - + ctx = log->data; p = ngx_snprintf(buf, len, ", client: %V", ctx->client); diff --git a/src/imap/ngx_imap_parse.c b/src/imap/ngx_imap_parse.c --- a/src/imap/ngx_imap_parse.c +++ b/src/imap/ngx_imap_parse.c @@ -473,7 +473,7 @@ ngx_int_t ngx_pop3_parse_command(ngx_ima case sw_argument: switch (ch) { - /* + /* * the space should be considered part of the at username * or password, but not of argument in other commands * diff --git a/src/imap/ngx_imap_proxy_module.c b/src/imap/ngx_imap_proxy_module.c --- a/src/imap/ngx_imap_proxy_module.c +++ b/src/imap/ngx_imap_proxy_module.c @@ -172,6 +172,7 @@ ngx_imap_proxy_imap_handler(ngx_event_t if (rev->timedout) { ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "upstream timed out"); + c->timedout = 1; ngx_imap_proxy_internal_server_error(s); return; } @@ -310,6 +311,7 @@ ngx_imap_proxy_pop3_handler(ngx_event_t if (rev->timedout) { ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "upstream timed out"); + c->timedout = 1; ngx_imap_proxy_internal_server_error(s); return; } @@ -501,6 +503,8 @@ ngx_imap_proxy_handler(ngx_event_t *ev) if (c == s->connection) { ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); + c->timedout = 1; + } else { ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "upstream timed out"); @@ -652,9 +656,9 @@ ngx_imap_proxy_close_session(ngx_imap_se static void * ngx_imap_proxy_create_conf(ngx_conf_t *cf) -{ +{ ngx_imap_proxy_conf_t *pcf; - + pcf = ngx_pcalloc(cf->pool, sizeof(ngx_imap_proxy_conf_t)); if (pcf == NULL) { return NGX_CONF_ERROR; diff --git a/src/imap/ngx_imap_ssl_module.c b/src/imap/ngx_imap_ssl_module.c --- a/src/imap/ngx_imap_ssl_module.c +++ b/src/imap/ngx_imap_ssl_module.c @@ -27,7 +27,7 @@ static char ngx_imap_ssl_openssl097[] = #endif -static ngx_conf_bitmask_t ngx_imap_ssl_protocols[] = { +static ngx_conf_bitmask_t ngx_imap_ssl_protocols[] = { { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, @@ -124,16 +124,16 @@ static u_char ngx_imap_session_id_ctx[] static void * ngx_imap_ssl_create_conf(ngx_conf_t *cf) -{ +{ ngx_imap_ssl_conf_t *scf; - + scf = ngx_pcalloc(cf->pool, sizeof(ngx_imap_ssl_conf_t)); if (scf == NULL) { return NGX_CONF_ERROR; } /* - * set by ngx_pcalloc(): + * set by ngx_pcalloc(): * * scf->protocols = 0; * @@ -240,12 +240,12 @@ ngx_imap_ssl_merge_conf(ngx_conf_t *cf, return NGX_CONF_OK; } - + #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) - + static char * ngx_imap_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) -{ +{ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "\"%V\" directive is available only in %s,", &cmd->name, cmd->post); diff --git a/src/os/unix/ngx_aio_read.c b/src/os/unix/ngx_aio_read.c --- a/src/os/unix/ngx_aio_read.c +++ b/src/os/unix/ngx_aio_read.c @@ -22,7 +22,8 @@ * timeout, aio_cancel(), aio_error() */ -ssize_t ngx_aio_read(ngx_connection_t *c, u_char *buf, size_t size) +ssize_t +ngx_aio_read(ngx_connection_t *c, u_char *buf, size_t size) { int n; ngx_event_t *rev; diff --git a/src/os/unix/ngx_aio_read_chain.c b/src/os/unix/ngx_aio_read_chain.c --- a/src/os/unix/ngx_aio_read_chain.c +++ b/src/os/unix/ngx_aio_read_chain.c @@ -10,7 +10,8 @@ #include -ssize_t ngx_aio_read_chain(ngx_connection_t *c, ngx_chain_t *cl) +ssize_t +ngx_aio_read_chain(ngx_connection_t *c, ngx_chain_t *cl) { int n; u_char *buf, *prev; diff --git a/src/os/unix/ngx_aio_write.c b/src/os/unix/ngx_aio_write.c --- a/src/os/unix/ngx_aio_write.c +++ b/src/os/unix/ngx_aio_write.c @@ -22,7 +22,8 @@ * timeout, aio_cancel(), aio_error() */ -ssize_t ngx_aio_write(ngx_connection_t *c, u_char *buf, size_t size) +ssize_t +ngx_aio_write(ngx_connection_t *c, u_char *buf, size_t size) { int n; ngx_event_t *wev; diff --git a/src/os/unix/ngx_aio_write_chain.c b/src/os/unix/ngx_aio_write_chain.c --- a/src/os/unix/ngx_aio_write_chain.c +++ b/src/os/unix/ngx_aio_write_chain.c @@ -10,8 +10,8 @@ #include -ngx_chain_t *ngx_aio_write_chain(ngx_connection_t *c, ngx_chain_t *in, - off_t limit) +ngx_chain_t * +ngx_aio_write_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit) { u_char *buf, *prev; off_t send, sent; diff --git a/src/os/unix/ngx_channel.c b/src/os/unix/ngx_channel.c --- a/src/os/unix/ngx_channel.c +++ b/src/os/unix/ngx_channel.c @@ -11,7 +11,7 @@ ngx_int_t ngx_write_channel(ngx_socket_t s, ngx_channel_t *ch, size_t size, - ngx_log_t *log) + ngx_log_t *log) { ssize_t n; ngx_err_t err; @@ -34,7 +34,7 @@ ngx_write_channel(ngx_socket_t s, ngx_ch msg.msg_controllen = sizeof(cmsg); cmsg.cm.cmsg_len = sizeof(cmsg); - cmsg.cm.cmsg_level = SOL_SOCKET; + cmsg.cm.cmsg_level = SOL_SOCKET; cmsg.cm.cmsg_type = SCM_RIGHTS; *(int *) CMSG_DATA(&cmsg.cm) = ch->fd; } @@ -80,7 +80,7 @@ ngx_write_channel(ngx_socket_t s, ngx_ch ngx_int_t ngx_read_channel(ngx_socket_t s, ngx_channel_t *ch, size_t size, ngx_log_t *log) -{ +{ ssize_t n; ngx_err_t err; struct iovec iov[1]; @@ -165,7 +165,7 @@ ngx_read_channel(ngx_socket_t s, ngx_cha if (ch->command == NGX_CMD_OPEN_CHANNEL) { if (msg.msg_accrightslen != sizeof(int)) { - ngx_log_error(NGX_LOG_ALERT, log, 0, + ngx_log_error(NGX_LOG_ALERT, log, 0, "recvmsg() returned no ancillary data"); return NGX_ERROR; } @@ -219,8 +219,8 @@ ngx_add_channel_event(ngx_cycle_t *cycle ngx_free_connection(c); return NGX_ERROR; } - - } else { + + } else { if (ngx_add_event(ev, event, 0) == NGX_ERROR) { ngx_free_connection(c); return NGX_ERROR; diff --git a/src/os/unix/ngx_files.c b/src/os/unix/ngx_files.c --- a/src/os/unix/ngx_files.c +++ b/src/os/unix/ngx_files.c @@ -148,7 +148,7 @@ ngx_write_chain_to_file(ngx_file_t *file vec.elts = iovs; vec.size = sizeof(struct iovec); - vec.nalloc = NGX_IOVS; + vec.nalloc = NGX_IOVS; vec.pool = pool; do { diff --git a/src/os/unix/ngx_freebsd_rfork_thread.h b/src/os/unix/ngx_freebsd_rfork_thread.h --- a/src/os/unix/ngx_freebsd_rfork_thread.h +++ b/src/os/unix/ngx_freebsd_rfork_thread.h @@ -100,7 +100,7 @@ ngx_err_t ngx_thread_set_tls(ngx_tls_key static void * ngx_thread_get_tls(ngx_tls_key_t key) -{ +{ if (key >= NGX_THREAD_KEYS_MAX) { return NULL; } diff --git a/src/os/unix/ngx_gcc_atomic_amd64.h b/src/os/unix/ngx_gcc_atomic_amd64.h --- a/src/os/unix/ngx_gcc_atomic_amd64.h +++ b/src/os/unix/ngx_gcc_atomic_amd64.h @@ -32,7 +32,7 @@ static ngx_inline ngx_atomic_uint_t ngx_atomic_cmp_set(ngx_atomic_t *lock, ngx_atomic_uint_t old, ngx_atomic_uint_t set) -{ +{ ngx_atomic_uint_t res; __asm__ volatile ( diff --git a/src/os/unix/ngx_gcc_atomic_ppc.h b/src/os/unix/ngx_gcc_atomic_ppc.h --- a/src/os/unix/ngx_gcc_atomic_ppc.h +++ b/src/os/unix/ngx_gcc_atomic_ppc.h @@ -10,7 +10,7 @@ * this branch is unlikely to be taken. * The "1b" means the nearest backward label "1" and the "1f" means * the nearest forward label "1". - * + * * The "b" means that the base registers can be used only, i.e. * any register except r0. The r0 register always has a zero value and * could not be used in "addi r0, r0, 1". diff --git a/src/os/unix/ngx_gcc_atomic_sparc64.h b/src/os/unix/ngx_gcc_atomic_sparc64.h --- a/src/os/unix/ngx_gcc_atomic_sparc64.h +++ b/src/os/unix/ngx_gcc_atomic_sparc64.h @@ -40,7 +40,7 @@ ngx_atomic_cmp_set(ngx_atomic_t *lock, n : "+r" (set) : "r" (lock), "r" (old) : "memory"); return (set == old); -} +} static ngx_inline ngx_atomic_int_t diff --git a/src/os/unix/ngx_gcc_atomic_x86.h b/src/os/unix/ngx_gcc_atomic_x86.h --- a/src/os/unix/ngx_gcc_atomic_x86.h +++ b/src/os/unix/ngx_gcc_atomic_x86.h @@ -22,7 +22,7 @@ * eax = [m]; * } * - * + * * The "q" is any of the %eax, %ebx, %ecx, or %edx registers. * The "=a" and "a" are the %eax register. Although we can return result * in any register, we use %eax because it is used in cmpxchgl anyway. diff --git a/src/os/unix/ngx_linux_sendfile_chain.c b/src/os/unix/ngx_linux_sendfile_chain.c --- a/src/os/unix/ngx_linux_sendfile_chain.c +++ b/src/os/unix/ngx_linux_sendfile_chain.c @@ -158,7 +158,7 @@ ngx_chain_t *ngx_linux_sendfile_chain(ng * and without the TCP_CORK */ - if (err != NGX_EINTR) { + if (err != NGX_EINTR) { wev->error = 1; ngx_connection_error(c, err, "setsockopt(TCP_NODELAY) failed"); @@ -183,7 +183,7 @@ ngx_chain_t *ngx_linux_sendfile_chain(ng * we continue a processing without the TCP_CORK */ - if (err != NGX_EINTR) { + if (err != NGX_EINTR) { wev->error = 1; ngx_connection_error(c, err, ngx_tcp_nopush_n " failed"); @@ -192,7 +192,7 @@ ngx_chain_t *ngx_linux_sendfile_chain(ng } else { c->tcp_nopush = NGX_TCP_NOPUSH_SET; - + ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "tcp_nopush"); } @@ -281,7 +281,7 @@ ngx_chain_t *ngx_linux_sendfile_chain(ng } else { wev->error = 1; ngx_connection_error(c, err, "writev() failed"); - return NGX_CHAIN_ERROR; + return NGX_CHAIN_ERROR; } } @@ -334,10 +334,10 @@ ngx_chain_t *ngx_linux_sendfile_chain(ng } if (eintr) { - continue; + continue; } - if (!complete) { + if (!complete) { wev->ready = 0; return cl; } diff --git a/src/os/unix/ngx_posix_init.c b/src/os/unix/ngx_posix_init.c --- a/src/os/unix/ngx_posix_init.c +++ b/src/os/unix/ngx_posix_init.c @@ -49,7 +49,7 @@ ngx_os_init(ngx_log_t *log) "getrlimit(RLIMIT_NOFILE) failed)"); return NGX_ERROR; } - + ngx_max_sockets = (ngx_int_t) rlmt.rlim_cur; #if (NGX_HAVE_INHERITED_NONBLOCK) diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c --- a/src/os/unix/ngx_process_cycle.c +++ b/src/os/unix/ngx_process_cycle.c @@ -58,7 +58,8 @@ ngx_int_t ngx_threads_n; #endif -u_char master_process[] = "master process"; +u_long cpu_affinity; +static u_char master_process[] = "master process"; void @@ -312,14 +313,17 @@ ngx_single_process_cycle(ngx_cycle_t *cy static void ngx_start_worker_processes(ngx_cycle_t *cycle, ngx_int_t n, ngx_int_t type) { - ngx_int_t i; + ngx_int_t i, s; ngx_channel_t ch; ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "start worker processes"); ch.command = NGX_CMD_OPEN_CHANNEL; - while (n--) { + for (i = 0; i < n; i++) { + + cpu_affinity = ngx_get_cpu_affinity(i); + ngx_spawn_process(cycle, ngx_worker_process_cycle, NULL, "worker process", type); @@ -327,11 +331,11 @@ ngx_start_worker_processes(ngx_cycle_t * ch.slot = ngx_process_slot; ch.fd = ngx_processes[ngx_process_slot].channel[0]; - for (i = 0; i < ngx_last_process; i++) { + for (s = 0; s < ngx_last_process; s++) { - if (i == ngx_process_slot - || ngx_processes[i].pid == -1 - || ngx_processes[i].channel[0] == -1) + if (s == ngx_process_slot + || ngx_processes[s].pid == -1 + || ngx_processes[s].channel[0] == -1) { continue; } @@ -339,12 +343,12 @@ ngx_start_worker_processes(ngx_cycle_t * ngx_log_debug6(NGX_LOG_DEBUG_CORE, cycle->log, 0, "pass channel s:%d pid:%P fd:%d to s:%i pid:%P fd:%d", ch.slot, ch.pid, ch.fd, - i, ngx_processes[i].pid, - ngx_processes[i].channel[0]); + s, ngx_processes[s].pid, + ngx_processes[s].channel[0]); /* TODO: NGX_AGAIN */ - ngx_write_channel(ngx_processes[i].channel[0], + ngx_write_channel(ngx_processes[s].channel[0], &ch, sizeof(ngx_channel_t), cycle->log); } } @@ -817,6 +821,20 @@ ngx_worker_process_init(ngx_cycle_t *cyc } } +#if (NGX_HAVE_SCHED_SETAFFINITY) + + if (cpu_affinity) { + ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, + "sched_setaffinity(0x%08Xl)", cpu_affinity); + + if (sched_setaffinity(0, 32, (cpu_set_t *) &cpu_affinity) == -1) { + ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno, + "sched_setaffinity(0x%08Xl) failed", cpu_affinity); + } + } + +#endif + #if (NGX_HAVE_PR_SET_DUMPABLE) /* allow coredump after setuid() in Linux 2.4.x */ @@ -849,7 +867,7 @@ ngx_worker_process_init(ngx_cycle_t *cyc /* * disable deleting previous events for the listening sockets because * in the worker processes there are no events at all at this point - */ + */ ls = cycle->listening.elts; for (i = 0; i < cycle->listening.nelts; i++) { ls[i].previous = NULL; diff --git a/src/os/unix/ngx_pthread_thread.c b/src/os/unix/ngx_pthread_thread.c --- a/src/os/unix/ngx_pthread_thread.c +++ b/src/os/unix/ngx_pthread_thread.c @@ -45,7 +45,7 @@ ngx_create_thread(ngx_tid_t *tid, ngx_th ngx_int_t ngx_init_threads(int n, size_t size, ngx_cycle_t *cycle) -{ +{ int err; max_threads = n; @@ -82,7 +82,7 @@ ngx_mutex_init(ngx_log_t *log, ngx_uint_ if (m == NULL) { return NULL; } - + m->log = log; err = pthread_mutex_init(&m->mutex, NULL); @@ -202,7 +202,7 @@ ngx_cond_init(ngx_log_t *log) if (cv == NULL) { return NULL; } - + cv->log = log; err = pthread_cond_init(&cv->cond, NULL); diff --git a/src/os/unix/ngx_readv_chain.c b/src/os/unix/ngx_readv_chain.c --- a/src/os/unix/ngx_readv_chain.c +++ b/src/os/unix/ngx_readv_chain.c @@ -24,7 +24,7 @@ ngx_readv_chain(ngx_connection_t *c, ngx ngx_event_t *rev; struct iovec *iov, iovs[NGX_IOVS]; - rev = c->read; + rev = c->read; if (ngx_event_flags & NGX_USE_KQUEUE_EVENT) { ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, diff --git a/src/os/unix/ngx_solaris_sendfilev_chain.c b/src/os/unix/ngx_solaris_sendfilev_chain.c --- a/src/os/unix/ngx_solaris_sendfilev_chain.c +++ b/src/os/unix/ngx_solaris_sendfilev_chain.c @@ -190,7 +190,7 @@ ngx_chain_t *ngx_solaris_sendfilev_chain for (cl = in; cl; cl = cl->next) { if (ngx_buf_special(cl->buf)) { - continue; + continue; } if (sent == 0) { diff --git a/src/os/unix/ngx_sunpro_atomic_sparc64.h b/src/os/unix/ngx_sunpro_atomic_sparc64.h --- a/src/os/unix/ngx_sunpro_atomic_sparc64.h +++ b/src/os/unix/ngx_sunpro_atomic_sparc64.h @@ -27,7 +27,7 @@ ngx_atomic_cmp_set(ngx_atomic_t *lock, n NGX_CASA(set, old, lock); return (set == old); -} +} static ngx_inline ngx_atomic_int_t diff --git a/src/os/unix/ngx_sunpro_sparc64.il b/src/os/unix/ngx_sunpro_sparc64.il --- a/src/os/unix/ngx_sunpro_sparc64.il +++ b/src/os/unix/ngx_sunpro_sparc64.il @@ -5,7 +5,7 @@ / "casa [%o2] 0x80, %o1, %o0" and / "casxa [%o2] 0x80, %o1, %o0" do the following: -/ +/ / if ([%o2] == %o1) { / swap(%o0, [%o2]); / } else {