Mercurial > hg > nginx
comparison src/http/ngx_http_core_module.c @ 9207:73eb75bee30f
HTTP/3: added more compatibility checks for "listen ... quic".
Now "fastopen", "backlog", "accept_filter", "deferred", and "so_keepalive"
parameters are not allowed with "quic" in the "listen" directive.
Reported by Izorkin.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 30 Jan 2024 19:19:26 +0400 |
| parents | 08ef02ad5c54 |
| children | a6649497a762 |
comparison
equal
deleted
inserted
replaced
| 9206:43fc897bbab8 | 9207:73eb75bee30f |
|---|---|
| 3959 { | 3959 { |
| 3960 ngx_http_core_srv_conf_t *cscf = conf; | 3960 ngx_http_core_srv_conf_t *cscf = conf; |
| 3961 | 3961 |
| 3962 ngx_str_t *value, size; | 3962 ngx_str_t *value, size; |
| 3963 ngx_url_t u; | 3963 ngx_url_t u; |
| 3964 ngx_uint_t n, i; | 3964 ngx_uint_t n, i, backlog; |
| 3965 ngx_http_listen_opt_t lsopt; | 3965 ngx_http_listen_opt_t lsopt; |
| 3966 | 3966 |
| 3967 cscf->listen = 1; | 3967 cscf->listen = 1; |
| 3968 | 3968 |
| 3969 value = cf->args->elts; | 3969 value = cf->args->elts; |
| 3998 #endif | 3998 #endif |
| 3999 #if (NGX_HAVE_INET6) | 3999 #if (NGX_HAVE_INET6) |
| 4000 lsopt.ipv6only = 1; | 4000 lsopt.ipv6only = 1; |
| 4001 #endif | 4001 #endif |
| 4002 | 4002 |
| 4003 backlog = 0; | |
| 4004 | |
| 4003 for (n = 2; n < cf->args->nelts; n++) { | 4005 for (n = 2; n < cf->args->nelts; n++) { |
| 4004 | 4006 |
| 4005 if (ngx_strcmp(value[n].data, "default_server") == 0 | 4007 if (ngx_strcmp(value[n].data, "default_server") == 0 |
| 4006 || ngx_strcmp(value[n].data, "default") == 0) | 4008 || ngx_strcmp(value[n].data, "default") == 0) |
| 4007 { | 4009 { |
| 4055 if (lsopt.backlog == NGX_ERROR || lsopt.backlog == 0) { | 4057 if (lsopt.backlog == NGX_ERROR || lsopt.backlog == 0) { |
| 4056 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | 4058 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
| 4057 "invalid backlog \"%V\"", &value[n]); | 4059 "invalid backlog \"%V\"", &value[n]); |
| 4058 return NGX_CONF_ERROR; | 4060 return NGX_CONF_ERROR; |
| 4059 } | 4061 } |
| 4062 | |
| 4063 backlog = 1; | |
| 4060 | 4064 |
| 4061 continue; | 4065 continue; |
| 4062 } | 4066 } |
| 4063 | 4067 |
| 4064 if (ngx_strncmp(value[n].data, "rcvbuf=", 7) == 0) { | 4068 if (ngx_strncmp(value[n].data, "rcvbuf=", 7) == 0) { |
| 4303 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | 4307 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
| 4304 "invalid parameter \"%V\"", &value[n]); | 4308 "invalid parameter \"%V\"", &value[n]); |
| 4305 return NGX_CONF_ERROR; | 4309 return NGX_CONF_ERROR; |
| 4306 } | 4310 } |
| 4307 | 4311 |
| 4308 #if (NGX_HTTP_V3) | |
| 4309 | |
| 4310 if (lsopt.quic) { | 4312 if (lsopt.quic) { |
| 4313 #if (NGX_HAVE_TCP_FASTOPEN) | |
| 4314 if (lsopt.fastopen != -1) { | |
| 4315 return "\"fastopen\" parameter is incompatible with \"quic\""; | |
| 4316 } | |
| 4317 #endif | |
| 4318 | |
| 4319 if (backlog) { | |
| 4320 return "\"backlog\" parameter is incompatible with \"quic\""; | |
| 4321 } | |
| 4322 | |
| 4323 #if (NGX_HAVE_DEFERRED_ACCEPT && defined SO_ACCEPTFILTER) | |
| 4324 if (lsopt.accept_filter) { | |
| 4325 return "\"accept_filter\" parameter is incompatible with \"quic\""; | |
| 4326 } | |
| 4327 #endif | |
| 4328 | |
| 4329 #if (NGX_HAVE_DEFERRED_ACCEPT && defined TCP_DEFER_ACCEPT) | |
| 4330 if (lsopt.deferred_accept) { | |
| 4331 return "\"deferred\" parameter is incompatible with \"quic\""; | |
| 4332 } | |
| 4333 #endif | |
| 4334 | |
| 4311 #if (NGX_HTTP_SSL) | 4335 #if (NGX_HTTP_SSL) |
| 4312 if (lsopt.ssl) { | 4336 if (lsopt.ssl) { |
| 4313 return "\"ssl\" parameter is incompatible with \"quic\""; | 4337 return "\"ssl\" parameter is incompatible with \"quic\""; |
| 4314 } | 4338 } |
| 4315 #endif | 4339 #endif |
| 4318 if (lsopt.http2) { | 4342 if (lsopt.http2) { |
| 4319 return "\"http2\" parameter is incompatible with \"quic\""; | 4343 return "\"http2\" parameter is incompatible with \"quic\""; |
| 4320 } | 4344 } |
| 4321 #endif | 4345 #endif |
| 4322 | 4346 |
| 4347 if (lsopt.so_keepalive) { | |
| 4348 return "\"so_keepalive\" parameter is incompatible with \"quic\""; | |
| 4349 } | |
| 4350 | |
| 4323 if (lsopt.proxy_protocol) { | 4351 if (lsopt.proxy_protocol) { |
| 4324 return "\"proxy_protocol\" parameter is incompatible with \"quic\""; | 4352 return "\"proxy_protocol\" parameter is incompatible with \"quic\""; |
| 4325 } | 4353 } |
| 4326 } | 4354 } |
| 4327 | |
| 4328 #endif | |
| 4329 | 4355 |
| 4330 for (n = 0; n < u.naddrs; n++) { | 4356 for (n = 0; n < u.naddrs; n++) { |
| 4331 | 4357 |
| 4332 for (i = 0; i < n; i++) { | 4358 for (i = 0; i < n; i++) { |
| 4333 if (ngx_cmp_sockaddr(u.addrs[n].sockaddr, u.addrs[n].socklen, | 4359 if (ngx_cmp_sockaddr(u.addrs[n].sockaddr, u.addrs[n].socklen, |