History log of /unit/src/nxt_router.c (Results 1 – 25 of 243)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 2077:624e51cfe97a 18-Dec-2021 Alejandro Colomar

Removed special cases for non-NXT_CONF_VALUE_ARRAY.

The previous commit added more generic APIs for handling
NXT_CONF_VALUE_ARRAY and non-NXT_CONF_VALUE_ARRAY together.
Modify calling code to remove

Removed special cases for non-NXT_CONF_VALUE_ARRAY.

The previous commit added more generic APIs for handling
NXT_CONF_VALUE_ARRAY and non-NXT_CONF_VALUE_ARRAY together.
Modify calling code to remove special cases for arrays and
non-arrays, taking special care that the path for non arrays is
logically equivalent to the previous special cased code.
Use the now-generic array code only.

show more ...


# 2050:d1298cc3f385 03-Dec-2021 Valentin Bartenev

Merged with the 1.26 branch.


Revision tags: 1.26.1-1, 1.26.1
# 2017:c1617684637c 25-Nov-2021 Max Romanov

Fixing access_log structure reference counting.

The reference to the access_log structure is stored in the current
nxt_router_conf_t and the global nxt_router_t. When the reference is copied,
the r

Fixing access_log structure reference counting.

The reference to the access_log structure is stored in the current
nxt_router_conf_t and the global nxt_router_t. When the reference is copied,
the reference counter should be adjusted accordingly.

This closes #593 issue on GitHub.

show more ...


# 2014:f8a0992944df 24-Nov-2021 Max Romanov

Sending shared port to application prototype.

Application process started with shared port (and queue) already configured.
But still waits for PORT_ACK message from router to start request processin

Sending shared port to application prototype.

Application process started with shared port (and queue) already configured.
But still waits for PORT_ACK message from router to start request processing
(so-called "ready state").

Waiting for router confirmation is necessary. Otherwise, the application may
produce response and send it to router before the router have the information
about the application process. This is a subject of further optimizations.

show more ...


Revision tags: 1.26.0-1, 1.26.0
# 1998:c8790d2a89bb 09-Nov-2021 Tiago Natel de Moura

Introducing application prototype processes.


# 1990:89f8eb0b5ccf 05-Nov-2021 Zhidao HONG

HTTP: removed surplus check for r->args is not NULL.


# 1980:43553aa72111 28-Oct-2021 Max Romanov

Moving request limit control to libunit.

Introducting application graceful stop. For now only used when application
process reach request limit value.

This closes #585 issue on GitHub.


# 1978:13e1e2651f08 28-Oct-2021 Max Romanov

Adding explicit app reference to nxt_router_app_port_release().

port->app field is not thread safe and should be used in main thread only.
To release port after request processing, application refer

Adding explicit app reference to nxt_router_app_port_release().

port->app field is not thread safe and should be used in main thread only.
To release port after request processing, application reference should be
obtained from corresponding request descriptor.

show more ...


Revision tags: 1.25.0-1, 1.25.0
# 1942:296628096d6c 17-Aug-2021 Andrey Suvorov

Added TLS session tickets support.


# 1940:29c2c9d80c5b 12-Aug-2021 Zhidao HONG

Introduced the generic API nxt_buf_dummy_completion().

No functional changes.


# 1936:953434450ea9 12-Aug-2021 Oisin Canty

Router: client IP address replacement.

This commit introduces the replacement of the client address based on the value
of a specified HTTP header. This is intended for use when Unit is placed
behin

Router: client IP address replacement.

This commit introduces the replacement of the client address based on the value
of a specified HTTP header. This is intended for use when Unit is placed
behind a reverse proxy like nginx or a CDN.

You must specify the source addresses of the trusted proxies. This can be
accomplished with any valid IP pattern supported by Unit's match block:

["10.0.0.1", "10.4.0.0/16", "!192.168.1.1"]

The feature is configured per listener.

The client address replacement functionality only operates when there is a
source IP match and the specified header is present. Typically this would be
an 'X-Forwarded-For' header.

{
"listeners": {
"127.0.0.1:8080": {
"client_ip": {
"header": "X-Forwarded-For",
"source": [
"10.0.0.0/8"
]
},
"pass": "applications/my_app"
},
}
}

If a request occurs and Unit receives a header like below:

"X-Forwarded-For: 84.123.23.23"

By default, Unit trusts the last rightmost IP in the header, so REMOTE_ADDR
will be set to 84.123.23.23 if the connection originated from 10.0.0.0/8.

If Unit runs behind consecutive reverse proxies and receives a header similar
to the following:

"X-Forwarded-For: 84.123.23.23, 10.0.0.254"

You will need to enable "recursive" checking, which walks the header from
last address to first and chooses the first non-trusted address it finds.

{
"listeners": {
"127.0.0.1:8080": {
"client_ip": {
"header": "X-Forwarded-For",
"source": [
"10.0.0.0/8"
]
"recursive": true,
},
"pass": "applications/my_app"
},
}
}

If a connection from 10.0.0.0/8 occurs, the chain is walked. Here, 10.0.0.254
is also a trusted address so the client address will be replaced with
84.123.23.23.

If all IP addresses in the header are trusted, the client address is set to
the first address in the header:

If 10.0.0.0/8 is trusted and "X-Forwarded-For: 10.0.0.3, 10.0.0.2, 10.0.0.1",
the client address will be replaced with 10.0.0.3.

show more ...


# 1926:6e85d6c0b8bb 29-Jul-2021 Max Romanov

Application restart introduced.

When processing a restart request, the router sends a QUIT message to all
existing processes of the application. Then, a new shared application port is
created to en

Application restart introduced.

When processing a restart request, the router sends a QUIT message to all
existing processes of the application. Then, a new shared application port is
created to ensure that new requests won't be handled by the old processes of
the application.

show more ...


# 1925:b8a2ac618950 24-Jul-2021 Zhidao HONG

Router: split nxt_http_app_conf_t from nxt_http_action_t.

No functional changes.


# 1923:9f268a8a1a2f 23-Jul-2021 Zhidao HONG

Router: split nxt_http_static_conf_t from nxt_http_action_t.

No functional changes.


# 1920:7c19530e2502 21-Jul-2021 Andrey Suvorov

Enabling configure TLS sessions.

To support TLS sessions, Unit uses the OpenSSL built-in session cache; the
cache_size option defines the number sessions to store. To disable the feather,
the optio

Enabling configure TLS sessions.

To support TLS sessions, Unit uses the OpenSSL built-in session cache; the
cache_size option defines the number sessions to store. To disable the feather,
the option must be zero.

show more ...


# 1915:48167dd83aa5 19-Jul-2021 Max Romanov

Router: fixing assertion on app thread port handle.

A new application thread port message can be processed in the router after the
application is removed from the router. Assertion for this case is

Router: fixing assertion on app thread port handle.

A new application thread port message can be processed in the router after the
application is removed from the router. Assertion for this case is replaced by
a condition to store the new thread port until receiving the stop notification
from the application process.

show more ...


# 1904:da7a4754f8bd 01-Jul-2021 Max Romanov

Fixing multiple TLS-enabled listeners initialization.

Because of the incorrect 'last' field assignment, multiple listeners with
a TLS certificate did not initialize properly, which caused a router c

Fixing multiple TLS-enabled listeners initialization.

Because of the incorrect 'last' field assignment, multiple listeners with
a TLS certificate did not initialize properly, which caused a router crash
while establishing a connection.

Test with multiple TLS listeners added.

The issue was introduced in the c548e46fe516 commit.

This closes #561 issue on GitHub.

show more ...


Revision tags: 1.24.0-1, 1.24.0
# 1885:09b857a2cca9 26-May-2021 Andrey Suvorov

Enabling SSL_CTX configuration by using SSL_CONF_cmd().

To perform various configuration operations on SSL_CTX, OpenSSL provides
SSL_CONF_cmd(). Specifically, to configure ciphers for a listener,
"

Enabling SSL_CTX configuration by using SSL_CONF_cmd().

To perform various configuration operations on SSL_CTX, OpenSSL provides
SSL_CONF_cmd(). Specifically, to configure ciphers for a listener,
"CipherString" and "Ciphersuites" file commands are used:
https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html


This feature can be configured in the "tls/conf_commands" section.

show more ...


# 1884:4645a43bc248 26-May-2021 Andrey Suvorov

Fixing crash during TLS connection shutdown.

A crash was caused by an incorrect timer handler nxt_h1p_idle_timeout() if
SSL_shutdown() returned SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE.

The flag SS

Fixing crash during TLS connection shutdown.

A crash was caused by an incorrect timer handler nxt_h1p_idle_timeout() if
SSL_shutdown() returned SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE.

The flag SSL_RECEIVED_SHUTDOWN is used to avoid getting SSL_ERROR_WANT_READ, so
the server won't wait for a close notification from a client.

For SSL_ERROR_WANT_WRITE, a correct timer handler is set up.

show more ...


# 1881:46d367c43ded 25-May-2021 Max Romanov

Fixing racing condition on listen socket close in router (v2).

This patch fixes a possible race between the nxt_router_conf_wait() and
nxt_router_listen_socket_release() function calls and improves

Fixing racing condition on listen socket close in router (v2).

This patch fixes a possible race between the nxt_router_conf_wait() and
nxt_router_listen_socket_release() function calls and improves the 7f1b2eaa2d58
commit fix.

show more ...


# 1869:03648307ff8c 17-May-2021 Andrey Suvorov

Fixing a crash after applying the wrong TLS configuration.

When an invalid TLS configuration is applied (such as the conf_commands
feature), nxt_cert_store_get() creates a buffer to send a certifica

Fixing a crash after applying the wrong TLS configuration.

When an invalid TLS configuration is applied (such as the conf_commands
feature), nxt_cert_store_get() creates a buffer to send a certificate request
to the main process and adds its default completion handler to an asynchronous
queue to free the allocated buffer. However, if configuration fails,
nxt_router_conf_error() removes the memory pool used to allocate the buffer,
causing a crash when the completion handler is dispatched.


Assertion "src/nxt_buf.c:208 assertion failed: data == b->parent" is triggered
when is NXT_DEBUG enabled in the configure script.


This patch uses a reference counter to retain the memory pool and redefines the
completion handler to free the buffer before releasing the memory pool.

show more ...


# 1867:7f1b2eaa2d58 17-May-2021 Max Romanov

Fixing racing condition on listen socket close in router.

Listen socket is actually closed in the instant timer handler. This patch moves
the "configuration has been applied" notification to the ti

Fixing racing condition on listen socket close in router.

Listen socket is actually closed in the instant timer handler. This patch moves
the "configuration has been applied" notification to the timer handler to avoid
a situation when the user gets the response from the controller, but the listen
socket is still open in the router.

show more ...


# 1854:aebe76640568 22-Apr-2021 Zhidao HONG

Router: grouped app and share fields in nxt_http_action_t.

This is a prerequisite for further introduction of openat2() features.
No functional changes.


Revision tags: 1.23.0-1, 1.23.0
# 1829:8fb5cbfe761a 25-Mar-2021 Max Romanov

Releasing shm buffers for large body requests.

This fixes memory and shm file descriptor leakage that occurred when a large
request body was passed via shared memory. The leakage was caught with th

Releasing shm buffers for large body requests.

This fixes memory and shm file descriptor leakage that occurred when a large
request body was passed via shared memory. The leakage was caught with the
"test_settings_body_buffer_size" test. The main condition is the
"body_buffer_size" value exceeding 10 Mb (a shm segment). Thus, the router was
forced to split the body into several shm segments, but these buffers were not
freed because of dummy completion handlers.

show more ...


# 1828:c548e46fe516 24-Mar-2021 Andrey Suvorov

Added ability to configure multiple certificates on a listener.

The certificate is selected by matching the arriving SNI to the common name and
the alternatives names. If no certificate matches the

Added ability to configure multiple certificates on a listener.

The certificate is selected by matching the arriving SNI to the common name and
the alternatives names. If no certificate matches the name, the first bundle in
the array is chosen.

show more ...


12345678910