diff options
Diffstat (limited to '')
85 files changed, 2919 insertions, 862 deletions
@@ -55,3 +55,4 @@ e3f504b6082ee97ed0d6c8660890585ef6a5796f 1.21.0-1 ad6aad2450c256d4f1a3c32f7091a78dbbc4a6d1 1.23.0-1 847c88d10f26765b45149c14f88c2274adfc3f42 1.24.0 5c7ce0da580ef6e83c729dd012e976f22acbac27 1.24.0-1 +54ffe5ce4fb3c4304faf6d342d9b17dee2c745ac 1.25.0 @@ -1,4 +1,44 @@ +Changes with Unit 1.25.0 19 Aug 2021 + + *) Feature: client IP address replacement from a specified HTTP header + field. + + *) Feature: TLS sessions cache. + + *) Feature: TLS session tickets. + + *) Feature: application restart control. + + *) Feature: process and thread lifecycle hooks in Ruby. + + *) Bugfix: the router process could crash on TLS connection open when + multiple listeners with TLS certificates were configured; the bug had + appeared in 1.23.0. + + *) Bugfix: TLS connections were rejected for configurations with + multiple certificate bundles in a listener if the client did not use + SNI. + + *) Bugfix: the router process could crash with frequent mutithreaded + application reconfiguration. + + *) Bugfix: compatibility issues with some Python ASGI apps, notably + based on the Starlette framework. + + *) Bugfix: a descriptor and memory leak occurred in the router process + when an app process stopped or crashed. + + *) Bugfix: the controller or router process could crash if the + configuration contained a full-form IPv6 in a listener address. + + *) Bugfix: the router process crashed when a request was passed to an + empty "routes" or "upstreams" using a variable "pass" option. + + *) Bugfix: the router process crashed while matching a request to an + empty array of source or destination address patterns. + + Changes with Unit 1.24.0 27 May 2021 *) Change: PHP added to the default MIME type list. diff --git a/auto/modules/java b/auto/modules/java index 05b3100c..e8137217 100644 --- a/auto/modules/java +++ b/auto/modules/java @@ -238,7 +238,7 @@ cat << END > $NXT_JAVA_JARS static const char *nxt_java_system_jars[] = { END -NXT_TOMCAT_VERSION=9.0.44 +NXT_TOMCAT_VERSION=9.0.52 NXT_JAR_VERSION=$NXT_TOMCAT_VERSION @@ -271,7 +271,7 @@ NXT_JAR_NAME=tomcat-util . auto/modules/java_get_jar NXT_JAR_NAME=ecj -NXT_JAR_VERSION=3.25.0 +NXT_JAR_VERSION=3.26.0 NXT_JAR_NAMESPACE=org/eclipse/jdt/ . auto/modules/java_get_jar @@ -284,7 +284,7 @@ static const char *nxt_java_unit_jars[] = { "$NXT_UNIT_JAR", END -NXT_JAR_VERSION=9.4.38.v20210224 +NXT_JAR_VERSION=9.4.43.v20210629 NXT_JAR_NAMESPACE=org/eclipse/jetty/ NXT_JAR_NAME=jetty-util @@ -297,7 +297,7 @@ NXT_JAR_NAME=jetty-http . auto/modules/java_get_jar NXT_JAR_NAME=classgraph -NXT_JAR_VERSION=4.8.102 +NXT_JAR_VERSION=4.8.112 NXT_JAR_NAMESPACE=io/github/classgraph/ . auto/modules/java_get_jar diff --git a/auto/modules/java_jar.sha512 b/auto/modules/java_jar.sha512 index 98d27149..5289081c 100644 --- a/auto/modules/java_jar.sha512 +++ b/auto/modules/java_jar.sha512 @@ -1,14 +1,14 @@ -5105e9edf0fc6a4a51eb2bb1e2c23bb78a604fe2df3b1e814cf638ce22845a6ae57e75af31db9dd00d5c650403e751659cca8d3bc465fb96525c695188d2055f classgraph-4.8.102.jar -48cee25d195a5c713a962b035ecba633797753474f290c107a0ee96272cd9ae1b6b62b060ef37e0699f6a5af4d4b45e514ef710309f41bdd9440925cf60a111a ecj-3.25.0.jar -3f2a4a5b7f71c6a1317cec29ea12eb04eac68f4cee94c30ffb75fdd36dbc9c622059fb762e27f74f7b7a38eb84966732ba963cc294f5aaf8b7f5f8c9d60c8899 jetty-http-9.4.38.v20210224.jar -cc416b324841e9c259538a3ec678a9d8e07d3bea9b0bb687bc15a759c5065c7de6ea7bbbb15b369b8c6d2023c3294906d8f9cfda28e1b7859283008790581a4d jetty-server-9.4.38.v20210224.jar -efdbeae97c959459c10b05aae62189c535a0935dadf7debf4257257c31a98a4167ca1318daa81dae32161f51117b17468d5fb5a6bb4eea40864ce1265623d684 jetty-util-9.4.38.v20210224.jar -f2534f246c0cec9be576f18d67759b5a997074bb7870cbf7b9469f062ddc6932e5cec45fd439a5beacc8c6248d39dc458af81245a6eb988e294667f2bcd251df tomcat-api-9.0.44.jar -0c8050b04b02a6a1f1384d1a4041594c09868cfeb139978274c5e5797eb95e0668495f489eb61cfe742905e453184edc0ad8a9fd3b2796e960981a20ae4a0334 tomcat-el-api-9.0.44.jar -cc81a06795553f06d3dfe930429fdf47a8e0c1813c554b640d98090cc661c1eb27a91b9a9055bd14d918fc9451073632a635741dd413fd7b4a380d8907862e14 tomcat-jasper-9.0.44.jar -de50107ff31b8c5a7eb97fe86c2fdfa38305be632c8d62329219884dfb6bbe76372b40a67e808263a55b510a41cde639d55e7925d89db06472392519f0410063 tomcat-jasper-el-9.0.44.jar -69a79e58cea950b713f26a94e1db90221c297375a338f010d1332027ef5d93fd262163ec787b06d8cd41a4a31faa81bb4fc83836148eb14a6757591f6fe5f3c6 tomcat-jsp-api-9.0.44.jar -ca036312596dbd92ae43dda79a9a5ad168cf90a12369636fdc6febbedb559b83d5fa22d77629659b588d70990f8a077fd8356be1c56b0227e07688b67dd7c76e tomcat-juli-9.0.44.jar -952c122413805de16de603cfc233785e53b558b39f146b6fa4e11324e26572e4aee76fec2ee69adecc8f4271cd28acb917e1a9e61a908710b3582ab1f76c9706 tomcat-servlet-api-9.0.44.jar -6920bfb2b1ae173d716fedbf4f238003f569a161f277a888c2d53dac0af80ef0480c9ca3be0ede4583716c1b97c1cfa1665439d14274b7d73ec948fd9f952b89 tomcat-util-9.0.44.jar -915304750cbdffc4c9926fcb22eb928d2895cccd8b3f6f13aefb4e5302cccf5f513502b70812630026dd2968712c4c3b1cfe98d37ecf7b349988e7255ddc5b18 tomcat-util-scan-9.0.44.jar +e7ad5ee436f6befaddcdd1046022a2e30444a435d9419a33f8316f66e794cf710809dbcf7e408a087f434cd9cb724682965b5e4098e34803569241eb44288322 classgraph-4.8.112.jar +ab441acf5551a7dc81c353eaccb3b3df9e89a48987294d19e39acdb83a5b640fcdff7414cee29f5b96eaa8826647f1d5323e185018fe33a64c402d69c73c9158 ecj-3.26.0.jar +a3ce1a5a41c9791ece4cbbf049ec4add1ec41330743d6757daea520f8b329299f5dd274f9e5741ba41fe49510f203efd19540d2404390eca53421132f5f46d4b jetty-http-9.4.43.v20210629.jar +61a14e97baac9962bd68ece24f8b967eec8e32edfebfa27c6a13996a86650d82f8977bf1aa582fc9706a1b028cb3cec0057c97628235dfc130061939845229e6 jetty-server-9.4.43.v20210629.jar +304fcdba2bdbf37e8f2ea69a3f5fbdffdfefd98d80fa78883b1dca1129a4907cef63eb2fa7c83eef359022a3b6a2f3ff742d8d23075c83d049ac01f1402e97f8 jetty-util-9.4.43.v20210629.jar +f14ac948559c0b6e20f6d84e5177fea46ea1321a7a401f280ee9323f3a07e70e141d2b12c8c466c446efb55a58743af931b0584f56494f17311cab511bcd214a tomcat-api-9.0.52.jar +a5ca293732267854a296ccc79b25051acf76fa8dea6118d43aa2e95b6d1951dfaffb941430b5080d7ab62d82d2c82c9385baf99e3c4a2bb6bf4a04372149169d tomcat-el-api-9.0.52.jar +8660e11dd0f994de43b19ba251a789dc3194a6b82d674085fed510200c789b402b27ab97bcecfec0720f563bb0dd18c2631cd8bb5c35e604c1460d7357492123 tomcat-jasper-9.0.52.jar +5b0b3e0edb47e3c4269736542d66d6fc099a74965fdcd5d3a6382db3f75bec7329e81f0719aaafccd318a058ec8fbba113a6ae9234ca94a00c8c39e5c8885568 tomcat-jasper-el-9.0.52.jar +a4368d1073d79a4f8a1cb8967a5e39af87723a17b2d94466554e8e4d3e8bb2dec3ee37db9f606e0c775dd4028604d4e87921f0dda764c8ef138aa50acf03d549 tomcat-jsp-api-9.0.52.jar +8687e108489996226a83e8310c73a2a176fac9ce365a7bd3fc23955fe968c3858a24c047cb5c7fbd1f3a890c893dcdf55e88180eefe61b98c1a3bf4e316fb07e tomcat-juli-9.0.52.jar +f9929f433e2b2f93897a87d117af2519e44020b44e3a475dfc81662b08d08e010b14a3dd6df2d4800196cdba7cbb8db2b879341c5a0ef1d11e5abe63d872bc34 tomcat-servlet-api-9.0.52.jar +c21ccf969378f2cad0ead32451c2527ea944207b5a894b642ee554042fe87eb0ce647aacbf8a51d12b4ecf2bf13e9380da78d8f7792486909daba72e8d0f83f2 tomcat-util-9.0.52.jar +14b4eb31c124d22c7ea7f05808cd6a46076f9d72648afd76e2d11924874117266771a455686d704225d2eff94656f024293140a3259b108857fa6b8b218ddd63 tomcat-util-scan-9.0.52.jar diff --git a/auto/ssltls b/auto/ssltls index f9363dde..d678ba74 100644 --- a/auto/ssltls +++ b/auto/ssltls @@ -66,6 +66,23 @@ if [ $NXT_OPENSSL = YES ]; then return 0; }" . auto/feature + + + nxt_feature="OpenSSL tlsext support" + nxt_feature_name=NXT_HAVE_OPENSSL_TLSEXT + nxt_feature_run= + nxt_feature_incs= + nxt_feature_libs="$NXT_OPENSSL_LIBS" + nxt_feature_test="#include <openssl/ssl.h> + + int main() { + #if (OPENSSL_NO_TLSEXT) + #error OpenSSL: no tlsext support. + #else + return 0; + #endif + }" + . auto/feature fi diff --git a/docs/changes.xml b/docs/changes.xml index e3711d0c..dca77068 100644 --- a/docs/changes.xml +++ b/docs/changes.xml @@ -5,6 +5,121 @@ <change_log title="unit"> +<changes apply="unit-php + unit-python unit-python2.7 + unit-python3.4 unit-python3.5 unit-python3.6 unit-python3.7 + unit-python3.8 unit-python3.9 + unit-go + unit-perl + unit-ruby + unit-jsc-common unit-jsc8 unit-jsc10 unit-jsc11 unit-jsc13 + unit-jsc14 unit-jsc15 unit-jsc16 unit-jsc17" + ver="1.25.0" rev="1" + date="2021-08-19" time="18:00:00 +0300" + packager="Andrei Belov <defan@nginx.com>"> + +<change> +<para> +NGINX Unit updated to 1.25.0. +</para> +</change> + +</changes> + + +<changes apply="unit" ver="1.25.0" rev="1" + date="2021-08-19" time="18:00:00 +0300" + packager="Andrei Belov <defan@nginx.com>"> + +<change type="feature"> +<para> +client IP address replacement from a specified HTTP header field. +</para> +</change> + +<change type="feature"> +<para> +TLS sessions cache. +</para> +</change> + +<change type="feature"> +<para> +TLS session tickets. +</para> +</change> + +<change type="feature"> +<para> +application restart control. +</para> +</change> + +<change type="feature"> +<para> +process and thread lifecycle hooks in Ruby. +</para> +</change> + +<change type="bugfix"> +<para> +the router process could crash on TLS connection open when multiple listeners +with TLS certificates were configured; the bug had appeared in 1.23.0. +</para> +</change> + +<change type="bugfix"> +<para> +TLS connections were rejected for configurations with multiple certificate +bundles in a listener if the client did not use SNI. +</para> +</change> + +<change type="bugfix"> +<para> +the router process could crash with frequent mutithreaded application +reconfiguration. +</para> +</change> + +<change type="bugfix"> +<para> +compatibility issues with some Python ASGI apps, notably based on the Starlette +framework. +</para> +</change> + +<change type="bugfix"> +<para> +a descriptor and memory leak occurred in the router process when an app process +stopped or crashed. +</para> +</change> + +<change type="bugfix"> +<para> +the controller or router process could crash if the configuration contained +a full-form IPv6 in a listener address. +</para> +</change> + +<change type="bugfix"> +<para> +the router process crashed when a request was passed to an empty "routes" +or "upstreams" using a variable "pass" option. +</para> +</change> + +<change type="bugfix"> +<para> +the router process crashed while matching a request to an empty array of source +or destination address patterns. +</para> +</change> + +</changes> + + <changes apply="unit-jsc17" ver="1.24.0" rev="1" date="2021-05-27" time="18:00:00 +0300" packager="Andrei Belov <defan@nginx.com>"> diff --git a/pkg/deb/Makefile b/pkg/deb/Makefile index c343eb53..85d5545e 100644 --- a/pkg/deb/Makefile +++ b/pkg/deb/Makefile @@ -135,6 +135,18 @@ include Makefile.python include Makefile.perl endif +# Debian 11 +ifeq ($(CODENAME),bullseye) +include Makefile.php +include Makefile.python27 +include Makefile.python39 +include Makefile.go +include Makefile.perl +include Makefile.ruby +include Makefile.jsc-common +include Makefile.jsc11 +endif + # Debian 10 ifeq ($(CODENAME),buster) include Makefile.php diff --git a/pkg/deb/Makefile.jsc-common b/pkg/deb/Makefile.jsc-common index 1c4a77b5..5f727124 100644 --- a/pkg/deb/Makefile.jsc-common +++ b/pkg/deb/Makefile.jsc-common @@ -6,7 +6,7 @@ MODULE_SUMMARY_jsc_common= Java shared packages for NGINX Unit MODULE_VERSION_jsc_common= $(VERSION) MODULE_RELEASE_jsc_common= 1 -ifneq (,$(findstring $(CODENAME),hirsute groovy focal eoan disco buster)) +ifneq (,$(findstring $(CODENAME),hirsute groovy focal eoan disco buster bullseye)) JAVA_MINVERSION= 11 else JAVA_MINVERSION= 8 diff --git a/pkg/docker/Dockerfile.go1.15 b/pkg/docker/Dockerfile.go1.15 index d446a934..0c88ff64 100644 --- a/pkg/docker/Dockerfile.go1.15 +++ b/pkg/docker/Dockerfile.go1.15 @@ -8,7 +8,7 @@ RUN set -ex \ && mkdir -p /usr/lib/unit/modules /usr/lib/unit/debug-modules \ && hg clone https://hg.nginx.org/unit \ && cd unit \ - && hg up 1.24.0 \ + && hg up 1.25.0 \ && NCPU="$(getconf _NPROCESSORS_ONLN)" \ && DEB_HOST_MULTIARCH="$(dpkg-architecture -q DEB_HOST_MULTIARCH)" \ && CC_OPT="$(DEB_BUILD_MAINT_OPTIONS="hardening=+all,-pie" DEB_CFLAGS_MAINT_APPEND="-Wp,-D_FORTIFY_SOURCE=2 -fPIC" dpkg-buildflags --get CFLAGS)" \ diff --git a/pkg/docker/Dockerfile.jsc11 b/pkg/docker/Dockerfile.jsc11 index b66ebe73..8f62ad3e 100644 --- a/pkg/docker/Dockerfile.jsc11 +++ b/pkg/docker/Dockerfile.jsc11 @@ -8,7 +8,7 @@ RUN set -ex \ && mkdir -p /usr/lib/unit/modules /usr/lib/unit/debug-modules \ && hg clone https://hg.nginx.org/unit \ && cd unit \ - && hg up 1.24.0 \ + && hg up 1.25.0 \ && NCPU="$(getconf _NPROCESSORS_ONLN)" \ && DEB_HOST_MULTIARCH="$(dpkg-architecture -q DEB_HOST_MULTIARCH)" \ && CC_OPT="$(DEB_BUILD_MAINT_OPTIONS="hardening=+all,-pie" DEB_CFLAGS_MAINT_APPEND="-Wp,-D_FORTIFY_SOURCE=2 -fPIC" dpkg-buildflags --get CFLAGS)" \ diff --git a/pkg/docker/Dockerfile.minimal b/pkg/docker/Dockerfile.minimal index 69a70e33..00875732 100644 --- a/pkg/docker/Dockerfile.minimal +++ b/pkg/docker/Dockerfile.minimal @@ -8,7 +8,7 @@ RUN set -ex \ && mkdir -p /usr/lib/unit/modules /usr/lib/unit/debug-modules \ && hg clone https://hg.nginx.org/unit \ && cd unit \ - && hg up 1.24.0 \ + && hg up 1.25.0 \ && NCPU="$(getconf _NPROCESSORS_ONLN)" \ && DEB_HOST_MULTIARCH="$(dpkg-architecture -q DEB_HOST_MULTIARCH)" \ && CC_OPT="$(DEB_BUILD_MAINT_OPTIONS="hardening=+all,-pie" DEB_CFLAGS_MAINT_APPEND="-Wp,-D_FORTIFY_SOURCE=2 -fPIC" dpkg-buildflags --get CFLAGS)" \ diff --git a/pkg/docker/Dockerfile.node15 b/pkg/docker/Dockerfile.node15 index 1e3846a3..f98d0ef3 100644 --- a/pkg/docker/Dockerfile.node15 +++ b/pkg/docker/Dockerfile.node15 @@ -8,7 +8,7 @@ RUN set -ex \ && mkdir -p /usr/lib/unit/modules /usr/lib/unit/debug-modules \ && hg clone https://hg.nginx.org/unit \ && cd unit \ - && hg up 1.24.0 \ + && hg up 1.25.0 \ && NCPU="$(getconf _NPROCESSORS_ONLN)" \ && DEB_HOST_MULTIARCH="$(dpkg-architecture -q DEB_HOST_MULTIARCH)" \ && CC_OPT="$(DEB_BUILD_MAINT_OPTIONS="hardening=+all,-pie" DEB_CFLAGS_MAINT_APPEND="-Wp,-D_FORTIFY_SOURCE=2 -fPIC" dpkg-buildflags --get CFLAGS)" \ diff --git a/pkg/docker/Dockerfile.perl5.32 b/pkg/docker/Dockerfile.perl5.32 index 2fccbf63..244eb076 100644 --- a/pkg/docker/Dockerfile.perl5.32 +++ b/pkg/docker/Dockerfile.perl5.32 @@ -8,7 +8,7 @@ RUN set -ex \ && mkdir -p /usr/lib/unit/modules /usr/lib/unit/debug-modules \ && hg clone https://hg.nginx.org/unit \ && cd unit \ - && hg up 1.24.0 \ + && hg up 1.25.0 \ && NCPU="$(getconf _NPROCESSORS_ONLN)" \ && DEB_HOST_MULTIARCH="$(dpkg-architecture -q DEB_HOST_MULTIARCH)" \ && CC_OPT="$(DEB_BUILD_MAINT_OPTIONS="hardening=+all,-pie" DEB_CFLAGS_MAINT_APPEND="-Wp,-D_FORTIFY_SOURCE=2 -fPIC" dpkg-buildflags --get CFLAGS)" \ diff --git a/pkg/docker/Dockerfile.php8.0 b/pkg/docker/Dockerfile.php8.0 index 02db27cf..ba85ce0e 100644 --- a/pkg/docker/Dockerfile.php8.0 +++ b/pkg/docker/Dockerfile.php8.0 @@ -8,7 +8,7 @@ RUN set -ex \ && mkdir -p /usr/lib/unit/modules /usr/lib/unit/debug-modules \ && hg clone https://hg.nginx.org/unit \ && cd unit \ - && hg up 1.24.0 \ + && hg up 1.25.0 \ && NCPU="$(getconf _NPROCESSORS_ONLN)" \ && DEB_HOST_MULTIARCH="$(dpkg-architecture -q DEB_HOST_MULTIARCH)" \ && CC_OPT="$(DEB_BUILD_MAINT_OPTIONS="hardening=+all,-pie" DEB_CFLAGS_MAINT_APPEND="-Wp,-D_FORTIFY_SOURCE=2 -fPIC" dpkg-buildflags --get CFLAGS)" \ diff --git a/pkg/docker/Dockerfile.python3.9 b/pkg/docker/Dockerfile.python3.9 index 44472a12..a3ca8d4a 100644 --- a/pkg/docker/Dockerfile.python3.9 +++ b/pkg/docker/Dockerfile.python3.9 @@ -8,7 +8,7 @@ RUN set -ex \ && mkdir -p /usr/lib/unit/modules /usr/lib/unit/debug-modules \ && hg clone https://hg.nginx.org/unit \ && cd unit \ - && hg up 1.24.0 \ + && hg up 1.25.0 \ && NCPU="$(getconf _NPROCESSORS_ONLN)" \ && DEB_HOST_MULTIARCH="$(dpkg-architecture -q DEB_HOST_MULTIARCH)" \ && CC_OPT="$(DEB_BUILD_MAINT_OPTIONS="hardening=+all,-pie" DEB_CFLAGS_MAINT_APPEND="-Wp,-D_FORTIFY_SOURCE=2 -fPIC" dpkg-buildflags --get CFLAGS)" \ diff --git a/pkg/docker/Dockerfile.ruby2.7 b/pkg/docker/Dockerfile.ruby2.7 index 7875c470..d5140288 100644 --- a/pkg/docker/Dockerfile.ruby2.7 +++ b/pkg/docker/Dockerfile.ruby2.7 @@ -8,7 +8,7 @@ RUN set -ex \ && mkdir -p /usr/lib/unit/modules /usr/lib/unit/debug-modules \ && hg clone https://hg.nginx.org/unit \ && cd unit \ - && hg up 1.24.0 \ + && hg up 1.25.0 \ && NCPU="$(getconf _NPROCESSORS_ONLN)" \ && DEB_HOST_MULTIARCH="$(dpkg-architecture -q DEB_HOST_MULTIARCH)" \ && CC_OPT="$(DEB_BUILD_MAINT_OPTIONS="hardening=+all,-pie" DEB_CFLAGS_MAINT_APPEND="-Wp,-D_FORTIFY_SOURCE=2 -fPIC" dpkg-buildflags --get CFLAGS)" \ diff --git a/src/nxt_application.h b/src/nxt_application.h index 45e7fa48..6fbdc4be 100644 --- a/src/nxt_application.h +++ b/src/nxt_application.h @@ -74,6 +74,7 @@ typedef struct { typedef struct { nxt_str_t script; uint32_t threads; + nxt_str_t hooks; } nxt_ruby_app_conf_t; diff --git a/src/nxt_buf.c b/src/nxt_buf.c index 83be0fac..cbde069e 100644 --- a/src/nxt_buf.c +++ b/src/nxt_buf.c @@ -201,7 +201,6 @@ nxt_buf_completion(nxt_task_t *task, void *obj, void *data) nxt_buf_t *b, *next, *parent; b = obj; - parent = data; nxt_debug(task, "buf completion: %p %p", b, b->mem.start); @@ -275,7 +274,6 @@ nxt_buf_ts_completion(nxt_task_t *task, void *obj, void *data) nxt_buf_t *b, *next, *parent; b = obj; - parent = data; if (nxt_buf_ts_handle(task, obj, data)) { return; diff --git a/src/nxt_buf.h b/src/nxt_buf.h index 25e8499a..5121d659 100644 --- a/src/nxt_buf.h +++ b/src/nxt_buf.h @@ -288,4 +288,10 @@ nxt_buf_cpystr(nxt_buf_t *b, const nxt_str_t *str) } +nxt_inline void +nxt_buf_dummy_completion(nxt_task_t *task, void *obj, void *data) +{ +} + + #endif /* _NXT_BUF_H_INCLIDED_ */ diff --git a/src/nxt_conf_validation.c b/src/nxt_conf_validation.c index 06ae2847..a53fff74 100644 --- a/src/nxt_conf_validation.c +++ b/src/nxt_conf_validation.c @@ -95,6 +95,16 @@ static nxt_int_t nxt_conf_vldt_object_conf_commands(nxt_conf_validation_t *vldt, #endif static nxt_int_t nxt_conf_vldt_certificate_element(nxt_conf_validation_t *vldt, nxt_conf_value_t *value); +static nxt_int_t nxt_conf_vldt_tls_cache_size(nxt_conf_validation_t *vldt, + nxt_conf_value_t *value, void *data); +static nxt_int_t nxt_conf_vldt_tls_timeout(nxt_conf_validation_t *vldt, + nxt_conf_value_t *value, void *data); +#if (NXT_HAVE_OPENSSL_TLSEXT) +static nxt_int_t nxt_conf_vldt_ticket_key(nxt_conf_validation_t *vldt, + nxt_conf_value_t *value, void *data); +static nxt_int_t nxt_conf_vldt_ticket_key_element(nxt_conf_validation_t *vldt, + nxt_conf_value_t *value); +#endif #endif static nxt_int_t nxt_conf_vldt_action(nxt_conf_validation_t *vldt, nxt_conf_value_t *value, void *data); @@ -204,8 +214,10 @@ static nxt_conf_vldt_object_t nxt_conf_vldt_setting_members[]; static nxt_conf_vldt_object_t nxt_conf_vldt_http_members[]; static nxt_conf_vldt_object_t nxt_conf_vldt_websocket_members[]; static nxt_conf_vldt_object_t nxt_conf_vldt_static_members[]; +static nxt_conf_vldt_object_t nxt_conf_vldt_client_ip_members[]; #if (NXT_TLS) static nxt_conf_vldt_object_t nxt_conf_vldt_tls_members[]; +static nxt_conf_vldt_object_t nxt_conf_vldt_session_members[]; #endif static nxt_conf_vldt_object_t nxt_conf_vldt_match_members[]; static nxt_conf_vldt_object_t nxt_conf_vldt_python_target_members[]; @@ -346,6 +358,11 @@ static nxt_conf_vldt_object_t nxt_conf_vldt_listener_members[] = { .name = nxt_string("application"), .type = NXT_CONF_VLDT_STRING, .validator = nxt_conf_vldt_app_name, + }, { + .name = nxt_string("client_ip"), + .type = NXT_CONF_VLDT_OBJECT, + .validator = nxt_conf_vldt_object, + .u.members = nxt_conf_vldt_client_ip_members }, #if (NXT_TLS) @@ -361,6 +378,25 @@ static nxt_conf_vldt_object_t nxt_conf_vldt_listener_members[] = { }; +static nxt_conf_vldt_object_t nxt_conf_vldt_client_ip_members[] = { + { + .name = nxt_string("source"), + .type = NXT_CONF_VLDT_STRING | NXT_CONF_VLDT_ARRAY, + .validator = nxt_conf_vldt_match_addrs, + .flags = NXT_CONF_VLDT_REQUIRED + }, { + .name = nxt_string("header"), + .type = NXT_CONF_VLDT_STRING, + .flags = NXT_CONF_VLDT_REQUIRED + }, { + .name = nxt_string("recursive"), + .type = NXT_CONF_VLDT_BOOLEAN, + }, + + NXT_CONF_VLDT_END +}; + + #if (NXT_TLS) static nxt_conf_vldt_object_t nxt_conf_vldt_tls_members[] = { @@ -378,11 +414,132 @@ static nxt_conf_vldt_object_t nxt_conf_vldt_tls_members[] = { .validator = nxt_conf_vldt_unsupported, .u.string = "conf_commands", #endif + }, { + .name = nxt_string("session"), + .type = NXT_CONF_VLDT_OBJECT, + .validator = nxt_conf_vldt_object, + .u.members = nxt_conf_vldt_session_members, + }, + + NXT_CONF_VLDT_END +}; + + +static nxt_conf_vldt_object_t nxt_conf_vldt_session_members[] = { + { + .name = nxt_string("cache_size"), + .type = NXT_CONF_VLDT_INTEGER, + .validator = nxt_conf_vldt_tls_cache_size, + }, { + .name = nxt_string("timeout"), + .type = NXT_CONF_VLDT_INTEGER, + .validator = nxt_conf_vldt_tls_timeout, + }, { + .name = nxt_string("tickets"), + .type = NXT_CONF_VLDT_STRING + | NXT_CONF_VLDT_ARRAY + | NXT_CONF_VLDT_BOOLEAN, +#if (NXT_HAVE_OPENSSL_TLSEXT) + .validator = nxt_conf_vldt_ticket_key, +#else + .validator = nxt_conf_vldt_unsupported, + .u.string = "tickets", +#endif }, NXT_CONF_VLDT_END }; + +static nxt_int_t +nxt_conf_vldt_tls_cache_size(nxt_conf_validation_t *vldt, + nxt_conf_value_t *value, void *data) +{ + int64_t cache_size; + + cache_size = nxt_conf_get_number(value); + + if (cache_size < 0) { + return nxt_conf_vldt_error(vldt, "The \"cache_size\" number must not " + "be negative."); + } + + return NXT_OK; +} + + +static nxt_int_t +nxt_conf_vldt_tls_timeout(nxt_conf_validation_t *vldt, nxt_conf_value_t *value, + void *data) +{ + int64_t timeout; + + timeout = nxt_conf_get_number(value); + + if (timeout <= 0) { + return nxt_conf_vldt_error(vldt, "The \"timeout\" number must be " + "greater than zero."); + } + + return NXT_OK; +} + +#endif + +#if (NXT_HAVE_OPENSSL_TLSEXT) + +static nxt_int_t +nxt_conf_vldt_ticket_key(nxt_conf_validation_t *vldt, nxt_conf_value_t *value, + void *data) +{ + if (nxt_conf_type(value) == NXT_CONF_BOOLEAN) { + return NXT_OK; + } + + if (nxt_conf_type(value) == NXT_CONF_ARRAY) { + return nxt_conf_vldt_array_iterator(vldt, value, + &nxt_conf_vldt_ticket_key_element); + } + + /* NXT_CONF_STRING */ + + return nxt_conf_vldt_ticket_key_element(vldt, value); +} + + +static nxt_int_t +nxt_conf_vldt_ticket_key_element(nxt_conf_validation_t *vldt, + nxt_conf_value_t *value) +{ + nxt_str_t key; + nxt_int_t ret; + + if (nxt_conf_type(value) != NXT_CONF_STRING) { + return nxt_conf_vldt_error(vldt, "The \"key\" array must " + "contain only string values."); + } + + nxt_conf_get_string(value, &key); + + ret = nxt_openssl_base64_decode(NULL, 0, key.start, key.length); + if (nxt_slow_path(ret == NXT_ERROR)) { + return NXT_ERROR; + } + + if (ret == NXT_DECLINED) { + return nxt_conf_vldt_error(vldt, "Invalid Base64 format for the ticket " + "key \"%V\".", &key); + } + + if (ret != 48 && ret != 80) { + return nxt_conf_vldt_error(vldt, "Invalid length %d of the ticket " + "key \"%V\". Must be 48 or 80 bytes.", + ret, &key); + } + + return NXT_OK; +} + #endif @@ -732,6 +889,9 @@ static nxt_conf_vldt_object_t nxt_conf_vldt_ruby_members[] = { .name = nxt_string("threads"), .type = NXT_CONF_VLDT_INTEGER, .validator = nxt_conf_vldt_threads, + }, { + .name = nxt_string("hooks"), + .type = NXT_CONF_VLDT_STRING }, NXT_CONF_VLDT_NEXT(nxt_conf_vldt_common_members) @@ -1215,7 +1375,7 @@ static nxt_int_t nxt_conf_vldt_mtypes_extension(nxt_conf_validation_t *vldt, nxt_conf_value_t *value) { - nxt_str_t ext, *dup_type; + nxt_str_t exten, *dup_type; nxt_conf_vldt_mtypes_ctx_t *ctx; ctx = vldt->ctx; @@ -1225,24 +1385,24 @@ nxt_conf_vldt_mtypes_extension(nxt_conf_validation_t *vldt, "contain only strings.", ctx->type); } - nxt_conf_get_string(value, &ext); + nxt_conf_get_string(value, &exten); - if (ext.length == 0) { + if (exten.length == 0) { return nxt_conf_vldt_error(vldt, "An empty file extension for " "the \"%V\" MIME type.", ctx->type); } - dup_type = nxt_http_static_mtypes_hash_find(&ctx->hash, &ext); + dup_type = nxt_http_static_mtype_get(&ctx->hash, &exten); if (dup_type->length != 0) { return nxt_conf_vldt_error(vldt, "The \"%V\" file extension has been " "declared for \"%V\" and \"%V\" " "MIME types at the same time.", - &ext, dup_type, ctx->type); + &exten, dup_type, ctx->type); } - return nxt_http_static_mtypes_hash_add(ctx->pool, &ctx->hash, - &ext, ctx->type); + return nxt_http_static_mtypes_hash_add(ctx->pool, &ctx->hash, &exten, + ctx->type); } diff --git a/src/nxt_controller.c b/src/nxt_controller.c index 772d10c8..779a625d 100644 --- a/src/nxt_controller.c +++ b/src/nxt_controller.c @@ -92,6 +92,10 @@ static nxt_bool_t nxt_controller_cert_in_use(nxt_str_t *name); static void nxt_controller_cert_cleanup(nxt_task_t *task, void *obj, void *data); #endif +static void nxt_controller_process_control(nxt_task_t *task, + nxt_controller_request_t *req, nxt_str_t *path); +static void nxt_controller_app_restart_handler(nxt_task_t *task, + nxt_port_recv_msg_t *msg, void *data); static void nxt_controller_conf_handler(nxt_task_t *task, nxt_port_recv_msg_t *msg, void *data); static void nxt_controller_conf_store(nxt_task_t *task, @@ -1022,6 +1026,14 @@ nxt_controller_process_request(nxt_task_t *task, nxt_controller_request_t *req) #endif + if (nxt_str_start(&path, "/control/", 9)) { + path.length -= 9; + path.start += 9; + + nxt_controller_process_control(task, req, &path); + return; + } + nxt_memzero(&resp, sizeof(nxt_controller_response_t)); if (path.length == 1 && path.start[0] == '/') { @@ -1684,6 +1696,155 @@ nxt_controller_conf_handler(nxt_task_t *task, nxt_port_recv_msg_t *msg, static void +nxt_controller_process_control(nxt_task_t *task, + nxt_controller_request_t *req, nxt_str_t *path) +{ + uint32_t stream; + nxt_buf_t *b; + nxt_int_t rc; + nxt_port_t *router_port, *controller_port; + nxt_runtime_t *rt; + nxt_conf_value_t *value; + nxt_controller_response_t resp; + + static nxt_str_t applications = nxt_string("applications"); + + nxt_memzero(&resp, sizeof(nxt_controller_response_t)); + + if (!nxt_str_eq(&req->parser.method, "GET", 3)) { + goto not_allowed; + } + + if (!nxt_str_start(path, "applications/", 13) + || nxt_memcmp(path->start + path->length - 8, "/restart", 8) != 0) + { + goto not_found; + } + + path->start += 13; + path->length -= 13 + 8; + + if (nxt_controller_check_postpone_request(task)) { + nxt_queue_insert_tail(&nxt_controller_waiting_requests, &req->link); + return; + } + + value = nxt_controller_conf.root; + if (value == NULL) { + goto not_found; + } + + value = nxt_conf_get_object_member(value, &applications, NULL); + if (value == NULL) { + goto not_found; + } + + value = nxt_conf_get_object_member(value, path, NULL); + if (value == NULL) { + goto not_found; + } + + b = nxt_buf_mem_alloc(req->conn->mem_pool, path->length, 0); + if (nxt_slow_path(b == NULL)) { + goto alloc_fail; + } + + b->mem.free = nxt_cpymem(b->mem.pos, path->start, path->length); + + rt = task->thread->runtime; + + controller_port = rt->port_by_type[NXT_PROCESS_CONTROLLER]; + router_port = rt->port_by_type[NXT_PROCESS_ROUTER]; + + stream = nxt_port_rpc_register_handler(task, controller_port, + nxt_controller_app_restart_handler, + nxt_controller_app_restart_handler, + router_port->pid, req); + if (nxt_slow_path(stream == 0)) { + goto alloc_fail; + } + + rc = nxt_port_socket_write(task, router_port, NXT_PORT_MSG_APP_RESTART, + -1, stream, 0, b); + if (nxt_slow_path(rc != NXT_OK)) { + nxt_port_rpc_cancel(task, controller_port, stream); + + goto fail; + } + + nxt_queue_insert_head(&nxt_controller_waiting_requests, &req->link); + + return; + +not_allowed: + + resp.status = 405; + resp.title = (u_char *) "Method isn't allowed."; + resp.offset = -1; + + nxt_controller_response(task, req, &resp); + return; + +not_found: + + resp.status = 404; + resp.title = (u_char *) "Value doesn't exist."; + resp.offset = -1; + + nxt_controller_response(task, req, &resp); + return; + +alloc_fail: + + resp.status = 500; + resp.title = (u_char *) "Memory allocation failed."; + resp.offset = -1; + + nxt_controller_response(task, req, &resp); + return; + +fail: + + resp.status = 500; + resp.title = (u_char *) "Send restart failed."; + resp.offset = -1; + + nxt_controller_response(task, req, &resp); +} + + +static void +nxt_controller_app_restart_handler(nxt_task_t *task, nxt_port_recv_msg_t *msg, + void *data) +{ + nxt_controller_request_t *req; + nxt_controller_response_t resp; + + req = data; + + nxt_debug(task, "controller app restart handler"); + + nxt_queue_remove(&req->link); + + nxt_memzero(&resp, sizeof(nxt_controller_response_t)); + + if (msg->port_msg.type == NXT_PORT_MSG_RPC_READY) { + resp.status = 200; + resp.title = (u_char *) "Ok"; + + } else { + resp.status = 500; + resp.title = (u_char *) "Failed to restart app."; + resp.offset = -1; + } + + nxt_controller_response(task, req, &resp); + + nxt_controller_flush_requests(task); +} + + +static void nxt_controller_conf_store(nxt_task_t *task, nxt_conf_value_t *conf) { void *mem; diff --git a/src/nxt_event_engine.c b/src/nxt_event_engine.c index 4384d3b1..78c79bb1 100644 --- a/src/nxt_event_engine.c +++ b/src/nxt_event_engine.c @@ -720,11 +720,10 @@ nxt_event_engine_buf_mem_free(nxt_event_engine_t *engine, nxt_buf_t *b) void nxt_event_engine_buf_mem_completion(nxt_task_t *task, void *obj, void *data) { - nxt_event_engine_t *engine; nxt_buf_t *b, *next, *parent; + nxt_event_engine_t *engine; b = obj; - parent = data; nxt_debug(task, "buf completion: %p %p", b, b->mem.start); diff --git a/src/nxt_h1proto.c b/src/nxt_h1proto.c index d3da6942..b683cb22 100755 --- a/src/nxt_h1proto.c +++ b/src/nxt_h1proto.c @@ -955,7 +955,6 @@ nxt_h1p_request_body_read(nxt_task_t *task, nxt_http_request_t *r) } else { size = nxt_min(body_buffer_size, size); b->mem.free = nxt_cpymem(b->mem.free, in->mem.pos, size); - body_buffer_size -= size; } in->mem.pos += size; diff --git a/src/nxt_http.h b/src/nxt_http.h index f82d837e..3bc2fd61 100644 --- a/src/nxt_http.h +++ b/src/nxt_http.h @@ -197,8 +197,23 @@ struct nxt_http_request_s { }; -typedef struct nxt_http_route_s nxt_http_route_t; -typedef struct nxt_http_route_rule_s nxt_http_route_rule_t; +typedef struct nxt_http_route_s nxt_http_route_t; +typedef struct nxt_http_route_rule_s nxt_http_route_rule_t; +typedef struct nxt_http_route_addr_rule_s nxt_http_route_addr_rule_t; + + +typedef struct { + nxt_conf_value_t *pass; + nxt_conf_value_t *ret; + nxt_str_t location; + nxt_conf_value_t *proxy; + nxt_conf_value_t *share; + nxt_str_t chroot; + nxt_conf_value_t *follow_symlinks; + nxt_conf_value_t *traverse_mounts; + nxt_conf_value_t *types; + nxt_conf_value_t *fallback; +} nxt_http_action_conf_t; struct nxt_http_action_s { @@ -206,26 +221,15 @@ struct nxt_http_action_s { nxt_http_request_t *r, nxt_http_action_t *action); union { + void *conf; nxt_http_route_t *route; nxt_upstream_t *upstream; uint32_t upstream_number; - nxt_http_status_t return_code; nxt_var_t *var; - - struct { - nxt_app_t *application; - nxt_int_t target; - } app; - - struct { - nxt_str_t chroot; - nxt_uint_t resolve; - nxt_http_route_rule_t *types; - nxt_http_action_t *fallback; - } share; } u; nxt_str_t name; + nxt_http_action_t *fallback; }; @@ -251,6 +255,14 @@ typedef struct { } nxt_http_proto_table_t; +struct nxt_http_client_ip_s { + nxt_http_route_addr_rule_t *source; + nxt_str_t *header; + uint32_t header_hash; + uint8_t recursive; /* 1 bit */ +}; + + #define NXT_HTTP_DATE_LEN nxt_length("Wed, 31 Dec 1986 16:40:00 GMT") nxt_inline u_char * @@ -308,27 +320,34 @@ nxt_int_t nxt_http_pass_segments(nxt_mp_t *mp, nxt_str_t *pass, nxt_str_t *segments, nxt_uint_t n); nxt_http_action_t *nxt_http_pass_application(nxt_task_t *task, nxt_router_conf_t *rtcf, nxt_str_t *name); +nxt_http_route_addr_rule_t *nxt_http_route_addr_rule_create( + nxt_task_t *task, nxt_mp_t *mp, nxt_conf_value_t *cv); +nxt_int_t nxt_http_route_addr_rule(nxt_http_request_t *r, + nxt_http_route_addr_rule_t *addr_rule, nxt_sockaddr_t *sockaddr); +nxt_http_route_rule_t *nxt_http_route_types_rule_create(nxt_task_t *task, + nxt_mp_t *mp, nxt_conf_value_t *types); nxt_int_t nxt_http_route_test_rule(nxt_http_request_t *r, nxt_http_route_rule_t *rule, u_char *start, size_t length); +nxt_int_t nxt_http_action_init(nxt_task_t *task, nxt_router_temp_conf_t *tmcf, + nxt_conf_value_t *cv, nxt_http_action_t *action); +void nxt_http_request_action(nxt_task_t *task, nxt_http_request_t *r, + nxt_http_action_t *action); + nxt_int_t nxt_upstreams_create(nxt_task_t *task, nxt_router_temp_conf_t *tmcf, nxt_conf_value_t *conf); nxt_int_t nxt_upstreams_joint_create(nxt_router_temp_conf_t *tmcf, nxt_upstream_t ***upstream_joint); -void nxt_http_request_action(nxt_task_t *task, nxt_http_request_t *r, - nxt_http_action_t *action); - -nxt_http_action_t *nxt_http_return_handler(nxt_task_t *task, - nxt_http_request_t *r, nxt_http_action_t *action); +nxt_int_t nxt_http_return_init(nxt_mp_t *mp, nxt_http_action_t *action, + nxt_http_action_conf_t *acf); -nxt_http_action_t *nxt_http_static_handler(nxt_task_t *task, - nxt_http_request_t *r, nxt_http_action_t *action); +nxt_int_t nxt_http_static_init(nxt_task_t *task, nxt_router_temp_conf_t *tmcf, + nxt_http_action_t *action, nxt_http_action_conf_t *acf); nxt_int_t nxt_http_static_mtypes_init(nxt_mp_t *mp, nxt_lvlhsh_t *hash); nxt_int_t nxt_http_static_mtypes_hash_add(nxt_mp_t *mp, nxt_lvlhsh_t *hash, - nxt_str_t *extension, nxt_str_t *type); -nxt_str_t *nxt_http_static_mtypes_hash_find(nxt_lvlhsh_t *hash, - nxt_str_t *extension); + nxt_str_t *exten, nxt_str_t *type); +nxt_str_t *nxt_http_static_mtype_get(nxt_lvlhsh_t *hash, nxt_str_t *exten); nxt_http_action_t *nxt_http_application_handler(nxt_task_t *task, nxt_http_request_t *r, nxt_http_action_t *action); @@ -337,8 +356,8 @@ nxt_int_t nxt_upstream_find(nxt_upstreams_t *upstreams, nxt_str_t *name, nxt_http_action_t *nxt_upstream_proxy_handler(nxt_task_t *task, nxt_http_request_t *r, nxt_upstream_t *upstream); - -nxt_int_t nxt_http_proxy_create(nxt_mp_t *mp, nxt_http_action_t *action); +nxt_int_t nxt_http_proxy_init(nxt_mp_t *mp, nxt_http_action_t *action, + nxt_http_action_conf_t *acf); nxt_int_t nxt_http_proxy_date(void *ctx, nxt_http_field_t *field, uintptr_t data); nxt_int_t nxt_http_proxy_content_length(void *ctx, nxt_http_field_t *field, diff --git a/src/nxt_http_chunk_parse.c b/src/nxt_http_chunk_parse.c index be3a2023..deab116d 100644 --- a/src/nxt_http_chunk_parse.c +++ b/src/nxt_http_chunk_parse.c @@ -253,7 +253,6 @@ nxt_http_chunk_buf_completion(nxt_task_t *task, void *obj, void *data) nxt_buf_t *b, *next, *parent; b = obj; - parent = data; nxt_debug(task, "buf completion: %p %p", b, b->mem.start); diff --git a/src/nxt_http_proxy.c b/src/nxt_http_proxy.c index 338d9fce..6aa3aabb 100644 --- a/src/nxt_http_proxy.c +++ b/src/nxt_http_proxy.c @@ -21,7 +21,7 @@ static void nxt_http_proxy_upstream_ready(nxt_task_t *task, nxt_upstream_server_t *us); static void nxt_http_proxy_upstream_error(nxt_task_t *task, nxt_upstream_server_t *us); -static nxt_http_action_t *nxt_http_proxy_handler(nxt_task_t *task, +static nxt_http_action_t *nxt_http_proxy(nxt_task_t *task, nxt_http_request_t *r, nxt_http_action_t *action); static void nxt_http_proxy_header_send(nxt_task_t *task, void *obj, void *data); static void nxt_http_proxy_header_sent(nxt_task_t *task, void *obj, void *data); @@ -50,7 +50,8 @@ static const nxt_upstream_peer_state_t nxt_upstream_proxy_state = { nxt_int_t -nxt_http_proxy_create(nxt_mp_t *mp, nxt_http_action_t *action) +nxt_http_proxy_init(nxt_mp_t *mp, nxt_http_action_t *action, + nxt_http_action_conf_t *acf) { nxt_str_t name; nxt_sockaddr_t *sa; @@ -58,7 +59,7 @@ nxt_http_proxy_create(nxt_mp_t *mp, nxt_http_action_t *action) nxt_upstream_proxy_t *proxy; sa = NULL; - name = action->name; + nxt_conf_get_string(acf->proxy, &name); if (nxt_str_start(&name, "http://", 7)) { name.length -= 7; @@ -92,7 +93,7 @@ nxt_http_proxy_create(nxt_mp_t *mp, nxt_http_action_t *action) up->type.proxy = proxy; action->u.upstream = up; - action->handler = nxt_http_proxy_handler; + action->handler = nxt_http_proxy; } return NXT_OK; @@ -100,10 +101,16 @@ nxt_http_proxy_create(nxt_mp_t *mp, nxt_http_action_t *action) static nxt_http_action_t * -nxt_http_proxy_handler(nxt_task_t *task, nxt_http_request_t *r, +nxt_http_proxy(nxt_task_t *task, nxt_http_request_t *r, nxt_http_action_t *action) { - return nxt_upstream_proxy_handler(task, r, action->u.upstream); + nxt_upstream_t *u; + + u = action->u.upstream; + + nxt_debug(task, "http proxy: \"%V\"", &u->name); + + return nxt_upstream_proxy_handler(task, r, u); } diff --git a/src/nxt_http_request.c b/src/nxt_http_request.c index 779cfcf8..b71b25d9 100644 --- a/src/nxt_http_request.c +++ b/src/nxt_http_request.c @@ -10,6 +10,10 @@ static nxt_int_t nxt_http_validate_host(nxt_str_t *host, nxt_mp_t *mp); static void nxt_http_request_start(nxt_task_t *task, void *obj, void *data); +static nxt_int_t nxt_http_request_client_ip(nxt_task_t *task, + nxt_http_request_t *r); +static nxt_sockaddr_t *nxt_http_request_client_ip_sockaddr( + nxt_http_request_t *r, u_char *start, size_t len); static void nxt_http_request_ready(nxt_task_t *task, void *obj, void *data); static void nxt_http_request_proto_info(nxt_task_t *task, nxt_http_request_t *r); @@ -272,16 +276,162 @@ static const nxt_http_request_state_t nxt_http_request_init_state static void nxt_http_request_start(nxt_task_t *task, void *obj, void *data) { + nxt_int_t ret; nxt_http_request_t *r; r = obj; r->state = &nxt_http_request_body_state; + ret = nxt_http_request_client_ip(task, r); + if (nxt_slow_path(ret != NXT_OK)) { + nxt_http_request_error(task, r, NXT_HTTP_INTERNAL_SERVER_ERROR); + } + nxt_http_request_read_body(task, r); } +static nxt_int_t +nxt_http_request_client_ip(nxt_task_t *task, nxt_http_request_t *r) +{ + u_char *start, *p; + nxt_int_t ret, i, len; + nxt_str_t *header; + nxt_array_t *fields_arr; /* of nxt_http_field_t * */ + nxt_sockaddr_t *sa, *prev_sa; + nxt_http_field_t *f, **fields; + nxt_http_client_ip_t *client_ip; + + client_ip = r->conf->socket_conf->client_ip; + + if (client_ip == NULL) { + return NXT_OK; + } + + ret = nxt_http_route_addr_rule(r, client_ip->source, r->remote); + if (ret <= 0) { + return NXT_OK; + } + + header = client_ip->header; + + fields_arr = nxt_array_create(r->mem_pool, 2, sizeof(nxt_http_field_t *)); + if (nxt_slow_path(fields_arr == NULL)) { + return NXT_ERROR; + } + + nxt_list_each(f, r->fields) { + if (f->hash == client_ip->header_hash + && f->name_length == client_ip->header->length + && f->value_length > 0 + && nxt_memcasecmp(f->name, header->start, header->length) == 0) + { + fields = nxt_array_add(fields_arr); + if (nxt_slow_path(fields == NULL)) { + return NXT_ERROR; + } + + *fields = f; + } + } nxt_list_loop; + + prev_sa = r->remote; + fields = (nxt_http_field_t **) fields_arr->elts; + + i = fields_arr->nelts; + + while (i-- > 0) { + f = fields[i]; + start = f->value; + len = f->value_length; + + do { + for (p = start + len - 1; p > start; p--, len--) { + if (*p != ' ' && *p != ',') { + break; + } + } + + for (/* void */; p > start; p--) { + if (*p == ' ' || *p == ',') { + p++; + break; + } + } + + sa = nxt_http_request_client_ip_sockaddr(r, p, len - (p - start)); + if (nxt_slow_path(sa == NULL)) { + if (prev_sa != NULL) { + r->remote = prev_sa; + } + + return NXT_OK; + } + + if (!client_ip->recursive) { + r->remote = sa; + + return NXT_OK; + } + + ret = nxt_http_route_addr_rule(r, client_ip->source, sa); + if (ret <= 0 || (i == 0 && p == start)) { + r->remote = sa; + + return NXT_OK; + } + + prev_sa = sa; + len = p - 1 - start; + + } while (len > 0); + } + + return NXT_OK; +} + + +static nxt_sockaddr_t * +nxt_http_request_client_ip_sockaddr(nxt_http_request_t *r, u_char *start, + size_t len) +{ + nxt_str_t addr; + nxt_sockaddr_t *sa; + + addr.start = start; + addr.length = len; + + sa = nxt_sockaddr_parse_optport(r->mem_pool, &addr); + if (nxt_slow_path(sa == NULL)) { + return NULL; + } + + switch (sa->u.sockaddr.sa_family) { + case AF_INET: + if (sa->u.sockaddr_in.sin_addr.s_addr == INADDR_ANY) { + return NULL; + } + + break; + +#if (NXT_INET6) + case AF_INET6: + if (IN6_IS_ADDR_UNSPECIFIED(&sa->u.sockaddr_in6.sin6_addr)) { + return NULL; + } + + break; +#endif /* NXT_INET6 */ + + default: + return NULL; + } + + return sa; +} + + static const nxt_http_request_state_t nxt_http_request_body_state nxt_aligned(64) = { @@ -348,9 +498,7 @@ nxt_http_application_handler(nxt_task_t *task, nxt_http_request_t *r, nxt_str_set(&r->server_name, "localhost"); } - r->app_target = action->u.app.target; - - nxt_router_process_http_request(task, r, action->u.app.application); + nxt_router_process_http_request(task, r, action); return NULL; } diff --git a/src/nxt_http_return.c b/src/nxt_http_return.c index c466cc25..18fd490d 100644 --- a/src/nxt_http_return.c +++ b/src/nxt_http_return.c @@ -7,29 +7,90 @@ #include <nxt_http.h> +typedef struct { + nxt_http_status_t status; + nxt_str_t location; +} nxt_http_return_conf_t; + + +static nxt_http_action_t *nxt_http_return(nxt_task_t *task, + nxt_http_request_t *r, nxt_http_action_t *action); + + static const nxt_http_request_state_t nxt_http_return_send_state; +nxt_int_t +nxt_http_return_init(nxt_mp_t *mp, nxt_http_action_t *action, + nxt_http_action_conf_t *acf) +{ + nxt_str_t *loc; + nxt_uint_t encode; + nxt_http_return_conf_t *conf; + + conf = nxt_mp_zget(mp, sizeof(nxt_http_return_conf_t)); + if (nxt_slow_path(conf == NULL)) { + return NXT_ERROR; + } + + action->handler = nxt_http_return; + action->u.conf = conf; + + conf->status = nxt_conf_get_number(acf->ret); + + if (acf->location.length > 0) { + if (nxt_is_complex_uri_encoded(acf->location.start, + acf->location.length)) + { + loc = nxt_str_dup(mp, &conf->location, &acf->location); + if (nxt_slow_path(loc == NULL)) { + return NXT_ERROR; + } + + } else { + loc = &conf->location; + + encode = nxt_encode_complex_uri(NULL, acf->location.start, + acf->location.length); + loc->length = acf->location.length + encode * 2; + + loc->start = nxt_mp_nget(mp, loc->length); + if (nxt_slow_path(loc->start == NULL)) { + return NXT_ERROR; + } + + nxt_encode_complex_uri(loc->start, acf->location.start, + acf->location.length); + } + } + + return NXT_OK; +} + + nxt_http_action_t * -nxt_http_return_handler(nxt_task_t *task, nxt_http_request_t *r, +nxt_http_return(nxt_task_t *task, nxt_http_request_t *r, nxt_http_action_t *action) { - nxt_http_field_t *field; - nxt_http_status_t status; + nxt_http_field_t *field; + nxt_http_return_conf_t *conf; + + conf = action->u.conf; - status = action->u.return_code; + nxt_debug(task, "http return: %d (loc: \"%V\")", + conf->status, &conf->location); - if (status >= NXT_HTTP_BAD_REQUEST - && status <= NXT_HTTP_SERVER_ERROR_MAX) + if (conf->status >= NXT_HTTP_BAD_REQUEST + && conf->status <= NXT_HTTP_SERVER_ERROR_MAX) { - nxt_http_request_error(task, r, status); + nxt_http_request_error(task, r, conf->status); return NULL; } - r->status = status; + r->status = conf->status; r->resp.content_length_n = 0; - if (action->name.length > 0) { + if (conf->location.length > 0) { field = nxt_list_zero_add(r->resp.fields); if (nxt_slow_path(field == NULL)) { nxt_http_request_error(task, r, NXT_HTTP_INTERNAL_SERVER_ERROR); @@ -38,8 +99,8 @@ nxt_http_return_handler(nxt_task_t *task, nxt_http_request_t *r, nxt_http_field_name_set(field, "Location"); - field->value = action->name.start; - field->value_length = action->name.length; + field->value = conf->location.start; + field->value_length = conf->location.length; } r->state = &nxt_http_return_send_state; diff --git a/src/nxt_http_route.c b/src/nxt_http_route.c index 15b85544..cff69f96 100644 --- a/src/nxt_http_route.c +++ b/src/nxt_http_route.c @@ -47,20 +47,6 @@ typedef enum { typedef struct { - nxt_conf_value_t *pass; - nxt_conf_value_t *ret; - nxt_str_t location; - nxt_conf_value_t *proxy; - nxt_conf_value_t *share; - nxt_str_t chroot; - nxt_conf_value_t *follow_symlinks; - nxt_conf_value_t *traverse_mounts; - nxt_conf_value_t *types; - nxt_conf_value_t *fallback; -} nxt_http_route_action_conf_t; - - -typedef struct { nxt_conf_value_t *host; nxt_conf_value_t *uri; nxt_conf_value_t *method; @@ -149,12 +135,12 @@ typedef struct { } nxt_http_route_table_t; -typedef struct { +struct nxt_http_route_addr_rule_s { /* The object must be the first field. */ nxt_http_route_object_t object:8; uint32_t items; nxt_http_route_addr_pattern_t addr_pattern[0]; -} nxt_http_route_addr_rule_t; +}; typedef union { @@ -199,9 +185,6 @@ static nxt_http_route_t *nxt_http_route_create(nxt_task_t *task, nxt_router_temp_conf_t *tmcf, nxt_conf_value_t *cv); static nxt_http_route_match_t *nxt_http_route_match_create(nxt_task_t *task, nxt_router_temp_conf_t *tmcf, nxt_conf_value_t *cv); -static nxt_int_t nxt_http_route_action_create(nxt_task_t *task, - nxt_router_temp_conf_t *tmcf, nxt_conf_value_t *cv, - nxt_http_action_t *action); static nxt_http_route_table_t *nxt_http_route_table_create(nxt_task_t *task, nxt_mp_t *mp, nxt_conf_value_t *table_cv, nxt_http_route_object_t object, nxt_bool_t case_sensitive, nxt_http_route_encoding_t encoding); @@ -211,8 +194,6 @@ static nxt_http_route_ruleset_t *nxt_http_route_ruleset_create(nxt_task_t *task, static nxt_http_route_rule_t *nxt_http_route_rule_name_create(nxt_task_t *task, nxt_mp_t *mp, nxt_conf_value_t *rule_cv, nxt_str_t *name, nxt_bool_t case_sensitive, nxt_http_route_encoding_t encoding); -static nxt_http_route_addr_rule_t *nxt_http_route_addr_rule_create( - nxt_task_t *task, nxt_mp_t *mp, nxt_conf_value_t *cv); static nxt_http_route_rule_t *nxt_http_route_rule_create(nxt_task_t *task, nxt_mp_t *mp, nxt_conf_value_t *cv, nxt_bool_t case_sensitive, nxt_http_route_pattern_case_t pattern_case, @@ -254,8 +235,6 @@ static nxt_int_t nxt_http_route_table(nxt_http_request_t *r, nxt_http_route_table_t *table); static nxt_int_t nxt_http_route_ruleset(nxt_http_request_t *r, nxt_http_route_ruleset_t *ruleset); -static nxt_int_t nxt_http_route_addr_rule(nxt_http_request_t *r, - nxt_http_route_addr_rule_t *addr_rule, nxt_sockaddr_t *sockaddr); static nxt_int_t nxt_http_route_rule(nxt_http_request_t *r, nxt_http_route_rule_t *rule); static nxt_int_t nxt_http_route_header(nxt_http_request_t *r, @@ -476,7 +455,7 @@ nxt_http_route_match_create(nxt_task_t *task, nxt_router_temp_conf_t *tmcf, return NULL; } - ret = nxt_http_route_action_create(task, tmcf, action_conf, &match->action); + ret = nxt_http_action_init(task, tmcf, action_conf, &match->action); if (nxt_slow_path(ret != NXT_OK)) { return NULL; } @@ -617,77 +596,69 @@ static nxt_conf_map_t nxt_http_route_action_conf[] = { { nxt_string("pass"), NXT_CONF_MAP_PTR, - offsetof(nxt_http_route_action_conf_t, pass) + offsetof(nxt_http_action_conf_t, pass) }, { nxt_string("return"), NXT_CONF_MAP_PTR, - offsetof(nxt_http_route_action_conf_t, ret) + offsetof(nxt_http_action_conf_t, ret) }, { nxt_string("location"), NXT_CONF_MAP_STR, - offsetof(nxt_http_route_action_conf_t, location) + offsetof(nxt_http_action_conf_t, location) }, { nxt_string("proxy"), NXT_CONF_MAP_PTR, - offsetof(nxt_http_route_action_conf_t, proxy) + offsetof(nxt_http_action_conf_t, proxy) }, { nxt_string("share"), NXT_CONF_MAP_PTR, - offsetof(nxt_http_route_action_conf_t, share) + offsetof(nxt_http_action_conf_t, share) }, { nxt_string("chroot"), NXT_CONF_MAP_STR, - offsetof(nxt_http_route_action_conf_t, chroot) + offsetof(nxt_http_action_conf_t, chroot) }, { nxt_string("follow_symlinks"), NXT_CONF_MAP_PTR, - offsetof(nxt_http_route_action_conf_t, follow_symlinks) + offsetof(nxt_http_action_conf_t, follow_symlinks) }, { nxt_string("traverse_mounts"), NXT_CONF_MAP_PTR, - offsetof(nxt_http_route_action_conf_t, traverse_mounts) + offsetof(nxt_http_action_conf_t, traverse_mounts) }, { nxt_string("types"), NXT_CONF_MAP_PTR, - offsetof(nxt_http_route_action_conf_t, types) + offsetof(nxt_http_action_conf_t, types) }, { nxt_string("fallback"), NXT_CONF_MAP_PTR, - offsetof(nxt_http_route_action_conf_t, fallback) + offsetof(nxt_http_action_conf_t, fallback) }, }; -static nxt_int_t -nxt_http_route_action_create(nxt_task_t *task, nxt_router_temp_conf_t *tmcf, +nxt_int_t +nxt_http_action_init(nxt_task_t *task, nxt_router_temp_conf_t *tmcf, nxt_conf_value_t *cv, nxt_http_action_t *action) { -#if (NXT_HAVE_OPENAT2) - u_char *p; - uint8_t slash; - nxt_str_t *chroot; -#endif - nxt_mp_t *mp; - nxt_int_t ret; - nxt_str_t name, *string; - nxt_uint_t encode; - nxt_conf_value_t *conf; - nxt_http_route_rule_t *rule; - nxt_http_route_action_conf_t accf; + nxt_mp_t *mp; + nxt_int_t ret; + nxt_str_t name, *string; + nxt_http_action_conf_t acf; - nxt_memzero(&accf, sizeof(accf)); + nxt_memzero(&acf, sizeof(acf)); ret = nxt_conf_map_object(tmcf->mem_pool, cv, nxt_http_route_action_conf, - nxt_nitems(nxt_http_route_action_conf), &accf); + nxt_nitems(nxt_http_route_action_conf), &acf); if (ret != NXT_OK) { return ret; } @@ -696,126 +667,25 @@ nxt_http_route_action_create(nxt_task_t *task, nxt_router_temp_conf_t *tmcf, mp = tmcf->router_conf->mem_pool; - if (accf.ret != NULL) { - action->handler = nxt_http_return_handler; - action->u.return_code = nxt_conf_get_number(accf.ret); - - if (accf.location.length > 0) { - if (nxt_is_complex_uri_encoded(accf.location.start, - accf.location.length)) - { - string = nxt_str_dup(mp, &action->name, &accf.location); - if (nxt_slow_path(string == NULL)) { - return NXT_ERROR; - } - - } else { - string = &action->name; - - encode = nxt_encode_complex_uri(NULL, accf.location.start, - accf.location.length); - string->length = accf.location.length + encode * 2; - - string->start = nxt_mp_nget(mp, string->length); - if (nxt_slow_path(string->start == NULL)) { - return NXT_ERROR; - } - - nxt_encode_complex_uri(string->start, accf.location.start, - accf.location.length); - } - } - - return NXT_OK; + if (acf.ret != NULL) { + return nxt_http_return_init(mp, action, &acf); } - if (accf.share != NULL) { - conf = accf.share; - - } else if (accf.proxy != NULL) { - conf = accf.proxy; + if (acf.share != NULL) { + return nxt_http_static_init(task, tmcf, action, &acf); + } - } else { - conf = accf.pass; + if (acf.proxy != NULL) { + return nxt_http_proxy_init(mp, action, &acf); } - nxt_conf_get_string(conf, &name); + nxt_conf_get_string(acf.pass, &name); string = nxt_str_dup(mp, &action->name, &name); if (nxt_slow_path(string == NULL)) { return NXT_ERROR; } - if (accf.share != NULL) { - action->handler = nxt_http_static_handler; - -#if (NXT_HAVE_OPENAT2) - string = &accf.chroot; - chroot = &action->u.share.chroot; - - if (string->length > 0) { - action->u.share.resolve |= RESOLVE_IN_ROOT; - - slash = (string->start[string->length - 1] != '/'); - - chroot->length = string->length + (slash ? 1 : 0); - - chroot->start = nxt_mp_alloc(mp, chroot->length + 1); - if (nxt_slow_path(chroot->start == NULL)) { - return NXT_ERROR; - } - - p = nxt_cpymem(chroot->start, string->start, string->length); - - if (slash) { - *p++ = '/'; - } - - *p = '\0'; - } - - if (accf.follow_symlinks != NULL - && !nxt_conf_get_boolean(accf.follow_symlinks)) - { - action->u.share.resolve |= RESOLVE_NO_SYMLINKS; - } - - if (accf.traverse_mounts != NULL - && !nxt_conf_get_boolean(accf.traverse_mounts)) - { - action->u.share.resolve |= RESOLVE_NO_XDEV; - } -#endif - - if (accf.types != NULL) { - rule = nxt_http_route_rule_create(task, mp, accf.types, 0, - NXT_HTTP_ROUTE_PATTERN_LOWCASE, - NXT_HTTP_ROUTE_ENCODING_NONE); - if (nxt_slow_path(rule == NULL)) { - return NXT_ERROR; - } - - action->u.share.types = rule; - } - - if (accf.fallback != NULL) { - action->u.share.fallback = nxt_mp_alloc(mp, - sizeof(nxt_http_action_t)); - if (nxt_slow_path(action->u.share.fallback == NULL)) { - return NXT_ERROR; - } - - return nxt_http_route_action_create(task, tmcf, accf.fallback, - action->u.share.fallback); - } - - return NXT_OK; - } - - if (accf.proxy != NULL) { - return nxt_http_proxy_create(mp, action); - } - return NXT_OK; } @@ -1066,7 +936,7 @@ nxt_http_route_rule_create(nxt_task_t *task, nxt_mp_t *mp, } -static nxt_http_route_addr_rule_t * +nxt_http_route_addr_rule_t * nxt_http_route_addr_rule_create(nxt_task_t *task, nxt_mp_t *mp, nxt_conf_value_t *cv) { @@ -1119,6 +989,16 @@ nxt_http_route_addr_rule_create(nxt_task_t *task, nxt_mp_t *mp, } +nxt_http_route_rule_t * +nxt_http_route_types_rule_create(nxt_task_t *task, nxt_mp_t *mp, + nxt_conf_value_t *types) +{ + return nxt_http_route_rule_create(task, mp, types, 0, + NXT_HTTP_ROUTE_PATTERN_LOWCASE, + NXT_HTTP_ROUTE_ENCODING_NONE); +} + + static int nxt_http_pattern_compare(const void *one, const void *two) { @@ -1491,15 +1371,12 @@ static nxt_int_t nxt_http_action_resolve(nxt_task_t *task, nxt_router_temp_conf_t *tmcf, nxt_http_action_t *action) { - nxt_var_t *var; nxt_int_t ret; + nxt_var_t *var; if (action->handler != NULL) { - if (action->handler == nxt_http_static_handler - && action->u.share.fallback != NULL) - { - return nxt_http_action_resolve(task, tmcf, - action->u.share.fallback); + if (action->fallback != NULL) { + return nxt_http_action_resolve(task, tmcf, action->fallback); } return NXT_OK; @@ -1601,9 +1478,7 @@ static nxt_int_t nxt_http_pass_find(nxt_task_t *task, nxt_mp_t *mp, nxt_router_conf_t *rtcf, nxt_http_action_t *action) { - nxt_str_t *targets; nxt_int_t ret; - nxt_uint_t i; nxt_str_t segments[3]; ret = nxt_http_pass_segments(mp, &action->name, segments, 3); @@ -1612,24 +1487,8 @@ nxt_http_pass_find(nxt_task_t *task, nxt_mp_t *mp, nxt_router_conf_t *rtcf, } if (nxt_str_eq(&segments[0], "applications", 12)) { - ret = nxt_router_listener_application(rtcf, &segments[1], action); - - if (ret != NXT_OK) { - return ret; - } - - if (segments[2].length != 0) { - targets = action->u.app.application->targets; - - for (i = 0; !nxt_strstr_eq(&segments[2], &targets[i]); i++); - - action->u.app.target = i; - - } else { - action->u.app.target = 0; - } - - return NXT_OK; + return nxt_router_application_init(rtcf, &segments[1], &segments[2], + action); } if (segments[2].length == 0) { @@ -1704,6 +1563,10 @@ nxt_http_route_find(nxt_http_routes_t *routes, nxt_str_t *name, { nxt_http_route_t **route, **end; + if (routes == NULL) { + return NXT_DECLINED; + } + route = &routes->route[0]; end = route + routes->items; @@ -1762,9 +1625,7 @@ nxt_http_pass_application(nxt_task_t *task, nxt_router_conf_t *rtcf, action->name = *name; - (void) nxt_router_listener_application(rtcf, name, action); - - action->u.app.target = 0; + (void) nxt_router_application_init(rtcf, name, NULL, action); return action; } @@ -2062,7 +1923,7 @@ nxt_http_route_addr_pattern_match(nxt_http_route_addr_pattern_t *p, } -static nxt_int_t +nxt_int_t nxt_http_route_addr_rule(nxt_http_request_t *r, nxt_http_route_addr_rule_t *addr_rule, nxt_sockaddr_t *sa) { @@ -2071,6 +1932,11 @@ nxt_http_route_addr_rule(nxt_http_request_t *r, nxt_http_route_addr_pattern_t *p; n = addr_rule->items; + + if (n == 0) { + return 0; + } + p = &addr_rule->addr_pattern[0] - 1; do { diff --git a/src/nxt_http_route_addr.c b/src/nxt_http_route_addr.c index 6d4955ed..2907a902 100644 --- a/src/nxt_http_route_addr.c +++ b/src/nxt_http_route_addr.c @@ -8,7 +8,6 @@ #include <nxt_http_route_addr.h> -static nxt_bool_t nxt_str_looks_like_ipv6(const nxt_str_t *str); #if (NXT_INET6) static nxt_bool_t nxt_valid_ipv6_blocks(u_char *c, size_t len); #endif @@ -57,7 +56,7 @@ nxt_http_route_addr_pattern_parse(nxt_mp_t *mp, goto parse_port; } - if (nxt_str_looks_like_ipv6(&addr)) { + if (nxt_inet6_probe(&addr)) { #if (NXT_INET6) u_char *end; uint8_t i; @@ -304,22 +303,6 @@ parse_port: } -static nxt_bool_t -nxt_str_looks_like_ipv6(const nxt_str_t *str) -{ - u_char *colon, *end; - - colon = nxt_memchr(str->start, ':', str->length); - - if (colon != NULL) { - end = str->start + str->length; - colon = nxt_memchr(colon + 1, ':', end - (colon + 1)); - } - - return (colon != NULL); -} - - #if (NXT_INET6) static nxt_bool_t diff --git a/src/nxt_http_static.c b/src/nxt_http_static.c index c8b73fac..9b79a666 100644 --- a/src/nxt_http_static.c +++ b/src/nxt_http_static.c @@ -7,12 +7,22 @@ #include <nxt_http.h> +typedef struct { + nxt_str_t share; + nxt_str_t chroot; + nxt_uint_t resolve; + nxt_http_route_rule_t *types; +} nxt_http_static_conf_t; + + #define NXT_HTTP_STATIC_BUF_COUNT 2 #define NXT_HTTP_STATIC_BUF_SIZE (128 * 1024) +static nxt_http_action_t *nxt_http_static(nxt_task_t *task, + nxt_http_request_t *r, nxt_http_action_t *action); static void nxt_http_static_extract_extension(nxt_str_t *path, - nxt_str_t *extension); + nxt_str_t *exten); static void nxt_http_static_body_handler(nxt_task_t *task, void *obj, void *data); static void nxt_http_static_buf_completion(nxt_task_t *task, void *obj, @@ -27,30 +37,122 @@ static void nxt_http_static_mtypes_hash_free(void *data, void *p); static const nxt_http_request_state_t nxt_http_static_send_state; -nxt_http_action_t * -nxt_http_static_handler(nxt_task_t *task, nxt_http_request_t *r, +nxt_int_t +nxt_http_static_init(nxt_task_t *task, nxt_router_temp_conf_t *tmcf, + nxt_http_action_t *action, nxt_http_action_conf_t *acf) +{ + nxt_mp_t *mp; + nxt_str_t *str, value; + nxt_http_static_conf_t *conf; + + mp = tmcf->router_conf->mem_pool; + + conf = nxt_mp_zget(mp, sizeof(nxt_http_static_conf_t)); + if (nxt_slow_path(conf == NULL)) { + return NXT_ERROR; + } + + action->handler = nxt_http_static; + action->u.conf = conf; + + nxt_conf_get_string(acf->share, &value); + + str = nxt_str_dup(mp, &conf->share, &value); + if (nxt_slow_path(str == NULL)) { + return NXT_ERROR; + } + +#if (NXT_HAVE_OPENAT2) + if (acf->chroot.length > 0) { + u_char *p; + nxt_str_t slash; + + if (acf->chroot.start[acf->chroot.length - 1] != '/') { + nxt_str_set(&slash, "/"); + + } else { + nxt_str_set(&slash, ""); + } + + value.length = acf->chroot.length + slash.length; + + value.start = nxt_mp_alloc(mp, value.length + 1); + if (nxt_slow_path(value.start == NULL)) { + return NXT_ERROR; + } + + p = value.start; + p = nxt_cpymem(p, acf->chroot.start, acf->chroot.length); + p = nxt_cpymem(p, slash.start, slash.length); + *p = '\0'; + + conf->chroot = value; + conf->resolve |= RESOLVE_IN_ROOT; + } + + if (acf->follow_symlinks != NULL + && !nxt_conf_get_boolean(acf->follow_symlinks)) + { + conf->resolve |= RESOLVE_NO_SYMLINKS; + } + + if (acf->traverse_mounts != NULL + && !nxt_conf_get_boolean(acf->traverse_mounts)) + { + conf->resolve |= RESOLVE_NO_XDEV; + } +#endif + + if (acf->types != NULL) { + conf->types = nxt_http_route_types_rule_create(task, mp, acf->types); + if (nxt_slow_path(conf->types == NULL)) { + return NXT_ERROR; + } + } + + if (acf->fallback != NULL) { + action->fallback = nxt_mp_alloc(mp, sizeof(nxt_http_action_t)); + if (nxt_slow_path(action->fallback == NULL)) { + return NXT_ERROR; + } + + return nxt_http_action_init(task, tmcf, acf->fallback, + action->fallback); + } + + return NXT_OK; +} + + +static nxt_http_action_t * +nxt_http_static(nxt_task_t *task, nxt_http_request_t *r, nxt_http_action_t *action) { - size_t length, encode; - u_char *p, *fname; - struct tm tm; - nxt_buf_t *fb; - nxt_int_t ret; - nxt_str_t index, extension, *mtype, *chroot; - nxt_uint_t level; - nxt_bool_t need_body; - nxt_file_t *f, file; - nxt_file_info_t fi; - nxt_http_field_t *field; - nxt_http_status_t status; - nxt_router_conf_t *rtcf; - nxt_work_handler_t body_handler; + size_t length, encode; + u_char *p, *fname; + struct tm tm; + nxt_buf_t *fb; + nxt_int_t ret; + nxt_str_t index, exten, *mtype, *chroot; + nxt_uint_t level; + nxt_bool_t need_body; + nxt_file_t *f, file; + nxt_file_info_t fi; + nxt_http_field_t *field; + nxt_http_status_t status; + nxt_router_conf_t *rtcf; + nxt_work_handler_t body_handler; + nxt_http_static_conf_t *conf; + + conf = action->u.conf; + + nxt_debug(task, "http static: \"%V\"", &conf->share); if (nxt_slow_path(!nxt_str_eq(r->method, "GET", 3))) { if (!nxt_str_eq(r->method, "HEAD", 4)) { - if (action->u.share.fallback != NULL) { - return action->u.share.fallback; + if (action->fallback != NULL) { + return action->fallback; } nxt_http_request_error(task, r, NXT_HTTP_METHOD_NOT_ALLOWED); @@ -66,11 +168,11 @@ nxt_http_static_handler(nxt_task_t *task, nxt_http_request_t *r, if (r->path->start[r->path->length - 1] == '/') { /* TODO: dynamic index setting. */ nxt_str_set(&index, "index.html"); - nxt_str_set(&extension, ".html"); + nxt_str_set(&exten, ".html"); } else { nxt_str_set(&index, ""); - nxt_str_null(&extension); + nxt_str_null(&exten); } f = NULL; @@ -79,20 +181,19 @@ nxt_http_static_handler(nxt_task_t *task, nxt_http_request_t *r, mtype = NULL; - if (action->u.share.types != NULL && extension.start == NULL) { - nxt_http_static_extract_extension(r->path, &extension); - mtype = nxt_http_static_mtypes_hash_find(&rtcf->mtypes_hash, - &extension); + if (conf->types != NULL && exten.start == NULL) { + nxt_http_static_extract_extension(r->path, &exten); + mtype = nxt_http_static_mtype_get(&rtcf->mtypes_hash, &exten); - ret = nxt_http_route_test_rule(r, action->u.share.types, - mtype->start, mtype->length); + ret = nxt_http_route_test_rule(r, conf->types, mtype->start, + mtype->length); if (nxt_slow_path(ret == NXT_ERROR)) { goto fail; } if (ret == 0) { - if (action->u.share.fallback != NULL) { - return action->u.share.fallback; + if (action->fallback != NULL) { + return action->fallback; } nxt_http_request_error(task, r, NXT_HTTP_FORBIDDEN); @@ -100,7 +201,7 @@ nxt_http_static_handler(nxt_task_t *task, nxt_http_request_t *r, } } - length = action->name.length + r->path->length + index.length; + length = conf->share.length + r->path->length + index.length; fname = nxt_mp_nget(r->mem_pool, length + 1); if (nxt_slow_path(fname == NULL)) { @@ -108,7 +209,7 @@ nxt_http_static_handler(nxt_task_t *task, nxt_http_request_t *r, } p = fname; - p = nxt_cpymem(p, action->name.start, action->name.length); + p = nxt_cpymem(p, conf->share.start, conf->share.length); p = nxt_cpymem(p, r->path->start, r->path->length); p = nxt_cpymem(p, index.start, index.length); *p = '\0'; @@ -117,11 +218,10 @@ nxt_http_static_handler(nxt_task_t *task, nxt_http_request_t *r, file.name = fname; - chroot = &action->u.share.chroot; + chroot = &conf->chroot; #if (NXT_HAVE_OPENAT2) - - if (action->u.share.resolve != 0) { + if (conf->resolve != 0) { if (chroot->length > 0) { file.name = chroot->start; @@ -156,8 +256,7 @@ nxt_http_static_handler(nxt_task_t *task, nxt_http_request_t *r, file.name = fname; ret = nxt_file_openat2(task, &file, NXT_FILE_RDONLY, - NXT_FILE_OPEN, 0, af.fd, - action->u.share.resolve); + NXT_FILE_OPEN, 0, af.fd, conf->resolve); if (af.fd != AT_FDCWD) { nxt_file_close(task, &af); @@ -169,9 +268,7 @@ nxt_http_static_handler(nxt_task_t *task, nxt_http_request_t *r, } #else - ret = nxt_file_open(task, &file, NXT_FILE_RDONLY, NXT_FILE_OPEN, 0); - #endif if (nxt_slow_path(ret != NXT_OK)) { @@ -211,8 +308,8 @@ nxt_http_static_handler(nxt_task_t *task, nxt_http_request_t *r, break; } - if (level == NXT_LOG_ERR && action->u.share.fallback != NULL) { - return action->u.share.fallback; + if (level == NXT_LOG_ERR && action->fallback != NULL) { + return action->fallback; } if (status != NXT_HTTP_NOT_FOUND) { @@ -283,13 +380,12 @@ nxt_http_static_handler(nxt_task_t *task, nxt_http_request_t *r, nxt_file_size(&fi)) - p; - if (extension.start == NULL) { - nxt_http_static_extract_extension(r->path, &extension); + if (exten.start == NULL) { + nxt_http_static_extract_extension(r->path, &exten); } if (mtype == NULL) { - mtype = nxt_http_static_mtypes_hash_find(&rtcf->mtypes_hash, - &extension); + mtype = nxt_http_static_mtype_get(&rtcf->mtypes_hash, &exten); } if (mtype->length != 0) { @@ -328,8 +424,8 @@ nxt_http_static_handler(nxt_task_t *task, nxt_http_request_t *r, nxt_file_close(task, f); if (nxt_slow_path(!nxt_is_dir(&fi))) { - if (action->u.share.fallback != NULL) { - return action->u.share.fallback; + if (action->fallback != NULL) { + return action->fallback; } nxt_log(task, NXT_LOG_ERR, "\"%FN\" is not a regular file", @@ -401,7 +497,7 @@ fail: static void -nxt_http_static_extract_extension(nxt_str_t *path, nxt_str_t *extension) +nxt_http_static_extract_extension(nxt_str_t *path, nxt_str_t *exten) { u_char ch, *p, *end; @@ -419,8 +515,8 @@ nxt_http_static_extract_extension(nxt_str_t *path, nxt_str_t *extension) p++; /* Fall through. */ case '.': - extension->length = end - p; - extension->start = p; + exten->length = end - p; + exten->start = p; return; } } @@ -571,13 +667,13 @@ clean: nxt_int_t nxt_http_static_mtypes_init(nxt_mp_t *mp, nxt_lvlhsh_t *hash) { - nxt_str_t *type, extension; + nxt_str_t *type, exten; nxt_int_t ret; nxt_uint_t i; static const struct { nxt_str_t type; - const char *extension; + const char *exten; } default_types[] = { { nxt_string("text/html"), ".html" }, @@ -644,10 +740,10 @@ nxt_http_static_mtypes_init(nxt_mp_t *mp, nxt_lvlhsh_t *hash) for (i = 0; i < nxt_nitems(default_types); i++) { type = (nxt_str_t *) &default_types[i].type; - extension.start = (u_char *) default_types[i].extension; - extension.length = nxt_strlen(extension.start); + exten.start = (u_char *) default_types[i].exten; + exten.length = nxt_strlen(exten.start); - ret = nxt_http_static_mtypes_hash_add(mp, hash, &extension, type); + ret = nxt_http_static_mtypes_hash_add(mp, hash, &exten, type); if (nxt_slow_path(ret != NXT_OK)) { return NXT_ERROR; } @@ -668,14 +764,14 @@ static const nxt_lvlhsh_proto_t nxt_http_static_mtypes_hash_proto typedef struct { - nxt_str_t extension; + nxt_str_t exten; nxt_str_t *type; } nxt_http_static_mtype_t; nxt_int_t nxt_http_static_mtypes_hash_add(nxt_mp_t *mp, nxt_lvlhsh_t *hash, - nxt_str_t *extension, nxt_str_t *type) + nxt_str_t *exten, nxt_str_t *type) { nxt_lvlhsh_query_t lhq; nxt_http_static_mtype_t *mtype; @@ -685,10 +781,10 @@ nxt_http_static_mtypes_hash_add(nxt_mp_t *mp, nxt_lvlhsh_t *hash, return NXT_ERROR; } - mtype->extension = *extension; + mtype->exten = *exten; mtype->type = type; - lhq.key = *extension; + lhq.key = *exten; lhq.key_hash = nxt_djb_hash_lowcase(lhq.key.start, lhq.key.length); lhq.replace = 1; lhq.value = mtype; @@ -700,14 +796,14 @@ nxt_http_static_mtypes_hash_add(nxt_mp_t *mp, nxt_lvlhsh_t *hash, nxt_str_t * -nxt_http_static_mtypes_hash_find(nxt_lvlhsh_t *hash, nxt_str_t *extension) +nxt_http_static_mtype_get(nxt_lvlhsh_t *hash, nxt_str_t *exten) { nxt_lvlhsh_query_t lhq; nxt_http_static_mtype_t *mtype; static nxt_str_t empty = nxt_string(""); - lhq.key = *extension; + lhq.key = *exten; lhq.key_hash = nxt_djb_hash_lowcase(lhq.key.start, lhq.key.length); lhq.proto = &nxt_http_static_mtypes_hash_proto; @@ -727,8 +823,7 @@ nxt_http_static_mtypes_hash_test(nxt_lvlhsh_query_t *lhq, void *data) mtype = data; - return nxt_strcasestr_eq(&lhq->key, &mtype->extension) ? NXT_OK - : NXT_DECLINED; + return nxt_strcasestr_eq(&lhq->key, &mtype->exten) ? NXT_OK : NXT_DECLINED; } diff --git a/src/nxt_isolation.c b/src/nxt_isolation.c index cab0074b..e3cb1f22 100644 --- a/src/nxt_isolation.c +++ b/src/nxt_isolation.c @@ -126,10 +126,10 @@ nxt_isolation_main_prefork(nxt_task_t *task, nxt_process_t *process, return ret; } - has_mnt = 0; - #if (NXT_HAVE_CLONE_NEWNS) has_mnt = nxt_is_clone_flag_set(process->isolation.clone.flags, NEWNS); +#else + has_mnt = 0; #endif if (process->user_cred->uid == 0 && !has_mnt) { diff --git a/src/nxt_log.h b/src/nxt_log.h index 48742721..0cf10b5c 100644 --- a/src/nxt_log.h +++ b/src/nxt_log.h @@ -48,29 +48,29 @@ nxt_log_level_enough(log, level) \ #define nxt_alert(task, ...) \ do { \ - nxt_log_t *log = (task)->log; \ + nxt_log_t *_log = (task)->log; \ \ - log->handler(NXT_LOG_ALERT, log, __VA_ARGS__); \ + _log->handler(NXT_LOG_ALERT, _log, __VA_ARGS__); \ } while (0) #define nxt_log(task, _level, ...) \ do { \ - nxt_log_t *log = (task)->log; \ + nxt_log_t *_log = (task)->log; \ nxt_uint_t _level_ = (_level); \ \ - if (nxt_slow_path(log->level >= _level_)) { \ - log->handler(_level_, log, __VA_ARGS__); \ + if (nxt_slow_path(_log->level >= _level_)) { \ + _log->handler(_level_, _log, __VA_ARGS__); \ } \ } while (0) #define nxt_trace(task, ...) \ do { \ - nxt_log_t *log = (task)->log; \ + nxt_log_t *_log = (task)->log; \ \ - if (nxt_slow_path(log->level >= NXT_LOG_NOTICE || nxt_trace)) { \ - log->handler(NXT_LOG_NOTICE, log, __VA_ARGS__); \ + if (nxt_slow_path(_log->level >= NXT_LOG_NOTICE || nxt_trace)) { \ + _log->handler(NXT_LOG_NOTICE, _log, __VA_ARGS__); \ } \ } while (0) @@ -99,10 +99,10 @@ nxt_log_error(_level, _log, ...) \ #define nxt_debug(task, ...) \ do { \ - nxt_log_t *log = (task)->log; \ + nxt_log_t *_log = (task)->log; \ \ - if (nxt_slow_path(log->level == NXT_LOG_DEBUG || nxt_debug)) { \ - log->handler(NXT_LOG_DEBUG, log, __VA_ARGS__); \ + if (nxt_slow_path(_log->level == NXT_LOG_DEBUG || nxt_debug)) { \ + _log->handler(NXT_LOG_DEBUG, _log, __VA_ARGS__); \ } \ } while (0) diff --git a/src/nxt_main_process.c b/src/nxt_main_process.c index 00f336f6..16c6a297 100644 --- a/src/nxt_main_process.c +++ b/src/nxt_main_process.c @@ -271,6 +271,11 @@ static nxt_conf_map_t nxt_ruby_app_conf[] = { NXT_CONF_MAP_INT32, offsetof(nxt_common_app_conf_t, u.ruby.threads), }, + { + nxt_string("hooks"), + NXT_CONF_MAP_STR, + offsetof(nxt_common_app_conf_t, u.ruby.hooks), + } }; @@ -342,8 +347,6 @@ nxt_port_main_start_process_handler(nxt_task_t *task, nxt_port_recv_msg_t *msg) nxt_process_init_t *init; nxt_common_app_conf_t *app_conf; - ret = NXT_ERROR; - rt = task->thread->runtime; process = nxt_main_process_new(task, rt); diff --git a/src/nxt_openssl.c b/src/nxt_openssl.c index 2fd5d1bf..273ca7f4 100644 --- a/src/nxt_openssl.c +++ b/src/nxt_openssl.c @@ -11,6 +11,8 @@ #include <openssl/err.h> #include <openssl/rand.h> #include <openssl/x509v3.h> +#include <openssl/bio.h> +#include <openssl/evp.h> typedef struct { @@ -42,15 +44,22 @@ static void nxt_openssl_lock(int mode, int type, const char *file, int line); static unsigned long nxt_openssl_thread_id(void); static void nxt_openssl_locks_free(void); #endif -static nxt_int_t nxt_openssl_server_init(nxt_task_t *task, - nxt_tls_conf_t *conf, nxt_mp_t *mp, nxt_conf_value_t *conf_cmds, - nxt_bool_t last); +static nxt_int_t nxt_openssl_server_init(nxt_task_t *task, nxt_mp_t *mp, + nxt_tls_init_t *tls_init, nxt_bool_t last); static nxt_int_t nxt_openssl_chain_file(nxt_task_t *task, SSL_CTX *ctx, nxt_tls_conf_t *conf, nxt_mp_t *mp, nxt_bool_t single); #if (NXT_HAVE_OPENSSL_CONF_CMD) static nxt_int_t nxt_ssl_conf_commands(nxt_task_t *task, SSL_CTX *ctx, nxt_conf_value_t *value, nxt_mp_t *mp); #endif +#if (NXT_HAVE_OPENSSL_TLSEXT) +static nxt_int_t nxt_tls_ticket_keys(nxt_task_t *task, SSL_CTX *ctx, + nxt_tls_init_t *tls_init, nxt_mp_t *mp); +static int nxt_tls_ticket_key_callback(SSL *s, unsigned char *name, + unsigned char *iv, EVP_CIPHER_CTX *ectx,HMAC_CTX *hctx, int enc); +#endif +static void nxt_ssl_session_cache(SSL_CTX *ctx, size_t cache_size, + time_t timeout); static nxt_uint_t nxt_openssl_cert_get_names(nxt_task_t *task, X509 *cert, nxt_tls_conf_t *conf, nxt_mp_t *mp); static nxt_int_t nxt_openssl_bundle_hash_test(nxt_lvlhsh_query_t *lhq, @@ -265,11 +274,12 @@ nxt_openssl_locks_free(void) static nxt_int_t -nxt_openssl_server_init(nxt_task_t *task, nxt_tls_conf_t *conf, - nxt_mp_t *mp, nxt_conf_value_t *conf_cmds, nxt_bool_t last) +nxt_openssl_server_init(nxt_task_t *task, nxt_mp_t *mp, + nxt_tls_init_t *tls_init, nxt_bool_t last) { SSL_CTX *ctx; const char *ciphers, *ca_certificate; + nxt_tls_conf_t *conf; STACK_OF(X509_NAME) *list; nxt_tls_bundle_conf_t *bundle; @@ -279,6 +289,8 @@ nxt_openssl_server_init(nxt_task_t *task, nxt_tls_conf_t *conf, return NXT_ERROR; } + conf = tls_init->conf; + bundle = conf->bundle; nxt_assert(bundle != NULL); @@ -337,13 +349,21 @@ nxt_openssl_server_init(nxt_task_t *task, nxt_tls_conf_t *conf, } #if (NXT_HAVE_OPENSSL_CONF_CMD) - if (conf_cmds != NULL - && nxt_ssl_conf_commands(task, ctx, conf_cmds, mp) != NXT_OK) + if (tls_init->conf_cmds != NULL + && nxt_ssl_conf_commands(task, ctx, tls_init->conf_cmds, mp) != NXT_OK) { goto fail; } #endif + nxt_ssl_session_cache(ctx, tls_init->cache_size, tls_init->timeout); + +#if (NXT_HAVE_OPENSSL_TLSEXT) + if (nxt_tls_ticket_keys(task, ctx, tls_init, mp) != NXT_OK) { + goto fail; + } +#endif + SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); if (conf->ca_certificate != NULL) { @@ -581,6 +601,257 @@ fail: #endif +#if (NXT_HAVE_OPENSSL_TLSEXT) + +static nxt_int_t +nxt_tls_ticket_keys(nxt_task_t *task, SSL_CTX *ctx, nxt_tls_init_t *tls_init, + nxt_mp_t *mp) +{ + uint32_t i; + nxt_int_t ret; + nxt_str_t value; + nxt_uint_t count; + nxt_conf_value_t *member, *tickets_conf; + nxt_tls_ticket_t *ticket; + nxt_tls_tickets_t *tickets; + u_char buf[80]; + + tickets_conf = tls_init->tickets_conf; + + if (tickets_conf == NULL) { + goto no_ticket; + } + + if (nxt_conf_type(tickets_conf) == NXT_CONF_BOOLEAN) { + if (nxt_conf_get_boolean(tickets_conf) == 0) { + goto no_ticket; + } + + return NXT_OK; + } + + if (nxt_conf_type(tickets_conf) == NXT_CONF_ARRAY) { + count = nxt_conf_array_elements_count(tickets_conf); + + if (count == 0) { + goto no_ticket; + } + + } else { + /* nxt_conf_type(tickets_conf) == NXT_CONF_STRING */ + count = 1; + } + +#ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB + + tickets = nxt_mp_get(mp, sizeof(nxt_tls_tickets_t) + + count * sizeof(nxt_tls_ticket_t)); + if (nxt_slow_path(tickets == NULL)) { + return NXT_ERROR; + } + + tickets->count = count; + tls_init->conf->tickets = tickets; + i = 0; + + do { + ticket = &tickets->tickets[i]; + + i++; + + if (nxt_conf_type(tickets_conf) == NXT_CONF_ARRAY) { + member = nxt_conf_get_array_element(tickets_conf, count - i); + if (member == NULL) { + break; + } + + } else { + /* nxt_conf_type(tickets_conf) == NXT_CONF_STRING */ + member = tickets_conf; + } + + nxt_conf_get_string(member, &value); + + ret = nxt_openssl_base64_decode(buf, 80, value.start, value.length); + if (nxt_slow_path(ret == NXT_ERROR)) { + return NXT_ERROR; + } + + if (ret == 48) { + ticket->aes128 = 1; + nxt_memcpy(ticket->aes_key, buf + 16, 16); + nxt_memcpy(ticket->hmac_key, buf + 32, 16); + + } else { + ticket->aes128 = 0; + nxt_memcpy(ticket->hmac_key, buf + 16, 32); + nxt_memcpy(ticket->aes_key, buf + 48, 32); + } + + nxt_memcpy(ticket->name, buf, 16); + } while (i < count); + + if (SSL_CTX_set_tlsext_ticket_key_cb(ctx, nxt_tls_ticket_key_callback) + == 0) + { + nxt_openssl_log_error(task, NXT_LOG_ALERT, + "Unit was built with Session Tickets support, however, " + "now it is linked dynamically to an OpenSSL library " + "which has no tlsext support, therefore Session Tickets " + "are not available"); + + return NXT_ERROR; + } + + return NXT_OK; + +#else + nxt_alert(task, "Setting custom session ticket keys is not supported with " + "this version of OpenSSL library"); + + return NXT_ERROR; + +#endif + +no_ticket: + + SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET); + + return NXT_OK; +} + + +#ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB + +static int +nxt_tls_ticket_key_callback(SSL *s, unsigned char *name, unsigned char *iv, + EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc) +{ + size_t size; + nxt_uint_t i; + nxt_conn_t *c; + const EVP_MD *digest; + const EVP_CIPHER *cipher; + nxt_tls_ticket_t *ticket; + nxt_openssl_conn_t *tls; + + c = SSL_get_ex_data(s, nxt_openssl_connection_index); + + if (nxt_slow_path(c == NULL)) { + nxt_thread_log_alert("SSL_get_ex_data() failed"); + return -1; + } + + tls = c->u.tls; + ticket = tls->conf->tickets->tickets; + +#ifdef OPENSSL_NO_SHA256 + digest = EVP_sha1(); +#else + digest = EVP_sha256(); +#endif + + if (enc == 1) { + /* encrypt session ticket */ + + nxt_debug(c->socket.task, "TLS session ticket encrypt"); + + if (ticket[0].aes128 == 1) { + cipher = EVP_aes_128_cbc(); + size = 16; + + } else { + cipher = EVP_aes_256_cbc(); + size = 32; + } + + if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) != 1) { + nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT, + "RAND_bytes() failed"); + return -1; + } + + if (EVP_EncryptInit_ex(ectx, cipher, NULL, ticket[0].aes_key, iv) + != 1) + { + nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT, + "EVP_EncryptInit_ex() failed"); + return -1; + } + + if (HMAC_Init_ex(hctx, ticket[0].hmac_key, size, digest, NULL) != 1) { + nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT, + "HMAC_Init_ex() failed"); + return -1; + } + + nxt_memcpy(name, ticket[0].name, 16); + + return 1; + + } else { + /* decrypt session ticket */ + + for (i = 0; i < tls->conf->tickets->count; i++) { + if (nxt_memcmp(name, ticket[i].name, 16) == 0) { + goto found; + } + } + + nxt_debug(c->socket.task, "TLS session ticket decrypt, key not found"); + + return 0; + + found: + + nxt_debug(c->socket.task, + "TLS session ticket decrypt, key number: \"%d\"", i); + + if (ticket[i].aes128 == 1) { + cipher = EVP_aes_128_cbc(); + size = 16; + + } else { + cipher = EVP_aes_256_cbc(); + size = 32; + } + + if (EVP_DecryptInit_ex(ectx, cipher, NULL, ticket[i].aes_key, iv) != 1) { + nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT, + "EVP_DecryptInit_ex() failed"); + return -1; + } + + if (HMAC_Init_ex(hctx, ticket[i].hmac_key, size, digest, NULL) != 1) { + nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT, + "HMAC_Init_ex() failed"); + return -1; + } + + return (i == 0) ? 1 : 2 /* renew */; + } +} + +#endif /* SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB */ + +#endif /* NXT_HAVE_OPENSSL_TLSEXT */ + + +static void +nxt_ssl_session_cache(SSL_CTX *ctx, size_t cache_size, time_t timeout) +{ + if (cache_size == 0) { + SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); + return; + } + + SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER); + + SSL_CTX_sess_set_cache_size(ctx, cache_size); + + SSL_CTX_set_timeout(ctx, (long) timeout); +} + static nxt_uint_t nxt_openssl_cert_get_names(nxt_task_t *task, X509 *cert, nxt_tls_conf_t *conf, @@ -782,15 +1053,15 @@ nxt_openssl_servername(SSL *s, int *ad, void *arg) } servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); - if (nxt_slow_path(servername == NULL)) { - nxt_log(c->socket.task, NXT_LOG_ALERT, "SSL_get_servername() returned " - "NULL in server name callback"); - return SSL_TLSEXT_ERR_ALERT_FATAL; + + if (servername == NULL) { + nxt_debug(c->socket.task, "SSL_get_servername(): NULL"); + goto done; } str.length = nxt_strlen(servername); if (str.length == 0) { - nxt_debug(c->socket.task, "client sent zero-length server name"); + nxt_debug(c->socket.task, "SSL_get_servername(): \"\" is empty"); goto done; } @@ -882,6 +1153,11 @@ nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf) bundle = bundle->next; } while (bundle != NULL); + if (conf->tickets) { + nxt_memzero(conf->tickets->tickets, + conf->tickets->count * sizeof(nxt_tls_ticket_t)); + } + #if (OPENSSL_VERSION_NUMBER >= 0x1010100fL \ && OPENSSL_VERSION_NUMBER < 0x1010101fL) RAND_keep_random_devices_open(0); @@ -1543,3 +1819,70 @@ nxt_openssl_copy_error(u_char *p, u_char *end) return p; } + + +nxt_int_t +nxt_openssl_base64_decode(u_char *d, size_t dlen, const u_char *s, size_t slen) +{ + BIO *bio, *b64; + nxt_int_t count, ret; + u_char buf[128]; + + b64 = BIO_new(BIO_f_base64()); + if (nxt_slow_path(b64 == NULL)) { + goto error; + } + + bio = BIO_new_mem_buf(s, slen); + if (nxt_slow_path(bio == NULL)) { + goto error; + } + + bio = BIO_push(b64, bio); + + BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL); + + count = 0; + + if (d == NULL) { + + for ( ;; ) { + ret = BIO_read(bio, buf, 128); + + if (ret < 0) { + goto invalid; + } + + count += ret; + + if (ret != 128) { + break; + } + } + + } else { + count = BIO_read(bio, d, dlen); + + if (count < 0) { + goto invalid; + } + } + + BIO_free_all(bio); + + return count; + +error: + + BIO_vfree(b64); + ERR_clear_error(); + + return NXT_ERROR; + +invalid: + + BIO_free_all(bio); + ERR_clear_error(); + + return NXT_DECLINED; +} diff --git a/src/nxt_port.h b/src/nxt_port.h index 5ece3bfa..a0bc2512 100644 --- a/src/nxt_port.h +++ b/src/nxt_port.h @@ -50,6 +50,7 @@ struct nxt_port_handlers_s { /* Various data. */ nxt_port_handler_t data; + nxt_port_handler_t app_restart; nxt_port_handler_t oosm; nxt_port_handler_t shm_ack; @@ -100,6 +101,7 @@ typedef enum { _NXT_PORT_MSG_WEBSOCKET = nxt_port_handler_idx(websocket_frame), _NXT_PORT_MSG_DATA = nxt_port_handler_idx(data), + _NXT_PORT_MSG_APP_RESTART = nxt_port_handler_idx(app_restart), _NXT_PORT_MSG_OOSM = nxt_port_handler_idx(oosm), _NXT_PORT_MSG_SHM_ACK = nxt_port_handler_idx(shm_ack), @@ -139,6 +141,7 @@ typedef enum { NXT_PORT_MSG_DATA = _NXT_PORT_MSG_DATA, NXT_PORT_MSG_DATA_LAST = nxt_msg_last(_NXT_PORT_MSG_DATA), + NXT_PORT_MSG_APP_RESTART = nxt_msg_last(_NXT_PORT_MSG_APP_RESTART), NXT_PORT_MSG_OOSM = nxt_msg_last(_NXT_PORT_MSG_OOSM), NXT_PORT_MSG_SHM_ACK = nxt_msg_last(_NXT_PORT_MSG_SHM_ACK), diff --git a/src/nxt_port_socket.c b/src/nxt_port_socket.c index 3cf2e79a..ba1b7081 100644 --- a/src/nxt_port_socket.c +++ b/src/nxt_port_socket.c @@ -21,6 +21,7 @@ static nxt_int_t nxt_port_msg_chk_insert(nxt_task_t *task, nxt_port_t *port, static nxt_port_send_msg_t *nxt_port_msg_alloc(nxt_port_send_msg_t *m); static void nxt_port_write_handler(nxt_task_t *task, void *obj, void *data); static nxt_port_send_msg_t *nxt_port_msg_first(nxt_port_t *port); +nxt_inline void nxt_port_msg_close_fd(nxt_port_send_msg_t *msg); static nxt_buf_t *nxt_port_buf_completion(nxt_task_t *task, nxt_work_queue_t *wq, nxt_buf_t *b, size_t sent, nxt_bool_t mmap_mode); static nxt_port_send_msg_t *nxt_port_msg_insert_tail(nxt_port_t *port, @@ -449,19 +450,7 @@ next_fragment: goto fail; } - if (msg->close_fd) { - if (msg->fd[0] != -1) { - nxt_fd_close(msg->fd[0]); - - msg->fd[0] = -1; - } - - if (msg->fd[1] != -1) { - nxt_fd_close(msg->fd[1]); - - msg->fd[1] = -1; - } - } + nxt_port_msg_close_fd(msg); msg->buf = nxt_port_buf_completion(task, wq, msg->buf, plain_size, m == NXT_PORT_METHOD_MMAP); @@ -524,6 +513,12 @@ next_fragment: } else { if (nxt_slow_path(n == NXT_ERROR)) { + if (msg->link.next == NULL) { + nxt_port_msg_close_fd(msg); + + nxt_port_release_send_msg(msg); + } + goto fail; } @@ -591,6 +586,27 @@ nxt_port_msg_first(nxt_port_t *port) } +nxt_inline void +nxt_port_msg_close_fd(nxt_port_send_msg_t *msg) +{ + if (!msg->close_fd) { + return; + } + + if (msg->fd[0] != -1) { + nxt_fd_close(msg->fd[0]); + + msg->fd[0] = -1; + } + + if (msg->fd[1] != -1) { + nxt_fd_close(msg->fd[1]); + + msg->fd[1] = -1; + } +} + + static nxt_buf_t * nxt_port_buf_completion(nxt_task_t *task, nxt_work_queue_t *wq, nxt_buf_t *b, size_t sent, nxt_bool_t mmap_mode) @@ -1315,19 +1331,7 @@ nxt_port_error_handler(nxt_task_t *task, void *obj, void *data) nxt_queue_each(msg, &port->messages, nxt_port_send_msg_t, link) { - if (msg->close_fd) { - if (msg->fd[0] != -1) { - nxt_fd_close(msg->fd[0]); - - msg->fd[0] = -1; - } - - if (msg->fd[1] != -1) { - nxt_fd_close(msg->fd[1]); - - msg->fd[1] = -1; - } - } + nxt_port_msg_close_fd(msg); for (b = msg->buf; b != NULL; b = next) { next = b->next; diff --git a/src/nxt_router.c b/src/nxt_router.c index 015ae226..39d375f8 100644 --- a/src/nxt_router.c +++ b/src/nxt_router.c @@ -18,6 +18,8 @@ #include <nxt_app_queue.h> #include <nxt_port_queue.h> +#define NXT_SHARED_PORT_ID 0xFFFFu + typedef struct { nxt_str_t type; uint32_t processes; @@ -44,10 +46,10 @@ typedef struct { nxt_str_t name; nxt_socket_conf_t *socket_conf; nxt_router_temp_conf_t *temp_conf; - nxt_conf_value_t *conf_cmds; + nxt_tls_init_t *tls_init; nxt_bool_t last; - nxt_queue_link_t link; /* for nxt_socket_conf_t.tls */ + nxt_queue_link_t link; /* for nxt_socket_conf_t.tls */ } nxt_router_tlssock_t; #endif @@ -67,6 +69,12 @@ typedef struct { } nxt_app_rpc_t; +typedef struct { + nxt_app_joint_t *app_joint; + uint32_t generation; +} nxt_app_joint_rpc_t; + + static nxt_int_t nxt_router_prefork(nxt_task_t *task, nxt_process_t *process, nxt_mp_t *mp); static nxt_int_t nxt_router_start(nxt_task_t *task, nxt_process_data_t *data); @@ -79,6 +87,8 @@ static void nxt_router_new_port_handler(nxt_task_t *task, nxt_port_recv_msg_t *msg); static void nxt_router_conf_data_handler(nxt_task_t *task, nxt_port_recv_msg_t *msg); +static void nxt_router_app_restart_handler(nxt_task_t *task, + nxt_port_recv_msg_t *msg); static void nxt_router_remove_pid_handler(nxt_task_t *task, nxt_port_recv_msg_t *msg); static void nxt_router_access_log_reopen_handler(nxt_task_t *task, @@ -97,6 +107,9 @@ static nxt_int_t nxt_router_conf_create(nxt_task_t *task, nxt_router_temp_conf_t *tmcf, u_char *start, u_char *end); static nxt_int_t nxt_router_conf_process_static(nxt_task_t *task, nxt_router_conf_t *rtcf, nxt_conf_value_t *conf); +static nxt_int_t nxt_router_conf_process_client_ip(nxt_task_t *task, + nxt_router_temp_conf_t *tmcf, nxt_socket_conf_t *skcf, + nxt_conf_value_t *conf); static nxt_app_t *nxt_router_app_find(nxt_queue_t *queue, nxt_str_t *name); static nxt_int_t nxt_router_apps_hash_test(nxt_lvlhsh_query_t *lhq, void *data); @@ -123,8 +136,8 @@ static void nxt_router_listen_socket_error(nxt_task_t *task, static void nxt_router_tls_rpc_handler(nxt_task_t *task, nxt_port_recv_msg_t *msg, void *data); static nxt_int_t nxt_router_conf_tls_insert(nxt_router_temp_conf_t *tmcf, - nxt_conf_value_t *value, nxt_socket_conf_t *skcf, - nxt_conf_value_t * conf_cmds); + nxt_conf_value_t *value, nxt_socket_conf_t *skcf, nxt_tls_init_t *tls_init, + nxt_bool_t last); #endif static void nxt_router_app_rpc_create(nxt_task_t *task, nxt_router_temp_conf_t *tmcf, nxt_app_t *app); @@ -224,8 +237,6 @@ static void nxt_router_http_request_error(nxt_task_t *task, void *obj, static void nxt_router_http_request_done(nxt_task_t *task, void *obj, void *data); -static void nxt_router_dummy_buf_completion(nxt_task_t *task, void *obj, - void *data); static void nxt_router_app_prepare_request(nxt_task_t *task, nxt_request_rpc_data_t *req_rpc_data); static nxt_buf_t *nxt_router_prepare_msg(nxt_task_t *task, @@ -281,6 +292,7 @@ static const nxt_port_handlers_t nxt_router_process_port_handlers = { .mmap = nxt_port_mmap_handler, .get_mmap = nxt_router_get_mmap_handler, .data = nxt_router_conf_data_handler, + .app_restart = nxt_router_app_restart_handler, .remove_pid = nxt_router_remove_pid_handler, .access_log = nxt_router_access_log_reopen_handler, .rpc_ready = nxt_port_rpc_handler, @@ -379,14 +391,15 @@ static void nxt_router_start_app_process_handler(nxt_task_t *task, nxt_port_t *port, void *data) { - size_t size; - uint32_t stream; - nxt_mp_t *mp; - nxt_int_t ret; - nxt_app_t *app; - nxt_buf_t *b; - nxt_port_t *main_port; - nxt_runtime_t *rt; + size_t size; + uint32_t stream; + nxt_mp_t *mp; + nxt_int_t ret; + nxt_app_t *app; + nxt_buf_t *b; + nxt_port_t *main_port; + nxt_runtime_t *rt; + nxt_app_joint_rpc_t *app_joint_rpc; app = data; @@ -407,30 +420,29 @@ nxt_router_start_app_process_handler(nxt_task_t *task, nxt_port_t *port, *b->mem.free++ = '\0'; nxt_buf_cpystr(b, &app->conf); - nxt_router_app_joint_use(task, app->joint, 1); - - stream = nxt_port_rpc_register_handler(task, port, - nxt_router_app_port_ready, - nxt_router_app_port_error, - -1, app->joint); - - if (nxt_slow_path(stream == 0)) { - nxt_router_app_joint_use(task, app->joint, -1); - + app_joint_rpc = nxt_port_rpc_register_handler_ex(task, port, + nxt_router_app_port_ready, + nxt_router_app_port_error, + sizeof(nxt_app_joint_rpc_t)); + if (nxt_slow_path(app_joint_rpc == NULL)) { goto failed; } + stream = nxt_port_rpc_ex_stream(app_joint_rpc); + ret = nxt_port_socket_write(task, main_port, NXT_PORT_MSG_START_PROCESS, -1, stream, port->id, b); - if (nxt_slow_path(ret != NXT_OK)) { nxt_port_rpc_cancel(task, port, stream); - nxt_router_app_joint_use(task, app->joint, -1); - goto failed; } + app_joint_rpc->app_joint = app->joint; + app_joint_rpc->generation = app->generation; + + nxt_router_app_joint_use(task, app->joint, 1); + nxt_router_app_use(task, app, -1); return; @@ -504,6 +516,7 @@ nxt_router_msg_cancel(nxt_task_t *task, nxt_request_rpc_data_t *req_rpc_data) { nxt_buf_t *b, *next; nxt_bool_t cancelled; + nxt_port_t *app_port; nxt_msg_info_t *msg_info; msg_info = &req_rpc_data->msg_info; @@ -512,13 +525,20 @@ nxt_router_msg_cancel(nxt_task_t *task, nxt_request_rpc_data_t *req_rpc_data) return 0; } - cancelled = nxt_app_queue_cancel(req_rpc_data->app->shared_port->queue, - msg_info->tracking_cookie, - req_rpc_data->stream); + app_port = req_rpc_data->app_port; + + if (app_port != NULL && app_port->id == NXT_SHARED_PORT_ID) { + cancelled = nxt_app_queue_cancel(app_port->queue, + msg_info->tracking_cookie, + req_rpc_data->stream); - if (cancelled) { - nxt_debug(task, "stream #%uD: cancelled by router", - req_rpc_data->stream); + if (cancelled) { + nxt_debug(task, "stream #%uD: cancelled by router", + req_rpc_data->stream); + } + + } else { + cancelled = 0; } for (b = msg_info->buf; b != NULL; b = next) { @@ -680,18 +700,20 @@ nxt_router_new_port_handler(nxt_task_t *task, nxt_port_recv_msg_t *msg) nxt_assert(main_app_port != NULL); app = main_app_port->app; - nxt_assert(app != NULL); - nxt_thread_mutex_lock(&app->mutex); + if (nxt_fast_path(app != NULL)) { + nxt_thread_mutex_lock(&app->mutex); - /* TODO here should be find-and-add code because there can be - port waiters in port_hash */ - nxt_port_hash_add(&app->port_hash, port); - app->port_hash_count++; + /* TODO here should be find-and-add code because there can be + port waiters in port_hash */ + nxt_port_hash_add(&app->port_hash, port); + app->port_hash_count++; - nxt_thread_mutex_unlock(&app->mutex); + nxt_thread_mutex_unlock(&app->mutex); + + port->app = app; + } - port->app = app; port->main_app_port = main_app_port; nxt_port_socket_write(task, port, NXT_PORT_MSG_PORT_ACK, -1, 0, 0, NULL); @@ -792,6 +814,90 @@ cleanup: static void +nxt_router_app_restart_handler(nxt_task_t *task, nxt_port_recv_msg_t *msg) +{ + nxt_app_t *app; + nxt_int_t ret; + nxt_str_t app_name; + nxt_port_t *port, *reply_port, *shared_port, *old_shared_port; + nxt_port_msg_type_t reply; + + reply_port = nxt_runtime_port_find(task->thread->runtime, + msg->port_msg.pid, + msg->port_msg.reply_port); + if (nxt_slow_path(reply_port == NULL)) { + nxt_alert(task, "app_restart_handler: reply port not found"); + return; + } + + app_name.length = nxt_buf_mem_used_size(&msg->buf->mem); + app_name.start = msg->buf->mem.pos; + + nxt_debug(task, "app_restart_handler: %V", &app_name); + + app = nxt_router_app_find(&nxt_router->apps, &app_name); + + if (nxt_fast_path(app != NULL)) { + shared_port = nxt_port_new(task, NXT_SHARED_PORT_ID, nxt_pid, + NXT_PROCESS_APP); + if (nxt_slow_path(shared_port == NULL)) { + goto fail; + } + + ret = nxt_port_socket_init(task, shared_port, 0); + if (nxt_slow_path(ret != NXT_OK)) { + nxt_port_use(task, shared_port, -1); + goto fail; + } + + ret = nxt_router_app_queue_init(task, shared_port); + if (nxt_slow_path(ret != NXT_OK)) { + nxt_port_write_close(shared_port); + nxt_port_read_close(shared_port); + nxt_port_use(task, shared_port, -1); + goto fail; + } + + nxt_port_write_enable(task, shared_port); + + nxt_thread_mutex_lock(&app->mutex); + + nxt_queue_each(port, &app->ports, nxt_port_t, app_link) { + + (void) nxt_port_socket_write(task, port, NXT_PORT_MSG_QUIT, -1, + 0, 0, NULL); + + } nxt_queue_loop; + + app->generation++; + + shared_port->app = app; + + old_shared_port = app->shared_port; + old_shared_port->app = NULL; + + app->shared_port = shared_port; + + nxt_thread_mutex_unlock(&app->mutex); + + nxt_port_close(task, old_shared_port); + nxt_port_use(task, old_shared_port, -1); + + reply = NXT_PORT_MSG_RPC_READY_LAST; + + } else { + +fail: + + reply = NXT_PORT_MSG_RPC_ERROR; + } + + nxt_port_socket_write(task, reply_port, reply, -1, msg->port_msg.stream, + 0, NULL); +} + + +static void nxt_router_app_process_remove_pid(nxt_task_t *task, nxt_port_t *port, void *data) { @@ -956,8 +1062,6 @@ nxt_router_conf_apply(nxt_task_t *task, void *obj, void *data) tls = nxt_queue_link_data(qlk, nxt_router_tlssock_t, link); - tls->last = nxt_queue_is_empty(&tmcf->tls); - nxt_cert_store_get(task, &tls->name, tmcf->mem_pool, nxt_router_tls_rpc_handler, tls); return; @@ -1341,12 +1445,13 @@ nxt_router_conf_create(nxt_task_t *task, nxt_router_temp_conf_t *tmcf, nxt_router_t *router; nxt_app_joint_t *app_joint; #if (NXT_TLS) - nxt_conf_value_t *certificate, *conf_cmds; + nxt_tls_init_t *tls_init; + nxt_conf_value_t *certificate; #endif nxt_conf_value_t *conf, *http, *value, *websocket; nxt_conf_value_t *applications, *application; nxt_conf_value_t *listeners, *listener; - nxt_conf_value_t *routes_conf, *static_conf; + nxt_conf_value_t *routes_conf, *static_conf, *client_ip_conf; nxt_socket_conf_t *skcf; nxt_http_routes_t *routes; nxt_event_engine_t *engine; @@ -1363,9 +1468,13 @@ nxt_router_conf_create(nxt_task_t *task, nxt_router_temp_conf_t *tmcf, #if (NXT_TLS) static nxt_str_t certificate_path = nxt_string("/tls/certificate"); static nxt_str_t conf_commands_path = nxt_string("/tls/conf_commands"); + static nxt_str_t conf_cache_path = nxt_string("/tls/session/cache_size"); + static nxt_str_t conf_timeout_path = nxt_string("/tls/session/timeout"); + static nxt_str_t conf_tickets = nxt_string("/tls/session/tickets"); #endif static nxt_str_t static_path = nxt_string("/settings/http/static"); static nxt_str_t websocket_path = nxt_string("/settings/http/websocket"); + static nxt_str_t client_ip_path = nxt_string("/client_ip"); conf = nxt_conf_json_parse(tmcf->mem_pool, start, end, NULL); if (conf == NULL) { @@ -1604,7 +1713,7 @@ nxt_router_conf_create(nxt_task_t *task, nxt_router_temp_conf_t *tmcf, app_joint->free_app_work.task = &engine->task; app_joint->free_app_work.obj = app_joint; - port = nxt_port_new(task, (nxt_port_id_t) -1, nxt_pid, + port = nxt_port_new(task, NXT_SHARED_PORT_ID, nxt_pid, NXT_PROCESS_APP); if (nxt_slow_path(port == NULL)) { return NXT_ERROR; @@ -1737,11 +1846,40 @@ nxt_router_conf_create(nxt_task_t *task, nxt_router_temp_conf_t *tmcf, t->length = nxt_strlen(t->start); } + client_ip_conf = nxt_conf_get_path(listener, &client_ip_path); + ret = nxt_router_conf_process_client_ip(task, tmcf, skcf, + client_ip_conf); + if (nxt_slow_path(ret != NXT_OK)) { + return NXT_ERROR; + } + #if (NXT_TLS) certificate = nxt_conf_get_path(listener, &certificate_path); if (certificate != NULL) { - conf_cmds = nxt_conf_get_path(listener, &conf_commands_path); + tls_init = nxt_mp_get(tmcf->mem_pool, sizeof(nxt_tls_init_t)); + if (nxt_slow_path(tls_init == NULL)) { + return NXT_ERROR; + } + + tls_init->cache_size = 0; + tls_init->timeout = 300; + + value = nxt_conf_get_path(listener, &conf_cache_path); + if (value != NULL) { + tls_init->cache_size = nxt_conf_get_number(value); + } + + value = nxt_conf_get_path(listener, &conf_timeout_path); + if (value != NULL) { + tls_init->timeout = nxt_conf_get_number(value); + } + + tls_init->conf_cmds = nxt_conf_get_path(listener, + &conf_commands_path); + + tls_init->tickets_conf = nxt_conf_get_path(listener, + &conf_tickets); if (nxt_conf_type(certificate) == NXT_CONF_ARRAY) { n = nxt_conf_array_elements_count(certificate); @@ -1752,7 +1890,7 @@ nxt_router_conf_create(nxt_task_t *task, nxt_router_temp_conf_t *tmcf, nxt_assert(value != NULL); ret = nxt_router_conf_tls_insert(tmcf, value, skcf, - conf_cmds); + tls_init, i == 0); if (nxt_slow_path(ret != NXT_OK)) { goto fail; } @@ -1761,7 +1899,7 @@ nxt_router_conf_create(nxt_task_t *task, nxt_router_temp_conf_t *tmcf, } else { /* NXT_CONF_STRING */ ret = nxt_router_conf_tls_insert(tmcf, certificate, skcf, - conf_cmds); + tls_init, 1); if (nxt_slow_path(ret != NXT_OK)) { goto fail; } @@ -1856,7 +1994,7 @@ fail: static nxt_int_t nxt_router_conf_tls_insert(nxt_router_temp_conf_t *tmcf, nxt_conf_value_t *value, nxt_socket_conf_t *skcf, - nxt_conf_value_t *conf_cmds) + nxt_tls_init_t *tls_init, nxt_bool_t last) { nxt_router_tlssock_t *tls; @@ -1865,9 +2003,10 @@ nxt_router_conf_tls_insert(nxt_router_temp_conf_t *tmcf, return NXT_ERROR; } + tls->tls_init = tls_init; tls->socket_conf = skcf; - tls->conf_cmds = conf_cmds; tls->temp_conf = tmcf; + tls->last = last; nxt_conf_get_string(value, &tls->name); nxt_queue_insert_tail(&tmcf->tls, &tls->link); @@ -1884,7 +2023,7 @@ nxt_router_conf_process_static(nxt_task_t *task, nxt_router_conf_t *rtcf, { uint32_t next, i; nxt_mp_t *mp; - nxt_str_t *type, extension, str; + nxt_str_t *type, exten, str; nxt_int_t ret; nxt_uint_t exts; nxt_conf_value_t *mtypes_conf, *ext_conf, *value; @@ -1922,12 +2061,12 @@ nxt_router_conf_process_static(nxt_task_t *task, nxt_router_conf_t *rtcf, if (nxt_conf_type(ext_conf) == NXT_CONF_STRING) { nxt_conf_get_string(ext_conf, &str); - if (nxt_slow_path(nxt_str_dup(mp, &extension, &str) == NULL)) { + if (nxt_slow_path(nxt_str_dup(mp, &exten, &str) == NULL)) { return NXT_ERROR; } ret = nxt_http_static_mtypes_hash_add(mp, &rtcf->mtypes_hash, - &extension, type); + &exten, type); if (nxt_slow_path(ret != NXT_OK)) { return NXT_ERROR; } @@ -1942,12 +2081,12 @@ nxt_router_conf_process_static(nxt_task_t *task, nxt_router_conf_t *rtcf, nxt_conf_get_string(value, &str); - if (nxt_slow_path(nxt_str_dup(mp, &extension, &str) == NULL)) { + if (nxt_slow_path(nxt_str_dup(mp, &exten, &str) == NULL)) { return NXT_ERROR; } ret = nxt_http_static_mtypes_hash_add(mp, &rtcf->mtypes_hash, - &extension, type); + &exten, type); if (nxt_slow_path(ret != NXT_OK)) { return NXT_ERROR; } @@ -1959,6 +2098,79 @@ nxt_router_conf_process_static(nxt_task_t *task, nxt_router_conf_t *rtcf, } +static nxt_int_t +nxt_router_conf_process_client_ip(nxt_task_t *task, nxt_router_temp_conf_t *tmcf, + nxt_socket_conf_t *skcf, nxt_conf_value_t *conf) +{ + char c; + size_t i; + nxt_mp_t *mp; + uint32_t hash; + nxt_str_t header; + nxt_conf_value_t *source_conf, *header_conf, *recursive_conf; + nxt_http_client_ip_t *client_ip; + nxt_http_route_addr_rule_t *source; + + static nxt_str_t header_path = nxt_string("/header"); + static nxt_str_t source_path = nxt_string("/source"); + static nxt_str_t recursive_path = nxt_string("/recursive"); + + if (conf == NULL) { + skcf->client_ip = NULL; + + return NXT_OK; + } + + mp = tmcf->router_conf->mem_pool; + + source_conf = nxt_conf_get_path(conf, &source_path); + header_conf = nxt_conf_get_path(conf, &header_path); + recursive_conf = nxt_conf_get_path(conf, &recursive_path); + + if (source_conf == NULL || header_conf == NULL) { + return NXT_ERROR; + } + + client_ip = nxt_mp_zget(mp, sizeof(nxt_http_client_ip_t)); + if (nxt_slow_path(client_ip == NULL)) { + return NXT_ERROR; + } + + source = nxt_http_route_addr_rule_create(task, mp, source_conf); + if (nxt_slow_path(source == NULL)) { + return NXT_ERROR; + } + + client_ip->source = source; + + nxt_conf_get_string(header_conf, &header); + + if (recursive_conf != NULL) { + client_ip->recursive = nxt_conf_get_boolean(recursive_conf); + } + + client_ip->header = nxt_str_dup(mp, NULL, &header); + if (nxt_slow_path(client_ip->header == NULL)) { + return NXT_ERROR; + } + + hash = NXT_HTTP_FIELD_HASH_INIT; + + for (i = 0; i < client_ip->header->length; i++) { + c = client_ip->header->start[i]; + hash = nxt_http_field_hash_char(hash, nxt_lowcase(c)); + } + + hash = nxt_http_field_hash_end(hash) & 0xFFFF; + + client_ip->header_hash = hash; + + skcf->client_ip = client_ip; + + return NXT_OK; +} + + static nxt_app_t * nxt_router_app_find(nxt_queue_t *queue, nxt_str_t *name) { @@ -2135,21 +2347,46 @@ nxt_router_apps_hash_use(nxt_task_t *task, nxt_router_conf_t *rtcf, int i) } +typedef struct { + nxt_app_t *app; + nxt_int_t target; +} nxt_http_app_conf_t; + nxt_int_t -nxt_router_listener_application(nxt_router_conf_t *rtcf, nxt_str_t *name, - nxt_http_action_t *action) +nxt_router_application_init(nxt_router_conf_t *rtcf, nxt_str_t *name, + nxt_str_t *target, nxt_http_action_t *action) { - nxt_app_t *app; + nxt_app_t *app; + nxt_str_t *targets; + nxt_uint_t i; + nxt_http_app_conf_t *conf; app = nxt_router_apps_hash_get(rtcf, name); - if (app == NULL) { return NXT_DECLINED; } - action->u.app.application = app; + conf = nxt_mp_get(rtcf->mem_pool, sizeof(nxt_http_app_conf_t)); + if (nxt_slow_path(conf == NULL)) { + return NXT_ERROR; + } + action->handler = nxt_http_application_handler; + action->u.conf = conf; + + conf->app = app; + + if (target != NULL && target->length != 0) { + targets = app->targets; + + for (i = 0; !nxt_strstr_eq(target, &targets[i]); i++); + + conf->target = i; + + } else { + conf->target = 0; + } return NXT_OK; } @@ -2297,7 +2534,7 @@ nxt_router_listen_socket_rpc_create(nxt_task_t *task, goto fail; } - b->completion_handler = nxt_router_dummy_buf_completion; + b->completion_handler = nxt_buf_dummy_completion; b->mem.free = nxt_cpymem(b->mem.free, skcf->listen->sockaddr, size); @@ -2466,6 +2703,8 @@ nxt_router_tls_rpc_handler(nxt_task_t *task, nxt_port_recv_msg_t *msg, tlscf = tls->socket_conf->tls; } + tls->tls_init->conf = tlscf; + bundle = nxt_mp_get(mp, sizeof(nxt_tls_bundle_conf_t)); if (nxt_slow_path(bundle == NULL)) { goto fail; @@ -2479,8 +2718,8 @@ nxt_router_tls_rpc_handler(nxt_task_t *task, nxt_port_recv_msg_t *msg, bundle->next = tlscf->bundle; tlscf->bundle = bundle; - ret = task->thread->runtime->tls->server_init(task, tlscf, mp, - tls->conf_cmds, tls->last); + ret = task->thread->runtime->tls->server_init(task, mp, tls->tls_init, + tls->last); if (nxt_slow_path(ret != NXT_OK)) { goto fail; } @@ -2526,7 +2765,7 @@ nxt_router_app_rpc_create(nxt_task_t *task, goto fail; } - b->completion_handler = nxt_router_dummy_buf_completion; + b->completion_handler = nxt_buf_dummy_completion; nxt_buf_cpystr(b, &app->name); *b->mem.free++ = '\0'; @@ -3555,7 +3794,7 @@ nxt_router_access_log_open(nxt_task_t *task, nxt_router_temp_conf_t *tmcf) goto fail; } - b->completion_handler = nxt_router_dummy_buf_completion; + b->completion_handler = nxt_buf_dummy_completion; nxt_buf_cpystr(b, &access_log->path); *b->mem.free++ = '\0'; @@ -4183,11 +4422,16 @@ static void nxt_router_app_port_ready(nxt_task_t *task, nxt_port_recv_msg_t *msg, void *data) { - nxt_app_t *app; - nxt_port_t *port; - nxt_app_joint_t *app_joint; + nxt_app_t *app; + nxt_bool_t start_process; + nxt_port_t *port; + nxt_app_joint_t *app_joint; + nxt_app_joint_rpc_t *app_joint_rpc; + + nxt_assert(data != NULL); - app_joint = data; + app_joint_rpc = data; + app_joint = app_joint_rpc->app_joint; port = msg->u.new_port; nxt_assert(app_joint != NULL); @@ -4207,14 +4451,37 @@ nxt_router_app_port_ready(nxt_task_t *task, nxt_port_recv_msg_t *msg, return; } - port->app = app; - port->main_app_port = port; - nxt_thread_mutex_lock(&app->mutex); nxt_assert(app->pending_processes != 0); app->pending_processes--; + + if (nxt_slow_path(app->generation != app_joint_rpc->generation)) { + nxt_debug(task, "new port ready for restarted app, send QUIT"); + + start_process = !task->thread->engine->shutdown + && nxt_router_app_can_start(app) + && nxt_router_app_need_start(app); + + if (start_process) { + app->pending_processes++; + } + + nxt_thread_mutex_unlock(&app->mutex); + + nxt_port_socket_write(task, port, NXT_PORT_MSG_QUIT, -1, 0, 0, NULL); + + if (start_process) { + nxt_router_start_app_process(task, app); + } + + return; + } + + port->app = app; + port->main_app_port = port; + app->processes++; nxt_port_hash_add(&app->port_hash, port); app->port_hash_count++; @@ -4268,12 +4535,16 @@ static void nxt_router_app_port_error(nxt_task_t *task, nxt_port_recv_msg_t *msg, void *data) { - nxt_app_t *app; - nxt_app_joint_t *app_joint; - nxt_queue_link_t *link; - nxt_http_request_t *r; + nxt_app_t *app; + nxt_app_joint_t *app_joint; + nxt_queue_link_t *link; + nxt_http_request_t *r; + nxt_app_joint_rpc_t *app_joint_rpc; + + nxt_assert(data != NULL); - app_joint = data; + app_joint_rpc = data; + app_joint = app_joint_rpc->app_joint; nxt_assert(app_joint != NULL); @@ -4440,7 +4711,7 @@ nxt_router_app_port_release(nxt_task_t *task, nxt_port_t *port, port->pid, port->id, (int) inc_use, (int) got_response); - if (port == app->shared_port) { + if (port->id == NXT_SHARED_PORT_ID) { nxt_thread_mutex_lock(&app->mutex); app->active_requests -= got_response + dec_requests; @@ -4810,6 +5081,8 @@ nxt_router_free_app(nxt_task_t *task, void *obj, void *data) app->shared_port->app = NULL; nxt_port_close(task, app->shared_port); nxt_port_use(task, app->shared_port, -1); + + app->shared_port = NULL; } nxt_thread_mutex_destroy(&app->mutex); @@ -4876,13 +5149,17 @@ nxt_router_app_port_get(nxt_task_t *task, nxt_app_t *app, void nxt_router_process_http_request(nxt_task_t *task, nxt_http_request_t *r, - nxt_app_t *app) + nxt_http_action_t *action) { nxt_event_engine_t *engine; + nxt_http_app_conf_t *conf; nxt_request_rpc_data_t *req_rpc_data; + conf = action->u.conf; engine = task->thread->engine; + r->app_target = conf->target; + req_rpc_data = nxt_port_rpc_register_handler_ex(task, engine->port, nxt_router_response_ready_handler, nxt_router_response_error_handler, @@ -4913,11 +5190,11 @@ nxt_router_process_http_request(nxt_task_t *task, nxt_http_request_t *r, r->err_work.obj = r; req_rpc_data->stream = nxt_port_rpc_ex_stream(req_rpc_data); - req_rpc_data->app = app; + req_rpc_data->app = conf->app; req_rpc_data->msg_info.body_fd = -1; req_rpc_data->rpc_cancel = 1; - nxt_router_app_use(task, app, 1); + nxt_router_app_use(task, conf->app, 1); req_rpc_data->request = r; r->req_rpc_data = req_rpc_data; @@ -4926,7 +5203,7 @@ nxt_router_process_http_request(nxt_task_t *task, nxt_http_request_t *r, r->last->completion_handler = nxt_router_http_request_done; } - nxt_router_app_port_get(task, app, req_rpc_data); + nxt_router_app_port_get(task, conf->app, req_rpc_data); nxt_router_app_prepare_request(task, req_rpc_data); } @@ -4968,12 +5245,6 @@ nxt_router_http_request_done(nxt_task_t *task, void *obj, void *data) static void -nxt_router_dummy_buf_completion(nxt_task_t *task, void *obj, void *data) -{ -} - - -static void nxt_router_app_prepare_request(nxt_task_t *task, nxt_request_rpc_data_t *req_rpc_data) { diff --git a/src/nxt_router.h b/src/nxt_router.h index b1ccdf51..fc068b53 100644 --- a/src/nxt_router.h +++ b/src/nxt_router.h @@ -18,6 +18,7 @@ typedef struct nxt_http_request_s nxt_http_request_t; typedef struct nxt_http_action_s nxt_http_action_t; typedef struct nxt_http_routes_s nxt_http_routes_t; +typedef struct nxt_http_client_ip_s nxt_http_client_ip_t; typedef struct nxt_upstream_s nxt_upstream_t; typedef struct nxt_upstreams_s nxt_upstreams_t; typedef struct nxt_router_access_log_s nxt_router_access_log_t; @@ -125,6 +126,8 @@ struct nxt_app_s { uint32_t max_pending_processes; uint32_t max_requests; + uint32_t generation; + nxt_msec_t timeout; nxt_msec_t idle_timeout; @@ -193,6 +196,8 @@ typedef struct { uint8_t discard_unsafe_fields; /* 1 bit */ + nxt_http_client_ip_t *client_ip; + #if (NXT_TLS) nxt_tls_conf_t *tls; #endif @@ -223,10 +228,10 @@ struct nxt_router_access_log_s { void nxt_router_process_http_request(nxt_task_t *task, nxt_http_request_t *r, - nxt_app_t *app); + nxt_http_action_t *action); void nxt_router_app_port_close(nxt_task_t *task, nxt_port_t *port); -nxt_int_t nxt_router_listener_application(nxt_router_conf_t *rtcf, - nxt_str_t *name, nxt_http_action_t *action); +nxt_int_t nxt_router_application_init(nxt_router_conf_t *rtcf, nxt_str_t *name, + nxt_str_t *target, nxt_http_action_t *action); void nxt_router_listen_event_release(nxt_task_t *task, nxt_listen_event_t *lev, nxt_socket_conf_joint_t *joint); void nxt_router_conf_release(nxt_task_t *task, nxt_socket_conf_joint_t *joint); diff --git a/src/nxt_sockaddr.c b/src/nxt_sockaddr.c index af696a6b..730428e4 100644 --- a/src/nxt_sockaddr.c +++ b/src/nxt_sockaddr.c @@ -525,9 +525,9 @@ nxt_inet6_ntop(u_char *addr, u_char *buf, u_char *end) return buf; } - zero_start = 8; + zero_start = 16; zero_groups = 0; - last_zero_start = 8; + last_zero_start = 16; last_zero_groups = 0; for (i = 0; i < 16; i += 2) { @@ -605,10 +605,35 @@ nxt_sockaddr_parse(nxt_mp_t *mp, nxt_str_t *addr) { nxt_sockaddr_t *sa; + sa = nxt_sockaddr_parse_optport(mp, addr); + + if (sa != NULL + && sa->u.sockaddr.sa_family != AF_UNIX + && nxt_sockaddr_port_number(sa) == 0) + { + nxt_thread_log_error(NXT_LOG_ERR, + "The address \"%V\" must specify a port.", addr); + return NULL; + } + + return sa; +} + + +nxt_sockaddr_t * +nxt_sockaddr_parse_optport(nxt_mp_t *mp, nxt_str_t *addr) +{ + nxt_sockaddr_t *sa; + + if (addr->length == 0) { + nxt_thread_log_error(NXT_LOG_ERR, "socket address cannot be empty"); + return NULL; + } + if (addr->length > 6 && nxt_memcmp(addr->start, "unix:", 5) == 0) { sa = nxt_sockaddr_unix_parse(mp, addr); - } else if (addr->length != 0 && addr->start[0] == '[') { + } else if (addr->start[0] == '[' || nxt_inet6_probe(addr)) { sa = nxt_sockaddr_inet6_parse(mp, addr); } else { @@ -703,44 +728,60 @@ nxt_sockaddr_inet6_parse(nxt_mp_t *mp, nxt_str_t *addr) nxt_int_t ret, port; nxt_sockaddr_t *sa; - length = addr->length - 1; - start = addr->start + 1; + if (addr->start[0] == '[') { + length = addr->length - 1; + start = addr->start + 1; - end = nxt_memchr(start, ']', length); - - if (end != NULL) { - sa = nxt_sockaddr_alloc(mp, sizeof(struct sockaddr_in6), - NXT_INET6_ADDR_STR_LEN); - if (nxt_slow_path(sa == NULL)) { + end = nxt_memchr(start, ']', length); + if (nxt_slow_path(end == NULL)) { return NULL; } - ret = nxt_inet6_addr(&sa->u.sockaddr_in6.sin6_addr, start, end - start); + p = end + 1; + + } else { + length = addr->length; + start = addr->start; + end = addr->start + addr->length; + p = NULL; + } - if (nxt_fast_path(ret == NXT_OK)) { - p = end + 1; - length = (start + length) - p; + port = 0; - if (length > 2 && *p == ':') { - port = nxt_int_parse(p + 1, length - 1); + if (p != NULL) { + length = (start + length) - p; - if (port > 0 && port < 65536) { - sa->u.sockaddr_in6.sin6_port = htons((in_port_t) port); - sa->u.sockaddr_in6.sin6_family = AF_INET6; + if (length < 2 || *p != ':') { + nxt_thread_log_error(NXT_LOG_ERR, "invalid IPv6 address in \"%V\"", + addr); + return NULL; + } - return sa; - } - } + port = nxt_int_parse(p + 1, length - 1); + if (port < 1 || port > 65535) { nxt_thread_log_error(NXT_LOG_ERR, "invalid port in \"%V\"", addr); - return NULL; } } - nxt_thread_log_error(NXT_LOG_ERR, "invalid IPv6 address in \"%V\"", addr); + sa = nxt_sockaddr_alloc(mp, sizeof(struct sockaddr_in6), + NXT_INET6_ADDR_STR_LEN); + if (nxt_slow_path(sa == NULL)) { + return NULL; + } - return NULL; + ret = nxt_inet6_addr(&sa->u.sockaddr_in6.sin6_addr, start, end - start); + if (nxt_slow_path(ret != NXT_OK)) { + nxt_thread_log_error(NXT_LOG_ERR, "invalid IPv6 address in \"%V\"", + addr); + return NULL; + } + + sa->u.sockaddr_in6.sin6_family = AF_INET6; + sa->u.sockaddr_in6.sin6_port = htons((in_port_t) port); + + return sa; #else /* !(NXT_INET6) */ @@ -763,41 +804,48 @@ nxt_sockaddr_inet_parse(nxt_mp_t *mp, nxt_str_t *addr) p = nxt_memchr(addr->start, ':', addr->length); - if (nxt_fast_path(p != NULL)) { - inaddr = INADDR_ANY; + if (p == NULL) { + length = addr->length; + + } else { length = p - addr->start; + } - if (length != 1 || addr->start[0] != '*') { - inaddr = nxt_inet_addr(addr->start, length); + inaddr = INADDR_ANY; - if (nxt_slow_path(inaddr == INADDR_NONE)) { - nxt_thread_log_error(NXT_LOG_ERR, "invalid address \"%V\"", - addr); - return NULL; - } + if (length != 1 || addr->start[0] != '*') { + inaddr = nxt_inet_addr(addr->start, length); + if (nxt_slow_path(inaddr == INADDR_NONE)) { + nxt_thread_log_error(NXT_LOG_ERR, "invalid address \"%V\"", addr); + return NULL; } + } + + port = 0; + if (p != NULL) { p++; length = (addr->start + addr->length) - p; - port = nxt_int_parse(p, length); - - if (port > 0 && port < 65536) { - sa = nxt_sockaddr_alloc(mp, sizeof(struct sockaddr_in), - NXT_INET_ADDR_STR_LEN); - if (nxt_fast_path(sa != NULL)) { - sa->u.sockaddr_in.sin_family = AF_INET; - sa->u.sockaddr_in.sin_port = htons((in_port_t) port); - sa->u.sockaddr_in.sin_addr.s_addr = inaddr; - } + port = nxt_int_parse(p, length); - return sa; + if (port < 1 || port > 65535) { + nxt_thread_log_error(NXT_LOG_ERR, "invalid port in \"%V\"", addr); + return NULL; } } - nxt_thread_log_error(NXT_LOG_ERR, "invalid port in \"%V\"", addr); + sa = nxt_sockaddr_alloc(mp, sizeof(struct sockaddr_in), + NXT_INET_ADDR_STR_LEN); + if (nxt_slow_path(sa == NULL)) { + return NULL; + } - return NULL; + sa->u.sockaddr_in.sin_family = AF_INET; + sa->u.sockaddr_in.sin_addr.s_addr = inaddr; + sa->u.sockaddr_in.sin_port = htons((in_port_t) port); + + return sa; } @@ -1320,3 +1368,19 @@ nxt_inet6_addr(struct in6_addr *in6_addr, u_char *buf, size_t length) } #endif + + +nxt_bool_t +nxt_inet6_probe(nxt_str_t *str) +{ + u_char *colon, *end; + + colon = nxt_memchr(str->start, ':', str->length); + + if (colon != NULL) { + end = str->start + str->length; + colon = nxt_memchr(colon + 1, ':', end - (colon + 1)); + } + + return (colon != NULL); +} diff --git a/src/nxt_sockaddr.h b/src/nxt_sockaddr.h index aa4da5d2..a8f1b393 100644 --- a/src/nxt_sockaddr.h +++ b/src/nxt_sockaddr.h @@ -91,12 +91,15 @@ NXT_EXPORT nxt_bool_t nxt_sockaddr_cmp(nxt_sockaddr_t *sa1, NXT_EXPORT size_t nxt_sockaddr_ntop(nxt_sockaddr_t *sa, u_char *buf, u_char *end, nxt_bool_t port); NXT_EXPORT nxt_sockaddr_t *nxt_sockaddr_parse(nxt_mp_t *mp, nxt_str_t *addr); +NXT_EXPORT nxt_sockaddr_t *nxt_sockaddr_parse_optport(nxt_mp_t *mp, + nxt_str_t *addr); NXT_EXPORT void nxt_job_sockaddr_parse(nxt_job_sockaddr_parse_t *jbs); NXT_EXPORT in_addr_t nxt_inet_addr(u_char *buf, size_t len); #if (NXT_INET6) NXT_EXPORT nxt_int_t nxt_inet6_addr(struct in6_addr *in6_addr, u_char *buf, size_t len); #endif +NXT_EXPORT nxt_bool_t nxt_inet6_probe(nxt_str_t *addr); #define NXT_INET_ADDR_STR_LEN nxt_length("255.255.255.255:65535") diff --git a/src/nxt_tls.h b/src/nxt_tls.h index 63c49ee4..eeb4e7ba 100644 --- a/src/nxt_tls.h +++ b/src/nxt_tls.h @@ -28,14 +28,16 @@ typedef struct nxt_tls_conf_s nxt_tls_conf_t; typedef struct nxt_tls_bundle_conf_s nxt_tls_bundle_conf_t; +typedef struct nxt_tls_init_s nxt_tls_init_t; +typedef struct nxt_tls_ticket_s nxt_tls_ticket_t; +typedef struct nxt_tls_tickets_s nxt_tls_tickets_t; typedef struct { nxt_int_t (*library_init)(nxt_task_t *task); void (*library_free)(nxt_task_t *task); - nxt_int_t (*server_init)(nxt_task_t *task, - nxt_tls_conf_t *conf, nxt_mp_t *mp, - nxt_conf_value_t *conf_cmds, + nxt_int_t (*server_init)(nxt_task_t *task, nxt_mp_t *mp, + nxt_tls_init_t *tls_init, nxt_bool_t last); void (*server_free)(nxt_task_t *task, nxt_tls_conf_t *conf); @@ -63,6 +65,8 @@ struct nxt_tls_conf_s { nxt_tls_bundle_conf_t *bundle; nxt_lvlhsh_t bundle_hash; + nxt_tls_tickets_t *tickets; + void (*conn_init)(nxt_task_t *task, nxt_tls_conf_t *conf, nxt_conn_t *c); @@ -78,12 +82,38 @@ struct nxt_tls_conf_s { }; +struct nxt_tls_init_s { + size_t cache_size; + nxt_time_t timeout; + nxt_conf_value_t *conf_cmds; + nxt_conf_value_t *tickets_conf; + + nxt_tls_conf_t *conf; +}; + + +struct nxt_tls_ticket_s { + uint8_t aes128; + u_char name[16]; + u_char hmac_key[32]; + u_char aes_key[32]; +}; + + +struct nxt_tls_tickets_s { + nxt_uint_t count; + nxt_tls_ticket_t tickets[]; +}; + + #if (NXT_HAVE_OPENSSL) extern const nxt_tls_lib_t nxt_openssl_lib; void nxt_cdecl nxt_openssl_log_error(nxt_task_t *task, nxt_uint_t level, const char *fmt, ...); u_char *nxt_openssl_copy_error(u_char *p, u_char *end); +nxt_int_t nxt_openssl_base64_decode(u_char *d, size_t dlen, const u_char *s, + size_t slen); #endif #if (NXT_HAVE_GNUTLS) diff --git a/src/nxt_upstream.c b/src/nxt_upstream.c index 9f81b286..de9b1d49 100644 --- a/src/nxt_upstream.c +++ b/src/nxt_upstream.c @@ -78,6 +78,10 @@ nxt_upstream_find(nxt_upstreams_t *upstreams, nxt_str_t *name, uint32_t i, n; nxt_upstream_t *upstream; + if (upstreams == NULL) { + return NXT_DECLINED; + } + upstream = &upstreams->upstream[0]; n = upstreams->items; diff --git a/src/python/nxt_python.c b/src/python/nxt_python.c index 588a147a..abb04194 100644 --- a/src/python/nxt_python.c +++ b/src/python/nxt_python.c @@ -264,7 +264,7 @@ nxt_python_start(nxt_task_t *task, nxt_process_data_t *data) goto fail; } - rc = nxt_py_proto.ctx_data_alloc(&python_init.ctx_data); + rc = nxt_py_proto.ctx_data_alloc(&python_init.ctx_data, 1); if (nxt_slow_path(rc != NXT_UNIT_OK)) { goto fail; } @@ -364,13 +364,13 @@ nxt_python_set_target(nxt_task_t *task, nxt_python_target_t *target, obj = PyDict_GetItemString(PyModule_GetDict(module), callable); if (nxt_slow_path(obj == NULL)) { nxt_alert(task, "Python failed to get \"%s\" from module \"%s\"", - callable, module); + callable, module_name); goto fail; } if (nxt_slow_path(PyCallable_Check(obj) == 0)) { nxt_alert(task, "\"%s\" in module \"%s\" is not a callable object", - callable, module); + callable, module_name); goto fail; } @@ -504,7 +504,7 @@ nxt_python_init_threads(nxt_python_app_conf_t *c) for (i = 0; i < c->threads - 1; i++) { ti = &nxt_py_threads[i]; - res = nxt_py_proto.ctx_data_alloc(&ti->ctx_data); + res = nxt_py_proto.ctx_data_alloc(&ti->ctx_data, 0); if (nxt_slow_path(res != NXT_UNIT_OK)) { return NXT_UNIT_ERROR; } diff --git a/src/python/nxt_python.h b/src/python/nxt_python.h index a5c1d9a6..e4eac9dc 100644 --- a/src/python/nxt_python.h +++ b/src/python/nxt_python.h @@ -60,7 +60,7 @@ typedef struct { typedef struct { - int (*ctx_data_alloc)(void **pdata); + int (*ctx_data_alloc)(void **pdata, int main); void (*ctx_data_free)(void *data); int (*startup)(void *data); int (*run)(nxt_unit_ctx_t *ctx); diff --git a/src/python/nxt_python_asgi.c b/src/python/nxt_python_asgi.c index 1d220678..26003805 100644 --- a/src/python/nxt_python_asgi.c +++ b/src/python/nxt_python_asgi.c @@ -17,7 +17,7 @@ static PyObject *nxt_python_asgi_get_func(PyObject *obj); -static int nxt_python_asgi_ctx_data_alloc(void **pdata); +static int nxt_python_asgi_ctx_data_alloc(void **pdata, int main); static void nxt_python_asgi_ctx_data_free(void *data); static int nxt_python_asgi_startup(void *data); static int nxt_python_asgi_run(nxt_unit_ctx_t *ctx); @@ -194,10 +194,11 @@ nxt_python_asgi_init(nxt_unit_init_t *init, nxt_python_proto_t *proto) static int -nxt_python_asgi_ctx_data_alloc(void **pdata) +nxt_python_asgi_ctx_data_alloc(void **pdata, int main) { uint32_t i; - PyObject *asyncio, *loop, *new_event_loop, *obj; + PyObject *asyncio, *loop, *event_loop, *obj; + const char *event_loop_func; nxt_py_asgi_ctx_data_t *ctx_data; ctx_data = nxt_unit_malloc(NULL, sizeof(nxt_py_asgi_ctx_data_t)); @@ -232,23 +233,28 @@ nxt_python_asgi_ctx_data_alloc(void **pdata) goto fail; } - new_event_loop = PyDict_GetItemString(PyModule_GetDict(asyncio), - "new_event_loop"); - if (nxt_slow_path(new_event_loop == NULL)) { + event_loop_func = main ? "get_event_loop" : "new_event_loop"; + + event_loop = PyDict_GetItemString(PyModule_GetDict(asyncio), + event_loop_func); + if (nxt_slow_path(event_loop == NULL)) { nxt_unit_alert(NULL, - "Python failed to get 'new_event_loop' from module 'asyncio'"); + "Python failed to get '%s' from module 'asyncio'", + event_loop_func); goto fail; } - if (nxt_slow_path(PyCallable_Check(new_event_loop) == 0)) { + if (nxt_slow_path(PyCallable_Check(event_loop) == 0)) { nxt_unit_alert(NULL, - "'asyncio.new_event_loop' is not a callable object"); + "'asyncio.%s' is not a callable object", + event_loop_func); goto fail; } - loop = PyObject_CallObject(new_event_loop, NULL); + loop = PyObject_CallObject(event_loop, NULL); if (nxt_slow_path(loop == NULL)) { - nxt_unit_alert(NULL, "Python failed to call 'asyncio.new_event_loop'"); + nxt_unit_alert(NULL, "Python failed to call 'asyncio.%s'", + event_loop_func); goto fail; } diff --git a/src/python/nxt_python_asgi_http.c b/src/python/nxt_python_asgi_http.c index d88c4b00..c4a77d53 100644 --- a/src/python/nxt_python_asgi_http.c +++ b/src/python/nxt_python_asgi_http.c @@ -23,10 +23,11 @@ typedef struct { PyObject *send_future; uint64_t content_length; uint64_t bytes_sent; - int complete; - int closed; PyObject *send_body; Py_ssize_t send_body_off; + uint8_t complete; + uint8_t closed; + uint8_t empty_body_received; } nxt_py_asgi_http_t; @@ -37,6 +38,9 @@ static PyObject *nxt_py_asgi_http_response_start(nxt_py_asgi_http_t *http, PyObject *dict); static PyObject *nxt_py_asgi_http_response_body(nxt_py_asgi_http_t *http, PyObject *dict); +static void nxt_py_asgi_http_emit_disconnect(nxt_py_asgi_http_t *http); +static void nxt_py_asgi_http_set_result(nxt_py_asgi_http_t *http, + PyObject *future, PyObject *msg); static PyObject *nxt_py_asgi_http_done(PyObject *self, PyObject *future); @@ -94,10 +98,11 @@ nxt_py_asgi_http_create(nxt_unit_request_info_t *req) http->send_future = NULL; http->content_length = -1; http->bytes_sent = 0; - http->complete = 0; - http->closed = 0; http->send_body = NULL; http->send_body_off = 0; + http->complete = 0; + http->closed = 0; + http->empty_body_received = 0; } return (PyObject *) http; @@ -117,7 +122,7 @@ nxt_py_asgi_http_receive(PyObject *self, PyObject *none) nxt_unit_req_debug(req, "asgi_http_receive"); - if (nxt_slow_path(http->closed || nxt_unit_response_is_sent(req))) { + if (nxt_slow_path(http->closed || http->complete )) { msg = nxt_py_asgi_new_msg(req, nxt_py_http_disconnect_str); } else { @@ -171,6 +176,14 @@ nxt_py_asgi_http_read_msg(nxt_py_asgi_http_t *http) size = nxt_py_asgi_http_body_buf_size; } + if (size == 0) { + if (http->empty_body_received) { + Py_RETURN_NONE; + } + + http->empty_body_received = 1; + } + if (size > 0) { body = PyBytes_FromStringAndSize(NULL, size); if (nxt_slow_path(body == NULL)) { @@ -442,6 +455,8 @@ nxt_py_asgi_http_response_body(nxt_py_asgi_http_t *http, PyObject *dict) if (more_body == NULL || more_body == Py_False) { http->complete = 1; + + nxt_py_asgi_http_emit_disconnect(http); } Py_INCREF(http); @@ -449,10 +464,67 @@ nxt_py_asgi_http_response_body(nxt_py_asgi_http_t *http, PyObject *dict) } +static void +nxt_py_asgi_http_emit_disconnect(nxt_py_asgi_http_t *http) +{ + PyObject *msg, *future; + + if (http->receive_future == NULL) { + return; + } + + msg = nxt_py_asgi_new_msg(http->req, nxt_py_http_disconnect_str); + if (nxt_slow_path(msg == NULL)) { + return; + } + + if (msg == Py_None) { + Py_DECREF(msg); + return; + } + + future = http->receive_future; + http->receive_future = NULL; + + nxt_py_asgi_http_set_result(http, future, msg); + + Py_DECREF(msg); +} + + +static void +nxt_py_asgi_http_set_result(nxt_py_asgi_http_t *http, PyObject *future, + PyObject *msg) +{ + PyObject *res; + + res = PyObject_CallMethodObjArgs(future, nxt_py_done_str, NULL); + if (nxt_slow_path(res == NULL)) { + nxt_unit_req_alert(http->req, "'done' call failed"); + nxt_python_print_exception(); + } + + if (nxt_fast_path(res == Py_False)) { + res = PyObject_CallMethodObjArgs(future, nxt_py_set_result_str, msg, + NULL); + if (nxt_slow_path(res == NULL)) { + nxt_unit_req_alert(http->req, "'set_result' call failed"); + nxt_python_print_exception(); + } + + } else { + res = NULL; + } + + Py_XDECREF(res); + Py_DECREF(future); +} + + void nxt_py_asgi_http_data_handler(nxt_unit_request_info_t *req) { - PyObject *msg, *future, *res; + PyObject *msg, *future; nxt_py_asgi_http_t *http; http = req->data; @@ -476,14 +548,7 @@ nxt_py_asgi_http_data_handler(nxt_unit_request_info_t *req) future = http->receive_future; http->receive_future = NULL; - res = PyObject_CallMethodObjArgs(future, nxt_py_set_result_str, msg, NULL); - if (nxt_slow_path(res == NULL)) { - nxt_unit_req_alert(req, "'set_result' call failed"); - nxt_python_print_exception(); - } - - Py_XDECREF(res); - Py_DECREF(future); + nxt_py_asgi_http_set_result(http, future, msg); Py_DECREF(msg); } @@ -527,15 +592,7 @@ nxt_py_asgi_http_drain(nxt_queue_link_t *lnk) future = http->send_future; http->send_future = NULL; - res = PyObject_CallMethodObjArgs(future, nxt_py_set_result_str, Py_None, - NULL); - if (nxt_slow_path(res == NULL)) { - nxt_unit_req_alert(http->req, "'set_result' call failed"); - nxt_python_print_exception(); - } - - Py_XDECREF(res); - Py_DECREF(future); + nxt_py_asgi_http_set_result(http, future, Py_None); return NXT_UNIT_OK; @@ -573,7 +630,6 @@ fail: void nxt_py_asgi_http_close_handler(nxt_unit_request_info_t *req) { - PyObject *msg, *future, *res; nxt_py_asgi_http_t *http; http = req->data; @@ -582,33 +638,7 @@ nxt_py_asgi_http_close_handler(nxt_unit_request_info_t *req) http->closed = 1; - if (http->receive_future == NULL) { - return; - } - - msg = nxt_py_asgi_new_msg(req, nxt_py_http_disconnect_str); - if (nxt_slow_path(msg == NULL)) { - return; - } - - if (msg == Py_None) { - Py_DECREF(msg); - return; - } - - future = http->receive_future; - http->receive_future = NULL; - - res = PyObject_CallMethodObjArgs(future, nxt_py_set_result_str, msg, NULL); - if (nxt_slow_path(res == NULL)) { - nxt_unit_req_alert(req, "'set_result' call failed"); - nxt_python_print_exception(); - } - - Py_XDECREF(res); - Py_DECREF(future); - - Py_DECREF(msg); + nxt_py_asgi_http_emit_disconnect(http); } diff --git a/src/python/nxt_python_wsgi.c b/src/python/nxt_python_wsgi.c index b80d10fa..87dcfaa2 100644 --- a/src/python/nxt_python_wsgi.c +++ b/src/python/nxt_python_wsgi.c @@ -51,7 +51,7 @@ typedef struct { } nxt_python_ctx_t; -static int nxt_python_wsgi_ctx_data_alloc(void **pdata); +static int nxt_python_wsgi_ctx_data_alloc(void **pdata, int main); static void nxt_python_wsgi_ctx_data_free(void *data); static int nxt_python_wsgi_run(nxt_unit_ctx_t *ctx); static void nxt_python_wsgi_done(void); @@ -210,7 +210,7 @@ fail: static int -nxt_python_wsgi_ctx_data_alloc(void **pdata) +nxt_python_wsgi_ctx_data_alloc(void **pdata, int main) { nxt_python_ctx_t *pctx; diff --git a/src/ruby/nxt_ruby.c b/src/ruby/nxt_ruby.c index ca14af5b..522869b5 100644 --- a/src/ruby/nxt_ruby.c +++ b/src/ruby/nxt_ruby.c @@ -29,6 +29,11 @@ typedef struct { static nxt_int_t nxt_ruby_start(nxt_task_t *task, nxt_process_data_t *data); static VALUE nxt_ruby_init_basic(VALUE arg); + +static VALUE nxt_ruby_hook_procs_load(VALUE path); +static VALUE nxt_ruby_hook_register(VALUE arg); +static VALUE nxt_ruby_hook_call(VALUE name); + static VALUE nxt_ruby_rack_init(nxt_ruby_rack_init_t *rack_init); static VALUE nxt_ruby_require_rubygems(VALUE arg); @@ -78,6 +83,7 @@ static uint32_t compat[] = { NXT_VERNUM, NXT_DEBUG, }; +static VALUE nxt_ruby_hook_procs; static VALUE nxt_ruby_rackup; static VALUE nxt_ruby_call; @@ -115,6 +121,10 @@ static VALUE nxt_rb_server_addr_str; static VALUE nxt_rb_server_name_str; static VALUE nxt_rb_server_port_str; static VALUE nxt_rb_server_protocol_str; +static VALUE nxt_rb_on_worker_boot; +static VALUE nxt_rb_on_worker_shutdown; +static VALUE nxt_rb_on_thread_boot; +static VALUE nxt_rb_on_thread_shutdown; static nxt_ruby_string_t nxt_rb_strings[] = { { nxt_string("80"), &nxt_rb_80_str }, @@ -132,6 +142,10 @@ static nxt_ruby_string_t nxt_rb_strings[] = { { nxt_string("SERVER_NAME"), &nxt_rb_server_name_str }, { nxt_string("SERVER_PORT"), &nxt_rb_server_port_str }, { nxt_string("SERVER_PROTOCOL"), &nxt_rb_server_protocol_str }, + { nxt_string("on_worker_boot"), &nxt_rb_on_worker_boot }, + { nxt_string("on_worker_shutdown"), &nxt_rb_on_worker_shutdown }, + { nxt_string("on_thread_boot"), &nxt_rb_on_thread_boot }, + { nxt_string("on_thread_shutdown"), &nxt_rb_on_thread_shutdown }, { nxt_null_string, NULL }, }; @@ -183,11 +197,70 @@ nxt_ruby_done_strings(void) } +static VALUE +nxt_ruby_hook_procs_load(VALUE path) +{ + VALUE module, file, file_obj; + + module = rb_define_module("Unit"); + + nxt_ruby_hook_procs = rb_hash_new(); + + rb_gc_register_address(&nxt_ruby_hook_procs); + + rb_define_module_function(module, "on_worker_boot", + &nxt_ruby_hook_register, 0); + rb_define_module_function(module, "on_worker_shutdown", + &nxt_ruby_hook_register, 0); + rb_define_module_function(module, "on_thread_boot", + &nxt_ruby_hook_register, 0); + rb_define_module_function(module, "on_thread_shutdown", + &nxt_ruby_hook_register, 0); + + file = rb_const_get(rb_cObject, rb_intern("File")); + file_obj = rb_funcall(file, rb_intern("read"), 1, path); + + return rb_funcall(module, rb_intern("module_eval"), 3, file_obj, path, + INT2NUM(1)); +} + + +static VALUE +nxt_ruby_hook_register(VALUE arg) +{ + VALUE kernel, callee, callee_str; + + rb_need_block(); + + kernel = rb_const_get(rb_cObject, rb_intern("Kernel")); + callee = rb_funcall(kernel, rb_intern("__callee__"), 0); + callee_str = rb_funcall(callee, rb_intern("to_s"), 0); + + rb_hash_aset(nxt_ruby_hook_procs, callee_str, rb_block_proc()); + + return Qnil; +} + + +static VALUE +nxt_ruby_hook_call(VALUE name) +{ + VALUE proc; + + proc = rb_hash_lookup(nxt_ruby_hook_procs, name); + if (proc == Qnil) { + return Qnil; + } + + return rb_funcall(proc, rb_intern("call"), 0); +} + + static nxt_int_t nxt_ruby_start(nxt_task_t *task, nxt_process_data_t *data) { int state, rc; - VALUE res; + VALUE res, path; nxt_ruby_ctx_t ruby_ctx; nxt_unit_ctx_t *unit_ctx; nxt_unit_init_t ruby_unit_init; @@ -231,6 +304,29 @@ nxt_ruby_start(nxt_task_t *task, nxt_process_data_t *data) } nxt_ruby_call = Qnil; + nxt_ruby_hook_procs = Qnil; + + if (c->hooks.start != NULL) { + path = rb_str_new((const char *) c->hooks.start, + (long) c->hooks.length); + + rb_protect(nxt_ruby_hook_procs_load, path, &state); + rb_str_free(path); + if (nxt_slow_path(state != 0)) { + nxt_ruby_exception_log(NULL, NXT_LOG_ALERT, + "Failed to setup hooks"); + return NXT_ERROR; + } + } + + if (nxt_ruby_hook_procs != Qnil) { + rb_protect(nxt_ruby_hook_call, nxt_rb_on_worker_boot, &state); + if (nxt_slow_path(state != 0)) { + nxt_ruby_exception_log(NULL, NXT_LOG_ERR, + "Failed to call on_worker_boot()"); + return NXT_ERROR; + } + } nxt_ruby_rackup = nxt_ruby_rack_init(&rack_init); if (nxt_slow_path(nxt_ruby_rackup == Qnil)) { @@ -274,11 +370,35 @@ nxt_ruby_start(nxt_task_t *task, nxt_process_data_t *data) goto fail; } + if (nxt_ruby_hook_procs != Qnil) { + rb_protect(nxt_ruby_hook_call, nxt_rb_on_thread_boot, &state); + if (nxt_slow_path(state != 0)) { + nxt_ruby_exception_log(NULL, NXT_LOG_ERR, + "Failed to call on_thread_boot()"); + } + } + rc = (intptr_t) rb_thread_call_without_gvl(nxt_ruby_unit_run, unit_ctx, nxt_ruby_ubf, unit_ctx); + if (nxt_ruby_hook_procs != Qnil) { + rb_protect(nxt_ruby_hook_call, nxt_rb_on_thread_shutdown, &state); + if (nxt_slow_path(state != 0)) { + nxt_ruby_exception_log(NULL, NXT_LOG_ERR, + "Failed to call on_thread_shutdown()"); + } + } + nxt_ruby_join_threads(unit_ctx, c); + if (nxt_ruby_hook_procs != Qnil) { + rb_protect(nxt_ruby_hook_call, nxt_rb_on_worker_shutdown, &state); + if (nxt_slow_path(state != 0)) { + nxt_ruby_exception_log(NULL, NXT_LOG_ERR, + "Failed to call on_worker_shutdown()"); + } + } + nxt_unit_done(unit_ctx); nxt_ruby_ctx_done(&ruby_ctx); @@ -1069,14 +1189,18 @@ nxt_ruby_exception_log(nxt_unit_request_info_t *req, uint32_t level, return; } + eclass = rb_class_name(rb_class_of(err)); + + msg = rb_funcall(err, rb_intern("message"), 0); ary = rb_funcall(err, rb_intern("backtrace"), 0); - if (nxt_slow_path(RARRAY_LEN(ary) == 0)) { + + if (RARRAY_LEN(ary) == 0) { + nxt_unit_req_log(req, level, "Ruby: %s (%s)", RSTRING_PTR(msg), + RSTRING_PTR(eclass)); + return; } - eclass = rb_class_name(rb_class_of(err)); - msg = rb_funcall(err, rb_intern("message"), 0); - nxt_unit_req_log(req, level, "Ruby: %s: %s (%s)", RSTRING_PTR(RARRAY_PTR(ary)[0]), RSTRING_PTR(msg), RSTRING_PTR(eclass)); @@ -1116,6 +1240,10 @@ nxt_ruby_atexit(void) rb_gc_unregister_address(&nxt_ruby_call); } + if (nxt_ruby_hook_procs != Qnil) { + rb_gc_unregister_address(&nxt_ruby_hook_procs); + } + nxt_ruby_done_strings(); ruby_cleanup(0); @@ -1178,6 +1306,7 @@ nxt_ruby_thread_create_gvl(void *rctx) static VALUE nxt_ruby_thread_func(VALUE arg) { + int state; nxt_unit_ctx_t *ctx; nxt_ruby_ctx_t *rctx; @@ -1190,9 +1319,25 @@ nxt_ruby_thread_func(VALUE arg) goto fail; } + if (nxt_ruby_hook_procs != Qnil) { + rb_protect(nxt_ruby_hook_call, nxt_rb_on_thread_boot, &state); + if (nxt_slow_path(state != 0)) { + nxt_ruby_exception_log(NULL, NXT_LOG_ERR, + "Failed to call on_thread_boot()"); + } + } + (void) rb_thread_call_without_gvl(nxt_ruby_unit_run, ctx, nxt_ruby_ubf, ctx); + if (nxt_ruby_hook_procs != Qnil) { + rb_protect(nxt_ruby_hook_call, nxt_rb_on_thread_shutdown, &state); + if (nxt_slow_path(state != 0)) { + nxt_ruby_exception_log(NULL, NXT_LOG_ERR, + "Failed to call on_thread_shutdown()"); + } + } + nxt_unit_done(ctx); fail: diff --git a/test/conftest.py b/test/conftest.py index 5ea4e49d..4d46e2fc 100644 --- a/test/conftest.py +++ b/test/conftest.py @@ -22,8 +22,8 @@ from unit.check.node import check_node from unit.check.regex import check_regex from unit.check.tls import check_openssl from unit.http import TestHTTP -from unit.option import option from unit.log import Log +from unit.option import option from unit.utils import public_dir from unit.utils import waitforfiles @@ -74,7 +74,7 @@ def pytest_addoption(parser): unit_instance = {} _processes = [] -_fds_check = { +_fds_info = { 'main': {'fds': 0, 'skip': False}, 'router': {'name': 'unit: router', 'pid': -1, 'fds': 0, 'skip': False}, 'controller': { @@ -115,6 +115,17 @@ def pytest_configure(config): fcntl.fcntl(sys.stdout.fileno(), fcntl.F_SETFL, 0) +def print_log_on_assert(func): + def inner_function(*args, **kwargs): + try: + func(*args, **kwargs) + except AssertionError as e: + _print_log(kwargs.get('log', None)) + raise e + + return inner_function + + def pytest_generate_tests(metafunc): cls = metafunc.cls if ( @@ -275,9 +286,9 @@ def run(request): ] option.skip_sanitizer = False - _fds_check['main']['skip'] = False - _fds_check['router']['skip'] = False - _fds_check['controller']['skip'] = False + _fds_info['main']['skip'] = False + _fds_info['router']['skip'] = False + _fds_info['controller']['skip'] = False yield @@ -299,7 +310,7 @@ def run(request): # clean temp_dir before the next test if not option.restart: - _clear_conf(unit['temp_dir'] + '/control.unit.sock', log) + _clear_conf(unit['temp_dir'] + '/control.unit.sock', log=log) for item in os.listdir(unit['temp_dir']): if item not in [ @@ -317,53 +328,18 @@ def run(request): ): os.remove(path) else: - shutil.rmtree(path) - - # check descriptors (wait for some time before check) - - def waitforfds(diff): - for i in range(600): - fds_diff = diff() - - if fds_diff <= option.fds_threshold: - break - - time.sleep(0.1) - - return fds_diff - - ps = _fds_check['main'] - if not ps['skip']: - fds_diff = waitforfds( - lambda: _count_fds(unit_instance['pid']) - ps['fds'] - ) - ps['fds'] += fds_diff - - assert ( - fds_diff <= option.fds_threshold - ), 'descriptors leak main process' - - else: - ps['fds'] = _count_fds(unit_instance['pid']) - - for name in ['controller', 'router']: - ps = _fds_check[name] - ps_pid = ps['pid'] - ps['pid'] = pid_by_name(ps['name']) - - if not ps['skip']: - fds_diff = waitforfds(lambda: _count_fds(ps['pid']) - ps['fds']) - ps['fds'] += fds_diff - - if not option.restart: - assert ps['pid'] == ps_pid, 'same pid %s' % name + for attempt in range(10): + try: + shutil.rmtree(path) + break + except OSError as err: + if err.errno != 16: + raise + time.sleep(1) - assert fds_diff <= option.fds_threshold, ( - 'descriptors leak %s' % name - ) + # check descriptors - else: - ps['fds'] = _count_fds(ps['pid']) + _check_fds(log=log) # print unit.log in case of error @@ -424,6 +400,8 @@ def unit_run(): with open(temp_dir + '/unit.log', 'w') as log: unit_instance['process'] = subprocess.Popen(unitd_args, stderr=log) + Log.temp_dir = temp_dir + if not waitforfiles(temp_dir + '/control.unit.sock'): _print_log() exit('Could not start unit') @@ -433,20 +411,19 @@ def unit_run(): unit_instance['unitd'] = unitd option.temp_dir = temp_dir - Log.temp_dir = temp_dir with open(temp_dir + '/unit.pid', 'r') as f: unit_instance['pid'] = f.read().rstrip() _clear_conf(unit_instance['temp_dir'] + '/control.unit.sock') - _fds_check['main']['fds'] = _count_fds(unit_instance['pid']) + _fds_info['main']['fds'] = _count_fds(unit_instance['pid']) - router = _fds_check['router'] + router = _fds_info['router'] router['pid'] = pid_by_name(router['name']) router['fds'] = _count_fds(router['pid']) - controller = _fds_check['controller'] + controller = _fds_info['controller'] controller['pid'] = pid_by_name(controller['name']) controller['fds'] = _count_fds(controller['pid']) @@ -481,7 +458,8 @@ def unit_stop(): return 'Could not terminate unit' -def _check_alerts(log=None): +@print_log_on_assert +def _check_alerts(*, log=None): if log is None: with Log.open(encoding='utf-8') as f: log = f.read() @@ -499,22 +477,18 @@ def _check_alerts(log=None): for skip in option.skip_alerts: alerts = [al for al in alerts if re.search(skip, al) is None] - if alerts: - _print_log(log) - assert not alerts, 'alert(s)' + assert not alerts, 'alert(s)' if not option.skip_sanitizer: sanitizer_errors = re.findall('.+Sanitizer.+', log) - if sanitizer_errors: - _print_log(log) - assert not sanitizer_errors, 'sanitizer error(s)' + assert not sanitizer_errors, 'sanitizer error(s)' if found: print('skipped.') -def _print_log(data=None): +def _print_log(log=None): path = Log.get_path() print('Path to unit.log:\n' + path + '\n') @@ -523,19 +497,15 @@ def _print_log(data=None): os.set_blocking(sys.stdout.fileno(), True) sys.stdout.flush() - if data is None: + if log is None: with open(path, 'r', encoding='utf-8', errors='ignore') as f: shutil.copyfileobj(f, sys.stdout) else: - sys.stdout.write(data) + sys.stdout.write(log) -def _clear_conf(sock, log=None): - def check_success(resp): - if 'success' not in resp: - _print_log(log) - assert 'success' in resp - +@print_log_on_assert +def _clear_conf(sock, *, log=None): resp = http.put( url='/config', sock_type='unix', @@ -543,7 +513,7 @@ def _clear_conf(sock, log=None): body=json.dumps({"listeners": {}, "applications": {}}), )['body'] - check_success(resp) + assert 'success' in resp, 'clear conf' if 'openssl' not in option.available['modules']: return @@ -561,7 +531,54 @@ def _clear_conf(sock, log=None): url='/certificates/' + cert, sock_type='unix', addr=sock, )['body'] - check_success(resp) + assert 'success' in resp, 'remove certificate' + + +@print_log_on_assert +def _check_fds(*, log=None): + def waitforfds(diff): + for i in range(600): + fds_diff = diff() + + if fds_diff <= option.fds_threshold: + break + + time.sleep(0.1) + + return fds_diff + + ps = _fds_info['main'] + if not ps['skip']: + fds_diff = waitforfds( + lambda: _count_fds(unit_instance['pid']) - ps['fds'] + ) + ps['fds'] += fds_diff + + assert ( + fds_diff <= option.fds_threshold + ), 'descriptors leak main process' + + else: + ps['fds'] = _count_fds(unit_instance['pid']) + + for name in ['controller', 'router']: + ps = _fds_info[name] + ps_pid = ps['pid'] + ps['pid'] = pid_by_name(ps['name']) + + if not ps['skip']: + fds_diff = waitforfds(lambda: _count_fds(ps['pid']) - ps['fds']) + ps['fds'] += fds_diff + + if not option.restart: + assert ps['pid'] == ps_pid, 'same pid %s' % name + + assert fds_diff <= option.fds_threshold, ( + 'descriptors leak %s' % name + ) + + else: + ps['fds'] = _count_fds(ps['pid']) def _count_fds(pid): @@ -639,9 +656,9 @@ def skip_alert(): @pytest.fixture() def skip_fds_check(): def _skip(main=False, router=False, controller=False): - _fds_check['main']['skip'] = main - _fds_check['router']['skip'] = router - _fds_check['controller']['skip'] = controller + _fds_info['main']['skip'] = main + _fds_info['router']['skip'] = router + _fds_info['controller']['skip'] = controller return _skip diff --git a/test/python/client_ip/wsgi.py b/test/python/client_ip/wsgi.py new file mode 100644 index 00000000..0e12db0a --- /dev/null +++ b/test/python/client_ip/wsgi.py @@ -0,0 +1,4 @@ +def application(env, start_response): + ip = env['REMOTE_ADDR'].encode() + start_response('200', [('Content-Length', str(len(ip)))]) + return ip diff --git a/test/python/restart/longstart.py b/test/python/restart/longstart.py new file mode 100644 index 00000000..777398ac --- /dev/null +++ b/test/python/restart/longstart.py @@ -0,0 +1,10 @@ +import os +import time + +time.sleep(2) + +def application(environ, start_response): + body = str(os.getpid()).encode() + + start_response('200', [('Content-Length', str(len(body)))]) + return [body] diff --git a/test/python/restart/v1.py b/test/python/restart/v1.py new file mode 100644 index 00000000..2e45b269 --- /dev/null +++ b/test/python/restart/v1.py @@ -0,0 +1,7 @@ +import os + +def application(environ, start_response): + body = "v1".encode() + + start_response('200', [('Content-Length', str(len(body)))]) + return [body] diff --git a/test/python/restart/v2.py b/test/python/restart/v2.py new file mode 100644 index 00000000..59e3d30f --- /dev/null +++ b/test/python/restart/v2.py @@ -0,0 +1,7 @@ +import os + +def application(environ, start_response): + body = "v2".encode() + + start_response('200', [('Content-Length', str(len(body)))]) + return [body] diff --git a/test/ruby/hooks/config.ru b/test/ruby/hooks/config.ru new file mode 100644 index 00000000..f3069558 --- /dev/null +++ b/test/ruby/hooks/config.ru @@ -0,0 +1,7 @@ +app = Proc.new do |env| + ['200', { + 'Content-Length' => '0' + }, ['']] +end + +run app diff --git a/test/ruby/hooks/eval.rb b/test/ruby/hooks/eval.rb new file mode 100644 index 00000000..ce7329c1 --- /dev/null +++ b/test/ruby/hooks/eval.rb @@ -0,0 +1,3 @@ +require 'securerandom' + +File.write("./cookie_eval.#{SecureRandom.hex}", "evaluated") diff --git a/test/ruby/hooks/multiple.rb b/test/ruby/hooks/multiple.rb new file mode 100644 index 00000000..b1b659a5 --- /dev/null +++ b/test/ruby/hooks/multiple.rb @@ -0,0 +1,13 @@ +require 'securerandom' + +@mutex = Mutex.new + +on_worker_boot do + File.write("./cookie_worker_boot.#{SecureRandom.hex}", "worker booted") +end + +on_thread_boot do + @mutex.synchronize do + File.write("./cookie_thread_boot.#{SecureRandom.hex}", "thread booted") + end +end diff --git a/test/ruby/hooks/on_thread_boot.rb b/test/ruby/hooks/on_thread_boot.rb new file mode 100644 index 00000000..4f88424e --- /dev/null +++ b/test/ruby/hooks/on_thread_boot.rb @@ -0,0 +1,9 @@ +require 'securerandom' + +@mutex = Mutex.new + +on_thread_boot do + @mutex.synchronize do + File.write("./cookie_thread_boot.#{SecureRandom.hex}", "booted") + end +end diff --git a/test/ruby/hooks/on_thread_shutdown.rb b/test/ruby/hooks/on_thread_shutdown.rb new file mode 100644 index 00000000..d953b8b7 --- /dev/null +++ b/test/ruby/hooks/on_thread_shutdown.rb @@ -0,0 +1,9 @@ +require 'securerandom' + +@mutex = Mutex.new + +on_thread_shutdown do + @mutex.synchronize do + File.write("./cookie_thread_shutdown.#{SecureRandom.hex}", "shutdown") + end +end diff --git a/test/ruby/hooks/on_worker_boot.rb b/test/ruby/hooks/on_worker_boot.rb new file mode 100644 index 00000000..b6529f60 --- /dev/null +++ b/test/ruby/hooks/on_worker_boot.rb @@ -0,0 +1,5 @@ +require 'securerandom' + +on_worker_boot do + File.write("./cookie_worker_boot.#{SecureRandom.hex}", "booted") +end diff --git a/test/ruby/hooks/on_worker_shutdown.rb b/test/ruby/hooks/on_worker_shutdown.rb new file mode 100644 index 00000000..9ffaad93 --- /dev/null +++ b/test/ruby/hooks/on_worker_shutdown.rb @@ -0,0 +1,5 @@ +require 'securerandom' + +on_worker_shutdown do + File.write("./cookie_worker_shutdown.#{SecureRandom.hex}", "shutdown") +end diff --git a/test/test_client_ip.py b/test/test_client_ip.py new file mode 100644 index 00000000..0084574e --- /dev/null +++ b/test/test_client_ip.py @@ -0,0 +1,129 @@ +import pytest + +from unit.applications.lang.python import TestApplicationPython + + +class TestClientIP(TestApplicationPython): + prerequisites = {'modules': {'python': 'any'}} + + def client_ip(self, options): + assert 'success' in self.conf( + { + "127.0.0.1:7081": + {"client_ip": options, "pass": "applications/client_ip"}, + "[::1]:7082": + {"client_ip": options, "pass": "applications/client_ip"}, + }, + 'listeners', + ), 'listeners configure' + + def get_xff(self, xff, sock_type='ipv4'): + port = 7081 if sock_type == 'ipv4' else 7082 + + return self.get( + sock_type=sock_type, + port=port, + headers={'Connection': 'close', 'X-Forwarded-For': xff}, + )['body'] + + def setup_method(self): + self.load('client_ip') + + def test_settings_client_ip_single_ip(self): + self.client_ip( + {'header': 'X-Forwarded-For', 'source': '123.123.123.123'} + ) + + assert self.get(port=7081)['body'] == '127.0.0.1', 'ipv4 default' + assert ( + self.get(sock_type='ipv6', port=7082)['body'] == '::1' + ), 'ipv6 default' + assert self.get_xff('1.1.1.1') == '127.0.0.1', 'bad source' + assert self.get_xff('blah') == '127.0.0.1', 'bad header' + assert self.get_xff('1.1.1.1', 'ipv6') == '::1', 'bad source ipv6' + + self.client_ip({'header': 'X-Forwarded-For', 'source': '127.0.0.1'}) + + assert self.get(port=7081)['body'] == '127.0.0.1', 'ipv4 default 2' + assert ( + self.get(sock_type='ipv6', port=7082)['body'] == '::1' + ), 'ipv6 default 2' + assert self.get_xff('1.1.1.1') == '1.1.1.1', 'replace' + assert self.get_xff('blah') == '127.0.0.1', 'bad header 2' + assert ( + self.get_xff('1.1.1.1', 'ipv6') == '::1' + ), 'bad source ipv6 2' + + self.client_ip({'header': 'X-Forwarded-For', 'source': '!127.0.0.1'}) + + assert self.get_xff('1.1.1.1') == '127.0.0.1', 'bad source 3' + assert self.get_xff('1.1.1.1', 'ipv6') == '1.1.1.1', 'replace 2' + + def test_settings_client_ip_ipv4(self): + self.client_ip({'header': 'X-Forwarded-For', 'source': '127.0.0.1'}) + + assert ( + self.get_xff('8.8.8.8, 84.23.23.11') == '84.23.23.11' + ), 'xff replace' + assert ( + self.get_xff('8.8.8.8, 84.23.23.11, 127.0.0.1') == '127.0.0.1' + ), 'xff replace 2' + assert ( + self.get_xff(['8.8.8.8', '127.0.0.1, 10.0.1.1']) == '10.0.1.1' + ), 'xff replace multi' + + def test_settings_client_ip_ipv6(self): + self.client_ip({'header': 'X-Forwarded-For', 'source': '::1'}) + + assert self.get_xff('1.1.1.1') == '127.0.0.1', 'bad source ipv4' + + for ip in [ + 'f607:7403:1e4b:6c66:33b2:843f:2517:da27', + '2001:db8:3c4d:15::1a2f:1a2b', + '2001::3c4d:15:1a2f:1a2b', + '::11.22.33.44', + ]: + assert self.get_xff(ip, 'ipv6') == ip, 'replace' + + def test_settings_client_ip_recursive(self): + self.client_ip( + { + 'header': 'X-Forwarded-For', + 'recursive': True, + 'source': ['127.0.0.1', '10.50.0.17', '10.5.2.1'], + } + ) + + assert self.get_xff('1.1.1.1') == '1.1.1.1', 'xff chain' + assert self.get_xff('1.1.1.1, 10.5.2.1') == '1.1.1.1', 'xff chain 2' + assert ( + self.get_xff('8.8.8.8, 1.1.1.1, 10.5.2.1') == '1.1.1.1' + ), 'xff chain 3' + assert ( + self.get_xff('10.50.0.17, 10.5.2.1, 10.5.2.1') == '10.50.0.17' + ), 'xff chain 4' + assert ( + self.get_xff(['8.8.8.8', '1.1.1.1, 127.0.0.1']) == '1.1.1.1' + ), 'xff replace multi' + assert ( + self.get_xff(['8.8.8.8', '1.1.1.1, 127.0.0.1', '10.5.2.1']) + == '1.1.1.1' + ), 'xff replace multi 2' + assert ( + self.get_xff(['10.5.2.1', '10.50.0.17, 1.1.1.1', '10.5.2.1']) + == '1.1.1.1' + ), 'xff replace multi 3' + assert ( + self.get_xff('8.8.8.8, 2001:db8:3c4d:15::1a2f:1a2b, 127.0.0.1') + == '2001:db8:3c4d:15::1a2f:1a2b' + ), 'xff chain ipv6' + + def test_settings_client_ip_invalid(self): + assert 'error' in self.conf( + {"http": {"client_ip": {'header': 'X-Forwarded-For', 'source': []}}}, + 'settings', + ), 'empty array source' + assert 'error' in self.conf( + {"http":{"client_ip": {'header': 'X-Forwarded-For', 'source': 'a'}}}, + 'settings', + ), 'empty source invalid' diff --git a/test/test_configuration.py b/test/test_configuration.py index 880aef6c..8655968f 100644 --- a/test/test_configuration.py +++ b/test/test_configuration.py @@ -1,12 +1,22 @@ +import socket + import pytest -import socket from unit.control import TestControl class TestConfiguration(TestControl): prerequisites = {'modules': {'python': 'any'}} + def try_addr(self, addr): + return self.conf( + { + "listeners": {addr: {"pass": "routes"}}, + "routes": [{"action": {"return": 200}}], + "applications": {}, + } + ) + def test_json_empty(self): assert 'error' in self.conf(''), 'empty' @@ -217,50 +227,20 @@ class TestConfiguration(TestControl): {"*:7080": {"pass": "applications/app"}}, 'listeners' ), 'listeners no app' - def test_listeners_wildcard(self): - assert 'success' in self.conf( - { - "listeners": {"*:7080": {"pass": "applications/app"}}, - "applications": { - "app": { - "type": "python", - "processes": {"spare": 0}, - "path": "/app", - "module": "wsgi", - } - }, - } - ), 'listeners wildcard' + def test_listeners_addr(self): + assert 'success' in self.try_addr("*:7080"), 'wildcard' + assert 'success' in self.try_addr("127.0.0.1:7081"), 'explicit' + assert 'success' in self.try_addr("[::1]:7082"), 'explicit ipv6' - def test_listeners_explicit(self): - assert 'success' in self.conf( - { - "listeners": {"127.0.0.1:7080": {"pass": "applications/app"}}, - "applications": { - "app": { - "type": "python", - "processes": {"spare": 0}, - "path": "/app", - "module": "wsgi", - } - }, - } - ), 'explicit' + def test_listeners_addr_error(self): + assert 'error' in self.try_addr("127.0.0.1"), 'no port' - def test_listeners_explicit_ipv6(self): - assert 'success' in self.conf( - { - "listeners": {"[::1]:7080": {"pass": "applications/app"}}, - "applications": { - "app": { - "type": "python", - "processes": {"spare": 0}, - "path": "/app", - "module": "wsgi", - } - }, - } - ), 'explicit ipv6' + def test_listeners_addr_error_2(self, skip_alert): + skip_alert(r'bind.*failed', r'failed to apply new conf') + + assert 'error' in self.try_addr( + "[f607:7403:1e4b:6c66:33b2:843f:2517:da27]:7080" + ) def test_listeners_port_release(self): for i in range(10): @@ -289,22 +269,6 @@ class TestConfiguration(TestControl): assert 'success' in resp, 'port release' - @pytest.mark.skip('not yet, unsafe') - def test_listeners_no_port(self): - assert 'error' in self.conf( - { - "listeners": {"127.0.0.1": {"pass": "applications/app"}}, - "applications": { - "app": { - "type": "python", - "processes": {"spare": 0}, - "path": "/app", - "module": "wsgi", - } - }, - } - ), 'no port' - def test_json_application_name_large(self): name = "X" * 1024 * 1024 diff --git a/test/test_node_es_modules.py b/test/test_node_es_modules.py index 0945a967..5464d4a6 100644 --- a/test/test_node_es_modules.py +++ b/test/test_node_es_modules.py @@ -1,6 +1,7 @@ +from distutils.version import LooseVersion + import pytest -from distutils.version import LooseVersion from unit.applications.lang.node import TestApplicationNode from unit.applications.websockets import TestApplicationWebsocket diff --git a/test/test_python_procman.py b/test/test_python_procman.py index b0d0f5af..a95c5680 100644 --- a/test/test_python_procman.py +++ b/test/test_python_procman.py @@ -1,4 +1,5 @@ import re +import shutil import subprocess import time @@ -201,3 +202,81 @@ class TestPythonProcman(TestApplicationPython): assert 'success' in self.conf({"listeners": {}, "applications": {}}) assert len(self.pids_for_process()) == 0, 'stop all' + + def test_python_restart(self, temp_dir): + shutil.copyfile( + option.test_dir + '/python/restart/v1.py', temp_dir + '/wsgi.py' + ) + + self.load( + temp_dir, + name=self.app_name, + processes=1, + environment={'PYTHONDONTWRITEBYTECODE': '1'}, + ) + + b = self.get()['body'] + assert b == "v1", 'process started' + + shutil.copyfile( + option.test_dir + '/python/restart/v2.py', temp_dir + '/wsgi.py' + ) + + b = self.get()['body'] + assert b == "v1", 'still old process' + + assert 'success' in self.conf_get( + '/control/applications/' + self.app_name + '/restart' + ), 'restart processes' + + b = self.get()['body'] + assert b == "v2", 'new process started' + + assert 'error' in self.conf_get( + '/control/applications/blah/restart' + ), 'application incorrect' + + assert 'error' in self.conf_delete( + '/control/applications/' + self.app_name + '/restart' + ), 'method incorrect' + + def test_python_restart_multi(self): + self.conf_proc('2') + + pids = self.pids_for_process() + assert len(pids) == 2, 'restart 2 started' + + assert 'success' in self.conf_get( + '/control/applications/' + self.app_name + '/restart' + ), 'restart processes' + + new_pids = self.pids_for_process() + assert len(new_pids) == 2, 'restart still 2' + + assert len(new_pids.intersection(pids)) == 0, 'restart all new' + + def test_python_restart_longstart(self): + self.load( + 'restart', + name=self.app_name, + module="longstart", + processes={"spare": 1, "max": 2, "idle_timeout": 5}, + ) + + assert len(self.pids_for_process()) == 1, 'longstarts == 1' + + pid = self.get()['body'] + pids = self.pids_for_process() + assert len(pids) == 2, 'longstarts == 2' + + assert 'success' in self.conf_get( + '/control/applications/' + self.app_name + '/restart' + ), 'restart processes' + + # wait for longstarted app + time.sleep(2) + + new_pids = self.pids_for_process() + assert len(new_pids) == 1, 'restart 1' + + assert len(new_pids.intersection(pids)) == 0, 'restart all new' diff --git a/test/test_respawn.py b/test/test_respawn.py index edbfa2a8..5a5d6126 100644 --- a/test/test_respawn.py +++ b/test/test_respawn.py @@ -44,11 +44,16 @@ class TestRespawn(TestApplicationPython): return re.findall(str(ppid) + r'.*' + name, ps_output) def smoke_test(self, unit_pid): - for _ in range(5): - assert 'success' in self.conf( - '1', 'applications/' + self.app_name + '/processes' - ) - assert self.get()['status'] == 200 + for _ in range(10): + r = self.conf('1', 'applications/' + self.app_name + '/processes') + + if 'success' in r: + break + + time.sleep(0.1) + + assert 'success' in r + assert self.get()['status'] == 200 # Check if the only one router, controller, # and application processes running. diff --git a/test/test_routing.py b/test/test_routing.py index eaa0a134..ef5622c2 100644 --- a/test/test_routing.py +++ b/test/test_routing.py @@ -1751,6 +1751,10 @@ class TestRouting(TestApplicationProto): self.route_match_invalid({"source": "*:1-a"}) self.route_match_invalid({"source": "*:65536"}) + def test_routes_match_source_none(self): + self.route_match({"source": []}) + assert self.get()['status'] == 404, 'source none' + def test_routes_match_destination(self): assert 'success' in self.conf( {"*:7080": {"pass": "routes"}, "*:7081": {"pass": "routes"}}, diff --git a/test/test_ruby_hooks.py b/test/test_ruby_hooks.py new file mode 100644 index 00000000..af8ce337 --- /dev/null +++ b/test/test_ruby_hooks.py @@ -0,0 +1,98 @@ +import os +import time +from pathlib import Path + +import pytest + +from conftest import unit_stop +from unit.applications.lang.ruby import TestApplicationRuby +from unit.option import option +from unit.utils import waitforglob + + +class TestRubyHooks(TestApplicationRuby): + prerequisites = {'modules': {'ruby': 'all'}} + + def _wait_cookie(self, pattern, count): + return waitforglob( + option.temp_dir + '/ruby/hooks/cookie_' + pattern, count + ) + + def test_ruby_hooks_eval(self): + processes = 2 + + self.load('hooks', processes=processes, hooks='eval.rb') + + hooked = self._wait_cookie('eval.*', processes) + + assert hooked, 'hooks evaluated' + + def test_ruby_hooks_on_worker_boot(self): + processes = 2 + + self.load('hooks', processes=processes, hooks='on_worker_boot.rb') + + hooked = self._wait_cookie('worker_boot.*', processes) + + assert hooked, 'on_worker_boot called' + + def test_ruby_hooks_on_worker_shutdown(self): + processes = 2 + + self.load('hooks', processes=processes, hooks='on_worker_shutdown.rb') + + assert self.get()['status'] == 200, 'app response' + + self.load('empty') + + hooked = self._wait_cookie('worker_shutdown.*', processes) + + assert hooked, 'on_worker_shutdown called' + + def test_ruby_hooks_on_thread_boot(self): + processes = 1 + threads = 2 + + self.load( + 'hooks', + processes=processes, + threads=threads, + hooks='on_thread_boot.rb', + ) + + hooked = self._wait_cookie('thread_boot.*', processes * threads) + + assert hooked, 'on_thread_boot called' + + def test_ruby_hooks_on_thread_shutdown(self): + processes = 1 + threads = 2 + + self.load( + 'hooks', + processes=processes, + threads=threads, + hooks='on_thread_shutdown.rb', + ) + + assert self.get()['status'] == 200, 'app response' + + self.load('empty') + + hooked = self._wait_cookie('thread_shutdown.*', processes * threads) + + assert hooked, 'on_thread_shutdown called' + + def test_ruby_hooks_multiple(self): + processes = 1 + threads = 1 + + self.load( + 'hooks', processes=processes, threads=threads, hooks='multiple.rb', + ) + + hooked = self._wait_cookie('worker_boot.*', processes) + assert hooked, 'on_worker_boot called' + + hooked = self._wait_cookie('thread_boot.*', threads) + assert hooked, 'on_thread_boot called' diff --git a/test/test_ruby_isolation.py b/test/test_ruby_isolation.py index 8443d857..f414d610 100644 --- a/test/test_ruby_isolation.py +++ b/test/test_ruby_isolation.py @@ -35,13 +35,6 @@ class TestRubyIsolation(TestApplicationRuby): 'pid': True, } - os.mkdir(option.temp_dir + '/ruby') - - shutil.copytree( - option.test_dir + '/ruby/status_int', - option.temp_dir + '/ruby/status_int', - ) - self.load('status_int', isolation=isolation) assert 'success' in self.conf( diff --git a/test/test_share_chroot.py b/test/test_static_chroot.py index 7e53d3f7..f9bc93a8 100644 --- a/test/test_share_chroot.py +++ b/test/test_static_chroot.py @@ -6,17 +6,14 @@ import pytest from unit.applications.proto import TestApplicationProto -class TestShareChroot(TestApplicationProto): +class TestStaticChroot(TestApplicationProto): prerequisites = {'features': ['chroot']} @pytest.fixture(autouse=True) def setup_method_fixture(self, temp_dir): os.makedirs(temp_dir + '/assets/dir') - with open(temp_dir + '/assets/index.html', 'w') as index, open( - temp_dir + '/assets/dir/file', 'w' - ) as file: - index.write('0123456789') - file.write('blah') + Path(temp_dir + '/assets/index.html').write_text('0123456789') + Path(temp_dir + '/assets/dir/file').write_text('blah') test = Path(__file__) self.test_path = '/' + test.parent.name + '/' + test.name @@ -28,7 +25,7 @@ class TestShareChroot(TestApplicationProto): } ) - def test_share_chroot(self, temp_dir): + def test_static_chroot(self, temp_dir): assert self.get(url='/dir/file')['status'] == 200, 'default chroot' assert self.get(url='/index.html')['status'] == 200, 'default chroot 2' @@ -44,7 +41,10 @@ class TestShareChroot(TestApplicationProto): assert self.get(url='/index.html')['status'] == 403, 'chroot 403 2' assert self.get(url='/file')['status'] == 403, 'chroot 403' - def test_share_chroot_permission(self, temp_dir): + def test_static_chroot_permission(self, is_su, temp_dir): + if is_su: + pytest.skip('does\'t work under root') + os.chmod(temp_dir + '/assets/dir', 0o100) assert 'success' in self.conf( @@ -57,7 +57,7 @@ class TestShareChroot(TestApplicationProto): assert self.get(url='/dir/file')['status'] == 200, 'chroot' - def test_share_chroot_empty(self, temp_dir): + def test_static_chroot_empty(self, temp_dir): assert 'success' in self.conf( {"share": temp_dir + "/assets", "chroot": ""}, 'routes/0/action', ), 'configure chroot empty absolute' @@ -74,7 +74,7 @@ class TestShareChroot(TestApplicationProto): self.get(url=self.test_path)['status'] == 200 ), 'chroot empty relative' - def test_share_chroot_relative(self, is_su, temp_dir): + def test_static_chroot_relative(self, is_su, temp_dir): if is_su: pytest.skip('does\'t work under root') @@ -96,7 +96,7 @@ class TestShareChroot(TestApplicationProto): assert self.get(url=self.test_path)['status'] == 200, 'relative' - def test_share_chroot_invalid(self, temp_dir): + def test_static_chroot_invalid(self, temp_dir): assert 'error' in self.conf( {"share": temp_dir, "chroot": True}, 'routes/0/action', ), 'configure chroot error' diff --git a/test/test_share_fallback.py b/test/test_static_fallback.py index 0b1c270e..dc9056b9 100644 --- a/test/test_share_fallback.py +++ b/test/test_static_fallback.py @@ -1,21 +1,21 @@ import os +from pathlib import Path import pytest from unit.applications.proto import TestApplicationProto -from unit.option import option -class TestStatic(TestApplicationProto): +class TestStaticFallback(TestApplicationProto): prerequisites = {} - def setup_method(self): - os.makedirs(option.temp_dir + '/assets/dir') - with open(option.temp_dir + '/assets/index.html', 'w') as index: - index.write('0123456789') + @pytest.fixture(autouse=True) + def setup_method_fixture(self, temp_dir): + os.makedirs(temp_dir + '/assets/dir') + Path(temp_dir + '/assets/index.html').write_text('0123456789') - os.makedirs(option.temp_dir + '/assets/403') - os.chmod(option.temp_dir + '/assets/403', 0o000) + os.makedirs(temp_dir + '/assets/403') + os.chmod(temp_dir + '/assets/403', 0o000) self._load_conf( { @@ -23,21 +23,22 @@ class TestStatic(TestApplicationProto): "*:7080": {"pass": "routes"}, "*:7081": {"pass": "routes"}, }, - "routes": [{"action": {"share": option.temp_dir + "/assets"}}], + "routes": [{"action": {"share": temp_dir + "/assets"}}], "applications": {}, } ) - def teardown_method(self): + yield + try: - os.chmod(option.temp_dir + '/assets/403', 0o777) + os.chmod(temp_dir + '/assets/403', 0o777) except FileNotFoundError: pass def action_update(self, conf): assert 'success' in self.conf(conf, 'routes/0/action') - def test_fallback(self): + def test_static_fallback(self): self.action_update({"share": "/blah"}) assert self.get()['status'] == 404, 'bad path no fallback' @@ -47,7 +48,7 @@ class TestStatic(TestApplicationProto): assert resp['status'] == 200, 'bad path fallback status' assert resp['body'] == '', 'bad path fallback' - def test_fallback_valid_path(self, temp_dir): + def test_static_fallback_valid_path(self, temp_dir): self.action_update( {"share": temp_dir + "/assets", "fallback": {"return": 200}} ) @@ -65,7 +66,7 @@ class TestStatic(TestApplicationProto): assert self.get(url='/dir')['status'] == 301, 'fallback status 301' - def test_fallback_nested(self): + def test_static_fallback_nested(self): self.action_update( { "share": "/blah", @@ -80,7 +81,7 @@ class TestStatic(TestApplicationProto): assert resp['status'] == 200, 'fallback nested status' assert resp['body'] == '', 'fallback nested' - def test_fallback_share(self, temp_dir): + def test_static_fallback_share(self, temp_dir): self.action_update( {"share": "/blah", "fallback": {"share": temp_dir + "/assets"},} ) @@ -97,7 +98,7 @@ class TestStatic(TestApplicationProto): self.get(url='/dir')['status'] == 301 ), 'fallback share status 301' - def test_fallback_proxy(self): + def test_static_fallback_proxy(self): assert 'success' in self.conf( [ { @@ -119,7 +120,7 @@ class TestStatic(TestApplicationProto): assert resp['body'] == '', 'fallback proxy' @pytest.mark.skip('not yet') - def test_fallback_proxy_loop(self, skip_alert): + def test_static_fallback_proxy_loop(self, skip_alert): skip_alert( r'open.*/blah/index.html.*failed', r'accept.*failed', @@ -135,7 +136,7 @@ class TestStatic(TestApplicationProto): assert 'success' in self.conf_delete('listeners/*:7081') self.get(read_timeout=1) - def test_fallback_invalid(self): + def test_static_fallback_invalid(self): def check_error(conf): assert 'error' in self.conf(conf, 'routes/0/action') diff --git a/test/test_share_mount.py b/test/test_static_mount.py index f22fbe75..570f6439 100644 --- a/test/test_share_mount.py +++ b/test/test_static_mount.py @@ -1,12 +1,13 @@ import os import subprocess +from pathlib import Path import pytest from unit.applications.proto import TestApplicationProto -class TestShareMount(TestApplicationProto): +class TestStaticMount(TestApplicationProto): prerequisites = {'features': ['chroot']} @pytest.fixture(autouse=True) @@ -17,12 +18,9 @@ class TestShareMount(TestApplicationProto): os.makedirs(temp_dir + '/assets/dir/mount') os.makedirs(temp_dir + '/assets/dir/dir') os.makedirs(temp_dir + '/assets/mount') - with open(temp_dir + '/assets/index.html', 'w') as index, open( - temp_dir + '/assets/dir/dir/file', 'w' - ) as file, open(temp_dir + '/assets/mount/index.html', 'w') as mount: - index.write('index') - file.write('file') - mount.write('mount') + Path(temp_dir + '/assets/index.html').write_text('index') + Path(temp_dir + '/assets/dir/dir/file').write_text('file') + Path(temp_dir + '/assets/mount/index.html').write_text('mount') try: process = subprocess.Popen( @@ -66,7 +64,7 @@ class TestShareMount(TestApplicationProto): except: pytest.fail('Can\'t run umount process.') - def test_share_mount(self, temp_dir, skip_alert): + def test_static_mount(self, temp_dir, skip_alert): skip_alert(r'opening.*failed') resp = self.get(url='/mount/') @@ -89,7 +87,7 @@ class TestShareMount(TestApplicationProto): assert resp['status'] == 200 assert resp['body'] == 'mount' - def test_share_mount_two_blocks(self, temp_dir, skip_alert): + def test_static_mount_two_blocks(self, temp_dir, skip_alert): skip_alert(r'opening.*failed') os.symlink(temp_dir + '/assets/dir', temp_dir + '/assets/link') @@ -117,7 +115,7 @@ class TestShareMount(TestApplicationProto): assert self.get(url='/mount/')['status'] == 200, 'block enabled' assert self.head(url='/mount/')['status'] == 403, 'block disabled' - def test_share_mount_chroot(self, temp_dir, skip_alert): + def test_static_mount_chroot(self, temp_dir, skip_alert): skip_alert(r'opening.*failed') assert 'success' in self.conf( diff --git a/test/test_share_symlink.py b/test/test_static_symlink.py index 3970b605..35eb402a 100644 --- a/test/test_share_symlink.py +++ b/test/test_static_symlink.py @@ -1,21 +1,19 @@ import os +from pathlib import Path import pytest from unit.applications.proto import TestApplicationProto -class TestShareSymlink(TestApplicationProto): +class TestStaticSymlink(TestApplicationProto): prerequisites = {'features': ['chroot']} @pytest.fixture(autouse=True) def setup_method_fixture(self, temp_dir): os.makedirs(temp_dir + '/assets/dir/dir') - with open(temp_dir + '/assets/index.html', 'w') as index, open( - temp_dir + '/assets/dir/file', 'w' - ) as file: - index.write('0123456789') - file.write('blah') + Path(temp_dir + '/assets/index.html').write_text('0123456789') + Path(temp_dir + '/assets/dir/file').write_text('blah') self._load_conf( { @@ -24,7 +22,7 @@ class TestShareSymlink(TestApplicationProto): } ) - def test_share_symlink(self, temp_dir, skip_alert): + def test_static_symlink(self, temp_dir, skip_alert): skip_alert(r'opening.*failed') os.symlink(temp_dir + '/assets/dir', temp_dir + '/assets/link') @@ -48,7 +46,7 @@ class TestShareSymlink(TestApplicationProto): assert self.get(url='/link/file')['status'] == 200, 'symlink enabled' - def test_share_symlink_two_blocks(self, temp_dir, skip_alert): + def test_static_symlink_two_blocks(self, temp_dir, skip_alert): skip_alert(r'opening.*failed') os.symlink(temp_dir + '/assets/dir', temp_dir + '/assets/link') @@ -76,7 +74,7 @@ class TestShareSymlink(TestApplicationProto): assert self.get(url='/link/file')['status'] == 200, 'block enabled' assert self.head(url='/link/file')['status'] == 403, 'block disabled' - def test_share_symlink_chroot(self, temp_dir, skip_alert): + def test_static_symlink_chroot(self, temp_dir, skip_alert): skip_alert(r'opening.*failed') os.symlink( diff --git a/test/test_share_types.py b/test/test_static_types.py index b5ed97a0..20defddf 100644 --- a/test/test_share_types.py +++ b/test/test_static_types.py @@ -1,12 +1,11 @@ -import os from pathlib import Path import pytest + from unit.applications.proto import TestApplicationProto -from unit.option import option -class TestShareTypes(TestApplicationProto): +class TestStaticTypes(TestApplicationProto): prerequisites = {} @pytest.fixture(autouse=True) @@ -36,7 +35,7 @@ class TestShareTypes(TestApplicationProto): assert resp['status'] == 200, 'status' assert resp['body'] == body, 'body' - def test_share_types_basic(self, temp_dir): + def test_static_types_basic(self, temp_dir): self.action_update({"share": temp_dir + "/assets"}) self.check_body('/index.html', 'index') self.check_body('/file.xml', '.xml') @@ -54,7 +53,7 @@ class TestShareTypes(TestApplicationProto): self.action_update({"share": temp_dir + "/assets", "types": [""]}) assert self.get(url='/file.xml')['status'] == 403, 'no mtype' - def test_share_types_wildcard(self, temp_dir): + def test_static_types_wildcard(self, temp_dir): self.action_update( {"share": temp_dir + "/assets", "types": ["application/*"]} ) @@ -67,7 +66,7 @@ class TestShareTypes(TestApplicationProto): assert self.get(url='/file.xml')['status'] == 403, 'video * mtype xml' self.check_body('/file.mp4', '.mp4') - def test_share_types_negation(self, temp_dir): + def test_static_types_negation(self, temp_dir): self.action_update( {"share": temp_dir + "/assets", "types": ["!application/xml"]} ) @@ -85,7 +84,7 @@ class TestShareTypes(TestApplicationProto): self.check_body('/file.png', '.png') assert self.get(url='/file.jpg')['status'] == 403, 'negation sort jpg' - def test_share_types_regex(self, temp_dir): + def test_static_types_regex(self, temp_dir): self.action_update( {"share": temp_dir + "/assets", "types": ["~text/(html|plain)"]} ) @@ -93,7 +92,7 @@ class TestShareTypes(TestApplicationProto): self.check_body('/file.html', '.html') self.check_body('/file.txt', '.txt') - def test_share_types_case(self, temp_dir): + def test_static_types_case(self, temp_dir): self.action_update( {"share": temp_dir + "/assets", "types": ["!APpliCaTiOn/xMl"]} ) @@ -118,7 +117,7 @@ class TestShareTypes(TestApplicationProto): self.get(url='/file.xml')['status'] == 403 ), 'mixed case video * negation' - def test_share_types_fallback(self, temp_dir): + def test_static_types_fallback(self, temp_dir): assert 'success' in self.conf( [ { @@ -139,7 +138,7 @@ class TestShareTypes(TestApplicationProto): self.check_body('/file.php', '') self.check_body('/file.mp4', '.mp4') - def test_share_types_index(self, temp_dir): + def test_static_types_index(self, temp_dir): self.action_update( {"share": temp_dir + "/assets", "types": "application/xml"} ) @@ -147,7 +146,7 @@ class TestShareTypes(TestApplicationProto): self.check_body('/file.xml', '.xml') assert self.get(url='/file.mp4')['status'] == 403, 'forbidden mtype' - def test_share_types_custom_mime(self, temp_dir): + def test_static_types_custom_mime(self, temp_dir): self._load_conf( { "listeners": {"*:7080": {"pass": "routes"}}, diff --git a/test/test_tls.py b/test/test_tls.py index 0cfeaded..546f0f89 100644 --- a/test/test_tls.py +++ b/test/test_tls.py @@ -665,3 +665,16 @@ basicConstraints = critical,CA:TRUE""" ) assert res['status'] == 200, 'status ok' assert res['body'] == filename + data + + def test_tls_multi_listener(self): + self.load('empty') + + self.certificate() + + self.add_tls() + self.add_tls(port=7081) + + assert self.get_ssl()['status'] == 200, 'listener #1' + + assert self.get_ssl(port=7081)['status'] == 200, 'listener #2' + diff --git a/test/test_tls_sni.py b/test/test_tls_sni.py index 2e5424e2..eba6140a 100644 --- a/test/test_tls_sni.py +++ b/test/test_tls_sni.py @@ -168,6 +168,26 @@ basicConstraints = critical,CA:TRUE""" self.check_cert('alt2.example.com', bundles['example.com']['subj']) self.check_cert('blah', bundles['default']['subj']) + def test_tls_sni_no_hostname(self): + bundles = { + "localhost.com": {"subj": "localhost.com", "alt_names": []}, + "example.com": { + "subj": "example.com", + "alt_names": ["example.com"], + }, + } + self.config_bundles(bundles) + self.add_tls(["localhost.com", "example.com"]) + + resp, sock = self.get_ssl( + headers={'Content-Length': '0', 'Connection': 'close'}, start=True, + ) + assert resp['status'] == 200 + assert ( + sock.getpeercert()['subject'][0][0][1] + == bundles['localhost.com']['subj'] + ) + def test_tls_sni_upper_case(self): bundles = { "localhost.com": {"subj": "LOCALHOST.COM", "alt_names": []}, diff --git a/test/test_variables.py b/test/test_variables.py index 139d867e..d8547b7b 100644 --- a/test/test_variables.py +++ b/test/test_variables.py @@ -100,6 +100,25 @@ class TestVariables(TestApplicationProto): assert self.get(url='/1')['status'] == 200 assert self.get(url='/2')['status'] == 404 + def test_variables_empty(self): + def update_pass(prefix): + assert 'success' in self.conf( + { + "listeners": { + "*:7080": {"pass": prefix + "/$method"}, + }, + }, + ), 'variables empty' + + update_pass("routes"); + assert self.get(url='/1')['status'] == 404 + + update_pass("upstreams"); + assert self.get(url='/2')['status'] == 404 + + update_pass("applications"); + assert self.get(url='/3')['status'] == 404 + def test_variables_invalid(self): def check_variables(routes): assert 'error' in self.conf( diff --git a/test/unit/applications/lang/java.py b/test/unit/applications/lang/java.py index c9c2095e..53b27b07 100644 --- a/test/unit/applications/lang/java.py +++ b/test/unit/applications/lang/java.py @@ -52,7 +52,7 @@ class TestApplicationJava(TestApplicationProto): os.makedirs(classes_path) classpath = ( - option.current_dir + '/build/tomcat-servlet-api-9.0.44.jar' + option.current_dir + '/build/tomcat-servlet-api-9.0.52.jar' ) ws_jars = glob.glob( diff --git a/test/unit/applications/lang/python.py b/test/unit/applications/lang/python.py index b399dffd..215aa332 100644 --- a/test/unit/applications/lang/python.py +++ b/test/unit/applications/lang/python.py @@ -44,6 +44,7 @@ class TestApplicationPython(TestApplicationProto): for attr in ( 'callable', + 'environment', 'home', 'limits', 'path', diff --git a/test/unit/applications/lang/ruby.py b/test/unit/applications/lang/ruby.py index 02644584..61d50558 100644 --- a/test/unit/applications/lang/ruby.py +++ b/test/unit/applications/lang/ruby.py @@ -1,24 +1,44 @@ +import os +import shutil + from unit.applications.proto import TestApplicationProto from unit.option import option +from unit.utils import public_dir class TestApplicationRuby(TestApplicationProto): application_type = "ruby" + def prepare_env(self, script): + shutil.copytree( + option.test_dir + '/ruby/' + script, + option.temp_dir + '/ruby/' + script, + ) + + public_dir(option.temp_dir + '/ruby/' + script) + def load(self, script, name='config.ru', **kwargs): - script_path = option.test_dir + '/ruby/' + script + self.prepare_env(script) + + script_path = option.temp_dir + '/ruby/' + script + + app = { + "type": self.get_application_type(), + "processes": {"spare": 0}, + "working_directory": script_path, + "script": script_path + '/' + name, + } + + for key in [ + 'hooks', + ]: + if key in kwargs: + app[key] = kwargs[key] self._load_conf( { "listeners": {"*:7080": {"pass": "applications/" + script}}, - "applications": { - script: { - "type": self.get_application_type(), - "processes": {"spare": 0}, - "working_directory": script_path, - "script": script_path + '/' + name, - } - }, + "applications": {script: app}, }, **kwargs ) diff --git a/test/unit/applications/proto.py b/test/unit/applications/proto.py index 92754c03..e30d21ff 100644 --- a/test/unit/applications/proto.py +++ b/test/unit/applications/proto.py @@ -47,13 +47,15 @@ class TestApplicationProto(TestControl): if 'applications' in conf: for app in conf['applications'].keys(): app_conf = conf['applications'][app] - if 'user' in kwargs: - app_conf['user'] = kwargs['user'] - if 'group' in kwargs: - app_conf['group'] = kwargs['group'] - - if 'isolation' in kwargs: - app_conf['isolation'] = kwargs['isolation'] + for key in [ + 'user', + 'group', + 'isolation', + 'processes', + 'threads', + ]: + if key in kwargs: + app_conf[key] = kwargs[key] assert 'success' in self.conf(conf), 'load application configuration' diff --git a/test/unit/check/isolation.py b/test/unit/check/isolation.py index 7c83ae35..43c8842f 100644 --- a/test/unit/check/isolation.py +++ b/test/unit/check/isolation.py @@ -3,6 +3,7 @@ import os from unit.applications.lang.go import TestApplicationGo from unit.applications.lang.java import TestApplicationJava +from unit.applications.lang.ruby import TestApplicationRuby from unit.applications.lang.node import TestApplicationNode from unit.applications.proto import TestApplicationProto from unit.http import TestHTTP @@ -65,14 +66,16 @@ def check_isolation(): } elif 'ruby' in available['modules']: + TestApplicationRuby().prepare_env('empty') + conf = { "listeners": {"*:7080": {"pass": "applications/empty"}}, "applications": { "empty": { "type": "ruby", "processes": {"spare": 0}, - "working_directory": option.test_dir + "/ruby/empty", - "script": option.test_dir + "/ruby/empty/config.ru", + "working_directory": option.temp_dir + "/ruby/empty", + "script": option.temp_dir + "/ruby/empty/config.ru", "isolation": {"namespaces": {"credential": True}}, } }, diff --git a/test/unit/http.py b/test/unit/http.py index 797b7681..dcfcd232 100644 --- a/test/unit/http.py +++ b/test/unit/http.py @@ -45,7 +45,7 @@ class TestHTTP: sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) if 'wrapper' in kwargs: - server_hostname = headers.get('Host', 'localhost') + server_hostname = headers.get('Host', None) sock = kwargs['wrapper'](sock, server_hostname=server_hostname) connect_args = addr if sock_type == 'unix' else (addr, port) diff --git a/test/unit/utils.py b/test/unit/utils.py index a627e9f5..43aaa81b 100644 --- a/test/unit/utils.py +++ b/test/unit/utils.py @@ -1,3 +1,4 @@ +import glob import os import socket import subprocess @@ -16,8 +17,8 @@ def public_dir(path): os.chmod(os.path.join(root, f), 0o777) -def waitforfiles(*files): - for i in range(50): +def waitforfiles(*files, timeout=50): + for i in range(timeout): wait = False for f in files: @@ -33,6 +34,21 @@ def waitforfiles(*files): return False +def waitforglob(pattern, count=1, timeout=50): + for i in range(timeout): + n = 0 + + for f in glob.glob(pattern): + n += 1 + + if n == count: + return True + + time.sleep(0.1) + + return False + + def waitforsocket(port): for i in range(50): with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock: @@ -72,8 +88,8 @@ def sysctl(): return out -def waitformount(template, wait=50): - for i in range(wait): +def waitformount(template, timeout=50): + for i in range(timeout): if findmnt().find(template) != -1: return True @@ -82,8 +98,8 @@ def waitformount(template, wait=50): return False -def waitforunmount(template, wait=50): - for i in range(wait): +def waitforunmount(template, timeout=50): + for i in range(timeout): if findmnt().find(template) == -1: return True @@ -1,5 +1,5 @@ # Copyright (C) NGINX, Inc. -NXT_VERSION=1.24.0 -NXT_VERNUM=12400 +NXT_VERSION=1.25.0 +NXT_VERNUM=12500 |