summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)AuthorFilesLines
2019-12-24Tests: routing by client address configuration.Axel Duch1-0/+353
2019-12-24Router: introducing routing on client address.Axel Duch6-4/+734
2019-12-24Go: introducing SHM_ACK observer.Max Romanov3-11/+77
Each request processed in a separate goroutine. In case of OOSM state, during response write, request goroutine blocks on channel which waits event from main thread about SHM_ACK message from router.
2019-12-24Node.js: implementing output message drain using SHM_ACK feature.Max Romanov3-26/+188
ServerResponse.write() method tries to write data buffer using libunit and stores buffers to write in a Server-wide output queue, which is processed in response to SHM_ACK message from router. As a side effect 'drain' event implemented and socket.writable flag reflect current state.
2019-12-24Introducing port messages to notify about out of shared memory.Max Romanov6-68/+567
- OOSM (out of shared memory). Sent by application process to router when application reaches the limit of allocated shared memory and needs more. - SHM_ACK. Sent by router to application when the application's shared memory is released and the OOSM flag is enabled for the segment. This implements blocking mode (the library waits for SHM_ACK in case of out of shared memory condition and retries allocating the required memory amount) and non-blocking mode (the library notifies the application that it's out of shared memory and returns control to the application module that sets up the output queue and puts SHM_ACK in the main message loop).
2019-12-24Adding "limits/shm" configuration validation and parsing.Max Romanov11-11/+67
2019-12-24Renaming nxt_unit_mmap_buf_remove to nxt_unit_mmap_buf_unlink.Max Romanov1-7/+7
The function unchains the buffer from the buffer's linked list.
2019-12-24Introducing write tail reference to avoid buffer chain iteration.Max Romanov2-4/+17
2019-12-24Using non-shared memory buffers for small messages.Max Romanov1-101/+203
Current shared memory buffer implementation uses fixed-size memory blocks, allocating at least 16384 bytes. When application sends data in a large number of small chunks, it makes sense to buffer them or use plain memory buffers to improve performance and reduce memory footprint. This patch introduces minimum size limit (1024 bytes) for shared memory buffers.
2019-12-24Go: moving source files to the root of the project.Max Romanov14-3/+6
This patch includes packaging changes related to files move.
2019-12-24Go: installing go module for tests into build directory.Max Romanov2-2/+2
2019-12-24Packages: making unit-go architecture independent.Max Romanov19-457/+17
To support Go modules, the unit-go module should be platform independent. All platform-dependent logic is moved to libunit, so the unit-dev package should be installed before building unit-go.
2019-12-24Go: linking against libunit.Max Romanov2-12/+30
2019-12-24Removed unused variables from "docs/Makefile".Valentin Bartenev1-3/+1
They actually have been broken since 00d8049418cf, where NXT_VERSION was removed from nxt_main.h. Also, shebang is added.
2019-12-23Python: pre-creation of objects for string constants.Valentin Bartenev1-38/+156
This is an optimization to avoid creating them at runtime on each request.
2019-12-10Packages: added Python 3 support on Amazon Linux 2 (LTS).Andrei Belov3-4/+5
2019-12-09Java: fixing racing condition in external JAR download.Max Romanov1-3/+6
Temporary file name with configure process PID used to download JAR from external repository. Then file renamed using command 'mv'. The issue reproduced in clean environment when 2 or more concurrent builds started.
2019-12-09Tests: routing tests refactored.Andrei Zeliankou2-1774/+331
2019-12-06Tests: added privileged credential tests.Tiago Natel1-44/+150
2019-12-06Isolation: allowed the use of credentials with unpriv userns.Tiago Natel13-135/+1170
The setuid/setgid syscalls requires root capabilities but if the kernel supports unprivileged user namespace then the child process has the full set of capabilities in the new namespace, then we can allow setting "user" and "group" in such cases (this is a common security use case). Tests were added to ensure user gets meaningful error messages for uid/gid mapping misconfigurations.
2019-12-06Moved credential-related code to nxt_credential.c.Tiago Natel9-353/+378
This is required to avoid include cycles, as some nxt_clone_* functions depend on the credential structures, but nxt_process depends on clone structures.
2019-11-11Tests: added tests for setting user and group.Tiago Natel2-0/+95
2019-11-11Tests: added support for testing "user" and "group".Tiago Natel8-15/+34
2019-11-26Refactor of process init.Tiago Natel8-149/+249
Introduces the functions nxt_process_init_create() and nxt_process_init_creds_set().
2019-12-02Packages: added Python 3 support on RHEL/CentOS 7.Andrei Belov3-2/+12
2019-11-20Regenerated Dockerfiles.Konstantin Pavlov9-128/+35
2019-11-20Moved docker images to Debian 10 "buster".Konstantin Pavlov2-24/+11
This changes the language versions we provide: - python 3.5 -> python 3.7 - go 1.7/1.8 -> go 1.11 - perl 5.24 -> perl 5.28 - ruby 2.3 -> ruby 2.5 - php 7.0 -> php 7.3
2019-11-26Changed the group listing to run unprivileged when possible.Tiago Natel2-30/+120
Now the nxt_user_groups_get() function uses getgrouplist(3) when available (except MacOS, see below). For some platforms, getgrouplist() supports a method of probing how much groups the user has but the behavior is not consistent. The method used here consists of optimistically trying to get up to min(256, NGROUPS_MAX) groups; only if ngroups returned exceeds the original value, we do a second call. This method can block main's process if LDAP/NDIS+ is in use. MacOS has getgrouplist(3) but it's buggy. It doesn't update ngroups if the value passed is smaller than the number of groups the user has. Some projects (like Go stdlib) call getgrouplist() in a loop, increasing ngroups until it exceeds the number of groups user belongs to or fail when a limit is reached. For performance reasons, this is to be avoided and MacOS is handled in the fallback implementation. The fallback implementation is the old Unit approach. It saves main's user groups (getgroups(2)) and then calls initgroups(3) to load application's groups in main, then does a second getgroups(2) to store the gids and restore main's groups in the end. Because of initgroups(3)' call to setgroups(2), this method requires root capabilities. In the case of OSX, which has small NGROUPS_MAX by default (16), it's not possible to restore main's groups if it's large; if so, this method fallbacks again: user_cred gids aren't stored, and the worker process calls initgroups() itself and may block for some time if LDAP/NDIS+ is in use.
2019-11-26Tests: added getjson() helper.Tiago Natel4-10/+29
2019-11-26Tests: parsing of "Transfer-Encoding: chunked" responses.Tiago Natel6-23/+71
2019-11-26Refactoring reference counting of req_app_link.Max Romanov1-34/+48
The reason for the change is that the req_app_link reference count was incorrect if the application crashed at start; in this case, the nxt_request_app_link_update_peer() function was never called. This closes #332 issue on GitHub.
2019-11-09Tests: fixed tests to run as root.Tiago Natel5-25/+72
- The mode of testdir was changed to allow reading from other users/groups. - The java multipart test now uploads the file into an app writable dir. - The build directory was made readable for other users. - The python environment test now uses the HOME env var instead of PWD because the latter is not set by the root shell (/bin/sh) by default. - The node `node_modules` directory now is copied into the `testdir` instead of using symlinks.
2019-11-22Configure: fixed posix_spawn() detection with glic 2.30.Sergey Kandaurov1-2/+2
In particular, it was previously broken on Ubuntu 19.10 and Fedora 31. See for details: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=2ab5741
2019-11-22Version bump.Sergey Kandaurov1-2/+2
2019-11-21Packages: added Ubuntu 19.10 "eoan" support.Andrei Belov8-1/+168
2019-11-19Packages: added Python 3.8 on Ubuntu 18.04, 19.04.Andrei Belov5-0/+79
2019-11-14Added tag 1.13.0 for changeset 3313bf222e6eValentin Bartenev1-0/+1
2019-11-14Generated Dockerfiles for Unit 1.13.0.1.13.0Valentin Bartenev9-9/+9
2019-11-14Added version 1.13.0 CHANGES.Valentin Bartenev2-0/+90
2019-11-14Tests: Python exception tests.Andrei Zeliankou2-0/+202
2019-11-14Python: avoiding buffering of exception backtraces.Valentin Bartenev1-7/+47
A quote from the Python 3 documentation: | When interactive, stdout and stderr streams are line-buffered. | Otherwise, they are block-buffered like regular text files. As a result, if an exception occurred and PyErr_Print() was called, its output could be buffered but not printed to the log for a while (ultimately, until the interpreter finalization). If the application process crashed shortly, the backtrace was completely lost. Buffering can be disabled by redefining the sys.stderr stream object. However, interference with standard environment objects was deemed undesirable. Instead, sys.stderr.flush() is called every time after printing exceptions. A potential advantage here is that lines from backtraces won't be mixed with other lines in the log.
2019-11-14Python: removed wrong PyErr_Print() call.Valentin Bartenev1-1/+0
PyCallable_Check() doesn't produce errors. The needless call was introduced in fdd6ed28e3b9.
2019-11-14Python: optimized response object close() calling.Valentin Bartenev1-7/+14
PyObject_HasAttrString() is just a wrapper over PyObject_GetAttrString(), while PyObject_CallMethod() calls it as the first step. As a result, PyObject_GetAttrString() was called twice if close() was present. To get rid of PyObject_HasAttrString() while keeping the same behaviour, the PyObject_CallMethod() call has been decomposed into separate calls of PyObject_GetAttrString() and PyObject_CallFunction().
2019-11-14Python: fixed an object leak when response close() is called.Valentin Bartenev1-10/+19
On success, PyObject_CallMethod() returns a new reference to the result of the call, which previously got lost. Also, error logging on failure was added. The issue was introduced by b0148ec28c4d.
2019-11-14Python: refactored nxt_python_request_handler().Valentin Bartenev1-56/+31
2019-11-14Python: fixed potential object leak in case of allocation error.Valentin Bartenev1-0/+2
2019-11-14Python: improved error handling if response object isn't iterable.Valentin Bartenev1-0/+1
According to the documentation, PyObject_GetIter(): | Raises TypeError and returns NULL if the object cannot be iterated. Previously, this exception wasn't printed or cleared and remained unhandled.
2019-11-14Python: fixed handling of errors on response object iteration.Valentin Bartenev1-8/+15
According to the documentation, PyIter_Next(): | If there are no remaining values, returns NULL with no exception set. | If an error occurs while retrieving the item, returns NULL and passes | along the exception. Previously, this exception wasn't properly handled and the response was finalized as successful. This issue was introduced in b0148ec28c4d. A check for PyErr_Occurred() located in the code below might print this traceback or occasionally catch an exception from one of the two response close() calls. Albeit that exceptions from the close() calls also need to be catched, it's clear that this particular check wasn't supposed to do so. This is another issue and it will be fixed later.
2019-11-14Tests: proxy tests.Andrei Zeliankou2-0/+647
2019-11-14Tests: run_process() and stop_processes() introduced.Andrei Zeliankou1-0/+22