summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)AuthorFilesLines
2023-10-10Refactored nxt_vsprintf().Zhidao HONG1-9/+8
2023-10-06Update third-party components for the Java module.Sergey A. Osokin3-17/+17
2023-10-05HTTP: Fix URL with query string rewrite.Andrew Clayton1-0/+1
On Github, @rlandgrebe reported an issue when trying to rewrite URLs that contained query strings. With the PHP language module we were in fact segfaulting (SIGSEGV) in libphp [93960.462952] unitd[20940]: segfault at 7f307cef6476 ip 00007f2f81a94577 sp 00007fff28a777d0 error 4 in libphp-8.2.so[7f2f818df000+2fd000] likely on CPU 0 (core 0, socket 0) #0 0x00007f2abd494577 in php_default_treat_data (arg=1, str=0x0, destArray=<optimized out>) at /usr/src/debug/php-8.2.10-1.fc38.x86_64/main/php_variables.c:488 488 if (c_var && *c_var) { (gdb) p c_var $1 = 0x7f2bb8880676 <error: Cannot access memory at address 0x7f2bb8880676> This was when trying to get the query string which somehow is pointing off into the woods. This gdb debug session when doing rewrite basically shows the core of the issue (gdb) x /64bs req->fields ... 0x7f7eaaaa8090: "GET" 0x7f7eaaaa8094: "HTTP/1.1" 0x7f7eaaaa809d: "::1" 0x7f7eaaaa80a1: "::1" 0x7f7eaaaa80a5: "8080" 0x7f7eaaaa80aa: "localhost" 0x7f7eaaaa80b4: "/test?q=a" 0x7f7eaaaa80be: "/test" ... (gdb) p target_pos $4 = (void *) 0x7f7eaaaa80b4 (gdb) p query_pos $6 = (void *) 0x7f7eaaaa6af6 (gdb) p r->args->start $8 = (u_char *) 0x7f7ea4002b02 "q=a HTTP/1.1\r\nHost: localhost:8080\r\nUser-Agent: curl/8.0.1\r\nAccept: */*\r\n\r\n" (gdb) p r->target.start $9 = (u_char *) 0x7f7ea40040c0 "/test?q=a" That last address, 0x7f7ea40040c0, looks out of wack, it should be smaller than r->args->start. That results in a calculation in nxt_router_prepare_msg() if (r->args->start != NULL) { query_pos = nxt_pointer_to(target_pos, r->args->start - r->target.start); nxt_unit_sptr_set(&req->query, query_pos); } else { that goes negative that then is stored in req->query.offset which is a uint32_t and so wraps backwards from UINT_MAX to give us an offset of a little under 4GiB, hence the above invalid memory access. All this happens due to in nxt_http_rewrite() if we have a URL with a query string, we create a new memory allocation to store the transformed URL and query string. We set r->target to point to this new allocation, but we also need to point r->args->start to the start of the query string in this new allocation. Reported-by: René Landgrebe <https://github.com/rlandgrebe> Tested-by: René Landgrebe <https://github.com/rlandgrebe> Tested-by: Liam Crilly <liam.crilly@nginx.com> Fixes: 14d6d97b ("HTTP: added basic URI rewrite.") Closes: <https://github.com/nginx/unit/issues/964> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2023-10-04Docker: fix HTML escaping.Liam Crilly1-1/+1
2023-10-04Proxy mentioned in OpenAPI.Andrei Zeliankou1-0/+15
2023-10-03Tools: unitc quiet mode fix for macOS.Liam Crilly1-1/+1
head -c 0 does not work on macOS (invalid byte count) but tail(1) is happy to accept zero bytes, and does not have a performance penalty.
2023-10-02Tests: added Java test with multiple headers.Andrei Zeliankou1-0/+17
This test reproduce https://github.com/nginx/unit/issues/923.
2023-10-02Added routes array to the default configuration.Liam Crilly1-2/+3
The default configuration previously contained just a listeners and applications object. Since routes is now a principle configuration object, and a recommended way of configurating Unit, it is now included in the default configuration. This change benefits new users because it explicitly introduces the three principle configuration objects which leads more intuitively to the documentation. Experienced users may choose to ignore or delete routes. routes is defined as an array instead of an object because this change is designed to assist new users, where the simpler form of routes is easier to understand.
2023-09-28Java: fixed the calculation related to the response buffer.Zhidao HONG2-4/+6
We need to take into account the size of the nxt_unit_response_t structure itself when calculating where to start appending data to in memory. Closes: <https://github.com/nginx/unit/issues/923> Reported-by: Alejandro Colomar <alx@kernel.org> Reviewed-by: Andrew Clayton <a.clayton@nginx.org> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2023-09-26Node.js: ServerRequest.destroy() implemented.Andrei Zeliankou1-0/+9
This closes #871 issue on GitHub.
2023-09-26Node.js: response body chunk can now be a Uint8Array.Andrei Zeliankou4-3/+14
Starting from Node.js 15.0.0 the chunk parameter of the response.write() can be a Uint8Array. This closes #870 issue on GitHub.
2023-09-25Wasm: Allow uploads larger than 4GiB.Andrew Clayton1-3/+5
Currently Wasm modules are limited to a 32bit address space (until at least the memory64 work is completed). All the counters etc in the request structure were u32's. Which matched with 32bit memory limitation. However there is really no need to not allow >4GiB uploads that can be saved off to disk or some such. To do this we just need to increase the ->content_len & ->total_content_sent members to u64's. However because we need the request structure to have the exact same layout on 32bit (for Wasm modules) as it does on 64bit we need to re-jig the order of some of these members and add a four-byte padding member. Thus the request structure now looks like on 64bit (as shown by pahole(1)) struct nxt_wasm_request_s { uint32_t method_off; /* 0 4 */ uint32_t method_len; /* 4 4 */ uint32_t version_off; /* 8 4 */ uint32_t version_len; /* 12 4 */ uint32_t path_off; /* 16 4 */ uint32_t path_len; /* 20 4 */ uint32_t query_off; /* 24 4 */ uint32_t query_len; /* 28 4 */ uint32_t remote_off; /* 32 4 */ uint32_t remote_len; /* 36 4 */ uint32_t local_addr_off; /* 40 4 */ uint32_t local_addr_len; /* 44 4 */ uint32_t local_port_off; /* 48 4 */ uint32_t local_port_len; /* 52 4 */ uint32_t server_name_off; /* 56 4 */ uint32_t server_name_len; /* 60 4 */ /* --- cacheline 1 boundary (64 bytes) --- */ uint64_t content_len; /* 64 8 */ uint64_t total_content_sent; /* 72 8 */ uint32_t content_sent; /* 80 4 */ uint32_t content_off; /* 84 4 */ uint32_t request_size; /* 88 4 */ uint32_t nfields; /* 92 4 */ uint32_t tls; /* 96 4 */ char __pad[4]; /* 100 4 */ nxt_wasm_http_field_t fields[]; /* 104 0 */ /* size: 104, cachelines: 2, members: 25 */ /* last cacheline: 40 bytes */ }; and the same structure (taken from unit-wasm) compiled as 32bit struct luw_req { u32 method_off; /* 0 4 */ u32 method_len; /* 4 4 */ u32 version_off; /* 8 4 */ u32 version_len; /* 12 4 */ u32 path_off; /* 16 4 */ u32 path_len; /* 20 4 */ u32 query_off; /* 24 4 */ u32 query_len; /* 28 4 */ u32 remote_off; /* 32 4 */ u32 remote_len; /* 36 4 */ u32 local_addr_off; /* 40 4 */ u32 local_addr_len; /* 44 4 */ u32 local_port_off; /* 48 4 */ u32 local_port_len; /* 52 4 */ u32 server_name_off; /* 56 4 */ u32 server_name_len; /* 60 4 */ /* --- cacheline 1 boundary (64 bytes) --- */ u64 content_len; /* 64 8 */ u64 total_content_sent; /* 72 8 */ u32 content_sent; /* 80 4 */ u32 content_off; /* 84 4 */ u32 request_size; /* 88 4 */ u32 nr_fields; /* 92 4 */ u32 tls; /* 96 4 */ char __pad[4]; /* 100 4 */ struct luw_hdr_field fields[]; /* 104 0 */ /* size: 104, cachelines: 2, members: 25 */ /* last cacheline: 40 bytes */ }; We can see the structures have the same layout, same size and no padding. We need the __pad member as otherwise I saw gcc and clang on Alpine Linux automatically add the 'packed' attribute to the structure which made the two structures not match. Link: <https://github.com/WebAssembly/memory64> Link: <https://github.com/nginx/unit-wasm> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2023-09-25Wasm: Fix multiple successive calls to the request_handler.Andrew Clayton1-2/+2
When trying to upload files to the luw-upload-reflector demo[0] above a certain size that would mean Unit would need to make more than two calls to the request_handler function in the Wasm module we would get the following error from wasmtime and the upload would stall on the third call to the request_handler WASMTIME ERROR: failed to call function [->wasm_request_handler] error while executing at wasm backtrace: 0: 0x5ce2 - <unknown>!memcpy 1: 0x7df - luw_req_buf_append at /home/andrew/src/unit-wasm/src/c/libunit-wasm.c:308:14 2: 0x3a1 - luw_request_handler at /home/andrew/src/unit-wasm/examples/c/luw-upload-reflector.c:110:3 Caused by: wasm trap: out of bounds memory access This was due to ->content_off (the offset of where the actual body content starts in the request structure/memory) being some overly large value. This was largely down to me being an idiot! Before calling the loop that makes the calls to the request_handler we would calculate the new offset, which is now just the size of the request structure as we don't re-send all the HTTP meta data and headers etc. However because this value is in the request structure which is in the shared memory and we use this same memory for requests and responses, when we make a response we overwrite this request structure with the response structure, so our ->content_off is now some wacked out value when we make the next call to the request_handler. To fix this we just need to reset ->content_off each time round the loop. There's also no point in setting ->nfields to 0, it has the same issue as above, but doesn't get re-used by the Wasm module anyway. [0]: <https://github.com/nginx/unit-wasm/blob/main/examples/c/luw-upload-reflector.c> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2023-09-25Wasm: Allow to set the HTTP response status.Andrew Clayton3-7/+49
This commit enables WebAssembly modules to set the HTTP response status to something other than the previously hard coded '200 OK'. To do this they can make a call to nxt_wasm_set_resp_status() providing the required status code. If this function isn't called the status code defaults to '200 OK'. The WebAssembly module can also return -1 from the request_handler function as a short cut to signal a '500 Internal Server Error'. Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2023-09-11Fix build on musl libc with clang.Andrew Clayton1-2/+16
As reported by @andypost on GitHub, if you try to build Unit on a system that uses musl libc (such as Alpine Linux) with clang then you get the following clang -c -pipe -fPIC -fvisibility=hidden -O -W -Wall -Wextra -Wno-unused-parameter -Wwrite-strings -fstrict-aliasing -Wstrict-overflow=5 -Wmissing-prototypes -Werror -g -I src -I build/include \ \ \ -o build/src/nxt_socketpair.o \ -MMD -MF build/src/nxt_socketpair.dep -MT build/src/nxt_socketpair.o \ src/nxt_socketpair.c In file included from src/nxt_socketpair.c:8: src/nxt_socket_msg.h:138:17: error: comparison of integers of different signs: 'unsigned long' and 'long' [-Werror,-Wsign-compare] cmsg = CMSG_NXTHDR(&msg, cmsg)) ^~~~~~~~~~~~~~~~~~~~~~~ /usr/include/sys/socket.h:358:44: note: expanded from macro 'CMSG_NXTHDR' __CMSG_LEN(cmsg) + sizeof(struct cmsghdr) >= __MHDR_END(mhdr) - (unsigned char *)(cmsg) \ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from src/nxt_socketpair.c:8: src/nxt_socket_msg.h:177:17: error: comparison of integers of different signs: 'unsigned long' and 'long' [-Werror,-Wsign-compare] cmsg = CMSG_NXTHDR(&msg, cmsg)) ^~~~~~~~~~~~~~~~~~~~~~~ /usr/include/sys/socket.h:358:44: note: expanded from macro 'CMSG_NXTHDR' __CMSG_LEN(cmsg) + sizeof(struct cmsghdr) >= __MHDR_END(mhdr) - (unsigned char *)(cmsg) \ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 2 errors generated. make: *** [build/Makefile:261: build/src/nxt_socketpair.o] Error 1 GCC works fine, it seems to have some smarts so that it doesn't give warnings on system header files. This seems to be a long standing issue with musl libc (bad casting in the CMSG_NXTHDR macro) and the workaround employed by several projects is to disable the -Wsign-compare clang warning for the code in question. So, that's what we do. We wrap the CMSG_NXTHDR macro in a function, so we can use the pre-processor in it to selectively disable the warning. Link: <https://github.com/dotnet/runtime/issues/16438> Link: <https://git.openembedded.org/meta-openembedded/tree/meta-oe/recipes-devtools/breakpad/breakpad/0001-Turn-off-sign-compare-for-musl-libc.patch> Link: <https://github.com/dotnet/corefx/blob/57ff88bb75a0/src/Native/Unix/System.Native/pal_networking.c#L811-L829> Link: <https://patchwork.yoctoproject.org/project/oe/patch/20220407191438.3696227-1-stefan@datenfreihafen.org/> Closes: <https://github.com/nginx/unit/issues/936> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2023-09-07Log: fixed typo.Alejandro Colomar3-4/+4
Scripted change: $ grep -ril recevied src/ | xargs sed -i s/recevied/received/ Reported-by: <https://github.com/jeffdafoe> Closes: <https://github.com/nginx/unit/issues/920> Cc: <https://github.com/meezaan> Cc: Timo Stark <t.stark@nginx.com> Signed-off-by: Alejandro Colomar <alx@nginx.com> Reviewed-by: Andrew Clayton <a.clayton@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2023-09-04Version file bump.Andrei Zeliankou1-2/+2
Forgotten in f717dc15b47e.
2023-09-04Tests: added tests for the "response_headers" option.Andrei Zeliankou1-0/+173
2023-09-04Version bump.Andrei Zeliankou1-0/+31
2023-08-30Fixed tag for 1.31.0 release.Konstantin Pavlov1-1/+1
2023-08-28Unit 1.31.0 release.Andrei Zeliankou1-0/+1
2023-08-23Generated Dockerfiles for Unit 1.31.0.tag1.31.0Andrei Zeliankou12-24/+24
2023-08-28Added version 1.31.0 CHANGES.Andrei Zeliankou2-2/+22
2023-08-28Mention WebAssembly application module in changes.xml.Andrei Zeliankou1-2/+13
Also separate header variables and "response_headers" option features.
2023-08-22Edited changes.xml for the 1.31.0 release.Andrei Zeliankou1-3/+4
2023-08-22Regenerated Dockerfiles.Konstantin Pavlov12-37/+453
2023-08-22Docker: remove gem caches in ruby images.Konstantin Pavlov1-1/+1
2023-08-22Docker: remove maven caches in jsc images.Konstantin Pavlov1-1/+1
2023-08-22Docker: remove npm caches in node images.Konstantin Pavlov1-1/+1
2023-08-22Docker: remove build-essential package.Konstantin Pavlov1-1/+1
2023-08-22Docker: added a container-diff helper.Konstantin Pavlov1-0/+5
It's useful to check whether resulting images have unexpected build leftovers. Requires https://github.com/GoogleContainerTools/container-diff in $PATH.
2023-08-22Docker: be POSIX-compliant in the library creation script.Konstantin Pavlov1-2/+2
2023-08-22Docker: avoid error if /docker-entrypoint.d already exists.RomainMou1-1/+1
Closes #865.
2023-08-22Docker: bumped language versions.Konstantin Pavlov1-3/+3
2023-08-22Docker: added meaningful title to metadata.Konstantin Pavlov2-1/+2
2023-08-22Docker: added wasm variant.Konstantin Pavlov1-2/+31
2023-08-22Docker: use a specific directory to build unit.Konstantin Pavlov1-1/+3
2023-08-22Docker: introduced a "module prebuild" step.Konstantin Pavlov2-1/+11
It's now used to install node-gyp on nodejs images. Starting from node:20, they no longer ship node-gyp that we require to build the modules with, so we need to install it manually. Fixes https://github.com/nginx/unit/issues/908.
2023-08-22Packages: specify runstatedir and logdir explicitely.Konstantin Pavlov3-0/+6
2023-08-22Packages: added libunit-wasm and headers to deb packaging.Konstantin Pavlov4-4/+15
2023-08-22Packages: added libunit-wasm and headers to rpm packaging.Konstantin Pavlov1-0/+17
2023-08-22contrib: added libunit-wasm and wasi-sysroot.Konstantin Pavlov5-0/+45
2023-08-22Packages: added wasm module packaging for deb-based distros.Konstantin Pavlov3-0/+57
2023-08-22Packages: added wasm module packaging for rpm-based distros.Konstantin Pavlov3-0/+60
2023-08-22Docs: added changelogs for unit-wasm.Konstantin Pavlov1-1/+15
2023-08-22contrib: added wasmtime.Konstantin Pavlov3-0/+32
2023-08-22Packages: added pkg-config file packaging for rpm-based distros.Konstantin Pavlov1-0/+1
Debian-based distributions package it automatically.
2023-08-01Added unit pkg-config file.Konstantin Pavlov6-1/+50
2023-08-17Wasm: Add support for directory access.Andrew Clayton6-1/+69
Due to the sandboxed nature of WebAssembly, by default WASM modules don't have any access to the underlying filesystem. There is however a capabilities based mechanism[0] for allowing such access. This adds a config option to the 'wasm' application type; 'access.filesystem' which takes an array of directory paths that are then made available to the WASM module. This access works recursively, i.e everything under a specific path is allowed access to. Example config might look like "access" { "filesystem": [ "/tmp", "/var/tmp" ] } The actual mechanism used allows directories to be mapped differently in the guest. But at the moment we don't support that and just map say /tmp to /tmp. This can be revisited if it's something users clamour for. Network sockets are another resource that may be controlled in this manner, for example there is a wasi_config_preopen_socket() function, however this requires the runtime to open the network socket then effectively pass this through to the guest. This is something that can be revisited in the future if users desire it. [0]: <https://github.com/bytecodealliance/wasmtime/blob/main/docs/WASI-capabilities.md> Reviewed-by: Alejandro Colomar <alx@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2023-08-17Wasm: Wire up Wasm language module support to the config system.Andrew Clayton3-0/+92
This exposes various WebAssembly language module specific options. The application type is "wasm". There is a "module" option that is required, this specifies the full path to the WebAssembly module to be run. This module should be in binary format, i.e a .wasm file. There are also currently eight function handlers that can be specified. Three of them are _required_ 1) request_handler The main driving function. This may be called multiple times for a single HTTP request if the request is larger than the shared memory. 2) malloc_handler Used to allocate a chunk of memory at language module startup. This memory is allocated from the WASM modules address space and is what is sued for communicating between the WASM module (the guest) and Unit (the host). 3) free_handler Used to free the memory from above at language module shutdown. Then there are the following five _optional_ handlers 1) module_init_handler If set, called at language module startup. 2) module_end_handler If set, called at language module shutdown. 3) request_init_handler If set, called at the start of request. Called only once per HTTP request. 4) request_end_handler If set, called once all of a request has been sent to the WASM module. 5) response_end_handler If set, called at the end of a request, once the WASM module has sent all its headers and data. Example config "applications": { "luw-echo-request": { "type": "wasm", "module": "/path/to/unit-wasm/examples/c/luw-echo-request.wasm", "request_handler": "luw_request_handler", "malloc_handler": "luw_malloc_handler", "free_handler": "luw_free_handler", "module_init_handler": "luw_module_init_handler", "module_end_handler": "luw_module_end_handler", } } Reviewed-by: Alejandro Colomar <alx@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>