| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Introducting application graceful stop. For now only used when application
process reach request limit value.
This closes #585 issue on GitHub.
|
|
Compared to the previous implementation based on OpenSSL, the new implementation
has these advantages:
1. Strict and reliable detection of invalid strings, including strings with
less than 4 bytes of garbage at the end;
2. Allows to use Base64 strings without '=' padding.
|
|
Debug logging depends on macros defined in nxt_auto_config.h.
|
|
Previously, all requests that contained in header field names characters other
than alphanumeric, or "-", or "_" were rejected with a 400 "Bad Request" error
response.
Now, the parser allows the same set of characters as specified in RFC 7230,
including: "!", "#", "$", "%", "&", "'", "*", "+", ".", "^", "`", "|", and "~".
Header field names that contain only these characters are considered valid.
Also, there's a new option introduced: "discard_unsafe_fields". It accepts
boolean value and it is set to "true" by default.
When this option is "true", all header field names that contain characters
in valid range, but other than alphanumeric or "-" are skipped during parsing.
When the option is "false", these header fields aren't skipped.
Requests with non-valid characters in header field names according to
RFC 7230 are rejected regardless of "discard_unsafe_fields" setting.
This closes #422 issue on GitHub.
|
|
Compilers complained about unused variables after 37e2a3ea1bf1.
|
|
|
|
|
|
- naive circular queue, described in the article "A Scalable, Portable, and
Memory-Efficient Lock-Free FIFO Queue" by Ruslan Nikolaev:
https://drops.dagstuhl.de/opus/volltexte/2019/11335/pdf/LIPIcs-DISC-2019-28.pdf
- circular queue, proposed by Valentin Bartenev in the "Unit router application
IPC" design draft
|
|
This is required due to lack of a graceful shutdown: there is a small gap
between the runtime's memory pool release and router process's exit. Thus, a
worker thread may start processing a request between these two operations,
which may result in an http fields hash access and subsequent crash.
To simplify issue reproduction, it makes sense to add a 2 sec sleep before
exit() in nxt_runtime_exit().
|
|
|
|
The setuid/setgid syscalls requires root capabilities but if the kernel
supports unprivileged user namespace then the child process has the full
set of capabilities in the new namespace, then we can allow setting "user"
and "group" in such cases (this is a common security use case).
Tests were added to ensure user gets meaningful error messages for
uid/gid mapping misconfigurations.
|
|
Name and value in each header are 0-terminated, so additional 2 bytes
should be allocated for them. There were several attempts to add these
2 bytes to headers in language modules, but some modules weren't updated.
Also, adding these 2 bytes is specific to the implementation which may be
changed later, so extending this mechanics to modules may cause errors.
|
|
This field was intended for MIME type lookup by file extension when serving
static files, but this use case is too narrow; only a fraction of requests
targets static content, and the URI presumably isn't rewritten. Moreover,
current implementation uses the entire filename for MIME type lookup if the
file has no extension.
Instead of extracting filenames and extensions when parsing requests, it's
easier to obtain them right before serving static content; this behavior is
already implemented. Thus, we can drop excessive logic from parser.
|
|
In theory, all space characters in request target must be encoded; however,
some clients may violate the specification. For the sake of interoperability,
Unit supports unencoded space characters.
Previously, if there was a space character before the extension or arguments
parts, those parts weren't recognized. Also, quoted symbols and complex
target weren't detected after a space character.
|
|
|
|
|
|
|
|
The nxt_murmur_hash2() generated 4-byte hash that was stored in uintptr_t,
which was 8 bytes long on 64-bit systems. At each iteration, it took the
previous key and hashed it again.
The problem was that it took only the first 4 bytes of the key, and these
4 bytes were always zero on 64-bit big-endian system. That resulted in
equal keys at each iteration.
The bug was discovered on IBM/S390x.
|
|
Library now used in all language modules.
Old 'nxt_app_*' code removed.
See src/test/nxt_unit_app_test.c for usage sample.
|
|
Allowing characters up to 0xFF doesn't conflict with RFC 7230.
Particularly, this make it possible to pass unencoded UTF-8 data
through HTTP headers, which can be useful.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
According to RFC 7230 only printable 7-bit ASCII characters are allowed
in field values.
|
|
This closes #82 issue on GitHub.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
