summaryrefslogtreecommitdiffhomepage
path: root/src (unfollow)
AgeCommit message (Collapse)AuthorFilesLines
2020-03-17Fixing body fd access racing condition.Max Romanov2-16/+32
To avoid closing the body fd prematurely, the fd value is moved from the request struct to the app link. The body fd should not be closed immediately after the request is sent to the application due to possible request rescheduling.
2020-03-12Using disk file to store large request body.Max Romanov10-36/+441
This closes #386 on GitHub.
2020-03-12Moving request memory pool retain call after RPC data allocation.Max Romanov2-10/+15
If the call is done only after a successful RPC data allocation, its corresponding release call is not missed, which avoids a potential leak.
2020-03-12Checking Content-Length value right after header parse.Max Romanov2-6/+8
The check was moved from the request body read stage.
2020-03-12Python: implementing input readline and line iterator.Max Romanov1-2/+145
2020-03-12Introducing readline function in libunit.Max Romanov4-44/+53
Ruby and Java modules now use this function instead of own implementations.
2020-03-06Round robin upstream added.Igor Sysoev10-34/+653
2020-03-04Legacy upstream code removed.Igor Sysoev4-274/+0
2020-03-04Refactored nxt_http_action.Igor Sysoev3-21/+19
2020-03-11Fixed negative patterns combined with address rules.Axel Duch1-6/+40
2020-03-04PHP: fixed log format in alert.Tiago Natel de Moura1-1/+2
Found by Coverity: CID 354832 and CID 354833.
2020-03-04The kqueue EOF flag might be ignored on some conditions.Igor Sysoev1-2/+2
If kqueue reported both the EVFILT_READ and the EVFILT_WRITE events for the socket but only the former had the EV_EOF flag set, the flag was silently ignored.
2020-03-03Added a "fallback" option to be used with the "share" action.Valentin Bartenev4-23/+68
It allows proceeding to another action if a file isn't available. An example: { "share": "/data/www/", "fallback": { "pass": "applications/php" } } In the example above, an attempt is made first to serve a request with a file from the "/data/www/" directory. If there's no such file, the request is passed to the "php" application. Fallback actions may be nested: { "share": "/data/www/", "fallback": { "share": "/data/cache/", "fallback": { "proxy": "http://127.0.0.1:9000" } } }
2020-03-03Improved validation of the "action" object.Valentin Bartenev1-16/+41
Now it enforces the mutual exclusivity of "pass", "proxy", and "share" options.
2020-03-03PHP: optimization to avoid surplus chdir(2) calls.Tiago Natel de Moura1-99/+299
For each request, the worker calls the php_execute_script function from libphp that changes to the script directory before doing its work and then restores the process directory before returning. The chdir(2) calls it performs are unnecessary in Unit design. In simple benchmarks, profiling shows that the chdir syscall code path (syscall, FS walk, etc.) is where the CPU spends most of its time. PHP SAPI semantics requires the script to be run from the script directory. In Unit's PHP implementation, we have two use cases: - script - arbitrary path The "script" configuration doesn't have much need for a working directory change: it can be changed once at module initialization. The module needs to chdir again only if the user's PHP script also calls chdir to switch to another directory during execution. If "script" is not used in Unit configuration, we must ensure the script is run from its directory (thus calling chdir before exec), but there's no need to restore the working directory later. Our implementation disables mandatory chdir calls with the SAPI option SAPI_OPTION_NO_CHDIR, instead calling chdir only when needed. To detect the user's calls to chdir, a simple "unit" extension is added that hooks the built-in chdir() PHP call.
2020-03-03Fixing request_app_link reference counting for delayed requests.Max Romanov1-9/+36
Router built with debug may stop with assertion during stalled requests re-schedule. This was caused by missing reference counting increment before nxt_router_port_select() call.
2020-03-03Java: fixing Spring applications start.Max Romanov1-1/+1
This closes #403 issue on GitHub.
2020-03-03Node.js: fixing x86 warning about the signed/unsigned comparison.Max Romanov1-2/+1
2020-02-25PHP: fixed php >= 7.4 with zts enabled.Tiago Natel de Moura1-13/+17
2020-02-20Configuration: removing UTF-8 BOM from the input JSON.Valentin Bartenev1-0/+7
Some editors can add it to JSON files.
2020-02-20Configuration: stripping comments from the input JSON.Valentin Bartenev1-6/+66
This allows to have JavaScript-like comments in the uploading JSON.
2020-02-05Kept the value of c->socket.read_handler while data is available.Tiago Natel de Moura1-4/+0
This closes #370 in GitHub.
2020-02-04Removing duplicate macro definitions.Max Romanov1-4/+0
This issue was introduced in 2c7f79bf0a1f.
2020-02-03Initializing local buffer ctx_impl field for correct release.Max Romanov1-0/+1
Uninitialized ctx_impl field may cause crash in application process. To reproduce the issue, need to trigger shared memory buffer send error on application side. In our case, send error caused by router process crash. This issue was introduced in 2c7f79bf0a1f.
2020-02-03Fixed req_app_link reference counting on cancellation.Max Romanov1-16/+7
Re-scheduled req_app_link structures should have use_count exactly equal to the number of references from the application and port list. However, there's one extra usage decrement that occurs after the req_app_link is created because the use_count is initialised as 1. This patch removes all excess instances of the usage decrement that caused preliminary req_app_link release and router process crash. To reproduce the issue need to cause request rescheduling between 2 app processes. This issue was introduced in 61e9f23a566d.
2020-02-03Storing pointer to next buffer in chain before free the buffer.Max Romanov1-2/+3
This is required to avoid dereference of freed memory. Found by Coverity (CID 353372).
2020-02-03Added missing stream argument to error message.Max Romanov1-1/+2
Found by Coverity (CID 353386).
2020-02-03Freeing memory allocated for engine structure in case of error.Max Romanov1-1/+1
Found by Coverity (CID 353389).
2020-01-28PHP: added check for the ".php" extension.Valentin Bartenev1-4/+11
A check for the ".php" extension is added to prevent execution of files with arbitrary extensions in cases where "index" and "script" options aren't used.
2020-01-28Fixed missing IPv6 checking in route-addr and an unused variable.Axel Duch1-2/+6
This closes #363 issue on Github. Thanks to to 洪志道 (Hong Zhi Dao).
2020-01-28Node.js: suppress compilation warning.Max Romanov1-1/+1
2020-01-28Ruby: changing callback functions prototype for v2.7.Max Romanov2-11/+13
This closes #371 issue on GitHub.
2019-12-16Using the 64-bit Linux capability mode when available.Tiago Natel de Moura1-1/+11
For backward compatibility, the Linux capabilities macros exposes v1 semantics (32-bit) by default. We probe the version at runtime (because of pre-compiled binaries) but the kernel syscall API is conservative and it doesn't return a 64-bit capability version if the input version is v1. This patch suppress the kernel > 5.0 dmesg log below: capability: warning: 'unitd' uses 32-bit capabilities (legacy support in use)
2019-12-24Router: introducing routing on listener address.Axel Duch2-4/+36
2019-12-24Router: introducing routing on client address.Axel Duch5-4/+733
2019-12-24Node.js: implementing output message drain using SHM_ACK feature.Max Romanov3-26/+188
ServerResponse.write() method tries to write data buffer using libunit and stores buffers to write in a Server-wide output queue, which is processed in response to SHM_ACK message from router. As a side effect 'drain' event implemented and socket.writable flag reflect current state.
2019-12-24Introducing port messages to notify about out of shared memory.Max Romanov6-68/+567
- OOSM (out of shared memory). Sent by application process to router when application reaches the limit of allocated shared memory and needs more. - SHM_ACK. Sent by router to application when the application's shared memory is released and the OOSM flag is enabled for the segment. This implements blocking mode (the library waits for SHM_ACK in case of out of shared memory condition and retries allocating the required memory amount) and non-blocking mode (the library notifies the application that it's out of shared memory and returns control to the application module that sets up the output queue and puts SHM_ACK in the main message loop).
2019-12-24Adding "limits/shm" configuration validation and parsing.Max Romanov11-11/+67
2019-12-24Renaming nxt_unit_mmap_buf_remove to nxt_unit_mmap_buf_unlink.Max Romanov1-7/+7
The function unchains the buffer from the buffer's linked list.
2019-12-24Introducing write tail reference to avoid buffer chain iteration.Max Romanov2-4/+17
2019-12-24Using non-shared memory buffers for small messages.Max Romanov1-101/+203
Current shared memory buffer implementation uses fixed-size memory blocks, allocating at least 16384 bytes. When application sends data in a large number of small chunks, it makes sense to buffer them or use plain memory buffers to improve performance and reduce memory footprint. This patch introduces minimum size limit (1024 bytes) for shared memory buffers.
2019-12-24Go: moving source files to the root of the project.Max Romanov8-820/+0
This patch includes packaging changes related to files move.
2019-12-24Go: linking against libunit.Max Romanov1-0/+10
2019-12-23Python: pre-creation of objects for string constants.Valentin Bartenev1-38/+156
This is an optimization to avoid creating them at runtime on each request.
2019-12-06Isolation: allowed the use of credentials with unpriv userns.Tiago Natel11-135/+1159
The setuid/setgid syscalls requires root capabilities but if the kernel supports unprivileged user namespace then the child process has the full set of capabilities in the new namespace, then we can allow setting "user" and "group" in such cases (this is a common security use case). Tests were added to ensure user gets meaningful error messages for uid/gid mapping misconfigurations.
2019-12-06Moved credential-related code to nxt_credential.c.Tiago Natel8-353/+377
This is required to avoid include cycles, as some nxt_clone_* functions depend on the credential structures, but nxt_process depends on clone structures.
2019-11-26Refactor of process init.Tiago Natel8-149/+249
Introduces the functions nxt_process_init_create() and nxt_process_init_creds_set().
2019-11-26Changed the group listing to run unprivileged when possible.Tiago Natel1-30/+104
Now the nxt_user_groups_get() function uses getgrouplist(3) when available (except MacOS, see below). For some platforms, getgrouplist() supports a method of probing how much groups the user has but the behavior is not consistent. The method used here consists of optimistically trying to get up to min(256, NGROUPS_MAX) groups; only if ngroups returned exceeds the original value, we do a second call. This method can block main's process if LDAP/NDIS+ is in use. MacOS has getgrouplist(3) but it's buggy. It doesn't update ngroups if the value passed is smaller than the number of groups the user has. Some projects (like Go stdlib) call getgrouplist() in a loop, increasing ngroups until it exceeds the number of groups user belongs to or fail when a limit is reached. For performance reasons, this is to be avoided and MacOS is handled in the fallback implementation. The fallback implementation is the old Unit approach. It saves main's user groups (getgroups(2)) and then calls initgroups(3) to load application's groups in main, then does a second getgroups(2) to store the gids and restore main's groups in the end. Because of initgroups(3)' call to setgroups(2), this method requires root capabilities. In the case of OSX, which has small NGROUPS_MAX by default (16), it's not possible to restore main's groups if it's large; if so, this method fallbacks again: user_cred gids aren't stored, and the worker process calls initgroups() itself and may block for some time if LDAP/NDIS+ is in use.
2019-11-26Refactoring reference counting of req_app_link.Max Romanov1-34/+48
The reason for the change is that the req_app_link reference count was incorrect if the application crashed at start; in this case, the nxt_request_app_link_update_peer() function was never called. This closes #332 issue on GitHub.
2019-11-14Python: avoiding buffering of exception backtraces.Valentin Bartenev1-7/+47
A quote from the Python 3 documentation: | When interactive, stdout and stderr streams are line-buffered. | Otherwise, they are block-buffered like regular text files. As a result, if an exception occurred and PyErr_Print() was called, its output could be buffered but not printed to the log for a while (ultimately, until the interpreter finalization). If the application process crashed shortly, the backtrace was completely lost. Buffering can be disabled by redefining the sys.stderr stream object. However, interference with standard environment objects was deemed undesirable. Instead, sys.stderr.flush() is called every time after printing exceptions. A potential advantage here is that lines from backtraces won't be mixed with other lines in the log.