summaryrefslogtreecommitdiffhomepage
path: root/src (unfollow)
AgeCommit message (Collapse)AuthorFilesLines
2021-05-26Static: handled unknown MIME types when MIME-filtering active.Oisin Canty2-19/+15
2021-05-26MIME: added PHP.Oisin Canty1-0/+2
2021-05-25Fixing racing condition on listen socket close in router (v2).Max Romanov1-5/+5
This patch fixes a possible race between the nxt_router_conf_wait() and nxt_router_listen_socket_release() function calls and improves the 7f1b2eaa2d58 commit fix.
2021-05-25Configuration: generalized application "targets" validation.Oisin Canty1-110/+68
2021-05-24Node.js: renamed "require_shim" to "loader".Oisin Canty2-2/+2
2021-05-21PHP: adopted "file_handle" to Zend API changes in 8.1.0-dev.Valentin Bartenev1-0/+10
This fixes building module with the development version of PHP after the change: https://github.com/php/php-src/commit/c732ab400af92c54eee47c487a56009f1d79dd5d
2021-05-20Python: support for multiple targets.Oisin Canty9-79/+380
2021-05-18Ruby: changing deprecated rb_cData to rb_cObject.Oisin Canty1-2/+6
Ruby 3.0 deprecated rb_cData with the intention to remove it in release 3.1. This commit changes references of rb_cData to rb_cObject. This was done so we can support distributions that package Ruby 3.0, such as Fedora 34. We also need to call rb_undef_alloc_func because we're no longer deriving from rb_cData. This prevents unnecessary allocations. See: https://docs.ruby-lang.org/en/3.0.0/doc/extension_rdoc.html "It is recommended that klass derives from a special class called Data (rb_cData) but not from Object or other ordinal classes. If it doesn't, you have to call rb_undef_alloc_func(klass)."
2021-05-17Fixing a crash after applying the wrong TLS configuration.Andrey Suvorov2-3/+22
When an invalid TLS configuration is applied (such as the conf_commands feature), nxt_cert_store_get() creates a buffer to send a certificate request to the main process and adds its default completion handler to an asynchronous queue to free the allocated buffer. However, if configuration fails, nxt_router_conf_error() removes the memory pool used to allocate the buffer, causing a crash when the completion handler is dispatched. Assertion "src/nxt_buf.c:208 assertion failed: data == b->parent" is triggered when is NXT_DEBUG enabled in the configure script. This patch uses a reference counter to retain the memory pool and redefines the completion handler to free the buffer before releasing the memory pool.
2021-05-17Fixing racing condition on listen socket close in router.Max Romanov2-10/+16
Listen socket is actually closed in the instant timer handler. This patch moves the "configuration has been applied" notification to the timer handler to avoid a situation when the user gets the response from the controller, but the listen socket is still open in the router.
2021-05-12Node.js: a shim for overriding "http" and "websocket" modules.Oisin Canty4-12/+72
Also added stubs for Server.address() This was done to prevent crashes in some popular frameworks like express Supports both CommonJS and the new ES Modules system syntax e.g: app.js: const http = require('http') app.mjs: import http from "http" Usage on Node 14.16.x and higher: { "type": "external", "processes": {"spare": 0}, "working_directory": '/project', "executable": "/usr/bin/env", "arguments": [ "node", "--loader", "unit-http/require_shim.mjs" "--require", "unit-http/require_shim", "app.js" ] } Usage on Node 14.15.x and lower: { "type": "external", "processes": {"spare": 0}, "working_directory": '/project', "executable": "/usr/bin/env", "arguments": [ "node", "--require", "unit-http/require_shim", "app.js" ] }
2021-05-07PHP: forced initialization of $_SERVER in fastcgi_finish_request().Valentin Bartenev1-1/+26
The "auto_globals_jit" PHP option postponed the initialization of the $_SERVER global variable until the script using it had been loaded (e. g. via the "include" expression). As a result, nxt_php_register_variables() could be called after fastcgi_finish_request() had finished the request and nulled ctx->req, which thus caused a segmentation fault.
2021-05-06Static: implemented MIME filteringOisin Canty4-17/+73
2021-05-05Fixed format and arguments mismatches in error log messages.Zhidao HONG2-3/+3
2021-05-05Fixed building without openat2().Zhidao HONG1-1/+3
2021-04-29Static: support for openat2() features.Zhidao HONG8-27/+274
Support for chrooting, rejecting symlinks, and rejecting crossing mounting points on a per-request basis during static file serving.
2021-04-22Router: grouped app and share fields in nxt_http_action_t.Zhidao HONG5-31/+45
This is a prerequisite for further introduction of openat2() features. No functional changes.
2021-03-25Fixing shm buffer leakage when sending over the port queue.Max Romanov1-13/+84
When the shm buffer is sent over the port queue, it needs to be completed because it's sent over the port socket.
2021-03-25Node.js: used distinct placeholder for version in "package.json".Valentin Bartenev1-1/+1
This makes the "sed" instruction simpler and more portable, as the previous variant didn't work well on BSD systems due to the "\s" metacharacter. Thanks to Sergey A. Osokin <osa@FreeBSD.org.ru> for spotting this issue. Also, this should prevent accidentally creating a version 1.0.0 package.
2021-03-25Releasing shm buffers for large body requests.Max Romanov2-12/+4
This fixes memory and shm file descriptor leakage that occurred when a large request body was passed via shared memory. The leakage was caught with the "test_settings_body_buffer_size" test. The main condition is the "body_buffer_size" value exceeding 10 Mb (a shm segment). Thus, the router was forced to split the body into several shm segments, but these buffers were not freed because of dummy completion handlers.
2021-03-24Added ability to configure multiple certificates on a listener.Andrey Suvorov4-68/+517
The certificate is selected by matching the arriving SNI to the common name and the alternatives names. If no certificate matches the name, the first bundle in the array is chosen.
2021-03-24Certificates: fixed in name attributes processing.Valentin Bartenev1-25/+16
The idea is to put SAN after CN, but the previous version of the code incorrectly assumed that CN was always present, which caused writes outside the allocated object if there were no standard name attributes.
2021-03-24Certificates: moved SAN processing to a separate function.Valentin Bartenev1-36/+56
No functional changes.
2021-03-24Certficates: fixed counting DNS SAN entries.Valentin Bartenev1-2/+5
Previously, entries of any type were counted during object allocation but only DNS type entries were actually processed. As a result, if some certificate entries had another type, returning information about the certificate caused uninitialized memory access.
2021-03-24Workaround for an OpenSSL bug about not closing /dev/*random.Max Romanov1-0/+11
This is a workaround for an issue in OpenSSL 1.1.1, where the /dev/random and /dev/urandom files remain open after all listening sockets were removed: - https://github.com/openssl/openssl/issues/7419
2021-03-24Disabled logging alerts to syslog.Valentin Bartenev2-2/+16
It feels to be causing more harm than good, because syslog() can be blocking, which is even more critical under resource exhaustion conditions when some alerts are expected.
2021-03-15Fixed building the PHP 5 module with ZTS, broken by dab8544b5440.Valentin Bartenev1-0/+4
This closes #525 issue on GitHub.
2021-03-15Ruby: fixed encodings initialization.Valentin Bartenev1-0/+4
The Ruby interpreter expects an explicit setlocale() call before initialization to pick up character encodings in the "Encoding" class from the environment. This closes #531 issue on GitHub.
2021-03-15Fixed certificates loading on startup with some filesystems.Valentin Bartenev1-4/+6
It appears that readdir() on Linux detects file types unreliably, always setting the "d_type" field to DT_UNKNOWN for some less common filesystems. As a result, all files were skipped and no certificate bundles were found when the state directory was located on such filesystems. Skipping "." and ".." instead of any non-regular files should be enough, as no other non-regular files normally appear in this directory. This closes #368 issue on GitHub.
2021-03-15Fixed TLS connection shutdown on errors.Valentin Bartenev1-4/+0
An immediate return statement on connection errors was mistakenly added to the beginning of nxt_openssl_conn_io_shutdown() in ecd3c5bbf7d8, breaking the TLS connection finalization procedure. As a result, a TLS connection was left unfinalized if it had been closed prematurely or a fatal protocol error had occurred, which caused memory and socket descriptor leakage. Moreover, in some cases (notably, on handshake errors in tests with kqueue on macOS) the read event was triggered later and nxt_h1p_conn_error() was called the second time; after the change in af93c866b4f0, the latter call crashed the router process in an attempt to remove a connection from the idle queue twice.
2021-03-02Closing app outgoing shared memory file descriptor.Max Romanov1-0/+5
This fixes file descriptor leakage in router. Shared memory file used to send data from router to application. These files are shared among all processes of same application and router keeps the opened file descriptor since 06017e6e3a5f commit.
2021-03-02Fixing warnings on Solaris.Max Romanov2-2/+2
pthread_t on Solaris is an integer type with size not equal to pointer size. To avoid warnings, type casts to and from pointer needs to be done via uintptr_t type. This change originally proposed by Juraj Lutter <juraj@lutter.sk>.
2021-03-02Fixing NetBSD compatibility.Max Romanov2-2/+10
Instead of PTHREAD_STACK_MIN define, NetBSD requires to get minimum stack size using sysctl(_SC_THREAD_STACK_MIN). This change originally proposed by Juraj Lutter <juraj@lutter.sk>.
2021-02-03Fixing shared app queue unmap size.Max Romanov1-1/+7
Shared app queue takes more memory than port memory. To unmap all memory pages correct size need to be specified for munmap() call. Otherwise 4 Mb memory leaked on each configured application removal. The issue was introduced in 1d84b9e4b459.
2021-02-03Fixing possible NULL dereference.Max Romanov1-11/+12
For listen socket request reply port can be NULL if Router crashes immediately after issuing the request. Found by Coverity (CID 366310).
2021-02-03Using shared memory to pass configuration to main process.Max Romanov2-22/+84
This patch is required to remove fragmented messages functionality.
2021-02-01Fixed building by GCC 10 with -flto and -O2.Valentin Bartenev1-0/+6
This closes #467 issue on GitHub.
2021-01-28Removing unused mutex from nxt_process_t.Max Romanov2-4/+0
2021-01-28Router: fixing crash after WebSocket processing.Max Romanov1-1/+4
After WebSocket processing, the application port was released with incorrect reason ("got request"), unnecessarily decrementing the active request counter. The assertion was triggered only on application removal; a test was added for this case.
2021-01-27Router: fixing error handling in config request.Max Romanov1-19/+42
The controller process awaits the response from the router for every configration change request. This patch adds error reporting for various error conditions which may happen because of file descriptors or memory shortage. Lack of a response lead to the controller awaiting the response, thus being unable to process other client reconfiguration requests that also became stuck.
2021-01-25Router: fixing assertion in shortage of file descriptors.Max Romanov1-0/+2
Each application in router process required fd for a request queue shared memory. When the number of file descripts close to the limit, and port sockets successfully opened, router needs to properly handle the errors. This patch closes port sockets before destroying port structure to avoid file descriptors leakage and assertion in debug build.
2020-12-29Libunit: processing single port message.Max Romanov3-69/+161
This partially reverts the optimisation introduced in 1d84b9e4b459 to avoid an unpredictable block in nxt_unit_process_port_msg(). Under high load, this function may never return control to its caller, and the external event loop (in Node.js and Python asyncio) won't be able to process other scheduled events. To reproduce the issue, two request processing types are needed: 'fast' and 'furious'. The 'fast' one simply returns a small response, while the 'furious' schedules asynchronous calls to external resources. Thus, if Unit is subjected to a large amount of 'fast' requests, the 'furious' request processing freezes until the high load ends. The issue was found by Wu Jian Ping (@wujjpp) during Node.js stream implementation discussion and relates to PR #502 on GitHub.
2020-12-29Node.js: ServerRequest and ServerResponse compliance to Stream API.Max Romanov3-44/+87
ServerRequest now inherit stream Readable object. ServerResponse provides 'writable' property. Thanks to Wu Jian Ping (@wujjpp). This closes #274, closes #317 issues and closes #502 PR on GitHub.
2020-12-23Static: fixing request memory pool leakage in router.Max Romanov1-3/+20
When a static file larger than NXT_HTTP_STATIC_BUF_SIZE (128K) is served, two buffers are allocated and chained; each retains the whole request memory pool. Starting from 41331471eee7, the completion handler was called once for a linked buffer chain, but the second buffer got lost. This patch improves the completion handler's treatment of static buffers to handle all linked buffers.
2020-12-22Python: multiple values in the "path" option.Valentin Bartenev4-36/+118
2020-12-18Libunit: fixed shared memory waiting.Max Romanov1-1/+4
The nxt_unit_ctx_port_recv() function may return the NXT_UNIT_AGAIN code, in which case an attempt to reread the message should be made. The issue was reproduced in load testing with response sizes 16k and up. In the rare case of a NXT_UNIT_AGAIN result, a buffer of size -1 was processed, which triggered a 'message too small' alert; after that, the app process was terminated.
2020-12-18Limiting app queue notifications count in socket.Max Romanov2-7/+18
Under high load, a queue synchonization issue may occur, starting from the steady state when an app queue message is dequeued immediately after it has been enqueued. In this state, the router always puts the first message in the queue and is forced to notify the app about a new message in an empty queue using a socket pair. On the other hand, the application dequeues and processes the message without reading the notification from the socket, so the socket buffer overflows with notifications. The issue was reproduced during Unit load tests. After a socket buffer overflow, the router is unable to notify the app about a new first message. When another message is enqueued, a notification is not required, so the queue grows without being read by the app. As a result, request processing stops. This patch changes the notification algorithm by counting the notifications in the pipe instead of getting the number of messages in the queue.
2020-12-17Router: fixed crash in OOSM processing.Max Romanov1-3/+8
Multithreaded application may create different shared memory segments in different threads. The segments then passed to different router threads. Because of this multithreading, the order of adding incoming segments is not determined and there can be situation when some of the incoming segments are not initialized yet. This patch simply adds check for NULL to skip non-initialized segments. Crash reproduced during load tests with high number of simultaneous connections (1024 and more).
2020-12-14Python: WSGI environment copying moved out of request processing.Valentin Bartenev1-12/+53
The WSGI environment dictionary contains a number of static items, that are pre-initialized on application start. Then it's copied for each request to be filled with request-related data. Now this dictionary copy operation will be done between processing of requests, which should save some CPU cycles during request processing and thus reduce response latency for non-peak load periods.
2020-12-14Isolation: fixed unmounting when mnt namespace is in place.Tiago Natel de Moura1-6/+0
The code had a wrong assumption that "mount namespaces" automatically unmounts process mounts when exits but this happens only with unprivileged mounts.