Difference Between Revision 8 and home:kries / proceed-nginx
| [+] | Deleted | nginx.changes |
| @@ -1,28 +0,0 @@ -------------------------------------------------------------------- -Wed Dec 28 20:00:08 UTC 2016 - cs@linux-administrator.com - -- update to nginx 1.11.8 - -------------------------------------------------------------------- -Wed Dec 14 11:07:19 UTC 2016 - cs@linux-administrator.com - -- update to nginx 1.11.7 - -------------------------------------------------------------------- -Mon Nov 28 07:21:41 UTC 2016 - cs@linux-administrator.com - -- update to nginx 1.11.6 -- update nginx rtmp module to 1.1.10 - -------------------------------------------------------------------- -Wed Oct 12 21:29:31 UTC 2016 - cs@linux-administrator.com - -- update to nginx 1.11.5 - -------------------------------------------------------------------- -Wed Sep 28 18:04:31 UTC 2016 - cs@linux-administrator.com - -- update to nginx 1.11.4 -- update openssl to 1.0.2j -- update nginx rtmp module to 1.1.9 - | ||
| [-] | Changed | nginx.spec ^ |
|
x 1 2 %define nginx_webroot %{nginx_datadir}/html3 4 %define rtmp_ext nginx-rtmp-module5 -%define rtmp_ext_version 1.1.156 +%define rtmp_ext_version 1.2.17 %define rtmp %{rtmp_ext}-%{rtmp_ext_version}8 %define rtmp_nover %{rtmp_ext}9 %define with_rtmp_ext 010 11 -%define nps_version 1.13.35.1-beta12 -%define psol_version 1.13.35.1-x6413 +%define nps_version 1.13.35.2-stable14 +%define psol_version 1.13.35.2-x6415 %define slowfs_version 1.516 -#%define waf_version 2.8.017 -%define openssl_version 1.1.0g18 +%define openssl_version 1.1.0h19 %define ngxpurge_version 2.320 21 %define with_ldap_auth 022 23 Name: nginx24 -Version: 1.13.725 +Version: 1.14.026 Release: 127 Summary: Robust, small and high performance http and reverse proxy server28 Group: System Environment/Daemons 29 30 Source14: ngx_pagespeed-%{nps_version}.zip31 Source15: %{psol_version}.tar.gz32 Source16: ngx_cache_purge-%{ngxpurge_version}.tar.gz33 -Source17: naxsi-0.55.3.tar.gz34 -Source18: changelog35 +Source17: naxsi-0.56rc1.tar.gz36 Source19: nginx-auth-ldap.tar.gz37 +Source20: ngx_http_substitutions_filter_module-master.zip38 39 Source100: index.html40 Source101: poweredby.png41 42 43 Patch0: nginx-auto-cc-gcc.patch44 Patch1: nginx-conf-0.7.x.patch45 -#Patch2: check_1.7.5+.patch46 Patch3: openssl-rc4tilt.patch47 -#Patch4: openssl__chacha20_poly1305_draft_and_rfc_ossl102g.patch48 49 %description50 Nginx [engine x] is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP351 52 53 %patch0 -p054 %patch1 -p055 -#%patch2 -p156 %{__tar} zxvf %{SOURCE5}57 %{__tar} zxvf %{SOURCE9}58 %{__tar} zxvf %{SOURCE10}59 60 %{__tar} zxvf %{SOURCE16}61 %{__tar} zxvf %{SOURCE17}62 %{__tar} zxvf %{SOURCE19}63 +%{__unzip} -o %{SOURCE20}64 65 cd openssl-%{openssl_version}66 -#%patch4 -p1 67 ./config68 69 %if 0%{?rhel_version} == 700 || 0%{?centos_version} == 70070 71 exit $?72 fi73 74 -cd ngx_pagespeed-%{nps_version}75 +cd incubator-pagespeed-ngx-%{nps_version}76 %{__tar} xzf %{SOURCE15}77 if [ $? -ne 0 ]; then78 exit $?79 80 --with-http_slice_module \81 --with-stream_ssl_preread_module \82 --with-http_sub_module \83 + --add-module=%{_builddir}/nginx-%{version}/ngx_http_substitutions_filter_module-master \84 %if 0%{?with_ldap_auth} == 185 --add-module=%{_builddir}/nginx-%{version}/nginx-auth-ldap \86 %endif87 - --add-module=%{_builddir}/nginx-%{version}/naxsi-0.55.3/naxsi_src \88 + --add-module=%{_builddir}/nginx-%{version}/naxsi-0.56rc1/naxsi_src \89 %if 0%{?rhel_version} == 700 || 0%{?centos_version} == 70090 --with-ld-opt="-Wl,-z,relro,-z,now -Wl,-rpath -Wl,-Bsymbolic-functions -Wl,--as-needed -fPIE" \91 --with-cc-opt="-g -Ofast -march=native -ffast-math -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2" \92 93 --add-module=%{_builddir}/nginx-%{version}/Nginx-limit-traffic-rate-module \94 --add-module=%{_builddir}/nginx-%{version}/ngx_cache_purge-2.3 \95 %if 0%{?rhel_version} == 700 || 0%{?centos_version} == 70096 - --add-module=%{_builddir}/nginx-%{version}/ngx_pagespeed-%{nps_version} \97 + --add-module=%{_builddir}/nginx-%{version}/incubator-pagespeed-ngx-%{nps_version} \98 --with-threads \99 %endif100 %if 0%{with_rtmp_ext}101 |
||
| [+] | Deleted | 2bc1dac6fb3ed263529decb211ec784824132bf4.patch ^ |
| @@ -1,38 +0,0 @@ -From 2bc1dac6fb3ed263529decb211ec784824132bf4 Mon Sep 17 00:00:00 2001 -From: Chris Lea <chris.lea@gmail.com> -Date: Tue, 15 Nov 2016 22:26:35 -0800 -Subject: [PATCH] default_port was removed in 1.11.6. - ---- - ngx_http_upstream_fair_module.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/ngx_http_upstream_fair_module.c b/ngx_http_upstream_fair_module.c -index a4419ca..66144e9 100644 ---- a/ngx_http_upstream_fair_module.c -+++ b/ngx_http_upstream_fair_module.c -@@ -540,7 +540,11 @@ ngx_http_upstream_init_fair_rr(ngx_conf_t *cf, ngx_http_upstream_srv_conf_t *us) - - /* an upstream implicitly defined by proxy_pass, etc. */ - -+#if nginx_version < 1011006 - if (us->port == 0 && us->default_port == 0) { -+#else -+ if (us->port == 0) { -+#endif - ngx_log_error(NGX_LOG_EMERG, cf->log, 0, - "no port in upstream \"%V\" in %s:%ui", - &us->host, us->file_name, us->line); -@@ -550,8 +554,11 @@ ngx_http_upstream_init_fair_rr(ngx_conf_t *cf, ngx_http_upstream_srv_conf_t *us) - ngx_memzero(&u, sizeof(ngx_url_t)); - - u.host = us->host; -+#if nginx_version < 1011006 - u.port = (in_port_t) (us->port ? us->port : us->default_port); -- -+#else -+ u.port = (in_port_t) us->port; -+#endif - if (ngx_inet_resolve_host(cf->pool, &u) != NGX_OK) { - if (u.err) { - ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | ||
| [+] | Deleted | check_1.7.5+.patch ^ |
| @@ -1,195 +0,0 @@ -diff --git a/src/http/modules/ngx_http_upstream_ip_hash_module.c b/src/http/modules/ngx_http_upstream_ip_hash_module.c -index 148d73a..913e395 100644 ---- a/src/http/modules/ngx_http_upstream_ip_hash_module.c -+++ b/src/http/modules/ngx_http_upstream_ip_hash_module.c -@@ -9,6 +9,9 @@ - #include <ngx_core.h> - #include <ngx_http.h> - -+#if (NGX_HTTP_UPSTREAM_CHECK) -+#include "ngx_http_upstream_check_module.h" -+#endif - - typedef struct { - /* the round robin data must be first */ -@@ -212,6 +215,15 @@ ngx_http_upstream_get_ip_hash_peer(ngx_peer_connection_t *pc, void *data) - goto next_try; - } - -+#if (NGX_HTTP_UPSTREAM_CHECK) -+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, -+ "get ip_hash peer, check_index: %ui", -+ peer->check_index); -+ if (ngx_http_upstream_check_peer_down(peer->check_index)) { -+ goto next_try; -+ } -+#endif -+ - if (peer->max_fails - && peer->fails >= peer->max_fails - && now - peer->checked <= peer->fail_timeout) -diff --git a/src/http/modules/ngx_http_upstream_least_conn_module.c b/src/http/modules/ngx_http_upstream_least_conn_module.c -index 623bc9b..a223839 100644 ---- a/src/http/modules/ngx_http_upstream_least_conn_module.c -+++ b/src/http/modules/ngx_http_upstream_least_conn_module.c -@@ -9,6 +9,9 @@ - #include <ngx_core.h> - #include <ngx_http.h> - -+#if (NGX_HTTP_UPSTREAM_CHECK) -+#include "ngx_http_upstream_check_module.h" -+#endif - - typedef struct { - ngx_uint_t *conns; -@@ -203,6 +206,16 @@ ngx_http_upstream_get_least_conn_peer(ngx_peer_connection_t *pc, void *data) - continue; - } - -+#if (NGX_HTTP_UPSTREAM_CHECK) -+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, -+ "get least_conn peer, check_index: %ui", -+ peer->check_index); -+ -+ if (ngx_http_upstream_check_peer_down(peer->check_index)) { -+ continue; -+ } -+#endif -+ - if (peer->max_fails - && peer->fails >= peer->max_fails - && now - peer->checked <= peer->fail_timeout) -@@ -256,6 +269,16 @@ ngx_http_upstream_get_least_conn_peer(ngx_peer_connection_t *pc, void *data) - continue; - } - -+#if (NGX_HTTP_UPSTREAM_CHECK) -+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, -+ "get least_conn peer, check_index: %ui", -+ peer->check_index); -+ -+ if (ngx_http_upstream_check_peer_down(peer->check_index)) { -+ continue; -+ } -+#endif -+ - if (lcp->conns[i] * best->weight != lcp->conns[p] * peer->weight) { - continue; - } -diff --git a/src/http/ngx_http_upstream_round_robin.c b/src/http/ngx_http_upstream_round_robin.c -index 2d0649b..b9789eb 100644 ---- a/src/http/ngx_http_upstream_round_robin.c -+++ b/src/http/ngx_http_upstream_round_robin.c -@@ -9,6 +9,9 @@ - #include <ngx_core.h> - #include <ngx_http.h> - -+#if (NGX_HTTP_UPSTREAM_CHECK) -+#include "ngx_http_upstream_check_module.h" -+#endif - - #define ngx_http_upstream_tries(p) ((p)->number \ - + ((p)->next ? (p)->next->number : 0)) -@@ -92,6 +95,14 @@ ngx_http_upstream_init_round_robin(ngx_conf_t *cf, - peer[n].fail_timeout = server[i].fail_timeout; - peer[n].down = server[i].down; - peer[n].server = server[i].name; -+#if (NGX_HTTP_UPSTREAM_CHECK) -+ if (!server[i].down) { -+ peers->peer[n].check_index = -+ ngx_http_upstream_check_add_peer(cf, us, &server[i].addrs[j]); -+ } else { -+ peers->peer[n].check_index = (ngx_uint_t) NGX_ERROR; -+ } -+#endif - n++; - } - } -@@ -148,6 +159,15 @@ ngx_http_upstream_init_round_robin(ngx_conf_t *cf, - peer[n].fail_timeout = server[i].fail_timeout; - peer[n].down = server[i].down; - peer[n].server = server[i].name; -+#if (NGX_HTTP_UPSTREAM_CHECK) -+ if (!server[i].down) { -+ backup->peer[n].check_index = -+ ngx_http_upstream_check_add_peer(cf, us, &server[i].addrs[j]); -+ } -+ else { -+ backup->peer[n].check_index = (ngx_uint_t) NGX_ERROR; -+ } -+#endif - n++; - } - } -@@ -207,6 +227,9 @@ ngx_http_upstream_init_round_robin(ngx_conf_t *cf, - peer[i].current_weight = 0; - peer[i].max_fails = 1; - peer[i].fail_timeout = 10; -+#if (NGX_HTTP_UPSTREAM_CHECK) -+ peers->peer[i].check_index = (ngx_uint_t) NGX_ERROR; -+#endif - } - - us->peer.data = peers; -@@ -316,7 +339,9 @@ ngx_http_upstream_create_round_robin_peer(ngx_http_request_t *r, - peer[0].current_weight = 0; - peer[0].max_fails = 1; - peer[0].fail_timeout = 10; -- -+#if (NGX_HTTP_UPSTREAM_CHECK) -+ peers->peer[0].check_index = (ngx_uint_t) NGX_ERROR; -+#endif - } else { - - for (i = 0; i < ur->naddrs; i++) { -@@ -356,6 +381,9 @@ ngx_http_upstream_create_round_robin_peer(ngx_http_request_t *r, - peer[i].current_weight = 0; - peer[i].max_fails = 1; - peer[i].fail_timeout = 10; -+#if (NGX_HTTP_UPSTREAM_CHECK) -+ peers->peer[i].check_index = (ngx_uint_t) NGX_ERROR; -+#endif - } - } - -@@ -415,6 +443,12 @@ ngx_http_upstream_get_round_robin_peer(ngx_peer_connection_t *pc, void *data) - goto failed; - } - -+#if (NGX_HTTP_UPSTREAM_CHECK) -+ if (ngx_http_upstream_check_peer_down(peer->check_index)) { -+ goto failed; -+ } -+#endif -+ - } else { - - /* there are several peers */ -@@ -507,6 +541,12 @@ ngx_http_upstream_get_peer(ngx_http_upstream_rr_peer_data_t *rrp) - continue; - } - -+#if (NGX_HTTP_UPSTREAM_CHECK) -+ if (ngx_http_upstream_check_peer_down(peer->check_index)) { -+ continue; -+ } -+#endif -+ - if (peer->max_fails - && peer->fails >= peer->max_fails - && now - peer->checked <= peer->fail_timeout) -diff --git a/src/http/ngx_http_upstream_round_robin.h b/src/http/ngx_http_upstream_round_robin.h -index 9db82a6..6e19a65 100644 ---- a/src/http/ngx_http_upstream_round_robin.h -+++ b/src/http/ngx_http_upstream_round_robin.h -@@ -31,6 +31,10 @@ typedef struct { - ngx_uint_t max_fails; - time_t fail_timeout; - -+#if (NGX_HTTP_UPSTREAM_CHECK) -+ ngx_uint_t check_index; -+#endif -+ - ngx_uint_t down; /* unsigned down:1; */ - - #if (NGX_HTTP_SSL) | ||
| [+] | Deleted | nginx-0.4.0-no_Werror.patch ^ |
| @@ -1,13 +0,0 @@ -Index: auto/cc/gcc -=================================================================== ---- auto/cc/gcc.orig -+++ auto/cc/gcc -@@ -171,7 +171,7 @@ - - - # stop on warning --CFLAGS="$CFLAGS -Werror" -+CFLAGS="$CFLAGS" - - # debug - CFLAGS="$CFLAGS -g" | ||
| [+] | Deleted | nginx-0.4.0-perl_vendor_install.patch ^ |
| @@ -1,13 +0,0 @@ -Index: auto/install -=================================================================== ---- auto/install.orig -+++ auto/install -@@ -7,7 +7,7 @@ - cat << END >> $NGX_MAKEFILE - - install_perl_modules: -- cd $NGX_OBJS/src/http/modules/perl && make install -+ cd $NGX_OBJS/src/http/modules/perl && make install_vendor - END - - NGX_INSTALL_PERL_MODULES=install_perl_modules | ||
| [+] | Deleted | nginx-0.6.31-DESTDIR.patch ^ |
| @@ -1,75 +0,0 @@ -Index: auto/install -=================================================================== ---- auto/install.orig 2007-07-30 12:51:55.000000000 +0200 -+++ auto/install 2008-05-29 18:00:45.383221398 +0200 -@@ -19,45 +19,45 @@ cat << END - - install: $NGX_OBJS${ngx_dirsep}nginx${ngx_binext} \ - $NGX_INSTALL_PERL_MODULES -- test -d '$NGX_PREFIX' || mkdir -p '$NGX_PREFIX' -+ test -d '\$(DESTDIR)$NGX_PREFIX' || mkdir -p '\$(DESTDIR)$NGX_PREFIX' - -- test -d '`dirname "$NGX_SBIN_PATH"`' \ -- || mkdir -p '`dirname "$NGX_SBIN_PATH"`' -- test ! -f '$NGX_SBIN_PATH' || mv '$NGX_SBIN_PATH' '$NGX_SBIN_PATH.old' -- cp $NGX_OBJS/nginx '$NGX_SBIN_PATH' -+ test -d '\$(DESTDIR)`dirname "$NGX_SBIN_PATH"`' \ -+ || mkdir -p '\$(DESTDIR)`dirname "$NGX_SBIN_PATH"`' -+ test ! -f '\$(DESTDIR)$NGX_SBIN_PATH' || mv '\$(DESTDIR)$NGX_SBIN_PATH' '\$(DESTDIR)$NGX_SBIN_PATH.old' -+ cp $NGX_OBJS/nginx '\$(DESTDIR)$NGX_SBIN_PATH' - -- test -d '$NGX_CONF_PREFIX' || mkdir -p '$NGX_CONF_PREFIX' -+ test -d '\$(DESTDIR)$NGX_CONF_PREFIX' || mkdir -p '\$(DESTDIR)$NGX_CONF_PREFIX' - -- cp conf/koi-win '$NGX_CONF_PREFIX' -- cp conf/koi-utf '$NGX_CONF_PREFIX' -- cp conf/win-utf '$NGX_CONF_PREFIX' -+ cp conf/koi-win '\$(DESTDIR)$NGX_CONF_PREFIX' -+ cp conf/koi-utf '\$(DESTDIR)$NGX_CONF_PREFIX' -+ cp conf/win-utf '\$(DESTDIR)$NGX_CONF_PREFIX' - -- test -f '$NGX_CONF_PREFIX/mime.types' \ -- || cp conf/mime.types '$NGX_CONF_PREFIX' -- cp conf/mime.types '$NGX_CONF_PREFIX/mime.types.default' -+ test -f '\$(DESTDIR)$NGX_CONF_PREFIX/mime.types' \ -+ || cp conf/mime.types '\$(DESTDIR)$NGX_CONF_PREFIX' -+ cp conf/mime.types '\$(DESTDIR)$NGX_CONF_PREFIX/mime.types.default' - -- test -f '$NGX_CONF_PREFIX/fastcgi_params' \ -- || cp conf/fastcgi_params '$NGX_CONF_PREFIX' -- cp conf/fastcgi_params '$NGX_CONF_PREFIX/fastcgi_params.default' -+ test -f '\$(DESTDIR)$NGX_CONF_PREFIX/fastcgi_params' \ -+ || cp conf/fastcgi_params '\$(DESTDIR)$NGX_CONF_PREFIX' -+ cp conf/fastcgi_params '\$(DESTDIR)$NGX_CONF_PREFIX/fastcgi_params.default' - -- test -f '$NGX_CONF_PATH' || cp conf/nginx.conf '$NGX_CONF_PREFIX' -- cp conf/nginx.conf '$NGX_CONF_PREFIX/nginx.conf.default' -+ test -f '\$(DESTDIR)$NGX_CONF_PATH' || cp conf/nginx.conf '\$(DESTDIR)$NGX_CONF_PREFIX' -+ cp conf/nginx.conf '\$(DESTDIR)$NGX_CONF_PREFIX/nginx.conf.default' - -- test -d '`dirname "$NGX_PID_PATH"`' \ -- || mkdir -p '`dirname "$NGX_PID_PATH"`' -+ test -d '\$(DESTDIR)`dirname "$NGX_PID_PATH"`' \ -+ || mkdir -p '\$(DESTDIR)`dirname "$NGX_PID_PATH"`' - -- test -d '`dirname "$NGX_HTTP_LOG_PATH"`' || \ -- mkdir -p '`dirname "$NGX_HTTP_LOG_PATH"`' -+ test -d '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`' || \ -+ mkdir -p '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`' - -- test -d '$NGX_PREFIX/html' || cp -r html '$NGX_PREFIX' -+ test -d '\$(DESTDIR)$NGX_PREFIX/html' || cp -r html '\$(DESTDIR)$NGX_PREFIX' - END - - --if test -n "$NGX_ERROR_LOG_PATH"; then -+if test -n "\$(DESTDIR)$NGX_ERROR_LOG_PATH"; then - cat << END >> $NGX_MAKEFILE - -- test -d '`dirname "$NGX_ERROR_LOG_PATH"`' || \ -- mkdir -p '`dirname "$NGX_ERROR_LOG_PATH"`' -+ test -d '\$(DESTDIR)`dirname "$NGX_ERROR_LOG_PATH"`' || \ -+ mkdir -p '\$(DESTDIR)`dirname "$NGX_ERROR_LOG_PATH"`' - END - - fi | ||
| [+] | Deleted | nginx-0.6.31_default_config.patch ^ |
| @@ -1,71 +0,0 @@ -Index: conf/nginx.conf -=================================================================== ---- conf/nginx.conf.orig 2009-04-06 15:43:46.000000000 +0200 -+++ conf/nginx.conf 2009-05-08 20:19:55.436773498 +0200 -@@ -1,12 +1,12 @@ - --#user nobody; -+user nginx; - worker_processes 1; - --#error_log logs/error.log; --#error_log logs/error.log notice; --#error_log logs/error.log info; -+#error_log /var/log/nginx/error.log; -+#error_log /var/log/nginx/error.log notice; -+#error_log /var/log/nginx/error.log info; - --#pid logs/nginx.pid; -+#pid /var/run/nginx.pid; - - - events { -@@ -22,7 +22,7 @@ http { - # '$status $body_bytes_sent "$http_referer" ' - # '"$http_user_agent" "$http_x_forwarded_for"'; - -- #access_log logs/access.log main; -+ #access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; -@@ -38,10 +38,10 @@ http { - - #charset koi8-r; - -- #access_log logs/host.access.log main; -+ #access_log /var/log/nginx/host.access.log main; - - location / { -- root html; -+ root /srv/www/htdocs/; - index index.html index.htm; - } - -@@ -51,7 +51,7 @@ http { - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { -- root html; -+ root /srv/www/htdocs/; - } - - # proxy the PHP scripts to Apache listening on 127.0.0.1:80 -@@ -87,7 +87,7 @@ http { - # server_name somename alias another.alias; - - # location / { -- # root html; -+ # root /srv/www/htdocs/; - # index index.html index.htm; - # } - #} -@@ -110,7 +110,7 @@ http { - # ssl_prefer_server_ciphers on; - - # location / { -- # root html; -+ # root /srv/www/htdocs/; - # index index.html index.htm; - # } - #} | ||
| [+] | Deleted | nginx-0.6.38-html.patch ^ |
| @@ -1,14 +0,0 @@ -Index: auto/install -=================================================================== ---- auto/install.orig -+++ auto/install -@@ -54,8 +54,7 @@ - test -d '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`' || \ - mkdir -p '\$(DESTDIR)`dirname "$NGX_HTTP_LOG_PATH"`' - -- test -d '\$(DESTDIR)$NGX_PREFIX/html' \ -- || cp -r html '\$(DESTDIR)$NGX_PREFIX' -+ test -d '\$(DESTDIR)/srv/www/htdocs' || install -d '\$(DESTDIR)/srv/www/' && cp -r html '\$(DESTDIR)/srv/www/htdocs' - END - - | ||
| [+] | Deleted | openssl__chacha20_poly1305_draft_and_rfc_ossl102g.patch ^ |
| @@ -1,5227 +0,0 @@ -From d21c75c622eb13a80080ed15fa30474f806a0a0f Mon Sep 17 00:00:00 2001 -From: Vlad Krasnov <vlad@cloudflare.com> -Date: Fri, 12 Feb 2016 18:25:11 -0800 -Subject: [PATCH] Implementation of draft and RFC versions of CHACHA20-POLY1305 - ciphers - ---- - Configure | 48 +- - Makefile.org | 4 +- - apps/speed.c | 30 +- - crypto/chacha20poly1305/Makefile | 97 +++ - crypto/chacha20poly1305/asm/chacha20_avx.pl | 408 +++++++++++ - crypto/chacha20poly1305/asm/chacha20_avx2.pl | 443 ++++++++++++ - crypto/chacha20poly1305/asm/poly1305_avx.pl | 732 ++++++++++++++++++++ - crypto/chacha20poly1305/asm/poly1305_avx2.pl | 984 +++++++++++++++++++++++++++ - crypto/chacha20poly1305/asm/poly1305_x64.pl | 281 ++++++++ - crypto/chacha20poly1305/chacha20.c | 162 +++++ - crypto/chacha20poly1305/chacha20poly1305.h | 79 +++ - crypto/chacha20poly1305/chapolytest.c | 470 +++++++++++++ - crypto/chacha20poly1305/poly1305.c | 287 ++++++++ - crypto/cryptlib.c | 10 - - crypto/evp/Makefile | 7 +- - crypto/evp/e_chacha20poly1305.c | 435 ++++++++++++ - crypto/evp/evp.h | 4 + - ssl/s3_lib.c | 119 ++++ - ssl/ssl.h | 2 + - ssl/ssl_ciph.c | 60 +- - ssl/ssl_locl.h | 2 + - ssl/tls1.h | 28 + - test/Makefile | 17 +- - 23 files changed, 4655 insertions(+), 54 deletions(-) - create mode 100644 crypto/chacha20poly1305/Makefile - create mode 100644 crypto/chacha20poly1305/asm/chacha20_avx.pl - create mode 100644 crypto/chacha20poly1305/asm/chacha20_avx2.pl - create mode 100644 crypto/chacha20poly1305/asm/poly1305_avx.pl - create mode 100644 crypto/chacha20poly1305/asm/poly1305_avx2.pl - create mode 100644 crypto/chacha20poly1305/asm/poly1305_x64.pl - create mode 100644 crypto/chacha20poly1305/chacha20.c - create mode 100644 crypto/chacha20poly1305/chacha20poly1305.h - create mode 100644 crypto/chacha20poly1305/chapolytest.c - create mode 100644 crypto/chacha20poly1305/poly1305.c - create mode 100644 crypto/evp/e_chacha20poly1305.c - -diff --git a/Configure b/Configure -index 4a715dc..f3ab6cd 100755 ---- a/Configure -+++ b/Configure -@@ -146,25 +146,25 @@ my $tlib="-lnsl -lsocket"; - my $bits1="THIRTY_TWO_BIT "; - my $bits2="SIXTY_FOUR_BIT "; - --my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o::des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o:"; -+my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o::des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o::"; - - my $x86_elf_asm="$x86_asm:elf"; - --my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o:ecp_nistz256.o ecp_nistz256-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o aesni-gcm-x86_64.o:"; --my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void"; --my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o::des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o:aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o::md5-sparcv9.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o::::::camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o:ghash-sparcv9.o::void"; --my $sparcv8_asm=":sparcv8.o::des_enc-sparc.o fcrypt_b.o:::::::::::::void"; --my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::sha1-alpha.o:::::::ghash-alpha.o::void"; --my $mips64_asm=":bn-mips.o mips-mont.o:::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::"; -+my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o:ecp_nistz256.o ecp_nistz256-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o aesni-gcm-x86_64.o::chacha20_avx.o chacha20_avx2.o poly1305_x64.o poly1305_avx2.o"; -+my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o:::void"; -+my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o::des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o:aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o::md5-sparcv9.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o::::::camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o:ghash-sparcv9.o:::void"; -+my $sparcv8_asm=":sparcv8.o::des_enc-sparc.o fcrypt_b.o::::::::::::::void"; -+my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::sha1-alpha.o:::::::ghash-alpha.o:::void"; -+my $mips64_asm=":bn-mips.o mips-mont.o:::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o:::::::::"; - my $mips32_asm=$mips64_asm; $mips32_asm =~ s/\s*sha512\-mips\.o//; --my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o:::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:"; --my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o:::aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o ghashv8-armx.o::void"; --my $aarch64_asm="armcap.o arm64cpuid.o mem_clr.o::::aes_core.o aes_cbc.o aesv8-armx.o:::sha1-armv8.o sha256-armv8.o sha512-armv8.o:::::::ghashv8-armx.o:"; --my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::32"; --my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64"; --my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o:::aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o:::::::ghashp8-ppc.o:"; -+my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o:::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o::"; -+my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o:::aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o ghashv8-armx.o:::void"; -+my $aarch64_asm="armcap.o arm64cpuid.o mem_clr.o::::aes_core.o aes_cbc.o aesv8-armx.o:::sha1-armv8.o sha256-armv8.o sha512-armv8.o:::::::ghashv8-armx.o::"; -+my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o:::32"; -+my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o:::64"; -+my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o:::aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o:::::::ghashp8-ppc.o::"; - my $ppc32_asm=$ppc64_asm; --my $no_asm="::::::::::::::::void"; -+my $no_asm=":::::::::::::::::void"; - - # As for $BSDthreads. Idea is to maintain "collective" set of flags, - # which would cover all BSD flavors. -pthread applies to them all, -@@ -710,6 +710,7 @@ my $idx_wp_obj = $idx++; - my $idx_cmll_obj = $idx++; - my $idx_modes_obj = $idx++; - my $idx_engines_obj = $idx++; -+my $idx_chapoly_obj = $idx++; - my $idx_perlasm_scheme = $idx++; - my $idx_dso_scheme = $idx++; - my $idx_shared_target = $idx++; -@@ -752,6 +753,7 @@ my $bf ="crypto/bf/bf_locl.h"; - my $bn_asm ="bn_asm.o"; - my $des_enc="des_enc.o fcrypt_b.o"; - my $aes_enc="aes_core.o aes_cbc.o"; -+my $chapoly_enc=""; - my $bf_enc ="bf_enc.o"; - my $cast_enc="c_enc.o"; - my $rc4_enc="rc4_enc.o rc4_skey.o"; -@@ -1210,7 +1212,7 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/] - - print "IsMK1MF=$IsMK1MF\n"; - --my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); -+my @fields = split(/\s*:\s*/,$table{$target} . ":" x 31 , -1); - my $cc = $fields[$idx_cc]; - # Allow environment CC to override compiler... - if($ENV{CC}) { -@@ -1239,6 +1241,7 @@ my $wp_obj = $fields[$idx_wp_obj]; - my $cmll_obj = $fields[$idx_cmll_obj]; - my $modes_obj = $fields[$idx_modes_obj]; - my $engines_obj = $fields[$idx_engines_obj]; -+my $chapoly_obj = $fields[$idx_chapoly_obj]; - my $perlasm_scheme = $fields[$idx_perlasm_scheme]; - my $dso_scheme = $fields[$idx_dso_scheme]; - my $shared_target = $fields[$idx_shared_target]; -@@ -1405,7 +1408,7 @@ if ($no_asm) - { - $cpuid_obj=$bn_obj=$ec_obj= - $des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=$cmll_obj= -- $modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj=""; -+ $modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj=$chapoly_obj=""; - } - - if (!$no_shared) -@@ -1558,6 +1561,14 @@ $bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/); - $cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/); - $rc4_obj=$rc4_enc unless ($rc4_obj =~ /\.o$/); - $rc5_obj=$rc5_enc unless ($rc5_obj =~ /\.o$/); -+if ($chapoly_obj =~ /\.o$/) -+ { -+ $cflags.=" -DCHAPOLY_x86_64_ASM"; -+ } -+else -+ { -+ $chapoly_obj=$chapoly_enc; -+ } - if ($sha1_obj =~ /\.o$/) - { - # $sha1_obj=$sha1_enc; -@@ -1740,6 +1751,7 @@ while (<IN>) - s/^WP_ASM_OBJ=.*$/WP_ASM_OBJ= $wp_obj/; - s/^CMLL_ENC=.*$/CMLL_ENC= $cmll_obj/; - s/^MODES_ASM_OBJ.=*$/MODES_ASM_OBJ= $modes_obj/; -+ s/^CHAPOLY_ENC=.*$/CHAPOLY_ENC= $chapoly_obj/; - s/^ENGINES_ASM_OBJ.=*$/ENGINES_ASM_OBJ= $engines_obj/; - s/^PERLASM_SCHEME=.*$/PERLASM_SCHEME= $perlasm_scheme/; - s/^PROCESSOR=.*/PROCESSOR= $processor/; -@@ -1802,6 +1814,7 @@ print "RMD160_OBJ_ASM=$rmd160_obj\n"; - print "CMLL_ENC =$cmll_obj\n"; - print "MODES_OBJ =$modes_obj\n"; - print "ENGINES_OBJ =$engines_obj\n"; -+print "CHAPOLY_ENC =$chapoly_obj\n"; - print "PROCESSOR =$processor\n"; - print "RANLIB =$ranlib\n"; - print "ARFLAGS =$arflags\n"; -@@ -2200,7 +2213,7 @@ sub print_table_entry - my ($cc, $cflags, $unistd, $thread_cflag, $sys_id, $lflags, - $bn_ops, $cpuid_obj, $bn_obj, $ec_obj, $des_obj, $aes_obj, $bf_obj, - $md5_obj, $sha1_obj, $cast_obj, $rc4_obj, $rmd160_obj, -- $rc5_obj, $wp_obj, $cmll_obj, $modes_obj, $engines_obj, -+ $rc5_obj, $wp_obj, $cmll_obj, $modes_obj, $engines_obj, $chapoly_obj, - $perlasm_scheme, $dso_scheme, $shared_target, $shared_cflag, - $shared_ldflag, $shared_extension, $ranlib, $arflags, $multilib)= - split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); -@@ -2231,6 +2244,7 @@ sub print_table_entry - \$cmll_obj = $cmll_obj - \$modes_obj = $modes_obj - \$engines_obj = $engines_obj -+\$chapoly_obj = $chapoly_obj - \$perlasm_scheme = $perlasm_scheme - \$dso_scheme = $dso_scheme - \$shared_target= $shared_target -diff --git a/Makefile.org b/Makefile.org -index 76fdbdf..6556ef6 100644 ---- a/Makefile.org -+++ b/Makefile.org -@@ -91,6 +91,7 @@ BN_ASM= bn_asm.o - EC_ASM= - DES_ENC= des_enc.o fcrypt_b.o - AES_ENC= aes_core.o aes_cbc.o -+CHAPOLY_ENC= - BF_ENC= bf_enc.o - CAST_ENC= c_enc.o - RC4_ENC= rc4_enc.o -@@ -148,7 +149,7 @@ SDIRS= \ - bn ec rsa dsa ecdsa dh ecdh dso engine \ - buffer bio stack lhash rand err \ - evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ -- cms pqueue ts jpake srp store cmac -+ cms pqueue ts jpake srp store cmac chacha20poly1305 - # keep in mind that the above list is adjusted by ./Configure - # according to no-xxx arguments... - -@@ -234,6 +235,7 @@ BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\ | ||
| Added | 1.13.35.2-x64.tar.gz ^ | |
| [+] | Changed | _service ^ |
| @@ -2,6 +2,6 @@ <service name="download_url"> <param name="host">nginx.org</param> <param name="protocol">http</param> - <param name="path">/download/nginx-1.13.7.tar.gz</param> + <param name="path">/download/nginx-1.14.0.tar.gz</param> </service> -<service name="download_url"><param name="host">nginx.org</param><param name="protocol">http</param><param name="path">/download/nginx-1.13.7.tar.gz</param></service><service name="download_url"><param name="host">www.openssl.org</param><param name="protocol">https</param><param name="path">/source/openssl-1.1.0g.tar.gz</param></service></services> \ No newline at end of file +<service name="download_url"><param name="host">nginx.org</param><param name="protocol">http</param><param name="path">/download/nginx-1.14.0.tar.gz</param></service><service name="download_url"><param name="host">www.openssl.org</param><param name="protocol">https</param><param name="path">/source/openssl-1.1.0h.tar.gz</param></service></services> | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/CHANGES ^ |
| @@ -1,4 +1,103 @@ +Changes with nginx 1.14.0 17 Apr 2018 + + *) 1.14.x stable branch. + + +Changes with nginx 1.13.12 10 Apr 2018 + + *) Bugfix: connections with gRPC backends might be closed unexpectedly + when returning a large response. + + +Changes with nginx 1.13.11 03 Apr 2018 + + *) Feature: the "proxy_protocol" parameter of the "listen" directive now + supports the PROXY protocol version 2. + + *) Bugfix: nginx could not be built with OpenSSL 1.1.1 statically on + Linux. + + *) Bugfix: in the "http_404", "http_500", etc. parameters of the + "proxy_next_upstream" directive. + + +Changes with nginx 1.13.10 20 Mar 2018 + + *) Feature: the "set" parameter of the "include" SSI directive now + allows writing arbitrary responses to a variable; the + "subrequest_output_buffer_size" directive defines maximum response + size. + + *) Feature: now nginx uses clock_gettime(CLOCK_MONOTONIC) if available, + to avoid timeouts being incorrectly triggered on system time changes. + + *) Feature: the "escape=none" parameter of the "log_format" directive. + Thanks to Johannes Baiter and Calin Don. + + *) Feature: the $ssl_preread_alpn_protocols variable in the + ngx_stream_ssl_preread_module. + + *) Feature: the ngx_http_grpc_module. + + *) Bugfix: in memory allocation error handling in the "geo" directive. + + *) Bugfix: when using variables in the "auth_basic_user_file" directive + a null character might appear in logs. + Thanks to Vadim Filimonov. + + +Changes with nginx 1.13.9 20 Feb 2018 + + *) Feature: HTTP/2 server push support; the "http2_push" and + "http2_push_preload" directives. + + *) Bugfix: "header already sent" alerts might appear in logs when using + cache; the bug had appeared in 1.9.13. + + *) Bugfix: a segmentation fault might occur in a worker process if the + "ssl_verify_client" directive was used and no SSL certificate was + specified in a virtual server. + + *) Bugfix: in the ngx_http_v2_module. + + *) Bugfix: in the ngx_http_dav_module. + + +Changes with nginx 1.13.8 26 Dec 2017 + + *) Feature: now nginx automatically preserves the CAP_NET_RAW capability + in worker processes when using the "transparent" parameter of the + "proxy_bind", "fastcgi_bind", "memcached_bind", "scgi_bind", and + "uwsgi_bind" directives. + + *) Feature: improved CPU cache line size detection. + Thanks to Debayan Ghosh. + + *) Feature: new directives in vim syntax highlighting scripts. + Thanks to Gena Makhomed. + + *) Bugfix: binary upgrade refused to work if nginx was re-parented to a + process with PID different from 1 after its parent process has + finished. + + *) Bugfix: the ngx_http_autoindex_module incorrectly handled requests + with bodies. + + *) Bugfix: in the "proxy_limit_rate" directive when used with the + "keepalive" directive. + + *) Bugfix: some parts of a response might be buffered when using + "proxy_buffering off" if the client connection used SSL. + Thanks to Patryk Lesiewicz. + + *) Bugfix: in the "proxy_cache_background_update" directive. + + *) Bugfix: it was not possible to start a parameter with a variable in + the "${name}" form with the name in curly brackets without enclosing + the parameter into single or double quotes. + + Changes with nginx 1.13.7 21 Nov 2017 *) Bugfix: in the $upstream_status variable. | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/CHANGES.ru ^ |
| @@ -1,4 +1,103 @@ +Изменения в nginx 1.14.0 17.04.2018 + + *) Стабильная ветка 1.14.x. + + +Изменения в nginx 1.13.12 10.04.2018 + + *) Исправление: при возврате большого ответа соединения с gRPC-бэкендами + могли неожиданно закрываться. + + +Изменения в nginx 1.13.11 03.04.2018 + + *) Добавление: параметр proxy_protocol директивы listen теперь + поддерживает протокол PROXY версии 2. + + *) Исправление: nginx не собирался с OpenSSL 1.1.1 статически на Linux. + + *) Исправление: в параметрах http_404, http_500 и им подобных директивы + proxy_next_upstream. + + +Изменения в nginx 1.13.10 20.03.2018 + + *) Добавление: теперь параметр set в SSI-директиве include позволяет + сохранять в переменную любые ответы; максимальный размер ответа + задаётся директивой subrequest_output_buffer_size. + + *) Добавление: теперь nginx использует вызов + clock_gettime(CLOCK_MONOTONIC), если он доступен, что позволяет + избежать некорректного срабатывания таймаутов при изменениях + системного времени. + + *) Добавление: параметр "escape=none" директивы log_format. + Спасибо Johannes Baiter и Calin Don. + + *) Добавление: переменная $ssl_preread_alpn_protocols в модуле + ngx_stream_ssl_preread_module. + + *) Добавление: модуль ngx_http_grpc_module. + + *) Исправление: в обработке ошибок выделения памяти в директиве geo. + + *) Исправление: при использовании переменных в директиве + auth_basic_user_file в лог мог выводиться символ '\0'. + Спасибо Вадиму Филимонову. + + +Изменения в nginx 1.13.9 20.02.2018 + + *) Добавление: поддержка HTTP/2 server push; директивы http2_push и + http2_push_preload. + + *) Исправление: при использовании кэша в логах могли появляться + сообщения "header already sent"; ошибка появилась в 1.9.13. + + *) Исправление: при использовании директивы ssl_verify_client в рабочем + процессе мог произойти segmentation fault, если в виртуальном сервере + не был указан SSL-сертификат. + + *) Исправление: в модуле ngx_http_v2_module. + + *) Исправление: в модуле ngx_http_dav_module. + + +Изменения в nginx 1.13.8 26.12.2017 + + *) Добавление: теперь при использовании параметра transparent директив + proxy_bind, fastcgi_bind, memcached_bind, scgi_bind и uwsgi_bind + nginx автоматически сохраняет capability CAP_NET_RAW в рабочих + процессах. + + *) Добавление: улучшения в определении размера строки кэша процессора. + Спасибо Debayan Ghosh. + + *) Добавление: новые директивы в скриптах подсветки синтаксиса для vim. + Спасибо Геннадию Махомеду. + + *) Исправление: процедура обновления исполняемого файла не работала, + если после завершения родительского процесса новым родительским + процессом nginx'а становился процесс с PID, отличным от 1. + + *) Исправление: модуль ngx_http_autoindex_module неправильно обрабатывал + запросы с телом. + + *) Исправление: в директиве proxy_limit_rate при использовании с + директивой keepalive. + + *) Исправление: при использовании "proxy_buffering off" часть ответа + могла буферизироваться, если клиентское соединение использовало SSL. + Спасибо Patryk Lesiewicz. + + *) Исправление: в директиве proxy_cache_background_update. + + *) Исправление: переменную вида "${name}" с именем в фигурных скобках + нельзя было использовать в начале параметра не заключив весь параметр + в кавычки. + + Изменения в nginx 1.13.7 21.11.2017 *) Исправление: в переменной $upstream_status. | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/LICENSE ^ |
| @@ -1,6 +1,6 @@ /* - * Copyright (C) 2002-2017 Igor Sysoev - * Copyright (C) 2011-2017 Nginx, Inc. + * Copyright (C) 2002-2018 Igor Sysoev + * Copyright (C) 2011-2018 Nginx, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/auto/cc/clang ^ |
| @@ -5,7 +5,7 @@ # clang -NGX_CLANG_VER=`$CC -v 2>&1 | grep '\(clang\|LLVM\) version' 2>&1 \ +NGX_CLANG_VER=`$CC -v 2>&1 | grep 'version' 2>&1 \ | sed -e 's/^.* version \(.*\)/\1/'` echo " + clang version: $NGX_CLANG_VER" | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/auto/cc/name ^ |
| @@ -44,7 +44,11 @@ NGX_CC_NAME=gcc echo " + using GNU C compiler" -elif `$CC -v 2>&1 | grep '\(clang\|LLVM\) version' >/dev/null 2>&1`; then +elif `$CC -v 2>&1 | grep 'clang version' >/dev/null 2>&1`; then + NGX_CC_NAME=clang + echo " + using Clang C compiler" + +elif `$CC -v 2>&1 | grep 'LLVM version' >/dev/null 2>&1`; then NGX_CC_NAME=clang echo " + using Clang C compiler" | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/auto/lib/openssl/conf ^ |
| @@ -41,6 +41,7 @@ CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a" CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libcrypto.a" CORE_LIBS="$CORE_LIBS $NGX_LIBDL" + CORE_LIBS="$CORE_LIBS $NGX_LIBPTHREAD" if [ "$NGX_PLATFORM" = win32 ]; then CORE_LIBS="$CORE_LIBS -lgdi32 -lcrypt32 -lws2_32" @@ -59,7 +60,7 @@ ngx_feature_run=no ngx_feature_incs="#include <openssl/ssl.h>" ngx_feature_path= - ngx_feature_libs="-lssl -lcrypto $NGX_LIBDL" + ngx_feature_libs="-lssl -lcrypto $NGX_LIBDL $NGX_LIBPTHREAD" ngx_feature_test="SSL_CTX_set_options(NULL, 0)" . auto/feature @@ -71,11 +72,13 @@ ngx_feature_path="/usr/local/include" if [ $NGX_RPATH = YES ]; then - ngx_feature_libs="-R/usr/local/lib -L/usr/local/lib -lssl -lcrypto $NGX_LIBDL" + ngx_feature_libs="-R/usr/local/lib -L/usr/local/lib -lssl -lcrypto" else - ngx_feature_libs="-L/usr/local/lib -lssl -lcrypto $NGX_LIBDL" + ngx_feature_libs="-L/usr/local/lib -lssl -lcrypto" fi + ngx_feature_libs="$ngx_feature_libs $NGX_LIBDL $NGX_LIBPTHREAD" + . auto/feature fi @@ -87,11 +90,13 @@ ngx_feature_path="/usr/pkg/include" if [ $NGX_RPATH = YES ]; then - ngx_feature_libs="-R/usr/pkg/lib -L/usr/pkg/lib -lssl -lcrypto $NGX_LIBDL" + ngx_feature_libs="-R/usr/pkg/lib -L/usr/pkg/lib -lssl -lcrypto" else - ngx_feature_libs="-L/usr/pkg/lib -lssl -lcrypto $NGX_LIBDL" + ngx_feature_libs="-L/usr/pkg/lib -lssl -lcrypto" fi + ngx_feature_libs="$ngx_feature_libs $NGX_LIBDL $NGX_LIBPTHREAD" + . auto/feature fi @@ -103,11 +108,13 @@ ngx_feature_path="/opt/local/include" if [ $NGX_RPATH = YES ]; then - ngx_feature_libs="-R/opt/local/lib -L/opt/local/lib -lssl -lcrypto $NGX_LIBDL" + ngx_feature_libs="-R/opt/local/lib -L/opt/local/lib -lssl -lcrypto" else - ngx_feature_libs="-L/opt/local/lib -lssl -lcrypto $NGX_LIBDL" + ngx_feature_libs="-L/opt/local/lib -lssl -lcrypto" fi + ngx_feature_libs="$ngx_feature_libs $NGX_LIBDL $NGX_LIBPTHREAD" + . auto/feature fi | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/auto/lib/openssl/make ^ |
| @@ -51,7 +51,7 @@ $OPENSSL/.openssl/include/openssl/ssl.h: $NGX_MAKEFILE cd $OPENSSL \\ && if [ -f Makefile ]; then \$(MAKE) clean; fi \\ - && ./config --prefix=$ngx_prefix no-shared $OPENSSL_OPT \\ + && ./config --prefix=$ngx_prefix no-shared no-threads $OPENSSL_OPT \\ && \$(MAKE) \\ && \$(MAKE) install_sw LIBDIR=lib | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/auto/modules ^ |
| @@ -420,6 +420,7 @@ if [ $HTTP_V2 = YES ]; then have=NGX_HTTP_V2 . auto/have + have=NGX_HTTP_HEADERS . auto/have ngx_module_name=ngx_http_v2_module ngx_module_incs=src/http/v2 @@ -427,6 +428,7 @@ src/http/v2/ngx_http_v2_module.h" ngx_module_srcs="src/http/v2/ngx_http_v2.c \ src/http/v2/ngx_http_v2_table.c \ + src/http/v2/ngx_http_v2_encode.c \ src/http/v2/ngx_http_v2_huff_decode.c \ src/http/v2/ngx_http_v2_huff_encode.c \ src/http/v2/ngx_http_v2_module.c" @@ -741,6 +743,17 @@ . auto/module fi + + if [ $HTTP_GRPC = YES -a $HTTP_V2 = YES ]; then + ngx_module_name=ngx_http_grpc_module + ngx_module_incs= + ngx_module_deps= + ngx_module_srcs=src/http/modules/ngx_http_grpc_module.c + ngx_module_libs= + ngx_module_link=$HTTP_GRPC + + . auto/module + fi if [ $HTTP_PERL != NO ]; then ngx_module_name=ngx_http_perl_module | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/auto/options ^ |
| @@ -86,6 +86,7 @@ HTTP_FASTCGI=YES HTTP_UWSGI=YES HTTP_SCGI=YES +HTTP_GRPC=YES HTTP_PERL=NO HTTP_MEMCACHED=YES HTTP_LIMIT_CONN=YES @@ -262,6 +263,7 @@ --without-http_fastcgi_module) HTTP_FASTCGI=NO ;; --without-http_uwsgi_module) HTTP_UWSGI=NO ;; --without-http_scgi_module) HTTP_SCGI=NO ;; + --without-http_grpc_module) HTTP_GRPC=NO ;; --without-http_memcached_module) HTTP_MEMCACHED=NO ;; --without-http_limit_conn_module) HTTP_LIMIT_CONN=NO ;; --without-http_limit_req_module) HTTP_LIMIT_REQ=NO ;; @@ -471,6 +473,7 @@ --without-http_fastcgi_module disable ngx_http_fastcgi_module --without-http_uwsgi_module disable ngx_http_uwsgi_module --without-http_scgi_module disable ngx_http_scgi_module + --without-http_grpc_module disable ngx_http_grpc_module --without-http_memcached_module disable ngx_http_memcached_module --without-http_limit_conn_module disable ngx_http_limit_conn_module --without-http_limit_req_module disable ngx_http_limit_req_module | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/auto/os/conf ^ |
| @@ -110,6 +110,11 @@ NGX_MACH_CACHE_LINE=64 ;; + aarch64 ) + have=NGX_ALIGNMENT value=16 . auto/define + NGX_MACH_CACHE_LINE=64 + ;; + *) have=NGX_ALIGNMENT value=16 . auto/define NGX_MACH_CACHE_LINE=32 | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/auto/os/linux ^ |
| @@ -157,6 +157,38 @@ . auto/feature +# prctl(PR_SET_KEEPCAPS) + +ngx_feature="prctl(PR_SET_KEEPCAPS)" +ngx_feature_name="NGX_HAVE_PR_SET_KEEPCAPS" +ngx_feature_run=yes +ngx_feature_incs="#include <sys/prctl.h>" +ngx_feature_path= +ngx_feature_libs= +ngx_feature_test="if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1) return 1" +. auto/feature + + +# capabilities + +ngx_feature="capabilities" +ngx_feature_name="NGX_HAVE_CAPABILITIES" +ngx_feature_run=no +ngx_feature_incs="#include <linux/capability.h> + #include <sys/syscall.h>" +ngx_feature_path= +ngx_feature_libs= +ngx_feature_test="struct __user_cap_data_struct data; + struct __user_cap_header_struct header; + + header.version = _LINUX_CAPABILITY_VERSION_1; + data.effective = CAP_TO_MASK(CAP_NET_RAW); + data.permitted = 0; + + (void) SYS_capset" +. auto/feature + + # crypt_r() ngx_feature="crypt_r()" | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/auto/threads ^ |
| @@ -17,4 +17,5 @@ CORE_DEPS="$CORE_DEPS $THREAD_POOL_DEPS" CORE_SRCS="$CORE_SRCS $THREAD_POOL_SRCS" CORE_LIBS="$CORE_LIBS -lpthread" + NGX_LIBPTHREAD="-lpthread" fi | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/auto/unix ^ |
| @@ -342,7 +342,7 @@ . auto/feature -# NetBSD bind to any address for transparent proxying +# OpenBSD bind to any address for transparent proxying ngx_feature="SO_BINDANY" ngx_feature_name="NGX_HAVE_TRANSPARENT_PROXY" @@ -354,42 +354,42 @@ . auto/feature -# Linux IP_BIND_ADDRESS_NO_PORT +# Linux transparent proxying -ngx_feature="IP_BIND_ADDRESS_NO_PORT" -ngx_feature_name="NGX_HAVE_IP_BIND_ADDRESS_NO_PORT" +ngx_feature="IP_TRANSPARENT" +ngx_feature_name="NGX_HAVE_TRANSPARENT_PROXY" ngx_feature_run=no ngx_feature_incs="#include <sys/socket.h> #include <netinet/in.h>" ngx_feature_path= ngx_feature_libs= -ngx_feature_test="setsockopt(0, IPPROTO_IP, IP_BIND_ADDRESS_NO_PORT, NULL, 0)" +ngx_feature_test="setsockopt(0, IPPROTO_IP, IP_TRANSPARENT, NULL, 0)" . auto/feature -# Linux transparent proxying +# FreeBSD bind to any address for transparent proxying -ngx_feature="IP_TRANSPARENT" +ngx_feature="IP_BINDANY" ngx_feature_name="NGX_HAVE_TRANSPARENT_PROXY" ngx_feature_run=no ngx_feature_incs="#include <sys/socket.h> #include <netinet/in.h>" ngx_feature_path= ngx_feature_libs= -ngx_feature_test="setsockopt(0, IPPROTO_IP, IP_TRANSPARENT, NULL, 0)" +ngx_feature_test="setsockopt(0, IPPROTO_IP, IP_BINDANY, NULL, 0)" . auto/feature -# FreeBSD bind to any address for transparent proxying +# Linux IP_BIND_ADDRESS_NO_PORT -ngx_feature="IP_BINDANY" -ngx_feature_name="NGX_HAVE_TRANSPARENT_PROXY" +ngx_feature="IP_BIND_ADDRESS_NO_PORT" +ngx_feature_name="NGX_HAVE_IP_BIND_ADDRESS_NO_PORT" ngx_feature_run=no ngx_feature_incs="#include <sys/socket.h> #include <netinet/in.h>" ngx_feature_path= ngx_feature_libs= -ngx_feature_test="setsockopt(0, IPPROTO_IP, IP_BINDANY, NULL, 0)" +ngx_feature_test="setsockopt(0, IPPROTO_IP, IP_BIND_ADDRESS_NO_PORT, NULL, 0)" . auto/feature @@ -791,6 +791,30 @@ . auto/feature +ngx_feature="clock_gettime(CLOCK_MONOTONIC)" +ngx_feature_name="NGX_HAVE_CLOCK_MONOTONIC" +ngx_feature_run=no +ngx_feature_incs="#include <time.h>" +ngx_feature_path= +ngx_feature_libs= +ngx_feature_test="struct timespec ts; clock_gettime(CLOCK_MONOTONIC, &ts)" +. auto/feature + + +if [ $ngx_found = no ]; then + + # Linux before glibc 2.17, notably CentOS 6 + + ngx_feature="clock_gettime(CLOCK_MONOTONIC) in librt" + ngx_feature_libs="-lrt" + . auto/feature + + if [ $ngx_found = yes ]; then + CORE_LIBS="$CORE_LIBS -lrt" + fi +fi + + ngx_feature="posix_memalign()" ngx_feature_name="NGX_HAVE_POSIX_MEMALIGN" ngx_feature_run=no @@ -877,6 +901,7 @@ if [ $ngx_found = yes ]; then CORE_LIBS="$CORE_LIBS -lpthread" + NGX_LIBPTHREAD="-lpthread" fi fi @@ -964,6 +989,16 @@ . auto/feature +ngx_feature="sysconf(_SC_LEVEL1_DCACHE_LINESIZE)" +ngx_feature_name="NGX_HAVE_LEVEL1_DCACHE_LINESIZE" +ngx_feature_run=no +ngx_feature_incs= +ngx_feature_path= +ngx_feature_libs= +ngx_feature_test="sysconf(_SC_LEVEL1_DCACHE_LINESIZE)" +. auto/feature + + ngx_feature="openat(), fstatat()" ngx_feature_name="NGX_HAVE_OPENAT" ngx_feature_run=no | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/contrib/vim/syntax/nginx.vim ^ |
| @@ -15,7 +15,7 @@ syn match ngxName '\([^;{} \t\\]\|\\.\)\+' \ contains=@ngxDirectives \ nextgroup=@ngxParams skipwhite skipempty -syn match ngxParam '\([^;{ \t\\]\|\\.\)\+' +syn match ngxParam '\(\${\|[^;{ \t\\]\|\\.\)\+' \ contained \ contains=ngxVariable \ nextgroup=@ngxParams skipwhite skipempty @@ -29,7 +29,7 @@ \ contains=@ngxTopLevel syn match ngxComment '#.*$' -syn match ngxVariable '\$\w\+' contained +syn match ngxVariable '\$\(\w\+\|{\w\+}\)' contained syn match ngxVariableString '\$\(\w\+\|{\w\+}\)' contained syn cluster ngxTopLevel @@ -37,7 +37,7 @@ syn cluster ngxDirectives \ contains=ngxDirective,ngxDirectiveBlock,ngxDirectiveImportant \ add=ngxDirectiveControl,ngxDirectiveError,ngxDirectiveDeprecated - \ add=ngxDirectiveThirdParty + \ add=ngxDirectiveThirdParty,ngxDirectiveThirdPartyDeprecated syn cluster ngxParams \ contains=ngxParam,ngxString,ngxParamComment,ngxSemicolon,ngxBlock @@ -52,7 +52,7 @@ syn cluster ngxTopLevel add=ngxDirectiveListen syn keyword ngxDirectiveListen listen \ nextgroup=@ngxListenParams skipwhite skipempty -syn match ngxListenParam '\([^;{ \t\\]\|\\.\)\+' +syn match ngxListenParam '\(\${\|[^;{ \t\\]\|\\.\)\+' \ contained \ nextgroup=@ngxListenParams skipwhite skipempty syn region ngxListenString start=+\z(["']\)+ end=+\z1+ skip=+\\\\\|\\\z1+ @@ -62,15 +62,19 @@ \ contained \ nextgroup=@ngxListenParams skipwhite skipempty syn keyword ngxListenOptions contained - \ default_server ssl http2 spdy proxy_protocol + \ default_server ssl http2 proxy_protocol \ setfib fastopen backlog rcvbuf sndbuf accept_filter deferred bind - \ ipv6only reuseport so_keepalive keepidle + \ ipv6only reuseport so_keepalive + \ nextgroup=@ngxListenParams skipwhite skipempty +syn keyword ngxListenOptionsDeprecated contained + \ spdy \ nextgroup=@ngxListenParams skipwhite skipempty syn cluster ngxListenParams \ contains=ngxListenParam,ngxListenString,ngxListenComment - \ add=ngxListenOptions + \ add=ngxListenOptions,ngxListenOptionsDeprecated syn keyword ngxDirectiveBlock contained http +syn keyword ngxDirectiveBlock contained stream syn keyword ngxDirectiveBlock contained mail syn keyword ngxDirectiveBlock contained events syn keyword ngxDirectiveBlock contained server @@ -83,12 +87,11 @@ syn keyword ngxDirectiveBlock contained geo syn keyword ngxDirectiveBlock contained map syn keyword ngxDirectiveBlock contained split_clients +syn keyword ngxDirectiveBlock contained match syn keyword ngxDirectiveImportant contained include syn keyword ngxDirectiveImportant contained root -"syn keyword ngxDirectiveImportant contained server syn keyword ngxDirectiveImportant contained server_name -"syn keyword ngxDirectiveImportant contained listen syn keyword ngxDirectiveImportant contained internal syn keyword ngxDirectiveImportant contained proxy_pass syn keyword ngxDirectiveImportant contained memcached_pass @@ -105,14 +108,17 @@ syn keyword ngxDirectiveError contained error_page syn keyword ngxDirectiveError contained post_action -syn keyword ngxDirectiveDeprecated contained connections -syn keyword ngxDirectiveDeprecated contained imap -syn keyword ngxDirectiveDeprecated contained limit_zone -syn keyword ngxDirectiveDeprecated contained mysql_test -syn keyword ngxDirectiveDeprecated contained open_file_cache_retest -syn keyword ngxDirectiveDeprecated contained optimize_server_names -syn keyword ngxDirectiveDeprecated contained satisfy_any -syn keyword ngxDirectiveDeprecated contained so_keepalive +syn keyword ngxDirectiveDeprecated contained proxy_downstream_buffer +syn keyword ngxDirectiveDeprecated contained proxy_upstream_buffer +syn keyword ngxDirectiveDeprecated contained spdy_chunk_size +syn keyword ngxDirectiveDeprecated contained spdy_headers_comp +syn keyword ngxDirectiveDeprecated contained spdy_keepalive_timeout +syn keyword ngxDirectiveDeprecated contained spdy_max_concurrent_streams +syn keyword ngxDirectiveDeprecated contained spdy_pool_size +syn keyword ngxDirectiveDeprecated contained spdy_recv_buffer_size +syn keyword ngxDirectiveDeprecated contained spdy_recv_timeout +syn keyword ngxDirectiveDeprecated contained spdy_streams_index_size +syn keyword ngxDirectiveDeprecated contained upstream_conf syn keyword ngxDirective contained absolute_redirect syn keyword ngxDirective contained accept_mutex @@ -122,6 +128,7 @@ syn keyword ngxDirective contained add_after_body syn keyword ngxDirective contained add_before_body syn keyword ngxDirective contained add_header +syn keyword ngxDirective contained add_trailer syn keyword ngxDirective contained addition_types syn keyword ngxDirective contained aio syn keyword ngxDirective contained aio_write @@ -144,7 +151,6 @@ syn keyword ngxDirective contained autoindex_format syn keyword ngxDirective contained autoindex_localtime syn keyword ngxDirective contained charset -syn keyword ngxDirective contained charset_map syn keyword ngxDirective contained charset_types syn keyword ngxDirective contained chunked_transfer_encoding syn keyword ngxDirective contained client_body_buffer_size @@ -186,6 +192,7 @@ syn keyword ngxDirective contained fastcgi_buffers syn keyword ngxDirective contained fastcgi_busy_buffers_size syn keyword ngxDirective contained fastcgi_cache +syn keyword ngxDirective contained fastcgi_cache_background_update syn keyword ngxDirective contained fastcgi_cache_bypass syn keyword ngxDirective contained fastcgi_cache_key syn keyword ngxDirective contained fastcgi_cache_lock @@ -234,6 +241,32 @@ syn keyword ngxDirective contained geoip_proxy syn keyword ngxDirective contained geoip_proxy_recursive syn keyword ngxDirective contained google_perftools_profiles +syn keyword ngxDirective contained grpc_bind +syn keyword ngxDirective contained grpc_buffer_size +syn keyword ngxDirective contained grpc_connect_timeout +syn keyword ngxDirective contained grpc_hide_header +syn keyword ngxDirective contained grpc_ignore_headers +syn keyword ngxDirective contained grpc_intercept_errors +syn keyword ngxDirective contained grpc_next_upstream +syn keyword ngxDirective contained grpc_next_upstream_timeout +syn keyword ngxDirective contained grpc_next_upstream_tries +syn keyword ngxDirective contained grpc_pass +syn keyword ngxDirective contained grpc_pass_header +syn keyword ngxDirective contained grpc_read_timeout +syn keyword ngxDirective contained grpc_send_timeout +syn keyword ngxDirective contained grpc_set_header +syn keyword ngxDirective contained grpc_ssl_certificate +syn keyword ngxDirective contained grpc_ssl_certificate_key +syn keyword ngxDirective contained grpc_ssl_ciphers +syn keyword ngxDirective contained grpc_ssl_crl +syn keyword ngxDirective contained grpc_ssl_name +syn keyword ngxDirective contained grpc_ssl_password_file +syn keyword ngxDirective contained grpc_ssl_protocols +syn keyword ngxDirective contained grpc_ssl_server_name +syn keyword ngxDirective contained grpc_ssl_session_reuse +syn keyword ngxDirective contained grpc_ssl_trusted_certificate +syn keyword ngxDirective contained grpc_ssl_verify +syn keyword ngxDirective contained grpc_ssl_verify_depth syn keyword ngxDirective contained gunzip syn keyword ngxDirective contained gunzip_buffers syn keyword ngxDirective contained gzip @@ -258,15 +291,20 @@ syn keyword ngxDirective contained hls_fragment syn keyword ngxDirective contained hls_mp4_buffer_size syn keyword ngxDirective contained hls_mp4_max_buffer_size -syn keyword ngxDirective contained http2_chunk_size syn keyword ngxDirective contained http2_body_preread_size +syn keyword ngxDirective contained http2_chunk_size syn keyword ngxDirective contained http2_idle_timeout +syn keyword ngxDirective contained http2_max_concurrent_pushes syn keyword ngxDirective contained http2_max_concurrent_streams syn keyword ngxDirective contained http2_max_field_size syn keyword ngxDirective contained http2_max_header_size syn keyword ngxDirective contained http2_max_requests +syn keyword ngxDirective contained http2_pool_size +syn keyword ngxDirective contained http2_push +syn keyword ngxDirective contained http2_push_preload syn keyword ngxDirective contained http2_recv_buffer_size syn keyword ngxDirective contained http2_recv_timeout +syn keyword ngxDirective contained http2_streams_index_size syn keyword ngxDirective contained if_modified_since syn keyword ngxDirective contained ignore_invalid_headers syn keyword ngxDirective contained image_filter @@ -317,7 +355,6 @@ syn keyword ngxDirective contained log_subrequest syn keyword ngxDirective contained map_hash_bucket_size syn keyword ngxDirective contained map_hash_max_size -syn keyword ngxDirective contained match syn keyword ngxDirective contained master_process syn keyword ngxDirective contained max_ranges syn keyword ngxDirective contained memcached_bind @@ -332,6 +369,8 @@ syn keyword ngxDirective contained memcached_send_timeout syn keyword ngxDirective contained merge_slashes syn keyword ngxDirective contained min_delete_depth +syn keyword ngxDirective contained mirror +syn keyword ngxDirective contained mirror_request_body syn keyword ngxDirective contained modern_browser syn keyword ngxDirective contained modern_browser_value syn keyword ngxDirective contained mp4 @@ -374,6 +413,7 @@ syn keyword ngxDirective contained proxy_buffers syn keyword ngxDirective contained proxy_busy_buffers_size syn keyword ngxDirective contained proxy_cache +syn keyword ngxDirective contained proxy_cache_background_update syn keyword ngxDirective contained proxy_cache_bypass syn keyword ngxDirective contained proxy_cache_convert_head syn keyword ngxDirective contained proxy_cache_key @@ -421,6 +461,7 @@ syn keyword ngxDirective contained proxy_send_timeout syn keyword ngxDirective contained proxy_set_body syn keyword ngxDirective contained proxy_set_header +syn keyword ngxDirective contained proxy_ssl syn keyword ngxDirective contained proxy_ssl_certificate syn keyword ngxDirective contained proxy_ssl_certificate_key syn keyword ngxDirective contained proxy_ssl_ciphers @@ -452,10 +493,6 @@ syn keyword ngxDirective contained resolver syn keyword ngxDirective contained resolver_timeout syn keyword ngxDirective contained rewrite_log -syn keyword ngxDirective contained rtsig_overflow_events -syn keyword ngxDirective contained rtsig_overflow_test -syn keyword ngxDirective contained rtsig_overflow_threshold -syn keyword ngxDirective contained rtsig_signo syn keyword ngxDirective contained satisfy syn keyword ngxDirective contained scgi_bind syn keyword ngxDirective contained scgi_buffer_size @@ -463,6 +500,7 @@ syn keyword ngxDirective contained scgi_buffers syn keyword ngxDirective contained scgi_busy_buffers_size syn keyword ngxDirective contained scgi_cache +syn keyword ngxDirective contained scgi_cache_background_update syn keyword ngxDirective contained scgi_cache_bypass syn keyword ngxDirective contained scgi_cache_key syn keyword ngxDirective contained scgi_cache_lock @@ -520,14 +558,6 @@ syn keyword ngxDirective contained smtp_client_buffer syn keyword ngxDirective contained smtp_greeting_delay syn keyword ngxDirective contained source_charset -syn keyword ngxDirective contained spdy_chunk_size -syn keyword ngxDirective contained spdy_headers_comp -syn keyword ngxDirective contained spdy_keepalive_timeout -syn keyword ngxDirective contained spdy_max_concurrent_streams -syn keyword ngxDirective contained spdy_pool_size -syn keyword ngxDirective contained spdy_recv_buffer_size -syn keyword ngxDirective contained spdy_recv_timeout -syn keyword ngxDirective contained spdy_streams_index_size syn keyword ngxDirective contained ssi syn keyword ngxDirective contained ssi_ignore_recycled_buffers syn keyword ngxDirective contained ssi_last_modified @@ -573,17 +603,16 @@ syn keyword ngxDirective contained sub_filter_last_modified syn keyword ngxDirective contained sub_filter_once syn keyword ngxDirective contained sub_filter_types +syn keyword ngxDirective contained subrequest_output_buffer_size syn keyword ngxDirective contained tcp_nodelay syn keyword ngxDirective contained tcp_nopush syn keyword ngxDirective contained thread_pool -syn keyword ngxDirective contained thread_stack_size syn keyword ngxDirective contained timeout syn keyword ngxDirective contained timer_resolution syn keyword ngxDirective contained types_hash_bucket_size syn keyword ngxDirective contained types_hash_max_size syn keyword ngxDirective contained underscores_in_headers syn keyword ngxDirective contained uninitialized_variable_warn -syn keyword ngxDirective contained upstream_conf syn keyword ngxDirective contained use syn keyword ngxDirective contained user syn keyword ngxDirective contained userid @@ -600,11 +629,13 @@ syn keyword ngxDirective contained uwsgi_buffers syn keyword ngxDirective contained uwsgi_busy_buffers_size syn keyword ngxDirective contained uwsgi_cache +syn keyword ngxDirective contained uwsgi_cache_background_update syn keyword ngxDirective contained uwsgi_cache_bypass syn keyword ngxDirective contained uwsgi_cache_key syn keyword ngxDirective contained uwsgi_cache_lock syn keyword ngxDirective contained uwsgi_cache_lock_age syn keyword ngxDirective contained uwsgi_cache_lock_timeout +syn keyword ngxDirective contained uwsgi_cache_max_range_offset syn keyword ngxDirective contained uwsgi_cache_methods syn keyword ngxDirective contained uwsgi_cache_min_uses syn keyword ngxDirective contained uwsgi_cache_path @@ -627,7 +658,6 @@ syn keyword ngxDirective contained uwsgi_next_upstream_tries syn keyword ngxDirective contained uwsgi_no_cache syn keyword ngxDirective contained uwsgi_param -syn keyword ngxDirective contained uwsgi_pass syn keyword ngxDirective contained uwsgi_pass_header syn keyword ngxDirective contained uwsgi_pass_request_body syn keyword ngxDirective contained uwsgi_pass_request_headers @@ -661,8 +691,7 @@ syn keyword ngxDirective contained worker_processes syn keyword ngxDirective contained worker_rlimit_core syn keyword ngxDirective contained worker_rlimit_nofile -syn keyword ngxDirective contained worker_rlimit_sigpending -syn keyword ngxDirective contained worker_threads +syn keyword ngxDirective contained worker_shutdown_timeout syn keyword ngxDirective contained working_directory syn keyword ngxDirective contained xclient syn keyword ngxDirective contained xml_entities @@ -673,529 +702,621 @@ syn keyword ngxDirective contained xslt_types syn keyword ngxDirective contained zone -" 3rd party module list: -" https://www.nginx.com/resources/wiki/modules/ +" 3rd party modules list taken from +" https://github.com/freebsd/freebsd-ports/blob/master/www/nginx-devel/Makefile +" ----------------------------------------------------------------------------- -" Accept Language Module <https://www.nginx.com/resources/wiki/modules/accept_language/> -" Parses the Accept-Language header and gives the most suitable locale from a list of supported locales. +" Accept Language +" https://github.com/giom/nginx_accept_language_module syn keyword ngxDirectiveThirdParty contained set_from_accept_language -" Access Key Module (DEPRECATED) <http://wiki.nginx.org/NginxHttpAccessKeyModule> -" Denies access unless the request URL contains an access key. -syn keyword ngxDirectiveDeprecated contained accesskey -syn keyword ngxDirectiveDeprecated contained accesskey_arg -syn keyword ngxDirectiveDeprecated contained accesskey_hashmethod -syn keyword ngxDirectiveDeprecated contained accesskey_signature - -" Asynchronous FastCGI Module <https://github.com/rsms/afcgi> -" Primarily a modified version of the Nginx FastCGI module which implements multiplexing of connections, allowing a single FastCGI server to handle many concurrent requests. -" syn keyword ngxDirectiveThirdParty contained fastcgi_bind -" syn keyword ngxDirectiveThirdParty contained fastcgi_buffer_size -" syn keyword ngxDirectiveThirdParty contained fastcgi_buffers -" syn keyword ngxDirectiveThirdParty contained fastcgi_busy_buffers_size -" syn keyword ngxDirectiveThirdParty contained fastcgi_cache -" syn keyword ngxDirectiveThirdParty contained fastcgi_cache_key -" syn keyword ngxDirectiveThirdParty contained fastcgi_cache_methods -" syn keyword ngxDirectiveThirdParty contained fastcgi_cache_min_uses -" syn keyword ngxDirectiveThirdParty contained fastcgi_cache_path -" syn keyword ngxDirectiveThirdParty contained fastcgi_cache_use_stale -" syn keyword ngxDirectiveThirdParty contained fastcgi_cache_valid -" syn keyword ngxDirectiveThirdParty contained fastcgi_catch_stderr -" syn keyword ngxDirectiveThirdParty contained fastcgi_connect_timeout -" syn keyword ngxDirectiveThirdParty contained fastcgi_hide_header -" syn keyword ngxDirectiveThirdParty contained fastcgi_ignore_client_abort -" syn keyword ngxDirectiveThirdParty contained fastcgi_ignore_headers -" syn keyword ngxDirectiveThirdParty contained fastcgi_index -" syn keyword ngxDirectiveThirdParty contained fastcgi_intercept_errors -" syn keyword ngxDirectiveThirdParty contained fastcgi_max_temp_file_size -" syn keyword ngxDirectiveThirdParty contained fastcgi_next_upstream -" syn keyword ngxDirectiveThirdParty contained fastcgi_param -" syn keyword ngxDirectiveThirdParty contained fastcgi_pass -" syn keyword ngxDirectiveThirdParty contained fastcgi_pass_header -" syn keyword ngxDirectiveThirdParty contained fastcgi_pass_request_body -" syn keyword ngxDirectiveThirdParty contained fastcgi_pass_request_headers -" syn keyword ngxDirectiveThirdParty contained fastcgi_read_timeout -" syn keyword ngxDirectiveThirdParty contained fastcgi_send_lowat -" syn keyword ngxDirectiveThirdParty contained fastcgi_send_timeout -" syn keyword ngxDirectiveThirdParty contained fastcgi_split_path_info -" syn keyword ngxDirectiveThirdParty contained fastcgi_store -" syn keyword ngxDirectiveThirdParty contained fastcgi_store_access -" syn keyword ngxDirectiveThirdParty contained fastcgi_temp_file_write_size -" syn keyword ngxDirectiveThirdParty contained fastcgi_temp_path -syn keyword ngxDirectiveDeprecated contained fastcgi_upstream_fail_timeout -syn keyword ngxDirectiveDeprecated contained fastcgi_upstream_max_fails +" Digest Authentication +" https://github.com/atomx/nginx-http-auth-digest +syn keyword ngxDirectiveThirdParty contained auth_digest +syn keyword ngxDirectiveThirdParty contained auth_digest_drop_time +syn keyword ngxDirectiveThirdParty contained auth_digest_evasion_time +syn keyword ngxDirectiveThirdParty contained auth_digest_expires +syn keyword ngxDirectiveThirdParty contained auth_digest_maxtries +syn keyword ngxDirectiveThirdParty contained auth_digest_replays +syn keyword ngxDirectiveThirdParty contained auth_digest_shm_size +syn keyword ngxDirectiveThirdParty contained auth_digest_timeout +syn keyword ngxDirectiveThirdParty contained auth_digest_user_file -" Akamai G2O Module <https://github.com/kaltura/nginx_mod_akamai_g2o> -" Nginx Module for Authenticating Akamai G2O requests -syn keyword ngxDirectiveThirdParty contained g2o -syn keyword ngxDirectiveThirdParty contained g2o_nonce -syn keyword ngxDirectiveThirdParty contained g2o_key +" SPNEGO Authentication +" https://github.com/stnoonan/spnego-http-auth-nginx-module +syn keyword ngxDirectiveThirdParty contained auth_gss +syn keyword ngxDirectiveThirdParty contained auth_gss_allow_basic_fallback +syn keyword ngxDirectiveThirdParty contained auth_gss_authorized_principal +syn keyword ngxDirectiveThirdParty contained auth_gss_force_realm +syn keyword ngxDirectiveThirdParty contained auth_gss_format_full +syn keyword ngxDirectiveThirdParty contained auth_gss_keytab +syn keyword ngxDirectiveThirdParty contained auth_gss_realm +syn keyword ngxDirectiveThirdParty contained auth_gss_service_name -" Lua Module <https://github.com/alacner/nginx_lua_module> -" You can be very simple to execute lua code for nginx -syn keyword ngxDirectiveThirdParty contained lua_file +" LDAP Authentication +" https://github.com/kvspb/nginx-auth-ldap +syn keyword ngxDirectiveThirdParty contained auth_ldap +syn keyword ngxDirectiveThirdParty contained auth_ldap_cache_enabled +syn keyword ngxDirectiveThirdParty contained auth_ldap_cache_expiration_time +syn keyword ngxDirectiveThirdParty contained auth_ldap_cache_size +syn keyword ngxDirectiveThirdParty contained auth_ldap_servers +syn keyword ngxDirectiveThirdParty contained auth_ldap_servers_size +syn keyword ngxDirectiveThirdParty contained ldap_server -" Array Variable Module <https://github.com/openresty/array-var-nginx-module> -" Add support for array-typed variables to nginx config files -syn keyword ngxDirectiveThirdParty contained array_split -syn keyword ngxDirectiveThirdParty contained array_join -syn keyword ngxDirectiveThirdParty contained array_map -syn keyword ngxDirectiveThirdParty contained array_map_op +" PAM Authentication +" https://github.com/sto/ngx_http_auth_pam_module +syn keyword ngxDirectiveThirdParty contained auth_pam +syn keyword ngxDirectiveThirdParty contained auth_pam_service_name +syn keyword ngxDirectiveThirdParty contained auth_pam_set_pam_env -" Nginx Audio Track for HTTP Live Streaming <https://github.com/flavioribeiro/nginx-audio-track-for-hls-module> -" This nginx module generates audio track for hls streams on the fly. -syn keyword ngxDirectiveThirdParty contained ngx_hls_audio_track -syn keyword ngxDirectiveThirdParty contained ngx_hls_audio_track_rootpath -syn keyword ngxDirectiveThirdParty contained ngx_hls_audio_track_output_format -syn keyword ngxDirectiveThirdParty contained ngx_hls_audio_track_output_header +" AJP protocol proxy +" https://github.com/yaoweibin/nginx_ajp_module +syn keyword ngxDirectiveThirdParty contained ajp_buffer_size +syn keyword ngxDirectiveThirdParty contained ajp_buffers +syn keyword ngxDirectiveThirdParty contained ajp_busy_buffers_size +syn keyword ngxDirectiveThirdParty contained ajp_cache +syn keyword ngxDirectiveThirdParty contained ajp_cache_key +syn keyword ngxDirectiveThirdParty contained ajp_cache_lock +syn keyword ngxDirectiveThirdParty contained ajp_cache_lock_timeout +syn keyword ngxDirectiveThirdParty contained ajp_cache_methods +syn keyword ngxDirectiveThirdParty contained ajp_cache_min_uses +syn keyword ngxDirectiveThirdParty contained ajp_cache_path +syn keyword ngxDirectiveThirdParty contained ajp_cache_use_stale +syn keyword ngxDirectiveThirdParty contained ajp_cache_valid +syn keyword ngxDirectiveThirdParty contained ajp_connect_timeout +syn keyword ngxDirectiveThirdParty contained ajp_header_packet_buffer_size +syn keyword ngxDirectiveThirdParty contained ajp_hide_header +syn keyword ngxDirectiveThirdParty contained ajp_ignore_client_abort +syn keyword ngxDirectiveThirdParty contained ajp_ignore_headers +syn keyword ngxDirectiveThirdParty contained ajp_intercept_errors +syn keyword ngxDirectiveThirdParty contained ajp_keep_conn +syn keyword ngxDirectiveThirdParty contained ajp_max_data_packet_size +syn keyword ngxDirectiveThirdParty contained ajp_max_temp_file_size +syn keyword ngxDirectiveThirdParty contained ajp_next_upstream +syn keyword ngxDirectiveThirdParty contained ajp_pass +syn keyword ngxDirectiveThirdParty contained ajp_pass_header +syn keyword ngxDirectiveThirdParty contained ajp_pass_request_body +syn keyword ngxDirectiveThirdParty contained ajp_pass_request_headers +syn keyword ngxDirectiveThirdParty contained ajp_read_timeout +syn keyword ngxDirectiveThirdParty contained ajp_send_lowat +syn keyword ngxDirectiveThirdParty contained ajp_send_timeout +syn keyword ngxDirectiveThirdParty contained ajp_store +syn keyword ngxDirectiveThirdParty contained ajp_store_access +syn keyword ngxDirectiveThirdParty contained ajp_temp_file_write_size +syn keyword ngxDirectiveThirdParty contained ajp_temp_path +syn keyword ngxDirectiveThirdParty contained ajp_upstream_fail_timeout +syn keyword ngxDirectiveThirdParty contained ajp_upstream_max_fails -" AWS Proxy Module <https://github.com/anomalizer/ngx_aws_auth> -" Nginx module to proxy to authenticated AWS services +" AWS proxy +" https://github.com/anomalizer/ngx_aws_auth syn keyword ngxDirectiveThirdParty contained aws_access_key -syn keyword ngxDirectiveThirdParty contained aws_key_scope -syn keyword ngxDirectiveThirdParty contained aws_signing_key syn keyword ngxDirectiveThirdParty contained aws_endpoint +syn keyword ngxDirectiveThirdParty contained aws_key_scope syn keyword ngxDirectiveThirdParty contained aws_s3_bucket syn keyword ngxDirectiveThirdParty contained aws_sign +syn keyword ngxDirectiveThirdParty contained aws_signing_key -" Backtrace module <https://github.com/alibaba/nginx-backtrace> -" A Nginx module to dump backtrace when a worker process exits abnormally -syn keyword ngxDirectiveThirdParty contained backtrace_log -syn keyword ngxDirectiveThirdParty contained backtrace_max_stack_size - -" Brotli Module <https://github.com/google/ngx_brotli> -" Nginx module for Brotli compression -syn keyword ngxDirectiveThirdParty contained brotli_static -syn keyword ngxDirectiveThirdParty contained brotli -syn keyword ngxDirectiveThirdParty contained brotli_types -syn keyword ngxDirectiveThirdParty contained brotli_buffers -syn keyword ngxDirectiveThirdParty contained brotli_comp_level -syn keyword ngxDirectiveThirdParty contained brotli_window -syn keyword ngxDirectiveThirdParty contained brotli_min_length - -" Cache Purge Module <https://github.com/FRiCKLE/ngx_cache_purge> -" Adds ability to purge content from FastCGI, proxy, SCGI and uWSGI caches. -syn keyword ngxDirectiveThirdParty contained fastcgi_cache_purge -syn keyword ngxDirectiveThirdParty contained proxy_cache_purge -" syn keyword ngxDirectiveThirdParty contained scgi_cache_purge -" syn keyword ngxDirectiveThirdParty contained uwsgi_cache_purge - -" Chunkin Module (DEPRECATED) <http://wiki.nginx.org/NginxHttpChunkinModule> -" HTTP 1.1 chunked-encoding request body support for Nginx. -syn keyword ngxDirectiveDeprecated contained chunkin -syn keyword ngxDirectiveDeprecated contained chunkin_keepalive -syn keyword ngxDirectiveDeprecated contained chunkin_max_chunks_per_buf -syn keyword ngxDirectiveDeprecated contained chunkin_resume - -" Circle GIF Module <https://github.com/evanmiller/nginx_circle_gif> -" Generates simple circle images with the colors and size specified in the URL. -syn keyword ngxDirectiveThirdParty contained circle_gif -syn keyword ngxDirectiveThirdParty contained circle_gif_max_radius -syn keyword ngxDirectiveThirdParty contained circle_gif_min_radius -syn keyword ngxDirectiveThirdParty contained circle_gif_step_radius - -" Nginx-Clojure Module <http://nginx-clojure.github.io/index.html> -" Parses the Accept-Language header and gives the most suitable locale from a list of supported locales. -syn keyword ngxDirectiveThirdParty contained jvm_path -syn keyword ngxDirectiveThirdParty contained jvm_var +" embedding Clojure or Java or Groovy programs +" https://github.com/nginx-clojure/nginx-clojure +syn keyword ngxDirectiveThirdParty contained access_handler_code +syn keyword ngxDirectiveThirdParty contained access_handler_name +syn keyword ngxDirectiveThirdParty contained access_handler_property +syn keyword ngxDirectiveThirdParty contained access_handler_type +syn keyword ngxDirectiveThirdParty contained always_read_body +syn keyword ngxDirectiveThirdParty contained auto_upgrade_ws +syn keyword ngxDirectiveThirdParty contained body_filter_code +syn keyword ngxDirectiveThirdParty contained body_filter_name +syn keyword ngxDirectiveThirdParty contained body_filter_property +syn keyword ngxDirectiveThirdParty contained body_filter_type +syn keyword ngxDirectiveThirdParty contained content_handler_code +syn keyword ngxDirectiveThirdParty contained content_handler_name +syn keyword ngxDirectiveThirdParty contained content_handler_property +syn keyword ngxDirectiveThirdParty contained content_handler_type +syn keyword ngxDirectiveThirdParty contained handler_code +syn keyword ngxDirectiveThirdParty contained handler_name +syn keyword ngxDirectiveThirdParty contained handler_type +syn keyword ngxDirectiveThirdParty contained handlers_lazy_init +syn keyword ngxDirectiveThirdParty contained header_filter_code +syn keyword ngxDirectiveThirdParty contained header_filter_name +syn keyword ngxDirectiveThirdParty contained header_filter_property +syn keyword ngxDirectiveThirdParty contained header_filter_type syn keyword ngxDirectiveThirdParty contained jvm_classpath syn keyword ngxDirectiveThirdParty contained jvm_classpath_check -syn keyword ngxDirectiveThirdParty contained jvm_workers -syn keyword ngxDirectiveThirdParty contained jvm_options +syn keyword ngxDirectiveThirdParty contained jvm_exit_handler_code +syn keyword ngxDirectiveThirdParty contained jvm_exit_handler_name syn keyword ngxDirectiveThirdParty contained jvm_handler_type -syn keyword ngxDirectiveThirdParty contained jvm_init_handler_name syn keyword ngxDirectiveThirdParty contained jvm_init_handler_code -syn keyword ngxDirectiveThirdParty contained jvm_exit_handler_name -syn keyword ngxDirectiveThirdParty contained jvm_exit_handler_code -syn keyword ngxDirectiveThirdParty contained handlers_lazy_init -syn keyword ngxDirectiveThirdParty contained auto_upgrade_ws -syn keyword ngxDirectiveThirdParty contained content_handler_type -syn keyword ngxDirectiveThirdParty contained content_handler_name -syn keyword ngxDirectiveThirdParty contained content_handler_code -syn keyword ngxDirectiveThirdParty contained rewrite_handler_type -syn keyword ngxDirectiveThirdParty contained rewrite_handler_name +syn keyword ngxDirectiveThirdParty contained jvm_init_handler_name +syn keyword ngxDirectiveThirdParty contained jvm_options +syn keyword ngxDirectiveThirdParty contained jvm_path +syn keyword ngxDirectiveThirdParty contained jvm_var +syn keyword ngxDirectiveThirdParty contained jvm_workers +syn keyword ngxDirectiveThirdParty contained max_balanced_tcp_connections syn keyword ngxDirectiveThirdParty contained rewrite_handler_code -syn keyword ngxDirectiveThirdParty contained access_handler_type -syn keyword ngxDirectiveThirdParty contained access_handler_name -syn keyword ngxDirectiveThirdParty contained access_handler_code -syn keyword ngxDirectiveThirdParty contained header_filter_type -syn keyword ngxDirectiveThirdParty contained header_filter_name -syn keyword ngxDirectiveThirdParty contained header_filter_code -syn keyword ngxDirectiveThirdParty contained content_handler_property +syn keyword ngxDirectiveThirdParty contained rewrite_handler_name syn keyword ngxDirectiveThirdParty contained rewrite_handler_property -syn keyword ngxDirectiveThirdParty contained access_handler_property -syn keyword ngxDirectiveThirdParty contained header_filter_property -syn keyword ngxDirectiveThirdParty contained always_read_body +syn keyword ngxDirectiveThirdParty contained rewrite_handler_type syn keyword ngxDirectiveThirdParty contained shared_map syn keyword ngxDirectiveThirdParty contained write_page_size -" Upstream Consistent Hash <https://www.nginx.com/resources/wiki/modules/consistent_hash/> -" A load balancer that uses an internal consistent hash ring to select the right backend node. -syn keyword ngxDirectiveThirdParty contained consistent_hash - -" Nginx Development Kit <https://github.com/simpl/ngx_devel_kit> -" The NDK is an Nginx module that is designed to extend the core functionality of the excellent Nginx webserver in a way that can be used as a basis of other Nginx modules. -" NDK_UPSTREAM_LIST -" This submodule provides a directive that creates a list of upstreams, with optional weighting. This list can then be used by other modules to hash over the upstreams however they choose. -syn keyword ngxDirectiveThirdParty contained upstream_list - -" Drizzle Module <https://www.nginx.com/resources/wiki/modules/drizzle/> -" Upstream module for talking to MySQL and Drizzle directly -syn keyword ngxDirectiveThirdParty contained drizzle_server -syn keyword ngxDirectiveThirdParty contained drizzle_keepalive -syn keyword ngxDirectiveThirdParty contained drizzle_query -syn keyword ngxDirectiveThirdParty contained drizzle_pass -syn keyword ngxDirectiveThirdParty contained drizzle_connect_timeout -syn keyword ngxDirectiveThirdParty contained drizzle_send_query_timeout -syn keyword ngxDirectiveThirdParty contained drizzle_recv_cols_timeout -syn keyword ngxDirectiveThirdParty contained drizzle_recv_rows_timeout -syn keyword ngxDirectiveThirdParty contained drizzle_buffer_size -syn keyword ngxDirectiveThirdParty contained drizzle_module_header -syn keyword ngxDirectiveThirdParty contained drizzle_status - -" Dynamic ETags Module <https://github.com/kali/nginx-dynamic-etags> -" Attempt at handling ETag / If-None-Match on proxied content. -syn keyword ngxDirectiveThirdParty contained dynamic_etags - -" Echo Module <https://www.nginx.com/resources/wiki/modules/echo/> -" Bringing the power of "echo", "sleep", "time" and more to Nginx's config file -syn keyword ngxDirectiveThirdParty contained echo -syn keyword ngxDirectiveThirdParty contained echo_duplicate -syn keyword ngxDirectiveThirdParty contained echo_flush -syn keyword ngxDirectiveThirdParty contained echo_sleep +" Certificate Transparency +" https://github.com/grahamedgecombe/nginx-ct +syn keyword ngxDirectiveThirdParty contained ssl_ct +syn keyword ngxDirectiveThirdParty contained ssl_ct_static_scts + +" ngx_echo +" https://github.com/openresty/echo-nginx-module +syn keyword ngxDirectiveThirdParty contained echo_abort_parent +syn keyword ngxDirectiveThirdParty contained echo_after_body +syn keyword ngxDirectiveThirdParty contained echo_before_body syn keyword ngxDirectiveThirdParty contained echo_blocking_sleep -syn keyword ngxDirectiveThirdParty contained echo_reset_timer -syn keyword ngxDirectiveThirdParty contained echo_read_request_body -syn keyword ngxDirectiveThirdParty contained echo_location_async -syn keyword ngxDirectiveThirdParty contained echo_location -syn keyword ngxDirectiveThirdParty contained echo_subrequest_async -syn keyword ngxDirectiveThirdParty contained echo_subrequest -syn keyword ngxDirectiveThirdParty contained echo_foreach_split syn keyword ngxDirectiveThirdParty contained echo_end -syn keyword ngxDirectiveThirdParty contained echo_request_body syn keyword ngxDirectiveThirdParty contained echo_exec +syn keyword ngxDirectiveThirdParty contained echo_flush +syn keyword ngxDirectiveThirdParty contained echo_foreach_split +syn keyword ngxDirectiveThirdParty contained echo_location +syn keyword ngxDirectiveThirdParty contained echo_location_async +syn keyword ngxDirectiveThirdParty contained echo_read_request_body +syn keyword ngxDirectiveThirdParty contained echo_request_body +syn keyword ngxDirectiveThirdParty contained echo_reset_timer syn keyword ngxDirectiveThirdParty contained echo_status -syn keyword ngxDirectiveThirdParty contained echo_before_body -syn keyword ngxDirectiveThirdParty contained echo_after_body - -" Encrypted Session Module <https://github.com/openresty/encrypted-session-nginx-module> -" Encrypt and decrypt nginx variable values -syn keyword ngxDirectiveThirdParty contained encrypted_session_key -syn keyword ngxDirectiveThirdParty contained encrypted_session_iv -syn keyword ngxDirectiveThirdParty contained encrypted_session_expires -syn keyword ngxDirectiveThirdParty contained set_encrypt_session -syn keyword ngxDirectiveThirdParty contained set_decrypt_session +syn keyword ngxDirectiveThirdParty contained echo_subrequest +syn keyword ngxDirectiveThirdParty contained echo_subrequest_async -" Enhanced Memcached Module <https://github.com/bpaquet/ngx_http_enhanced_memcached_module> -" This module is based on the standard Nginx Memcached module, with some additonal features -syn keyword ngxDirectiveThirdParty contained enhanced_memcached_pass -syn keyword ngxDirectiveThirdParty contained enhanced_memcached_hash_keys_with_md5 -syn keyword ngxDirectiveThirdParty contained enhanced_memcached_allow_put -syn keyword ngxDirectiveThirdParty contained enhanced_memcached_allow_delete -syn keyword ngxDirectiveThirdParty contained enhanced_memcached_stats -syn keyword ngxDirectiveThirdParty contained enhanced_memcached_flush -syn keyword ngxDirectiveThirdParty contained enhanced_memcached_flush_namespace -syn keyword ngxDirectiveThirdParty contained enhanced_memcached_bind -syn keyword ngxDirectiveThirdParty contained enhanced_memcached_connect_timeout -syn keyword ngxDirectiveThirdParty contained enhanced_memcached_send_timeout -syn keyword ngxDirectiveThirdParty contained enhanced_memcached_buffer_size -syn keyword ngxDirectiveThirdParty contained enhanced_memcached_read_timeout +" FastDFS +" https://github.com/happyfish100/fastdfs-nginx-module +syn keyword ngxDirectiveThirdParty contained ngx_fastdfs_module -" Events Module (DEPRECATED) <http://docs.dutov.org/nginx_modules_events_en.html> -" Provides options for start/stop events. -syn keyword ngxDirectiveDeprecated contained on_start -syn keyword ngxDirectiveDeprecated contained on_stop +" ngx_headers_more +" https://github.com/openresty/headers-more-nginx-module +syn keyword ngxDirectiveThirdParty contained more_clear_headers +syn keyword ngxDirectiveThirdParty contained more_clear_input_headers +syn keyword ngxDirectiveThirdParty contained more_set_headers +syn keyword ngxDirectiveThirdParty contained more_set_input_headers -" EY Balancer Module <https://github.com/ezmobius/nginx-ey-balancer> -" Adds a request queue to Nginx that allows the limiting of concurrent requests passed to the upstream. -syn keyword ngxDirectiveThirdParty contained max_connections -syn keyword ngxDirectiveThirdParty contained max_connections_max_queue_length -syn keyword ngxDirectiveThirdParty contained max_connections_queue_timeout +" NGINX WebDAV missing commands support (PROPFIND & OPTIONS) +" https://github.com/arut/nginx-dav-ext-module +syn keyword ngxDirectiveThirdParty contained dav_ext_methods -" Upstream Fair Balancer <https://www.nginx.com/resources/wiki/modules/fair_balancer/> -" Sends an incoming request to the least-busy backend server, rather than distributing requests round-robin. -syn keyword ngxDirectiveThirdParty contained fair -syn keyword ngxDirectiveThirdParty contained upstream_fair_shm_size +" ngx_eval +" https://github.com/openresty/nginx-eval-module +syn keyword ngxDirectiveThirdParty contained eval +syn keyword ngxDirectiveThirdParty contained eval_buffer_size +syn keyword ngxDirectiveThirdParty contained eval_escalate +syn keyword ngxDirectiveThirdParty contained eval_override_content_type +syn keyword ngxDirectiveThirdParty contained eval_subrequest_in_memory -" Fancy Indexes Module <https://github.com/aperezdc/ngx-fancyindex> -" Like the built-in autoindex module, but fancier. +" Fancy Index +" https://github.com/aperezdc/ngx-fancyindex syn keyword ngxDirectiveThirdParty contained fancyindex +syn keyword ngxDirectiveThirdParty contained fancyindex_css_href syn keyword ngxDirectiveThirdParty contained fancyindex_default_sort syn keyword ngxDirectiveThirdParty contained fancyindex_directories_first -syn keyword ngxDirectiveThirdParty contained fancyindex_css_href syn keyword ngxDirectiveThirdParty contained fancyindex_exact_size -syn keyword ngxDirectiveThirdParty contained fancyindex_name_length syn keyword ngxDirectiveThirdParty contained fancyindex_footer syn keyword ngxDirectiveThirdParty contained fancyindex_header -syn keyword ngxDirectiveThirdParty contained fancyindex_show_path -syn keyword ngxDirectiveThirdParty contained fancyindex_ignore syn keyword ngxDirectiveThirdParty contained fancyindex_hide_symlinks +syn keyword ngxDirectiveThirdParty contained fancyindex_ignore syn keyword ngxDirectiveThirdParty contained fancyindex_localtime +syn keyword ngxDirectiveThirdParty contained fancyindex_name_length +syn keyword ngxDirectiveThirdParty contained fancyindex_show_path syn keyword ngxDirectiveThirdParty contained fancyindex_time_format -" Form Auth Module <https://github.com/veruu/ngx_form_auth> -" Provides authentication and authorization with credentials submitted via POST request -syn keyword ngxDirectiveThirdParty contained form_auth -syn keyword ngxDirectiveThirdParty contained form_auth_pam_service -syn keyword ngxDirectiveThirdParty contained form_auth_login -syn keyword ngxDirectiveThirdParty contained form_auth_password -syn keyword ngxDirectiveThirdParty contained form_auth_remote_user - -" Form Input Module <https://github.com/calio/form-input-nginx-module> -" Reads HTTP POST and PUT request body encoded in "application/x-www-form-urlencoded" and parses the arguments into nginx variables. -syn keyword ngxDirectiveThirdParty contained set_form_input -syn keyword ngxDirectiveThirdParty contained set_form_input_multi - -" GeoIP Module (DEPRECATED) <http://wiki.nginx.org/NginxHttp3rdPartyGeoIPModule> -" Country code lookups via the MaxMind GeoIP API. -syn keyword ngxDirectiveDeprecated contained geoip_country_file - -" GeoIP 2 Module <https://github.com/leev/ngx_http_geoip2_module> -" Creates variables with values from the maxmind geoip2 databases based on the client IP -syn keyword ngxDirectiveThirdParty contained geoip2 - -" GridFS Module <https://github.com/mdirolf/nginx-gridfs> -" Nginx module for serving files from MongoDB's GridFS -syn keyword ngxDirectiveThirdParty contained gridfs - -" Headers More Module <https://github.com/openresty/headers-more-nginx-module> -" Set and clear input and output headers...more than "add"! -syn keyword ngxDirectiveThirdParty contained more_clear_headers -syn keyword ngxDirectiveThirdParty contained more_clear_input_headers -syn keyword ngxDirectiveThirdParty contained more_set_headers -syn keyword ngxDirectiveThirdParty contained more_set_input_headers - -" Health Checks Upstreams Module <https://www.nginx.com/resources/wiki/modules/healthcheck/> -" Polls backends and if they respond with HTTP 200 + an optional request body, they are marked good. Otherwise, they are marked bad. -syn keyword ngxDirectiveThirdParty contained healthcheck_enabled -syn keyword ngxDirectiveThirdParty contained healthcheck_delay -syn keyword ngxDirectiveThirdParty contained healthcheck_timeout -syn keyword ngxDirectiveThirdParty contained healthcheck_failcount -syn keyword ngxDirectiveThirdParty contained healthcheck_send -syn keyword ngxDirectiveThirdParty contained healthcheck_expected -syn keyword ngxDirectiveThirdParty contained healthcheck_buffer -syn keyword ngxDirectiveThirdParty contained healthcheck_status - -" HTTP Accounting Module <https://github.com/Lax/ngx_http_accounting_module> -" Add traffic stat function to nginx. Useful for http accounting based on nginx configuration logic -syn keyword ngxDirectiveThirdParty contained http_accounting -syn keyword ngxDirectiveThirdParty contained http_accounting_log -syn keyword ngxDirectiveThirdParty contained http_accounting_id -syn keyword ngxDirectiveThirdParty contained http_accounting_interval -syn keyword ngxDirectiveThirdParty contained http_accounting_perturb - -" Nginx Digest Authentication module <https://github.com/atomx/nginx-http-auth-digest> -" Digest Authentication for Nginx -syn keyword ngxDirectiveThirdParty contained auth_digest -syn keyword ngxDirectiveThirdParty contained auth_digest_user_file -syn keyword ngxDirectiveThirdParty contained auth_digest_timeout -syn keyword ngxDirectiveThirdParty contained auth_digest_expires -syn keyword ngxDirectiveThirdParty contained auth_digest_replays -syn keyword ngxDirectiveThirdParty contained auth_digest_shm_size - -" Auth PAM Module <https://github.com/sto/ngx_http_auth_pam_module> -" HTTP Basic Authentication using PAM. -syn keyword ngxDirectiveThirdParty contained auth_pam -syn keyword ngxDirectiveThirdParty contained auth_pam_service_name - -" HTTP Auth Request Module <http://nginx.org/en/docs/http/ngx_http_auth_request_module.html> -" Implements client authorization based on the result of a subrequest -" syn keyword ngxDirectiveThirdParty contained auth_request -" syn keyword ngxDirectiveThirdParty contained auth_request_set - -" HTTP Concatenation module for Nginx <https://github.com/alibaba/nginx-http-concat> -" A Nginx module for concatenating files in a given context: CSS and JS files usually -syn keyword ngxDirectiveThirdParty contained concat -syn keyword ngxDirectiveThirdParty contained concat_types -syn keyword ngxDirectiveThirdParty contained concat_unique -syn keyword ngxDirectiveThirdParty contained concat_max_files -syn keyword ngxDirectiveThirdParty contained concat_delimiter -syn keyword ngxDirectiveThirdParty contained concat_ignore_file_error - -" HTTP Dynamic Upstream Module <https://github.com/yzprofile/ngx_http_dyups_module> -" Update upstreams' config by restful interface -syn keyword ngxDirectiveThirdParty contained dyups_interface -syn keyword ngxDirectiveThirdParty contained dyups_read_msg_timeout -syn keyword ngxDirectiveThirdParty contained dyups_shm_zone_size -syn keyword ngxDirectiveThirdParty contained dyups_upstream_conf -syn keyword ngxDirectiveThirdParty contained dyups_trylock - -" HTTP Footer If Filter Module <https://github.com/flygoast/ngx_http_footer_if_filter> -" The ngx_http_footer_if_filter_module is used to add given content to the end of the response according to the condition specified. -syn keyword ngxDirectiveThirdParty contained footer_if - -" HTTP Footer Filter Module <https://github.com/alibaba/nginx-http-footer-filter> -" This module implements a body filter that adds a given string to the page footer. +" Footer filter +" https://github.com/alibaba/nginx-http-footer-filter syn keyword ngxDirectiveThirdParty contained footer syn keyword ngxDirectiveThirdParty contained footer_types -" HTTP Internal Redirect Module <https://github.com/flygoast/ngx_http_internal_redirect> -" Make an internal redirect to the uri specified according to the condition specified. -syn keyword ngxDirectiveThirdParty contained internal_redirect_if -syn keyword ngxDirectiveThirdParty contained internal_redirect_if_no_postponed +" ngx_http_geoip2_module +" https://github.com/leev/ngx_http_geoip2_module +syn keyword ngxDirectiveThirdParty contained geoip2 +syn keyword ngxDirectiveThirdParty contained geoip2_proxy +syn keyword ngxDirectiveThirdParty contained geoip2_proxy_recursive -" HTTP JavaScript Module <https://github.com/peter-leonov/ngx_http_js_module> -" Embedding SpiderMonkey. Nearly full port on Perl module. -syn keyword ngxDirectiveThirdParty contained js -syn keyword ngxDirectiveThirdParty contained js_filter -syn keyword ngxDirectiveThirdParty contained js_filter_types -syn keyword ngxDirectiveThirdParty contained js_load -syn keyword ngxDirectiveThirdParty contained js_maxmem -syn keyword ngxDirectiveThirdParty contained js_require -syn keyword ngxDirectiveThirdParty contained js_set -syn keyword ngxDirectiveThirdParty contained js_utf8 - -" HTTP Push Module (DEPRECATED) <http://pushmodule.slact.net/> -" Turn Nginx into an adept long-polling HTTP Push (Comet) server. -syn keyword ngxDirectiveDeprecated contained push_buffer_size -syn keyword ngxDirectiveDeprecated contained push_listener -syn keyword ngxDirectiveDeprecated contained push_message_timeout -syn keyword ngxDirectiveDeprecated contained push_queue_messages -syn keyword ngxDirectiveDeprecated contained push_sender +" A version of the Nginx HTTP stub status module that outputs in JSON format +" https://github.com/nginx-modules/nginx-json-status-module +syn keyword ngxDirectiveThirdParty contained json_status +syn keyword ngxDirectiveThirdParty contained json_status_type -" HTTP Redis Module <https://www.nginx.com/resources/wiki/modules/redis/> -" Redis <http://code.google.com/p/redis/> support. -syn keyword ngxDirectiveThirdParty contained redis_bind -syn keyword ngxDirectiveThirdParty contained redis_buffer_size -syn keyword ngxDirectiveThirdParty contained redis_connect_timeout -syn keyword ngxDirectiveThirdParty contained redis_next_upstream -syn keyword ngxDirectiveThirdParty contained redis_pass -syn keyword ngxDirectiveThirdParty contained redis_read_timeout -syn keyword ngxDirectiveThirdParty contained redis_send_timeout +" MogileFS client for nginx +" https://github.com/vkholodkov/nginx-mogilefs-module +syn keyword ngxDirectiveThirdParty contained mogilefs_class +syn keyword ngxDirectiveThirdParty contained mogilefs_connect_timeout +syn keyword ngxDirectiveThirdParty contained mogilefs_domain +syn keyword ngxDirectiveThirdParty contained mogilefs_methods +syn keyword ngxDirectiveThirdParty contained mogilefs_noverify +syn keyword ngxDirectiveThirdParty contained mogilefs_pass +syn keyword ngxDirectiveThirdParty contained mogilefs_read_timeout +syn keyword ngxDirectiveThirdParty contained mogilefs_send_timeout +syn keyword ngxDirectiveThirdParty contained mogilefs_tracker -" Iconv Module <https://github.com/calio/iconv-nginx-module> -" A character conversion nginx module using libiconv -syn keyword ngxDirectiveThirdParty contained set_iconv -syn keyword ngxDirectiveThirdParty contained iconv_buffer_size -syn keyword ngxDirectiveThirdParty contained iconv_filter +" Ancient nginx plugin; probably not useful to anyone +" https://github.com/kr/nginx-notice +syn keyword ngxDirectiveThirdParty contained notice +syn keyword ngxDirectiveThirdParty contained notice_type -" IP Blocker Module <https://github.com/tmthrgd/nginx-ip-blocker> -" An efficient shared memory IP blocking system for nginx. -syn keyword ngxDirectiveThirdParty contained ip_blocker +" nchan +" https://github.com/slact/nchan +syn keyword ngxDirectiveThirdParty contained nchan_access_control_allow_origin +syn keyword ngxDirectiveThirdParty contained nchan_authorize_request +syn keyword ngxDirectiveThirdParty contained nchan_channel_event_string +syn keyword ngxDirectiveThirdParty contained nchan_channel_events_channel_id +syn keyword ngxDirectiveThirdParty contained nchan_channel_group +syn keyword ngxDirectiveThirdParty contained nchan_channel_group_accounting +syn keyword ngxDirectiveThirdParty contained nchan_channel_id +syn keyword ngxDirectiveThirdParty contained nchan_channel_id_split_delimiter +syn keyword ngxDirectiveThirdParty contained nchan_channel_timeout +syn keyword ngxDirectiveThirdParty contained nchan_deflate_message_for_websocket +syn keyword ngxDirectiveThirdParty contained nchan_eventsource_event +syn keyword ngxDirectiveThirdParty contained nchan_group_location +syn keyword ngxDirectiveThirdParty contained nchan_group_max_channels +syn keyword ngxDirectiveThirdParty contained nchan_group_max_messages +syn keyword ngxDirectiveThirdParty contained nchan_group_max_messages_disk +syn keyword ngxDirectiveThirdParty contained nchan_group_max_messages_memory +syn keyword ngxDirectiveThirdParty contained nchan_group_max_subscribers +syn keyword ngxDirectiveThirdParty contained nchan_longpoll_multipart_response +syn keyword ngxDirectiveThirdParty contained nchan_max_channel_id_length +syn keyword ngxDirectiveThirdParty contained nchan_max_channel_subscribers +syn keyword ngxDirectiveThirdParty contained nchan_max_reserved_memory +syn keyword ngxDirectiveThirdParty contained nchan_message_buffer_length +syn keyword ngxDirectiveThirdParty contained nchan_message_max_buffer_length +syn keyword ngxDirectiveThirdParty contained nchan_message_temp_path +syn keyword ngxDirectiveThirdParty contained nchan_message_timeout +syn keyword ngxDirectiveThirdParty contained nchan_permessage_deflate_compression_level +syn keyword ngxDirectiveThirdParty contained nchan_permessage_deflate_compression_memlevel +syn keyword ngxDirectiveThirdParty contained nchan_permessage_deflate_compression_strategy +syn keyword ngxDirectiveThirdParty contained nchan_permessage_deflate_compression_window +syn keyword ngxDirectiveThirdParty contained nchan_pub_channel_id +syn keyword ngxDirectiveThirdParty contained nchan_publisher +syn keyword ngxDirectiveThirdParty contained nchan_publisher_channel_id +syn keyword ngxDirectiveThirdParty contained nchan_publisher_location +syn keyword ngxDirectiveThirdParty contained nchan_publisher_upstream_request +syn keyword ngxDirectiveThirdParty contained nchan_pubsub +syn keyword ngxDirectiveThirdParty contained nchan_pubsub_channel_id +syn keyword ngxDirectiveThirdParty contained nchan_pubsub_location +syn keyword ngxDirectiveThirdParty contained nchan_redis_fakesub_timer_interval +syn keyword ngxDirectiveThirdParty contained nchan_redis_idle_channel_cache_timeout +syn keyword ngxDirectiveThirdParty contained nchan_redis_namespace +syn keyword ngxDirectiveThirdParty contained nchan_redis_pass +syn keyword ngxDirectiveThirdParty contained nchan_redis_pass_inheritable +syn keyword ngxDirectiveThirdParty contained nchan_redis_ping_interval +syn keyword ngxDirectiveThirdParty contained nchan_redis_publish_msgpacked_max_size +syn keyword ngxDirectiveThirdParty contained nchan_redis_server +syn keyword ngxDirectiveThirdParty contained nchan_redis_storage_mode +syn keyword ngxDirectiveThirdParty contained nchan_redis_url +syn keyword ngxDirectiveThirdParty contained nchan_redis_wait_after_connecting +syn keyword ngxDirectiveThirdParty contained nchan_shared_memory_size +syn keyword ngxDirectiveThirdParty contained nchan_storage_engine +syn keyword ngxDirectiveThirdParty contained nchan_store_messages +syn keyword ngxDirectiveThirdParty contained nchan_stub_status +syn keyword ngxDirectiveThirdParty contained nchan_sub_channel_id +syn keyword ngxDirectiveThirdParty contained nchan_subscribe_existing_channels_only +syn keyword ngxDirectiveThirdParty contained nchan_subscribe_request +syn keyword ngxDirectiveThirdParty contained nchan_subscriber +syn keyword ngxDirectiveThirdParty contained nchan_subscriber_channel_id +syn keyword ngxDirectiveThirdParty contained nchan_subscriber_compound_etag_message_id +syn keyword ngxDirectiveThirdParty contained nchan_subscriber_first_message +syn keyword ngxDirectiveThirdParty contained nchan_subscriber_http_raw_stream_separator +syn keyword ngxDirectiveThirdParty contained nchan_subscriber_last_message_id +syn keyword ngxDirectiveThirdParty contained nchan_subscriber_location +syn keyword ngxDirectiveThirdParty contained nchan_subscriber_message_id_custom_etag_header +syn keyword ngxDirectiveThirdParty contained nchan_subscriber_timeout +syn keyword ngxDirectiveThirdParty contained nchan_unsubscribe_request +syn keyword ngxDirectiveThirdParty contained nchan_use_redis +syn keyword ngxDirectiveThirdParty contained nchan_websocket_client_heartbeat +syn keyword ngxDirectiveThirdParty contained nchan_websocket_ping_interval +syn keyword ngxDirectiveThirdParty contained push_authorized_channels_only +syn keyword ngxDirectiveThirdParty contained push_channel_group +syn keyword ngxDirectiveThirdParty contained push_channel_timeout +syn keyword ngxDirectiveThirdParty contained push_max_channel_id_length +syn keyword ngxDirectiveThirdParty contained push_max_channel_subscribers +syn keyword ngxDirectiveThirdParty contained push_max_message_buffer_length +syn keyword ngxDirectiveThirdParty contained push_max_reserved_memory +syn keyword ngxDirectiveThirdParty contained push_message_buffer_length +syn keyword ngxDirectiveThirdParty contained push_message_timeout +syn keyword ngxDirectiveThirdParty contained push_min_message_buffer_length +syn keyword ngxDirectiveThirdParty contained push_publisher +syn keyword ngxDirectiveThirdParty contained push_store_messages +syn keyword ngxDirectiveThirdParty contained push_subscriber +syn keyword ngxDirectiveThirdParty contained push_subscriber_concurrency +syn keyword ngxDirectiveThirdParty contained push_subscriber_timeout -" IP2Location Module <https://github.com/chrislim2888/ip2location-nginx> -" Allows user to lookup for geolocation information using IP2Location database -syn keyword ngxDirectiveThirdParty contained ip2location_database +" Push Stream +" https://github.com/wandenberg/nginx-push-stream-module +syn keyword ngxDirectiveThirdParty contained push_stream_allow_connections_to_events_channel +syn keyword ngxDirectiveThirdParty contained push_stream_allowed_origins +syn keyword ngxDirectiveThirdParty contained push_stream_authorized_channels_only +syn keyword ngxDirectiveThirdParty contained push_stream_channel_deleted_message_text +syn keyword ngxDirectiveThirdParty contained push_stream_channel_inactivity_time +syn keyword ngxDirectiveThirdParty contained push_stream_channel_info_on_publish +syn keyword ngxDirectiveThirdParty contained push_stream_channels_path +syn keyword ngxDirectiveThirdParty contained push_stream_channels_statistics +syn keyword ngxDirectiveThirdParty contained push_stream_events_channel_id +syn keyword ngxDirectiveThirdParty contained push_stream_footer_template +syn keyword ngxDirectiveThirdParty contained push_stream_header_template +syn keyword ngxDirectiveThirdParty contained push_stream_header_template_file +syn keyword ngxDirectiveThirdParty contained push_stream_last_event_id +syn keyword ngxDirectiveThirdParty contained push_stream_last_received_message_tag +syn keyword ngxDirectiveThirdParty contained push_stream_last_received_message_time +syn keyword ngxDirectiveThirdParty contained push_stream_longpolling_connection_ttl +syn keyword ngxDirectiveThirdParty contained push_stream_max_channel_id_length +syn keyword ngxDirectiveThirdParty contained push_stream_max_messages_stored_per_channel +syn keyword ngxDirectiveThirdParty contained push_stream_max_number_of_channels +syn keyword ngxDirectiveThirdParty contained push_stream_max_number_of_wildcard_channels +syn keyword ngxDirectiveThirdParty contained push_stream_max_subscribers_per_channel +syn keyword ngxDirectiveThirdParty contained push_stream_message_template +syn keyword ngxDirectiveThirdParty contained push_stream_message_ttl +syn keyword ngxDirectiveThirdParty contained push_stream_padding_by_user_agent +syn keyword ngxDirectiveThirdParty contained push_stream_ping_message_interval +syn keyword ngxDirectiveThirdParty contained push_stream_ping_message_text +syn keyword ngxDirectiveThirdParty contained push_stream_publisher +syn keyword ngxDirectiveThirdParty contained push_stream_shared_memory_size +syn keyword ngxDirectiveThirdParty contained push_stream_store_messages +syn keyword ngxDirectiveThirdParty contained push_stream_subscriber +syn keyword ngxDirectiveThirdParty contained push_stream_subscriber_connection_ttl +syn keyword ngxDirectiveThirdParty contained push_stream_timeout_with_body +syn keyword ngxDirectiveThirdParty contained push_stream_user_agent +syn keyword ngxDirectiveThirdParty contained push_stream_websocket_allow_publish +syn keyword ngxDirectiveThirdParty contained push_stream_wildcard_channel_max_qtd +syn keyword ngxDirectiveThirdParty contained push_stream_wildcard_channel_prefix -" JS Module <https://github.com/peter-leonov/ngx_http_js_module> -" Reflect the nginx functionality in JS -syn keyword ngxDirectiveThirdParty contained js -syn keyword ngxDirectiveThirdParty contained js_access -syn keyword ngxDirectiveThirdParty contained js_load -syn keyword ngxDirectiveThirdParty contained js_set +" redis module +" https://www.nginx.com/resources/wiki/modules/redis/ +syn keyword ngxDirectiveThirdParty contained redis_bind +syn keyword ngxDirectiveThirdParty contained redis_buffer_size +syn keyword ngxDirectiveThirdParty contained redis_connect_timeout +syn keyword ngxDirectiveThirdParty contained redis_gzip_flag +syn keyword ngxDirectiveThirdParty contained redis_next_upstream +syn keyword ngxDirectiveThirdParty contained redis_pass +syn keyword ngxDirectiveThirdParty contained redis_read_timeout +syn keyword ngxDirectiveThirdParty contained redis_send_timeout -" Limit Upload Rate Module <https://github.com/cfsego/limit_upload_rate> -" Limit client-upload rate when they are sending request bodies to you -syn keyword ngxDirectiveThirdParty contained limit_upload_rate -syn keyword ngxDirectiveThirdParty contained limit_upload_rate_after +" ngx_http_response +" http://catap.ru/downloads/nginx/ +syn keyword ngxDirectiveThirdParty contained response +syn keyword ngxDirectiveThirdParty contained response_type + +" nginx_substitutions_filter +" https://github.com/yaoweibin/ngx_http_substitutions_filter_module +syn keyword ngxDirectiveThirdParty contained subs_buffers +syn keyword ngxDirectiveThirdParty contained subs_filter +syn keyword ngxDirectiveThirdParty contained subs_filter_bypass +syn keyword ngxDirectiveThirdParty contained subs_filter_types +syn keyword ngxDirectiveThirdParty contained subs_line_buffer_size -" Limit Upstream Module <https://github.com/cfsego/nginx-limit-upstream> -" Limit the number of connections to upstream for NGINX -syn keyword ngxDirectiveThirdParty contained limit_upstream_zone -syn keyword ngxDirectiveThirdParty contained limit_upstream_conn -syn keyword ngxDirectiveThirdParty contained limit_upstream_log_level +" Tarantool nginx upstream module +" https://github.com/tarantool/nginx_upstream_module +syn keyword ngxDirectiveThirdParty contained tnt_allowed_indexes +syn keyword ngxDirectiveThirdParty contained tnt_allowed_spaces +syn keyword ngxDirectiveThirdParty contained tnt_buffer_size +syn keyword ngxDirectiveThirdParty contained tnt_connect_timeout +syn keyword ngxDirectiveThirdParty contained tnt_delete +syn keyword ngxDirectiveThirdParty contained tnt_http_methods +syn keyword ngxDirectiveThirdParty contained tnt_http_rest_methods +syn keyword ngxDirectiveThirdParty contained tnt_in_multiplier +syn keyword ngxDirectiveThirdParty contained tnt_insert +syn keyword ngxDirectiveThirdParty contained tnt_method +syn keyword ngxDirectiveThirdParty contained tnt_multireturn_skip_count +syn keyword ngxDirectiveThirdParty contained tnt_next_upstream +syn keyword ngxDirectiveThirdParty contained tnt_next_upstream_timeout +syn keyword ngxDirectiveThirdParty contained tnt_next_upstream_tries +syn keyword ngxDirectiveThirdParty contained tnt_out_multiplier +syn keyword ngxDirectiveThirdParty contained tnt_pass +syn keyword ngxDirectiveThirdParty contained tnt_pass_http_request +syn keyword ngxDirectiveThirdParty contained tnt_pass_http_request_buffer_size +syn keyword ngxDirectiveThirdParty contained tnt_pure_result +syn keyword ngxDirectiveThirdParty contained tnt_read_timeout +syn keyword ngxDirectiveThirdParty contained tnt_replace +syn keyword ngxDirectiveThirdParty contained tnt_select +syn keyword ngxDirectiveThirdParty contained tnt_select_limit_max +syn keyword ngxDirectiveThirdParty contained tnt_send_timeout +syn keyword ngxDirectiveThirdParty contained tnt_set_header +syn keyword ngxDirectiveThirdParty contained tnt_update +syn keyword ngxDirectiveThirdParty contained tnt_upsert -" Log If Module <https://github.com/cfsego/ngx_log_if> -" Conditional accesslog for nginx -syn keyword ngxDirectiveThirdParty contained access_log_bypass_if +" A module for nginx web server for handling file uploads using multipart/form-data encoding (RFC 1867) +" https://github.com/Austinb/nginx-upload-module +syn keyword ngxDirectiveThirdParty contained upload_aggregate_form_field +syn keyword ngxDirectiveThirdParty contained upload_archive_elm +syn keyword ngxDirectiveThirdParty contained upload_archive_elm_separator +syn keyword ngxDirectiveThirdParty contained upload_archive_path +syn keyword ngxDirectiveThirdParty contained upload_archive_path_separator +syn keyword ngxDirectiveThirdParty contained upload_buffer_size +syn keyword ngxDirectiveThirdParty contained upload_cleanup +syn keyword ngxDirectiveThirdParty contained upload_content_type +syn keyword ngxDirectiveThirdParty contained upload_discard +syn keyword ngxDirectiveThirdParty contained upload_field_name +syn keyword ngxDirectiveThirdParty contained upload_file_crc32 +syn keyword ngxDirectiveThirdParty contained upload_file_md5 +syn keyword ngxDirectiveThirdParty contained upload_file_md5_uc +syn keyword ngxDirectiveThirdParty contained upload_file_name +syn keyword ngxDirectiveThirdParty contained upload_file_sha1 +syn keyword ngxDirectiveThirdParty contained upload_file_sha1_uc +syn keyword ngxDirectiveThirdParty contained upload_file_size +syn keyword ngxDirectiveThirdParty contained upload_filter +syn keyword ngxDirectiveThirdParty contained upload_max_file_size +syn keyword ngxDirectiveThirdParty contained upload_max_output_body_len +syn keyword ngxDirectiveThirdParty contained upload_max_part_header_len +syn keyword ngxDirectiveThirdParty contained upload_pass +syn keyword ngxDirectiveThirdParty contained upload_pass_args +syn keyword ngxDirectiveThirdParty contained upload_pass_form_field +syn keyword ngxDirectiveThirdParty contained upload_set_form_field +syn keyword ngxDirectiveThirdParty contained upload_store +syn keyword ngxDirectiveThirdParty contained upload_store_access +syn keyword ngxDirectiveThirdParty contained upload_tmp_path +syn keyword ngxDirectiveThirdParty contained upload_unzip +syn keyword ngxDirectiveThirdParty contained upload_unzip_buffers +syn keyword ngxDirectiveThirdParty contained upload_unzip_hash +syn keyword ngxDirectiveThirdParty contained upload_unzip_max_file_name_len +syn keyword ngxDirectiveThirdParty contained upload_unzip_window +syn keyword ngxDirectiveThirdParty contained upload_void_content_type -" Log Request Speed (DEPRECATED) <http://wiki.nginx.org/NginxHttpLogRequestSpeed> -" Log the time it took to process each request. -syn keyword ngxDirectiveDeprecated contained log_request_speed_filter -syn keyword ngxDirectiveDeprecated contained log_request_speed_filter_timeout +" nginx-upload-progress-module +" https://github.com/masterzen/nginx-upload-progress-module +syn keyword ngxDirectiveThirdParty contained report_uploads +syn keyword ngxDirectiveThirdParty contained track_uploads +syn keyword ngxDirectiveThirdParty contained upload_progress +syn keyword ngxDirectiveThirdParty contained upload_progress_content_type +syn keyword ngxDirectiveThirdParty contained upload_progress_header +syn keyword ngxDirectiveThirdParty contained upload_progress_java_output +syn keyword ngxDirectiveThirdParty contained upload_progress_json_output +syn keyword ngxDirectiveThirdParty contained upload_progress_jsonp_output +syn keyword ngxDirectiveThirdParty contained upload_progress_jsonp_parameter +syn keyword ngxDirectiveThirdParty contained upload_progress_template -" Log ZeroMQ Module <https://github.com/alticelabs/nginx-log-zmq> -" ZeroMQ logger module for nginx -syn keyword ngxDirectiveThirdParty contained log_zmq_server -syn keyword ngxDirectiveThirdParty contained log_zmq_endpoint -syn keyword ngxDirectiveThirdParty contained log_zmq_format -syn keyword ngxDirectiveThirdParty contained log_zmq_off +" Health checks upstreams for nginx +" https://github.com/yaoweibin/nginx_upstream_check_module +syn keyword ngxDirectiveThirdParty contained check +syn keyword ngxDirectiveThirdParty contained check_fastcgi_param +syn keyword ngxDirectiveThirdParty contained check_http_expect_alive +syn keyword ngxDirectiveThirdParty contained check_http_send +syn keyword ngxDirectiveThirdParty contained check_keepalive_requests +syn keyword ngxDirectiveThirdParty contained check_shm_size +syn keyword ngxDirectiveThirdParty contained check_status -" Lower/UpperCase Module <https://github.com/replay/ngx_http_lower_upper_case> -" This module simply uppercases or lowercases a string and saves it into a new variable. -syn keyword ngxDirectiveThirdParty contained lower -syn keyword ngxDirectiveThirdParty contained upper +" The fair load balancer module for nginx +" https://github.com/cryptofuture/nginx-upstream-fair +syn keyword ngxDirectiveThirdParty contained fair +syn keyword ngxDirectiveThirdParty contained upstream_fair_shm_size -" Lua Upstream Module <https://github.com/openresty/lua-upstream-nginx-module> -" Nginx C module to expose Lua API to ngx_lua for Nginx upstreams +" Nginx Video Thumb Extractor Module +" https://github.com/wandenberg/nginx-video-thumbextractor-module +syn keyword ngxDirectiveThirdParty contained video_thumbextractor +syn keyword ngxDirectiveThirdParty contained video_thumbextractor_image_height +syn keyword ngxDirectiveThirdParty contained video_thumbextractor_image_width +syn keyword ngxDirectiveThirdParty contained video_thumbextractor_jpeg_baseline +syn keyword ngxDirectiveThirdParty contained video_thumbextractor_jpeg_dpi +syn keyword ngxDirectiveThirdParty contained video_thumbextractor_jpeg_optimize +syn keyword ngxDirectiveThirdParty contained video_thumbextractor_jpeg_progressive_mode +syn keyword ngxDirectiveThirdParty contained video_thumbextractor_jpeg_quality +syn keyword ngxDirectiveThirdParty contained video_thumbextractor_jpeg_smooth +syn keyword ngxDirectiveThirdParty contained video_thumbextractor_next_time +syn keyword ngxDirectiveThirdParty contained video_thumbextractor_only_keyframe +syn keyword ngxDirectiveThirdParty contained video_thumbextractor_processes_per_worker +syn keyword ngxDirectiveThirdParty contained video_thumbextractor_threads +syn keyword ngxDirectiveThirdParty contained video_thumbextractor_tile_color +syn keyword ngxDirectiveThirdParty contained video_thumbextractor_tile_cols +syn keyword ngxDirectiveThirdParty contained video_thumbextractor_tile_margin +syn keyword ngxDirectiveThirdParty contained video_thumbextractor_tile_max_cols +syn keyword ngxDirectiveThirdParty contained video_thumbextractor_tile_max_rows +syn keyword ngxDirectiveThirdParty contained video_thumbextractor_tile_padding +syn keyword ngxDirectiveThirdParty contained video_thumbextractor_tile_rows +syn keyword ngxDirectiveThirdParty contained video_thumbextractor_tile_sample_interval +syn keyword ngxDirectiveThirdParty contained video_thumbextractor_video_filename +syn keyword ngxDirectiveThirdParty contained video_thumbextractor_video_second -" Lua Module <https://github.com/openresty/lua-nginx-module> -" Embed the Power of Lua into NGINX HTTP servers -syn keyword ngxDirectiveThirdParty contained lua_use_default_type -syn keyword ngxDirectiveThirdParty contained lua_malloc_trim -syn keyword ngxDirectiveThirdParty contained lua_code_cache -syn keyword ngxDirectiveThirdParty contained lua_regex_cache_max_entries -syn keyword ngxDirectiveThirdParty contained lua_regex_match_limit -syn keyword ngxDirectiveThirdParty contained lua_package_path -syn keyword ngxDirectiveThirdParty contained lua_package_cpath -syn keyword ngxDirectiveThirdParty contained init_by_lua -syn keyword ngxDirectiveThirdParty contained init_by_lua_block -syn keyword ngxDirectiveThirdParty contained init_by_lua_file -syn keyword ngxDirectiveThirdParty contained init_worker_by_lua -syn keyword ngxDirectiveThirdParty contained init_worker_by_lua_block -syn keyword ngxDirectiveThirdParty contained init_worker_by_lua_file -syn keyword ngxDirectiveThirdParty contained set_by_lua -syn keyword ngxDirectiveThirdParty contained set_by_lua_block -syn keyword ngxDirectiveThirdParty contained set_by_lua_file -syn keyword ngxDirectiveThirdParty contained content_by_lua -syn keyword ngxDirectiveThirdParty contained content_by_lua_block -syn keyword ngxDirectiveThirdParty contained content_by_lua_file -syn keyword ngxDirectiveThirdParty contained rewrite_by_lua -syn keyword ngxDirectiveThirdParty contained rewrite_by_lua_block -syn keyword ngxDirectiveThirdParty contained rewrite_by_lua_file +" drizzle-nginx-module - Upstream module for talking to MySQL and Drizzle directly +" https://github.com/openresty/drizzle-nginx-module +syn keyword ngxDirectiveThirdParty contained drizzle_buffer_size +syn keyword ngxDirectiveThirdParty contained drizzle_connect_timeout +syn keyword ngxDirectiveThirdParty contained drizzle_dbname +syn keyword ngxDirectiveThirdParty contained drizzle_keepalive +syn keyword ngxDirectiveThirdParty contained drizzle_module_header +syn keyword ngxDirectiveThirdParty contained drizzle_pass +syn keyword ngxDirectiveThirdParty contained drizzle_query +syn keyword ngxDirectiveThirdParty contained drizzle_recv_cols_timeout +syn keyword ngxDirectiveThirdParty contained drizzle_recv_rows_timeout +syn keyword ngxDirectiveThirdParty contained drizzle_send_query_timeout +syn keyword ngxDirectiveThirdParty contained drizzle_server +syn keyword ngxDirectiveThirdParty contained drizzle_status + +" ngx_dynamic_upstream +" https://github.com/cubicdaiya/ngx_dynamic_upstream +syn keyword ngxDirectiveThirdParty contained dynamic_upstream + +" encrypt and decrypt nginx variable values +" https://github.com/openresty/encrypted-session-nginx-module +syn keyword ngxDirectiveThirdParty contained encrypted_session_expires +syn keyword ngxDirectiveThirdParty contained encrypted_session_iv +syn keyword ngxDirectiveThirdParty contained encrypted_session_key +syn keyword ngxDirectiveThirdParty contained set_decrypt_session +syn keyword ngxDirectiveThirdParty contained set_encrypt_session + +" serve content directly from MongoDB's GridFS +" https://github.com/mdirolf/nginx-gridfs +syn keyword ngxDirectiveThirdParty contained gridfs +syn keyword ngxDirectiveThirdParty contained mongo + +" Adds support for arithmetic operations to NGINX config +" https://github.com/arut/nginx-let-module +syn keyword ngxDirectiveThirdParty contained let + +" ngx_http_lua_module - Embed the power of Lua into Nginx HTTP Servers +" https://github.com/openresty/lua-nginx-module syn keyword ngxDirectiveThirdParty contained access_by_lua syn keyword ngxDirectiveThirdParty contained access_by_lua_block syn keyword ngxDirectiveThirdParty contained access_by_lua_file -syn keyword ngxDirectiveThirdParty contained header_filter_by_lua -syn keyword ngxDirectiveThirdParty contained header_filter_by_lua_block -syn keyword ngxDirectiveThirdParty contained header_filter_by_lua_file +syn keyword ngxDirectiveThirdParty contained access_by_lua_no_postpone +syn keyword ngxDirectiveThirdParty contained balancer_by_lua_block +syn keyword ngxDirectiveThirdParty contained balancer_by_lua_file syn keyword ngxDirectiveThirdParty contained body_filter_by_lua syn keyword ngxDirectiveThirdParty contained body_filter_by_lua_block syn keyword ngxDirectiveThirdParty contained body_filter_by_lua_file +syn keyword ngxDirectiveThirdParty contained content_by_lua +syn keyword ngxDirectiveThirdParty contained content_by_lua_block +syn keyword ngxDirectiveThirdParty contained content_by_lua_file +syn keyword ngxDirectiveThirdParty contained header_filter_by_lua +syn keyword ngxDirectiveThirdParty contained header_filter_by_lua_block +syn keyword ngxDirectiveThirdParty contained header_filter_by_lua_file +syn keyword ngxDirectiveThirdParty contained init_by_lua +syn keyword ngxDirectiveThirdParty contained init_by_lua_block +syn keyword ngxDirectiveThirdParty contained init_by_lua_file +syn keyword ngxDirectiveThirdParty contained init_worker_by_lua +syn keyword ngxDirectiveThirdParty contained init_worker_by_lua_block +syn keyword ngxDirectiveThirdParty contained init_worker_by_lua_file syn keyword ngxDirectiveThirdParty contained log_by_lua syn keyword ngxDirectiveThirdParty contained log_by_lua_block syn keyword ngxDirectiveThirdParty contained log_by_lua_file -syn keyword ngxDirectiveThirdParty contained balancer_by_lua_block -syn keyword ngxDirectiveThirdParty contained balancer_by_lua_file +syn keyword ngxDirectiveThirdParty contained lua_capture_error_log +syn keyword ngxDirectiveThirdParty contained lua_check_client_abort +syn keyword ngxDirectiveThirdParty contained lua_code_cache +syn keyword ngxDirectiveThirdParty contained lua_fake_shm +syn keyword ngxDirectiveThirdParty contained lua_http10_buffering +syn keyword ngxDirectiveThirdParty contained lua_malloc_trim +syn keyword ngxDirectiveThirdParty contained lua_max_pending_timers +syn keyword ngxDirectiveThirdParty contained lua_max_running_timers syn keyword ngxDirectiveThirdParty contained lua_need_request_body -syn keyword ngxDirectiveThirdParty contained ssl_certificate_by_lua_block -syn keyword ngxDirectiveThirdParty contained ssl_certificate_by_lua_file -syn keyword ngxDirectiveThirdParty contained ssl_session_fetch_by_lua_block -syn keyword ngxDirectiveThirdParty contained ssl_session_fetch_by_lua_file -syn keyword ngxDirectiveThirdParty contained ssl_session_store_by_lua_block -syn keyword ngxDirectiveThirdParty contained ssl_session_store_by_lua_file +syn keyword ngxDirectiveThirdParty contained lua_package_cpath +syn keyword ngxDirectiveThirdParty contained lua_package_path +syn keyword ngxDirectiveThirdParty contained lua_regex_cache_max_entries +syn keyword ngxDirectiveThirdParty contained lua_regex_match_limit syn keyword ngxDirectiveThirdParty contained lua_shared_dict -syn keyword ngxDirectiveThirdParty contained lua_socket_connect_timeout -syn keyword ngxDirectiveThirdParty contained lua_socket_send_timeout -syn keyword ngxDirectiveThirdParty contained lua_socket_send_lowat -syn keyword ngxDirectiveThirdParty contained lua_socket_read_timeout syn keyword ngxDirectiveThirdParty contained lua_socket_buffer_size -syn keyword ngxDirectiveThirdParty contained lua_socket_pool_size +syn keyword ngxDirectiveThirdParty contained lua_socket_connect_timeout syn keyword ngxDirectiveThirdParty contained lua_socket_keepalive_timeout syn keyword ngxDirectiveThirdParty contained lua_socket_log_errors +syn keyword ngxDirectiveThirdParty contained lua_socket_pool_size +syn keyword ngxDirectiveThirdParty contained lua_socket_read_timeout +syn keyword ngxDirectiveThirdParty contained lua_socket_send_lowat +syn keyword ngxDirectiveThirdParty contained lua_socket_send_timeout syn keyword ngxDirectiveThirdParty contained lua_ssl_ciphers syn keyword ngxDirectiveThirdParty contained lua_ssl_crl syn keyword ngxDirectiveThirdParty contained lua_ssl_protocols syn keyword ngxDirectiveThirdParty contained lua_ssl_trusted_certificate syn keyword ngxDirectiveThirdParty contained lua_ssl_verify_depth -syn keyword ngxDirectiveThirdParty contained lua_http10_buffering -syn keyword ngxDirectiveThirdParty contained rewrite_by_lua_no_postpone -syn keyword ngxDirectiveThirdParty contained access_by_lua_no_postpone syn keyword ngxDirectiveThirdParty contained lua_transform_underscores_in_response_headers -syn keyword ngxDirectiveThirdParty contained lua_check_client_abort -syn keyword ngxDirectiveThirdParty contained lua_max_pending_timers -syn keyword ngxDirectiveThirdParty contained lua_max_running_timers - -" MD5 Filter Module <https://github.com/kainswor/nginx_md5_filter> -" A content filter for nginx, which returns the md5 hash of the content otherwise returned. -syn keyword ngxDirectiveThirdParty contained md5_filter +syn keyword ngxDirectiveThirdParty contained lua_use_default_type +syn keyword ngxDirectiveThirdParty contained rewrite_by_lua +syn keyword ngxDirectiveThirdParty contained rewrite_by_lua_block +syn keyword ngxDirectiveThirdParty contained rewrite_by_lua_file +syn keyword ngxDirectiveThirdParty contained rewrite_by_lua_no_postpone +syn keyword ngxDirectiveThirdParty contained set_by_lua +syn keyword ngxDirectiveThirdParty contained set_by_lua_block +syn keyword ngxDirectiveThirdParty contained set_by_lua_file +syn keyword ngxDirectiveThirdParty contained ssl_certificate_by_lua_block +syn keyword ngxDirectiveThirdParty contained ssl_certificate_by_lua_file +syn keyword ngxDirectiveThirdParty contained ssl_session_fetch_by_lua_block +syn keyword ngxDirectiveThirdParty contained ssl_session_fetch_by_lua_file +syn keyword ngxDirectiveThirdParty contained ssl_session_store_by_lua_block +syn keyword ngxDirectiveThirdParty contained ssl_session_store_by_lua_file -" Memc Module <https://github.com/openresty/memc-nginx-module> -" An extended version of the standard memcached module that supports set, add, delete, and many more memcached commands. +" ngx_memc - An extended version of the standard memcached module +" https://github.com/openresty/memc-nginx-module syn keyword ngxDirectiveThirdParty contained memc_buffer_size syn keyword ngxDirectiveThirdParty contained memc_cmds_allowed syn keyword ngxDirectiveThirdParty contained memc_connect_timeout syn keyword ngxDirectiveThirdParty contained memc_flags_to_last_modified +syn keyword ngxDirectiveThirdParty contained memc_ignore_client_abort syn keyword ngxDirectiveThirdParty contained memc_next_upstream syn keyword ngxDirectiveThirdParty contained memc_pass syn keyword ngxDirectiveThirdParty contained memc_read_timeout @@ -1203,528 +1324,751 @@ syn keyword ngxDirectiveThirdParty contained memc_upstream_fail_timeout syn keyword ngxDirectiveThirdParty contained memc_upstream_max_fails -" Mod Security Module <https://github.com/SpiderLabs/ModSecurity> -" ModSecurity is an open source, cross platform web application firewall (WAF) engine +" ModSecurity web application firewall +" https://github.com/SpiderLabs/ModSecurity/tree/master syn keyword ngxDirectiveThirdParty contained ModSecurityConfig syn keyword ngxDirectiveThirdParty contained ModSecurityEnabled -syn keyword ngxDirectiveThirdParty contained pool_context syn keyword ngxDirectiveThirdParty contained pool_context_hash_size -" Mogilefs Module <http://www.grid.net.ru/nginx/mogilefs.en.html> -" MogileFS client for nginx web server. -syn keyword ngxDirectiveThirdParty contained mogilefs_pass -syn keyword ngxDirectiveThirdParty contained mogilefs_methods -syn keyword ngxDirectiveThirdParty contained mogilefs_domain -syn keyword ngxDirectiveThirdParty contained mogilefs_class -syn keyword ngxDirectiveThirdParty contained mogilefs_tracker -syn keyword ngxDirectiveThirdParty contained mogilefs_noverify -syn keyword ngxDirectiveThirdParty contained mogilefs_connect_timeout -syn keyword ngxDirectiveThirdParty contained mogilefs_send_timeout -syn keyword ngxDirectiveThirdParty contained mogilefs_read_timeout - -" Mongo Module <https://github.com/simpl/ngx_mongo> -" Upstream module that allows nginx to communicate directly with MongoDB database. -syn keyword ngxDirectiveThirdParty contained mongo_auth -syn keyword ngxDirectiveThirdParty contained mongo_pass -syn keyword ngxDirectiveThirdParty contained mongo_query -syn keyword ngxDirectiveThirdParty contained mongo_json -syn keyword ngxDirectiveThirdParty contained mongo_bind -syn keyword ngxDirectiveThirdParty contained mongo_connect_timeout -syn keyword ngxDirectiveThirdParty contained mongo_send_timeout -syn keyword ngxDirectiveThirdParty contained mongo_read_timeout -syn keyword ngxDirectiveThirdParty contained mongo_buffering -syn keyword ngxDirectiveThirdParty contained mongo_buffer_size -syn keyword ngxDirectiveThirdParty contained mongo_buffers -syn keyword ngxDirectiveThirdParty contained mongo_busy_buffers_size -syn keyword ngxDirectiveThirdParty contained mongo_next_upstream - -" MP4 Streaming Lite Module <https://www.nginx.com/resources/wiki/modules/mp4_streaming/> -" Will seek to a certain time within H.264/MP4 files when provided with a 'start' parameter in the URL. -" syn keyword ngxDirectiveThirdParty contained mp4 - -" NAXSI Module <https://github.com/nbs-system/naxsi> " NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX -syn keyword ngxDirectiveThirdParty contained DeniedUrl denied_url -syn keyword ngxDirectiveThirdParty contained LearningMode learning_mode -syn keyword ngxDirectiveThirdParty contained SecRulesEnabled rules_enabled -syn keyword ngxDirectiveThirdParty contained SecRulesDisabled rules_disabled -syn keyword ngxDirectiveThirdParty contained CheckRule check_rule -syn keyword ngxDirectiveThirdParty contained BasicRule basic_rule -syn keyword ngxDirectiveThirdParty contained MainRule main_rule -syn keyword ngxDirectiveThirdParty contained LibInjectionSql libinjection_sql -syn keyword ngxDirectiveThirdParty contained LibInjectionXss libinjection_xss - -" Nchan Module <https://nchan.slact.net/> -" Fast, horizontally scalable, multiprocess pub/sub queuing server and proxy for HTTP, long-polling, Websockets and EventSource (SSE) -syn keyword ngxDirectiveThirdParty contained nchan_channel_id -syn keyword ngxDirectiveThirdParty contained nchan_channel_id_split_delimiter -syn keyword ngxDirectiveThirdParty contained nchan_eventsource_event -syn keyword ngxDirectiveThirdParty contained nchan_longpoll_multipart_response -syn keyword ngxDirectiveThirdParty contained nchan_publisher -syn keyword ngxDirectiveThirdParty contained nchan_publisher_channel_id -syn keyword ngxDirectiveThirdParty contained nchan_publisher_upstream_request -syn keyword ngxDirectiveThirdParty contained nchan_pubsub -syn keyword ngxDirectiveThirdParty contained nchan_subscribe_request -syn keyword ngxDirectiveThirdParty contained nchan_subscriber -syn keyword ngxDirectiveThirdParty contained nchan_subscriber_channel_id -syn keyword ngxDirectiveThirdParty contained nchan_subscriber_compound_etag_message_id -syn keyword ngxDirectiveThirdParty contained nchan_subscriber_first_message -syn keyword ngxDirectiveThirdParty contained nchan_subscriber_http_raw_stream_separator -syn keyword ngxDirectiveThirdParty contained nchan_subscriber_last_message_id -syn keyword ngxDirectiveThirdParty contained nchan_subscriber_message_id_custom_etag_header -syn keyword ngxDirectiveThirdParty contained nchan_subscriber_timeout -syn keyword ngxDirectiveThirdParty contained nchan_unsubscribe_request -syn keyword ngxDirectiveThirdParty contained nchan_websocket_ping_interval -syn keyword ngxDirectiveThirdParty contained nchan_authorize_request -syn keyword ngxDirectiveThirdParty contained nchan_max_reserved_memory -syn keyword ngxDirectiveThirdParty contained nchan_message_buffer_length -syn keyword ngxDirectiveThirdParty contained nchan_message_timeout -syn keyword ngxDirectiveThirdParty contained nchan_redis_idle_channel_cache_timeout -syn keyword ngxDirectiveThirdParty contained nchan_redis_namespace -syn keyword ngxDirectiveThirdParty contained nchan_redis_pass -syn keyword ngxDirectiveThirdParty contained nchan_redis_ping_interval -syn keyword ngxDirectiveThirdParty contained nchan_redis_server -syn keyword ngxDirectiveThirdParty contained nchan_redis_storage_mode -syn keyword ngxDirectiveThirdParty contained nchan_redis_url -syn keyword ngxDirectiveThirdParty contained nchan_store_messages -syn keyword ngxDirectiveThirdParty contained nchan_use_redis -syn keyword ngxDirectiveThirdParty contained nchan_access_control_allow_origin -syn keyword ngxDirectiveThirdParty contained nchan_channel_group -syn keyword ngxDirectiveThirdParty contained nchan_channel_group_accounting -syn keyword ngxDirectiveThirdParty contained nchan_group_location -syn keyword ngxDirectiveThirdParty contained nchan_group_max_channels -syn keyword ngxDirectiveThirdParty contained nchan_group_max_messages -syn keyword ngxDirectiveThirdParty contained nchan_group_max_messages_disk -syn keyword ngxDirectiveThirdParty contained nchan_group_max_messages_memory -syn keyword ngxDirectiveThirdParty contained nchan_group_max_subscribers -syn keyword ngxDirectiveThirdParty contained nchan_subscribe_existing_channels_only -syn keyword ngxDirectiveThirdParty contained nchan_channel_event_string -syn keyword ngxDirectiveThirdParty contained nchan_channel_events_channel_id -syn keyword ngxDirectiveThirdParty contained nchan_stub_status -syn keyword ngxDirectiveThirdParty contained nchan_max_channel_id_length -syn keyword ngxDirectiveThirdParty contained nchan_max_channel_subscribers -syn keyword ngxDirectiveThirdParty contained nchan_channel_timeout -syn keyword ngxDirectiveThirdParty contained nchan_storage_engine - -" Nginx Notice Module <https://github.com/kr/nginx-notice> -" Serve static file to POST requests. -syn keyword ngxDirectiveThirdParty contained notice -syn keyword ngxDirectiveThirdParty contained notice_type - -" OCSP Proxy Module <https://github.com/kyprizel/nginx_ocsp_proxy-module> -" Nginx OCSP processing module designed for response caching -syn keyword ngxDirectiveThirdParty contained ocsp_proxy -syn keyword ngxDirectiveThirdParty contained ocsp_cache_timeout - -" Eval Module <https://github.com/openresty/nginx-eval-module> -" Module for nginx web server evaluates response of proxy or memcached module into variables. -syn keyword ngxDirectiveThirdParty contained eval -syn keyword ngxDirectiveThirdParty contained eval_escalate -syn keyword ngxDirectiveThirdParty contained eval_buffer_size -syn keyword ngxDirectiveThirdParty contained eval_override_content_type -syn keyword ngxDirectiveThirdParty contained eval_subrequest_in_memory - -" OpenSSL Version Module <https://github.com/apcera/nginx-openssl-version> -" Nginx OpenSSL version check at startup -syn keyword ngxDirectiveThirdParty contained openssl_version_minimum -syn keyword ngxDirectiveThirdParty contained openssl_builddate_minimum - -" Owner Match Module <https://www.nginx.com/resources/wiki/modules/owner_match/> -" Control access for specific owners and groups of files -syn keyword ngxDirectiveThirdParty contained omallow -syn keyword ngxDirectiveThirdParty contained omdeny - -" Accept Language Module <https://www.nginx.com/resources/wiki/modules/accept_language/> -" Parses the Accept-Language header and gives the most suitable locale from a list of supported locales. -syn keyword ngxDirectiveThirdParty contained pagespeed - -" PHP Memcache Standard Balancer Module <https://github.com/replay/ngx_http_php_memcache_standard_balancer> -" Loadbalancer that is compatible to the standard loadbalancer in the php-memcache module -syn keyword ngxDirectiveThirdParty contained hash_key - -" PHP Session Module <https://github.com/replay/ngx_http_php_session> -" Nginx module to parse php sessions -syn keyword ngxDirectiveThirdParty contained php_session_parse -syn keyword ngxDirectiveThirdParty contained php_session_strip_formatting - -" Phusion Passenger Module <https://www.phusionpassenger.com/library/config/nginx/> -" Passenger is an open source web application server. -syn keyword ngxDirectiveThirdParty contained passenger_root -syn keyword ngxDirectiveThirdParty contained passenger_enabled -syn keyword ngxDirectiveThirdParty contained passenger_base_uri -syn keyword ngxDirectiveThirdParty contained passenger_document_root -syn keyword ngxDirectiveThirdParty contained passenger_ruby -syn keyword ngxDirectiveThirdParty contained passenger_python -syn keyword ngxDirectiveThirdParty contained passenger_nodejs -syn keyword ngxDirectiveThirdParty contained passenger_meteor_app_settings +" https://github.com/nbs-system/naxsi +syn keyword ngxDirectiveThirdParty contained BasicRule +syn keyword ngxDirectiveThirdParty contained CheckRule +syn keyword ngxDirectiveThirdParty contained DeniedUrl +syn keyword ngxDirectiveThirdParty contained LearningMode +syn keyword ngxDirectiveThirdParty contained LibInjectionSql +syn keyword ngxDirectiveThirdParty contained LibInjectionXss +syn keyword ngxDirectiveThirdParty contained MainRule +syn keyword ngxDirectiveThirdParty contained SecRulesDisabled +syn keyword ngxDirectiveThirdParty contained SecRulesEnabled +syn keyword ngxDirectiveThirdParty contained basic_rule +syn keyword ngxDirectiveThirdParty contained check_rule +syn keyword ngxDirectiveThirdParty contained denied_url +syn keyword ngxDirectiveThirdParty contained learning_mode +syn keyword ngxDirectiveThirdParty contained libinjection_sql +syn keyword ngxDirectiveThirdParty contained libinjection_xss +syn keyword ngxDirectiveThirdParty contained main_rule +syn keyword ngxDirectiveThirdParty contained rules_disabled +syn keyword ngxDirectiveThirdParty contained rules_enabled + +" Phusion Passenger +" https://www.phusionpassenger.com/library/config/nginx/reference/ +syn keyword ngxDirectiveThirdParty contained passenger_abort_on_startup_error +syn keyword ngxDirectiveThirdParty contained passenger_abort_websockets_on_process_shutdown syn keyword ngxDirectiveThirdParty contained passenger_app_env -syn keyword ngxDirectiveThirdParty contained passenger_app_root +syn keyword ngxDirectiveThirdParty contained passenger_app_file_descriptor_ulimit syn keyword ngxDirectiveThirdParty contained passenger_app_group_name +syn keyword ngxDirectiveThirdParty contained passenger_app_rights +syn keyword ngxDirectiveThirdParty contained passenger_app_root syn keyword ngxDirectiveThirdParty contained passenger_app_type -syn keyword ngxDirectiveThirdParty contained passenger_startup_file -syn keyword ngxDirectiveThirdParty contained passenger_restart_dir -syn keyword ngxDirectiveThirdParty contained passenger_spawn_method -syn keyword ngxDirectiveThirdParty contained passenger_env_var -syn keyword ngxDirectiveThirdParty contained passenger_load_shell_envvars -syn keyword ngxDirectiveThirdParty contained passenger_rolling_restarts -syn keyword ngxDirectiveThirdParty contained passenger_resist_deployment_errors -syn keyword ngxDirectiveThirdParty contained passenger_user_switching -syn keyword ngxDirectiveThirdParty contained passenger_user -syn keyword ngxDirectiveThirdParty contained passenger_group -syn keyword ngxDirectiveThirdParty contained passenger_default_user +syn keyword ngxDirectiveThirdParty contained passenger_base_uri +syn keyword ngxDirectiveThirdParty contained passenger_buffer_response +syn keyword ngxDirectiveThirdParty contained passenger_buffer_size +syn keyword ngxDirectiveThirdParty contained passenger_buffers +syn keyword ngxDirectiveThirdParty contained passenger_busy_buffers_size +syn keyword ngxDirectiveThirdParty contained passenger_concurrency_model +syn keyword ngxDirectiveThirdParty contained passenger_core_file_descriptor_ulimit +syn keyword ngxDirectiveThirdParty contained passenger_ctl +syn keyword ngxDirectiveThirdParty contained passenger_data_buffer_dir +syn keyword ngxDirectiveThirdParty contained passenger_debugger syn keyword ngxDirectiveThirdParty contained passenger_default_group -syn keyword ngxDirectiveThirdParty contained passenger_show_version_in_header -syn keyword ngxDirectiveThirdParty contained passenger_friendly_error_pages +syn keyword ngxDirectiveThirdParty contained passenger_default_user syn keyword ngxDirectiveThirdParty contained passenger_disable_security_update_check -syn keyword ngxDirectiveThirdParty contained passenger_security_update_check_proxy -syn keyword ngxDirectiveThirdParty contained passenger_max_pool_size -syn keyword ngxDirectiveThirdParty contained passenger_min_instances +syn keyword ngxDirectiveThirdParty contained passenger_document_root +syn keyword ngxDirectiveThirdParty contained passenger_enabled +syn keyword ngxDirectiveThirdParty contained passenger_env_var +syn keyword ngxDirectiveThirdParty contained passenger_file_descriptor_log_file +syn keyword ngxDirectiveThirdParty contained passenger_fly_with +syn keyword ngxDirectiveThirdParty contained passenger_force_max_concurrent_requests_per_process +syn keyword ngxDirectiveThirdParty contained passenger_friendly_error_pages +syn keyword ngxDirectiveThirdParty contained passenger_group +syn keyword ngxDirectiveThirdParty contained passenger_headers_hash_bucket_size +syn keyword ngxDirectiveThirdParty contained passenger_headers_hash_max_size +syn keyword ngxDirectiveThirdParty contained passenger_ignore_client_abort +syn keyword ngxDirectiveThirdParty contained passenger_ignore_headers +syn keyword ngxDirectiveThirdParty contained passenger_instance_registry_dir +syn keyword ngxDirectiveThirdParty contained passenger_intercept_errors +syn keyword ngxDirectiveThirdParty contained passenger_load_shell_envvars +syn keyword ngxDirectiveThirdParty contained passenger_log_file +syn keyword ngxDirectiveThirdParty contained passenger_log_level syn keyword ngxDirectiveThirdParty contained passenger_max_instances syn keyword ngxDirectiveThirdParty contained passenger_max_instances_per_app -syn keyword ngxDirectiveThirdParty contained passenger_pool_idle_time +syn keyword ngxDirectiveThirdParty contained passenger_max_pool_size syn keyword ngxDirectiveThirdParty contained passenger_max_preloader_idle_time -syn keyword ngxDirectiveThirdParty contained passenger_force_max_concurrent_requests_per_process -syn keyword ngxDirectiveThirdParty contained passenger_start_timeout -syn keyword ngxDirectiveThirdParty contained passenger_concurrency_model -syn keyword ngxDirectiveThirdParty contained passenger_thread_count -syn keyword ngxDirectiveThirdParty contained passenger_max_requests +syn keyword ngxDirectiveThirdParty contained passenger_max_request_queue_size +syn keyword ngxDirectiveThirdParty contained passenger_max_request_queue_time syn keyword ngxDirectiveThirdParty contained passenger_max_request_time +syn keyword ngxDirectiveThirdParty contained passenger_max_requests syn keyword ngxDirectiveThirdParty contained passenger_memory_limit -syn keyword ngxDirectiveThirdParty contained passenger_stat_throttle_rate -syn keyword ngxDirectiveThirdParty contained passenger_core_file_descriptor_ulimit -syn keyword ngxDirectiveThirdParty contained passenger_app_file_descriptor_ulimit +syn keyword ngxDirectiveThirdParty contained passenger_meteor_app_settings +syn keyword ngxDirectiveThirdParty contained passenger_min_instances +syn keyword ngxDirectiveThirdParty contained passenger_nodejs +syn keyword ngxDirectiveThirdParty contained passenger_pass_header +syn keyword ngxDirectiveThirdParty contained passenger_pool_idle_time syn keyword ngxDirectiveThirdParty contained passenger_pre_start -syn keyword ngxDirectiveThirdParty contained passenger_set_header -syn keyword ngxDirectiveThirdParty contained passenger_max_request_queue_size +syn keyword ngxDirectiveThirdParty contained passenger_python +syn keyword ngxDirectiveThirdParty contained passenger_read_timeout syn keyword ngxDirectiveThirdParty contained passenger_request_queue_overflow_status_code -syn keyword ngxDirectiveThirdParty contained passenger_sticky_sessions -syn keyword ngxDirectiveThirdParty contained passenger_sticky_sessions_cookie_name -syn keyword ngxDirectiveThirdParty contained passenger_abort_websockets_on_process_shutdown -syn keyword ngxDirectiveThirdParty contained passenger_ignore_client_abort -syn keyword ngxDirectiveThirdParty contained passenger_intercept_errors -syn keyword ngxDirectiveThirdParty contained passenger_pass_header -syn keyword ngxDirectiveThirdParty contained passenger_ignore_headers -syn keyword ngxDirectiveThirdParty contained passenger_headers_hash_bucket_size -syn keyword ngxDirectiveThirdParty contained passenger_headers_hash_max_size -syn keyword ngxDirectiveThirdParty contained passenger_buffer_response +syn keyword ngxDirectiveThirdParty contained passenger_resist_deployment_errors syn keyword ngxDirectiveThirdParty contained passenger_response_buffer_high_watermark -syn keyword ngxDirectiveThirdParty contained passenger_buffer_size, passenger_buffers, passenger_busy_buffers_size +syn keyword ngxDirectiveThirdParty contained passenger_restart_dir +syn keyword ngxDirectiveThirdParty contained passenger_rolling_restarts +syn keyword ngxDirectiveThirdParty contained passenger_root +syn keyword ngxDirectiveThirdParty contained passenger_ruby +syn keyword ngxDirectiveThirdParty contained passenger_security_update_check_proxy +syn keyword ngxDirectiveThirdParty contained passenger_set_header +syn keyword ngxDirectiveThirdParty contained passenger_show_version_in_header syn keyword ngxDirectiveThirdParty contained passenger_socket_backlog -syn keyword ngxDirectiveThirdParty contained passenger_log_level -syn keyword ngxDirectiveThirdParty contained passenger_log_file -syn keyword ngxDirectiveThirdParty contained passenger_file_descriptor_log_file -syn keyword ngxDirectiveThirdParty contained passenger_debugger -syn keyword ngxDirectiveThirdParty contained passenger_instance_registry_dir -syn keyword ngxDirectiveThirdParty contained passenger_data_buffer_dir -syn keyword ngxDirectiveThirdParty contained passenger_fly_with -syn keyword ngxDirectiveThirdParty contained union_station_support -syn keyword ngxDirectiveThirdParty contained union_station_key -syn keyword ngxDirectiveThirdParty contained union_station_proxy_address -syn keyword ngxDirectiveThirdParty contained union_station_filter -syn keyword ngxDirectiveThirdParty contained union_station_gateway_address -syn keyword ngxDirectiveThirdParty contained union_station_gateway_port -syn keyword ngxDirectiveThirdParty contained union_station_gateway_cert -syn keyword ngxDirectiveDeprecated contained rails_spawn_method -syn keyword ngxDirectiveDeprecated contained passenger_debug_log_file +syn keyword ngxDirectiveThirdParty contained passenger_spawn_method +syn keyword ngxDirectiveThirdParty contained passenger_start_timeout +syn keyword ngxDirectiveThirdParty contained passenger_startup_file +syn keyword ngxDirectiveThirdParty contained passenger_stat_throttle_rate +syn keyword ngxDirectiveThirdParty contained passenger_sticky_sessions +syn keyword ngxDirectiveThirdParty contained passenger_sticky_sessions_cookie_name +syn keyword ngxDirectiveThirdParty contained passenger_thread_count +syn keyword ngxDirectiveThirdParty contained passenger_turbocaching +syn keyword ngxDirectiveThirdParty contained passenger_user +syn keyword ngxDirectiveThirdParty contained passenger_user_switching +syn keyword ngxDirectiveThirdParty contained passenger_vary_turbocache_by_cookie +syn keyword ngxDirectiveThirdPartyDeprecated contained passenger_analytics_log_group +syn keyword ngxDirectiveThirdPartyDeprecated contained passenger_analytics_log_user +syn keyword ngxDirectiveThirdPartyDeprecated contained passenger_debug_log_file +syn keyword ngxDirectiveThirdPartyDeprecated contained passenger_use_global_queue +syn keyword ngxDirectiveThirdPartyDeprecated contained rack_env +syn keyword ngxDirectiveThirdPartyDeprecated contained rails_app_spawner_idle_time +syn keyword ngxDirectiveThirdPartyDeprecated contained rails_env +syn keyword ngxDirectiveThirdPartyDeprecated contained rails_framework_spawner_idle_time +syn keyword ngxDirectiveThirdPartyDeprecated contained rails_spawn_method +syn keyword ngxDirectiveThirdPartyDeprecated contained union_station_filter +syn keyword ngxDirectiveThirdPartyDeprecated contained union_station_gateway_address +syn keyword ngxDirectiveThirdPartyDeprecated contained union_station_gateway_cert +syn keyword ngxDirectiveThirdPartyDeprecated contained union_station_gateway_port +syn keyword ngxDirectiveThirdPartyDeprecated contained union_station_key +syn keyword ngxDirectiveThirdPartyDeprecated contained union_station_proxy_address +syn keyword ngxDirectiveThirdPartyDeprecated contained union_station_support + +" ngx_postgres is an upstream module that allows nginx to communicate directly with PostgreSQL database +" https://github.com/FRiCKLE/ngx_postgres +syn keyword ngxDirectiveThirdParty contained postgres_connect_timeout +syn keyword ngxDirectiveThirdParty contained postgres_escape +syn keyword ngxDirectiveThirdParty contained postgres_keepalive +syn keyword ngxDirectiveThirdParty contained postgres_output +syn keyword ngxDirectiveThirdParty contained postgres_pass +syn keyword ngxDirectiveThirdParty contained postgres_query +syn keyword ngxDirectiveThirdParty contained postgres_result_timeout +syn keyword ngxDirectiveThirdParty contained postgres_rewrite +syn keyword ngxDirectiveThirdParty contained postgres_server +syn keyword ngxDirectiveThirdParty contained postgres_set + +" ngx_rds_csv - Nginx output filter module to convert Resty-DBD-Streams (RDS) to Comma-Separated Values (CSV) +" https://github.com/openresty/rds-csv-nginx-module +syn keyword ngxDirectiveThirdParty contained rds_csv +syn keyword ngxDirectiveThirdParty contained rds_csv_buffer_size +syn keyword ngxDirectiveThirdParty contained rds_csv_content_type +syn keyword ngxDirectiveThirdParty contained rds_csv_field_name_header +syn keyword ngxDirectiveThirdParty contained rds_csv_field_separator +syn keyword ngxDirectiveThirdParty contained rds_csv_row_terminator + +" ngx_rds_json - an output filter that formats Resty DBD Streams generated by ngx_drizzle and others to JSON +" https://github.com/openresty/rds-json-nginx-module +syn keyword ngxDirectiveThirdParty contained rds_json +syn keyword ngxDirectiveThirdParty contained rds_json_buffer_size +syn keyword ngxDirectiveThirdParty contained rds_json_content_type +syn keyword ngxDirectiveThirdParty contained rds_json_errcode_key +syn keyword ngxDirectiveThirdParty contained rds_json_errstr_key +syn keyword ngxDirectiveThirdParty contained rds_json_format +syn keyword ngxDirectiveThirdParty contained rds_json_ret +syn keyword ngxDirectiveThirdParty contained rds_json_root +syn keyword ngxDirectiveThirdParty contained rds_json_success_property +syn keyword ngxDirectiveThirdParty contained rds_json_user_property + +" ngx_redis2 - Nginx upstream module for the Redis 2.0 protocol +" https://github.com/openresty/redis2-nginx-module +syn keyword ngxDirectiveThirdParty contained redis2_bind +syn keyword ngxDirectiveThirdParty contained redis2_buffer_size +syn keyword ngxDirectiveThirdParty contained redis2_connect_timeout +syn keyword ngxDirectiveThirdParty contained redis2_literal_raw_query +syn keyword ngxDirectiveThirdParty contained redis2_next_upstream +syn keyword ngxDirectiveThirdParty contained redis2_pass +syn keyword ngxDirectiveThirdParty contained redis2_query +syn keyword ngxDirectiveThirdParty contained redis2_raw_queries +syn keyword ngxDirectiveThirdParty contained redis2_raw_query +syn keyword ngxDirectiveThirdParty contained redis2_read_timeout +syn keyword ngxDirectiveThirdParty contained redis2_send_timeout + +" NGINX-based Media Streaming Server +" https://github.com/arut/nginx-rtmp-module +syn keyword ngxDirectiveThirdParty contained ack_window +syn keyword ngxDirectiveThirdParty contained application +syn keyword ngxDirectiveThirdParty contained buffer +syn keyword ngxDirectiveThirdParty contained buflen +syn keyword ngxDirectiveThirdParty contained busy +syn keyword ngxDirectiveThirdParty contained chunk_size +syn keyword ngxDirectiveThirdParty contained dash +syn keyword ngxDirectiveThirdParty contained dash_cleanup +syn keyword ngxDirectiveThirdParty contained dash_fragment +syn keyword ngxDirectiveThirdParty contained dash_nested +syn keyword ngxDirectiveThirdParty contained dash_path +syn keyword ngxDirectiveThirdParty contained dash_playlist_length +syn keyword ngxDirectiveThirdParty contained drop_idle_publisher +syn keyword ngxDirectiveThirdParty contained exec +syn keyword ngxDirectiveThirdParty contained exec_block +syn keyword ngxDirectiveThirdParty contained exec_kill_signal +syn keyword ngxDirectiveThirdParty contained exec_options +syn keyword ngxDirectiveThirdParty contained exec_play +syn keyword ngxDirectiveThirdParty contained exec_play_done +syn keyword ngxDirectiveThirdParty contained exec_publish +syn keyword ngxDirectiveThirdParty contained exec_publish_done +syn keyword ngxDirectiveThirdParty contained exec_pull +syn keyword ngxDirectiveThirdParty contained exec_push +syn keyword ngxDirectiveThirdParty contained exec_record_done +syn keyword ngxDirectiveThirdParty contained exec_static +syn keyword ngxDirectiveThirdParty contained hls_audio_buffer_size +syn keyword ngxDirectiveThirdParty contained hls_base_url +syn keyword ngxDirectiveThirdParty contained hls_cleanup +syn keyword ngxDirectiveThirdParty contained hls_continuous +syn keyword ngxDirectiveThirdParty contained hls_fragment_naming +syn keyword ngxDirectiveThirdParty contained hls_fragment_naming_granularity +syn keyword ngxDirectiveThirdParty contained hls_fragment_slicing +syn keyword ngxDirectiveThirdParty contained hls_fragments_per_key +syn keyword ngxDirectiveThirdParty contained hls_key_path +syn keyword ngxDirectiveThirdParty contained hls_key_url +syn keyword ngxDirectiveThirdParty contained hls_keys +syn keyword ngxDirectiveThirdParty contained hls_max_audio_delay +syn keyword ngxDirectiveThirdParty contained hls_max_fragment +syn keyword ngxDirectiveThirdParty contained hls_muxdelay +syn keyword ngxDirectiveThirdParty contained hls_nested +syn keyword ngxDirectiveThirdParty contained hls_path +syn keyword ngxDirectiveThirdParty contained hls_playlist_length +syn keyword ngxDirectiveThirdParty contained hls_sync +syn keyword ngxDirectiveThirdParty contained hls_type +syn keyword ngxDirectiveThirdParty contained hls_variant +syn keyword ngxDirectiveThirdParty contained idle_streams +syn keyword ngxDirectiveThirdParty contained interleave +syn keyword ngxDirectiveThirdParty contained live +syn keyword ngxDirectiveThirdParty contained max_connections +syn keyword ngxDirectiveThirdParty contained max_message +syn keyword ngxDirectiveThirdParty contained max_streams +syn keyword ngxDirectiveThirdParty contained meta +syn keyword ngxDirectiveThirdParty contained netcall_buffer +syn keyword ngxDirectiveThirdParty contained netcall_timeout +syn keyword ngxDirectiveThirdParty contained notify_method +syn keyword ngxDirectiveThirdParty contained notify_relay_redirect +syn keyword ngxDirectiveThirdParty contained notify_update_strict +syn keyword ngxDirectiveThirdParty contained notify_update_timeout +syn keyword ngxDirectiveThirdParty contained on_connect +syn keyword ngxDirectiveThirdParty contained on_disconnect +syn keyword ngxDirectiveThirdParty contained on_done +syn keyword ngxDirectiveThirdParty contained on_play +syn keyword ngxDirectiveThirdParty contained on_play_done +syn keyword ngxDirectiveThirdParty contained on_publish +syn keyword ngxDirectiveThirdParty contained on_publish_done +syn keyword ngxDirectiveThirdParty contained on_record_done +syn keyword ngxDirectiveThirdParty contained on_update +syn keyword ngxDirectiveThirdParty contained out_cork +syn keyword ngxDirectiveThirdParty contained out_queue +syn keyword ngxDirectiveThirdParty contained ping +syn keyword ngxDirectiveThirdParty contained ping_timeout +syn keyword ngxDirectiveThirdParty contained play +syn keyword ngxDirectiveThirdParty contained play_local_path +syn keyword ngxDirectiveThirdParty contained play_restart +syn keyword ngxDirectiveThirdParty contained play_temp_path +syn keyword ngxDirectiveThirdParty contained play_time_fix +syn keyword ngxDirectiveThirdParty contained publish_notify +syn keyword ngxDirectiveThirdParty contained publish_time_fix +syn keyword ngxDirectiveThirdParty contained pull +syn keyword ngxDirectiveThirdParty contained pull_reconnect +syn keyword ngxDirectiveThirdParty contained push +syn keyword ngxDirectiveThirdParty contained push_reconnect +syn keyword ngxDirectiveThirdParty contained record +syn keyword ngxDirectiveThirdParty contained record_append +syn keyword ngxDirectiveThirdParty contained record_interval +syn keyword ngxDirectiveThirdParty contained record_lock +syn keyword ngxDirectiveThirdParty contained record_max_frames +syn keyword ngxDirectiveThirdParty contained record_max_size +syn keyword ngxDirectiveThirdParty contained record_notify +syn keyword ngxDirectiveThirdParty contained record_path +syn keyword ngxDirectiveThirdParty contained record_suffix +syn keyword ngxDirectiveThirdParty contained record_unique +syn keyword ngxDirectiveThirdParty contained recorder +syn keyword ngxDirectiveThirdParty contained relay_buffer +syn keyword ngxDirectiveThirdParty contained respawn +syn keyword ngxDirectiveThirdParty contained respawn_timeout +syn keyword ngxDirectiveThirdParty contained rtmp +syn keyword ngxDirectiveThirdParty contained rtmp_auto_push +syn keyword ngxDirectiveThirdParty contained rtmp_auto_push_reconnect +syn keyword ngxDirectiveThirdParty contained rtmp_control +syn keyword ngxDirectiveThirdParty contained rtmp_socket_dir +syn keyword ngxDirectiveThirdParty contained rtmp_stat +syn keyword ngxDirectiveThirdParty contained rtmp_stat_stylesheet +syn keyword ngxDirectiveThirdParty contained session_relay +syn keyword ngxDirectiveThirdParty contained so_keepalive +syn keyword ngxDirectiveThirdParty contained stream_buckets +syn keyword ngxDirectiveThirdParty contained sync +syn keyword ngxDirectiveThirdParty contained wait_key +syn keyword ngxDirectiveThirdParty contained wait_video + +" ngx_set_misc - Various set_xxx directives added to nginx's rewrite module (md5/sha1, sql/json quoting, and many more) +" https://github.com/openresty/set-misc-nginx-module +syn keyword ngxDirectiveThirdParty contained set_base32_alphabet +syn keyword ngxDirectiveThirdParty contained set_base32_padding +syn keyword ngxDirectiveThirdParty contained set_decode_base32 +syn keyword ngxDirectiveThirdParty contained set_decode_base64 +syn keyword ngxDirectiveThirdParty contained set_decode_hex +syn keyword ngxDirectiveThirdParty contained set_encode_base32 +syn keyword ngxDirectiveThirdParty contained set_encode_base64 +syn keyword ngxDirectiveThirdParty contained set_encode_hex +syn keyword ngxDirectiveThirdParty contained set_escape_uri +syn keyword ngxDirectiveThirdParty contained set_formatted_gmt_time +syn keyword ngxDirectiveThirdParty contained set_formatted_local_time +syn keyword ngxDirectiveThirdParty contained set_hashed_upstream +syn keyword ngxDirectiveThirdParty contained set_hmac_sha1 +syn keyword ngxDirectiveThirdParty contained set_if_empty +syn keyword ngxDirectiveThirdParty contained set_local_today +syn keyword ngxDirectiveThirdParty contained set_misc_base32_padding +syn keyword ngxDirectiveThirdParty contained set_quote_json_str +syn keyword ngxDirectiveThirdParty contained set_quote_pgsql_str +syn keyword ngxDirectiveThirdParty contained set_quote_sql_str +syn keyword ngxDirectiveThirdParty contained set_random +syn keyword ngxDirectiveThirdParty contained set_rotate +syn keyword ngxDirectiveThirdParty contained set_secure_random_alphanum +syn keyword ngxDirectiveThirdParty contained set_secure_random_lcalpha +syn keyword ngxDirectiveThirdParty contained set_unescape_uri + +" nginx-sflow-module +" https://github.com/sflow/nginx-sflow-module +syn keyword ngxDirectiveThirdParty contained sflow + +" Shibboleth auth request module for Nginx +" https://github.com/nginx-shib/nginx-http-shibboleth +syn keyword ngxDirectiveThirdParty contained shib_request +syn keyword ngxDirectiveThirdParty contained shib_request_set +syn keyword ngxDirectiveThirdParty contained shib_request_use_headers + +" nginx module which adds ability to cache static files +" https://github.com/FRiCKLE/ngx_slowfs_cache +syn keyword ngxDirectiveThirdParty contained slowfs_big_file_size +syn keyword ngxDirectiveThirdParty contained slowfs_cache +syn keyword ngxDirectiveThirdParty contained slowfs_cache_key +syn keyword ngxDirectiveThirdParty contained slowfs_cache_min_uses +syn keyword ngxDirectiveThirdParty contained slowfs_cache_path +syn keyword ngxDirectiveThirdParty contained slowfs_cache_purge +syn keyword ngxDirectiveThirdParty contained slowfs_cache_valid +syn keyword ngxDirectiveThirdParty contained slowfs_temp_path + +" Dynamic Image Transformation Module For nginx +" https://github.com/cubicdaiya/ngx_small_light +syn keyword ngxDirectiveThirdParty contained small_light +syn keyword ngxDirectiveThirdParty contained small_light_buffer +syn keyword ngxDirectiveThirdParty contained small_light_getparam_mode +syn keyword ngxDirectiveThirdParty contained small_light_imlib2_temp_dir +syn keyword ngxDirectiveThirdParty contained small_light_material_dir +syn keyword ngxDirectiveThirdParty contained small_light_pattern_define +syn keyword ngxDirectiveThirdParty contained small_light_radius_max +syn keyword ngxDirectiveThirdParty contained small_light_sigma_max + +" ngx_srcache - Transparent subrequest-based caching layout for arbitrary nginx locations +" https://github.com/openresty/srcache-nginx-module +syn keyword ngxDirectiveThirdParty contained srcache_buffer +syn keyword ngxDirectiveThirdParty contained srcache_default_expire +syn keyword ngxDirectiveThirdParty contained srcache_fetch +syn keyword ngxDirectiveThirdParty contained srcache_fetch_skip +syn keyword ngxDirectiveThirdParty contained srcache_header_buffer_size +syn keyword ngxDirectiveThirdParty contained srcache_ignore_content_encoding +syn keyword ngxDirectiveThirdParty contained srcache_max_expire +syn keyword ngxDirectiveThirdParty contained srcache_methods +syn keyword ngxDirectiveThirdParty contained srcache_request_cache_control +syn keyword ngxDirectiveThirdParty contained srcache_response_cache_control +syn keyword ngxDirectiveThirdParty contained srcache_store +syn keyword ngxDirectiveThirdParty contained srcache_store_hide_header +syn keyword ngxDirectiveThirdParty contained srcache_store_max_size +syn keyword ngxDirectiveThirdParty contained srcache_store_no_cache +syn keyword ngxDirectiveThirdParty contained srcache_store_no_store +syn keyword ngxDirectiveThirdParty contained srcache_store_pass_header +syn keyword ngxDirectiveThirdParty contained srcache_store_private +syn keyword ngxDirectiveThirdParty contained srcache_store_ranges +syn keyword ngxDirectiveThirdParty contained srcache_store_skip +syn keyword ngxDirectiveThirdParty contained srcache_store_statuses + +" NGINX-based VOD Packager +" https://github.com/kaltura/nginx-vod-module +syn keyword ngxDirectiveThirdParty contained vod +syn keyword ngxDirectiveThirdParty contained vod_align_segments_to_key_frames +syn keyword ngxDirectiveThirdParty contained vod_apply_dynamic_mapping +syn keyword ngxDirectiveThirdParty contained vod_base_url +syn keyword ngxDirectiveThirdParty contained vod_bootstrap_segment_durations +syn keyword ngxDirectiveThirdParty contained vod_cache_buffer_size +syn keyword ngxDirectiveThirdParty contained vod_clip_from_param_name +syn keyword ngxDirectiveThirdParty contained vod_clip_to_param_name +syn keyword ngxDirectiveThirdParty contained vod_drm_clear_lead_segment_count +syn keyword ngxDirectiveThirdParty contained vod_drm_enabled +syn keyword ngxDirectiveThirdParty contained vod_drm_info_cache +syn keyword ngxDirectiveThirdParty contained vod_drm_max_info_length +syn keyword ngxDirectiveThirdParty contained vod_drm_request_uri +syn keyword ngxDirectiveThirdParty contained vod_drm_single_key +syn keyword ngxDirectiveThirdParty contained vod_drm_upstream_location +syn keyword ngxDirectiveThirdParty contained vod_dynamic_clip_map_uri +syn keyword ngxDirectiveThirdParty contained vod_dynamic_mapping_cache +syn keyword ngxDirectiveThirdParty contained vod_encryption_iv_seed +syn keyword ngxDirectiveThirdParty contained vod_expires +syn keyword ngxDirectiveThirdParty contained vod_expires_live +syn keyword ngxDirectiveThirdParty contained vod_expires_live_time_dependent +syn keyword ngxDirectiveThirdParty contained vod_fallback_upstream_location +syn keyword ngxDirectiveThirdParty contained vod_force_continuous_timestamps +syn keyword ngxDirectiveThirdParty contained vod_force_playlist_type_vod +syn keyword ngxDirectiveThirdParty contained vod_gop_look_ahead +syn keyword ngxDirectiveThirdParty contained vod_gop_look_behind +syn keyword ngxDirectiveThirdParty contained vod_ignore_edit_list +syn keyword ngxDirectiveThirdParty contained vod_initial_read_size +syn keyword ngxDirectiveThirdParty contained vod_lang_param_name +syn keyword ngxDirectiveThirdParty contained vod_last_modified +syn keyword ngxDirectiveThirdParty contained vod_last_modified_types +syn keyword ngxDirectiveThirdParty contained vod_live_mapping_cache +syn keyword ngxDirectiveThirdParty contained vod_live_response_cache +syn keyword ngxDirectiveThirdParty contained vod_live_window_duration +syn keyword ngxDirectiveThirdParty contained vod_manifest_duration_policy +syn keyword ngxDirectiveThirdParty contained vod_manifest_segment_durations_mode +syn keyword ngxDirectiveThirdParty contained vod_mapping_cache +syn keyword ngxDirectiveThirdParty contained vod_max_frames_size +syn keyword ngxDirectiveThirdParty contained vod_max_mapping_response_size +syn keyword ngxDirectiveThirdParty contained vod_max_metadata_size +syn keyword ngxDirectiveThirdParty contained vod_max_upstream_headers_size +syn keyword ngxDirectiveThirdParty contained vod_media_set_map_uri +syn keyword ngxDirectiveThirdParty contained vod_media_set_override_json +syn keyword ngxDirectiveThirdParty contained vod_metadata_cache +syn keyword ngxDirectiveThirdParty contained vod_min_single_nalu_per_frame_segment +syn keyword ngxDirectiveThirdParty contained vod_mode +syn keyword ngxDirectiveThirdParty contained vod_multi_uri_suffix +syn keyword ngxDirectiveThirdParty contained vod_notification_uri +syn keyword ngxDirectiveThirdParty contained vod_open_file_thread_pool +syn keyword ngxDirectiveThirdParty contained vod_output_buffer_pool +syn keyword ngxDirectiveThirdParty contained vod_parse_hdlr_name +syn keyword ngxDirectiveThirdParty contained vod_path_response_postfix +syn keyword ngxDirectiveThirdParty contained vod_path_response_prefix +syn keyword ngxDirectiveThirdParty contained vod_performance_counters +syn keyword ngxDirectiveThirdParty contained vod_proxy_header_name +syn keyword ngxDirectiveThirdParty contained vod_proxy_header_value +syn keyword ngxDirectiveThirdParty contained vod_redirect_segments_url +syn keyword ngxDirectiveThirdParty contained vod_remote_upstream_location +syn keyword ngxDirectiveThirdParty contained vod_response_cache +syn keyword ngxDirectiveThirdParty contained vod_secret_key +syn keyword ngxDirectiveThirdParty contained vod_segment_count_policy +syn keyword ngxDirectiveThirdParty contained vod_segment_duration +syn keyword ngxDirectiveThirdParty contained vod_segments_base_url +syn keyword ngxDirectiveThirdParty contained vod_source_clip_map_uri +syn keyword ngxDirectiveThirdParty contained vod_speed_param_name +syn keyword ngxDirectiveThirdParty contained vod_status +syn keyword ngxDirectiveThirdParty contained vod_time_shift_param_name +syn keyword ngxDirectiveThirdParty contained vod_tracks_param_name +syn keyword ngxDirectiveThirdParty contained vod_upstream_extra_args +syn keyword ngxDirectiveThirdParty contained vod_upstream_location + +" Nginx virtual host traffic status module +" https://github.com/vozlt/nginx-module-vts +syn keyword ngxDirectiveThirdParty contained vhost_traffic_status +syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_average_method +syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_bypass_limit +syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_bypass_stats +syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_display +syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_display_format +syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_display_jsonp +syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_display_sum_key +syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_dump +syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter +syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter_by_host +syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter_by_set_key +syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter_check_duplicate +syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_limit +syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_limit_check_duplicate +syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_limit_traffic +syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_limit_traffic_by_set_key +syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_set_by_filter +syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_zone + +" xss-nginx-module - Native cross-site scripting support in nginx +" https://github.com/openresty/xss-nginx-module +syn keyword ngxDirectiveThirdParty contained xss_callback_arg +syn keyword ngxDirectiveThirdParty contained xss_check_status +syn keyword ngxDirectiveThirdParty contained xss_get +syn keyword ngxDirectiveThirdParty contained xss_input_types +syn keyword ngxDirectiveThirdParty contained xss_output_type +syn keyword ngxDirectiveThirdParty contained xss_override_status + +" Add support for array-typed variables to nginx config files +" https://github.com/openresty/array-var-nginx-module +syn keyword ngxDirectiveThirdParty contained array_join +syn keyword ngxDirectiveThirdParty contained array_map +syn keyword ngxDirectiveThirdParty contained array_map_op +syn keyword ngxDirectiveThirdParty contained array_split + +" NGINX module for Brotli compression +" https://github.com/eustas/ngx_brotli +syn keyword ngxDirectiveThirdParty contained brotli +syn keyword ngxDirectiveThirdParty contained brotli_buffers +syn keyword ngxDirectiveThirdParty contained brotli_comp_level +syn keyword ngxDirectiveThirdParty contained brotli_min_length +syn keyword ngxDirectiveThirdParty contained brotli_static +syn keyword ngxDirectiveThirdParty contained brotli_types +syn keyword ngxDirectiveThirdParty contained brotli_window + +" form-input-nginx-module +" https://github.com/calio/form-input-nginx-module +syn keyword ngxDirectiveThirdParty contained set_form_input +syn keyword ngxDirectiveThirdParty contained set_form_input_multi + +" character conversion nginx module using libiconv +" https://github.com/calio/iconv-nginx-module +syn keyword ngxDirectiveThirdParty contained iconv_buffer_size +syn keyword ngxDirectiveThirdParty contained iconv_filter +syn keyword ngxDirectiveThirdParty contained set_iconv + +" 3rd party modules list taken from +" https://www.nginx.com/resources/wiki/modules/ +" --------------------------------------------- + +" Nginx Module for Authenticating Akamai G2O requests +" https://github.com/kaltura/nginx_mod_akamai_g2o +syn keyword ngxDirectiveThirdParty contained g2o +syn keyword ngxDirectiveThirdParty contained g2o_data_header +syn keyword ngxDirectiveThirdParty contained g2o_hash_function +syn keyword ngxDirectiveThirdParty contained g2o_key +syn keyword ngxDirectiveThirdParty contained g2o_log_level +syn keyword ngxDirectiveThirdParty contained g2o_nonce +syn keyword ngxDirectiveThirdParty contained g2o_sign_header +syn keyword ngxDirectiveThirdParty contained g2o_time_window +syn keyword ngxDirectiveThirdParty contained g2o_version + +" nginx_lua_module +" https://github.com/alacner/nginx_lua_module +syn keyword ngxDirectiveThirdParty contained lua_file + +" Nginx Audio Track for HTTP Live Streaming +" https://github.com/flavioribeiro/nginx-audio-track-for-hls-module +syn keyword ngxDirectiveThirdParty contained ngx_hls_audio_track +syn keyword ngxDirectiveThirdParty contained ngx_hls_audio_track_output_format +syn keyword ngxDirectiveThirdParty contained ngx_hls_audio_track_output_header +syn keyword ngxDirectiveThirdParty contained ngx_hls_audio_track_rootpath + +" A Nginx module to dump backtrace when a worker process exits abnormally +" https://github.com/alibaba/nginx-backtrace +syn keyword ngxDirectiveThirdParty contained backtrace_log +syn keyword ngxDirectiveThirdParty contained backtrace_max_stack_size + +" circle_gif module +" https://github.com/evanmiller/nginx_circle_gif +syn keyword ngxDirectiveThirdParty contained circle_gif +syn keyword ngxDirectiveThirdParty contained circle_gif_max_radius +syn keyword ngxDirectiveThirdParty contained circle_gif_min_radius +syn keyword ngxDirectiveThirdParty contained circle_gif_step_radius + +" Upstream Consistent Hash +" https://github.com/replay/ngx_http_consistent_hash +syn keyword ngxDirectiveThirdParty contained consistent_hash + +" Nginx module for etags on dynamic content +" https://github.com/kali/nginx-dynamic-etags +syn keyword ngxDirectiveThirdParty contained dynamic_etags + +" Enhanced Nginx Memcached Module +" https://github.com/bpaquet/ngx_http_enhanced_memcached_module +syn keyword ngxDirectiveThirdParty contained enhanced_memcached_allow_delete +syn keyword ngxDirectiveThirdParty contained enhanced_memcached_allow_put +syn keyword ngxDirectiveThirdParty contained enhanced_memcached_bind +syn keyword ngxDirectiveThirdParty contained enhanced_memcached_buffer_size +syn keyword ngxDirectiveThirdParty contained enhanced_memcached_connect_timeout +syn keyword ngxDirectiveThirdParty contained enhanced_memcached_flush +syn keyword ngxDirectiveThirdParty contained enhanced_memcached_flush_namespace +syn keyword ngxDirectiveThirdParty contained enhanced_memcached_hash_keys_with_md5 +syn keyword ngxDirectiveThirdParty contained enhanced_memcached_pass +syn keyword ngxDirectiveThirdParty contained enhanced_memcached_read_timeout +syn keyword ngxDirectiveThirdParty contained enhanced_memcached_send_timeout +syn keyword ngxDirectiveThirdParty contained enhanced_memcached_stats + +" nginx max connections queue +" https://github.com/ezmobius/nginx-ey-balancer +syn keyword ngxDirectiveThirdParty contained max_connections_max_queue_length +syn keyword ngxDirectiveThirdParty contained max_connections_queue_timeout + +" Nginx module for POST authentication and authorization +" https://github.com/veruu/ngx_form_auth +syn keyword ngxDirectiveThirdParty contained form_auth +syn keyword ngxDirectiveThirdParty contained form_auth_login +syn keyword ngxDirectiveThirdParty contained form_auth_pam_service +syn keyword ngxDirectiveThirdParty contained form_auth_password +syn keyword ngxDirectiveThirdParty contained form_auth_remote_user + +" ngx_http_accounting_module +" https://github.com/Lax/ngx_http_accounting_module +syn keyword ngxDirectiveThirdParty contained http_accounting +syn keyword ngxDirectiveThirdParty contained http_accounting_id +syn keyword ngxDirectiveThirdParty contained http_accounting_interval +syn keyword ngxDirectiveThirdParty contained http_accounting_log +syn keyword ngxDirectiveThirdParty contained http_accounting_perturb + +" concatenating files in a given context: CSS and JS files usually +" https://github.com/alibaba/nginx-http-concat +syn keyword ngxDirectiveThirdParty contained concat +syn keyword ngxDirectiveThirdParty contained concat_delimiter +syn keyword ngxDirectiveThirdParty contained concat_ignore_file_error +syn keyword ngxDirectiveThirdParty contained concat_max_files +syn keyword ngxDirectiveThirdParty contained concat_types +syn keyword ngxDirectiveThirdParty contained concat_unique -" Postgres Module <http://labs.frickle.com/nginx_ngx_postgres/> -" Upstream module that allows nginx to communicate directly with PostgreSQL database. -syn keyword ngxDirectiveThirdParty contained postgres_server -syn keyword ngxDirectiveThirdParty contained postgres_keepalive -syn keyword ngxDirectiveThirdParty contained postgres_pass -syn keyword ngxDirectiveThirdParty contained postgres_query -syn keyword ngxDirectiveThirdParty contained postgres_rewrite -syn keyword ngxDirectiveThirdParty contained postgres_output -syn keyword ngxDirectiveThirdParty contained postgres_set -syn keyword ngxDirectiveThirdParty contained postgres_escape -syn keyword ngxDirectiveThirdParty contained postgres_connect_timeout -syn keyword ngxDirectiveThirdParty contained postgres_result_timeout +" update upstreams' config by restful interface +" https://github.com/yzprofile/ngx_http_dyups_module +syn keyword ngxDirectiveThirdParty contained dyups_interface +syn keyword ngxDirectiveThirdParty contained dyups_read_msg_log +syn keyword ngxDirectiveThirdParty contained dyups_read_msg_timeout +syn keyword ngxDirectiveThirdParty contained dyups_shm_zone_size +syn keyword ngxDirectiveThirdParty contained dyups_trylock +syn keyword ngxDirectiveThirdParty contained dyups_upstream_conf -" Pubcookie Module <https://www.vanko.me/book/page/pubcookie-module-nginx> -" Authorizes users using encrypted cookies -syn keyword ngxDirectiveThirdParty contained pubcookie_inactive_expire -syn keyword ngxDirectiveThirdParty contained pubcookie_hard_expire -syn keyword ngxDirectiveThirdParty contained pubcookie_app_id -syn keyword ngxDirectiveThirdParty contained pubcookie_dir_depth -syn keyword ngxDirectiveThirdParty contained pubcookie_catenate_app_ids -syn keyword ngxDirectiveThirdParty contained pubcookie_app_srv_id -syn keyword ngxDirectiveThirdParty contained pubcookie_login -syn keyword ngxDirectiveThirdParty contained pubcookie_login_method -syn keyword ngxDirectiveThirdParty contained pubcookie_post -syn keyword ngxDirectiveThirdParty contained pubcookie_domain -syn keyword ngxDirectiveThirdParty contained pubcookie_granting_cert_file -syn keyword ngxDirectiveThirdParty contained pubcookie_session_key_file -syn keyword ngxDirectiveThirdParty contained pubcookie_session_cert_file -syn keyword ngxDirectiveThirdParty contained pubcookie_crypt_key_file -syn keyword ngxDirectiveThirdParty contained pubcookie_end_session -syn keyword ngxDirectiveThirdParty contained pubcookie_encryption -syn keyword ngxDirectiveThirdParty contained pubcookie_session_reauth -syn keyword ngxDirectiveThirdParty contained pubcookie_auth_type_names -syn keyword ngxDirectiveThirdParty contained pubcookie_no_prompt -syn keyword ngxDirectiveThirdParty contained pubcookie_on_demand -syn keyword ngxDirectiveThirdParty contained pubcookie_addl_request -syn keyword ngxDirectiveThirdParty contained pubcookie_no_obscure_cookies -syn keyword ngxDirectiveThirdParty contained pubcookie_no_clean_creds -syn keyword ngxDirectiveThirdParty contained pubcookie_egd_device -syn keyword ngxDirectiveThirdParty contained pubcookie_no_blank -syn keyword ngxDirectiveThirdParty contained pubcookie_super_debug -syn keyword ngxDirectiveThirdParty contained pubcookie_set_remote_user +" add given content to the end of the response according to the condition specified +" https://github.com/flygoast/ngx_http_footer_if_filter +syn keyword ngxDirectiveThirdParty contained footer_if -" Push Stream Module <https://github.com/wandenberg/nginx-push-stream-module> -" A pure stream http push technology for your Nginx setup -syn keyword ngxDirectiveThirdParty contained push_stream_channels_statistics -syn keyword ngxDirectiveThirdParty contained push_stream_publisher -syn keyword ngxDirectiveThirdParty contained push_stream_subscriber -syn keyword ngxDirectiveThirdParty contained push_stream_shared_memory_size -syn keyword ngxDirectiveThirdParty contained push_stream_channel_deleted_message_text -syn keyword ngxDirectiveThirdParty contained push_stream_channel_inactivity_time -syn keyword ngxDirectiveThirdParty contained push_stream_ping_message_text -syn keyword ngxDirectiveThirdParty contained push_stream_timeout_with_body -syn keyword ngxDirectiveThirdParty contained push_stream_message_ttl -syn keyword ngxDirectiveThirdParty contained push_stream_max_subscribers_per_channel -syn keyword ngxDirectiveThirdParty contained push_stream_max_messages_stored_per_channel -syn keyword ngxDirectiveThirdParty contained push_stream_max_channel_id_length -syn keyword ngxDirectiveThirdParty contained push_stream_max_number_of_channels -syn keyword ngxDirectiveThirdParty contained push_stream_max_number_of_wildcard_channels -syn keyword ngxDirectiveThirdParty contained push_stream_wildcard_channel_prefix -syn keyword ngxDirectiveThirdParty contained push_stream_events_channel_id -syn keyword ngxDirectiveThirdParty contained push_stream_channels_path -syn keyword ngxDirectiveThirdParty contained push_stream_store_messages -syn keyword ngxDirectiveThirdParty contained push_stream_channel_info_on_publish -syn keyword ngxDirectiveThirdParty contained push_stream_authorized_channels_only -syn keyword ngxDirectiveThirdParty contained push_stream_header_template_file -syn keyword ngxDirectiveThirdParty contained push_stream_header_template -syn keyword ngxDirectiveThirdParty contained push_stream_message_template -syn keyword ngxDirectiveThirdParty contained push_stream_footer_template -syn keyword ngxDirectiveThirdParty contained push_stream_wildcard_channel_max_qtd -syn keyword ngxDirectiveThirdParty contained push_stream_ping_message_interval -syn keyword ngxDirectiveThirdParty contained push_stream_subscriber_connection_ttl -syn keyword ngxDirectiveThirdParty contained push_stream_longpolling_connection_ttl -syn keyword ngxDirectiveThirdParty contained push_stream_websocket_allow_publish -syn keyword ngxDirectiveThirdParty contained push_stream_last_received_message_time -syn keyword ngxDirectiveThirdParty contained push_stream_last_received_message_tag -syn keyword ngxDirectiveThirdParty contained push_stream_last_event_id -syn keyword ngxDirectiveThirdParty contained push_stream_user_agent -syn keyword ngxDirectiveThirdParty contained push_stream_padding_by_user_agent -syn keyword ngxDirectiveThirdParty contained push_stream_allowed_origins -syn keyword ngxDirectiveThirdParty contained push_stream_allow_connections_to_events_channel +" NGINX HTTP Internal Redirect Module +" https://github.com/flygoast/ngx_http_internal_redirect +syn keyword ngxDirectiveThirdParty contained internal_redirect_if +syn keyword ngxDirectiveThirdParty contained internal_redirect_if_no_postpone -" rDNS Module <https://github.com/flant/nginx-http-rdns> -" Make a reverse DNS (rDNS) lookup for incoming connection and provides simple access control of incoming hostname by allow/deny rules -syn keyword ngxDirectiveThirdParty contained rdns -syn keyword ngxDirectiveThirdParty contained rdns_allow -syn keyword ngxDirectiveThirdParty contained rdns_deny +" nginx-ip-blocker +" https://github.com/tmthrgd/nginx-ip-blocker +syn keyword ngxDirectiveThirdParty contained ip_blocker -" RDS CSV Module <https://github.com/openresty/rds-csv-nginx-module> -" Nginx output filter module to convert Resty-DBD-Streams (RDS) to Comma-Separated Values (CSV) -syn keyword ngxDirectiveThirdParty contained rds_csv -syn keyword ngxDirectiveThirdParty contained rds_csv_row_terminator -syn keyword ngxDirectiveThirdParty contained rds_csv_field_separator -syn keyword ngxDirectiveThirdParty contained rds_csv_field_name_header -syn keyword ngxDirectiveThirdParty contained rds_csv_content_type -syn keyword ngxDirectiveThirdParty contained rds_csv_buffer_size +" IP2Location Nginx +" https://github.com/chrislim2888/ip2location-nginx +syn keyword ngxDirectiveThirdParty contained ip2location_database -" RDS JSON Module <https://github.com/openresty/rds-json-nginx-module> -" An output filter that formats Resty DBD Streams generated by ngx_drizzle and others to JSON -syn keyword ngxDirectiveThirdParty contained rds_json -syn keyword ngxDirectiveThirdParty contained rds_json_buffer_size -syn keyword ngxDirectiveThirdParty contained rds_json_format -syn keyword ngxDirectiveThirdParty contained rds_json_root -syn keyword ngxDirectiveThirdParty contained rds_json_success_property -syn keyword ngxDirectiveThirdParty contained rds_json_user_property -syn keyword ngxDirectiveThirdParty contained rds_json_errcode_key -syn keyword ngxDirectiveThirdParty contained rds_json_errstr_key -syn keyword ngxDirectiveThirdParty contained rds_json_ret -syn keyword ngxDirectiveThirdParty contained rds_json_content_type +" Limit upload rate +" https://github.com/cfsego/limit_upload_rate +syn keyword ngxDirectiveThirdParty contained limit_upload_rate +syn keyword ngxDirectiveThirdParty contained limit_upload_rate_after +syn keyword ngxDirectiveThirdParty contained limit_upload_rate_log_level -" Redis Module <https://www.nginx.com/resources/wiki/modules/redis/> -" Use this module to perform simple caching -syn keyword ngxDirectiveThirdParty contained redis_pass -syn keyword ngxDirectiveThirdParty contained redis_bind -syn keyword ngxDirectiveThirdParty contained redis_connect_timeout -syn keyword ngxDirectiveThirdParty contained redis_read_timeout -syn keyword ngxDirectiveThirdParty contained redis_send_timeout -syn keyword ngxDirectiveThirdParty contained redis_buffer_size -syn keyword ngxDirectiveThirdParty contained redis_next_upstream -syn keyword ngxDirectiveThirdParty contained redis_gzip_flag +" limit the number of connections to upstream +" https://github.com/cfsego/nginx-limit-upstream +syn keyword ngxDirectiveThirdParty contained limit_upstream_conn +syn keyword ngxDirectiveThirdParty contained limit_upstream_log_level +syn keyword ngxDirectiveThirdParty contained limit_upstream_zone -" Redis 2 Module <https://github.com/openresty/redis2-nginx-module> -" Nginx upstream module for the Redis 2.0 protocol -syn keyword ngxDirectiveThirdParty contained redis2_query -syn keyword ngxDirectiveThirdParty contained redis2_raw_query -syn keyword ngxDirectiveThirdParty contained redis2_raw_queries -syn keyword ngxDirectiveThirdParty contained redis2_literal_raw_query -syn keyword ngxDirectiveThirdParty contained redis2_pass -syn keyword ngxDirectiveThirdParty contained redis2_connect_timeout -syn keyword ngxDirectiveThirdParty contained redis2_send_timeout -syn keyword ngxDirectiveThirdParty contained redis2_read_timeout -syn keyword ngxDirectiveThirdParty contained redis2_buffer_size -syn keyword ngxDirectiveThirdParty contained redis2_next_upstream +" conditional accesslog for nginx +" https://github.com/cfsego/ngx_log_if +syn keyword ngxDirectiveThirdParty contained access_log_bypass_if + +" log messages over ZeroMQ +" https://github.com/alticelabs/nginx-log-zmq +syn keyword ngxDirectiveThirdParty contained log_zmq_endpoint +syn keyword ngxDirectiveThirdParty contained log_zmq_format +syn keyword ngxDirectiveThirdParty contained log_zmq_off +syn keyword ngxDirectiveThirdParty contained log_zmq_server + +" simple module to uppercase/lowercase strings in the nginx config +" https://github.com/replay/ngx_http_lower_upper_case +syn keyword ngxDirectiveThirdParty contained lower +syn keyword ngxDirectiveThirdParty contained upper + +" content filter for nginx, which returns the md5 hash of the content otherwise returned +" https://github.com/kainswor/nginx_md5_filter +syn keyword ngxDirectiveThirdParty contained md5_filter + +" Non-blocking upstream module for Nginx to connect to MongoDB +" https://github.com/simpl/ngx_mongo +syn keyword ngxDirectiveThirdParty contained mongo_auth +syn keyword ngxDirectiveThirdParty contained mongo_bind +syn keyword ngxDirectiveThirdParty contained mongo_buffer_size +syn keyword ngxDirectiveThirdParty contained mongo_buffering +syn keyword ngxDirectiveThirdParty contained mongo_buffers +syn keyword ngxDirectiveThirdParty contained mongo_busy_buffers_size +syn keyword ngxDirectiveThirdParty contained mongo_connect_timeout +syn keyword ngxDirectiveThirdParty contained mongo_json +syn keyword ngxDirectiveThirdParty contained mongo_next_upstream +syn keyword ngxDirectiveThirdParty contained mongo_pass +syn keyword ngxDirectiveThirdParty contained mongo_query +syn keyword ngxDirectiveThirdParty contained mongo_read_timeout +syn keyword ngxDirectiveThirdParty contained mongo_send_timeout + +" Nginx OCSP processing module designed for response caching +" https://github.com/kyprizel/nginx_ocsp_proxy-module +syn keyword ngxDirectiveThirdParty contained ocsp_cache_timeout +syn keyword ngxDirectiveThirdParty contained ocsp_proxy + +" Nginx OpenSSL version check at startup +" https://github.com/apcera/nginx-openssl-version +syn keyword ngxDirectiveThirdParty contained openssl_builddate_minimum +syn keyword ngxDirectiveThirdParty contained openssl_version_minimum + +" Automatic PageSpeed optimization module for Nginx +" https://github.com/pagespeed/ngx_pagespeed +syn keyword ngxDirectiveThirdParty contained pagespeed + +" PECL Memcache standard hashing compatible loadbalancer for Nginx +" https://github.com/replay/ngx_http_php_memcache_standard_balancer +syn keyword ngxDirectiveThirdParty contained hash_key + +" nginx module to parse php sessions +" https://github.com/replay/ngx_http_php_session +syn keyword ngxDirectiveThirdParty contained php_session_parse +syn keyword ngxDirectiveThirdParty contained php_session_strip_formatting + +" Nginx HTTP rDNS module +" https://github.com/flant/nginx-http-rdns +syn keyword ngxDirectiveThirdParty contained rdns +syn keyword ngxDirectiveThirdParty contained rdns_allow +syn keyword ngxDirectiveThirdParty contained rdns_deny -" Replace Filter Module <https://github.com/openresty/replace-filter-nginx-module> " Streaming regular expression replacement in response bodies +" https://github.com/openresty/replace-filter-nginx-module syn keyword ngxDirectiveThirdParty contained replace_filter -syn keyword ngxDirectiveThirdParty contained replace_filter_types -syn keyword ngxDirectiveThirdParty contained replace_filter_max_buffered_size syn keyword ngxDirectiveThirdParty contained replace_filter_last_modified +syn keyword ngxDirectiveThirdParty contained replace_filter_max_buffered_size syn keyword ngxDirectiveThirdParty contained replace_filter_skip +syn keyword ngxDirectiveThirdParty contained replace_filter_types -" Roboo Module <https://github.com/yuri-gushin/Roboo> -" HTTP Robot Mitigator - -" RRD Graph Module <https://www.nginx.com/resources/wiki/modules/rrd_graph/> -" This module provides an HTTP interface to RRDtool's graphing facilities. +" Link RRDtool's graphing facilities directly into nginx +" https://github.com/evanmiller/mod_rrd_graph syn keyword ngxDirectiveThirdParty contained rrd_graph syn keyword ngxDirectiveThirdParty contained rrd_graph_root -" RTMP Module <https://github.com/arut/nginx-rtmp-module> -" NGINX-based Media Streaming Server -syn keyword ngxDirectiveThirdParty contained rtmp -" syn keyword ngxDirectiveThirdParty contained server -" syn keyword ngxDirectiveThirdParty contained listen -syn keyword ngxDirectiveThirdParty contained application -" syn keyword ngxDirectiveThirdParty contained timeout -syn keyword ngxDirectiveThirdParty contained ping -syn keyword ngxDirectiveThirdParty contained ping_timeout -syn keyword ngxDirectiveThirdParty contained max_streams -syn keyword ngxDirectiveThirdParty contained ack_window -syn keyword ngxDirectiveThirdParty contained chunk_size -syn keyword ngxDirectiveThirdParty contained max_queue -syn keyword ngxDirectiveThirdParty contained max_message -syn keyword ngxDirectiveThirdParty contained out_queue -syn keyword ngxDirectiveThirdParty contained out_cork -" syn keyword ngxDirectiveThirdParty contained allow -" syn keyword ngxDirectiveThirdParty contained deny -syn keyword ngxDirectiveThirdParty contained exec_push -syn keyword ngxDirectiveThirdParty contained exec_pull -syn keyword ngxDirectiveThirdParty contained exec -syn keyword ngxDirectiveThirdParty contained exec_options -syn keyword ngxDirectiveThirdParty contained exec_static -syn keyword ngxDirectiveThirdParty contained exec_kill_signal -syn keyword ngxDirectiveThirdParty contained respawn -syn keyword ngxDirectiveThirdParty contained respawn_timeout -syn keyword ngxDirectiveThirdParty contained exec_publish -syn keyword ngxDirectiveThirdParty contained exec_play -syn keyword ngxDirectiveThirdParty contained exec_play_done -syn keyword ngxDirectiveThirdParty contained exec_publish_done -syn keyword ngxDirectiveThirdParty contained exec_record_done -syn keyword ngxDirectiveThirdParty contained live -syn keyword ngxDirectiveThirdParty contained meta -syn keyword ngxDirectiveThirdParty contained interleave -syn keyword ngxDirectiveThirdParty contained wait_key -syn keyword ngxDirectiveThirdParty contained wait_video -syn keyword ngxDirectiveThirdParty contained publish_notify -syn keyword ngxDirectiveThirdParty contained drop_idle_publisher -syn keyword ngxDirectiveThirdParty contained sync -syn keyword ngxDirectiveThirdParty contained play_restart -syn keyword ngxDirectiveThirdParty contained idle_streams -syn keyword ngxDirectiveThirdParty contained record -syn keyword ngxDirectiveThirdParty contained record_path -syn keyword ngxDirectiveThirdParty contained record_suffix -syn keyword ngxDirectiveThirdParty contained record_unique -syn keyword ngxDirectiveThirdParty contained record_append -syn keyword ngxDirectiveThirdParty contained record_lock -syn keyword ngxDirectiveThirdParty contained record_max_size -syn keyword ngxDirectiveThirdParty contained record_max_frames -syn keyword ngxDirectiveThirdParty contained record_interval -syn keyword ngxDirectiveThirdParty contained recorder -syn keyword ngxDirectiveThirdParty contained record_notify -syn keyword ngxDirectiveThirdParty contained play -syn keyword ngxDirectiveThirdParty contained play_temp_path -syn keyword ngxDirectiveThirdParty contained play_local_path -syn keyword ngxDirectiveThirdParty contained pull -syn keyword ngxDirectiveThirdParty contained push -syn keyword ngxDirectiveThirdParty contained push_reconnect -syn keyword ngxDirectiveThirdParty contained session_relay -syn keyword ngxDirectiveThirdParty contained on_connect -syn keyword ngxDirectiveThirdParty contained on_play -syn keyword ngxDirectiveThirdParty contained on_publish -syn keyword ngxDirectiveThirdParty contained on_done -syn keyword ngxDirectiveThirdParty contained on_play_done -syn keyword ngxDirectiveThirdParty contained on_publish_done -syn keyword ngxDirectiveThirdParty contained on_record_done -syn keyword ngxDirectiveThirdParty contained on_update -syn keyword ngxDirectiveThirdParty contained notify_update_timeout -syn keyword ngxDirectiveThirdParty contained notify_update_strict -syn keyword ngxDirectiveThirdParty contained notify_relay_redirect -syn keyword ngxDirectiveThirdParty contained notify_method -syn keyword ngxDirectiveThirdParty contained hls -syn keyword ngxDirectiveThirdParty contained hls_path -syn keyword ngxDirectiveThirdParty contained hls_fragment -syn keyword ngxDirectiveThirdParty contained hls_playlist_length -syn keyword ngxDirectiveThirdParty contained hls_sync -syn keyword ngxDirectiveThirdParty contained hls_continuous -syn keyword ngxDirectiveThirdParty contained hls_nested -syn keyword ngxDirectiveThirdParty contained hls_base_url -syn keyword ngxDirectiveThirdParty contained hls_cleanup -syn keyword ngxDirectiveThirdParty contained hls_fragment_naming -syn keyword ngxDirectiveThirdParty contained hls_fragment_slicing -syn keyword ngxDirectiveThirdParty contained hls_variant -syn keyword ngxDirectiveThirdParty contained hls_type -syn keyword ngxDirectiveThirdParty contained hls_keys -syn keyword ngxDirectiveThirdParty contained hls_key_path -syn keyword ngxDirectiveThirdParty contained hls_key_url -syn keyword ngxDirectiveThirdParty contained hls_fragments_per_key -syn keyword ngxDirectiveThirdParty contained dash -syn keyword ngxDirectiveThirdParty contained dash_path -syn keyword ngxDirectiveThirdParty contained dash_fragment -syn keyword ngxDirectiveThirdParty contained dash_playlist_length -syn keyword ngxDirectiveThirdParty contained dash_nested -syn keyword ngxDirectiveThirdParty contained dash_cleanup -" syn keyword ngxDirectiveThirdParty contained access_log -" syn keyword ngxDirectiveThirdParty contained log_format -syn keyword ngxDirectiveThirdParty contained max_connections -syn keyword ngxDirectiveThirdParty contained rtmp_stat -syn keyword ngxDirectiveThirdParty contained rtmp_stat_stylesheet -syn keyword ngxDirectiveThirdParty contained rtmp_auto_push -syn keyword ngxDirectiveThirdParty contained rtmp_auto_push_reconnect -syn keyword ngxDirectiveThirdParty contained rtmp_socket_dir -syn keyword ngxDirectiveThirdParty contained rtmp_control - -" RTMPT Module <https://github.com/kwojtek/nginx-rtmpt-proxy-module> " Module for nginx to proxy rtmp using http protocol -syn keyword ngxDirectiveThirdParty contained rtmpt_proxy_target -syn keyword ngxDirectiveThirdParty contained rtmpt_proxy_rtmp_timeout -syn keyword ngxDirectiveThirdParty contained rtmpt_proxy_http_timeout +" https://github.com/kwojtek/nginx-rtmpt-proxy-module syn keyword ngxDirectiveThirdParty contained rtmpt_proxy +syn keyword ngxDirectiveThirdParty contained rtmpt_proxy_http_timeout +syn keyword ngxDirectiveThirdParty contained rtmpt_proxy_rtmp_timeout syn keyword ngxDirectiveThirdParty contained rtmpt_proxy_stat syn keyword ngxDirectiveThirdParty contained rtmpt_proxy_stylesheet +syn keyword ngxDirectiveThirdParty contained rtmpt_proxy_target -" Syntactically Awesome Module <https://github.com/mneudert/sass-nginx-module> -" Providing on-the-fly compiling of Sass files as an NGINX module. +" Syntactically Awesome NGINX Module +" https://github.com/mneudert/sass-nginx-module syn keyword ngxDirectiveThirdParty contained sass_compile syn keyword ngxDirectiveThirdParty contained sass_error_log syn keyword ngxDirectiveThirdParty contained sass_include_path syn keyword ngxDirectiveThirdParty contained sass_indent syn keyword ngxDirectiveThirdParty contained sass_is_indented_syntax syn keyword ngxDirectiveThirdParty contained sass_linefeed -syn keyword ngxDirectiveThirdParty contained sass_precision syn keyword ngxDirectiveThirdParty contained sass_output_style +syn keyword ngxDirectiveThirdParty contained sass_precision syn keyword ngxDirectiveThirdParty contained sass_source_comments syn keyword ngxDirectiveThirdParty contained sass_source_map_embed -" Secure Download Module <https://www.nginx.com/resources/wiki/modules/secure_download/> -" Enables you to create links which are only valid until a certain datetime is reached -syn keyword ngxDirectiveThirdParty contained secure_download -syn keyword ngxDirectiveThirdParty contained secure_download_secret -syn keyword ngxDirectiveThirdParty contained secure_download_path_mode - -" Selective Cache Purge Module <https://github.com/wandenberg/nginx-selective-cache-purge-module> -" A module to purge cache by GLOB patterns. The supported patterns are the same as supported by Redis. -syn keyword ngxDirectiveThirdParty contained selective_cache_purge_redis_unix_socket +" Nginx Selective Cache Purge Module +" https://github.com/wandenberg/nginx-selective-cache-purge-module +syn keyword ngxDirectiveThirdParty contained selective_cache_purge_query +syn keyword ngxDirectiveThirdParty contained selective_cache_purge_redis_database syn keyword ngxDirectiveThirdParty contained selective_cache_purge_redis_host +syn keyword ngxDirectiveThirdParty contained selective_cache_purge_redis_password syn keyword ngxDirectiveThirdParty contained selective_cache_purge_redis_port -syn keyword ngxDirectiveThirdParty contained selective_cache_purge_redis_database -syn keyword ngxDirectiveThirdParty contained selective_cache_purge_query +syn keyword ngxDirectiveThirdParty contained selective_cache_purge_redis_unix_socket -" Set cconv Module <https://github.com/liseen/set-cconv-nginx-module> -" Cconv rewrite set commands +" cconv nginx module +" https://github.com/liseen/set-cconv-nginx-module syn keyword ngxDirectiveThirdParty contained set_cconv_to_simp syn keyword ngxDirectiveThirdParty contained set_cconv_to_trad syn keyword ngxDirectiveThirdParty contained set_pinyin_to_normal -" Set Hash Module <https://github.com/simpl/ngx_http_set_hash> " Nginx module that allows the setting of variables to the value of a variety of hashes +" https://github.com/simpl/ngx_http_set_hash syn keyword ngxDirectiveThirdParty contained set_md5 syn keyword ngxDirectiveThirdParty contained set_md5_upper syn keyword ngxDirectiveThirdParty contained set_murmur2 @@ -1732,421 +2076,169 @@ syn keyword ngxDirectiveThirdParty contained set_sha1 syn keyword ngxDirectiveThirdParty contained set_sha1_upper -" Set Lang Module <https://github.com/simpl/ngx_http_set_lang> -" Provides a variety of ways for setting a variable denoting the langauge that content should be returned in. -syn keyword ngxDirectiveThirdParty contained set_lang -syn keyword ngxDirectiveThirdParty contained set_lang_method +" Nginx module to set the language of a request based on a number of options +" https://github.com/simpl/ngx_http_set_lang syn keyword ngxDirectiveThirdParty contained lang_cookie syn keyword ngxDirectiveThirdParty contained lang_get_var +syn keyword ngxDirectiveThirdParty contained lang_host syn keyword ngxDirectiveThirdParty contained lang_list syn keyword ngxDirectiveThirdParty contained lang_post_var -syn keyword ngxDirectiveThirdParty contained lang_host syn keyword ngxDirectiveThirdParty contained lang_referer +syn keyword ngxDirectiveThirdParty contained set_lang +syn keyword ngxDirectiveThirdParty contained set_lang_method -" Set Misc Module <https://github.com/openresty/set-misc-nginx-module> -" Various set_xxx directives added to nginx's rewrite module -syn keyword ngxDirectiveThirdParty contained set_if_empty -syn keyword ngxDirectiveThirdParty contained set_quote_sql_str -syn keyword ngxDirectiveThirdParty contained set_quote_pgsql_str -syn keyword ngxDirectiveThirdParty contained set_quote_json_str -syn keyword ngxDirectiveThirdParty contained set_unescape_uri -syn keyword ngxDirectiveThirdParty contained set_escape_uri -syn keyword ngxDirectiveThirdParty contained set_hashed_upstream -syn keyword ngxDirectiveThirdParty contained set_encode_base32 -syn keyword ngxDirectiveThirdParty contained set_base32_padding -syn keyword ngxDirectiveThirdParty contained set_misc_base32_padding -syn keyword ngxDirectiveThirdParty contained set_base32_alphabet -syn keyword ngxDirectiveThirdParty contained set_decode_base32 -syn keyword ngxDirectiveThirdParty contained set_encode_base64 -syn keyword ngxDirectiveThirdParty contained set_decode_base64 -syn keyword ngxDirectiveThirdParty contained set_encode_hex -syn keyword ngxDirectiveThirdParty contained set_decode_hex -syn keyword ngxDirectiveThirdParty contained set_sha1 -syn keyword ngxDirectiveThirdParty contained set_md5 -syn keyword ngxDirectiveThirdParty contained set_hmac_sha1 -syn keyword ngxDirectiveThirdParty contained set_random -syn keyword ngxDirectiveThirdParty contained set_secure_random_alphanum -syn keyword ngxDirectiveThirdParty contained set_secure_random_lcalpha -syn keyword ngxDirectiveThirdParty contained set_rotate -syn keyword ngxDirectiveThirdParty contained set_local_today -syn keyword ngxDirectiveThirdParty contained set_formatted_gmt_time -syn keyword ngxDirectiveThirdParty contained set_formatted_local_time - -" SFlow Module <https://github.com/sflow/nginx-sflow-module> -" A binary, random-sampling nginx module designed for: lightweight, centralized, continuous, real-time monitoring of very large and very busy web farms. -syn keyword ngxDirectiveThirdParty contained sflow - -" Shibboleth Module <https://github.com/nginx-shib/nginx-http-shibboleth> -" Shibboleth auth request module for nginx -syn keyword ngxDirectiveThirdParty contained shib_request -syn keyword ngxDirectiveThirdParty contained shib_request_set -syn keyword ngxDirectiveThirdParty contained shib_request_use_headers - -" Slice Module <https://github.com/alibaba/nginx-http-slice> -" Nginx module for serving a file in slices (reverse byte-range) -" syn keyword ngxDirectiveThirdParty contained slice -syn keyword ngxDirectiveThirdParty contained slice_arg_begin -syn keyword ngxDirectiveThirdParty contained slice_arg_end -syn keyword ngxDirectiveThirdParty contained slice_header -syn keyword ngxDirectiveThirdParty contained slice_footer -syn keyword ngxDirectiveThirdParty contained slice_header_first -syn keyword ngxDirectiveThirdParty contained slice_footer_last - -" SlowFS Cache Module <https://github.com/FRiCKLE/ngx_slowfs_cache/> -" Module adding ability to cache static files. -syn keyword ngxDirectiveThirdParty contained slowfs_big_file_size -syn keyword ngxDirectiveThirdParty contained slowfs_cache -syn keyword ngxDirectiveThirdParty contained slowfs_cache_key -syn keyword ngxDirectiveThirdParty contained slowfs_cache_min_uses -syn keyword ngxDirectiveThirdParty contained slowfs_cache_path -syn keyword ngxDirectiveThirdParty contained slowfs_cache_purge -syn keyword ngxDirectiveThirdParty contained slowfs_cache_valid -syn keyword ngxDirectiveThirdParty contained slowfs_temp_path - -" Small Light Module <https://github.com/cubicdaiya/ngx_small_light> -" Dynamic Image Transformation Module For nginx. -syn keyword ngxDirectiveThirdParty contained small_light -syn keyword ngxDirectiveThirdParty contained small_light_getparam_mode -syn keyword ngxDirectiveThirdParty contained small_light_material_dir -syn keyword ngxDirectiveThirdParty contained small_light_pattern_define -syn keyword ngxDirectiveThirdParty contained small_light_radius_max -syn keyword ngxDirectiveThirdParty contained small_light_sigma_max -syn keyword ngxDirectiveThirdParty contained small_light_imlib2_temp_dir -syn keyword ngxDirectiveThirdParty contained small_light_buffer - -" Sorted Querystring Filter Module <https://github.com/wandenberg/nginx-sorted-querystring-module> -" Nginx module to expose querystring parameters sorted in a variable to be used on cache_key as example -syn keyword ngxDirectiveThirdParty contained sorted_querystring_filter_parameter +" Nginx Sorted Querystring Module +" https://github.com/wandenberg/nginx-sorted-querystring-module +syn keyword ngxDirectiveThirdParty contained sorted_querysting_filter_parameter -" Sphinx2 Module <https://github.com/reeteshranjan/sphinx2-nginx-module> -" Nginx upstream module for Sphinx 2.x -syn keyword ngxDirectiveThirdParty contained sphinx2_pass +" Nginx upstream module for Sphinx 2.x search daemon +" https://github.com/reeteshranjan/sphinx2-nginx-module syn keyword ngxDirectiveThirdParty contained sphinx2_bind -syn keyword ngxDirectiveThirdParty contained sphinx2_connect_timeout -syn keyword ngxDirectiveThirdParty contained sphinx2_send_timeout syn keyword ngxDirectiveThirdParty contained sphinx2_buffer_size -syn keyword ngxDirectiveThirdParty contained sphinx2_read_timeout +syn keyword ngxDirectiveThirdParty contained sphinx2_connect_timeout syn keyword ngxDirectiveThirdParty contained sphinx2_next_upstream +syn keyword ngxDirectiveThirdParty contained sphinx2_pass +syn keyword ngxDirectiveThirdParty contained sphinx2_read_timeout +syn keyword ngxDirectiveThirdParty contained sphinx2_send_timeout -" HTTP SPNEGO auth Module <https://github.com/stnoonan/spnego-http-auth-nginx-module> -" This module implements adds SPNEGO support to nginx(http://nginx.org). It currently supports only Kerberos authentication via GSSAPI -syn keyword ngxDirectiveThirdParty contained auth_gss -syn keyword ngxDirectiveThirdParty contained auth_gss_keytab -syn keyword ngxDirectiveThirdParty contained auth_gss_realm -syn keyword ngxDirectiveThirdParty contained auth_gss_service_name -syn keyword ngxDirectiveThirdParty contained auth_gss_authorized_principal -syn keyword ngxDirectiveThirdParty contained auth_gss_allow_basic_fallback - -" SR Cache Module <https://github.com/openresty/srcache-nginx-module> -" Transparent subrequest-based caching layout for arbitrary nginx locations -syn keyword ngxDirectiveThirdParty contained srcache_fetch -syn keyword ngxDirectiveThirdParty contained srcache_fetch_skip -syn keyword ngxDirectiveThirdParty contained srcache_store -syn keyword ngxDirectiveThirdParty contained srcache_store_max_size -syn keyword ngxDirectiveThirdParty contained srcache_store_skip -syn keyword ngxDirectiveThirdParty contained srcache_store_statuses -syn keyword ngxDirectiveThirdParty contained srcache_store_ranges -syn keyword ngxDirectiveThirdParty contained srcache_header_buffer_size -syn keyword ngxDirectiveThirdParty contained srcache_store_hide_header -syn keyword ngxDirectiveThirdParty contained srcache_store_pass_header -syn keyword ngxDirectiveThirdParty contained srcache_methods -syn keyword ngxDirectiveThirdParty contained srcache_ignore_content_encoding -syn keyword ngxDirectiveThirdParty contained srcache_request_cache_control -syn keyword ngxDirectiveThirdParty contained srcache_response_cache_control -syn keyword ngxDirectiveThirdParty contained srcache_store_no_store -syn keyword ngxDirectiveThirdParty contained srcache_store_no_cache -syn keyword ngxDirectiveThirdParty contained srcache_store_private -syn keyword ngxDirectiveThirdParty contained srcache_default_expire -syn keyword ngxDirectiveThirdParty contained srcache_max_expire - -" SSSD Info Module <https://github.com/veruu/ngx_sssd_info> -" Retrives additional attributes from SSSD for current authentizated user +" Nginx module for retrieving user attributes and groups from SSSD +" https://github.com/veruu/ngx_sssd_info syn keyword ngxDirectiveThirdParty contained sssd_info -syn keyword ngxDirectiveThirdParty contained sssd_info_output_to -syn keyword ngxDirectiveThirdParty contained sssd_info_groups -syn keyword ngxDirectiveThirdParty contained sssd_info_group -syn keyword ngxDirectiveThirdParty contained sssd_info_group_separator -syn keyword ngxDirectiveThirdParty contained sssd_info_attributes syn keyword ngxDirectiveThirdParty contained sssd_info_attribute syn keyword ngxDirectiveThirdParty contained sssd_info_attribute_separator +syn keyword ngxDirectiveThirdParty contained sssd_info_attributes +syn keyword ngxDirectiveThirdParty contained sssd_info_group +syn keyword ngxDirectiveThirdParty contained sssd_info_group_separator +syn keyword ngxDirectiveThirdParty contained sssd_info_groups +syn keyword ngxDirectiveThirdParty contained sssd_info_output_to -" Static Etags Module <https://github.com/mikewest/nginx-static-etags> -" Generate etags for static content -syn keyword ngxDirectiveThirdParty contained FileETag - -" Statsd Module <https://github.com/zebrafishlabs/nginx-statsd> " An nginx module for sending statistics to statsd -syn keyword ngxDirectiveThirdParty contained statsd_server -syn keyword ngxDirectiveThirdParty contained statsd_sample_rate +" https://github.com/zebrafishlabs/nginx-statsd syn keyword ngxDirectiveThirdParty contained statsd_count +syn keyword ngxDirectiveThirdParty contained statsd_sample_rate +syn keyword ngxDirectiveThirdParty contained statsd_server syn keyword ngxDirectiveThirdParty contained statsd_timing -" Sticky Module <https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng> -" Add a sticky cookie to be always forwarded to the same upstream server -" syn keyword ngxDirectiveThirdParty contained sticky - -" Stream Echo Module <https://github.com/openresty/stream-echo-nginx-module> -" TCP/stream echo module for NGINX (a port of ngx_http_echo_module) +" ngx_stream_echo - TCP/stream echo module for NGINX (a port of the ngx_http_echo module) +" https://github.com/openresty/stream-echo-nginx-module syn keyword ngxDirectiveThirdParty contained echo +syn keyword ngxDirectiveThirdParty contained echo_client_error_log_level +syn keyword ngxDirectiveThirdParty contained echo_discard_request syn keyword ngxDirectiveThirdParty contained echo_duplicate syn keyword ngxDirectiveThirdParty contained echo_flush_wait -syn keyword ngxDirectiveThirdParty contained echo_sleep -syn keyword ngxDirectiveThirdParty contained echo_send_timeout -syn keyword ngxDirectiveThirdParty contained echo_read_bytes -syn keyword ngxDirectiveThirdParty contained echo_read_line -syn keyword ngxDirectiveThirdParty contained echo_request_data -syn keyword ngxDirectiveThirdParty contained echo_discard_request -syn keyword ngxDirectiveThirdParty contained echo_read_buffer_size -syn keyword ngxDirectiveThirdParty contained echo_read_timeout -syn keyword ngxDirectiveThirdParty contained echo_client_error_log_level syn keyword ngxDirectiveThirdParty contained echo_lingering_close syn keyword ngxDirectiveThirdParty contained echo_lingering_time syn keyword ngxDirectiveThirdParty contained echo_lingering_timeout +syn keyword ngxDirectiveThirdParty contained echo_read_buffer_size +syn keyword ngxDirectiveThirdParty contained echo_read_bytes +syn keyword ngxDirectiveThirdParty contained echo_read_line +syn keyword ngxDirectiveThirdParty contained echo_read_timeout +syn keyword ngxDirectiveThirdParty contained echo_request_data +syn keyword ngxDirectiveThirdParty contained echo_send_timeout +syn keyword ngxDirectiveThirdParty contained echo_sleep -" Stream Lua Module <https://github.com/openresty/stream-lua-nginx-module> -" Embed the power of Lua into Nginx stream/TCP Servers. -syn keyword ngxDirectiveThirdParty contained lua_resolver -syn keyword ngxDirectiveThirdParty contained lua_resolver_timeout -syn keyword ngxDirectiveThirdParty contained lua_lingering_close -syn keyword ngxDirectiveThirdParty contained lua_lingering_time -syn keyword ngxDirectiveThirdParty contained lua_lingering_timeout +" Embed the power of Lua into NGINX TCP/UDP servers +" https://github.com/openresty/stream-lua-nginx-module +syn keyword ngxDirectiveThirdParty contained lua_add_variable +syn keyword ngxDirectiveThirdParty contained preread_by_lua_block +syn keyword ngxDirectiveThirdParty contained preread_by_lua_file +syn keyword ngxDirectiveThirdParty contained preread_by_lua_no_postpone -" Stream Upsync Module <https://github.com/xiaokai-wang/nginx-stream-upsync-module> -" Sync upstreams from consul or others, dynamiclly modify backend-servers attribute(weight, max_fails,...), needn't reload nginx. +" nginx-upsync-module +" https://github.com/weibocom/nginx-upsync-module +syn keyword ngxDirectiveThirdParty contained upstream_show syn keyword ngxDirectiveThirdParty contained upsync syn keyword ngxDirectiveThirdParty contained upsync_dump_path syn keyword ngxDirectiveThirdParty contained upsync_lb -syn keyword ngxDirectiveThirdParty contained upsync_show -" Strip Module <https://github.com/evanmiller/mod_strip> -" Whitespace remover. +" Whitespace stripper for nginx +" https://github.com/evanmiller/mod_strip syn keyword ngxDirectiveThirdParty contained strip -" Subrange Module <https://github.com/Qihoo360/ngx_http_subrange_module> " Split one big HTTP/Range request to multiple subrange requesets +" https://github.com/Qihoo360/ngx_http_subrange_module syn keyword ngxDirectiveThirdParty contained subrange -" Substitutions Module <https://www.nginx.com/resources/wiki/modules/substitutions/> -" A filter module which can do both regular expression and fixed string substitutions on response bodies. -syn keyword ngxDirectiveThirdParty contained subs_filter -syn keyword ngxDirectiveThirdParty contained subs_filter_types +" summarizer-nginx-module +" https://github.com/reeteshranjan/summarizer-nginx-module +syn keyword ngxDirectiveThirdParty contained summarizer_bind +syn keyword ngxDirectiveThirdParty contained summarizer_buffer_size +syn keyword ngxDirectiveThirdParty contained summarizer_connect_timeout +syn keyword ngxDirectiveThirdParty contained summarizer_next_upstream +syn keyword ngxDirectiveThirdParty contained summarizer_pass +syn keyword ngxDirectiveThirdParty contained summarizer_read_timeout +syn keyword ngxDirectiveThirdParty contained summarizer_send_timeout -" Summarizer Module <https://github.com/reeteshranjan/summarizer-nginx-module> -" Upstream nginx module to get summaries of documents using the summarizer daemon service -syn keyword ngxDirectiveThirdParty contained smrzr_filename -syn keyword ngxDirectiveThirdParty contained smrzr_ratio - -" Supervisord Module <https://github.com/FRiCKLE/ngx_supervisord/> -" Module providing nginx with API to communicate with supervisord and manage (start/stop) backends on-demand. +" nginx module providing API to communicate with supervisord and manage (start/stop) backends on-demand +" https://github.com/FRiCKLE/ngx_supervisord syn keyword ngxDirectiveThirdParty contained supervisord syn keyword ngxDirectiveThirdParty contained supervisord_inherit_backend_status syn keyword ngxDirectiveThirdParty contained supervisord_name syn keyword ngxDirectiveThirdParty contained supervisord_start syn keyword ngxDirectiveThirdParty contained supervisord_stop -" Tarantool Upstream Module <https://github.com/tarantool/nginx_upstream_module> -" Tarantool NginX upstream module (REST, JSON API, websockets, load balancing) -syn keyword ngxDirectiveThirdParty contained tnt_pass -syn keyword ngxDirectiveThirdParty contained tnt_http_methods -syn keyword ngxDirectiveThirdParty contained tnt_http_rest_methods -syn keyword ngxDirectiveThirdParty contained tnt_pass_http_request -syn keyword ngxDirectiveThirdParty contained tnt_pass_http_request_buffer_size -syn keyword ngxDirectiveThirdParty contained tnt_method -syn keyword ngxDirectiveThirdParty contained tnt_http_allowed_methods - experemental -syn keyword ngxDirectiveThirdParty contained tnt_send_timeout -syn keyword ngxDirectiveThirdParty contained tnt_read_timeout -syn keyword ngxDirectiveThirdParty contained tnt_buffer_size -syn keyword ngxDirectiveThirdParty contained tnt_next_upstream -syn keyword ngxDirectiveThirdParty contained tnt_connect_timeout -syn keyword ngxDirectiveThirdParty contained tnt_next_upstream -syn keyword ngxDirectiveThirdParty contained tnt_next_upstream_tries -syn keyword ngxDirectiveThirdParty contained tnt_next_upstream_timeout - -" TCP Proxy Module <http://yaoweibin.github.io/nginx_tcp_proxy_module/> -" Add the feature of tcp proxy with nginx, with health check and status monitor -syn keyword ngxDirectiveBlock contained tcp -" syn keyword ngxDirectiveThirdParty contained server -" syn keyword ngxDirectiveThirdParty contained listen -" syn keyword ngxDirectiveThirdParty contained allow -" syn keyword ngxDirectiveThirdParty contained deny -" syn keyword ngxDirectiveThirdParty contained so_keepalive -" syn keyword ngxDirectiveThirdParty contained tcp_nodelay -" syn keyword ngxDirectiveThirdParty contained timeout -" syn keyword ngxDirectiveThirdParty contained server_name -" syn keyword ngxDirectiveThirdParty contained resolver -" syn keyword ngxDirectiveThirdParty contained resolver_timeout -" syn keyword ngxDirectiveThirdParty contained upstream -syn keyword ngxDirectiveThirdParty contained check -syn keyword ngxDirectiveThirdParty contained check_http_send -syn keyword ngxDirectiveThirdParty contained check_http_expect_alive -syn keyword ngxDirectiveThirdParty contained check_smtp_send -syn keyword ngxDirectiveThirdParty contained check_smtp_expect_alive -syn keyword ngxDirectiveThirdParty contained check_shm_size -syn keyword ngxDirectiveThirdParty contained check_status -" syn keyword ngxDirectiveThirdParty contained ip_hash -" syn keyword ngxDirectiveThirdParty contained proxy_pass -" syn keyword ngxDirectiveThirdParty contained proxy_buffer -" syn keyword ngxDirectiveThirdParty contained proxy_connect_timeout -" syn keyword ngxDirectiveThirdParty contained proxy_read_timeout -syn keyword ngxDirectiveThirdParty contained proxy_write_timeout - -" Testcookie Module <https://github.com/kyprizel/testcookie-nginx-module> -" NGINX module for L7 DDoS attack mitigation +" simple robot mitigation module using cookie based challenge/response technique. Not supported any more. +" https://github.com/kyprizel/testcookie-nginx-module syn keyword ngxDirectiveThirdParty contained testcookie -syn keyword ngxDirectiveThirdParty contained testcookie_name +syn keyword ngxDirectiveThirdParty contained testcookie_arg +syn keyword ngxDirectiveThirdParty contained testcookie_deny_keepalive syn keyword ngxDirectiveThirdParty contained testcookie_domain syn keyword ngxDirectiveThirdParty contained testcookie_expires -syn keyword ngxDirectiveThirdParty contained testcookie_path -syn keyword ngxDirectiveThirdParty contained testcookie_secret -syn keyword ngxDirectiveThirdParty contained testcookie_session -syn keyword ngxDirectiveThirdParty contained testcookie_arg +syn keyword ngxDirectiveThirdParty contained testcookie_fallback +syn keyword ngxDirectiveThirdParty contained testcookie_get_only +syn keyword ngxDirectiveThirdParty contained testcookie_httponly_flag +syn keyword ngxDirectiveThirdParty contained testcookie_https_location +syn keyword ngxDirectiveThirdParty contained testcookie_internal syn keyword ngxDirectiveThirdParty contained testcookie_max_attempts +syn keyword ngxDirectiveThirdParty contained testcookie_name syn keyword ngxDirectiveThirdParty contained testcookie_p3p -syn keyword ngxDirectiveThirdParty contained testcookie_fallback -syn keyword ngxDirectiveThirdParty contained testcookie_whitelist syn keyword ngxDirectiveThirdParty contained testcookie_pass +syn keyword ngxDirectiveThirdParty contained testcookie_path +syn keyword ngxDirectiveThirdParty contained testcookie_port_in_redirect syn keyword ngxDirectiveThirdParty contained testcookie_redirect_via_refresh -syn keyword ngxDirectiveThirdParty contained testcookie_refresh_template -syn keyword ngxDirectiveThirdParty contained testcookie_refresh_status -syn keyword ngxDirectiveThirdParty contained testcookie_deny_keepalive -syn keyword ngxDirectiveThirdParty contained testcookie_get_only -syn keyword ngxDirectiveThirdParty contained testcookie_https_location syn keyword ngxDirectiveThirdParty contained testcookie_refresh_encrypt_cookie +syn keyword ngxDirectiveThirdParty contained testcookie_refresh_encrypt_cookie_iv syn keyword ngxDirectiveThirdParty contained testcookie_refresh_encrypt_cookie_key -syn keyword ngxDirectiveThirdParty contained testcookie_refresh_encrypt_iv -syn keyword ngxDirectiveThirdParty contained testcookie_internal -syn keyword ngxDirectiveThirdParty contained testcookie_httponly_flag +syn keyword ngxDirectiveThirdParty contained testcookie_refresh_status +syn keyword ngxDirectiveThirdParty contained testcookie_refresh_template +syn keyword ngxDirectiveThirdParty contained testcookie_secret syn keyword ngxDirectiveThirdParty contained testcookie_secure_flag +syn keyword ngxDirectiveThirdParty contained testcookie_session +syn keyword ngxDirectiveThirdParty contained testcookie_whitelist -" Types Filter Module <https://github.com/flygoast/ngx_http_types_filter> -" Change the `Content-Type` output header depending on an extension variable according to a condition specified in the 'if' clause. +" ngx_http_types_filter_module +" https://github.com/flygoast/ngx_http_types_filter syn keyword ngxDirectiveThirdParty contained types_filter syn keyword ngxDirectiveThirdParty contained types_filter_use_default -" Unzip Module <https://github.com/youzee/nginx-unzip-module> -" Enabling fetching of files that are stored in zipped archives. +" A module allowing the nginx to use files embedded in a zip file +" https://github.com/youzee/nginx-unzip-module +syn keyword ngxDirectiveThirdParty contained file_in_unzip syn keyword ngxDirectiveThirdParty contained file_in_unzip_archivefile syn keyword ngxDirectiveThirdParty contained file_in_unzip_extract -syn keyword ngxDirectiveThirdParty contained file_in_unzip - -" Upload Progress Module <https://www.nginx.com/resources/wiki/modules/upload_progress/> -" An upload progress system, that monitors RFC1867 POST upload as they are transmitted to upstream servers -syn keyword ngxDirectiveThirdParty contained upload_progress -syn keyword ngxDirectiveThirdParty contained track_uploads -syn keyword ngxDirectiveThirdParty contained report_uploads -syn keyword ngxDirectiveThirdParty contained upload_progress_content_type -syn keyword ngxDirectiveThirdParty contained upload_progress_header -syn keyword ngxDirectiveThirdParty contained upload_progress_jsonp_parameter -syn keyword ngxDirectiveThirdParty contained upload_progress_json_output -syn keyword ngxDirectiveThirdParty contained upload_progress_jsonp_output -syn keyword ngxDirectiveThirdParty contained upload_progress_template -" Upload Module <https://www.nginx.com/resources/wiki/modules/upload/> -" Parses request body storing all files being uploaded to a directory specified by upload_store directive -syn keyword ngxDirectiveThirdParty contained upload_pass -syn keyword ngxDirectiveThirdParty contained upload_resumable -syn keyword ngxDirectiveThirdParty contained upload_store -syn keyword ngxDirectiveThirdParty contained upload_state_store -syn keyword ngxDirectiveThirdParty contained upload_store_access -syn keyword ngxDirectiveThirdParty contained upload_set_form_field -syn keyword ngxDirectiveThirdParty contained upload_aggregate_form_field -syn keyword ngxDirectiveThirdParty contained upload_pass_form_field -syn keyword ngxDirectiveThirdParty contained upload_cleanup -syn keyword ngxDirectiveThirdParty contained upload_buffer_size -syn keyword ngxDirectiveThirdParty contained upload_max_part_header_len -syn keyword ngxDirectiveThirdParty contained upload_max_file_size -syn keyword ngxDirectiveThirdParty contained upload_limit_rate -syn keyword ngxDirectiveThirdParty contained upload_max_output_body_len -syn keyword ngxDirectiveThirdParty contained upload_tame_arrays -syn keyword ngxDirectiveThirdParty contained upload_pass_args - -" Upstream Fair Module <https://github.com/gnosek/nginx-upstream-fair> -" The fair load balancer module for nginx http://nginx.localdomain.pl -syn keyword ngxDirectiveThirdParty contained fair -syn keyword ngxDirectiveThirdParty contained upstream_fair_shm_size - -" Upstream Hash Module (DEPRECATED) <http://wiki.nginx.org/NginxHttpUpstreamRequestHashModule> -" Provides simple upstream load distribution by hashing a configurable variable. -" syn keyword ngxDirectiveDeprecated contained hash -syn keyword ngxDirectiveDeprecated contained hash_again - -" Upstream Domain Resolve Module <https://www.nginx.com/resources/wiki/modules/domain_resolve/> -" A load-balancer that resolves an upstream domain name asynchronously. +" An asynchronous domain name resolve module for nginx upstream +" https://github.com/wdaike/ngx_upstream_jdomain syn keyword ngxDirectiveThirdParty contained jdomain -" Upsync Module <https://github.com/weibocom/nginx-upsync-module> -" Sync upstreams from consul or others, dynamiclly modify backend-servers attribute(weight, max_fails,...), needn't reload nginx -syn keyword ngxDirectiveThirdParty contained upsync -syn keyword ngxDirectiveThirdParty contained upsync_dump_path -syn keyword ngxDirectiveThirdParty contained upsync_lb -syn keyword ngxDirectiveThirdParty contained upstream_show - -" URL Module <https://github.com/vozlt/nginx-module-url> " Nginx url encoding converting module +" https://github.com/vozlt/nginx-module-url syn keyword ngxDirectiveThirdParty contained url_encoding_convert +syn keyword ngxDirectiveThirdParty contained url_encoding_convert_alloc_size +syn keyword ngxDirectiveThirdParty contained url_encoding_convert_alloc_size_x syn keyword ngxDirectiveThirdParty contained url_encoding_convert_from +syn keyword ngxDirectiveThirdParty contained url_encoding_convert_phase syn keyword ngxDirectiveThirdParty contained url_encoding_convert_to -" User Agent Module <https://github.com/alibaba/nginx-http-user-agent> -" Match browsers and crawlers +" A nginx module to match browsers and crawlers +" https://github.com/alibaba/nginx-http-user-agent syn keyword ngxDirectiveThirdParty contained user_agent -" Upstrema Ketama Chash Module <https://github.com/flygoast/ngx_http_upstream_ketama_chash> -" Nginx load-balancer module implementing ketama consistent hashing. +" nginx load-balancer module implementing ketama consistent hashing +" https://github.com/flygoast/ngx_http_upstream_ketama_chash syn keyword ngxDirectiveThirdParty contained ketama_chash -" Video Thumbextractor Module <https://github.com/wandenberg/nginx-video-thumbextractor-module> -" Extract thumbs from a video file -syn keyword ngxDirectiveThirdParty contained video_thumbextractor -syn keyword ngxDirectiveThirdParty contained video_thumbextractor_video_filename -syn keyword ngxDirectiveThirdParty contained video_thumbextractor_video_second -syn keyword ngxDirectiveThirdParty contained video_thumbextractor_image_width -syn keyword ngxDirectiveThirdParty contained video_thumbextractor_image_height -syn keyword ngxDirectiveThirdParty contained video_thumbextractor_only_keyframe -syn keyword ngxDirectiveThirdParty contained video_thumbextractor_next_time -syn keyword ngxDirectiveThirdParty contained video_thumbextractor_tile_rows -syn keyword ngxDirectiveThirdParty contained video_thumbextractor_tile_cols -syn keyword ngxDirectiveThirdParty contained video_thumbextractor_tile_max_rows -syn keyword ngxDirectiveThirdParty contained video_thumbextractor_tile_max_cols -syn keyword ngxDirectiveThirdParty contained video_thumbextractor_tile_sample_interval -syn keyword ngxDirectiveThirdParty contained video_thumbextractor_tile_color -syn keyword ngxDirectiveThirdParty contained video_thumbextractor_tile_margin -syn keyword ngxDirectiveThirdParty contained video_thumbextractor_tile_padding -syn keyword ngxDirectiveThirdParty contained video_thumbextractor_threads -syn keyword ngxDirectiveThirdParty contained video_thumbextractor_processes_per_worker - -" Eval Module <http://www.grid.net.ru/nginx/eval.en.html> -" Module for nginx web server evaluates response of proxy or memcached module into variables. -syn keyword ngxDirectiveThirdParty contained eval -syn keyword ngxDirectiveThirdParty contained eval_escalate -syn keyword ngxDirectiveThirdParty contained eval_override_content_type - -" VTS Module <https://github.com/vozlt/nginx-module-vts> -" Nginx virtual host traffic status module -syn keyword ngxDirectiveThirdParty contained vhost_traffic_status -syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_zone -syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_display -syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_display_format -syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_display_jsonp -syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter -syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter_by_host -syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter_by_set_key -syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter_check_duplicate -syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_limit -syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_limit_traffic -syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_limit_traffic_by_set_key -syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_limit_check_duplicate - -" XSS Module <https://github.com/openresty/xss-nginx-module> -" Native support for cross-site scripting (XSS) in an nginx. -syn keyword ngxDirectiveThirdParty contained xss_get -syn keyword ngxDirectiveThirdParty contained xss_callback_arg -syn keyword ngxDirectiveThirdParty contained xss_override_status -syn keyword ngxDirectiveThirdParty contained xss_check_status -syn keyword ngxDirectiveThirdParty contained xss_input_types -" ZIP Module <https://www.nginx.com/resources/wiki/modules/zip/> -" ZIP archiver for nginx " highlight @@ -2168,7 +2260,9 @@ hi link ngxDirectiveDeprecated Error hi link ngxDirective Identifier hi link ngxDirectiveThirdParty Special +hi link ngxDirectiveThirdPartyDeprecated Error hi link ngxListenOptions Keyword +hi link ngxListenOptionsDeprecated Error let b:current_syntax = "nginx" | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/core/nginx.c ^ |
| @@ -228,6 +228,7 @@ #endif ngx_pid = ngx_getpid(); + ngx_parent = ngx_getppid(); log = ngx_log_init(ngx_prefix); if (log == NULL) { @@ -984,8 +985,8 @@ p--) { if (ngx_path_separator(*p)) { - cycle->conf_prefix.len = p - ngx_cycle->conf_file.data + 1; - cycle->conf_prefix.data = ngx_cycle->conf_file.data; + cycle->conf_prefix.len = p - cycle->conf_file.data + 1; + cycle->conf_prefix.data = cycle->conf_file.data; break; } } | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/core/nginx.h ^ |
| @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1013007 -#define NGINX_VERSION "1.13.7" +#define nginx_version 1014000 +#define NGINX_VERSION "1.14.0" #define NGINX_VER "nginx/" NGINX_VERSION #ifdef NGX_BUILD | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/core/ngx_conf_file.c ^ |
| @@ -709,6 +709,11 @@ last_space = 0; continue; + case '$': + variable = 1; + last_space = 0; + continue; + default: last_space = 0; } | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/core/ngx_cycle.h ^ |
| @@ -31,6 +31,7 @@ ngx_shm_t shm; ngx_shm_zone_init_pt init; void *tag; + void *sync; ngx_uint_t noreuse; /* unsigned noreuse:1; */ }; @@ -114,6 +115,8 @@ ngx_array_t env; char **environment; + + ngx_uint_t transparent; /* unsigned transparent:1; */ } ngx_core_conf_t; | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/core/ngx_proxy_protocol.c ^ |
| @@ -9,6 +9,41 @@ #include <ngx_core.h> +#define NGX_PROXY_PROTOCOL_AF_INET 1 +#define NGX_PROXY_PROTOCOL_AF_INET6 2 + + +#define ngx_proxy_protocol_parse_uint16(p) ((p)[0] << 8 | (p)[1]) + + +typedef struct { + u_char signature[12]; + u_char version_command; + u_char family_transport; + u_char len[2]; +} ngx_proxy_protocol_header_t; + + +typedef struct { + u_char src_addr[4]; + u_char dst_addr[4]; + u_char src_port[2]; + u_char dst_port[2]; +} ngx_proxy_protocol_inet_addrs_t; + + +typedef struct { + u_char src_addr[16]; + u_char dst_addr[16]; + u_char src_port[2]; + u_char dst_port[2]; +} ngx_proxy_protocol_inet6_addrs_t; + + +static u_char *ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, + u_char *last); + + u_char * ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last) { @@ -16,9 +51,17 @@ u_char ch, *p, *addr, *port; ngx_int_t n; + static const u_char signature[] = "\r\n\r\n\0\r\nQUIT\n"; + p = buf; len = last - buf; + if (len >= sizeof(ngx_proxy_protocol_header_t) + && memcmp(p, signature, sizeof(signature) - 1) == 0) + { + return ngx_proxy_protocol_v2_read(c, buf, last); + } + if (len < 8 || ngx_strncmp(p, "PROXY ", 6) != 0) { goto invalid; } @@ -105,7 +148,8 @@ c->proxy_protocol_port = (in_port_t) n; ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0, - "PROXY protocol address: %V %i", &c->proxy_protocol_addr, n); + "PROXY protocol address: %V %d", &c->proxy_protocol_addr, + c->proxy_protocol_port); skip: @@ -166,3 +210,134 @@ return ngx_slprintf(buf, last, " %ui %ui" CRLF, port, lport); } + + +static u_char * +ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, u_char *last) +{ + u_char *end; + size_t len; + socklen_t socklen; + ngx_uint_t version, command, family, transport; + ngx_sockaddr_t sockaddr; + ngx_proxy_protocol_header_t *header; + ngx_proxy_protocol_inet_addrs_t *in; +#if (NGX_HAVE_INET6) + ngx_proxy_protocol_inet6_addrs_t *in6; +#endif + + header = (ngx_proxy_protocol_header_t *) buf; + + buf += sizeof(ngx_proxy_protocol_header_t); + + version = header->version_command >> 4; + + if (version != 2) { + ngx_log_error(NGX_LOG_ERR, c->log, 0, + "unknown PROXY protocol version: %ui", version); + return NULL; + } + + len = ngx_proxy_protocol_parse_uint16(header->len); + + if ((size_t) (last - buf) < len) { + ngx_log_error(NGX_LOG_ERR, c->log, 0, "header is too large"); + return NULL; + } + + end = buf + len; + + command = header->version_command & 0x0f; + + /* only PROXY is supported */ + if (command != 1) { + ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0, + "PROXY protocol v2 unsupported command %ui", command); + return end; + } + + transport = header->family_transport & 0x0f; + + /* only STREAM is supported */ + if (transport != 1) { + ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0, + "PROXY protocol v2 unsupported transport %ui", + transport); + return end; + } + + family = header->family_transport >> 4; + + switch (family) { + + case NGX_PROXY_PROTOCOL_AF_INET: + + if ((size_t) (end - buf) < sizeof(ngx_proxy_protocol_inet_addrs_t)) { + return NULL; + } + + in = (ngx_proxy_protocol_inet_addrs_t *) buf; + + sockaddr.sockaddr_in.sin_family = AF_INET; + sockaddr.sockaddr_in.sin_port = 0; + memcpy(&sockaddr.sockaddr_in.sin_addr, in->src_addr, 4); + + c->proxy_protocol_port = ngx_proxy_protocol_parse_uint16(in->src_port); + + socklen = sizeof(struct sockaddr_in); + + buf += sizeof(ngx_proxy_protocol_inet_addrs_t); + + break; + +#if (NGX_HAVE_INET6) + + case NGX_PROXY_PROTOCOL_AF_INET6: + + if ((size_t) (end - buf) < sizeof(ngx_proxy_protocol_inet6_addrs_t)) { + return NULL; + } + + in6 = (ngx_proxy_protocol_inet6_addrs_t *) buf; + + sockaddr.sockaddr_in6.sin6_family = AF_INET6; + sockaddr.sockaddr_in6.sin6_port = 0; + memcpy(&sockaddr.sockaddr_in6.sin6_addr, in6->src_addr, 16); + + c->proxy_protocol_port = ngx_proxy_protocol_parse_uint16(in6->src_port); + + socklen = sizeof(struct sockaddr_in6); + + buf += sizeof(ngx_proxy_protocol_inet6_addrs_t); + + break; + +#endif + + default: + ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0, + "PROXY protocol v2 unsupported address family %ui", + family); + return end; + } + + c->proxy_protocol_addr.data = ngx_pnalloc(c->pool, NGX_SOCKADDR_STRLEN); + if (c->proxy_protocol_addr.data == NULL) { + return NULL; + } + + c->proxy_protocol_addr.len = ngx_sock_ntop(&sockaddr.sockaddr, socklen, + c->proxy_protocol_addr.data, + NGX_SOCKADDR_STRLEN, 0); + + ngx_log_debug2(NGX_LOG_DEBUG_CORE, c->log, 0, + "PROXY protocol v2 address: %V %d", &c->proxy_protocol_addr, + c->proxy_protocol_port); + + if (buf < end) { + ngx_log_debug1(NGX_LOG_DEBUG_CORE, c->log, 0, + "PROXY protocol v2 %z bytes of tlv ignored", end - buf); + } + + return end; +} | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/core/ngx_times.c ^ |
| @@ -9,6 +9,9 @@ #include <ngx_core.h> +static ngx_msec_t ngx_monotonic_time(time_t sec, ngx_uint_t msec); + + /* * The time may be updated by signal handler or by several threads. * The time update operations are rare and require to hold the ngx_time_lock. @@ -93,7 +96,7 @@ sec = tv.tv_sec; msec = tv.tv_usec / 1000; - ngx_current_msec = (ngx_msec_t) sec * 1000 + msec; + ngx_current_msec = ngx_monotonic_time(sec, msec); tp = &cached_time[slot]; @@ -189,6 +192,31 @@ } +static ngx_msec_t +ngx_monotonic_time(time_t sec, ngx_uint_t msec) +{ +#if (NGX_HAVE_CLOCK_MONOTONIC) + struct timespec ts; + +#if defined(CLOCK_MONOTONIC_FAST) + clock_gettime(CLOCK_MONOTONIC_FAST, &ts); + +#elif defined(CLOCK_MONOTONIC_COARSE) + clock_gettime(CLOCK_MONOTONIC_COARSE, &ts); + +#else + clock_gettime(CLOCK_MONOTONIC, &ts); +#endif + + sec = ts.tv_sec; + msec = ts.tv_nsec / 1000000; + +#endif + + return (ngx_msec_t) sec * 1000 + msec; +} + + #if !(NGX_WIN32) void | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/event/modules/ngx_eventport_module.c ^ |
| @@ -19,6 +19,8 @@ #define CLOCK_REALTIME 0 typedef int clockid_t; typedef void * timer_t; +#elif (NGX_DARWIN) +typedef void * timer_t; #endif /* Solaris declarations */ | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/event/ngx_event_connect.c ^ |
| @@ -388,7 +388,16 @@ return NGX_ERROR; } +#else + + ngx_log_error(NGX_LOG_ALERT, pc->log, 0, + "could not enable transparent proxying for IPv6 " + "on this platform"); + + return NGX_ERROR; + #endif + break; #endif /* NGX_HAVE_INET6 */ | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/http/modules/ngx_http_auth_basic_module.c ^ |
| @@ -266,8 +266,8 @@ } ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, - "user \"%V\" was not found in \"%V\"", - &r->headers_in.user, &user_file); + "user \"%V\" was not found in \"%s\"", + &r->headers_in.user, user_file.data); return ngx_http_auth_basic_set_realm(r, &realm); } | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/http/modules/ngx_http_autoindex_module.c ^ |
| @@ -180,6 +180,12 @@ return NGX_DECLINED; } + rc = ngx_http_discard_request_body(r); + + if (rc != NGX_OK) { + return rc; + } + /* NGX_DIR_MASK_LEN is lesser than NGX_HTTP_AUTOINDEX_PREALLOCATE */ last = ngx_http_map_uri_to_path(r, &path, &root, | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/http/modules/ngx_http_dav_module.c ^ |
| @@ -213,7 +213,16 @@ ngx_ext_rename_file_t ext; ngx_http_dav_loc_conf_t *dlcf; - if (r->request_body == NULL || r->request_body->temp_file == NULL) { + if (r->request_body == NULL) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "PUT request body is unavailable"); + ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); + return; + } + + if (r->request_body->temp_file == NULL) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "PUT request body must be in a file"); ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); return; } | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/http/modules/ngx_http_fastcgi_module.c ^ |
| @@ -2512,36 +2512,6 @@ break; } - /* provide continuous buffer for subrequests in memory */ - - if (r->subrequest_in_memory) { - - cl = u->out_bufs; - - if (cl) { - buf->pos = cl->buf->pos; - } - - buf->last = buf->pos; - - for (cl = u->out_bufs; cl; cl = cl->next) { - ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, - "http fastcgi in memory %p-%p %O", - cl->buf->pos, cl->buf->last, ngx_buf_size(cl->buf)); - - if (buf->last == cl->buf->pos) { - buf->last = cl->buf->last; - continue; - } - - buf->last = ngx_movemem(buf->last, cl->buf->pos, - cl->buf->last - cl->buf->pos); - - cl->buf->pos = buf->last - (cl->buf->last - cl->buf->pos); - cl->buf->last = buf->last; - } - } - return NGX_OK; } @@ -2736,8 +2706,6 @@ * conf->upstream.cache_methods = 0; * conf->upstream.temp_path = NULL; * conf->upstream.hide_headers_hash = { NULL, 0 }; - * conf->upstream.uri = { 0, NULL }; - * conf->upstream.location = NULL; * conf->upstream.store_lengths = NULL; * conf->upstream.store_values = NULL; * | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/http/modules/ngx_http_geo_module.c ^ |
| @@ -439,6 +439,7 @@ ctx.temp_pool = ngx_create_pool(NGX_DEFAULT_POOL_SIZE, cf->log); if (ctx.temp_pool == NULL) { + ngx_destroy_pool(pool); return NGX_CONF_ERROR; } @@ -460,6 +461,10 @@ *cf = save; + if (rv != NGX_CONF_OK) { + goto failed; + } + geo->proxies = ctx.proxies; geo->proxy_recursive = ctx.proxy_recursive; @@ -482,7 +487,7 @@ ctx.high.low[i] = ngx_palloc(cf->pool, len + sizeof(void *)); if (ctx.high.low[i] == NULL) { - return NGX_CONF_ERROR; + goto failed; } ngx_memcpy(ctx.high.low[i], a->elts, len); @@ -508,14 +513,11 @@ var->get_handler = ngx_http_geo_range_variable; var->data = (uintptr_t) geo; - ngx_destroy_pool(ctx.temp_pool); - ngx_destroy_pool(pool); - } else { if (ctx.tree == NULL) { ctx.tree = ngx_radix_tree_create(cf->pool, -1); if (ctx.tree == NULL) { - return NGX_CONF_ERROR; + goto failed; } } @@ -525,7 +527,7 @@ if (ctx.tree6 == NULL) { ctx.tree6 = ngx_radix_tree_create(cf->pool, -1); if (ctx.tree6 == NULL) { - return NGX_CONF_ERROR; + goto failed; } } @@ -535,14 +537,11 @@ var->get_handler = ngx_http_geo_cidr_variable; var->data = (uintptr_t) geo; - ngx_destroy_pool(ctx.temp_pool); - ngx_destroy_pool(pool); - if (ngx_radix32tree_insert(ctx.tree, 0, 0, (uintptr_t) &ngx_http_variable_null_value) == NGX_ERROR) { - return NGX_CONF_ERROR; + goto failed; } /* NGX_BUSY is okay (default was set explicitly) */ @@ -552,12 +551,22 @@ (uintptr_t) &ngx_http_variable_null_value) == NGX_ERROR) { - return NGX_CONF_ERROR; + goto failed; } #endif } - return rv; + ngx_destroy_pool(ctx.temp_pool); + ngx_destroy_pool(pool); + + return NGX_CONF_OK; + +failed: + + ngx_destroy_pool(ctx.temp_pool); + ngx_destroy_pool(pool); + + return NGX_CONF_ERROR; } | ||
| [+] | Added | _service:download_url:nginx-1.14.0.tar.gz/src/http/modules/ngx_http_grpc_module.c ^ |
| @@ -0,0 +1,4640 @@ + +/* + * Copyright (C) Maxim Dounin + * Copyright (C) Nginx, Inc. + */ + + +#include <ngx_config.h> +#include <ngx_core.h> +#include <ngx_http.h> + + +typedef struct { + ngx_array_t *flushes; + ngx_array_t *lengths; + ngx_array_t *values; + ngx_hash_t hash; +} ngx_http_grpc_headers_t; + + +typedef struct { + ngx_http_upstream_conf_t upstream; + + ngx_http_grpc_headers_t headers; + ngx_array_t *headers_source; + + ngx_str_t host; + ngx_uint_t host_set; + +#if (NGX_HTTP_SSL) + ngx_uint_t ssl; + ngx_uint_t ssl_protocols; + ngx_str_t ssl_ciphers; + ngx_uint_t ssl_verify_depth; + ngx_str_t ssl_trusted_certificate; + ngx_str_t ssl_crl; + ngx_str_t ssl_certificate; + ngx_str_t ssl_certificate_key; + ngx_array_t *ssl_passwords; +#endif +} ngx_http_grpc_loc_conf_t; + + +typedef enum { + ngx_http_grpc_st_start = 0, + ngx_http_grpc_st_length_2, + ngx_http_grpc_st_length_3, + ngx_http_grpc_st_type, + ngx_http_grpc_st_flags, + ngx_http_grpc_st_stream_id, + ngx_http_grpc_st_stream_id_2, + ngx_http_grpc_st_stream_id_3, + ngx_http_grpc_st_stream_id_4, + ngx_http_grpc_st_payload, + ngx_http_grpc_st_padding +} ngx_http_grpc_state_e; + + +typedef struct { + size_t init_window; + size_t send_window; + size_t recv_window; + ngx_uint_t last_stream_id; +} ngx_http_grpc_conn_t; + + +typedef struct { + ngx_http_grpc_state_e state; + ngx_uint_t frame_state; + ngx_uint_t fragment_state; + + ngx_chain_t *in; + ngx_chain_t *out; + ngx_chain_t *free; + ngx_chain_t *busy; + + ngx_http_grpc_conn_t *connection; + + ngx_uint_t id; + + ssize_t send_window; + size_t recv_window; + + size_t rest; + ngx_uint_t stream_id; + u_char type; + u_char flags; + u_char padding; + + ngx_uint_t error; + ngx_uint_t window_update; + + ngx_uint_t setting_id; + ngx_uint_t setting_value; + + u_char ping_data[8]; + + ngx_uint_t index; + ngx_str_t name; + ngx_str_t value; + + u_char *field_end; + size_t field_length; + size_t field_rest; + u_char field_state; + + unsigned literal:1; + unsigned field_huffman:1; + + unsigned header_sent:1; + unsigned output_closed:1; + unsigned parsing_headers:1; + unsigned end_stream:1; + unsigned status:1; + + ngx_http_request_t *request; +} ngx_http_grpc_ctx_t; + + +typedef struct { + u_char length_0; + u_char length_1; + u_char length_2; + u_char type; + u_char flags; + u_char stream_id_0; + u_char stream_id_1; + u_char stream_id_2; + u_char stream_id_3; +} ngx_http_grpc_frame_t; + + +static ngx_int_t ngx_http_grpc_create_request(ngx_http_request_t *r); +static ngx_int_t ngx_http_grpc_reinit_request(ngx_http_request_t *r); +static ngx_int_t ngx_http_grpc_body_output_filter(void *data, ngx_chain_t *in); +static ngx_int_t ngx_http_grpc_process_header(ngx_http_request_t *r); +static ngx_int_t ngx_http_grpc_filter_init(void *data); +static ngx_int_t ngx_http_grpc_filter(void *data, ssize_t bytes); + +static ngx_int_t ngx_http_grpc_parse_frame(ngx_http_request_t *r, + ngx_http_grpc_ctx_t *ctx, ngx_buf_t *b); +static ngx_int_t ngx_http_grpc_parse_header(ngx_http_request_t *r, + ngx_http_grpc_ctx_t *ctx, ngx_buf_t *b); +static ngx_int_t ngx_http_grpc_parse_fragment(ngx_http_request_t *r, + ngx_http_grpc_ctx_t *ctx, ngx_buf_t *b); +static ngx_int_t ngx_http_grpc_validate_header_name(ngx_http_request_t *r, + ngx_str_t *s); +static ngx_int_t ngx_http_grpc_validate_header_value(ngx_http_request_t *r, + ngx_str_t *s); +static ngx_int_t ngx_http_grpc_parse_rst_stream(ngx_http_request_t *r, + ngx_http_grpc_ctx_t *ctx, ngx_buf_t *b); +static ngx_int_t ngx_http_grpc_parse_goaway(ngx_http_request_t *r, + ngx_http_grpc_ctx_t *ctx, ngx_buf_t *b); +static ngx_int_t ngx_http_grpc_parse_window_update(ngx_http_request_t *r, + ngx_http_grpc_ctx_t *ctx, ngx_buf_t *b); +static ngx_int_t ngx_http_grpc_parse_settings(ngx_http_request_t *r, + ngx_http_grpc_ctx_t *ctx, ngx_buf_t *b); +static ngx_int_t ngx_http_grpc_parse_ping(ngx_http_request_t *r, + ngx_http_grpc_ctx_t *ctx, ngx_buf_t *b); + +static ngx_int_t ngx_http_grpc_send_settings_ack(ngx_http_request_t *r, + ngx_http_grpc_ctx_t *ctx); +static ngx_int_t ngx_http_grpc_send_ping_ack(ngx_http_request_t *r, + ngx_http_grpc_ctx_t *ctx); +static ngx_int_t ngx_http_grpc_send_window_update(ngx_http_request_t *r, + ngx_http_grpc_ctx_t *ctx); + +static ngx_chain_t *ngx_http_grpc_get_buf(ngx_http_request_t *r, + ngx_http_grpc_ctx_t *ctx); +static ngx_http_grpc_ctx_t *ngx_http_grpc_get_ctx(ngx_http_request_t *r); +static ngx_int_t ngx_http_grpc_get_connection_data(ngx_http_request_t *r, + ngx_http_grpc_ctx_t *ctx, ngx_peer_connection_t *pc); +static void ngx_http_grpc_cleanup(void *data); + +static void ngx_http_grpc_abort_request(ngx_http_request_t *r); +static void ngx_http_grpc_finalize_request(ngx_http_request_t *r, + ngx_int_t rc); + +static ngx_int_t ngx_http_grpc_internal_trailers_variable( + ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); + +static ngx_int_t ngx_http_grpc_add_variables(ngx_conf_t *cf); +static void *ngx_http_grpc_create_loc_conf(ngx_conf_t *cf); +static char *ngx_http_grpc_merge_loc_conf(ngx_conf_t *cf, + void *parent, void *child); +static ngx_int_t ngx_http_grpc_init_headers(ngx_conf_t *cf, + ngx_http_grpc_loc_conf_t *conf, ngx_http_grpc_headers_t *headers, + ngx_keyval_t *default_headers); + +static char *ngx_http_grpc_pass(ngx_conf_t *cf, ngx_command_t *cmd, + void *conf); + +#if (NGX_HTTP_SSL) +static char *ngx_http_grpc_ssl_password_file(ngx_conf_t *cf, + ngx_command_t *cmd, void *conf); +static ngx_int_t ngx_http_grpc_set_ssl(ngx_conf_t *cf, + ngx_http_grpc_loc_conf_t *glcf); +#endif + + +static ngx_conf_bitmask_t ngx_http_grpc_next_upstream_masks[] = { + { ngx_string("error"), NGX_HTTP_UPSTREAM_FT_ERROR }, + { ngx_string("timeout"), NGX_HTTP_UPSTREAM_FT_TIMEOUT }, + { ngx_string("invalid_header"), NGX_HTTP_UPSTREAM_FT_INVALID_HEADER }, + { ngx_string("non_idempotent"), NGX_HTTP_UPSTREAM_FT_NON_IDEMPOTENT }, + { ngx_string("http_500"), NGX_HTTP_UPSTREAM_FT_HTTP_500 }, + { ngx_string("http_502"), NGX_HTTP_UPSTREAM_FT_HTTP_502 }, + { ngx_string("http_503"), NGX_HTTP_UPSTREAM_FT_HTTP_503 }, + { ngx_string("http_504"), NGX_HTTP_UPSTREAM_FT_HTTP_504 }, + { ngx_string("http_403"), NGX_HTTP_UPSTREAM_FT_HTTP_403 }, + { ngx_string("http_404"), NGX_HTTP_UPSTREAM_FT_HTTP_404 }, + { ngx_string("http_429"), NGX_HTTP_UPSTREAM_FT_HTTP_429 }, + { ngx_string("off"), NGX_HTTP_UPSTREAM_FT_OFF }, + { ngx_null_string, 0 } +}; + + +#if (NGX_HTTP_SSL) + +static ngx_conf_bitmask_t ngx_http_grpc_ssl_protocols[] = { + { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, + { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, + { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, + { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 }, + { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 }, + { ngx_string("TLSv1.3"), NGX_SSL_TLSv1_3 }, + { ngx_null_string, 0 } +}; + +#endif + + +static ngx_command_t ngx_http_grpc_commands[] = { + + { ngx_string("grpc_pass"), + NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF|NGX_CONF_TAKE1, + ngx_http_grpc_pass, + NGX_HTTP_LOC_CONF_OFFSET, + 0, + NULL }, + + { ngx_string("grpc_bind"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE12, + ngx_http_upstream_bind_set_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_grpc_loc_conf_t, upstream.local), + NULL }, + + { ngx_string("grpc_connect_timeout"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_conf_set_msec_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_grpc_loc_conf_t, upstream.connect_timeout), + NULL }, + + { ngx_string("grpc_send_timeout"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_conf_set_msec_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_grpc_loc_conf_t, upstream.send_timeout), + NULL }, + + { ngx_string("grpc_intercept_errors"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, + ngx_conf_set_flag_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_grpc_loc_conf_t, upstream.intercept_errors), + NULL }, + + { ngx_string("grpc_buffer_size"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_conf_set_size_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_grpc_loc_conf_t, upstream.buffer_size), + NULL }, + + { ngx_string("grpc_read_timeout"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_conf_set_msec_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_grpc_loc_conf_t, upstream.read_timeout), + NULL }, + + { ngx_string("grpc_next_upstream"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE, + ngx_conf_set_bitmask_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_grpc_loc_conf_t, upstream.next_upstream), + &ngx_http_grpc_next_upstream_masks }, + + { ngx_string("grpc_next_upstream_tries"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_conf_set_num_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_grpc_loc_conf_t, upstream.next_upstream_tries), + NULL }, + + { ngx_string("grpc_next_upstream_timeout"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_conf_set_msec_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_grpc_loc_conf_t, upstream.next_upstream_timeout), + NULL }, + + { ngx_string("grpc_set_header"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE2, + ngx_conf_set_keyval_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_grpc_loc_conf_t, headers_source), + NULL }, + + { ngx_string("grpc_pass_header"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_conf_set_str_array_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_grpc_loc_conf_t, upstream.pass_headers), + NULL }, + + { ngx_string("grpc_hide_header"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_conf_set_str_array_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_grpc_loc_conf_t, upstream.hide_headers), + NULL }, + + { ngx_string("grpc_ignore_headers"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE, + ngx_conf_set_bitmask_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_grpc_loc_conf_t, upstream.ignore_headers), + &ngx_http_upstream_ignore_headers_masks }, + +#if (NGX_HTTP_SSL) + + { ngx_string("grpc_ssl_session_reuse"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, + ngx_conf_set_flag_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_grpc_loc_conf_t, upstream.ssl_session_reuse), + NULL }, + + { ngx_string("grpc_ssl_protocols"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE, + ngx_conf_set_bitmask_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_grpc_loc_conf_t, ssl_protocols), + &ngx_http_grpc_ssl_protocols }, + + { ngx_string("grpc_ssl_ciphers"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_conf_set_str_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_grpc_loc_conf_t, ssl_ciphers), + NULL }, + + { ngx_string("grpc_ssl_name"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_http_set_complex_value_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_grpc_loc_conf_t, upstream.ssl_name), + NULL }, + + { ngx_string("grpc_ssl_server_name"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, + ngx_conf_set_flag_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_grpc_loc_conf_t, upstream.ssl_server_name), + NULL }, + + { ngx_string("grpc_ssl_verify"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, + ngx_conf_set_flag_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_grpc_loc_conf_t, upstream.ssl_verify), + NULL }, + + { ngx_string("grpc_ssl_verify_depth"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_conf_set_num_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_grpc_loc_conf_t, ssl_verify_depth), + NULL }, + + { ngx_string("grpc_ssl_trusted_certificate"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_conf_set_str_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_grpc_loc_conf_t, ssl_trusted_certificate), + NULL }, + + { ngx_string("grpc_ssl_crl"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_conf_set_str_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_grpc_loc_conf_t, ssl_crl), + NULL }, + + { ngx_string("grpc_ssl_certificate"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_conf_set_str_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_grpc_loc_conf_t, ssl_certificate), + NULL }, + + { ngx_string("grpc_ssl_certificate_key"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_conf_set_str_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_grpc_loc_conf_t, ssl_certificate_key), + NULL }, + + { ngx_string("grpc_ssl_password_file"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_http_grpc_ssl_password_file, + NGX_HTTP_LOC_CONF_OFFSET, + 0, + NULL }, + +#endif + + ngx_null_command +}; + + +static ngx_http_module_t ngx_http_grpc_module_ctx = { + ngx_http_grpc_add_variables, /* preconfiguration */ + NULL, /* postconfiguration */ + + NULL, /* create main configuration */ + NULL, /* init main configuration */ + + NULL, /* create server configuration */ + NULL, /* merge server configuration */ + + ngx_http_grpc_create_loc_conf, /* create location configuration */ + ngx_http_grpc_merge_loc_conf /* merge location configuration */ +}; + + +ngx_module_t ngx_http_grpc_module = { + NGX_MODULE_V1, + &ngx_http_grpc_module_ctx, /* module context */ + ngx_http_grpc_commands, /* module directives */ + NGX_HTTP_MODULE, /* module type */ + NULL, /* init master */ + NULL, /* init module */ + NULL, /* init process */ + NULL, /* init thread */ + NULL, /* exit thread */ + NULL, /* exit process */ + NULL, /* exit master */ + NGX_MODULE_V1_PADDING +}; + + +static u_char ngx_http_grpc_connection_start[] = + "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n" /* connection preface */ + + "\x00\x00\x12\x04\x00\x00\x00\x00\x00" /* settings frame */ + "\x00\x01\x00\x00\x00\x00" /* header table size */ + "\x00\x02\x00\x00\x00\x00" /* disable push */ + "\x00\x04\x7f\xff\xff\xff" /* initial window */ + + "\x00\x00\x04\x08\x00\x00\x00\x00\x00" /* window update frame */ + "\x7f\xff\x00\x00"; + + +static ngx_keyval_t ngx_http_grpc_headers[] = { + { ngx_string("Content-Length"), ngx_string("$content_length") }, + { ngx_string("TE"), ngx_string("$grpc_internal_trailers") }, + { ngx_string("Host"), ngx_string("") }, + { ngx_string("Connection"), ngx_string("") }, + { ngx_string("Transfer-Encoding"), ngx_string("") }, + { ngx_string("Keep-Alive"), ngx_string("") }, + { ngx_string("Expect"), ngx_string("") }, + { ngx_string("Upgrade"), ngx_string("") }, + { ngx_null_string, ngx_null_string } +}; + + +static ngx_str_t ngx_http_grpc_hide_headers[] = { + ngx_string("Date"), + ngx_string("Server"), + ngx_string("X-Accel-Expires"), + ngx_string("X-Accel-Redirect"), + ngx_string("X-Accel-Limit-Rate"), + ngx_string("X-Accel-Buffering"), + ngx_string("X-Accel-Charset"), + ngx_null_string +}; + + +static ngx_http_variable_t ngx_http_grpc_vars[] = { + + { ngx_string("grpc_internal_trailers"), NULL, + ngx_http_grpc_internal_trailers_variable, 0, + NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 }, + + ngx_http_null_variable +}; + + +static ngx_int_t +ngx_http_grpc_handler(ngx_http_request_t *r) +{ + ngx_int_t rc; + ngx_http_upstream_t *u; + ngx_http_grpc_ctx_t *ctx; + ngx_http_grpc_loc_conf_t *glcf; + + if (ngx_http_upstream_create(r) != NGX_OK) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + glcf = ngx_http_get_module_loc_conf(r, ngx_http_grpc_module); + + u = r->upstream; + +#if (NGX_HTTP_SSL) + u->ssl = (glcf->upstream.ssl != NULL); + + if (u->ssl) { + ngx_str_set(&u->schema, "grpcs://"); + + } else { + ngx_str_set(&u->schema, "grpc://"); + } +#else + ngx_str_set(&u->schema, "grpc://"); +#endif + + u->output.tag = (ngx_buf_tag_t) &ngx_http_grpc_module; + + u->conf = &glcf->upstream; + + u->create_request = ngx_http_grpc_create_request; + u->reinit_request = ngx_http_grpc_reinit_request; + u->process_header = ngx_http_grpc_process_header; + u->abort_request = ngx_http_grpc_abort_request; + u->finalize_request = ngx_http_grpc_finalize_request; + + ctx = ngx_pcalloc(r->pool, sizeof(ngx_http_grpc_ctx_t)); + if (ctx == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + ctx->request = r; + + ngx_http_set_ctx(r, ctx, ngx_http_grpc_module); + + u->input_filter_init = ngx_http_grpc_filter_init; + u->input_filter = ngx_http_grpc_filter; + u->input_filter_ctx = ctx; + + r->request_body_no_buffering = 1; + + rc = ngx_http_read_client_request_body(r, ngx_http_upstream_init); + + if (rc >= NGX_HTTP_SPECIAL_RESPONSE) { + return rc; + } + + return NGX_DONE; +} + + +static ngx_int_t +ngx_http_grpc_create_request(ngx_http_request_t *r) +{ + u_char *p, *tmp, *key_tmp, *val_tmp, *headers_frame; + size_t len, tmp_len, key_len, val_len, uri_len; + uintptr_t escape; + ngx_buf_t *b; + ngx_uint_t i, next; + ngx_chain_t *cl, *body; + ngx_list_part_t *part; + ngx_table_elt_t *header; + ngx_http_upstream_t *u; + ngx_http_grpc_frame_t *f; + ngx_http_script_code_pt code; + ngx_http_grpc_loc_conf_t *glcf; + ngx_http_script_engine_t e, le; + ngx_http_script_len_code_pt lcode; + + u = r->upstream; + + glcf = ngx_http_get_module_loc_conf(r, ngx_http_grpc_module); + + len = sizeof(ngx_http_grpc_connection_start) - 1 + + sizeof(ngx_http_grpc_frame_t); /* headers frame */ + + /* :method header */ + + if (r->method == NGX_HTTP_GET || r->method == NGX_HTTP_POST) { + len += 1; + tmp_len = 0; + + } else { + len += 1 + NGX_HTTP_V2_INT_OCTETS + r->method_name.len; + tmp_len = r->method_name.len; + } + + /* :scheme header */ + + len += 1; + + /* :path header */ + + if (r->valid_unparsed_uri) { + escape = 0; + uri_len = r->unparsed_uri.len; + + } else { + escape = 2 * ngx_escape_uri(NULL, r->uri.data, r->uri.len, + NGX_ESCAPE_URI); + uri_len = r->uri.len + escape + sizeof("?") - 1 + r->args.len; + } + + len += 1 + NGX_HTTP_V2_INT_OCTETS + uri_len; + + if (tmp_len < uri_len) { + tmp_len = uri_len; + } + + /* :authority header */ + + if (!glcf->host_set) { + len += 1 + NGX_HTTP_V2_INT_OCTETS + glcf->host.len; + + if (tmp_len < glcf->host.len) { + tmp_len = glcf->host.len; + } + } + + /* other headers */ + + ngx_http_script_flush_no_cacheable_variables(r, glcf->headers.flushes); + ngx_memzero(&le, sizeof(ngx_http_script_engine_t)); + + le.ip = glcf->headers.lengths->elts; + le.request = r; + le.flushed = 1; + + while (*(uintptr_t *) le.ip) { + + lcode = *(ngx_http_script_len_code_pt *) le.ip; + key_len = lcode(&le); + + for (val_len = 0; *(uintptr_t *) le.ip; val_len += lcode(&le)) { + lcode = *(ngx_http_script_len_code_pt *) le.ip; + } + le.ip += sizeof(uintptr_t); + + if (val_len == 0) { + continue; + } + + len += 1 + NGX_HTTP_V2_INT_OCTETS + key_len + + NGX_HTTP_V2_INT_OCTETS + val_len; + + if (tmp_len < key_len) { + tmp_len = key_len; + } + + if (tmp_len < val_len) { + tmp_len = val_len; + } + } + + if (glcf->upstream.pass_request_headers) { + part = &r->headers_in.headers.part; + header = part->elts; + + for (i = 0; /* void */; i++) { + + if (i >= part->nelts) { + if (part->next == NULL) { + break; + } + + part = part->next; + header = part->elts; + i = 0; + } + + if (ngx_hash_find(&glcf->headers.hash, header[i].hash, + header[i].lowcase_key, header[i].key.len)) + { + continue; + } + + len += 1 + NGX_HTTP_V2_INT_OCTETS + header[i].key.len + + NGX_HTTP_V2_INT_OCTETS + header[i].value.len; + + if (tmp_len < header[i].key.len) { + tmp_len = header[i].key.len; + } + + if (tmp_len < header[i].value.len) { + tmp_len = header[i].value.len; + } + } + } + + /* continuation frames */ + + len += sizeof(ngx_http_grpc_frame_t) + * (len / NGX_HTTP_V2_DEFAULT_FRAME_SIZE); + + + b = ngx_create_temp_buf(r->pool, len); + if (b == NULL) { + return NGX_ERROR; + } + + cl = ngx_alloc_chain_link(r->pool); + if (cl == NULL) { + return NGX_ERROR; + } + + cl->buf = b; + cl->next = NULL; + + tmp = ngx_palloc(r->pool, tmp_len * 3); + if (tmp == NULL) { + return NGX_ERROR; + } + + key_tmp = tmp + tmp_len; + val_tmp = tmp + 2 * tmp_len; + + /* connection preface */ + + b->last = ngx_copy(b->last, ngx_http_grpc_connection_start, + sizeof(ngx_http_grpc_connection_start) - 1); + + /* headers frame */ + + headers_frame = b->last; + + f = (ngx_http_grpc_frame_t *) b->last; + b->last += sizeof(ngx_http_grpc_frame_t); + + f->length_0 = 0; + f->length_1 = 0; + f->length_2 = 0; + f->type = NGX_HTTP_V2_HEADERS_FRAME; + f->flags = 0; + f->stream_id_0 = 0; + f->stream_id_1 = 0; + f->stream_id_2 = 0; + f->stream_id_3 = 1; + + if (r->method == NGX_HTTP_GET) { + *b->last++ = ngx_http_v2_indexed(NGX_HTTP_V2_METHOD_GET_INDEX); + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc header: \":method: GET\""); + + } else if (r->method == NGX_HTTP_POST) { + *b->last++ = ngx_http_v2_indexed(NGX_HTTP_V2_METHOD_POST_INDEX); + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc header: \":method: POST\""); + + } else { + *b->last++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_METHOD_INDEX); + b->last = ngx_http_v2_write_value(b->last, r->method_name.data, + r->method_name.len, tmp); + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc header: \":method: %V\"", &r->method_name); + } + +#if (NGX_HTTP_SSL) + if (glcf->ssl) { + *b->last++ = ngx_http_v2_indexed(NGX_HTTP_V2_SCHEME_HTTPS_INDEX); + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc header: \":scheme: https\""); + } else +#endif + { + *b->last++ = ngx_http_v2_indexed(NGX_HTTP_V2_SCHEME_HTTP_INDEX); + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc header: \":scheme: http\""); + } + + if (r->valid_unparsed_uri) { + + if (r->unparsed_uri.len == 1 && r->unparsed_uri.data[0] == '/') { + *b->last++ = ngx_http_v2_indexed(NGX_HTTP_V2_PATH_ROOT_INDEX); + + } else { + *b->last++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_PATH_INDEX); + b->last = ngx_http_v2_write_value(b->last, r->unparsed_uri.data, + r->unparsed_uri.len, tmp); + } + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc header: \":path: %V\"", &r->unparsed_uri); + + } else if (escape || r->args.len > 0) { + p = val_tmp; + + if (escape) { + p = (u_char *) ngx_escape_uri(p, r->uri.data, r->uri.len, + NGX_ESCAPE_URI); + + } else { + p = ngx_copy(p, r->uri.data, r->uri.len); + } + + if (r->args.len > 0) { + *p++ = '?'; + p = ngx_copy(p, r->args.data, r->args.len); + } + + *b->last++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_PATH_INDEX); + b->last = ngx_http_v2_write_value(b->last, val_tmp, p - val_tmp, tmp); + + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc header: \":path: %*s\"", p - val_tmp, val_tmp); + + } else { + *b->last++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_PATH_INDEX); + b->last = ngx_http_v2_write_value(b->last, r->uri.data, + r->uri.len, tmp); + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc header: \":path: %V\"", &r->uri); + } + + if (!glcf->host_set) { + *b->last++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_AUTHORITY_INDEX); + b->last = ngx_http_v2_write_value(b->last, glcf->host.data, + glcf->host.len, tmp); + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc header: \":authority: %V\"", &glcf->host); + } + + ngx_memzero(&e, sizeof(ngx_http_script_engine_t)); + + e.ip = glcf->headers.values->elts; + e.request = r; + e.flushed = 1; + + le.ip = glcf->headers.lengths->elts; + + while (*(uintptr_t *) le.ip) { + + lcode = *(ngx_http_script_len_code_pt *) le.ip; + key_len = lcode(&le); + + for (val_len = 0; *(uintptr_t *) le.ip; val_len += lcode(&le)) { + lcode = *(ngx_http_script_len_code_pt *) le.ip; + } + le.ip += sizeof(uintptr_t); + + if (val_len == 0) { + e.skip = 1; + + while (*(uintptr_t *) e.ip) { + code = *(ngx_http_script_code_pt *) e.ip; + code((ngx_http_script_engine_t *) &e); + } + e.ip += sizeof(uintptr_t); + + e.skip = 0; + + continue; + } + + *b->last++ = 0; + + e.pos = key_tmp; + + code = *(ngx_http_script_code_pt *) e.ip; + code((ngx_http_script_engine_t *) &e); + + b->last = ngx_http_v2_write_name(b->last, key_tmp, key_len, tmp); + + e.pos = val_tmp; + + while (*(uintptr_t *) e.ip) { + code = *(ngx_http_script_code_pt *) e.ip; + code((ngx_http_script_engine_t *) &e); + } + e.ip += sizeof(uintptr_t); + + b->last = ngx_http_v2_write_value(b->last, val_tmp, val_len, tmp); + +#if (NGX_DEBUG) + if (r->connection->log->log_level & NGX_LOG_DEBUG_HTTP) { + ngx_strlow(key_tmp, key_tmp, key_len); + + ngx_log_debug4(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc header: \"%*s: %*s\"", + key_len, key_tmp, val_len, val_tmp); + } +#endif + } + + if (glcf->upstream.pass_request_headers) { + part = &r->headers_in.headers.part; + header = part->elts; + + for (i = 0; /* void */; i++) { + + if (i >= part->nelts) { + if (part->next == NULL) { + break; + } + + part = part->next; + header = part->elts; + i = 0; + } + + if (ngx_hash_find(&glcf->headers.hash, header[i].hash, + header[i].lowcase_key, header[i].key.len)) + { + continue; + } + + *b->last++ = 0; + + b->last = ngx_http_v2_write_name(b->last, header[i].key.data, + header[i].key.len, tmp); + + b->last = ngx_http_v2_write_value(b->last, header[i].value.data, + header[i].value.len, tmp); + +#if (NGX_DEBUG) + if (r->connection->log->log_level & NGX_LOG_DEBUG_HTTP) { + ngx_strlow(tmp, header[i].key.data, header[i].key.len); + + ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc header: \"%*s: %V\"", + header[i].key.len, tmp, &header[i].value); + } +#endif + } + } + + /* update headers frame length */ + + len = b->last - headers_frame - sizeof(ngx_http_grpc_frame_t); + + if (len > NGX_HTTP_V2_DEFAULT_FRAME_SIZE) { + len = NGX_HTTP_V2_DEFAULT_FRAME_SIZE; + next = 1; + + } else { + next = 0; + } + + f = (ngx_http_grpc_frame_t *) headers_frame; + + f->length_0 = (u_char) ((len >> 16) & 0xff); + f->length_1 = (u_char) ((len >> 8) & 0xff); + f->length_2 = (u_char) (len & 0xff); + + /* create additional continuation frames */ + + p = headers_frame; + + while (next) { + p += sizeof(ngx_http_grpc_frame_t) + NGX_HTTP_V2_DEFAULT_FRAME_SIZE; + len = b->last - p; + + ngx_memmove(p + sizeof(ngx_http_grpc_frame_t), p, len); + b->last += sizeof(ngx_http_grpc_frame_t); + + if (len > NGX_HTTP_V2_DEFAULT_FRAME_SIZE) { + len = NGX_HTTP_V2_DEFAULT_FRAME_SIZE; + next = 1; + + } else { + next = 0; + } + + f = (ngx_http_grpc_frame_t *) p; + + f->length_0 = (u_char) ((len >> 16) & 0xff); + f->length_1 = (u_char) ((len >> 8) & 0xff); + f->length_2 = (u_char) (len & 0xff); + f->type = NGX_HTTP_V2_CONTINUATION_FRAME; + f->flags = 0; + f->stream_id_0 = 0; + f->stream_id_1 = 0; + f->stream_id_2 = 0; + f->stream_id_3 = 1; + } + + f->flags |= NGX_HTTP_V2_END_HEADERS_FLAG; + +#if (NGX_DEBUG) + if (r->connection->log->log_level & NGX_LOG_DEBUG_HTTP) { + u_char buf[512]; + size_t n, m; + + n = ngx_min(b->last - b->pos, 256); + m = ngx_hex_dump(buf, b->pos, n) - buf; + + ngx_log_debug4(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc header: %*s%s, len: %uz", + m, buf, b->last - b->pos > 256 ? "..." : "", + b->last - b->pos); + } +#endif + + if (r->request_body_no_buffering) { + + u->request_bufs = cl; + + } else { + + body = u->request_bufs; + u->request_bufs = cl; + + if (body == NULL) { + f = (ngx_http_grpc_frame_t *) headers_frame; + f->flags |= NGX_HTTP_V2_END_STREAM_FLAG; + } + + while (body) { + b = ngx_alloc_buf(r->pool); + if (b == NULL) { + return NGX_ERROR; + } + + ngx_memcpy(b, body->buf, sizeof(ngx_buf_t)); + + cl->next = ngx_alloc_chain_link(r->pool); + if (cl->next == NULL) { + return NGX_ERROR; + } + + cl = cl->next; + cl->buf = b; + + body = body->next; + } + + b->last_buf = 1; + } + + u->output.output_filter = ngx_http_grpc_body_output_filter; + u->output.filter_ctx = r; + + b->flush = 1; + cl->next = NULL; + + return NGX_OK; +} + + +static ngx_int_t +ngx_http_grpc_reinit_request(ngx_http_request_t *r) +{ + ngx_http_grpc_ctx_t *ctx; + + ctx = ngx_http_get_module_ctx(r, ngx_http_grpc_module); + + if (ctx == NULL) { + return NGX_OK; + } + + ctx->state = 0; + ctx->header_sent = 0; + ctx->output_closed = 0; + ctx->parsing_headers = 0; + ctx->end_stream = 0; + ctx->status = 0; + ctx->connection = NULL; + + return NGX_OK; +} + + +static ngx_int_t +ngx_http_grpc_body_output_filter(void *data, ngx_chain_t *in) +{ + ngx_http_request_t *r = data; + + off_t file_pos; + u_char *p, *pos, *start; + size_t len, limit; + ngx_buf_t *b; + ngx_int_t rc; + ngx_uint_t next, last; + ngx_chain_t *cl, *out, **ll; + ngx_http_grpc_ctx_t *ctx; + ngx_http_grpc_frame_t *f; + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc output filter"); + + ctx = ngx_http_grpc_get_ctx(r); + + if (ctx == NULL) { + return NGX_ERROR; + } + + if (in) { + if (ngx_chain_add_copy(r->pool, &ctx->in, in) != NGX_OK) { + return NGX_ERROR; + } + } + + out = NULL; + ll = &out; + + if (!ctx->header_sent) { + /* first buffer contains headers */ + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc output header"); + + ctx->header_sent = 1; + + if (ctx->id != 1) { + /* + * keepalive connection: skip connection preface, + * update stream identifiers + */ + + b = ctx->in->buf; + b->pos += sizeof(ngx_http_grpc_connection_start) - 1; + + p = b->pos; + + while (p < b->last) { + f = (ngx_http_grpc_frame_t *) p; + p += sizeof(ngx_http_grpc_frame_t); + + f->stream_id_0 = (u_char) ((ctx->id >> 24) & 0xff); + f->stream_id_1 = (u_char) ((ctx->id >> 16) & 0xff); + f->stream_id_2 = (u_char) ((ctx->id >> 8) & 0xff); + f->stream_id_3 = (u_char) (ctx->id & 0xff); + + p += (f->length_0 << 16) + (f->length_1 << 8) + f->length_2; + } + } + + if (ctx->in->buf->last_buf) { + ctx->output_closed = 1; + } + + *ll = ctx->in; + ll = &ctx->in->next; + + ctx->in = ctx->in->next; + } + + if (ctx->out) { + /* queued control frames */ + + *ll = ctx->out; + + for (cl = ctx->out, ll = &cl->next; cl; cl = cl->next) { + ll = &cl->next; + } + + ctx->out = NULL; + } + + f = NULL; + last = 0; + + limit = ngx_max(0, ctx->send_window); + + if (limit > ctx->connection->send_window) { + limit = ctx->connection->send_window; + } + + ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc output limit: %uz w:%z:%uz", + limit, ctx->send_window, ctx->connection->send_window); + +#if (NGX_SUPPRESS_WARN) + file_pos = 0; + pos = NULL; + cl = NULL; +#endif + + in = ctx->in; + + while (in && limit > 0) { + + ngx_log_debug7(NGX_LOG_DEBUG_EVENT, r->connection->log, 0, + "grpc output in l:%d f:%d %p, pos %p, size: %z " + "file: %O, size: %O", + in->buf->last_buf, + in->buf->in_file, + in->buf->start, in->buf->pos, + in->buf->last - in->buf->pos, + in->buf->file_pos, + in->buf->file_last - in->buf->file_pos); + + if (ngx_buf_special(in->buf)) { + goto next; + } + + if (in->buf->in_file) { + file_pos = in->buf->file_pos; + + } else { + pos = in->buf->pos; + } + + next = 0; + + do { + + cl = ngx_http_grpc_get_buf(r, ctx); + if (cl == NULL) { + return NGX_ERROR; + } + + b = cl->buf; + + f = (ngx_http_grpc_frame_t *) b->last; + b->last += sizeof(ngx_http_grpc_frame_t); + + *ll = cl; + ll = &cl->next; + + cl = ngx_chain_get_free_buf(r->pool, &ctx->free); + if (cl == NULL) { + return NGX_ERROR; + } + + b = cl->buf; + start = b->start; + + ngx_memcpy(b, in->buf, sizeof(ngx_buf_t)); + + /* + * restore b->start to preserve memory allocated in the buffer, + * to reuse it later for headers and control frames + */ + + b->start = start; + + if (in->buf->in_file) { + b->file_pos = file_pos; + file_pos += ngx_min(NGX_HTTP_V2_DEFAULT_FRAME_SIZE, limit); + + if (file_pos >= in->buf->file_last) { + file_pos = in->buf->file_last; + next = 1; + } + + b->file_last = file_pos; + len = (ngx_uint_t) (file_pos - b->file_pos); + + } else { + b->pos = pos; + pos += ngx_min(NGX_HTTP_V2_DEFAULT_FRAME_SIZE, limit); + + if (pos >= in->buf->last) { + pos = in->buf->last; + next = 1; + } + + b->last = pos; + len = (ngx_uint_t) (pos - b->pos); + } + + b->tag = (ngx_buf_tag_t) &ngx_http_grpc_body_output_filter; + b->shadow = in->buf; + b->last_shadow = next; + + b->last_buf = 0; + b->last_in_chain = 0; + + *ll = cl; + ll = &cl->next; + + f->length_0 = (u_char) ((len >> 16) & 0xff); + f->length_1 = (u_char) ((len >> 8) & 0xff); + f->length_2 = (u_char) (len & 0xff); + f->type = NGX_HTTP_V2_DATA_FRAME; + f->flags = 0; + f->stream_id_0 = (u_char) ((ctx->id >> 24) & 0xff); + f->stream_id_1 = (u_char) ((ctx->id >> 16) & 0xff); + f->stream_id_2 = (u_char) ((ctx->id >> 8) & 0xff); + f->stream_id_3 = (u_char) (ctx->id & 0xff); + + limit -= len; + ctx->send_window -= len; + ctx->connection->send_window -= len; + + } while (!next && limit > 0); + + if (!next) { + /* + * if the buffer wasn't fully sent due to flow control limits, + * preserve position for future use + */ + + if (in->buf->in_file) { + in->buf->file_pos = file_pos; + + } else { + in->buf->pos = pos; + } + + break; + } + + next: + + if (in->buf->last_buf) { + last = 1; + } + + in = in->next; + } + + ctx->in = in; + + if (last) { + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc output last"); + + ctx->output_closed = 1; + + if (f) { + f->flags |= NGX_HTTP_V2_END_STREAM_FLAG; + + } else { + cl = ngx_http_grpc_get_buf(r, ctx); + if (cl == NULL) { + return NGX_ERROR; + } + + b = cl->buf; + + f = (ngx_http_grpc_frame_t *) b->last; + b->last += sizeof(ngx_http_grpc_frame_t); + + f->length_0 = 0; + f->length_1 = 0; + f->length_2 = 0; + f->type = NGX_HTTP_V2_DATA_FRAME; + f->flags = NGX_HTTP_V2_END_STREAM_FLAG; + f->stream_id_0 = (u_char) ((ctx->id >> 24) & 0xff); + f->stream_id_1 = (u_char) ((ctx->id >> 16) & 0xff); + f->stream_id_2 = (u_char) ((ctx->id >> 8) & 0xff); + f->stream_id_3 = (u_char) (ctx->id & 0xff); + + *ll = cl; + ll = &cl->next; + } + + cl->buf->last_buf = 1; + } + + *ll = NULL; + +#if (NGX_DEBUG) + + for (cl = out; cl; cl = cl->next) { + ngx_log_debug7(NGX_LOG_DEBUG_EVENT, r->connection->log, 0, + "grpc output out l:%d f:%d %p, pos %p, size: %z " + "file: %O, size: %O", + cl->buf->last_buf, + cl->buf->in_file, + cl->buf->start, cl->buf->pos, + cl->buf->last - cl->buf->pos, + cl->buf->file_pos, + cl->buf->file_last - cl->buf->file_pos); + } + + ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc output limit: %uz w:%z:%uz", + limit, ctx->send_window, ctx->connection->send_window); + +#endif + + rc = ngx_chain_writer(&r->upstream->writer, out); + + ngx_chain_update_chains(r->pool, &ctx->free, &ctx->busy, &out, + (ngx_buf_tag_t) &ngx_http_grpc_body_output_filter); + + for (cl = ctx->free; cl; cl = cl->next) { + + /* mark original buffers as sent */ + + if (cl->buf->shadow) { + if (cl->buf->last_shadow) { + b = cl->buf->shadow; + b->pos = b->last; + } + + cl->buf->shadow = NULL; + } + } + + if (rc == NGX_OK && ctx->in) { + rc = NGX_AGAIN; + } + + return rc; +} + + +static ngx_int_t +ngx_http_grpc_process_header(ngx_http_request_t *r) +{ + ngx_str_t *status_line; + ngx_int_t rc, status; + ngx_buf_t *b; + ngx_table_elt_t *h; + ngx_http_upstream_t *u; + ngx_http_grpc_ctx_t *ctx; + ngx_http_upstream_header_t *hh; + ngx_http_upstream_main_conf_t *umcf; + + u = r->upstream; + b = &u->buffer; + +#if (NGX_DEBUG) + if (r->connection->log->log_level & NGX_LOG_DEBUG_HTTP) { + u_char buf[512]; + size_t n, m; + + n = ngx_min(b->last - b->pos, 256); + m = ngx_hex_dump(buf, b->pos, n) - buf; + + ngx_log_debug4(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc response: %*s%s, len: %uz", + m, buf, b->last - b->pos > 256 ? "..." : "", + b->last - b->pos); + } +#endif + + ctx = ngx_http_grpc_get_ctx(r); + + if (ctx == NULL) { + return NGX_ERROR; + } + + umcf = ngx_http_get_module_main_conf(r, ngx_http_upstream_module); + + for ( ;; ) { + + if (ctx->state < ngx_http_grpc_st_payload) { + + rc = ngx_http_grpc_parse_frame(r, ctx, b); + + if (rc == NGX_AGAIN) { + + /* + * there can be a lot of window update frames, + * so we reset buffer if it is empty and we haven't + * started parsing headers yet + */ + + if (!ctx->parsing_headers) { + b->pos = b->start; + b->last = b->pos; + } + + return NGX_AGAIN; + } + + if (rc == NGX_ERROR) { + return NGX_HTTP_UPSTREAM_INVALID_HEADER; + } + + /* + * RFC 7540 says that implementations MUST discard frames + * that have unknown or unsupported types. However, extension + * frames that appear in the middle of a header block are + * not permitted. Also, for obvious reasons CONTINUATION frames + * cannot appear before headers, and DATA frames are not expected + * to appear before all headers are parsed. + */ + + if (ctx->type == NGX_HTTP_V2_DATA_FRAME + || (ctx->type == NGX_HTTP_V2_CONTINUATION_FRAME + && !ctx->parsing_headers) + || (ctx->type != NGX_HTTP_V2_CONTINUATION_FRAME + && ctx->parsing_headers)) + { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent unexpected http2 frame: %d", + ctx->type); + return NGX_HTTP_UPSTREAM_INVALID_HEADER; + } + + if (ctx->stream_id && ctx->stream_id != ctx->id) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent frame for unknown stream %ui", + ctx->stream_id); + return NGX_HTTP_UPSTREAM_INVALID_HEADER; + } + } + + /* frame payload */ + + if (ctx->type == NGX_HTTP_V2_RST_STREAM_FRAME) { + + rc = ngx_http_grpc_parse_rst_stream(r, ctx, b); + + if (rc == NGX_AGAIN) { + return NGX_AGAIN; + } + + if (rc == NGX_ERROR) { + return NGX_HTTP_UPSTREAM_INVALID_HEADER; + } + + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream rejected request with error %ui", + ctx->error); + + return NGX_HTTP_UPSTREAM_INVALID_HEADER; + } + + if (ctx->type == NGX_HTTP_V2_GOAWAY_FRAME) { + + rc = ngx_http_grpc_parse_goaway(r, ctx, b); + + if (rc == NGX_AGAIN) { + return NGX_AGAIN; + } + + if (rc == NGX_ERROR) { + return NGX_HTTP_UPSTREAM_INVALID_HEADER; + } + + /* + * If stream_id is lower than one we use, our + * request won't be processed and needs to be retried. + * If stream_id is greater or equal to the one we use, + * we can continue normally (except we can't use this + * connection for additional requests). If there is + * a real error, the connection will be closed. + */ + + if (ctx->stream_id < ctx->id) { + + /* TODO: we can retry non-idempotent requests */ + + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent goaway with error %ui", + ctx->error); + + return NGX_HTTP_UPSTREAM_INVALID_HEADER; + } + + continue; + } + + if (ctx->type == NGX_HTTP_V2_WINDOW_UPDATE_FRAME) { + + rc = ngx_http_grpc_parse_window_update(r, ctx, b); + + if (rc == NGX_AGAIN) { + return NGX_AGAIN; + } + + if (rc == NGX_ERROR) { + return NGX_HTTP_UPSTREAM_INVALID_HEADER; + } + + if (ctx->in) { + ngx_post_event(u->peer.connection->write, &ngx_posted_events); + } + + continue; + } + + if (ctx->type == NGX_HTTP_V2_SETTINGS_FRAME) { + + rc = ngx_http_grpc_parse_settings(r, ctx, b); + + if (rc == NGX_AGAIN) { + return NGX_AGAIN; + } + + if (rc == NGX_ERROR) { + return NGX_HTTP_UPSTREAM_INVALID_HEADER; + } + + if (ctx->in) { + ngx_post_event(u->peer.connection->write, &ngx_posted_events); + } + + continue; + } + + if (ctx->type == NGX_HTTP_V2_PING_FRAME) { + + rc = ngx_http_grpc_parse_ping(r, ctx, b); + + if (rc == NGX_AGAIN) { + return NGX_AGAIN; + } + + if (rc == NGX_ERROR) { + return NGX_HTTP_UPSTREAM_INVALID_HEADER; + } + + ngx_post_event(u->peer.connection->write, &ngx_posted_events); + continue; + } + + if (ctx->type == NGX_HTTP_V2_PUSH_PROMISE_FRAME) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent unexpected push promise frame"); + return NGX_HTTP_UPSTREAM_INVALID_HEADER; + } + + if (ctx->type != NGX_HTTP_V2_HEADERS_FRAME + && ctx->type != NGX_HTTP_V2_CONTINUATION_FRAME) + { + /* priority, unknown frames */ + + if (b->last - b->pos < (ssize_t) ctx->rest) { + ctx->rest -= b->last - b->pos; + b->pos = b->last; + return NGX_AGAIN; + } + + b->pos += ctx->rest; + ctx->rest = 0; + ctx->state = ngx_http_grpc_st_start; + + continue; + } + + /* headers */ + + for ( ;; ) { + + rc = ngx_http_grpc_parse_header(r, ctx, b); + + if (rc == NGX_AGAIN) { + break; + } + + if (rc == NGX_OK) { + + /* a header line has been parsed successfully */ + + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc header: \"%V: %V\"", + &ctx->name, &ctx->value); + + if (ctx->name.len && ctx->name.data[0] == ':') { + + if (ctx->name.len != sizeof(":status") - 1 + || ngx_strncmp(ctx->name.data, ":status", + sizeof(":status") - 1) + != 0) + { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent invalid header \"%V: %V\"", + &ctx->name, &ctx->value); + return NGX_HTTP_UPSTREAM_INVALID_HEADER; + } + + if (ctx->status) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent duplicate :status header"); + return NGX_HTTP_UPSTREAM_INVALID_HEADER; + } + + status_line = &ctx->value; + + if (status_line->len != 3) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent invalid :status \"%V\"", + status_line); + return NGX_HTTP_UPSTREAM_INVALID_HEADER; + } + + status = ngx_atoi(status_line->data, 3); + + if (status == NGX_ERROR) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent invalid :status \"%V\"", + status_line); + return NGX_HTTP_UPSTREAM_INVALID_HEADER; + } + + if (status < NGX_HTTP_OK) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent unexpected :status \"%V\"", + status_line); + return NGX_HTTP_UPSTREAM_INVALID_HEADER; + } + + u->headers_in.status_n = status; + + if (u->state && u->state->status == 0) { + u->state->status = status; + } + + ctx->status = 1; + + continue; + + } else if (!ctx->status) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent no :status header"); + return NGX_HTTP_UPSTREAM_INVALID_HEADER; + } + + h = ngx_list_push(&u->headers_in.headers); + if (h == NULL) { + return NGX_ERROR; + } + + h->key = ctx->name; + h->value = ctx->value; + h->lowcase_key = h->key.data; + h->hash = ngx_hash_key(h->key.data, h->key.len); + + hh = ngx_hash_find(&umcf->headers_in_hash, h->hash, + h->lowcase_key, h->key.len); + + if (hh && hh->handler(r, h, hh->offset) != NGX_OK) { + return NGX_ERROR; + } + + continue; + } + + if (rc == NGX_HTTP_PARSE_HEADER_DONE) { + + /* a whole header has been parsed successfully */ + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc header done"); + + if (ctx->end_stream) { + u->headers_in.content_length_n = 0; + + if (ctx->in == NULL + && ctx->out == NULL + && ctx->output_closed + && b->last == b->pos) + { + u->keepalive = 1; + } + } + + return NGX_OK; + } + + /* there was error while a header line parsing */ + + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent invalid header"); + + return NGX_HTTP_UPSTREAM_INVALID_HEADER; + } + + /* rc == NGX_AGAIN */ + + if (ctx->rest == 0) { + ctx->state = ngx_http_grpc_st_start; + continue; + } + + return NGX_AGAIN; + } +} + + +static ngx_int_t +ngx_http_grpc_filter_init(void *data) +{ + ngx_http_grpc_ctx_t *ctx = data; + + ngx_http_request_t *r; + ngx_http_upstream_t *u; + + r = ctx->request; + u = r->upstream; + + u->length = 1; + + if (ctx->end_stream) { + u->length = 0; + } + + return NGX_OK; +} + + +static ngx_int_t +ngx_http_grpc_filter(void *data, ssize_t bytes) +{ + ngx_http_grpc_ctx_t *ctx = data; + + ngx_int_t rc; + ngx_buf_t *b, *buf; + ngx_chain_t *cl, **ll; + ngx_table_elt_t *h; + ngx_http_request_t *r; + ngx_http_upstream_t *u; + + r = ctx->request; + u = r->upstream; + b = &u->buffer; + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc filter bytes:%z", bytes); + + b->pos = b->last; + b->last += bytes; + + for (cl = u->out_bufs, ll = &u->out_bufs; cl; cl = cl->next) { + ll = &cl->next; + } + + for ( ;; ) { + + if (ctx->state < ngx_http_grpc_st_payload) { + + rc = ngx_http_grpc_parse_frame(r, ctx, b); + + if (rc == NGX_AGAIN) { + return NGX_AGAIN; + } + + if (rc == NGX_ERROR) { + return NGX_ERROR; + } + + if ((ctx->type == NGX_HTTP_V2_CONTINUATION_FRAME + && !ctx->parsing_headers) + || (ctx->type != NGX_HTTP_V2_CONTINUATION_FRAME + && ctx->parsing_headers)) + { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent unexpected http2 frame: %d", + ctx->type); + return NGX_ERROR; + } + + if (ctx->type == NGX_HTTP_V2_DATA_FRAME) { + + if (ctx->stream_id != ctx->id) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent data frame " + "for unknown stream %ui", + ctx->stream_id); + return NGX_ERROR; + } + + if (ctx->rest > ctx->recv_window) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream violated stream flow control, " + "received %uz data frame with window %uz", + ctx->rest, ctx->recv_window); + return NGX_ERROR; + } + + if (ctx->rest > ctx->connection->recv_window) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream violated connection flow control, " + "received %uz data frame with window %uz", + ctx->rest, ctx->connection->recv_window); + return NGX_ERROR; + } + + ctx->recv_window -= ctx->rest; + ctx->connection->recv_window -= ctx->rest; + + if (ctx->connection->recv_window < NGX_HTTP_V2_MAX_WINDOW / 4 + || ctx->recv_window < NGX_HTTP_V2_MAX_WINDOW / 4) + { + if (ngx_http_grpc_send_window_update(r, ctx) != NGX_OK) { + return NGX_ERROR; + } + + ngx_post_event(u->peer.connection->write, + &ngx_posted_events); + } + } + + if (ctx->stream_id && ctx->stream_id != ctx->id) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent frame for unknown stream %ui", + ctx->stream_id); + return NGX_ERROR; + } + + ctx->padding = 0; + } + + if (ctx->state == ngx_http_grpc_st_padding) { + + if (b->last - b->pos < (ssize_t) ctx->rest) { + ctx->rest -= b->last - b->pos; + b->pos = b->last; + return NGX_AGAIN; + } + + b->pos += ctx->rest; + ctx->rest = 0; + ctx->state = ngx_http_grpc_st_start; + + if (ctx->flags & NGX_HTTP_V2_END_STREAM_FLAG) { + u->length = 0; + + if (ctx->in == NULL + && ctx->out == NULL + && ctx->output_closed + && b->last == b->pos) + { + u->keepalive = 1; + } + + break; + } + + continue; + } + + /* frame payload */ + + if (ctx->type == NGX_HTTP_V2_RST_STREAM_FRAME) { + + rc = ngx_http_grpc_parse_rst_stream(r, ctx, b); + + if (rc == NGX_AGAIN) { + return NGX_AGAIN; + } + + if (rc == NGX_ERROR) { + return NGX_ERROR; + } + + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream rejected request with error %ui", + ctx->error); + + return NGX_ERROR; + } + + if (ctx->type == NGX_HTTP_V2_GOAWAY_FRAME) { + + rc = ngx_http_grpc_parse_goaway(r, ctx, b); + + if (rc == NGX_AGAIN) { + return NGX_AGAIN; + } + + if (rc == NGX_ERROR) { + return NGX_ERROR; + } + + /* + * If stream_id is lower than one we use, our + * request won't be processed and needs to be retried. + * If stream_id is greater or equal to the one we use, + * we can continue normally (except we can't use this + * connection for additional requests). If there is + * a real error, the connection will be closed. + */ + + if (ctx->stream_id < ctx->id) { + + /* TODO: we can retry non-idempotent requests */ + + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent goaway with error %ui", + ctx->error); + + return NGX_ERROR; + } + + continue; + } + + if (ctx->type == NGX_HTTP_V2_WINDOW_UPDATE_FRAME) { + + rc = ngx_http_grpc_parse_window_update(r, ctx, b); + + if (rc == NGX_AGAIN) { + return NGX_AGAIN; + } + + if (rc == NGX_ERROR) { + return NGX_ERROR; + } + + if (ctx->in) { + ngx_post_event(u->peer.connection->write, &ngx_posted_events); + } + + continue; + } + + if (ctx->type == NGX_HTTP_V2_SETTINGS_FRAME) { + + rc = ngx_http_grpc_parse_settings(r, ctx, b); + + if (rc == NGX_AGAIN) { + return NGX_AGAIN; + } + + if (rc == NGX_ERROR) { + return NGX_ERROR; + } + + if (ctx->in) { + ngx_post_event(u->peer.connection->write, &ngx_posted_events); + } + + continue; + } + + if (ctx->type == NGX_HTTP_V2_PING_FRAME) { + + rc = ngx_http_grpc_parse_ping(r, ctx, b); + + if (rc == NGX_AGAIN) { + return NGX_AGAIN; + } + + if (rc == NGX_ERROR) { + return NGX_ERROR; + } + + ngx_post_event(u->peer.connection->write, &ngx_posted_events); + continue; + } + + if (ctx->type == NGX_HTTP_V2_PUSH_PROMISE_FRAME) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent unexpected push promise frame"); + return NGX_ERROR; + } + + if (ctx->type == NGX_HTTP_V2_HEADERS_FRAME + || ctx->type == NGX_HTTP_V2_CONTINUATION_FRAME) + { + for ( ;; ) { + + rc = ngx_http_grpc_parse_header(r, ctx, b); + + if (rc == NGX_AGAIN) { + break; + } + + if (rc == NGX_OK) { + + /* a header line has been parsed successfully */ + + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc trailer: \"%V: %V\"", + &ctx->name, &ctx->value); + + if (ctx->name.len && ctx->name.data[0] == ':') { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent invalid " + "trailer \"%V: %V\"", + &ctx->name, &ctx->value); + return NGX_ERROR; + } + + h = ngx_list_push(&u->headers_in.trailers); + if (h == NULL) { + return NGX_ERROR; + } + + h->key = ctx->name; + h->value = ctx->value; + h->lowcase_key = h->key.data; + h->hash = ngx_hash_key(h->key.data, h->key.len); + + continue; + } + + if (rc == NGX_HTTP_PARSE_HEADER_DONE) { + + /* a whole header has been parsed successfully */ + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc trailer done"); + + if (ctx->end_stream) { + u->length = 0; + + if (ctx->in == NULL + && ctx->out == NULL + && ctx->output_closed + && b->last == b->pos) + { + u->keepalive = 1; + } + + return NGX_OK; + } + + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent trailer without " + "end stream flag"); + return NGX_ERROR; + } + + /* there was error while a header line parsing */ + + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent invalid trailer"); + + return NGX_ERROR; + } + + /* rc == NGX_AGAIN */ + + if (ctx->rest == 0) { + ctx->state = ngx_http_grpc_st_start; + continue; + } + + return NGX_AGAIN; + } + + if (ctx->type != NGX_HTTP_V2_DATA_FRAME) { + + /* priority, unknown frames */ + + if (b->last - b->pos < (ssize_t) ctx->rest) { + ctx->rest -= b->last - b->pos; + b->pos = b->last; + return NGX_AGAIN; + } + + b->pos += ctx->rest; + ctx->rest = 0; + ctx->state = ngx_http_grpc_st_start; + + continue; + } + + /* + * data frame: + * + * +---------------+ + * |Pad Length? (8)| + * +---------------+-----------------------------------------------+ + * | Data (*) ... + * +---------------------------------------------------------------+ + * | Padding (*) ... + * +---------------------------------------------------------------+ + */ + + if (ctx->flags & NGX_HTTP_V2_PADDED_FLAG) { + + if (ctx->rest == 0) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent too short http2 frame"); + return NGX_ERROR; + } + + if (b->pos == b->last) { + return NGX_AGAIN; + } + + ctx->flags &= ~NGX_HTTP_V2_PADDED_FLAG; + ctx->padding = *b->pos++; + ctx->rest -= 1; + + if (ctx->padding > ctx->rest) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent http2 frame with too long " + "padding: %d in frame %uz", + ctx->padding, ctx->rest); + return NGX_ERROR; + } + + continue; + } + + if (ctx->rest == ctx->padding) { + goto done; + } + + if (b->pos == b->last) { + return NGX_AGAIN; + } + + cl = ngx_chain_get_free_buf(r->pool, &u->free_bufs); + if (cl == NULL) { + return NGX_ERROR; + } + + *ll = cl; + ll = &cl->next; + + buf = cl->buf; + + buf->flush = 1; + buf->memory = 1; + + buf->pos = b->pos; + buf->tag = u->output.tag; + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc output buf %p", buf->pos); + + if (b->last - b->pos < (ssize_t) ctx->rest - ctx->padding) { + + ctx->rest -= b->last - b->pos; + b->pos = b->last; + buf->last = b->pos; + + return NGX_AGAIN; + } + + b->pos += ctx->rest - ctx->padding; + buf->last = b->pos; + ctx->rest = ctx->padding; + + done: + + if (ctx->padding) { + ctx->state = ngx_http_grpc_st_padding; + continue; + } + + ctx->state = ngx_http_grpc_st_start; + + if (ctx->flags & NGX_HTTP_V2_END_STREAM_FLAG) { + u->length = 0; + + if (ctx->in == NULL + && ctx->out == NULL + && ctx->output_closed + && b->last == b->pos) + { + u->keepalive = 1; + } + + break; + } + } + + return NGX_OK; +} + + +static ngx_int_t +ngx_http_grpc_parse_frame(ngx_http_request_t *r, ngx_http_grpc_ctx_t *ctx, + ngx_buf_t *b) +{ + u_char ch, *p; + ngx_http_grpc_state_e state; + + state = ctx->state; + + for (p = b->pos; p < b->last; p++) { + ch = *p; + +#if 0 + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc frame byte: %02Xd, s:%d", ch, state); +#endif + + switch (state) { + + case ngx_http_grpc_st_start: + ctx->rest = ch << 16; + state = ngx_http_grpc_st_length_2; + break; + + case ngx_http_grpc_st_length_2: + ctx->rest |= ch << 8; + state = ngx_http_grpc_st_length_3; + break; + + case ngx_http_grpc_st_length_3: + ctx->rest |= ch; + + if (ctx->rest > NGX_HTTP_V2_DEFAULT_FRAME_SIZE) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent too large http2 frame: %uz", + ctx->rest); + return NGX_ERROR; + } + + state = ngx_http_grpc_st_type; + break; + + case ngx_http_grpc_st_type: + ctx->type = ch; + state = ngx_http_grpc_st_flags; + break; + + case ngx_http_grpc_st_flags: + ctx->flags = ch; + state = ngx_http_grpc_st_stream_id; + break; + + case ngx_http_grpc_st_stream_id: + ctx->stream_id = (ch & 0x7f) << 24; + state = ngx_http_grpc_st_stream_id_2; + break; + + case ngx_http_grpc_st_stream_id_2: + ctx->stream_id |= ch << 16; + state = ngx_http_grpc_st_stream_id_3; + break; + + case ngx_http_grpc_st_stream_id_3: + ctx->stream_id |= ch << 8; + state = ngx_http_grpc_st_stream_id_4; + break; + + case ngx_http_grpc_st_stream_id_4: + ctx->stream_id |= ch; + + ngx_log_debug4(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc frame: %d, len: %uz, f:%d, i:%ui", + ctx->type, ctx->rest, ctx->flags, ctx->stream_id); + + b->pos = p + 1; + + ctx->state = ngx_http_grpc_st_payload; + ctx->frame_state = 0; + + return NGX_OK; + + /* suppress warning */ + case ngx_http_grpc_st_payload: + case ngx_http_grpc_st_padding: + break; + } + } + + b->pos = p; + ctx->state = state; + + return NGX_AGAIN; +} + + +static ngx_int_t +ngx_http_grpc_parse_header(ngx_http_request_t *r, ngx_http_grpc_ctx_t *ctx, + ngx_buf_t *b) +{ + u_char ch, *p, *last; + size_t min; + ngx_int_t rc; + enum { + sw_start = 0, + sw_padding_length, + sw_dependency, + sw_dependency_2, + sw_dependency_3, + sw_dependency_4, + sw_weight, + sw_fragment, + sw_padding + } state; + + state = ctx->frame_state; + + if (state == sw_start) { + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc parse header: start"); + + if (ctx->type == NGX_HTTP_V2_HEADERS_FRAME) { + ctx->parsing_headers = 1; + ctx->fragment_state = 0; + + min = (ctx->flags & NGX_HTTP_V2_PADDED_FLAG ? 1 : 0) + + (ctx->flags & NGX_HTTP_V2_PRIORITY_FLAG ? 5 : 0); + + if (ctx->rest < min) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent headers frame " + "with invalid length: %uz", + ctx->rest); + return NGX_ERROR; + } + + if (ctx->flags & NGX_HTTP_V2_END_STREAM_FLAG) { + ctx->end_stream = 1; + } + + if (ctx->flags & NGX_HTTP_V2_PADDED_FLAG) { + state = sw_padding_length; + + } else if (ctx->flags & NGX_HTTP_V2_PRIORITY_FLAG) { + state = sw_dependency; + + } else { + state = sw_fragment; + } + + } else if (ctx->type == NGX_HTTP_V2_CONTINUATION_FRAME) { + state = sw_fragment; + } + + ctx->padding = 0; + ctx->frame_state = state; + } + + if (state < sw_fragment) { + + if (b->last - b->pos < (ssize_t) ctx->rest) { + last = b->last; + + } else { + last = b->pos + ctx->rest; + } + + for (p = b->pos; p < last; p++) { + ch = *p; + +#if 0 + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc header byte: %02Xd s:%d", ch, state); +#endif + + /* + * headers frame: + * + * +---------------+ + * |Pad Length? (8)| + * +-+-------------+----------------------------------------------+ + * |E| Stream Dependency? (31) | + * +-+-------------+----------------------------------------------+ + * | Weight? (8) | + * +-+-------------+----------------------------------------------+ + * | Header Block Fragment (*) ... + * +--------------------------------------------------------------+ + * | Padding (*) ... + * +--------------------------------------------------------------+ + */ + + switch (state) { + + case sw_padding_length: + + ctx->padding = ch; + + if (ctx->flags & NGX_HTTP_V2_PRIORITY_FLAG) { + state = sw_dependency; + break; + } + + goto fragment; + + case sw_dependency: + state = sw_dependency_2; + break; + + case sw_dependency_2: + state = sw_dependency_3; + break; + + case sw_dependency_3: + state = sw_dependency_4; + break; + + case sw_dependency_4: + state = sw_weight; + break; + + case sw_weight: + goto fragment; + + /* suppress warning */ + case sw_start: + case sw_fragment: + case sw_padding: + break; + } + } + + ctx->rest -= p - b->pos; + b->pos = p; + + ctx->frame_state = state; + return NGX_AGAIN; + + fragment: + + p++; + ctx->rest -= p - b->pos; + b->pos = p; + + if (ctx->padding > ctx->rest) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent http2 frame with too long " + "padding: %d in frame %uz", + ctx->padding, ctx->rest); + return NGX_ERROR; + } + + state = sw_fragment; + ctx->frame_state = state; + } + + if (state == sw_fragment) { + + rc = ngx_http_grpc_parse_fragment(r, ctx, b); + + if (rc == NGX_AGAIN) { + return NGX_AGAIN; + } + + if (rc == NGX_ERROR) { + return NGX_ERROR; + } + + if (rc == NGX_OK) { + return NGX_OK; + } + + /* rc == NGX_DONE */ + + state = sw_padding; + ctx->frame_state = state; + } + + if (state == sw_padding) { + + if (b->last - b->pos < (ssize_t) ctx->rest) { + + ctx->rest -= b->last - b->pos; + b->pos = b->last; + + return NGX_AGAIN; + } + + b->pos += ctx->rest; + ctx->rest = 0; + + ctx->state = ngx_http_grpc_st_start; + + if (ctx->flags & NGX_HTTP_V2_END_HEADERS_FLAG) { + + if (ctx->fragment_state) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent truncated http2 header"); + return NGX_ERROR; + } + + ctx->parsing_headers = 0; + + return NGX_HTTP_PARSE_HEADER_DONE; + } + + return NGX_AGAIN; + } + + /* unreachable */ + + return NGX_ERROR; +} + + +static ngx_int_t +ngx_http_grpc_parse_fragment(ngx_http_request_t *r, ngx_http_grpc_ctx_t *ctx, + ngx_buf_t *b) +{ + u_char ch, *p, *last; + size_t size; + ngx_uint_t index, size_update; + enum { + sw_start = 0, + sw_index, + sw_name_length, + sw_name_length_2, + sw_name_length_3, + sw_name_length_4, + sw_name, + sw_name_bytes, + sw_value_length, + sw_value_length_2, + sw_value_length_3, + sw_value_length_4, + sw_value, + sw_value_bytes + } state; + + /* header block fragment */ + +#if 0 + ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc header fragment %p:%p rest:%uz", + b->pos, b->last, ctx->rest); +#endif + + if (b->last - b->pos < (ssize_t) ctx->rest - ctx->padding) { + last = b->last; + + } else { + last = b->pos + ctx->rest - ctx->padding; + } + + state = ctx->fragment_state; + + for (p = b->pos; p < last; p++) { + ch = *p; + +#if 0 + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc header byte: %02Xd s:%d", ch, state); +#endif + + switch (state) { + + case sw_start: + ctx->index = 0; + + if ((ch & 0x80) == 0x80) { + /* + * indexed header: + * + * 0 1 2 3 4 5 6 7 + * +---+---+---+---+---+---+---+---+ + * | 1 | Index (7+) | + * +---+---------------------------+ + */ + + index = ch & ~0x80; + + if (index == 0 || index > 61) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent invalid http2 " + "table index: %ui", index); + return NGX_ERROR; + } + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc indexed header: %ui", index); + + ctx->index = index; + ctx->literal = 0; + + goto done; + + } else if ((ch & 0xc0) == 0x40) { + /* + * literal header with incremental indexing: + * + * 0 1 2 3 4 5 6 7 + * +---+---+---+---+---+---+---+---+ + * | 0 | 1 | Index (6+) | + * +---+---+-----------------------+ + * | H | Value Length (7+) | + * +---+---------------------------+ + * | Value String (Length octets) | + * +-------------------------------+ + * + * 0 1 2 3 4 5 6 7 + * +---+---+---+---+---+---+---+---+ + * | 0 | 1 | 0 | + * +---+---+-----------------------+ + * | H | Name Length (7+) | + * +---+---------------------------+ + * | Name String (Length octets) | + * +---+---------------------------+ + * | H | Value Length (7+) | + * +---+---------------------------+ + * | Value String (Length octets) | + * +-------------------------------+ + */ + + index = ch & ~0xc0; + + if (index > 61) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent invalid http2 " + "table index: %ui", index); + return NGX_ERROR; + } + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc literal header: %ui", index); + + if (index == 0) { + state = sw_name_length; + break; + } + + ctx->index = index; + ctx->literal = 1; + + state = sw_value_length; + break; + + } else if ((ch & 0xe0) == 0x20) { + /* + * dynamic table size update: + * + * 0 1 2 3 4 5 6 7 + * +---+---+---+---+---+---+---+---+ + * | 0 | 0 | 1 | Max size (5+) | + * +---+---------------------------+ + */ + + size_update = ch & ~0xe0; + + if (size_update > 0) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent invalid http2 " + "dynamic table size update: %ui", + size_update); + return NGX_ERROR; + } + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc table size update: %ui", size_update); + + break; + + } else if ((ch & 0xf0) == 0x10) { + /* + * literal header field never indexed: + * + * 0 1 2 3 4 5 6 7 + * +---+---+---+---+---+---+---+---+ + * | 0 | 0 | 0 | 1 | Index (4+) | + * +---+---+-----------------------+ + * | H | Value Length (7+) | + * +---+---------------------------+ + * | Value String (Length octets) | + * +-------------------------------+ + * + * 0 1 2 3 4 5 6 7 + * +---+---+---+---+---+---+---+---+ + * | 0 | 0 | 0 | 1 | 0 | + * +---+---+-----------------------+ + * | H | Name Length (7+) | + * +---+---------------------------+ + * | Name String (Length octets) | + * +---+---------------------------+ + * | H | Value Length (7+) | + * +---+---------------------------+ + * | Value String (Length octets) | + * +-------------------------------+ + */ + + index = ch & ~0xf0; + + if (index == 0x0f) { + ctx->index = index; + ctx->literal = 1; + state = sw_index; + break; + } + + if (index == 0) { + state = sw_name_length; + break; + } + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc literal header never indexed: %ui", + index); + + ctx->index = index; + ctx->literal = 1; + + state = sw_value_length; + break; + + } else if ((ch & 0xf0) == 0x00) { + /* + * literal header field without indexing: + * + * 0 1 2 3 4 5 6 7 + * +---+---+---+---+---+---+---+---+ + * | 0 | 0 | 0 | 0 | Index (4+) | + * +---+---+-----------------------+ + * | H | Value Length (7+) | + * +---+---------------------------+ + * | Value String (Length octets) | + * +-------------------------------+ + * + * 0 1 2 3 4 5 6 7 + * +---+---+---+---+---+---+---+---+ + * | 0 | 0 | 0 | 0 | 0 | + * +---+---+-----------------------+ + * | H | Name Length (7+) | + * +---+---------------------------+ + * | Name String (Length octets) | + * +---+---------------------------+ + * | H | Value Length (7+) | + * +---+---------------------------+ + * | Value String (Length octets) | + * +-------------------------------+ + */ + + index = ch & ~0xf0; + + if (index == 0x0f) { + ctx->index = index; + ctx->literal = 1; + state = sw_index; + break; + } + + if (index == 0) { + state = sw_name_length; + break; + } + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc literal header without indexing: %ui", + index); + + ctx->index = index; + ctx->literal = 1; + + state = sw_value_length; + break; + } + + /* not reached */ + + return NGX_ERROR; + + case sw_index: + ctx->index = ctx->index + (ch & ~0x80); + + if (ch & 0x80) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent http2 table index " + "with continuation flag"); + return NGX_ERROR; + } + + if (ctx->index > 61) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent invalid http2 " + "table index: %ui", ctx->index); + return NGX_ERROR; + } + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc header index: %ui", ctx->index); + + state = sw_value_length; + break; + + case sw_name_length: + ctx->field_huffman = ch & 0x80 ? 1 : 0; + ctx->field_length = ch & ~0x80; + + if (ctx->field_length == 0x7f) { + state = sw_name_length_2; + break; + } + + if (ctx->field_length == 0) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent zero http2 " + "header name length"); + return NGX_ERROR; + } + + state = sw_name; + break; + + case sw_name_length_2: + ctx->field_length += ch & ~0x80; + + if (ch & 0x80) { + state = sw_name_length_3; + break; + } + + state = sw_name; + break; + + case sw_name_length_3: + ctx->field_length += (ch & ~0x80) << 7; + + if (ch & 0x80) { + state = sw_name_length_4; + break; + } + + state = sw_name; + break; + + case sw_name_length_4: + ctx->field_length += (ch & ~0x80) << 14; + + if (ch & 0x80) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent too large http2 " + "header name length"); + return NGX_ERROR; + } + + state = sw_name; + break; + + case sw_name: + ctx->name.len = ctx->field_huffman ? + ctx->field_length * 8 / 5 : ctx->field_length; + + ctx->name.data = ngx_pnalloc(r->pool, ctx->name.len + 1); + if (ctx->name.data == NULL) { + return NGX_ERROR; + } + + ctx->field_end = ctx->name.data; + ctx->field_rest = ctx->field_length; + ctx->field_state = 0; + + state = sw_name_bytes; + + /* fall through */ + + case sw_name_bytes: + + ngx_log_debug4(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc name: len:%uz h:%d last:%uz, rest:%uz", + ctx->field_length, + ctx->field_huffman, + last - p, + ctx->rest - (p - b->pos)); + + size = ngx_min(last - p, (ssize_t) ctx->field_rest); + ctx->field_rest -= size; + + if (ctx->field_huffman) { + if (ngx_http_v2_huff_decode(&ctx->field_state, p, size, + &ctx->field_end, + ctx->field_rest == 0, + r->connection->log) + != NGX_OK) + { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent invalid encoded header"); + return NGX_ERROR; + } + + ctx->name.len = ctx->field_end - ctx->name.data; + ctx->name.data[ctx->name.len] = '\0'; + + } else { + ctx->field_end = ngx_cpymem(ctx->field_end, p, size); + ctx->name.data[ctx->name.len] = '\0'; + } + + p += size - 1; + + if (ctx->field_rest == 0) { + state = sw_value_length; + } + + break; + + case sw_value_length: + ctx->field_huffman = ch & 0x80 ? 1 : 0; + ctx->field_length = ch & ~0x80; + + if (ctx->field_length == 0x7f) { + state = sw_value_length_2; + break; + } + + if (ctx->field_length == 0) { + ngx_str_set(&ctx->value, ""); + goto done; + } + + state = sw_value; + break; + + case sw_value_length_2: + ctx->field_length += ch & ~0x80; + + if (ch & 0x80) { + state = sw_value_length_3; + break; + } + + state = sw_value; + break; + + case sw_value_length_3: + ctx->field_length += (ch & ~0x80) << 7; + + if (ch & 0x80) { + state = sw_value_length_4; + break; + } + + state = sw_value; + break; + + case sw_value_length_4: + ctx->field_length += (ch & ~0x80) << 14; + + if (ch & 0x80) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent too large http2 " + "header value length"); + return NGX_ERROR; + } + + state = sw_value; + break; + + case sw_value: + ctx->value.len = ctx->field_huffman ? + ctx->field_length * 8 / 5 : ctx->field_length; + + ctx->value.data = ngx_pnalloc(r->pool, ctx->value.len + 1); + if (ctx->value.data == NULL) { + return NGX_ERROR; + } + + ctx->field_end = ctx->value.data; + ctx->field_rest = ctx->field_length; + ctx->field_state = 0; + + state = sw_value_bytes; + + /* fall through */ + + case sw_value_bytes: + + ngx_log_debug4(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc value: len:%uz h:%d last:%uz, rest:%uz", + ctx->field_length, + ctx->field_huffman, + last - p, + ctx->rest - (p - b->pos)); + + size = ngx_min(last - p, (ssize_t) ctx->field_rest); + ctx->field_rest -= size; + + if (ctx->field_huffman) { + if (ngx_http_v2_huff_decode(&ctx->field_state, p, size, + &ctx->field_end, + ctx->field_rest == 0, + r->connection->log) + != NGX_OK) + { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent invalid encoded header"); + return NGX_ERROR; + } + + ctx->value.len = ctx->field_end - ctx->value.data; + ctx->value.data[ctx->value.len] = '\0'; + + } else { + ctx->field_end = ngx_cpymem(ctx->field_end, p, size); + ctx->value.data[ctx->value.len] = '\0'; + } + + p += size - 1; + + if (ctx->field_rest == 0) { + goto done; + } + + break; + } + + continue; + + done: + + p++; + ctx->rest -= p - b->pos; + ctx->fragment_state = sw_start; + b->pos = p; + + if (ctx->index) { + ctx->name = *ngx_http_v2_get_static_name(ctx->index); + } + + if (ctx->index && !ctx->literal) { + ctx->value = *ngx_http_v2_get_static_value(ctx->index); + } + + if (!ctx->index) { + if (ngx_http_grpc_validate_header_name(r, &ctx->name) != NGX_OK) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent invalid header: \"%V: %V\"", + &ctx->name, &ctx->value); + return NGX_ERROR; + } + } + + if (!ctx->index || ctx->literal) { + if (ngx_http_grpc_validate_header_value(r, &ctx->value) != NGX_OK) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent invalid header: \"%V: %V\"", + &ctx->name, &ctx->value); + return NGX_ERROR; + } + } + + return NGX_OK; + } + + ctx->rest -= p - b->pos; + ctx->fragment_state = state; + b->pos = p; + + if (ctx->rest > ctx->padding) { + return NGX_AGAIN; + } + + return NGX_DONE; +} + + +static ngx_int_t +ngx_http_grpc_validate_header_name(ngx_http_request_t *r, ngx_str_t *s) +{ + u_char ch; + ngx_uint_t i; + + for (i = 0; i < s->len; i++) { + ch = s->data[i]; + + if (ch == ':' && i > 0) { + return NGX_ERROR; + } + + if (ch >= 'A' && ch <= 'Z') { + return NGX_ERROR; + } + + if (ch == '\0' || ch == CR || ch == LF) { + return NGX_ERROR; + } + } + + return NGX_OK; +} + + +static ngx_int_t +ngx_http_grpc_validate_header_value(ngx_http_request_t *r, ngx_str_t *s) +{ + u_char ch; + ngx_uint_t i; + + for (i = 0; i < s->len; i++) { + ch = s->data[i]; + + if (ch == '\0' || ch == CR || ch == LF) { + return NGX_ERROR; + } + } + + return NGX_OK; +} + + +static ngx_int_t +ngx_http_grpc_parse_rst_stream(ngx_http_request_t *r, ngx_http_grpc_ctx_t *ctx, + ngx_buf_t *b) +{ + u_char ch, *p, *last; + enum { + sw_start = 0, + sw_error_2, + sw_error_3, + sw_error_4 + } state; + + if (b->last - b->pos < (ssize_t) ctx->rest) { + last = b->last; + + } else { + last = b->pos + ctx->rest; + } + + state = ctx->frame_state; + + if (state == sw_start) { + if (ctx->rest != 4) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent rst stream frame " + "with invalid length: %uz", + ctx->rest); + return NGX_ERROR; + } + } + + for (p = b->pos; p < last; p++) { + ch = *p; + +#if 0 + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc rst byte: %02Xd s:%d", ch, state); +#endif + + switch (state) { + + case sw_start: + ctx->error = (ngx_uint_t) ch << 24; + state = sw_error_2; + break; + + case sw_error_2: + ctx->error |= ch << 16; + state = sw_error_3; + break; + + case sw_error_3: + ctx->error |= ch << 8; + state = sw_error_4; + break; + + case sw_error_4: + ctx->error |= ch; + state = sw_start; + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc error: %ui", ctx->error); + + break; + } + } + + ctx->rest -= p - b->pos; + ctx->frame_state = state; + b->pos = p; + + if (ctx->rest > 0) { + return NGX_AGAIN; + } + + return NGX_OK; +} + + +static ngx_int_t +ngx_http_grpc_parse_goaway(ngx_http_request_t *r, ngx_http_grpc_ctx_t *ctx, + ngx_buf_t *b) +{ + u_char ch, *p, *last; + enum { + sw_start = 0, + sw_last_stream_id_2, + sw_last_stream_id_3, + sw_last_stream_id_4, + sw_error, + sw_error_2, + sw_error_3, + sw_error_4, + sw_debug + } state; + + if (b->last - b->pos < (ssize_t) ctx->rest) { + last = b->last; + + } else { + last = b->pos + ctx->rest; + } + + state = ctx->frame_state; + + if (state == sw_start) { + + if (ctx->stream_id) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent goaway frame " + "with non-zero stream id: %ui", + ctx->stream_id); + return NGX_ERROR; + } + + if (ctx->rest < 8) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent goaway frame " + "with invalid length: %uz", + ctx->rest); + return NGX_ERROR; + } + } + + for (p = b->pos; p < last; p++) { + ch = *p; + +#if 0 + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc goaway byte: %02Xd s:%d", ch, state); +#endif + + switch (state) { + + case sw_start: + ctx->stream_id = (ch & 0x7f) << 24; + state = sw_last_stream_id_2; + break; + + case sw_last_stream_id_2: + ctx->stream_id |= ch << 16; + state = sw_last_stream_id_3; + break; + + case sw_last_stream_id_3: + ctx->stream_id |= ch << 8; + state = sw_last_stream_id_4; + break; + + case sw_last_stream_id_4: + ctx->stream_id |= ch; + state = sw_error; + break; + + case sw_error: + ctx->error = (ngx_uint_t) ch << 24; + state = sw_error_2; + break; + + case sw_error_2: + ctx->error |= ch << 16; + state = sw_error_3; + break; + + case sw_error_3: + ctx->error |= ch << 8; + state = sw_error_4; + break; + + case sw_error_4: + ctx->error |= ch; + state = sw_debug; + break; + + case sw_debug: + break; + } + } + + ctx->rest -= p - b->pos; + ctx->frame_state = state; + b->pos = p; + + if (ctx->rest > 0) { + return NGX_AGAIN; + } + + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc goaway: %ui, stream %ui", + ctx->error, ctx->stream_id); + + ctx->state = ngx_http_grpc_st_start; + + return NGX_OK; +} + + +static ngx_int_t +ngx_http_grpc_parse_window_update(ngx_http_request_t *r, + ngx_http_grpc_ctx_t *ctx, ngx_buf_t *b) +{ + u_char ch, *p, *last; + enum { + sw_start = 0, + sw_size_2, + sw_size_3, + sw_size_4 + } state; + + if (b->last - b->pos < (ssize_t) ctx->rest) { + last = b->last; + + } else { + last = b->pos + ctx->rest; + } + + state = ctx->frame_state; + + if (state == sw_start) { + if (ctx->rest != 4) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent window update frame " + "with invalid length: %uz", + ctx->rest); + return NGX_ERROR; + } + } + + for (p = b->pos; p < last; p++) { + ch = *p; + +#if 0 + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc window update byte: %02Xd s:%d", ch, state); +#endif + + switch (state) { + + case sw_start: + ctx->window_update = (ch & 0x7f) << 24; + state = sw_size_2; + break; + + case sw_size_2: + ctx->window_update |= ch << 16; + state = sw_size_3; + break; + + case sw_size_3: + ctx->window_update |= ch << 8; + state = sw_size_4; + break; + + case sw_size_4: + ctx->window_update |= ch; + state = sw_start; + break; + } + } + + ctx->rest -= p - b->pos; + ctx->frame_state = state; + b->pos = p; + + if (ctx->rest > 0) { + return NGX_AGAIN; + } + + ctx->state = ngx_http_grpc_st_start; + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc window update: %ui", ctx->window_update); + + if (ctx->stream_id) { + + if (ctx->window_update > (size_t) NGX_HTTP_V2_MAX_WINDOW + - ctx->send_window) + { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent too large window update"); + return NGX_ERROR; + } + + ctx->send_window += ctx->window_update; + + } else { + + if (ctx->window_update > NGX_HTTP_V2_MAX_WINDOW + - ctx->connection->send_window) + { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent too large window update"); + return NGX_ERROR; + } + + ctx->connection->send_window += ctx->window_update; + } + + return NGX_OK; +} + + +static ngx_int_t +ngx_http_grpc_parse_settings(ngx_http_request_t *r, ngx_http_grpc_ctx_t *ctx, + ngx_buf_t *b) +{ + u_char ch, *p, *last; + ssize_t window_update; + enum { + sw_start = 0, + sw_id, + sw_id_2, + sw_value, + sw_value_2, + sw_value_3, + sw_value_4 + } state; + + if (b->last - b->pos < (ssize_t) ctx->rest) { + last = b->last; + + } else { + last = b->pos + ctx->rest; + } + + state = ctx->frame_state; + + if (state == sw_start) { + + if (ctx->stream_id) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent settings frame " + "with non-zero stream id: %ui", + ctx->stream_id); + return NGX_ERROR; + } + + if (ctx->flags & NGX_HTTP_V2_ACK_FLAG) { + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc settings ack"); + + if (ctx->rest != 0) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent settings frame " + "with ack flag and non-zero length: %uz", + ctx->rest); + return NGX_ERROR; + } + + ctx->state = ngx_http_grpc_st_start; + + return NGX_OK; + } + + if (ctx->rest % 6 != 0) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent settings frame " + "with invalid length: %uz", + ctx->rest); + return NGX_ERROR; + } + } + + for (p = b->pos; p < last; p++) { + ch = *p; + +#if 0 + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc settings byte: %02Xd s:%d", ch, state); +#endif + + switch (state) { + + case sw_start: + case sw_id: + ctx->setting_id = ch << 8; + state = sw_id_2; + break; + + case sw_id_2: + ctx->setting_id |= ch; + state = sw_value; + break; + + case sw_value: + ctx->setting_value = (ngx_uint_t) ch << 24; + state = sw_value_2; + break; + + case sw_value_2: + ctx->setting_value |= ch << 16; + state = sw_value_3; + break; + + case sw_value_3: + ctx->setting_value |= ch << 8; + state = sw_value_4; + break; + + case sw_value_4: + ctx->setting_value |= ch; + state = sw_id; + + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc setting: %ui %ui", + ctx->setting_id, ctx->setting_value); + + /* + * The following settings are defined by the protocol: + * + * SETTINGS_HEADER_TABLE_SIZE, SETTINGS_ENABLE_PUSH, + * SETTINGS_MAX_CONCURRENT_STREAMS, SETTINGS_INITIAL_WINDOW_SIZE, + * SETTINGS_MAX_FRAME_SIZE, SETTINGS_MAX_HEADER_LIST_SIZE + * + * Only SETTINGS_INITIAL_WINDOW_SIZE seems to be needed in + * a simple client. + */ + + if (ctx->setting_id == 0x04) { + /* SETTINGS_INITIAL_WINDOW_SIZE */ + + if (ctx->setting_value > NGX_HTTP_V2_MAX_WINDOW) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent settings frame " + "with too large initial window size: %ui", + ctx->setting_value); + return NGX_ERROR; + } + + window_update = ctx->setting_value + - ctx->connection->init_window; + ctx->connection->init_window = ctx->setting_value; + + if (ctx->send_window > 0 + && window_update > (ssize_t) NGX_HTTP_V2_MAX_WINDOW + - ctx->send_window) + { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent settings frame " + "with too large initial window size: %ui", + ctx->setting_value); + return NGX_ERROR; + } + + ctx->send_window += window_update; + } + + break; + } + } + + ctx->rest -= p - b->pos; + ctx->frame_state = state; + b->pos = p; + + if (ctx->rest > 0) { + return NGX_AGAIN; + } + + ctx->state = ngx_http_grpc_st_start; + + return ngx_http_grpc_send_settings_ack(r, ctx); +} + + +static ngx_int_t +ngx_http_grpc_parse_ping(ngx_http_request_t *r, + ngx_http_grpc_ctx_t *ctx, ngx_buf_t *b) +{ + u_char ch, *p, *last; + enum { + sw_start = 0, + sw_data_2, + sw_data_3, + sw_data_4, + sw_data_5, + sw_data_6, + sw_data_7, + sw_data_8 + } state; + + if (b->last - b->pos < (ssize_t) ctx->rest) { + last = b->last; + + } else { + last = b->pos + ctx->rest; + } + + state = ctx->frame_state; + + if (state == sw_start) { + + if (ctx->stream_id) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent ping frame " + "with non-zero stream id: %ui", + ctx->stream_id); + return NGX_ERROR; + } + + if (ctx->rest != 8) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent ping frame " + "with invalid length: %uz", + ctx->rest); + return NGX_ERROR; + } + + if (ctx->flags & NGX_HTTP_V2_ACK_FLAG) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent ping frame with ack flag"); + return NGX_ERROR; + } + } + + for (p = b->pos; p < last; p++) { + ch = *p; + +#if 0 + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc ping byte: %02Xd s:%d", ch, state); +#endif + + if (state < sw_data_8) { + ctx->ping_data[state] = ch; + state++; + + } else { + ctx->ping_data[7] = ch; + state = sw_start; + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc ping"); + } + } + + ctx->rest -= p - b->pos; + ctx->frame_state = state; + b->pos = p; + + if (ctx->rest > 0) { + return NGX_AGAIN; + } + + ctx->state = ngx_http_grpc_st_start; + + return ngx_http_grpc_send_ping_ack(r, ctx); +} + + +static ngx_int_t +ngx_http_grpc_send_settings_ack(ngx_http_request_t *r, ngx_http_grpc_ctx_t *ctx) +{ + ngx_chain_t *cl, **ll; + ngx_http_grpc_frame_t *f; + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc send settings ack"); + + for (cl = ctx->out, ll = &ctx->out; cl; cl = cl->next) { + ll = &cl->next; + } + + cl = ngx_http_grpc_get_buf(r, ctx); + if (cl == NULL) { + return NGX_ERROR; + } + + f = (ngx_http_grpc_frame_t *) cl->buf->last; + cl->buf->last += sizeof(ngx_http_grpc_frame_t); + + f->length_0 = 0; + f->length_1 = 0; + f->length_2 = 0; + f->type = NGX_HTTP_V2_SETTINGS_FRAME; + f->flags = NGX_HTTP_V2_ACK_FLAG; + f->stream_id_0 = 0; + f->stream_id_1 = 0; + f->stream_id_2 = 0; + f->stream_id_3 = 0; + + *ll = cl; + + return NGX_OK; +} + + +static ngx_int_t +ngx_http_grpc_send_ping_ack(ngx_http_request_t *r, ngx_http_grpc_ctx_t *ctx) +{ + ngx_chain_t *cl, **ll; + ngx_http_grpc_frame_t *f; + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc send ping ack"); + + for (cl = ctx->out, ll = &ctx->out; cl; cl = cl->next) { + ll = &cl->next; + } + + cl = ngx_http_grpc_get_buf(r, ctx); + if (cl == NULL) { + return NGX_ERROR; + } + + f = (ngx_http_grpc_frame_t *) cl->buf->last; + cl->buf->last += sizeof(ngx_http_grpc_frame_t); + + f->length_0 = 0; + f->length_1 = 0; + f->length_2 = 8; + f->type = NGX_HTTP_V2_PING_FRAME; + f->flags = NGX_HTTP_V2_ACK_FLAG; + f->stream_id_0 = 0; + f->stream_id_1 = 0; + f->stream_id_2 = 0; + f->stream_id_3 = 0; + + cl->buf->last = ngx_copy(cl->buf->last, ctx->ping_data, 8); + + *ll = cl; + + return NGX_OK; +} + + +static ngx_int_t +ngx_http_grpc_send_window_update(ngx_http_request_t *r, + ngx_http_grpc_ctx_t *ctx) +{ + size_t n; + ngx_chain_t *cl, **ll; + ngx_http_grpc_frame_t *f; + + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "grpc send window update: %uz %uz", + ctx->connection->recv_window, ctx->recv_window); + + for (cl = ctx->out, ll = &ctx->out; cl; cl = cl->next) { + ll = &cl->next; + } + + cl = ngx_http_grpc_get_buf(r, ctx); + if (cl == NULL) { + return NGX_ERROR; + } + + f = (ngx_http_grpc_frame_t *) cl->buf->last; + cl->buf->last += sizeof(ngx_http_grpc_frame_t); + + f->length_0 = 0; + f->length_1 = 0; + f->length_2 = 4; + f->type = NGX_HTTP_V2_WINDOW_UPDATE_FRAME; + f->flags = 0; + f->stream_id_0 = 0; + f->stream_id_1 = 0; + f->stream_id_2 = 0; + f->stream_id_3 = 0; + + n = NGX_HTTP_V2_MAX_WINDOW - ctx->connection->recv_window; + ctx->connection->recv_window = NGX_HTTP_V2_MAX_WINDOW; + + *cl->buf->last++ = (u_char) ((n >> 24) & 0xff); + *cl->buf->last++ = (u_char) ((n >> 16) & 0xff); + *cl->buf->last++ = (u_char) ((n >> 8) & 0xff); + *cl->buf->last++ = (u_char) (n & 0xff); + + f = (ngx_http_grpc_frame_t *) cl->buf->last; + cl->buf->last += sizeof(ngx_http_grpc_frame_t); + + f->length_0 = 0; + f->length_1 = 0; + f->length_2 = 4; + f->type = NGX_HTTP_V2_WINDOW_UPDATE_FRAME; + f->flags = 0; + f->stream_id_0 = (u_char) ((ctx->id >> 24) & 0xff); + f->stream_id_1 = (u_char) ((ctx->id >> 16) & 0xff); + f->stream_id_2 = (u_char) ((ctx->id >> 8) & 0xff); + f->stream_id_3 = (u_char) (ctx->id & 0xff); + + n = NGX_HTTP_V2_MAX_WINDOW - ctx->recv_window; + ctx->recv_window = NGX_HTTP_V2_MAX_WINDOW; + + *cl->buf->last++ = (u_char) ((n >> 24) & 0xff); + *cl->buf->last++ = (u_char) ((n >> 16) & 0xff); + *cl->buf->last++ = (u_char) ((n >> 8) & 0xff); + *cl->buf->last++ = (u_char) (n & 0xff); + + *ll = cl; + + return NGX_OK; +} + + +static ngx_chain_t * +ngx_http_grpc_get_buf(ngx_http_request_t *r, ngx_http_grpc_ctx_t *ctx) +{ + ngx_buf_t *b; + ngx_chain_t *cl; + + cl = ngx_chain_get_free_buf(r->pool, &ctx->free); + if (cl == NULL) { + return NULL; + } + + b = cl->buf; + + b->tag = (ngx_buf_tag_t) &ngx_http_grpc_body_output_filter; + b->temporary = 1; + b->flush = 1; + + if (b->start == NULL) { + + /* + * each buffer is large enough to hold two window update + * frames in a row + */ + + b->start = ngx_palloc(r->pool, 2 * sizeof(ngx_http_grpc_frame_t) + 8); + if (b->start == NULL) { + return NULL; + } + + b->pos = b->start; + b->last = b->start; + + b->end = b->start + 2 * sizeof(ngx_http_grpc_frame_t) + 8; + } + + return cl; +} + + +static ngx_http_grpc_ctx_t * +ngx_http_grpc_get_ctx(ngx_http_request_t *r) +{ + ngx_http_grpc_ctx_t *ctx; + ngx_http_upstream_t *u; + + ctx = ngx_http_get_module_ctx(r, ngx_http_grpc_module); + + if (ctx->connection == NULL) { + u = r->upstream; + + if (ngx_http_grpc_get_connection_data(r, ctx, &u->peer) != NGX_OK) { + return NULL; + } + } + + return ctx; +} + + +static ngx_int_t +ngx_http_grpc_get_connection_data(ngx_http_request_t *r, + ngx_http_grpc_ctx_t *ctx, ngx_peer_connection_t *pc) +{ + ngx_connection_t *c; + ngx_pool_cleanup_t *cln; + + c = pc->connection; + + if (pc->cached) { + + /* + * for cached connections, connection data can be found + * in the cleanup handler + */ + + for (cln = c->pool->cleanup; cln; cln = cln->next) { + if (cln->handler == ngx_http_grpc_cleanup) { + ctx->connection = cln->data; + break; + } + } + + if (ctx->connection == NULL) { + ngx_log_error(NGX_LOG_ERR, c->log, 0, + "no connection data found for " + "keepalive http2 connection"); + return NGX_ERROR; + } + + ctx->send_window = ctx->connection->init_window; + ctx->recv_window = NGX_HTTP_V2_MAX_WINDOW; + + ctx->connection->last_stream_id += 2; + ctx->id = ctx->connection->last_stream_id; + + return NGX_OK; + } + + cln = ngx_pool_cleanup_add(c->pool, sizeof(ngx_http_grpc_conn_t)); + if (cln == NULL) { + return NGX_ERROR; + } + + cln->handler = ngx_http_grpc_cleanup; + ctx->connection = cln->data; + + ctx->connection->init_window = NGX_HTTP_V2_DEFAULT_WINDOW; + ctx->connection->send_window = NGX_HTTP_V2_DEFAULT_WINDOW; + ctx->connection->recv_window = NGX_HTTP_V2_MAX_WINDOW; + + ctx->send_window = NGX_HTTP_V2_DEFAULT_WINDOW; + ctx->recv_window = NGX_HTTP_V2_MAX_WINDOW; + + ctx->id = 1; + ctx->connection->last_stream_id = 1; + + return NGX_OK; +} + + +static void +ngx_http_grpc_cleanup(void *data) +{ +#if 0 + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, + "grpc cleanup"); +#endif + return; +} + + +static void +ngx_http_grpc_abort_request(ngx_http_request_t *r) +{ + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "abort grpc request"); + return; +} + + +static void +ngx_http_grpc_finalize_request(ngx_http_request_t *r, ngx_int_t rc) +{ + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "finalize grpc request"); + return; +} + + +static ngx_int_t +ngx_http_grpc_internal_trailers_variable(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data) +{ + ngx_table_elt_t *te; + + te = r->headers_in.te; + + if (te == NULL) { + v->not_found = 1; + return NGX_OK; + } + + if (ngx_strlcasestrn(te->value.data, te->value.data + te->value.len, + (u_char *) "trailers", 8 - 1) + == NULL) + { + v->not_found = 1; + return NGX_OK; + } + + v->valid = 1; + v->no_cacheable = 0; + v->not_found = 0; + + v->data = (u_char *) "trailers"; + v->len = sizeof("trailers") - 1; + + return NGX_OK; +} + + +static ngx_int_t +ngx_http_grpc_add_variables(ngx_conf_t *cf) +{ + ngx_http_variable_t *var, *v; + + for (v = ngx_http_grpc_vars; v->name.len; v++) { + var = ngx_http_add_variable(cf, &v->name, v->flags); + if (var == NULL) { + return NGX_ERROR; + } + + var->get_handler = v->get_handler; + var->data = v->data; + } + + return NGX_OK; +} + + +static void * +ngx_http_grpc_create_loc_conf(ngx_conf_t *cf) +{ + ngx_http_grpc_loc_conf_t *conf; + + conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_grpc_loc_conf_t)); + if (conf == NULL) { + return NULL; + } + + /* + * set by ngx_pcalloc(): + * + * conf->upstream.ignore_headers = 0; + * conf->upstream.next_upstream = 0; + * conf->upstream.hide_headers_hash = { NULL, 0 }; + * conf->upstream.ssl_name = NULL; + * + * conf->headers_source = NULL; + * conf->headers.lengths = NULL; + * conf->headers.values = NULL; + * conf->headers.hash = { NULL, 0 }; + * conf->host = { 0, NULL }; + * conf->host_set = 0; + * conf->ssl = 0; + * conf->ssl_protocols = 0; + * conf->ssl_ciphers = { 0, NULL }; + * conf->ssl_trusted_certificate = { 0, NULL }; + * conf->ssl_crl = { 0, NULL }; + * conf->ssl_certificate = { 0, NULL }; + * conf->ssl_certificate_key = { 0, NULL }; + */ + + conf->upstream.local = NGX_CONF_UNSET_PTR; + conf->upstream.next_upstream_tries = NGX_CONF_UNSET_UINT; + conf->upstream.connect_timeout = NGX_CONF_UNSET_MSEC; + conf->upstream.send_timeout = NGX_CONF_UNSET_MSEC; + conf->upstream.read_timeout = NGX_CONF_UNSET_MSEC; + conf->upstream.next_upstream_timeout = NGX_CONF_UNSET_MSEC; + + conf->upstream.buffer_size = NGX_CONF_UNSET_SIZE; + + conf->upstream.hide_headers = NGX_CONF_UNSET_PTR; + conf->upstream.pass_headers = NGX_CONF_UNSET_PTR; + + conf->upstream.intercept_errors = NGX_CONF_UNSET; + +#if (NGX_HTTP_SSL) + conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; + conf->upstream.ssl_server_name = NGX_CONF_UNSET; + conf->upstream.ssl_verify = NGX_CONF_UNSET; + conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; + conf->ssl_passwords = NGX_CONF_UNSET_PTR; +#endif + + /* the hardcoded values */ + conf->upstream.cyclic_temp_file = 0; + conf->upstream.buffering = 0; + conf->upstream.ignore_client_abort = 0; + conf->upstream.send_lowat = 0; + conf->upstream.bufs.num = 0; + conf->upstream.busy_buffers_size = 0; + conf->upstream.max_temp_file_size = 0; + conf->upstream.temp_file_write_size = 0; + conf->upstream.pass_request_headers = 1; + conf->upstream.pass_request_body = 1; + conf->upstream.force_ranges = 0; + conf->upstream.pass_trailers = 1; + conf->upstream.preserve_output = 1; + + ngx_str_set(&conf->upstream.module, "grpc"); + + return conf; +} + + +static char * +ngx_http_grpc_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) +{ + ngx_http_grpc_loc_conf_t *prev = parent; + ngx_http_grpc_loc_conf_t *conf = child; + + ngx_int_t rc; + ngx_hash_init_t hash; + ngx_http_core_loc_conf_t *clcf; + + ngx_conf_merge_ptr_value(conf->upstream.local, + prev->upstream.local, NULL); + + ngx_conf_merge_uint_value(conf->upstream.next_upstream_tries, + prev->upstream.next_upstream_tries, 0); + + ngx_conf_merge_msec_value(conf->upstream.connect_timeout, + prev->upstream.connect_timeout, 60000); + + ngx_conf_merge_msec_value(conf->upstream.send_timeout, + prev->upstream.send_timeout, 60000); + + ngx_conf_merge_msec_value(conf->upstream.read_timeout, + prev->upstream.read_timeout, 60000); + + ngx_conf_merge_msec_value(conf->upstream.next_upstream_timeout, + prev->upstream.next_upstream_timeout, 0); + + ngx_conf_merge_size_value(conf->upstream.buffer_size, + prev->upstream.buffer_size, + (size_t) ngx_pagesize); + + ngx_conf_merge_bitmask_value(conf->upstream.ignore_headers, + prev->upstream.ignore_headers, + NGX_CONF_BITMASK_SET); + + ngx_conf_merge_bitmask_value(conf->upstream.next_upstream, + prev->upstream.next_upstream, + (NGX_CONF_BITMASK_SET + |NGX_HTTP_UPSTREAM_FT_ERROR + |NGX_HTTP_UPSTREAM_FT_TIMEOUT)); + + if (conf->upstream.next_upstream & NGX_HTTP_UPSTREAM_FT_OFF) { + conf->upstream.next_upstream = NGX_CONF_BITMASK_SET + |NGX_HTTP_UPSTREAM_FT_OFF; + } + + ngx_conf_merge_value(conf->upstream.intercept_errors, + prev->upstream.intercept_errors, 0); + +#if (NGX_HTTP_SSL) + + ngx_conf_merge_value(conf->upstream.ssl_session_reuse, + prev->upstream.ssl_session_reuse, 1); + + ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols, + (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1 + |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2)); + + ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers, + "DEFAULT"); + + if (conf->upstream.ssl_name == NULL) { + conf->upstream.ssl_name = prev->upstream.ssl_name; + } + + ngx_conf_merge_value(conf->upstream.ssl_server_name, + prev->upstream.ssl_server_name, 0); + ngx_conf_merge_value(conf->upstream.ssl_verify, + prev->upstream.ssl_verify, 0); + ngx_conf_merge_uint_value(conf->ssl_verify_depth, + prev->ssl_verify_depth, 1); + ngx_conf_merge_str_value(conf->ssl_trusted_certificate, + prev->ssl_trusted_certificate, ""); + ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, ""); + + ngx_conf_merge_str_value(conf->ssl_certificate, + prev->ssl_certificate, ""); + ngx_conf_merge_str_value(conf->ssl_certificate_key, + prev->ssl_certificate_key, ""); + ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL); + + if (conf->ssl && ngx_http_grpc_set_ssl(cf, conf) != NGX_OK) { + return NGX_CONF_ERROR; + } + +#endif + + hash.max_size = 512; + hash.bucket_size = ngx_align(64, ngx_cacheline_size); + hash.name = "grpc_headers_hash"; + + if (ngx_http_upstream_hide_headers_hash(cf, &conf->upstream, + &prev->upstream, ngx_http_grpc_hide_headers, &hash) + != NGX_OK) + { + return NGX_CONF_ERROR; + } + + clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module); + + if (clcf->noname && conf->upstream.upstream == NULL) { + conf->upstream.upstream = prev->upstream.upstream; + conf->host = prev->host; +#if (NGX_HTTP_SSL) + conf->upstream.ssl = prev->upstream.ssl; +#endif + } + + if (clcf->lmt_excpt && clcf->handler == NULL && conf->upstream.upstream) { + clcf->handler = ngx_http_grpc_handler; + } + + if (conf->headers_source == NULL) { + conf->headers = prev->headers; + conf->headers_source = prev->headers_source; + conf->host_set = prev->host_set; + } + + rc = ngx_http_grpc_init_headers(cf, conf, &conf->headers, + ngx_http_grpc_headers); + if (rc != NGX_OK) { + return NGX_CONF_ERROR; + } + + /* + * special handling to preserve conf->headers in the "http" section + * to inherit it to all servers + */ + + if (prev->headers.hash.buckets == NULL + && conf->headers_source == prev->headers_source) + { + prev->headers = conf->headers; + prev->host_set = conf->host_set; + } + + return NGX_CONF_OK; +} + + +static ngx_int_t +ngx_http_grpc_init_headers(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *conf, + ngx_http_grpc_headers_t *headers, ngx_keyval_t *default_headers) +{ + u_char *p; + size_t size; + uintptr_t *code; + ngx_uint_t i; + ngx_array_t headers_names, headers_merged; + ngx_keyval_t *src, *s, *h; + ngx_hash_key_t *hk; + ngx_hash_init_t hash; + ngx_http_script_compile_t sc; + ngx_http_script_copy_code_t *copy; + + if (headers->hash.buckets) { + return NGX_OK; + } + + if (ngx_array_init(&headers_names, cf->temp_pool, 4, sizeof(ngx_hash_key_t)) + != NGX_OK) + { + return NGX_ERROR; + } + + if (ngx_array_init(&headers_merged, cf->temp_pool, 4, sizeof(ngx_keyval_t)) + != NGX_OK) + { + return NGX_ERROR; + } + + headers->lengths = ngx_array_create(cf->pool, 64, 1); + if (headers->lengths == NULL) { + return NGX_ERROR; + } + + headers->values = ngx_array_create(cf->pool, 512, 1); + if (headers->values == NULL) { + return NGX_ERROR; + } + + if (conf->headers_source) { + + src = conf->headers_source->elts; + for (i = 0; i < conf->headers_source->nelts; i++) { + + if (src[i].key.len == 4 + && ngx_strncasecmp(src[i].key.data, (u_char *) "Host", 4) == 0) + { + conf->host_set = 1; + } + + s = ngx_array_push(&headers_merged); + if (s == NULL) { + return NGX_ERROR; + } + + *s = src[i]; + } + } + + h = default_headers; + + while (h->key.len) { + + src = headers_merged.elts; + for (i = 0; i < headers_merged.nelts; i++) { + if (ngx_strcasecmp(h->key.data, src[i].key.data) == 0) { + goto next; + } + } + + s = ngx_array_push(&headers_merged); + if (s == NULL) { + return NGX_ERROR; + } + + *s = *h; + + next: + + h++; + } + + + src = headers_merged.elts; + for (i = 0; i < headers_merged.nelts; i++) { + + hk = ngx_array_push(&headers_names); + if (hk == NULL) { + return NGX_ERROR; + } + + hk->key = src[i].key; + hk->key_hash = ngx_hash_key_lc(src[i].key.data, src[i].key.len); + hk->value = (void *) 1; + + if (src[i].value.len == 0) { + continue; + } + + copy = ngx_array_push_n(headers->lengths, + sizeof(ngx_http_script_copy_code_t)); + if (copy == NULL) { + return NGX_ERROR; + } + + copy->code = (ngx_http_script_code_pt) ngx_http_script_copy_len_code; + copy->len = src[i].key.len; + + size = (sizeof(ngx_http_script_copy_code_t) + + src[i].key.len + sizeof(uintptr_t) - 1) + & ~(sizeof(uintptr_t) - 1); + + copy = ngx_array_push_n(headers->values, size); + if (copy == NULL) { + return NGX_ERROR; + } + + copy->code = ngx_http_script_copy_code; + copy->len = src[i].key.len; + + p = (u_char *) copy + sizeof(ngx_http_script_copy_code_t); + ngx_memcpy(p, src[i].key.data, src[i].key.len); + + ngx_memzero(&sc, sizeof(ngx_http_script_compile_t)); + + sc.cf = cf; + sc.source = &src[i].value; + sc.flushes = &headers->flushes; + sc.lengths = &headers->lengths; + sc.values = &headers->values; + + if (ngx_http_script_compile(&sc) != NGX_OK) { + return NGX_ERROR; + } + + code = ngx_array_push_n(headers->lengths, sizeof(uintptr_t)); + if (code == NULL) { + return NGX_ERROR; + } + + *code = (uintptr_t) NULL; + + code = ngx_array_push_n(headers->values, sizeof(uintptr_t)); + if (code == NULL) { + return NGX_ERROR; + } + + *code = (uintptr_t) NULL; + } + + code = ngx_array_push_n(headers->lengths, sizeof(uintptr_t)); + if (code == NULL) { + return NGX_ERROR; + } + + *code = (uintptr_t) NULL; + + + hash.hash = &headers->hash; + hash.key = ngx_hash_key_lc; + hash.max_size = 512; + hash.bucket_size = 64; + hash.name = "grpc_headers_hash"; + hash.pool = cf->pool; + hash.temp_pool = NULL; + + return ngx_hash_init(&hash, headers_names.elts, headers_names.nelts); +} + + +static char * +ngx_http_grpc_pass(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +{ + ngx_http_grpc_loc_conf_t *glcf = conf; + + size_t add; + ngx_str_t *value, *url; + ngx_url_t u; + ngx_http_core_loc_conf_t *clcf; + + if (glcf->upstream.upstream) { + return "is duplicate"; + } + + value = cf->args->elts; + url = &value[1]; + + if (ngx_strncasecmp(url->data, (u_char *) "grpc://", 7) == 0) { + add = 7; + + } else if (ngx_strncasecmp(url->data, (u_char *) "grpcs://", 8) == 0) { + +#if (NGX_HTTP_SSL) + glcf->ssl = 1; + + add = 8; +#else + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "grpcs protocol requires SSL support"); + return NGX_CONF_ERROR; +#endif + + } else { + add = 0; + } + + ngx_memzero(&u, sizeof(ngx_url_t)); + + u.url.len = url->len - add; + u.url.data = url->data + add; + u.no_resolve = 1; + + glcf->upstream.upstream = ngx_http_upstream_add(cf, &u, 0); + if (glcf->upstream.upstream == NULL) { + return NGX_CONF_ERROR; + } + + if (u.family != AF_UNIX) { + + if (u.no_port) { + glcf->host = u.host; + + } else { + glcf->host.len = u.host.len + 1 + u.port_text.len; + glcf->host.data = u.host.data; + } + + } else { + ngx_str_set(&glcf->host, "localhost"); + } + + clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module); + + clcf->handler = ngx_http_grpc_handler; + + if (clcf->name.data[clcf->name.len - 1] == '/') { + clcf->auto_redirect = 1; + } + + return NGX_CONF_OK; +} + + +#if (NGX_HTTP_SSL) + +static char * +ngx_http_grpc_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +{ + ngx_http_grpc_loc_conf_t *glcf = conf; + + ngx_str_t *value; + + if (glcf->ssl_passwords != NGX_CONF_UNSET_PTR) { + return "is duplicate"; + } + + value = cf->args->elts; + + glcf->ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]); + + if (glcf->ssl_passwords == NULL) { + return NGX_CONF_ERROR; + } + + return NGX_CONF_OK; +} + + +static ngx_int_t +ngx_http_grpc_set_ssl(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *glcf) +{ + ngx_pool_cleanup_t *cln; + + glcf->upstream.ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t)); + if (glcf->upstream.ssl == NULL) { + return NGX_ERROR; + } + + glcf->upstream.ssl->log = cf->log; + + if (ngx_ssl_create(glcf->upstream.ssl, glcf->ssl_protocols, NULL) + != NGX_OK) + { + return NGX_ERROR; + } + + cln = ngx_pool_cleanup_add(cf->pool, 0); + if (cln == NULL) { + return NGX_ERROR; + } + + cln->handler = ngx_ssl_cleanup_ctx; + cln->data = glcf->upstream.ssl; + + if (glcf->ssl_certificate.len) { + + if (glcf->ssl_certificate_key.len == 0) { + ngx_log_error(NGX_LOG_EMERG, cf->log, 0, + "no \"grpc_ssl_certificate_key\" is defined " + "for certificate \"%V\"", &glcf->ssl_certificate); + return NGX_ERROR; + } + + if (ngx_ssl_certificate(cf, glcf->upstream.ssl, &glcf->ssl_certificate, + &glcf->ssl_certificate_key, glcf->ssl_passwords) + != NGX_OK) + { + return NGX_ERROR; + } + } + + if (ngx_ssl_ciphers(cf, glcf->upstream.ssl, &glcf->ssl_ciphers, 0) + != NGX_OK) + { + return NGX_ERROR; + } + + if (glcf->upstream.ssl_verify) { + if (glcf->ssl_trusted_certificate.len == 0) { + ngx_log_error(NGX_LOG_EMERG, cf->log, 0, + "no grpc_ssl_trusted_certificate for grpc_ssl_verify"); + return NGX_ERROR; + } + + if (ngx_ssl_trusted_certificate(cf, glcf->upstream.ssl, + &glcf->ssl_trusted_certificate, + glcf->ssl_verify_depth) + != NGX_OK) + { + return NGX_ERROR; + } + + if (ngx_ssl_crl(cf, glcf->upstream.ssl, &glcf->ssl_crl) != NGX_OK) { + return NGX_ERROR; + } + } + +#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation + + if (SSL_CTX_set_alpn_protos(glcf->upstream.ssl->ctx, + (u_char *) "\x02h2", 3) + != 0) + { + ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, + "SSL_CTX_set_alpn_protos() failed"); + return NGX_ERROR; + } + +#endif + + return NGX_OK; +} + +#endif | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/http/modules/ngx_http_headers_filter_module.c ^ |
| @@ -56,7 +56,7 @@ ngx_http_headers_conf_t *conf); static ngx_int_t ngx_http_parse_expires(ngx_str_t *value, ngx_http_expires_t *expires, time_t *expires_time, char **err); -static ngx_int_t ngx_http_add_cache_control(ngx_http_request_t *r, +static ngx_int_t ngx_http_add_multi_header_lines(ngx_http_request_t *r, ngx_http_header_val_t *hv, ngx_str_t *value); static ngx_int_t ngx_http_add_header(ngx_http_request_t *r, ngx_http_header_val_t *hv, ngx_str_t *value); @@ -77,7 +77,13 @@ static ngx_http_set_header_t ngx_http_set_headers[] = { - { ngx_string("Cache-Control"), 0, ngx_http_add_cache_control }, + { ngx_string("Cache-Control"), + offsetof(ngx_http_headers_out_t, cache_control), + ngx_http_add_multi_header_lines }, + + { ngx_string("Link"), + offsetof(ngx_http_headers_out_t, link), + ngx_http_add_multi_header_lines }, { ngx_string("Last-Modified"), offsetof(ngx_http_headers_out_t, last_modified), @@ -555,42 +561,40 @@ static ngx_int_t -ngx_http_add_cache_control(ngx_http_request_t *r, ngx_http_header_val_t *hv, - ngx_str_t *value) +ngx_http_add_multi_header_lines(ngx_http_request_t *r, + ngx_http_header_val_t *hv, ngx_str_t *value) { - ngx_table_elt_t *cc, **ccp; + ngx_array_t *pa; + ngx_table_elt_t *h, **ph; if (value->len == 0) { return NGX_OK; } - ccp = r->headers_out.cache_control.elts; - - if (ccp == NULL) { + pa = (ngx_array_t *) ((char *) &r->headers_out + hv->offset); - if (ngx_array_init(&r->headers_out.cache_control, r->pool, - 1, sizeof(ngx_table_elt_t *)) - != NGX_OK) + if (pa->elts == NULL) { + if (ngx_array_init(pa, r->pool, 1, sizeof(ngx_table_elt_t *)) != NGX_OK) { return NGX_ERROR; } } - cc = ngx_list_push(&r->headers_out.headers); - if (cc == NULL) { + h = ngx_list_push(&r->headers_out.headers); + if (h == NULL) { return NGX_ERROR; } - cc->hash = 1; - ngx_str_set(&cc->key, "Cache-Control"); - cc->value = *value; + h->hash = 1; + h->key = hv->key; + h->value = *value; - ccp = ngx_array_push(&r->headers_out.cache_control); - if (ccp == NULL) { + ph = ngx_array_push(pa); + if (ph == NULL) { return NGX_ERROR; } - *ccp = cc; + *ph = h; return NGX_OK; } | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/http/modules/ngx_http_log_module.c ^ |
| @@ -90,6 +90,11 @@ } ngx_http_log_var_t; +#define NGX_HTTP_LOG_ESCAPE_DEFAULT 0 +#define NGX_HTTP_LOG_ESCAPE_JSON 1 +#define NGX_HTTP_LOG_ESCAPE_NONE 2 + + static void ngx_http_log_write(ngx_http_request_t *r, ngx_http_log_t *log, u_char *buf, size_t len); static ssize_t ngx_http_log_script_write(ngx_http_request_t *r, @@ -126,7 +131,7 @@ ngx_http_log_op_t *op); static ngx_int_t ngx_http_log_variable_compile(ngx_conf_t *cf, - ngx_http_log_op_t *op, ngx_str_t *value, ngx_uint_t json); + ngx_http_log_op_t *op, ngx_str_t *value, ngx_uint_t escape); static size_t ngx_http_log_variable_getlen(ngx_http_request_t *r, uintptr_t data); static u_char *ngx_http_log_variable(ngx_http_request_t *r, u_char *buf, @@ -136,6 +141,10 @@ uintptr_t data); static u_char *ngx_http_log_json_variable(ngx_http_request_t *r, u_char *buf, ngx_http_log_op_t *op); +static size_t ngx_http_log_unescaped_variable_getlen(ngx_http_request_t *r, + uintptr_t data); +static u_char *ngx_http_log_unescaped_variable(ngx_http_request_t *r, + u_char *buf, ngx_http_log_op_t *op); static void *ngx_http_log_create_main_conf(ngx_conf_t *cf); @@ -905,7 +914,7 @@ static ngx_int_t ngx_http_log_variable_compile(ngx_conf_t *cf, ngx_http_log_op_t *op, - ngx_str_t *value, ngx_uint_t json) + ngx_str_t *value, ngx_uint_t escape) { ngx_int_t index; @@ -916,11 +925,18 @@ op->len = 0; - if (json) { + switch (escape) { + case NGX_HTTP_LOG_ESCAPE_JSON: op->getlen = ngx_http_log_json_variable_getlen; op->run = ngx_http_log_json_variable; + break; - } else { + case NGX_HTTP_LOG_ESCAPE_NONE: + op->getlen = ngx_http_log_unescaped_variable_getlen; + op->run = ngx_http_log_unescaped_variable; + break; + + default: /* NGX_HTTP_LOG_ESCAPE_DEFAULT */ op->getlen = ngx_http_log_variable_getlen; op->run = ngx_http_log_variable; } @@ -1073,6 +1089,39 @@ } +static size_t +ngx_http_log_unescaped_variable_getlen(ngx_http_request_t *r, uintptr_t data) +{ + ngx_http_variable_value_t *value; + + value = ngx_http_get_indexed_variable(r, data); + + if (value == NULL || value->not_found) { + return 0; + } + + value->escape = 0; + + return value->len; +} + + +static u_char * +ngx_http_log_unescaped_variable(ngx_http_request_t *r, u_char *buf, + ngx_http_log_op_t *op) +{ + ngx_http_variable_value_t *value; + + value = ngx_http_get_indexed_variable(r, op->data); + + if (value == NULL || value->not_found) { + return buf; + } + + return ngx_cpymem(buf, value->data, value->len); +} + + static void * ngx_http_log_create_main_conf(ngx_conf_t *cf) { @@ -1536,18 +1585,21 @@ size_t i, len; ngx_str_t *value, var; ngx_int_t *flush; - ngx_uint_t bracket, json; + ngx_uint_t bracket, escape; ngx_http_log_op_t *op; ngx_http_log_var_t *v; - json = 0; + escape = NGX_HTTP_LOG_ESCAPE_DEFAULT; value = args->elts; if (s < args->nelts && ngx_strncmp(value[s].data, "escape=", 7) == 0) { data = value[s].data + 7; if (ngx_strcmp(data, "json") == 0) { - json = 1; + escape = NGX_HTTP_LOG_ESCAPE_JSON; + + } else if (ngx_strcmp(data, "none") == 0) { + escape = NGX_HTTP_LOG_ESCAPE_NONE; } else if (ngx_strcmp(data, "default") != 0) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, @@ -1636,7 +1688,7 @@ } } - if (ngx_http_log_variable_compile(cf, op, &var, json) + if (ngx_http_log_variable_compile(cf, op, &var, escape) != NGX_OK) { return NGX_CONF_ERROR; | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/http/modules/ngx_http_memcached_module.c ^ |
| @@ -592,8 +592,6 @@ * conf->upstream.bufs.num = 0; * conf->upstream.next_upstream = 0; * conf->upstream.temp_path = NULL; - * conf->upstream.uri = { 0, NULL }; - * conf->upstream.location = NULL; */ conf->upstream.local = NGX_CONF_UNSET_PTR; | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/http/modules/ngx_http_proxy_module.c ^ |
| @@ -1086,8 +1086,7 @@ return NGX_OK; - } else if (ctx->vars.uri.len == 0 && r->valid_unparsed_uri && r == r->main) - { + } else if (ctx->vars.uri.len == 0 && r->valid_unparsed_uri) { *key = r->unparsed_uri; u->uri = r->unparsed_uri; @@ -1096,7 +1095,7 @@ loc_len = (r->valid_location && ctx->vars.uri.len) ? plcf->location.len : 0; - if (r->quoted_uri || r->internal) { + if (r->quoted_uri || r->space_in_uri || r->internal) { escape = 2 * ngx_escape_uri(NULL, r->uri.data + loc_len, r->uri.len - loc_len, NGX_ESCAPE_URI); } else { @@ -1201,8 +1200,7 @@ if (plcf->proxy_lengths && ctx->vars.uri.len) { uri_len = ctx->vars.uri.len; - } else if (ctx->vars.uri.len == 0 && r->valid_unparsed_uri && r == r->main) - { + } else if (ctx->vars.uri.len == 0 && r->valid_unparsed_uri) { unparsed_uri = 1; uri_len = r->unparsed_uri.len; @@ -2323,36 +2321,6 @@ return NGX_ERROR; } - /* provide continuous buffer for subrequests in memory */ - - if (r->subrequest_in_memory) { - - cl = u->out_bufs; - - if (cl) { - buf->pos = cl->buf->pos; - } - - buf->last = buf->pos; - - for (cl = u->out_bufs; cl; cl = cl->next) { - ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, - "http proxy in memory %p-%p %O", - cl->buf->pos, cl->buf->last, ngx_buf_size(cl->buf)); - - if (buf->last == cl->buf->pos) { - buf->last = cl->buf->last; - continue; - } - - buf->last = ngx_movemem(buf->last, cl->buf->pos, - cl->buf->last - cl->buf->pos); - - cl->buf->pos = buf->last - (cl->buf->last - cl->buf->pos); - cl->buf->last = buf->last; - } - } - return NGX_OK; } @@ -2829,13 +2797,13 @@ * conf->upstream.cache_methods = 0; * conf->upstream.temp_path = NULL; * conf->upstream.hide_headers_hash = { NULL, 0 }; - * conf->upstream.uri = { 0, NULL }; - * conf->upstream.location = NULL; * conf->upstream.store_lengths = NULL; * conf->upstream.store_values = NULL; * conf->upstream.ssl_name = NULL; * * conf->method = NULL; + * conf->location = NULL; + * conf->url = { 0, NULL }; * conf->headers_source = NULL; * conf->headers.lengths = NULL; * conf->headers.values = NULL; | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/http/modules/ngx_http_ssi_filter_module.c ^ |
| @@ -2231,9 +2231,11 @@ { ngx_str_t *value = data; - if (r->upstream) { - value->len = r->upstream->buffer.last - r->upstream->buffer.pos; - value->data = r->upstream->buffer.pos; + if (r->headers_out.status < NGX_HTTP_SPECIAL_RESPONSE + && r->out && r->out->buf) + { + value->len = r->out->buf->last - r->out->buf->pos; + value->data = r->out->buf->pos; } return rc; | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/http/modules/ngx_http_upstream_keepalive_module.c ^ |
| @@ -340,6 +340,7 @@ pc->connection = NULL; if (c->read->timer_set) { + c->read->delayed = 0; ngx_del_timer(c->read); } if (c->write->timer_set) { | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/http/ngx_http_core_module.c ^ |
| @@ -399,6 +399,13 @@ offsetof(ngx_http_core_loc_conf_t, sendfile_max_chunk), NULL }, + { ngx_string("subrequest_output_buffer_size"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_conf_set_size_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_core_loc_conf_t, subrequest_output_buffer_size), + NULL }, + { ngx_string("aio"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, ngx_http_core_set_aio, @@ -2237,6 +2244,12 @@ return NGX_ERROR; } + if (r->subrequest_in_memory) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "nested in-memory subrequest \"%V\"", uri); + return NGX_ERROR; + } + sr = ngx_pcalloc(r->pool, sizeof(ngx_http_request_t)); if (sr == NULL) { return NGX_ERROR; @@ -2318,6 +2331,10 @@ sr->log_handler = r->log_handler; + if (sr->subrequest_in_memory) { + sr->filter_need_in_memory = 1; + } + if (!sr->background) { if (c->data == r && r->postponed == NULL) { c->data = sr; @@ -2363,6 +2380,7 @@ sr->method_name = r->method_name; sr->loc_conf = r->loc_conf; sr->valid_location = r->valid_location; + sr->valid_unparsed_uri = r->valid_unparsed_uri; sr->content_handler = r->content_handler; sr->phase_handler = r->phase_handler; sr->write_event_handler = ngx_http_core_run_phases; @@ -3355,6 +3373,7 @@ clcf->internal = NGX_CONF_UNSET; clcf->sendfile = NGX_CONF_UNSET; clcf->sendfile_max_chunk = NGX_CONF_UNSET_SIZE; + clcf->subrequest_output_buffer_size = NGX_CONF_UNSET_SIZE; clcf->aio = NGX_CONF_UNSET; clcf->aio_write = NGX_CONF_UNSET; #if (NGX_THREADS) @@ -3577,6 +3596,9 @@ ngx_conf_merge_value(conf->sendfile, prev->sendfile, 0); ngx_conf_merge_size_value(conf->sendfile_max_chunk, prev->sendfile_max_chunk, 0); + ngx_conf_merge_size_value(conf->subrequest_output_buffer_size, + prev->subrequest_output_buffer_size, + (size_t) ngx_pagesize); ngx_conf_merge_value(conf->aio, prev->aio, NGX_HTTP_AIO_OFF); ngx_conf_merge_value(conf->aio_write, prev->aio_write, 0); #if (NGX_THREADS) | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/http/ngx_http_core_module.h ^ |
| @@ -351,6 +351,8 @@ size_t limit_rate_after; /* limit_rate_after */ size_t sendfile_max_chunk; /* sendfile_max_chunk */ size_t read_ahead; /* read_ahead */ + size_t subrequest_output_buffer_size; + /* subrequest_output_buffer_size */ ngx_msec_t client_body_timeout; /* client_body_timeout */ ngx_msec_t send_timeout; /* send_timeout */ | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/http/ngx_http_postpone_filter_module.c ^ |
| @@ -12,6 +12,8 @@ static ngx_int_t ngx_http_postpone_filter_add(ngx_http_request_t *r, ngx_chain_t *in); +static ngx_int_t ngx_http_postpone_filter_in_memory(ngx_http_request_t *r, + ngx_chain_t *in); static ngx_int_t ngx_http_postpone_filter_init(ngx_conf_t *cf); @@ -60,6 +62,10 @@ ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0, "http postpone filter \"%V?%V\" %p", &r->uri, &r->args, in); + if (r->subrequest_in_memory) { + return ngx_http_postpone_filter_in_memory(r, in); + } + if (r != c->data) { if (in) { @@ -171,6 +177,78 @@ } +static ngx_int_t +ngx_http_postpone_filter_in_memory(ngx_http_request_t *r, ngx_chain_t *in) +{ + size_t len; + ngx_buf_t *b; + ngx_connection_t *c; + ngx_http_core_loc_conf_t *clcf; + + c = r->connection; + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, + "http postpone filter in memory"); + + if (r->out == NULL) { + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); + + if (r->headers_out.content_length_n != -1) { + len = r->headers_out.content_length_n; + + if (len > clcf->subrequest_output_buffer_size) { + ngx_log_error(NGX_LOG_ERR, c->log, 0, + "too big subrequest response: %uz", len); + return NGX_ERROR; + } + + } else { + len = clcf->subrequest_output_buffer_size; + } + + b = ngx_create_temp_buf(r->pool, len); + if (b == NULL) { + return NGX_ERROR; + } + + b->last_buf = 1; + + r->out = ngx_alloc_chain_link(r->pool); + if (r->out == NULL) { + return NGX_ERROR; + } + + r->out->buf = b; + r->out->next = NULL; + } + + b = r->out->buf; + + for ( /* void */ ; in; in = in->next) { + + if (ngx_buf_special(in->buf)) { + continue; + } + + len = in->buf->last - in->buf->pos; + + if (len > (size_t) (b->end - b->last)) { + ngx_log_error(NGX_LOG_ERR, c->log, 0, + "too big subrequest response"); + return NGX_ERROR; + } + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, + "http postpone filter in memory %uz bytes", len); + + b->last = ngx_cpymem(b->last, in->buf->pos, len); + in->buf->pos = in->buf->last; + } + + return NGX_OK; +} + + static ngx_int_t ngx_http_postpone_filter_init(ngx_conf_t *cf) { | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/http/ngx_http_request.c ^ |
| @@ -132,6 +132,10 @@ offsetof(ngx_http_headers_in_t, transfer_encoding), ngx_http_process_header_line }, + { ngx_string("TE"), + offsetof(ngx_http_headers_in_t, te), + ngx_http_process_header_line }, + { ngx_string("Expect"), offsetof(ngx_http_headers_in_t, expect), ngx_http_process_unique_header_line }, @@ -140,7 +144,7 @@ offsetof(ngx_http_headers_in_t, upgrade), ngx_http_process_header_line }, -#if (NGX_HTTP_GZIP) +#if (NGX_HTTP_GZIP || NGX_HTTP_HEADERS) { ngx_string("Accept-Encoding"), offsetof(ngx_http_headers_in_t, accept_encoding), ngx_http_process_header_line }, @@ -1902,7 +1906,7 @@ "client SSL certificate verify error: (%l:%s)", rc, X509_verify_cert_error_string(rc)); - ngx_ssl_remove_cached_session(sscf->ssl.ctx, + ngx_ssl_remove_cached_session(c->ssl->session_ctx, (SSL_get0_session(c->ssl->connection))); ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR); @@ -1916,7 +1920,7 @@ ngx_log_error(NGX_LOG_INFO, c->log, 0, "client sent no required SSL certificate"); - ngx_ssl_remove_cached_session(sscf->ssl.ctx, + ngx_ssl_remove_cached_session(c->ssl->session_ctx, (SSL_get0_session(c->ssl->connection))); ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT); | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/http/ngx_http_request.h ^ |
| @@ -197,10 +197,11 @@ ngx_table_elt_t *if_range; ngx_table_elt_t *transfer_encoding; + ngx_table_elt_t *te; ngx_table_elt_t *expect; ngx_table_elt_t *upgrade; -#if (NGX_HTTP_GZIP) +#if (NGX_HTTP_GZIP || NGX_HTTP_HEADERS) ngx_table_elt_t *accept_encoding; ngx_table_elt_t *via; #endif @@ -279,6 +280,7 @@ ngx_uint_t content_type_hash; ngx_array_t cache_control; + ngx_array_t link; off_t content_length_n; off_t content_offset; | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/http/ngx_http_upstream.c ^ |
| @@ -55,7 +55,7 @@ static ngx_int_t ngx_http_upstream_test_connect(ngx_connection_t *c); static ngx_int_t ngx_http_upstream_process_headers(ngx_http_request_t *r, ngx_http_upstream_t *u); -static void ngx_http_upstream_process_body_in_memory(ngx_http_request_t *r, +static ngx_int_t ngx_http_upstream_process_trailers(ngx_http_request_t *r, ngx_http_upstream_t *u); static void ngx_http_upstream_send_response(ngx_http_request_t *r, ngx_http_upstream_t *u); @@ -166,6 +166,8 @@ ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); static ngx_int_t ngx_http_upstream_header_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); +static ngx_int_t ngx_http_upstream_trailer_variable(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data); static ngx_int_t ngx_http_upstream_cookie_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); @@ -284,9 +286,10 @@ ngx_http_upstream_process_vary, 0, ngx_http_upstream_copy_header_line, 0, 0 }, - { ngx_string("X-Powered-By"), + { ngx_string("Link"), ngx_http_upstream_ignore_header_line, 0, - ngx_http_upstream_copy_header_line, 0, 0 }, + ngx_http_upstream_copy_multi_header_lines, + offsetof(ngx_http_headers_out_t, link), 0 }, { ngx_string("X-Accel-Expires"), ngx_http_upstream_process_accel_expires, 0, @@ -424,6 +427,9 @@ { ngx_string("upstream_http_"), NULL, ngx_http_upstream_header_variable, 0, NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_PREFIX, 0 }, + { ngx_string("upstream_trailer_"), NULL, ngx_http_upstream_trailer_variable, + 0, NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_PREFIX, 0 }, + { ngx_string("upstream_cookie_"), NULL, ngx_http_upstream_cookie_variable, 0, NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_PREFIX, 0 }, @@ -1047,6 +1053,13 @@ return NGX_ERROR; } + if (ngx_list_init(&u->headers_in.trailers, r->pool, 2, + sizeof(ngx_table_elt_t)) + != NGX_OK) + { + return NGX_ERROR; + } + rc = u->process_header(r); if (rc == NGX_OK) { @@ -1603,6 +1616,7 @@ u->request_sent = 0; u->request_body_sent = 0; + u->request_body_blocked = 0; if (rc == NGX_AGAIN) { ngx_add_timer(c->write, u->conf->connect_timeout); @@ -1884,6 +1898,13 @@ return NGX_ERROR; } + if (ngx_list_init(&u->headers_in.trailers, r->pool, 2, + sizeof(ngx_table_elt_t)) + != NGX_OK) + { + return NGX_ERROR; + } + /* reinit the request chain */ file_pos = 0; @@ -1974,7 +1995,7 @@ } if (rc == NGX_AGAIN) { - if (!c->write->ready) { + if (!c->write->ready || u->request_body_blocked) { ngx_add_timer(c->write, u->conf->send_timeout); } else if (c->write->timer_set) { @@ -1992,14 +2013,12 @@ /* rc == NGX_OK */ - u->request_body_sent = 1; - if (c->write->timer_set) { ngx_del_timer(c->write); } if (c->tcp_nopush == NGX_TCP_NOPUSH_SET) { - if (ngx_tcp_push(c->fd) == NGX_ERROR) { + if (ngx_tcp_push(c->fd) == -1) { ngx_log_error(NGX_LOG_CRIT, c->log, ngx_socket_errno, ngx_tcp_push_n " failed"); ngx_http_upstream_finalize_request(r, u, @@ -2010,7 +2029,9 @@ c->tcp_nopush = NGX_TCP_NOPUSH_UNSET; } - u->write_event_handler = ngx_http_upstream_dummy_handler; + if (!u->conf->preserve_output) { + u->write_event_handler = ngx_http_upstream_dummy_handler; + } if (ngx_handle_write_event(c->write, 0) != NGX_OK) { ngx_http_upstream_finalize_request(r, u, @@ -2018,11 +2039,19 @@ return; } - ngx_add_timer(c->read, u->conf->read_timeout); + if (!u->request_body_sent) { + u->request_body_sent = 1; - if (c->read->ready) { - ngx_http_upstream_process_header(r, u); - return; + if (u->header_sent) { + return; + } + + ngx_add_timer(c->read, u->conf->read_timeout); + + if (c->read->ready) { + ngx_http_upstream_process_header(r, u); + return; + } } } @@ -2051,7 +2080,16 @@ out = NULL; } - return ngx_output_chain(&u->output, out); + rc = ngx_output_chain(&u->output, out); + + if (rc == NGX_AGAIN) { + u->request_body_blocked = 1; + + } else { + u->request_body_blocked = 0; + } + + return rc; } if (!u->request_sent) { @@ -2092,6 +2130,13 @@ ngx_free_chain(r->pool, ln); } + if (rc == NGX_AGAIN) { + u->request_body_blocked = 1; + + } else { + u->request_body_blocked = 0; + } + if (rc == NGX_OK && !r->reading_body) { break; } @@ -2156,7 +2201,7 @@ #endif - if (u->header_sent) { + if (u->header_sent && !u->conf->preserve_output) { u->write_event_handler = ngx_http_upstream_dummy_handler; (void) ngx_handle_write_event(c->write, 0); @@ -2238,6 +2283,15 @@ return; } + if (ngx_list_init(&u->headers_in.trailers, r->pool, 2, + sizeof(ngx_table_elt_t)) + != NGX_OK) + { + ngx_http_upstream_finalize_request(r, u, + NGX_HTTP_INTERNAL_SERVER_ERROR); + return; + } + #if (NGX_HTTP_CACHE) if (r->cache) { @@ -2334,52 +2388,15 @@ return; } - if (!r->subrequest_in_memory) { - ngx_http_upstream_send_response(r, u); - return; - } - - /* subrequest content in memory */ - - if (u->input_filter == NULL) { - u->input_filter_init = ngx_http_upstream_non_buffered_filter_init; - u->input_filter = ngx_http_upstream_non_buffered_filter; - u->input_filter_ctx = r; - } - - if (u->input_filter_init(u->input_filter_ctx) == NGX_ERROR) { - ngx_http_upstream_finalize_request(r, u, NGX_ERROR); - return; - } - - n = u->buffer.last - u->buffer.pos; - - if (n) { - u->buffer.last = u->buffer.pos; - - u->state->response_length += n; - - if (u->input_filter(u->input_filter_ctx, n) == NGX_ERROR) { - ngx_http_upstream_finalize_request(r, u, NGX_ERROR); - return; - } - } - - if (u->length == 0) { - ngx_http_upstream_finalize_request(r, u, 0); - return; - } - - u->read_event_handler = ngx_http_upstream_process_body_in_memory; - - ngx_http_upstream_process_body_in_memory(r, u); + ngx_http_upstream_send_response(r, u); } static ngx_int_t ngx_http_upstream_test_next(ngx_http_request_t *r, ngx_http_upstream_t *u) { - ngx_uint_t status; + ngx_msec_t timeout; + ngx_uint_t status, mask; ngx_http_upstream_next_t *un; status = u->headers_in.status_n; @@ -2390,7 +2407,22 @@ continue; } - if (u->peer.tries > 1 && (u->conf->next_upstream & un->mask)) { + timeout = u->conf->next_upstream_timeout; + + if (u->request_sent + && (r->method & (NGX_HTTP_POST|NGX_HTTP_LOCK|NGX_HTTP_PATCH))) + { + mask = un->mask | NGX_HTTP_UPSTREAM_FT_NON_IDEMPOTENT; + + } else { + mask = un->mask; + } + + if (u->peer.tries > 1 + && ((u->conf->next_upstream & mask) == mask) + && !(u->request_sent && r->request_body_no_buffering) + && !(timeout && ngx_current_msec - u->peer.start_time >= timeout)) + { ngx_http_upstream_next(r, u, un->mask); return NGX_OK; } @@ -2774,81 +2806,48 @@ } -static void -ngx_http_upstream_process_body_in_memory(ngx_http_request_t *r, +static ngx_int_t +ngx_http_upstream_process_trailers(ngx_http_request_t *r, ngx_http_upstream_t *u) { - size_t size; - ssize_t n; - ngx_buf_t *b; - ngx_event_t *rev; - ngx_connection_t *c; - - c = u->peer.connection; - rev = c->read; + ngx_uint_t i; + ngx_list_part_t *part; + ngx_table_elt_t *h, *ho; - ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, - "http upstream process body in memory"); - - if (rev->timedout) { - ngx_connection_error(c, NGX_ETIMEDOUT, "upstream timed out"); - ngx_http_upstream_finalize_request(r, u, NGX_HTTP_GATEWAY_TIME_OUT); - return; + if (!u->conf->pass_trailers) { + return NGX_OK; } - b = &u->buffer; - - for ( ;; ) { - - size = b->end - b->last; - - if (size == 0) { - ngx_log_error(NGX_LOG_ALERT, c->log, 0, - "upstream buffer is too small to read response"); - ngx_http_upstream_finalize_request(r, u, NGX_ERROR); - return; - } + part = &u->headers_in.trailers.part; + h = part->elts; - n = c->recv(c, b->last, size); + for (i = 0; /* void */; i++) { - if (n == NGX_AGAIN) { - break; - } + if (i >= part->nelts) { + if (part->next == NULL) { + break; + } - if (n == 0 || n == NGX_ERROR) { - ngx_http_upstream_finalize_request(r, u, n); - return; + part = part->next; + h = part->elts; + i = 0; } - u->state->bytes_received += n; - u->state->response_length += n; - - if (u->input_filter(u->input_filter_ctx, n) == NGX_ERROR) { - ngx_http_upstream_finalize_request(r, u, NGX_ERROR); - return; + if (ngx_hash_find(&u->conf->hide_headers_hash, h[i].hash, + h[i].lowcase_key, h[i].key.len)) + { + continue; } - if (!rev->ready) { - break; + ho = ngx_list_push(&r->headers_out.trailers); + if (ho == NULL) { + return NGX_ERROR; } - } - if (u->length == 0) { - ngx_http_upstream_finalize_request(r, u, 0); - return; - } - - if (ngx_handle_read_event(rev, 0) != NGX_OK) { - ngx_http_upstream_finalize_request(r, u, NGX_ERROR); - return; + *ho = h[i]; } - if (rev->active) { - ngx_add_timer(rev, u->conf->read_timeout); - - } else if (rev->timer_set) { - ngx_del_timer(rev); - } + return NGX_OK; } @@ -3533,7 +3532,7 @@ if (do_write) { - if (u->out_bufs || u->busy_bufs) { + if (u->out_bufs || u->busy_bufs || downstream->buffered) { rc = ngx_http_output_filter(r, u->out_bufs); if (rc == NGX_ERROR) { @@ -4358,12 +4357,6 @@ #endif - if (r->subrequest_in_memory - && u->headers_in.status_n >= NGX_HTTP_SPECIAL_RESPONSE) - { - u->buffer.last = u->buffer.pos; - } - r->read_event_handler = ngx_http_block_reading; if (rc == NGX_DECLINED) { @@ -4374,8 +4367,7 @@ if (!u->header_sent || rc == NGX_HTTP_REQUEST_TIME_OUT - || rc == NGX_HTTP_CLIENT_CLOSED_REQUEST - || (u->pipe && u->pipe->downstream_error)) + || rc == NGX_HTTP_CLIENT_CLOSED_REQUEST) { ngx_http_finalize_request(r, rc); return; @@ -4388,12 +4380,20 @@ flush = 1; } - if (r->header_only) { + if (r->header_only + || (u->pipe && u->pipe->downstream_error)) + { ngx_http_finalize_request(r, rc); return; } if (rc == 0) { + + if (ngx_http_upstream_process_trailers(r, u) != NGX_OK) { + ngx_http_finalize_request(r, NGX_ERROR); + return; + } + rc = ngx_http_send_special(r, NGX_HTTP_LAST); } else if (flush) { @@ -5504,6 +5504,21 @@ static ngx_int_t +ngx_http_upstream_trailer_variable(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data) +{ + if (r->upstream == NULL) { + v->not_found = 1; + return NGX_OK; + } + + return ngx_http_variable_unknown_header(v, (ngx_str_t *) data, + &r->upstream->headers_in.trailers.part, + sizeof("upstream_trailer_") - 1); +} + + +static ngx_int_t ngx_http_upstream_cookie_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data) { @@ -6078,6 +6093,12 @@ if (cf->args->nelts > 2) { if (ngx_strcmp(value[2].data, "transparent") == 0) { #if (NGX_HAVE_TRANSPARENT_PROXY) + ngx_core_conf_t *ccf; + + ccf = (ngx_core_conf_t *) ngx_get_conf(cf->cycle->conf_ctx, + ngx_core_module); + + ccf->transparent = 1; local->transparent = 1; #else ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/http/ngx_http_upstream.h ^ |
| @@ -61,6 +61,7 @@ ngx_msec_t response_time; ngx_msec_t connect_time; ngx_msec_t header_time; + ngx_msec_t queue_time; off_t response_length; off_t bytes_received; @@ -221,6 +222,8 @@ signed store:2; unsigned intercept_404:1; unsigned change_buffering:1; + unsigned pass_trailers:1; + unsigned preserve_output:1; #if (NGX_HTTP_SSL || NGX_COMPAT) ngx_ssl_t *ssl; @@ -250,6 +253,7 @@ typedef struct { ngx_list_t headers; + ngx_list_t trailers; ngx_uint_t status_n; ngx_str_t status_line; @@ -388,6 +392,7 @@ unsigned request_sent:1; unsigned request_body_sent:1; + unsigned request_body_blocked:1; unsigned header_sent:1; }; | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/http/ngx_http_variables.c ^ |
| @@ -318,6 +318,9 @@ { ngx_string("sent_http_cache_control"), NULL, ngx_http_variable_headers, offsetof(ngx_http_request_t, headers_out.cache_control), 0, 0 }, + { ngx_string("sent_http_link"), NULL, ngx_http_variable_headers, + offsetof(ngx_http_request_t, headers_out.link), 0, 0 }, + { ngx_string("limit_rate"), ngx_http_variable_request_set_size, ngx_http_variable_request_get_size, offsetof(ngx_http_request_t, limit_rate), @@ -426,7 +429,9 @@ return NULL; } - v->flags &= flags | ~NGX_HTTP_VAR_WEAK; + if (!(flags & NGX_HTTP_VAR_WEAK)) { + v->flags &= ~NGX_HTTP_VAR_WEAK; + } return v; } @@ -491,7 +496,9 @@ return NULL; } - v->flags &= flags | ~NGX_HTTP_VAR_WEAK; + if (!(flags & NGX_HTTP_VAR_WEAK)) { + v->flags &= ~NGX_HTTP_VAR_WEAK; + } return v; } | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/http/v2/ngx_http_v2.c ^ |
| @@ -11,6 +11,14 @@ #include <ngx_http_v2_module.h> +typedef struct { + ngx_str_t name; + ngx_uint_t offset; + ngx_uint_t hash; + ngx_http_header_t *hh; +} ngx_http_v2_parse_header_t; + + /* errors */ #define NGX_HTTP_V2_NO_ERROR 0x0 #define NGX_HTTP_V2_PROTOCOL_ERROR 0x1 @@ -35,20 +43,17 @@ #define NGX_HTTP_V2_GOAWAY_SIZE 8 #define NGX_HTTP_V2_WINDOW_UPDATE_SIZE 4 -#define NGX_HTTP_V2_STREAM_ID_SIZE 4 - #define NGX_HTTP_V2_SETTINGS_PARAM_SIZE 6 /* settings fields */ #define NGX_HTTP_V2_HEADER_TABLE_SIZE_SETTING 0x1 +#define NGX_HTTP_V2_ENABLE_PUSH_SETTING 0x2 #define NGX_HTTP_V2_MAX_STREAMS_SETTING 0x3 #define NGX_HTTP_V2_INIT_WINDOW_SIZE_SETTING 0x4 #define NGX_HTTP_V2_MAX_FRAME_SIZE_SETTING 0x5 #define NGX_HTTP_V2_FRAME_BUFFER_SIZE 24 -#define NGX_HTTP_V2_DEFAULT_FRAME_SIZE (1 << 14) - #define NGX_HTTP_V2_ROOT (void *) -1 @@ -121,7 +126,7 @@ u_char **pos, u_char *end, ngx_uint_t prefix); static ngx_http_v2_stream_t *ngx_http_v2_create_stream( - ngx_http_v2_connection_t *h2c); + ngx_http_v2_connection_t *h2c, ngx_uint_t push); static ngx_http_v2_node_t *ngx_http_v2_get_node_by_id( ngx_http_v2_connection_t *h2c, ngx_uint_t sid, ngx_uint_t alloc); static ngx_http_v2_node_t *ngx_http_v2_get_closed_node( @@ -150,18 +155,21 @@ static ngx_int_t ngx_http_v2_pseudo_header(ngx_http_request_t *r, ngx_http_v2_header_t *header); static ngx_int_t ngx_http_v2_parse_path(ngx_http_request_t *r, - ngx_http_v2_header_t *header); + ngx_str_t *value); static ngx_int_t ngx_http_v2_parse_method(ngx_http_request_t *r, - ngx_http_v2_header_t *header); + ngx_str_t *value); static ngx_int_t ngx_http_v2_parse_scheme(ngx_http_request_t *r, - ngx_http_v2_header_t *header); + ngx_str_t *value); static ngx_int_t ngx_http_v2_parse_authority(ngx_http_request_t *r, - ngx_http_v2_header_t *header); + ngx_str_t *value); +static ngx_int_t ngx_http_v2_parse_header(ngx_http_request_t *r, + ngx_http_v2_parse_header_t *header, ngx_str_t *value); static ngx_int_t ngx_http_v2_construct_request_line(ngx_http_request_t *r); static ngx_int_t ngx_http_v2_cookie(ngx_http_request_t *r, ngx_http_v2_header_t *header); static ngx_int_t ngx_http_v2_construct_cookie_header(ngx_http_request_t *r); static void ngx_http_v2_run_request(ngx_http_request_t *r); +static void ngx_http_v2_run_request_handler(ngx_event_t *ev); static ngx_int_t ngx_http_v2_process_request_body(ngx_http_request_t *r, u_char *pos, size_t size, ngx_uint_t last); static ngx_int_t ngx_http_v2_filter_request_body(ngx_http_request_t *r); @@ -185,22 +193,39 @@ static ngx_http_v2_handler_pt ngx_http_v2_frame_states[] = { - ngx_http_v2_state_data, - ngx_http_v2_state_headers, - ngx_http_v2_state_priority, - ngx_http_v2_state_rst_stream, - ngx_http_v2_state_settings, - ngx_http_v2_state_push_promise, - ngx_http_v2_state_ping, - ngx_http_v2_state_goaway, - ngx_http_v2_state_window_update, - ngx_http_v2_state_continuation + ngx_http_v2_state_data, /* NGX_HTTP_V2_DATA_FRAME */ + ngx_http_v2_state_headers, /* NGX_HTTP_V2_HEADERS_FRAME */ + ngx_http_v2_state_priority, /* NGX_HTTP_V2_PRIORITY_FRAME */ + ngx_http_v2_state_rst_stream, /* NGX_HTTP_V2_RST_STREAM_FRAME */ + ngx_http_v2_state_settings, /* NGX_HTTP_V2_SETTINGS_FRAME */ + ngx_http_v2_state_push_promise, /* NGX_HTTP_V2_PUSH_PROMISE_FRAME */ + ngx_http_v2_state_ping, /* NGX_HTTP_V2_PING_FRAME */ + ngx_http_v2_state_goaway, /* NGX_HTTP_V2_GOAWAY_FRAME */ + ngx_http_v2_state_window_update, /* NGX_HTTP_V2_WINDOW_UPDATE_FRAME */ + ngx_http_v2_state_continuation /* NGX_HTTP_V2_CONTINUATION_FRAME */ }; #define NGX_HTTP_V2_FRAME_STATES \ (sizeof(ngx_http_v2_frame_states) / sizeof(ngx_http_v2_handler_pt)) +static ngx_http_v2_parse_header_t ngx_http_v2_parse_headers[] = { + { ngx_string("host"), + offsetof(ngx_http_headers_in_t, host), 0, NULL }, + + { ngx_string("accept-encoding"), + offsetof(ngx_http_headers_in_t, accept_encoding), 0, NULL }, + + { ngx_string("accept-language"), + offsetof(ngx_http_headers_in_t, accept_language), 0, NULL }, + + { ngx_string("user-agent"), + offsetof(ngx_http_headers_in_t, user_agent), 0, NULL }, + + { ngx_null_string, 0, 0, NULL } +}; + + void ngx_http_v2_init(ngx_event_t *rev) { @@ -249,6 +274,8 @@ h2scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v2_module); + h2c->concurrent_pushes = h2scf->concurrent_pushes; + h2c->pool = ngx_create_pool(h2scf->pool_size, h2c->connection->log); if (h2c->pool == NULL) { ngx_http_close_connection(c); @@ -366,7 +393,9 @@ break; } - if (n == 0 && (h2c->state.incomplete || h2c->processing)) { + if (n == 0 + && (h2c->state.incomplete || h2c->processing || h2c->pushing)) + { ngx_log_error(NGX_LOG_INFO, c->log, 0, "client prematurely closed connection"); } @@ -405,7 +434,7 @@ h2c->blocked = 0; - if (h2c->processing) { + if (h2c->processing || h2c->pushing) { if (rev->timer_set) { ngx_del_timer(rev); } @@ -589,7 +618,7 @@ ngx_connection_t *c; ngx_http_v2_srv_conf_t *h2scf; - if (h2c->last_out || h2c->processing) { + if (h2c->last_out || h2c->processing || h2c->pushing) { return; } @@ -752,8 +781,8 @@ type, h2c->state.flags, h2c->state.length, h2c->state.sid); if (type >= NGX_HTTP_V2_FRAME_STATES) { - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, - "http2 frame with unknown type %ui", type); + ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, + "client sent frame with unknown type %ui", type); return ngx_http_v2_state_skip(h2c, pos, end); } @@ -1046,7 +1075,7 @@ depend = 0; excl = 0; - weight = 16; + weight = NGX_HTTP_V2_DEFAULT_WEIGHT; if (priority) { dependency = ngx_http_v2_parse_uint32(pos); @@ -1059,7 +1088,8 @@ } ngx_log_debug4(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, - "http2 HEADERS frame sid:%ui on %ui excl:%ui weight:%ui", + "http2 HEADERS frame sid:%ui " + "depends on %ui excl:%ui weight:%ui", h2c->state.sid, depend, excl, weight); if (h2c->state.sid % 2 == 0 || h2c->state.sid <= h2c->last_sid) { @@ -1122,7 +1152,7 @@ h2c->closed_nodes--; } - stream = ngx_http_v2_create_stream(h2c); + stream = ngx_http_v2_create_stream(h2c, 0); if (stream == NULL) { return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_INTERNAL_ERROR); } @@ -1582,14 +1612,7 @@ } if (rc == NGX_DECLINED) { - if (ngx_http_v2_terminate_stream(h2c, h2c->state.stream, - NGX_HTTP_V2_PROTOCOL_ERROR) - == NGX_ERROR) - { - return ngx_http_v2_connection_error(h2c, - NGX_HTTP_V2_INTERNAL_ERROR); - } - + ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); goto error; } @@ -1788,7 +1811,8 @@ pos += NGX_HTTP_V2_PRIORITY_SIZE; ngx_log_debug4(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, - "http2 PRIORITY frame sid:%ui on %ui excl:%ui weight:%ui", + "http2 PRIORITY frame sid:%ui " + "depends on %ui excl:%ui weight:%ui", h2c->state.sid, depend, excl, weight); if (h2c->state.sid == 0) { @@ -1914,6 +1938,11 @@ "client canceled stream %ui", h2c->state.sid); break; + case NGX_HTTP_V2_REFUSED_STREAM: + ngx_log_error(NGX_LOG_INFO, fc->log, 0, + "client refused stream %ui", h2c->state.sid); + break; + case NGX_HTTP_V2_INTERNAL_ERROR: ngx_log_error(NGX_LOG_INFO, fc->log, 0, "client terminated stream %ui due to internal error", @@ -1961,6 +1990,9 @@ return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR); } + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, + "http2 SETTINGS frame"); + return ngx_http_v2_state_settings_params(h2c, pos, end); } @@ -1971,6 +2003,7 @@ { ssize_t window_delta; ngx_uint_t id, value; + ngx_http_v2_srv_conf_t *h2scf; ngx_http_v2_out_frame_t *frame; window_delta = 0; @@ -1986,6 +2019,9 @@ id = ngx_http_v2_parse_uint16(pos); value = ngx_http_v2_parse_uint32(&pos[2]); + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, + "http2 setting %ui:%ui", id, value); + switch (id) { case NGX_HTTP_V2_INIT_WINDOW_SIZE_SETTING: @@ -2000,8 +2036,6 @@ } window_delta = value - h2c->init_window; - - h2c->init_window = value; break; case NGX_HTTP_V2_MAX_FRAME_SIZE_SETTING: @@ -2020,6 +2054,27 @@ h2c->frame_size = value; break; + case NGX_HTTP_V2_ENABLE_PUSH_SETTING: + + if (value > 1) { + ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, + "client sent SETTINGS frame with incorrect " + "ENABLE_PUSH value %ui", value); + + return ngx_http_v2_connection_error(h2c, + NGX_HTTP_V2_PROTOCOL_ERROR); + } + + h2c->push_disabled = !value; + break; + + case NGX_HTTP_V2_MAX_STREAMS_SETTING: + h2scf = ngx_http_get_module_srv_conf(h2c->http_connection->conf_ctx, + ngx_http_v2_module); + + h2c->concurrent_pushes = ngx_min(value, h2scf->concurrent_pushes); + break; + default: break; } @@ -2037,6 +2092,8 @@ ngx_http_v2_queue_ordered_frame(h2c, frame); if (window_delta) { + h2c->init_window += window_delta; + if (ngx_http_v2_adjust_windows(h2c, window_delta) != NGX_OK) { return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_INTERNAL_ERROR); @@ -2076,8 +2133,8 @@ return ngx_http_v2_state_save(h2c, pos, end, ngx_http_v2_state_ping); } - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, - "http2 PING frame, flags: %ud", h2c->state.flags); + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, + "http2 PING frame"); if (h2c->state.flags & NGX_HTTP_V2_ACK_FLAG) { return ngx_http_v2_state_skip(h2c, pos, end); @@ -2485,6 +2542,166 @@ } +ngx_http_v2_stream_t * +ngx_http_v2_push_stream(ngx_http_v2_stream_t *parent, ngx_str_t *path) +{ + ngx_int_t rc; + ngx_str_t value; + ngx_pool_t *pool; + ngx_uint_t index; + ngx_table_elt_t **h; + ngx_connection_t *fc; + ngx_http_request_t *r; + ngx_http_v2_node_t *node; + ngx_http_v2_stream_t *stream; + ngx_http_v2_srv_conf_t *h2scf; + ngx_http_v2_connection_t *h2c; + ngx_http_v2_parse_header_t *header; + + h2c = parent->connection; + + pool = ngx_create_pool(1024, h2c->connection->log); + if (pool == NULL) { + goto rst_stream; + } + + node = ngx_http_v2_get_node_by_id(h2c, h2c->last_push, 1); + + if (node == NULL) { + ngx_destroy_pool(pool); + goto rst_stream; + } + + stream = ngx_http_v2_create_stream(h2c, 1); + if (stream == NULL) { + + if (node->parent == NULL) { + h2scf = ngx_http_get_module_srv_conf(h2c->http_connection->conf_ctx, + ngx_http_v2_module); + + index = ngx_http_v2_index(h2scf, h2c->last_push); + h2c->streams_index[index] = node->index; + + ngx_queue_insert_tail(&h2c->closed, &node->reuse); + h2c->closed_nodes++; + } + + ngx_destroy_pool(pool); + goto rst_stream; + } + + if (node->parent) { + ngx_queue_remove(&node->reuse); + h2c->closed_nodes--; + } + + stream->pool = pool; + + r = stream->request; + fc = r->connection; + + stream->in_closed = 1; + stream->node = node; + + node->stream = stream; + + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, + "http2 push stream sid:%ui " + "depends on %ui excl:0 weight:16", + h2c->last_push, parent->node->id); + + node->weight = NGX_HTTP_V2_DEFAULT_WEIGHT; + ngx_http_v2_set_dependency(h2c, node, parent->node->id, 0); + + r->method_name = ngx_http_core_get_method; + r->method = NGX_HTTP_GET; + + r->schema_start = (u_char *) "https"; + +#if (NGX_HTTP_SSL) + if (fc->ssl) { + r->schema_end = r->schema_start + 5; + + } else +#endif + { + r->schema_end = r->schema_start + 4; + } + + value.data = ngx_pstrdup(pool, path); + if (value.data == NULL) { + goto close; + } + + value.len = path->len; + + rc = ngx_http_v2_parse_path(r, &value); + + if (rc != NGX_OK) { + goto error; + } + + for (header = ngx_http_v2_parse_headers; header->name.len; header++) { + h = (ngx_table_elt_t **) + ((char *) &parent->request->headers_in + header->offset); + + if (*h == NULL) { + continue; + } + + value.len = (*h)->value.len; + + value.data = ngx_pnalloc(pool, value.len + 1); + if (value.data == NULL) { + goto close; + } + + ngx_memcpy(value.data, (*h)->value.data, value.len); + value.data[value.len] = '\0'; + + rc = ngx_http_v2_parse_header(r, header, &value); + + if (rc != NGX_OK) { + goto error; + } + } + + fc->write->handler = ngx_http_v2_run_request_handler; + ngx_post_event(fc->write, &ngx_posted_events); + + return stream; + +error: + + if (rc == NGX_ABORT) { + /* header handler has already finalized request */ + return NULL; + } + + if (rc == NGX_DECLINED) { + ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); + return NULL; + } + +close: + + ngx_http_v2_close_stream(stream, NGX_HTTP_INTERNAL_SERVER_ERROR); + + return NULL; + +rst_stream: + + if (ngx_http_v2_send_rst_stream(h2c, h2c->last_push, + NGX_HTTP_INTERNAL_SERVER_ERROR) + != NGX_OK) + { + h2c->connection->error = 1; + } + + return NULL; +} + + static ngx_int_t ngx_http_v2_send_settings(ngx_http_v2_connection_t *h2c) { @@ -2745,7 +2962,7 @@ static ngx_http_v2_stream_t * -ngx_http_v2_create_stream(ngx_http_v2_connection_t *h2c) +ngx_http_v2_create_stream(ngx_http_v2_connection_t *h2c, ngx_uint_t push) { ngx_log_t *log; ngx_event_t *rev, *wev; @@ -2800,7 +3017,13 @@ ngx_memcpy(log, h2c->connection->log, sizeof(ngx_log_t)); log->data = ctx; - log->action = "reading client request headers"; + + if (push) { + log->action = "processing pushed request headers"; + + } else { + log->action = "reading client request headers"; + } ngx_memzero(rev, sizeof(ngx_event_t)); @@ -2872,7 +3095,12 @@ stream->send_window = h2c->init_window; stream->recv_window = h2scf->preread_size; - h2c->processing++; + if (push) { + h2c->pushing++; + + } else { + h2c->processing++; + } return stream; } @@ -3030,19 +3258,9 @@ continue; } - switch (ch) { - case '\0': - case LF: - case CR: - case ':': - ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, - "client sent invalid header name: \"%V\"", - &header->name); - - return NGX_ERROR; - } - - if (ch >= 'A' && ch <= 'Z') { + if (ch == '\0' || ch == LF || ch == CR || ch == ':' + || (ch >= 'A' && ch <= 'Z')) + { ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, "client sent invalid header name: \"%V\"", &header->name); @@ -3056,10 +3274,7 @@ for (i = 0; i != header->value.len; i++) { ch = header->value.data[i]; - switch (ch) { - case '\0': - case LF: - case CR: + if (ch == '\0' || ch == LF || ch == CR) { ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, "client sent header \"%V\" with " "invalid value: \"%V\"", @@ -3084,7 +3299,7 @@ if (ngx_memcmp(header->name.data, "path", sizeof("path") - 1) == 0) { - return ngx_http_v2_parse_path(r, header); + return ngx_http_v2_parse_path(r, &header->value); } break; @@ -3093,13 +3308,13 @@ if (ngx_memcmp(header->name.data, "method", sizeof("method") - 1) == 0) { - return ngx_http_v2_parse_method(r, header); + return ngx_http_v2_parse_method(r, &header->value); } if (ngx_memcmp(header->name.data, "scheme", sizeof("scheme") - 1) == 0) { - return ngx_http_v2_parse_scheme(r, header); + return ngx_http_v2_parse_scheme(r, &header->value); } break; @@ -3108,7 +3323,7 @@ if (ngx_memcmp(header->name.data, "authority", sizeof("authority") - 1) == 0) { - return ngx_http_v2_parse_authority(r, header); + return ngx_http_v2_parse_authority(r, &header->value); } break; @@ -3123,7 +3338,7 @@ static ngx_int_t -ngx_http_v2_parse_path(ngx_http_request_t *r, ngx_http_v2_header_t *header) +ngx_http_v2_parse_path(ngx_http_request_t *r, ngx_str_t *value) { if (r->unparsed_uri.len) { ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, @@ -3132,20 +3347,19 @@ return NGX_DECLINED; } - if (header->value.len == 0) { + if (value->len == 0) { ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, "client sent empty :path header"); return NGX_DECLINED; } - r->uri_start = header->value.data; - r->uri_end = header->value.data + header->value.len; + r->uri_start = value->data; + r->uri_end = value->data + value->len; if (ngx_http_parse_uri(r) != NGX_OK) { ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, - "client sent invalid :path header: \"%V\"", - &header->value); + "client sent invalid :path header: \"%V\"", value); return NGX_DECLINED; } @@ -3163,7 +3377,7 @@ static ngx_int_t -ngx_http_v2_parse_method(ngx_http_request_t *r, ngx_http_v2_header_t *header) +ngx_http_v2_parse_method(ngx_http_request_t *r, ngx_str_t *value) { size_t k, len; ngx_uint_t n; @@ -3203,15 +3417,15 @@ return NGX_DECLINED; } - if (header->value.len == 0) { + if (value->len == 0) { ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, "client sent empty :method header"); return NGX_DECLINED; } - r->method_name.len = header->value.len; - r->method_name.data = header->value.data; + r->method_name.len = value->len; + r->method_name.data = value->data; len = r->method_name.len; n = sizeof(tests) / sizeof(tests[0]); @@ -3258,7 +3472,7 @@ static ngx_int_t -ngx_http_v2_parse_scheme(ngx_http_request_t *r, ngx_http_v2_header_t *header) +ngx_http_v2_parse_scheme(ngx_http_request_t *r, ngx_str_t *value) { if (r->schema_start) { ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, @@ -3267,58 +3481,62 @@ return NGX_DECLINED; } - if (header->value.len == 0) { + if (value->len == 0) { ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, "client sent empty :scheme header"); return NGX_DECLINED; } - r->schema_start = header->value.data; - r->schema_end = header->value.data + header->value.len; + r->schema_start = value->data; + r->schema_end = value->data + value->len; return NGX_OK; } static ngx_int_t -ngx_http_v2_parse_authority(ngx_http_request_t *r, ngx_http_v2_header_t *header) +ngx_http_v2_parse_authority(ngx_http_request_t *r, ngx_str_t *value) +{ + return ngx_http_v2_parse_header(r, &ngx_http_v2_parse_headers[0], value); +} + + +static ngx_int_t +ngx_http_v2_parse_header(ngx_http_request_t *r, + ngx_http_v2_parse_header_t *header, ngx_str_t *value) { ngx_table_elt_t *h; - ngx_http_header_t *hh; ngx_http_core_main_conf_t *cmcf; - static ngx_str_t host = ngx_string("host"); - h = ngx_list_push(&r->headers_in.headers); if (h == NULL) { return NGX_ERROR; } - h->hash = ngx_hash_key(host.data, host.len); + h->key.len = header->name.len; + h->key.data = header->name.data; + h->lowcase_key = header->name.data; - h->key.len = host.len; - h->key.data = host.data; + if (header->hh == NULL) { + header->hash = ngx_hash_key(header->name.data, header->name.len); - h->value.len = header->value.len; - h->value.data = header->value.data; - - h->lowcase_key = host.data; + cmcf = ngx_http_get_module_main_conf(r, ngx_http_core_module); - cmcf = ngx_http_get_module_main_conf(r, ngx_http_core_module); + header->hh = ngx_hash_find(&cmcf->headers_in_hash, header->hash, + h->lowcase_key, h->key.len); + if (header->hh == NULL) { + return NGX_ERROR; + } + } - hh = ngx_hash_find(&cmcf->headers_in_hash, h->hash, - h->lowcase_key, h->key.len); + h->hash = header->hash; - if (hh == NULL) { - return NGX_ERROR; - } + h->value.len = value->len; + h->value.data = value->data; - if (hh->handler(r, h, hh->offset) != NGX_OK) { - /* - * request has been finalized already - * in ngx_http_process_host() - */ + if (header->hh->handler(r, h, header->hh->offset) != NGX_OK) { + /* header handler has already finalized request */ return NGX_ABORT; } @@ -3343,7 +3561,7 @@ } else if (r->schema_start == NULL) { ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, - "client sent no :schema header"); + "client sent no :scheme header"); } else { ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, @@ -3468,7 +3686,8 @@ return NGX_ERROR; } - h->hash = ngx_hash_key(cookie.data, cookie.len); + h->hash = ngx_hash(ngx_hash(ngx_hash(ngx_hash( + ngx_hash('c', 'o'), 'o'), 'k'), 'i'), 'e'); h->key.len = cookie.len; h->key.data = cookie.data; @@ -3535,6 +3754,22 @@ } +static void +ngx_http_v2_run_request_handler(ngx_event_t *ev) +{ + ngx_connection_t *fc; + ngx_http_request_t *r; + + fc = ev->data; + r = fc->data; + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, fc->log, 0, + "http2 run request handler"); + + ngx_http_v2_run_request(r); +} + + ngx_int_t ngx_http_v2_read_request_body(ngx_http_request_t *r) { @@ -3694,8 +3929,8 @@ } else { if (size > (size_t) (buf->end - buf->last)) { ngx_log_error(NGX_LOG_INFO, fc->log, 0, - "client intended to send body data " - "larger than declared"); + "client intended to send body data " + "larger than declared"); return NGX_HTTP_BAD_REQUEST; } @@ -4006,6 +4241,7 @@ ngx_http_v2_close_stream(ngx_http_v2_stream_t *stream, ngx_int_t rc) { ngx_pool_t *pool; + ngx_uint_t push; ngx_event_t *ev; ngx_connection_t *fc; ngx_http_v2_node_t *node; @@ -4014,9 +4250,10 @@ h2c = stream->connection; node = stream->node; - ngx_log_debug3(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, - "http2 close stream %ui, queued %ui, processing %ui", - node->id, stream->queued, h2c->processing); + ngx_log_debug4(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, + "http2 close stream %ui, queued %ui, " + "processing %ui, pushing %ui", + node->id, stream->queued, h2c->processing, h2c->pushing); fc = stream->request->connection; @@ -4072,6 +4309,8 @@ h2c->state.stream = NULL; } + push = stream->node->id % 2 == 0; + node->stream = NULL; ngx_queue_insert_tail(&h2c->closed, &node->reuse); @@ -4119,9 +4358,14 @@ fc->data = h2c->free_fake_connections; h2c->free_fake_connections = fc; - h2c->processing--; + if (push) { + h2c->pushing--; + + } else { + h2c->processing--; + } - if (h2c->processing || h2c->blocked) { + if (h2c->processing || h2c->pushing || h2c->blocked) { return; } @@ -4270,7 +4514,7 @@ c->error = 1; - if (!h2c->processing) { + if (!h2c->processing && !h2c->pushing) { ngx_http_close_connection(c); return; } @@ -4319,7 +4563,7 @@ h2c->blocked = 0; - if (h2c->processing) { + if (h2c->processing || h2c->pushing) { return; } | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/http/v2/ngx_http_v2.h ^ |
| @@ -18,12 +18,15 @@ #define NGX_HTTP_V2_STATE_BUFFER_SIZE 16 +#define NGX_HTTP_V2_DEFAULT_FRAME_SIZE (1 << 14) #define NGX_HTTP_V2_MAX_FRAME_SIZE ((1 << 24) - 1) #define NGX_HTTP_V2_INT_OCTETS 4 #define NGX_HTTP_V2_MAX_FIELD \ (127 + (1 << (NGX_HTTP_V2_INT_OCTETS - 1) * 7) - 1) +#define NGX_HTTP_V2_STREAM_ID_SIZE 4 + #define NGX_HTTP_V2_FRAME_HEADER_SIZE 9 /* frame types */ @@ -49,6 +52,8 @@ #define NGX_HTTP_V2_MAX_WINDOW ((1U << 31) - 1) #define NGX_HTTP_V2_DEFAULT_WINDOW 65535 +#define NGX_HTTP_V2_DEFAULT_WEIGHT 16 + typedef struct ngx_http_v2_connection_s ngx_http_v2_connection_t; typedef struct ngx_http_v2_node_s ngx_http_v2_node_t; @@ -116,6 +121,9 @@ ngx_uint_t processing; + ngx_uint_t pushing; + ngx_uint_t concurrent_pushes; + size_t send_window; size_t recv_window; size_t init_window; @@ -141,12 +149,14 @@ ngx_queue_t closed; ngx_uint_t last_sid; + ngx_uint_t last_push; unsigned closed_nodes:8; unsigned settings_ack:1; unsigned table_update:1; unsigned blocked:1; unsigned goaway:1; + unsigned push_disabled:1; }; @@ -188,8 +198,6 @@ ngx_array_t *cookies; - size_t header_limit; - ngx_pool_t *pool; unsigned waiting:1; @@ -272,16 +280,21 @@ void ngx_http_v2_init(ngx_event_t *rev); -void ngx_http_v2_request_headers_init(void); ngx_int_t ngx_http_v2_read_request_body(ngx_http_request_t *r); ngx_int_t ngx_http_v2_read_unbuffered_request_body(ngx_http_request_t *r); +ngx_http_v2_stream_t *ngx_http_v2_push_stream(ngx_http_v2_stream_t *parent, + ngx_str_t *path); + void ngx_http_v2_close_stream(ngx_http_v2_stream_t *stream, ngx_int_t rc); ngx_int_t ngx_http_v2_send_output_queue(ngx_http_v2_connection_t *h2c); +ngx_str_t *ngx_http_v2_get_static_name(ngx_uint_t index); +ngx_str_t *ngx_http_v2_get_static_value(ngx_uint_t index); + ngx_int_t ngx_http_v2_get_indexed_header(ngx_http_v2_connection_t *h2c, ngx_uint_t index, ngx_uint_t name_only); ngx_int_t ngx_http_v2_add_header(ngx_http_v2_connection_t *h2c, @@ -348,4 +361,53 @@ #define ngx_http_v2_write_sid ngx_http_v2_write_uint32 + +#define ngx_http_v2_indexed(i) (128 + (i)) +#define ngx_http_v2_inc_indexed(i) (64 + (i)) + +#define ngx_http_v2_write_name(dst, src, len, tmp) \ + ngx_http_v2_string_encode(dst, src, len, tmp, 1) +#define ngx_http_v2_write_value(dst, src, len, tmp) \ + ngx_http_v2_string_encode(dst, src, len, tmp, 0) + +#define NGX_HTTP_V2_ENCODE_RAW 0 +#define NGX_HTTP_V2_ENCODE_HUFF 0x80 + +#define NGX_HTTP_V2_AUTHORITY_INDEX 1 + +#define NGX_HTTP_V2_METHOD_INDEX 2 +#define NGX_HTTP_V2_METHOD_GET_INDEX 2 +#define NGX_HTTP_V2_METHOD_POST_INDEX 3 + +#define NGX_HTTP_V2_PATH_INDEX 4 +#define NGX_HTTP_V2_PATH_ROOT_INDEX 4 + +#define NGX_HTTP_V2_SCHEME_HTTP_INDEX 6 +#define NGX_HTTP_V2_SCHEME_HTTPS_INDEX 7 + +#define NGX_HTTP_V2_STATUS_INDEX 8 +#define NGX_HTTP_V2_STATUS_200_INDEX 8 +#define NGX_HTTP_V2_STATUS_204_INDEX 9 +#define NGX_HTTP_V2_STATUS_206_INDEX 10 +#define NGX_HTTP_V2_STATUS_304_INDEX 11 +#define NGX_HTTP_V2_STATUS_400_INDEX 12 +#define NGX_HTTP_V2_STATUS_404_INDEX 13 +#define NGX_HTTP_V2_STATUS_500_INDEX 14 + +#define NGX_HTTP_V2_ACCEPT_ENCODING_INDEX 16 +#define NGX_HTTP_V2_ACCEPT_LANGUAGE_INDEX 17 +#define NGX_HTTP_V2_CONTENT_LENGTH_INDEX 28 +#define NGX_HTTP_V2_CONTENT_TYPE_INDEX 31 +#define NGX_HTTP_V2_DATE_INDEX 33 +#define NGX_HTTP_V2_LAST_MODIFIED_INDEX 44 +#define NGX_HTTP_V2_LOCATION_INDEX 46 +#define NGX_HTTP_V2_SERVER_INDEX 54 +#define NGX_HTTP_V2_USER_AGENT_INDEX 58 +#define NGX_HTTP_V2_VARY_INDEX 59 + + +u_char *ngx_http_v2_string_encode(u_char *dst, u_char *src, size_t len, + u_char *tmp, ngx_uint_t lower); + + #endif /* _NGX_HTTP_V2_H_INCLUDED_ */ | ||
| [+] | Added | _service:download_url:nginx-1.14.0.tar.gz/src/http/v2/ngx_http_v2_encode.c ^ |
| @@ -0,0 +1,62 @@ + +/* + * Copyright (C) Nginx, Inc. + * Copyright (C) Valentin V. Bartenev + */ + + +#include <ngx_config.h> +#include <ngx_core.h> +#include <ngx_http.h> + + +static u_char *ngx_http_v2_write_int(u_char *pos, ngx_uint_t prefix, + ngx_uint_t value); + + +u_char * +ngx_http_v2_string_encode(u_char *dst, u_char *src, size_t len, u_char *tmp, + ngx_uint_t lower) +{ + size_t hlen; + + hlen = ngx_http_v2_huff_encode(src, len, tmp, lower); + + if (hlen > 0) { + *dst = NGX_HTTP_V2_ENCODE_HUFF; + dst = ngx_http_v2_write_int(dst, ngx_http_v2_prefix(7), hlen); + return ngx_cpymem(dst, tmp, hlen); + } + + *dst = NGX_HTTP_V2_ENCODE_RAW; + dst = ngx_http_v2_write_int(dst, ngx_http_v2_prefix(7), len); + + if (lower) { + ngx_strlow(dst, src, len); + return dst + len; + } + + return ngx_cpymem(dst, src, len); +} + + +static u_char * +ngx_http_v2_write_int(u_char *pos, ngx_uint_t prefix, ngx_uint_t value) +{ + if (value < prefix) { + *pos++ |= value; + return pos; + } + + *pos++ |= prefix; + value -= prefix; + + while (value >= 128) { + *pos++ = value % 128 + 128; + value /= 128; + } + + *pos++ = (u_char) value; + + return pos; +} | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/http/v2/ngx_http_v2_filter_module.c ^ |
| @@ -2,6 +2,7 @@ /* * Copyright (C) Nginx, Inc. * Copyright (C) Valentin V. Bartenev + * Copyright (C) Ruslan Ermilov */ @@ -22,43 +23,43 @@ #define ngx_http_v2_literal_size(h) \ (ngx_http_v2_integer_octets(sizeof(h) - 1) + sizeof(h) - 1) -#define ngx_http_v2_indexed(i) (128 + (i)) -#define ngx_http_v2_inc_indexed(i) (64 + (i)) - -#define ngx_http_v2_write_name(dst, src, len, tmp) \ - ngx_http_v2_string_encode(dst, src, len, tmp, 1) -#define ngx_http_v2_write_value(dst, src, len, tmp) \ - ngx_http_v2_string_encode(dst, src, len, tmp, 0) - -#define NGX_HTTP_V2_ENCODE_RAW 0 -#define NGX_HTTP_V2_ENCODE_HUFF 0x80 - -#define NGX_HTTP_V2_STATUS_INDEX 8 -#define NGX_HTTP_V2_STATUS_200_INDEX 8 -#define NGX_HTTP_V2_STATUS_204_INDEX 9 -#define NGX_HTTP_V2_STATUS_206_INDEX 10 -#define NGX_HTTP_V2_STATUS_304_INDEX 11 -#define NGX_HTTP_V2_STATUS_400_INDEX 12 -#define NGX_HTTP_V2_STATUS_404_INDEX 13 -#define NGX_HTTP_V2_STATUS_500_INDEX 14 - -#define NGX_HTTP_V2_CONTENT_LENGTH_INDEX 28 -#define NGX_HTTP_V2_CONTENT_TYPE_INDEX 31 -#define NGX_HTTP_V2_DATE_INDEX 33 -#define NGX_HTTP_V2_LAST_MODIFIED_INDEX 44 -#define NGX_HTTP_V2_LOCATION_INDEX 46 -#define NGX_HTTP_V2_SERVER_INDEX 54 -#define NGX_HTTP_V2_VARY_INDEX 59 #define NGX_HTTP_V2_NO_TRAILERS (ngx_http_v2_out_frame_t *) -1 -static u_char *ngx_http_v2_string_encode(u_char *dst, u_char *src, size_t len, - u_char *tmp, ngx_uint_t lower); -static u_char *ngx_http_v2_write_int(u_char *pos, ngx_uint_t prefix, - ngx_uint_t value); +typedef struct { + ngx_str_t name; + u_char index; + ngx_uint_t offset; +} ngx_http_v2_push_header_t; + + +static ngx_http_v2_push_header_t ngx_http_v2_push_headers[] = { + { ngx_string(":authority"), NGX_HTTP_V2_AUTHORITY_INDEX, + offsetof(ngx_http_headers_in_t, host) }, + + { ngx_string("accept-encoding"), NGX_HTTP_V2_ACCEPT_ENCODING_INDEX, + offsetof(ngx_http_headers_in_t, accept_encoding) }, + + { ngx_string("accept-language"), NGX_HTTP_V2_ACCEPT_LANGUAGE_INDEX, + offsetof(ngx_http_headers_in_t, accept_language) }, + + { ngx_string("user-agent"), NGX_HTTP_V2_USER_AGENT_INDEX, + offsetof(ngx_http_headers_in_t, user_agent) }, +}; + +#define NGX_HTTP_V2_PUSH_HEADERS \ + (sizeof(ngx_http_v2_push_headers) / sizeof(ngx_http_v2_push_header_t)) + + +static ngx_int_t ngx_http_v2_push_resources(ngx_http_request_t *r); +static ngx_int_t ngx_http_v2_push_resource(ngx_http_request_t *r, + ngx_str_t *path, ngx_str_t *binary); + static ngx_http_v2_out_frame_t *ngx_http_v2_create_headers_frame( ngx_http_request_t *r, u_char *pos, u_char *end, ngx_uint_t fin); +static ngx_http_v2_out_frame_t *ngx_http_v2_create_push_frame( + ngx_http_request_t *r, u_char *pos, u_char *end); static ngx_http_v2_out_frame_t *ngx_http_v2_create_trailers_frame( ngx_http_request_t *r); @@ -81,6 +82,8 @@ static ngx_int_t ngx_http_v2_headers_frame_handler( ngx_http_v2_connection_t *h2c, ngx_http_v2_out_frame_t *frame); +static ngx_int_t ngx_http_v2_push_frame_handler( + ngx_http_v2_connection_t *h2c, ngx_http_v2_out_frame_t *frame); static ngx_int_t ngx_http_v2_data_frame_handler( ngx_http_v2_connection_t *h2c, ngx_http_v2_out_frame_t *frame); static ngx_inline void ngx_http_v2_handle_frame( @@ -133,11 +136,12 @@ u_char status, *pos, *start, *p, *tmp; size_t len, tmp_len; ngx_str_t host, location; - ngx_uint_t i, port; + ngx_uint_t i, port, fin; ngx_list_part_t *part; ngx_table_elt_t *header; ngx_connection_t *fc; ngx_http_cleanup_t *cln; + ngx_http_v2_stream_t *stream; ngx_http_v2_out_frame_t *frame; ngx_http_v2_connection_t *h2c; ngx_http_core_loc_conf_t *clcf; @@ -157,7 +161,9 @@ ngx_http_v2_literal_size(NGINX_VER_BUILD); static u_char nginx_ver_build[ngx_http_v2_literal_size(NGINX_VER_BUILD)]; - if (!r->stream) { + stream = r->stream; + + if (!stream) { return ngx_http_next_header_filter(r); } @@ -236,7 +242,16 @@ } } - h2c = r->stream->connection; + h2c = stream->connection; + + if (!h2c->push_disabled && !h2c->goaway + && stream->node->id % 2 == 1 + && r->method != NGX_HTTP_HEAD) + { + if (ngx_http_v2_push_resources(r) != NGX_OK) { + return NGX_ERROR; + } + } len = h2c->table_update ? 1 : 0; @@ -628,14 +643,17 @@ header[i].value.len, tmp); } - frame = ngx_http_v2_create_headers_frame(r, start, pos, r->header_only); + fin = r->header_only + || (r->headers_out.content_length_n == 0 && !r->expect_trailers); + + frame = ngx_http_v2_create_headers_frame(r, start, pos, fin); if (frame == NULL) { return NGX_ERROR; } - ngx_http_v2_queue_blocked_frame(r->stream->connection, frame); + ngx_http_v2_queue_blocked_frame(h2c, frame); - r->stream->queued = 1; + stream->queued++; cln = ngx_http_cleanup_add(r, 0); if (cln == NULL) { @@ -643,172 +661,415 @@ } cln->handler = ngx_http_v2_filter_cleanup; - cln->data = r->stream; + cln->data = stream; fc->send_chain = ngx_http_v2_send_chain; fc->need_last_buf = 1; - return ngx_http_v2_filter_send(fc, r->stream); + return ngx_http_v2_filter_send(fc, stream); } -static ngx_http_v2_out_frame_t * -ngx_http_v2_create_trailers_frame(ngx_http_request_t *r) +static ngx_int_t +ngx_http_v2_push_resources(ngx_http_request_t *r) { - u_char *pos, *start, *tmp; - size_t len, tmp_len; - ngx_uint_t i; - ngx_list_part_t *part; - ngx_table_elt_t *header; + u_char *start, *end, *last; + ngx_int_t rc; + ngx_str_t path; + ngx_uint_t i, push; + ngx_table_elt_t **h; + ngx_http_v2_loc_conf_t *h2lcf; + ngx_http_complex_value_t *pushes; + ngx_str_t binary[NGX_HTTP_V2_PUSH_HEADERS]; - len = 0; - tmp_len = 0; + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http2 push resources"); - part = &r->headers_out.trailers.part; - header = part->elts; + ngx_memzero(binary, NGX_HTTP_V2_PUSH_HEADERS * sizeof(ngx_str_t)); - for (i = 0; /* void */; i++) { + h2lcf = ngx_http_get_module_loc_conf(r, ngx_http_v2_module); - if (i >= part->nelts) { - if (part->next == NULL) { - break; + if (h2lcf->pushes) { + pushes = h2lcf->pushes->elts; + + for (i = 0; i < h2lcf->pushes->nelts; i++) { + + if (ngx_http_complex_value(r, &pushes[i], &path) != NGX_OK) { + return NGX_ERROR; } - part = part->next; - header = part->elts; - i = 0; + if (path.len == 0) { + continue; + } + + if (path.len == 3 && ngx_strncmp(path.data, "off", 3) == 0) { + continue; + } + + rc = ngx_http_v2_push_resource(r, &path, binary); + + if (rc == NGX_ERROR) { + return NGX_ERROR; + } + + if (rc == NGX_ABORT) { + return NGX_OK; + } + + /* NGX_OK, NGX_DECLINED */ } + } - if (header[i].hash == 0) { + if (!h2lcf->push_preload) { + return NGX_OK; + } + + h = r->headers_out.link.elts; + + for (i = 0; i < r->headers_out.link.nelts; i++) { + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http2 parse link: \"%V\"", &h[i]->value); + + start = h[i]->value.data; + end = h[i]->value.data + h[i]->value.len; + + next_link: + + while (start < end && *start == ' ') { start++; } + + if (start == end || *start++ != '<') { continue; } - if (header[i].key.len > NGX_HTTP_V2_MAX_FIELD) { - ngx_log_error(NGX_LOG_CRIT, r->connection->log, 0, - "too long response trailer name: \"%V\"", - &header[i].key); - return NULL; + while (start < end && *start == ' ') { start++; } + + for (last = start; last < end && *last != '>'; last++) { + /* void */ } - if (header[i].value.len > NGX_HTTP_V2_MAX_FIELD) { - ngx_log_error(NGX_LOG_CRIT, r->connection->log, 0, - "too long response trailer value: \"%V: %V\"", - &header[i].key, &header[i].value); - return NULL; + if (last == start || last == end) { + continue; } - len += 1 + NGX_HTTP_V2_INT_OCTETS + header[i].key.len - + NGX_HTTP_V2_INT_OCTETS + header[i].value.len; + path.len = last - start; + path.data = start; - if (header[i].key.len > tmp_len) { - tmp_len = header[i].key.len; + start = last + 1; + + while (start < end && *start == ' ') { start++; } + + if (start == end) { + continue; } - if (header[i].value.len > tmp_len) { - tmp_len = header[i].value.len; + if (*start == ',') { + start++; + goto next_link; } - } - if (len == 0) { - return NGX_HTTP_V2_NO_TRAILERS; - } + if (*start++ != ';') { + continue; + } - tmp = ngx_palloc(r->pool, tmp_len); - pos = ngx_pnalloc(r->pool, len); + last = ngx_strlchr(start, end, ','); - if (pos == NULL || tmp == NULL) { - return NULL; - } + if (last == NULL) { + last = end; + } - start = pos; + push = 0; - part = &r->headers_out.trailers.part; - header = part->elts; + for ( ;; ) { - for (i = 0; /* void */; i++) { + while (start < last && *start == ' ') { start++; } - if (i >= part->nelts) { - if (part->next == NULL) { + if (last - start >= 6 + && ngx_strncasecmp(start, (u_char *) "nopush", 6) == 0) + { + start += 6; + + if (start == last || *start == ' ' || *start == ';') { + push = 0; + break; + } + + goto next_param; + } + + if (last - start >= 11 + && ngx_strncasecmp(start, (u_char *) "rel=preload", 11) == 0) + { + start += 11; + + if (start == last || *start == ' ' || *start == ';') { + push = 1; + } + + goto next_param; + } + + if (last - start >= 4 + && ngx_strncasecmp(start, (u_char *) "rel=", 4) == 0) + { + start += 4; + + while (start < last && *start == ' ') { start++; } + + if (start == last || *start++ != '"') { + goto next_param; + } + + for ( ;; ) { + + while (start < last && *start == ' ') { start++; } + + if (last - start >= 7 + && ngx_strncasecmp(start, (u_char *) "preload", 7) == 0) + { + start += 7; + + if (start < last && (*start == ' ' || *start == '"')) { + push = 1; + break; + } + } + + while (start < last && *start != ' ' && *start != '"') { + start++; + } + + if (start == last) { + break; + } + + if (*start == '"') { + break; + } + + start++; + } + } + + next_param: + + start = ngx_strlchr(start, last, ';'); + + if (start == NULL) { break; } - part = part->next; - header = part->elts; - i = 0; + start++; } - if (header[i].hash == 0) { - continue; + if (push) { + while (path.len && path.data[path.len - 1] == ' ') { + path.len--; + } } -#if (NGX_DEBUG) - if (r->connection->log->log_level & NGX_LOG_DEBUG_HTTP) { - ngx_strlow(tmp, header[i].key.data, header[i].key.len); + if (push && path.len + && !(path.len > 1 && path.data[0] == '/' && path.data[1] == '/')) + { + rc = ngx_http_v2_push_resource(r, &path, binary); - ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, - "http2 output trailer: \"%*s: %V\"", - header[i].key.len, tmp, &header[i].value); - } -#endif + if (rc == NGX_ERROR) { + return NGX_ERROR; + } - *pos++ = 0; + if (rc == NGX_ABORT) { + return NGX_OK; + } - pos = ngx_http_v2_write_name(pos, header[i].key.data, - header[i].key.len, tmp); + /* NGX_OK, NGX_DECLINED */ + } - pos = ngx_http_v2_write_value(pos, header[i].value.data, - header[i].value.len, tmp); + if (last < end) { + start = last + 1; + goto next_link; + } } - return ngx_http_v2_create_headers_frame(r, start, pos, 1); + return NGX_OK; } -static u_char * -ngx_http_v2_string_encode(u_char *dst, u_char *src, size_t len, u_char *tmp, - ngx_uint_t lower) +static ngx_int_t +ngx_http_v2_push_resource(ngx_http_request_t *r, ngx_str_t *path, + ngx_str_t *binary) { - size_t hlen; + u_char *start, *pos, *tmp; + size_t len; + ngx_str_t *value; + ngx_uint_t i; + ngx_table_elt_t **h; + ngx_connection_t *fc; + ngx_http_v2_stream_t *stream; + ngx_http_v2_out_frame_t *frame; + ngx_http_v2_connection_t *h2c; + ngx_http_v2_push_header_t *ph; + + fc = r->connection; + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, fc->log, 0, "http2 push resource"); - hlen = ngx_http_v2_huff_encode(src, len, tmp, lower); + stream = r->stream; + h2c = stream->connection; - if (hlen > 0) { - *dst = NGX_HTTP_V2_ENCODE_HUFF; - dst = ngx_http_v2_write_int(dst, ngx_http_v2_prefix(7), hlen); - return ngx_cpymem(dst, tmp, hlen); + if (!ngx_path_separator(path->data[0])) { + ngx_log_error(NGX_LOG_WARN, fc->log, 0, + "non-absolute path \"%V\" not pushed", path); + return NGX_DECLINED; } - *dst = NGX_HTTP_V2_ENCODE_RAW; - dst = ngx_http_v2_write_int(dst, ngx_http_v2_prefix(7), len); + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, + "http2 pushing:%ui limit:%ui", + h2c->pushing, h2c->concurrent_pushes); - if (lower) { - ngx_strlow(dst, src, len); - return dst + len; + if (h2c->pushing >= h2c->concurrent_pushes) { + return NGX_ABORT; } - return ngx_cpymem(dst, src, len); -} + if (h2c->last_push == 0x7ffffffe) { + return NGX_ABORT; + } + if (path->len > NGX_HTTP_V2_MAX_FIELD) { + return NGX_DECLINED; + } -static u_char * -ngx_http_v2_write_int(u_char *pos, ngx_uint_t prefix, ngx_uint_t value) -{ - if (value < prefix) { - *pos++ |= value; - return pos; + if (r->headers_in.host == NULL) { + return NGX_ABORT; + } + + ph = ngx_http_v2_push_headers; + + if (binary[0].len) { + tmp = ngx_palloc(r->pool, path->len); + if (tmp == NULL) { + return NGX_ERROR; + } + + } else { + len = path->len; + + for (i = 0; i < NGX_HTTP_V2_PUSH_HEADERS; i++) { + h = (ngx_table_elt_t **) ((char *) &r->headers_in + ph[i].offset); + + if (*h) { + len = ngx_max(len, (*h)->value.len); + } + } + + tmp = ngx_palloc(r->pool, len); + if (tmp == NULL) { + return NGX_ERROR; + } + + for (i = 0; i < NGX_HTTP_V2_PUSH_HEADERS; i++) { + h = (ngx_table_elt_t **) ((char *) &r->headers_in + ph[i].offset); + + if (*h == NULL) { + continue; + } + + value = &(*h)->value; + + len = 1 + NGX_HTTP_V2_INT_OCTETS + value->len; + + pos = ngx_pnalloc(r->pool, len); + if (pos == NULL) { + return NGX_ERROR; + } + + binary[i].data = pos; + + *pos++ = ngx_http_v2_inc_indexed(ph[i].index); + pos = ngx_http_v2_write_value(pos, value->data, value->len, tmp); + + binary[i].len = pos - binary[i].data; + } + } + + len = (h2c->table_update ? 1 : 0) + + 1 + + 1 + NGX_HTTP_V2_INT_OCTETS + path->len + + 1; + + for (i = 0; i < NGX_HTTP_V2_PUSH_HEADERS; i++) { + len += binary[i].len; + } + + pos = ngx_pnalloc(r->pool, len); + if (pos == NULL) { + return NGX_ERROR; } - *pos++ |= prefix; - value -= prefix; + start = pos; + + if (h2c->table_update) { + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, fc->log, 0, + "http2 table size update: 0"); + *pos++ = (1 << 5) | 0; + h2c->table_update = 0; + } + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, fc->log, 0, + "http2 push header: \":method: GET\""); + + *pos++ = ngx_http_v2_indexed(NGX_HTTP_V2_METHOD_GET_INDEX); + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, fc->log, 0, + "http2 push header: \":path: %V\"", path); + + *pos++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_PATH_INDEX); + pos = ngx_http_v2_write_value(pos, path->data, path->len, tmp); + +#if (NGX_HTTP_SSL) + if (fc->ssl) { + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, fc->log, 0, + "http2 push header: \":scheme: https\""); + *pos++ = ngx_http_v2_indexed(NGX_HTTP_V2_SCHEME_HTTPS_INDEX); - while (value >= 128) { - *pos++ = value % 128 + 128; - value /= 128; + } else +#endif + { + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, fc->log, 0, + "http2 push header: \":scheme: http\""); + *pos++ = ngx_http_v2_indexed(NGX_HTTP_V2_SCHEME_HTTP_INDEX); + } + + for (i = 0; i < NGX_HTTP_V2_PUSH_HEADERS; i++) { + h = (ngx_table_elt_t **) ((char *) &r->headers_in + ph[i].offset); + + if (*h == NULL) { + continue; + } + + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, fc->log, 0, + "http2 push header: \"%V: %V\"", + &ph[i].name, &(*h)->value); + + pos = ngx_cpymem(pos, binary[i].data, binary[i].len); + } + + frame = ngx_http_v2_create_push_frame(r, start, pos); + if (frame == NULL) { + return NGX_ERROR; } - *pos++ = (u_char) value; + ngx_http_v2_queue_blocked_frame(h2c, frame); + + stream->queued++; - return pos; + stream = ngx_http_v2_push_stream(stream, path); + + if (stream) { + stream->request->request_length = pos - start; + return NGX_OK; + } + + return NGX_ERROR; } @@ -908,45 +1169,278 @@ cl->next = NULL; frame->last = cl; - ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, - "http2:%ui create HEADERS frame %p: len:%uz", - stream->node->id, frame, frame->length); + ngx_log_debug4(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http2:%ui create HEADERS frame %p: len:%uz fin:%ui", + stream->node->id, frame, frame->length, fin); return frame; } } -static ngx_chain_t * -ngx_http_v2_send_chain(ngx_connection_t *fc, ngx_chain_t *in, off_t limit) +static ngx_http_v2_out_frame_t * +ngx_http_v2_create_push_frame(ngx_http_request_t *r, u_char *pos, u_char *end) { - off_t size, offset; - size_t rest, frame_size; - ngx_chain_t *cl, *out, **ln; - ngx_http_request_t *r; + u_char type, flags; + size_t rest, frame_size, len; + ngx_buf_t *b; + ngx_chain_t *cl, **ll; ngx_http_v2_stream_t *stream; - ngx_http_v2_loc_conf_t *h2lcf; - ngx_http_v2_out_frame_t *frame, *trailers; + ngx_http_v2_out_frame_t *frame; ngx_http_v2_connection_t *h2c; - r = fc->data; stream = r->stream; + h2c = stream->connection; + rest = NGX_HTTP_V2_STREAM_ID_SIZE + (end - pos); -#if (NGX_SUPPRESS_WARN) - size = 0; -#endif + frame = ngx_palloc(r->pool, sizeof(ngx_http_v2_out_frame_t)); + if (frame == NULL) { + return NULL; + } - while (in) { - size = ngx_buf_size(in->buf); + frame->handler = ngx_http_v2_push_frame_handler; + frame->stream = stream; + frame->length = rest; + frame->blocked = 1; + frame->fin = 0; - if (size || in->buf->last_buf) { - break; - } + ll = &frame->first; + + type = NGX_HTTP_V2_PUSH_PROMISE_FRAME; + flags = NGX_HTTP_V2_NO_FLAG; + frame_size = h2c->frame_size; + + for ( ;; ) { + if (rest <= frame_size) { + frame_size = rest; + flags |= NGX_HTTP_V2_END_HEADERS_FLAG; + } + + b = ngx_create_temp_buf(r->pool, + NGX_HTTP_V2_FRAME_HEADER_SIZE + + ((type == NGX_HTTP_V2_PUSH_PROMISE_FRAME) + ? NGX_HTTP_V2_STREAM_ID_SIZE : 0)); + if (b == NULL) { + return NULL; + } + + b->last = ngx_http_v2_write_len_and_type(b->last, frame_size, type); + *b->last++ = flags; + b->last = ngx_http_v2_write_sid(b->last, stream->node->id); + + b->tag = (ngx_buf_tag_t) &ngx_http_v2_module; + + if (type == NGX_HTTP_V2_PUSH_PROMISE_FRAME) { + h2c->last_push += 2; + + b->last = ngx_http_v2_write_sid(b->last, h2c->last_push); + len = frame_size - NGX_HTTP_V2_STREAM_ID_SIZE; + + } else { + len = frame_size; + } + + cl = ngx_alloc_chain_link(r->pool); + if (cl == NULL) { + return NULL; + } + + cl->buf = b; + + *ll = cl; + ll = &cl->next; + + b = ngx_calloc_buf(r->pool); + if (b == NULL) { + return NULL; + } + + b->pos = pos; + + pos += len; + + b->last = pos; + b->start = b->pos; + b->end = b->last; + b->temporary = 1; + + cl = ngx_alloc_chain_link(r->pool); + if (cl == NULL) { + return NULL; + } + + cl->buf = b; + + *ll = cl; + ll = &cl->next; + + rest -= frame_size; + + if (rest) { + frame->length += NGX_HTTP_V2_FRAME_HEADER_SIZE; + + type = NGX_HTTP_V2_CONTINUATION_FRAME; + continue; + } + + cl->next = NULL; + frame->last = cl; + + ngx_log_debug4(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http2:%ui create PUSH_PROMISE frame %p: " + "sid:%ui len:%uz", + stream->node->id, frame, h2c->last_push, + frame->length); + + return frame; + } +} + + +static ngx_http_v2_out_frame_t * +ngx_http_v2_create_trailers_frame(ngx_http_request_t *r) +{ + u_char *pos, *start, *tmp; + size_t len, tmp_len; + ngx_uint_t i; + ngx_list_part_t *part; + ngx_table_elt_t *header; + ngx_connection_t *fc; + + fc = r->connection; + len = 0; + tmp_len = 0; + + part = &r->headers_out.trailers.part; + header = part->elts; + + for (i = 0; /* void */; i++) { + + if (i >= part->nelts) { + if (part->next == NULL) { + break; + } + + part = part->next; + header = part->elts; + i = 0; + } + + if (header[i].hash == 0) { + continue; + } + + if (header[i].key.len > NGX_HTTP_V2_MAX_FIELD) { + ngx_log_error(NGX_LOG_CRIT, fc->log, 0, + "too long response trailer name: \"%V\"", + &header[i].key); + return NULL; + } + + if (header[i].value.len > NGX_HTTP_V2_MAX_FIELD) { + ngx_log_error(NGX_LOG_CRIT, fc->log, 0, + "too long response trailer value: \"%V: %V\"", + &header[i].key, &header[i].value); + return NULL; + } + + len += 1 + NGX_HTTP_V2_INT_OCTETS + header[i].key.len + + NGX_HTTP_V2_INT_OCTETS + header[i].value.len; + + if (header[i].key.len > tmp_len) { + tmp_len = header[i].key.len; + } + + if (header[i].value.len > tmp_len) { + tmp_len = header[i].value.len; + } + } + + if (len == 0) { + return NGX_HTTP_V2_NO_TRAILERS; + } + + tmp = ngx_palloc(r->pool, tmp_len); + pos = ngx_pnalloc(r->pool, len); + + if (pos == NULL || tmp == NULL) { + return NULL; + } + + start = pos; + + part = &r->headers_out.trailers.part; + header = part->elts; + + for (i = 0; /* void */; i++) { + + if (i >= part->nelts) { + if (part->next == NULL) { + break; + } + + part = part->next; + header = part->elts; + i = 0; + } + + if (header[i].hash == 0) { + continue; + } + +#if (NGX_DEBUG) + if (fc->log->log_level & NGX_LOG_DEBUG_HTTP) { + ngx_strlow(tmp, header[i].key.data, header[i].key.len); + + ngx_log_debug3(NGX_LOG_DEBUG_HTTP, fc->log, 0, + "http2 output trailer: \"%*s: %V\"", + header[i].key.len, tmp, &header[i].value); + } +#endif + + *pos++ = 0; + + pos = ngx_http_v2_write_name(pos, header[i].key.data, + header[i].key.len, tmp); + + pos = ngx_http_v2_write_value(pos, header[i].value.data, + header[i].value.len, tmp); + } + + return ngx_http_v2_create_headers_frame(r, start, pos, 1); +} + + +static ngx_chain_t * +ngx_http_v2_send_chain(ngx_connection_t *fc, ngx_chain_t *in, off_t limit) +{ + off_t size, offset; + size_t rest, frame_size; + ngx_chain_t *cl, *out, **ln; + ngx_http_request_t *r; + ngx_http_v2_stream_t *stream; + ngx_http_v2_loc_conf_t *h2lcf; + ngx_http_v2_out_frame_t *frame, *trailers; + ngx_http_v2_connection_t *h2c; + + r = fc->data; + stream = r->stream; + +#if (NGX_SUPPRESS_WARN) + size = 0; +#endif + + while (in) { + size = ngx_buf_size(in->buf); + + if (size || in->buf->last_buf) { + break; + } in = in->next; } - if (in == NULL) { + if (in == NULL || stream->out_closed) { if (stream->queued) { fc->write->active = 1; @@ -1240,31 +1734,6 @@ static ngx_inline ngx_int_t -ngx_http_v2_filter_send(ngx_connection_t *fc, ngx_http_v2_stream_t *stream) -{ - stream->blocked = 1; - - if (ngx_http_v2_send_output_queue(stream->connection) == NGX_ERROR) { - fc->error = 1; - return NGX_ERROR; - } - - stream->blocked = 0; - - if (stream->queued) { - fc->buffered |= NGX_HTTP_V2_BUFFERED; - fc->write->active = 1; - fc->write->ready = 0; - return NGX_AGAIN; - } - - fc->buffered &= ~NGX_HTTP_V2_BUFFERED; - - return NGX_OK; -} - - -static ngx_inline ngx_int_t ngx_http_v2_flow_control(ngx_http_v2_connection_t *h2c, ngx_http_v2_stream_t *stream) { @@ -1317,6 +1786,30 @@ } +static ngx_inline ngx_int_t +ngx_http_v2_filter_send(ngx_connection_t *fc, ngx_http_v2_stream_t *stream) +{ + stream->blocked = 1; + + if (ngx_http_v2_send_output_queue(stream->connection) == NGX_ERROR) { + fc->error = 1; + return NGX_ERROR; + } + + stream->blocked = 0; + + if (stream->queued) { + fc->buffered |= NGX_HTTP_V2_BUFFERED; + fc->write->active = 1; + fc->write->ready = 0; + return NGX_AGAIN; + } + + fc->buffered &= ~NGX_HTTP_V2_BUFFERED; + + return NGX_OK; +} + static ngx_int_t ngx_http_v2_headers_frame_handler(ngx_http_v2_connection_t *h2c, @@ -1362,6 +1855,60 @@ stream->node->id, frame); stream->request->header_size += NGX_HTTP_V2_FRAME_HEADER_SIZE + + frame->length; + + ngx_http_v2_handle_frame(stream, frame); + + ngx_http_v2_handle_stream(h2c, stream); + + return NGX_OK; +} + + +static ngx_int_t +ngx_http_v2_push_frame_handler(ngx_http_v2_connection_t *h2c, + ngx_http_v2_out_frame_t *frame) +{ + ngx_chain_t *cl, *ln; + ngx_http_v2_stream_t *stream; + + stream = frame->stream; + cl = frame->first; + + for ( ;; ) { + if (cl->buf->pos != cl->buf->last) { + frame->first = cl; + + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, + "http2:%ui PUSH_PROMISE frame %p was sent partially", + stream->node->id, frame); + + return NGX_AGAIN; + } + + ln = cl->next; + + if (cl->buf->tag == (ngx_buf_tag_t) &ngx_http_v2_module) { + cl->next = stream->free_frame_headers; + stream->free_frame_headers = cl; + + } else { + cl->next = stream->free_bufs; + stream->free_bufs = cl; + } + + if (cl == frame->last) { + break; + } + + cl = ln; + } + + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, + "http2:%ui PUSH_PROMISE frame %p was sent", + stream->node->id, frame); + + stream->request->header_size += NGX_HTTP_V2_FRAME_HEADER_SIZE + frame->length; ngx_http_v2_handle_frame(stream, frame); | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/http/v2/ngx_http_v2_module.c ^ |
| @@ -27,6 +27,8 @@ static char *ngx_http_v2_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child); +static char *ngx_http_v2_push(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); + static char *ngx_http_v2_recv_buffer_size(ngx_conf_t *cf, void *post, void *data); static char *ngx_http_v2_pool_size(ngx_conf_t *cf, void *post, void *data); @@ -73,6 +75,13 @@ offsetof(ngx_http_v2_srv_conf_t, concurrent_streams), NULL }, + { ngx_string("http2_max_concurrent_pushes"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, + ngx_conf_set_num_slot, + NGX_HTTP_SRV_CONF_OFFSET, + offsetof(ngx_http_v2_srv_conf_t, concurrent_pushes), + NULL }, + { ngx_string("http2_max_requests"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, ngx_conf_set_num_slot, @@ -129,6 +138,20 @@ offsetof(ngx_http_v2_loc_conf_t, chunk_size), &ngx_http_v2_chunk_size_post }, + { ngx_string("http2_push_preload"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, + ngx_conf_set_flag_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_v2_loc_conf_t, push_preload), + NULL }, + + { ngx_string("http2_push"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_http_v2_push, + NGX_HTTP_LOC_CONF_OFFSET, + 0, + NULL }, + { ngx_string("spdy_recv_buffer_size"), NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE1, ngx_http_v2_spdy_deprecated, @@ -329,6 +352,7 @@ h2scf->pool_size = NGX_CONF_UNSET_SIZE; h2scf->concurrent_streams = NGX_CONF_UNSET_UINT; + h2scf->concurrent_pushes = NGX_CONF_UNSET_UINT; h2scf->max_requests = NGX_CONF_UNSET_UINT; h2scf->max_field_size = NGX_CONF_UNSET_SIZE; @@ -355,6 +379,8 @@ ngx_conf_merge_uint_value(conf->concurrent_streams, prev->concurrent_streams, 128); + ngx_conf_merge_uint_value(conf->concurrent_pushes, + prev->concurrent_pushes, 10); ngx_conf_merge_uint_value(conf->max_requests, prev->max_requests, 1000); ngx_conf_merge_size_value(conf->max_field_size, prev->max_field_size, @@ -386,8 +412,17 @@ return NULL; } + /* + * set by ngx_pcalloc(): + * + * h2lcf->pushes = NULL; + */ + h2lcf->chunk_size = NGX_CONF_UNSET_SIZE; + h2lcf->push_preload = NGX_CONF_UNSET; + h2lcf->push = NGX_CONF_UNSET; + return h2lcf; } @@ -400,6 +435,72 @@ ngx_conf_merge_size_value(conf->chunk_size, prev->chunk_size, 8 * 1024); + ngx_conf_merge_value(conf->push, prev->push, 1); + + if (conf->push && conf->pushes == NULL) { + conf->pushes = prev->pushes; + } + + ngx_conf_merge_value(conf->push_preload, prev->push_preload, 0); + + return NGX_CONF_OK; +} + + +static char * +ngx_http_v2_push(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +{ + ngx_http_v2_loc_conf_t *h2lcf = conf; + + ngx_str_t *value; + ngx_http_complex_value_t *cv; + ngx_http_compile_complex_value_t ccv; + + value = cf->args->elts; + + if (ngx_strcmp(value[1].data, "off") == 0) { + + if (h2lcf->pushes) { + return "\"off\" parameter cannot be used with URI"; + } + + if (h2lcf->push == 0) { + return "is duplicate"; + } + + h2lcf->push = 0; + return NGX_CONF_OK; + } + + if (h2lcf->push == 0) { + return "URI cannot be used with \"off\" parameter"; + } + + h2lcf->push = 1; + + if (h2lcf->pushes == NULL) { + h2lcf->pushes = ngx_array_create(cf->pool, 1, + sizeof(ngx_http_complex_value_t)); + if (h2lcf->pushes == NULL) { + return NGX_CONF_ERROR; + } + } + + cv = ngx_array_push(h2lcf->pushes); + if (cv == NULL) { + return NGX_CONF_ERROR; + } + + ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t)); + + ccv.cf = cf; + ccv.value = &value[1]; + ccv.complex_value = cv; + + if (ngx_http_compile_complex_value(&ccv) != NGX_OK) { + return NGX_CONF_ERROR; + } + return NGX_CONF_OK; } | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/http/v2/ngx_http_v2_module.h ^ |
| @@ -23,6 +23,7 @@ typedef struct { size_t pool_size; ngx_uint_t concurrent_streams; + ngx_uint_t concurrent_pushes; ngx_uint_t max_requests; size_t max_field_size; size_t max_header_size; @@ -35,6 +36,11 @@ typedef struct { size_t chunk_size; + + ngx_flag_t push_preload; + + ngx_flag_t push; + ngx_array_t *pushes; } ngx_http_v2_loc_conf_t; | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/http/v2/ngx_http_v2_table.c ^ |
| @@ -86,6 +86,20 @@ / sizeof(ngx_http_v2_header_t)) +ngx_str_t * +ngx_http_v2_get_static_name(ngx_uint_t index) +{ + return &ngx_http_v2_static_table[index - 1].name; +} + + +ngx_str_t * +ngx_http_v2_get_static_value(ngx_uint_t index) +{ + return &ngx_http_v2_static_table[index - 1].value; +} + + ngx_int_t ngx_http_v2_get_indexed_header(ngx_http_v2_connection_t *h2c, ngx_uint_t index, ngx_uint_t name_only) | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/mail/ngx_mail_handler.c ^ |
| @@ -302,7 +302,7 @@ "client SSL certificate verify error: (%l:%s)", rc, X509_verify_cert_error_string(rc)); - ngx_ssl_remove_cached_session(sslcf->ssl.ctx, + ngx_ssl_remove_cached_session(c->ssl->session_ctx, (SSL_get0_session(c->ssl->connection))); cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); @@ -323,7 +323,7 @@ ngx_log_error(NGX_LOG_INFO, c->log, 0, "client sent no required SSL certificate"); - ngx_ssl_remove_cached_session(sslcf->ssl.ctx, + ngx_ssl_remove_cached_session(c->ssl->session_ctx, (SSL_get0_session(c->ssl->connection))); cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/os/unix/ngx_daemon.c ^ |
| @@ -26,6 +26,7 @@ exit(0); } + ngx_parent = ngx_pid; ngx_pid = ngx_getpid(); if (setsid() == -1) { | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/os/unix/ngx_freebsd_sendfile_chain.c ^ |
| @@ -135,7 +135,7 @@ if (ngx_freebsd_use_tcp_nopush && c->tcp_nopush == NGX_TCP_NOPUSH_UNSET) { - if (ngx_tcp_nopush(c->fd) == NGX_ERROR) { + if (ngx_tcp_nopush(c->fd) == -1) { err = ngx_socket_errno; /* | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/os/unix/ngx_linux_config.h ^ |
| @@ -99,6 +99,11 @@ #endif +#if (NGX_HAVE_CAPABILITIES) +#include <linux/capability.h> +#endif + + #define NGX_LISTEN_BACKLOG 511 | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/os/unix/ngx_linux_sendfile_chain.c ^ |
| @@ -130,7 +130,7 @@ if (c->tcp_nodelay == NGX_TCP_NODELAY_UNSET) { - if (ngx_tcp_nopush(c->fd) == NGX_ERROR) { + if (ngx_tcp_nopush(c->fd) == -1) { err = ngx_socket_errno; /* | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/os/unix/ngx_posix_config.h ^ |
| @@ -145,26 +145,6 @@ #define ngx_debug_init() -#if (__FreeBSD__) && (__FreeBSD_version < 400017) - -#include <sys/param.h> /* ALIGN() */ - -/* - * FreeBSD 3.x has no CMSG_SPACE() and CMSG_LEN() and has the broken CMSG_DATA() - */ - -#undef CMSG_SPACE -#define CMSG_SPACE(l) (ALIGN(sizeof(struct cmsghdr)) + ALIGN(l)) - -#undef CMSG_LEN -#define CMSG_LEN(l) (ALIGN(sizeof(struct cmsghdr)) + (l)) - -#undef CMSG_DATA -#define CMSG_DATA(cmsg) ((u_char *)(cmsg) + ALIGN(sizeof(struct cmsghdr))) - -#endif - - extern char **environ; | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/os/unix/ngx_posix_init.c ^ |
| @@ -36,6 +36,9 @@ { ngx_time_t *tp; ngx_uint_t n; +#if (NGX_HAVE_LEVEL1_DCACHE_LINESIZE) + long size; +#endif #if (NGX_HAVE_OS_SPECIFIC_INIT) if (ngx_os_specific_init(log) != NGX_OK) { @@ -62,6 +65,13 @@ ngx_ncpu = 1; } +#if (NGX_HAVE_LEVEL1_DCACHE_LINESIZE) + size = sysconf(_SC_LEVEL1_DCACHE_LINESIZE); + if (size > 0) { + ngx_cacheline_size = size; + } +#endif + ngx_cpuinfo(); if (getrlimit(RLIMIT_NOFILE, &rlmt) == -1) { | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/os/unix/ngx_process.c ^ |
| @@ -194,6 +194,7 @@ return NGX_INVALID_PID; case 0: + ngx_parent = ngx_pid; ngx_pid = ngx_getpid(); proc(cycle, data); break; @@ -371,12 +372,12 @@ break; case ngx_signal_value(NGX_CHANGEBIN_SIGNAL): - if (getppid() > 1 || ngx_new_binary > 0) { + if (ngx_getppid() == ngx_parent || ngx_new_binary > 0) { /* * Ignore the signal in the new binary if its parent is - * not the init process, i.e. the old binary's process - * is still running. Or ignore the signal in the old binary's + * not changed, i.e. the old binary's process is still + * running. Or ignore the signal in the old binary's * process if the new binary's process is already running. */ | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/os/unix/ngx_process.h ^ |
| @@ -54,6 +54,7 @@ #define ngx_getpid getpid +#define ngx_getppid getppid #ifndef ngx_log_pid #define ngx_log_pid ngx_pid @@ -79,6 +80,7 @@ extern char **ngx_os_argv; extern ngx_pid_t ngx_pid; +extern ngx_pid_t ngx_parent; extern ngx_socket_t ngx_channel; extern ngx_int_t ngx_process_slot; extern ngx_int_t ngx_last_process; | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/os/unix/ngx_process_cycle.c ^ |
| @@ -31,6 +31,7 @@ ngx_uint_t ngx_process; ngx_uint_t ngx_worker; ngx_pid_t ngx_pid; +ngx_pid_t ngx_parent; sig_atomic_t ngx_reap; sig_atomic_t ngx_sigio; @@ -838,12 +839,44 @@ ccf->username, ccf->group); } +#if (NGX_HAVE_PR_SET_KEEPCAPS && NGX_HAVE_CAPABILITIES) + if (ccf->transparent && ccf->user) { + if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1) { + ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, + "prctl(PR_SET_KEEPCAPS, 1) failed"); + /* fatal */ + exit(2); + } + } +#endif + if (setuid(ccf->user) == -1) { ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, "setuid(%d) failed", ccf->user); /* fatal */ exit(2); } + +#if (NGX_HAVE_CAPABILITIES) + if (ccf->transparent && ccf->user) { + struct __user_cap_data_struct data; + struct __user_cap_header_struct header; + + ngx_memzero(&header, sizeof(struct __user_cap_header_struct)); + ngx_memzero(&data, sizeof(struct __user_cap_data_struct)); + + header.version = _LINUX_CAPABILITY_VERSION_1; + data.effective = CAP_TO_MASK(CAP_NET_RAW); + data.permitted = data.effective; + + if (syscall(SYS_capset, &header, &data) == -1) { + ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, + "capset() failed"); + /* fatal */ + exit(2); + } + } +#endif } if (worker >= 0) { | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/stream/ngx_stream_geo_module.c ^ |
| @@ -341,18 +341,18 @@ static char * ngx_stream_geo_block(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { - char *rv; - size_t len; - ngx_str_t *value, name; - ngx_uint_t i; - ngx_conf_t save; - ngx_pool_t *pool; - ngx_array_t *a; - ngx_stream_variable_t *var; - ngx_stream_geo_ctx_t *geo; - ngx_stream_geo_conf_ctx_t ctx; + char *rv; + size_t len; + ngx_str_t *value, name; + ngx_uint_t i; + ngx_conf_t save; + ngx_pool_t *pool; + ngx_array_t *a; + ngx_stream_variable_t *var; + ngx_stream_geo_ctx_t *geo; + ngx_stream_geo_conf_ctx_t ctx; #if (NGX_HAVE_INET6) - static struct in6_addr zero; + static struct in6_addr zero; #endif value = cf->args->elts; @@ -409,6 +409,7 @@ ctx.temp_pool = ngx_create_pool(NGX_DEFAULT_POOL_SIZE, cf->log); if (ctx.temp_pool == NULL) { + ngx_destroy_pool(pool); return NGX_CONF_ERROR; } @@ -430,6 +431,10 @@ *cf = save; + if (rv != NGX_CONF_OK) { + goto failed; + } + if (ctx.ranges) { if (ctx.high.low && !ctx.binary_include) { @@ -449,7 +454,7 @@ ctx.high.low[i] = ngx_palloc(cf->pool, len + sizeof(void *)); if (ctx.high.low[i] == NULL) { - return NGX_CONF_ERROR; + goto failed; } ngx_memcpy(ctx.high.low[i], a->elts, len); @@ -475,14 +480,11 @@ var->get_handler = ngx_stream_geo_range_variable; var->data = (uintptr_t) geo; - ngx_destroy_pool(ctx.temp_pool); - ngx_destroy_pool(pool); - } else { if (ctx.tree == NULL) { ctx.tree = ngx_radix_tree_create(cf->pool, -1); if (ctx.tree == NULL) { - return NGX_CONF_ERROR; + goto failed; } } @@ -492,7 +494,7 @@ if (ctx.tree6 == NULL) { ctx.tree6 = ngx_radix_tree_create(cf->pool, -1); if (ctx.tree6 == NULL) { - return NGX_CONF_ERROR; + goto failed; } } @@ -502,14 +504,11 @@ var->get_handler = ngx_stream_geo_cidr_variable; var->data = (uintptr_t) geo; - ngx_destroy_pool(ctx.temp_pool); - ngx_destroy_pool(pool); - if (ngx_radix32tree_insert(ctx.tree, 0, 0, (uintptr_t) &ngx_stream_variable_null_value) == NGX_ERROR) { - return NGX_CONF_ERROR; + goto failed; } /* NGX_BUSY is okay (default was set explicitly) */ @@ -519,12 +518,22 @@ (uintptr_t) &ngx_stream_variable_null_value) == NGX_ERROR) { - return NGX_CONF_ERROR; + goto failed; } #endif } - return rv; + ngx_destroy_pool(ctx.temp_pool); + ngx_destroy_pool(pool); + + return NGX_CONF_OK; + +failed: + + ngx_destroy_pool(ctx.temp_pool); + ngx_destroy_pool(pool); + + return NGX_CONF_ERROR; } | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/stream/ngx_stream_log_module.c ^ |
| @@ -89,6 +89,11 @@ } ngx_stream_log_var_t; +#define NGX_STREAM_LOG_ESCAPE_DEFAULT 0 +#define NGX_STREAM_LOG_ESCAPE_JSON 1 +#define NGX_STREAM_LOG_ESCAPE_NONE 2 + + static void ngx_stream_log_write(ngx_stream_session_t *s, ngx_stream_log_t *log, u_char *buf, size_t len); static ssize_t ngx_stream_log_script_write(ngx_stream_session_t *s, @@ -106,7 +111,7 @@ static void ngx_stream_log_flush_handler(ngx_event_t *ev); static ngx_int_t ngx_stream_log_variable_compile(ngx_conf_t *cf, - ngx_stream_log_op_t *op, ngx_str_t *value, ngx_uint_t json); + ngx_stream_log_op_t *op, ngx_str_t *value, ngx_uint_t escape); static size_t ngx_stream_log_variable_getlen(ngx_stream_session_t *s, uintptr_t data); static u_char *ngx_stream_log_variable(ngx_stream_session_t *s, u_char *buf, @@ -116,6 +121,10 @@ uintptr_t data); static u_char *ngx_stream_log_json_variable(ngx_stream_session_t *s, u_char *buf, ngx_stream_log_op_t *op); +static size_t ngx_stream_log_unescaped_variable_getlen(ngx_stream_session_t *s, + uintptr_t data); +static u_char *ngx_stream_log_unescaped_variable(ngx_stream_session_t *s, + u_char *buf, ngx_stream_log_op_t *op); static void *ngx_stream_log_create_main_conf(ngx_conf_t *cf); @@ -682,7 +691,7 @@ static ngx_int_t ngx_stream_log_variable_compile(ngx_conf_t *cf, ngx_stream_log_op_t *op, - ngx_str_t *value, ngx_uint_t json) + ngx_str_t *value, ngx_uint_t escape) { ngx_int_t index; @@ -693,11 +702,18 @@ op->len = 0; - if (json) { + switch (escape) { + case NGX_STREAM_LOG_ESCAPE_JSON: op->getlen = ngx_stream_log_json_variable_getlen; op->run = ngx_stream_log_json_variable; + break; - } else { + case NGX_STREAM_LOG_ESCAPE_NONE: + op->getlen = ngx_stream_log_unescaped_variable_getlen; + op->run = ngx_stream_log_unescaped_variable; + break; + + default: /* NGX_STREAM_LOG_ESCAPE_DEFAULT */ op->getlen = ngx_stream_log_variable_getlen; op->run = ngx_stream_log_variable; } @@ -851,6 +867,40 @@ } +static size_t +ngx_stream_log_unescaped_variable_getlen(ngx_stream_session_t *s, + uintptr_t data) +{ + ngx_stream_variable_value_t *value; + + value = ngx_stream_get_indexed_variable(s, data); + + if (value == NULL || value->not_found) { + return 0; + } + + value->escape = 0; + + return value->len; +} + + +static u_char * +ngx_stream_log_unescaped_variable(ngx_stream_session_t *s, u_char *buf, + ngx_stream_log_op_t *op) +{ + ngx_stream_variable_value_t *value; + + value = ngx_stream_get_indexed_variable(s, op->data); + + if (value == NULL || value->not_found) { + return buf; + } + + return ngx_cpymem(buf, value->data, value->len); +} + + static void * ngx_stream_log_create_main_conf(ngx_conf_t *cf) { @@ -1265,17 +1315,20 @@ size_t i, len; ngx_str_t *value, var; ngx_int_t *flush; - ngx_uint_t bracket, json; + ngx_uint_t bracket, escape; ngx_stream_log_op_t *op; - json = 0; + escape = NGX_STREAM_LOG_ESCAPE_DEFAULT; value = args->elts; if (s < args->nelts && ngx_strncmp(value[s].data, "escape=", 7) == 0) { data = value[s].data + 7; if (ngx_strcmp(data, "json") == 0) { - json = 1; + escape = NGX_STREAM_LOG_ESCAPE_JSON; + + } else if (ngx_strcmp(data, "none") == 0) { + escape = NGX_STREAM_LOG_ESCAPE_NONE; } else if (ngx_strcmp(data, "default") != 0) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, @@ -1350,7 +1403,7 @@ goto invalid; } - if (ngx_stream_log_variable_compile(cf, op, &var, json) + if (ngx_stream_log_variable_compile(cf, op, &var, escape) != NGX_OK) { return NGX_CONF_ERROR; | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/stream/ngx_stream_proxy_module.c ^ |
| @@ -801,8 +801,6 @@ NGX_STREAM_UPSTREAM_NOTIFY_CONNECT); } - c->log->action = "proxying connection"; - if (u->upstream_buf.start == NULL) { p = ngx_pnalloc(c->pool, pscf->buffer_size); if (p == NULL) { @@ -1449,6 +1447,7 @@ ngx_stream_proxy_process(ngx_stream_session_t *s, ngx_uint_t from_upstream, ngx_uint_t do_write) { + char *recv_action, *send_action; off_t *received, limit; size_t size, limit_rate; ssize_t n; @@ -1492,6 +1491,8 @@ received = &u->received; out = &u->downstream_out; busy = &u->downstream_busy; + recv_action = "proxying and reading from upstream"; + send_action = "proxying and sending to client"; } else { src = c; @@ -1501,6 +1502,8 @@ received = &s->received; out = &u->upstream_out; busy = &u->upstream_busy; + recv_action = "proxying and reading from client"; + send_action = "proxying and sending to upstream"; } for ( ;; ) { @@ -1508,6 +1511,8 @@ if (do_write && dst) { if (*out || *busy || dst->buffered) { + c->log->action = send_action; + rc = ngx_stream_top_filter(s, *out, from_upstream); if (rc == NGX_ERROR) { @@ -1551,6 +1556,8 @@ } } + c->log->action = recv_action; + n = src->recv(src, b->last, size); if (n == NGX_AGAIN) { @@ -1620,6 +1627,8 @@ break; } + c->log->action = "proxying connection"; + if (src->read->eof && dst && (dst->read->eof || !dst->buffered)) { handler = c->log->handler; c->log->handler = NULL; @@ -2155,6 +2164,12 @@ if (cf->args->nelts > 2) { if (ngx_strcmp(value[2].data, "transparent") == 0) { #if (NGX_HAVE_TRANSPARENT_PROXY) + ngx_core_conf_t *ccf; + + ccf = (ngx_core_conf_t *) ngx_get_conf(cf->cycle->conf_ctx, + ngx_core_module); + + ccf->transparent = 1; local->transparent = 1; #else ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/stream/ngx_stream_ssl_module.c ^ |
| @@ -328,7 +328,7 @@ "client SSL certificate verify error: (%l:%s)", rc, X509_verify_cert_error_string(rc)); - ngx_ssl_remove_cached_session(sslcf->ssl.ctx, + ngx_ssl_remove_cached_session(c->ssl->session_ctx, (SSL_get0_session(c->ssl->connection))); return NGX_ERROR; } @@ -340,7 +340,7 @@ ngx_log_error(NGX_LOG_INFO, c->log, 0, "client sent no required SSL certificate"); - ngx_ssl_remove_cached_session(sslcf->ssl.ctx, + ngx_ssl_remove_cached_session(c->ssl->session_ctx, (SSL_get0_session(c->ssl->connection))); return NGX_ERROR; } | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/stream/ngx_stream_ssl_preread_module.c ^ |
| @@ -17,10 +17,12 @@ typedef struct { size_t left; size_t size; + size_t ext; u_char *pos; u_char *dst; u_char buf[4]; ngx_str_t host; + ngx_str_t alpn; ngx_log_t *log; ngx_pool_t *pool; ngx_uint_t state; @@ -32,6 +34,8 @@ ngx_stream_ssl_preread_ctx_t *ctx, u_char *pos, u_char *last); static ngx_int_t ngx_stream_ssl_preread_server_name_variable( ngx_stream_session_t *s, ngx_stream_variable_value_t *v, uintptr_t data); +static ngx_int_t ngx_stream_ssl_preread_alpn_protocols_variable( + ngx_stream_session_t *s, ngx_stream_variable_value_t *v, uintptr_t data); static ngx_int_t ngx_stream_ssl_preread_add_variables(ngx_conf_t *cf); static void *ngx_stream_ssl_preread_create_srv_conf(ngx_conf_t *cf); static char *ngx_stream_ssl_preread_merge_srv_conf(ngx_conf_t *cf, void *parent, @@ -85,6 +89,9 @@ { ngx_string("ssl_preread_server_name"), NULL, ngx_stream_ssl_preread_server_name_variable, 0, 0, 0 }, + { ngx_string("ssl_preread_alpn_protocols"), NULL, + ngx_stream_ssl_preread_alpn_protocols_variable, 0, 0, 0 }, + ngx_stream_null_variable }; @@ -139,12 +146,14 @@ if (p[0] != 0x16) { ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0, "ssl preread: not a handshake"); + ngx_stream_set_ctx(s, NULL, ngx_stream_ssl_preread_module); return NGX_DECLINED; } if (p[1] != 3) { ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0, "ssl preread: unsupported SSL version"); + ngx_stream_set_ctx(s, NULL, ngx_stream_ssl_preread_module); return NGX_DECLINED; } @@ -158,6 +167,12 @@ p += 5; rc = ngx_stream_ssl_preread_parse_record(ctx, p, p + len); + + if (rc == NGX_DECLINED) { + ngx_stream_set_ctx(s, NULL, ngx_stream_ssl_preread_module); + return NGX_DECLINED; + } + if (rc != NGX_AGAIN) { return rc; } @@ -175,7 +190,7 @@ ngx_stream_ssl_preread_parse_record(ngx_stream_ssl_preread_ctx_t *ctx, u_char *pos, u_char *last) { - size_t left, n, size; + size_t left, n, size, ext; u_char *dst, *p; enum { @@ -192,7 +207,10 @@ sw_ext_header, /* extension_type, extension_data length */ sw_sni_len, /* SNI length */ sw_sni_host_head, /* SNI name_type, host_name length */ - sw_sni_host /* SNI host_name */ + sw_sni_host, /* SNI host_name */ + sw_alpn_len, /* ALPN length */ + sw_alpn_proto_len, /* ALPN protocol_name length */ + sw_alpn_proto_data /* ALPN protocol_name */ } state; ngx_log_debug2(NGX_LOG_DEBUG_STREAM, ctx->log, 0, @@ -201,6 +219,7 @@ state = ctx->state; size = ctx->size; left = ctx->left; + ext = ctx->ext; dst = ctx->dst; p = ctx->buf; @@ -299,10 +318,18 @@ break; case sw_ext_header: - if (p[0] == 0 && p[1] == 0) { + if (p[0] == 0 && p[1] == 0 && ctx->host.data == NULL) { /* SNI extension */ state = sw_sni_len; - dst = NULL; + dst = p; + size = 2; + break; + } + + if (p[0] == 0 && p[1] == 16 && ctx->alpn.data == NULL) { + /* ALPN extension */ + state = sw_alpn_len; + dst = p; size = 2; break; } @@ -313,6 +340,7 @@ break; case sw_sni_len: + ext = (p[0] << 8) + p[1]; state = sw_sni_host_head; dst = p; size = 3; @@ -325,14 +353,21 @@ return NGX_DECLINED; } - state = sw_sni_host; size = (p[1] << 8) + p[2]; + if (ext < 3 + size) { + ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0, + "ssl preread: SNI format error"); + return NGX_DECLINED; + } + ext -= 3 + size; + ctx->host.data = ngx_pnalloc(ctx->pool, size); if (ctx->host.data == NULL) { return NGX_ERROR; } + state = sw_sni_host; dst = ctx->host.data; break; @@ -341,19 +376,77 @@ ngx_log_debug1(NGX_LOG_DEBUG_STREAM, ctx->log, 0, "ssl preread: SNI hostname \"%V\"", &ctx->host); - return NGX_OK; + + state = sw_ext; + dst = NULL; + size = ext; + break; + + case sw_alpn_len: + ext = (p[0] << 8) + p[1]; + + ctx->alpn.data = ngx_pnalloc(ctx->pool, ext); + if (ctx->alpn.data == NULL) { + return NGX_ERROR; + } + + state = sw_alpn_proto_len; + dst = p; + size = 1; + break; + + case sw_alpn_proto_len: + size = p[0]; + + if (size == 0) { + ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0, + "ssl preread: ALPN empty protocol"); + return NGX_DECLINED; + } + + if (ext < 1 + size) { + ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0, + "ssl preread: ALPN format error"); + return NGX_DECLINED; + } + ext -= 1 + size; + + state = sw_alpn_proto_data; + dst = ctx->alpn.data + ctx->alpn.len; + break; + + case sw_alpn_proto_data: + ctx->alpn.len += p[0]; + + ngx_log_debug1(NGX_LOG_DEBUG_STREAM, ctx->log, 0, + "ssl preread: ALPN protocols \"%V\"", &ctx->alpn); + + if (ext) { + ctx->alpn.data[ctx->alpn.len++] = ','; + + state = sw_alpn_proto_len; + dst = p; + size = 1; + break; + } + + state = sw_ext; + dst = NULL; + size = 0; + break; } if (left < size) { - ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0, - "ssl preread: failed to parse handshake"); - return NGX_DECLINED; + ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0, + "ssl preread: failed to parse handshake"); + return NGX_DECLINED; } } ctx->state = state; ctx->size = size; ctx->left = left; + ctx->ext = ext; ctx->dst = dst; return NGX_AGAIN; @@ -381,6 +474,29 @@ return NGX_OK; } + + +static ngx_int_t +ngx_stream_ssl_preread_alpn_protocols_variable(ngx_stream_session_t *s, + ngx_variable_value_t *v, uintptr_t data) +{ + ngx_stream_ssl_preread_ctx_t *ctx; + + ctx = ngx_stream_get_module_ctx(s, ngx_stream_ssl_preread_module); + + if (ctx == NULL) { + v->not_found = 1; + return NGX_OK; + } + + v->valid = 1; + v->no_cacheable = 0; + v->not_found = 0; + v->len = ctx->alpn.len; + v->data = ctx->alpn.data; + + return NGX_OK; +} static ngx_int_t | ||
| [+] | Changed | _service:download_url:nginx-1.14.0.tar.gz/src/stream/ngx_stream_variables.c ^ |
| @@ -161,7 +161,9 @@ return NULL; } - v->flags &= flags | ~NGX_STREAM_VAR_WEAK; + if (!(flags & NGX_STREAM_VAR_WEAK)) { + v->flags &= ~NGX_STREAM_VAR_WEAK; + } return v; } @@ -227,7 +229,9 @@ return NULL; } - v->flags &= flags | ~NGX_STREAM_VAR_WEAK; + if (!(flags & NGX_STREAM_VAR_WEAK)) { + v->flags &= ~NGX_STREAM_VAR_WEAK; + } return v; } | ||
| Deleted | _service:download_url:openssl-1.1.0g.tar.gz ^ | |
| Added | _service:download_url:openssl-1.1.0h.tar.gz ^ | |
| Added | naxsi-0.56rc1.tar.gz ^ | |
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git ^ |
| -(directory) | ||
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/HEAD ^ |
| @@ -1 +0,0 @@ -ref: refs/heads/master | ||
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/config ^ |
| @@ -1,12 +0,0 @@ -[core] - repositoryformatversion = 0 - filemode = true - bare = false - logallrefupdates = true - ignorecase = true -[remote "origin"] - fetch = +refs/heads/*:refs/remotes/origin/* - url = https://github.com/arut/nginx-rtmp-module.git -[branch "master"] - remote = origin - merge = refs/heads/master | ||
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/description ^ |
| @@ -1 +0,0 @@ -Unnamed repository; edit this file 'description' to name the repository. | ||
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/hooks ^ |
| -(directory) | ||
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/applypatch-msg.sample ^ |
| @@ -1,15 +0,0 @@ -#!/bin/sh -# -# An example hook script to check the commit log message taken by -# applypatch from an e-mail message. -# -# The hook should exit with non-zero status after issuing an -# appropriate message if it wants to stop the commit. The hook is -# allowed to edit the commit message file. -# -# To enable this hook, rename this file to "applypatch-msg". - -. git-sh-setup -test -x "$GIT_DIR/hooks/commit-msg" && - exec "$GIT_DIR/hooks/commit-msg" ${1+"$@"} -: | ||
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/commit-msg.sample ^ |
| @@ -1,24 +0,0 @@ -#!/bin/sh -# -# An example hook script to check the commit log message. -# Called by "git commit" with one argument, the name of the file -# that has the commit message. The hook should exit with non-zero -# status after issuing an appropriate message if it wants to stop the -# commit. The hook is allowed to edit the commit message file. -# -# To enable this hook, rename this file to "commit-msg". - -# Uncomment the below to add a Signed-off-by line to the message. -# Doing this in a hook is a bad idea in general, but the prepare-commit-msg -# hook is more suited to it. -# -# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p') -# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1" - -# This example catches duplicate Signed-off-by lines. - -test "" = "$(grep '^Signed-off-by: ' "$1" | - sort | uniq -c | sed -e '/^[ ]*1[ ]/d')" || { - echo >&2 Duplicate Signed-off-by lines. - exit 1 -} | ||
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/post-update.sample ^ |
| @@ -1,8 +0,0 @@ -#!/bin/sh -# -# An example hook script to prepare a packed repository for use over -# dumb transports. -# -# To enable this hook, rename this file to "post-update". - -exec git update-server-info | ||
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/pre-applypatch.sample ^ |
| @@ -1,14 +0,0 @@ -#!/bin/sh -# -# An example hook script to verify what is about to be committed -# by applypatch from an e-mail message. -# -# The hook should exit with non-zero status after issuing an -# appropriate message if it wants to stop the commit. -# -# To enable this hook, rename this file to "pre-applypatch". - -. git-sh-setup -test -x "$GIT_DIR/hooks/pre-commit" && - exec "$GIT_DIR/hooks/pre-commit" ${1+"$@"} -: | ||
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/pre-commit.sample ^ |
| @@ -1,50 +0,0 @@ -#!/bin/sh -# -# An example hook script to verify what is about to be committed. -# Called by "git commit" with no arguments. The hook should -# exit with non-zero status after issuing an appropriate message if -# it wants to stop the commit. -# -# To enable this hook, rename this file to "pre-commit". - -if git rev-parse --verify HEAD >/dev/null 2>&1 -then - against=HEAD -else - # Initial commit: diff against an empty tree object - against=4b825dc642cb6eb9a060e54bf8d69288fbee4904 -fi - -# If you want to allow non-ascii filenames set this variable to true. -allownonascii=$(git config hooks.allownonascii) - -# Redirect output to stderr. -exec 1>&2 - -# Cross platform projects tend to avoid non-ascii filenames; prevent -# them from being added to the repository. We exploit the fact that the -# printable range starts at the space character and ends with tilde. -if [ "$allownonascii" != "true" ] && - # Note that the use of brackets around a tr range is ok here, (it's - # even required, for portability to Solaris 10's /usr/bin/tr), since - # the square bracket bytes happen to fall in the designated range. - test $(git diff --cached --name-only --diff-filter=A -z $against | - LC_ALL=C tr -d '[ -~]\0' | wc -c) != 0 -then - echo "Error: Attempt to add a non-ascii file name." - echo - echo "This can cause problems if you want to work" - echo "with people on other platforms." - echo - echo "To be portable it is advisable to rename the file ..." - echo - echo "If you know what you are doing you can disable this" - echo "check using:" - echo - echo " git config hooks.allownonascii true" - echo - exit 1 -fi - -# If there are whitespace errors, print the offending file names and fail. -exec git diff-index --check --cached $against -- | ||
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/pre-rebase.sample ^ |
| @@ -1,169 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2006, 2008 Junio C Hamano -# -# The "pre-rebase" hook is run just before "git rebase" starts doing -# its job, and can prevent the command from running by exiting with -# non-zero status. -# -# The hook is called with the following parameters: -# -# $1 -- the upstream the series was forked from. -# $2 -- the branch being rebased (or empty when rebasing the current branch). -# -# This sample shows how to prevent topic branches that are already -# merged to 'next' branch from getting rebased, because allowing it -# would result in rebasing already published history. - -publish=next -basebranch="$1" -if test "$#" = 2 -then - topic="refs/heads/$2" -else - topic=`git symbolic-ref HEAD` || - exit 0 ;# we do not interrupt rebasing detached HEAD -fi - -case "$topic" in -refs/heads/??/*) - ;; -*) - exit 0 ;# we do not interrupt others. - ;; -esac - -# Now we are dealing with a topic branch being rebased -# on top of master. Is it OK to rebase it? - -# Does the topic really exist? -git show-ref -q "$topic" || { - echo >&2 "No such branch $topic" - exit 1 -} - -# Is topic fully merged to master? -not_in_master=`git rev-list --pretty=oneline ^master "$topic"` -if test -z "$not_in_master" -then - echo >&2 "$topic is fully merged to master; better remove it." - exit 1 ;# we could allow it, but there is no point. -fi - -# Is topic ever merged to next? If so you should not be rebasing it. -only_next_1=`git rev-list ^master "^$topic" ${publish} | sort` -only_next_2=`git rev-list ^master ${publish} | sort` -if test "$only_next_1" = "$only_next_2" -then - not_in_topic=`git rev-list "^$topic" master` - if test -z "$not_in_topic" - then - echo >&2 "$topic is already up-to-date with master" - exit 1 ;# we could allow it, but there is no point. - else - exit 0 - fi -else - not_in_next=`git rev-list --pretty=oneline ^${publish} "$topic"` - /usr/bin/perl -e ' - my $topic = $ARGV[0]; - my $msg = "* $topic has commits already merged to public branch:\n"; - my (%not_in_next) = map { - /^([0-9a-f]+) /; - ($1 => 1); - } split(/\n/, $ARGV[1]); - for my $elem (map { - /^([0-9a-f]+) (.*)$/; - [$1 => $2]; - } split(/\n/, $ARGV[2])) { - if (!exists $not_in_next{$elem->[0]}) { - if ($msg) { - print STDERR $msg; - undef $msg; - } - print STDERR " $elem->[1]\n"; - } - } - ' "$topic" "$not_in_next" "$not_in_master" - exit 1 -fi - -exit 0 - -################################################################ - -This sample hook safeguards topic branches that have been -published from being rewound. - -The workflow assumed here is: - - * Once a topic branch forks from "master", "master" is never - merged into it again (either directly or indirectly). - - * Once a topic branch is fully cooked and merged into "master", - it is deleted. If you need to build on top of it to correct - earlier mistakes, a new topic branch is created by forking at - the tip of the "master". This is not strictly necessary, but - it makes it easier to keep your history simple. - - * Whenever you need to test or publish your changes to topic - branches, merge them into "next" branch. - -The script, being an example, hardcodes the publish branch name -to be "next", but it is trivial to make it configurable via -$GIT_DIR/config mechanism. - -With this workflow, you would want to know: - -(1) ... if a topic branch has ever been merged to "next". Young - topic branches can have stupid mistakes you would rather - clean up before publishing, and things that have not been - merged into other branches can be easily rebased without - affecting other people. But once it is published, you would - not want to rewind it. - -(2) ... if a topic branch has been fully merged to "master". - Then you can delete it. More importantly, you should not - build on top of it -- other people may already want to - change things related to the topic as patches against your - "master", so if you need further changes, it is better to - fork the topic (perhaps with the same name) afresh from the - tip of "master". - -Let's look at this example: - - o---o---o---o---o---o---o---o---o---o "next" - / / / / - / a---a---b A / / - / / / / - / / c---c---c---c B / - / / / \ / - / / / b---b C \ / - / / / / \ / - ---o---o---o---o---o---o---o---o---o---o---o "master" - - -A, B and C are topic branches. - - * A has one fix since it was merged up to "next". - - * B has finished. It has been fully merged up to "master" and "next", - and is ready to be deleted. - - * C has not merged to "next" at all. - -We would want to allow C to be rebased, refuse A, and encourage -B to be deleted. - -To compute (1): - - git rev-list ^master ^topic next - git rev-list ^master next - - if these match, topic has not merged in next at all. - -To compute (2): - - git rev-list master..topic - - if this is empty, it is fully merged to "master". | ||
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/prepare-commit-msg.sample ^ |
| @@ -1,36 +0,0 @@ -#!/bin/sh -# -# An example hook script to prepare the commit log message. -# Called by "git commit" with the name of the file that has the -# commit message, followed by the description of the commit -# message's source. The hook's purpose is to edit the commit -# message file. If the hook fails with a non-zero status, -# the commit is aborted. -# -# To enable this hook, rename this file to "prepare-commit-msg". - -# This hook includes three examples. The first comments out the -# "Conflicts:" part of a merge commit. -# -# The second includes the output of "git diff --name-status -r" -# into the message, just before the "git status" output. It is -# commented because it doesn't cope with --amend or with squashed -# commits. -# -# The third example adds a Signed-off-by line to the message, that can -# still be edited. This is rarely a good idea. - -case "$2,$3" in - merge,) - /usr/bin/perl -i.bak -ne 's/^/# /, s/^# #/#/ if /^Conflicts/ .. /#/; print' "$1" ;; - -# ,|template,) -# /usr/bin/perl -i.bak -pe ' -# print "\n" . `git diff --cached --name-status -r` -# if /^#/ && $first++ == 0' "$1" ;; - - *) ;; -esac - -# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p') -# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1" | ||
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/hooks/update.sample ^ |
| @@ -1,128 +0,0 @@ -#!/bin/sh -# -# An example hook script to blocks unannotated tags from entering. -# Called by "git receive-pack" with arguments: refname sha1-old sha1-new -# -# To enable this hook, rename this file to "update". -# -# Config -# ------ -# hooks.allowunannotated -# This boolean sets whether unannotated tags will be allowed into the -# repository. By default they won't be. -# hooks.allowdeletetag -# This boolean sets whether deleting tags will be allowed in the -# repository. By default they won't be. -# hooks.allowmodifytag -# This boolean sets whether a tag may be modified after creation. By default -# it won't be. -# hooks.allowdeletebranch -# This boolean sets whether deleting branches will be allowed in the -# repository. By default they won't be. -# hooks.denycreatebranch -# This boolean sets whether remotely creating branches will be denied -# in the repository. By default this is allowed. -# - -# --- Command line -refname="$1" -oldrev="$2" -newrev="$3" - -# --- Safety check -if [ -z "$GIT_DIR" ]; then - echo "Don't run this script from the command line." >&2 - echo " (if you want, you could supply GIT_DIR then run" >&2 - echo " $0 <ref> <oldrev> <newrev>)" >&2 - exit 1 -fi - -if [ -z "$refname" -o -z "$oldrev" -o -z "$newrev" ]; then - echo "Usage: $0 <ref> <oldrev> <newrev>" >&2 - exit 1 -fi - -# --- Config -allowunannotated=$(git config --bool hooks.allowunannotated) -allowdeletebranch=$(git config --bool hooks.allowdeletebranch) -denycreatebranch=$(git config --bool hooks.denycreatebranch) -allowdeletetag=$(git config --bool hooks.allowdeletetag) -allowmodifytag=$(git config --bool hooks.allowmodifytag) - -# check for no description -projectdesc=$(sed -e '1q' "$GIT_DIR/description") -case "$projectdesc" in -"Unnamed repository"* | "") - echo "*** Project description file hasn't been set" >&2 - exit 1 - ;; -esac - -# --- Check types -# if $newrev is 0000...0000, it's a commit to delete a ref. -zero="0000000000000000000000000000000000000000" -if [ "$newrev" = "$zero" ]; then - newrev_type=delete -else - newrev_type=$(git cat-file -t $newrev) -fi - -case "$refname","$newrev_type" in - refs/tags/*,commit) - # un-annotated tag - short_refname=${refname##refs/tags/} - if [ "$allowunannotated" != "true" ]; then - echo "*** The un-annotated tag, $short_refname, is not allowed in this repository" >&2 - echo "*** Use 'git tag [ -a | -s ]' for tags you want to propagate." >&2 - exit 1 - fi - ;; - refs/tags/*,delete) - # delete tag - if [ "$allowdeletetag" != "true" ]; then - echo "*** Deleting a tag is not allowed in this repository" >&2 - exit 1 - fi - ;; - refs/tags/*,tag) - # annotated tag - if [ "$allowmodifytag" != "true" ] && git rev-parse $refname > /dev/null 2>&1 - then - echo "*** Tag '$refname' already exists." >&2 - echo "*** Modifying a tag is not allowed in this repository." >&2 - exit 1 - fi - ;; - refs/heads/*,commit) - # branch - if [ "$oldrev" = "$zero" -a "$denycreatebranch" = "true" ]; then - echo "*** Creating a branch is not allowed in this repository" >&2 - exit 1 - fi - ;; - refs/heads/*,delete) - # delete branch - if [ "$allowdeletebranch" != "true" ]; then - echo "*** Deleting a branch is not allowed in this repository" >&2 - exit 1 - fi - ;; - refs/remotes/*,commit) - # tracking branch - ;; - refs/remotes/*,delete) - # delete tracking branch - if [ "$allowdeletebranch" != "true" ]; then - echo "*** Deleting a tracking branch is not allowed in this repository" >&2 - exit 1 - fi - ;; - *) - # Anything else (is there anything else?) - echo "*** Update hook: unknown type of update to ref $refname of type $newrev_type" >&2 - exit 1 - ;; -esac - -# --- Finished -exit 0 | ||
| Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/index ^ | |
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/info ^ |
| -(directory) | ||
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/info/exclude ^ |
| @@ -1,6 +0,0 @@ -# git ls-files --others --exclude-from=.git/info/exclude -# Lines that start with '#' are comments. -# For a project mostly in C, the following would be a good set of -# exclude patterns (uncomment them if you want to use them): -# *.[oa] -# *~ | ||
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/logs ^ |
| -(directory) | ||
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/logs/HEAD ^ |
| @@ -1 +0,0 @@ -0000000000000000000000000000000000000000 5150993accb5edefa61d71e1c81ad8c02f515428 U-arrakis\jg <jg@arrakis.(none)> 1481905161 +0100 clone: from https://github.com/arut/nginx-rtmp-module.git | ||
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/logs/refs ^ |
| -(directory) | ||
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/logs/refs/heads ^ |
| -(directory) | ||
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/logs/refs/heads/master ^ |
| @@ -1 +0,0 @@ -0000000000000000000000000000000000000000 5150993accb5edefa61d71e1c81ad8c02f515428 U-arrakis\jg <jg@arrakis.(none)> 1481905161 +0100 clone: from https://github.com/arut/nginx-rtmp-module.git | ||
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/objects ^ |
| -(directory) | ||
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/objects/info ^ |
| -(directory) | ||
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/objects/pack ^ |
| -(directory) | ||
| Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/objects/pack/pack-3912c9200a41c4fbd876afb583ab7ecb4733401b.idx ^ | |
| Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/objects/pack/pack-3912c9200a41c4fbd876afb583ab7ecb4733401b.pack ^ | |
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/packed-refs ^ |
| @@ -1,369 +0,0 @@ -# pack-refs with: peeled -406d3a9527e08ea148e7c10ffa4009e0e5070b11 refs/remotes/origin/access-log -e19ff641b06d3abd30b3bad5cfb491d158835713 refs/remotes/origin/aggregate -eee52d83c4bdafe712685be06822acb051d407a7 refs/remotes/origin/async-client-handshake -87686029aa2cfddfea765c626be7161981583482 refs/remotes/origin/atc -3d5f6df7311594b051fdd26d3ae120d4ae708bb4 refs/remotes/origin/atc-only -3c2e29f215fb09e5b4cb29040d1e5e092ce73849 refs/remotes/origin/auto-push -f39d3f66a3ea6bb15b50737b90004b12056a3ad1 refs/remotes/origin/avc-parser -205664d8c5e040a61b36ae0b74ddf17bc16d2150 refs/remotes/origin/big-endian -10bcbf0e8daf38e3f3569ba84050f85fd46dd2d0 refs/remotes/origin/big-hls-buffer -fad4f4717b47ab368d80ff480f2889631edc6521 refs/remotes/origin/big-nal-buffer -f6ccfb6fa1d05d3babc1bb20ca7003802f85f2f0 refs/remotes/origin/chunksizefix -d9579d627d727d8ad5edd2a0054f66324bebd459 refs/remotes/origin/close-stream -aeae84bf8babcd7130f71b5941834eeb4fafa61a refs/remotes/origin/cmd-handler-init -ebc47f03a43758c4f44ae90c193f4111f9ab1e16 refs/remotes/origin/codec -cb4623aa4f7e6c2d1cb4c9c9f55ea6107f3a3985 refs/remotes/origin/const-fix -0b757e8a49480a88f5e051f6590f25e6c4de3288 refs/remotes/origin/control -ef424df677eb545ba5277649ee99fbea7e38bb55 refs/remotes/origin/control-director -5e5dd797c2307b40a11409df806f07a427b3cd57 refs/remotes/origin/control-redirect -b07e0e2dee3a2019dc2be34591b1c4e27730b2a0 refs/remotes/origin/dash -e8081fd94f1d7ae4483f0a5ca002af8a79d447eb refs/remotes/origin/dash-discont -fe4877f2168e7e62d6a45cb26708d662f0416961 refs/remotes/origin/dash-timeline -39717828d67359329797d0ab5f297162b5d5e248 refs/remotes/origin/default-buflen -90f985fa2f015e8bdfe92a9b57a5d04b779d7be1 refs/remotes/origin/defclose -63d19ada51b6a1932e1cd73d9895a08cb1ae7827 refs/remotes/origin/drop-old-publisher -6c79085d5c4203d11d9aa53d456ef7195de8cdc4 refs/remotes/origin/drop-restart -fe8bf2d6974834ab346b82533151bc953fdfaa7b refs/remotes/origin/drop-restart-mstat -52c2ef3f91569c3b1c10a40fd1bf56bb4dc1d9de refs/remotes/origin/enotify -57a96ac2bc1812188aa81237ad582ca115f4391f refs/remotes/origin/envivo-fix -87686029aa2cfddfea765c626be7161981583482 refs/remotes/origin/exec-fix -67aa7d5d0da67a43683e8b05467afbdff5622532 refs/remotes/origin/exec-init -f79aa206ec572c225c8bd32b5c2b1d7cc5ede692 refs/remotes/origin/exec-logging -b62651efbdcaa77f7836ef5c52ddccfdf9ca473f refs/remotes/origin/exec-pull -a6913ea68ad017eff14d098f4086c5dafae12af6 refs/remotes/origin/exec-pull-ext -8c39b37131d150f152aa21a03f076501f39bf4a1 refs/remotes/origin/exec-static -5e55f62b88f439dc1fbe311060bef53dfcfbc42e refs/remotes/origin/fast-start -0210f7ca83f8fd65261c4b9040743edf30a258fc refs/remotes/origin/flv-append-fix -fac68de376a2e20aed5627681ffc90d6374bf295 refs/remotes/origin/flv-header-mask -b31539ce95d2f84ce8be22b9d11cb4abcd3cb90a refs/remotes/origin/fmle-reset-byte-counter -990222d643b30a3c9e0db31209416ae9b47e16d3 refs/remotes/origin/fmle-time-fix -cbccd06babfc66ab920e7e2331d125516715f709 refs/remotes/origin/freebsd-auto-push -6f2808c7d11564e2269e9f64b9671f8c080c893d refs/remotes/origin/get-notify -12a0d39bed54bfb3c30272d8d1328d74378853ce refs/remotes/origin/gh-pages -76211a4bd254e5145d38c0275ad790dc9fac8fd4 refs/remotes/origin/good-logger -ec282438514e88f7267653728b42c77e3df23bc3 refs/remotes/origin/handshakefix -d34c6393f6ff22ef6cff6cb2c4ef7c1fe6cd35fa refs/remotes/origin/hls-async-delete -49a3ee0dc6d5b85fe1164995c8d94424a0971838 refs/remotes/origin/hls-base-url -4906e816bec876e3e81b129622de3f5e430dcc32 refs/remotes/origin/hls-continuous -764a039c5856bb8bfb251ff15f4c95cf1c82e54b refs/remotes/origin/hls-debug -a43bafe3de4641268d04f9105f6ef409abb8ede2 refs/remotes/origin/hls-discont-fix -8acacd0d7906820039bc5e1e22a4ba332caada3e refs/remotes/origin/hls-encrypt -7500b4bd90fc942468f94dd3a12dbcdf9c3199a6 refs/remotes/origin/hls-encrypt-auto -78dcfbcc359f8275a55b7a14d6228e9928c75816 refs/remotes/origin/hls-ensure-directory -737ea5ce34c8270479811acfacba02112e202625 refs/remotes/origin/hls-event -546c42efeb910fb6b7b592293f5737324ddd606a refs/remotes/origin/hls-granularity -2ed36a2611c1674d495f754ef3066c4a8bf98aa3 refs/remotes/origin/hls-nocache -21174b2ee743c9ea1a0bccb46436c56c871febd3 refs/remotes/origin/hls-nocrackle -6298aa7e1d95df8b806a262196a6589159284c74 refs/remotes/origin/hls-offset-fix -059dba448ddeed901d06f825ed84e5e85c0f64cc refs/remotes/origin/hls-read-playlist -0aaf2a625903ba6d4d9e1e761a0e866215149994 refs/remotes/origin/hls-restart -2bb16425da9b593f5f9568f7c91bf06a5a1012f1 refs/remotes/origin/hls-restart-on-audio -3d54d69e252bb537dc8fb03cc96ada084bd5da8d refs/remotes/origin/hls-trailer -4ff1bd09fcbd8a77618bd528fd8d32fb72bd2661 refs/remotes/origin/hls-ts-discont -2f1091679b60b8741e59f257ac2c59905cec8206 refs/remotes/origin/hls-variant -dc698edf242a1ba6d806571e2b32e50fb4d6fcae refs/remotes/origin/hlslight -7b88858b44371ae03d29052fe6d398750fba851e refs/remotes/origin/http -050a4e7586552003baff9dd920d28d51eaf8ab22 refs/remotes/origin/idle-streams -3fc1598db94b234b2ec5f368c34c5d3e877040a0 refs/remotes/origin/init_queue -d9d749af5b156ea2b4623f7e8d0efa5139885924 refs/remotes/origin/interleave -5150993accb5edefa61d71e1c81ad8c02f515428 refs/remotes/origin/master -67443c28b4aff60023ce143475c2d287c264f2f7 refs/remotes/origin/meta-copy -266e206afcda93cf2880e660fb796eb99fb6df6c refs/remotes/origin/mixed-codecs -58491f8feddbe801557704dd1d1ac9d0950cdf3f refs/remotes/origin/mp4 -af5703b35756667eb008bdffb22626616bbae020 refs/remotes/origin/mp4-choose-track -3f9451fdfd2707e91536bb3b942cd0a8202ebc31 refs/remotes/origin/mpeg-dash -05a23dbc8b8a23bcb49ea71978239ab1e2e79d5d refs/remotes/origin/mstat -cbe760aa8ad43d3908b7c9408d7f3946747981b1 refs/remotes/origin/msvc-fix1 -4ec43349ad5e16a9216844430695a3479ff6d558 refs/remotes/origin/multi-pull -004accda9aef265eb1b4df39846156e6892d6a30 refs/remotes/origin/multi-record -41515325899813d996e092ce4219204cec56ae3a refs/remotes/origin/multiplay -4ec43349ad5e16a9216844430695a3479ff6d558 refs/remotes/origin/multipull -1894d333aa9fd76e857532efe6c64d343df137e7 refs/remotes/origin/native-hls -e22ca286044d343745a4a28b15c6298f80a9fb61 refs/remotes/origin/native-hls-rr -b5461f61c6833aee803b5134f2285aa652978e09 refs/remotes/origin/new-live -903abb6646153c9eca2697727231d46804a0c1b7 refs/remotes/origin/new-live2 -02dd440a25097e8528d9cdfa85132b6920649547 refs/remotes/origin/new-live3 -22de95e634b92e23eae85134c05e54c98404e34f refs/remotes/origin/new-relay -7b5c5e99327c19600ab2bab89960ba217be52949 refs/remotes/origin/new-stat -591d7f5f3f0a2381f466f578a768ff19344cfbb0 refs/remotes/origin/newhandshake -cbaff8f1df7c7eabc9474909104f8f4f05324930 refs/remotes/origin/notify-addr -7f7fcc8d5c0e8468db2b37de9a4ef3ec392c52a7 refs/remotes/origin/notify-redirect -8d28f7f1de08a81ce356f55c6e29141369bf7aec refs/remotes/origin/notify-redirect-md5 -58bd6029463c79347d45be4488a3786abe5cebb8 refs/remotes/origin/notify-relay -f89bbae2354ea09cb5d8b04d24ba4df8415e7f09 refs/remotes/origin/on-connect -62e03d710cd02043156ac86da3b07e5186c78e11 refs/remotes/origin/on-update -15405e8edde4db9e3c6b56c3a17edbf7dcd974f0 refs/remotes/origin/optsend -9788b1a5309d40809df6832e81593392f3b381a2 refs/remotes/origin/out-metadata -2fdec454604b76b40d322b83106ec1a35b98dfce refs/remotes/origin/out-queue-settings -0478c4445f26f55d33e360a91a7ab4cd57f44f3b refs/remotes/origin/pause -940ff260099958edf27eb11fe0b959e881fd5dfa refs/remotes/origin/peer-timestamp -067c73710d15f046945ada24d5ca25d50b2751c7 refs/remotes/origin/play-publish-done -5d3189ad97c87bbdac9fb455f7505d0d4d5eb058 refs/remotes/origin/play-seek -8a8f28f3b67d0177f79e754c478e845bac70eb58 refs/remotes/origin/play2 -521f8998b0cf1e197152655b214285ebde974fd3 refs/remotes/origin/play2-continue -3e25f91004b83c1a1fa25a8993cdd691f65bf658 refs/remotes/origin/postconf-handler-init -4ec43349ad5e16a9216844430695a3479ff6d558 refs/remotes/origin/preemption -a72e33ea411ed5f55df04ea9ab9dfceb09137642 refs/remotes/origin/proxy-protocol -6ab14605ba4a410b39916543302a9a9eb4d19698 refs/remotes/origin/publish-optional-type -1c2470975e4f23742d3e468649c2ad2bbfb77e7f refs/remotes/origin/publish-time-fix2 -dbc3ac2438757b23a65e1612c36b5691e7173585 refs/remotes/origin/push-reconnect -0b6a84b0b829c6794c0635dd30a2aa6712417c8f refs/remotes/origin/record-append -abc2704db1193bd993b886463063059d1ff5050e refs/remotes/origin/record-done -8658d99529384a487113bb9b80aaffd7714f16a7 refs/remotes/origin/record-keyframes -9b3471d79f43382db134b407cfce4f5b4ee24ae0 refs/remotes/origin/record-lock -f79aa206ec572c225c8bd32b5c2b1d7cc5ede692 refs/remotes/origin/record-name-format -bff1c355ec7db875972da6682e2553d65ac847ad refs/remotes/origin/record-notify -b69efd3e94113f627f25d0ab67fcd1036eab5fb1 refs/remotes/origin/reentrant-relay -1f9072bbe69e015021a31784b3ac66f0b296c911 refs/remotes/origin/relay -c9973fc68a91284c632f3afb736303d6402f6c4e refs/remotes/origin/relay-vars -7aa513cfcd5fd345ea477ea582faa8858628974d refs/remotes/origin/reltime -de2a4258d77aecdc2fab34b5857ca4529b1fe0ba refs/remotes/origin/remote-redirect -60038b6ea15ae34dc1f177625adc73ddb39eb984 refs/remotes/origin/rooms -35753c5f6221c31edad65a2f70802b856e642fe3 refs/remotes/origin/rooms2 -4a1358723a7ce288aeec9583da97166c260b38dd refs/remotes/origin/rtmp-ads -71f92aca8d631cbc800c8eed235535e0b0a52991 refs/remotes/origin/safe-amf-parser -87d1cebfe2822d75f9c97fe2487723029abc272a refs/remotes/origin/sample-access -57dd1406bd59224eea4e0aabf9dbfe4c82e6be9a refs/remotes/origin/session-relay -22de95e634b92e23eae85134c05e54c98404e34f refs/remotes/origin/shared-live-streams -5d7a5ea535ed40e7a9459967dc607bb52b10db12 refs/remotes/origin/shared_record -18e4762db29139ada9c8be4b36070005e8d01efc refs/remotes/origin/smart-drop -a8d148473db0fe5fb17e5e7527a3cafcfafb1fff refs/remotes/origin/smartos-compilation-fix -2cff2a58210c2f964f4d2ee76a8461fb81e28610 refs/remotes/origin/stat-no-underline -e3be78bc6b6f91fea27ba235a6393dee50817bcf refs/remotes/origin/stat-redesign -3bd60857bd5ea2f3024e7de248bdc3d64b58859d refs/remotes/origin/static-relay -7a35372e30dca2a10c843219597bc4bc481fdda0 refs/remotes/origin/static-relay-cleanup -882b4f15b287b3e313088a67b2a4a543fbb6511d refs/remotes/origin/static-relay2 -ac13bbf1af345532a009a88d93ac4b7869ffe456 refs/remotes/origin/sync -9b4725a01a9615dfa7133d659ff936bd69e91345 refs/remotes/origin/sync-atc -7fbfb36440d99786f3c4ecc723ae61fcdedc3ce5 refs/remotes/origin/sync-atc-fmle -466c1fdf168646d57f0f43c463ad524143917e01 refs/remotes/origin/sync-atc-fmle2 -93b669273561ebd80fbf106b8b482d28a4377b81 refs/remotes/origin/sync-enotify -c8ad56e2d232933453d54767db55e96e00dd3d6c refs/remotes/origin/video-key -6ad152ee4c43238bd6a9f71f36b8e5a1757909a0 refs/remotes/origin/video-on-demand -b6194ed6e6a01ce14026c1778148db61a9a6765e refs/remotes/origin/virtual -4adc5f7487b0bb27cf027c3e792b00821ad30ada refs/remotes/origin/vod-http -0f337fe9a482e3da10ca7e8055ae1d8a2ccb9037 refs/remotes/origin/vod-sample-access -98d959ac5374bd14123f53318e6c8a8d481ffd92 refs/remotes/origin/vod-seek -770e67b1f33134c7db41e99f27ef167b16be8032 refs/remotes/origin/vod-stat -5db5d5af24af798f698fcc0f6eeecbac52932139 refs/remotes/origin/vod-stat2 -658f5ec639e290476f19eb91f371e2bf453616c0 refs/remotes/origin/win -289ee42c53f49728eb134f2226a2ef9ca7a32414 refs/remotes/origin/win1 -92d4c071d91b9de67e7293efcb72ad97c28285a7 refs/tags/freebsd-native-hls -^1894d333aa9fd76e857532efe6c64d343df137e7 -316b05d54e7e290546872cb26ad5b431b2a935af refs/tags/v0.0.1 -^eda826a386f10109816c57db9ed0908bdca92330 -2ba5b409dfac19e28befd698e0e03ea8f3799517 refs/tags/v0.0.10 -^d943d519754d1c08073298114807a8afb154d07f -f00415d4264d303b1a2771a3c6a36c026217e000 refs/tags/v0.0.11 -^bcd601832a0a2dc968621e065f1dbeaa14b77bb6 -3080d5f1e2f6e7b4da23585fb538152cbe91bf77 refs/tags/v0.0.12 -^caec91b85772dc5e078a3152cb6ed436c26bfbc3 -740f8034ec343eeab3c19c5e777fc1af05af12e5 refs/tags/v0.0.13 -^d3c5ad11969c6bfba083a33c5c7540d79692ab0a -18719a9ae0332480c80acac56b54e87b6131f46c refs/tags/v0.0.14 -^cf1976cd05a6e73cdf5fb1506f84508a297688b6 -903e750ce238efa3cde37a40a00c83d0efa7190b refs/tags/v0.0.15 -^6295147db1d44c9e8430b09cf2bf3d0a43c16b56 -93cd6b10d401382dfc8f740dd8e995fc5241eacc refs/tags/v0.0.16 -^359c346d3516403f5545dac0e9d8fe57ff09238e -88536319dc71fa9e8202eb000dcce7f1aa864321 refs/tags/v0.0.17 -^15405e8edde4db9e3c6b56c3a17edbf7dcd974f0 -6eba477d8578b5c488e034ab25d45e34e30636f5 refs/tags/v0.0.2 -^8204245eb223290cfed21f6748860a4bec510ed1 -4793210ff635d428fc37692d88a1107e32f3839e refs/tags/v0.0.3 -^96ebed857347b368cb78749de3515797eb0d9364 -110118d72aa68bced1a7da6d427c4a1473153f8b refs/tags/v0.0.4 -^b9ee8dbe097b2ab9cd60786c1cfa9a48237c51dd -49d4548bbc229885290915256d3b75f5d0b2863e refs/tags/v0.0.5 -^1e9a7e6efcd6990662f41e54587f27ab3f28ba87 -1c620f4121a3c4c64ccc71ca9a3aee100b702221 refs/tags/v0.0.6 -^3980a5923715131c8ac011410e63250ef5d13c93 -dbad1b31d510f290c5ebac4f073f5b7c3ef97e04 refs/tags/v0.0.7 -^7b70e9241327b93d04554cd7b8d2eeadb2acc4e6 -41ca3077bdbd20c2ddefdcc5f03a26b9ab6c358b refs/tags/v0.0.8 -^e563c3146e31eb8ce48634262435978bab26f7f0 -dc702ef73579582157563de257bf906d5ac77e18 refs/tags/v0.0.9 -^31d18ed4478684571476aed6125e942bfc738d77 -e2dcb0bea3859e6a66a7601356a7d90434d5ef4f refs/tags/v0.1.0 -^c61d7ac56f4895dc3f0513344b45d74943d4da19 -a0e0796bff7e6a33181d4cb6a1981a9889cf791c refs/tags/v0.1.1 -^f6ccfb6fa1d05d3babc1bb20ca7003802f85f2f0 -80db4c48b3cc30ad12112b5bde3831520c81a92a refs/tags/v0.1.10 -^88346934e51595118518957553316afda5a8b771 -b103795c7f1f41a51451dace848f8de085d59840 refs/tags/v0.1.11 -^45cd9825a2bb882c3b65a9c1139342bc59e40750 -8c8410a1def03c6f535110352398a0fc463d08f8 refs/tags/v0.1.12 -^63c4269a9146370db970894512523b9f3893ffad -951872e641cbebbd925c17cb8e8cc8a0289fe9cd refs/tags/v0.1.13 -^1719ef4433de03e8d95be7838a933326d717f1ee -6432ba9937589a7bbd58975d2e253a65e433e17b refs/tags/v0.1.14 -^fa3630d63d77ec4e6dcfa14a88afb5804b1b3596 -4b89a9819cc22c6ca1852613c518e0f400c6c048 refs/tags/v0.1.15 -^8def5f394543b822b6b450e79bdbf9a73f1d0a99 -40d6554b7196933e96aff91bba15f6b31c99dedb refs/tags/v0.1.2 -^4e713b75e8e3cd8f5456303e2f7f4803776f33de -a33ca7451cbd32dc2f43e01b3b87552f055a56ae refs/tags/v0.1.3 -^d82c16499de14965ff1259c457b33b5a81614c40 -dd9683b203e09b13d08e717e20304060c1d320cb refs/tags/v0.1.4 -^a4f48c5baa427c9d9093c0ceee339820c2167624 -d216f3dd61f67da413503b492af4b1f5c3e58451 refs/tags/v0.1.5 -^32279ddf26a9d9e0f34ff62d460bf4c1b14e2088 -2dab9cce52024dbf7ae3273770e159e73db21618 refs/tags/v0.1.6 -^49382c826b041589badb32b5f5f512592405a736 -c83a64c91d926c1bc5ac35036d49c31f87165466 refs/tags/v0.1.7 -^63e19f8d67d4f442f2700103c4d8ee9d137c0116 -0ab4039b703078ddacd4e70adc67b99efd946de3 refs/tags/v0.1.8 -^4bb48483be9d91a74a2efd5cb80fa136918ae466 -c9d359554132dc807d599b8d28b3193c8e37d841 refs/tags/v0.1.9 -^6143abc41803be6da47bfc4e15bbfe1d315de832 -4d20bb15480652145358c20f444f77ddbe2eeac6 refs/tags/v0.2.0 -^eb4e9e8d9033cb7c1775eec114cd7b90af26b047 -9df13315600aa2752fc99e80fb8b73a78e0f0fbf refs/tags/v0.2.1 -^1a2a8e2867f4d1cd64853bc49af9e725ee7f8343 -7e8b090de600016d965d3080b0cd6bc81eb60f67 refs/tags/v0.2.2 -^4e475cccb507951e5091f0ff5f1d4ef1903fd439 -f7f24bade80cca3a09e7286f250bb464cfab2df1 refs/tags/v0.2.3 -^295551947a187a265e5c60e6cccdf4c894a21e24 -2bf2e04da1cd97187612ba73ce9010c96393b76a refs/tags/v0.3.0 -^58491f8feddbe801557704dd1d1ac9d0950cdf3f -aded30326d7e233283346dab1258d4fdf69c31e7 refs/tags/v0.4.0 -^3c2e29f215fb09e5b4cb29040d1e5e092ce73849 -3381f10c50c161b0350ca8030535a97f43977940 refs/tags/v0.4.1 -^067c73710d15f046945ada24d5ca25d50b2751c7 -943ca88b8160225ef8decfab7aa3c6ba40c012a7 refs/tags/v0.4.2 -^ff247dafff1cab945c85ceefcf97d76fa1972c0e -2864097d4bf7e81a95bc85d133121beaf8262fc9 refs/tags/v0.4.3 -^ed5f06db8a90746059730fe8b55cf9ddc64ca67e -ed9bef4dc07d34078749b79d072cde59f385084a refs/tags/v0.5.0 -^abc2704db1193bd993b886463063059d1ff5050e -eb94d37c69842eb563fa3e7c9cc286cc942fd2e8 refs/tags/v0.5.1 -^6485716fb4734d5fc25ba12d849e2dedab63707d -0b020f1757f052a24a4d4c2061fcc4f8e1dbd440 refs/tags/v0.5.2 -^87686029aa2cfddfea765c626be7161981583482 -053bdc9277034a6db7edcc3d46c042ab8c62989b refs/tags/v0.5.3 -^cc632eb6b683eacdced09bfbe905e510779d5efc -307f468efdffa4ad07e79c0e39eab9f9eb195307 refs/tags/v0.5.4 -^bff1c355ec7db875972da6682e2553d65ac847ad -98438d54995ad4d11d7a020ff6b77919ca368448 refs/tags/v0.6.0 -^72d175ed7f5dfb4874ac6e002b737d866a0553d7 -f1eeb39f851366614b7dc1afa1fba21e1595475f refs/tags/v0.6.1 -^21174b2ee743c9ea1a0bccb46436c56c871febd3 -2b20008d1f3cb4b357d74ee288e2c00ac801d415 refs/tags/v0.6.2 -^795c1538a3602d5eedf7617c6d13c775721a66b9 -6b1f2547203b946cbac8c60bd86e5f04ad1a9a1d refs/tags/v0.6.3 -^c86e30fd270103b00c244f136c8780fb3a51b921 -d623935695e9ac6418a1baa24283bd35a42fef81 refs/tags/v0.6.4 -^f65f07deb32565b144e22faece57638f8961d62f -d3a7be773484e670119dfa20ff56cb0a91a8554f refs/tags/v0.6.5 -^4adc5f7487b0bb27cf027c3e792b00821ad30ada -293ebabd1220ec4615e2eb89d19ca3e7a381d1a3 refs/tags/v0.7.0 -^101b43a478bb44018733e75a3bf3b1f8adc5b2e5 -4b12afb07c889648864458c3a6096dc274c7420e refs/tags/v0.7.1 -^98d959ac5374bd14123f53318e6c8a8d481ffd92 -eb5ccb5fb1f735b82da3a43ee0d8d398bd932840 refs/tags/v0.7.2 -^6f2808c7d11564e2269e9f64b9671f8c080c893d -23fe9e844ecafd18a5d713618a36fb68846db951 refs/tags/v0.7.3 -^62e03d710cd02043156ac86da3b07e5186c78e11 -09b1e2bab6467a8d50e37939b4d1fc0b9777adfd refs/tags/v0.7.4 -^696e488ecb089236a297939248d4616d4665d347 -fa8752466e94879be074386c2f0420640cec3b41 refs/tags/v0.8.0 -^02dd440a25097e8528d9cdfa85132b6920649547 -7c3df8e2c78a85ef7f5d2e8f100e5f54573c71c7 refs/tags/v0.8.1 -^9f4296c08382b1374018346cce3bb5d40036f47a -f8899c67c2508ded911a93117b3186df6df631bd refs/tags/v0.8.2 -^ac924d7f940f05063d7ef0503aa7f3a1576bf380 -683a29d4d0a536b6a97c07d1deeacb8cc11a6af7 refs/tags/v0.8.3 -^3d54d69e252bb537dc8fb03cc96ada084bd5da8d -2aeefa379b700de0c9c1b4ed94e186e0d1d1a580 refs/tags/v0.8.4 -^f2f28cbe487883caed333ffb4f5f7942bed64c09 -5ea2a003691a63630e6c1d492c96d6581338efb8 refs/tags/v0.8.5 -^bd562e4ff7c10cad71711828548cbb584bd4a80b -11ee9f81e8b8a077113cdf96d655d7cf9961a03d refs/tags/v0.8.6 -^e5e5766ebb51e1c36b6804fe0ddc02ee8ca19cc6 -544c73b3b27c93df0d61172c62a7eee2e8252953 refs/tags/v0.8.7 -^3eaa43a7a327646acdebe87000422c6fd086adbe -83055d17d104c267aeebda070246b0917dbfffb2 refs/tags/v0.9.0 -^406d3a9527e08ea148e7c10ffa4009e0e5070b11 -37a1511c0e7c6a1a522bab7355289a71a7876ad2 refs/tags/v0.9.1 -^ea65ac688cdd89dad65bcdc3b62d5e152b47f1ec -ee0df070f78e83f3857301aa0e4340c15743403d refs/tags/v0.9.10 -^6923889e5386abad1aa07e2c29462fc469d3a5d4 -cb5e1df91a1b8d020de63d6cbbacd9f74097a375 refs/tags/v0.9.11 -^3aa528fccd2c3500b2eeafa6589c3f8f07564186 -6d328d3291833a9991cb27df45d1c82cfc3bc5fb refs/tags/v0.9.12 -^11e3f53fd259f0297a4d8f440afceb8395b45622 -b63100856c3a795440047324aaf863c6339e859f refs/tags/v0.9.13 -^0a8f0ee6c560edc032f66a25d527e9cd7ed6b62b -e13bcdadf3b57f91e8eca678846480522eb214ba refs/tags/v0.9.14 -^612fc4dd7514b3da2ac774a6daeb7baa60314f36 -1c92b49d30e7215483d5c0c038da2d09d6ac1d16 refs/tags/v0.9.15 -^7b5c5e99327c19600ab2bab89960ba217be52949 -bc3fe7a8ebf166e5187f7bac00c70e40a9b192fe refs/tags/v0.9.16 -^c0fc4bbdccf1d328eaa098f3287e427e369517c0 -d5288d89f8c1e1c8c82218a23deedfabb845fa1c refs/tags/v0.9.17 -^f79aa206ec572c225c8bd32b5c2b1d7cc5ede692 -bce7ea3e62682b29d61d56cc6bcc0e794857d557 refs/tags/v0.9.18 -^c61e99a36878fc618e29633db0e9652be13f6284 -39cb7ca0a51e7e4bfc400b285141a71ac7b565c7 refs/tags/v0.9.19 -^a47b23204b43d5b823feeb52b0c868b2c96847ca -43dd6489282d965072eb48479af5e8d90ac6ad38 refs/tags/v0.9.2 -^af5703b35756667eb008bdffb22626616bbae020 -73e60038c62b281fd0e4ff5565f35797fed46a1a refs/tags/v0.9.20 -^e29e64ed7d262904d22ce0a708e67cc02115f497 -828fcd80c23df5caf0b7fdbf897ba45a92f3dce7 refs/tags/v0.9.3 -^aeae84bf8babcd7130f71b5941834eeb4fafa61a -31f684d189aec37550e82e4c7cf3ac751a781ade refs/tags/v0.9.4 -^f358a2e8f9269afef85d82549de4945942b39d6c -63540cc06386523c08857cf435ad9c2f6daaef8a refs/tags/v0.9.5 -^c0ad999f37675dd1bbed11d901f34259827bb405 -e7fe15e6ca0cb0f81ec42b5b309ce6f720525193 refs/tags/v0.9.6 -^5325df0135c467d21cf93cd5c5df6af60a87a9e8 -0dda255fe75318707bb20e0078ace6da1f160cd2 refs/tags/v0.9.7 -^138c330da2ace7617af3c6b671fbee049f387fb7 -568ce8f0a850d3d7e00c33247edffe366cff0d51 refs/tags/v0.9.8 -^6903ac23e430b4170b108bb2f631562560c37fe0 -2d5bc52527e46171d2e2a7c4d9c87fa2a4e39fee refs/tags/v0.9.9 -^af8446a0985ba76873c25a6aae5125e47c7a3194 -d27f964d1f45d546419795b058fea60f3f1f21ab refs/tags/v1.0.0 -^613234b866fd08ea2221d183edfd9eb6d8a8bf4d -421d9ff41f699cc344845df9869dccff0ce4ad86 refs/tags/v1.0.1 -^cbe760aa8ad43d3908b7c9408d7f3946747981b1 -e1ec6d2f08937878a985bfa7d4f49e93312dc7e0 refs/tags/v1.0.2 -^6b92cd6b29ddeea5a113b6e5d8d854b6986e3fd1 -7749d54fb000641dfa6c8eebfb8765175f187a13 refs/tags/v1.0.3 -^7b4df729c1c4d86589f8ccadc0bd20ee733416f9 -aaeca4ff01f858cd719ea5b86eef7dcc3ba259ca refs/tags/v1.0.4 -^67443c28b4aff60023ce143475c2d287c264f2f7 -d7e1af79c4d152d16bcacfcd2ca18d58e6b3201b refs/tags/v1.0.5 -^737ea5ce34c8270479811acfacba02112e202625 -0acf1123a044c8afd68112387712abd59e45a2eb refs/tags/v1.0.6 -^1cfb7aeb582789f3b15a03da5b662d1811e2a3f1 -bd4f1b4cf7c58e55298c326184e5ad1a15c3aff0 refs/tags/v1.0.7 -^995688b9cfea4fb01a5b8ad0e110fec0866e501c -5beda43a6b388af5e7c1bcc55384163d97dcf836 refs/tags/v1.0.8 -^d01ffc0c88d9ce736be3dee99b4f9d3fcc07b685 -f792dab070dbdedc3b968483287fa59e6ae48a03 refs/tags/v1.0.9 -^471d299f5d5348dfbba6132779587553c3a709a7 -a08c7835b05e2bd816efb1f8036cb7c9bf59b906 refs/tags/v1.1.0 -^8542e21e17587ee2e928cdfedc1cb82996df7719 -e9d11158cb1b18a0631a94c4e8599c0f8c64adb7 refs/tags/v1.1.1 -^8608faad1e0b25c80b1f9b93439d6fd450db5c15 -cf710155b2666d2456a58a49dac1af4d93b215ce refs/tags/v1.1.10 -^5150993accb5edefa61d71e1c81ad8c02f515428 -2a721794867c76e9ac9e653e76da9503cbc9d60f refs/tags/v1.1.2 -^65cd61e43350c0de0a69103aed1ecf7f2b081ab8 -c130de320738a9ae084ba3d54f033c98e6e82d65 refs/tags/v1.1.3 -^6f768dc4eb2a2cb7798e31c7465af77b94ca2733 -3fdbbcc01249d7a3f0559192debfe09f844aef6e refs/tags/v1.1.4 -^8c2229cce5d4d4574e8fb7b130281497f746f0fa -28618cde22c864eef6ecdba9da636a2f2f611b20 refs/tags/v1.1.5 -^7500b4bd90fc942468f94dd3a12dbcdf9c3199a6 -1706bc84f5b0882dec6f1854d9054be7e3d12ab2 refs/tags/v1.1.6 -^7a35372e30dca2a10c843219597bc4bc481fdda0 -c0a5fb42c214d585a84967b2e172889d9278d325 refs/tags/v1.1.7 -^f62a0838064baf089ad9fe3c8f6f2ffe0775afb2 -1fe006d50fbca7537984fc080dd32906b9cb5455 refs/tags/v1.1.8 -^cb54ed4ac0994e36b92d21a51313af44ecdfdadd -c7447b49ee18232dab330fadf6c2dfb5fa2bbfb2 refs/tags/v1.1.9 -^c0bf381d10de05c135f913921c58272838d5e1ee | ||
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/refs ^ |
| -(directory) | ||
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/refs/heads ^ |
| -(directory) | ||
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/refs/heads/master ^ |
| @@ -1 +0,0 @@ -5150993accb5edefa61d71e1c81ad8c02f515428 | ||
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/refs/remotes ^ |
| -(directory) | ||
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/refs/remotes/origin ^ |
| -(directory) | ||
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/refs/remotes/origin/HEAD ^ |
| @@ -1 +0,0 @@ -ref: refs/remotes/origin/master | ||
| [+] | Deleted | nginx-rtmp-module-1.1.15.tar.gz/.git/refs/tags ^ |
| -(directory) | ||
| [+] | Changed | nginx-rtmp-module-1.2.1.tar.gz/dash/ngx_rtmp_dash_module.c ^ |
| @@ -52,7 +52,7 @@ ngx_str_t playlist_bak; ngx_str_t name; ngx_str_t stream; - ngx_time_t start_time; + time_t start_time; ngx_uint_t nfrags; ngx_uint_t frag; @@ -228,8 +228,8 @@ ngx_rtmp_dash_app_conf_t *dacf; static u_char buffer[NGX_RTMP_DASH_BUFSIZE]; - static u_char start_time[sizeof("1970-09-28T12:00:00+06:00")]; - static u_char end_time[sizeof("1970-09-28T12:00:00+06:00")]; + static u_char start_time[sizeof("1970-09-28T12:00:00Z")]; + static u_char pub_time[sizeof("1970-09-28T12:00:00Z")]; dacf = ngx_rtmp_get_module_app_conf(s, ngx_rtmp_dash_module); ctx = ngx_rtmp_get_module_ctx(s, ngx_rtmp_dash_module); @@ -252,18 +252,16 @@ return NGX_ERROR; } - #define NGX_RTMP_DASH_MANIFEST_HEADER \ "<?xml version=\"1.0\"?>\n" \ "<MPD\n" \ " type=\"dynamic\"\n" \ " xmlns=\"urn:mpeg:dash:schema:mpd:2011\"\n" \ " availabilityStartTime=\"%s\"\n" \ - " availabilityEndTime=\"%s\"\n" \ + " publishTime=\"%s\"\n" \ " minimumUpdatePeriod=\"PT%uiS\"\n" \ " minBufferTime=\"PT%uiS\"\n" \ - " timeShiftBufferDepth=\"PT0H0M0.00S\"\n" \ - " suggestedPresentationDelay=\"PT%uiS\"\n" \ + " timeShiftBufferDepth=\"PT%uiS\"\n" \ " profiles=\"urn:hbbtv:dash:profile:isoff-live:2012," \ "urn:mpeg:dash:profile:isoff-live:2011\"\n" \ " xmlns:xsi=\"http://www.w3.org/2011/XMLSchema-instance\"\n" \ @@ -285,11 +283,9 @@ " width=\"%ui\"\n" \ " height=\"%ui\"\n" \ " frameRate=\"%ui\"\n" \ - " sar=\"1:1\"\n" \ " startWithSAP=\"1\"\n" \ " bandwidth=\"%ui\">\n" \ " <SegmentTemplate\n" \ - " presentationTimeOffset=\"0\"\n" \ " timescale=\"1000\"\n" \ " media=\"%V%s$Time$.m4v\"\n" \ " initialization=\"%V%sinit.m4v\">\n" \ @@ -323,7 +319,6 @@ " startWithSAP=\"1\"\n" \ " bandwidth=\"%ui\">\n" \ " <SegmentTemplate\n" \ - " presentationTimeOffset=\"0\"\n" \ " timescale=\"1000\"\n" \ " media=\"%V%s$Time$.m4a\"\n" \ " initialization=\"%V%sinit.m4a\">\n" \ @@ -341,38 +336,33 @@ " </Period>\n" \ "</MPD>\n" - ngx_libc_localtime(ctx->start_time.sec + - ngx_rtmp_dash_get_frag(s, 0)->timestamp / 1000, &tm); + ngx_libc_gmtime(ctx->start_time, &tm); - *ngx_sprintf(start_time, "%4d-%02d-%02dT%02d:%02d:%02d%c%02d:%02d", - tm.tm_year + 1900, tm.tm_mon + 1, - tm.tm_mday, tm.tm_hour, - tm.tm_min, tm.tm_sec, - ctx->start_time.gmtoff < 0 ? '-' : '+', - ngx_abs(ctx->start_time.gmtoff / 60), - ngx_abs(ctx->start_time.gmtoff % 60)) = 0; - - ngx_libc_localtime(ctx->start_time.sec + - (ngx_rtmp_dash_get_frag(s, ctx->nfrags - 1)->timestamp + - ngx_rtmp_dash_get_frag(s, ctx->nfrags - 1)->duration) / - 1000, &tm); - - *ngx_sprintf(end_time, "%4d-%02d-%02dT%02d:%02d:%02d%c%02d:%02d", - tm.tm_year + 1900, tm.tm_mon + 1, - tm.tm_mday, tm.tm_hour, - tm.tm_min, tm.tm_sec, - ctx->start_time.gmtoff < 0 ? '-' : '+', - ngx_abs(ctx->start_time.gmtoff / 60), - ngx_abs(ctx->start_time.gmtoff % 60)) = 0; + ngx_sprintf(start_time, "%4d-%02d-%02dT%02d:%02d:%02dZ%Z", + tm.tm_year + 1900, tm.tm_mon + 1, + tm.tm_mday, tm.tm_hour, + tm.tm_min, tm.tm_sec); + + ngx_libc_gmtime(ngx_time(), &tm); + + ngx_sprintf(pub_time, "%4d-%02d-%02dT%02d:%02d:%02dZ%Z", + tm.tm_year + 1900, tm.tm_mon + 1, + tm.tm_mday, tm.tm_hour, + tm.tm_min, tm.tm_sec); last = buffer + sizeof(buffer); p = ngx_slprintf(buffer, last, NGX_RTMP_DASH_MANIFEST_HEADER, start_time, - end_time, + pub_time, (ngx_uint_t) (dacf->fraglen / 1000), (ngx_uint_t) (dacf->fraglen / 1000), - (ngx_uint_t) (dacf->fraglen / 500)); + (ngx_uint_t) (dacf->fraglen / 250 + 1)); + + /* + * timeShiftBufferDepth formula: + * 2 * minBufferTime + max_fragment_length + 1 + */ n = ngx_write_fd(fd, buffer, p - buffer); @@ -952,7 +942,7 @@ "dash: playlist='%V' playlist_bak='%V' stream_pattern='%V'", &ctx->playlist, &ctx->playlist_bak, &ctx->stream); - ctx->start_time = *ngx_cached_time; + ctx->start_time = ngx_time(); if (ngx_rtmp_dash_ensure_directory(s) != NGX_OK) { return NGX_ERROR; @@ -1008,6 +998,11 @@ f->duration = timestamp - f->timestamp; hit = (f->duration >= dacf->fraglen); + /* keep fragment lengths within 2x factor for dash.js */ + if (f->duration >= dacf->fraglen * 2) { + boundary = 1; + } + } else { /* sometimes clients generate slightly unordered frames */ | ||
| [+] | Changed | nginx-rtmp-module-1.2.1.tar.gz/hls/ngx_rtmp_hls_module.c ^ |
| @@ -1951,6 +1951,7 @@ ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, "hls: error appending AUD NAL"); } + /* fall through */ case 9: aud_sent = 1; break; | ||
| [+] | Changed | nginx-rtmp-module-1.2.1.tar.gz/ngx_rtmp.h ^ |
| @@ -135,6 +135,8 @@ #define NGX_RTMP_MSG_AGGREGATE 22 #define NGX_RTMP_MSG_MAX 22 +#define NGX_RTMP_MAX_CHUNK_SIZE 10485760 + #define NGX_RTMP_CONNECT NGX_RTMP_MSG_MAX + 1 #define NGX_RTMP_DISCONNECT NGX_RTMP_MSG_MAX + 2 #define NGX_RTMP_HANDSHAKE_DONE NGX_RTMP_MSG_MAX + 3 | ||
| [+] | Changed | nginx-rtmp-module-1.2.1.tar.gz/ngx_rtmp_access_module.c ^ |
| @@ -410,8 +410,8 @@ break; } - /* "all" passes through */ #endif + /* fall through */ default: /* AF_INET */ | ||
| [+] | Changed | nginx-rtmp-module-1.2.1.tar.gz/ngx_rtmp_amf.c ^ |
| @@ -331,6 +331,7 @@ if (elts->type & NGX_RTMP_AMF_OPTIONAL) { return NGX_OK; } + /* fall through */ case NGX_ERROR: return NGX_ERROR; } @@ -398,6 +399,7 @@ if (ngx_rtmp_amf_get(ctx, &max_index, 4) != NGX_OK) { return NGX_ERROR; } + /* fall through */ case NGX_RTMP_AMF_OBJECT: if (ngx_rtmp_amf_read_object(ctx, data, @@ -592,6 +594,7 @@ if (ngx_rtmp_amf_put(ctx, &max_index, 4) != NGX_OK) { return NGX_ERROR; } + /* fall through */ case NGX_RTMP_AMF_OBJECT: type8 = NGX_RTMP_AMF_END; | ||
| [+] | Changed | nginx-rtmp-module-1.2.1.tar.gz/ngx_rtmp_eval.c ^ |
| @@ -154,6 +154,7 @@ name.len = p - name.data; ngx_rtmp_eval_append_var(ctx, &b, e, &name, log); + /* fall through */ case NORMAL: switch (c) { | ||
| [+] | Changed | nginx-rtmp-module-1.2.1.tar.gz/ngx_rtmp_handler.c ^ |
| @@ -821,6 +821,12 @@ ngx_log_debug1(NGX_LOG_DEBUG_RTMP, s->connection->log, 0, "setting chunk_size=%ui", size); + if (size > NGX_RTMP_MAX_CHUNK_SIZE) { + ngx_log_error(NGX_LOG_ALERT, s->connection->log, 0, + "too big RTMP chunk size:%ui", size); + return NGX_ERROR; + } + cscf = ngx_rtmp_get_module_srv_conf(s, ngx_rtmp_core_module); s->in_old_pool = s->in_pool; | ||
| [+] | Changed | nginx-rtmp-module-1.2.1.tar.gz/ngx_rtmp_handshake.c ^ |
| @@ -104,30 +104,37 @@ ngx_rtmp_make_digest(ngx_str_t *key, ngx_buf_t *src, u_char *skip, u_char *dst, ngx_log_t *log) { - static HMAC_CTX hmac; - static unsigned hmac_initialized; + static HMAC_CTX *hmac; unsigned int len; - if (!hmac_initialized) { - HMAC_CTX_init(&hmac); - hmac_initialized = 1; + if (hmac == NULL) { +#if OPENSSL_VERSION_NUMBER < 0x10100000L + static HMAC_CTX shmac; + hmac = &shmac; + HMAC_CTX_init(hmac); +#else + hmac = HMAC_CTX_new(); + if (hmac == NULL) { + return NGX_ERROR; + } +#endif } - HMAC_Init_ex(&hmac, key->data, key->len, EVP_sha256(), NULL); + HMAC_Init_ex(hmac, key->data, key->len, EVP_sha256(), NULL); if (skip && src->pos <= skip && skip <= src->last) { if (skip != src->pos) { - HMAC_Update(&hmac, src->pos, skip - src->pos); + HMAC_Update(hmac, src->pos, skip - src->pos); } if (src->last != skip + NGX_RTMP_HANDSHAKE_KEYLEN) { - HMAC_Update(&hmac, skip + NGX_RTMP_HANDSHAKE_KEYLEN, + HMAC_Update(hmac, skip + NGX_RTMP_HANDSHAKE_KEYLEN, src->last - skip - NGX_RTMP_HANDSHAKE_KEYLEN); } } else { - HMAC_Update(&hmac, src->pos, src->last - src->pos); + HMAC_Update(hmac, src->pos, src->last - src->pos); } - HMAC_Final(&hmac, dst, &len); + HMAC_Final(hmac, dst, &len); return NGX_OK; } | ||
| [+] | Changed | nginx-rtmp-module-1.2.1.tar.gz/ngx_rtmp_init.c ^ |
| @@ -79,6 +79,7 @@ case AF_UNIX: unix_socket = 1; + /* fall through */ default: /* AF_INET */ sin = (struct sockaddr_in *) sa; @@ -110,6 +111,7 @@ case AF_UNIX: unix_socket = 1; + /* fall through */ default: /* AF_INET */ addr = port->addrs; | ||
| [+] | Changed | nginx-rtmp-module-1.2.1.tar.gz/ngx_rtmp_notify_module.c ^ |
| @@ -892,6 +892,7 @@ n = 0; state = parse_name; + /* fall through */ case parse_name: switch (c) { @@ -919,6 +920,7 @@ break; } state = parse_value; + /* fall through */ case parse_value: if (c == '\n') { | ||
| Added | ngx_http_substitutions_filter_module-master.zip ^ | |
| Deleted | ngx_pagespeed-1.12.34.2-stable.zip ^ | |
| Added | ngx_pagespeed-1.13.35.2-stable.zip ^ | |
| Deleted | ngx_pagespeed-latest-testing.zip ^ | |
| Deleted | openssl-1.1.0c.tar.gz ^ | |
| Deleted | openssl-1.1.0e.tar.gz ^ | |
| Added | openssl-1.1.0h.tar.gz ^ | |
| Deleted | release-1.11.33.2-beta.zip ^ | |
| Deleted | v1.10.33.6-beta.zip ^ | |