Commit Graph

2794 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa eb951c2ce4 src: Define nghttp2_inet_pton wrapper to avoid inet_pton macro 2018-02-12 16:22:47 +09:00
Tatsuhiro Tsujikawa 39f0ce7c25
Merge pull request #1126 from nghttp2/nghttpx-expired-client-cert
nghttpx: Add an option to accept expired client certificate
2018-02-10 16:00:43 +09:00
Tatsuhiro Tsujikawa e8af7afc65 nghttpx: Add an option to accept expired client certificate 2018-02-08 16:51:23 +09:00
Tatsuhiro Tsujikawa 38abfd1863 nghttpx: Add mruby tls_client_not_before, and tls_client_not_after 2018-02-08 16:25:31 +09:00
Tatsuhiro Tsujikawa ff3edc09ed nghttpx: Fix potential memory leak 2018-02-03 18:21:42 +09:00
Tatsuhiro Tsujikawa c1a496cf4e nghttpx: Fix bug that h1 backend idle timeout expires sooner 2018-02-02 21:09:04 +09:00
Tatsuhiro Tsujikawa e098a21132 mruby: Fix bug that response header is unexpectedly overwritten
The bug is the same bug fixed by
6deee2037d, but in response handler.
2018-01-28 19:41:45 +09:00
Dylan Plecki 6deee2037d Fix #1119: Stop overwrite of first header on mruby call to env.req.set_header(..) 2018-01-26 18:49:08 -08:00
Tatsuhiro Tsujikawa 5cc3d159e1 nghttpx: Add upgrade-scheme parameter to backend option
If "upgrade-scheme" parameter is present in backend option along with
"tls" paramter, HTTP/2 :scheme pseudo header field is changed to
"https" from "http" when forwarding a request to this particular
backend.  This is a workaround for a server which requests "https"
scheme on HTTP/2 connection encrypted by TLS.
2018-01-08 18:08:01 +09:00
Tatsuhiro Tsujikawa 0fbb46edd6
Merge pull request #1101 from nghttp2/remember-pushed-links
nghttpx: Remember which resource is pushed
2018-01-04 23:15:35 +09:00
Tatsuhiro Tsujikawa 74754982f1 nghttpx: Fix missing ALPN validation (--npn-list)
This commit fixes the bug that ALPN validation does not occur when
ALPN list is not sent from client.
2018-01-04 22:43:47 +09:00
Tatsuhiro Tsujikawa a31a2e3b2c nghttpx: Remember which resource is pushed
Remember which resource is pushed in order to conform to the semantics
described in RFC 8297.
2018-01-04 22:35:22 +09:00
Tatsuhiro Tsujikawa cfd926f09b src: Define 103 status code 2017-12-20 19:30:55 +09:00
Tatsuhiro Tsujikawa 4d1139f653 Remove SPDY 2017-12-17 13:28:44 +09:00
Tatsuhiro Tsujikawa 48f574076c nghttpx: Update doc 2017-12-16 00:13:27 +09:00
Tatsuhiro Tsujikawa 216f4dad83 nghttpx: Remove redundant check 2017-12-14 21:39:22 +09:00
Tatsuhiro Tsujikawa a4e27d766b Revert "nghttpx: Use an existing h2 backend connection as much as possible"
This reverts commit f507b5eee4.

Balancing load is more important at the moment.
2017-12-14 21:34:04 +09:00
Tatsuhiro Tsujikawa 03f7ec0f60 nghttpx: Write API request body in temporary file 2017-12-03 16:19:57 +09:00
Tatsuhiro Tsujikawa 2056e812bd nghttpx: Increase api-max-request-body 2017-12-02 13:49:42 +09:00
Tatsuhiro Tsujikawa 04348ff20e
Merge pull request #1081 from nghttp2/nghttpx-faster-parse-config
nghttpx: Faster configuration loading with lots of backends
2017-12-01 23:47:34 +09:00
Tatsuhiro Tsujikawa 1ebb6810a1 nghttpx: Faster configuration loading with lots of backends 2017-12-01 23:06:06 +09:00
Tatsuhiro Tsujikawa a3ebeeafba nghttpx: Fix crash with --backend-http-proxy-uri option 2017-12-01 22:28:16 +09:00
Tatsuhiro Tsujikawa ff200bfcf3 clang-format-5.0 2017-11-23 14:19:12 +09:00
Tatsuhiro Tsujikawa 0028275d7b nghttpx: Add affinity-cookie-secure parameter to backend option 2017-11-21 22:29:22 +09:00
Tatsuhiro Tsujikawa 194acb1f2c src: Use nghttp2_error_callback2 2017-11-19 16:51:52 +09:00
Tatsuhiro Tsujikawa 73344ae9aa nghttpx: Use plain hex string format for client serial 2017-11-17 00:04:23 +09:00
Tatsuhiro Tsujikawa eca0a3025b nghttpx: Add $tls_client_serial log variable 2017-11-16 22:53:54 +09:00
Tatsuhiro Tsujikawa 4720c5cb3d nghttpx: Make client serial available in mruby script 2017-11-16 22:53:54 +09:00
Tatsuhiro Tsujikawa cd55ab28ab nghttpx: Add function to get serial number from certificate 2017-11-16 22:53:54 +09:00
Tatsuhiro Tsujikawa 22502182d0 Add tls_client_issuer_name log variable and expose it to mruby 2017-11-15 23:41:47 +09:00
Tatsuhiro Tsujikawa f5ddd7f43b nghttpx: Make initial_addr_idx_ unsigned 2017-11-04 17:30:56 +09:00
Tatsuhiro Tsujikawa 88abbce7e7 nghttpx: Fix compile error with gcc 2017-11-04 17:30:27 +09:00
Tatsuhiro Tsujikawa 16e9036568 nghttpx: Fix affinity retry 2017-11-04 17:13:45 +09:00
Tatsuhiro Tsujikawa fa7945c627 nghttpx: Refactor 2017-11-04 15:55:25 +09:00
Tatsuhiro Tsujikawa daca43f0dd nghttpx: Fix stalled backend connection on retry 2017-11-04 15:46:08 +09:00
Tatsuhiro Tsujikawa 16bc11e670 nghttpx: Remove duplicated util::make_socket_nodelay 2017-11-04 13:00:17 +09:00
Tatsuhiro Tsujikawa 8c0ea56bb8
Merge pull request #1036 from nghttp2/nghttpx-affinity-cookie
nghttpx: Cookie based session affinity
2017-11-01 22:45:38 +09:00
Tatsuhiro Tsujikawa 549053710b nghttpx: Refactor 2017-11-01 22:33:49 +09:00
Tatsuhiro Tsujikawa be5c39a1cf src: Add tests 2017-11-01 22:18:03 +09:00
Tatsuhiro Tsujikawa b8fda6808b nghttpx: Cookie based session affinity 2017-11-01 22:18:03 +09:00
Tatsuhiro Tsujikawa 539e27812b nghttpx: Add tls_client_fingerprint_sha1 to mruby and accesslog
Also tls_client_fingerprint is renamed to
tls_client_fingerprint_sha256.
2017-10-31 21:41:40 +09:00
Tatsuhiro Tsujikawa 7008afd40e nghttpx: Refactor get_x509_fingerprint to accept hash function 2017-10-31 21:28:16 +09:00
Tatsuhiro Tsujikawa 60baca27e4 nghttpx: Add more TLS related attributes to mruby Env object
The added attributes are:

* tls_cipher
* tls_protocol
* tls_session_id
* tls_session_reused
* alpn
2017-10-29 22:42:30 +09:00
Tatsuhiro Tsujikawa cb376bcd80 nghttpx: Add client fingerprint and subject name to accesslog 2017-10-29 21:47:00 +09:00
Tatsuhiro Tsujikawa f2b8edd1e2 nghttpx: Fix memory leak 2017-10-29 21:46:12 +09:00
Tatsuhiro Tsujikawa c4f8afcfde nghttpx: Get TLS info only when it is necessary when writing accesslog 2017-10-29 21:22:33 +09:00
Tatsuhiro Tsujikawa 9f80a82c1a nghttpx: Add client fingerprint and subject name to mruby env 2017-10-29 19:54:42 +09:00
Tatsuhiro Tsujikawa c573c80bd3 nghttpx: Pass a pointer to SSL instead of TLSSessionInfo to LogSpec 2017-10-29 19:47:39 +09:00
Tatsuhiro Tsujikawa 3cd6817e21 Fix typos 2017-10-29 16:54:21 +09:00
Tatsuhiro Tsujikawa aaeeec8f1c Fix typos 2017-10-28 22:25:42 +09:00
Tatsuhiro Tsujikawa 5119e82b93 src: Fix memory leak in unit test 2017-10-24 21:40:30 +09:00
Tatsuhiro Tsujikawa 3be5856c82 nghttpx: Fix unused function warnings 2017-10-24 21:40:30 +09:00
Tatsuhiro Tsujikawa a319143901 nghttpx: Fix bug that header fields are missing in HTTP/1.0 response 2017-10-22 01:11:32 +09:00
Tatsuhiro Tsujikawa f507b5eee4 nghttpx: Use an existing h2 backend connection as much as possible
h2load measurement reveals that this strategy is 3 times faster than
the previous implementations.
2017-10-19 21:15:08 +09:00
Tatsuhiro Tsujikawa aaa0b858e4 Amend some macro comments 2017-10-14 11:50:16 +09:00
Tatsuhiro Tsujikawa 5fa1938691 clang-format 2017-10-14 11:45:41 +09:00
Daniel Evers c2d9a1ed6f Support for Windows / MinGW 2017-10-12 18:15:12 +02:00
Tatsuhiro Tsujikawa 8ffe389daa h2load: Print out h2 header fields with --verbose option 2017-09-22 18:12:20 +09:00
Tatsuhiro Tsujikawa 2576855ded nghttpx: Send non-final response to HTTP/1.1 or HTTP/2 client only 2017-09-21 21:42:56 +09:00
Tatsuhiro Tsujikawa cc6f759190 src: Add static to constexpr char[] 2017-09-20 23:54:10 +09:00
Tatsuhiro Tsujikawa 323001238a clang-format 2017-09-20 22:08:22 +09:00
Tatsuhiro Tsujikawa 91f062f873 src: Fix compile error 2017-09-20 22:08:08 +09:00
Tatsuhiro Tsujikawa a170023f23 nghttpx: Verify OCSP response using trusted CA certificates 2017-09-01 21:35:38 +09:00
Tatsuhiro Tsujikawa 4be4c0cddc Revert "nghttpx: Verify OCSP response using trusted CA certificates"
This reverts commit 59c78d5809.
2017-08-30 22:27:02 +09:00
Rick Lei 5996798a34 Fix OCSP related error when building with BoringSSL
BoringSSL has no "openssl/ocsp.h" nor most OCSP related APIs used in
shrpx_tls.cc. This commit add ifdefs to disable related code to allow
building nghttp2 with BoringSSL (again).

It's possible to use !defined(OPENSSL_IS_BORINGSSL), but since BoringSSL
defines OPENSSL_NO_OCSP which is more specific, I chose to go with the
latter one.
2017-08-24 11:56:46 -04:00
Tatsuhiro Tsujikawa 6fec532012 Merge pull request #998 from nghttp2/h2load-fix-timing-script-stall
Fix bug that timing script stalls with -m1
2017-08-24 21:17:43 +09:00
Tatsuhiro Tsujikawa 15713e0b7c h2load: Ignore -n for timing-based mode instead of requiring -n=0 2017-08-23 20:35:01 +09:00
Tatsuhiro Tsujikawa a6a561af47 Fix bug that timing script stalls with -m1 2017-08-23 20:10:23 +09:00
Tatsuhiro Tsujikawa bcda1c2409 Fix assertion failure 2017-08-23 19:22:23 +09:00
Tatsuhiro Tsujikawa afcd8d9ab1 clang-format 2017-08-23 19:19:00 +09:00
Tatsuhiro Tsujikawa c9b1c91944 Fix compile error 2017-08-23 19:18:27 +09:00
Tatsuhiro Tsujikawa 5d9434eb09 Merge branch 'master' of https://github.com/sohamm17/nghttp2 into sohamm17-master 2017-08-23 19:16:40 +09:00
Tatsuhiro Tsujikawa 1a44b5d52a Merge pull request #984 from nghttp2/h2load-reservoir-sampling
h2load: Reservoir sampling
2017-08-23 19:00:28 +09:00
Dmitriy Vetutnev af926fbe1f Refactoring include directories for build as CMake subdirectory (add_subdirectory(nghttp2)) 2017-08-16 21:28:12 +03:00
Tatsuhiro Tsujikawa 83039ae2d4 h2load: Reservoir sampling 2017-08-14 20:25:02 +09:00
Tatsuhiro Tsujikawa 4d76606fa2 Fix bug that forwarded for is not affected by proxy protocol 2017-08-09 22:44:14 +09:00
Soham Sinha 1baf7d34b3 Duration watcher and warmup watcher is initialised in Worker constructor. Statistic calculation is removed from duration watcher call_back, it's done in free_client. 2017-08-08 17:26:37 -04:00
Soham Sinha c78159469a Added a function to free a client from Worker's list of client, if the client is destroyed 2017-08-07 18:58:12 -04:00
Soham Sinha b72ca0289c formatting issue 2017-08-04 14:20:00 -04:00
Soham Sinha 46f670f8a2 concurrent connections are created in timing-based mode. Some safety asserts added. 2017-08-03 16:15:14 -04:00
Soham Sinha 4b44362b9f minor style changes 2017-08-01 20:22:20 -04:00
Soham Sinha d068a29798 removed unnecessary code 2017-08-01 19:51:47 -04:00
Soham Sinha 0836a51408 Handling requests starting in warm-up phase and ending in MAIN_DURATION 2017-08-01 18:29:00 -04:00
Soham Sinha 566cee8fe7 MAIN_DURATION is initiliazed in Worker constructor, MAIN_DURATION check is removed from two functions because those functions are needed in warm-up phase as well. 2017-08-01 17:45:52 -04:00
Soham Sinha e85698e131 MAIN_DURATION is initiliazed in Worker constructor, MAIN_DURATION check is removed from two functions because those functions are needed in warm-up phase as well. 2017-08-01 17:45:18 -04:00
Soham Sinha 5f3c541c4c enabled --duration option. 2017-07-28 17:31:13 -04:00
Soham Sinha 3c43e00d8a Timing (#1)
* Adding timing-sensitive load test option in h2load.

* more checks added for parameters

* A worker thread can control its clients' warmup and main duration.

* Changed warmup to an enum variable.

* removed unnecessary call to ev_timer_stop

* assertion is done before starting main measurement phase

* phase variable is implemented only inside the Worker class

* enum to enum class

* else indentation corrected

* check added for timing-based test when duration CB is called explicitly

* New argument is introduced for timing-based benchmarking.

* styling corrections

* duration watcher initialization is pushed back into warmup timeout

* Warmup and Duration timer is moved to Worker instead of clients. Now both timers and phase belongs to the Workers.

* some client functions are modified to return if it's not main_duration phase. client is not destructed but sessions are terminated

* outputs are adjusted for thread.

* Needed to check if a session exist before terminating

* formatting

* more formatting

* formatting
2017-07-28 17:08:20 -04:00
Tatsuhiro Tsujikawa 1002c6da1c src: Use llround instead of round 2017-07-12 23:23:47 +09:00
Tatsuhiro Tsujikawa 18dd20ce55 nghttp: Fix bug that upgrade fails if reason-phrase is missing 2017-06-28 01:01:39 +09:00
Tatsuhiro Tsujikawa a18d154e0e Merge pull request #943 from nghttp2/nghttpx-verify-ocsp-resp-with-cacerts
nghttpx: Verify OCSP response using trusted CA certificates
2017-06-15 20:56:44 +09:00
Tatsuhiro Tsujikawa 59c78d5809 nghttpx: Verify OCSP response using trusted CA certificates 2017-06-13 23:00:26 +09:00
Tatsuhiro Tsujikawa be164fc8f9 nghttpx: Set default minimum TLS version to TLSv1.2
Previously, the default minimum TLS version was TLSv1.1, but the
default cipher list didn't include any compatible ciphers with it.
This made handshake fail if TLSv1.1 was negotiated because there was
no shared ciphers.  To make the default settings consistent, the
default minimum TLS version is now TLSv1.2.
2017-06-12 23:54:12 +09:00
Tatsuhiro Tsujikawa 6ec7683991 nghttpx: Use nocopy version to send trailer headers to backend
It looks like we can use nocopy version here.  We use nocopy version
in frontend in day 1.
2017-06-02 22:38:39 +09:00
Tatsuhiro Tsujikawa 8f7fa1b1bf nghttpx: Fix crash in OCSP response verification 2017-05-30 23:52:38 +09:00
Tatsuhiro Tsujikawa db7483ef10 Merge branch 'nghttpx-verify-ocsp' 2017-05-25 23:37:34 +09:00
Tatsuhiro Tsujikawa 74c2f1257a nghttpx: Add --no-verify-ocsp to disable OCSP response verification 2017-05-25 23:14:58 +09:00
Tatsuhiro Tsujikawa 1428a5e3ae nghttpx: Verify OCSP response
At least we should make sure that the OCSP response is targeted to the
expected certificate.  This is important because we pass the file path
to the external script, and if the file is replaced because of
renewal, and nghttpx has not reloaded its configuration, the
certificate nghttpx has loaded and the one included in the file
differ.  Verifying the OCSP response detects this, and avoids to send
wrong OCSP response.
2017-05-25 23:14:57 +09:00
Tatsuhiro Tsujikawa c57bf21306 src: memchunks: Don't use std::unique_ptr to avoid potential SO 2017-05-25 00:23:51 +09:00
Tatsuhiro Tsujikawa 8401e16a15 nghttpx: Fix compile error with gcc 2017-05-22 22:10:55 +09:00
Tatsuhiro Tsujikawa 07fb5854f3 nghttpx: Compile with openssl 1.0.2 2017-05-22 22:09:34 +09:00