Commit Graph

81 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa 7add262721 nghttpx: Detect TLS renegotiation after SSL_read and SSL_write 2015-01-09 00:49:27 +09:00
Tatsuhiro Tsujikawa 4a218f1b79 nghttpx: Clear OpenSSL error and handle limit change in read_tls 2015-01-09 00:08:34 +09:00
Tatsuhiro Tsujikawa 419c03daa2 nghttpx: Fix TLS write error
SSL_write requires the same arguments (buf pointer and its length) on
SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE.  get_write_limit() may
return smaller length than previously passed to SSL_write, which
violates OpenSSL assumption.  To avoid this, we keep last legnth
passed to SSL_write to tls_last_writelen_ if SSL_write indicated I/O
blocking.
2015-01-08 23:03:56 +09:00
Tatsuhiro Tsujikawa 5473e870eb nghttpx: Use smaller buffer for reading 2015-01-08 21:28:52 +09:00
Tatsuhiro Tsujikawa 40e8eaf5fd nghttpx: Fix uninitialized pointer member 2015-01-07 00:25:42 +09:00
Tatsuhiro Tsujikawa e8107b68c8 nghttpx: Avoid std::chrono::high_resolution_clock as wall clock
This is because std::chrono::high_resolution_clock may not be wall
clock; it may be alias of std::chrono::stead_clock.
2015-01-06 23:10:11 +09:00
Tatsuhiro Tsujikawa d1391f1db7 nghttpx: Process buffered data first without reading additional data 2015-01-06 22:48:17 +09:00
Tatsuhiro Tsujikawa a6cf6c00ea nghttpx: Add SSL_read/write error logging 2015-01-06 22:02:24 +09:00
Tatsuhiro Tsujikawa 645897503d nghttpx: Reset buffer on empty 2015-01-03 00:19:41 +09:00
Tatsuhiro Tsujikawa bfac015d61 src: Use libev for rest of the applications 2015-01-03 00:19:41 +09:00
Tatsuhiro Tsujikawa d695d2ccc0 nghttp, nghttpx, nghttpd, h2load: Support h2-16 in NPN/ALPN
The nghttp2 library itself is still h2-14.  To experiment with the
implementations to require h2-16 to test new features (e.g.,
prioritization), nghttp, nghttpx, nghttpd and h2load now support h2-16
as well as h2-14.  Cleartext HTTP Upgrade is still limited to h2-14
however.
2014-12-16 22:57:58 +09:00
Tatsuhiro Tsujikawa b607a22076 nghttpx: Support multiple HTTP/1 backend address
For HTTP/1 backend, -b option can be used several times to specify
multiple backend address.  HTTP/2 backend does not support multiple
addresses and only uses first address even if multiple addresses are
specified.
2014-12-06 19:30:27 +09:00
Tatsuhiro Tsujikawa b1f807abd1 Reformat lines with clang-format-3.5 2014-11-27 23:56:30 +09:00
Tatsuhiro Tsujikawa 9bba616426 nghttpx: Add $alpn variable to accesslog formatting
$alpn is a variable which represents ALPN identifier of the protocol
which generates the response.
2014-11-24 15:24:09 +09:00
Tatsuhiro Tsujikawa 1fe50f272b nghttpx: Add $pid to --accesslog-format variable
$pid refers to the PID of the running process.
2014-11-24 14:34:43 +09:00
Lucas Pardue 9cf1a0c77c Add features to logging, client and server port,
time_iso8601 and request_time.
2014-11-23 20:37:51 +00:00
Tatsuhiro Tsujikawa 27609327ee nghttpx: Fix heap-after-free crash in https upstream
Add Upstream::on_handler_delete() hook to safely write log for
HttpsUpstream.
2014-11-19 01:59:09 +09:00
Tatsuhiro Tsujikawa 958cd0de64 nghttpx: Add configurable access logging format
This commit adds functionality to customize access logging format in
nghttpx.  The format variables are inspired by nginx.  The default
format is combined format.
2014-11-19 01:29:55 +09:00
Tatsuhiro Tsujikawa d98e9a63d0 src: Refactor code around ALPN setup 2014-11-14 23:14:39 +09:00
Tatsuhiro Tsujikawa f8c70993c0 nghttpx: Adjust TLS record size dynamically
Use the same behaviour the current Google server does: start with 1300
TLS record size and after transmitting 1MiB, change record size to
16384.  After 1 second idle time, reset to 1300.  Only applies to
HTTP/2 and SPDY upstream connections.
2014-11-06 02:36:53 +09:00
Tatsuhiro Tsujikawa 20900b133e nghttpx: Fix heap-use-after-free in ClientHandler object
This bug was found by scan-build
2014-10-30 21:47:38 +09:00
Tatsuhiro Tsujikawa 20de432725 nghttpx: Pool http downstream connection per thread 2014-10-13 21:09:00 +09:00
Tatsuhiro Tsujikawa 446f8f13aa src: Move libevent related helper functions to libevent_util 2014-09-24 00:45:40 +09:00
Tatsuhiro Tsujikawa 83309b6391 nghttpx: Reduce epoll_ctl call 2014-09-18 23:56:01 +09:00
Tatsuhiro Tsujikawa b305495a75 nghttpx: Reset both timeouts when either read or write succeeds
Previously read and write timeouts work independently.  When we are
writing response to the client, read timeout still ticks (e.g., HTTP/2
or tunneled HTTPS connection).  So read timeout may occur during long
download.  This commit fixes this issue.  This commit only fixes the
upstream part.  We need similar fix for the downstream.
2014-09-18 23:03:36 +09:00
Tatsuhiro Tsujikawa c7e9fe8154 nghttpx: Implement connection blocker for HTTP/1 backend 2014-08-19 23:36:04 +09:00
Tatsuhiro Tsujikawa fb62a5ed4f nghttpx: Use pointer for worker_config 2014-08-19 22:29:44 +09:00
Tatsuhiro Tsujikawa a5dfe24e49 nghttpx: Use std::unique_ptr for DownstreamConnection 2014-08-19 00:20:57 +09:00
Tatsuhiro Tsujikawa 5d2390deba nghttpx: Bring per-connection rate limit back
--read-burst=0 still does not work.  But specifying n > 0 workarounds
this.
2014-08-17 16:17:10 +09:00
Tatsuhiro Tsujikawa bf13d91264 nghttpx: Add hot deploy feature
nghttpx supports hot deploy feature using signals.  The host deploy in
nghttpx is multi step process.  First send USR2 signal to nghttpx
process.  It will do fork and execute new executable, using same
command-line arguments and environment variables.  At this point, both
current and new processes can accept requests.  To gracefully shutdown
current process, send QUIT signal to current nghttpx process.  When
all existing frontend connections are done, the current process will
exit.  At this point, only new nghttpx process exists and serves
incoming requests.
2014-08-13 00:43:54 +09:00
Tatsuhiro Tsujikawa 0ce848a611 nghttpx: Rewrite logging system
This change rewrites logging system of nghttpx.  Previously access log
and error log are written to stderr or syslog and there was no option
to change stderr to something else.  With this change, file path of
access log and error log can be configured separately and logging to
regular file is now added.  To support rotating log, if SIGUSR1 signal
is received by nghttpx, it closes the current log files and reopen it
with the same name.  The format of access log is changed and has same
look of apache's.  But not all columns are not supported yet.
2014-07-05 18:43:24 +09:00
Tatsuhiro Tsujikawa 479e15469c nghttpx: Add worker-frontend-connections option 2014-06-26 22:55:22 +09:00
Tatsuhiro Tsujikawa 266a15ccd3 nghttpx: Remove per-connection rate limit
It looks like setting read-rate and read-burst to 0 makes busy loop.
It seems a bug.  On the other hand, we most likely want per-thread
rate limit rather than per-connection.  So we decided to drop them.
2014-06-19 23:19:14 +09:00
Tatsuhiro Tsujikawa 4ab594b144 nghttpx: Fix connection preface is not read by upstream_http2_connhd_readcb
It seems that if readcb is not set before SSL/TLS handshake, the
incoming data already available when eventcb (BEV_EVENT_CONNECTED
event) is fired is not further notified after setting new readcb.  We
knew this fact and call upstream->on_read() in eventcb, but it is
wrong for HTTP/2.  We have to call upstream_http2_connhd_readcb to
check connection preface.  Otherwise, we consume it by nghttp2 session
and it is treated as unknown frame and connection preface is not
detected properly.
2014-06-19 22:43:54 +09:00
Tatsuhiro Tsujikawa 25b58d5e22 nghttpx: Code cleanup 2014-06-12 23:37:33 +09:00
Tatsuhiro Tsujikawa 21c4931197 nghttpx: Get rid of openssl filter
Libevent Openssl filter is very inconvenient in various respect.  The
most annoying thing is it somehow emits data when SSL_shutdown is
called.  The reason we introduced this filter solution is drop
connection if TLS renegotiation is detected.  This commit implements
renegotiation detection and drop connection without filtering.
2014-06-11 01:16:49 +09:00
Tatsuhiro Tsujikawa 492b42e6e9 nghttpx: Drop connection if HTTP/2 security level is not satisfied on frontend 2014-06-11 00:07:51 +09:00
Tatsuhiro Tsujikawa 0fd5b2aa32 nghttpx: Use std::vector for tls_proto_list and npn_list
Now SSL/TLS option mask to disable particular SSL/TLS protocol
versions are pre-calculated and stored in Config.
2014-06-08 23:09:44 +09:00
Tatsuhiro Tsujikawa 3b7c733246 nghttpx: Fix typo 2014-06-01 02:32:15 +09:00
Tatsuhiro Tsujikawa 7e5567341f nghttpx: Set timeout to underlying bufferevent
Setting write timeout to filter bufferevent does not work as intended.
It timeouts even when there is no data to write.
2014-06-01 02:25:23 +09:00
Tatsuhiro Tsujikawa 75bfbc94dd nghttpx: Require TLSv1.2 or TLSv1.1 for NPN as well 2014-04-26 22:51:39 +09:00
Tatsuhiro Tsujikawa 34581d830d Define NGHTTP2_CLEARTEXT_PROTO_VERSION_ID
This identifier string is used if HTTP/2 is used over cleartext TCP.
2014-03-30 21:30:47 +09:00
Tatsuhiro Tsujikawa 60a2c260a5 Define NGHTTP2_CLIENT_CONNECTION_PREFACE macro
NGHTTP2_CLIENT_CONNECTION_PREFACE has the same content with
NGHTTP2_CLIENT_CONNECTION_HEADER, which is now obsoleted by
NGHTTP2_CLIENT_CONNECTION_PREFACE.
2014-03-30 21:02:25 +09:00
Tatsuhiro Tsujikawa ab2dc5967d Replace HTTP/2.0 with HTTP/2 2014-03-30 19:26:37 +09:00
Tatsuhiro Tsujikawa d074cb611f nghttpx: Add rate limit per worker thread
The existing options --{read,write}-{rate,burst} are per connection.
The new options --worker-{read,write}-{rate,burst} are per worker
thread, which is overall rate limit of all connections worker handles.
2014-03-09 14:53:28 +09:00
Tatsuhiro Tsujikawa 16497d91c1 nghttpx: Call upstream_writecb when underlying bufferevent buffer gets empty 2014-01-19 23:32:07 +09:00
Tatsuhiro Tsujikawa dfbea797bd src: Use static_cast instead of reinterpret_cast if possible 2014-01-19 21:18:37 +09:00
Tatsuhiro Tsujikawa a37bc88f40 nghttpx: Rename ClientHandler::get_pending_write_length to get_outbuf_length
And other renames.
2014-01-19 17:49:04 +09:00
Tatsuhiro Tsujikawa f59a9c5c58 nghttpx: Disable TLS renegotiation properly
4ed4efc does not disable TLS renegotiation at all, if client keeps
rengotiations without sending application data. In this change,
we intercept the raw incoming data from the client and if it is a
renegotiation, drop the connection immediately.
2014-01-19 17:25:18 +09:00
Tatsuhiro Tsujikawa 4ed4efc241 nghttpx: Disable TLS renegotiation 2014-01-18 19:53:52 +09:00