Commit Graph

3885 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa 36d562927f nghttpx: Use nghttp2::ssl::DEFAULT_CIPHER_LIST for backend TLS connection 2015-08-23 23:03:29 +09:00
Tatsuhiro Tsujikawa 928a81885c Limit the number of incoming reserved (remote) streams
RFC 7540 does not enforce any limit on the number of incoming reserved
streams (in RFC 7540 terms, streams in reserved (remote) state).  This
only affects client side, since only server can push streams.
Malicious server can push arbitrary number of streams, and make
client's memory exhausted.  The new option,
nghttp2_set_max_reserved_remote_streams, can set the maximum number of
such incoming streams to avoid possible memory exhaustion.  If this
option is set, and pushed streams are automatically closed on
reception, without calling user provided callback, if they exceed the
given limit.  The default value is 200.  If session is configured as
server side, this option has no effect.  Server can control the number
of streams to push.
2015-08-23 21:43:41 +09:00
Tatsuhiro Tsujikawa 647e30619f Remove nghttp2_pq_increase_key 2015-08-21 23:35:17 +09:00
Tatsuhiro Tsujikawa a4156cded3 fetch-ocsp-response: Handle spurious openssl exist status 0
With OpenSSL <= 1.0.1, openssl ocsp command still returns exit code 0,
even if verification was failed.  If that happens certain string is
emitted in stderr, so check that string and if exists, treat it as
error.  This issue was fixed in OpenSSL 1.0.2.

At least OpenSSL 1.0.2, openssl ocsp command still returns exit code
0, even if responder returned non-successful status code (e.g.,
trylater(3)).  We are not sure this is intentional or not.  To handle
this, we again check certain error string in stdout, and if it is
found, treat it as error.
2015-08-21 23:28:45 +09:00
Tatsuhiro Tsujikawa 4a99853021 nghttpd: Fix crash without SSL/TLS 2015-08-21 22:50:15 +09:00
Tatsuhiro Tsujikawa 176411aada Update doc 2015-08-20 23:31:22 +09:00
Tatsuhiro Tsujikawa 4b4a0f7492 nghttpd: GOAWAY if SSL/TLS requirements for HTTP/2 are not met 2015-08-20 21:21:56 +09:00
Tatsuhiro Tsujikawa fe4efb0a5e Merge branch 'thinred-master' 2015-08-20 19:12:40 +09:00
Tatsuhiro Tsujikawa 1006caf8e9 Merge branch 'master' of https://github.com/thinred/nghttp2 into thinred-master 2015-08-20 19:11:07 +09:00
Tatsuhiro Tsujikawa 780a0381ba h2load: Exit if --timing-script and -r option is used together 2015-08-20 19:07:03 +09:00
Tatsuhiro Tsujikawa e8ec7867b2 Merge branch 'LPardue-issue-332' 2015-08-20 19:02:56 +09:00
Tatsuhiro Tsujikawa 2423b21c71 Merge branch 'issue-332' of https://github.com/LPardue/nghttp2 into LPardue-issue-332 2015-08-20 18:53:10 +09:00
Lucas Pardue 08bf8a8f1a Move input file validation. Timing script auto nreqs scale correctly with nclients. 2015-08-19 15:23:43 +00:00
Tatsuhiro Tsujikawa 1c12606e70 nghttpx: Don't allow blacked listed cipher suites for HTTP/2 connection 2015-08-19 23:42:43 +09:00
Tatsuhiro Tsujikawa 059280d1a5 Add stream public API
The intention of this stream API is give server application about
stream dependency information, so that it can utilize it for better
scheduling of stream processing.  We have no plan to add object
oriented API based on stream object.
2015-08-19 23:04:06 +09:00
Tatsuhiro Tsujikawa 836b1de0d5 h2load: Remove trailing white spaces 2015-08-19 21:19:42 +09:00
Tatsuhiro Tsujikawa 12cecaa030 h2load: Remove trailing spaces and left conflict marker 2015-08-19 00:32:11 +09:00
Tatsuhiro Tsujikawa 50ae0ce739 Merge branch 'LPardue-h2load' 2015-08-19 00:29:14 +09:00
Lucas Pardue cd4758227d Add Timing-script and base URI support 2015-08-18 15:16:50 +00:00
Tatsuhiro Tsujikawa 2e643424ac Remove unused nghttp2_stream_roots declaration 2015-08-18 22:38:28 +09:00
Tatsuhiro Tsujikawa 9da6c88d25 h2load: Use ev_timer_init 2015-08-18 21:34:33 +09:00
Tatsuhiro Tsujikawa 04aaaa3821 h2load: Remove trailing white spaces 2015-08-18 21:32:47 +09:00
Tatsuhiro Tsujikawa da3bd559a9 Merge branch 'nshoemaker-time' 2015-08-18 21:22:24 +09:00
Nora 727ba4906c h2load adding timeout options 2015-08-18 01:52:22 -04:00
Tatsuhiro Tsujikawa 71623b674e Optimize pq 2015-08-18 00:26:20 +09:00
Tatsuhiro Tsujikawa 6a511aef0a Use remove/push combination instead of <= for performance 2015-08-18 00:21:42 +09:00
Tatsuhiro Tsujikawa 627d04fe6b nghttpd: Return date header field for 304 2015-08-17 23:49:01 +09:00
Tatsuhiro Tsujikawa 165cab7a29 nghttpd: Support HEAD request 2015-08-17 23:47:35 +09:00
Tatsuhiro Tsujikawa 5b59e46e2b Rewrite priority handling
We now use priority queue per stream, which contains the stream which
has ready to send a frame, or one of its descendants have a frame to
send.  We maintain invariant that if a stream is queued, then its
ancestors are also queued (except for root).  When we re-schedule
stream after transmission, we re-schedule all ancestors, so that
streams on the other path can get a chance to send.  This is basically
the same mechanism h2o project uses, but there are differences in the
details.
2015-08-17 22:35:50 +09:00
Tatsuhiro Tsujikawa 73b77964ef Reset last_cycle to 0 if queue gets empty 2015-08-15 01:08:20 +09:00
Tatsuhiro Tsujikawa 8ce8b2af46 src: Remove unused Memchunk::shrink 2015-08-15 00:57:58 +09:00
Tatsuhiro Tsujikawa d1e49a196d Remove restriction in regard to number of stream in dependency tree
Previously, the number of stream in one dependency tree (not including
root) is limited to 120.  This is due to the fact that we use
recursive calls to traverse trees.  Now we replaced recursive calls
with loop, we can remove this limitation.  Also now all streams are
descendant of root stream, rather than linked list of individual
subtree root.
2015-08-15 00:53:09 +09:00
Tatsuhiro Tsujikawa 8c8d1f6e14 Bump up version number to 1.2.2-DEV 2015-08-15 00:13:37 +09:00
Tatsuhiro Tsujikawa 48244b9aca Update man pages 2015-08-14 23:59:47 +09:00
Tatsuhiro Tsujikawa eb42fb4f49 Bump up version number to 1.2.1, LT revision to 14:8:0 2015-08-14 23:55:08 +09:00
Tatsuhiro Tsujikawa b37834c584 h2load: Use default Config values to show help 2015-08-14 23:22:26 +09:00
Tatsuhiro Tsujikawa d197d115dc h2load: Use floating point duration cast 2015-08-14 22:44:14 +09:00
Tatsuhiro Tsujikawa 3a1c37248a Update doc 2015-08-14 22:38:23 +09:00
Tatsuhiro Tsujikawa f7fa9eb21b Fix sum_norest_weight calculation bug in stream dependency tree 2015-08-14 01:27:50 +09:00
Tatsuhiro Tsujikawa 4839d6d513 Merge branch 'nshoemaker-r_n' 2015-08-14 00:04:21 +09:00
nshoemaker e1621584fa Fixing -r > -n check for when -n is not specified. 2015-08-13 05:09:40 -07:00
Tomasz Buchert 97566ce4e3 nghttpx: make early copy of stderr 2015-08-13 11:01:37 +02:00
Tomasz Buchert 900dcf4ced nghttpx: remove Android-specific code 2015-08-12 20:17:03 +02:00
Tomasz Buchert 06a0f3480e nghttpx: better handle /dev/stderr and /dev/stdout 2015-08-12 20:16:57 +02:00
Tatsuhiro Tsujikawa 473311269d nghttpx: Drop connection if client TLS handshake packet is too large 2015-08-13 01:24:59 +09:00
Tatsuhiro Tsujikawa 0c4cbc800b Document that previous OCSP response is continued to be used 2015-08-13 00:47:32 +09:00
Tatsuhiro Tsujikawa b8f05c89bd nghttpx: App data in SSL is Connection, not ClientHandler 2015-08-13 00:42:59 +09:00
Tatsuhiro Tsujikawa e91a576179 nghttpx: Rewrite TLS async handshake using memchunk buffers 2015-08-13 00:42:59 +09:00
Tatsuhiro Tsujikawa 72c661f1dd Merge branch 'yuki-kodama-openssl_no_ec' 2015-08-13 00:41:58 +09:00
Tatsuhiro Tsujikawa 2277cc771a Merge branch 'openssl_no_ec' of https://github.com/yuki-kodama/nghttp2 into yuki-kodama-openssl_no_ec 2015-08-13 00:32:15 +09:00