Hey Christian,
> # HG changeset patch
> # User Christian Klinger
> # Date 1478383992 -3600
> # Node ID 5719a734584d23a6bcd22a3e59dd36138d06b803
> # Parent 92ad1c92bcf93310bf59447dd581cac37af87adb
> Follow OpenSSL's switch from AES128 to AES256 for session tickets
>
> OpenSSL switched from AES128
Hey,
> While I agree that we should bump this to AES256 (or at least, make it
> work with both), your change to use AES256 with keys that are
> half-filled with zeros doesn't seem very appealing...
>
> I suggest that "ssl_session_ticket_key" should either accept only 80
> byte files (for use with
Hey Christian,
> # HG changeset patch
> # User Christian Klinger
> # Date 1478468739 -3600
> # Node ID 9cfbbce1ec24a31c29ea2f20cb21e32e5173bc60
> # Parent 92ad1c92bcf93310bf59447dd581cac37af87adb
> Follow OpenSSL's switch from AES128 to AES256 for session tickets
This should be:
SSL: switch fr
Hey Maxim,
> How is that related to the commit in question?
>
> Please note that I pinged you on 3 out of 6 commits, which I'm
> interested in getting in, regardless of ngx_ssl_verify_client() &
> friends.
Ping.
Best regards,
Piotr Sikora
___
nginx-de
Hey,
> # HG changeset patch
> # User Piotr Sikora
> # Date 1476859139 25200
> # Tue Oct 18 23:38:59 2016 -0700
> # Node ID 1eec5355ef1e4a8b0aecebdec84c744734c0d36e
> # Parent 8081e1f3ab8b9ccb4e2d7f9240cbfb8e404a3c95
> HTTP: add support for "429 Too Many Requests" response (RFC6585).
>
> Thi
# HG changeset patch
# User Piotr Sikora
# Date 1481667570 28800
# Tue Dec 13 14:19:30 2016 -0800
# Node ID c0b6eef901895a4790db1e62d2822651977399a4
# Parent 25a64c864f4d31761eb42d39cda8b0e80277816d
SSL: fix call to BIO_get_mem_data().
Fixes build with BoringSSL.
Signed-off-by: Piotr Sikor
Hey Maxim,
> details: http://hg.nginx.org/nginx/rev/e75e854657ba
> branches:
> changeset: 6817:e75e854657ba
> user: Maxim Dounin
> date: Mon Dec 05 22:23:23 2016 +0300
> description:
> SSL: $ssl_curves (ticket #1088).
>
> The variable contains a list of curves as supported by the clie
# HG changeset patch
# User Piotr Sikora
# Date 1481667570 28800
# Tue Dec 13 14:19:30 2016 -0800
# Node ID 4848b2eea6ba373d29c036b3b5acbeaf0f038587
# Parent 25a64c864f4d31761eb42d39cda8b0e80277816d
SSL: fix call to BIO_get_mem_data().
Fixes build with BoringSSL.
Signed-off-by: Piotr Sikor
Hey Maxim,
> If the goal is to fix the call, shouldn't identical one in
> src/event/ngx_event_openssl_stapling.c be fixed as well?
Good catch, thanks!
Best regards,
Piotr Sikora
___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.or
Hey,
> # HG changeset patch
> # User Piotr Sikora
> # Date 1476859139 25200
> # Tue Oct 18 23:38:59 2016 -0700
> # Node ID 1eec5355ef1e4a8b0aecebdec84c744734c0d36e
> # Parent 8081e1f3ab8b9ccb4e2d7f9240cbfb8e404a3c95
> HTTP: add support for "429 Too Many Requests" response (RFC6585).
>
> Thi
Hey,
> # HG changeset patch
> # User Piotr Sikora
> # Date 1476859139 25200
> # Tue Oct 18 23:38:59 2016 -0700
> # Node ID 1eec5355ef1e4a8b0aecebdec84c744734c0d36e
> # Parent 8081e1f3ab8b9ccb4e2d7f9240cbfb8e404a3c95
> HTTP: add support for "429 Too Many Requests" response (RFC6585).
>
> Thi
# HG changeset patch
# User Piotr Sikora
# Date 1488324535 28800
# Tue Feb 28 15:28:55 2017 -0800
# Node ID 9a63d6e990d230db0ec6b03250265447f648526e
# Parent 8b7fd958c59f8280d167fe7dd93f1942bfed5876
HTTP: add support for "429 Too Many Requests" response (RFC6585).
This change adds reason ph
# HG changeset patch
# User Piotr Sikora
# Date 1488324535 28800
# Tue Feb 28 15:28:55 2017 -0800
# Node ID c9d43c652ac776068e78f695dde00606eed184f8
# Parent e21f12a958010e1f3e5cdc1640859e335e032ca5
Limit req: change default response code when rate-limiting.
Previously, "503 Service Unavail
# HG changeset patch
# User Piotr Sikora
# Date 1488324535 28800
# Tue Feb 28 15:28:55 2017 -0800
# Node ID e21f12a958010e1f3e5cdc1640859e335e032ca5
# Parent 9a63d6e990d230db0ec6b03250265447f648526e
Upstream: allow recovery from "429 Too Many Requests" response.
This change adds "http_429"
Hi Maxim,
> Not sure it's good idea to don't count a 429 response as a peer
> failure. Contrary, counting it as a failure will naturally reduce
> load on the particular server, resulting in less rejects.
But 429 can be returned on a per request basis (think client IP
exceeding limit_req limits,
Hi Maxim,
> As I already wrote, I certainly disagree with this change.
Yes, that was expected (that's why it was originally split into
separate change).
Is there a particular reason why do you disagree? It's hard to have a
constructive discussion if you don't provide any reasoning for your
(poss
# HG changeset patch
# User Piotr Sikora
# Date 1490348883 25200
# Fri Mar 24 02:48:03 2017 -0700
# Node ID 799ef976b58cadbc212bd790a666033d3777c10d
# Parent 39ff6939266e913e8bfd400e60f9520e70725a4d
HTTP: add support for "429 Too Many Requests" response (RFC6585).
This change adds reason ph
# HG changeset patch
# User Piotr Sikora
# Date 1490348883 25200
# Fri Mar 24 02:48:03 2017 -0700
# Node ID b377cfedf632b14a3d459e12342a0557a25a790c
# Parent 799ef976b58cadbc212bd790a666033d3777c10d
Upstream: allow recovery from "429 Too Many Requests" response.
This change adds "http_429"
Hey Maxim,
> Sure, but why one would use "proxy_next_upstream http_429" then?
>
> If one of your backends reject a requests based on client's IP /
> login, then you probably don't want nginx to retry such a request
> on other servers, as this will just allow the user to do more
> requests when you
# HG changeset patch
# User Piotr Sikora
# Date 1490351854 25200
# Fri Mar 24 03:37:34 2017 -0700
# Node ID 6d878f4585b977053a9d00053bbb7aff263eb96c
# Parent a0f291f0a903b863161900f4d0cbb405f5d7a735
Headers filter: add "add_trailer" directive.
Trailers added using this directive are evaluat
# HG changeset patch
# User Piotr Sikora
# Date 1490351854 25200
# Fri Mar 24 03:37:34 2017 -0700
# Node ID 94e49d08e3b4de32416f5841e38a2388e092191d
# Parent 6d878f4585b977053a9d00053bbb7aff263eb96c
Upstream: add support for trailers in HTTP responses.
Please note that due to how upstream m
# HG changeset patch
# User Piotr Sikora
# Date 1490351854 25200
# Fri Mar 24 03:37:34 2017 -0700
# Node ID a0f291f0a903b863161900f4d0cbb405f5d7a735
# Parent 39ff6939266e913e8bfd400e60f9520e70725a4d
HTTP: add support for trailers in HTTP responses.
Example:
ngx_table_elt_t *h;
h =
# HG changeset patch
# User Piotr Sikora
# Date 1490516705 25200
# Sun Mar 26 01:25:05 2017 -0700
# Node ID 8d3fb456411018e286345ba92a855ca42ca8af2f
# Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061
HTTP/2: emit PROTOCOL_ERROR on padding errors.
Signed-off-by: Piotr Sikora
diff -r 22be63b
# HG changeset patch
# User Piotr Sikora
# Date 1490516703 25200
# Sun Mar 26 01:25:03 2017 -0700
# Node ID dd6c656ed7a327641b2ddfc34768f9551e44bb0f
# Parent 74ee816e712ee3b731437947470383555653338d
HTTP/2: fix $body_bytes_sent variable.
Previously, its value included payloads and frame hea
# HG changeset patch
# User Piotr Sikora
# Date 1490516707 25200
# Sun Mar 26 01:25:07 2017 -0700
# Node ID 705897a463205ba00dce296ff49866c6b78fc6ee
# Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061
HTTP/2: emit PROTOCOL_ERROR on invalid ENABLE_PUSH setting value.
Signed-off-by: Piotr Sikor
# HG changeset patch
# User Piotr Sikora
# Date 1490516702 25200
# Sun Mar 26 01:25:02 2017 -0700
# Node ID 74ee816e712ee3b731437947470383555653338d
# Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061
HTTP/2: fix $bytes_sent variable.
Previously, its value accounted for payloads of HEADERS, C
# HG changeset patch
# User Piotr Sikora
# Date 1490516701 25200
# Sun Mar 26 01:25:01 2017 -0700
# Node ID a79510a00969e97331e8dbc8a423e0265115b2e4
# Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061
HTTP/2: style.
Signed-off-by: Piotr Sikora
diff -r 22be63bf21ed -r a79510a00969 src/http/v
# HG changeset patch
# User Piotr Sikora
# Date 1490516706 25200
# Sun Mar 26 01:25:06 2017 -0700
# Node ID 9bbcacbdf6bd858a34a9dfd1ac2185eb8fc8c82f
# Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061
HTTP/2: emit PROTOCOL_ERROR on invalid WINDOW_UPDATE increments.
Signed-off-by: Piotr Sikora
# HG changeset patch
# User Piotr Sikora
# Date 1490516704 25200
# Sun Mar 26 01:25:04 2017 -0700
# Node ID 899a53d2789b8c6bafdd5e40d78b4e92dd32dd10
# Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061
HTTP/2: fix flow control with padded DATA frames.
Previously, flow control didn't account fo
# HG changeset patch
# User Piotr Sikora
# Date 1490516710 25200
# Sun Mar 26 01:25:10 2017 -0700
# Node ID 31dfcde3ea2ccf1a2dbd2601ebe8f4306887fc0f
# Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061
HTTP/2: add logging of RST_STREAM frames with NO_ERROR code.
Signed-off-by: Piotr Sikora
d
# HG changeset patch
# User Piotr Sikora
# Date 1490516708 25200
# Sun Mar 26 01:25:08 2017 -0700
# Node ID 6bb029b1df11662ba11e190490cf1ed175fcfaa6
# Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061
HTTP/2: reject HTTP/2 requests without ":scheme" pseudo-header.
While there, fix typo in err
# HG changeset patch
# User Piotr Sikora
# Date 1490516711 25200
# Sun Mar 26 01:25:11 2017 -0700
# Node ID 6990fb6463ce47705e06ff6d0fbd9ae6696aeb37
# Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061
HTTP/2: add debug logging of pseudo-headers and control frames.
Signed-off-by: Piotr Sikora
# HG changeset patch
# User Piotr Sikora
# Date 1490516712 25200
# Sun Mar 26 01:25:12 2017 -0700
# Node ID f9fd6a8babce9f57f038d304dc1eef82284dde8b
# Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061
HTTP/2: add fast-path for HTTP/2 requests without request body.
Signed-off-by: Piotr Sikora
# HG changeset patch
# User Piotr Sikora
# Date 1490516709 25200
# Sun Mar 26 01:25:09 2017 -0700
# Node ID b8daccea5fde213d4b7a10fa9f57070ab3b6a1ec
# Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061
HTTP/2: reject HTTP/2 requests with "Connection" header.
While there, populate r->headers_in
Hey Valentin,
>> @@ -802,33 +805,32 @@ ngx_http_v2_state_data(ngx_http_v2_conne
>> }
>>
>> h2c->state.padding = *pos++;
>> -h2c->state.length--;
>> -
>> -if (h2c->state.padding > h2c->state.length) {
>> +
>> +if (h2c->state.padding >= size) {
>>
Hey Valentin,
> I'm not sure that strictly following RFC here is worth the effort.
>
> It seems there's no other "harm" from zero window updates except that it
> allows to reset timers without any progress. That's only slightly worse
> than 1-bytes window updates.
Flow control interoperability a
Hey Valentin,
> Is there any practical reason for the check considering that
> the value is ignored anyway?
None, other than following RFC and providing early detection of broken clients.
Best regards,
Piotr Sikora
___
nginx-devel mailing list
nginx-de
Hey Valentin,
> This part of patch can be added to the style one:
>
> "HTTP/2: style and typos."
Assuming that this patch gets dropped or even if it gets committed?
> Is there any practical reason to force this restriction?
None, other than following RFC and providing early detection of broke
# HG changeset patch
# User Piotr Sikora
# Date 1490516706 25200
# Sun Mar 26 01:25:06 2017 -0700
# Node ID ccb36c87291e38d1a63224d143cbeaa4ee4a4287
# Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061
HTTP/2: emit PROTOCOL_ERROR on invalid WINDOW_UPDATE increments.
Signed-off-by: Piotr Sikora
Hey Valentin,
> Here's my version of the patch.
> It's made similar to ngx_http_v2_state_priority().
>
> # HG changeset patch
> # User Valentin Bartenev
> # Date 1490721720 -10800
> # Tue Mar 28 20:22:00 2017 +0300
> # Node ID 3e798c552767068056c0251d7b6bd9ffd2587fc0
> # Parent ce37362a7a70
Hey Valentin,
> Currently such frames are logged with message:
>
> "client terminated stream %ui with status 0"
>
> Could you explain why NO_ERROR needs special handling here?
The same reason that "client canceled stream %ui" does, it's more
appropriate error message.
> I haven't found in RFC
Hey Valentin,
> IMHO it's not a good idea to combine style fixes with behavior changes.
> Behavior changing commits are occasionally reverted.
Fair enough, I'll update both patches shortly.
> That's why it's still TODO (in other words intentionally skipped).
> We discussed it with QA and decided
# HG changeset patch
# User Piotr Sikora
# Date 1490516701 25200
# Sun Mar 26 01:25:01 2017 -0700
# Node ID c76c2cedb2b2a1af16d77448e81801954713961f
# Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061
HTTP/2: style and typos.
Signed-off-by: Piotr Sikora
diff -r 22be63bf21ed -r c76c2cedb2b2
# HG changeset patch
# User Piotr Sikora
# Date 1490516708 25200
# Sun Mar 26 01:25:08 2017 -0700
# Node ID 970f063ddc7aa1faa646514418abd6a9b2eff889
# Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061
HTTP/2: reject HTTP/2 requests without ":scheme" pseudo-header.
Signed-off-by: Piotr Sikora
Hey Valentin,
> That doesn't look like a correct patch to me as it changes behavior
> of ngx_http_read_client_request_body() specifically for HTTP/2 case.
Well, the behavior is already different, which is what this patch is
trying to mitigate.
In case of HTTP/1.x, a single buffer with headers is
# HG changeset patch
# User Piotr Sikora
# Date 1490516712 25200
# Sun Mar 26 01:25:12 2017 -0700
# Node ID 630a8209defe25add7094dfc7b9bc9bcabe0933d
# Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061
HTTP/2: add fast-path for HTTP/2 requests without request body.
Signed-off-by: Piotr Sikora
Hey Maxim,
> How does google.com as a service behave with such clients?
It sends RST_STREAM with PROTOCOL_ERROR.
Best regards,
Piotr Sikora
___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
# HG changeset patch
# User Piotr Sikora
# Date 1490351854 25200
# Fri Mar 24 03:37:34 2017 -0700
# Node ID 8af81a0d66c0f69bcf501edcf10deed4c8f7fbd4
# Parent 39ff6939266e913e8bfd400e60f9520e70725a4d
HTTP: add support for trailers in HTTP responses.
Example:
ngx_table_elt_t *h;
h =
# HG changeset patch
# User Piotr Sikora
# Date 1490351854 25200
# Fri Mar 24 03:37:34 2017 -0700
# Node ID 5bab17ebe2b1f8ec42cf069bf484489c2a92c7a8
# Parent 8af81a0d66c0f69bcf501edcf10deed4c8f7fbd4
Headers filter: add "add_trailer" directive.
Trailers added using this directive are evaluat
# HG changeset patch
# User Piotr Sikora
# Date 1490351854 25200
# Fri Mar 24 03:37:34 2017 -0700
# Node ID 488c59bd49dcb1503144fe4d712165b69d1a5945
# Parent 5bab17ebe2b1f8ec42cf069bf484489c2a92c7a8
Upstream: add support for trailers in HTTP responses.
Please note that due to how upstream m
Hey,
> +static ngx_int_t
> +ngx_http_upstream_copy_trailer(ngx_http_request_t *r,
> +ngx_table_elt_t *h, ngx_uint_t offset)
> +{
> +ngx_table_elt_t *ho;
> +
> +if (!r->upstream->conf->pass_trailers
> +|| !r->allow_trailers || !r->expect_trailers)
> +{
> +return NGX
# HG changeset patch
# User Piotr Sikora
# Date 1490516711 25200
# Sun Mar 26 01:25:11 2017 -0700
# Node ID 06d6418afe6e73604aea707ef9c5802f5bf27bf4
# Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061
HTTP/2: add debug logging of control frames.
Signed-off-by: Piotr Sikora
diff -r 22be63bf2
# HG changeset patch
# User Piotr Sikora
# Date 1490516711 25200
# Sun Mar 26 01:25:11 2017 -0700
# Node ID 3d72ae17c41990774721a678c50b8307ecb684c8
# Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061
HTTP/2: add debug logging of pseudo-headers.
Signed-off-by: Piotr Sikora
diff -r 22be63bf2
Hey,
> # HG changeset patch
> # User Piotr Sikora
> # Date 1490516711 25200
> # Sun Mar 26 01:25:11 2017 -0700
> # Node ID 6990fb6463ce47705e06ff6d0fbd9ae6696aeb37
> # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061
> HTTP/2: add debug logging of pseudo-headers and control frames.
>
> Signe
Hey Valentin,
> # HG changeset patch
> # User Piotr Sikora
> # Date 1490516712 25200
> # Sun Mar 26 01:25:12 2017 -0700
> # Node ID 630a8209defe25add7094dfc7b9bc9bcabe0933d
> # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061
> HTTP/2: add fast-path for HTTP/2 requests without request body.
Hey,
> # HG changeset patch
> # User Piotr Sikora
> # Date 1490351854 25200
> # Fri Mar 24 03:37:34 2017 -0700
> # Node ID 8af81a0d66c0f69bcf501edcf10deed4c8f7fbd4
> # Parent 39ff6939266e913e8bfd400e60f9520e70725a4d
> HTTP: add support for trailers in HTTP responses.
>
> Example:
>
>ngx
Hey Valentin,
> Maybe "http2 pseudo-header: \":%V: %V\""?
> Because it doesn't look like a valid "http header".
I was going back and forth between different versions, but I ended up
using "http header", which matches rest of the headers and has the
same alignment, because then pseudo-headers look
Hey Valentin,
> You can always find these values in configuration, and I can't remember a
> case where
> I've ever needed them. On the contrary, there's always a problem with the
> huge size
> of typical http/2 debug log. So it's not a good idea to add something just
> because
> we can.
As s
# HG changeset patch
# User Piotr Sikora
# Date 1490516711 25200
# Sun Mar 26 01:25:11 2017 -0700
# Node ID 7414a1467d0684a73d091c508834973b944890cd
# Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061
HTTP/2: add debug logging of control frames.
Signed-off-by: Piotr Sikora
diff -r 22be63bf2
Hey Valentin,
> With your patch the behavior is different in these cases:
>
> GET / HTTP/1.1
> Host: example.com
> Transfer-Encoding: chunked
>
> 0
>
> and
>
> HEADERS
> DATA length:0 END_STREAM
That wasn't really the case I was optimizing for, but that's a good point.
> Moreover, it depends on
# HG changeset patch
# User Piotr Sikora
# Date 1490516711 25200
# Sun Mar 26 01:25:11 2017 -0700
# Node ID 7e98d1dbb9ffc83a4ae621e05f8ebdc23fdf3b70
# Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061
HTTP/2: add debug logging of pseudo-headers and cookies.
Signed-off-by: Piotr Sikora
diff
# HG changeset patch
# User Piotr Sikora
# Date 1493073310 25200
# Mon Apr 24 15:35:10 2017 -0700
# Node ID 07adf0a7009c3244de4b795c0c06927f4316a87f
# Parent 2c4dbcd6f2e4c9c2a1eb8dc1f0d39c99975ae208
HTTP/2: emit new frames only after applying all SETTINGS params.
Previously, new frames coul
# HG changeset patch
# User Piotr Sikora
# Date 1493073310 25200
# Mon Apr 24 15:35:10 2017 -0700
# Node ID a8cfd4c454ff5433629bfd16444c6c71ee932fa1
# Parent 07adf0a7009c3244de4b795c0c06927f4316a87f
HTTP/2: send SETTINGS ACK after applying all SETTINGS params.
This avoids sending unnecessar
# HG changeset patch
# User Piotr Sikora
# Date 1493073310 25200
# Mon Apr 24 15:35:10 2017 -0700
# Node ID b8d7f4a4d5abb4a27a772910358e263d49c618ef
# Parent a8cfd4c454ff5433629bfd16444c6c71ee932fa1
HTTP/2: make SETTINGS ACK frame reusable.
Signed-off-by: Piotr Sikora
diff -r a8cfd4c454ff
# HG changeset patch
# User Piotr Sikora
# Date 1493073310 25200
# Mon Apr 24 15:35:10 2017 -0700
# Node ID 3624fa075acac110a08c0f1c928c545a58c5801f
# Parent b8d7f4a4d5abb4a27a772910358e263d49c618ef
HTTP/2: don't send SETTINGS ACK before already queued DATA frames.
Previously, SETTINGS ACK
# HG changeset patch
# User Piotr Sikora
# Date 1490516711 25200
# Sun Mar 26 01:25:11 2017 -0700
# Node ID 164b95f24f414359c5b8045415da3de82653c4db
# Parent 2c4dbcd6f2e4c9c2a1eb8dc1f0d39c99975ae208
HTTP/2: add debug logging of pseudo-headers and cookies.
Signed-off-by: Piotr Sikora
diff
Hey Valentin,
> I think that pseudo-headers have different processing and shouldn't be
> a part of the same block as normal http headers. That's why I prefer
> the second variant:
>
> http2 pseudo-header: ":method: GET"
Fair enough, patch updated.
Best regards,
Piotr Sikora
Hey Valentin,
> I actually agree with that, but let's try to reduce the size of printing.
>
> http2 send SETTINGS frame MAX_CONCURRENT_STREAMS
> http2 send SETTINGS frame INITIAL_WINDOW_SIZE
> http2 send SETTINGS frame MAX_FRAME_SIZE
>
> This looks like too verbose for just one SETTINGS fram
Hey,
On Wed, Oct 19, 2016 at 12:51 AM, Piotr Sikora wrote:
> # HG changeset patch
> # User Piotr Sikora
> # Date 1476859304 25200
> # Tue Oct 18 23:41:44 2016 -0700
> # Node ID ae85978091f832d27d862e468ee5e4cbfb18da11
> # Parent 8081e1f3ab8b9ccb4e2d7f9240cbfb8e404a3c95
> SSL: decrease log
Hey Maxim,
> Note that we don't use the "HTTP:" prefix.
Maybe it's time to start using it, then? Otherwise, commit messages
are inconsistent.
> Overral, I see at least the following problems with the approach
> taken:
>
> 1. The behaviour depends on the "TE: trailers" header - trailers
> are not
Hey Maxim,
> As you can see from the quote, it talks about not generating
> "trailer fields that it believes are necessary for the user agent
> to receive". RFC 2616 is even more clear on this, specifically
> lists two cases when trailers can be generated, section 3.6.1:
>
>A server using chu
Hey Valentin,
> +h = ngx_list_push(&r->headers_in.headers);
> +if (h == NULL) {
> +return ngx_http_v2_connection_error(h2c,
> NGX_HTTP_V2_INTERNAL_ERROR);
This needs to wrap, since the line is too long.
Otherwise, looks good, thanks!
Best regards,
Piotr Sikora
_
Hey Valentin,
> What do you suggest instead? All 3 params in the same line?
>
>http2 send SETTINGS frame MAX_CONCURRENT_STREAMS:%ui
> INITIAL_WINDOW_SIZE:%uz MAX_FRAME_SIZE:%ud
>
> What about receiving part, then? Do you want to put all 6 params in
> the same line?
>
>http2 recv SETTINGS f
Hey,
> # HG changeset patch
> # User Piotr Sikora
> # Date 1493073310 25200
> # Mon Apr 24 15:35:10 2017 -0700
> # Node ID 07adf0a7009c3244de4b795c0c06927f4316a87f
> # Parent 2c4dbcd6f2e4c9c2a1eb8dc1f0d39c99975ae208
> HTTP/2: emit new frames only after applying all SETTINGS params.
>
> Prev
# HG changeset patch
# User Piotr Sikora
# Date 1496263895 25200
# Wed May 31 13:51:35 2017 -0700
# Node ID 057ec63be834988b6435b4ef64a1c3bd0cc23959
# Parent ab6ef3037840393752d82fac01ea1eb4f972301c
Headers filter: style.
Signed-off-by: Piotr Sikora
diff -r ab6ef3037840 -r 057ec63be834
s
# HG changeset patch
# User Piotr Sikora
# Date 1496263896 25200
# Wed May 31 13:51:36 2017 -0700
# Node ID e7219bf8bc3781d3912a951f09553bb2f0a53b70
# Parent ab6ef3037840393752d82fac01ea1eb4f972301c
Upstream: style.
Signed-off-by: Piotr Sikora
diff -r ab6ef3037840 -r e7219bf8bc37 src/http
Hey Valentin,
> As the 1.11 branch is going to be stable soon, it's a good idea to postpone
> any changes that explicitly affect interoperability (at least till 1.13).
Any thoughts on this now that 1.12 branched?
Best regards,
Piotr Sikora
___
nginx-de
Hey,
> # HG changeset patch
> # User Piotr Sikora
> # Date 1490516709 25200
> # Sun Mar 26 01:25:09 2017 -0700
> # Node ID b8daccea5fde213d4b7a10fa9f57070ab3b6a1ec
> # Parent 22be63bf21edaa1b8ea916c7d8cd4e5fe4892061
> HTTP/2: reject HTTP/2 requests with "Connection" header.
>
> While there,
# HG changeset patch
# User Piotr Sikora
# Date 1496272340 25200
# Wed May 31 16:12:20 2017 -0700
# Node ID a8050d50338bf127d57f820744a498517bf44b68
# Parent ab6ef3037840393752d82fac01ea1eb4f972301c
HTTP/2: reject HTTP/2 requests with invalid "TE" header value.
Signed-off-by: Piotr Sikora
# HG changeset patch
# User Piotr Sikora
# Date 1493067124 25200
# Mon Apr 24 13:52:04 2017 -0700
# Node ID 1738ed9658e2a9a12370f4c828761a9fd058935d
# Parent ab6ef3037840393752d82fac01ea1eb4f972301c
HTTP/2: emit new frames only after applying all SETTINGS params.
Previously, new frames coul
# HG changeset patch
# User Piotr Sikora
# Date 1493067017 25200
# Mon Apr 24 13:50:17 2017 -0700
# Node ID e00ba13ce421685981db6a98831409a234cc1e62
# Parent d61e944f55e70a5a25c8a79bfc5c167b7f22d62e
HTTP/2: make SETTINGS ACK frame reusable.
Signed-off-by: Piotr Sikora
diff -r d61e944f55e7
# HG changeset patch
# User Piotr Sikora
# Date 1493067147 25200
# Mon Apr 24 13:52:27 2017 -0700
# Node ID d61e944f55e70a5a25c8a79bfc5c167b7f22d62e
# Parent 1738ed9658e2a9a12370f4c828761a9fd058935d
HTTP/2: send SETTINGS ACK after applying all SETTINGS params.
This avoids sending unnecessar
# HG changeset patch
# User Piotr Sikora
# Date 1493067070 25200
# Mon Apr 24 13:51:10 2017 -0700
# Node ID 26c9e95a73295a344d39ac5e6d62787d26989c82
# Parent e00ba13ce421685981db6a98831409a234cc1e62
HTTP/2: don't send SETTINGS ACK before already queued DATA frames.
Previously, SETTINGS ACK
Hey Valentin,
> The new initial window size can be lower than the previous one,
> so the difference can be negative (that's why the delta parameter
> of ngx_http_v2_adjust_windows() is ssize_t).
Oops, good catch, thanks!
Funnily enough, the original patch worked just fine (at least on
systems wh
# HG changeset patch
# User Piotr Sikora
# Date 1490351854 25200
# Fri Mar 24 03:37:34 2017 -0700
# Node ID b0a910ad494158427ba102bdac71ce01d0667f72
# Parent 716852cce9136d977b81a2d1b8b6f9fbca0dce49
Added support for trailers in HTTP responses.
Example:
ngx_table_elt_t *h;
h = ngx_
# HG changeset patch
# User Piotr Sikora
# Date 1493191954 25200
# Wed Apr 26 00:32:34 2017 -0700
# Node ID e84aa49c5bc7a3250d4844b581e4bf3ed42db5f5
# Parent b0a910ad494158427ba102bdac71ce01d0667f72
HTTP/2: added support for trailers in HTTP responses.
Signed-off-by: Piotr Sikora
diff -r
# HG changeset patch
# User Piotr Sikora
# Date 1490351854 25200
# Fri Mar 24 03:37:34 2017 -0700
# Node ID 52201fff87e8c5a096287cf206cdcc14c0d81ce7
# Parent e84aa49c5bc7a3250d4844b581e4bf3ed42db5f5
Headers filter: added "add_trailer" directive.
Trailers added using this directive are evalu
Hey Maxim,
> In your patch, you test r->expect_trailers in two places in
> chunked filter:
>
> 1. when you decide whether to use chunked encoding or not, in
>ngx_http_chunked_header_filter();
>
> 2. when you generate trailer, in ngx_http_chunked_body_filter().
>
> I mostly agree with (1) (I wo
Hey Maxim,
> This introduces a layering violation between the headers filter
> and the chunked filter.
I moved trailer generation to headers filter, let me know if that works for you.
Unfortunately, because of that change, trailers are evaluated earlier
in the process, and some variables from bo
Hey Maxim,
> Overral, this patch looks at most half-ready, as it doesn't even
> try to implement sending trailers (r->expect_trailers is never
> set), lacks any support for trailers in the cache, and so on.
Actually, it's pretty much ready... r->expect_trailers is supposed to
be set by upstream m
Hey Maxim,
> I see two problems here:
>
> a. There may be use cases when forcing chunked encoding is not
> desired, but emitting trailers if it is used still makes sense.
Like what, exactly?
Also, gzip module forces chunked encoding and it works just fine. I
don't see why are you making this suc
# HG changeset patch
# User Piotr Sikora
# Date 1490351854 25200
# Fri Mar 24 03:37:34 2017 -0700
# Node ID 41c09a2fd90410e25ad8515793bd48028001c954
# Parent 716852cce9136d977b81a2d1b8b6f9fbca0dce49
Added support for trailers in HTTP responses.
Example:
ngx_table_elt_t *h;
h = ngx_
Hey Maxim,
> Note: the "TE: trailers" requirement is no longer present in the
> code.
Good catch, thanks!
> This code results in using chunked encoding for HTTP/1.0 when
> trailers are expected. Such behaviour is explicitly forbidden by
> the HTTP/1.1 specification, and will very likely result
# HG changeset patch
# User Piotr Sikora
# Date 1493191954 25200
# Wed Apr 26 00:32:34 2017 -0700
# Node ID 8d74ff6c2015180f5c1f399f492214d7d0a52b3f
# Parent 41c09a2fd90410e25ad8515793bd48028001c954
HTTP/2: added support for trailers in HTTP responses.
Signed-off-by: Piotr Sikora
diff -r
# HG changeset patch
# User Piotr Sikora
# Date 1490351854 25200
# Fri Mar 24 03:37:34 2017 -0700
# Node ID acdc80c0d4ef8aa2519e2882ff1a3bd4a316ad81
# Parent 8d74ff6c2015180f5c1f399f492214d7d0a52b3f
Headers filter: added "add_trailer" directive.
Trailers added using this directive are evalu
Hey Maxim,
> (Just for the record, with the first patch fixed to avoid using
> chunked with HTTP/1.0, the "Trailer" header is expectedly still
> added with HTTP/1.0. This confirms the idea that the approach
> choosen is somewhat fragile.)
It confirms no such thing. The only thing it confirms is
# HG changeset patch
# User Piotr Sikora
# Date 1489618489 25200
# Wed Mar 15 15:54:49 2017 -0700
# Node ID e472b23fdc387943ea90fb2f0ae415d9d104edc7
# Parent 716852cce9136d977b81a2d1b8b6f9fbca0dce49
Proxy: always emit "Host" header first.
Signed-off-by: Piotr Sikora
diff -r 716852cce913 -
# HG changeset patch
# User Piotr Sikora
# Date 1489618535 25200
# Wed Mar 15 15:55:35 2017 -0700
# Node ID ff79d6887fc92d0344eac3e87339583265241e36
# Parent 716852cce9136d977b81a2d1b8b6f9fbca0dce49
Proxy: split configured header names and values.
Previously, each configured header was repr
# HG changeset patch
# User Piotr Sikora
# Date 1489621682 25200
# Wed Mar 15 16:48:02 2017 -0700
# Node ID 7733d946e2651a2486a53d912703e2dfaea30421
# Parent 716852cce9136d977b81a2d1b8b6f9fbca0dce49
Proxy: add "proxy_ssl_alpn" directive.
ALPN is used here only to indicate which version of t
# HG changeset patch
# User Piotr Sikora
# Date 1491708381 25200
# Sat Apr 08 20:26:21 2017 -0700
# Node ID 2a48b9b6e67d91594c1787ebf721daebf5f88c91
# Parent 716852cce9136d977b81a2d1b8b6f9fbca0dce49
Output chain: propagate flush and last_buf flags to send_chain().
Signed-off-by: Piotr Sikor
1 - 100 of 187 matches
Mail list logo
