From 7d9d55af6caf80d4d93ea5130853be63ef892525 Mon Sep 17 00:00:00 2001 From: lijunlong Date: Thu, 1 Aug 2024 14:22:22 +0800 Subject: [PATCH 01/19] bugfix: nginx crashed when binding local address failed from lua. 0 0x00007f10b0b16c59 in __memcpy_ssse3_back () from /lib64/libc.so.6 1 0x000000000042e2ba in ngx_sprintf_str (buf=, last=last@entry=0x7fff82779250 "P\251#\002", src=, len=192, hexadecimal=hexadecimal@entry=0) at src/core/ngx_string.c:586 2 0x000000000042e824 in ngx_vslprintf (buf=, buf@entry=0x7fff82778279 "bind() failed (\347(G\300\a", last=last@entry=0x7fff82779250 "P\251#\002", fmt=0x59c7fc "V) failed", fmt@entry=0x59c7f6 "bind(%V) failed", args=args@entry=0x7fff82779258) at src/core/ngx_string.c:255 3 0x000000000042a243 in ngx_log_error_core (level=level@entry=3, log=log@entry=0x2263360, err=98, fmt=fmt@entry=0x59c7f6 "bind(%V) failed") at src/core/ngx_log.c:137 4 0x000000000044c4fc in ngx_event_connect_peer (pc=pc@entry=0x223a950) at src/event/ngx_event_connect.c:169 5 0x000000000049af8c in ngx_http_upstream_connect (r=r@entry=0x22923b0, u=u@entry=0x223a940) at src/http/ngx_http_upstream.c:1562 6 0x000000000049c410 in ngx_http_upstream_init_request (r=r@entry=0x22923b0) at src/http/ngx_http_upstream.c:826 7 0x000000000049ee79 in ngx_http_upstream_init (r=0x22923b0) at src/http/ngx_http_upstream.c:554 8 0x00000000004906ad in ngx_http_read_client_request_body (r=r@entry=0x22923b0, post_handler=0x49ed31 ) at src/http/ngx_http_request_body.c:47 9 0x00000000004dba84 in ngx_http_proxy_handler (r=0x22923b0) at src/http/modules/ngx_http_proxy_module.c:1023 10 0x00000000004822f4 in ngx_http_core_content_phase (r=0x22923b0, ph=) at src/http/ngx_http_core_module.c:1271 11 0x000000000047cb13 in ngx_http_core_run_phases (r=0x22923b0) at src/http/ngx_http_core_module.c:885 12 0x000000000047cc1e in ngx_http_handler (r=) at src/http/ngx_http_core_module.c:868 13 0x0000000000485f0e in ngx_http_run_posted_requests (c=c@entry=0x227c8f0) at src/http/ngx_http_request.c:2470 14 0x0000000000488b8b in ngx_http_process_request_headers (rev=rev@entry=0x22204f0) at src/http/ngx_http_request.c:1552 15 0x0000000000488e83 in ngx_http_process_request_line (rev=rev@entry=0x22204f0) at src/http/ngx_http_request.c:1196 16 0x0000000000489b82 in ngx_http_keepalive_handler (rev=0x22204f0) at src/http/ngx_http_request.c:3441 17 0x00000000004556e1 in ngx_epoll_process_events (cycle=0x2213ce0, timer=, flags=) at src/event/modules/ngx_epoll_module.c:901 18 0x000000000044a286 in ngx_process_events_and_timers (cycle=cycle@entry=0x2213ce0) at src/event/ngx_event.c:258 19 0x00000000004546a1 in ngx_single_process_cycle (cycle=cycle@entry=0x2213ce0) at src/os/unix/ngx_process_cycle.c:323 20 0x0000000000429793 in main (argc=, argv=) at src/core/nginx.c:384 --- src/ngx_http_lua_balancer.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/ngx_http_lua_balancer.c b/src/ngx_http_lua_balancer.c index 5401a1ac88..9e5f97a00f 100644 --- a/src/ngx_http_lua_balancer.c +++ b/src/ngx_http_lua_balancer.c @@ -994,7 +994,7 @@ ngx_http_lua_ffi_balancer_bind_to_local_addr(ngx_http_request_t *r, bp = (ngx_http_lua_balancer_peer_data_t *) u->peer.data; if (bp->local == NULL) { - bp->local = ngx_palloc(r->pool, sizeof(ngx_addr_t)); + bp->local = ngx_palloc(r->pool, sizeof(ngx_addr_t) + addr_len + 1); if (bp->local == NULL) { p = ngx_snprintf(errbuf, *errbuf_size, "no memory"); *errbuf_size = p - errbuf; @@ -1009,6 +1009,11 @@ ngx_http_lua_ffi_balancer_bind_to_local_addr(ngx_http_request_t *r, return NGX_ERROR; } + bp->local->name.len = addr_len; + bp->local->name.data = (u_char *) (bp->local + 1); + memcpy(bp->local->name.data, addr, addr_len); + bp->local->name.data[addr_len] = '\0'; + return NGX_OK; } From 4e01ba2cb6e6f84c7f4a31abd3ad66bd71ca89dc Mon Sep 17 00:00:00 2001 From: lijunlong Date: Thu, 1 Aug 2024 14:56:05 +0800 Subject: [PATCH 02/19] don't need set trailing \0. --- src/ngx_http_lua_balancer.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/ngx_http_lua_balancer.c b/src/ngx_http_lua_balancer.c index 9e5f97a00f..074f565d91 100644 --- a/src/ngx_http_lua_balancer.c +++ b/src/ngx_http_lua_balancer.c @@ -994,7 +994,7 @@ ngx_http_lua_ffi_balancer_bind_to_local_addr(ngx_http_request_t *r, bp = (ngx_http_lua_balancer_peer_data_t *) u->peer.data; if (bp->local == NULL) { - bp->local = ngx_palloc(r->pool, sizeof(ngx_addr_t) + addr_len + 1); + bp->local = ngx_palloc(r->pool, sizeof(ngx_addr_t) + addr_len); if (bp->local == NULL) { p = ngx_snprintf(errbuf, *errbuf_size, "no memory"); *errbuf_size = p - errbuf; @@ -1012,7 +1012,6 @@ ngx_http_lua_ffi_balancer_bind_to_local_addr(ngx_http_request_t *r, bp->local->name.len = addr_len; bp->local->name.data = (u_char *) (bp->local + 1); memcpy(bp->local->name.data, addr, addr_len); - bp->local->name.data[addr_len] = '\0'; return NGX_OK; } From e6997e2f4afa79b323f0a869e8b3e6813f211b43 Mon Sep 17 00:00:00 2001 From: lijunlong Date: Thu, 1 Aug 2024 15:18:53 +0800 Subject: [PATCH 03/19] use ngx_memcpy instead. --- src/ngx_http_lua_balancer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ngx_http_lua_balancer.c b/src/ngx_http_lua_balancer.c index 074f565d91..ae0f1380b5 100644 --- a/src/ngx_http_lua_balancer.c +++ b/src/ngx_http_lua_balancer.c @@ -1011,7 +1011,7 @@ ngx_http_lua_ffi_balancer_bind_to_local_addr(ngx_http_request_t *r, bp->local->name.len = addr_len; bp->local->name.data = (u_char *) (bp->local + 1); - memcpy(bp->local->name.data, addr, addr_len); + ngx_memcpy(bp->local->name.data, addr, addr_len); return NGX_OK; } From 1d9b13ca53cbd8b15a4a8aec911a95312650c8e3 Mon Sep 17 00:00:00 2001 From: jiahao Date: Thu, 30 May 2024 11:43:06 +0800 Subject: [PATCH 04/19] travis: bumped the NGINX core to 1.27.0. --- .travis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index e6321c453d..5b2f6e43b3 100644 --- a/.travis.yml +++ b/.travis.yml @@ -64,8 +64,8 @@ env: #- NGINX_VERSION=1.21.4 OPENSSL_VER=1.1.0l OPENSSL_PATCH_VER=1.1.0d #- NGINX_VERSION=1.25.1 OPENSSL_VER=1.1.0l OPENSSL_PATCH_VER=1.1.0d - NGINX_VERSION=1.21.4 OPENSSL_VER=1.1.1w OPENSSL_PATCH_VER=1.1.1f - - NGINX_VERSION=1.25.3 OPENSSL_VER=1.1.1w OPENSSL_PATCH_VER=1.1.1f USE_PCRE2=Y - - NGINX_VERSION=1.25.3 BORINGSSL=1 TEST_NGINX_USE_HTTP3=1 USE_PCRE2=Y + - NGINX_VERSION=1.27.0 OPENSSL_VER=1.1.1w OPENSSL_PATCH_VER=1.1.1f USE_PCRE2=Y + - NGINX_VERSION=1.27.0 BORINGSSL=1 TEST_NGINX_USE_HTTP3=1 USE_PCRE2=Y #- NGINX_VERSION=1.25.1 OPENSSL_VER=1.1.1w TEST_NGINX_USE_HTTP2=1 services: From c93b900627a328057478df68a3f868fb1b6fbd90 Mon Sep 17 00:00:00 2001 From: jiahao Date: Thu, 30 May 2024 11:46:54 +0800 Subject: [PATCH 05/19] updated branch for travis. --- .travis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 5b2f6e43b3..350961cfcd 100644 --- a/.travis.yml +++ b/.travis.yml @@ -87,8 +87,8 @@ install: - wget https://github.com/openresty/openresty-deps-prebuild/releases/download/v20230902/boringssl-20230902-x64-focal.tar.gz - wget https://github.com/openresty/openresty-deps-prebuild/releases/download/v20230902/curl-h3-x64-focal.tar.gz - git clone https://github.com/openresty/test-nginx.git - - git clone https://github.com/openresty/openresty.git ../openresty - - git clone https://github.com/openresty/no-pool-nginx.git ../no-pool-nginx + - git clone -b bump-1.27.0 https://github.com/xiaocang/openresty.git ../openresty + - git clone -b bump1.27.0 https://github.com/openresty/no-pool-nginx.git ../no-pool-nginx - git clone https://github.com/openresty/openresty-devel-utils.git - git clone https://github.com/openresty/mockeagain.git - git clone https://github.com/openresty/lua-cjson.git lua-cjson From 96bed14c671b877ac3cb92b2b919d22ff662f415 Mon Sep 17 00:00:00 2001 From: jiahao Date: Thu, 30 May 2024 17:34:23 +0800 Subject: [PATCH 06/19] minor tweaks. --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 350961cfcd..756c06e8f2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -88,7 +88,7 @@ install: - wget https://github.com/openresty/openresty-deps-prebuild/releases/download/v20230902/curl-h3-x64-focal.tar.gz - git clone https://github.com/openresty/test-nginx.git - git clone -b bump-1.27.0 https://github.com/xiaocang/openresty.git ../openresty - - git clone -b bump1.27.0 https://github.com/openresty/no-pool-nginx.git ../no-pool-nginx + - git clone -b bump1.27.0 https://github.com/xiaocang/no-pool-nginx.git ../no-pool-nginx - git clone https://github.com/openresty/openresty-devel-utils.git - git clone https://github.com/openresty/mockeagain.git - git clone https://github.com/openresty/lua-cjson.git lua-cjson From 4caf9724a18c8d4abc298c4ba1b1ade4e2e4bda8 Mon Sep 17 00:00:00 2001 From: jiahao Date: Mon, 3 Jun 2024 16:19:28 +0800 Subject: [PATCH 07/19] updated travis. --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 756c06e8f2..b7d0dc2df4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -88,7 +88,7 @@ install: - wget https://github.com/openresty/openresty-deps-prebuild/releases/download/v20230902/curl-h3-x64-focal.tar.gz - git clone https://github.com/openresty/test-nginx.git - git clone -b bump-1.27.0 https://github.com/xiaocang/openresty.git ../openresty - - git clone -b bump1.27.0 https://github.com/xiaocang/no-pool-nginx.git ../no-pool-nginx + - git clone https://github.com/openresty/no-pool-nginx.git ../no-pool-nginx - git clone https://github.com/openresty/openresty-devel-utils.git - git clone https://github.com/openresty/mockeagain.git - git clone https://github.com/openresty/lua-cjson.git lua-cjson From fcdcd7c6dd5e4b59dd2c4acbbcbb639928c5fe54 Mon Sep 17 00:00:00 2001 From: jiahao Date: Tue, 4 Jun 2024 17:48:59 +0800 Subject: [PATCH 08/19] minor tweaks. --- .travis.yml | 4 ++-- t/014-bugs.t | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index b7d0dc2df4..24902f8168 100644 --- a/.travis.yml +++ b/.travis.yml @@ -64,8 +64,8 @@ env: #- NGINX_VERSION=1.21.4 OPENSSL_VER=1.1.0l OPENSSL_PATCH_VER=1.1.0d #- NGINX_VERSION=1.25.1 OPENSSL_VER=1.1.0l OPENSSL_PATCH_VER=1.1.0d - NGINX_VERSION=1.21.4 OPENSSL_VER=1.1.1w OPENSSL_PATCH_VER=1.1.1f - - NGINX_VERSION=1.27.0 OPENSSL_VER=1.1.1w OPENSSL_PATCH_VER=1.1.1f USE_PCRE2=Y - - NGINX_VERSION=1.27.0 BORINGSSL=1 TEST_NGINX_USE_HTTP3=1 USE_PCRE2=Y + - NGINX_VERSION=1.27.0 OPENSSL_VER=1.1.1w OPENSSL_PATCH_VER=1.1.1f USE_PCRE2=Y TEST_NGINX_TIMEOUT=5 + - NGINX_VERSION=1.27.0 BORINGSSL=1 TEST_NGINX_USE_HTTP3=1 USE_PCRE2=Y TEST_NGINX_QUIC_IDLE_TIMEOUT=3 #- NGINX_VERSION=1.25.1 OPENSSL_VER=1.1.1w TEST_NGINX_USE_HTTP2=1 services: diff --git a/t/014-bugs.t b/t/014-bugs.t index 1b79aa4c59..d34f42e23d 100644 --- a/t/014-bugs.t +++ b/t/014-bugs.t @@ -828,7 +828,7 @@ qr/curl: \(28\) Operation timed out after \d+ milliseconds with 0 bytes received rewrite ^/myproxy/(.*) /$1 break; resolver_timeout 3s; #resolver 172.16.0.23; # AWS DNS resolver address is the same in all regions - 172.16.0.23 - resolver 8.8.8.8; + resolver $TEST_NGINX_RESOLVER; proxy_read_timeout 1s; proxy_send_timeout 1s; proxy_connect_timeout 1s; From 268787c591c6146a57d16c4f690198dff8424de9 Mon Sep 17 00:00:00 2001 From: jiahao Date: Tue, 4 Jun 2024 18:44:26 +0800 Subject: [PATCH 09/19] added curl_error for http/3. --- t/068-socket-keepalive.t | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/t/068-socket-keepalive.t b/t/068-socket-keepalive.t index 1660a3a361..626b441678 100644 --- a/t/068-socket-keepalive.t +++ b/t/068-socket-keepalive.t @@ -3109,6 +3109,8 @@ qr/\Qbad argument #1 to 'setkeepalive' (number expected, got string)\E/ --- no_error_log [crit] --- timeout: 4 +--- curl_error eval +qr{HTTP/3 stream 0 reset by server} @@ -3189,3 +3191,5 @@ qr/\Qbad argument #2 to 'setkeepalive' (number expected, got string)\E/ --- no_error_log [crit] --- timeout: 4 +--- curl_error eval +qr{HTTP/3 stream 0 reset by server} From 55eb2d9ef87eab299c87d856eecc6aeadb1d4923 Mon Sep 17 00:00:00 2001 From: jiahao Date: Wed, 3 Jul 2024 18:10:49 +0800 Subject: [PATCH 10/19] tests: t/020-subrequest.t: replace the random port with an unused five-digit port. --- t/020-subrequest.t | 59 +++++++++++++++++++++++++++------------------- 1 file changed, 35 insertions(+), 24 deletions(-) diff --git a/t/020-subrequest.t b/t/020-subrequest.t index 59b9f61a34..37914be061 100644 --- a/t/020-subrequest.t +++ b/t/020-subrequest.t @@ -1,6 +1,7 @@ # vim:set ft= ts=4 sw=4 et fdm=marker: use Test::Nginx::Socket::Lua; +use Test::Nginx::Util 'is_tcp_port_used'; #master_on(); #workers(1); @@ -16,6 +17,16 @@ plan tests => repeat_each() * (blocks() * 3 + 23); $ENV{TEST_NGINX_MEMCACHED_PORT} ||= 11211; $ENV{TEST_NGINX_HTML_DIR} ||= html_dir(); +# NB: tcp_listen_port needs to be greater than 10000, +# because the test cases expect it to be a 5-digit number +my $tcp_listen_port = 19113; +while (++$tcp_listen_port < 65535) { + if (!is_tcp_port_used $tcp_listen_port) { + last; + } +} +$ENV{TEST_NGINX_TCP_LISTEN_PORT} = $tcp_listen_port; + #no_diff(); no_long_string(); #no_shuffle(); @@ -1383,7 +1394,7 @@ upstream timed out #proxy_read_timeout 100ms; proxy_buffering on; - proxy_pass http://127.0.0.1:$TEST_NGINX_RAND_PORT_2; + proxy_pass http://127.0.0.1:$TEST_NGINX_TCP_LISTEN_PORT; } location /main { @@ -1396,7 +1407,7 @@ upstream timed out } --- request GET /main ---- tcp_listen: $TEST_NGINX_RAND_PORT_2 +--- tcp_listen: $TEST_NGINX_TCP_LISTEN_PORT --- tcp_query_len: 65 --- tcp_reply eval "HTTP/1.0 200 OK\r\nContent-Length: 1024\r\n\r\nhello world" @@ -1443,7 +1454,7 @@ upstream prematurely closed connection proxy_read_timeout 100ms; proxy_buffering on; - proxy_pass http://127.0.0.1:$TEST_NGINX_RAND_PORT_2; + proxy_pass http://127.0.0.1:$TEST_NGINX_TCP_LISTEN_PORT; } location /main { @@ -1456,7 +1467,7 @@ upstream prematurely closed connection } --- request GET /main ---- tcp_listen: $TEST_NGINX_RAND_PORT_2 +--- tcp_listen: $TEST_NGINX_TCP_LISTEN_PORT --- tcp_no_close --- tcp_reply eval "HTTP/1.0 200 OK\r\nContent-Length: 1024\r\n\r\nhello world" @@ -1505,7 +1516,7 @@ upstream timed out #proxy_read_timeout 100ms; proxy_buffering on; - proxy_pass http://127.0.0.1:$TEST_NGINX_RAND_PORT_2; + proxy_pass http://127.0.0.1:$TEST_NGINX_TCP_LISTEN_PORT; } location /main { @@ -1518,7 +1529,7 @@ upstream timed out } --- request GET /main ---- tcp_listen: $TEST_NGINX_RAND_PORT_2 +--- tcp_listen: $TEST_NGINX_TCP_LISTEN_PORT --- tcp_query_len: 65 --- tcp_reply eval "HTTP/1.0 200 OK\r\n\r\nhello world" @@ -1565,7 +1576,7 @@ truncated: false proxy_read_timeout 100ms; proxy_buffering on; - proxy_pass http://127.0.0.1:$TEST_NGINX_RAND_PORT_2; + proxy_pass http://127.0.0.1:$TEST_NGINX_TCP_LISTEN_PORT; } location /main { @@ -1578,7 +1589,7 @@ truncated: false } --- request GET /main ---- tcp_listen: $TEST_NGINX_RAND_PORT_2 +--- tcp_listen: $TEST_NGINX_TCP_LISTEN_PORT --- tcp_no_close --- tcp_reply eval "HTTP/1.0 200 OK\r\n\r\nhello world" @@ -1628,7 +1639,7 @@ upstream timed out #proxy_read_timeout 100ms; proxy_buffering off; - proxy_pass http://127.0.0.1:$TEST_NGINX_RAND_PORT_2; + proxy_pass http://127.0.0.1:$TEST_NGINX_TCP_LISTEN_PORT; } location /main { @@ -1641,7 +1652,7 @@ upstream timed out } --- request GET /main ---- tcp_listen: $TEST_NGINX_RAND_PORT_2 +--- tcp_listen: $TEST_NGINX_TCP_LISTEN_PORT --- tcp_query_len: 65 --- tcp_reply eval "HTTP/1.0 200 OK\r\n\r\nhello world" @@ -1688,7 +1699,7 @@ truncated: false proxy_read_timeout 500ms; proxy_buffering off; - proxy_pass http://127.0.0.1:$TEST_NGINX_RAND_PORT_2; + proxy_pass http://127.0.0.1:$TEST_NGINX_TCP_LISTEN_PORT; } location /main { @@ -1701,7 +1712,7 @@ truncated: false } --- request GET /main ---- tcp_listen: $TEST_NGINX_RAND_PORT_2 +--- tcp_listen: $TEST_NGINX_TCP_LISTEN_PORT --- tcp_no_close --- tcp_reply eval "HTTP/1.0 200 OK\r\n\r\nhello world" @@ -1914,7 +1925,7 @@ a client request body is buffered to a temporary file #proxy_read_timeout 100ms; proxy_http_version 1.1; proxy_buffering on; - proxy_pass http://127.0.0.1:$TEST_NGINX_RAND_PORT_2; + proxy_pass http://127.0.0.1:$TEST_NGINX_TCP_LISTEN_PORT; } location /main { @@ -1927,7 +1938,7 @@ a client request body is buffered to a temporary file } --- request GET /main ---- tcp_listen: $TEST_NGINX_RAND_PORT_2 +--- tcp_listen: $TEST_NGINX_TCP_LISTEN_PORT --- tcp_query_len: 65 --- tcp_reply eval "HTTP/1.1 200 OK\r\nTransfer-Encoding: chunked\r\n\r\nb\r\nhello world\r" @@ -1977,7 +1988,7 @@ upstream prematurely closed connection #proxy_read_timeout 100ms; proxy_http_version 1.1; proxy_buffering off; - proxy_pass http://127.0.0.1:$TEST_NGINX_RAND_PORT_2; + proxy_pass http://127.0.0.1:$TEST_NGINX_TCP_LISTEN_PORT; } location /main { @@ -1990,7 +2001,7 @@ upstream prematurely closed connection } --- request GET /main ---- tcp_listen: $TEST_NGINX_RAND_PORT_2 +--- tcp_listen: $TEST_NGINX_TCP_LISTEN_PORT --- tcp_query_len: 65 --- tcp_reply eval "HTTP/1.1 200 OK\r\nTransfer-Encoding: chunked\r\n\r\nb\r\nhello world\r" @@ -2038,7 +2049,7 @@ upstream prematurely closed connection proxy_read_timeout 100ms; proxy_buffering on; proxy_http_version 1.1; - proxy_pass http://127.0.0.1:$TEST_NGINX_RAND_PORT_2; + proxy_pass http://127.0.0.1:$TEST_NGINX_TCP_LISTEN_PORT; } location /main { @@ -2051,7 +2062,7 @@ upstream prematurely closed connection } --- request GET /main ---- tcp_listen: $TEST_NGINX_RAND_PORT_2 +--- tcp_listen: $TEST_NGINX_TCP_LISTEN_PORT --- tcp_no_close --- tcp_reply eval "HTTP/1.1 200 OK\r\nTransfer-Encoding: chunked\r\n\r\nb\r\nhello world\r" @@ -2100,7 +2111,7 @@ upstream timed out #proxy_read_timeout 100ms; proxy_buffering on; proxy_http_version 1.1; - proxy_pass http://127.0.0.1:$TEST_NGINX_RAND_PORT_2; + proxy_pass http://127.0.0.1:$TEST_NGINX_TCP_LISTEN_PORT; } location /main { @@ -2113,7 +2124,7 @@ upstream timed out } --- request GET /main ---- tcp_listen: $TEST_NGINX_RAND_PORT_2 +--- tcp_listen: $TEST_NGINX_TCP_LISTEN_PORT --- tcp_no_close --- tcp_reply eval "HTTP/1.1 200 OK\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n" @@ -2158,7 +2169,7 @@ truncated: false #proxy_read_timeout 100ms; proxy_buffering off; proxy_http_version 1.1; - proxy_pass http://127.0.0.1:$TEST_NGINX_RAND_PORT_2; + proxy_pass http://127.0.0.1:$TEST_NGINX_TCP_LISTEN_PORT; } location /main { @@ -2171,7 +2182,7 @@ truncated: false } --- request GET /main ---- tcp_listen: $TEST_NGINX_RAND_PORT_2 +--- tcp_listen: $TEST_NGINX_TCP_LISTEN_PORT --- tcp_no_close --- tcp_reply eval "HTTP/1.1 200 OK\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n" @@ -2217,7 +2228,7 @@ truncated: false #proxy_read_timeout 100ms; proxy_buffering off; - proxy_pass http://127.0.0.1:$TEST_NGINX_RAND_PORT_2; + proxy_pass http://127.0.0.1:$TEST_NGINX_TCP_LISTEN_PORT; } location /main { @@ -2230,7 +2241,7 @@ truncated: false } --- request GET /main ---- tcp_listen: $TEST_NGINX_RAND_PORT_2 +--- tcp_listen: $TEST_NGINX_TCP_LISTEN_PORT --- tcp_query_len: 65 --- tcp_reply eval "HTTP/1.0 200 OK\r\nContent-Length: 1024\r\n\r\nhello world" From 94b693430f8200c726e428caaae6d350ad9b45c8 Mon Sep 17 00:00:00 2001 From: jiahao Date: Wed, 3 Jul 2024 18:13:18 +0800 Subject: [PATCH 11/19] travis: updated branch in travis.yml. --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 24902f8168..6033ee185f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -87,7 +87,7 @@ install: - wget https://github.com/openresty/openresty-deps-prebuild/releases/download/v20230902/boringssl-20230902-x64-focal.tar.gz - wget https://github.com/openresty/openresty-deps-prebuild/releases/download/v20230902/curl-h3-x64-focal.tar.gz - git clone https://github.com/openresty/test-nginx.git - - git clone -b bump-1.27.0 https://github.com/xiaocang/openresty.git ../openresty + - git clone https://github.com/openresty/openresty.git ../openresty - git clone https://github.com/openresty/no-pool-nginx.git ../no-pool-nginx - git clone https://github.com/openresty/openresty-devel-utils.git - git clone https://github.com/openresty/mockeagain.git From c4257fe3d47eb9b142d15f354bb889009bda9bf9 Mon Sep 17 00:00:00 2001 From: jiahao Date: Thu, 11 Jul 2024 18:30:39 +0800 Subject: [PATCH 12/19] bugfix: append new parameters to ngx_http_lua_ffi_balancer_set_current_peer at function end. Avoid inserting new parameters in the middle of the function to prevent core dumps when using old lua-resty-core with new lua-nginx-module. Example stack trace: ``` Message: Process 1414245 (nginx) of user 1000 dumped core. Stack trace of thread 1414245: #0 0x00007ff596938285 __strlen_avx2 (libc.so.6 + 0x162285) #1 0x00007ff596f623d2 lj_cf_ffi_string (libluajit-5.1.so.2 + 0x523d2) #2 0x00007ff596f1bb4b lj_BC_FUNCC (libluajit-5.1.so.2 + 0xbb4b) #3 0x00007ff596f74223 lua_pcall (libluajit-5.1.so.2 + 0x64223) #4 0x00000000005044b7 n/a (/home/jiahao/work/org/lua-resty-core/work/nginx/sbin/nginx + 0x1044b7) ``` --- src/ngx_http_lua_balancer.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ngx_http_lua_balancer.c b/src/ngx_http_lua_balancer.c index ae0f1380b5..e37177d4fe 100644 --- a/src/ngx_http_lua_balancer.c +++ b/src/ngx_http_lua_balancer.c @@ -860,8 +860,8 @@ ngx_http_lua_balancer_save_session(ngx_peer_connection_t *pc, void *data) int ngx_http_lua_ffi_balancer_set_current_peer(ngx_http_request_t *r, const u_char *addr, size_t addr_len, int port, - const u_char *host, size_t host_len, - char **err) + char **err, + const u_char *host, size_t host_len) { ngx_url_t url; ngx_http_lua_ctx_t *ctx; From f7e82786e9e20d3730953e1e01bd06db90b7411c Mon Sep 17 00:00:00 2001 From: jiahao Date: Thu, 11 Jul 2024 23:12:43 +0800 Subject: [PATCH 13/19] bugfix: append new parameters to ngx_http_lua_ffi_ssl_verify_client at function end. Avoid inserting new parameters in the middle of the function to prevent core dumps when using old lua-resty-core with new lua-nginx-module. Example stack trace: ``` Message: Process 2199905 (nginx) of user 1000 dumped core. Stack trace of thread 2199905: #0 0x00007ffaf1e4b385 in OPENSSL_sk_num (st=st@entry=0xffffffff) at crypto/stack/stack.c:382 #1 0x0000000000510aba in sk_X509_num (sk=0xffffffff) at /opt/ssl/include/openssl/x509.h:99 #2 ngx_http_lua_ffi_ssl_verify_client (r=, client_certs=, trusted_certs=0xffffffff, depth=, err=0x0) at /home/jiahao/work/org/lua-nginx-module/src/ngx_http_lua_ssl_certby.c:1588 ``` --- src/ngx_http_lua_ssl_certby.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ngx_http_lua_ssl_certby.c b/src/ngx_http_lua_ssl_certby.c index 0901f06eab..dd9506417b 100644 --- a/src/ngx_http_lua_ssl_certby.c +++ b/src/ngx_http_lua_ssl_certby.c @@ -1469,7 +1469,7 @@ ngx_http_lua_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store) int ngx_http_lua_ffi_ssl_verify_client(ngx_http_request_t *r, void *client_certs, - void *trusted_certs, int depth, char **err) + int depth, char **err, void *trusted_certs) { #ifdef LIBRESSL_VERSION_NUMBER From 57ec47c67621e506353a04d5dcf2e37e83c097b2 Mon Sep 17 00:00:00 2001 From: jiahao Date: Fri, 12 Jul 2024 00:25:52 +0800 Subject: [PATCH 14/19] Revert "bugfix: append new parameters to ngx_http_lua_ffi_ssl_verify_client at function end." This reverts commit d7eadfb3747e237652f8f7bc1af428136879b36f. --- src/ngx_http_lua_ssl_certby.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ngx_http_lua_ssl_certby.c b/src/ngx_http_lua_ssl_certby.c index dd9506417b..0901f06eab 100644 --- a/src/ngx_http_lua_ssl_certby.c +++ b/src/ngx_http_lua_ssl_certby.c @@ -1469,7 +1469,7 @@ ngx_http_lua_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store) int ngx_http_lua_ffi_ssl_verify_client(ngx_http_request_t *r, void *client_certs, - int depth, char **err, void *trusted_certs) + void *trusted_certs, int depth, char **err) { #ifdef LIBRESSL_VERSION_NUMBER From cef5be859643f03402bc20b095098586b68956b0 Mon Sep 17 00:00:00 2001 From: jiahao Date: Fri, 12 Jul 2024 16:29:18 +0800 Subject: [PATCH 15/19] Revert "bugfix: append new parameters to ngx_http_lua_ffi_balancer_set_current_peer at function end." This reverts commit 1b27e3a8676f5413c73ddd8fd77b18aa9837d232. --- src/ngx_http_lua_balancer.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ngx_http_lua_balancer.c b/src/ngx_http_lua_balancer.c index e37177d4fe..ae0f1380b5 100644 --- a/src/ngx_http_lua_balancer.c +++ b/src/ngx_http_lua_balancer.c @@ -860,8 +860,8 @@ ngx_http_lua_balancer_save_session(ngx_peer_connection_t *pc, void *data) int ngx_http_lua_ffi_balancer_set_current_peer(ngx_http_request_t *r, const u_char *addr, size_t addr_len, int port, - char **err, - const u_char *host, size_t host_len) + const u_char *host, size_t host_len, + char **err) { ngx_url_t url; ngx_http_lua_ctx_t *ctx; From f671c6a7a1fd887b19efeb9d4121b8b8ba38d03a Mon Sep 17 00:00:00 2001 From: jiahao Date: Tue, 30 Jul 2024 14:41:14 +0800 Subject: [PATCH 16/19] dev: util/build.sh: fixed command line argument validation and environment variable usage. --- util/build.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/util/build.sh b/util/build.sh index 41896f2c7e..fdf5c4d53d 100755 --- a/util/build.sh +++ b/util/build.sh @@ -25,13 +25,13 @@ force=$2 add_fake_shm_module="--add-module=$root/t/data/fake-shm-module" add_http3_module=--with-http_v3_module -answer=`$root/util/ver-ge "$NGINX_VERSION" 1.25.1` +answer=`$root/util/ver-ge "$version" 1.25.1` if [ "$OPENSSL_VER" = "1.1.0l" ] || [ "$answer" = "N" ]; then add_http3_module="" fi disable_pcre2=--without-pcre2 -answer=`$root/util/ver-ge "$NGINX_VERSION" 1.25.1` +answer=`$root/util/ver-ge "$version" 1.25.1` if [ "$answer" = "N" ] || [ "$USE_PCRE2" = "Y" ]; then disable_pcre2="" fi From adb3f143a934de8718bc3fae8b5ee951dbaf21a2 Mon Sep 17 00:00:00 2001 From: jiahao Date: Thu, 1 Aug 2024 23:12:49 +0800 Subject: [PATCH 17/19] tests: skip t/163-signal.t in check leak mode. --- t/163-signal.t | 3 +++ 1 file changed, 3 insertions(+) diff --git a/t/163-signal.t b/t/163-signal.t index 15f41e2200..0ce8fa2613 100644 --- a/t/163-signal.t +++ b/t/163-signal.t @@ -5,6 +5,9 @@ our $SkipReason; BEGIN { if ($ENV{TEST_NGINX_USE_HUP}) { $SkipReason = "unavailable under hup test mode"; + + } elsif ($ENV{TEST_NGINX_CHECK_LEAK}) { + $SkipReason = "unavailable under check leak test mode"; } } From c05bde9d0997bb0691ccb7afd8c86b6fa25bb9cf Mon Sep 17 00:00:00 2001 From: jiahao Date: Fri, 2 Aug 2024 16:37:00 +0800 Subject: [PATCH 18/19] tests: t/188-*.t: use random port instead of 8090 port. --- t/188-balancer_keepalive_pool_max_retry.t | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/t/188-balancer_keepalive_pool_max_retry.t b/t/188-balancer_keepalive_pool_max_retry.t index 456ea794c9..679ee680f8 100644 --- a/t/188-balancer_keepalive_pool_max_retry.t +++ b/t/188-balancer_keepalive_pool_max_retry.t @@ -35,9 +35,9 @@ __DATA__ if ngx.ctx.tries == 1 then balancer.set_more_tries(5) end - + local host = "127.0.0.1" - local port = 8090; + local port = $TEST_NGINX_RAND_PORT_1; local ok, err = balancer.set_current_peer(host, port) if not ok then @@ -56,9 +56,9 @@ __DATA__ } server { - listen 0.0.0.0:8090; + listen 127.0.0.1:$TEST_NGINX_RAND_PORT_1; location /hello { - content_by_lua_block{ + content_by_lua_block{ local request_counter = ngx.shared.request_counter local first_request = request_counter:get("first_request") if first_request == nil then @@ -74,7 +74,7 @@ __DATA__ location = /t { proxy_pass http://my_upstream; proxy_set_header Connection "keep-alive"; - + rewrite_by_lua_block { ngx.req.set_uri("/hello") } From b38f4673566d8bac4fd6665919f157b3fd1d9805 Mon Sep 17 00:00:00 2001 From: lijunlong Date: Tue, 6 Aug 2024 10:12:56 +0800 Subject: [PATCH 19/19] bugfix: fixed keepalive error in cosocket. This bug was found in t/129-ssl-socket.t Test 18 when TEST_NGINX_EVENT_TYPE=poll enabled. --- src/ngx_http_lua_socket_tcp.c | 10 +++++ t/129-ssl-socket.t | 76 ++++++++++++++++++++++++++++++++--- 2 files changed, 81 insertions(+), 5 deletions(-) diff --git a/src/ngx_http_lua_socket_tcp.c b/src/ngx_http_lua_socket_tcp.c index 214e78329e..5010dfa6ed 100644 --- a/src/ngx_http_lua_socket_tcp.c +++ b/src/ngx_http_lua_socket_tcp.c @@ -5747,6 +5747,16 @@ ngx_http_lua_socket_keepalive_close_handler(ngx_event_t *ev) "lua tcp socket keepalive close handler check stale events"); n = recv(c->fd, buf, 1, MSG_PEEK); +#if (NGX_HTTP_SSL) + /* ignore ssl protocol data like change cipher spec */ + if (n == 1 && c->ssl != NULL) { + n = c->recv(c, (unsigned char *) buf, 1); + if (n == NGX_AGAIN) { + n = -1; + ngx_socket_errno = NGX_EAGAIN; + } + } +#endif if (n == -1 && ngx_socket_errno == NGX_EAGAIN) { /* stale event */ diff --git a/t/129-ssl-socket.t b/t/129-ssl-socket.t index ccfa19fffb..ca8d5a49e6 100644 --- a/t/129-ssl-socket.t +++ b/t/129-ssl-socket.t @@ -1484,6 +1484,72 @@ SSL reused session === TEST 18: openresty.org: passing SSL verify: keepalive (no reusing the ssl session) +The session returned by SSL_get1_session maybe different. +After function tls_process_new_session_ticket, the session saved in SSL->session +will be replace by a new one. + +ngx_ssl_session_t * +ngx_ssl_get_session(ngx_connection_t *c) +{ +#ifdef TLS1_3_VERSION + if (c->ssl->session) { + SSL_SESSION_up_ref(c->ssl->session); + return c->ssl->session; + } +#endif + + return SSL_get1_session(c->ssl->connection); +} + +SSL_SESSION *SSL_get1_session(SSL *ssl) +/* variant of SSL_get_session: caller really gets something */ +{ + SSL_SESSION *sess; + /* + * Need to lock this all up rather than just use CRYPTO_add so that + * somebody doesn't free ssl->session between when we check it's non-null + * and when we up the reference count. + */ + CRYPTO_THREAD_read_lock(ssl->lock); + sess = ssl->session; + if (sess) + SSL_SESSION_up_ref(sess); + CRYPTO_THREAD_unlock(ssl->lock); + return sess; +} + +#0 tls_process_new_session_ticket (s=0x7e6ea0, pkt=0x7fffffffc820) at ssl/statem/statem_clnt.c:2650 +#1 0x00007ffff7af50fd in read_state_machine (s=0x7e6ea0) at ssl/statem/statem.c:636 +#2 state_machine (s=0x7e6ea0, server=0) at ssl/statem/statem.c:434 +#3 0x00007ffff7aca6b3 in ssl3_read_bytes (s=, type=23, recvd_type=0x0, buf=0x7fffffffc9d7 "\027\320\355t", len=1, + peek=0, readbytes=0x7fffffffc978) at ssl/record/rec_layer_s3.c:1677 +#4 0x00007ffff7ad2250 in ssl3_read_internal (readbytes=0x7fffffffc978, peek=0, len=1, buf=0x7fffffffc9d7, s=0x7e6ea0) + at ssl/s3_lib.c:4477 +#5 ssl3_read (s=0x7e6ea0, buf=0x7fffffffc9d7, len=1, readbytes=0x7fffffffc978) at ssl/s3_lib.c:4500 +#6 0x00007ffff7ade695 in SSL_read (s=, buf=buf@entry=0x7fffffffc9d7, num=num@entry=1) at ssl/ssl_lib.c:1799 +#7 0x000000000045a965 in ngx_ssl_recv (c=0x72c3b0, buf=0x7fffffffc9d7 "\027\320\355t", size=1) + at src/event/ngx_event_openssl.c:2337 +#8 0x0000000000533b17 in ngx_http_lua_socket_keepalive_close_handler (ev=0x7e2f20) + at /var/code/openresty/lua-nginx-module/src/ngx_http_lua_socket_tcp.c:5753 +#9 0x000000000052cf40 in ngx_http_lua_socket_tcp_setkeepalive (L=0x74edd0) + at /var/code/openresty/lua-nginx-module/src/ngx_http_lua_socket_tcp.c:5602 +#10 0x00007ffff7f0fabe in lj_BC_FUNCC () + from /tmp/undodb.72729.1722915526.2470007.80d50d088e818fd4/debuggee-1-zwqz8svp/symbol-files/opt/luajit-sysm/lib/libluajit-5.1.so.2 +#11 0x000000000051f2b2 in ngx_http_lua_run_thread (L=L@entry=0x767670, r=r@entry=0x7edf80, ctx=ctx@entry=0x750e40, nrets=0) + at /var/code/openresty/lua-nginx-module/src/ngx_http_lua_util.c:1194 +#12 0x0000000000524347 in ngx_http_lua_content_by_chunk (L=0x767670, r=0x7edf80) + at /var/code/openresty/lua-nginx-module/src/ngx_http_lua_contentby.c:124 +#13 0x000000000047c663 in ngx_http_core_content_phase (r=0x7edf80, ph=0x7b4470) at src/http/ngx_http_core_module.c:1271 +#14 0x000000000047b80d in ngx_http_core_run_phases (r=0x7edf80) at src/http/ngx_http_core_module.c:885 +#15 ngx_http_handler (r=r@entry=0x7edf80) at src/http/ngx_http_core_module.c:868 +#16 0x00000000004854ad in ngx_http_process_request (r=r@entry=0x7edf80) at src/http/ngx_http_request.c:2140 +#17 0x00000000004868e8 in ngx_http_process_request_headers (rev=rev@entry=0x7e2f80) at src/http/ngx_http_request.c:1529 +#18 0x0000000000486468 in ngx_http_process_request_line (rev=0x7e2f80) at src/http/ngx_http_request.c:1196 +#19 0x000000000044b338 in ngx_event_process_posted (cycle=cycle@entry=0x721690, posted=0x62f250 ) + at src/event/ngx_event_posted.c:35 +#20 0x000000000044a522 in ngx_process_events_and_timers (cycle=cycle@entry=0x721690) at src/event/ngx_event.c:273 +#21 0x0000000000453819 in ngx_single_process_cycle (cycle=cycle@entry=0x721690) at src/os/unix/ngx_process_cycle.c:323 +#22 0x0000000000429dee in main (argc=argc@entry=5, argv=argv@entry=0x7fffffffd1a8) at src/core/nginx.c:384 --- config server_tokens off; resolver $TEST_NGINX_RESOLVER ipv6=off; @@ -1548,11 +1614,11 @@ set keepalive: 1 nil --- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out eval qr/^lua ssl save session: ([0-9A-F]+) -lua ssl save session: \1 -lua ssl save session: \1 -lua ssl free session: \1 -lua ssl free session: \1 -lua ssl free session: \1 +lua ssl save session: ([0-9A-F]+) +lua ssl save session: ([0-9A-F]+) +lua ssl free session: ([0-9A-F]+) +lua ssl free session: ([0-9A-F]+) +lua ssl free session: ([0-9A-F]+) $/ --- error_log