diff --git a/.requirements b/.requirements index 3184bad98ba..44ef7823572 100644 --- a/.requirements +++ b/.requirements @@ -1,7 +1,7 @@ KONG_PACKAGE_NAME=kong -OPENRESTY=1.25.3.2 -OPENRESTY_SHA256=2d564022b06e33b45f7e5cfaf1e5dc571d38d61803af9fa2754dfff353c28d9c +OPENRESTY=1.27.1.1 +OPENRESTY_SHA256=79b071e27bdc143d5f401d0dbf504de4420070d867538c5edc2546d0351fd5c0 LUAROCKS=3.11.1 LUAROCKS_SHA256=c3fb3d960dffb2b2fe9de7e3cb004dc4d0b34bb3d342578af84f84325c669102 OPENSSL=3.4.0 diff --git a/build/openresty/patches/LuaJIT-2.1-20231117_01_patch_macro_luajit_version.patch b/build/openresty/patches/LuaJIT-2.1-20240815_01_patch_macro_luajit_version.patch similarity index 58% rename from build/openresty/patches/LuaJIT-2.1-20231117_01_patch_macro_luajit_version.patch rename to build/openresty/patches/LuaJIT-2.1-20240815_01_patch_macro_luajit_version.patch index ea92fce09da..ec58dcbe0c7 100644 --- a/build/openresty/patches/LuaJIT-2.1-20231117_01_patch_macro_luajit_version.patch +++ b/build/openresty/patches/LuaJIT-2.1-20240815_01_patch_macro_luajit_version.patch @@ -1,7 +1,7 @@ -diff --git a/bundle/LuaJIT-2.1-20231117.1/src/luajit_rolling.h b/bundle/LuaJIT-2.1-20231117.1/src/luajit_rolling.h +diff --git a/bundle/LuaJIT-2.1-20240815/src/luajit_rolling.h b/bundle/LuaJIT-2.1-20240815/src/luajit_rolling.h index f082974..d16d66b 100644 ---- a/bundle/LuaJIT-2.1-20231117.1/src/luajit_rolling.h -+++ b/bundle/LuaJIT-2.1-20231117.1/src/luajit_rolling.h +--- a/bundle/LuaJIT-2.1-20240815/src/luajit_rolling.h ++++ b/bundle/LuaJIT-2.1-20240815/src/luajit_rolling.h @@ -32,7 +32,9 @@ #define OPENRESTY_LUAJIT diff --git a/build/openresty/patches/LuaJIT-2.1-20231117_02_pass_cc_env.patch b/build/openresty/patches/LuaJIT-2.1-20240815_02_pass_cc_env.patch similarity index 84% rename from build/openresty/patches/LuaJIT-2.1-20231117_02_pass_cc_env.patch rename to build/openresty/patches/LuaJIT-2.1-20240815_02_pass_cc_env.patch index 9b47225db60..32ba8c80daf 100644 --- a/build/openresty/patches/LuaJIT-2.1-20231117_02_pass_cc_env.patch +++ b/build/openresty/patches/LuaJIT-2.1-20240815_02_pass_cc_env.patch @@ -1,7 +1,7 @@ -diff --git a/bundle/LuaJIT-2.1-20231117.1/src/Makefile b/bundle/LuaJIT-2.1-20231117.1/src/Makefile +diff --git a/bundle/LuaJIT-2.1-20240815/src/Makefile b/bundle/LuaJIT-2.1-20240815/src/Makefile index d80e45a..f87762e 100644 ---- a/bundle/LuaJIT-2.1-20231117.1/src/Makefile -+++ b/bundle/LuaJIT-2.1-20231117.1/src/Makefile +--- a/bundle/LuaJIT-2.1-20240815/src/Makefile ++++ b/bundle/LuaJIT-2.1-20240815/src/Makefile @@ -26,7 +26,8 @@ NODOTABIVER= 51 DEFAULT_CC = gcc # diff --git a/build/openresty/patches/lua-cjson-2.1.0.13_01-error-on-t_end.patch b/build/openresty/patches/lua-cjson-2.1.0.13_01-error-on-t_end.patch deleted file mode 100644 index 3aeaafe5b6f..00000000000 --- a/build/openresty/patches/lua-cjson-2.1.0.13_01-error-on-t_end.patch +++ /dev/null @@ -1,26 +0,0 @@ -From e1fca089680e76896744ec2f25219dd705fe21da Mon Sep 17 00:00:00 2001 -From: Wangchong Zhou -Date: Wed, 17 Apr 2024 18:00:10 +0800 -Subject: [PATCH 1/4] bugfix: throw error if T_END found in the middle of input - ---- - lua_cjson.c | 4 ++++ - tests/test.lua | 5 +++++ - 2 files changed, 9 insertions(+) - -diff --git a/bundle/lua-cjson-2.1.0.13/lua_cjson.c b/bundle/lua-cjson-2.1.0.13/lua_cjson.c -index 363466c..7343f32 100644 ---- a/bundle/lua-cjson-2.1.0.13/lua_cjson.c -+++ b/bundle/lua-cjson-2.1.0.13/lua_cjson.c -@@ -1437,6 +1437,10 @@ static int json_decode(lua_State *l) - if (token.type != T_END) - json_throw_parse_error(l, &json, "the end", &token); - -+ /* Make sure T_END (\x00) doesn't occur at middle of input */ -+ if (json.data + json_len > json.ptr) -+ json_throw_parse_error(l, &json, "EOF", &token); -+ - strbuf_free(json.tmp); - - return 1; - diff --git a/build/openresty/patches/lua-cjson-2.1.0.14_01-error-on-t_end.patch b/build/openresty/patches/lua-cjson-2.1.0.14_01-error-on-t_end.patch new file mode 100644 index 00000000000..d58526579ba --- /dev/null +++ b/build/openresty/patches/lua-cjson-2.1.0.14_01-error-on-t_end.patch @@ -0,0 +1,15 @@ +diff --git a/bundle/lua-cjson-2.1.0.14/lua_cjson.c b/bundle/lua-cjson-2.1.0.14/lua_cjson.c +index bbd8eff..c39c425 100644 +--- a/bundle/lua-cjson-2.1.0.14/lua_cjson.c ++++ b/bundle/lua-cjson-2.1.0.14/lua_cjson.c +@@ -1495,6 +1495,10 @@ static int json_decode(lua_State *l) + if (token.type != T_END) + json_throw_parse_error(l, &json, "the end", &token); + ++ /* Make sure T_END (\x00) doesn't occur at middle of input */ ++ if (json.data + json_len > json.ptr) ++ json_throw_parse_error(l, &json, "EOF", &token); ++ + strbuf_free(json.tmp); + + return 1; diff --git a/build/openresty/patches/lua-resty-core-0.1.28_01-dyn_upstream_keepalive.patch b/build/openresty/patches/lua-resty-core-0.1.28_01-dyn_upstream_keepalive.patch deleted file mode 100644 index 92bb00f7984..00000000000 --- a/build/openresty/patches/lua-resty-core-0.1.28_01-dyn_upstream_keepalive.patch +++ /dev/null @@ -1,206 +0,0 @@ -diff -ruN a/bundle/lua-resty-core-0.1.28/lib/ngx/balancer.lua b/bundle/lua-resty-core-0.1.28/lib/ngx/balancer.lua ---- a/bundle/lua-resty-core-0.1.28/lib/ngx/balancer.lua 2022-12-02 10:58:50.078203826 +0800 -+++ b/bundle/lua-resty-core-0.1.28/lib/ngx/balancer.lua 2022-12-03 11:50:57.271540206 +0800 -@@ -19,6 +19,7 @@ - local max = math.max - local subsystem = ngx.config.subsystem - local ngx_lua_ffi_balancer_set_current_peer -+local ngx_lua_ffi_balancer_enable_keepalive - local ngx_lua_ffi_balancer_set_more_tries - local ngx_lua_ffi_balancer_get_last_failure - local ngx_lua_ffi_balancer_set_timeouts -- used by both stream and http -@@ -27,7 +28,12 @@ - if subsystem == 'http' then - ffi.cdef[[ - int ngx_http_lua_ffi_balancer_set_current_peer(ngx_http_request_t *r, -- const unsigned char *addr, size_t addr_len, int port, char **err); -+ const unsigned char *addr, size_t addr_len, int port, -+ const unsigned char *cpool_name, size_t cpool_name_len, -+ unsigned int cpool_size, char **err); -+ -+ int ngx_http_lua_ffi_balancer_enable_keepalive(ngx_http_request_t *r, -+ unsigned long timeout, unsigned int max_requests, char **err); - - int ngx_http_lua_ffi_balancer_set_more_tries(ngx_http_request_t *r, - int count, char **err); -@@ -46,6 +52,9 @@ - ngx_lua_ffi_balancer_set_current_peer = - C.ngx_http_lua_ffi_balancer_set_current_peer - -+ ngx_lua_ffi_balancer_enable_keepalive = -+ C.ngx_http_lua_ffi_balancer_enable_keepalive -+ - ngx_lua_ffi_balancer_set_more_tries = - C.ngx_http_lua_ffi_balancer_set_more_tries - -@@ -96,6 +105,11 @@ - end - - -+local DEFAULT_KEEPALIVE_POOL_SIZE = 30 -+local DEFAULT_KEEPALIVE_IDLE_TIMEOUT = 60000 -+local DEFAULT_KEEPALIVE_MAX_REQUESTS = 100 -+ -+ - local peer_state_names = { - [1] = "keepalive", - [2] = "next", -@@ -106,25 +120,145 @@ - local _M = { version = base.version } - - --function _M.set_current_peer(addr, port) -- local r = get_request() -- if not r then -- error("no request found") -+if subsystem == "http" then -+ function _M.set_current_peer(addr, port, opts) -+ local r = get_request() -+ if not r then -+ error("no request found") -+ end -+ -+ local pool -+ local pool_size -+ -+ if opts then -+ if type(opts) ~= "table" then -+ error("bad argument #3 to 'set_current_peer' " .. -+ "(table expected, got " .. type(opts) .. ")", 2) -+ end -+ -+ pool = opts.pool -+ pool_size = opts.pool_size -+ -+ if pool then -+ if type(pool) ~= "string" then -+ error("bad option 'pool' to 'set_current_peer' " .. -+ "(string expected, got " .. type(pool) .. ")", 2) -+ end -+ end -+ -+ if pool_size then -+ if type(pool_size) ~= "number" then -+ error("bad option 'pool_size' to 'set_current_peer' " .. -+ "(number expected, got " .. type(pool_size) .. ")", 2) -+ -+ elseif pool_size < 1 then -+ error("bad option 'pool_size' to 'set_current_peer' " .. -+ "(expected > 0)", 2) -+ end -+ end -+ end -+ -+ if not port then -+ port = 0 -+ -+ elseif type(port) ~= "number" then -+ port = tonumber(port) -+ end -+ -+ if not pool then -+ pool = "" -+ end -+ -+ if not pool_size then -+ pool_size = DEFAULT_KEEPALIVE_POOL_SIZE -+ end -+ -+ local rc = ngx_lua_ffi_balancer_set_current_peer(r, addr, #addr, port, -+ pool, #pool, pool_size, -+ errmsg) -+ if rc == FFI_OK then -+ return true -+ end -+ -+ return nil, ffi_str(errmsg[0]) - end - -- if not port then -- port = 0 -- elseif type(port) ~= "number" then -- port = tonumber(port) -+else -+ function _M.set_current_peer(addr, port, opts) -+ local r = get_request() -+ if not r then -+ error("no request found") -+ end -+ -+ if opts then -+ error("bad argument #3 to 'set_current_peer' ('opts' not yet " .. -+ "implemented in " .. subsystem .. " subsystem)", 2) -+ end -+ -+ if not port then -+ port = 0 -+ -+ elseif type(port) ~= "number" then -+ port = tonumber(port) -+ end -+ -+ local rc = ngx_lua_ffi_balancer_set_current_peer(r, addr, #addr, -+ port, errmsg) -+ if rc == FFI_OK then -+ return true -+ end -+ -+ return nil, ffi_str(errmsg[0]) - end -+end -+ -+ -+if subsystem == "http" then -+ function _M.enable_keepalive(idle_timeout, max_requests) -+ local r = get_request() -+ if not r then -+ error("no request found") -+ end -+ -+ if not idle_timeout then -+ idle_timeout = DEFAULT_KEEPALIVE_IDLE_TIMEOUT -+ -+ elseif type(idle_timeout) ~= "number" then -+ error("bad argument #1 to 'enable_keepalive' " .. -+ "(number expected, got " .. type(idle_timeout) .. ")", 2) - -- local rc = ngx_lua_ffi_balancer_set_current_peer(r, addr, #addr, -- port, errmsg) -- if rc == FFI_OK then -- return true -+ elseif idle_timeout < 0 then -+ error("bad argument #1 to 'enable_keepalive' (expected >= 0)", 2) -+ -+ else -+ idle_timeout = idle_timeout * 1000 -+ end -+ -+ if not max_requests then -+ max_requests = DEFAULT_KEEPALIVE_MAX_REQUESTS -+ -+ elseif type(max_requests) ~= "number" then -+ error("bad argument #2 to 'enable_keepalive' " .. -+ "(number expected, got " .. type(max_requests) .. ")", 2) -+ -+ elseif max_requests < 0 then -+ error("bad argument #2 to 'enable_keepalive' (expected >= 0)", 2) -+ end -+ -+ local rc = ngx_lua_ffi_balancer_enable_keepalive(r, idle_timeout, -+ max_requests, errmsg) -+ if rc == FFI_OK then -+ return true -+ end -+ -+ return nil, ffi_str(errmsg[0]) - end - -- return nil, ffi_str(errmsg[0]) -+else -+ function _M.enable_keepalive() -+ error("'enable_keepalive' not yet implemented in " .. subsystem .. -+ " subsystem", 2) -+ end - end - - diff --git a/build/openresty/patches/lua-resty-core-0.1.28_02-balancer_set_upstream_tls.patch b/build/openresty/patches/lua-resty-core-0.1.28_02-balancer_set_upstream_tls.patch deleted file mode 100644 index d8901a6de1d..00000000000 --- a/build/openresty/patches/lua-resty-core-0.1.28_02-balancer_set_upstream_tls.patch +++ /dev/null @@ -1,205 +0,0 @@ -diff --git a/bundle/lua-resty-core-0.1.28/lib/ngx/balancer.lua b/bundle/lua-resty-core-0.1.28/lib/ngx/balancer.lua -index 7d64d63..b0b7543 100644 ---- a/bundle/lua-resty-core-0.1.28/lib/ngx/balancer.lua -+++ b/bundle/lua-resty-core-0.1.28/lib/ngx/balancer.lua -@@ -22,6 +22,7 @@ local ngx_lua_ffi_balancer_set_current_peer - local ngx_lua_ffi_balancer_set_more_tries - local ngx_lua_ffi_balancer_get_last_failure - local ngx_lua_ffi_balancer_set_timeouts -- used by both stream and http -+local ngx_lua_ffi_balancer_set_upstream_tls - - - if subsystem == 'http' then -@@ -41,6 +42,8 @@ if subsystem == 'http' then - - int ngx_http_lua_ffi_balancer_recreate_request(ngx_http_request_t *r, - char **err); -+ int ngx_http_lua_ffi_balancer_set_upstream_tls(ngx_http_request_t *r, -+ int on, char **err); - ]] - - ngx_lua_ffi_balancer_set_current_peer = -@@ -55,6 +58,9 @@ if subsystem == 'http' then - ngx_lua_ffi_balancer_set_timeouts = - C.ngx_http_lua_ffi_balancer_set_timeouts - -+ ngx_lua_ffi_balancer_set_upstream_tls = -+ C.ngx_http_lua_ffi_balancer_set_upstream_tls -+ - elseif subsystem == 'stream' then - ffi.cdef[[ - int ngx_stream_lua_ffi_balancer_set_current_peer( -@@ -228,6 +234,29 @@ if subsystem == 'http' then - - return nil, "failed to recreate the upstream request" - end -+ -+ -+ function _M.set_upstream_tls(on) -+ local r = get_request() -+ if not r then -+ return error("no request found") -+ end -+ -+ local rc -+ -+ if on == 0 or on == false then -+ on = 0 -+ else -+ on = 1 -+ end -+ -+ rc = ngx_lua_ffi_balancer_set_upstream_tls(r, on, errmsg); -+ if rc == FFI_OK then -+ return true -+ end -+ -+ return nil, ffi_str(errmsg[0]) -+ end - end - - -diff --git a/bundle/lua-resty-core-0.1.28/lib/ngx/balancer.md b/bundle/lua-resty-core-0.1.28/lib/ngx/balancer.md -index ef2f124..3ec8cb9 100644 ---- a/bundle/lua-resty-core-0.1.28/lib/ngx/balancer.md -+++ b/bundle/lua-resty-core-0.1.28/lib/ngx/balancer.md -@@ -13,11 +13,12 @@ Table of Contents - * [stream subsystem](#stream-subsystem) - * [Description](#description) - * [Methods](#methods) -+ * [get_last_failure](#get_last_failure) -+ * [recreate_request](#recreate_request) - * [set_current_peer](#set_current_peer) - * [set_more_tries](#set_more_tries) -- * [get_last_failure](#get_last_failure) - * [set_timeouts](#set_timeouts) -- * [recreate_request](#recreate_request) -+ * [set_upstream_tls](#set_upstream_tls) - * [Community](#community) - * [English Mailing List](#english-mailing-list) - * [Chinese Mailing List](#chinese-mailing-list) -@@ -270,6 +271,21 @@ This function was first added in the `0.1.20` version of this library. - - [Back to TOC](#table-of-contents) - -+set_upstream_tls -+------------ -+**syntax:** `ok, err = balancer.set_upstream_tls(on)` -+ -+**context:** *balancer_by_lua** -+ -+Turn off the HTTPs or reenable the HTTPs for the upstream connection. -+ -+- If `on` is `true`, then the https protocol will be used to connect to the upstream server. -+- If `on` is `false`, then the http protocol will be used to connect to the upstream server. -+ -+This function was first added in the `0.1.29` version of this library. -+ -+[Back to TOC](#table-of-contents) -+ - Community - ========= - -diff --git a/bundle/lua-resty-core-0.1.28/t/balancer.t b/bundle/lua-resty-core-0.1.28/t/balancer.t -index 3e9fb2f..6201b47 100644 ---- a/bundle/lua-resty-core-0.1.28/t/balancer.t -+++ b/bundle/lua-resty-core-0.1.28/t/balancer.t -@@ -882,3 +882,98 @@ connect() failed (111: Connection refused) while connecting to upstream, client: - --- no_error_log - [warn] - [crit] -+ -+ -+ -+=== TEST 20: set_upstream_tls off -+--- skip_nginx: 5: < 1.7.5 -+--- http_config -+ lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH"; -+ -+ upstream backend { -+ server 0.0.0.1; -+ balancer_by_lua_block { -+ local b = require "ngx.balancer" -+ b.set_current_peer("127.0.0.1", tonumber(ngx.var.server_port)) -+ b.set_upstream_tls(false) -+ } -+ keepalive 1; -+ } -+ -+ server { -+ listen $TEST_NGINX_RAND_PORT_1 ssl; -+ ssl_certificate ../../cert/test.crt; -+ ssl_certificate_key ../../cert/test.key; -+ -+ server_tokens off; -+ location = /back { -+ return 200 "ok"; -+ } -+ } -+--- config -+ location /t { -+ proxy_pass https://backend/back; -+ proxy_http_version 1.1; -+ proxy_set_header Connection ""; -+ } -+ -+ location /back { -+ echo "Hello world!"; -+ } -+--- request -+ GET /t -+--- no_error_log -+[alert] -+[error] -+--- response_body -+Hello world! -+ -+--- no_check_leak -+ -+ -+ -+=== TEST 21: set_upstream_tls on -+--- skip_nginx: 5: < 1.7.5 -+--- http_config -+ lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH"; -+ -+ upstream backend { -+ server 0.0.0.1; -+ balancer_by_lua_block { -+ local b = require "ngx.balancer" -+ b.set_current_peer("127.0.0.1", $TEST_NGINX_RAND_PORT_1) -+ b.set_upstream_tls(false) -+ b.set_upstream_tls(true) -+ } -+ -+ keepalive 1; -+ } -+ -+ server { -+ listen $TEST_NGINX_RAND_PORT_1 ssl; -+ ssl_certificate ../../cert/test.crt; -+ ssl_certificate_key ../../cert/test.key; -+ -+ server_tokens off; -+ location = /back { -+ return 200 "ok"; -+ } -+ } -+--- config -+ location /t { -+ proxy_pass https://backend/back; -+ proxy_http_version 1.1; -+ proxy_set_header Connection ""; -+ } -+ -+ location /back { -+ echo "Hello world!"; -+ } -+--- request -+ GET /t -+--- no_error_log -+[alert] -+[error] -+--- response_body chomp -+ok -+--- no_check_leak diff --git a/build/openresty/patches/nginx-1.25.3_02-remove-server-tokens-from-special-responses-output.patch b/build/openresty/patches/nginx-1.25.3_02-remove-server-tokens-from-special-responses-output.patch deleted file mode 100644 index 5c4afd623dc..00000000000 --- a/build/openresty/patches/nginx-1.25.3_02-remove-server-tokens-from-special-responses-output.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 66f96c49ec4a222c4061e18aa8c3f8655b52327d Mon Sep 17 00:00:00 2001 -From: Aapo Talvensaari -Date: Fri, 16 Aug 2019 13:41:49 +0300 -Subject: [PATCH] remove server tokens from special responses output - ---- - nginx-1.25.3/src/http/ngx_http_special_response.c | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/bundle/nginx-1.25.3/src/http/ngx_http_special_response.c b/bundle/nginx-1.25.3/src/http/ngx_http_special_response.c -index 4b8bbf5..524cc7b 100644 ---- a/bundle/nginx-1.25.3/src/http/ngx_http_special_response.c -+++ b/bundle/nginx-1.25.3/src/http/ngx_http_special_response.c -@@ -19,21 +19,18 @@ static ngx_int_t ngx_http_send_refresh(ngx_http_request_t *r); - - - static u_char ngx_http_error_full_tail[] = --"
" NGINX_VER "
" CRLF - "" CRLF - "" CRLF - ; - - - static u_char ngx_http_error_build_tail[] = --"
" NGINX_VER_BUILD "
" CRLF - "" CRLF - "" CRLF - ; - - - static u_char ngx_http_error_tail[] = --"
openresty
" CRLF - "" CRLF - "" CRLF - ; --- -2.22.0 diff --git a/build/openresty/patches/nginx-1.25.3_03-http_revert_req_body_hardcode_limitation.patch b/build/openresty/patches/nginx-1.25.3_03-http_revert_req_body_hardcode_limitation.patch deleted file mode 100644 index 00a38352402..00000000000 --- a/build/openresty/patches/nginx-1.25.3_03-http_revert_req_body_hardcode_limitation.patch +++ /dev/null @@ -1,320 +0,0 @@ -diff --git a/bundle/ngx_lua-0.10.26/README.markdown b/bundle/ngx_lua-0.10.26/README.markdown -index d6ec8c9..02eb9af 100644 ---- a/bundle/ngx_lua-0.10.26/README.markdown -+++ b/bundle/ngx_lua-0.10.26/README.markdown -@@ -2722,8 +2722,6 @@ lua_need_request_body - - **phase:** *depends on usage* - --Due to the stream processing feature of HTTP/2 or HTTP/3, this configuration could potentially block the entire request. Therefore, this configuration is effective only when HTTP/2 or HTTP/3 requests send content-length header. For requests with versions lower than HTTP/2, this configuration can still be used without any problems. -- - Determines whether to force the request body data to be read before running rewrite/access/content_by_lua* or not. The Nginx core does not read the client request body by default and if request body data is required, then this directive should be turned `on` or the [ngx.req.read_body](#ngxreqread_body) function should be called within the Lua code. - - To read the request body data within the [$request_body](http://nginx.org/en/docs/http/ngx_http_core_module.html#var_request_body) variable, -@@ -5426,8 +5424,6 @@ Reads the client request body synchronously without blocking the Nginx event loo - local args = ngx.req.get_post_args() - ``` - --Due to the stream processing feature of HTTP/2 or HTTP/3, this api could potentially block the entire request. Therefore, this api is effective only when HTTP/2 or HTTP/3 requests send content-length header. For requests with versions lower than HTTP/2, this api can still be used without any problems. -- - If the request body is already read previously by turning on [lua_need_request_body](#lua_need_request_body) or by using other modules, then this function does not run and returns immediately. - - If the request body has already been explicitly discarded, either by the [ngx.req.discard_body](#ngxreqdiscard_body) function or other modules, this function does not run and returns immediately. -@@ -5643,7 +5639,7 @@ Returns a read-only cosocket object that wraps the downstream connection. Only [ - - In case of error, `nil` will be returned as well as a string describing the error. - --Due to the streaming nature of HTTP2 and HTTP3, this API cannot be used when the downstream connection is HTTP2 and HTTP3. -+**Note:** This method will block while waiting for client request body to be fully received. Block time depends on the [client_body_timeout](http://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_timeout) directive and maximum body size specified by the [client_max_body_size](http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size) directive. If read timeout occurs or client body size exceeds the defined limit, this function will not return and `408 Request Time-out` or `413 Request Entity Too Large` response will be returned to the client instead. - - The socket object returned by this method is usually used to read the current request's body in a streaming fashion. Do not turn on the [lua_need_request_body](#lua_need_request_body) directive, and do not mix this call with [ngx.req.read_body](#ngxreqread_body) and [ngx.req.discard_body](#ngxreqdiscard_body). - -diff --git a/bundle/ngx_lua-0.10.26/doc/HttpLuaModule.wiki b/bundle/ngx_lua-0.10.26/doc/HttpLuaModule.wiki -index 305626c..0db9dd5 100644 ---- a/bundle/ngx_lua-0.10.26/doc/HttpLuaModule.wiki -+++ b/bundle/ngx_lua-0.10.26/doc/HttpLuaModule.wiki -@@ -4741,8 +4741,7 @@ Returns a read-only cosocket object that wraps the downstream connection. Only [ - - In case of error, nil will be returned as well as a string describing the error. - --Due to the streaming nature of HTTP2 and HTTP3, this API cannot be used when the downstream connection is HTTP2 and HTTP3. -- -+'''Note:''' This method will block while waiting for client request body to be fully received. Block time depends on the [http://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_timeout client_body_timeout] directive and maximum body size specified by the [http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size client_max_body_size] directive. If read timeout occurs or client body size exceeds the defined limit, this function will not return and 408 Request Time-out or 413 Request Entity Too Large response will be returned to the client instead. - The socket object returned by this method is usually used to read the current request's body in a streaming fashion. Do not turn on the [[#lua_need_request_body|lua_need_request_body]] directive, and do not mix this call with [[#ngx.req.read_body|ngx.req.read_body]] and [[#ngx.req.discard_body|ngx.req.discard_body]]. - - If any request body data has been pre-read into the Nginx core request header buffer, the resulting cosocket object will take care of this to avoid potential data loss resulting from such pre-reading. -diff --git a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_accessby.c b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_accessby.c -index 2bf40aa..d40eab1 100644 ---- a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_accessby.c -+++ b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_accessby.c -@@ -137,26 +137,6 @@ ngx_http_lua_access_handler(ngx_http_request_t *r) - } - - if (llcf->force_read_body && !ctx->read_body_done) { -- --#if (NGX_HTTP_V2) -- if (r->main->stream && r->headers_in.content_length_n < 0) { -- ngx_log_error(NGX_LOG_WARN, r->connection->log, 0, -- "disable lua_need_request_body, since " -- "http2 read_body may break http2 stream process"); -- goto done; -- } --#endif -- --#if (NGX_HTTP_V3) -- if (r->http_version == NGX_HTTP_VERSION_30 -- && r->headers_in.content_length_n < 0) -- { -- ngx_log_error(NGX_LOG_WARN, r->connection->log, 0, -- "disable lua_need_request_body, since " -- "http2 read_body may break http2 stream process"); -- goto done; -- } --#endif - r->request_body_in_single_buf = 1; - r->request_body_in_persistent_file = 1; - r->request_body_in_clean_file = 1; -@@ -174,12 +154,6 @@ ngx_http_lua_access_handler(ngx_http_request_t *r) - } - } - --#if defined(NGX_HTTP_V3) || defined(NGX_HTTP_V2) -- --done: -- --#endif -- - dd("calling access handler"); - return llcf->access_handler(r); - } -diff --git a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_contentby.c b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_contentby.c -index 2014d52..5e2ae55 100644 ---- a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_contentby.c -+++ b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_contentby.c -@@ -196,26 +196,6 @@ ngx_http_lua_content_handler(ngx_http_request_t *r) - } - - if (llcf->force_read_body && !ctx->read_body_done) { -- --#if (NGX_HTTP_V2) -- if (r->main->stream && r->headers_in.content_length_n < 0) { -- ngx_log_error(NGX_LOG_WARN, r->connection->log, 0, -- "disable lua_need_request_body, since " -- "http2 read_body may break http2 stream process"); -- goto done; -- } --#endif -- --#if (NGX_HTTP_V3) -- if (r->http_version == NGX_HTTP_VERSION_30 -- && r->headers_in.content_length_n < 0) -- { -- ngx_log_error(NGX_LOG_WARN, r->connection->log, 0, -- "disable lua_need_request_body, since " -- "http2 read_body may break http2 stream process"); -- goto done; -- } --#endif - r->request_body_in_single_buf = 1; - r->request_body_in_persistent_file = 1; - r->request_body_in_clean_file = 1; -@@ -234,12 +214,6 @@ ngx_http_lua_content_handler(ngx_http_request_t *r) - } - } - --#if defined(NGX_HTTP_V3) || defined(NGX_HTTP_V2) -- --done: -- --#endif -- - dd("setting entered"); - - ctx->entered_content_phase = 1; -diff --git a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_req_body.c b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_req_body.c -index 61ab999..5d69735 100644 ---- a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_req_body.c -+++ b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_req_body.c -@@ -85,23 +85,6 @@ ngx_http_lua_ngx_req_read_body(lua_State *L) - return luaL_error(L, "request object not found"); - } - --/* http2 read body may break http2 stream process */ --#if (NGX_HTTP_V2) -- if (r->main->stream && r->headers_in.content_length_n < 0) { -- return luaL_error(L, "http2 requests are not supported" -- " without content-length header"); -- } --#endif -- --#if (NGX_HTTP_V3) -- if (r->http_version == NGX_HTTP_VERSION_30 -- && r->headers_in.content_length_n < 0) -- { -- return luaL_error(L, "http3 requests are not supported" -- " without content-length header"); -- } --#endif -- - r->request_body_in_single_buf = 1; - r->request_body_in_persistent_file = 1; - r->request_body_in_clean_file = 1; -@@ -349,23 +332,6 @@ ngx_http_lua_ngx_req_get_body_file(lua_State *L) - return luaL_error(L, "request object not found"); - } - --/* http2 read body may break http2 stream process */ --#if (NGX_HTTP_V2) -- if (r->main->stream && r->headers_in.content_length_n < 0) { -- return luaL_error(L, "http2 requests are not supported" -- " without content-length header"); -- } --#endif -- --#if (NGX_HTTP_V3) -- if (r->http_version == NGX_HTTP_VERSION_30 -- && r->headers_in.content_length_n < 0) -- { -- return luaL_error(L, "http3 requests are not supported" -- " without content-length header"); -- } --#endif -- - ngx_http_lua_check_fake_request(L, r); - - if (r->request_body == NULL || r->request_body->temp_file == NULL) { -diff --git a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_rewriteby.c b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_rewriteby.c -index c56bba5..4109f28 100644 ---- a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_rewriteby.c -+++ b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_rewriteby.c -@@ -140,12 +140,7 @@ ngx_http_lua_rewrite_handler(ngx_http_request_t *r) - return NGX_DONE; - } - --/* http2 read body may break http2 stream process */ --#if (NGX_HTTP_V2) -- if (llcf->force_read_body && !ctx->read_body_done && !r->main->stream) { --#else - if (llcf->force_read_body && !ctx->read_body_done) { --#endif - r->request_body_in_single_buf = 1; - r->request_body_in_persistent_file = 1; - r->request_body_in_clean_file = 1; -diff --git a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_server_rewriteby.c b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_server_rewriteby.c -index 997262e..be86069 100644 ---- a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_server_rewriteby.c -+++ b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_server_rewriteby.c -@@ -102,13 +102,8 @@ ngx_http_lua_server_rewrite_handler(ngx_http_request_t *r) - return NGX_DONE; - } - --/* TODO: lscf do not have force_read_body -- * http2 read body may break http2 stream process */ --#if (NGX_HTTP_V2) -- if (llcf->force_read_body && !ctx->read_body_done && !r->main->stream) { --#else -+ /* TODO: lscf do not have force_read_body */ - if (llcf->force_read_body && !ctx->read_body_done) { --#endif - r->request_body_in_single_buf = 1; - r->request_body_in_persistent_file = 1; - r->request_body_in_clean_file = 1; -diff --git a/bundle/ngx_lua-0.10.26/t/023-rewrite/request_body.t b/bundle/ngx_lua-0.10.26/t/023-rewrite/request_body.t -index 32c02e1..b867d3a 100644 ---- a/bundle/ngx_lua-0.10.26/t/023-rewrite/request_body.t -+++ b/bundle/ngx_lua-0.10.26/t/023-rewrite/request_body.t -@@ -170,26 +170,3 @@ Expect: 100-Continue - http finalize request: 500, "/echo_body?" a:1, c:2 - http finalize request: 500, "/echo_body?" a:1, c:0 - --- log_level: debug ----- skip_eval: 4:$ENV{TEST_NGINX_USE_HTTP3} -- -- -- --=== TEST 9: test HTTP2 reading request body was disabled ----- config -- location /echo_body { -- lua_need_request_body on; -- rewrite_by_lua_block { -- ngx.print(ngx.var.request_body or "nil") -- } -- content_by_lua 'ngx.exit(ngx.OK)'; -- } ----- http2 ----- request eval --"POST /echo_body --hello\x00\x01\x02 --world\x03\x04\xff" ----- more_headers --Content-Length: ----- response_body eval --"nil" ----- no_error_log -diff --git a/bundle/ngx_lua-0.10.26/t/024-access/request_body.t b/bundle/ngx_lua-0.10.26/t/024-access/request_body.t -index 0aa12c8..fa03195 100644 ---- a/bundle/ngx_lua-0.10.26/t/024-access/request_body.t -+++ b/bundle/ngx_lua-0.10.26/t/024-access/request_body.t -@@ -170,26 +170,3 @@ Expect: 100-Continue - http finalize request: 500, "/echo_body?" a:1, c:2 - http finalize request: 500, "/echo_body?" a:1, c:0 - --- log_level: debug ----- skip_eval: 4:$ENV{TEST_NGINX_USE_HTTP3} -- -- -- --=== TEST 9: test HTTP2 reading request body was disabled ----- config -- location /echo_body { -- lua_need_request_body on; -- access_by_lua_block { -- ngx.print(ngx.var.request_body or "nil") -- } -- content_by_lua 'ngx.exit(ngx.OK)'; -- } ----- http2 ----- request eval --"POST /echo_body --hello\x00\x01\x02 --world\x03\x04\xff" ----- more_headers --Content-Length: ----- response_body eval --"nil" ----- no_error_log -diff --git a/bundle/ngx_lua-0.10.26/t/044-req-body.t b/bundle/ngx_lua-0.10.26/t/044-req-body.t -index f4509e1..da3a28b 100644 ---- a/bundle/ngx_lua-0.10.26/t/044-req-body.t -+++ b/bundle/ngx_lua-0.10.26/t/044-req-body.t -@@ -7,7 +7,7 @@ log_level('warn'); - - repeat_each(2); - --plan tests => repeat_each() * (blocks() * 4 + 56); -+plan tests => repeat_each() * (blocks() * 4 + 58 ); - - #no_diff(); - no_long_string(); -@@ -1774,23 +1774,3 @@ content length: 5 - --- no_error_log - [error] - [alert] ----- skip_eval: 4:$ENV{TEST_NGINX_USE_HTTP3} -- -- -- --=== TEST 53: HTTP2 read buffered body was discarded ----- config -- location = /test { -- content_by_lua_block { -- local err = pcall(ngx.req.read_body()) -- ngx.say(err) -- } -- } ----- http2 ----- request --POST /test --hello, world ----- more_headers --Content-Length: ----- error_code: 500 ----- error_log: http2 requests are not supported without content-length header diff --git a/build/openresty/patches/nginx-1.25.3_07-fix-lua-context-clean-by-send-header.patch b/build/openresty/patches/nginx-1.25.3_07-fix-lua-context-clean-by-send-header.patch deleted file mode 100644 index 4db81ee59cb..00000000000 --- a/build/openresty/patches/nginx-1.25.3_07-fix-lua-context-clean-by-send-header.patch +++ /dev/null @@ -1,45 +0,0 @@ -diff --git a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_util.c b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_util.c -index 8fd2656..b2fdb6c 100644 ---- a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_util.c -+++ b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_util.c -@@ -549,6 +549,10 @@ ngx_http_lua_send_header_if_needed(ngx_http_request_t *r, - if (!ctx->buffering) { - dd("sending headers"); - rc = ngx_http_send_header(r); -+ if (r->filter_finalize) { -+ ngx_http_set_ctx(r, ctx, ngx_http_lua_module); -+ } -+ - ctx->header_sent = 1; - return rc; - } -diff --git a/bundle/ngx_lua-0.10.26/t/002-content.t b/bundle/ngx_lua-0.10.26/t/002-content.t -index 54de40e..eb9d587 100644 ---- a/bundle/ngx_lua-0.10.26/t/002-content.t -+++ b/bundle/ngx_lua-0.10.26/t/002-content.t -@@ -1098,3 +1098,25 @@ failed to load inlined Lua code: content_by_lua(...45678901234567890123456789012 - GET /lua - --- response_body_like: 503 Service Temporarily Unavailable - --- error_code: 503 -+ -+ -+ -+=== TEST 52: send_header trigger filter finalize does not clear the ctx -+--- config -+ location /lua { -+ content_by_lua_block { -+ ngx.header["Last-Modified"] = ngx.http_time(ngx.time()) -+ ngx.send_headers() -+ local phase = ngx.get_phase() -+ } -+ header_filter_by_lua_block { -+ ngx.header["X-Hello-World"] = "Hello World" -+ } -+ } -+--- request -+GET /lua -+--- more_headers -+If-Unmodified-Since: Wed, 01 Jan 2020 07:28:00 GMT -+--- error_code: 412 -+--- no_error_log -+unknown phase: 0 diff --git a/build/openresty/patches/nginx-1.25.3_01-upstream_client_certificate_and_ssl_verify.patch b/build/openresty/patches/nginx-1.27.1_01-upstream_client_certificate_and_ssl_verify.patch similarity index 86% rename from build/openresty/patches/nginx-1.25.3_01-upstream_client_certificate_and_ssl_verify.patch rename to build/openresty/patches/nginx-1.27.1_01-upstream_client_certificate_and_ssl_verify.patch index 6fb22a4acd9..46f497600f3 100644 --- a/build/openresty/patches/nginx-1.25.3_01-upstream_client_certificate_and_ssl_verify.patch +++ b/build/openresty/patches/nginx-1.27.1_01-upstream_client_certificate_and_ssl_verify.patch @@ -1,7 +1,7 @@ -diff --git a/bundle/nginx-1.25.3/src/http/ngx_http_upstream.c b/bundle/nginx-1.25.3/src/http/ngx_http_upstream.c +diff --git a/bundle/nginx-1.27.1/src/http/ngx_http_upstream.c b/bundle/nginx-1.27.1/src/http/ngx_http_upstream.c index 2be233c..f364448 100644 ---- a/bundle/nginx-1.25.3/src/http/ngx_http_upstream.c -+++ b/bundle/nginx-1.25.3/src/http/ngx_http_upstream.c +--- a/bundle/nginx-1.27.1/src/http/ngx_http_upstream.c ++++ b/bundle/nginx-1.27.1/src/http/ngx_http_upstream.c @@ -8,6 +8,9 @@ #include #include diff --git a/build/openresty/patches/nginx-1.27.1_02-remove-server-tokens-from-special-responses-output.patch b/build/openresty/patches/nginx-1.27.1_02-remove-server-tokens-from-special-responses-output.patch new file mode 100644 index 00000000000..52e7702eec5 --- /dev/null +++ b/build/openresty/patches/nginx-1.27.1_02-remove-server-tokens-from-special-responses-output.patch @@ -0,0 +1,26 @@ +diff --git a/bundle/nginx-1.27.1/src/http/ngx_http_special_response.c b/bundle/nginx-1.27.1/src/http/ngx_http_special_response.c +index b5db811..0dbc2d3 100644 +--- a/bundle/nginx-1.27.1/src/http/ngx_http_special_response.c ++++ b/bundle/nginx-1.27.1/src/http/ngx_http_special_response.c +@@ -19,21 +19,18 @@ static ngx_int_t ngx_http_send_refresh(ngx_http_request_t *r); + + + static u_char ngx_http_error_full_tail[] = +-"
" NGINX_VER "
" CRLF + "" CRLF + "" CRLF + ; + + + static u_char ngx_http_error_build_tail[] = +-"
" NGINX_VER_BUILD "
" CRLF + "" CRLF + "" CRLF + ; + + + static u_char ngx_http_error_tail[] = +-"
openresty
" CRLF + "" CRLF + "" CRLF + ; diff --git a/build/openresty/patches/nginx-1.25.3_03-stream_upstream_client_certificate_and_ssl_verify.patch b/build/openresty/patches/nginx-1.27.1_03-stream_upstream_client_certificate_and_ssl_verify.patch similarity index 84% rename from build/openresty/patches/nginx-1.25.3_03-stream_upstream_client_certificate_and_ssl_verify.patch rename to build/openresty/patches/nginx-1.27.1_03-stream_upstream_client_certificate_and_ssl_verify.patch index 36fc66d4062..b49287570d5 100644 --- a/build/openresty/patches/nginx-1.25.3_03-stream_upstream_client_certificate_and_ssl_verify.patch +++ b/build/openresty/patches/nginx-1.27.1_03-stream_upstream_client_certificate_and_ssl_verify.patch @@ -1,7 +1,7 @@ -diff --git a/bundle/nginx-1.25.3/src/stream/ngx_stream_proxy_module.c b/bundle/nginx-1.25.3/src/stream/ngx_stream_proxy_module.c +diff --git a/bundle/nginx-1.27.1/src/stream/ngx_stream_proxy_module.c b/bundle/nginx-1.27.1/src/stream/ngx_stream_proxy_module.c index 82dca1e..f12cda2 100644 ---- a/bundle/nginx-1.25.3/src/stream/ngx_stream_proxy_module.c -+++ b/bundle/nginx-1.25.3/src/stream/ngx_stream_proxy_module.c +--- a/bundle/nginx-1.27.1/src/stream/ngx_stream_proxy_module.c ++++ b/bundle/nginx-1.27.1/src/stream/ngx_stream_proxy_module.c @@ -8,6 +8,9 @@ #include #include @@ -9,13 +9,13 @@ index 82dca1e..f12cda2 100644 +#if (NGX_STREAM_LUA_KONG) +#include +#endif - + typedef struct { @@ -823,8 +826,18 @@ ngx_stream_proxy_init_upstream(ngx_stream_session_t *s) - + #if (NGX_STREAM_SSL) - + +#if (NGX_STREAM_LUA_KONG) + + if (pc->type == SOCK_STREAM && pscf->ssl_enable @@ -25,7 +25,7 @@ index 82dca1e..f12cda2 100644 +#else + if (pc->type == SOCK_STREAM && pscf->ssl_enable) { - + +#endif + if (u->proxy_protocol) { @@ -34,11 +34,11 @@ index 82dca1e..f12cda2 100644 @@ -1089,7 +1102,16 @@ ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s) return; } - + - if (pscf->ssl_server_name || pscf->ssl_verify) { +#if (NGX_STREAM_LUA_KONG) + -+ if (pscf->ssl_server_name || ngx_stream_lua_kong_get_upstream_ssl_verify(s, pscf->ssl_verify)) { ++ if (pscf->ssl_server_name || ngx_stream_lua_kong_get_upstream_ssl_verify(s, pscf->ssl_verify)) { + +#else + @@ -58,15 +58,15 @@ index 82dca1e..f12cda2 100644 +#endif + s->connection->log->action = "SSL handshaking to upstream"; - + rc = ngx_ssl_handshake(pc); @@ -1148,7 +1174,15 @@ ngx_stream_proxy_ssl_handshake(ngx_connection_t *pc) if (pc->ssl->handshaked) { - + +#if (NGX_STREAM_LUA_KONG) + -+ if (ngx_stream_lua_kong_get_upstream_ssl_verify(s, pscf->ssl_verify)) { ++ if (ngx_stream_lua_kong_get_upstream_ssl_verify(s, pscf->ssl_verify)) { + +#else + @@ -74,5 +74,5 @@ index 82dca1e..f12cda2 100644 + +#endif rc = SSL_get_verify_result(pc->ssl->connection); - + if (rc != X509_V_OK) { diff --git a/build/openresty/patches/nginx-1.25.3_04-grpc_authority_override.patch b/build/openresty/patches/nginx-1.27.1_04-grpc_authority_override.patch similarity index 70% rename from build/openresty/patches/nginx-1.25.3_04-grpc_authority_override.patch rename to build/openresty/patches/nginx-1.27.1_04-grpc_authority_override.patch index 3b9d137e00e..cb2f99e53ef 100644 --- a/build/openresty/patches/nginx-1.25.3_04-grpc_authority_override.patch +++ b/build/openresty/patches/nginx-1.27.1_04-grpc_authority_override.patch @@ -1,7 +1,7 @@ -diff --git a/bundle/nginx-1.25.3/src/http/modules/ngx_http_grpc_module.c b/bundle/nginx-1.25.3/src/http/modules/ngx_http_grpc_module.c +diff --git a/bundle/nginx-1.27.1/src/http/modules/ngx_http_grpc_module.c b/bundle/nginx-1.27.1/src/http/modules/ngx_http_grpc_module.c index dfe49c5..db85ca3 100644 ---- a/bundle/nginx-1.25.3/src/http/modules/ngx_http_grpc_module.c -+++ b/bundle/nginx-1.25.3/src/http/modules/ngx_http_grpc_module.c +--- a/bundle/nginx-1.27.1/src/http/modules/ngx_http_grpc_module.c ++++ b/bundle/nginx-1.27.1/src/http/modules/ngx_http_grpc_module.c @@ -8,6 +8,9 @@ #include #include diff --git a/build/openresty/patches/nginx-1.25.3_05-remove-server-headers-from-ngx-header-filter-module.patch b/build/openresty/patches/nginx-1.27.1_05-remove-server-headers-from-ngx-header-filter-module.patch similarity index 88% rename from build/openresty/patches/nginx-1.25.3_05-remove-server-headers-from-ngx-header-filter-module.patch rename to build/openresty/patches/nginx-1.27.1_05-remove-server-headers-from-ngx-header-filter-module.patch index be45f17137a..ff8127bb814 100644 --- a/build/openresty/patches/nginx-1.25.3_05-remove-server-headers-from-ngx-header-filter-module.patch +++ b/build/openresty/patches/nginx-1.27.1_05-remove-server-headers-from-ngx-header-filter-module.patch @@ -1,7 +1,7 @@ -diff --git a/bundle/nginx-1.25.3/src/http/ngx_http_header_filter_module.c b/bundle/nginx-1.25.3/src/http/ngx_http_header_filter_module.c +diff --git a/bundle/nginx-1.27.1/src/http/ngx_http_header_filter_module.c b/bundle/nginx-1.27.1/src/http/ngx_http_header_filter_module.c index 90525ef..2c75594 100644 ---- a/bundle/nginx-1.25.3/src/http/ngx_http_header_filter_module.c -+++ b/bundle/nginx-1.25.3/src/http/ngx_http_header_filter_module.c +--- a/bundle/nginx-1.27.1/src/http/ngx_http_header_filter_module.c ++++ b/bundle/nginx-1.27.1/src/http/ngx_http_header_filter_module.c @@ -46,11 +46,6 @@ ngx_module_t ngx_http_header_filter_module = { }; diff --git a/build/openresty/patches/nginx-1.25.3_06-dynamic_log_level.patch b/build/openresty/patches/nginx-1.27.1_06-dynamic_log_level.patch similarity index 93% rename from build/openresty/patches/nginx-1.25.3_06-dynamic_log_level.patch rename to build/openresty/patches/nginx-1.27.1_06-dynamic_log_level.patch index 278ce22f529..112b41c610e 100644 --- a/build/openresty/patches/nginx-1.25.3_06-dynamic_log_level.patch +++ b/build/openresty/patches/nginx-1.27.1_06-dynamic_log_level.patch @@ -1,10 +1,10 @@ -diff --git a/bundle/nginx-1.25.3/src/core/ngx_log.c b/bundle/nginx-1.25.3/src/core/ngx_log.c +diff --git a/bundle/nginx-1.27.1/src/core/ngx_log.c b/bundle/nginx-1.27.1/src/core/ngx_log.c index eb7a989..0862d4d 100644 ---- a/bundle/nginx-1.25.3/src/core/ngx_log.c -+++ b/bundle/nginx-1.25.3/src/core/ngx_log.c +--- a/bundle/nginx-1.27.1/src/core/ngx_log.c ++++ b/bundle/nginx-1.27.1/src/core/ngx_log.c @@ -171,8 +171,12 @@ ngx_log_error_core(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, debug_connection = (log->log_level & NGX_LOG_DEBUG_CONNECTION) != 0; - + while (log) { - +#if (NGX_HTTP_LUA_KONG) @@ -15,11 +15,11 @@ index eb7a989..0862d4d 100644 +#endif break; } - + @@ -230,7 +234,11 @@ ngx_log_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, { va_list args; - + +#if (NGX_HTTP_LUA_KONG) + if (ngx_http_lua_kong_get_dynamic_log_level(log->log_level) >= level) { +#else @@ -28,14 +28,14 @@ index eb7a989..0862d4d 100644 va_start(args, fmt); ngx_log_error_core(level, log, err, fmt, args); va_end(args); -diff --git a/bundle/nginx-1.25.3/src/core/ngx_log.h b/bundle/nginx-1.25.3/src/core/ngx_log.h -index da81cf0..8fd3348 100644 ---- a/bundle/nginx-1.25.3/src/core/ngx_log.h -+++ b/bundle/nginx-1.25.3/src/core/ngx_log.h +diff --git a/bundle/nginx-1.27.1/src/core/ngx_log.h b/bundle/nginx-1.27.1/src/core/ngx_log.h +index da81cf0..dae8c3a 100644 +--- a/bundle/nginx-1.27.1/src/core/ngx_log.h ++++ b/bundle/nginx-1.27.1/src/core/ngx_log.h @@ -72,6 +72,13 @@ struct ngx_log_s { ngx_log_t *next; }; - + +#if (NGX_HTTP_LUA_KONG) +ngx_uint_t +ngx_http_lua_kong_get_dynamic_log_level(ngx_uint_t current_log_level); @@ -43,91 +43,91 @@ index da81cf0..8fd3348 100644 +#define ngx_http_lua_kong_get_dynamic_log_level(expr) (expr) +#endif + - + #ifndef NGX_MAX_ERROR_STR #define NGX_MAX_ERROR_STR 4096 @@ -85,13 +92,13 @@ struct ngx_log_s { #define NGX_HAVE_VARIADIC_MACROS 1 - + #define ngx_log_error(level, log, ...) \ - if ((log)->log_level >= level) ngx_log_error_core(level, log, __VA_ARGS__) + if (ngx_http_lua_kong_get_dynamic_log_level((log)->log_level) >= level) ngx_log_error_core(level, log, __VA_ARGS__) - + void ngx_log_error_core(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, const char *fmt, ...); - + #define ngx_log_debug(level, log, ...) \ - if ((log)->log_level & level) \ + if (ngx_http_lua_kong_get_dynamic_log_level((log)->log_level) & level) \ ngx_log_error_core(NGX_LOG_DEBUG, log, __VA_ARGS__) - + /*********************************/ @@ -101,13 +108,13 @@ void ngx_log_error_core(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, #define NGX_HAVE_VARIADIC_MACROS 1 - + #define ngx_log_error(level, log, args...) \ - if ((log)->log_level >= level) ngx_log_error_core(level, log, args) + if (ngx_http_lua_kong_get_dynamic_log_level((log)->log_level) >= level) ngx_log_error_core(level, log, args) - + void ngx_log_error_core(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, const char *fmt, ...); - + #define ngx_log_debug(level, log, args...) \ - if ((log)->log_level & level) \ + if (ngx_http_lua_kong_get_dynamic_log_level((log)->log_level) & level) ngx_log_error_core(level, log, args) ngx_log_error_core(NGX_LOG_DEBUG, log, args) - + /*********************************/ @@ -170,43 +177,43 @@ void ngx_cdecl ngx_log_debug_core(ngx_log_t *log, ngx_err_t err, #else /* no variadic macros */ - + #define ngx_log_debug0(level, log, err, fmt) \ - if ((log)->log_level & level) \ + if (ngx_http_lua_kong_get_dynamic_log_level((log)->log_level) & level) \ ngx_log_debug_core(log, err, fmt) - + #define ngx_log_debug1(level, log, err, fmt, arg1) \ - if ((log)->log_level & level) \ + if (ngx_http_lua_kong_get_dynamic_log_level((log)->log_level) & level) \ ngx_log_debug_core(log, err, fmt, arg1) - + #define ngx_log_debug2(level, log, err, fmt, arg1, arg2) \ - if ((log)->log_level & level) \ + if (ngx_http_lua_kong_get_dynamic_log_level((log)->log_level) & level) \ ngx_log_debug_core(log, err, fmt, arg1, arg2) - + #define ngx_log_debug3(level, log, err, fmt, arg1, arg2, arg3) \ - if ((log)->log_level & level) \ + if (ngx_http_lua_kong_get_dynamic_log_level((log)->log_level) & level) \ ngx_log_debug_core(log, err, fmt, arg1, arg2, arg3) - + #define ngx_log_debug4(level, log, err, fmt, arg1, arg2, arg3, arg4) \ - if ((log)->log_level & level) \ + if (ngx_http_lua_kong_get_dynamic_log_level((log)->log_level) & level) \ ngx_log_debug_core(log, err, fmt, arg1, arg2, arg3, arg4) - + #define ngx_log_debug5(level, log, err, fmt, arg1, arg2, arg3, arg4, arg5) \ - if ((log)->log_level & level) \ + if (ngx_http_lua_kong_get_dynamic_log_level((log)->log_level) & level) \ ngx_log_debug_core(log, err, fmt, arg1, arg2, arg3, arg4, arg5) - + #define ngx_log_debug6(level, log, err, fmt, \ arg1, arg2, arg3, arg4, arg5, arg6) \ - if ((log)->log_level & level) \ + if (ngx_http_lua_kong_get_dynamic_log_level((log)->log_level) & level) \ ngx_log_debug_core(log, err, fmt, arg1, arg2, arg3, arg4, arg5, arg6) - + #define ngx_log_debug7(level, log, err, fmt, \ arg1, arg2, arg3, arg4, arg5, arg6, arg7) \ - if ((log)->log_level & level) \ + if (ngx_http_lua_kong_get_dynamic_log_level((log)->log_level) & level) \ ngx_log_debug_core(log, err, fmt, \ arg1, arg2, arg3, arg4, arg5, arg6, arg7) - + #define ngx_log_debug8(level, log, err, fmt, \ arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8) \ - if ((log)->log_level & level) \ + if (ngx_http_lua_kong_get_dynamic_log_level((log)->log_level) & level) \ ngx_log_debug_core(log, err, fmt, \ arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8) - + diff --git a/build/openresty/patches/nginx-1.25.3_07-cross.patch b/build/openresty/patches/nginx-1.27.1_07-cross.patch similarity index 89% rename from build/openresty/patches/nginx-1.25.3_07-cross.patch rename to build/openresty/patches/nginx-1.27.1_07-cross.patch index d03d8471344..e00215c0893 100644 --- a/build/openresty/patches/nginx-1.25.3_07-cross.patch +++ b/build/openresty/patches/nginx-1.27.1_07-cross.patch @@ -1,7 +1,7 @@ -diff --git a/bundle/nginx-1.25.3/auto/feature b/bundle/nginx-1.25.3/auto/feature +diff --git a/bundle/nginx-1.27.1/auto/feature b/bundle/nginx-1.27.1/auto/feature index 3561f59..d6a2889 100644 ---- a/bundle/nginx-1.25.3/auto/feature -+++ b/bundle/nginx-1.25.3/auto/feature +--- a/bundle/nginx-1.27.1/auto/feature ++++ b/bundle/nginx-1.27.1/auto/feature @@ -49,12 +49,20 @@ eval "/bin/sh -c \"$ngx_test\" >> $NGX_AUTOCONF_ERR 2>&1" if [ -x $NGX_AUTOTEST ]; then @@ -66,11 +66,11 @@ index 3561f59..d6a2889 100644 echo " not found" else -diff --git a/bundle/nginx-1.25.3/auto/options b/bundle/nginx-1.25.3/auto/options -index e6e0cd3..5117342 100644 ---- a/bundle/nginx-1.25.3/auto/options -+++ b/bundle/nginx-1.25.3/auto/options -@@ -411,6 +411,18 @@ $0: warning: the \"--with-sha1-asm\" option is deprecated" +diff --git a/bundle/nginx-1.27.1/auto/options b/bundle/nginx-1.27.1/auto/options +index d22f48b..0fa47c5 100644 +--- a/bundle/nginx-1.27.1/auto/options ++++ b/bundle/nginx-1.27.1/auto/options +@@ -413,6 +413,18 @@ $0: warning: the \"--with-sha1-asm\" option is deprecated" --test-build-epoll) NGX_TEST_BUILD_EPOLL=YES ;; --test-build-solaris-sendfilev) NGX_TEST_BUILD_SOLARIS_SENDFILEV=YES ;; @@ -89,7 +89,7 @@ index e6e0cd3..5117342 100644 *) echo "$0: error: invalid option \"$option\"" exit 1 -@@ -605,6 +617,17 @@ cat << END +@@ -608,6 +620,17 @@ cat << END --with-debug enable debug logging @@ -107,7 +107,7 @@ index e6e0cd3..5117342 100644 END exit 1 -@@ -613,6 +636,8 @@ fi +@@ -616,6 +639,8 @@ fi if [ ".$NGX_PLATFORM" = ".win32" ]; then NGX_WINE=$WINE @@ -116,10 +116,10 @@ index e6e0cd3..5117342 100644 fi -diff --git a/bundle/nginx-1.25.3/auto/types/sizeof b/bundle/nginx-1.25.3/auto/types/sizeof +diff --git a/bundle/nginx-1.27.1/auto/types/sizeof b/bundle/nginx-1.27.1/auto/types/sizeof index 480d8cf..23c5171 100644 ---- a/bundle/nginx-1.25.3/auto/types/sizeof -+++ b/bundle/nginx-1.25.3/auto/types/sizeof +--- a/bundle/nginx-1.27.1/auto/types/sizeof ++++ b/bundle/nginx-1.27.1/auto/types/sizeof @@ -12,9 +12,12 @@ checking for $ngx_type size END @@ -158,10 +158,10 @@ index 480d8cf..23c5171 100644 fi -diff --git a/bundle/nginx-1.25.3/auto/unix b/bundle/nginx-1.25.3/auto/unix +diff --git a/bundle/nginx-1.27.1/auto/unix b/bundle/nginx-1.27.1/auto/unix index 6b44fc9..7410746 100644 ---- a/bundle/nginx-1.25.3/auto/unix -+++ b/bundle/nginx-1.25.3/auto/unix +--- a/bundle/nginx-1.27.1/auto/unix ++++ b/bundle/nginx-1.27.1/auto/unix @@ -640,13 +640,13 @@ ngx_feature_libs= # C types diff --git a/build/openresty/patches/nginx-1.25.3_08-cross-endianness-fix.patch b/build/openresty/patches/nginx-1.27.1_08-cross-endianness-fix.patch similarity index 66% rename from build/openresty/patches/nginx-1.25.3_08-cross-endianness-fix.patch rename to build/openresty/patches/nginx-1.27.1_08-cross-endianness-fix.patch index 3ee855fa55b..34d8edd3ec2 100644 --- a/build/openresty/patches/nginx-1.25.3_08-cross-endianness-fix.patch +++ b/build/openresty/patches/nginx-1.27.1_08-cross-endianness-fix.patch @@ -1,22 +1,7 @@ -# http://cgit.openembedded.org/meta-openembedded/tree/meta-webserver/recipes-httpd/nginx/files/0001-Allow-the-overriding-of-the-endianness-via-the-confi.patch -From be9970aa16c5142ef814531d74a07990a8e9eb14 Mon Sep 17 00:00:00 2001 -From: Derek Straka -Date: Fri, 1 Dec 2017 10:32:29 -0500 -Subject: [PATCH] Allow the overriding of the endianness via the configure flag - --with-endian - -The existing configure options contain the --with-endian; however, the command -line flag does not actually function. It does not set the endianness and it -appears to do nothing. - -Upstream-Status: Pending - -Signed-off-by: Derek Straka - -diff --git a/auto/endianness b/auto/endianness +diff --git a/bundle/nginx-1.27.1/auto/endianness b/bundle/nginx-1.27.1/auto/endianness index 1b552b6..be84487 100644 ---- a/bundle/nginx-1.25.3/endianness -+++ b/bundle/nginx-1.25.3/auto/endianness +--- a/bundle/nginx-1.27.1/auto/endianness ++++ b/bundle/nginx-1.27.1/auto/endianness @@ -13,7 +13,13 @@ checking for system byte ordering END @@ -75,5 +60,3 @@ index 1b552b6..be84487 100644 + exit 1 + fi fi --- -2.7.4 diff --git a/build/openresty/patches/nginx-1.25.3_10-proxy-upstream-next.patch b/build/openresty/patches/nginx-1.27.1_09-proxy-upstream-next.patch similarity index 69% rename from build/openresty/patches/nginx-1.25.3_10-proxy-upstream-next.patch rename to build/openresty/patches/nginx-1.27.1_09-proxy-upstream-next.patch index a17fb086612..fd05587bc6d 100644 --- a/build/openresty/patches/nginx-1.25.3_10-proxy-upstream-next.patch +++ b/build/openresty/patches/nginx-1.27.1_09-proxy-upstream-next.patch @@ -1,8 +1,8 @@ -diff --git a/bundle/nginx-1.25.3/src/http/ngx_http_upstream.c b/bundle/nginx-1.25.3/src/http/ngx_http_upstream.c -index 2be233c..7f7132d 100644 ---- a/bundle/nginx-1.25.3/src/http/ngx_http_upstream.c -+++ b/bundle/nginx-1.25.3/src/http/ngx_http_upstream.c -@@ -2563,7 +2563,11 @@ ngx_http_upstream_test_next(ngx_http_request_t *r, ngx_http_upstream_t *u) +diff --git a/bundle/nginx-1.27.1/src/http/ngx_http_upstream.c b/bundle/nginx-1.27.1/src/http/ngx_http_upstream.c +index 1c771bc..3445bf2 100644 +--- a/bundle/nginx-1.27.1/src/http/ngx_http_upstream.c ++++ b/bundle/nginx-1.27.1/src/http/ngx_http_upstream.c +@@ -2581,7 +2581,11 @@ ngx_http_upstream_test_next(ngx_http_request_t *r, ngx_http_upstream_t *u) } if (u->peer.tries > 1 @@ -14,7 +14,7 @@ index 2be233c..7f7132d 100644 && !(u->request_sent && r->request_body_no_buffering) && !(timeout && ngx_current_msec - u->peer.start_time >= timeout)) { -@@ -4420,7 +4424,12 @@ ngx_http_upstream_next(ngx_http_request_t *r, ngx_http_upstream_t *u, +@@ -4451,7 +4455,12 @@ ngx_http_upstream_next(ngx_http_request_t *r, ngx_http_upstream_t *u, } if (u->peer.tries == 0 diff --git a/build/openresty/patches/nginx-1.27.1_10-ssl-disable-h2-alpn.patch b/build/openresty/patches/nginx-1.27.1_10-ssl-disable-h2-alpn.patch new file mode 100644 index 00000000000..578b68f2b2c --- /dev/null +++ b/build/openresty/patches/nginx-1.27.1_10-ssl-disable-h2-alpn.patch @@ -0,0 +1,27 @@ +diff --git a/bundle/nginx-1.27.1/src/http/modules/ngx_http_ssl_module.c b/bundle/nginx-1.27.1/src/http/modules/ngx_http_ssl_module.c +index 1c92d9f..e8b873d 100644 +--- a/bundle/nginx-1.27.1/src/http/modules/ngx_http_ssl_module.c ++++ b/bundle/nginx-1.27.1/src/http/modules/ngx_http_ssl_module.c +@@ -8,6 +8,9 @@ + #include + #include + #include ++#if (NGX_HTTP_LUA_KONG) ++#include ++#endif + + #if (NGX_QUIC_OPENSSL_COMPAT) + #include +@@ -473,8 +476,11 @@ ngx_http_ssl_alpn_select(ngx_ssl_conn_t *ssl_conn, const unsigned char **out, + { + #if (NGX_HTTP_V2) + h2scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v2_module); +- ++#if (NGX_HTTP_LUA_KONG) ++ if(ngx_http_lua_kong_ssl_get_http2_alpn_enabled(c->ssl, h2scf->enable || hc->addr_conf->http2)) { ++#else + if (h2scf->enable || hc->addr_conf->http2) { ++#endif + srv = (unsigned char *) NGX_HTTP_V2_ALPN_PROTO NGX_HTTP_ALPN_PROTOS; + srvlen = sizeof(NGX_HTTP_V2_ALPN_PROTO NGX_HTTP_ALPN_PROTOS) - 1; + diff --git a/build/openresty/patches/nginx-1.25.3_09-refresh-uri-when-proxy-pass-balancer-recreate.patch b/build/openresty/patches/nginx-1.27.1_11-refresh-uri-when-proxy-pass-balancer-recreate.patch similarity index 75% rename from build/openresty/patches/nginx-1.25.3_09-refresh-uri-when-proxy-pass-balancer-recreate.patch rename to build/openresty/patches/nginx-1.27.1_11-refresh-uri-when-proxy-pass-balancer-recreate.patch index 16b9da26758..d2547cbd226 100644 --- a/build/openresty/patches/nginx-1.25.3_09-refresh-uri-when-proxy-pass-balancer-recreate.patch +++ b/build/openresty/patches/nginx-1.27.1_11-refresh-uri-when-proxy-pass-balancer-recreate.patch @@ -1,7 +1,7 @@ -diff --git a/bundle/nginx-1.25.3/src/http/modules/ngx_http_proxy_module.c b/bundle/nginx-1.25.3/src/http/modules/ngx_http_proxy_module.c +diff --git a/bundle/nginx-1.27.1/src/http/modules/ngx_http_proxy_module.c b/bundle/nginx-1.27.1/src/http/modules/ngx_http_proxy_module.c index 4eb6931..9d38e6b 100644 ---- a/bundle/nginx-1.25.3/src/http/modules/ngx_http_proxy_module.c -+++ b/bundle/nginx-1.25.3/src/http/modules/ngx_http_proxy_module.c +--- a/bundle/nginx-1.27.1/src/http/modules/ngx_http_proxy_module.c ++++ b/bundle/nginx-1.27.1/src/http/modules/ngx_http_proxy_module.c @@ -1277,6 +1277,22 @@ ngx_http_proxy_create_request(ngx_http_request_t *r) ctx = ngx_http_get_module_ctx(r, ngx_http_proxy_module); diff --git a/build/openresty/patches/nginx-1.27.1_12-fix-preread-bug.patch b/build/openresty/patches/nginx-1.27.1_12-fix-preread-bug.patch new file mode 100644 index 00000000000..9c8d6563262 --- /dev/null +++ b/build/openresty/patches/nginx-1.27.1_12-fix-preread-bug.patch @@ -0,0 +1,13 @@ +diff --git a/bundle/nginx-1.27.1/src/stream/ngx_stream_ssl_preread_module.c b/bundle/nginx-1.27.1/src/stream/ngx_stream_ssl_preread_module.c +index ed45c6f..7e65d65 100644 +--- a/bundle/nginx-1.27.1/src/stream/ngx_stream_ssl_preread_module.c ++++ b/bundle/nginx-1.27.1/src/stream/ngx_stream_ssl_preread_module.c +@@ -190,7 +190,7 @@ ngx_stream_ssl_preread_handler(ngx_stream_session_t *s) + } + + if (rc == NGX_OK) { +- return ngx_stream_ssl_preread_servername(s, &ctx->host); ++ rc = ngx_stream_ssl_preread_servername(s, &ctx->host); + } + + if (rc != NGX_AGAIN) { diff --git a/build/openresty/patches/ngx_lua-0.10.26_01-dyn_upstream_keepalive.patch b/build/openresty/patches/ngx_lua-0.10.26_01-dyn_upstream_keepalive.patch deleted file mode 100644 index 293fb3609e7..00000000000 --- a/build/openresty/patches/ngx_lua-0.10.26_01-dyn_upstream_keepalive.patch +++ /dev/null @@ -1,1194 +0,0 @@ -diff --git a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_balancer.c b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_balancer.c -index af4da733..407c115b 100644 ---- a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_balancer.c -+++ b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_balancer.c -@@ -16,46 +16,104 @@ - #include "ngx_http_lua_directive.h" - - -+typedef struct { -+ ngx_uint_t size; -+ ngx_uint_t connections; -+ -+ ngx_str_t cpool_name; -+ -+ lua_State *lua_vm; -+ -+ ngx_queue_t cache; -+ ngx_queue_t free; -+} ngx_http_lua_balancer_keepalive_pool_t; -+ -+ -+typedef struct { -+ ngx_queue_t queue; -+ ngx_connection_t *connection; -+ -+ ngx_http_lua_balancer_keepalive_pool_t *cpool; -+} ngx_http_lua_balancer_keepalive_item_t; -+ -+ - struct ngx_http_lua_balancer_peer_data_s { -- /* the round robin data must be first */ -- ngx_http_upstream_rr_peer_data_t rrp; -+ ngx_uint_t cpool_size; -+ ngx_uint_t keepalive_requests; -+ ngx_msec_t keepalive_timeout; -+ -+ ngx_uint_t more_tries; -+ ngx_uint_t total_tries; -+ -+ int last_peer_state; - -- ngx_http_lua_srv_conf_t *conf; -- ngx_http_request_t *request; -+ ngx_str_t cpool_name; - -- ngx_uint_t more_tries; -- ngx_uint_t total_tries; -+ void *data; - -- struct sockaddr *sockaddr; -- socklen_t socklen; -+ ngx_event_get_peer_pt original_get_peer; -+ ngx_event_free_peer_pt original_free_peer; -+ -+#if (NGX_HTTP_SSL) -+ ngx_event_set_peer_session_pt original_set_session; -+ ngx_event_save_peer_session_pt original_save_session; -+#endif - -- ngx_str_t *host; -- in_port_t port; -+ ngx_http_request_t *request; -+ ngx_http_lua_srv_conf_t *conf; -+ ngx_http_lua_balancer_keepalive_pool_t *cpool; - -- int last_peer_state; -+ ngx_str_t *host; -+ -+ struct sockaddr *sockaddr; -+ socklen_t socklen; -+ -+ unsigned keepalive:1; - - #if !(HAVE_NGX_UPSTREAM_TIMEOUT_FIELDS) -- unsigned cloned_upstream_conf; /* :1 */ -+ unsigned cloned_upstream_conf:1; - #endif - }; - - --#if (NGX_HTTP_SSL) --static ngx_int_t ngx_http_lua_balancer_set_session(ngx_peer_connection_t *pc, -- void *data); --static void ngx_http_lua_balancer_save_session(ngx_peer_connection_t *pc, -- void *data); --#endif -+static ngx_int_t ngx_http_lua_balancer_by_chunk(lua_State *L, -+ ngx_http_request_t *r); - static ngx_int_t ngx_http_lua_balancer_init(ngx_conf_t *cf, - ngx_http_upstream_srv_conf_t *us); - static ngx_int_t ngx_http_lua_balancer_init_peer(ngx_http_request_t *r, - ngx_http_upstream_srv_conf_t *us); - static ngx_int_t ngx_http_lua_balancer_get_peer(ngx_peer_connection_t *pc, - void *data); --static ngx_int_t ngx_http_lua_balancer_by_chunk(lua_State *L, -- ngx_http_request_t *r); - static void ngx_http_lua_balancer_free_peer(ngx_peer_connection_t *pc, - void *data, ngx_uint_t state); -+static ngx_int_t ngx_http_lua_balancer_create_keepalive_pool(lua_State *L, -+ ngx_log_t *log, ngx_str_t *cpool_name, ngx_uint_t cpool_size, -+ ngx_http_lua_balancer_keepalive_pool_t **cpool); -+static void ngx_http_lua_balancer_get_keepalive_pool(lua_State *L, -+ ngx_log_t *log, ngx_str_t *cpool_name, -+ ngx_http_lua_balancer_keepalive_pool_t **cpool); -+static void ngx_http_lua_balancer_free_keepalive_pool(ngx_log_t *log, -+ ngx_http_lua_balancer_keepalive_pool_t *cpool); -+static void ngx_http_lua_balancer_close(ngx_connection_t *c); -+static void ngx_http_lua_balancer_dummy_handler(ngx_event_t *ev); -+static void ngx_http_lua_balancer_close_handler(ngx_event_t *ev); -+#if (NGX_HTTP_SSL) -+static ngx_int_t ngx_http_lua_balancer_set_session(ngx_peer_connection_t *pc, -+ void *data); -+static void ngx_http_lua_balancer_save_session(ngx_peer_connection_t *pc, -+ void *data); -+#endif -+ -+ -+#define ngx_http_lua_balancer_keepalive_is_enabled(bp) \ -+ (bp->keepalive) -+ -+#define ngx_http_lua_balancer_peer_set(bp) \ -+ (bp->sockaddr && bp->socklen) -+ -+ -+static char ngx_http_lua_balancer_keepalive_pools_table_key; -+static struct sockaddr *ngx_http_lua_balancer_default_server_sockaddr; - - - ngx_int_t -@@ -102,6 +160,61 @@ ngx_http_lua_balancer_handler_inline(ngx_http_request_t *r, - } - - -+static ngx_int_t -+ngx_http_lua_balancer_by_chunk(lua_State *L, ngx_http_request_t *r) -+{ -+ u_char *err_msg; -+ size_t len; -+ ngx_int_t rc; -+ -+ /* init nginx context in Lua VM */ -+ ngx_http_lua_set_req(L, r); -+ -+#ifndef OPENRESTY_LUAJIT -+ ngx_http_lua_create_new_globals_table(L, 0 /* narr */, 1 /* nrec */); -+ -+ /* {{{ make new env inheriting main thread's globals table */ -+ lua_createtable(L, 0, 1 /* nrec */); /* the metatable for the new env */ -+ ngx_http_lua_get_globals_table(L); -+ lua_setfield(L, -2, "__index"); -+ lua_setmetatable(L, -2); /* setmetatable({}, {__index = _G}) */ -+ /* }}} */ -+ -+ lua_setfenv(L, -2); /* set new running env for the code closure */ -+#endif /* OPENRESTY_LUAJIT */ -+ -+ lua_pushcfunction(L, ngx_http_lua_traceback); -+ lua_insert(L, 1); /* put it under chunk and args */ -+ -+ /* protected call user code */ -+ rc = lua_pcall(L, 0, 1, 1); -+ -+ lua_remove(L, 1); /* remove traceback function */ -+ -+ dd("rc == %d", (int) rc); -+ -+ if (rc != 0) { -+ /* error occurred when running loaded code */ -+ err_msg = (u_char *) lua_tolstring(L, -1, &len); -+ -+ if (err_msg == NULL) { -+ err_msg = (u_char *) "unknown reason"; -+ len = sizeof("unknown reason") - 1; -+ } -+ -+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, -+ "failed to run balancer_by_lua*: %*s", len, err_msg); -+ -+ lua_settop(L, 0); /* clear remaining elems on stack */ -+ -+ return NGX_ERROR; -+ } -+ -+ lua_settop(L, 0); /* clear remaining elems on stack */ -+ return rc; -+} -+ -+ - char * - ngx_http_lua_balancer_by_lua_block(ngx_conf_t *cf, ngx_command_t *cmd, - void *conf) -@@ -125,18 +238,20 @@ char * - ngx_http_lua_balancer_by_lua(ngx_conf_t *cf, ngx_command_t *cmd, - void *conf) - { -- size_t chunkname_len; -- u_char *chunkname; -- u_char *cache_key = NULL; -- u_char *name; -- ngx_str_t *value; -- ngx_http_lua_srv_conf_t *lscf = conf; -- -+ size_t chunkname_len; -+ u_char *chunkname; -+ u_char *cache_key = NULL; -+ u_char *name; -+ ngx_str_t *value; -+ ngx_url_t url; - ngx_http_upstream_srv_conf_t *uscf; -+ ngx_http_upstream_server_t *us; -+ ngx_http_lua_srv_conf_t *lscf = conf; - - dd("enter"); - -- /* must specify a content handler */ -+ /* content handler setup */ -+ - if (cmd->post == NULL) { - return NGX_CONF_ERROR; - } -@@ -188,11 +303,42 @@ ngx_http_lua_balancer_by_lua(ngx_conf_t *cf, ngx_command_t *cmd, - - lscf->balancer.src_key = cache_key; - -+ /* balancer setup */ -+ - uscf = ngx_http_conf_get_module_srv_conf(cf, ngx_http_upstream_module); - -+ if (uscf->servers->nelts == 0) { -+ us = ngx_array_push(uscf->servers); -+ if (us == NULL) { -+ return NGX_CONF_ERROR; -+ } -+ -+ ngx_memzero(us, sizeof(ngx_http_upstream_server_t)); -+ ngx_memzero(&url, sizeof(ngx_url_t)); -+ -+ ngx_str_set(&url.url, "0.0.0.1"); -+ url.default_port = 80; -+ -+ if (ngx_parse_url(cf->pool, &url) != NGX_OK) { -+ return NGX_CONF_ERROR; -+ } -+ -+ us->name = url.url; -+ us->addrs = url.addrs; -+ us->naddrs = url.naddrs; -+ -+ ngx_http_lua_balancer_default_server_sockaddr = us->addrs[0].sockaddr; -+ } -+ - if (uscf->peer.init_upstream) { - ngx_conf_log_error(NGX_LOG_WARN, cf, 0, - "load balancing method redefined"); -+ -+ lscf->balancer.original_init_upstream = uscf->peer.init_upstream; -+ -+ } else { -+ lscf->balancer.original_init_upstream = -+ ngx_http_upstream_init_round_robin; - } - - uscf->peer.init_upstream = ngx_http_lua_balancer_init; -@@ -208,14 +354,18 @@ ngx_http_lua_balancer_by_lua(ngx_conf_t *cf, ngx_command_t *cmd, - - - static ngx_int_t --ngx_http_lua_balancer_init(ngx_conf_t *cf, -- ngx_http_upstream_srv_conf_t *us) -+ngx_http_lua_balancer_init(ngx_conf_t *cf, ngx_http_upstream_srv_conf_t *us) - { -- if (ngx_http_upstream_init_round_robin(cf, us) != NGX_OK) { -+ ngx_http_lua_srv_conf_t *lscf; -+ -+ lscf = ngx_http_conf_upstream_srv_conf(us, ngx_http_lua_module); -+ -+ if (lscf->balancer.original_init_upstream(cf, us) != NGX_OK) { - return NGX_ERROR; - } - -- /* this callback is called upon individual requests */ -+ lscf->balancer.original_init_peer = us->peer.init; -+ - us->peer.init = ngx_http_lua_balancer_init_peer; - - return NGX_OK; -@@ -226,33 +376,38 @@ static ngx_int_t - ngx_http_lua_balancer_init_peer(ngx_http_request_t *r, - ngx_http_upstream_srv_conf_t *us) - { -- ngx_http_lua_srv_conf_t *bcf; -+ ngx_http_lua_srv_conf_t *lscf; - ngx_http_lua_balancer_peer_data_t *bp; - -- bp = ngx_pcalloc(r->pool, sizeof(ngx_http_lua_balancer_peer_data_t)); -- if (bp == NULL) { -+ lscf = ngx_http_conf_upstream_srv_conf(us, ngx_http_lua_module); -+ -+ if (lscf->balancer.original_init_peer(r, us) != NGX_OK) { - return NGX_ERROR; - } - -- r->upstream->peer.data = &bp->rrp; -- -- if (ngx_http_upstream_init_round_robin_peer(r, us) != NGX_OK) { -+ bp = ngx_pcalloc(r->pool, sizeof(ngx_http_lua_balancer_peer_data_t)); -+ if (bp == NULL) { - return NGX_ERROR; - } - -+ bp->conf = lscf; -+ bp->request = r; -+ bp->data = r->upstream->peer.data; -+ bp->original_get_peer = r->upstream->peer.get; -+ bp->original_free_peer = r->upstream->peer.free; -+ -+ r->upstream->peer.data = bp; - r->upstream->peer.get = ngx_http_lua_balancer_get_peer; - r->upstream->peer.free = ngx_http_lua_balancer_free_peer; - - #if (NGX_HTTP_SSL) -+ bp->original_set_session = r->upstream->peer.set_session; -+ bp->original_save_session = r->upstream->peer.save_session; -+ - r->upstream->peer.set_session = ngx_http_lua_balancer_set_session; - r->upstream->peer.save_session = ngx_http_lua_balancer_save_session; - #endif - -- bcf = ngx_http_conf_upstream_srv_conf(us, ngx_http_lua_module); -- -- bp->conf = bcf; -- bp->request = r; -- - return NGX_OK; - } - -@@ -260,25 +415,26 @@ ngx_http_lua_balancer_init_peer(ngx_http_request_t *r, - static ngx_int_t - ngx_http_lua_balancer_get_peer(ngx_peer_connection_t *pc, void *data) - { -- lua_State *L; -- ngx_int_t rc; -- ngx_http_request_t *r; -- ngx_http_lua_ctx_t *ctx; -- ngx_http_lua_srv_conf_t *lscf; -- ngx_http_lua_main_conf_t *lmcf; -- ngx_http_lua_balancer_peer_data_t *bp = data; -+ lua_State *L; -+ ngx_int_t rc; -+ ngx_queue_t *q; -+ ngx_connection_t *c; -+ ngx_http_request_t *r; -+ ngx_http_lua_ctx_t *ctx; -+ ngx_http_lua_srv_conf_t *lscf; -+ ngx_http_lua_balancer_keepalive_item_t *item; -+ ngx_http_lua_balancer_peer_data_t *bp = data; -+ void *pdata; - - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, -- "lua balancer peer, tries: %ui", pc->tries); -- -- lscf = bp->conf; -+ "lua balancer: get peer, tries: %ui", pc->tries); - - r = bp->request; -+ lscf = bp->conf; - - ngx_http_lua_assert(lscf->balancer.handler && r); - - ctx = ngx_http_get_module_ctx(r, ngx_http_lua_module); -- - if (ctx == NULL) { - ctx = ngx_http_lua_create_ctx(r); - if (ctx == NULL) { -@@ -296,21 +452,23 @@ ngx_http_lua_balancer_get_peer(ngx_peer_connection_t *pc, void *data) - - ctx->context = NGX_HTTP_LUA_CONTEXT_BALANCER; - -+ bp->cpool = NULL; - bp->sockaddr = NULL; - bp->socklen = 0; - bp->more_tries = 0; -+ bp->cpool_size = 0; -+ bp->keepalive_requests = 0; -+ bp->keepalive_timeout = 0; -+ bp->keepalive = 0; - bp->total_tries++; - -- lmcf = ngx_http_get_module_main_conf(r, ngx_http_lua_module); -- -- /* balancer_by_lua does not support yielding and -- * there cannot be any conflicts among concurrent requests, -- * thus it is safe to store the peer data in the main conf. -- */ -- lmcf->balancer_peer_data = bp; -+ pdata = r->upstream->peer.data; -+ r->upstream->peer.data = bp; - - rc = lscf->balancer.handler(r, lscf, L); - -+ r->upstream->peer.data = pdata; -+ - if (rc == NGX_ERROR) { - return NGX_ERROR; - } -@@ -332,79 +490,88 @@ ngx_http_lua_balancer_get_peer(ngx_peer_connection_t *pc, void *data) - } - } - -- if (bp->sockaddr && bp->socklen) { -+ if (ngx_http_lua_balancer_peer_set(bp)) { - pc->sockaddr = bp->sockaddr; - pc->socklen = bp->socklen; -+ pc->name = bp->host; - pc->cached = 0; - pc->connection = NULL; -- pc->name = bp->host; -- -- bp->rrp.peers->single = 0; - - if (bp->more_tries) { - r->upstream->peer.tries += bp->more_tries; - } - -- dd("tries: %d", (int) r->upstream->peer.tries); -- -- return NGX_OK; -- } -- -- return ngx_http_upstream_get_round_robin_peer(pc, &bp->rrp); --} -+ if (ngx_http_lua_balancer_keepalive_is_enabled(bp)) { -+ ngx_http_lua_balancer_get_keepalive_pool(L, pc->log, -+ &bp->cpool_name, -+ &bp->cpool); - -+ if (bp->cpool == NULL -+ && ngx_http_lua_balancer_create_keepalive_pool(L, pc->log, -+ &bp->cpool_name, -+ bp->cpool_size, -+ &bp->cpool) -+ != NGX_OK) -+ { -+ return NGX_ERROR; -+ } - --static ngx_int_t --ngx_http_lua_balancer_by_chunk(lua_State *L, ngx_http_request_t *r) --{ -- u_char *err_msg; -- size_t len; -- ngx_int_t rc; -+ ngx_http_lua_assert(bp->cpool); - -- /* init nginx context in Lua VM */ -- ngx_http_lua_set_req(L, r); -+ if (!ngx_queue_empty(&bp->cpool->cache)) { -+ q = ngx_queue_head(&bp->cpool->cache); - --#ifndef OPENRESTY_LUAJIT -- ngx_http_lua_create_new_globals_table(L, 0 /* narr */, 1 /* nrec */); -+ item = ngx_queue_data(q, ngx_http_lua_balancer_keepalive_item_t, -+ queue); -+ c = item->connection; - -- /* {{{ make new env inheriting main thread's globals table */ -- lua_createtable(L, 0, 1 /* nrec */); /* the metatable for the new env */ -- ngx_http_lua_get_globals_table(L); -- lua_setfield(L, -2, "__index"); -- lua_setmetatable(L, -2); /* setmetatable({}, {__index = _G}) */ -- /* }}} */ -+ ngx_queue_remove(q); -+ ngx_queue_insert_head(&bp->cpool->free, q); - -- lua_setfenv(L, -2); /* set new running env for the code closure */ --#endif /* OPENRESTY_LUAJIT */ -+ c->idle = 0; -+ c->sent = 0; -+ c->log = pc->log; -+ c->read->log = pc->log; -+ c->write->log = pc->log; -+ c->pool->log = pc->log; - -- lua_pushcfunction(L, ngx_http_lua_traceback); -- lua_insert(L, 1); /* put it under chunk and args */ -+ if (c->read->timer_set) { -+ ngx_del_timer(c->read); -+ } - -- /* protected call user code */ -- rc = lua_pcall(L, 0, 1, 1); -+ pc->cached = 1; -+ pc->connection = c; - -- lua_remove(L, 1); /* remove traceback function */ -+ ngx_log_debug3(NGX_LOG_DEBUG_HTTP, pc->log, 0, -+ "lua balancer: keepalive reusing connection %p, " -+ "requests: %ui, cpool: %p", -+ c, c->requests, bp->cpool); - -- dd("rc == %d", (int) rc); -+ return NGX_DONE; -+ } - -- if (rc != 0) { -- /* error occurred when running loaded code */ -- err_msg = (u_char *) lua_tolstring(L, -1, &len); -+ bp->cpool->connections++; - -- if (err_msg == NULL) { -- err_msg = (u_char *) "unknown reason"; -- len = sizeof("unknown reason") - 1; -+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, -+ "lua balancer: keepalive no free connection, " -+ "cpool: %p", bp->cpool); - } - -- ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, -- "failed to run balancer_by_lua*: %*s", len, err_msg); -+ return NGX_OK; -+ } - -- lua_settop(L, 0); /* clear remaining elems on stack */ -+ rc = bp->original_get_peer(pc, bp->data); -+ if (rc == NGX_ERROR) { -+ return rc; -+ } -+ -+ if (pc->sockaddr == ngx_http_lua_balancer_default_server_sockaddr) { -+ ngx_log_error(NGX_LOG_ERR, pc->log, 0, -+ "lua balancer: no peer set"); - - return NGX_ERROR; - } - -- lua_settop(L, 0); /* clear remaining elems on stack */ - return rc; - } - -@@ -413,24 +580,354 @@ static void - ngx_http_lua_balancer_free_peer(ngx_peer_connection_t *pc, void *data, - ngx_uint_t state) - { -- ngx_http_lua_balancer_peer_data_t *bp = data; -+ ngx_queue_t *q; -+ ngx_connection_t *c; -+ ngx_http_upstream_t *u; -+ ngx_http_lua_balancer_keepalive_item_t *item; -+ ngx_http_lua_balancer_keepalive_pool_t *cpool; -+ ngx_http_lua_balancer_peer_data_t *bp = data; - - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, -- "lua balancer free peer, tries: %ui", pc->tries); -+ "lua balancer: free peer, tries: %ui", pc->tries); -+ -+ u = bp->request->upstream; -+ c = pc->connection; - -- if (bp->sockaddr && bp->socklen) { -+ if (ngx_http_lua_balancer_peer_set(bp)) { - bp->last_peer_state = (int) state; - - if (pc->tries) { - pc->tries--; - } - -+ if (ngx_http_lua_balancer_keepalive_is_enabled(bp)) { -+ cpool = bp->cpool; -+ -+ if (state & NGX_PEER_FAILED -+ || c == NULL -+ || c->read->eof -+ || c->read->error -+ || c->read->timedout -+ || c->write->error -+ || c->write->timedout) -+ { -+ goto invalid; -+ } -+ -+ if (bp->keepalive_requests -+ && c->requests >= bp->keepalive_requests) -+ { -+ goto invalid; -+ } -+ -+ if (!u->keepalive) { -+ goto invalid; -+ } -+ -+ if (!u->request_body_sent) { -+ goto invalid; -+ } -+ -+ if (ngx_terminate || ngx_exiting) { -+ goto invalid; -+ } -+ -+ if (ngx_handle_read_event(c->read, 0) != NGX_OK) { -+ goto invalid; -+ } -+ -+ if (ngx_queue_empty(&cpool->free)) { -+ q = ngx_queue_last(&cpool->cache); -+ ngx_queue_remove(q); -+ -+ item = ngx_queue_data(q, ngx_http_lua_balancer_keepalive_item_t, -+ queue); -+ -+ ngx_http_lua_balancer_close(item->connection); -+ -+ } else { -+ q = ngx_queue_head(&cpool->free); -+ ngx_queue_remove(q); -+ -+ item = ngx_queue_data(q, ngx_http_lua_balancer_keepalive_item_t, -+ queue); -+ } -+ -+ ngx_log_debug3(NGX_LOG_DEBUG_HTTP, pc->log, 0, -+ "lua balancer: keepalive saving connection %p, " -+ "cpool: %p, connections: %ui", -+ c, cpool, cpool->connections); -+ -+ ngx_queue_insert_head(&cpool->cache, q); -+ -+ item->connection = c; -+ -+ pc->connection = NULL; -+ -+ if (bp->keepalive_timeout) { -+ c->read->delayed = 0; -+ ngx_add_timer(c->read, bp->keepalive_timeout); -+ -+ } else if (c->read->timer_set) { -+ ngx_del_timer(c->read); -+ } -+ -+ if (c->write->timer_set) { -+ ngx_del_timer(c->write); -+ } -+ -+ c->write->handler = ngx_http_lua_balancer_dummy_handler; -+ c->read->handler = ngx_http_lua_balancer_close_handler; -+ -+ c->data = item; -+ c->idle = 1; -+ c->log = ngx_cycle->log; -+ c->read->log = ngx_cycle->log; -+ c->write->log = ngx_cycle->log; -+ c->pool->log = ngx_cycle->log; -+ -+ if (c->read->ready) { -+ ngx_http_lua_balancer_close_handler(c->read); -+ } -+ -+ return; -+ -+invalid: -+ -+ cpool->connections--; -+ -+ ngx_log_debug3(NGX_LOG_DEBUG_HTTP, pc->log, 0, -+ "lua balancer: keepalive not saving connection %p, " -+ "cpool: %p, connections: %ui", -+ c, cpool, cpool->connections); -+ -+ if (cpool->connections == 0) { -+ ngx_http_lua_balancer_free_keepalive_pool(pc->log, cpool); -+ } -+ } -+ -+ return; -+ } -+ -+ bp->original_free_peer(pc, bp->data, state); -+} -+ -+ -+static ngx_int_t -+ngx_http_lua_balancer_create_keepalive_pool(lua_State *L, ngx_log_t *log, -+ ngx_str_t *cpool_name, ngx_uint_t cpool_size, -+ ngx_http_lua_balancer_keepalive_pool_t **cpool) -+{ -+ size_t size; -+ ngx_uint_t i; -+ ngx_http_lua_balancer_keepalive_pool_t *upool; -+ ngx_http_lua_balancer_keepalive_item_t *items; -+ -+ /* get upstream connection pools table */ -+ lua_pushlightuserdata(L, ngx_http_lua_lightudata_mask( -+ balancer_keepalive_pools_table_key)); -+ lua_rawget(L, LUA_REGISTRYINDEX); /* pools? */ -+ -+ ngx_http_lua_assert(lua_istable(L, -1)); -+ -+ lua_pushlstring(L, (const char *)cpool_name->data, cpool_name->len); -+ -+ size = sizeof(ngx_http_lua_balancer_keepalive_pool_t) + -+ sizeof(ngx_http_lua_balancer_keepalive_item_t) * cpool_size; -+ -+ upool = lua_newuserdata(L, size + cpool_name->len); /* pools upool */ -+ if (upool == NULL) { -+ return NGX_ERROR; -+ } -+ -+ ngx_log_debug2(NGX_LOG_DEBUG_HTTP, log, 0, -+ "lua balancer: keepalive create pool, " -+ "name: %V, size: %ui", -+ cpool_name, cpool_size); -+ -+ upool->lua_vm = L; -+ upool->size = cpool_size; -+ upool->connections = 0; -+ -+ upool->cpool_name.len = cpool_name->len; -+ upool->cpool_name.data = (u_char *)(upool) + size; -+ ngx_memcpy(upool->cpool_name.data, cpool_name->data, cpool_name->len); -+ -+ ngx_queue_init(&upool->cache); -+ ngx_queue_init(&upool->free); -+ -+ lua_rawset(L, -3); /* pools */ -+ lua_pop(L, 1); /* orig stack */ -+ -+ items = (ngx_http_lua_balancer_keepalive_item_t *) (&upool->free + 1); -+ -+ -+ -+ for (i = 0; i < cpool_size; i++) { -+ ngx_queue_insert_head(&upool->free, &items[i].queue); -+ items[i].cpool = upool; -+ } -+ -+ *cpool = upool; -+ -+ return NGX_OK; -+} -+ -+ -+static void -+ngx_http_lua_balancer_get_keepalive_pool(lua_State *L, -+ ngx_log_t *log, ngx_str_t *cpool_name, -+ ngx_http_lua_balancer_keepalive_pool_t **cpool) -+{ -+ ngx_http_lua_balancer_keepalive_pool_t *upool; -+ -+ /* get upstream connection pools table */ -+ lua_pushlightuserdata(L, ngx_http_lua_lightudata_mask( -+ balancer_keepalive_pools_table_key)); -+ lua_rawget(L, LUA_REGISTRYINDEX); /* pools? */ -+ -+ if (lua_isnil(L, -1)) { -+ lua_pop(L, 1); /* orig stack */ -+ -+ /* create upstream connection pools table */ -+ lua_createtable(L, 0, 0); /* pools */ -+ lua_pushlightuserdata(L, ngx_http_lua_lightudata_mask( -+ balancer_keepalive_pools_table_key)); -+ lua_pushvalue(L, -2); /* pools pools_table_key pools */ -+ lua_rawset(L, LUA_REGISTRYINDEX); /* pools */ -+ } -+ -+ ngx_http_lua_assert(lua_istable(L, -1)); -+ -+ lua_pushlstring(L, (const char *)cpool_name->data, cpool_name->len); -+ lua_rawget(L, -2); -+ -+ upool = lua_touserdata(L, -1); -+ lua_pop(L, 2); /* orig stack */ -+ -+ ngx_log_debug2(NGX_LOG_DEBUG_HTTP, log, 0, -+ "lua balancer: keepalive get pool, " -+ "name: %V, cpool: %p", -+ cpool_name, upool); -+ -+ *cpool = upool; -+} -+ -+ -+static void -+ngx_http_lua_balancer_free_keepalive_pool(ngx_log_t *log, -+ ngx_http_lua_balancer_keepalive_pool_t *cpool) -+{ -+ lua_State *L; -+ -+ ngx_http_lua_assert(cpool->connections == 0); -+ -+ L = cpool->lua_vm; -+ -+ /* get upstream connection pools table */ -+ lua_pushlightuserdata(L, ngx_http_lua_lightudata_mask( -+ balancer_keepalive_pools_table_key)); -+ lua_rawget(L, LUA_REGISTRYINDEX); /* pools? */ -+ -+ if (lua_isnil(L, -1)) { -+ lua_pop(L, 1); /* orig stack */ -+ return; -+ } -+ -+ ngx_http_lua_assert(lua_istable(L, -1)); -+ -+ lua_pushlstring(L, (const char *)cpool->cpool_name.data, cpool->cpool_name.len); -+ lua_pushnil(L); /* pools nil */ -+ lua_rawset(L, -3); /* pools */ -+ -+ ngx_log_debug2(NGX_LOG_DEBUG_HTTP, log, 0, -+ "lua balancer: keepalive free pool, " -+ "name: %V, cpool: %p", -+ &cpool->cpool_name, cpool); -+ -+ lua_pop(L, 1); /* orig stack */ -+} -+ -+ -+static void -+ngx_http_lua_balancer_close(ngx_connection_t *c) -+{ -+ ngx_http_lua_balancer_keepalive_item_t *item; -+ -+ item = c->data; -+ -+#if (NGX_HTTP_SSL) -+ if (c->ssl) { -+ c->ssl->no_wait_shutdown = 1; -+ c->ssl->no_send_shutdown = 1; -+ -+ if (ngx_ssl_shutdown(c) == NGX_AGAIN) { -+ c->ssl->handler = ngx_http_lua_balancer_close; -+ return; -+ } -+ } -+#endif -+ -+ ngx_destroy_pool(c->pool); -+ ngx_close_connection(c); -+ -+ item->cpool->connections--; -+ -+ ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0, -+ "lua balancer: keepalive closing connection %p, cpool: %p, " -+ "connections: %ui", -+ c, item->cpool, item->cpool->connections); -+} -+ -+ -+static void -+ngx_http_lua_balancer_dummy_handler(ngx_event_t *ev) -+{ -+ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, ev->log, 0, -+ "lua balancer: dummy handler"); -+} -+ -+ -+static void -+ngx_http_lua_balancer_close_handler(ngx_event_t *ev) -+{ -+ ngx_http_lua_balancer_keepalive_item_t *item; -+ -+ int n; -+ char buf[1]; -+ ngx_connection_t *c; -+ -+ c = ev->data; -+ -+ if (c->close || c->read->timedout) { -+ goto close; -+ } -+ -+ n = recv(c->fd, buf, 1, MSG_PEEK); -+ -+ if (n == -1 && ngx_socket_errno == NGX_EAGAIN) { -+ ev->ready = 0; -+ -+ if (ngx_handle_read_event(c->read, 0) != NGX_OK) { -+ goto close; -+ } -+ - return; - } - -- /* fallback */ -+close: -+ -+ item = c->data; -+ c->log = ev->log; - -- ngx_http_upstream_free_round_robin_peer(pc, data, state); -+ ngx_http_lua_balancer_close(c); -+ -+ ngx_queue_remove(&item->queue); -+ ngx_queue_insert_head(&item->cpool->free, &item->queue); -+ -+ if (item->cpool->connections == 0) { -+ ngx_http_lua_balancer_free_keepalive_pool(ev->log, item->cpool); -+ } - } - - -@@ -441,12 +938,12 @@ ngx_http_lua_balancer_set_session(ngx_peer_connection_t *pc, void *data) - { - ngx_http_lua_balancer_peer_data_t *bp = data; - -- if (bp->sockaddr && bp->socklen) { -+ if (ngx_http_lua_balancer_peer_set(bp)) { - /* TODO */ - return NGX_OK; - } - -- return ngx_http_upstream_set_round_robin_peer_session(pc, &bp->rrp); -+ return bp->original_set_session(pc, bp->data); - } - - -@@ -455,13 +952,12 @@ ngx_http_lua_balancer_save_session(ngx_peer_connection_t *pc, void *data) - { - ngx_http_lua_balancer_peer_data_t *bp = data; - -- if (bp->sockaddr && bp->socklen) { -+ if (ngx_http_lua_balancer_peer_set(bp)) { - /* TODO */ - return; - } - -- ngx_http_upstream_save_round_robin_peer_session(pc, &bp->rrp); -- return; -+ bp->original_save_session(pc, bp->data); - } - - #endif -@@ -469,14 +965,14 @@ ngx_http_lua_balancer_save_session(ngx_peer_connection_t *pc, void *data) - - int - ngx_http_lua_ffi_balancer_set_current_peer(ngx_http_request_t *r, -- const u_char *addr, size_t addr_len, int port, char **err) -+ const u_char *addr, size_t addr_len, int port, -+ const u_char *cpool_name, size_t cpool_name_len, -+ unsigned int cpool_size, char **err) - { -- ngx_url_t url; -- ngx_http_lua_ctx_t *ctx; -- ngx_http_upstream_t *u; -- -- ngx_http_lua_main_conf_t *lmcf; -- ngx_http_lua_balancer_peer_data_t *bp; -+ ngx_url_t url; -+ ngx_http_upstream_t *u; -+ ngx_http_lua_ctx_t *ctx; -+ ngx_http_lua_balancer_peer_data_t *bp; - - if (r == NULL) { - *err = "no request found"; -@@ -501,18 +997,6 @@ ngx_http_lua_ffi_balancer_set_current_peer(ngx_http_request_t *r, - return NGX_ERROR; - } - -- lmcf = ngx_http_get_module_main_conf(r, ngx_http_lua_module); -- -- /* we cannot read r->upstream->peer.data here directly because -- * it could be overridden by other modules like -- * ngx_http_upstream_keepalive_module. -- */ -- bp = lmcf->balancer_peer_data; -- if (bp == NULL) { -- *err = "no upstream peer data found"; -- return NGX_ERROR; -- } -- - ngx_memzero(&url, sizeof(ngx_url_t)); - - url.url.data = ngx_palloc(r->pool, addr_len); -@@ -536,6 +1020,8 @@ ngx_http_lua_ffi_balancer_set_current_peer(ngx_http_request_t *r, - return NGX_ERROR; - } - -+ bp = (ngx_http_lua_balancer_peer_data_t *) u->peer.data; -+ - if (url.addrs && url.addrs[0].sockaddr) { - bp->sockaddr = url.addrs[0].sockaddr; - bp->socklen = url.addrs[0].socklen; -@@ -546,6 +1032,72 @@ ngx_http_lua_ffi_balancer_set_current_peer(ngx_http_request_t *r, - return NGX_ERROR; - } - -+ if (cpool_name_len == 0) { -+ bp->cpool_name = *bp->host; -+ -+ } else { -+ bp->cpool_name.data = ngx_palloc(r->pool, cpool_name_len); -+ if (bp->cpool_name.data == NULL) { -+ *err = "no memory"; -+ return NGX_ERROR; -+ } -+ -+ ngx_memcpy(bp->cpool_name.data, cpool_name, cpool_name_len); -+ bp->cpool_name.len = cpool_name_len; -+ } -+ -+ bp->cpool_size = (ngx_uint_t) cpool_size; -+ -+ return NGX_OK; -+} -+ -+ -+int -+ngx_http_lua_ffi_balancer_enable_keepalive(ngx_http_request_t *r, -+ unsigned long timeout, unsigned int max_requests, char **err) -+{ -+ ngx_http_upstream_t *u; -+ ngx_http_lua_ctx_t *ctx; -+ ngx_http_lua_balancer_peer_data_t *bp; -+ -+ if (r == NULL) { -+ *err = "no request found"; -+ return NGX_ERROR; -+ } -+ -+ u = r->upstream; -+ -+ if (u == NULL) { -+ *err = "no upstream found"; -+ return NGX_ERROR; -+ } -+ -+ ctx = ngx_http_get_module_ctx(r, ngx_http_lua_module); -+ if (ctx == NULL) { -+ *err = "no ctx found"; -+ return NGX_ERROR; -+ } -+ -+ if ((ctx->context & NGX_HTTP_LUA_CONTEXT_BALANCER) == 0) { -+ *err = "API disabled in the current context"; -+ return NGX_ERROR; -+ } -+ -+ bp = (ngx_http_lua_balancer_peer_data_t *) u->peer.data; -+ -+ if (!ngx_http_lua_balancer_peer_set(bp)) { -+ *err = "no current peer set"; -+ return NGX_ERROR; -+ } -+ -+ if (!bp->cpool_name.data) { -+ bp->cpool_name = *bp->host; -+ } -+ -+ bp->keepalive_timeout = (ngx_msec_t) timeout; -+ bp->keepalive_requests = (ngx_uint_t) max_requests; -+ bp->keepalive = 1; -+ - return NGX_OK; - } - -@@ -555,14 +1107,13 @@ ngx_http_lua_ffi_balancer_set_timeouts(ngx_http_request_t *r, - long connect_timeout, long send_timeout, long read_timeout, - char **err) - { -- ngx_http_lua_ctx_t *ctx; -- ngx_http_upstream_t *u; -+ ngx_http_lua_ctx_t *ctx; -+ ngx_http_upstream_t *u; - - #if !(HAVE_NGX_UPSTREAM_TIMEOUT_FIELDS) - ngx_http_upstream_conf_t *ucf; --#endif -- ngx_http_lua_main_conf_t *lmcf; - ngx_http_lua_balancer_peer_data_t *bp; -+#endif - - if (r == NULL) { - *err = "no request found"; -@@ -587,15 +1138,9 @@ ngx_http_lua_ffi_balancer_set_timeouts(ngx_http_request_t *r, - return NGX_ERROR; - } - -- lmcf = ngx_http_get_module_main_conf(r, ngx_http_lua_module); -- -- bp = lmcf->balancer_peer_data; -- if (bp == NULL) { -- *err = "no upstream peer data found"; -- return NGX_ERROR; -- } -- - #if !(HAVE_NGX_UPSTREAM_TIMEOUT_FIELDS) -+ bp = (ngx_http_lua_balancer_peer_data_t *) u->peer.data; -+ - if (!bp->cloned_upstream_conf) { - /* we clone the upstream conf for the current request so that - * we do not affect other requests at all. */ -@@ -650,12 +1195,10 @@ ngx_http_lua_ffi_balancer_set_more_tries(ngx_http_request_t *r, - int count, char **err) - { - #if (nginx_version >= 1007005) -- ngx_uint_t max_tries, total; -+ ngx_uint_t max_tries, total; - #endif -- ngx_http_lua_ctx_t *ctx; -- ngx_http_upstream_t *u; -- -- ngx_http_lua_main_conf_t *lmcf; -+ ngx_http_lua_ctx_t *ctx; -+ ngx_http_upstream_t *u; - ngx_http_lua_balancer_peer_data_t *bp; - - if (r == NULL) { -@@ -681,13 +1224,7 @@ ngx_http_lua_ffi_balancer_set_more_tries(ngx_http_request_t *r, - return NGX_ERROR; - } - -- lmcf = ngx_http_get_module_main_conf(r, ngx_http_lua_module); -- -- bp = lmcf->balancer_peer_data; -- if (bp == NULL) { -- *err = "no upstream peer data found"; -- return NGX_ERROR; -- } -+ bp = (ngx_http_lua_balancer_peer_data_t *) u->peer.data; - - #if (nginx_version >= 1007005) - max_tries = r->upstream->conf->next_upstream_tries; -@@ -713,12 +1250,10 @@ int - ngx_http_lua_ffi_balancer_get_last_failure(ngx_http_request_t *r, - int *status, char **err) - { -- ngx_http_lua_ctx_t *ctx; -- ngx_http_upstream_t *u; -- ngx_http_upstream_state_t *state; -- -+ ngx_http_lua_ctx_t *ctx; -+ ngx_http_upstream_t *u; -+ ngx_http_upstream_state_t *state; - ngx_http_lua_balancer_peer_data_t *bp; -- ngx_http_lua_main_conf_t *lmcf; - - if (r == NULL) { - *err = "no request found"; -@@ -743,13 +1278,7 @@ ngx_http_lua_ffi_balancer_get_last_failure(ngx_http_request_t *r, - return NGX_ERROR; - } - -- lmcf = ngx_http_get_module_main_conf(r, ngx_http_lua_module); -- -- bp = lmcf->balancer_peer_data; -- if (bp == NULL) { -- *err = "no upstream peer data found"; -- return NGX_ERROR; -- } -+ bp = (ngx_http_lua_balancer_peer_data_t *) u->peer.data; - - if (r->upstream_states && r->upstream_states->nelts > 1) { - state = r->upstream_states->elts; -diff --git a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_common.h b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_common.h -index 4c946297..bec484e1 100644 ---- a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_common.h -+++ b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_common.h -@@ -258,13 +258,6 @@ struct ngx_http_lua_main_conf_s { - ngx_str_t exit_worker_src; - u_char *exit_worker_chunkname; - -- ngx_http_lua_balancer_peer_data_t *balancer_peer_data; -- /* neither yielding nor recursion is possible in -- * balancer_by_lua*, so there cannot be any races among -- * concurrent requests and it is safe to store the peer -- * data pointer in the main conf. -- */ -- - ngx_chain_t *body_filter_chain; - /* neither yielding nor recursion is possible in - * body_filter_by_lua*, so there cannot be any races among -@@ -359,6 +352,10 @@ union ngx_http_lua_srv_conf_u { - } srv; - - struct { -+ ngx_http_upstream_init_pt original_init_upstream; -+ ngx_http_upstream_init_peer_pt original_init_peer; -+ uintptr_t data; -+ - ngx_http_lua_srv_conf_handler_pt handler; - ngx_str_t src; - u_char *src_key; -diff --git a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_module.c b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_module.c -index fb10bf93..c2f085be 100644 ---- a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_module.c -+++ b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_module.c -@@ -1188,6 +1188,9 @@ ngx_http_lua_create_srv_conf(ngx_conf_t *cf) - * lscf->srv.ssl_sess_fetch_chunkname = NULL; - * lscf->srv.ssl_sess_fetch_src_key = NULL; - * -+ * lscf->balancer.original_init_upstream = NULL; -+ * lscf->balancer.original_init_peer = NULL; -+ * lscf->balancer.data = NULL; - * lscf->balancer.handler = NULL; - * lscf->balancer.src = { 0, NULL }; - * lscf->balancer.chunkname = NULL; diff --git a/build/openresty/patches/ngx_lua-0.10.26_01-ssl-disable-h2-alpn.patch b/build/openresty/patches/ngx_lua-0.10.26_01-ssl-disable-h2-alpn.patch deleted file mode 100644 index a5e7cf0a655..00000000000 --- a/build/openresty/patches/ngx_lua-0.10.26_01-ssl-disable-h2-alpn.patch +++ /dev/null @@ -1,41 +0,0 @@ -diff --git a/bundle/nginx-1.25.3/src/http/modules/ngx_http_ssl_module.c b/bundle/nginx-1.25.3/src/http/modules/ngx_http_ssl_module.c -index 1c92d9f..232a279 100644 ---- a/bundle/nginx-1.25.3/src/http/modules/ngx_http_ssl_module.c -+++ b/bundle/nginx-1.25.3/src/http/modules/ngx_http_ssl_module.c -@@ -8,6 +8,9 @@ - #include - #include - #include -+#if (NGX_HTTP_LUA_KONG) -+#include -+#endif - - #if (NGX_QUIC_OPENSSL_COMPAT) - #include -@@ -473,8 +476,11 @@ ngx_http_ssl_alpn_select(ngx_ssl_conn_t *ssl_conn, const unsigned char **out, - { - #if (NGX_HTTP_V2) - h2scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v2_module); -- -+#if (NGX_HTTP_LUA_KONG) -+ if(ngx_http_lua_kong_ssl_get_http2_alpn_enabled(c->ssl, h2scf->enable || hc->addr_conf->http2)) { -+#else - if (h2scf->enable || hc->addr_conf->http2) { -+#endif - srv = (unsigned char *) NGX_HTTP_V2_ALPN_PROTO NGX_HTTP_ALPN_PROTOS; - srvlen = sizeof(NGX_HTTP_V2_ALPN_PROTO NGX_HTTP_ALPN_PROTOS) - 1; - -diff --git a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_ssl.h b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_ssl.h -index 3d577c6..aa20f03 100644 ---- a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_ssl.h -+++ b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_ssl.h -@@ -38,6 +38,9 @@ typedef struct { - unsigned entered_client_hello_handler:1; - unsigned entered_cert_handler:1; - unsigned entered_sess_fetch_handler:1; -+#if (NGX_HTTP_LUA_KONG) -+ unsigned disable_http2_alpn:1; -+#endif - } ngx_http_lua_ssl_ctx_t; - - diff --git a/build/openresty/patches/ngx_lua-0.10.26_03-regex-memory-corruption.patch b/build/openresty/patches/ngx_lua-0.10.26_03-regex-memory-corruption.patch deleted file mode 100644 index 7de60af5e0d..00000000000 --- a/build/openresty/patches/ngx_lua-0.10.26_03-regex-memory-corruption.patch +++ /dev/null @@ -1,77 +0,0 @@ -diff --git a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_regex.c b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_regex.c -index 1b52fa2..646b483 100644 ---- a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_regex.c -+++ b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_regex.c -@@ -591,7 +591,11 @@ ngx_http_lua_ffi_compile_regex(const unsigned char *pat, size_t pat_len, - re_comp.captures = 0; - - } else { -+#if (NGX_PCRE2) -+ ovecsize = (re_comp.captures + 1) * 2; -+#else - ovecsize = (re_comp.captures + 1) * 3; -+#endif - } - - dd("allocating cap with size: %d", (int) ovecsize); -@@ -684,21 +688,21 @@ ngx_http_lua_ffi_exec_regex(ngx_http_lua_regex_t *re, int flags, - { - int rc, exec_opts = 0; - size_t *ov; -- ngx_uint_t ovecsize, n, i; -+ ngx_uint_t ovecpair, n, i; - ngx_pool_t *old_pool; - - if (flags & NGX_LUA_RE_MODE_DFA) { -- ovecsize = 2; -+ ovecpair = 1; - re->ncaptures = 0; - - } else { -- ovecsize = (re->ncaptures + 1) * 3; -+ ovecpair = re->ncaptures + 1; - } - - old_pool = ngx_http_lua_pcre_malloc_init(NULL); - - if (ngx_regex_match_data == NULL -- || ovecsize > ngx_regex_match_data_size) -+ || ovecpair > ngx_regex_match_data_size) - { - /* - * Allocate a match data if not yet allocated or smaller than -@@ -709,8 +713,8 @@ ngx_http_lua_ffi_exec_regex(ngx_http_lua_regex_t *re, int flags, - pcre2_match_data_free(ngx_regex_match_data); - } - -- ngx_regex_match_data_size = ovecsize; -- ngx_regex_match_data = pcre2_match_data_create(ovecsize / 3, NULL); -+ ngx_regex_match_data_size = ovecpair; -+ ngx_regex_match_data = pcre2_match_data_create(ovecpair, NULL); - - if (ngx_regex_match_data == NULL) { - rc = PCRE2_ERROR_NOMEMORY; -@@ -741,7 +745,7 @@ ngx_http_lua_ffi_exec_regex(ngx_http_lua_regex_t *re, int flags, - #if (NGX_DEBUG) - ngx_log_debug4(NGX_LOG_DEBUG_HTTP, ngx_cycle->log, 0, - "pcre2_match failed: flags 0x%05Xd, options 0x%08Xd, " -- "rc %d, ovecsize %ui", flags, exec_opts, rc, ovecsize); -+ "rc %d, ovecpair %ui", flags, exec_opts, rc, ovecpair); - #endif - - goto failed; -@@ -753,11 +757,11 @@ ngx_http_lua_ffi_exec_regex(ngx_http_lua_regex_t *re, int flags, - #if (NGX_DEBUG) - ngx_log_debug5(NGX_LOG_DEBUG_HTTP, ngx_cycle->log, 0, - "pcre2_match: flags 0x%05Xd, options 0x%08Xd, rc %d, " -- "n %ui, ovecsize %ui", flags, exec_opts, rc, n, ovecsize); -+ "n %ui, ovecpair %ui", flags, exec_opts, rc, n, ovecpair); - #endif - -- if (!(flags & NGX_LUA_RE_MODE_DFA) && n > ovecsize / 3) { -- n = ovecsize / 3; -+ if (n > ovecpair) { -+ n = ovecpair; - } - - for (i = 0; i < n; i++) { diff --git a/build/openresty/patches/ngx_lua-0.10.26_04-head-request-smuggling.patch b/build/openresty/patches/ngx_lua-0.10.26_04-head-request-smuggling.patch deleted file mode 100644 index 3668c27e397..00000000000 --- a/build/openresty/patches/ngx_lua-0.10.26_04-head-request-smuggling.patch +++ /dev/null @@ -1,27 +0,0 @@ -From e5248aa8203d3e0075822a577c1cdd19f5f1f831 Mon Sep 17 00:00:00 2001 -From: lijunlong -Date: Sat, 9 Mar 2024 12:30:14 +0800 -Subject: [PATCH] bugfix: fixed HTTP HEAD request smuggling issue. - ---- - src/ngx_http_lua_util.c | 6 ++++ - t/020-subrequest.t | 80 +++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 86 insertions(+) - -diff --git a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_util.c b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_util.c -index 8fd26561a7..727ca3da39 100644 ---- a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_util.c -+++ b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_util.c -@@ -603,6 +603,12 @@ ngx_http_lua_send_chain_link(ngx_http_request_t *r, ngx_http_lua_ctx_t *ctx, - if (r->header_only) { - ctx->eof = 1; - -+ if (!r->request_body && r == r->main) { -+ if (ngx_http_discard_request_body(r) != NGX_OK) { -+ return NGX_ERROR; -+ } -+ } -+ - if (ctx->buffering) { - return ngx_http_lua_send_http10_headers(r, ctx); - } diff --git a/build/openresty/patches/ngx_lua-0.10.26_05-setkeepalive-data-integrity.patch b/build/openresty/patches/ngx_lua-0.10.26_05-setkeepalive-data-integrity.patch deleted file mode 100644 index 3a5eb6cb051..00000000000 --- a/build/openresty/patches/ngx_lua-0.10.26_05-setkeepalive-data-integrity.patch +++ /dev/null @@ -1,135 +0,0 @@ -From e2067ddd2b2897d3c6fa6f91ce4e8169fe8c97c6 Mon Sep 17 00:00:00 2001 -From: lijunlong -Date: Wed, 20 Mar 2024 12:02:38 +0800 -Subject: [PATCH] bugfix: wrong arguments of setkeepalive() result in the - compromise of data integrity. - -==338736== Invalid read of size 8 -==338736== at 0x209890: ngx_http_lua_socket_tcp_handler (ngx_http_lua_socket_tcp.c:3341) -==338736== by 0x16CB21: ngx_epoll_process_events (ngx_epoll_module.c:1001) -==338736== by 0x160213: ngx_process_events_and_timers (ngx_event.c:262) -==338736== by 0x16B772: ngx_single_process_cycle (ngx_process_cycle.c:338) -==338736== by 0x13E8B7: main (nginx.c:394) -==338736== Address 0x68c8678 is 8 bytes inside a block of size 1,488 free'd -==338736== at 0x48472AC: free (vg_replace_malloc.c:974) -==338736== by 0x14035D: ngx_destroy_pool (ngx_palloc.c:76) -==338736== by 0x18694E: ngx_http_free_request (ngx_http_request.c:3799) -==338736== by 0x186AE0: ngx_http_close_request (ngx_http_request.c:3708) -==338736== by 0x187A6A: ngx_http_finalize_connection (ngx_http_request.c:2812) -==338736== by 0x1887C7: ngx_http_finalize_request (ngx_http_request.c:2685) -==338736== by 0x1883CC: ngx_http_finalize_request (ngx_http_request.c:2571) -==338736== by 0x2010B2: ngx_http_lua_finalize_request (ngx_http_lua_util.c:3706) -==338736== by 0x20B6A1: ngx_http_lua_socket_tcp_resume_helper (ngx_http_lua_socket_tcp.c:6132) -==338736== by 0x20BA75: ngx_http_lua_socket_tcp_read_resume (ngx_http_lua_socket_tcp.c:6030) -==338736== by 0x20356B: ngx_http_lua_content_wev_handler (ngx_http_lua_contentby.c:152) -==338736== by 0x20CA9F: ngx_http_lua_socket_handle_read_success (ngx_http_lua_socket_tcp.c:3602) -==338736== by 0x20CA9F: ngx_http_lua_socket_tcp_read (ngx_http_lua_socket_tcp.c:2607) -==338736== by 0x20D289: ngx_http_lua_socket_read_handler (ngx_http_lua_socket_tcp.c:3405) -==338736== by 0x20991D: ngx_http_lua_socket_tcp_handler (ngx_http_lua_socket_tcp.c:3356) -==338736== by 0x16C970: ngx_epoll_process_events (ngx_epoll_module.c:968) -==338736== by 0x160213: ngx_process_events_and_timers (ngx_event.c:262) -==338736== by 0x16B772: ngx_single_process_cycle (ngx_process_cycle.c:338) -==338736== by 0x13E8B7: main (nginx.c:394) -==338736== Block was alloc'd at -==338736== at 0x484482F: malloc (vg_replace_malloc.c:431) -==338736== by 0x165448: ngx_alloc (ngx_alloc.c:22) -==338736== by 0x1401B2: ngx_malloc (ngx_palloc.c:137) -==338736== by 0x1403EC: ngx_palloc (ngx_palloc.c:120) -==338736== by 0x140503: ngx_pcalloc (ngx_palloc.c:215) -==338736== by 0x185BC9: ngx_http_alloc_request (ngx_http_request.c:580) -==338736== by 0x186356: ngx_http_create_request (ngx_http_request.c:536) -==338736== by 0x189F2A: ngx_http_wait_request_handler (ngx_http_request.c:518) -==338736== by 0x16C970: ngx_epoll_process_events (ngx_epoll_module.c:968) -==338736== by 0x160213: ngx_process_events_and_timers (ngx_event.c:262) -==338736== by 0x16B772: ngx_single_process_cycle (ngx_process_cycle.c:338) -==338736== by 0x13E8B7: main (nginx.c:394) -==338736== ---- - src/ngx_http_lua_socket_tcp.c | 50 ++++++----- - t/068-socket-keepalive.t | 160 ++++++++++++++++++++++++++++++++++ - 2 files changed, 188 insertions(+), 22 deletions(-) - -diff --git a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_socket_tcp.c b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_socket_tcp.c -index 0aa7109758..214e78329e 100644 ---- a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_socket_tcp.c -@@ -5385,6 +5385,34 @@ ngx_http_lua_socket_tcp_setkeepalive(lua_State *L) - - luaL_checktype(L, 1, LUA_TTABLE); - -+ r = ngx_http_lua_get_req(L); -+ if (r == NULL) { -+ return luaL_error(L, "no request found"); -+ } -+ -+ llcf = ngx_http_get_module_loc_conf(r, ngx_http_lua_module); -+ -+ /* luaL_checkinteger will throw error if the argument is not a number. -+ * e.g.: bad argument \#2 to '?' (number expected, got string) -+ * -+ * We should check the argument in advance; otherwise, -+ * throwing an exception in the middle can compromise data integrity. -+ * e.g.: set pc->connection to NULL without following cleanup. -+ */ -+ if (n >= 2 && !lua_isnil(L, 2)) { -+ timeout = (ngx_msec_t) luaL_checkinteger(L, 2); -+ -+ } else { -+ timeout = llcf->keepalive_timeout; -+ } -+ -+ if (n >= 3 && !lua_isnil(L, 3)) { -+ pool_size = luaL_checkinteger(L, 3); -+ -+ } else { -+ pool_size = llcf->pool_size; -+ } -+ - lua_rawgeti(L, 1, SOCKET_CTX_INDEX); - u = lua_touserdata(L, -1); - lua_pop(L, 1); -@@ -5411,11 +5439,6 @@ ngx_http_lua_socket_tcp_setkeepalive(lua_State *L) - return 2; - } - -- r = ngx_http_lua_get_req(L); -- if (r == NULL) { -- return luaL_error(L, "no request found"); -- } -- - if (u->request != r) { - return luaL_error(L, "bad request"); - } -@@ -5486,18 +5509,8 @@ ngx_http_lua_socket_tcp_setkeepalive(lua_State *L) - - /* stack: obj timeout? size? pools cache_key */ - -- llcf = ngx_http_get_module_loc_conf(r, ngx_http_lua_module); -- - if (spool == NULL) { - /* create a new socket pool for the current peer key */ -- -- if (n >= 3 && !lua_isnil(L, 3)) { -- pool_size = luaL_checkinteger(L, 3); -- -- } else { -- pool_size = llcf->pool_size; -- } -- - if (pool_size <= 0) { - msg = lua_pushfstring(L, "bad \"pool_size\" option value: %d", - pool_size); -@@ -5561,13 +5574,6 @@ ngx_http_lua_socket_tcp_setkeepalive(lua_State *L) - ngx_del_timer(c->write); - } - -- if (n >= 2 && !lua_isnil(L, 2)) { -- timeout = (ngx_msec_t) luaL_checkinteger(L, 2); -- -- } else { -- timeout = llcf->keepalive_timeout; -- } -- - #if (NGX_DEBUG) - if (timeout == 0) { - ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, diff --git a/build/openresty/patches/ngx_lua-0.10.26_06-ngx-arg-connection-close.patch b/build/openresty/patches/ngx_lua-0.10.26_06-ngx-arg-connection-close.patch deleted file mode 100644 index 25912dd1734..00000000000 --- a/build/openresty/patches/ngx_lua-0.10.26_06-ngx-arg-connection-close.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 6c00bd4765ec5f7bf090a2c6424d11845fc4ab72 Mon Sep 17 00:00:00 2001 -From: Liu Wei <375636559@qq.com> -Date: Thu, 11 Apr 2024 20:54:19 +0800 -Subject: [PATCH] bugfix: the connection won't be closed normally when set - arg[1] = "" before arg[2] = true. - ---- - src/ngx_http_lua_bodyfilterby.c | 18 ++++++++++++-- - t/082-body-filter-2.t | 44 +++++++++++++++++++++++++++++++++ - 2 files changed, 60 insertions(+), 2 deletions(-) - -diff --git a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_bodyfilterby.c b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_bodyfilterby.c -index 78e3b5c2d6..c0484c8de0 100644 ---- a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_bodyfilterby.c -+++ b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_bodyfilterby.c -@@ -532,9 +532,23 @@ ngx_http_lua_body_filter_param_set(lua_State *L, ngx_http_request_t *r, - if (last) { - ctx->seen_last_in_filter = 1; - -- /* the "in" chain cannot be NULL and we set the "last_buf" or -- * "last_in_chain" flag in the last buf of "in" */ -+ /* the "in" chain cannot be NULL except that we set arg[1] = "" -+ * before arg[2] = true -+ */ -+ if (in == NULL) { -+ in = ngx_http_lua_chain_get_free_buf(r->connection->log, -+ r->pool, -+ &ctx->free_bufs, 0); -+ if (in == NULL) { -+ return luaL_error(L, "no memory"); -+ } -+ -+ in->buf->tag = (ngx_buf_tag_t) &ngx_http_lua_body_filter; -+ lmcf->body_filter_chain = in; -+ } - -+ /* we set the "last_buf" or "last_in_chain" flag -+ * in the last buf of "in" */ - for (cl = in; cl; cl = cl->next) { - if (cl->next == NULL) { - if (r == r->main) { diff --git a/build/openresty/patches/ngx_lua-0.10.26_07-fix-ngx-recreate-request-issue-for-balancer-body-modified-case.patch b/build/openresty/patches/ngx_lua-0.10.26_07-fix-ngx-recreate-request-issue-for-balancer-body-modified-case.patch deleted file mode 100644 index 5489b6dff48..00000000000 --- a/build/openresty/patches/ngx_lua-0.10.26_07-fix-ngx-recreate-request-issue-for-balancer-body-modified-case.patch +++ /dev/null @@ -1,93 +0,0 @@ -diff --git a/bundle/ngx_lua-0.10.26/README.markdown b/bundle/ngx_lua-0.10.26/README.markdown -index d6ec8c9..27f3880 100644 ---- a/bundle/ngx_lua-0.10.26/README.markdown -+++ b/bundle/ngx_lua-0.10.26/README.markdown -@@ -5512,6 +5512,8 @@ If the request body has been read into memory, try calling the [ngx.req.get_body - - To force in-file request bodies, try turning on [client_body_in_file_only](http://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_in_file_only). - -+Note that this function is also work for balancer phase but it needs to call [balancer.recreate_request](https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/balancer.md#recreate_request) to make the change take effect after set the request body data or headers. -+ - This function was first introduced in the `v0.3.1rc17` release. - - See also [ngx.req.get_body_data](#ngxreqget_body_data). -@@ -5523,7 +5525,7 @@ ngx.req.set_body_data - - **syntax:** *ngx.req.set_body_data(data)* - --**context:** *rewrite_by_lua*, access_by_lua*, content_by_lua** -+**context:** *rewrite_by_lua*, access_by_lua*, content_by_lua*, balancer_by_lua*,* - - Set the current request's request body using the in-memory data specified by the `data` argument. - -@@ -5531,6 +5533,8 @@ If the request body has not been read yet, call [ngx.req.read_body](#ngxreqread_ - - Whether the previous request body has been read into memory or buffered into a disk file, it will be freed or the disk file will be cleaned up immediately, respectively. - -+Note that this function is also work for balancer phase but it needs to call [balancer.recreate_request](https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/balancer.md#recreate_request) to make the change take effect after set the request body data or headers. -+ - This function was first introduced in the `v0.3.1rc18` release. - - See also [ngx.req.set_body_file](#ngxreqset_body_file). -@@ -5542,7 +5546,7 @@ ngx.req.set_body_file - - **syntax:** *ngx.req.set_body_file(file_name, auto_clean?)* - --**context:** *rewrite_by_lua*, access_by_lua*, content_by_lua** -+**context:** *rewrite_by_lua*, access_by_lua*, content_by_lua*, balancer_by_lua*,* - - Set the current request's request body using the in-file data specified by the `file_name` argument. - -diff --git a/bundle/ngx_lua-0.10.26/doc/HttpLuaModule.wiki b/bundle/ngx_lua-0.10.26/doc/HttpLuaModule.wiki -index 305626c..51807c7 100644 ---- a/bundle/ngx_lua-0.10.26/doc/HttpLuaModule.wiki -+++ b/bundle/ngx_lua-0.10.26/doc/HttpLuaModule.wiki -@@ -4637,7 +4637,7 @@ See also [[#ngx.req.get_body_data|ngx.req.get_body_data]]. - - '''syntax:''' ''ngx.req.set_body_data(data)'' - --'''context:''' ''rewrite_by_lua*, access_by_lua*, content_by_lua*'' -+'''context:''' ''rewrite_by_lua*, access_by_lua*, content_by_lua*, balancer_by_lua*'' - - Set the current request's request body using the in-memory data specified by the data argument. - -@@ -4645,6 +4645,8 @@ If the request body has not been read yet, call [[#ngx.req.read_body|ngx.req.rea - - Whether the previous request body has been read into memory or buffered into a disk file, it will be freed or the disk file will be cleaned up immediately, respectively. - -+Note that this function is also work for balancer phase but it needs to call [https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/balancer.md#recreate_request balancer.recreate_request] to make the change take effect after set the request body data or headers. -+ - This function was first introduced in the v0.3.1rc18 release. - - See also [[#ngx.req.set_body_file|ngx.req.set_body_file]]. -@@ -4653,7 +4655,7 @@ See also [[#ngx.req.set_body_file|ngx.req.set_body_file]]. - - '''syntax:''' ''ngx.req.set_body_file(file_name, auto_clean?)'' - --'''context:''' ''rewrite_by_lua*, access_by_lua*, content_by_lua*'' -+'''context:''' ''rewrite_by_lua*, access_by_lua*, content_by_lua*, balancer_by_lua*'' - - Set the current request's request body using the in-file data specified by the file_name argument. - -@@ -4665,6 +4667,8 @@ Please ensure that the file specified by the file_name argument exi - - Whether the previous request body has been read into memory or buffered into a disk file, it will be freed or the disk file will be cleaned up immediately, respectively. - -+Note that this function is also work for balancer phase but it needs to call [https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/balancer.md#recreate_request balancer.recreate_request] to make the change take effect after set the request body data or headers. -+ - This function was first introduced in the v0.3.1rc18 release. - - See also [[#ngx.req.set_body_data|ngx.req.set_body_data]]. -diff --git a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_balancer.c b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_balancer.c -index af4da73..4da4393 100644 ---- a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_balancer.c -+++ b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_balancer.c -@@ -802,7 +802,7 @@ ngx_http_lua_ffi_balancer_recreate_request(ngx_http_request_t *r, - /* u->request_bufs already contains a valid request buffer - * remove it from chain first - */ -- u->request_bufs = u->request_bufs->next; -+ u->request_bufs = r->request_body->bufs; - } - - return u->create_request(r); diff --git a/build/openresty/patches/ngx_lua-0.10.26_07-tcpsock-setkeepalive-tls13.patch b/build/openresty/patches/ngx_lua-0.10.26_07-tcpsock-setkeepalive-tls13.patch deleted file mode 100644 index d45ac9ef616..00000000000 --- a/build/openresty/patches/ngx_lua-0.10.26_07-tcpsock-setkeepalive-tls13.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff --git a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_socket_tcp.c b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_socket_tcp.c -index 037faef..0e6dcd0 100644 ---- a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_socket_tcp.c -@@ -5731,7 +5731,7 @@ ngx_http_lua_socket_keepalive_close_handler(ngx_event_t *ev) - ngx_http_lua_socket_pool_t *spool; - - int n; -- char buf[1]; -+ unsigned char buf[1]; - ngx_connection_t *c; - - c = ev->data; -@@ -5752,9 +5752,10 @@ ngx_http_lua_socket_keepalive_close_handler(ngx_event_t *ev) - ngx_log_debug0(NGX_LOG_DEBUG_HTTP, ev->log, 0, - "lua tcp socket keepalive close handler check stale events"); - -- n = recv(c->fd, buf, 1, MSG_PEEK); -+ /* consume the possible ssl-layer data implicitly */ -+ n = c->recv(c, buf, 1); - -- if (n == -1 && ngx_socket_errno == NGX_EAGAIN) { -+ if (n == NGX_AGAIN) { - /* stale event */ - - if (ngx_handle_read_event(c->read, 0) != NGX_OK) { diff --git a/build/openresty/patches/ngx_lua-0.10.26_08-balancer_set_upstream_tls.patch b/build/openresty/patches/ngx_lua-0.10.26_08-balancer_set_upstream_tls.patch deleted file mode 100644 index 24f7fcb78ee..00000000000 --- a/build/openresty/patches/ngx_lua-0.10.26_08-balancer_set_upstream_tls.patch +++ /dev/null @@ -1,51 +0,0 @@ -diff --git a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_balancer.c b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_balancer.c -index af4da73..f119948 100644 ---- a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_balancer.c -+++ b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_balancer.c -@@ -808,5 +808,46 @@ ngx_http_lua_ffi_balancer_recreate_request(ngx_http_request_t *r, - return u->create_request(r); - } - -+int -+ngx_http_lua_ffi_balancer_set_upstream_tls(ngx_http_request_t *r, int on, -+ char **err) -+{ -+ ngx_http_lua_ctx_t *ctx; -+ ngx_http_upstream_t *u; -+ -+ if (r == NULL) { -+ *err = "no request found"; -+ return NGX_ERROR; -+ } -+ -+ u = r->upstream; -+ -+ if (u == NULL) { -+ *err = "no upstream found"; -+ return NGX_ERROR; -+ } -+ -+ ctx = ngx_http_get_module_ctx(r, ngx_http_lua_module); -+ if (ctx == NULL) { -+ *err = "no ctx found"; -+ return NGX_ERROR; -+ } -+ -+ if ((ctx->context & NGX_HTTP_LUA_CONTEXT_BALANCER) == 0) { -+ *err = "API disabled in the current context"; -+ return NGX_ERROR; -+ } -+ -+ if (on == 0) { -+ u->ssl = 0; -+ u->schema.len = sizeof("http://") - 1; -+ -+ } else { -+ u->ssl = 1; -+ u->schema.len = sizeof("https://") - 1; -+ } -+ -+ return NGX_OK; -+} - - /* vi:set ft=c ts=4 sw=4 et fdm=marker: */ diff --git a/build/openresty/patches/ngx_lua-0.10.26_02-dynamic_log_level.patch b/build/openresty/patches/ngx_lua-0.10.27_01-dynamic_log_level.patch similarity index 77% rename from build/openresty/patches/ngx_lua-0.10.26_02-dynamic_log_level.patch rename to build/openresty/patches/ngx_lua-0.10.27_01-dynamic_log_level.patch index 01ecf47f32a..80d8d34e868 100644 --- a/build/openresty/patches/ngx_lua-0.10.26_02-dynamic_log_level.patch +++ b/build/openresty/patches/ngx_lua-0.10.27_01-dynamic_log_level.patch @@ -1,7 +1,7 @@ -diff --git a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_log.c b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_log.c +diff --git a/bundle/ngx_lua-0.10.27/src/ngx_http_lua_log.c b/bundle/ngx_lua-0.10.27/src/ngx_http_lua_log.c index 43ab820..d18fd05 100644 ---- a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_log.c -+++ b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_log.c +--- a/bundle/ngx_lua-0.10.27/src/ngx_http_lua_log.c ++++ b/bundle/ngx_lua-0.10.27/src/ngx_http_lua_log.c @@ -101,7 +101,11 @@ log_wrapper(ngx_log_t *log, const char *ident, ngx_uint_t level, const char *msg; lua_Debug ar; diff --git a/build/openresty/patches/ngx_lua-0.10.27_02-ssl-disable-h2-alpn.patch b/build/openresty/patches/ngx_lua-0.10.27_02-ssl-disable-h2-alpn.patch new file mode 100644 index 00000000000..88461cd7f1a --- /dev/null +++ b/build/openresty/patches/ngx_lua-0.10.27_02-ssl-disable-h2-alpn.patch @@ -0,0 +1,14 @@ +diff --git a/bundle/ngx_lua-0.10.27/src/ngx_http_lua_ssl.h b/bundle/ngx_lua-0.10.27/src/ngx_http_lua_ssl.h +index 3d577c6..aa20f03 100644 +--- a/bundle/ngx_lua-0.10.27/src/ngx_http_lua_ssl.h ++++ b/bundle/ngx_lua-0.10.27/src/ngx_http_lua_ssl.h +@@ -38,6 +38,9 @@ typedef struct { + unsigned entered_client_hello_handler:1; + unsigned entered_cert_handler:1; + unsigned entered_sess_fetch_handler:1; ++#if (NGX_HTTP_LUA_KONG) ++ unsigned disable_http2_alpn:1; ++#endif + } ngx_http_lua_ssl_ctx_t; + + diff --git a/build/openresty/patches/ngx_lua-0.10.26_07-remove-http2-hardcode-limitation-in-ngx-location.patch b/build/openresty/patches/ngx_lua-0.10.27_03-remove-http2-hardcode-limitation-in-ngx-location.patch similarity index 50% rename from build/openresty/patches/ngx_lua-0.10.26_07-remove-http2-hardcode-limitation-in-ngx-location.patch rename to build/openresty/patches/ngx_lua-0.10.27_03-remove-http2-hardcode-limitation-in-ngx-location.patch index 8bcea9fac31..da17228de18 100644 --- a/build/openresty/patches/ngx_lua-0.10.26_07-remove-http2-hardcode-limitation-in-ngx-location.patch +++ b/build/openresty/patches/ngx_lua-0.10.27_03-remove-http2-hardcode-limitation-in-ngx-location.patch @@ -1,8 +1,8 @@ -diff --git a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_subrequest.c b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_subrequest.c -index f4db9aa..d887b28 100644 ---- a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_subrequest.c -+++ b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_subrequest.c -@@ -172,12 +172,6 @@ ngx_http_lua_ngx_location_capture_multi(lua_State *L) +diff --git a/bundle/ngx_lua-0.10.27/src/ngx_http_lua_subrequest.c b/bundle/ngx_lua-0.10.27/src/ngx_http_lua_subrequest.c +index 2ccd271..edb24e9 100644 +--- a/bundle/ngx_lua-0.10.27/src/ngx_http_lua_subrequest.c ++++ b/bundle/ngx_lua-0.10.27/src/ngx_http_lua_subrequest.c +@@ -173,12 +173,6 @@ ngx_http_lua_ngx_location_capture_multi(lua_State *L) return luaL_error(L, "no request object found"); } diff --git a/build/openresty/patches/ngx_lua-0.10.27_04-tcpsock-setkeepalive-tls13.patch b/build/openresty/patches/ngx_lua-0.10.27_04-tcpsock-setkeepalive-tls13.patch new file mode 100644 index 00000000000..59608b13bf1 --- /dev/null +++ b/build/openresty/patches/ngx_lua-0.10.27_04-tcpsock-setkeepalive-tls13.patch @@ -0,0 +1,126 @@ +diff --git a/bundle/ngx_lua-0.10.27/src/ngx_http_lua_socket_tcp.c b/bundle/ngx_lua-0.10.27/src/ngx_http_lua_socket_tcp.c +index a0e041b..998881d 100644 +--- a/bundle/ngx_lua-0.10.27/src/ngx_http_lua_socket_tcp.c ++++ b/bundle/ngx_lua-0.10.27/src/ngx_http_lua_socket_tcp.c +@@ -5725,8 +5725,7 @@ ngx_http_lua_socket_keepalive_close_handler(ngx_event_t *ev) + ngx_http_lua_socket_pool_t *spool; + + int n; +- int err; +- char buf[1]; ++ unsigned char buf[1]; + ngx_connection_t *c; + + c = ev->data; +@@ -5747,20 +5746,10 @@ ngx_http_lua_socket_keepalive_close_handler(ngx_event_t *ev) + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, ev->log, 0, + "lua tcp socket keepalive close handler check stale events"); + +- n = recv(c->fd, buf, 1, MSG_PEEK); +- err = ngx_socket_errno; +-#if (NGX_HTTP_SSL) +- /* ignore ssl protocol data like change cipher spec */ +- if (n == 1 && c->ssl != NULL) { +- n = c->recv(c, (unsigned char *) buf, 1); +- if (n == NGX_AGAIN) { +- n = -1; +- err = NGX_EAGAIN; +- } +- } +-#endif ++ /* consume the possible ssl-layer data implicitly */ ++ n = c->recv(c, buf, 1); + +- if (n == -1 && err == NGX_EAGAIN) { ++ if (n == NGX_AGAIN) { + /* stale event */ + + if (ngx_handle_read_event(c->read, 0) != NGX_OK) { +diff --git a/bundle/ngx_lua-0.10.27/t/058-tcp-socket.t b/bundle/ngx_lua-0.10.27/t/058-tcp-socket.t +index ef2b05f..db5cb60 100644 +--- a/bundle/ngx_lua-0.10.27/t/058-tcp-socket.t ++++ b/bundle/ngx_lua-0.10.27/t/058-tcp-socket.t +@@ -1,6 +1,7 @@ + # vim:set ft= ts=4 sw=4 et fdm=marker: + + use Test::Nginx::Socket::Lua; ++use Test::Nginx::Socket::Lua::Stream; + + repeat_each(2); + +@@ -10,6 +11,7 @@ our $HtmlDir = html_dir; + + $ENV{TEST_NGINX_MEMCACHED_PORT} ||= 11211; + $ENV{TEST_NGINX_RESOLVER} ||= '8.8.8.8'; ++$ENV{TEST_NGINX_HTML_DIR} ||= html_dir(); + + #log_level 'warn'; + log_level 'debug'; +@@ -4497,3 +4499,67 @@ reused times: 3, setkeepalive err: closed + --- no_error_log + [error] + --- skip_eval: 3: $ENV{TEST_NGINX_EVENT_TYPE} && $ENV{TEST_NGINX_EVENT_TYPE} ne 'epoll' ++ ++ ++ ++=== TEST 74: setkeepalive with TLSv1.3 ++--- skip_openssl: 3: < 1.1.1 ++--- stream_server_config ++ listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; ++ ssl_certificate ../../cert/test.crt; ++ ssl_certificate_key ../../cert/test.key; ++ ssl_protocols TLSv1.3; ++ ++ content_by_lua_block { ++ local sock = assert(ngx.req.socket(true)) ++ local data ++ while true do ++ data = assert(sock:receive()) ++ assert(data == "hello") ++ end ++ } ++--- config ++ location /test { ++ lua_ssl_protocols TLSv1.3; ++ content_by_lua_block { ++ local sock = ngx.socket.tcp() ++ sock:settimeout(2000) ++ ++ local ok, err = sock:connect("unix:$TEST_NGINX_HTML_DIR/nginx.sock") ++ if not ok then ++ ngx.say("failed to connect: ", err) ++ return ++ end ++ ++ ngx.say("connected: ", ok) ++ ++ local ok, err = sock:sslhandshake(false, nil, false) ++ if not ok then ++ ngx.say("failed to sslhandshake: ", err) ++ return ++ end ++ ++ local ok, err = sock:send("hello\n") ++ if not ok then ++ ngx.say("failed to send: ", err) ++ return ++ end ++ ++ -- sleep a while to make sure the NewSessionTicket message has arrived ++ ngx.sleep(1) ++ ++ local ok, err = sock:setkeepalive() ++ if not ok then ++ ngx.say("failed to setkeepalive: ", err) ++ else ++ ngx.say("setkeepalive: ", ok) ++ end ++ } ++ } ++--- request ++GET /test ++--- response_body ++connected: 1 ++setkeepalive: 1 ++--- no_error_log ++[error] diff --git a/build/openresty/patches/ngx_stream_lua-0.0.14_01-expose_request_struct.patch b/build/openresty/patches/ngx_stream_lua-0.0.14_01-expose_request_struct.patch index e758343b236..49165137dea 100644 --- a/build/openresty/patches/ngx_stream_lua-0.0.14_01-expose_request_struct.patch +++ b/build/openresty/patches/ngx_stream_lua-0.0.14_01-expose_request_struct.patch @@ -1,26 +1,14 @@ -From 0acb7f5ad0fbc9ee037f0c5d689f98861fe9e49b Mon Sep 17 00:00:00 2001 -From: Datong Sun -Date: Tue, 10 Dec 2019 11:51:53 -0800 -Subject: [PATCH] Sync with meta-lua-nginx-module - 1330009671cd86eaf045f9f2c5cda3727a94570f. - ---- - ngx_stream_lua-0.0.14/src/api/ngx_stream_lua_api.h | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/bundle/ngx_stream_lua-0.0.14/src/api/ngx_stream_lua_api.h b/bundle/ngx_stream_lua-0.0.14/src/api/ngx_stream_lua_api.h -index 0e5a18f..040ef84 100644 ---- a/bundle/ngx_stream_lua-0.0.14/src/api/ngx_stream_lua_api.h -+++ b/bundle/ngx_stream_lua-0.0.14/src/api/ngx_stream_lua_api.h +diff --git a/bundle/ngx_stream_lua-0.0.15/src/api/ngx_stream_lua_api.h b/bundle/ngx_stream_lua-0.0.15/src/api/ngx_stream_lua_api.h +index 55582b1..2183605 100644 +--- a/bundle/ngx_stream_lua-0.0.15/src/api/ngx_stream_lua_api.h ++++ b/bundle/ngx_stream_lua-0.0.15/src/api/ngx_stream_lua_api.h @@ -21,6 +21,9 @@ - - - + + + +#include +#include "../ngx_stream_lua_request.h" + - + #include #include --- -2.20.1 diff --git a/build/openresty/patches/ngx_stream_lua-0.0.14_02-remove-useless-pcre-config.patch b/build/openresty/patches/ngx_stream_lua-0.0.14_02-remove-useless-pcre-config.patch deleted file mode 100644 index 1e706fc6c3e..00000000000 --- a/build/openresty/patches/ngx_stream_lua-0.0.14_02-remove-useless-pcre-config.patch +++ /dev/null @@ -1,59 +0,0 @@ -From f1499e3b06f698dc2813e0686aa0cc257299fcd7 Mon Sep 17 00:00:00 2001 -From: swananan -Date: Thu, 11 Jan 2024 08:46:17 +0800 -Subject: [PATCH] changes: remove the useless pcre config. - ---- - config | 39 --------------------------------------- - 1 file changed, 39 deletions(-) - -diff --git a/bundle/ngx_stream_lua-0.0.14/config b/bundle/ngx_stream_lua-0.0.14/config -index 8db90628..e1470b7a 100644 ---- a/bundle/ngx_stream_lua-0.0.14/config -+++ b/bundle/ngx_stream_lua-0.0.14/config -@@ -405,45 +405,6 @@ fi - - # ---------------------------------------- - --if [ $USE_PCRE = YES -o $PCRE != NONE ] && [ $PCRE != NO -a $PCRE != YES ] && [ $PCRE2 != YES ]; then -- # force pcre_version symbol to be required when PCRE is statically linked -- case "$NGX_PLATFORM" in -- Darwin:*) -- ngx_feature="require defined symbols (-u)" -- ngx_feature_name= -- ngx_feature_path= -- ngx_feature_libs="-Wl,-u,_strerror" -- ngx_feature_run=no -- ngx_feature_incs="#include " -- ngx_feature_test='printf("hello");' -- -- . auto/feature -- -- if [ $ngx_found = yes ]; then -- CORE_LIBS="-Wl,-u,_pcre_version $CORE_LIBS" -- fi -- ;; -- -- *) -- ngx_feature="require defined symbols (--require-defined)" -- ngx_feature_name= -- ngx_feature_path= -- ngx_feature_libs="-Wl,--require-defined=strerror" -- ngx_feature_run=no -- ngx_feature_incs="#include " -- ngx_feature_test='printf("hello");' -- -- . auto/feature -- -- if [ $ngx_found = yes ]; then -- CORE_LIBS="-Wl,--require-defined=pcre_version $CORE_LIBS" -- fi -- ;; -- esac --fi -- --# ---------------------------------------- -- - USE_MD5=YES - USE_SHA1=YES - diff --git a/build/openresty/patches/ngx_stream_lua-0.0.14_02-tcpsock-setkeepalive-tls13.patch b/build/openresty/patches/ngx_stream_lua-0.0.14_02-tcpsock-setkeepalive-tls13.patch new file mode 100644 index 00000000000..af0a833e4f9 --- /dev/null +++ b/build/openresty/patches/ngx_stream_lua-0.0.14_02-tcpsock-setkeepalive-tls13.patch @@ -0,0 +1,116 @@ +diff --git a/bundle/ngx_stream_lua-0.0.15/src/ngx_stream_lua_socket_tcp.c b/bundle/ngx_stream_lua-0.0.15/src/ngx_stream_lua_socket_tcp.c +index 4d076e9..c5b33df 100644 +--- a/bundle/ngx_stream_lua-0.0.15/src/ngx_stream_lua_socket_tcp.c ++++ b/bundle/ngx_stream_lua-0.0.15/src/ngx_stream_lua_socket_tcp.c +@@ -5595,8 +5595,7 @@ ngx_stream_lua_socket_keepalive_close_handler(ngx_event_t *ev) + ngx_stream_lua_socket_pool_t *spool; + + int n; +- int err; +- char buf[1]; ++ unsigned char buf[1]; + ngx_connection_t *c; + + c = ev->data; +@@ -5618,20 +5617,10 @@ ngx_stream_lua_socket_keepalive_close_handler(ngx_event_t *ev) + "stream lua tcp socket keepalive close handler " + "check stale events"); + +- n = recv(c->fd, buf, 1, MSG_PEEK); +- err = ngx_socket_errno; +-#if (NGX_STREAM_SSL) +- /* ignore ssl protocol data like change cipher spec */ +- if (n == 1 && c->ssl != NULL) { +- n = c->recv(c, (unsigned char *) buf, 1); +- if (n == NGX_AGAIN) { +- n = -1; +- err = NGX_EAGAIN; +- } +- } +-#endif /* NGX_STREAM_SSL */ ++ /* consume the possible ssl-layer data implicitly */ ++ n = c->recv(c, buf, 1); + +- if (n == -1 && err == NGX_EAGAIN) { ++ if (n == NGX_AGAIN) { + /* stale event */ + + if (ngx_handle_read_event(c->read, 0) != NGX_OK) { +diff --git a/bundle/ngx_stream_lua-0.0.15/t/058-tcp-socket.t b/bundle/ngx_stream_lua-0.0.15/t/058-tcp-socket.t +index d0593fc..adc09b1 100644 +--- a/bundle/ngx_stream_lua-0.0.15/t/058-tcp-socket.t ++++ b/bundle/ngx_stream_lua-0.0.15/t/058-tcp-socket.t +@@ -4,12 +4,13 @@ use Test::Nginx::Socket::Lua::Stream; + + repeat_each(2); + +-plan tests => repeat_each() * 221; ++plan tests => repeat_each() * 224; + + our $HtmlDir = html_dir; + + $ENV{TEST_NGINX_MEMCACHED_PORT} ||= 11211; + $ENV{TEST_NGINX_RESOLVER} ||= '8.8.8.8'; ++$ENV{TEST_NGINX_HTML_DIR} ||= html_dir(); + + #log_level 'warn'; + log_level 'debug'; +@@ -3545,3 +3546,58 @@ lua tcp socket calling receiveany() method to read at most 7 bytes + + --- error_log + shutdown on a not connected socket: closed ++ ++ ++ ++=== TEST 68: setkeepalive with TLSv1.3 ++--- skip_openssl: 3: < 1.1.1 ++--- stream_config ++ server { ++ listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl; ++ ssl_certificate ../../cert/test_ecdsa.crt; ++ ssl_certificate_key ../../cert/test_ecdsa.key; ++ ssl_protocols TLSv1.3; ++ content_by_lua_block { ++ local sock = assert(ngx.req.socket(true)) ++ local data ++ while true do ++ data = assert(sock:receive()) ++ assert(data == "hello") ++ end ++ } ++ } ++--- stream_server_config ++ lua_ssl_protocols TLSv1.3; ++ content_by_lua_block { ++ local sock = ngx.socket.tcp() ++ sock:settimeout(2000) ++ local ok, err = sock:connect("unix:$TEST_NGINX_HTML_DIR/nginx.sock") ++ if not ok then ++ ngx.say("failed to connect: ", err) ++ return ++ end ++ ngx.say("connected: ", ok) ++ local ok, err = sock:sslhandshake(false, nil, false) ++ if not ok then ++ ngx.say("failed to sslhandshake: ", err) ++ return ++ end ++ local ok, err = sock:send("hello\n") ++ if not ok then ++ ngx.say("failed to send: ", err) ++ return ++ end ++ -- sleep a while to make sure the NewSessionTicket message has arrived ++ ngx.sleep(1) ++ local ok, err = sock:setkeepalive() ++ if not ok then ++ ngx.say("failed to setkeepalive: ", err) ++ else ++ ngx.say("setkeepalive: ", ok) ++ end ++ } ++--- stream_response ++connected: 1 ++setkeepalive: 1 ++--- no_error_log ++[error] diff --git a/build/openresty/patches/ngx_stream_lua-0.0.14_03-regex-memory-corruption.patch b/build/openresty/patches/ngx_stream_lua-0.0.14_03-regex-memory-corruption.patch deleted file mode 100644 index 42bb7f4c6af..00000000000 --- a/build/openresty/patches/ngx_stream_lua-0.0.14_03-regex-memory-corruption.patch +++ /dev/null @@ -1,99 +0,0 @@ -diff --git a/bundle/ngx_stream_lua-0.0.14/src/ngx_stream_lua_regex.c b/bundle/ngx_stream_lua-0.0.14/src/ngx_stream_lua_regex.c -index e32744e..080e5dd 100644 ---- a/bundle/ngx_stream_lua-0.0.14/src/ngx_stream_lua_regex.c -+++ b/bundle/ngx_stream_lua-0.0.14/src/ngx_stream_lua_regex.c -@@ -598,7 +598,11 @@ ngx_stream_lua_ffi_compile_regex(const unsigned char *pat, size_t pat_len, - re_comp.captures = 0; - - } else { -+#if (NGX_PCRE2) -+ ovecsize = (re_comp.captures + 1) * 2; -+#else - ovecsize = (re_comp.captures + 1) * 3; -+#endif - } - - dd("allocating cap with size: %d", (int) ovecsize); -@@ -691,21 +695,21 @@ ngx_stream_lua_ffi_exec_regex(ngx_stream_lua_regex_t *re, int flags, - { - int rc, exec_opts = 0; - size_t *ov; -- ngx_uint_t ovecsize, n, i; -+ ngx_uint_t ovecpair, n, i; - ngx_pool_t *old_pool; - - if (flags & NGX_LUA_RE_MODE_DFA) { -- ovecsize = 2; -+ ovecpair = 1; - re->ncaptures = 0; - - } else { -- ovecsize = (re->ncaptures + 1) * 3; -+ ovecpair = re->ncaptures + 1; - } - - old_pool = ngx_stream_lua_pcre_malloc_init(NULL); - - if (ngx_regex_match_data == NULL -- || ovecsize > ngx_regex_match_data_size) -+ || ovecpair > ngx_regex_match_data_size) - { - /* - * Allocate a match data if not yet allocated or smaller than -@@ -716,8 +720,8 @@ ngx_stream_lua_ffi_exec_regex(ngx_stream_lua_regex_t *re, int flags, - pcre2_match_data_free(ngx_regex_match_data); - } - -- ngx_regex_match_data_size = ovecsize; -- ngx_regex_match_data = pcre2_match_data_create(ovecsize / 3, NULL); -+ ngx_regex_match_data_size = ovecpair; -+ ngx_regex_match_data = pcre2_match_data_create(ovecpair, NULL); - - if (ngx_regex_match_data == NULL) { - rc = PCRE2_ERROR_NOMEMORY; -@@ -747,7 +751,7 @@ ngx_stream_lua_ffi_exec_regex(ngx_stream_lua_regex_t *re, int flags, - #if (NGX_DEBUG) - ngx_log_debug4(NGX_LOG_DEBUG_STREAM, ngx_cycle->log, 0, - "pcre2_match failed: flags 0x%05Xd, options 0x%08Xd, rc %d, " -- "ovecsize %ui", flags, exec_opts, rc, ovecsize); -+ "ovecpair %ui", flags, exec_opts, rc, ovecpair); - #endif - - goto failed; -@@ -759,11 +763,11 @@ ngx_stream_lua_ffi_exec_regex(ngx_stream_lua_regex_t *re, int flags, - #if (NGX_DEBUG) - ngx_log_debug5(NGX_LOG_DEBUG_STREAM, ngx_cycle->log, 0, - "pcre2_match: flags 0x%05Xd, options 0x%08Xd, rc %d, " -- "n %ui, ovecsize %ui", flags, exec_opts, rc, n, ovecsize); -+ "n %ui, ovecpair %ui", flags, exec_opts, rc, n, ovecpair); - #endif - -- if (!(flags & NGX_LUA_RE_MODE_DFA) && n > ovecsize / 3) { -- n = ovecsize / 3; -+ if (n > ovecpair) { -+ n = ovecpair; - } - - for (i = 0; i < n; i++) { -@@ -796,6 +800,21 @@ ngx_stream_lua_ffi_exec_regex(ngx_stream_lua_regex_t *re, int flags, - re->ncaptures = 0; - - } else { -+ /* How pcre_exec() returns captured substrings -+ * The first two-thirds of the vector is used to pass back captured -+ * substrings, each substring using a pair of integers. The remaining -+ * third of the vector is used as workspace by pcre_exec() while -+ * matching capturing subpatterns, and is not available for passing -+ * back information. The number passed in ovecsize should always be a -+ * multiple of three. If it is not, it is rounded down. -+ * -+ * When a match is successful, information about captured substrings is -+ * returned in pairs of integers, starting at the beginning of ovector, -+ * and continuing up to two-thirds of its length at the most. The first -+ * element of each pair is set to the byte offset of the first character -+ * in a substring, and the second is set to the byte offset of the first -+ * character after the end of a substring. -+ */ - ovecsize = (re->ncaptures + 1) * 3; - } - diff --git a/build/openresty/patches/ngx_stream_lua-0.0.14_04-setkeepalive-data-integrity.patch b/build/openresty/patches/ngx_stream_lua-0.0.14_04-setkeepalive-data-integrity.patch deleted file mode 100644 index 815ffd265da..00000000000 --- a/build/openresty/patches/ngx_stream_lua-0.0.14_04-setkeepalive-data-integrity.patch +++ /dev/null @@ -1,95 +0,0 @@ -From cb82db3574f42fd3f22f98c51f5183e975eaa766 Mon Sep 17 00:00:00 2001 -From: lijunlong -Date: Wed, 20 Mar 2024 12:12:30 +0800 -Subject: [PATCH] bugfix: wrong arguments of setkeepalive() result in the - compromise of data integrity. - ---- - src/ngx_stream_lua_socket_tcp.c | 49 +++++++----- - t/068-socket-keepalive.t | 138 ++++++++++++++++++++++++++++++++ - 2 files changed, 166 insertions(+), 21 deletions(-) - -diff --git a/bundle/ngx_stream_lua-0.0.14/src/ngx_stream_lua_socket_tcp.c b/bundle/ngx_stream_lua-0.0.14/src/ngx_stream_lua_socket_tcp.c -index 57f389d0..9d5472a2 100644 ---- a/bundle/ngx_stream_lua-0.0.14/src/ngx_stream_lua_socket_tcp.c -+++ b/bundle/ngx_stream_lua-0.0.14/src/ngx_stream_lua_socket_tcp.c -@@ -5250,6 +5250,34 @@ ngx_stream_lua_socket_tcp_setkeepalive(lua_State *L) - - luaL_checktype(L, 1, LUA_TTABLE); - -+ r = ngx_stream_lua_get_req(L); -+ if (r == NULL) { -+ return luaL_error(L, "no request found"); -+ } -+ -+ llcf = ngx_stream_lua_get_module_loc_conf(r, ngx_stream_lua_module); -+ -+ /* luaL_checkinteger will throw error if the argument is not a number. -+ * e.g.: bad argument \#2 to '?' (number expected, got string) -+ * -+ * We should check the argument in advance; otherwise, -+ * throwing an exception in the middle can compromise data integrity. -+ * e.g.: set pc->connection to NULL without following cleanup. -+ */ -+ if (n >= 2 && !lua_isnil(L, 2)) { -+ timeout = (ngx_msec_t) luaL_checkinteger(L, 2); -+ -+ } else { -+ timeout = llcf->keepalive_timeout; -+ } -+ -+ if (n >= 3 && !lua_isnil(L, 3)) { -+ pool_size = luaL_checkinteger(L, 3); -+ -+ } else { -+ pool_size = llcf->pool_size; -+ } -+ - lua_rawgeti(L, 1, SOCKET_CTX_INDEX); - u = lua_touserdata(L, -1); - lua_pop(L, 1); -@@ -5271,11 +5299,6 @@ ngx_stream_lua_socket_tcp_setkeepalive(lua_State *L) - return 2; - } - -- r = ngx_stream_lua_get_req(L); -- if (r == NULL) { -- return luaL_error(L, "no request found"); -- } -- - if (u->request != r) { - return luaL_error(L, "bad request"); - } -@@ -5349,18 +5372,9 @@ ngx_stream_lua_socket_tcp_setkeepalive(lua_State *L) - - /* stack: obj timeout? size? pools cache_key */ - -- llcf = ngx_stream_lua_get_module_loc_conf(r, ngx_stream_lua_module); -- - if (spool == NULL) { - /* create a new socket pool for the current peer key */ - -- if (n >= 3 && !lua_isnil(L, 3)) { -- pool_size = luaL_checkinteger(L, 3); -- -- } else { -- pool_size = llcf->pool_size; -- } -- - if (pool_size <= 0) { - msg = lua_pushfstring(L, "bad \"pool_size\" option value: %i", - pool_size); -@@ -5425,13 +5439,6 @@ ngx_stream_lua_socket_tcp_setkeepalive(lua_State *L) - ngx_del_timer(c->write); - } - -- if (n >= 2 && !lua_isnil(L, 2)) { -- timeout = (ngx_msec_t) luaL_checkinteger(L, 2); -- -- } else { -- timeout = llcf->keepalive_timeout; -- } -- - #if (NGX_DEBUG) - if (timeout == 0) { - ngx_log_debug0(NGX_LOG_DEBUG_STREAM, r->connection->log, 0, diff --git a/build/openresty/patches/ngx_stream_lua-0.0.14_05-ssl-context.patch b/build/openresty/patches/ngx_stream_lua-0.0.14_05-ssl-context.patch deleted file mode 100644 index 935064830c9..00000000000 --- a/build/openresty/patches/ngx_stream_lua-0.0.14_05-ssl-context.patch +++ /dev/null @@ -1,54 +0,0 @@ -From bea8a0c0de94cede71554f53818ac0267d675d63 Mon Sep 17 00:00:00 2001 -From: Konstantin Pavlov -Date: Fri, 22 Mar 2024 16:41:46 -0700 -Subject: [PATCH] bugfix: Check for SSL context instead of listen. - -This fixes FTBFS with nginx 1.25.5 after changes in -https://hg.nginx.org/nginx/rev/e28b044908cb and -https://hg.nginx.org/nginx/rev/fa75fccf7fa0 ---- - src/ngx_stream_lua_module.c | 8 ++++++++ - src/ngx_stream_lua_ssl_certby.c | 4 ++++ - 2 files changed, 12 insertions(+) - -diff --git a/bundle/ngx_stream_lua-0.0.14/src/ngx_stream_lua_module.c b/bundle/ngx_stream_lua-0.0.14/src/ngx_stream_lua_module.c -index f7dca968..5c9024e7 100644 ---- a/bundle/ngx_stream_lua-0.0.14/src/ngx_stream_lua_module.c -+++ b/bundle/ngx_stream_lua-0.0.14/src/ngx_stream_lua_module.c -@@ -864,12 +864,20 @@ ngx_stream_lua_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) - ngx_stream_lua_srv_conf_t *conf = child; - - #if (NGX_STREAM_SSL) -+#if defined(nginx_version) && nginx_version >= 1025005 -+ ngx_stream_ssl_srv_conf_t *sscf; -+#else - ngx_stream_ssl_conf_t *sscf; -+#endif - - dd("merge srv conf"); - - sscf = ngx_stream_conf_get_module_srv_conf(cf, ngx_stream_ssl_module); -+#if defined(nginx_version) && nginx_version >= 1025005 -+ if (sscf && sscf->ssl.ctx) { -+#else - if (sscf && sscf->listen) { -+#endif - if (conf->srv.ssl_client_hello_src.len == 0) { - conf->srv.ssl_client_hello_src = prev->srv.ssl_client_hello_src; - conf->srv.ssl_client_hello_src_key = -diff --git a/bundle/ngx_stream_lua-0.0.14/src/ngx_stream_lua_ssl_certby.c b/bundle/ngx_stream_lua-0.0.14/src/ngx_stream_lua_ssl_certby.c -index 7aae86a7..3ac8c7aa 100644 ---- a/bundle/ngx_stream_lua-0.0.14/src/ngx_stream_lua_ssl_certby.c -+++ b/bundle/ngx_stream_lua-0.0.14/src/ngx_stream_lua_ssl_certby.c -@@ -1385,7 +1385,11 @@ ngx_stream_lua_ffi_ssl_verify_client(ngx_stream_lua_request_t *r, - - ngx_stream_lua_ctx_t *ctx; - ngx_ssl_conn_t *ssl_conn; -+#if defined(nginx_version) && nginx_version >= 1025005 -+ ngx_stream_ssl_srv_conf_t *sscf; -+#else - ngx_stream_ssl_conf_t *sscf; -+#endif - STACK_OF(X509) *chain = ca_certs; - STACK_OF(X509_NAME) *name_chain = NULL; - X509 *x509 = NULL; diff --git a/build/openresty/patches/ngx_stream_lua-0.0.14_06-tcpsock-setkeepalive-tls13.patch b/build/openresty/patches/ngx_stream_lua-0.0.14_06-tcpsock-setkeepalive-tls13.patch deleted file mode 100644 index 77ffb0020ee..00000000000 --- a/build/openresty/patches/ngx_stream_lua-0.0.14_06-tcpsock-setkeepalive-tls13.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff --git a/bundle/ngx_stream_lua-0.0.14/src/ngx_stream_lua_socket_tcp.c b/bundle/ngx_stream_lua-0.0.14/src/ngx_stream_lua_socket_tcp.c -index 9d5472a..c5b33df 100644 ---- a/bundle/ngx_stream_lua-0.0.14/src/ngx_stream_lua_socket_tcp.c -+++ b/bundle/ngx_stream_lua-0.0.14/src/ngx_stream_lua_socket_tcp.c -@@ -5595,7 +5595,7 @@ ngx_stream_lua_socket_keepalive_close_handler(ngx_event_t *ev) - ngx_stream_lua_socket_pool_t *spool; - - int n; -- char buf[1]; -+ unsigned char buf[1]; - ngx_connection_t *c; - - c = ev->data; -@@ -5617,9 +5617,10 @@ ngx_stream_lua_socket_keepalive_close_handler(ngx_event_t *ev) - "stream lua tcp socket keepalive close handler " - "check stale events"); - -- n = recv(c->fd, buf, 1, MSG_PEEK); -+ /* consume the possible ssl-layer data implicitly */ -+ n = c->recv(c, buf, 1); - -- if (n == -1 && ngx_socket_errno == NGX_EAGAIN) { -+ if (n == NGX_AGAIN) { - /* stale event */ - - if (ngx_handle_read_event(c->read, 0) != NGX_OK) { diff --git a/build/openresty/patches/openresty_01-custom_prefix_and_cc.patch b/build/openresty/patches/openresty_01-custom_prefix_and_cc.patch index 73f31a4de43..8901f58513f 100644 --- a/build/openresty/patches/openresty_01-custom_prefix_and_cc.patch +++ b/build/openresty/patches/openresty_01-custom_prefix_and_cc.patch @@ -1,5 +1,5 @@ diff --git a/configure b/configure -index 5d7d717..969b075 100755 +index cb7e518..66c17aa 100755 --- a/configure +++ b/configure @@ -128,7 +128,7 @@ my $ngx_sbin; @@ -21,7 +21,7 @@ index 5d7d717..969b075 100755 } elsif ($opt =~ /^--sbin-path=(.*)/) { $ngx_sbin = $1; push @ngx_opts, $opt; -@@ -699,7 +702,12 @@ _END_ +@@ -696,7 +699,12 @@ _END_ #unshift @ngx_ld_opts, "-L$lib"; #unshift @ngx_cc_opts, "-I$inc"; @@ -35,7 +35,7 @@ index 5d7d717..969b075 100755 } elsif ($opts->{luajit}) { my $luajit_src = auto_complete 'LuaJIT'; -@@ -865,7 +873,12 @@ _END_ +@@ -862,7 +870,12 @@ _END_ #unshift @ngx_cc_opts, "-I$inc"; if ($platform ne 'msys') { @@ -49,7 +49,7 @@ index 5d7d717..969b075 100755 } cd '..'; -@@ -874,8 +887,13 @@ _END_ +@@ -871,8 +884,13 @@ _END_ if ($opts->{luajit} || $opts->{luajit_path}) { # build lua modules @@ -65,7 +65,7 @@ index 5d7d717..969b075 100755 { my $ngx_lua_dir = auto_complete 'ngx_lua'; -@@ -929,6 +947,11 @@ _EOC_ +@@ -926,6 +944,11 @@ _EOC_ close $in; } @@ -77,7 +77,7 @@ index 5d7d717..969b075 100755 unless ($opts->{no_lua_cjson}) { my $dir = auto_complete 'lua-cjson'; if (!defined $dir) { -@@ -1176,10 +1199,16 @@ _EOC_ +@@ -1175,10 +1198,16 @@ _EOC_ open my $in, $resty_bin or die "Cannot open $resty_bin for reading: $!\n"; my ($new, $found); @@ -95,7 +95,7 @@ index 5d7d717..969b075 100755 } else { $new .= $_; -@@ -1357,6 +1386,9 @@ _EOC_ +@@ -1356,6 +1385,9 @@ _EOC_ --with-libpq=DIR specify the libpq (or postgresql) installation prefix --with-pg_config=PATH specify the path of the pg_config utility diff --git a/build/openresty/patches/openresty_02-pcre2.patch b/build/openresty/patches/openresty_02-pcre2.patch deleted file mode 100644 index b3146a4c57f..00000000000 --- a/build/openresty/patches/openresty_02-pcre2.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/configure b/configure -index 969b075..23322a9 100755 ---- a/configure -+++ b/configure -@@ -557,9 +557,6 @@ _END_ - "\n"; - } - -- # disable pcre2 by default -- push @ngx_opts, '--without-pcre2'; -- - if (!$opts->{no_stream} - && ! $opts->{no_stream_ssl} - && ! $opts->{stream_ssl}) diff --git a/changelog/unreleased/kong/bump-openresty.yml b/changelog/unreleased/kong/bump-openresty.yml new file mode 100644 index 00000000000..b551c7e40b4 --- /dev/null +++ b/changelog/unreleased/kong/bump-openresty.yml @@ -0,0 +1,3 @@ +message: "Bumped OpenResty from 1.25.3.2 to 1.27.1.1." +type: dependency +scope: Core diff --git a/kong/init.lua b/kong/init.lua index bac5e301066..b858734a51f 100644 --- a/kong/init.lua +++ b/kong/init.lua @@ -111,12 +111,14 @@ local ngx_DEBUG = ngx.DEBUG local is_http_module = ngx.config.subsystem == "http" local is_stream_module = ngx.config.subsystem == "stream" local worker_id = ngx.worker.id +local fmt = string.format local type = type local error = error local ipairs = ipairs local assert = assert local tostring = tostring local coroutine = coroutine +local concat = table.concat local fetch_table = tablepool.fetch local release_table = tablepool.release local get_last_failure = ngx_balancer.get_last_failure @@ -144,6 +146,11 @@ local CTX_NARR = 0 local CTX_NREC = 50 -- normally Kong has ~32 keys in ctx +local UPSTREAM_KEEPALIVE_POOL_SIZE +local UPSTREAM_KEEPALIVE_IDLE_TIMEOUT +local UPSTREAM_KEEPALIVE_MAX_REQUESTS + + local declarative_entities local declarative_meta local declarative_hash @@ -170,7 +177,7 @@ do end table.insert(init_worker_errors, err) - init_worker_errors_str = table.concat(init_worker_errors, ", ") + init_worker_errors_str = concat(init_worker_errors, ", ") return ngx_log(ngx_CRIT, "worker initialization error: ", err, "; this node must be restarted") @@ -614,10 +621,9 @@ local function list_migrations(migtable) for _, mig in ipairs(t.migrations) do table.insert(mignames, mig.name) end - table.insert(list, string.format("%s (%s)", t.subsystem, - table.concat(mignames, ", "))) + table.insert(list, fmt("%s (%s)", t.subsystem, concat(mignames, ", "))) end - return table.concat(list, " ") + return concat(list, " ") end @@ -641,6 +647,10 @@ function Kong.init() local conf_path = pl_path.join(ngx.config.prefix(), ".kong_env") local config = assert(conf_loader(conf_path, nil, { from_kong_env = true })) + UPSTREAM_KEEPALIVE_POOL_SIZE = config.upstream_keepalive_pool_size + UPSTREAM_KEEPALIVE_IDLE_TIMEOUT = config.upstream_keepalive_idle_timeout + UPSTREAM_KEEPALIVE_MAX_REQUESTS = config.upstream_keepalive_max_requests + -- The dns client has been initialized in conf_loader, so we set it directly. -- Other modules should use 'kong.dns' to avoid reinitialization. kong.dns = assert(package.loaded["kong.resty.dns.client"]) @@ -1371,33 +1381,31 @@ function Kong.balancer() end end - local pool_opts - local kong_conf = kong.configuration local balancer_data_ip = balancer_data.ip local balancer_data_port = balancer_data.port - if kong_conf.upstream_keepalive_pool_size > 0 and is_http_module then - local pool = balancer_data_ip .. "|" .. balancer_data_port - + local pool + if UPSTREAM_KEEPALIVE_POOL_SIZE > 0 and is_http_module then if balancer_data.scheme == "https" then -- upstream_host is SNI - pool = pool .. "|" .. var.upstream_host - - local ctx_service = ctx.service - if ctx_service then - pool = string.format("%s|%s|%s|%s|%s", - pool, - ctx_service.tls_verify ~= nil and tostring(ctx_service.tls_verify) or "", - ctx_service.tls_verify_depth or "", - ctx_service.ca_certificates and table.concat(ctx_service.ca_certificates, ",") or "", - ctx_service.client_certificate and ctx_service.client_certificate.id or "") + local service = ctx.service + if service then + pool = fmt("%s|%s|%s|%s|%s|%s|%s", + balancer_data_ip, + balancer_data_port, + var.upstream_host, + service.tls_verify and "1" or "0", + service.tls_verify_depth or "", + service.ca_certificates and concat(service.ca_certificates, ",") or "", + service.client_certificate and service.client_certificate.id or "") + + else + pool = balancer_data_ip .. "|" .. balancer_data_port .. "|" .. var.upstream_host end - end - pool_opts = { - pool = pool, - pool_size = kong_conf.upstream_keepalive_pool_size, - } + else + pool = balancer_data_ip .. "|" .. balancer_data_port + end end current_try.ip = balancer_data_ip @@ -1406,7 +1414,7 @@ function Kong.balancer() -- set the targets as resolved ngx_log(ngx_DEBUG, "setting address (try ", try_count, "): ", balancer_data_ip, ":", balancer_data_port) - local ok, err = set_current_peer(balancer_data_ip, balancer_data_port, pool_opts) + local ok, err = set_current_peer(balancer_data_ip, balancer_data_port, pool) if not ok then ngx_log(ngx_ERR, "failed to set the current peer (address: ", tostring(balancer_data_ip), " port: ", tostring(balancer_data_port), @@ -1430,17 +1438,16 @@ function Kong.balancer() ngx_log(ngx_ERR, "could not set upstream timeouts: ", err) end - if pool_opts then - ok, err = enable_keepalive(kong_conf.upstream_keepalive_idle_timeout, - kong_conf.upstream_keepalive_max_requests) + if pool then + ok, err = enable_keepalive(UPSTREAM_KEEPALIVE_IDLE_TIMEOUT, UPSTREAM_KEEPALIVE_MAX_REQUESTS) if not ok then ngx_log(ngx_ERR, "could not enable connection keepalive: ", err) end - ngx_log(ngx_DEBUG, "enabled connection keepalive (pool=", pool_opts.pool, - ", pool_size=", pool_opts.pool_size, - ", idle_timeout=", kong_conf.upstream_keepalive_idle_timeout, - ", max_requests=", kong_conf.upstream_keepalive_max_requests, ")") + ngx_log(ngx_DEBUG, "enabled connection keepalive (pool=", pool, + ", pool_size=", UPSTREAM_KEEPALIVE_POOL_SIZE, + ", idle_timeout=", UPSTREAM_KEEPALIVE_IDLE_TIMEOUT, + ", max_requests=", UPSTREAM_KEEPALIVE_MAX_REQUESTS, ")") end -- record overall latency diff --git a/kong/meta.lua b/kong/meta.lua index 15b50e9f39c..3e7a355d8ce 100644 --- a/kong/meta.lua +++ b/kong/meta.lua @@ -24,6 +24,6 @@ return { -- third-party dependencies' required version, as they would be specified -- to lua-version's `set()` in the form {from, to} _DEPENDENCIES = { - nginx = { "1.25.3.2" }, + nginx = { "1.27.1.1" }, } } diff --git a/kong/router/atc.lua b/kong/router/atc.lua index 31aaf6c5a4e..ae9ec490745 100644 --- a/kong/router/atc.lua +++ b/kong/router/atc.lua @@ -548,7 +548,7 @@ function _M:matching(params) port = service_port, }, upstream_scheme = service_protocol, - upstream_host = matched_route.preserve_host and sni or nil, + upstream_host = matched_route.preserve_host and sni or nil, } end @@ -588,7 +588,10 @@ function _M:exec(ctx) -- cache lookup local match_t = self.cache:get(cache_key) - if not match_t then + if match_t then + route_match_stat(ctx, "pos") + + else if self.cache_neg:get(cache_key) then route_match_stat(ctx, "neg") return nil @@ -616,14 +619,11 @@ function _M:exec(ctx) end self.cache:set(cache_key, match_t) + end - else - route_match_stat(ctx, "pos") - - -- preserve_host logic, modify cache result - if match_t.route.preserve_host then - match_t.upstream_host = fields:get_value("tls.sni", CACHE_PARAMS) - end + -- preserve_host logic, modify cache result + if match_t.route.preserve_host and match_t.upstream_host == nil then + match_t.upstream_host = fields:get_value("tls.sni", CACHE_PARAMS) end return match_t diff --git a/kong/templates/nginx_kong.lua b/kong/templates/nginx_kong.lua index 470fa61e459..454ac278f31 100644 --- a/kong/templates/nginx_kong.lua +++ b/kong/templates/nginx_kong.lua @@ -73,6 +73,9 @@ lua_kong_load_var_index default; upstream kong_upstream { server 0.0.0.1; +> if upstream_keepalive_pool_size > 0 then + balancer_keepalive ${{UPSTREAM_KEEPALIVE_POOL_SIZE}}; +> end # injected nginx_upstream_* directives > for _, el in ipairs(nginx_upstream_directives) do diff --git a/spec/01-unit/04-prefix_handler_spec.lua b/spec/01-unit/04-prefix_handler_spec.lua index e33b1d84056..7e0e32b9ee5 100644 --- a/spec/01-unit/04-prefix_handler_spec.lua +++ b/spec/01-unit/04-prefix_handler_spec.lua @@ -791,7 +791,7 @@ describe("NGINX conf compiler", function() nginx_supstream_keepalive = "120", })) local nginx_conf = prefix_handler.compile_kong_stream_conf(conf) - assert.matches("keepalive%s120;", nginx_conf) + assert.matches("[^_]keepalive%s120;", nginx_conf) end) it("does not inject directives if value is 'NONE'", function() @@ -799,7 +799,7 @@ describe("NGINX conf compiler", function() nginx_upstream_keepalive = "NONE", })) local nginx_conf = prefix_handler.compile_kong_conf(conf) - assert.not_matches("keepalive%s+%d+;", nginx_conf) + assert.not_matches("[^_]keepalive%s+%d+;", nginx_conf) end) describe("default injected NGINX directives", function() diff --git a/spec/02-integration/05-proxy/25-upstream_keepalive_spec.lua b/spec/02-integration/05-proxy/25-upstream_keepalive_spec.lua index 84f8f5fdbc2..061bb29c89f 100644 --- a/spec/02-integration/05-proxy/25-upstream_keepalive_spec.lua +++ b/spec/02-integration/05-proxy/25-upstream_keepalive_spec.lua @@ -165,21 +165,17 @@ describe("#postgres upstream keepalive", function() assert.equal("SNI=one.test", body) assert.errlog() .has - .line([[enabled connection keepalive \(pool=[A-F0-9.:]+\|\d+\|one.test|false|3|]] .. - ca_certificate.id .. "|") + .line([[enabled connection keepalive \(pool=[A-F0-9.:]+\|\d+\|one.test\|0\|3\|]] .. + ca_certificate.id .. [[\|]]) assert.errlog() - .has.line([[keepalive get pool, name: [A-F0-9.:]+\|\d+\|one.test|false|3|]] .. - ca_certificate.id .. [[|, cpool: 0+]]) - assert.errlog() - .has.line([[keepalive create pool, name: [A-F0-9.:]+\|\d+\|one.test|false|3|]] .. - ca_certificate.id .. [[|, size: \d+]]) - assert.errlog() - .has.line([[lua balancer: keepalive no free connection, cpool: [A-F0-9]+]]) + .has.line([[lua balancer: keepalive no free connection, host: 127\.0\.0\.1:\d+, name: [A-F0-9.:]+\|\d+\|one.test\|0\|3\|]] .. + ca_certificate.id .. [[\|]]) assert.errlog() - .has.line([[lua balancer: keepalive saving connection [A-F0-9]+, cpool: [A-F0-9]+]]) + .has.line([[lua balancer: keepalive saving connection [A-F0-9]+, host: 127\.0\.0\.1:\d+, name: [A-F0-9.:]+\|\d+\|one.test\|0\|3\|]] .. + ca_certificate.id .. [[\|]]) assert.errlog() - .not_has.line([[keepalive free pool]], true) + .not_has.line([[keepalive: free connection pool]], true) local res = assert(proxy_client:send { method = "GET", @@ -192,30 +188,21 @@ describe("#postgres upstream keepalive", function() assert.equal("SNI=two.test", body) assert.errlog() .has - .line([[enabled connection keepalive \(pool=[A-F0-9.:]+\|\d+\|two.test|false|3|]] .. + .line([[enabled connection keepalive \(pool=[A-F0-9.:]+\|\d+\|two.test\|0\|3\|]] .. ca_certificate.id .. "|") assert.errlog() - .has.line([[keepalive get pool, name: [A-F0-9.:]+\|\d+\|two.test|false|3|]] .. - ca_certificate.id .. [[|, cpool: 0+]]) + .has.line([[lua balancer: keepalive no free connection, host: 127\.0\.0\.1:\d+, name: [A-F0-9.:]+\|\d+\|two.test\|0\|3\|]] .. + ca_certificate.id .. [[\|]]) assert.errlog() - .has.line([[keepalive create pool, name: [A-F0-9.:]+\|\d+\|two.test|false|3|]] .. - ca_certificate.id .. [[|, size: \d+]]) + .has.line([[lua balancer: keepalive saving connection [A-F0-9]+, host: 127\.0\.0\.1:\d+, name: [A-F0-9.:]+\|\d+\|two.test\|0\|3\|]] .. + ca_certificate.id .. [[\|]]) assert.errlog() - .has.line([[lua balancer: keepalive no free connection, cpool: [A-F0-9]+]]) - assert.errlog() - .has.line([[lua balancer: keepalive saving connection [A-F0-9]+, cpool: [A-F0-9]+]]) - assert.errlog() - .not_has.line([[keepalive free pool]], true) + .not_has.line([[keepalive: free connection pool]], true) local handle, result - handle = io.popen([[grep 'cpool: 0000000000' servroot/logs/error.log|wc -l]]) - result = handle:read("*l") - handle:close() - assert(tonumber(result) == 2) - - handle = io.popen([[grep 'keepalive create pool, name:' servroot/logs/error.log|wc -l]]) + handle = io.popen([[grep 'lua balancer: keepalive no free connection' servroot/logs/error.log|wc -l]]) result = handle:read("*l") handle:close() assert(tonumber(result) == 2) @@ -253,20 +240,17 @@ describe("#postgres upstream keepalive", function() assert.not_equal(fingerprint_1, fingerprint_2) assert.errlog() - .has.line([[enabled connection keepalive \(pool=[0-9.]+|\d+|[0-9.]+:\d+|[a-f0-9-]+|false|3|]] .. - ca_certificate.id .. "|" .. client_cert1.id) + .has.line([[enabled connection keepalive \(pool=[0-9.]+|\d+|[0-9.]+:\d+|[a-f0-9-]+\|0\|3\|]] .. + ca_certificate.id .. [[\|]] .. client_cert1.id) assert.errlog() - .has.line([[keepalive get pool, name: [0-9.]+|\d+|[0-9.]+:\d+|[a-f0-9-]+|false|3|]] .. - ca_certificate.id .. "|" .. client_cert1.id .. [[, cpool: 0+]]) + .has.line([[lua balancer: keepalive no free connection, host: 127\.0\.0\.1:\d+, name: [0-9.]+|\d+|[0-9.]+:\d+|[a-f0-9-]+\|0\|3\|]] .. + ca_certificate.id .. [[\|]].. client_cert1.id) assert.errlog() - .has.line([[keepalive create pool, name: [0-9.]+|\d+|[0-9.]+:\d+|[a-f0-9-]+, size: \d+]]) - assert.errlog() - .has.line([[lua balancer: keepalive no free connection, cpool: [A-F0-9]+]]) - assert.errlog() - .has.line([[lua balancer: keepalive saving connection [A-F0-9]+, cpool: [A-F0-9]+]]) + .has.line([[lua balancer: keepalive saving connection [A-F0-9]+, host: 127\.0\.0\.1:\d+, name: [0-9.]+|\d+|[0-9.]+:\d+|[a-f0-9-]+\|0\|3\|]] .. + ca_certificate.id .. [[\|]] .. client_cert1.id) assert.errlog() - .not_has.line([[keepalive free pool]], true) + .not_has.line([[keepalive: free connection pool]], true) end) @@ -288,11 +272,6 @@ describe("#postgres upstream keepalive", function() .not_has .line("enabled connection keepalive", true) - assert.errlog() - .not_has.line([[keepalive get pool]], true) - assert.errlog() - .not_has.line([[keepalive create pool]], true) - local res = assert(proxy_client:send { method = "GET", path = "/echo_sni", @@ -307,11 +286,7 @@ describe("#postgres upstream keepalive", function() .line("enabled connection keepalive", true) assert.errlog() - .not_has.line([[keepalive get pool]], true) - assert.errlog() - .not_has.line([[keepalive create pool]], true) - assert.errlog() - .not_has.line([[keepalive free pool]], true) + .not_has.line([[keepalive: free connection pool]], true) end) @@ -329,26 +304,22 @@ describe("#postgres upstream keepalive", function() assert.equal("SNI=one.test", body) assert.errlog() .has - .line([[enabled connection keepalive \(pool=[A-F0-9.:]+\|\d+\|one.test|false|3|]] .. + .line([[enabled connection keepalive \(pool=[A-F0-9.:]+\|\d+\|one.test\|0\|3\|]] .. ca_certificate.id .. "|") assert.errlog() - .has.line([[keepalive get pool, name: [A-F0-9.:]+\|\d+\|one.test|false|3|]] .. - ca_certificate.id .. [[|, cpool: 0+]]) - assert.errlog() - .has.line([[keepalive create pool, name: [A-F0-9.:]+\|\d+\|one.test|false|3|]] .. - ca_certificate.id .. [[|, size: \d+]]) - assert.errlog() - .has.line([[keepalive no free connection, cpool: [A-F0-9]+]]) + .has.line([[lua balancer: keepalive no free connection, host: 127\.0\.0\.1:\d+, name: [A-F0-9.:]+\|\d+\|one.test\|0\|3\|]] .. + ca_certificate.id .. [[\|]]) assert.errlog() - .has.line([[keepalive saving connection [A-F0-9]+, cpool: [A-F0-9]+]]) + .has.line([[lua balancer: keepalive saving connection [A-F0-9]+, host: 127\.0\.0\.1:\d+, name: [A-F0-9.:]+\|\d+\|one.test\|0\|3\|]] .. + ca_certificate.id .. [[\|]]) assert.errlog() - .not_has.line([[keepalive free pool]], true) + .not_has.line([[keepalive: free connection pool]], true) local handle, upool_ptr handle = io.popen([[grep 'lua balancer: keepalive saving connection' servroot/logs/error.log]] .. "|" .. - [[grep -Eo 'cpool: [A-F0-9]+']]) + [[grep -Eo 'host: [A-F0-9]+']]) upool_ptr = handle:read("*l") handle:close() @@ -363,18 +334,17 @@ describe("#postgres upstream keepalive", function() assert.equal("SNI=one.test", body) assert.errlog() .has - .line([[enabled connection keepalive \(pool=[A-F0-9.:]+\|\d+\|one.test|false|3|]] .. + .line([[enabled connection keepalive \(pool=[A-F0-9.:]+\|\d+\|one.test\|0\|3\|]] .. ca_certificate.id .. "|") assert.errlog() - .has.line([[keepalive get pool, name: [A-F0-9.:]+\|\d+\|one.test|false|3|]] .. + .has.line([[lua balancer: keepalive reusing connection [A-F0-9]+, host: 127\.0\.0\.1:\d+, name: 127\.0\.0\.1\|\d+|[A-F0-9.:]+\|\d+\|one.test\|0\|3\|]] .. ca_certificate.id .. [[|, ]] .. upool_ptr) assert.errlog() - .has.line([[keepalive reusing connection [A-F0-9]+, requests: \d+, ]] .. upool_ptr) - assert.errlog() - .has.line([[keepalive saving connection [A-F0-9]+, ]] .. upool_ptr) + .has.line([[lua balancer: keepalive saving connection [A-F0-9]+, host: 127\.0\.0\.1:\d+, name: 127\.0\.0\.1\|\d+|[A-F0-9.:]+\|\d+\|one.test\|0\|3\|]] .. + ca_certificate.id .. [[|, ]] .. upool_ptr) assert.errlog() - .not_has.line([[keepalive free pool]], true) + .not_has.line([[keepalive: free connection pool]], true) end) @@ -392,22 +362,17 @@ describe("#postgres upstream keepalive", function() assert.equal("SNI=one.test", body) assert.errlog() .has - .line([[enabled connection keepalive \(pool=[A-F0-9.:]+\|\d+\|one.test|false|3|]] .. - ca_certificate.id .. "|") + .line([[enabled connection keepalive \(pool=[A-F0-9.:]+\|\d+\|one.test\|0\|3\|]] .. + ca_certificate.id .. [[\|]]) assert.errlog() - .has.line([[keepalive get pool, name: [A-F0-9.:]+\|\d+\|one.test|false|3|]] .. - ca_certificate.id .. [[|, cpool: 0+]]) - assert.errlog() - .has.line([[keepalive create pool, name: [A-F0-9.:]+\|\d+\|one.test|false|3|]] .. - ca_certificate.id .. [[|, size: \d+]]) - assert.errlog() - .has.line([[keepalive no free connection, cpool: [A-F0-9]+]]) + .has.line([[lua balancer: keepalive no free connection, host: 127\.0\.0\.1:\d+, name: 127\.0\.0\.1|\d+\|one.test\|0\|3\|]] .. + ca_certificate.id .. [[\|]]) assert.errlog() - .has.line([[keepalive not saving connection [A-F0-9]+, cpool: [A-F0-9]+]]) + .has.line([[lua balancer: keepalive not saving connection [A-F0-9]+]]) assert.errlog() - .has.line([[keepalive free pool, name: [A-F0-9.:]+\|\d+\|one.test|false|3|]] .. - ca_certificate.id .. [[|, cpool: [A-F0-9]+]]) + .has.line([[keepalive: free connection pool [A-F0-9.:]+ for \"127\.0\.0\.1|\d+|[A-F0-9.:]+\|\d+\|one.test\|0\|3\|]] .. + ca_certificate.id .. [[\|\"]]) assert.errlog() .not_has.line([[keepalive saving connection]], true) @@ -446,12 +411,12 @@ describe("#postgres upstream keepalive", function() local handle - handle = io.popen([[grep 'enabled connection keepalive ' servroot/logs/error.log]] .. "|" .. + handle = io.popen([[grep 'enabled connection keepalive' servroot/logs/error.log]] .. "|" .. [[grep -Eo 'pool=[A-F0-9.:]+\|\d+\|plumless.xxx']]) local name1 = handle:read("*l") handle:close() - handle = io.popen([[grep 'enabled connection keepalive ' servroot/logs/error.log]] .. "|" .. + handle = io.popen([[grep 'enabled connection keepalive' servroot/logs/error.log]] .. "|" .. [[grep -Eo 'pool=[A-F0-9.:]+\|\d+\|buckeroo.xxx']]) local name2 = handle:read("*l") handle:close() @@ -461,7 +426,7 @@ describe("#postgres upstream keepalive", function() assert.equal(crc1, crc2) handle = io.popen([[grep 'lua balancer: keepalive saving connection' servroot/logs/error.log]] .. "|" .. - [[grep -Eo 'cpool: [A-F0-9]+']]) + [[grep -Eo 'name: .*']]) local upool_ptr1 = handle:read("*l") local upool_ptr2 = handle:read("*l") handle:close()