Re: [PATCH] QUIC: style
On Fri, May 12, 2023 at 01:30:41AM +0300, Maxim Dounin wrote:
> # HG changeset patch
> # User Maxim Dounin
> # Date 1683820081 -10800
> # Thu May 11 18:48:01 2023 +0300
> # Branch quic
> # Node ID 7d67fe09bcad6bc7e375c4d889787b8b57017856
> # Parent b9230e37b8a19e594d201dcc1e6dd8fc666feaf0
> QUIC: style.
>
> diff --git a/src/http/v3/ngx_http_v3.h b/src/http/v3/ngx_http_v3.h
> --- a/src/http/v3/ngx_http_v3.h
> +++ b/src/http/v3/ngx_http_v3.h
> @@ -85,11 +85,11 @@
> #define ngx_http_v3_get_session(c)
> ngx_http_quic_get_connection(c)->v3_session
>
> #define ngx_http_v3_get_module_loc_conf(c, module)
> \
> -ngx_http_get_module_loc_conf(ngx_http_quic_get_connection(c)->conf_ctx,
>\
> +ngx_http_get_module_loc_conf(ngx_http_quic_get_connection(c)->conf_ctx,
> \
> module)
>
> #define ngx_http_v3_get_module_srv_conf(c, module)
> \
> -ngx_http_get_module_srv_conf(ngx_http_quic_get_connection(c)->conf_ctx,
>\
> +ngx_http_get_module_srv_conf(ngx_http_quic_get_connection(c)->conf_ctx,
> \
> module)
>
> #define ngx_http_v3_finalize_connection(c, code, reason)
> \
> diff --git a/src/http/v3/ngx_http_v3_parse.c b/src/http/v3/ngx_http_v3_parse.c
> --- a/src/http/v3/ngx_http_v3_parse.c
> +++ b/src/http/v3/ngx_http_v3_parse.c
> @@ -868,7 +868,8 @@ ngx_http_v3_parse_field_l(ngx_connection
>
> case sw_start:
>
> -ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "http3 parse field
> l");
> +ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0,
> + "http3 parse field l");
>
> if (b->pos == b->last) {
> return NGX_AGAIN;
> ___
> nginx-devel mailing list
> nginx-devel@nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx-devel
Looks good
___
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
[PATCH] Use pipe as a delimiter for sed(1) to fix build for libnjs target
# HG changeset patch # User Sergey A. Osokin # Date 1683860927 -10800 # Fri May 12 06:08:47 2023 +0300 # Node ID 9d717a336e89a34ac92b87a6294a5f552dc56f74 # Parent 1f84f3c34bb08b3489040319aac5cd46ca172bec Use pipe as a delimiter for sed(1) to fix build for libnjs target. sed(1) command line utility may fail with the following error: sed: 1: "s,@EXTRA_LIBS@,-lm -L ...": bad in substitute command: '-' when a replacement for @EXTRA_LIBS@ contains a comma symbol. diff -r 1f84f3c34bb0 -r 9d717a336e89 auto/make --- a/auto/make Wed May 10 22:36:53 2023 -0700 +++ b/auto/make Fri May 12 06:08:47 2023 +0300 @@ -320,11 +320,11 @@ pc: $NJS_BUILD_DIR/njs.pc $NJS_BUILD_DIR/njs.pc: $NJS_BUILD_DIR/njs_auto_config.h - sed -e "s,@PREFIX@,$(pwd)/$NJS_BUILD_DIR," \\ - -e "s,@LIBDIR@,$(pwd)/$NJS_BUILD_DIR," \\ - -e "s,@CFLAGS@,-I$(pwd)/$NJS_BUILD_DIR -I$(pwd)/src," \\ - -e "s,@VERSION@,\$(NJS_VER)," \\ - -e "s,@EXTRA_LIBS@,-lm $NJS_LIBS $NJS_LIB_AUX_LIBS," \\ + sed -e "s|@PREFIX@|$(pwd)/$NJS_BUILD_DIR|" \\ + -e "s|@LIBDIR@|$(pwd)/$NJS_BUILD_DIR|" \\ + -e "s|@CFLAGS@|-I$(pwd)/$NJS_BUILD_DIR -I$(pwd)/src|" \\ + -e "s|@VERSION@|\$(NJS_VER)|" \\ + -e "s|@EXTRA_LIBS@|-lm $NJS_LIBS $NJS_LIB_AUX_LIBS|" \\ src/njs.pc.in > \$@ END ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[PATCH] Added $http2_stream_id
# HG changeset patch
# User jordanc.car...@outlook.com
# Date 1683858766 -3600
# Fri May 12 03:32:46 2023 +0100
# Node ID de1a1b4141e827984cbd0d2feb97f870c32ff289
# Parent b71e69247483631bd8fc79a47cc32b762625b1fb
Added $http2_stream_id
Useful for tracing multiplexed requests from client logs or pcaps
captured between client and nginx, to nginx's own access logs.
Also useful for matching multiplexed request's access log entries to
debug level error logs - which is particularly difficult to do.
diff --git a/src/http/v2/ngx_http_v2_module.c
b/src/http/v2/ngx_http_v2_module.c ---
a/src/http/v2/ngx_http_v2_module.c +++
b/src/http/v2/ngx_http_v2_module.c @@ -15,6 +15,8 @@
static ngx_int_t ngx_http_v2_variable(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data);
+static ngx_int_t ngx_http_v2_variable_stream_id(ngx_http_request_t *r,
+ngx_http_variable_value_t *v, uintptr_t data);
static ngx_int_t ngx_http_v2_module_init(ngx_cycle_t *cycle);
@@ -213,6 +215,9 @@
{ ngx_string("http2"), NULL,
ngx_http_v2_variable, 0, 0, 0 },
+{ ngx_string("http2_stream_id"), NULL,
+ ngx_http_v2_variable_stream_id, 0, 0, 0 },
+
ngx_http_null_variable
};
@@ -271,6 +276,32 @@
static ngx_int_t
+ngx_http_v2_variable_stream_id(ngx_http_request_t *r,
+ngx_http_variable_value_t *v, uintptr_t data)
+{
+u_char *p;
+
+if (!r->stream) {
+v->not_found = 1;
+return NGX_OK;
+}
+
+p = ngx_pnalloc(r->pool, NGX_INT32_LEN);
+if (p == NULL) {
+return NGX_ERROR;
+}
+
+v->len = ngx_sprintf(p, "%i", r->stream->node->id) - p;
+v->valid = 1;
+v->no_cacheable = 0;
+v->not_found = 0;
+v->data = p;
+
+return NGX_OK;
+}
+
+
+static ngx_int_t
ngx_http_v2_module_init(ngx_cycle_t *cycle)
{
return NGX_OK;
___
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH] Asynchronous close event handling for single peer upstreams
On Sun, 7 May 2023 21:55:19 +0100
J Carter wrote:
> # HG changeset patch
> # User jordanc.car...@outlook.com
> # Date 1683491710 -3600
> # Sun May 07 21:35:10 2023 +0100
> # Node ID e1ec9971da677b763c7576c729576d6f906631ae
> # Parent b71e69247483631bd8fc79a47cc32b762625b1fb
> Asynchronous close event handling for single peer upstreams
>
> Prevents additional upstream tries when consecutive asynchronous close
> errors are encountered for single peer upstreams utilizing keepalive
> connections.
>
> This replaces the current behavior of unlimited retries.
>
> diff -r b71e69247483 -r e1ec9971da67 src/event/ngx_event_connect.h
> --- a/src/event/ngx_event_connect.h Mon May 01 19:16:05 2023
> +0400 +++ b/src/event/ngx_event_connect.h Sun May 07 21:35:10
> 2023 +0100 @@ -17,6 +17,7 @@
> #define NGX_PEER_KEEPALIVE 1
> #define NGX_PEER_NEXT2
> #define NGX_PEER_FAILED 4
> +#define NGX_PEER_ASYNC_FAILED8
>
>
> typedef struct ngx_peer_connection_s ngx_peer_connection_t;
> @@ -64,6 +65,7 @@
> unsigned transparent:1;
> unsigned so_keepalive:1;
> unsigned down:1;
> +unsigned async_failed:1;
>
> /* ngx_connection_log_error_e */
> unsigned log_error:2;
> diff -r b71e69247483 -r e1ec9971da67 src/http/ngx_http_upstream.c
> --- a/src/http/ngx_http_upstream.cMon May 01 19:16:05 2023
> +0400 +++ b/src/http/ngx_http_upstream.c Sun May 07 21:35:10
> 2023 +0100 @@ -4317,6 +4317,9 @@
> {
> state = NGX_PEER_NEXT;
>
> +} else if (u->peer.cached && ft_type ==
> NGX_HTTP_UPSTREAM_FT_ERROR) {
> +state = NGX_PEER_FAILED | NGX_PEER_ASYNC_FAILED;
> +
> } else {
> state = NGX_PEER_FAILED;
> }
> @@ -4330,11 +4333,6 @@
>"upstream timed out");
> }
>
> -if (u->peer.cached && ft_type == NGX_HTTP_UPSTREAM_FT_ERROR) {
> -/* TODO: inform balancer instead */
> -u->peer.tries++;
> -}
> -
> switch (ft_type) {
>
> case NGX_HTTP_UPSTREAM_FT_TIMEOUT:
> diff -r b71e69247483 -r e1ec9971da67
> src/http/ngx_http_upstream_round_robin.c ---
> a/src/http/ngx_http_upstream_round_robin.cMon May 01 19:16:05
> 2023 +0400 +++ b/src/http/ngx_http_upstream_round_robin.c Sun
> May 07 21:35:10 2023 +0100 @@ -623,6 +623,12 @@
> ngx_http_upstream_rr_peers_unlock(rrp->peers);
> pc->tries = 0;
> +
> +if (state & NGX_PEER_ASYNC_FAILED && !pc->async_failed) {
> +pc->async_failed = 1;
> +pc->tries = 1;
> +}
> +
> return;
> }
Hello,
any opinions or suggestions for this patch?
___
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
[njs] Modules: added options to disable parts dependant on 3rd party libs.
details: https://hg.nginx.org/njs/rev/1f84f3c34bb0
branches:
changeset: 2116:1f84f3c34bb0
user: Dmitry Volyntsev
date: Wed May 10 22:36:53 2023 -0700
description:
Modules: added options to disable parts dependant on 3rd party libs.
The following environment variables are added: NJS_OPENSSL, NJS_LIBXSLT,
NJS_ZLIB. When a variable evaluates to "NO" the part of the module
related to the corresponsing library is disabled.
For example to disable libxslt related code:
NJS_LIBXSLT=NO ./configure .. --add-module=/path/to/njs/module
diffstat:
nginx/config | 43 +--
nginx/ngx_js.c | 6 ++
2 files changed, 43 insertions(+), 6 deletions(-)
diffs (89 lines):
diff -r a140e71b0fbf -r 1f84f3c34bb0 nginx/config
--- a/nginx/config Wed May 10 20:50:53 2023 -0700
+++ b/nginx/config Wed May 10 22:36:53 2023 -0700
@@ -1,13 +1,42 @@
ngx_addon_name="ngx_js_module"
+NJS_OPENSSL=${NJS_OPENSSL:-YES}
+NJS_LIBXSLT=${NJS_LIBXSLT:-YES}
+NJS_ZLIB=${NJS_ZLIB:-YES}
+
NJS_DEPS="$ngx_addon_dir/ngx_js.h \
$ngx_addon_dir/ngx_js_fetch.h"
NJS_SRCS="$ngx_addon_dir/ngx_js.c \
$ngx_addon_dir/ngx_js_fetch.c \
-$ngx_addon_dir/ngx_js_regex.c \
-$ngx_addon_dir/../external/njs_webcrypto_module.c
-$ngx_addon_dir/../external/njs_zlib_module.c
-$ngx_addon_dir/../external/njs_xml_module.c"
+$ngx_addon_dir/ngx_js_regex.c"
+
+NJS_OPENSSL_LIB=
+NJS_XSLT_LIB=
+NJS_ZLIB_LIB=
+
+if [ $NJS_OPENSSL != NO ]; then
+NJS_OPENSSL_LIB=OPENSSL
+have=NJS_HAVE_OPENSSL . auto/have
+NJS_SRCS="$NJS_SRCS $ngx_addon_dir/../external/njs_webcrypto_module.c"
+
+echo " enabled webcrypto module"
+fi
+
+if [ $NJS_LIBXSLT != NO ]; then
+NJS_XSLT_LIB=LIBXSLT
+have=NJS_HAVE_XML . auto/have
+NJS_SRCS="$NJS_SRCS $ngx_addon_dir/../external/njs_xml_module.c"
+
+echo " enabled xml module"
+fi
+
+if [ $NJS_ZLIB != NO ]; then
+NJS_ZLIB_LIB=ZLIB
+have=NJS_HAVE_ZLIB . auto/have
+NJS_SRCS="$NJS_SRCS $ngx_addon_dir/../external/njs_zlib_module.c"
+
+echo " enabled zlib module"
+fi
if [ $HTTP != NO ]; then
ngx_module_type=HTTP_AUX_FILTER
@@ -15,7 +44,8 @@ if [ $HTTP != NO ]; then
ngx_module_incs="$ngx_addon_dir/../src $ngx_addon_dir/../build"
ngx_module_deps="$ngx_addon_dir/../build/libnjs.a $NJS_DEPS"
ngx_module_srcs="$ngx_addon_dir/ngx_http_js_module.c $NJS_SRCS"
-ngx_module_libs="PCRE OPENSSL ZLIB LIBXSLT
$ngx_addon_dir/../build/libnjs.a -lm"
+ngx_module_libs="PCRE $NJS_OPENSSL_LIB $NJS_XSLT_LIB $NJS_ZLIB_LIB \
+ $ngx_addon_dir/../build/libnjs.a -lm"
. auto/module
@@ -30,7 +60,8 @@ if [ $STREAM != NO ]; then
ngx_module_incs="$ngx_addon_dir/../src $ngx_addon_dir/../build"
ngx_module_deps="$ngx_addon_dir/../build/libnjs.a $NJS_DEPS"
ngx_module_srcs="$ngx_addon_dir/ngx_stream_js_module.c $NJS_SRCS"
-ngx_module_libs="PCRE OPENSSL ZLIB LIBXSLT
$ngx_addon_dir/../build/libnjs.a -lm"
+ngx_module_libs="PCRE $NJS_OPENSSL_LIB $NJS_XSLT_LIB $NJS_ZLIB_LIB \
+ $ngx_addon_dir/../build/libnjs.a -lm"
. auto/module
fi
diff -r a140e71b0fbf -r 1f84f3c34bb0 nginx/ngx_js.c
--- a/nginx/ngx_js.cWed May 10 20:50:53 2023 -0700
+++ b/nginx/ngx_js.cWed May 10 22:36:53 2023 -0700
@@ -88,9 +88,15 @@ static njs_external_t ngx_js_ext_core[]
njs_module_t *njs_js_addon_modules[] = {
+#ifdef NJS_HAVE_OPENSSL
&njs_webcrypto_module,
+#endif
+#ifdef NJS_HAVE_XML
&njs_xml_module,
+#endif
+#ifdef NJS_HAVE_ZLIB
&njs_zlib_module,
+#endif
NULL,
};
___
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
[PATCH] QUIC: style
# HG changeset patch
# User Maxim Dounin
# Date 1683820081 -10800
# Thu May 11 18:48:01 2023 +0300
# Branch quic
# Node ID 7d67fe09bcad6bc7e375c4d889787b8b57017856
# Parent b9230e37b8a19e594d201dcc1e6dd8fc666feaf0
QUIC: style.
diff --git a/src/http/v3/ngx_http_v3.h b/src/http/v3/ngx_http_v3.h
--- a/src/http/v3/ngx_http_v3.h
+++ b/src/http/v3/ngx_http_v3.h
@@ -85,11 +85,11 @@
#define ngx_http_v3_get_session(c) ngx_http_quic_get_connection(c)->v3_session
#define ngx_http_v3_get_module_loc_conf(c, module)\
-ngx_http_get_module_loc_conf(ngx_http_quic_get_connection(c)->conf_ctx,
\
+ngx_http_get_module_loc_conf(ngx_http_quic_get_connection(c)->conf_ctx, \
module)
#define ngx_http_v3_get_module_srv_conf(c, module)\
-ngx_http_get_module_srv_conf(ngx_http_quic_get_connection(c)->conf_ctx,
\
+ngx_http_get_module_srv_conf(ngx_http_quic_get_connection(c)->conf_ctx, \
module)
#define ngx_http_v3_finalize_connection(c, code, reason) \
diff --git a/src/http/v3/ngx_http_v3_parse.c b/src/http/v3/ngx_http_v3_parse.c
--- a/src/http/v3/ngx_http_v3_parse.c
+++ b/src/http/v3/ngx_http_v3_parse.c
@@ -868,7 +868,8 @@ ngx_http_v3_parse_field_l(ngx_connection
case sw_start:
-ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "http3 parse field
l");
+ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0,
+ "http3 parse field l");
if (b->pos == b->last) {
return NGX_AGAIN;
___
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH 3 of 3] QUIC: keep stream sockaddr and addr_text constant
Hi,
On Thu, May 11, 2023 at 02:26:41PM +0400, Sergey Kandaurov wrote:
>
> > On 10 May 2023, at 21:46, Roman Arutyunyan wrote:
> >
> > Hi,
> >
> > On Tue, May 02, 2023 at 04:34:15PM +0400, Roman Arutyunyan wrote:
> >> # HG changeset patch
> >> # User Roman Arutyunyan
> >> # Date 1682679819 -14400
> >> # Fri Apr 28 15:03:39 2023 +0400
> >> # Branch quic
> >> # Node ID 43f0ceffa227a33e5c5ceb35b77f9a1f86dd2481
> >> # Parent cdc41ec778ffae822fefce639e67f2f57e3667f0
> >> QUIC: keep stream sockaddr and addr_text constant.
> >>
> >> HTTP and Stream variables $remote_addr and $binary_remote_addr rely on
> >> constant client address, particularly because they are cacheable.
> >> However, QUIC client may migrate to a new address. While there's no
> >> perfect
> >> way to handle this, the proposed solution is to copy client address to QUIC
> >> stream at stream creation. Previously, the address was only referenced,
> >> which
> >> could result in changing it while stream was active, which in turn would
> >> lead
> >> to broken cached variables values, since address length is cached as well.
> >
> > While testing this, it was found that $remote_addr truncation happens at the
> > QUIC level since the addr_text string is copied by value and retains the old
> > length after migration. The new commit log:
> >
> > QUIC: keep stream sockaddr and addr_text constant.
> >
> > HTTP and Stream variables $remote_addr and $binary_remote_addr rely on
> > constant client address, particularly because they are cacheable.
> > However, QUIC client may migrate to a new address. While there's no perfect
> > way to handle this, the proposed solution is to copy client address to QUIC
> > stream at stream creation.
> >
> > The change also fixes truncated $remote_addr if migration happened while the
> > stream was active. The reason is addr_text string was copied to stream by
> > value.
> >
> > [..]
> >
>
> All series looks good for me.
Discussed patch #3 again. Decided to add the following, just to be on the safe
side:
diff --git a/src/event/quic/ngx_event_quic_streams.c
b/src/event/quic/ngx_event_quic_streams.c
--- a/src/event/quic/ngx_event_quic_streams.c
+++ b/src/event/quic/ngx_event_quic_streams.c
@@ -716,6 +716,7 @@ ngx_quic_create_stream(ngx_connection_t
} else {
addr_text.len = 0;
+addr_text.data = NULL;
}
reusable = c->reusable;
[..]
--
Roman Arutyunyan
___
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH 2 of 2] QUIC: removed "quic_mtu" directive
On 10.05.2023 23:40, Roman Arutyunyan wrote: Hi, On Thu, May 11, 2023 at 10:26:34AM +0400, Roman Arutyunyan wrote: # HG changeset patch # User Roman Arutyunyan # Date 1683783928 -14400 # Thu May 11 09:45:28 2023 +0400 # Branch quic # Node ID 5db9c42c3d4bf862642b85d8f508257a1ad9c694 # Parent d2cc7adb261edc92988411ac7e0c8059419c201d QUIC: removed "quic_mtu" directive. The directive used to set the value of the "max_udp_payload_size" transport parameter. According to RFC 9000, Section 18.2, the value specifies the size of buffer for reading incoming datagrams: This limit does act as an additional constraint on datagram size in the same way as the path MTU, but it is a property of the endpoint and not the path; see Section 14. It is expected that this is the space an endpoint dedicates to holding incoming packets. Current QUIC implementation uses the maximum possible buffer size (65527) for reading datagrams. [..] Plus README update: [...] + nginx.org docs needs update too. -- Maxim Konovalov ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH 0 of 2] QUIC datagram size updates
> On 11 May 2023, at 10:26, Roman Arutyunyan wrote: > > - The first patch brings down max input datagram size from 65535 to 65527. > > - The second patch eliminates "quic_mtu" directive, which currently sets > max_udp_payload_size transport parameter value. According to RFC 9000, this > value is not related to MTU, but is effectively the max size of input buffer. Looks good. -- Sergey Kandaurov ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH 06 of 11] Tests: reworked mail SSL tests to use IO::Socket::SSL
> On 17 Apr 2023, at 07:31, Maxim Dounin wrote:
>
> # HG changeset patch
> # User Maxim Dounin
> # Date 1681702257 -10800
> # Mon Apr 17 06:30:57 2023 +0300
> # Node ID 20d603cd3cbeab89127108fe9cb6dffd0e9469e8
> # Parent a8e22a3212da945e9060d4233905eb6de1399d34
> Tests: reworked mail SSL tests to use IO::Socket::SSL.
>
> Relevant infrastructure is provided in Test::Nginx::IMAP (and also POP3
> and SMTP for completeness). This also ensures that SSL handshake and
> various read operations are guarded with timeouts.
>
[..]
> diff --git a/mail_ssl_conf_command.t b/mail_ssl_conf_command.t
> --- a/mail_ssl_conf_command.t
> +++ b/mail_ssl_conf_command.t
> @@ -16,6 +16,7 @@ BEGIN { use FindBin; chdir($FindBin::Bin
>
> use lib 'lib';
> use Test::Nginx;
> +use Test::Nginx::IMAP;
>
> ###
>
> @@ -24,15 +25,8 @@ select STDOUT; $| = 1;
>
> local $SIG{PIPE} = 'IGNORE';
>
> -eval {
> - require Net::SSLeay;
> - Net::SSLeay::load_error_strings();
> - Net::SSLeay::SSLeay_add_ssl_algorithms();
> - Net::SSLeay::randomize();
> -};
> -plan(skip_all => 'Net::SSLeay not installed') if $@;
> -
> -my $t = Test::Nginx->new()->has(qw/mail mail_ssl imap openssl:1.0.2/)
> +my $t = Test::Nginx->new()
> + ->has(qw/mail mail_ssl imap openssl:1.0.2 socket_ssl_reused/)
> ->has_daemon('openssl');
>
> plan(skip_all => 'no ssl_conf_command') if $t->has_module('BoringSSL');
> @@ -50,7 +44,7 @@ mail {
> auth_http http://127.0.0.1:8080; # unused
>
> server {
> -listen 127.0.0.1:8443 ssl;
> +listen 127.0.0.1:8993 ssl;
Please avoid using an upper half of 8000 .. 8999 range for TCP tests.
The reason is a deficiency in automatic port selection used for
parallel testing, see Test::Nginx::port(). Currently, ports are
selected in the reversed order for TCP and UDP for a reason:
another socket type for the same port is used as a lock.
But that gives a race if you try to concurrently select the same
port for both TCP and UDP.
Currently, this is worked around by splitting the range:
bottom half is used for TCP, upper half is used for UDP.
Luckily, nginx retries bind/listen on NGX_EADDRINUSE up to 5 times,
but this doesn't always work.
[..]
--
Sergey Kandaurov
___
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH 10 of 11] Tests: reworked http SSL tests to use IO::Socket::SSL
> On 17 Apr 2023, at 07:31, Maxim Dounin wrote:
>
> # HG changeset patch
> # User Maxim Dounin
> # Date 1681702264 -10800
> # Mon Apr 17 06:31:04 2023 +0300
> # Node ID 2aaba5bbc0366bffe1f468105b1185cd48efbc93
> # Parent 90913cb36b512c45cd9a171cbb4320b12ff24b48
> Tests: reworked http SSL tests to use IO::Socket::SSL.
>
> Relevant infrastructure is provided in Test::Nginx http() functions.
> This also ensures that SSL handshake and various read and write operations
> are guarded with timeouts.
>
> The ssl_sni_reneg.t test uses IO::Socket::SSL::_get_ssl_object() to access
> the Net::SSLeay object directly and trigger renegotation. While
> not exactly correct, this seems to be good enough for tests.
>
> Similarly, IO::Socket::SSL::_get_ssl_object() is used in ssl_stapling.t,
> since SSL_ocsp_staple_callback is called with the socket instead of the
> Net::SSLeay object.
>
> Similarly, IO::Socket::SSL::_get_ssl_object() is used in ssl_verify_client.t,
> since there seems to be no way to obtain CA list with IO::Socket::SSL.
This is one of the reasons why it was written in Net::SSLeay.
The intention was to avoid using undocumented _get_ssl_object.
The resulting code throughout the series is sometimes hard to read now.
Still, if you believe it is better to rewrite it in IO::Socket:SSL,
I'm ok with it. You can treat this as a positive review.
See minor comments below and in other patches.
>
> Notable change to http() request interface is that http_end() now closes
> the socket. This is to make sure that SSL connections are properly
> closed and SSL sessions are not removed from the IO::Socket::SSL session
> cache. This affected access_log.t, which was modified accordingly.
>
> diff --git a/access_log.t b/access_log.t
> --- a/access_log.t
> +++ b/access_log.t
> @@ -161,11 +161,11 @@ http_get('/varlog?logname=0');
> http_get('/varlog?logname=filename');
>
> my $s = http('', start => 1);
> -http_get('/addr', socket => $s);
> my $addr = $s->sockhost();
> my $port = $s->sockport();
> my $saddr = $s->peerhost();
> my $sport = $s->peerport();
> +http_get('/addr', socket => $s);
>
> http_get('/binary');
>
> diff --git a/lib/Test/Nginx.pm b/lib/Test/Nginx.pm
> --- a/lib/Test/Nginx.pm
> +++ b/lib/Test/Nginx.pm
> @@ -838,13 +838,15 @@ sub http($;%) {
> my $s = http_start($request, %extra);
>
> return $s if $extra{start} or !defined $s;
> - return http_end($s);
> + return http_end($s, %extra);
> }
>
> sub http_start($;%) {
> my ($request, %extra) = @_;
> my $s;
>
> + my $port = $extra{SSL} ? 8443 : 8080;
> +
> eval {
> local $SIG{ALRM} = sub { die "timeout\n" };
> local $SIG{PIPE} = sub { die "sigpipe\n" };
> @@ -852,10 +854,25 @@ sub http_start($;%) {
>
> $s = $extra{socket} || IO::Socket::INET->new(
> Proto => 'tcp',
> - PeerAddr => '127.0.0.1:' . port(8080)
> + PeerAddr => '127.0.0.1:' . port($port),
> + %extra
> )
> or die "Can't connect to nginx: $!\n";
>
> + if ($extra{SSL}) {
> + require IO::Socket::SSL;
> + IO::Socket::SSL->start_SSL(
> + $s,
> + SSL_verify_mode =>
> + IO::Socket::SSL::SSL_VERIFY_NONE(),
> + %extra
> + )
> + or die $IO::Socket::SSL::SSL_ERROR . "\n";
> +
> + log_in("ssl cipher: " . $s->get_cipher());
> + log_in("ssl cert: " . $s->peer_certificate('issuer'));
> + }
> +
> log_out($request);
> $s->print($request);
>
> @@ -879,7 +896,7 @@ sub http_start($;%) {
> }
>
> sub http_end($;%) {
> - my ($s) = @_;
> + my ($s, %extra) = @_;
extra doesn't seem to be used
> my $reply;
>
> eval {
> @@ -890,6 +907,8 @@ sub http_end($;%) {
> local $/;
> $reply = $s->getline();
>
> + $s->close();
> +
> alarm(0);
> };
> alarm(0);
> diff --git a/ssl_certificate.t b/ssl_certificate.t
> --- a/ssl_certificate.t
> +++ b/ssl_certificate.t
> @@ -17,29 +17,15 @@ use Socket qw/ CRLF /;
> BEGIN { use FindBin; chdir($FindBin::Bin); }
>
> use lib 'lib';
> -use Test::Nginx;
> +use Test::Nginx qw/ :DEFAULT http_end /;
>
> ###
>
> select STDERR; $| = 1;
> select STDOUT; $| = 1;
>
> -eval {
> - require Net::SSLeay;
> - Net::SSLeay::load_error_strings();
> - Net::SSLeay::SSLeay_add_ssl_algorithms();
> - Net::SSLeay::randomize();
> -};
> -plan(skip_all => 'Net::SSLeay not installed') if $@;
> -
> -eval {
> - my $ctx = Net::SSLeay::CTX_new() or die;
> - my $ssl = Net::SSLeay::new($ctx) or die;
> - Net::SSLeay::set_tlsext_h
Re: [PATCH 04 of 11] Tests: fixed server_tokens tests for build names with spaces
> On 17 Apr 2023, at 07:31, Maxim Dounin wrote:
>
> # HG changeset patch
> # User Maxim Dounin
> # Date 1681702253 -10800
> # Mon Apr 17 06:30:53 2023 +0300
> # Node ID 605cab711606724e5879e8a81d5d21797e5ddcfb
> # Parent f704912ed09f3494a815709710c3744b0adca50b
> Tests: fixed server_tokens tests for build names with spaces.
>
> Build names can contain spaces, and previously used pattern, "--build=(\S+)",
> failed to properly match such build names. Instead, now we simply test
> that some build name is provided in the Server header. Further, the
in the Server header and error pages
(but I won't insist, existing wording looks clear enough)
> $t->has_module() method is now used to check if a build name is set
> instead of directly testing the $t->{_configure_args} internal field.
>
> diff --git a/h2_server_tokens.t b/h2_server_tokens.t
> --- a/h2_server_tokens.t
> +++ b/h2_server_tokens.t
> @@ -106,7 +106,7 @@ like(header_server('/on/200'), qr/^$re$/
> like(header_server('/on/404'), qr/^$re$/, 'http2 tokens on 404');
> like(body('/on/404'), $re, 'http2 tokens on 404 body');
>
> -$re = qr/$re \Q($1)\E/ if $t->{_configure_args} =~ /--build=(\S+)/;
> +$re = qr/$re \(.*\)/ if $t->has_module('--build=');
>
> like(header_server('/b/200'), qr/^$re$/, 'http2 tokens build 200');
> like(header_server('/b/404'), qr/^$re$/, 'http2 tokens build 404');
> diff --git a/server_tokens.t b/server_tokens.t
> --- a/server_tokens.t
> +++ b/server_tokens.t
> @@ -105,7 +105,7 @@ like(http_get_server('/on/200'), $re, 't
> like(http_get_server('/on/404'), $re, 'tokens on 404');
> like(http_body('/on/404'), $re, 'tokens on 404 body');
>
> -$re = qr/$re \Q($1)\E/ if $t->{_configure_args} =~ /--build=(\S+)/;
> +$re = qr/$re \(.*\)/ if $t->has_module('--build=');
>
> like(http_get_server('/b/200'), $re, 'tokens build 200');
> like(http_get_server('/b/404'), $re, 'tokens build 404');
Looks good.
--
Sergey Kandaurov
___
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH] Tests: HTTP/2 tests with error_page and return
> On 3 May 2023, at 01:45, Maxim Dounin wrote:
>
> Hello!
>
> On Tue, May 02, 2023 at 05:10:55PM +0400, Sergey Kandaurov wrote:
>
>>> On 2 May 2023, at 00:59, Maxim Dounin wrote:
>>>
>>> On Mon, May 01, 2023 at 06:46:25PM +0400, Sergey Kandaurov wrote:
>>>
# HG changeset patch
# User Sergey Kandaurov
# Date 1682952238 -14400
# Mon May 01 18:43:58 2023 +0400
# Node ID 90aaa942972884dcd67b6744fde39a154fec5d13
# Parent 36a4563f7f005184547575f5ac4f22ef53a59c72
Tests: HTTP/2 tests with error_page and return.
diff --git a/h2_error_page.t b/h2_error_page.t
new file mode 100644
--- /dev/null
+++ b/h2_error_page.t
@@ -0,0 +1,88 @@
+#!/usr/bin/perl
+
+# (C) Sergey Kandaurov
+# (C) Nginx, Inc.
+
+# Tests for HTTP/2 protocol with error_page directive.
+
+###
+
+use warnings;
+use strict;
+
+use Test::More;
+
+BEGIN { use FindBin; chdir($FindBin::Bin); }
+
+use lib 'lib';
+use Test::Nginx;
+use Test::Nginx::HTTP2;
+
+###
+
+select STDERR; $| = 1;
+select STDOUT; $| = 1;
+
+my $t = Test::Nginx->new()->has(qw/http http_v2 rewrite/)->plan(2)
+ ->write_file_expand('nginx.conf', <<'EOF');
+
+%%TEST_GLOBALS%%
+
+daemon off;
+
+events {
+}
+
+http {
+%%TEST_GLOBALS_HTTP%%
+
+server {
+listen 127.0.0.1:8080 http2;
+server_name localhost;
+
+lingering_close off;
+
+error_page 400 = /close;
+
+location / { }
+
+location /close {
+return 444;
+}
+}
+}
+
+EOF
+
+$t->run();
+
+###
+
+my ($sid, $frames, $frame);
+
+# tests for socket leak with "return 444" in error_page
+
+# ticket #274
+
+my $s1 = Test::Nginx::HTTP2->new();
+$sid = $s1->new_stream({ headers => [
+{ name => ':method', value => 'GET' },
+{ name => ':path', value => '/' },
+{ name => ':authority', value => 'localhost' }]});
+$frames = $s1->read(all => [{ type => 'RST_STREAM' }]);
+
+($frame) = grep { $_->{type} eq "RST_STREAM" } @$frames;
+is($frame->{sid}, $sid, 'error 400 return 444 - missing header');
>>>
>>> This clearly needs details about the header being missed, as well
>>> as expected and observed behaviour, not just the ticket number.
>>
>> The description is provided in associated commit logs, a proper
>> source to seek for details, tagged with appropriate ticket numbers.
>> A brief description what happens here is given above.
>
> Even assuming commits are readily available (they are not in
> most cases), commit logs and even the code changes are not enough
> to see what actually missed here: that is, it worth to mention
> lack of mandatory ":scheme" pseudo-header.
Sure, I don't mind to add extra comments
if that provides further explanation.
>
> Also, it might be important to mention why the test is expected to
> fail without the fix (and if it's expected to fail), and why it
> succeeds with the fix. Note that the tickets in question are
> about connection being left open, and not about RST_STREAM not
> being sent.
Well, the connection is expected to be kept.
Unlike in HTTP/1.x, HTTP/2 is a multiplexing protocol.
That means an error condition in an individual stream doesn't lead
to the entire connection close. Rather, malformed requests lead
to a stream error indicated with RST_STREAM.
Let's look at RFC 7540:
5.4. Error Handling
HTTP/2 framing permits two classes of error:
o An error condition that renders the entire connection unusable is
a connection error.
o An error in an individual stream is a stream error.
So either GOAWAY or RST_STREAM is expected.
8.1.2.6. Malformed Requests and Responses
Malformed requests or responses that are
detected MUST be treated as a stream error (Section 5.4.2) of type
PROTOCOL_ERROR.
This is exactly what happens in nginx: it sends RST_STREAM
as an indication of immediate termination of a stream.
>
> Note well that RST_STREAM is not something one might expect with
> "return 444;", and rather an implementation detail.
See above, thanks.
> A better
> approach might be to check instead for a connection being closed
> and not timed out on the client side (this might complicate things
> though, and might not worth the effort).
The problem is that stream termination didn't happen.
As such, stream count never fall below 1, which prevented
to install a keepalive timer. So, when it's time to
Re: [PATCH] Added direct link to release announcement for Unit 1.30.0
Looks good > On 11 May 2023, at 12:16, Artem Konev wrote: > > xml/index.xml | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > > # HG changeset patch > # User Artem Konev > # Date 1683803670 -3600 > # Thu May 11 12:14:30 2023 +0100 > # Node ID 60fdc933eb443fcf7056a47c0264676bf81516f2 > # Parent fed0092ee55482c0bfcb7d0f5688d1779db0a28a > Added direct link to release announcement for Unit 1.30.0. > > diff --git a/xml/index.xml b/xml/index.xml > --- a/xml/index.xml > +++ b/xml/index.xml > @@ -10,7 +10,7 @@ > > > https://unit.nginx.org/";>unit-1.30.0 version has been > - url="https://unit.nginx.org/news/2023/#unit1300released";>released, > + url="https://unit.nginx.org/news/2023/unit-1.30.0-released/";>released, > featuring URI rewrite, improved logging, and > njs > module support. > ___ > nginx-devel mailing list > nginx-devel@nginx.org > https://mailman.nginx.org/mailman/listinfo/nginx-devel ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
[PATCH] Added direct link to release announcement for Unit 1.30.0
xml/index.xml | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) # HG changeset patch # User Artem Konev # Date 1683803670 -3600 # Thu May 11 12:14:30 2023 +0100 # Node ID 60fdc933eb443fcf7056a47c0264676bf81516f2 # Parent fed0092ee55482c0bfcb7d0f5688d1779db0a28a Added direct link to release announcement for Unit 1.30.0. diff --git a/xml/index.xml b/xml/index.xml --- a/xml/index.xml +++ b/xml/index.xml @@ -10,7 +10,7 @@ https://unit.nginx.org/";>unit-1.30.0 version has been -https://unit.nginx.org/news/2023/#unit1300released";>released, +https://unit.nginx.org/news/2023/unit-1.30.0-released/";>released, featuring URI rewrite, improved logging, and njs module support. ___ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH 3 of 3] QUIC: keep stream sockaddr and addr_text constant
> On 10 May 2023, at 21:46, Roman Arutyunyan wrote:
>
> Hi,
>
> On Tue, May 02, 2023 at 04:34:15PM +0400, Roman Arutyunyan wrote:
>> # HG changeset patch
>> # User Roman Arutyunyan
>> # Date 1682679819 -14400
>> # Fri Apr 28 15:03:39 2023 +0400
>> # Branch quic
>> # Node ID 43f0ceffa227a33e5c5ceb35b77f9a1f86dd2481
>> # Parent cdc41ec778ffae822fefce639e67f2f57e3667f0
>> QUIC: keep stream sockaddr and addr_text constant.
>>
>> HTTP and Stream variables $remote_addr and $binary_remote_addr rely on
>> constant client address, particularly because they are cacheable.
>> However, QUIC client may migrate to a new address. While there's no perfect
>> way to handle this, the proposed solution is to copy client address to QUIC
>> stream at stream creation. Previously, the address was only referenced,
>> which
>> could result in changing it while stream was active, which in turn would lead
>> to broken cached variables values, since address length is cached as well.
>
> While testing this, it was found that $remote_addr truncation happens at the
> QUIC level since the addr_text string is copied by value and retains the old
> length after migration. The new commit log:
>
> QUIC: keep stream sockaddr and addr_text constant.
>
> HTTP and Stream variables $remote_addr and $binary_remote_addr rely on
> constant client address, particularly because they are cacheable.
> However, QUIC client may migrate to a new address. While there's no perfect
> way to handle this, the proposed solution is to copy client address to QUIC
> stream at stream creation.
>
> The change also fixes truncated $remote_addr if migration happened while the
> stream was active. The reason is addr_text string was copied to stream by
> value.
>
> [..]
>
All series looks good for me.
For the record, reproduced with the following tests I intend to push later.
# HG changeset patch
# User Sergey Kandaurov
# Date 1683800560 -14400
# Thu May 11 14:22:40 2023 +0400
# Branch quic
# Node ID 9bd3e671cdf9f6f4883a77368458721dc2d2b5ac
# Parent 4eb8f6d9bd13a36cb46da6caebf1a2f1a6710f2d
Tests: basic QUIC migration tests.
diff --git a/lib/Test/Nginx/HTTP3.pm b/lib/Test/Nginx/HTTP3.pm
--- a/lib/Test/Nginx/HTTP3.pm
+++ b/lib/Test/Nginx/HTTP3.pm
@@ -92,6 +92,7 @@ sub init {
$self->{dcid} = Crypt::PRNG::random_bytes(18);
$self->{salt} = "\x38\x76\x2c\xf7\xf5\x59\x34\xb3\x4d\x17"
. "\x9a\xe6\xa4\xc8\x0c\xad\xcc\xbb\x7f\x0a";
+ $self->{ncid} = [];
$self->{early_data} = $early_data;
$self->retry();
@@ -277,6 +278,12 @@ sub path_response {
$self->{socket}->syswrite($self->encrypt_aead($frame, 3));
}
+sub ping {
+ my ($self) = @_;
+ my $frame = "\x01\x00\x00\x00";
+ $self->{socket}->syswrite($self->encrypt_aead($frame, 3));
+}
+
###
# HTTP/3 routines
@@ -1481,6 +1488,11 @@ sub handle_frames {
]);
}
+ @frames = grep { $_->{type} eq 'NCID' } @$frames;
+ while (my $frame = shift @frames) {
+ push @{$self->{ncid}}, $frame;
+ }
+
my $ack = $self->{ack}[$level];
# stop tracking acknowledged ACK ranges
diff --git a/quic_migration.t b/quic_migration.t
new file mode 100644
--- /dev/null
+++ b/quic_migration.t
@@ -0,0 +1,134 @@
+#!/usr/bin/perl
+
+# (C) Sergey Kandaurov
+# (C) Nginx, Inc.
+
+# Tests for quic migration.
+
+###
+
+use warnings;
+use strict;
+
+use Test::More;
+
+BEGIN { use FindBin; chdir($FindBin::Bin); }
+
+use lib 'lib';
+use Test::Nginx;
+use Test::Nginx::HTTP3;
+
+###
+
+select STDERR; $| = 1;
+select STDOUT; $| = 1;
+
+eval { require Crypt::Misc; die if $Crypt::Misc::VERSION < 0.067; };
+plan(skip_all => 'CryptX version >= 0.067 required') if $@;
+
+plan(skip_all => '127.0.0.20 local address required')
+unless defined IO::Socket::INET->new( LocalAddr => '127.0.0.20' );
+
+my $t = Test::Nginx->new()->has(qw/http http_v3/)
+ ->has_daemon('openssl')->plan(2);
+
+$t->write_file_expand('nginx.conf', <<'EOF');
+
+%%TEST_GLOBALS%%
+
+daemon off;
+
+events {
+}
+
+http {
+%%TEST_GLOBALS_HTTP%%
+
+ssl_certificate_key localhost.key;
+ssl_certificate localhost.crt;
+ssl_protocols TLSv1.3;
+
+server {
+listen 127.0.0.1:%%PORT_8980_UDP%% quic;
+server_name localhost;
+
+location / {
+add_header X-IP $remote_addr;
+}
+}
+}
+
+EOF
+
+$t->write_file('openssl.conf', >$d/openssl.out 2>&1") == 0
+ or die "Can't create certificate
[PATCH] HTTP/3: removed "http3" parameter of "listen" directive
# HG changeset patch
# User Roman Arutyunyan
# Date 1683796930 -14400
# Thu May 11 13:22:10 2023 +0400
# Branch quic
# Node ID f721a6689bd0a7278f362e67f323a5087919c0ac
# Parent 0d89203a863a34227d3c9e0ddcf07a670c0e78fc
HTTP/3: removed "http3" parameter of "listen" directive.
The parameter has been deprecated since c851a2ed5ce8.
diff --git a/src/http/modules/ngx_http_ssl_module.c
b/src/http/modules/ngx_http_ssl_module.c
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -477,7 +477,7 @@ ngx_http_ssl_alpn_select(ngx_ssl_conn_t
srv = (unsigned char *) NGX_HTTP_V3_HQ_ALPN_PROTO;
srvlen = sizeof(NGX_HTTP_V3_HQ_ALPN_PROTO) - 1;
-} else if (h3scf->enable || hc->addr_conf->http3) {
+} else if (h3scf->enable) {
srv = (unsigned char *) NGX_HTTP_V3_ALPN_PROTO;
srvlen = sizeof(NGX_HTTP_V3_ALPN_PROTO) - 1;
diff --git a/src/http/ngx_http.c b/src/http/ngx_http.c
--- a/src/http/ngx_http.c
+++ b/src/http/ngx_http.c
@@ -1242,7 +1242,6 @@ ngx_http_add_addresses(ngx_conf_t *cf, n
ngx_uint_t http2;
#endif
#if (NGX_HTTP_V3)
-ngx_uint_t http3;
ngx_uint_t quic;
#endif
@@ -1287,7 +1286,6 @@ ngx_http_add_addresses(ngx_conf_t *cf, n
protocols_prev |= addr[i].opt.http2 << 2;
#endif
#if (NGX_HTTP_V3)
-http3 = lsopt->http3 || addr[i].opt.http3;
quic = lsopt->quic || addr[i].opt.quic;
#endif
@@ -1378,7 +1376,6 @@ ngx_http_add_addresses(ngx_conf_t *cf, n
addr[i].opt.http2 = http2;
#endif
#if (NGX_HTTP_V3)
-addr[i].opt.http3 = http3;
addr[i].opt.quic = quic;
#endif
@@ -1929,7 +1926,6 @@ ngx_http_add_addrs(ngx_conf_t *cf, ngx_h
addrs[i].conf.http2 = addr[i].opt.http2;
#endif
#if (NGX_HTTP_V3)
-addrs[i].conf.http3 = addr[i].opt.http3;
addrs[i].conf.quic = addr[i].opt.quic;
#endif
addrs[i].conf.proxy_protocol = addr[i].opt.proxy_protocol;
@@ -1998,7 +1994,6 @@ ngx_http_add_addrs6(ngx_conf_t *cf, ngx_
addrs6[i].conf.http2 = addr[i].opt.http2;
#endif
#if (NGX_HTTP_V3)
-addrs6[i].conf.http3 = addr[i].opt.http3;
addrs6[i].conf.quic = addr[i].opt.quic;
#endif
addrs6[i].conf.proxy_protocol = addr[i].opt.proxy_protocol;
diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c
--- a/src/http/ngx_http_core_module.c
+++ b/src/http/ngx_http_core_module.c
@@ -4186,23 +4186,6 @@ ngx_http_core_listen(ngx_conf_t *cf, ngx
#endif
}
-if (ngx_strcmp(value[n].data, "http3") == 0) {
-#if (NGX_HTTP_V3)
-ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
- "the \"http3\" parameter is deprecated, "
- "use \"quic\" parameter instead");
-lsopt.quic = 1;
-lsopt.http3 = 1;
-lsopt.type = SOCK_DGRAM;
-continue;
-#else
-ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "the \"http3\" parameter requires "
- "ngx_http_v3_module");
-return NGX_CONF_ERROR;
-#endif
-}
-
if (ngx_strcmp(value[n].data, "quic") == 0) {
#if (NGX_HTTP_V3)
lsopt.quic = 1;
diff --git a/src/http/ngx_http_core_module.h b/src/http/ngx_http_core_module.h
--- a/src/http/ngx_http_core_module.h
+++ b/src/http/ngx_http_core_module.h
@@ -75,7 +75,6 @@ typedef struct {
unsigned wildcard:1;
unsigned ssl:1;
unsigned http2:1;
-unsigned http3:1;
unsigned quic:1;
#if (NGX_HAVE_INET6)
unsigned ipv6only:1;
@@ -240,7 +239,6 @@ struct ngx_http_addr_conf_s {
unsigned ssl:1;
unsigned http2:1;
-unsigned http3:1;
unsigned quic:1;
unsigned proxy_protocol:1;
};
diff --git a/src/http/v3/ngx_http_v3_request.c
b/src/http/v3/ngx_http_v3_request.c
--- a/src/http/v3/ngx_http_v3_request.c
+++ b/src/http/v3/ngx_http_v3_request.c
@@ -1014,14 +1014,12 @@ ngx_http_v3_process_request_header(ngx_h
h3c = ngx_http_v3_get_session(c);
h3scf = ngx_http_get_module_srv_conf(r, ngx_http_v3_module);
-if (!r->http_connection->addr_conf->http3) {
-if ((h3c->hq && !h3scf->enable_hq) || (!h3c->hq && !h3scf->enable)) {
-ngx_log_error(NGX_LOG_INFO, c->log, 0,
- "client attempted to request the server name "
- "for which the negotiated protocol is disabled");
-ngx_http_finalize_request(r, NGX_HTTP_MISDIRECTED_REQUEST);
-return NGX_ERROR;
-}
+if ((h3c->hq && !h3scf->enable_hq) || (!h3c->hq && !h3scf->enable)) {
+ngx_log_error(NGX_LOG_INFO, c->log, 0,
+ "client attempted to request the server
