From nobody Fri Jan 14 04:38:55 2022 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 91B12195147F; Fri, 14 Jan 2022 04:38:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JZpTq3Mwdz3mrk; Fri, 14 Jan 2022 04:38:55 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1642135135; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KfonJY0T9oV5A4LH9Wis/FPogrfLmj1S45PRDrPwX0Y=; b=f9/pXSwQ7tYHa4ORtWi+yXmmHX25ilDmndWnhIy92OmA02cIaUoxPUG4b7kIVZr2T/4SyF 70Yznlsg81pYVc0m23iK49MCiWECvZDWcV+CTh8d/6nH8f89c5EooDSsYnd3bAkM5UYFgx Z3IA9rcOUN9HGPSXOJY67UrvLPBzvzRnGKUKd3P6sLeFOtc2S2+1Dvajr9kKNSJOyC2PPt Uu0BVN+B3pvRkGWcdurTUw2b8r0R7zejTdEGgqr88qvT4luuCrTH8tNJmlexhG1F/YKKV1 3nrxNviuXKS3okoBrIstEdVX3zp1GExaxdrN4gvKK6W6DbY9HtQ9tULMwwoM0A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4A7034FFA; Fri, 14 Jan 2022 04:38:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 20E4cteL004705; Fri, 14 Jan 2022 04:38:55 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 20E4ct40004704; Fri, 14 Jan 2022 04:38:55 GMT (envelope-from git) Date: Fri, 14 Jan 2022 04:38:55 GMT Message-Id: <202201140438.20E4ct40004704@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: "Sergey A. Osokin" Subject: git: e3af330927c7 - main - nginx-devel/Makefile: update HTTPv3 patch to the recent commit List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: osa X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: e3af330927c7378919dfa6072aaa30c9c842715c Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1642135135; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KfonJY0T9oV5A4LH9Wis/FPogrfLmj1S45PRDrPwX0Y=; b=vOrUHX5UUMeJzwn8BwpIGZnPg4jKqT4kdqTP97Tu8CtYlQDSqFxUDF0IT+U8O/c0+9tvvr nI7pXZ1mG7NMJ1BepPzppchfjnDIFA0a3qQBlupSyiDy7qiB1jAZ1Q3lUKJ9muqawS+fEE siu+bEUFysLQA6kMqZzrK18FSLYFh32ARsSwbUMR6RgqzdNzPCUpHXgJiDM1nJJr8zZOYJ wlSEhT9assQ3WTPkJiHZIJaZqmofNuM0auEmpArSFzczBcpgci4zlxQZy3OFN9hQskc/D5 XaBO29CBi6P9uunQDZbY0kp5mcKQ+Ho8mHOiy1+Zt561pHJmpfoceXfQrddwRg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1642135135; a=rsa-sha256; cv=none; b=h/P9dLGmqn+hdgrywATiwFoAvoOcKWSpxANp21wXbyqatNafhZ+16mbZhTgBTFhhEtbDYb IrGJ8wmKkBL3Zkp//SVtjbe2ANfbkwq+hfiR5JKOZd/lDJK5he8QlvHR0rSdDTB7oXiP8e bNdIeeliUDKqvTFfT/priZIknl0ZhP/8XFsdnAujE/IO17rj3ImTLMD8b1DsHEnOw/QwGq ld8pf9l1Xs5xQ16QT+ziQVarNpz+MzbCkrCJhx3/iCd1H16P2vJqg9YTwEIJIGgi3QW1KK h93F+9oMqbYeH4sZ1oYBn+L0YGnikAVmIefTjVh4KyliUsPphsP13k1W3e08vw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by osa: URL: https://cgit.FreeBSD.org/ports/commit/?id=e3af330927c7378919dfa6072aaa30c9c842715c commit e3af330927c7378919dfa6072aaa30c9c842715c Author: Sergey A. Osokin AuthorDate: 2022-01-14 04:30:33 +0000 Commit: Sergey A. Osokin CommitDate: 2022-01-14 04:30:33 +0000 nginx-devel/Makefile: update HTTPv3 patch to the recent commit The extra-patch-httpv3 contains the README file now, previously a diff for that file was omitted. To avoid a rejection for the README file the original file from nginx distribution is going to be preserved. Bump PORTREVISION. --- www/nginx-devel/Makefile | 5 +- www/nginx-devel/files/extra-patch-httpv3 | 1113 +++++++++++++++++++----------- 2 files changed, 704 insertions(+), 414 deletions(-) diff --git a/www/nginx-devel/Makefile b/www/nginx-devel/Makefile index f19f856f6603..8ef92331e4f2 100644 --- a/www/nginx-devel/Makefile +++ b/www/nginx-devel/Makefile @@ -2,7 +2,7 @@ PORTNAME?= nginx PORTVERSION= 1.21.5 -PORTREVISION= 8 +PORTREVISION= 9 CATEGORIES= www MASTER_SITES= https://nginx.org/download/ \ LOCAL/osa @@ -268,6 +268,9 @@ post-extract-GRIDFS-on: @${RMDIR} ${WRKSRC_gridfs}/mongo-c-driver/ @${MV} ${WRKSRC_mongo_c} ${WRKSRC_gridfs}/mongo-c-driver +pre-patch-HTTPV3-on: + @${MV} ${WRKSRC}/README ${WRKSRC}/README.1st + post-patch: @${REINPLACE_CMD} 's!%%HTTP_PORT%%!${HTTP_PORT}!; \ s!%%PREFIX%%!${PREFIX}!; \ diff --git a/www/nginx-devel/files/extra-patch-httpv3 b/www/nginx-devel/files/extra-patch-httpv3 index dac679832645..492a7272a828 100644 --- a/www/nginx-devel/files/extra-patch-httpv3 +++ b/www/nginx-devel/files/extra-patch-httpv3 @@ -1,6 +1,272 @@ -diff -r 67408b4a12c0 auto/lib/openssl/conf ---- a/auto/lib/openssl/conf Tue Dec 28 18:28:38 2021 +0300 -+++ b/auto/lib/openssl/conf Tue Jan 04 18:14:15 2022 -0500 +diff --git a/README b/README +new file mode 100644 +--- /dev/null ++++ b/README +@@ -0,0 +1,261 @@ ++Experimental QUIC support for nginx ++----------------------------------- ++ ++1. Introduction ++2. Installing ++3. Configuration ++4. Clients ++5. Troubleshooting ++6. Contributing ++7. Links ++ ++1. Introduction ++ ++ This is an experimental QUIC [1] / HTTP/3 [2] support for nginx. ++ ++ The code is developed in a separate "quic" branch available ++ at https://hg.nginx.org/nginx-quic. Currently it is based ++ on nginx mainline 1.21.x. We merge new nginx releases into ++ this branch regularly. ++ ++ The project code base is under the same BSD license as nginx. ++ ++ The code is currently at a beta level of quality and should not ++ be used in production. ++ ++ We are working on improving HTTP/3 support with the goal of ++ integrating it to the main NGINX codebase. Expect frequent ++ updates of this code and don't rely on it for whatever purpose. ++ ++ We'll be grateful for any feedback and code submissions however ++ we don't bear any responsibilities for any issues with this code. ++ ++ You can always contact us via nginx-devel mailing list [3]. ++ ++ What works now: ++ ++ Currently we support IETF-QUIC draft-29 through final RFC documents. ++ Earlier drafts are NOT supported as they have incompatible wire format. ++ ++ nginx should be able to respond to HTTP/3 requests over QUIC and ++ it should be possible to upload and download big files without errors. ++ ++ + The handshake completes successfully ++ + One endpoint can update keys and its peer responds correctly ++ + 0-RTT data is being received and acted on ++ + Connection is established using TLS Resume Ticket ++ + A handshake that includes a Retry packet completes successfully ++ + Stream data is being exchanged and ACK'ed ++ + An H3 transaction succeeded ++ + One or both endpoints insert entries into dynamic table and ++ subsequently reference them from header blocks ++ + Version Negotiation packet is sent to client with unknown version ++ + Lost packets are detected and retransmitted properly ++ + Clients may migrate to new address ++ ++ Not (yet) supported features: ++ ++ - Explicit Congestion Notification (ECN) as specified in quic-recovery [5] ++ - A connection with the spin bit succeeds and the bit is spinning ++ - Structured Logging ++ ++ Since the code is experimental and still under development, ++ a lot of things may not work as expected, for example: ++ ++ - Flow control mechanism is basic and intended to avoid CPU hog and make ++ simple interactions possible ++ ++ - Not all protocol requirements are strictly followed; some of checks are ++ omitted for the sake of simplicity of initial implementation ++ ++2. Installing ++ ++ You will need a BoringSSL [4] library that provides QUIC support ++ ++ $ hg clone -b quic https://hg.nginx.org/nginx-quic ++ $ cd nginx-quic ++ $ ./auto/configure --with-debug --with-http_v3_module \ ++ --with-cc-opt="-I../boringssl/include" \ ++ --with-ld-opt="-L../boringssl/build/ssl \ ++ -L../boringssl/build/crypto" ++ $ make ++ ++ Alternatively, nginx can be configured with QuicTLS [9] ++ ++ $ ./auto/configure --with-debug --with-http_v3_module \ ++ --with-cc-opt="-I../quictls/build/include" \ ++ --with-ld-opt="-L../quictls/build/lib" ++ ++ When configuring nginx, you can enable QUIC and HTTP/3 using the ++ following new configuration options: ++ ++ --with-http_v3_module - enable QUIC and HTTP/3 ++ --with-stream_quic_module - enable QUIC in Stream ++ ++3. Configuration ++ ++ The HTTP "listen" directive got a new option "http3" which enables ++ HTTP/3 over QUIC on the specified port. ++ ++ The Stream "listen" directive got a new option "quic" which enables ++ QUIC as client transport protocol instead of TCP or plain UDP. ++ ++ Along with "http3" or "quic", you also have to specify "reuseport" ++ option [6] to make it work properly with multiple workers. ++ ++ To enable address validation: ++ ++ quic_retry on; ++ ++ To enable 0-RTT: ++ ++ ssl_early_data on; ++ ++ Make sure that TLS 1.3 is configured which is required for QUIC: ++ ++ ssl_protocols TLSv1.3; ++ ++ To enable GSO (Generic Segmentation Offloading): ++ ++ quic_gso on; ++ ++ To limit maximum packet size: ++ ++ quic_mtu ; ++ ++ To set host key for various tokens: ++ ++ quic_host_key ; ++ ++ ++ By default this Linux-specific optimization [8] is disabled. ++ Enable if your network interface is configured to support GSO. ++ ++ A number of directives were added that configure HTTP/3: ++ ++ http3_stream_buffer_size ++ http3_max_concurrent_pushes ++ http3_max_concurrent_streams ++ http3_push ++ http3_push_preload ++ http3_hq (requires NGX_HTTP_V3_HQ macro) ++ ++ In http, an additional variable is available: $http3. ++ The value of $http3 is "h3" for HTTP/3 connections, ++ "hq" for hq connections, or an empty string otherwise. ++ ++ In stream, an additional variable is available: $quic. ++ The value of $quic is "quic" if QUIC connection is used, ++ or an empty string otherwise. ++ ++Example configuration: ++ ++ http { ++ log_format quic '$remote_addr - $remote_user [$time_local] ' ++ '"$request" $status $body_bytes_sent ' ++ '"$http_referer" "$http_user_agent" "$http3"'; ++ ++ access_log logs/access.log quic; ++ ++ server { ++ # for better compatibility it's recommended ++ # to use the same port for quic and https ++ listen 8443 http3 reuseport; ++ listen 8443 ssl; ++ ++ ssl_certificate certs/example.com.crt; ++ ssl_certificate_key certs/example.com.key; ++ ssl_protocols TLSv1.3; ++ ++ location / { ++ # required for browsers to direct them into quic port ++ add_header Alt-Svc 'h3=":8443"; ma=86400'; ++ } ++ } ++ } ++ ++4. Clients ++ ++ * Browsers ++ ++ Known to work: Firefox 80+ and Chrome 85+ (QUIC draft 29+) ++ ++ Beware of strange issues: sometimes browser may decide to ignore QUIC ++ Cache clearing/restart might help. Always check access.log and ++ error.log to make sure you are using HTTP/3 and not TCP https. ++ ++ + to enable QUIC in Firefox, set the following in 'about:config': ++ network.http.http3.enabled = true ++ ++ + to enable QUIC in Chrome, enable it on command line and force it ++ on your site: ++ ++ $ ./chrome --enable-quic --quic-version=h3-29 \ ++ --origin-to-force-quic-on=example.com:8443 ++ ++ * Console clients ++ ++ Known to work: ngtcp2, firefox's neqo and chromium's console clients: ++ ++ $ examples/client 127.0.0.1 8443 https://example.com:8443/index.html ++ ++ $ ./neqo-client https://127.0.0.1:8443/ ++ ++ $ chromium-build/out/my_build/quic_client http://example.com:8443 \ ++ --quic_version=h3-29 \ ++ --allow_unknown_root_cert \ ++ --disable_certificate_verification ++ ++ ++ If you've got it right, in the access log you should see something like: ++ ++ 127.0.0.1 - - [24/Apr/2020:11:27:29 +0300] "GET / HTTP/3" 200 805 "-" ++ "nghttp3/ngtcp2 client" "quic" ++ ++ ++5. Troubleshooting ++ ++ Here are some tips that may help you to identify problems: ++ ++ + Ensure you are building with proper SSL library that supports QUIC ++ ++ + Ensure you are using the proper SSL library in runtime ++ (`nginx -V` will show you what you are using) ++ ++ + Ensure your client is actually sending QUIC requests ++ (see "Clients" section about browsers and cache) ++ ++ We recommend to start with simple console client like ngtcp2 ++ to ensure you've got server configured properly before trying ++ with real browsers that may be very picky with certificates, ++ for example. ++ ++ + Build nginx with debug support [7] and check your debug log. ++ It should contain all details about connection and why it ++ failed. All related messages contain "quic " prefix and can ++ be easily filtered out. ++ ++ + If you want to investigate deeper, you may want to enable ++ additional debugging in src/event/quic/ngx_event_quic_connection.h: ++ ++ #define NGX_QUIC_DEBUG_PACKETS ++ #define NGX_QUIC_DEBUG_FRAMES ++ #define NGX_QUIC_DEBUG_ALLOC ++ #define NGX_QUIC_DEBUG_CRYPTO ++ ++6. Contributing ++ ++ If you are willing to contribute, please refer to ++ http://nginx.org/en/docs/contributing_changes.html ++ ++7. Links ++ ++ [1] https://datatracker.ietf.org/doc/html/rfc9000 ++ [2] https://datatracker.ietf.org/doc/html/draft-ietf-quic-http ++ [3] https://mailman.nginx.org/mailman/listinfo/nginx-devel ++ [4] https://boringssl.googlesource.com/boringssl/ ++ [5] https://datatracker.ietf.org/doc/html/rfc9002 ++ [6] https://nginx.org/en/docs/http/ngx_http_core_module.html#listen ++ [7] https://nginx.org/en/docs/debugging_log.html ++ [8] http://vger.kernel.org/lpc_net2018_talks/willemdebruijn-lpc2018-udpgso-paper-DRAFT-1.pdf ++ [9] https://github.com/quictls/openssl +diff --git a/auto/lib/openssl/conf b/auto/lib/openssl/conf +--- a/auto/lib/openssl/conf ++++ b/auto/lib/openssl/conf @@ -5,12 +5,16 @@ if [ $OPENSSL != NONE ]; then @@ -21,7 +287,7 @@ diff -r 67408b4a12c0 auto/lib/openssl/conf CFLAGS="$CFLAGS -DNO_SYS_TYPES_H" CORE_INCS="$CORE_INCS $OPENSSL/openssl/include" -@@ -33,9 +37,6 @@ +@@ -33,9 +37,6 @@ if [ $OPENSSL != NONE ]; then ;; *) @@ -31,7 +297,7 @@ diff -r 67408b4a12c0 auto/lib/openssl/conf CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include" CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h" CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a" -@@ -139,4 +140,28 @@ +@@ -139,4 +140,28 @@ END exit 1 fi @@ -60,9 +326,9 @@ diff -r 67408b4a12c0 auto/lib/openssl/conf + fi + fi fi -diff -r 67408b4a12c0 auto/make ---- a/auto/make Tue Dec 28 18:28:38 2021 +0300 -+++ b/auto/make Tue Jan 04 18:14:15 2022 -0500 +diff --git a/auto/make b/auto/make +--- a/auto/make ++++ b/auto/make @@ -6,9 +6,10 @@ echo "creating $NGX_MAKEFILE" @@ -76,10 +342,10 @@ diff -r 67408b4a12c0 auto/make $NGX_OBJS/src/mail \ $NGX_OBJS/src/stream \ $NGX_OBJS/src/misc -diff -r 67408b4a12c0 auto/modules ---- a/auto/modules Tue Dec 28 18:28:38 2021 +0300 -+++ b/auto/modules Tue Jan 04 18:14:15 2022 -0500 -@@ -102,7 +102,7 @@ +diff --git a/auto/modules b/auto/modules +--- a/auto/modules ++++ b/auto/modules +@@ -102,7 +102,7 @@ if [ $HTTP = YES ]; then fi @@ -88,7 +354,7 @@ diff -r 67408b4a12c0 auto/modules HTTP_SRCS="$HTTP_SRCS $HTTP_HUFF_SRCS" fi -@@ -124,6 +124,7 @@ +@@ -124,6 +124,7 @@ if [ $HTTP = YES ]; then # ngx_http_header_filter # ngx_http_chunked_filter # ngx_http_v2_filter @@ -96,7 +362,7 @@ diff -r 67408b4a12c0 auto/modules # ngx_http_range_header_filter # ngx_http_gzip_filter # ngx_http_postpone_filter -@@ -156,6 +157,7 @@ +@@ -156,6 +157,7 @@ if [ $HTTP = YES ]; then ngx_http_header_filter_module \ ngx_http_chunked_filter_module \ ngx_http_v2_filter_module \ @@ -104,7 +370,7 @@ diff -r 67408b4a12c0 auto/modules ngx_http_range_header_filter_module \ ngx_http_gzip_filter_module \ ngx_http_postpone_filter_module \ -@@ -217,6 +219,17 @@ +@@ -217,6 +219,17 @@ if [ $HTTP = YES ]; then . auto/module fi @@ -122,7 +388,7 @@ diff -r 67408b4a12c0 auto/modules if :; then ngx_module_name=ngx_http_range_header_filter_module ngx_module_incs= -@@ -426,6 +439,33 @@ +@@ -426,6 +439,33 @@ if [ $HTTP = YES ]; then . auto/module fi @@ -156,7 +422,7 @@ diff -r 67408b4a12c0 auto/modules if :; then ngx_module_name=ngx_http_static_module ngx_module_incs= -@@ -1035,6 +1075,20 @@ +@@ -1035,6 +1075,20 @@ if [ $STREAM != NO ]; then ngx_module_incs= @@ -177,7 +443,7 @@ diff -r 67408b4a12c0 auto/modules if [ $STREAM_SSL = YES ]; then USE_OPENSSL=YES have=NGX_STREAM_SSL . auto/have -@@ -1272,6 +1326,60 @@ +@@ -1272,6 +1326,60 @@ if [ $USE_OPENSSL = YES ]; then fi @@ -238,10 +504,10 @@ diff -r 67408b4a12c0 auto/modules if [ $USE_PCRE = YES ]; then ngx_module_type=CORE ngx_module_name=ngx_regex_module -diff -r 67408b4a12c0 auto/options ---- a/auto/options Tue Dec 28 18:28:38 2021 +0300 -+++ b/auto/options Tue Jan 04 18:14:15 2022 -0500 -@@ -45,6 +45,8 @@ +diff --git a/auto/options b/auto/options +--- a/auto/options ++++ b/auto/options +@@ -45,6 +45,8 @@ USE_THREADS=NO NGX_FILE_AIO=NO @@ -250,7 +516,7 @@ diff -r 67408b4a12c0 auto/options HTTP=YES NGX_HTTP_LOG_PATH= -@@ -59,6 +61,7 @@ +@@ -59,6 +61,7 @@ HTTP_CHARSET=YES HTTP_GZIP=YES HTTP_SSL=NO HTTP_V2=NO @@ -258,7 +524,7 @@ diff -r 67408b4a12c0 auto/options HTTP_SSI=YES HTTP_REALIP=NO HTTP_XSLT=NO -@@ -116,6 +119,7 @@ +@@ -116,6 +119,7 @@ MAIL_SMTP=YES STREAM=NO STREAM_SSL=NO @@ -266,7 +532,7 @@ diff -r 67408b4a12c0 auto/options STREAM_REALIP=NO STREAM_LIMIT_CONN=YES STREAM_ACCESS=YES -@@ -149,6 +153,7 @@ +@@ -149,6 +153,7 @@ PCRE_JIT=NO PCRE2=YES USE_OPENSSL=NO @@ -274,7 +540,7 @@ diff -r 67408b4a12c0 auto/options OPENSSL=NONE USE_ZLIB=NO -@@ -166,6 +171,8 @@ +@@ -166,6 +171,8 @@ USE_GEOIP=NO NGX_GOOGLE_PERFTOOLS=NO NGX_CPP_TEST=NO @@ -283,7 +549,7 @@ diff -r 67408b4a12c0 auto/options NGX_LIBATOMIC=NO NGX_CPU_CACHE_LINE= -@@ -211,6 +218,8 @@ +@@ -211,6 +218,8 @@ do --with-file-aio) NGX_FILE_AIO=YES ;; @@ -292,7 +558,7 @@ diff -r 67408b4a12c0 auto/options --with-ipv6) NGX_POST_CONF_MSG="$NGX_POST_CONF_MSG $0: warning: the \"--with-ipv6\" option is deprecated" -@@ -228,6 +237,7 @@ +@@ -228,6 +237,7 @@ do --with-http_ssl_module) HTTP_SSL=YES ;; --with-http_v2_module) HTTP_V2=YES ;; @@ -300,7 +566,7 @@ diff -r 67408b4a12c0 auto/options --with-http_realip_module) HTTP_REALIP=YES ;; --with-http_addition_module) HTTP_ADDITION=YES ;; --with-http_xslt_module) HTTP_XSLT=YES ;; -@@ -314,6 +324,7 @@ +@@ -314,6 +324,7 @@ use the \"--with-mail_ssl_module\" optio --with-stream) STREAM=YES ;; --with-stream=dynamic) STREAM=DYNAMIC ;; --with-stream_ssl_module) STREAM_SSL=YES ;; @@ -308,7 +574,7 @@ diff -r 67408b4a12c0 auto/options --with-stream_realip_module) STREAM_REALIP=YES ;; --with-stream_geoip_module) STREAM_GEOIP=YES ;; --with-stream_geoip_module=dynamic) -@@ -443,8 +454,11 @@ +@@ -443,8 +454,11 @@ cat << END --with-file-aio enable file AIO support @@ -320,7 +586,7 @@ diff -r 67408b4a12c0 auto/options --with-http_realip_module enable ngx_http_realip_module --with-http_addition_module enable ngx_http_addition_module --with-http_xslt_module enable ngx_http_xslt_module -@@ -533,6 +547,7 @@ +@@ -533,6 +547,7 @@ cat << END --with-stream enable TCP/UDP proxy module --with-stream=dynamic enable dynamic TCP/UDP proxy module --with-stream_ssl_module enable ngx_stream_ssl_module @@ -328,10 +594,10 @@ diff -r 67408b4a12c0 auto/options --with-stream_realip_module enable ngx_stream_realip_module --with-stream_geoip_module enable ngx_stream_geoip_module --with-stream_geoip_module=dynamic enable dynamic ngx_stream_geoip_module -diff -r 67408b4a12c0 auto/os/linux ---- a/auto/os/linux Tue Dec 28 18:28:38 2021 +0300 -+++ b/auto/os/linux Tue Jan 04 18:14:15 2022 -0500 -@@ -233,3 +233,63 @@ +diff --git a/auto/os/linux b/auto/os/linux +--- a/auto/os/linux ++++ b/auto/os/linux +@@ -233,3 +233,63 @@ ngx_include="sys/vfs.h"; . auto/incl CC_AUX_FLAGS="$cc_aux_flags -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64" @@ -395,10 +661,10 @@ diff -r 67408b4a12c0 auto/os/linux + int val; + getsockopt(0, SOL_UDP, UDP_SEGMENT, &val, &optlen)" +. auto/feature -diff -r 67408b4a12c0 auto/sources ---- a/auto/sources Tue Dec 28 18:28:38 2021 +0300 -+++ b/auto/sources Tue Jan 04 18:14:15 2022 -0500 -@@ -83,13 +83,14 @@ +diff --git a/auto/sources b/auto/sources +--- a/auto/sources ++++ b/auto/sources +@@ -83,13 +83,14 @@ CORE_SRCS="src/core/nginx.c \ EVENT_MODULES="ngx_events_module ngx_event_core_module" @@ -415,10 +681,10 @@ diff -r 67408b4a12c0 auto/sources EVENT_SRCS="src/event/ngx_event.c \ src/event/ngx_event_timer.c \ -diff -r 67408b4a12c0 src/core/nginx.c ---- a/src/core/nginx.c Tue Dec 28 18:28:38 2021 +0300 -+++ b/src/core/nginx.c Tue Jan 04 18:14:15 2022 -0500 -@@ -680,6 +680,9 @@ +diff --git a/src/core/nginx.c b/src/core/nginx.c +--- a/src/core/nginx.c ++++ b/src/core/nginx.c +@@ -680,6 +680,9 @@ ngx_exec_new_binary(ngx_cycle_t *cycle, ls = cycle->listening.elts; for (i = 0; i < cycle->listening.nelts; i++) { @@ -428,9 +694,10 @@ diff -r 67408b4a12c0 src/core/nginx.c p = ngx_sprintf(p, "%ud;", ls[i].fd); } -diff -r 67408b4a12c0 src/core/ngx_bpf.c ---- /dev/null Thu Jan 01 00:00:00 1970 +0000 -+++ b/src/core/ngx_bpf.c Tue Jan 04 18:14:15 2022 -0500 +diff --git a/src/core/ngx_bpf.c b/src/core/ngx_bpf.c +new file mode 100644 +--- /dev/null ++++ b/src/core/ngx_bpf.c @@ -0,0 +1,143 @@ + +/* @@ -575,9 +842,10 @@ diff -r 67408b4a12c0 src/core/ngx_bpf.c + + return ngx_bpf(BPF_MAP_LOOKUP_ELEM, &attr, sizeof(attr)); +} -diff -r 67408b4a12c0 src/core/ngx_bpf.h ---- /dev/null Thu Jan 01 00:00:00 1970 +0000 -+++ b/src/core/ngx_bpf.h Tue Jan 04 18:14:15 2022 -0500 +diff --git a/src/core/ngx_bpf.h b/src/core/ngx_bpf.h +new file mode 100644 +--- /dev/null ++++ b/src/core/ngx_bpf.h @@ -0,0 +1,43 @@ + +/* @@ -622,10 +890,10 @@ diff -r 67408b4a12c0 src/core/ngx_bpf.h +int ngx_bpf_map_lookup(int fd, const void *key, void *value); + +#endif /* _NGX_BPF_H_INCLUDED_ */ -diff -r 67408b4a12c0 src/core/ngx_connection.c ---- a/src/core/ngx_connection.c Tue Dec 28 18:28:38 2021 +0300 -+++ b/src/core/ngx_connection.c Tue Jan 04 18:14:15 2022 -0500 -@@ -1037,6 +1037,12 @@ +diff --git a/src/core/ngx_connection.c b/src/core/ngx_connection.c +--- a/src/core/ngx_connection.c ++++ b/src/core/ngx_connection.c +@@ -1037,6 +1037,12 @@ ngx_close_listening_sockets(ngx_cycle_t ls = cycle->listening.elts; for (i = 0; i < cycle->listening.nelts; i++) { @@ -638,10 +906,10 @@ diff -r 67408b4a12c0 src/core/ngx_connection.c c = ls[i].connection; if (c) { -diff -r 67408b4a12c0 src/core/ngx_connection.h ---- a/src/core/ngx_connection.h Tue Dec 28 18:28:38 2021 +0300 -+++ b/src/core/ngx_connection.h Tue Jan 04 18:14:15 2022 -0500 -@@ -73,6 +73,7 @@ +diff --git a/src/core/ngx_connection.h b/src/core/ngx_connection.h +--- a/src/core/ngx_connection.h ++++ b/src/core/ngx_connection.h +@@ -73,6 +73,7 @@ struct ngx_listening_s { unsigned reuseport:1; unsigned add_reuseport:1; unsigned keepalive:2; @@ -649,7 +917,7 @@ diff -r 67408b4a12c0 src/core/ngx_connection.h unsigned deferred_accept:1; unsigned delete_deferred:1; -@@ -147,6 +148,10 @@ +@@ -147,6 +148,10 @@ struct ngx_connection_s { ngx_proxy_protocol_t *proxy_protocol; @@ -660,10 +928,10 @@ diff -r 67408b4a12c0 src/core/ngx_connection.h #if (NGX_SSL || NGX_COMPAT) ngx_ssl_connection_t *ssl; #endif -diff -r 67408b4a12c0 src/core/ngx_core.h ---- a/src/core/ngx_core.h Tue Dec 28 18:28:38 2021 +0300 -+++ b/src/core/ngx_core.h Tue Jan 04 18:14:15 2022 -0500 -@@ -27,6 +27,7 @@ +diff --git a/src/core/ngx_core.h b/src/core/ngx_core.h +--- a/src/core/ngx_core.h ++++ b/src/core/ngx_core.h +@@ -27,6 +27,7 @@ typedef struct ngx_connection_s ngx typedef struct ngx_thread_task_s ngx_thread_task_t; typedef struct ngx_ssl_s ngx_ssl_t; typedef struct ngx_proxy_protocol_s ngx_proxy_protocol_t; @@ -671,7 +939,7 @@ diff -r 67408b4a12c0 src/core/ngx_core.h typedef struct ngx_ssl_connection_s ngx_ssl_connection_t; typedef struct ngx_udp_connection_s ngx_udp_connection_t; -@@ -82,6 +83,9 @@ +@@ -82,6 +83,9 @@ typedef void (*ngx_connection_handler_pt #include #if (NGX_OPENSSL) #include @@ -681,7 +949,7 @@ diff -r 67408b4a12c0 src/core/ngx_core.h #endif #include #include -@@ -91,6 +95,9 @@ +@@ -91,6 +95,9 @@ typedef void (*ngx_connection_handler_pt #include #include #include @@ -691,10 +959,10 @@ diff -r 67408b4a12c0 src/core/ngx_core.h #define LF (u_char) '\n' -diff -r 67408b4a12c0 src/event/ngx_event.c ---- a/src/event/ngx_event.c Tue Dec 28 18:28:38 2021 +0300 -+++ b/src/event/ngx_event.c Tue Jan 04 18:14:15 2022 -0500 -@@ -266,6 +266,18 @@ +diff --git a/src/event/ngx_event.c b/src/event/ngx_event.c +--- a/src/event/ngx_event.c ++++ b/src/event/ngx_event.c +@@ -266,6 +266,18 @@ ngx_process_events_and_timers(ngx_cycle_ ngx_int_t ngx_handle_read_event(ngx_event_t *rev, ngx_uint_t flags) { @@ -713,7 +981,7 @@ diff -r 67408b4a12c0 src/event/ngx_event.c if (ngx_event_flags & NGX_USE_CLEAR_EVENT) { /* kqueue, epoll */ -@@ -336,9 +348,15 @@ +@@ -336,9 +348,15 @@ ngx_handle_write_event(ngx_event_t *wev, { ngx_connection_t *c; @@ -731,23 +999,10 @@ diff -r 67408b4a12c0 src/event/ngx_event.c if (ngx_send_lowat(c, lowat) == NGX_ERROR) { return NGX_ERROR; } -@@ -917,6 +935,12 @@ - { - int sndlowat; - -+#if (NGX_QUIC) -+ if (c->quic) { -+ return NGX_OK; -+ } -+#endif -+ - #if (NGX_HAVE_LOWAT_EVENT) - - if (ngx_event_flags & NGX_USE_KQUEUE_EVENT) { -diff -r 67408b4a12c0 src/event/ngx_event.h ---- a/src/event/ngx_event.h Tue Dec 28 18:28:38 2021 +0300 -+++ b/src/event/ngx_event.h Tue Jan 04 18:14:15 2022 -0500 -@@ -493,12 +493,6 @@ +diff --git a/src/event/ngx_event.h b/src/event/ngx_event.h +--- a/src/event/ngx_event.h ++++ b/src/event/ngx_event.h +@@ -493,12 +493,6 @@ extern ngx_module_t ngx_event_ void ngx_event_accept(ngx_event_t *ev); @@ -760,7 +1015,7 @@ diff -r 67408b4a12c0 src/event/ngx_event.h ngx_int_t ngx_trylock_accept_mutex(ngx_cycle_t *cycle); ngx_int_t ngx_enable_accept_events(ngx_cycle_t *cycle); u_char *ngx_accept_log_error(ngx_log_t *log, u_char *buf, size_t len); -@@ -528,6 +522,7 @@ +@@ -528,6 +522,7 @@ ngx_int_t ngx_send_lowat(ngx_connection_ #include #include @@ -768,10 +1023,10 @@ diff -r 67408b4a12c0 src/event/ngx_event.h #if (NGX_WIN32) #include -diff -r 67408b4a12c0 src/event/ngx_event_openssl.c ---- a/src/event/ngx_event_openssl.c Tue Dec 28 18:28:38 2021 +0300 -+++ b/src/event/ngx_event_openssl.c Tue Jan 04 18:14:15 2022 -0500 -@@ -3146,6 +3146,13 @@ +diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c +--- a/src/event/ngx_event_openssl.c ++++ b/src/event/ngx_event_openssl.c +@@ -3146,6 +3146,13 @@ ngx_ssl_shutdown(ngx_connection_t *c) ngx_err_t err; ngx_uint_t tries; @@ -785,9 +1040,9 @@ diff -r 67408b4a12c0 src/event/ngx_event_openssl.c rc = NGX_OK; ngx_ssl_ocsp_cleanup(c); -diff -r 67408b4a12c0 src/event/ngx_event_openssl.h ---- a/src/event/ngx_event_openssl.h Tue Dec 28 18:28:38 2021 +0300 -+++ b/src/event/ngx_event_openssl.h Tue Jan 04 18:14:15 2022 -0500 +diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h +--- a/src/event/ngx_event_openssl.h ++++ b/src/event/ngx_event_openssl.h @@ -24,6 +24,14 @@ #include #endif @@ -803,9 +1058,9 @@ diff -r 67408b4a12c0 src/event/ngx_event_openssl.h #include #ifndef OPENSSL_NO_OCSP #include -diff -r 67408b4a12c0 src/event/ngx_event_udp.c ---- a/src/event/ngx_event_udp.c Tue Dec 28 18:28:38 2021 +0300 -+++ b/src/event/ngx_event_udp.c Tue Jan 04 18:14:15 2022 -0500 +diff --git a/src/event/ngx_event_udp.c b/src/event/ngx_event_udp.c +--- a/src/event/ngx_event_udp.c ++++ b/src/event/ngx_event_udp.c @@ -12,52 +12,37 @@ #if !(NGX_WIN32) @@ -868,7 +1123,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c #endif if (ev->timedout) { -@@ -92,25 +77,13 @@ +@@ -92,25 +77,13 @@ ngx_event_recvmsg(ngx_event_t *ev) msg.msg_iov = iov; msg.msg_iovlen = 1; @@ -899,7 +1154,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c #endif n = recvmsg(lc->fd, &msg, 0); -@@ -129,7 +102,7 @@ +@@ -129,7 +102,7 @@ ngx_event_recvmsg(ngx_event_t *ev) return; } @@ -908,7 +1163,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c if (msg.msg_flags & (MSG_TRUNC|MSG_CTRUNC)) { ngx_log_error(NGX_LOG_ALERT, ev->log, 0, "recvmsg() truncated data"); -@@ -137,21 +110,21 @@ +@@ -137,21 +110,21 @@ ngx_event_recvmsg(ngx_event_t *ev) } #endif @@ -936,7 +1191,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c ngx_memzero(&sa, sizeof(struct sockaddr)); sa.sockaddr.sa_family = ls->sockaddr->sa_family; } -@@ -159,7 +132,7 @@ +@@ -159,7 +132,7 @@ ngx_event_recvmsg(ngx_event_t *ev) local_sockaddr = ls->sockaddr; local_socklen = ls->socklen; @@ -945,7 +1200,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c if (ls->wildcard) { struct cmsghdr *cmsg; -@@ -171,66 +144,43 @@ +@@ -171,66 +144,43 @@ ngx_event_recvmsg(ngx_event_t *ev) cmsg != NULL; cmsg = CMSG_NXTHDR(&msg, cmsg)) { @@ -1042,7 +1297,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c if (c) { -@@ -252,10 +202,14 @@ +@@ -252,10 +202,14 @@ ngx_event_recvmsg(ngx_event_t *ev) buf.pos = buffer; buf.last = buffer + n; @@ -1058,7 +1313,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c rev->ready = 1; rev->active = 0; -@@ -263,7 +217,7 @@ +@@ -263,7 +217,7 @@ ngx_event_recvmsg(ngx_event_t *ev) rev->handler(rev); if (c->udp) { @@ -1067,7 +1322,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c } rev->ready = 0; -@@ -286,7 +240,7 @@ +@@ -286,7 +240,7 @@ ngx_event_recvmsg(ngx_event_t *ev) c->shared = 1; c->type = SOCK_DGRAM; @@ -1076,7 +1331,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c #if (NGX_STAT_STUB) (void) ngx_atomic_fetch_add(ngx_stat_active, 1); -@@ -298,13 +252,21 @@ +@@ -298,13 +252,21 @@ ngx_event_recvmsg(ngx_event_t *ev) return; } @@ -1100,7 +1355,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c log = ngx_palloc(c->pool, sizeof(ngx_log_t)); if (log == NULL) { -@@ -405,7 +367,7 @@ +@@ -405,7 +367,7 @@ ngx_event_recvmsg(ngx_event_t *ev) } #endif @@ -1109,7 +1364,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c ngx_close_accepted_udp_connection(c); return; } -@@ -448,17 +410,17 @@ +@@ -448,17 +410,17 @@ ngx_udp_shared_recv(ngx_connection_t *c, ssize_t n; ngx_buf_t *b; @@ -1130,7 +1385,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c c->read->ready = 0; c->read->active = 1; -@@ -494,8 +456,8 @@ +@@ -494,8 +456,8 @@ ngx_udp_rbtree_insert_value(ngx_rbtree_n udpt = (ngx_udp_connection_t *) temp; ct = udpt->connection; @@ -1141,7 +1396,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c if (rc == 0 && c->listening->wildcard) { rc = ngx_cmp_sockaddr(c->local_sockaddr, c->local_socklen, -@@ -521,12 +483,18 @@ +@@ -521,12 +483,18 @@ ngx_udp_rbtree_insert_value(ngx_rbtree_n static ngx_int_t @@ -1162,7 +1417,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c if (c->udp) { return NGX_OK; } -@@ -536,19 +504,6 @@ +@@ -536,19 +504,6 @@ ngx_insert_udp_connection(ngx_connection return NGX_ERROR; } @@ -1182,7 +1437,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c cln = ngx_pool_cleanup_add(c->pool, 0); if (cln == NULL) { return NGX_ERROR; -@@ -557,7 +512,10 @@ +@@ -557,7 +512,10 @@ ngx_insert_udp_connection(ngx_connection cln->data = c; cln->handler = ngx_delete_udp_connection; @@ -1194,7 +1449,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c c->udp = udp; -@@ -566,6 +524,30 @@ +@@ -566,6 +524,30 @@ ngx_insert_udp_connection(ngx_connection void @@ -1225,7 +1480,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c ngx_delete_udp_connection(void *data) { ngx_connection_t *c = data; -@@ -581,8 +563,8 @@ +@@ -581,8 +563,8 @@ ngx_delete_udp_connection(void *data) static ngx_connection_t * @@ -1236,7 +1491,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c { uint32_t hash; ngx_int_t rc; -@@ -590,27 +572,15 @@ +@@ -590,27 +572,15 @@ ngx_lookup_udp_connection(ngx_listening_ ngx_rbtree_node_t *node, *sentinel; ngx_udp_connection_t *udp; @@ -1267,7 +1522,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c if (ls->wildcard) { ngx_crc32_update(&hash, (u_char *) local_sockaddr, local_socklen); -@@ -636,8 +606,7 @@ +@@ -636,8 +606,7 @@ ngx_lookup_udp_connection(ngx_listening_ c = udp->connection; @@ -1277,7 +1532,7 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c if (rc == 0 && ls->wildcard) { rc = ngx_cmp_sockaddr(local_sockaddr, local_socklen, -@@ -645,6 +614,13 @@ +@@ -645,6 +614,13 @@ ngx_lookup_udp_connection(ngx_listening_ } if (rc == 0) { @@ -1291,9 +1546,10 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.c return c; } -diff -r 67408b4a12c0 src/event/ngx_event_udp.h ---- /dev/null Thu Jan 01 00:00:00 1970 +0000 -+++ b/src/event/ngx_event_udp.h Tue Jan 04 18:14:15 2022 -0500 +diff --git a/src/event/ngx_event_udp.h b/src/event/ngx_event_udp.h +new file mode 100644 +--- /dev/null ++++ b/src/event/ngx_event_udp.h @@ -0,0 +1,76 @@ + +/* @@ -1371,9 +1627,10 @@ diff -r 67408b4a12c0 src/event/ngx_event_udp.h + + +#endif /* _NGX_EVENT_UDP_H_INCLUDED_ */ -diff -r 67408b4a12c0 src/event/quic/bpf/bpfgen.sh ---- /dev/null Thu Jan 01 00:00:00 1970 +0000 -+++ b/src/event/quic/bpf/bpfgen.sh Tue Jan 04 18:14:15 2022 -0500 +diff --git a/src/event/quic/bpf/bpfgen.sh b/src/event/quic/bpf/bpfgen.sh +new file mode 100644 +--- /dev/null ++++ b/src/event/quic/bpf/bpfgen.sh @@ -0,0 +1,113 @@ +#!/bin/bash + @@ -1488,9 +1745,10 @@ diff -r 67408b4a12c0 src/event/quic/bpf/bpfgen.sh +process_section +generate_tail + -diff -r 67408b4a12c0 src/event/quic/bpf/makefile ---- /dev/null Thu Jan 01 00:00:00 1970 +0000 -+++ b/src/event/quic/bpf/makefile Tue Jan 04 18:14:15 2022 -0500 +diff --git a/src/event/quic/bpf/makefile b/src/event/quic/bpf/makefile +new file mode 100644 +--- /dev/null ++++ b/src/event/quic/bpf/makefile *** 1412 LINES SKIPPED ***