Date: Wed, 5 Jan 2022 16:47:27 GMT From: "Sergey A. Osokin" <osa@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: cada18903ccc - main - www/nginx-devel: initial support for HTTPv3 Message-ID: <202201051647.205GlRHj043197@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by osa: URL: https://cgit.FreeBSD.org/ports/commit/?id=cada18903ccc63ec77dfb54bf36d8b050682ef69 commit cada18903ccc63ec77dfb54bf36d8b050682ef69 Author: Sergey A. Osokin <osa@FreeBSD.org> AuthorDate: 2022-01-05 16:45:15 +0000 Commit: Sergey A. Osokin <osa@FreeBSD.org> CommitDate: 2022-01-05 16:47:20 +0000 www/nginx-devel: initial support for HTTPv3 Bump PORTREVISION. Based on ideas from: ashish --- www/nginx-devel/Makefile | 12 +- www/nginx-devel/Makefile.options.desc | 1 + www/nginx-devel/files/extra-patch-httpv3 | 25543 +++++++++++++++++++++++++++++ 3 files changed, 25554 insertions(+), 2 deletions(-) diff --git a/www/nginx-devel/Makefile b/www/nginx-devel/Makefile index 9140dbf72c4f..226d737b15b1 100644 --- a/www/nginx-devel/Makefile +++ b/www/nginx-devel/Makefile @@ -2,7 +2,7 @@ PORTNAME?= nginx PORTVERSION= 1.21.5 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= www MASTER_SITES= https://nginx.org/download/ \ LOCAL/osa @@ -72,7 +72,7 @@ OPTIONS_GROUP_HTTPGRP= GOOGLE_PERFTOOLS HTTP HTTP_ADDITION HTTP_AUTH_REQ \ HTTP_CACHE HTTP_DAV HTTP_DEGRADATION HTTP_FLV HTTP_GUNZIP_FILTER \ HTTP_GZIP_STATIC HTTP_IMAGE_FILTER HTTP_MP4 HTTP_PERL \ HTTP_RANDOM_INDEX HTTP_REALIP HTTP_SECURE_LINK HTTP_SLICE HTTP_SSL \ - HTTP_STATUS HTTP_SUB HTTP_XSLT HTTPV2 + HTTP_STATUS HTTP_SUB HTTP_XSLT HTTPV2 HTTPV3 OPTIONS_GROUP_MAILGRP= MAIL MAIL_IMAP MAIL_POP3 MAIL_SMTP MAIL_SSL @@ -170,6 +170,14 @@ HTTP_XSLT_USE= GNOME=libxml2,libxslt HTTP_XSLT_VARS= DSO_BASEMODS+=http_xslt_module HTTPV2_IMPLIES= HTTP_SSL HTTPV2_CONFIGURE_ON= --with-http_v2_module +HTTPV3_BUILD_DEPENDS= ${LOCALBASE}/bin/bssl:security/boringssl +HTTPV3_RUN_DEPENDS= ${LOCALBASE}/bin/bssl:security/boringssl +HTTPV3_CONFIGURE_ON= --with-ld-opt="-L ${LOCALBASE}/lib -Wl,-rpath,${LOCALBASE}/lib" \ + --with-http_ssl_module \ + --build=nginx-quic \ + --with-stream_quic_module \ + --with-http_v3_module +HTTPV3_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-httpv3:-p1 MAIL_VARS= DSO_BASEMODS+=mail MAIL_IMAP_CONFIGURE_OFF= --without-mail_imap_module MAIL_POP3_CONFIGURE_OFF= --without-mail_pop3_module diff --git a/www/nginx-devel/Makefile.options.desc b/www/nginx-devel/Makefile.options.desc index 0424d95d8150..b39e871d0a9b 100644 --- a/www/nginx-devel/Makefile.options.desc +++ b/www/nginx-devel/Makefile.options.desc @@ -22,6 +22,7 @@ GSSAPI_DESC= GSSAPI implementation (imply HTTP_AUTH_KRB5) HEADERS_MORE_DESC= 3rd party headers_more module HTTPGRP_DESC= Modules that require HTTP module HTTPV2_DESC= Enable HTTP/2 protocol support (SSL req.) +HTTPV3_DESC= Enable HTTP/3 protocol support (BoringSSL req.) HTTP_ACCEPT_LANGUAGE_DESC= 3rd party accept_language module HTTP_ADDITION_DESC= Enable http_addition module HTTP_AUTH_DIGEST_DESC= 3rd party http_authdigest module diff --git a/www/nginx-devel/files/extra-patch-httpv3 b/www/nginx-devel/files/extra-patch-httpv3 new file mode 100644 index 000000000000..dac679832645 --- /dev/null +++ b/www/nginx-devel/files/extra-patch-httpv3 @@ -0,0 +1,25543 @@ +diff -r 67408b4a12c0 auto/lib/openssl/conf +--- a/auto/lib/openssl/conf Tue Dec 28 18:28:38 2021 +0300 ++++ b/auto/lib/openssl/conf Tue Jan 04 18:14:15 2022 -0500 +@@ -5,12 +5,16 @@ + + if [ $OPENSSL != NONE ]; then + ++ have=NGX_OPENSSL . auto/have ++ have=NGX_SSL . auto/have ++ ++ if [ $USE_OPENSSL_QUIC = YES ]; then ++ have=NGX_QUIC . auto/have ++ fi ++ + case "$CC" in + + cl | bcc32) +- have=NGX_OPENSSL . auto/have +- have=NGX_SSL . auto/have +- + CFLAGS="$CFLAGS -DNO_SYS_TYPES_H" + + CORE_INCS="$CORE_INCS $OPENSSL/openssl/include" +@@ -33,9 +37,6 @@ + ;; + + *) +- have=NGX_OPENSSL . auto/have +- have=NGX_SSL . auto/have +- + CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include" + CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h" + CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a" +@@ -139,4 +140,28 @@ + exit 1 + fi + ++ if [ $USE_OPENSSL_QUIC = YES ]; then ++ ++ ngx_feature="OpenSSL QUIC support" ++ ngx_feature_name="NGX_QUIC" ++ ngx_feature_run=no ++ ngx_feature_incs="#include <openssl/ssl.h>" ++ ngx_feature_path= ++ ngx_feature_libs="-lssl -lcrypto $NGX_LIBDL $NGX_LIBPTHREAD" ++ ngx_feature_test="SSL_set_quic_method(NULL, NULL)" ++ . auto/feature ++ ++ if [ $ngx_found = no ]; then ++ ++cat << END ++ ++$0: error: certain modules require OpenSSL QUIC support. ++You can either do not enable the modules, or install the OpenSSL library with ++QUIC support into the system, or build the OpenSSL library with QUIC support ++statically from the source with nginx by using --with-openssl=<path> option. ++ ++END ++ exit 1 ++ fi ++ fi + fi +diff -r 67408b4a12c0 auto/make +--- a/auto/make Tue Dec 28 18:28:38 2021 +0300 ++++ b/auto/make Tue Jan 04 18:14:15 2022 -0500 +@@ -6,9 +6,10 @@ + echo "creating $NGX_MAKEFILE" + + mkdir -p $NGX_OBJS/src/core $NGX_OBJS/src/event $NGX_OBJS/src/event/modules \ ++ $NGX_OBJS/src/event/quic \ + $NGX_OBJS/src/os/unix $NGX_OBJS/src/os/win32 \ +- $NGX_OBJS/src/http $NGX_OBJS/src/http/v2 $NGX_OBJS/src/http/modules \ +- $NGX_OBJS/src/http/modules/perl \ ++ $NGX_OBJS/src/http $NGX_OBJS/src/http/v2 $NGX_OBJS/src/http/v3 \ ++ $NGX_OBJS/src/http/modules $NGX_OBJS/src/http/modules/perl \ + $NGX_OBJS/src/mail \ + $NGX_OBJS/src/stream \ + $NGX_OBJS/src/misc +diff -r 67408b4a12c0 auto/modules +--- a/auto/modules Tue Dec 28 18:28:38 2021 +0300 ++++ b/auto/modules Tue Jan 04 18:14:15 2022 -0500 +@@ -102,7 +102,7 @@ + fi + + +- if [ $HTTP_V2 = YES ]; then ++ if [ $HTTP_V2 = YES -o $HTTP_V3 = YES ]; then + HTTP_SRCS="$HTTP_SRCS $HTTP_HUFF_SRCS" + fi + +@@ -124,6 +124,7 @@ + # ngx_http_header_filter + # ngx_http_chunked_filter + # ngx_http_v2_filter ++ # ngx_http_v3_filter + # ngx_http_range_header_filter + # ngx_http_gzip_filter + # ngx_http_postpone_filter +@@ -156,6 +157,7 @@ + ngx_http_header_filter_module \ + ngx_http_chunked_filter_module \ + ngx_http_v2_filter_module \ ++ ngx_http_v3_filter_module \ + ngx_http_range_header_filter_module \ + ngx_http_gzip_filter_module \ + ngx_http_postpone_filter_module \ +@@ -217,6 +219,17 @@ + . auto/module + fi + ++ if [ $HTTP_V3 = YES ]; then ++ ngx_module_name=ngx_http_v3_filter_module ++ ngx_module_incs= ++ ngx_module_deps= ++ ngx_module_srcs=src/http/v3/ngx_http_v3_filter_module.c ++ ngx_module_libs= ++ ngx_module_link=$HTTP_V3 ++ ++ . auto/module ++ fi ++ + if :; then + ngx_module_name=ngx_http_range_header_filter_module + ngx_module_incs= +@@ -426,6 +439,33 @@ + . auto/module + fi + ++ if [ $HTTP_V3 = YES ]; then ++ USE_OPENSSL_QUIC=YES ++ HTTP_SSL=YES ++ ++ have=NGX_HTTP_V3 . auto/have ++ have=NGX_HTTP_HEADERS . auto/have ++ ++ ngx_module_name=ngx_http_v3_module ++ ngx_module_incs=src/http/v3 ++ ngx_module_deps="src/http/v3/ngx_http_v3.h \ ++ src/http/v3/ngx_http_v3_encode.h \ ++ src/http/v3/ngx_http_v3_parse.h \ ++ src/http/v3/ngx_http_v3_table.h \ ++ src/http/v3/ngx_http_v3_uni.h" ++ ngx_module_srcs="src/http/v3/ngx_http_v3.c \ ++ src/http/v3/ngx_http_v3_encode.c \ ++ src/http/v3/ngx_http_v3_parse.c \ ++ src/http/v3/ngx_http_v3_table.c \ ++ src/http/v3/ngx_http_v3_uni.c \ ++ src/http/v3/ngx_http_v3_request.c \ ++ src/http/v3/ngx_http_v3_module.c" ++ ngx_module_libs= ++ ngx_module_link=$HTTP_V3 ++ ++ . auto/module ++ fi ++ + if :; then + ngx_module_name=ngx_http_static_module + ngx_module_incs= +@@ -1035,6 +1075,20 @@ + + ngx_module_incs= + ++ if [ $STREAM_QUIC = YES ]; then ++ USE_OPENSSL_QUIC=YES ++ have=NGX_STREAM_QUIC . auto/have ++ STREAM_SSL=YES ++ ++ ngx_module_name=ngx_stream_quic_module ++ ngx_module_deps=src/stream/ngx_stream_quic_module.h ++ ngx_module_srcs=src/stream/ngx_stream_quic_module.c ++ ngx_module_libs= ++ ngx_module_link=$STREAM_QUIC ++ ++ . auto/module ++ fi ++ + if [ $STREAM_SSL = YES ]; then + USE_OPENSSL=YES + have=NGX_STREAM_SSL . auto/have +@@ -1272,6 +1326,60 @@ + fi + + ++if [ $USE_OPENSSL_QUIC = YES ]; then ++ ngx_module_type=CORE ++ ngx_module_name=ngx_quic_module ++ ngx_module_incs= ++ ngx_module_deps="src/event/quic/ngx_event_quic.h \ ++ src/event/quic/ngx_event_quic_transport.h \ ++ src/event/quic/ngx_event_quic_protection.h \ ++ src/event/quic/ngx_event_quic_connection.h \ ++ src/event/quic/ngx_event_quic_frames.h \ ++ src/event/quic/ngx_event_quic_connid.h \ ++ src/event/quic/ngx_event_quic_migration.h \ ++ src/event/quic/ngx_event_quic_streams.h \ ++ src/event/quic/ngx_event_quic_ssl.h \ ++ src/event/quic/ngx_event_quic_tokens.h \ ++ src/event/quic/ngx_event_quic_ack.h \ ++ src/event/quic/ngx_event_quic_output.h \ ++ src/event/quic/ngx_event_quic_socket.h" ++ ngx_module_srcs="src/event/quic/ngx_event_quic.c \ ++ src/event/quic/ngx_event_quic_transport.c \ ++ src/event/quic/ngx_event_quic_protection.c \ ++ src/event/quic/ngx_event_quic_frames.c \ ++ src/event/quic/ngx_event_quic_connid.c \ ++ src/event/quic/ngx_event_quic_migration.c \ ++ src/event/quic/ngx_event_quic_streams.c \ ++ src/event/quic/ngx_event_quic_ssl.c \ ++ src/event/quic/ngx_event_quic_tokens.c \ ++ src/event/quic/ngx_event_quic_ack.c \ ++ src/event/quic/ngx_event_quic_output.c \ ++ src/event/quic/ngx_event_quic_socket.c" ++ ++ ngx_module_libs= ++ ngx_module_link=YES ++ ngx_module_order= ++ ++ . auto/module ++ ++ if [ $QUIC_BPF = YES -a $SO_COOKIE_FOUND = YES ]; then ++ ngx_module_type=CORE ++ ngx_module_name=ngx_quic_bpf_module ++ ngx_module_incs= ++ ngx_module_deps= ++ ngx_module_srcs="src/event/quic/ngx_event_quic_bpf.c \ ++ src/event/quic/ngx_event_quic_bpf_code.c" ++ ngx_module_libs= ++ ngx_module_link=YES ++ ngx_module_order= ++ ++ . auto/module ++ ++ have=NGX_QUIC_BPF . auto/have ++ fi ++fi ++ ++ + if [ $USE_PCRE = YES ]; then + ngx_module_type=CORE + ngx_module_name=ngx_regex_module +diff -r 67408b4a12c0 auto/options +--- a/auto/options Tue Dec 28 18:28:38 2021 +0300 ++++ b/auto/options Tue Jan 04 18:14:15 2022 -0500 +@@ -45,6 +45,8 @@ + + NGX_FILE_AIO=NO + ++QUIC_BPF=NO ++ + HTTP=YES + + NGX_HTTP_LOG_PATH= +@@ -59,6 +61,7 @@ + HTTP_GZIP=YES + HTTP_SSL=NO + HTTP_V2=NO ++HTTP_V3=NO + HTTP_SSI=YES + HTTP_REALIP=NO + HTTP_XSLT=NO +@@ -116,6 +119,7 @@ + + STREAM=NO + STREAM_SSL=NO ++STREAM_QUIC=NO + STREAM_REALIP=NO + STREAM_LIMIT_CONN=YES + STREAM_ACCESS=YES +@@ -149,6 +153,7 @@ + PCRE2=YES + + USE_OPENSSL=NO ++USE_OPENSSL_QUIC=NO + OPENSSL=NONE + + USE_ZLIB=NO +@@ -166,6 +171,8 @@ + NGX_GOOGLE_PERFTOOLS=NO + NGX_CPP_TEST=NO + ++SO_COOKIE_FOUND=NO ++ + NGX_LIBATOMIC=NO + + NGX_CPU_CACHE_LINE= +@@ -211,6 +218,8 @@ + + --with-file-aio) NGX_FILE_AIO=YES ;; + ++ --without-quic_bpf_module) QUIC_BPF=NONE ;; ++ + --with-ipv6) + NGX_POST_CONF_MSG="$NGX_POST_CONF_MSG + $0: warning: the \"--with-ipv6\" option is deprecated" +@@ -228,6 +237,7 @@ + + --with-http_ssl_module) HTTP_SSL=YES ;; + --with-http_v2_module) HTTP_V2=YES ;; ++ --with-http_v3_module) HTTP_V3=YES ;; + --with-http_realip_module) HTTP_REALIP=YES ;; + --with-http_addition_module) HTTP_ADDITION=YES ;; + --with-http_xslt_module) HTTP_XSLT=YES ;; +@@ -314,6 +324,7 @@ + --with-stream) STREAM=YES ;; + --with-stream=dynamic) STREAM=DYNAMIC ;; + --with-stream_ssl_module) STREAM_SSL=YES ;; ++ --with-stream_quic_module) STREAM_QUIC=YES ;; + --with-stream_realip_module) STREAM_REALIP=YES ;; + --with-stream_geoip_module) STREAM_GEOIP=YES ;; + --with-stream_geoip_module=dynamic) +@@ -443,8 +454,11 @@ + + --with-file-aio enable file AIO support + ++ --without-quic_bpf_module disable ngx_quic_bpf_module ++ + --with-http_ssl_module enable ngx_http_ssl_module + --with-http_v2_module enable ngx_http_v2_module ++ --with-http_v3_module enable ngx_http_v3_module + --with-http_realip_module enable ngx_http_realip_module + --with-http_addition_module enable ngx_http_addition_module + --with-http_xslt_module enable ngx_http_xslt_module +@@ -533,6 +547,7 @@ + --with-stream enable TCP/UDP proxy module + --with-stream=dynamic enable dynamic TCP/UDP proxy module + --with-stream_ssl_module enable ngx_stream_ssl_module ++ --with-stream_quic_module enable ngx_stream_quic_module + --with-stream_realip_module enable ngx_stream_realip_module + --with-stream_geoip_module enable ngx_stream_geoip_module + --with-stream_geoip_module=dynamic enable dynamic ngx_stream_geoip_module +diff -r 67408b4a12c0 auto/os/linux +--- a/auto/os/linux Tue Dec 28 18:28:38 2021 +0300 ++++ b/auto/os/linux Tue Jan 04 18:14:15 2022 -0500 +@@ -233,3 +233,63 @@ + + + CC_AUX_FLAGS="$cc_aux_flags -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64" ++ ++ ++# BPF sockhash ++ ++ngx_feature="BPF sockhash" ++ngx_feature_name="NGX_HAVE_BPF" ++ngx_feature_run=no ++ngx_feature_incs="#include <linux/bpf.h> ++ #include <sys/syscall.h>" ++ngx_feature_path= ++ngx_feature_libs= ++ngx_feature_test="union bpf_attr attr = { 0 }; ++ ++ attr.map_flags = 0; ++ attr.map_type = BPF_MAP_TYPE_SOCKHASH; ++ ++ syscall(__NR_bpf, 0, &attr, 0);" ++. auto/feature ++ ++if [ $ngx_found = yes ]; then ++ CORE_SRCS="$CORE_SRCS src/core/ngx_bpf.c" ++ CORE_DEPS="$CORE_DEPS src/core/ngx_bpf.h" ++ ++ if [ $QUIC_BPF != NONE ]; then ++ QUIC_BPF=YES ++ fi ++fi ++ ++ ++ngx_feature="SO_COOKIE" ++ngx_feature_name="NGX_HAVE_SO_COOKIE" ++ngx_feature_run=no ++ngx_feature_incs="#include <sys/socket.h> ++ #include <stdint.h>" ++ngx_feature_path= ++ngx_feature_libs= ++ngx_feature_test="socklen_t optlen = sizeof(uint64_t); ++ uint64_t cookie; ++ getsockopt(0, SOL_SOCKET, SO_COOKIE, &cookie, &optlen)" ++. auto/feature ++ ++if [ $ngx_found = yes ]; then ++ SO_COOKIE_FOUND=YES ++fi ++ ++ ++# UDP segmentation offloading ++ ++ngx_feature="UDP_SEGMENT" ++ngx_feature_name="NGX_HAVE_UDP_SEGMENT" ++ngx_feature_run=no ++ngx_feature_incs="#include <sys/socket.h> ++ #include <stdint.h> ++ #include <netinet/udp.h>" ++ngx_feature_path= ++ngx_feature_libs= ++ngx_feature_test="socklen_t optlen = sizeof(int); ++ int val; ++ getsockopt(0, SOL_UDP, UDP_SEGMENT, &val, &optlen)" ++. auto/feature +diff -r 67408b4a12c0 auto/sources +--- a/auto/sources Tue Dec 28 18:28:38 2021 +0300 ++++ b/auto/sources Tue Jan 04 18:14:15 2022 -0500 +@@ -83,13 +83,14 @@ + + EVENT_MODULES="ngx_events_module ngx_event_core_module" + +-EVENT_INCS="src/event src/event/modules" ++EVENT_INCS="src/event src/event/modules src/event/quic" + + EVENT_DEPS="src/event/ngx_event.h \ + src/event/ngx_event_timer.h \ + src/event/ngx_event_posted.h \ + src/event/ngx_event_connect.h \ +- src/event/ngx_event_pipe.h" ++ src/event/ngx_event_pipe.h \ ++ src/event/ngx_event_udp.h" + + EVENT_SRCS="src/event/ngx_event.c \ + src/event/ngx_event_timer.c \ +diff -r 67408b4a12c0 src/core/nginx.c +--- a/src/core/nginx.c Tue Dec 28 18:28:38 2021 +0300 ++++ b/src/core/nginx.c Tue Jan 04 18:14:15 2022 -0500 +@@ -680,6 +680,9 @@ + + ls = cycle->listening.elts; + for (i = 0; i < cycle->listening.nelts; i++) { ++ if (ls[i].ignore) { ++ continue; ++ } + p = ngx_sprintf(p, "%ud;", ls[i].fd); + } + +diff -r 67408b4a12c0 src/core/ngx_bpf.c +--- /dev/null Thu Jan 01 00:00:00 1970 +0000 ++++ b/src/core/ngx_bpf.c Tue Jan 04 18:14:15 2022 -0500 +@@ -0,0 +1,143 @@ ++ ++/* ++ * Copyright (C) Nginx, Inc. ++ */ ++ ++ ++#include <ngx_config.h> ++#include <ngx_core.h> ++ ++#define NGX_BPF_LOGBUF_SIZE (16 * 1024) ++ ++ ++static ngx_inline int ++ngx_bpf(enum bpf_cmd cmd, union bpf_attr *attr, unsigned int size) ++{ ++ return syscall(__NR_bpf, cmd, attr, size); ++} ++ ++ ++void ++ngx_bpf_program_link(ngx_bpf_program_t *program, const char *symbol, int fd) ++{ ++ ngx_uint_t i; ++ ngx_bpf_reloc_t *rl; ++ ++ rl = program->relocs; ++ ++ for (i = 0; i < program->nrelocs; i++) { ++ if (ngx_strcmp(rl[i].name, symbol) == 0) { ++ program->ins[rl[i].offset].src_reg = 1; ++ program->ins[rl[i].offset].imm = fd; ++ } ++ } ++} ++ ++ ++int ++ngx_bpf_load_program(ngx_log_t *log, ngx_bpf_program_t *program) ++{ ++ int fd; ++ union bpf_attr attr; ++#if (NGX_DEBUG) ++ char buf[NGX_BPF_LOGBUF_SIZE]; ++#endif ++ ++ ngx_memzero(&attr, sizeof(union bpf_attr)); ++ ++ attr.license = (uintptr_t) program->license; ++ attr.prog_type = program->type; ++ attr.insns = (uintptr_t) program->ins; ++ attr.insn_cnt = program->nins; ++ ++#if (NGX_DEBUG) ++ /* for verifier errors */ ++ attr.log_buf = (uintptr_t) buf; ++ attr.log_size = NGX_BPF_LOGBUF_SIZE; ++ attr.log_level = 1; ++#endif ++ ++ fd = ngx_bpf(BPF_PROG_LOAD, &attr, sizeof(attr)); ++ if (fd < 0) { ++ ngx_log_error(NGX_LOG_ALERT, log, ngx_errno, ++ "failed to load BPF program"); ++ ++ ngx_log_debug1(NGX_LOG_DEBUG_CORE, log, 0, ++ "bpf verifier: %s", buf); ++ ++ return -1; ++ } ++ ++ return fd; ++} ++ ++ ++int ++ngx_bpf_map_create(ngx_log_t *log, enum bpf_map_type type, int key_size, ++ int value_size, int max_entries, uint32_t map_flags) ++{ ++ int fd; ++ union bpf_attr attr; ++ ++ ngx_memzero(&attr, sizeof(union bpf_attr)); ++ ++ attr.map_type = type; ++ attr.key_size = key_size; ++ attr.value_size = value_size; ++ attr.max_entries = max_entries; ++ attr.map_flags = map_flags; ++ ++ fd = ngx_bpf(BPF_MAP_CREATE, &attr, sizeof(attr)); ++ if (fd < 0) { ++ ngx_log_error(NGX_LOG_ALERT, log, ngx_errno, ++ "failed to create BPF map"); ++ return NGX_ERROR; ++ } ++ ++ return fd; ++} ++ ++ ++int ++ngx_bpf_map_update(int fd, const void *key, const void *value, uint64_t flags) ++{ ++ union bpf_attr attr; ++ ++ ngx_memzero(&attr, sizeof(union bpf_attr)); ++ ++ attr.map_fd = fd; ++ attr.key = (uintptr_t) key; ++ attr.value = (uintptr_t) value; ++ attr.flags = flags; ++ ++ return ngx_bpf(BPF_MAP_UPDATE_ELEM, &attr, sizeof(attr)); ++} ++ ++ ++int ++ngx_bpf_map_delete(int fd, const void *key) ++{ ++ union bpf_attr attr; ++ ++ ngx_memzero(&attr, sizeof(union bpf_attr)); ++ ++ attr.map_fd = fd; ++ attr.key = (uintptr_t) key; ++ ++ return ngx_bpf(BPF_MAP_DELETE_ELEM, &attr, sizeof(attr)); ++} ++ ++ ++int ++ngx_bpf_map_lookup(int fd, const void *key, void *value) ++{ ++ union bpf_attr attr; ++ ++ ngx_memzero(&attr, sizeof(union bpf_attr)); ++ ++ attr.map_fd = fd; ++ attr.key = (uintptr_t) key; ++ attr.value = (uintptr_t) value; ++ ++ return ngx_bpf(BPF_MAP_LOOKUP_ELEM, &attr, sizeof(attr)); ++} +diff -r 67408b4a12c0 src/core/ngx_bpf.h +--- /dev/null Thu Jan 01 00:00:00 1970 +0000 ++++ b/src/core/ngx_bpf.h Tue Jan 04 18:14:15 2022 -0500 +@@ -0,0 +1,43 @@ ++ ++/* ++ * Copyright (C) Nginx, Inc. ++ */ ++ ++ ++#ifndef _NGX_BPF_H_INCLUDED_ ++#define _NGX_BPF_H_INCLUDED_ ++ ++ ++#include <ngx_config.h> ++#include <ngx_core.h> ++ ++#include <linux/bpf.h> ++ ++ ++typedef struct { ++ char *name; ++ int offset; ++} ngx_bpf_reloc_t; ++ ++typedef struct { ++ char *license; ++ enum bpf_prog_type type; ++ struct bpf_insn *ins; ++ size_t nins; ++ ngx_bpf_reloc_t *relocs; ++ size_t nrelocs; ++} ngx_bpf_program_t; ++ ++ ++void ngx_bpf_program_link(ngx_bpf_program_t *program, const char *symbol, ++ int fd); ++int ngx_bpf_load_program(ngx_log_t *log, ngx_bpf_program_t *program); ++ ++int ngx_bpf_map_create(ngx_log_t *log, enum bpf_map_type type, int key_size, ++ int value_size, int max_entries, uint32_t map_flags); ++int ngx_bpf_map_update(int fd, const void *key, const void *value, ++ uint64_t flags); ++int ngx_bpf_map_delete(int fd, const void *key); ++int ngx_bpf_map_lookup(int fd, const void *key, void *value); ++ ++#endif /* _NGX_BPF_H_INCLUDED_ */ +diff -r 67408b4a12c0 src/core/ngx_connection.c +--- a/src/core/ngx_connection.c Tue Dec 28 18:28:38 2021 +0300 ++++ b/src/core/ngx_connection.c Tue Jan 04 18:14:15 2022 -0500 +@@ -1037,6 +1037,12 @@ + ls = cycle->listening.elts; + for (i = 0; i < cycle->listening.nelts; i++) { + ++#if (NGX_QUIC) ++ if (ls[i].quic) { ++ continue; ++ } ++#endif ++ + c = ls[i].connection; + + if (c) { +diff -r 67408b4a12c0 src/core/ngx_connection.h +--- a/src/core/ngx_connection.h Tue Dec 28 18:28:38 2021 +0300 ++++ b/src/core/ngx_connection.h Tue Jan 04 18:14:15 2022 -0500 +@@ -73,6 +73,7 @@ + unsigned reuseport:1; + unsigned add_reuseport:1; + unsigned keepalive:2; ++ unsigned quic:1; + + unsigned deferred_accept:1; + unsigned delete_deferred:1; +@@ -147,6 +148,10 @@ + + ngx_proxy_protocol_t *proxy_protocol; + ++#if (NGX_QUIC || NGX_COMPAT) ++ ngx_quic_stream_t *quic; ++#endif ++ + #if (NGX_SSL || NGX_COMPAT) + ngx_ssl_connection_t *ssl; + #endif +diff -r 67408b4a12c0 src/core/ngx_core.h +--- a/src/core/ngx_core.h Tue Dec 28 18:28:38 2021 +0300 ++++ b/src/core/ngx_core.h Tue Jan 04 18:14:15 2022 -0500 +@@ -27,6 +27,7 @@ + typedef struct ngx_thread_task_s ngx_thread_task_t; + typedef struct ngx_ssl_s ngx_ssl_t; + typedef struct ngx_proxy_protocol_s ngx_proxy_protocol_t; ++typedef struct ngx_quic_stream_s ngx_quic_stream_t; + typedef struct ngx_ssl_connection_s ngx_ssl_connection_t; + typedef struct ngx_udp_connection_s ngx_udp_connection_t; + +@@ -82,6 +83,9 @@ + #include <ngx_resolver.h> + #if (NGX_OPENSSL) + #include <ngx_event_openssl.h> ++#if (NGX_QUIC) ++#include <ngx_event_quic.h> ++#endif + #endif + #include <ngx_process_cycle.h> + #include <ngx_conf_file.h> +@@ -91,6 +95,9 @@ + #include <ngx_connection.h> + #include <ngx_syslog.h> + #include <ngx_proxy_protocol.h> ++#if (NGX_HAVE_BPF) ++#include <ngx_bpf.h> ++#endif + + + #define LF (u_char) '\n' +diff -r 67408b4a12c0 src/event/ngx_event.c +--- a/src/event/ngx_event.c Tue Dec 28 18:28:38 2021 +0300 ++++ b/src/event/ngx_event.c Tue Jan 04 18:14:15 2022 -0500 +@@ -266,6 +266,18 @@ + ngx_int_t + ngx_handle_read_event(ngx_event_t *rev, ngx_uint_t flags) + { ++#if (NGX_QUIC) ++ ++ ngx_connection_t *c; ++ ++ c = rev->data; ++ ++ if (c->quic) { ++ return ngx_quic_handle_read_event(rev, flags); ++ } ++ ++#endif ++ + if (ngx_event_flags & NGX_USE_CLEAR_EVENT) { + + /* kqueue, epoll */ +@@ -336,9 +348,15 @@ + { + ngx_connection_t *c; + ++ c = wev->data; ++ ++#if (NGX_QUIC) ++ if (c->quic) { ++ return ngx_quic_handle_write_event(wev, lowat); ++ } ++#endif ++ + if (lowat) { +- c = wev->data; +- + if (ngx_send_lowat(c, lowat) == NGX_ERROR) { + return NGX_ERROR; + } +@@ -917,6 +935,12 @@ + { + int sndlowat; + ++#if (NGX_QUIC) ++ if (c->quic) { ++ return NGX_OK; ++ } ++#endif ++ + #if (NGX_HAVE_LOWAT_EVENT) + + if (ngx_event_flags & NGX_USE_KQUEUE_EVENT) { +diff -r 67408b4a12c0 src/event/ngx_event.h +--- a/src/event/ngx_event.h Tue Dec 28 18:28:38 2021 +0300 ++++ b/src/event/ngx_event.h Tue Jan 04 18:14:15 2022 -0500 +@@ -493,12 +493,6 @@ + + + void ngx_event_accept(ngx_event_t *ev); +-#if !(NGX_WIN32) +-void ngx_event_recvmsg(ngx_event_t *ev); +-void ngx_udp_rbtree_insert_value(ngx_rbtree_node_t *temp, +- ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel); +-#endif +-void ngx_delete_udp_connection(void *data); + ngx_int_t ngx_trylock_accept_mutex(ngx_cycle_t *cycle); + ngx_int_t ngx_enable_accept_events(ngx_cycle_t *cycle); + u_char *ngx_accept_log_error(ngx_log_t *log, u_char *buf, size_t len); +@@ -528,6 +522,7 @@ + + #include <ngx_event_timer.h> + #include <ngx_event_posted.h> ++#include <ngx_event_udp.h> + + #if (NGX_WIN32) + #include <ngx_iocp_module.h> +diff -r 67408b4a12c0 src/event/ngx_event_openssl.c +--- a/src/event/ngx_event_openssl.c Tue Dec 28 18:28:38 2021 +0300 ++++ b/src/event/ngx_event_openssl.c Tue Jan 04 18:14:15 2022 -0500 +@@ -3146,6 +3146,13 @@ + ngx_err_t err; + ngx_uint_t tries; + ++#if (NGX_QUIC) ++ if (c->quic) { ++ /* QUIC streams inherit SSL object */ ++ return NGX_OK; ++ } ++#endif ++ + rc = NGX_OK; + + ngx_ssl_ocsp_cleanup(c); +diff -r 67408b4a12c0 src/event/ngx_event_openssl.h +--- a/src/event/ngx_event_openssl.h Tue Dec 28 18:28:38 2021 +0300 ++++ b/src/event/ngx_event_openssl.h Tue Jan 04 18:14:15 2022 -0500 +@@ -24,6 +24,14 @@ + #include <openssl/engine.h> + #endif + #include <openssl/evp.h> ++#if (NGX_QUIC) ++#ifdef OPENSSL_IS_BORINGSSL ++#include <openssl/hkdf.h> ++#include <openssl/chacha.h> ++#else ++#include <openssl/kdf.h> ++#endif ++#endif + #include <openssl/hmac.h> + #ifndef OPENSSL_NO_OCSP + #include <openssl/ocsp.h> +diff -r 67408b4a12c0 src/event/ngx_event_udp.c +--- a/src/event/ngx_event_udp.c Tue Dec 28 18:28:38 2021 +0300 ++++ b/src/event/ngx_event_udp.c Tue Jan 04 18:14:15 2022 -0500 +@@ -12,52 +12,37 @@ + + #if !(NGX_WIN32) + +-struct ngx_udp_connection_s { +- ngx_rbtree_node_t node; +- ngx_connection_t *connection; +- ngx_buf_t *buffer; +-}; +- +- + static void ngx_close_accepted_udp_connection(ngx_connection_t *c); + static ssize_t ngx_udp_shared_recv(ngx_connection_t *c, u_char *buf, + size_t size); +-static ngx_int_t ngx_insert_udp_connection(ngx_connection_t *c); ++static ngx_int_t ngx_create_udp_connection(ngx_connection_t *c); + static ngx_connection_t *ngx_lookup_udp_connection(ngx_listening_t *ls, +- struct sockaddr *sockaddr, socklen_t socklen, +- struct sockaddr *local_sockaddr, socklen_t local_socklen); ++ ngx_str_t *key, struct sockaddr *local_sockaddr, socklen_t local_socklen); + + + void + ngx_event_recvmsg(ngx_event_t *ev) + { ++ size_t len; + ssize_t n; ++ ngx_str_t key; + ngx_buf_t buf; + ngx_log_t *log; + ngx_err_t err; +- socklen_t socklen, local_socklen; ++ socklen_t local_socklen; + ngx_event_t *rev, *wev; + struct iovec iov[1]; + struct msghdr msg; + ngx_sockaddr_t sa, lsa; +- struct sockaddr *sockaddr, *local_sockaddr; ++ ngx_udp_dgram_t dgram; ++ struct sockaddr *local_sockaddr; + ngx_listening_t *ls; + ngx_event_conf_t *ecf; + ngx_connection_t *c, *lc; + static u_char buffer[65535]; + +-#if (NGX_HAVE_MSGHDR_MSG_CONTROL) +- +-#if (NGX_HAVE_IP_RECVDSTADDR) +- u_char msg_control[CMSG_SPACE(sizeof(struct in_addr))]; +-#elif (NGX_HAVE_IP_PKTINFO) +- u_char msg_control[CMSG_SPACE(sizeof(struct in_pktinfo))]; +-#endif +- +-#if (NGX_HAVE_INET6 && NGX_HAVE_IPV6_RECVPKTINFO) +- u_char msg_control6[CMSG_SPACE(sizeof(struct in6_pktinfo))]; +-#endif +- ++#if (NGX_HAVE_ADDRINFO_CMSG) ++ u_char msg_control[CMSG_SPACE(sizeof(ngx_addrinfo_t))]; + #endif + + if (ev->timedout) { +@@ -92,25 +77,13 @@ + msg.msg_iov = iov; + msg.msg_iovlen = 1; + +-#if (NGX_HAVE_MSGHDR_MSG_CONTROL) +- ++#if (NGX_HAVE_ADDRINFO_CMSG) + if (ls->wildcard) { ++ msg.msg_control = &msg_control; ++ msg.msg_controllen = sizeof(msg_control); + +-#if (NGX_HAVE_IP_RECVDSTADDR || NGX_HAVE_IP_PKTINFO) +- if (ls->sockaddr->sa_family == AF_INET) { +- msg.msg_control = &msg_control; +- msg.msg_controllen = sizeof(msg_control); +- } +-#endif +- +-#if (NGX_HAVE_INET6 && NGX_HAVE_IPV6_RECVPKTINFO) +- if (ls->sockaddr->sa_family == AF_INET6) { +- msg.msg_control = &msg_control6; +- msg.msg_controllen = sizeof(msg_control6); +- } +-#endif +- } +- ++ ngx_memzero(&msg_control, sizeof(msg_control)); ++ } + #endif + + n = recvmsg(lc->fd, &msg, 0); +@@ -129,7 +102,7 @@ + return; + } + +-#if (NGX_HAVE_MSGHDR_MSG_CONTROL) ++#if (NGX_HAVE_ADDRINFO_CMSG) + if (msg.msg_flags & (MSG_TRUNC|MSG_CTRUNC)) { + ngx_log_error(NGX_LOG_ALERT, ev->log, 0, + "recvmsg() truncated data"); +@@ -137,21 +110,21 @@ *** 24632 LINES SKIPPED ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202201051647.205GlRHj043197>