Mercurial > hg > nginx
comparison src/http/ngx_http_core_module.c @ 9207:73eb75bee30f
HTTP/3: added more compatibility checks for "listen ... quic".
Now "fastopen", "backlog", "accept_filter", "deferred", and "so_keepalive"
parameters are not allowed with "quic" in the "listen" directive.
Reported by Izorkin.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 30 Jan 2024 19:19:26 +0400 |
parents | 08ef02ad5c54 |
children | a6649497a762 |
comparison
equal
deleted
inserted
replaced
9206:43fc897bbab8 | 9207:73eb75bee30f |
---|---|
3959 { | 3959 { |
3960 ngx_http_core_srv_conf_t *cscf = conf; | 3960 ngx_http_core_srv_conf_t *cscf = conf; |
3961 | 3961 |
3962 ngx_str_t *value, size; | 3962 ngx_str_t *value, size; |
3963 ngx_url_t u; | 3963 ngx_url_t u; |
3964 ngx_uint_t n, i; | 3964 ngx_uint_t n, i, backlog; |
3965 ngx_http_listen_opt_t lsopt; | 3965 ngx_http_listen_opt_t lsopt; |
3966 | 3966 |
3967 cscf->listen = 1; | 3967 cscf->listen = 1; |
3968 | 3968 |
3969 value = cf->args->elts; | 3969 value = cf->args->elts; |
3998 #endif | 3998 #endif |
3999 #if (NGX_HAVE_INET6) | 3999 #if (NGX_HAVE_INET6) |
4000 lsopt.ipv6only = 1; | 4000 lsopt.ipv6only = 1; |
4001 #endif | 4001 #endif |
4002 | 4002 |
4003 backlog = 0; | |
4004 | |
4003 for (n = 2; n < cf->args->nelts; n++) { | 4005 for (n = 2; n < cf->args->nelts; n++) { |
4004 | 4006 |
4005 if (ngx_strcmp(value[n].data, "default_server") == 0 | 4007 if (ngx_strcmp(value[n].data, "default_server") == 0 |
4006 || ngx_strcmp(value[n].data, "default") == 0) | 4008 || ngx_strcmp(value[n].data, "default") == 0) |
4007 { | 4009 { |
4055 if (lsopt.backlog == NGX_ERROR || lsopt.backlog == 0) { | 4057 if (lsopt.backlog == NGX_ERROR || lsopt.backlog == 0) { |
4056 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | 4058 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
4057 "invalid backlog \"%V\"", &value[n]); | 4059 "invalid backlog \"%V\"", &value[n]); |
4058 return NGX_CONF_ERROR; | 4060 return NGX_CONF_ERROR; |
4059 } | 4061 } |
4062 | |
4063 backlog = 1; | |
4060 | 4064 |
4061 continue; | 4065 continue; |
4062 } | 4066 } |
4063 | 4067 |
4064 if (ngx_strncmp(value[n].data, "rcvbuf=", 7) == 0) { | 4068 if (ngx_strncmp(value[n].data, "rcvbuf=", 7) == 0) { |
4303 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | 4307 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
4304 "invalid parameter \"%V\"", &value[n]); | 4308 "invalid parameter \"%V\"", &value[n]); |
4305 return NGX_CONF_ERROR; | 4309 return NGX_CONF_ERROR; |
4306 } | 4310 } |
4307 | 4311 |
4308 #if (NGX_HTTP_V3) | |
4309 | |
4310 if (lsopt.quic) { | 4312 if (lsopt.quic) { |
4313 #if (NGX_HAVE_TCP_FASTOPEN) | |
4314 if (lsopt.fastopen != -1) { | |
4315 return "\"fastopen\" parameter is incompatible with \"quic\""; | |
4316 } | |
4317 #endif | |
4318 | |
4319 if (backlog) { | |
4320 return "\"backlog\" parameter is incompatible with \"quic\""; | |
4321 } | |
4322 | |
4323 #if (NGX_HAVE_DEFERRED_ACCEPT && defined SO_ACCEPTFILTER) | |
4324 if (lsopt.accept_filter) { | |
4325 return "\"accept_filter\" parameter is incompatible with \"quic\""; | |
4326 } | |
4327 #endif | |
4328 | |
4329 #if (NGX_HAVE_DEFERRED_ACCEPT && defined TCP_DEFER_ACCEPT) | |
4330 if (lsopt.deferred_accept) { | |
4331 return "\"deferred\" parameter is incompatible with \"quic\""; | |
4332 } | |
4333 #endif | |
4334 | |
4311 #if (NGX_HTTP_SSL) | 4335 #if (NGX_HTTP_SSL) |
4312 if (lsopt.ssl) { | 4336 if (lsopt.ssl) { |
4313 return "\"ssl\" parameter is incompatible with \"quic\""; | 4337 return "\"ssl\" parameter is incompatible with \"quic\""; |
4314 } | 4338 } |
4315 #endif | 4339 #endif |
4318 if (lsopt.http2) { | 4342 if (lsopt.http2) { |
4319 return "\"http2\" parameter is incompatible with \"quic\""; | 4343 return "\"http2\" parameter is incompatible with \"quic\""; |
4320 } | 4344 } |
4321 #endif | 4345 #endif |
4322 | 4346 |
4347 if (lsopt.so_keepalive) { | |
4348 return "\"so_keepalive\" parameter is incompatible with \"quic\""; | |
4349 } | |
4350 | |
4323 if (lsopt.proxy_protocol) { | 4351 if (lsopt.proxy_protocol) { |
4324 return "\"proxy_protocol\" parameter is incompatible with \"quic\""; | 4352 return "\"proxy_protocol\" parameter is incompatible with \"quic\""; |
4325 } | 4353 } |
4326 } | 4354 } |
4327 | |
4328 #endif | |
4329 | 4355 |
4330 for (n = 0; n < u.naddrs; n++) { | 4356 for (n = 0; n < u.naddrs; n++) { |
4331 | 4357 |
4332 for (i = 0; i < n; i++) { | 4358 for (i = 0; i < n; i++) { |
4333 if (ngx_cmp_sockaddr(u.addrs[n].sockaddr, u.addrs[n].socklen, | 4359 if (ngx_cmp_sockaddr(u.addrs[n].sockaddr, u.addrs[n].socklen, |