Sub filter: eliminate unnecessary buffering. Previously, when a buffer was processed by the sub filter, its final bytes could be buffered by the filter even if they don't match any pattern. This happened because the Boyer-Moore algorithm, employed by the sub filter since b9447fc457b4 (1.9.4), matches the last characters of patterns prior to checking other characters. If the last character is out of scope, initial bytes of a potential match are buffered until the last character is available. Now, after receiving a flush or recycled buffer, the filter performs additional checks to reduce the number of buffered bytes. The potential match is checked against the initial parts of all patterns. Non-matching bytes are not buffered. This improves processing of a chunked response from upstream by sending the entire chunks without buffering unless a partial match is found at the end of a chunk.

/*
 * Copyright (C) Igor Sysoev
 * Copyright (C) Nginx, Inc.
 */


#ifndef _NGX_STREAM_SSL_H_INCLUDED_
#define _NGX_STREAM_SSL_H_INCLUDED_


#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_stream.h>


typedef struct {
    ngx_msec_t       handshake_timeout;

    ngx_flag_t       prefer_server_ciphers;

    ngx_ssl_t        ssl;

    ngx_uint_t       protocols;

    ssize_t          builtin_session_cache;

    time_t           session_timeout;

    ngx_array_t     *certificates;
    ngx_array_t     *certificate_keys;

    ngx_str_t        dhparam;
    ngx_str_t        ecdh_curve;

    ngx_str_t        ciphers;

    ngx_array_t     *passwords;

    ngx_shm_zone_t  *shm_zone;

    ngx_flag_t       session_tickets;
    ngx_array_t     *session_ticket_keys;
} ngx_stream_ssl_conf_t;


extern ngx_module_t  ngx_stream_ssl_module;


#endif /* _NGX_STREAM_SSL_H_INCLUDED_ */