From 4b594fdce687bb8fac006e1c6fb9a6dde7e0cd1b Mon Sep 17 00:00:00 2001 From: Datong Sun Date: Wed, 30 Aug 2017 02:00:48 -0700 Subject: [PATCH] feature: added nginx core patches needed by ngx_stream_lua_module's balancer_by_lua*. Signed-off-by: Yichun Zhang (agentzh) --- .../nginx-1.13.3-stream_balancer_export.patch | 53 ++++++ ...stream_proxy_get_next_upstream_tries.patch | 31 ++++ ...x-1.13.3-stream_proxy_timeout_fields.patch | 169 ++++++++++++++++++ util/mirror-tarballs | 15 ++ 4 files changed, 268 insertions(+) create mode 100644 patches/nginx-1.13.3-stream_balancer_export.patch create mode 100644 patches/nginx-1.13.3-stream_proxy_get_next_upstream_tries.patch create mode 100644 patches/nginx-1.13.3-stream_proxy_timeout_fields.patch diff --git a/patches/nginx-1.13.3-stream_balancer_export.patch b/patches/nginx-1.13.3-stream_balancer_export.patch new file mode 100644 index 0000000..f56bc52 --- /dev/null +++ b/patches/nginx-1.13.3-stream_balancer_export.patch @@ -0,0 +1,53 @@ +diff --git a/src/stream/ngx_stream_upstream_round_robin.c b/src/stream/ngx_stream_upstream_round_robin.c +index 526de3a..b531ce1 100644 +--- a/src/stream/ngx_stream_upstream_round_robin.c ++++ b/src/stream/ngx_stream_upstream_round_robin.c +@@ -21,10 +21,6 @@ static void ngx_stream_upstream_notify_round_robin_peer( + + #if (NGX_STREAM_SSL) + +-static ngx_int_t ngx_stream_upstream_set_round_robin_peer_session( +- ngx_peer_connection_t *pc, void *data); +-static void ngx_stream_upstream_save_round_robin_peer_session( +- ngx_peer_connection_t *pc, void *data); + static ngx_int_t ngx_stream_upstream_empty_set_session( + ngx_peer_connection_t *pc, void *data); + static void ngx_stream_upstream_empty_save_session(ngx_peer_connection_t *pc, +@@ -690,7 +686,7 @@ ngx_stream_upstream_notify_round_robin_peer(ngx_peer_connection_t *pc, + + #if (NGX_STREAM_SSL) + +-static ngx_int_t ++ngx_int_t + ngx_stream_upstream_set_round_robin_peer_session(ngx_peer_connection_t *pc, + void *data) + { +@@ -756,7 +752,7 @@ ngx_stream_upstream_set_round_robin_peer_session(ngx_peer_connection_t *pc, + } + + +-static void ++void + ngx_stream_upstream_save_round_robin_peer_session(ngx_peer_connection_t *pc, + void *data) + { +diff --git a/src/stream/ngx_stream_upstream_round_robin.h b/src/stream/ngx_stream_upstream_round_robin.h +index 35d9fce..75f3e31 100644 +--- a/src/stream/ngx_stream_upstream_round_robin.h ++++ b/src/stream/ngx_stream_upstream_round_robin.h +@@ -142,5 +142,15 @@ ngx_int_t ngx_stream_upstream_get_round_robin_peer(ngx_peer_connection_t *pc, + void ngx_stream_upstream_free_round_robin_peer(ngx_peer_connection_t *pc, + void *data, ngx_uint_t state); + ++#if (NGX_STREAM_SSL) ++ngx_int_t ngx_stream_upstream_set_round_robin_peer_session( ++ ngx_peer_connection_t *pc, void *data); ++void ngx_stream_upstream_save_round_robin_peer_session( ++ ngx_peer_connection_t *pc, void *data); ++#endif ++ ++ ++#define HAVE_NGX_STREAM_BALANCER_EXPORT_PATCH 1 ++ + + #endif /* _NGX_STREAM_UPSTREAM_ROUND_ROBIN_H_INCLUDED_ */ diff --git a/patches/nginx-1.13.3-stream_proxy_get_next_upstream_tries.patch b/patches/nginx-1.13.3-stream_proxy_get_next_upstream_tries.patch new file mode 100644 index 0000000..cb881f0 --- /dev/null +++ b/patches/nginx-1.13.3-stream_proxy_get_next_upstream_tries.patch @@ -0,0 +1,31 @@ +diff --git a/src/stream/ngx_stream.h b/src/stream/ngx_stream.h +index 09d2459..de92724 100644 +--- a/src/stream/ngx_stream.h ++++ b/src/stream/ngx_stream.h +@@ -303,4 +303,7 @@ typedef ngx_int_t (*ngx_stream_filter_pt)(ngx_stream_session_t *s, + extern ngx_stream_filter_pt ngx_stream_top_filter; + + ++#define HAS_NGX_STREAM_PROXY_GET_NEXT_UPSTREAM_TRIES_PATCH 1 ++ ++ + #endif /* _NGX_STREAM_H_INCLUDED_ */ +diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c +index 0afde1c..3254ce1 100644 +--- a/src/stream/ngx_stream_proxy_module.c ++++ b/src/stream/ngx_stream_proxy_module.c +@@ -2156,3 +2156,14 @@ ngx_stream_proxy_bind(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) + + return NGX_CONF_OK; + } ++ ++ ++ngx_uint_t ++ngx_stream_proxy_get_next_upstream_tries(ngx_stream_session_t *s) ++{ ++ ngx_stream_proxy_srv_conf_t *pscf; ++ ++ pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); ++ ++ return pscf->next_upstream_tries; ++} diff --git a/patches/nginx-1.13.3-stream_proxy_timeout_fields.patch b/patches/nginx-1.13.3-stream_proxy_timeout_fields.patch new file mode 100644 index 0000000..c5b9320 --- /dev/null +++ b/patches/nginx-1.13.3-stream_proxy_timeout_fields.patch @@ -0,0 +1,169 @@ +diff --git a/src/stream/ngx_stream.h b/src/stream/ngx_stream.h +index 09d2459..a4dda5d 100644 +--- a/src/stream/ngx_stream.h ++++ b/src/stream/ngx_stream.h +@@ -241,6 +241,15 @@ typedef struct { + } ngx_stream_module_t; + + ++typedef struct { ++ ngx_msec_t connect_timeout; ++ ngx_msec_t timeout; ++} ngx_stream_proxy_ctx_t; ++ ++ ++#define NGX_STREAM_HAVE_PROXY_TIMEOUT_FIELDS_PATCH 1 ++ ++ + #define NGX_STREAM_MODULE 0x4d525453 /* "STRM" */ + + #define NGX_STREAM_MAIN_CONF 0x02000000 +@@ -294,6 +303,7 @@ void ngx_stream_finalize_session(ngx_stream_session_t *s, ngx_uint_t rc); + extern ngx_module_t ngx_stream_module; + extern ngx_uint_t ngx_stream_max_module; + extern ngx_module_t ngx_stream_core_module; ++extern ngx_module_t ngx_stream_proxy_module; + + + typedef ngx_int_t (*ngx_stream_filter_pt)(ngx_stream_session_t *s, +diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c +index 0afde1c..c16db76 100644 +--- a/src/stream/ngx_stream_proxy_module.c ++++ b/src/stream/ngx_stream_proxy_module.c +@@ -359,6 +359,7 @@ ngx_stream_proxy_handler(ngx_stream_session_t *s) + ngx_stream_proxy_srv_conf_t *pscf; + ngx_stream_upstream_srv_conf_t *uscf, **uscfp; + ngx_stream_upstream_main_conf_t *umcf; ++ ngx_stream_proxy_ctx_t *pctx; + + c = s->connection; + +@@ -367,6 +368,17 @@ ngx_stream_proxy_handler(ngx_stream_session_t *s) + ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, + "proxy connection handler"); + ++ pctx = ngx_palloc(c->pool, sizeof(ngx_stream_proxy_ctx_t)); ++ if (pctx == NULL) { ++ ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); ++ return; ++ } ++ ++ pctx->connect_timeout = pscf->connect_timeout; ++ pctx->timeout = pscf->timeout; ++ ++ ngx_stream_set_ctx(s, pctx, ngx_stream_proxy_module); ++ + u = ngx_pcalloc(c->pool, sizeof(ngx_stream_upstream_t)); + if (u == NULL) { + ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); +@@ -654,6 +666,7 @@ ngx_stream_proxy_connect(ngx_stream_session_t *s) + ngx_connection_t *c, *pc; + ngx_stream_upstream_t *u; + ngx_stream_proxy_srv_conf_t *pscf; ++ ngx_stream_proxy_ctx_t *ctx; + + c = s->connection; + +@@ -661,6 +674,8 @@ ngx_stream_proxy_connect(ngx_stream_session_t *s) + + pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); + ++ ctx = ngx_stream_get_module_ctx(s, ngx_stream_proxy_module); ++ + u = s->upstream; + + u->connected = 0; +@@ -722,7 +737,7 @@ ngx_stream_proxy_connect(ngx_stream_session_t *s) + pc->read->handler = ngx_stream_proxy_connect_handler; + pc->write->handler = ngx_stream_proxy_connect_handler; + +- ngx_add_timer(pc->write, pscf->connect_timeout); ++ ngx_add_timer(pc->write, ctx->connect_timeout); + } + + +@@ -900,8 +915,10 @@ ngx_stream_proxy_send_proxy_protocol(ngx_stream_session_t *s) + ssize_t n, size; + ngx_connection_t *c, *pc; + ngx_stream_upstream_t *u; +- ngx_stream_proxy_srv_conf_t *pscf; + u_char buf[NGX_PROXY_PROTOCOL_MAX_HEADER]; ++ ngx_stream_proxy_ctx_t *ctx; ++ ++ ctx = ngx_stream_get_module_ctx(s, ngx_stream_proxy_module); + + c = s->connection; + +@@ -928,9 +945,7 @@ ngx_stream_proxy_send_proxy_protocol(ngx_stream_session_t *s) + return NGX_ERROR; + } + +- pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); +- +- ngx_add_timer(pc->write, pscf->timeout); ++ ngx_add_timer(pc->write, ctx->timeout); + + pc->write->handler = ngx_stream_proxy_connect_handler; + +@@ -994,6 +1009,9 @@ ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s) + ngx_connection_t *pc; + ngx_stream_upstream_t *u; + ngx_stream_proxy_srv_conf_t *pscf; ++ ngx_stream_proxy_ctx_t *ctx; ++ ++ ctx = ngx_stream_get_module_ctx(s, ngx_stream_proxy_module); + + u = s->upstream; + +@@ -1029,7 +1047,7 @@ ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s) + if (rc == NGX_AGAIN) { + + if (!pc->write->timer_set) { +- ngx_add_timer(pc->write, pscf->connect_timeout); ++ ngx_add_timer(pc->write, ctx->connect_timeout); + } + + pc->ssl->handler = ngx_stream_proxy_ssl_handshake; +@@ -1285,11 +1303,14 @@ ngx_stream_proxy_process_connection(ngx_event_t *ev, ngx_uint_t from_upstream) + ngx_stream_session_t *s; + ngx_stream_upstream_t *u; + ngx_stream_proxy_srv_conf_t *pscf; ++ ngx_stream_proxy_ctx_t *ctx; + + c = ev->data; + s = c->data; + u = s->upstream; + ++ ctx = ngx_stream_get_module_ctx(s, ngx_stream_proxy_module); ++ + c = s->connection; + pc = u->peer.connection; + +@@ -1309,7 +1330,7 @@ ngx_stream_proxy_process_connection(ngx_event_t *ev, ngx_uint_t from_upstream) + } + + if (u->connected && !c->read->delayed && !pc->read->delayed) { +- ngx_add_timer(c->write, pscf->timeout); ++ ngx_add_timer(c->write, ctx->timeout); + } + + return; +@@ -1451,6 +1472,9 @@ ngx_stream_proxy_process(ngx_stream_session_t *s, ngx_uint_t from_upstream, + ngx_log_handler_pt handler; + ngx_stream_upstream_t *u; + ngx_stream_proxy_srv_conf_t *pscf; ++ ngx_stream_proxy_ctx_t *ctx; ++ ++ ctx = ngx_stream_get_module_ctx(s, ngx_stream_proxy_module); + + u = s->upstream; + +@@ -1642,7 +1666,7 @@ ngx_stream_proxy_process(ngx_stream_session_t *s, ngx_uint_t from_upstream, + } + + if (!c->read->delayed && !pc->read->delayed) { +- ngx_add_timer(c->write, pscf->timeout); ++ ngx_add_timer(c->write, ctx->timeout); + + } else if (c->write->timer_set) { + ngx_del_timer(c->write); diff --git a/util/mirror-tarballs b/util/mirror-tarballs index 34ef54f..010b2ff 100755 --- a/util/mirror-tarballs +++ b/util/mirror-tarballs @@ -41,6 +41,21 @@ if [ "$answer" = "N" ]; then echo fi +answer=`$root/util/ver-ge "$main_ver" 1.13.3` +if [ "$answer" = "Y" ]; then + echo "$info_txt applying the stream_balancer_export patch for nginx" + patch -p1 < $root/patches/nginx-$main_ver-stream_balancer_export.patch || exit 1 + echo + + echo "$info_txt applying the stream_proxy_get_next_upstream_tries patch for nginx" + patch -p1 < $root/patches/nginx-$main_ver-stream_proxy_get_next_upstream_tries.patch || exit 1 + echo + + echo "$info_txt applying the stream_proxy_timeout_fields patch for nginx" + patch -p1 < $root/patches/nginx-$main_ver-stream_proxy_timeout_fields.patch || exit 1 + echo +fi + answer=`$root/util/ver-ge "$main_ver" 1.5.12` if [ "$answer" = "N" ]; then echo "$info_txt applying the patch for nginx security advisory (CVE-2014-0133)"