From 7a7a217617e2779260ac39730b8e7cd55693b643 Mon Sep 17 00:00:00 2001 From: Water-Melon Date: Sat, 22 Jun 2024 05:55:46 +0000 Subject: [PATCH] remove other patches --- ...arm64-macos-fix-vararg-call-handling.patch | 62 - ...210510_03_patch_macro_luajit_version.patch | 14 - .../LuaJIT-2.1-20210510_04_pass_cc_env.patch | 40 - .../lua-cjson-2.1.0.8_01-empty_array.patch | 12 - ...0.8_02-handle-large-string-correctly.patch | 387 ---- ...a-resty-core-0.1.22_01-cosocket-mtls.patch | 566 ------ ...ore-0.1.22_02-dyn_upstream_keepalive.patch | 230 --- ...resty-core-0.1.22_05-ngx-worker-pids.patch | 81 - ...a-resty-dns-0.22_01-destory_resolver.patch | 46 - ...-resty-websocket-0.08_01-client-mtls.patch | 92 - ...am_client_certificate_and_ssl_verify.patch | 52 - ...tokens-from-special-responses-output.patch | 37 - ...x-1.19.9_03-stream_proxy_ssl_disable.patch | 33 - ...nx-1.19.9_04-grpc_authority_override.patch | 25 - ...eaders-from-ngx-header-filter-module.patch | 70 - ...set-ssl-option-ignore-unexpected-eof.patch | 15 - ...pid-reset-ddos-attack-cve-2023-44487.patch | 53 - .../patches/nginx-cross-endianness-fix.patch | 79 - build/openresty/patches/nginx-cross.patch | 214 --- .../ngx_lua-0.10.20_01-cosocket-mtls.patch | 1554 ----------------- ...ua-0.10.20_02-dyn_upstream_keepalive.patch | 1319 -------------- .../ngx_lua-0.10.20_03-ngx-worker-pids.patch | 57 - ...ffering-with-invalid-if-match-header.patch | 239 --- scripts/explain_manifest/suites.py | 1 - 24 files changed, 5278 deletions(-) delete mode 100644 build/openresty/patches/LuaJIT-2.1-20210510_01-ffi-arm64-macos-fix-vararg-call-handling.patch delete mode 100644 build/openresty/patches/LuaJIT-2.1-20210510_03_patch_macro_luajit_version.patch delete mode 100644 build/openresty/patches/LuaJIT-2.1-20210510_04_pass_cc_env.patch delete mode 100644 build/openresty/patches/lua-cjson-2.1.0.8_01-empty_array.patch delete mode 100644 build/openresty/patches/lua-cjson-2.1.0.8_02-handle-large-string-correctly.patch delete mode 100644 build/openresty/patches/lua-resty-core-0.1.22_01-cosocket-mtls.patch delete mode 100644 build/openresty/patches/lua-resty-core-0.1.22_02-dyn_upstream_keepalive.patch delete mode 100644 build/openresty/patches/lua-resty-core-0.1.22_05-ngx-worker-pids.patch delete mode 100644 build/openresty/patches/lua-resty-dns-0.22_01-destory_resolver.patch delete mode 100644 build/openresty/patches/lua-resty-websocket-0.08_01-client-mtls.patch delete mode 100644 build/openresty/patches/nginx-1.19.9_01-upstream_client_certificate_and_ssl_verify.patch delete mode 100644 build/openresty/patches/nginx-1.19.9_02-remove-server-tokens-from-special-responses-output.patch delete mode 100644 build/openresty/patches/nginx-1.19.9_03-stream_proxy_ssl_disable.patch delete mode 100644 build/openresty/patches/nginx-1.19.9_04-grpc_authority_override.patch delete mode 100644 build/openresty/patches/nginx-1.19.9_05-remove-server-headers-from-ngx-header-filter-module.patch delete mode 100644 build/openresty/patches/nginx-1.19.9_06-set-ssl-option-ignore-unexpected-eof.patch delete mode 100644 build/openresty/patches/nginx-1.19.9_09-http2-rapid-reset-ddos-attack-cve-2023-44487.patch delete mode 100644 build/openresty/patches/nginx-cross-endianness-fix.patch delete mode 100644 build/openresty/patches/nginx-cross.patch delete mode 100644 build/openresty/patches/ngx_lua-0.10.20_01-cosocket-mtls.patch delete mode 100644 build/openresty/patches/ngx_lua-0.10.20_02-dyn_upstream_keepalive.patch delete mode 100644 build/openresty/patches/ngx_lua-0.10.20_03-ngx-worker-pids.patch delete mode 100644 build/openresty/patches/ngx_lua-0.10.20_04-crash-when-buffering-with-invalid-if-match-header.patch diff --git a/build/openresty/patches/LuaJIT-2.1-20210510_01-ffi-arm64-macos-fix-vararg-call-handling.patch b/build/openresty/patches/LuaJIT-2.1-20210510_01-ffi-arm64-macos-fix-vararg-call-handling.patch deleted file mode 100644 index 9047d7c86d1a..000000000000 --- a/build/openresty/patches/LuaJIT-2.1-20210510_01-ffi-arm64-macos-fix-vararg-call-handling.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 521b367567dc5d91d7f9ae29c257998953e24e53 Mon Sep 17 00:00:00 2001 -From: Mike Pall -Date: Sun, 2 May 2021 22:11:05 +0200 -Subject: [PATCH] FFI/ARM64/OSX: Fix vararg call handling. - -Thanks to Igor Munkin. ---- - LuaJIT-2.1-20210510/src/lj_ccall.c | 8 ++++---- - LuaJIT-2.1-20210510/src/lj_ccallback.c | 2 +- - 2 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/LuaJIT-2.1-20210510/src/lj_ccall.c b/LuaJIT-2.1-20210510/src/lj_ccall.c -index a91ffc7e..3c029823 100644 ---- a/bundle/LuaJIT-2.1-20210510/src/lj_ccall.c -+++ b/bundle/LuaJIT-2.1-20210510/src/lj_ccall.c -@@ -334,7 +334,7 @@ - isfp = sz == 2*sizeof(float) ? 2 : 1; - - #define CCALL_HANDLE_REGARG \ -- if (LJ_TARGET_IOS && isva) { \ -+ if (LJ_TARGET_OSX && isva) { \ - /* IOS: All variadic arguments are on the stack. */ \ - } else if (isfp) { /* Try to pass argument in FPRs. */ \ - int n2 = ctype_isvector(d->info) ? 1 : \ -@@ -345,10 +345,10 @@ - goto done; \ - } else { \ - nfpr = CCALL_NARG_FPR; /* Prevent reordering. */ \ -- if (LJ_TARGET_IOS && d->size < 8) goto err_nyi; \ -+ if (LJ_TARGET_OSX && d->size < 8) goto err_nyi; \ - } \ - } else { /* Try to pass argument in GPRs. */ \ -- if (!LJ_TARGET_IOS && (d->info & CTF_ALIGN) > CTALIGN_PTR) \ -+ if (!LJ_TARGET_OSX && (d->info & CTF_ALIGN) > CTALIGN_PTR) \ - ngpr = (ngpr + 1u) & ~1u; /* Align to regpair. */ \ - if (ngpr + n <= maxgpr) { \ - dp = &cc->gpr[ngpr]; \ -@@ -356,7 +356,7 @@ - goto done; \ - } else { \ - ngpr = maxgpr; /* Prevent reordering. */ \ -- if (LJ_TARGET_IOS && d->size < 8) goto err_nyi; \ -+ if (LJ_TARGET_OSX && d->size < 8) goto err_nyi; \ - } \ - } - -diff --git a/LuaJIT-2.1-20210510/src/lj_ccallback.c b/LuaJIT-2.1-20210510/src/lj_ccallback.c -index 8d6cb737..80d738c6 100644 ---- a/bundle/LuaJIT-2.1-20210510/src/lj_ccallback.c -+++ b/bundle/LuaJIT-2.1-20210510/src/lj_ccallback.c -@@ -460,7 +460,7 @@ void lj_ccallback_mcode_free(CTState *cts) - nfpr = CCALL_NARG_FPR; /* Prevent reordering. */ \ - } \ - } else { \ -- if (!LJ_TARGET_IOS && n > 1) \ -+ if (!LJ_TARGET_OSX && n > 1) \ - ngpr = (ngpr + 1u) & ~1u; /* Align to regpair. */ \ - if (ngpr + n <= maxgpr) { \ - sp = &cts->cb.gpr[ngpr]; \ --- -2.34.1 - diff --git a/build/openresty/patches/LuaJIT-2.1-20210510_03_patch_macro_luajit_version.patch b/build/openresty/patches/LuaJIT-2.1-20210510_03_patch_macro_luajit_version.patch deleted file mode 100644 index 5e7869bcf3ea..000000000000 --- a/build/openresty/patches/LuaJIT-2.1-20210510_03_patch_macro_luajit_version.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/bundle/LuaJIT-2.1-20210510/src/luajit.h b/bundle/LuaJIT-2.1-20210510/src/luajit.h -index 1dddaec..651de67 100644 ---- a/bundle/LuaJIT-2.1-20210510/src/luajit.h -+++ b/bundle/LuaJIT-2.1-20210510/src/luajit.h -@@ -32,7 +32,9 @@ - - #define OPENRESTY_LUAJIT - -+#ifndef LUAJIT_VERSION - #define LUAJIT_VERSION "LuaJIT 2.1.0-beta3" -+#endif - #define LUAJIT_VERSION_NUM 20100 /* Version 2.1.0 = 02.01.00. */ - #define LUAJIT_VERSION_SYM luaJIT_version_2_1_0_beta3 - #define LUAJIT_COPYRIGHT "Copyright (C) 2005-2021 Mike Pall" diff --git a/build/openresty/patches/LuaJIT-2.1-20210510_04_pass_cc_env.patch b/build/openresty/patches/LuaJIT-2.1-20210510_04_pass_cc_env.patch deleted file mode 100644 index afe165ab78a1..000000000000 --- a/build/openresty/patches/LuaJIT-2.1-20210510_04_pass_cc_env.patch +++ /dev/null @@ -1,40 +0,0 @@ -diff --git a/bundle/LuaJIT-2.1-20210510/src/Makefile b/bundle/LuaJIT-2.1-20210510/src/Makefile -index 47a21c9..c60b94e 100644 ---- a/bundle/LuaJIT-2.1-20210510/src/Makefile -+++ b/bundle/LuaJIT-2.1-20210510/src/Makefile -@@ -27,7 +27,8 @@ NODOTABIVER= 51 - DEFAULT_CC = gcc - # - # LuaJIT builds as a native 32 or 64 bit binary by default. --CC= $(DEFAULT_CC) -+CC?= $(DEFAULT_CC) -+AR?= ar - # - # Use this if you want to force a 32 bit build on a 64 bit multilib OS. - #CC= $(DEFAULT_CC) -m32 -@@ -211,7 +212,7 @@ TARGET_CC= $(STATIC_CC) - TARGET_STCC= $(STATIC_CC) - TARGET_DYNCC= $(DYNAMIC_CC) - TARGET_LD= $(CROSS)$(CC) --TARGET_AR= $(CROSS)ar rcus 2>/dev/null -+TARGET_AR= $(CROSS)$(AR) rcus 2>/dev/null - TARGET_STRIP= $(CROSS)strip - - TARGET_LIBPATH= $(or $(PREFIX),/usr/local)/$(or $(MULTILIB),lib) -@@ -291,11 +292,11 @@ TARGET_XCFLAGS+= $(CCOPT_$(TARGET_LJARCH)) - TARGET_ARCH+= $(patsubst %,-DLUAJIT_TARGET=LUAJIT_ARCH_%,$(TARGET_LJARCH)) - - ifneq (,$(PREFIX)) --ifneq (/usr/local,$(PREFIX)) -- TARGET_XCFLAGS+= -DLUA_ROOT=\"$(PREFIX)\" -- ifneq (/usr,$(PREFIX)) -- TARGET_DYNXLDOPTS= -Wl,-rpath,$(TARGET_LIBPATH) -- endif -+ifneq (/usr/local,$(LUA_ROOT)) -+ TARGET_XCFLAGS+= -DLUA_ROOT=\"$(LUA_ROOT)\" -+endif -+ifneq (/usr,$(PREFIX)) -+ TARGET_DYNXLDOPTS= -Wl,-rpath,$(TARGET_LIBPATH) - endif - endif - ifneq (,$(MULTILIB)) \ No newline at end of file diff --git a/build/openresty/patches/lua-cjson-2.1.0.8_01-empty_array.patch b/build/openresty/patches/lua-cjson-2.1.0.8_01-empty_array.patch deleted file mode 100644 index 01e413909d1b..000000000000 --- a/build/openresty/patches/lua-cjson-2.1.0.8_01-empty_array.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -ruN a/lua-cjson-2.1.0.8/lua_cjson.c b/lua-cjson-2.1.0.8/lua_cjson.c ---- a/bundle/lua-cjson-2.1.0.8/lua_cjson.c 2022-01-11 15:11:17.495464192 +0800 -+++ b/bundle/lua-cjson-2.1.0.8/lua_cjson.c 2022-01-11 14:58:55.150669748 +0800 -@@ -796,7 +796,7 @@ - case LUA_TLIGHTUSERDATA: - if (lua_touserdata(l, -1) == NULL) { - strbuf_append_mem(json, "null", 4); -- } else if (lua_touserdata(l, -1) == &json_array) { -+ } else if (lua_touserdata(l, -1) == json_lightudata_mask(&json_array)) { - json_append_array(l, cfg, current_depth, json, 0); - } - break; diff --git a/build/openresty/patches/lua-cjson-2.1.0.8_02-handle-large-string-correctly.patch b/build/openresty/patches/lua-cjson-2.1.0.8_02-handle-large-string-correctly.patch deleted file mode 100644 index 12a8fd806a41..000000000000 --- a/build/openresty/patches/lua-cjson-2.1.0.8_02-handle-large-string-correctly.patch +++ /dev/null @@ -1,387 +0,0 @@ -diff --git a/bundle/lua-cjson-2.1.0.8/lua_cjson.c b/bundle/lua-cjson-2.1.0.8/lua_cjson.c -index 875bdaf..4fd2c93 100644 ---- a/bundle/lua-cjson-2.1.0.8/lua_cjson.c -+++ b/bundle/lua-cjson-2.1.0.8/lua_cjson.c -@@ -40,6 +40,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -173,13 +174,13 @@ typedef struct { - - typedef struct { - json_token_type_t type; -- int index; -+ size_t index; - union { - const char *string; - double number; - int boolean; - } value; -- int string_len; -+ size_t string_len; - } json_token_t; - - static const char *char2escape[256] = { -@@ -540,6 +541,8 @@ static void json_append_string(lua_State *l, strbuf_t *json, int lindex) - * This buffer is reused constantly for small strings - * If there are any excess pages, they won't be hit anyway. - * This gains ~5% speedup. */ -+ if (len > SIZE_MAX / 6 - 3) -+ abort(); /* Overflow check */ - strbuf_ensure_empty_length(json, len * 6 + 2); - - strbuf_append_char_unsafe(json, '\"'); -@@ -814,7 +817,7 @@ static int json_encode(lua_State *l) - strbuf_t local_encode_buf; - strbuf_t *encode_buf; - char *json; -- int len; -+ size_t len; - - luaL_argcheck(l, lua_gettop(l) == 1, 1, "expected 1 argument"); - -diff --git a/bundle/lua-cjson-2.1.0.8/strbuf.c b/bundle/lua-cjson-2.1.0.8/strbuf.c -index f0f7f4b..2dc30be 100644 ---- a/bundle/lua-cjson-2.1.0.8/strbuf.c -+++ b/bundle/lua-cjson-2.1.0.8/strbuf.c -@@ -26,6 +26,7 @@ - #include - #include - #include -+#include - - #include "strbuf.h" - -@@ -38,22 +39,22 @@ static void die(const char *fmt, ...) - va_end(arg); - fprintf(stderr, "\n"); - -- exit(-1); -+ abort(); - } - --void strbuf_init(strbuf_t *s, int len) -+void strbuf_init(strbuf_t *s, size_t len) - { -- int size; -+ size_t size; - -- if (len <= 0) -+ if (!len) - size = STRBUF_DEFAULT_SIZE; - else -- size = len + 1; /* \0 terminator */ -- -+ size = len + 1; -+ if (size < len) -+ die("Overflow, len: %zu", len); - s->buf = NULL; - s->size = size; - s->length = 0; -- s->increment = STRBUF_DEFAULT_INCREMENT; - s->dynamic = 0; - s->reallocs = 0; - s->debug = 0; -@@ -65,7 +66,7 @@ void strbuf_init(strbuf_t *s, int len) - strbuf_ensure_null(s); - } - --strbuf_t *strbuf_new(int len) -+strbuf_t *strbuf_new(size_t len) - { - strbuf_t *s; - -@@ -81,20 +82,10 @@ strbuf_t *strbuf_new(int len) - return s; - } - --void strbuf_set_increment(strbuf_t *s, int increment) --{ -- /* Increment > 0: Linear buffer growth rate -- * Increment < -1: Exponential buffer growth rate */ -- if (increment == 0 || increment == -1) -- die("BUG: Invalid string increment"); -- -- s->increment = increment; --} -- - static inline void debug_stats(strbuf_t *s) - { - if (s->debug) { -- fprintf(stderr, "strbuf(%lx) reallocs: %d, length: %d, size: %d\n", -+ fprintf(stderr, "strbuf(%lx) reallocs: %d, length: %zd, size: %zd\n", - (long)s, s->reallocs, s->length, s->size); - } - } -@@ -113,7 +104,7 @@ void strbuf_free(strbuf_t *s) - free(s); - } - --char *strbuf_free_to_string(strbuf_t *s, int *len) -+char *strbuf_free_to_string(strbuf_t *s, size_t *len) - { - char *buf; - -@@ -131,57 +122,63 @@ char *strbuf_free_to_string(strbuf_t *s, int *len) - return buf; - } - --static int calculate_new_size(strbuf_t *s, int len) -+static size_t calculate_new_size(strbuf_t *s, size_t len) - { -- int reqsize, newsize; -+ size_t reqsize, newsize; - - if (len <= 0) - die("BUG: Invalid strbuf length requested"); - - /* Ensure there is room for optional NULL termination */ - reqsize = len + 1; -+ if (reqsize < len) -+ die("Overflow, len: %zu", len); - - /* If the user has requested to shrink the buffer, do it exactly */ - if (s->size > reqsize) - return reqsize; - - newsize = s->size; -- if (s->increment < 0) { -+ if (reqsize >= SIZE_MAX / 2) { -+ newsize = reqsize; -+ } else { - /* Exponential sizing */ - while (newsize < reqsize) -- newsize *= -s->increment; -- } else { -- /* Linear sizing */ -- newsize = ((newsize + s->increment - 1) / s->increment) * s->increment; -+ newsize *= 2; - } - -+ if (newsize < reqsize) -+ die("BUG: strbuf length would overflow, len: %zu", len); -+ -+ - return newsize; - } - - - /* Ensure strbuf can handle a string length bytes long (ignoring NULL - * optional termination). */ --void strbuf_resize(strbuf_t *s, int len) -+void strbuf_resize(strbuf_t *s, size_t len) - { -- int newsize; -+ size_t newsize; - - newsize = calculate_new_size(s, len); - - if (s->debug > 1) { -- fprintf(stderr, "strbuf(%lx) resize: %d => %d\n", -+ fprintf(stderr, "strbuf(%lx) resize: %zd => %zd\n", - (long)s, s->size, newsize); - } - - s->size = newsize; - s->buf = realloc(s->buf, s->size); - if (!s->buf) -- die("Out of memory"); -+ die("Out of memory, len: %zu", len); - s->reallocs++; - } - - void strbuf_append_string(strbuf_t *s, const char *str) - { -- int space, i; -+ int i; -+ size_t space; - - space = strbuf_empty_length(s); - -@@ -197,55 +194,6 @@ void strbuf_append_string(strbuf_t *s, const char *str) - } - } - --/* strbuf_append_fmt() should only be used when an upper bound -- * is known for the output string. */ --void strbuf_append_fmt(strbuf_t *s, int len, const char *fmt, ...) --{ -- va_list arg; -- int fmt_len; -- -- strbuf_ensure_empty_length(s, len); -- -- va_start(arg, fmt); -- fmt_len = vsnprintf(s->buf + s->length, len, fmt, arg); -- va_end(arg); -- -- if (fmt_len < 0) -- die("BUG: Unable to convert number"); /* This should never happen.. */ -- -- s->length += fmt_len; --} -- --/* strbuf_append_fmt_retry() can be used when the there is no known -- * upper bound for the output string. */ --void strbuf_append_fmt_retry(strbuf_t *s, const char *fmt, ...) --{ -- va_list arg; -- int fmt_len, try; -- int empty_len; -- -- /* If the first attempt to append fails, resize the buffer appropriately -- * and try again */ -- for (try = 0; ; try++) { -- va_start(arg, fmt); -- /* Append the new formatted string */ -- /* fmt_len is the length of the string required, excluding the -- * trailing NULL */ -- empty_len = strbuf_empty_length(s); -- /* Add 1 since there is also space to store the terminating NULL. */ -- fmt_len = vsnprintf(s->buf + s->length, empty_len + 1, fmt, arg); -- va_end(arg); -- -- if (fmt_len <= empty_len) -- break; /* SUCCESS */ -- if (try > 0) -- die("BUG: length of formatted string changed"); -- -- strbuf_resize(s, s->length + fmt_len); -- } -- -- s->length += fmt_len; --} - - /* vi:ai et sw=4 ts=4: - */ -diff --git a/bundle/lua-cjson-2.1.0.8/strbuf.h b/bundle/lua-cjson-2.1.0.8/strbuf.h -index 5df0b7b..d77e0f4 100644 ---- a/bundle/lua-cjson-2.1.0.8/strbuf.h -+++ b/bundle/lua-cjson-2.1.0.8/strbuf.h -@@ -32,15 +32,13 @@ - - /* Size: Total bytes allocated to *buf - * Length: String length, excluding optional NULL terminator. -- * Increment: Allocation increments when resizing the string buffer. - * Dynamic: True if created via strbuf_new() - */ - - typedef struct { - char *buf; -- int size; -- int length; -- int increment; -+ size_t size; -+ size_t length; - int dynamic; - int reallocs; - int debug; -@@ -49,32 +47,27 @@ typedef struct { - #ifndef STRBUF_DEFAULT_SIZE - #define STRBUF_DEFAULT_SIZE 1023 - #endif --#ifndef STRBUF_DEFAULT_INCREMENT --#define STRBUF_DEFAULT_INCREMENT -2 --#endif - - /* Initialise */ --extern strbuf_t *strbuf_new(int len); --extern void strbuf_init(strbuf_t *s, int len); --extern void strbuf_set_increment(strbuf_t *s, int increment); -+extern strbuf_t *strbuf_new(size_t len); -+extern void strbuf_init(strbuf_t *s, size_t len); - - /* Release */ - extern void strbuf_free(strbuf_t *s); --extern char *strbuf_free_to_string(strbuf_t *s, int *len); -+extern char *strbuf_free_to_string(strbuf_t *s, size_t *len); - - /* Management */ --extern void strbuf_resize(strbuf_t *s, int len); --static int strbuf_empty_length(strbuf_t *s); --static int strbuf_length(strbuf_t *s); --static char *strbuf_string(strbuf_t *s, int *len); --static void strbuf_ensure_empty_length(strbuf_t *s, int len); -+extern void strbuf_resize(strbuf_t *s, size_t len); -+static size_t strbuf_empty_length(strbuf_t *s); -+static size_t strbuf_length(strbuf_t *s); -+static char *strbuf_string(strbuf_t *s, size_t *len); -+static void strbuf_ensure_empty_length(strbuf_t *s, size_t len); - static char *strbuf_empty_ptr(strbuf_t *s); --static void strbuf_extend_length(strbuf_t *s, int len); -+static void strbuf_extend_length(strbuf_t *s, size_t len); -+static void strbuf_set_length(strbuf_t *s, int len); - - /* Update */ --extern void strbuf_append_fmt(strbuf_t *s, int len, const char *fmt, ...); --extern void strbuf_append_fmt_retry(strbuf_t *s, const char *format, ...); --static void strbuf_append_mem(strbuf_t *s, const char *c, int len); -+static void strbuf_append_mem(strbuf_t *s, const char *c, size_t len); - extern void strbuf_append_string(strbuf_t *s, const char *str); - static void strbuf_append_char(strbuf_t *s, const char c); - static void strbuf_ensure_null(strbuf_t *s); -@@ -92,12 +85,12 @@ static inline int strbuf_allocated(strbuf_t *s) - - /* Return bytes remaining in the string buffer - * Ensure there is space for a NULL terminator. */ --static inline int strbuf_empty_length(strbuf_t *s) -+static inline size_t strbuf_empty_length(strbuf_t *s) - { - return s->size - s->length - 1; - } - --static inline void strbuf_ensure_empty_length(strbuf_t *s, int len) -+static inline void strbuf_ensure_empty_length(strbuf_t *s, size_t len) - { - if (len > strbuf_empty_length(s)) - strbuf_resize(s, s->length + len); -@@ -108,12 +101,17 @@ static inline char *strbuf_empty_ptr(strbuf_t *s) - return s->buf + s->length; - } - --static inline void strbuf_extend_length(strbuf_t *s, int len) -+static inline void strbuf_set_length(strbuf_t *s, int len) -+{ -+ s->length = len; -+} -+ -+static inline void strbuf_extend_length(strbuf_t *s, size_t len) - { - s->length += len; - } - --static inline int strbuf_length(strbuf_t *s) -+static inline size_t strbuf_length(strbuf_t *s) - { - return s->length; - } -@@ -129,14 +127,14 @@ static inline void strbuf_append_char_unsafe(strbuf_t *s, const char c) - s->buf[s->length++] = c; - } - --static inline void strbuf_append_mem(strbuf_t *s, const char *c, int len) -+static inline void strbuf_append_mem(strbuf_t *s, const char *c, size_t len) - { - strbuf_ensure_empty_length(s, len); - memcpy(s->buf + s->length, c, len); - s->length += len; - } - --static inline void strbuf_append_mem_unsafe(strbuf_t *s, const char *c, int len) -+static inline void strbuf_append_mem_unsafe(strbuf_t *s, const char *c, size_t len) - { - memcpy(s->buf + s->length, c, len); - s->length += len; -@@ -147,7 +145,7 @@ static inline void strbuf_ensure_null(strbuf_t *s) - s->buf[s->length] = 0; - } - --static inline char *strbuf_string(strbuf_t *s, int *len) -+static inline char *strbuf_string(strbuf_t *s, size_t *len) - { - if (len) - *len = s->length; diff --git a/build/openresty/patches/lua-resty-core-0.1.22_01-cosocket-mtls.patch b/build/openresty/patches/lua-resty-core-0.1.22_01-cosocket-mtls.patch deleted file mode 100644 index 20470b087f53..000000000000 --- a/build/openresty/patches/lua-resty-core-0.1.22_01-cosocket-mtls.patch +++ /dev/null @@ -1,566 +0,0 @@ -From 4f0f4bf63d23a952179aaf810c10dfffc19ee835 Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Fri, 28 Jan 2022 20:54:30 +0800 -Subject: [PATCH 1/9] move tcp.lua into socket.lua - ---- - lib/resty/core/socket.lua | 136 +++++++++++++++++++++++++++++++++++++- - 1 file changed, 133 insertions(+), 3 deletions(-) - -diff --git a/lua-resty-core-0.1.22/lib/resty/core/socket.lua b/lua-resty-core-0.1.22/lib/resty/core/socket.lua -index 1a504ec..cc0081e 100644 ---- a/bundle/lua-resty-core-0.1.22/lib/resty/core/socket.lua -+++ b/bundle/lua-resty-core-0.1.22/lib/resty/core/socket.lua -@@ -6,13 +6,21 @@ local ffi = require 'ffi' - - local error = error - local tonumber = tonumber -+local tostring = tostring -+local type = type -+local select = select - local registry = debug.getregistry() -+ -+local C = ffi.C - local ffi_new = ffi.new - local ffi_string = ffi.string --local C = ffi.C -+local ffi_gc = ffi.gc -+ - local get_string_buf = base.get_string_buf - local get_size_ptr = base.get_size_ptr --local tostring = tostring -+local get_request = base.get_request -+ -+local co_yield = coroutine._yield - - - local option_index = { -@@ -35,15 +43,29 @@ ngx_http_lua_ffi_socket_tcp_getoption(ngx_http_lua_socket_tcp_upstream_t *u, - int - ngx_http_lua_ffi_socket_tcp_setoption(ngx_http_lua_socket_tcp_upstream_t *u, - int opt, int val, unsigned char *err, size_t *errlen); -+ -+int ngx_http_lua_ffi_socket_tcp_sslhandshake(ngx_http_request_t *r, -+ ngx_http_lua_socket_tcp_upstream_t *u, void *sess, -+ int enable_session_reuse, ngx_str_t *server_name, int verify, -+ int ocsp_status_req, void *chain, void *pkey, char **errmsg); -+ -+int ngx_http_lua_ffi_socket_tcp_get_sslhandshake_result(ngx_http_request_t *r, -+ ngx_http_lua_socket_tcp_upstream_t *u, void **sess, char **errmsg, -+ int *openssl_error_code); -+ -+void ngx_http_lua_ffi_ssl_free_session(void *sess); - ]] - - - local output_value_buf = ffi_new("int[1]") - local FFI_OK = base.FFI_OK -+local FFI_ERROR = base.FFI_ERROR -+local FFI_DONE = base.FFI_DONE -+local FFI_AGAIN = base.FFI_AGAIN -+local FFI_NO_REQ_CTX = base.FFI_NO_REQ_CTX - local SOCKET_CTX_INDEX = 1 - local ERR_BUF_SIZE = 4096 - -- - local function get_tcp_socket(cosocket) - local tcp_socket = cosocket[SOCKET_CTX_INDEX] - if not tcp_socket then -@@ -114,10 +136,118 @@ local function setoption(cosocket, option, value) - end - - -+local errmsg = base.get_errmsg_ptr() -+local session_ptr = ffi_new("void *[1]") -+local server_name_str = ffi_new("ngx_str_t[1]") -+local openssl_error_code = ffi_new("int[1]") -+ -+ -+local function setclientcert(self, cert, pkey) -+ if not cert and not pkey then -+ self.client_cert = nil -+ self.client_pkey = nil -+ return -+ end -+ -+ if not cert or not pkey then -+ error("client certificate must be supplied with corresponding " .. -+ "private key", 2) -+ end -+ -+ if type(cert) ~= "cdata" then -+ error("bad client cert type", 2) -+ end -+ -+ if type(pkey) ~= "cdata" then -+ error("bad client pkey type", 2) -+ end -+ -+ self.client_cert = cert -+ self.client_pkey = pkey -+end -+ -+ -+local function sslhandshake(self, reused_session, server_name, ssl_verify, -+ send_status_req, ...) -+ -+ local n = select("#", ...) -+ if not self or n > 1 then -+ error("ngx.socket sslhandshake: expecting 1 ~ 5 arguments " .. -+ "(including the object), but seen " .. (5 + n)) -+ end -+ -+ local r = get_request() -+ if not r then -+ error("no request found", 2) -+ end -+ -+ session_ptr[0] = type(reused_session) == "cdata" and reused_session or nil -+ -+ if server_name then -+ server_name_str[0].data = server_name -+ server_name_str[0].len = #server_name -+ -+ else -+ server_name_str[0].data = nil -+ server_name_str[0].len = 0 -+ end -+ -+ local u = self[SOCKET_CTX_INDEX] -+ -+ local rc = C.ngx_http_lua_ffi_socket_tcp_sslhandshake(r, u, -+ session_ptr[0], -+ reused_session ~= false, -+ server_name_str, -+ ssl_verify and 1 or 0, -+ send_status_req and 1 or 0, -+ self.client_cert, self.client_pkey, errmsg) -+ -+ if rc == FFI_NO_REQ_CTX then -+ error("no request ctx found", 2) -+ end -+ -+ while true do -+ if rc == FFI_ERROR then -+ if openssl_error_code[0] ~= 0 then -+ return nil, openssl_error_code[0] .. ": " .. ffi_string(errmsg[0]) -+ end -+ -+ return nil, ffi_string(errmsg[0]) -+ end -+ -+ if rc == FFI_DONE then -+ return reused_session -+ end -+ -+ if rc == FFI_OK then -+ if reused_session == false then -+ return true -+ end -+ -+ rc = C.ngx_http_lua_ffi_socket_tcp_get_sslhandshake_result(r, u, -+ session_ptr, errmsg, openssl_error_code) -+ -+ if session_ptr[0] == nil then -+ return nil -+ end -+ -+ return ffi_gc(session_ptr[0], C.ngx_http_lua_ffi_ssl_free_session) -+ end -+ -+ co_yield() -+ -+ rc = C.ngx_http_lua_ffi_socket_tcp_get_sslhandshake_result(r, u, -+ session_ptr, errmsg, openssl_error_code) -+ end -+end -+ -+ - do - local method_table = registry.__tcp_cosocket_mt - method_table.getoption = getoption - method_table.setoption = setoption -+ method_table.setclientcert = setclientcert -+ method_table.sslhandshake = sslhandshake - end - - --- -2.32.0 (Apple Git-132) - - -From 4eab5793d741c739d9c5cfe14e0671c1d70fd6e5 Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Fri, 28 Jan 2022 21:37:45 +0800 -Subject: [PATCH 2/9] revert assert in sslhandshake - ---- - lib/resty/core/socket.lua | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/lua-resty-core-0.1.22/lib/resty/core/socket.lua b/lua-resty-core-0.1.22/lib/resty/core/socket.lua -index cc0081e..7c61d06 100644 ---- a/bundle/lua-resty-core-0.1.22/lib/resty/core/socket.lua -+++ b/bundle/lua-resty-core-0.1.22/lib/resty/core/socket.lua -@@ -5,6 +5,7 @@ local ffi = require 'ffi' - - - local error = error -+local assert = assert - local tonumber = tonumber - local tostring = tostring - local type = type -@@ -227,6 +228,8 @@ local function sslhandshake(self, reused_session, server_name, ssl_verify, - rc = C.ngx_http_lua_ffi_socket_tcp_get_sslhandshake_result(r, u, - session_ptr, errmsg, openssl_error_code) - -+ assert(rc == FFI_OK) -+ - if session_ptr[0] == nil then - return nil - end -@@ -234,6 +237,8 @@ local function sslhandshake(self, reused_session, server_name, ssl_verify, - return ffi_gc(session_ptr[0], C.ngx_http_lua_ffi_ssl_free_session) - end - -+ assert(rc == FFI_AGAIN) -+ - co_yield() - - rc = C.ngx_http_lua_ffi_socket_tcp_get_sslhandshake_result(r, u, --- -2.32.0 (Apple Git-132) - - -From 58de9a44c89f07eda98bb7fd978a9e04a244d2f2 Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Fri, 28 Jan 2022 21:45:42 +0800 -Subject: [PATCH 3/9] rename ffi_string to ffi_str - ---- - lib/resty/core/socket.lua | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/lua-resty-core-0.1.22/lib/resty/core/socket.lua b/lua-resty-core-0.1.22/lib/resty/core/socket.lua -index 7c61d06..14457da 100644 ---- a/bundle/lua-resty-core-0.1.22/lib/resty/core/socket.lua -+++ b/bundle/lua-resty-core-0.1.22/lib/resty/core/socket.lua -@@ -14,7 +14,7 @@ local registry = debug.getregistry() - - local C = ffi.C - local ffi_new = ffi.new --local ffi_string = ffi.string -+local ffi_str = ffi.string - local ffi_gc = ffi.gc - - local get_string_buf = base.get_string_buf -@@ -98,7 +98,7 @@ local function getoption(cosocket, option) - err, - errlen) - if rc ~= FFI_OK then -- return nil, ffi_string(err, errlen[0]) -+ return nil, ffi_str(err, errlen[0]) - end - - return tonumber(output_value_buf[0]) -@@ -130,7 +130,7 @@ local function setoption(cosocket, option, value) - err, - errlen) - if rc ~= FFI_OK then -- return nil, ffi_string(err, errlen[0]) -+ return nil, ffi_str(err, errlen[0]) - end - - return true -@@ -210,10 +210,10 @@ local function sslhandshake(self, reused_session, server_name, ssl_verify, - while true do - if rc == FFI_ERROR then - if openssl_error_code[0] ~= 0 then -- return nil, openssl_error_code[0] .. ": " .. ffi_string(errmsg[0]) -+ return nil, openssl_error_code[0] .. ": " .. ffi_str(errmsg[0]) - end - -- return nil, ffi_string(errmsg[0]) -+ return nil, ffi_str(errmsg[0]) - end - - if rc == FFI_DONE then --- -2.32.0 (Apple Git-132) - - -From ff138619432bda6b9bd4f37403c12600a4739e47 Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Sat, 29 Jan 2022 07:23:16 +0800 -Subject: [PATCH 4/9] minor style fix - ---- - lib/resty/core/socket.lua | 15 +++++++++------ - 1 file changed, 9 insertions(+), 6 deletions(-) - -diff --git a/lua-resty-core-0.1.22/lib/resty/core/socket.lua b/lua-resty-core-0.1.22/lib/resty/core/socket.lua -index 14457da..3c882af 100644 ---- a/bundle/lua-resty-core-0.1.22/lib/resty/core/socket.lua -+++ b/bundle/lua-resty-core-0.1.22/lib/resty/core/socket.lua -@@ -1,7 +1,7 @@ - local base = require "resty.core.base" --base.allows_subsystem('http') --local debug = require 'debug' --local ffi = require 'ffi' -+base.allows_subsystem("http") -+local debug = require "debug" -+local ffi = require "ffi" - - - local error = error -@@ -45,16 +45,19 @@ int - ngx_http_lua_ffi_socket_tcp_setoption(ngx_http_lua_socket_tcp_upstream_t *u, - int opt, int val, unsigned char *err, size_t *errlen); - --int ngx_http_lua_ffi_socket_tcp_sslhandshake(ngx_http_request_t *r, -+int -+ngx_http_lua_ffi_socket_tcp_sslhandshake(ngx_http_request_t *r, - ngx_http_lua_socket_tcp_upstream_t *u, void *sess, - int enable_session_reuse, ngx_str_t *server_name, int verify, - int ocsp_status_req, void *chain, void *pkey, char **errmsg); - --int ngx_http_lua_ffi_socket_tcp_get_sslhandshake_result(ngx_http_request_t *r, -+int -+ngx_http_lua_ffi_socket_tcp_get_sslhandshake_result(ngx_http_request_t *r, - ngx_http_lua_socket_tcp_upstream_t *u, void **sess, char **errmsg, - int *openssl_error_code); - --void ngx_http_lua_ffi_ssl_free_session(void *sess); -+void -+ngx_http_lua_ffi_ssl_free_session(void *sess); - ]] - - --- -2.32.0 (Apple Git-132) - - -From a843a258987efba49f0b6979389f75ee32c2150c Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Sat, 29 Jan 2022 07:28:41 +0800 -Subject: [PATCH 5/9] rename self to cosocket - ---- - lib/resty/core/socket.lua | 18 +++++++++--------- - 1 file changed, 9 insertions(+), 9 deletions(-) - -diff --git a/lua-resty-core-0.1.22/lib/resty/core/socket.lua b/lua-resty-core-0.1.22/lib/resty/core/socket.lua -index 3c882af..374d583 100644 ---- a/bundle/lua-resty-core-0.1.22/lib/resty/core/socket.lua -+++ b/bundle/lua-resty-core-0.1.22/lib/resty/core/socket.lua -@@ -146,10 +146,10 @@ local server_name_str = ffi_new("ngx_str_t[1]") - local openssl_error_code = ffi_new("int[1]") - - --local function setclientcert(self, cert, pkey) -+local function setclientcert(cosocket, cert, pkey) - if not cert and not pkey then -- self.client_cert = nil -- self.client_pkey = nil -+ cosocket.client_cert = nil -+ cosocket.client_pkey = nil - return - end - -@@ -166,16 +166,16 @@ local function setclientcert(self, cert, pkey) - error("bad client pkey type", 2) - end - -- self.client_cert = cert -- self.client_pkey = pkey -+ cosocket.client_cert = cert -+ cosocket.client_pkey = pkey - end - - --local function sslhandshake(self, reused_session, server_name, ssl_verify, -+local function sslhandshake(cosocket, reused_session, server_name, ssl_verify, - send_status_req, ...) - - local n = select("#", ...) -- if not self or n > 1 then -+ if not cosocket or n > 1 then - error("ngx.socket sslhandshake: expecting 1 ~ 5 arguments " .. - "(including the object), but seen " .. (5 + n)) - end -@@ -196,7 +196,7 @@ local function sslhandshake(self, reused_session, server_name, ssl_verify, - server_name_str[0].len = 0 - end - -- local u = self[SOCKET_CTX_INDEX] -+ local u = cosocket[SOCKET_CTX_INDEX] - - local rc = C.ngx_http_lua_ffi_socket_tcp_sslhandshake(r, u, - session_ptr[0], -@@ -204,7 +204,7 @@ local function sslhandshake(self, reused_session, server_name, ssl_verify, - server_name_str, - ssl_verify and 1 or 0, - send_status_req and 1 or 0, -- self.client_cert, self.client_pkey, errmsg) -+ cosocket.client_cert, cosocket.client_pkey, errmsg) - - if rc == FFI_NO_REQ_CTX then - error("no request ctx found", 2) --- -2.32.0 (Apple Git-132) - - -From db95a049a019ff6f0d3b4e550412e40c25dda41f Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Sat, 29 Jan 2022 07:35:04 +0800 -Subject: [PATCH 6/9] use get_tcp_socket() in sslhandshake - ---- - lib/resty/core/socket.lua | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lua-resty-core-0.1.22/lib/resty/core/socket.lua b/lua-resty-core-0.1.22/lib/resty/core/socket.lua -index 374d583..ecff453 100644 ---- a/bundle/lua-resty-core-0.1.22/lib/resty/core/socket.lua -+++ b/bundle/lua-resty-core-0.1.22/lib/resty/core/socket.lua -@@ -196,7 +196,7 @@ local function sslhandshake(cosocket, reused_session, server_name, ssl_verify, - server_name_str[0].len = 0 - end - -- local u = cosocket[SOCKET_CTX_INDEX] -+ local u = get_tcp_socket(cosocket) - - local rc = C.ngx_http_lua_ffi_socket_tcp_sslhandshake(r, u, - session_ptr[0], --- -2.32.0 (Apple Git-132) - - -From 6767f0c2e8a73fd1a09d727431bed457c5cac4c0 Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Sat, 29 Jan 2022 08:58:52 +0800 -Subject: [PATCH 7/9] fix arguments check in sslhandshake - ---- - lib/resty/core/socket.lua | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lua-resty-core-0.1.22/lib/resty/core/socket.lua b/lua-resty-core-0.1.22/lib/resty/core/socket.lua -index ecff453..15e3065 100644 ---- a/bundle/lua-resty-core-0.1.22/lib/resty/core/socket.lua -+++ b/bundle/lua-resty-core-0.1.22/lib/resty/core/socket.lua -@@ -177,7 +177,7 @@ local function sslhandshake(cosocket, reused_session, server_name, ssl_verify, - local n = select("#", ...) - if not cosocket or n > 1 then - error("ngx.socket sslhandshake: expecting 1 ~ 5 arguments " .. -- "(including the object), but seen " .. (5 + n)) -+ "(including the object), but seen " .. (cosocket and 5 + n or 0)) - end - - local r = get_request() --- -2.32.0 (Apple Git-132) - - -From 4eeddcd2114d0097e4b9cb11f2f93d30c70d573e Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Mon, 7 Feb 2022 10:59:35 +0800 -Subject: [PATCH 8/9] setclientcert return err - ---- - lib/resty/core/socket.lua | 13 ++++++++----- - 1 file changed, 8 insertions(+), 5 deletions(-) - -diff --git a/lua-resty-core-0.1.22/lib/resty/core/socket.lua b/lua-resty-core-0.1.22/lib/resty/core/socket.lua -index 15e3065..879d678 100644 ---- a/bundle/lua-resty-core-0.1.22/lib/resty/core/socket.lua -+++ b/bundle/lua-resty-core-0.1.22/lib/resty/core/socket.lua -@@ -150,24 +150,27 @@ local function setclientcert(cosocket, cert, pkey) - if not cert and not pkey then - cosocket.client_cert = nil - cosocket.client_pkey = nil -- return -+ return true - end - - if not cert or not pkey then -- error("client certificate must be supplied with corresponding " .. -- "private key", 2) -+ return nil, -+ "client certificate must be supplied with corresponding " .. -+ "private key" - end - - if type(cert) ~= "cdata" then -- error("bad client cert type", 2) -+ return nil, "bad client cert type" - end - - if type(pkey) ~= "cdata" then -- error("bad client pkey type", 2) -+ return nil, "bad client pkey type" - end - - cosocket.client_cert = cert - cosocket.client_pkey = pkey -+ -+ return true - end - - --- -2.32.0 (Apple Git-132) - - -From fead2a28f409117ad1b6c98d02edb6a38a64fde0 Mon Sep 17 00:00:00 2001 -From: James Hurst -Date: Wed, 9 Feb 2022 16:05:11 +0000 -Subject: [PATCH 9/9] fix(socket) add temporary backwards compatability for - tlshandshake - ---- - lib/resty/core/socket.lua | 22 ++++++++++++++++++++++ - 1 file changed, 22 insertions(+) - -diff --git a/lua-resty-core-0.1.22/lib/resty/core/socket.lua b/lua-resty-core-0.1.22/lib/resty/core/socket.lua -index 879d678..448bf36 100644 ---- a/bundle/lua-resty-core-0.1.22/lib/resty/core/socket.lua -+++ b/bundle/lua-resty-core-0.1.22/lib/resty/core/socket.lua -@@ -253,12 +253,34 @@ local function sslhandshake(cosocket, reused_session, server_name, ssl_verify, - end - - -+-- Temporary patch for backwards compatablity with existing Kong tech debt -+local function tlshandshake(cosocket, options) -+ local options = options or {} -+ -+ if options.client_cert then -+ local ok, err = cosocket:setclientcert(options.client_cert, options.client_priv_key) -+ if not ok then -+ return nil, err -+ end -+ end -+ -+ return sslhandshake( -+ cosocket, -+ options.reused_session, -+ options.server_name, -+ options.ssl_verify, -+ options.ocsp_status_req -+ ) -+end -+ -+ - do - local method_table = registry.__tcp_cosocket_mt - method_table.getoption = getoption - method_table.setoption = setoption - method_table.setclientcert = setclientcert - method_table.sslhandshake = sslhandshake -+ method_table.tlshandshake = tlshandshake - end - - --- -2.32.0 (Apple Git-132) - diff --git a/build/openresty/patches/lua-resty-core-0.1.22_02-dyn_upstream_keepalive.patch b/build/openresty/patches/lua-resty-core-0.1.22_02-dyn_upstream_keepalive.patch deleted file mode 100644 index f1663e178fc2..000000000000 --- a/build/openresty/patches/lua-resty-core-0.1.22_02-dyn_upstream_keepalive.patch +++ /dev/null @@ -1,230 +0,0 @@ -From 37feb95041f183ae4fbafeebc47dc104995e6f27 Mon Sep 17 00:00:00 2001 -From: Thibault Charbonnier -Date: Tue, 17 Sep 2019 11:44:33 -0700 -Subject: [PATCH] feature: implemented the 'balancer.enable_keepalive()' API. - ---- - lua-resty-core-0.1.22/lib/ngx/balancer.lua | 165 +++++++++++++++++++++++++++++++++++++++---- - 1 file changed, 151 insertions(+), 14 deletions(-) - -diff --git a/lua-resty-core-0.1.22/lib/ngx/balancer.lua b/lua-resty-core-0.1.22/lib/ngx/balancer.lua -index d584639..614312f 100644 ---- a/bundle/lua-resty-core-0.1.22/lib/ngx/balancer.lua -+++ b/bundle/lua-resty-core-0.1.22/lib/ngx/balancer.lua -@@ -3,6 +3,7 @@ - - local base = require "resty.core.base" - base.allows_subsystem('http', 'stream') -+require "resty.core.hash" - - - local ffi = require "ffi" -@@ -17,8 +18,10 @@ local error = error - local type = type - local tonumber = tonumber - local max = math.max -+local ngx_crc32_long = ngx.crc32_long - local subsystem = ngx.config.subsystem - local ngx_lua_ffi_balancer_set_current_peer -+local ngx_lua_ffi_balancer_enable_keepalive - local ngx_lua_ffi_balancer_set_more_tries - local ngx_lua_ffi_balancer_get_last_failure - local ngx_lua_ffi_balancer_set_timeouts -- used by both stream and http -@@ -27,7 +30,11 @@ local ngx_lua_ffi_balancer_set_timeouts -- used by both stream and http - if subsystem == 'http' then - ffi.cdef[[ - int ngx_http_lua_ffi_balancer_set_current_peer(ngx_http_request_t *r, -- const unsigned char *addr, size_t addr_len, int port, char **err); -+ const unsigned char *addr, size_t addr_len, int port, -+ unsigned int cpool_crc32, unsigned int cpool_size, char **err); -+ -+ int ngx_http_lua_ffi_balancer_enable_keepalive(ngx_http_request_t *r, -+ unsigned long timeout, unsigned int max_requests, char **err); - - int ngx_http_lua_ffi_balancer_set_more_tries(ngx_http_request_t *r, - int count, char **err); -@@ -46,6 +53,9 @@ if subsystem == 'http' then - ngx_lua_ffi_balancer_set_current_peer = - C.ngx_http_lua_ffi_balancer_set_current_peer - -+ ngx_lua_ffi_balancer_enable_keepalive = -+ C.ngx_http_lua_ffi_balancer_enable_keepalive -+ - ngx_lua_ffi_balancer_set_more_tries = - C.ngx_http_lua_ffi_balancer_set_more_tries - -@@ -96,6 +106,11 @@ else - end - - -+local DEFAULT_KEEPALIVE_POOL_SIZE = 30 -+local DEFAULT_KEEPALIVE_IDLE_TIMEOUT = 60000 -+local DEFAULT_KEEPALIVE_MAX_REQUESTS = 100 -+ -+ - local peer_state_names = { - [1] = "keepalive", - [2] = "next", -@@ -106,25 +121,147 @@ local peer_state_names = { - local _M = { version = base.version } - - --function _M.set_current_peer(addr, port) -- local r = get_request() -- if not r then -- error("no request found") -+if subsystem == "http" then -+ function _M.set_current_peer(addr, port, opts) -+ local r = get_request() -+ if not r then -+ error("no request found") -+ end -+ -+ local pool_crc32 -+ local pool_size -+ -+ if opts then -+ if type(opts) ~= "table" then -+ error("bad argument #3 to 'set_current_peer' " .. -+ "(table expected, got " .. type(opts) .. ")", 2) -+ end -+ -+ local pool = opts.pool -+ pool_size = opts.pool_size -+ -+ if pool then -+ if type(pool) ~= "string" then -+ error("bad option 'pool' to 'set_current_peer' " .. -+ "(string expected, got " .. type(pool) .. ")", 2) -+ end -+ -+ pool_crc32 = ngx_crc32_long(pool) -+ end -+ -+ if pool_size then -+ if type(pool_size) ~= "number" then -+ error("bad option 'pool_size' to 'set_current_peer' " .. -+ "(number expected, got " .. type(pool_size) .. ")", 2) -+ -+ elseif pool_size < 1 then -+ error("bad option 'pool_size' to 'set_current_peer' " .. -+ "(expected > 0)", 2) -+ end -+ end -+ end -+ -+ if not port then -+ port = 0 -+ -+ elseif type(port) ~= "number" then -+ port = tonumber(port) -+ end -+ -+ if not pool_crc32 then -+ pool_crc32 = 0 -+ end -+ -+ if not pool_size then -+ pool_size = DEFAULT_KEEPALIVE_POOL_SIZE -+ end -+ -+ local rc = ngx_lua_ffi_balancer_set_current_peer(r, addr, #addr, port, -+ pool_crc32, pool_size, -+ errmsg) -+ if rc == FFI_OK then -+ return true -+ end -+ -+ return nil, ffi_str(errmsg[0]) - end - -- if not port then -- port = 0 -- elseif type(port) ~= "number" then -- port = tonumber(port) -+else -+ function _M.set_current_peer(addr, port, opts) -+ local r = get_request() -+ if not r then -+ error("no request found") -+ end -+ -+ if opts then -+ error("bad argument #3 to 'set_current_peer' ('opts' not yet " .. -+ "implemented in " .. subsystem .. " subsystem)", 2) -+ end -+ -+ if not port then -+ port = 0 -+ -+ elseif type(port) ~= "number" then -+ port = tonumber(port) -+ end -+ -+ local rc = ngx_lua_ffi_balancer_set_current_peer(r, addr, #addr, -+ port, errmsg) -+ if rc == FFI_OK then -+ return true -+ end -+ -+ return nil, ffi_str(errmsg[0]) - end -+end - -- local rc = ngx_lua_ffi_balancer_set_current_peer(r, addr, #addr, -- port, errmsg) -- if rc == FFI_OK then -- return true -+ -+if subsystem == "http" then -+ function _M.enable_keepalive(idle_timeout, max_requests) -+ local r = get_request() -+ if not r then -+ error("no request found") -+ end -+ -+ if not idle_timeout then -+ idle_timeout = DEFAULT_KEEPALIVE_IDLE_TIMEOUT -+ -+ elseif type(idle_timeout) ~= "number" then -+ error("bad argument #1 to 'enable_keepalive' " .. -+ "(number expected, got " .. type(idle_timeout) .. ")", 2) -+ -+ elseif idle_timeout < 0 then -+ error("bad argument #1 to 'enable_keepalive' (expected >= 0)", 2) -+ -+ else -+ idle_timeout = idle_timeout * 1000 -+ end -+ -+ if not max_requests then -+ max_requests = DEFAULT_KEEPALIVE_MAX_REQUESTS -+ -+ elseif type(max_requests) ~= "number" then -+ error("bad argument #2 to 'enable_keepalive' " .. -+ "(number expected, got " .. type(max_requests) .. ")", 2) -+ -+ elseif max_requests < 0 then -+ error("bad argument #2 to 'enable_keepalive' (expected >= 0)", 2) -+ end -+ -+ local rc = ngx_lua_ffi_balancer_enable_keepalive(r, idle_timeout, -+ max_requests, errmsg) -+ if rc == FFI_OK then -+ return true -+ end -+ -+ return nil, ffi_str(errmsg[0]) - end - -- return nil, ffi_str(errmsg[0]) -+else -+ function _M.enable_keepalive() -+ error("'enable_keepalive' not yet implemented in " .. subsystem .. -+ " subsystem", 2) -+ end - end - - --- -2.25.2 diff --git a/build/openresty/patches/lua-resty-core-0.1.22_05-ngx-worker-pids.patch b/build/openresty/patches/lua-resty-core-0.1.22_05-ngx-worker-pids.patch deleted file mode 100644 index 96ef6e9a26b4..000000000000 --- a/build/openresty/patches/lua-resty-core-0.1.22_05-ngx-worker-pids.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 79f520183bb5b1a278d8a8be3f53659737232253 Mon Sep 17 00:00:00 2001 -From: attenuation -Date: Sun, 21 Aug 2022 22:17:30 +0800 -Subject: [PATCH] feat: add ngx.worker.pids to get all workers pid map - ---- - -diff --git a/bundle/lua-resty-core-0.1.22/lib/resty/core/worker.lua b/bundle/lua-resty-core-0.1.22/lib/resty/core/worker.lua -index c336debdb..187289786 100644 ---- a/bundle/lua-resty-core-0.1.22/lib/resty/core/worker.lua -+++ b/bundle/lua-resty-core-0.1.22/lib/resty/core/worker.lua -@@ -6,12 +6,14 @@ local base = require "resty.core.base" - - - local C = ffi.C -+local ffi_new = ffi.new - local new_tab = base.new_tab - local subsystem = ngx.config.subsystem - - - local ngx_lua_ffi_worker_id - local ngx_lua_ffi_worker_pid -+local ngx_lua_ffi_worker_pids - local ngx_lua_ffi_worker_count - local ngx_lua_ffi_worker_exiting - -@@ -23,12 +25,14 @@ if subsystem == "http" then - ffi.cdef[[ - int ngx_http_lua_ffi_worker_id(void); - int ngx_http_lua_ffi_worker_pid(void); -+ int ngx_http_lua_ffi_worker_pids(int *pids, size_t *pids_len); - int ngx_http_lua_ffi_worker_count(void); - int ngx_http_lua_ffi_worker_exiting(void); - ]] - - ngx_lua_ffi_worker_id = C.ngx_http_lua_ffi_worker_id - ngx_lua_ffi_worker_pid = C.ngx_http_lua_ffi_worker_pid -+ ngx_lua_ffi_worker_pids = C.ngx_http_lua_ffi_worker_pids - ngx_lua_ffi_worker_count = C.ngx_http_lua_ffi_worker_count - ngx_lua_ffi_worker_exiting = C.ngx_http_lua_ffi_worker_exiting - -@@ -36,12 +40,14 @@ elseif subsystem == "stream" then - ffi.cdef[[ - int ngx_stream_lua_ffi_worker_id(void); - int ngx_stream_lua_ffi_worker_pid(void); -+ int ngx_stream_lua_ffi_worker_pids(int *pids, size_t *pids_len); - int ngx_stream_lua_ffi_worker_count(void); - int ngx_stream_lua_ffi_worker_exiting(void); - ]] - - ngx_lua_ffi_worker_id = C.ngx_stream_lua_ffi_worker_id - ngx_lua_ffi_worker_pid = C.ngx_stream_lua_ffi_worker_pid -+ ngx_lua_ffi_worker_pids = C.ngx_stream_lua_ffi_worker_pids - ngx_lua_ffi_worker_count = C.ngx_stream_lua_ffi_worker_count - ngx_lua_ffi_worker_exiting = C.ngx_stream_lua_ffi_worker_exiting - end -@@ -56,6 +62,24 @@ function ngx.worker.pid() - return ngx_lua_ffi_worker_pid() - end - -+local size_ptr = ffi_new("size_t[1]") -+local pids_ptr = ffi_new("int[1024]") -- using NGX_MAX_PROCESSES -+ -+function ngx.worker.pids() -+ if ngx.get_phase() == "init" or ngx.get_phase() == "init_worker" then -+ return nil, "API disabled in the current context" -+ end -+ -+ local res = ngx_lua_ffi_worker_pids(pids_ptr, size_ptr) -+ -+ local pids = {} -+ if res == 0 then -+ for i = 1, tonumber(size_ptr[0]) do -+ pids[i] = pids_ptr[i-1] -+ end -+ end -+ return pids -+end - - function ngx.worker.id() - local id = ngx_lua_ffi_worker_id() \ No newline at end of file diff --git a/build/openresty/patches/lua-resty-dns-0.22_01-destory_resolver.patch b/build/openresty/patches/lua-resty-dns-0.22_01-destory_resolver.patch deleted file mode 100644 index e52797c4b6ac..000000000000 --- a/build/openresty/patches/lua-resty-dns-0.22_01-destory_resolver.patch +++ /dev/null @@ -1,46 +0,0 @@ -diff --git a/bundle/lua-resty-dns-0.22/lib/resty/dns/resolver.lua b/bundle/lua-resty-dns-0.22/lib/resty/dns/resolver.lua -index a67b3c1..0305485 100644 ---- a/bundle/lua-resty-dns-0.22/lib/resty/dns/resolver.lua -+++ b/bundle/lua-resty-dns-0.22/lib/resty/dns/resolver.lua -@@ -99,6 +99,26 @@ for i = 2, 64, 2 do - arpa_tmpl[i] = DOT_CHAR - end - -+local function udp_socks_close(self) -+ if self.socks == nil then -+ return -+ end -+ -+ for _, sock in ipairs(self.socks) do -+ sock:close() -+ end -+ -+ self.socks = nil -+end -+ -+local function tcp_socks_close(self) -+ if self.tcp_sock == nil then -+ return -+ end -+ -+ self.tcp_sock:close() -+ self.tcp_sock = nil -+end - - function _M.new(class, opts) - if not opts then -@@ -161,6 +181,14 @@ function _M.new(class, opts) - }, mt) - end - -+function _M:destroy() -+ udp_socks_close(self) -+ tcp_socks_close(self) -+ self.cur = nil -+ self.servers = nil -+ self.retrans = nil -+ self.no_recurse = nil -+end - - local function pick_sock(self, socks) - local cur = self.cur diff --git a/build/openresty/patches/lua-resty-websocket-0.08_01-client-mtls.patch b/build/openresty/patches/lua-resty-websocket-0.08_01-client-mtls.patch deleted file mode 100644 index da796efb358c..000000000000 --- a/build/openresty/patches/lua-resty-websocket-0.08_01-client-mtls.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 05d0832cf96c216297810cb495706c50309b8c5a Mon Sep 17 00:00:00 2001 -From: James Hurst -Date: Mon, 7 Feb 2022 11:36:25 +0000 -Subject: [PATCH 1/2] feat: add mtls client cert support - ---- - lib/resty/websocket/client.lua | 26 ++++++++++++++++++++++---- - 1 file changed, 22 insertions(+), 4 deletions(-) - -diff --git a/lua-resty-websocket-0.08/lib/resty/websocket/client.lua b/lua-resty-websocket-0.08/lib/resty/websocket/client.lua -index 067b2a5..2ec96dd 100644 ---- a/bundle/lua-resty-websocket-0.08/lib/resty/websocket/client.lua -+++ b/bundle/lua-resty-websocket-0.08/lib/resty/websocket/client.lua -@@ -98,7 +98,8 @@ function _M.connect(self, uri, opts) - path = "/" - end - -- local ssl_verify, headers, proto_header, origin_header, sock_opts = false -+ local ssl_verify, server_name, headers, proto_header, origin_header, sock_opts = false -+ local client_cert, client_priv_key - - if opts then - local protos = opts.protocols -@@ -122,11 +123,20 @@ function _M.connect(self, uri, opts) - sock_opts = { pool = pool } - end - -- if opts.ssl_verify then -+ client_cert = opts.client_cert -+ client_priv_key = opts.client_priv_key -+ -+ if client_cert then -+ assert(client_priv_key, -+ "client_priv_key must be provided with client_cert") -+ end -+ -+ if opts.ssl_verify or opts.server_name then - if not ssl_support then - return nil, "ngx_lua 0.9.11+ required for SSL sockets" - end -- ssl_verify = true -+ ssl_verify = opts.ssl_verify -+ server_name = opts.server_name or host - end - - if opts.headers then -@@ -151,7 +161,15 @@ function _M.connect(self, uri, opts) - if not ssl_support then - return nil, "ngx_lua 0.9.11+ required for SSL sockets" - end -- ok, err = sock:sslhandshake(false, host, ssl_verify) -+ -+ if client_cert then -+ ok, err = sock:setclientcert(client_cert, client_priv_key) -+ if not ok then -+ return nil, "ssl client cert failued: " .. err -+ end -+ end -+ -+ ok, err = sock:sslhandshake(false, server_name, ssl_verify) - if not ok then - return nil, "ssl handshake failed: " .. err - end --- -2.32.0 (Apple Git-132) - - -From fcf3370eef554cd4e1791ac92c43b420d25d66a1 Mon Sep 17 00:00:00 2001 -From: James Hurst -Date: Mon, 7 Feb 2022 15:20:48 +0000 -Subject: [PATCH 2/2] fix(client) fix typo in error message - ---- - lib/resty/websocket/client.lua | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lua-resty-websocket-0.08/lib/resty/websocket/client.lua b/lua-resty-websocket-0.08/lib/resty/websocket/client.lua -index 2ec96dd..598543f 100644 ---- a/bundle/lua-resty-websocket-0.08/lib/resty/websocket/client.lua -+++ b/bundle/lua-resty-websocket-0.08/lib/resty/websocket/client.lua -@@ -165,7 +165,7 @@ function _M.connect(self, uri, opts) - if client_cert then - ok, err = sock:setclientcert(client_cert, client_priv_key) - if not ok then -- return nil, "ssl client cert failued: " .. err -+ return nil, "ssl client cert failed: " .. err - end - end - --- -2.32.0 (Apple Git-132) - diff --git a/build/openresty/patches/nginx-1.19.9_01-upstream_client_certificate_and_ssl_verify.patch b/build/openresty/patches/nginx-1.19.9_01-upstream_client_certificate_and_ssl_verify.patch deleted file mode 100644 index 480092978b30..000000000000 --- a/build/openresty/patches/nginx-1.19.9_01-upstream_client_certificate_and_ssl_verify.patch +++ /dev/null @@ -1,52 +0,0 @@ -diff --git a/nginx-1.19.9/src/http/ngx_http_upstream.c b/nginx-1.19.9/src/http/ngx_http_upstream.c -index 90710557..539a4db9 100644 ---- a/bundle/nginx-1.19.9/src/http/ngx_http_upstream.c -+++ b/bundle/nginx-1.19.9/src/http/ngx_http_upstream.c -@@ -8,6 +8,9 @@ - #include - #include - #include -+#if (NGX_HTTP_LUA_KONG) -+#include -+#endif - - - #if (NGX_HTTP_CACHE) -@@ -1696,7 +1696,14 @@ - c->sendfile = 0; - u->output.sendfile = 0; - -+ -+#if (NGX_HTTP_LUA_KONG) -+ if (u->conf->ssl_server_name -+ || ngx_http_lua_kong_get_upstream_ssl_verify(r, u->conf->ssl_verify)) -+ { -+#else - if (u->conf->ssl_server_name || u->conf->ssl_verify) { -+#endif - if (ngx_http_upstream_ssl_name(r, u, c) != NGX_OK) { - ngx_http_upstream_finalize_request(r, u, - NGX_HTTP_INTERNAL_SERVER_ERROR); -@@ -1724,6 +1727,10 @@ ngx_http_upstream_ssl_init_connection(ngx_http_request_t *r, - } - } - -+#if (NGX_HTTP_LUA_KONG) -+ ngx_http_lua_kong_set_upstream_ssl(r, c); -+#endif -+ - r->connection->log->action = "SSL handshaking to upstream"; - - rc = ngx_ssl_handshake(c); -@@ -1773,7 +1773,11 @@ - - if (c->ssl->handshaked) { - -+#if (NGX_HTTP_LUA_KONG) -+ if (ngx_http_lua_kong_get_upstream_ssl_verify(r, u->conf->ssl_verify)) { -+#else - if (u->conf->ssl_verify) { -+#endif - rc = SSL_get_verify_result(c->ssl->connection); - - if (rc != X509_V_OK) { diff --git a/build/openresty/patches/nginx-1.19.9_02-remove-server-tokens-from-special-responses-output.patch b/build/openresty/patches/nginx-1.19.9_02-remove-server-tokens-from-special-responses-output.patch deleted file mode 100644 index e8f9e07323c8..000000000000 --- a/build/openresty/patches/nginx-1.19.9_02-remove-server-tokens-from-special-responses-output.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 66f96c49ec4a222c4061e18aa8c3f8655b52327d Mon Sep 17 00:00:00 2001 -From: Aapo Talvensaari -Date: Fri, 16 Aug 2019 13:41:49 +0300 -Subject: [PATCH] remove server tokens from special responses output - ---- - nginx-1.19.9/src/http/ngx_http_special_response.c | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/nginx-1.19.9/src/http/ngx_http_special_response.c b/nginx-1.19.9/src/http/ngx_http_special_response.c -index 4b8bbf5..524cc7b 100644 ---- a/bundle/nginx-1.19.9/src/http/ngx_http_special_response.c -+++ b/bundle/nginx-1.19.9/src/http/ngx_http_special_response.c -@@ -19,21 +19,18 @@ static ngx_int_t ngx_http_send_refresh(ngx_http_request_t *r); - - - static u_char ngx_http_error_full_tail[] = --"
" NGINX_VER "
" CRLF - "" CRLF - "" CRLF - ; - - - static u_char ngx_http_error_build_tail[] = --"
" NGINX_VER_BUILD "
" CRLF - "" CRLF - "" CRLF - ; - - - static u_char ngx_http_error_tail[] = --"
openresty
" CRLF - "" CRLF - "" CRLF - ; --- -2.22.0 diff --git a/build/openresty/patches/nginx-1.19.9_03-stream_proxy_ssl_disable.patch b/build/openresty/patches/nginx-1.19.9_03-stream_proxy_ssl_disable.patch deleted file mode 100644 index 9053745cb894..000000000000 --- a/build/openresty/patches/nginx-1.19.9_03-stream_proxy_ssl_disable.patch +++ /dev/null @@ -1,33 +0,0 @@ -diff --git a/nginx-1.19.9/src/stream/ngx_stream_proxy_module.c b/nginx-1.19.9/src/stream/ngx_stream_proxy_module.c -index 09493135..fc8f8479 100644 ---- a/bundle/nginx-1.19.9/src/stream/ngx_stream_proxy_module.c -+++ b/bundle/nginx-1.19.9/src/stream/ngx_stream_proxy_module.c -@@ -8,6 +8,9 @@ - #include - #include - #include -+#if (NGX_STREAM_LUA_KONG) -+#include -+#endif - - - typedef struct { -@@ -812,8 +815,18 @@ ngx_stream_proxy_init_upstream(ngx_stream_session_t *s) - - #if (NGX_STREAM_SSL) - -+#if (NGX_STREAM_LUA_KONG) -+ -+ if (pc->type == SOCK_STREAM && pscf->ssl -+ && !ngx_stream_lua_kong_get_proxy_ssl_disable(s)) -+ { -+ -+#else -+ - if (pc->type == SOCK_STREAM && pscf->ssl) { - -+#endif -+ - if (u->proxy_protocol) { - if (ngx_stream_proxy_send_proxy_protocol(s) != NGX_OK) { - return; diff --git a/build/openresty/patches/nginx-1.19.9_04-grpc_authority_override.patch b/build/openresty/patches/nginx-1.19.9_04-grpc_authority_override.patch deleted file mode 100644 index 6822292e60ab..000000000000 --- a/build/openresty/patches/nginx-1.19.9_04-grpc_authority_override.patch +++ /dev/null @@ -1,25 +0,0 @@ -diff --git a/nginx-1.19.3/src/http/modules/ngx_http_grpc_module.c b/nginx-1.19.3/src/http/modules/ngx_http_grpc_module.c -index d4af66db..10d3aaed 100644 ---- a/bundle/nginx-1.19.9/src/http/modules/ngx_http_grpc_module.c -+++ b/bundle/nginx-1.19.9/src/http/modules/ngx_http_grpc_module.c -@@ -8,6 +8,9 @@ - #include - #include - #include -+#if (NGX_HTTP_LUA_KONG) -+#include -+#endif - - - typedef struct { -@@ -733,6 +736,10 @@ ngx_http_grpc_create_request(ngx_http_request_t *r) - len = sizeof(ngx_http_grpc_connection_start) - 1 - + sizeof(ngx_http_grpc_frame_t); /* headers frame */ - -+#if (NGX_HTTP_LUA_KONG) -+ ngx_http_lua_kong_set_grpc_authority(r, &ctx->host); -+#endif -+ - /* :method header */ - - if (r->method == NGX_HTTP_GET || r->method == NGX_HTTP_POST) { diff --git a/build/openresty/patches/nginx-1.19.9_05-remove-server-headers-from-ngx-header-filter-module.patch b/build/openresty/patches/nginx-1.19.9_05-remove-server-headers-from-ngx-header-filter-module.patch deleted file mode 100644 index a12c3192c254..000000000000 --- a/build/openresty/patches/nginx-1.19.9_05-remove-server-headers-from-ngx-header-filter-module.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 42a44843445e9db12a8fc5eaf1f3e10b22a0065b Mon Sep 17 00:00:00 2001 -From: Aapo Talvensaari -Date: Tue, 15 Jun 2021 16:04:06 +0300 -Subject: [PATCH] remove server headers from nginx header filter module - ---- - nginx-1.19.9/src/http/ngx_http_header_filter_module.c | 34 ------------------- - 1 file changed, 34 deletions(-) - -diff --git a/nginx-1.19.9/src/http/ngx_http_header_filter_module.c b/nginx-1.19.9/src/http/ngx_http_header_filter_module.c -index ca13f2a..1a07dac 100644 ---- a/bundle/nginx-1.19.9/src/http/ngx_http_header_filter_module.c -+++ b/bundle/nginx-1.19.9/src/http/ngx_http_header_filter_module.c -@@ -46,11 +46,6 @@ ngx_module_t ngx_http_header_filter_module = { - }; - - --static u_char ngx_http_server_string[] = "Server: openresty" CRLF; --static u_char ngx_http_server_full_string[] = "Server: " NGINX_VER CRLF; --static u_char ngx_http_server_build_string[] = "Server: " NGINX_VER_BUILD CRLF; -- -- - static ngx_str_t ngx_http_status_lines[] = { - - ngx_string("200 OK"), -@@ -279,18 +274,6 @@ ngx_http_header_filter(ngx_http_request_t *r) - - clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); - -- if (r->headers_out.server == NULL) { -- if (clcf->server_tokens == NGX_HTTP_SERVER_TOKENS_ON) { -- len += sizeof(ngx_http_server_full_string) - 1; -- -- } else if (clcf->server_tokens == NGX_HTTP_SERVER_TOKENS_BUILD) { -- len += sizeof(ngx_http_server_build_string) - 1; -- -- } else { -- len += sizeof(ngx_http_server_string) - 1; -- } -- } -- - if (r->headers_out.date == NULL) { - len += sizeof("Date: Mon, 28 Sep 1970 06:00:00 GMT" CRLF) - 1; - } -@@ -448,23 +431,6 @@ ngx_http_header_filter(ngx_http_request_t *r) - } - *b->last++ = CR; *b->last++ = LF; - -- if (r->headers_out.server == NULL) { -- if (clcf->server_tokens == NGX_HTTP_SERVER_TOKENS_ON) { -- p = ngx_http_server_full_string; -- len = sizeof(ngx_http_server_full_string) - 1; -- -- } else if (clcf->server_tokens == NGX_HTTP_SERVER_TOKENS_BUILD) { -- p = ngx_http_server_build_string; -- len = sizeof(ngx_http_server_build_string) - 1; -- -- } else { -- p = ngx_http_server_string; -- len = sizeof(ngx_http_server_string) - 1; -- } -- -- b->last = ngx_cpymem(b->last, p, len); -- } -- - if (r->headers_out.date == NULL) { - b->last = ngx_cpymem(b->last, "Date: ", sizeof("Date: ") - 1); - b->last = ngx_cpymem(b->last, ngx_cached_http_time.data, --- -2.31.1 diff --git a/build/openresty/patches/nginx-1.19.9_06-set-ssl-option-ignore-unexpected-eof.patch b/build/openresty/patches/nginx-1.19.9_06-set-ssl-option-ignore-unexpected-eof.patch deleted file mode 100644 index d42f8902a4a3..000000000000 --- a/build/openresty/patches/nginx-1.19.9_06-set-ssl-option-ignore-unexpected-eof.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/bundle/nginx-1.19.9/src/event/ngx_event_openssl.c b/bundle/nginx-1.19.9/src/event/ngx_event_openssl.c -index 6361810..54ff114 100644 ---- a/bundle/nginx-1.19.9/src/event/ngx_event_openssl.c -+++ b/bundle/nginx-1.19.9/src/event/ngx_event_openssl.c -@@ -378,6 +378,10 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data) - SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_CLIENT_RENEGOTIATION); - #endif - -+#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF -+ SSL_CTX_set_options(ssl->ctx, SSL_OP_IGNORE_UNEXPECTED_EOF); -+#endif -+ - #ifdef SSL_MODE_RELEASE_BUFFERS - SSL_CTX_set_mode(ssl->ctx, SSL_MODE_RELEASE_BUFFERS); - #endif diff --git a/build/openresty/patches/nginx-1.19.9_09-http2-rapid-reset-ddos-attack-cve-2023-44487.patch b/build/openresty/patches/nginx-1.19.9_09-http2-rapid-reset-ddos-attack-cve-2023-44487.patch deleted file mode 100644 index 4ff6a377ac57..000000000000 --- a/build/openresty/patches/nginx-1.19.9_09-http2-rapid-reset-ddos-attack-cve-2023-44487.patch +++ /dev/null @@ -1,53 +0,0 @@ -diff --git a/bundle/nginx-1.19.9/src/http/v2/ngx_http_v2.c b/bundle/nginx-1.19.9/src/http/v2/ngx_http_v2.c -index 3afa8b6..228b060 100644 ---- a/bundle/nginx-1.19.9/src/http/v2/ngx_http_v2.c -+++ b/bundle/nginx-1.19.9/src/http/v2/ngx_http_v2.c -@@ -361,6 +361,7 @@ ngx_http_v2_read_handler(ngx_event_t *rev) - ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "http2 read handler"); - - h2c->blocked = 1; -+ h2c->new_streams = 0; - - if (c->close) { - c->close = 0; -@@ -1321,6 +1322,14 @@ ngx_http_v2_state_headers(ngx_http_v2_connection_t *h2c, u_char *pos, - goto rst_stream; - } - -+ if (h2c->new_streams++ >= 2 * h2scf->concurrent_streams) { -+ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, -+ "client sent too many streams at once"); -+ -+ status = NGX_HTTP_V2_REFUSED_STREAM; -+ goto rst_stream; -+ } -+ - if (!h2c->settings_ack - && !(h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG) - && h2scf->preread_size < NGX_HTTP_V2_DEFAULT_WINDOW) -@@ -1386,6 +1395,12 @@ ngx_http_v2_state_headers(ngx_http_v2_connection_t *h2c, u_char *pos, - - rst_stream: - -+ if (h2c->refused_streams++ > ngx_max(h2scf->concurrent_streams, 100)) { -+ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, -+ "client sent too many refused streams"); -+ return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_NO_ERROR); -+ } -+ - if (ngx_http_v2_send_rst_stream(h2c, h2c->state.sid, status) != NGX_OK) { - return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_INTERNAL_ERROR); - } -diff --git a/bundle/nginx-1.19.9/src/http/v2/ngx_http_v2.h b/bundle/nginx-1.19.9/src/http/v2/ngx_http_v2.h -index 0eceae3..aef40bb 100644 ---- a/bundle/nginx-1.19.9/src/http/v2/ngx_http_v2.h -+++ b/bundle/nginx-1.19.9/src/http/v2/ngx_http_v2.h -@@ -124,6 +124,8 @@ struct ngx_http_v2_connection_s { - ngx_uint_t processing; - ngx_uint_t frames; - ngx_uint_t idle; -+ ngx_uint_t new_streams; -+ ngx_uint_t refused_streams; - ngx_uint_t priority_limit; - - ngx_uint_t pushing; diff --git a/build/openresty/patches/nginx-cross-endianness-fix.patch b/build/openresty/patches/nginx-cross-endianness-fix.patch deleted file mode 100644 index da3d67457055..000000000000 --- a/build/openresty/patches/nginx-cross-endianness-fix.patch +++ /dev/null @@ -1,79 +0,0 @@ -# http://cgit.openembedded.org/meta-openembedded/tree/meta-webserver/recipes-httpd/nginx/files/0001-Allow-the-overriding-of-the-endianness-via-the-confi.patch -From be9970aa16c5142ef814531d74a07990a8e9eb14 Mon Sep 17 00:00:00 2001 -From: Derek Straka -Date: Fri, 1 Dec 2017 10:32:29 -0500 -Subject: [PATCH] Allow the overriding of the endianness via the configure flag - --with-endian - -The existing configure options contain the --with-endian; however, the command -line flag does not actually function. It does not set the endianness and it -appears to do nothing. - -Upstream-Status: Pending - -Signed-off-by: Derek Straka - -diff --git a/auto/endianness b/auto/endianness -index 1b552b6..be84487 100644 ---- a/bundle/nginx-1.19.9/endianness -+++ b/bundle/nginx-1.19.9/auto/endianness -@@ -13,7 +13,13 @@ checking for system byte ordering - END - - --cat << END > $NGX_AUTOTEST.c -+if [ ".$NGX_WITH_ENDIAN" = ".little" ]; then -+ echo " little endian" -+ have=NGX_HAVE_LITTLE_ENDIAN . auto/have -+elif [ ".$NGX_WITH_ENDIAN" = ".big" ]; then -+ echo " big endian" -+else -+ cat << END > $NGX_AUTOTEST.c - - int main(void) { - int i = 0x11223344; -@@ -26,25 +32,26 @@ int main(void) { - - END - --ngx_test="$CC $CC_TEST_FLAGS $CC_AUX_FLAGS \ -- -o $NGX_AUTOTEST $NGX_AUTOTEST.c $NGX_LD_OPT $ngx_feature_libs" -+ ngx_test="$CC $CC_TEST_FLAGS $CC_AUX_FLAGS \ -+ -o $NGX_AUTOTEST $NGX_AUTOTEST.c $NGX_LD_OPT $ngx_feature_libs" - --eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>&1" -+ eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>&1" - --if [ -x $NGX_AUTOTEST ]; then -- if $NGX_AUTOTEST >/dev/null 2>&1; then -- echo " little endian" -- have=NGX_HAVE_LITTLE_ENDIAN . auto/have -- else -- echo " big endian" -- fi -+ if [ -x $NGX_AUTOTEST ]; then -+ if $NGX_AUTOTEST >/dev/null 2>&1; then -+ echo " little endian" -+ have=NGX_HAVE_LITTLE_ENDIAN . auto/have -+ else -+ echo " big endian" -+ fi - -- rm -rf $NGX_AUTOTEST* -+ rm -rf $NGX_AUTOTEST* - --else -- rm -rf $NGX_AUTOTEST* -+ else -+ rm -rf $NGX_AUTOTEST* - -- echo -- echo "$0: error: cannot detect system byte ordering" -- exit 1 -+ echo -+ echo "$0: error: cannot detect system byte ordering" -+ exit 1 -+ fi - fi --- -2.7.4 \ No newline at end of file diff --git a/build/openresty/patches/nginx-cross.patch b/build/openresty/patches/nginx-cross.patch deleted file mode 100644 index f83c19d05260..000000000000 --- a/build/openresty/patches/nginx-cross.patch +++ /dev/null @@ -1,214 +0,0 @@ -Rebased from http://cgit.openembedded.org/meta-openembedded/tree/meta-webserver/recipes-httpd/nginx/files/nginx-cross.patch - - -=================================================================== -diff --git a/bundle/nginx-1.19.9/auto/feature b/bundle/nginx-1.19.9/auto/feature -index 3561f59..d6a2889 100644 ---- a/bundle/nginx-1.19.9/auto/feature -+++ b/bundle/nginx-1.19.9/auto/feature -@@ -49,12 +49,20 @@ eval "/bin/sh -c \"$ngx_test\" >> $NGX_AUTOCONF_ERR 2>&1" - - if [ -x $NGX_AUTOTEST ]; then - -+ if [ ".$NGX_CROSS_COMPILE" = ".yes" ]; then -+ NGX_AUTOTEST_EXEC="true" -+ NGX_FOUND_MSG=" (not tested, cross compiling)" -+ else -+ NGX_AUTOTEST_EXEC="$NGX_AUTOTEST" -+ NGX_FOUND_MSG="" -+ fi -+ - case "$ngx_feature_run" in - - yes) - # /bin/sh is used to intercept "Killed" or "Abort trap" messages -- if /bin/sh -c $NGX_AUTOTEST >> $NGX_AUTOCONF_ERR 2>&1; then -- echo " found" -+ if /bin/sh -c $NGX_AUTOTEST_EXEC >> $NGX_AUTOCONF_ERR 2>&1; then -+ echo " found$NGX_FOUND_MSG" - ngx_found=yes - - if test -n "$ngx_feature_name"; then -@@ -68,17 +76,27 @@ if [ -x $NGX_AUTOTEST ]; then - - value) - # /bin/sh is used to intercept "Killed" or "Abort trap" messages -- if /bin/sh -c $NGX_AUTOTEST >> $NGX_AUTOCONF_ERR 2>&1; then -- echo " found" -+ if /bin/sh -c $NGX_AUTOTEST_EXEC >> $NGX_AUTOCONF_ERR 2>&1; then -+ echo " found$NGX_FOUND_MSG" - ngx_found=yes - -- cat << END >> $NGX_AUTO_CONFIG_H -+ if [ ".$NGX_CROSS_COMPILE" = ".yes" ]; then -+ cat << END >> $NGX_AUTO_CONFIG_H - - #ifndef $ngx_feature_name --#define $ngx_feature_name `$NGX_AUTOTEST` -+#define $ngx_feature_name $(eval "echo \$NGX_WITH_${ngx_feature_name}") - #endif - - END -+ else -+ cat << END >> $NGX_AUTO_CONFIG_H -+ -+#ifndef $ngx_feature_name -+#define $ngx_feature_name `$NGX_AUTOTEST_EXEC` -+#endif -+ -+END -+ fi - else - echo " found but is not working" - fi -@@ -86,7 +104,7 @@ END - - bug) - # /bin/sh is used to intercept "Killed" or "Abort trap" messages -- if /bin/sh -c $NGX_AUTOTEST >> $NGX_AUTOCONF_ERR 2>&1; then -+ if /bin/sh -c $NGX_AUTOTEST_EXEC >> $NGX_AUTOCONF_ERR 2>&1; then - echo " not found" - - else -diff --git a/bundle/nginx-1.19.9/auto/options b/bundle/nginx-1.19.9/auto/options -index 182c799..e9eb7b8 100644 ---- a/bundle/nginx-1.19.9/auto/options -+++ b/bundle/nginx-1.19.9/auto/options -@@ -400,6 +400,18 @@ $0: warning: the \"--with-sha1-asm\" option is deprecated" - --test-build-epoll) NGX_TEST_BUILD_EPOLL=YES ;; - --test-build-solaris-sendfilev) NGX_TEST_BUILD_SOLARIS_SENDFILEV=YES ;; - -+ # cross compile support -+ --with-int=*) NGX_WITH_INT="$value" ;; -+ --with-long=*) NGX_WITH_LONG="$value" ;; -+ --with-long-long=*) NGX_WITH_LONG_LONG="$value" ;; -+ --with-ptr-size=*) NGX_WITH_PTR_SIZE="$value" ;; -+ --with-sig-atomic-t=*) NGX_WITH_SIG_ATOMIC_T="$value" ;; -+ --with-size-t=*) NGX_WITH_SIZE_T="$value" ;; -+ --with-off-t=*) NGX_WITH_OFF_T="$value" ;; -+ --with-time-t=*) NGX_WITH_TIME_T="$value" ;; -+ --with-sys-nerr=*) NGX_WITH_NGX_SYS_NERR="$value" ;; -+ --with-endian=*) NGX_WITH_ENDIAN="$value" ;; -+ - *) - echo "$0: error: invalid option \"$option\"" - exit 1 -@@ -590,6 +602,17 @@ cat << END - - --with-debug enable debug logging - -+ --with-int=VALUE force int size -+ --with-long=VALUE force long size -+ --with-long-long=VALUE force long long size -+ --with-ptr-size=VALUE force pointer size -+ --with-sig-atomic-t=VALUE force sig_atomic_t size -+ --with-size-t=VALUE force size_t size -+ --with-off-t=VALUE force off_t size -+ --with-time-t=VALUE force time_t size -+ --with-sys-nerr=VALUE force sys_nerr value -+ --with-endian=VALUE force system endianess -+ - END - - exit 1 -@@ -598,6 +621,8 @@ fi - - if [ ".$NGX_PLATFORM" = ".win32" ]; then - NGX_WINE=$WINE -+elif [ ! -z "$NGX_PLATFORM" ]; then -+ NGX_CROSS_COMPILE="yes" - fi - - -diff --git a/bundle/nginx-1.19.9/auto/types/sizeof b/bundle/nginx-1.19.9/auto/types/sizeof -index 480d8cf..23c5171 100644 ---- a/bundle/nginx-1.19.9/auto/types/sizeof -+++ b/bundle/nginx-1.19.9/auto/types/sizeof -@@ -12,9 +12,12 @@ checking for $ngx_type size - - END - --ngx_size= -+ngx_size=$(eval "echo \$NGX_WITH_${ngx_param}") - --cat << END > $NGX_AUTOTEST.c -+if [ ".$ngx_size" != "." ]; then -+ echo " $ngx_size bytes" -+else -+ cat << END > $NGX_AUTOTEST.c - - #include - #include -@@ -33,15 +36,16 @@ int main(void) { - END - - --ngx_test="$CC $CC_TEST_FLAGS $CC_AUX_FLAGS \ -- -o $NGX_AUTOTEST $NGX_AUTOTEST.c $NGX_LD_OPT $ngx_feature_libs" -+ ngx_test="$CC $CC_TEST_FLAGS $CC_AUX_FLAGS \ -+ -o $NGX_AUTOTEST $NGX_AUTOTEST.c $NGX_LD_OPT $ngx_feature_libs" - --eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>&1" -+ eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>&1" - - --if [ -x $NGX_AUTOTEST ]; then -- ngx_size=`$NGX_AUTOTEST` -- echo " $ngx_size bytes" -+ if [ -x $NGX_AUTOTEST ]; then -+ ngx_size=`$NGX_AUTOTEST` -+ echo " $ngx_size bytes" -+ fi - fi - - -diff --git a/bundle/nginx-1.19.9/auto/unix b/bundle/nginx-1.19.9/auto/unix -index b41c70f..febbf3c 100644 ---- a/bundle/nginx-1.19.9/auto/unix -+++ b/bundle/nginx-1.19.9/auto/unix -@@ -592,13 +592,13 @@ ngx_feature_libs= - - # C types - --ngx_type="int"; . auto/types/sizeof -+ngx_type="int"; ngx_param="INT"; . auto/types/sizeof - --ngx_type="long"; . auto/types/sizeof -+ngx_type="long"; ngx_param="LONG"; . auto/types/sizeof - --ngx_type="long long"; . auto/types/sizeof -+ngx_type="long long"; ngx_param="LONG_LONG"; . auto/types/sizeof - --ngx_type="void *"; . auto/types/sizeof; ngx_ptr_size=$ngx_size -+ngx_type="void *"; ngx_param="PTR_SIZE"; . auto/types/sizeof; ngx_ptr_size=$ngx_size - ngx_param=NGX_PTR_SIZE; ngx_value=$ngx_size; . auto/types/value - - -@@ -609,7 +609,7 @@ NGX_INCLUDE_AUTO_CONFIG_H="#include \"ngx_auto_config.h\"" - ngx_type="uint32_t"; ngx_types="u_int32_t"; . auto/types/typedef - ngx_type="uint64_t"; ngx_types="u_int64_t"; . auto/types/typedef - --ngx_type="sig_atomic_t"; ngx_types="int"; . auto/types/typedef -+ngx_type="sig_atomic_t"; ngx_param="SIG_ATOMIC_T"; ngx_types="int"; . auto/types/typedef - . auto/types/sizeof - ngx_param=NGX_SIG_ATOMIC_T_SIZE; ngx_value=$ngx_size; . auto/types/value - -@@ -625,15 +625,15 @@ ngx_type="rlim_t"; ngx_types="int"; . auto/types/typedef - - . auto/endianness - --ngx_type="size_t"; . auto/types/sizeof -+ngx_type="size_t"; ngx_param="SIZE_T"; . auto/types/sizeof - ngx_param=NGX_MAX_SIZE_T_VALUE; ngx_value=$ngx_max_value; . auto/types/value - ngx_param=NGX_SIZE_T_LEN; ngx_value=$ngx_max_len; . auto/types/value - --ngx_type="off_t"; . auto/types/sizeof -+ngx_type="off_t"; ngx_param="OFF_T"; . auto/types/sizeof - ngx_param=NGX_MAX_OFF_T_VALUE; ngx_value=$ngx_max_value; . auto/types/value - ngx_param=NGX_OFF_T_LEN; ngx_value=$ngx_max_len; . auto/types/value - --ngx_type="time_t"; . auto/types/sizeof -+ngx_type="time_t"; ngx_param="TIME_T"; . auto/types/sizeof - ngx_param=NGX_TIME_T_SIZE; ngx_value=$ngx_size; . auto/types/value - ngx_param=NGX_TIME_T_LEN; ngx_value=$ngx_max_len; . auto/types/value - ngx_param=NGX_MAX_TIME_T_VALUE; ngx_value=$ngx_max_value; . auto/types/value diff --git a/build/openresty/patches/ngx_lua-0.10.20_01-cosocket-mtls.patch b/build/openresty/patches/ngx_lua-0.10.20_01-cosocket-mtls.patch deleted file mode 100644 index f339a76d9b99..000000000000 --- a/build/openresty/patches/ngx_lua-0.10.20_01-cosocket-mtls.patch +++ /dev/null @@ -1,1554 +0,0 @@ -From acd53645754ce42b436cecb0d7a10b547d41fef6 Mon Sep 17 00:00:00 2001 -From: lijunlong -Date: Wed, 13 Oct 2021 23:42:17 +0800 -Subject: [PATCH 01/17] bugfix: nginx crash when resolve an not exist domain in - thread create by ngx.thread.spawn.(#1931) - -FIX #1915 -The resolve ctxes were dded to a link list. function ngx_resolver_process_a iterate through the link list when got the DNS reply. -When processing the first resolve ctx, all the three ctxes were freed. So when ngx_resolver_process_a continues to process the second ctx, it will free the ctx again. - -Co-authored-by: doujiang24 ---- - src/ngx_http_lua_socket_tcp.c | 15 ++------------- - 1 file changed, 2 insertions(+), 13 deletions(-) - -diff --git a/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c b/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -index 55bd203d..b7c3bdd4 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -@@ -147,8 +147,6 @@ static void ngx_http_lua_socket_free_pool(ngx_log_t *log, - static int ngx_http_lua_socket_shutdown_pool(lua_State *L); - static void ngx_http_lua_socket_shutdown_pool_helper( - ngx_http_lua_socket_pool_t *spool); --static void -- ngx_http_lua_socket_empty_resolve_handler(ngx_resolver_ctx_t *ctx); - static int ngx_http_lua_socket_prepare_error_retvals(ngx_http_request_t *r, - ngx_http_lua_socket_tcp_upstream_t *u, lua_State *L, ngx_uint_t ft_type); - #if (NGX_HTTP_SSL) -@@ -1151,13 +1149,6 @@ ngx_http_lua_socket_tcp_connect(lua_State *L) - } - - --static void --ngx_http_lua_socket_empty_resolve_handler(ngx_resolver_ctx_t *ctx) --{ -- /* do nothing */ --} -- -- - static void - ngx_http_lua_socket_resolve_handler(ngx_resolver_ctx_t *ctx) - { -@@ -6084,10 +6075,8 @@ ngx_http_lua_tcp_resolve_cleanup(void *data) - return; - } - -- /* just to be safer */ -- rctx->handler = ngx_http_lua_socket_empty_resolve_handler; -- -- ngx_resolve_name_done(rctx); -+ /* postpone free the rctx in the handler */ -+ rctx->handler = ngx_resolve_name_done; - } - - --- -2.32.0 (Apple Git-132) - - -From 59d39ca2f0963695052c2593f957053f1a1779a2 Mon Sep 17 00:00:00 2001 -From: Josh Soref <2119212+jsoref@users.noreply.github.com> -Date: Mon, 25 Oct 2021 03:07:01 -0400 -Subject: [PATCH 02/17] doc: fixed spelling errors in the docs and code. - (#1947) - ---- - src/ngx_http_lua_socket_tcp.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c b/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -index b7c3bdd4..ace18a0f 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -@@ -3112,7 +3112,7 @@ ngx_http_lua_socket_tcp_settimeout(lua_State *L) - n = lua_gettop(L); - - if (n != 2) { -- return luaL_error(L, "ngx.socket settimout: expecting 2 arguments " -+ return luaL_error(L, "ngx.socket settimeout: expecting 2 arguments " - "(including the object) but seen %d", lua_gettop(L)); - } - -@@ -3159,7 +3159,7 @@ ngx_http_lua_socket_tcp_settimeouts(lua_State *L) - n = lua_gettop(L); - - if (n != 4) { -- return luaL_error(L, "ngx.socket settimout: expecting 4 arguments " -+ return luaL_error(L, "ngx.socket settimeout: expecting 4 arguments " - "(including the object) but seen %d", lua_gettop(L)); - } - --- -2.32.0 (Apple Git-132) - - -From 617cb5dadc14dddb4796d4fff8821dae325f4229 Mon Sep 17 00:00:00 2001 -From: Sharp Liu -Date: Tue, 26 Oct 2021 17:53:54 +0800 -Subject: [PATCH 03/17] style: removed extra space. (#1952) - ---- - src/ngx_http_lua_socket_tcp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c b/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -index ace18a0f..26467fdd 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -@@ -2825,7 +2825,7 @@ ngx_http_lua_socket_tcp_send(lua_State *L) - - switch (type) { - case LUA_TNUMBER: -- b->last = ngx_http_lua_write_num(L, 2, b->last); -+ b->last = ngx_http_lua_write_num(L, 2, b->last); - break; - - case LUA_TSTRING: --- -2.32.0 (Apple Git-132) - - -From 287d58810c450f912a8d31a94a1c86ccc039c0e1 Mon Sep 17 00:00:00 2001 -From: Datong Sun -Date: Wed, 18 Sep 2019 16:39:05 -0700 -Subject: [PATCH 04/17] cosocket: add function `tcpsock:tlshandshake`, retired - the Lua C API based `tcpsock:sslhandshake` implementation. - ---- - src/ngx_http_lua_socket_tcp.c | 387 +++++++++++++++------------------- - src/ngx_http_lua_socket_tcp.h | 3 + - 2 files changed, 177 insertions(+), 213 deletions(-) - -diff --git a/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c b/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -index 26467fdd..4ef22c11 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -@@ -23,6 +23,9 @@ static int ngx_http_lua_socket_tcp(lua_State *L); - static int ngx_http_lua_socket_tcp_connect(lua_State *L); - #if (NGX_HTTP_SSL) - static int ngx_http_lua_socket_tcp_sslhandshake(lua_State *L); -+static void ngx_http_lua_tls_handshake_handler(ngx_connection_t *c); -+static int ngx_http_lua_tls_handshake_retval_handler(ngx_http_request_t *r, -+ ngx_http_lua_socket_tcp_upstream_t *u, lua_State *L); - #endif - static int ngx_http_lua_socket_tcp_receive(lua_State *L); - static int ngx_http_lua_socket_tcp_receiveany(lua_State *L); -@@ -149,12 +152,6 @@ static void ngx_http_lua_socket_shutdown_pool_helper( - ngx_http_lua_socket_pool_t *spool); - static int ngx_http_lua_socket_prepare_error_retvals(ngx_http_request_t *r, - ngx_http_lua_socket_tcp_upstream_t *u, lua_State *L, ngx_uint_t ft_type); --#if (NGX_HTTP_SSL) --static int ngx_http_lua_ssl_handshake_retval_handler(ngx_http_request_t *r, -- ngx_http_lua_socket_tcp_upstream_t *u, lua_State *L); --static void ngx_http_lua_ssl_handshake_handler(ngx_connection_t *c); --static int ngx_http_lua_ssl_free_session(lua_State *L); --#endif - static void ngx_http_lua_socket_tcp_close_connection(ngx_connection_t *c); - - -@@ -324,13 +321,6 @@ ngx_http_lua_inject_socket_tcp_api(ngx_log_t *log, lua_State *L) - lua_pushcfunction(L, ngx_http_lua_socket_tcp_connect); - lua_setfield(L, -2, "connect"); - --#if (NGX_HTTP_SSL) -- -- lua_pushcfunction(L, ngx_http_lua_socket_tcp_sslhandshake); -- lua_setfield(L, -2, "sslhandshake"); -- --#endif -- - lua_pushcfunction(L, ngx_http_lua_socket_tcp_receive); - lua_setfield(L, -2, "receive"); - -@@ -404,19 +394,6 @@ ngx_http_lua_inject_socket_tcp_api(ngx_log_t *log, lua_State *L) - lua_setfield(L, -2, "__gc"); - lua_rawset(L, LUA_REGISTRYINDEX); - /* }}} */ -- --#if (NGX_HTTP_SSL) -- -- /* {{{ssl session userdata metatable */ -- lua_pushlightuserdata(L, ngx_http_lua_lightudata_mask( -- ssl_session_metatable_key)); -- lua_createtable(L, 0 /* narr */, 1 /* nrec */); /* metatable */ -- lua_pushcfunction(L, ngx_http_lua_ssl_free_session); -- lua_setfield(L, -2, "__gc"); -- lua_rawset(L, LUA_REGISTRYINDEX); -- /* }}} */ -- --#endif - } - - -@@ -1559,64 +1536,69 @@ ngx_http_lua_socket_conn_error_retval_handler(ngx_http_request_t *r, - - #if (NGX_HTTP_SSL) - --static int --ngx_http_lua_socket_tcp_sslhandshake(lua_State *L) -+static const char * -+ngx_http_lua_socket_tcp_check_busy(ngx_http_request_t *r, -+ ngx_http_lua_socket_tcp_upstream_t *u, unsigned int ops) - { -- int n, top; -- ngx_int_t rc; -- ngx_str_t name = ngx_null_string; -- ngx_connection_t *c; -- ngx_ssl_session_t **psession; -- ngx_http_request_t *r; -- ngx_http_lua_ctx_t *ctx; -- ngx_http_lua_co_ctx_t *coctx; -- -- ngx_http_lua_socket_tcp_upstream_t *u; -- -- /* Lua function arguments: self [,session] [,host] [,verify] -- [,send_status_req] */ -+ if (ops & SOCKET_OP_CONNECT && u->conn_waiting) { -+ return "socket busy connecting"; -+ } - -- n = lua_gettop(L); -- if (n < 1 || n > 5) { -- return luaL_error(L, "ngx.socket sslhandshake: expecting 1 ~ 5 " -- "arguments (including the object), but seen %d", n); -+ if (ops & SOCKET_OP_READ && u->read_waiting) { -+ return "socket busy reading"; - } - -- r = ngx_http_lua_get_req(L); -- if (r == NULL) { -- return luaL_error(L, "no request found"); -+ if (ops & SOCKET_OP_WRITE -+ && (u->write_waiting -+ || (u->raw_downstream -+ && (r->connection->buffered & NGX_HTTP_LOWLEVEL_BUFFERED)))) -+ { -+ return "socket busy writing"; - } - -- ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, -- "lua tcp socket ssl handshake"); -+ return NULL; -+} - -- luaL_checktype(L, 1, LUA_TTABLE); -+int -+ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, -+ ngx_http_lua_socket_tcp_upstream_t *u, ngx_ssl_session_t *sess, -+ int enable_session_reuse, ngx_str_t *server_name, int verify, -+ int ocsp_status_req, const char **errmsg) -+{ -+ ngx_int_t rc; -+ ngx_connection_t *c; -+ ngx_http_lua_ctx_t *ctx; -+ ngx_http_lua_co_ctx_t *coctx; -+ const char *busy_rc; - -- lua_rawgeti(L, 1, SOCKET_CTX_INDEX); -- u = lua_touserdata(L, -1); -+ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, -+ "lua tcp socket tls handshake"); - - if (u == NULL - || u->peer.connection == NULL - || u->read_closed - || u->write_closed) - { -- lua_pushnil(L); -- lua_pushliteral(L, "closed"); -- return 2; -+ *errmsg = "closed"; -+ return NGX_ERROR; - } - - if (u->request != r) { -- return luaL_error(L, "bad request"); -+ *errmsg = "bad request"; -+ return NGX_ERROR; - } - -- ngx_http_lua_socket_check_busy_connecting(r, u, L); -- ngx_http_lua_socket_check_busy_reading(r, u, L); -- ngx_http_lua_socket_check_busy_writing(r, u, L); -+ busy_rc = ngx_http_lua_socket_tcp_check_busy(r, u, SOCKET_OP_CONNECT -+ | SOCKET_OP_READ -+ | SOCKET_OP_WRITE); -+ if (busy_rc != NULL) { -+ *errmsg = busy_rc; -+ return NGX_ERROR; -+ } - - if (u->raw_downstream || u->body_downstream) { -- lua_pushnil(L); -- lua_pushliteral(L, "not supported for downstream"); -- return 2; -+ *errmsg = "not supported for downstream"; -+ return NGX_ERROR; - } - - c = u->peer.connection; -@@ -1624,122 +1606,96 @@ ngx_http_lua_socket_tcp_sslhandshake(lua_State *L) - u->ssl_session_reuse = 1; - - if (c->ssl && c->ssl->handshaked) { -- switch (lua_type(L, 2)) { -- case LUA_TUSERDATA: -- lua_pushvalue(L, 2); -- break; -+ if (sess != NULL) { -+ return NGX_DONE; -+ } - -- case LUA_TBOOLEAN: -- if (!lua_toboolean(L, 2)) { -- /* avoid generating the ssl session */ -- lua_pushboolean(L, 1); -- break; -- } -- /* fall through */ -+ u->ssl_session_reuse = enable_session_reuse; - -- default: -- ngx_http_lua_ssl_handshake_retval_handler(r, u, L); -- break; -- } -+ (void) ngx_http_lua_tls_handshake_retval_handler(r, u, NULL); - -- return 1; -+ return NGX_OK; - } - - if (ngx_ssl_create_connection(u->conf->ssl, c, - NGX_SSL_BUFFER|NGX_SSL_CLIENT) - != NGX_OK) - { -- lua_pushnil(L); -- lua_pushliteral(L, "failed to create ssl connection"); -- return 2; -+ *errmsg = "failed to create ssl connection"; -+ return NGX_ERROR; - } - - ctx = ngx_http_get_module_ctx(r, ngx_http_lua_module); - if (ctx == NULL) { -- return luaL_error(L, "no ctx found"); -+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, -+ "no ngx_lua ctx found while TLS handshaking"); -+ -+ ngx_http_lua_assert(NULL); -+ -+ *errmsg = "no ctx found"; -+ return NGX_ERROR; - } - - coctx = ctx->cur_co_ctx; - - c->sendfile = 0; - -- if (n >= 2) { -- if (lua_type(L, 2) == LUA_TBOOLEAN) { -- u->ssl_session_reuse = lua_toboolean(L, 2); -- -- } else { -- psession = lua_touserdata(L, 2); -- -- if (psession != NULL && *psession != NULL) { -- if (ngx_ssl_set_session(c, *psession) != NGX_OK) { -- lua_pushnil(L); -- lua_pushliteral(L, "lua ssl set session failed"); -- return 2; -- } -- -- ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, -- "lua ssl set session: %p", *psession); -- } -+ if (sess != NULL) { -+ if (ngx_ssl_set_session(c, sess) != NGX_OK) { -+ *errmsg = "lua tls set session failed"; -+ return NGX_ERROR; - } - -- if (n >= 3) { -- name.data = (u_char *) lua_tolstring(L, 3, &name.len); -+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, -+ "lua tls set session: %p", sess); - -- if (name.data) { -- ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, -- "lua ssl server name: \"%*s\"", name.len, -- name.data); -+ } else { -+ u->ssl_session_reuse = enable_session_reuse; -+ } - --#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME -+ if (server_name != NULL && server_name->data != NULL) { -+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, -+ "lua tls server name: \"%V\"", server_name); - -- if (SSL_set_tlsext_host_name(c->ssl->connection, -- (char *) name.data) -- == 0) -- { -- lua_pushnil(L); -- lua_pushliteral(L, "SSL_set_tlsext_host_name failed"); -- return 2; -- } -+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME -+ if (SSL_set_tlsext_host_name(c->ssl->connection, -+ (char *) server_name->data) -+ == 0) -+ { -+ *errmsg = "SSL_set_tlsext_host_name failed"; -+ return NGX_ERROR; -+ } - - #else -- -- ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, -- "lua socket SNI disabled because the current " -- "version of OpenSSL lacks the support"); -- -+ *errmsg = "OpenSSL has no SNI support"; -+ return NGX_ERROR; - #endif -- } -+ } - -- if (n >= 4) { -- u->ssl_verify = lua_toboolean(L, 4); -+ u->ssl_verify = verify; - -- if (n >= 5) { -- if (lua_toboolean(L, 5)) { -+ if (ocsp_status_req) { - #ifdef NGX_HTTP_LUA_USE_OCSP -- SSL_set_tlsext_status_type(c->ssl->connection, -- TLSEXT_STATUSTYPE_ocsp); -+ SSL_set_tlsext_status_type(c->ssl->connection, -+ TLSEXT_STATUSTYPE_ocsp); -+ - #else -- return luaL_error(L, "no OCSP support"); -+ *errmsg = "no OCSP support"; -+ return NGX_ERROR; - #endif -- } -- } -- } -- } - } - -- dd("found sni name: %.*s %p", (int) name.len, name.data, name.data); -- -- if (name.len == 0) { -+ if (server_name->len == 0) { - u->ssl_name.len = 0; - - } else { - if (u->ssl_name.data) { - /* buffer already allocated */ - -- if (u->ssl_name.len >= name.len) { -+ if (u->ssl_name.len >= server_name->len) { - /* reuse it */ -- ngx_memcpy(u->ssl_name.data, name.data, name.len); -- u->ssl_name.len = name.len; -+ ngx_memcpy(u->ssl_name.data, server_name->data, server_name->len); -+ u->ssl_name.len = server_name->len; - - } else { - ngx_free(u->ssl_name.data); -@@ -1750,17 +1706,16 @@ ngx_http_lua_socket_tcp_sslhandshake(lua_State *L) - - new_ssl_name: - -- u->ssl_name.data = ngx_alloc(name.len, ngx_cycle->log); -+ u->ssl_name.data = ngx_alloc(server_name->len, ngx_cycle->log); - if (u->ssl_name.data == NULL) { - u->ssl_name.len = 0; - -- lua_pushnil(L); -- lua_pushliteral(L, "no memory"); -- return 2; -+ *errmsg = "no memory"; -+ return NGX_ERROR; - } - -- ngx_memcpy(u->ssl_name.data, name.data, name.len); -- u->ssl_name.len = name.len; -+ ngx_memcpy(u->ssl_name.data, server_name->data, server_name->len); -+ u->ssl_name.len = server_name->len; - } - } - -@@ -1774,7 +1729,8 @@ new_ssl_name: - - rc = ngx_ssl_handshake(c); - -- dd("ngx_ssl_handshake returned %d", (int) rc); -+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, -+ "ngx_ssl_handshake returned %d", rc); - - if (rc == NGX_AGAIN) { - if (c->write->timer_set) { -@@ -1784,13 +1740,13 @@ new_ssl_name: - ngx_add_timer(c->read, u->connect_timeout); - - u->conn_waiting = 1; -- u->write_prepare_retvals = ngx_http_lua_ssl_handshake_retval_handler; -+ u->write_prepare_retvals = ngx_http_lua_tls_handshake_retval_handler; - - ngx_http_lua_cleanup_pending_operation(coctx); - coctx->cleanup = ngx_http_lua_coctx_cleanup; - coctx->data = u; - -- c->ssl->handler = ngx_http_lua_ssl_handshake_handler; -+ c->ssl->handler = ngx_http_lua_tls_handshake_handler; - - if (ctx->entered_content_phase) { - r->write_event_handler = ngx_http_lua_content_wev_handler; -@@ -1799,21 +1755,25 @@ new_ssl_name: - r->write_event_handler = ngx_http_core_run_phases; - } - -- return lua_yield(L, 0); -+ return NGX_AGAIN; -+ } -+ -+ ngx_http_lua_tls_handshake_handler(c); -+ -+ if (rc == NGX_ERROR) { -+ *errmsg = u->error_ret; -+ -+ return NGX_ERROR; - } - -- top = lua_gettop(L); -- ngx_http_lua_ssl_handshake_handler(c); -- return lua_gettop(L) - top; -+ return NGX_OK; - } - - - static void --ngx_http_lua_ssl_handshake_handler(ngx_connection_t *c) -+ngx_http_lua_tls_handshake_handler(ngx_connection_t *c) - { -- const char *err; - int waiting; -- lua_State *L; - ngx_int_t rc; - ngx_connection_t *dc; /* downstream connection */ - ngx_http_request_t *r; -@@ -1836,11 +1796,9 @@ ngx_http_lua_ssl_handshake_handler(ngx_connection_t *c) - waiting = u->conn_waiting; - - dc = r->connection; -- L = u->write_co_ctx->co; - - if (c->read->timedout) { -- lua_pushnil(L); -- lua_pushliteral(L, "timeout"); -+ u->error_ret = "timeout"; - goto failed; - } - -@@ -1849,19 +1807,18 @@ ngx_http_lua_ssl_handshake_handler(ngx_connection_t *c) - } - - if (c->ssl->handshaked) { -- - if (u->ssl_verify) { - rc = SSL_get_verify_result(c->ssl->connection); - - if (rc != X509_V_OK) { -- lua_pushnil(L); -- err = lua_pushfstring(L, "%d: %s", (int) rc, -- X509_verify_cert_error_string(rc)); -+ u->error_ret = X509_verify_cert_error_string(rc); -+ u->openssl_error_code_ret = rc; - - llcf = ngx_http_get_module_loc_conf(r, ngx_http_lua_module); - if (llcf->log_socket_errors) { -- ngx_log_error(NGX_LOG_ERR, dc->log, 0, "lua ssl " -- "certificate verify error: (%s)", err); -+ ngx_log_error(NGX_LOG_ERR, dc->log, 0, "lua tls " -+ "certificate verify error: (%d: %s)", -+ rc, u->error_ret); - } - - goto failed; -@@ -1872,12 +1829,11 @@ ngx_http_lua_ssl_handshake_handler(ngx_connection_t *c) - if (u->ssl_name.len - && ngx_ssl_check_host(c, &u->ssl_name) != NGX_OK) - { -- lua_pushnil(L); -- lua_pushliteral(L, "certificate host mismatch"); -+ u->error_ret = "certificate host mismatch"; - - llcf = ngx_http_get_module_loc_conf(r, ngx_http_lua_module); - if (llcf->log_socket_errors) { -- ngx_log_error(NGX_LOG_ERR, dc->log, 0, "lua ssl " -+ ngx_log_error(NGX_LOG_ERR, dc->log, 0, "lua tls " - "certificate does not match host \"%V\"", - &u->ssl_name); - } -@@ -1892,7 +1848,7 @@ ngx_http_lua_ssl_handshake_handler(ngx_connection_t *c) - ngx_http_lua_socket_handle_conn_success(r, u); - - } else { -- (void) ngx_http_lua_ssl_handshake_retval_handler(r, u, L); -+ (void) ngx_http_lua_tls_handshake_retval_handler(r, u, NULL); - } - - if (waiting) { -@@ -1902,60 +1858,84 @@ ngx_http_lua_ssl_handshake_handler(ngx_connection_t *c) - return; - } - -- lua_pushnil(L); -- lua_pushliteral(L, "handshake failed"); -+ u->error_ret = "handshake failed"; - - failed: - - if (waiting) { - u->write_prepare_retvals = -- ngx_http_lua_socket_conn_error_retval_handler; -- ngx_http_lua_socket_handle_conn_error(r, u, -- NGX_HTTP_LUA_SOCKET_FT_SSL); -+ ngx_http_lua_socket_conn_error_retval_handler; -+ ngx_http_lua_socket_handle_conn_error(r, u, NGX_HTTP_LUA_SOCKET_FT_SSL); - ngx_http_run_posted_requests(dc); - - } else { -- (void) ngx_http_lua_socket_conn_error_retval_handler(r, u, L); -+ u->ft_type |= NGX_HTTP_LUA_SOCKET_FT_SSL; -+ -+ (void) ngx_http_lua_socket_conn_error_retval_handler(r, u, NULL); -+ } -+} -+ -+ -+ -+int -+ngx_http_lua_ffi_socket_tcp_get_tlshandshake_result(ngx_http_request_t *r, -+ ngx_http_lua_socket_tcp_upstream_t *u, ngx_ssl_session_t **sess, -+ const char **errmsg, int *openssl_error_code) -+{ -+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, -+ "lua cosocket get TLS handshake result for upstream: %p", u); -+ -+ if (u->error_ret != NULL) { -+ *errmsg = u->error_ret; -+ *openssl_error_code = u->openssl_error_code_ret; -+ -+ return NGX_ERROR; - } -+ -+ *sess = u->ssl_session_ret; -+ -+ return NGX_OK; - } - - - static int --ngx_http_lua_ssl_handshake_retval_handler(ngx_http_request_t *r, -+ngx_http_lua_tls_handshake_retval_handler(ngx_http_request_t *r, - ngx_http_lua_socket_tcp_upstream_t *u, lua_State *L) - { - ngx_connection_t *c; -- ngx_ssl_session_t *ssl_session, **ud; -+ ngx_ssl_session_t *ssl_session; - - if (!u->ssl_session_reuse) { -- lua_pushboolean(L, 1); -- return 1; -+ return 0; - } - -- ud = lua_newuserdata(L, sizeof(ngx_ssl_session_t *)); -- - c = u->peer.connection; - - ssl_session = ngx_ssl_get_session(c); - if (ssl_session == NULL) { -- *ud = NULL; -+ u->ssl_session_ret = NULL; - - } else { -- *ud = ssl_session; -+ u->ssl_session_ret = ssl_session; - - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, -- "lua ssl save session: %p", ssl_session); -- -- /* set up the __gc metamethod */ -- lua_pushlightuserdata(L, ngx_http_lua_lightudata_mask( -- ssl_session_metatable_key)); -- lua_rawget(L, LUA_REGISTRYINDEX); -- lua_setmetatable(L, -2); -+ "lua tls save session: %p", ssl_session); - } - -- return 1; -+ return 0; -+} -+ -+ -+void -+ngx_http_lua_ffi_tls_free_session(ngx_ssl_session_t *sess) -+{ -+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, ngx_cycle->log, 0, -+ "lua tls free session: %p", sess); -+ -+ ngx_ssl_free_session(sess); - } - -+ - #endif /* NGX_HTTP_SSL */ - - -@@ -2008,12 +1988,14 @@ ngx_http_lua_socket_prepare_error_retvals(ngx_http_request_t *r, - u_char errstr[NGX_MAX_ERROR_STR]; - u_char *p; - -- if (ft_type & (NGX_HTTP_LUA_SOCKET_FT_RESOLVER -- | NGX_HTTP_LUA_SOCKET_FT_SSL)) -- { -+ if (ft_type & NGX_HTTP_LUA_SOCKET_FT_RESOLVER) { - return 2; - } - -+ if (ft_type & NGX_HTTP_LUA_SOCKET_FT_SSL) { -+ return 0; -+ } -+ - lua_pushnil(L); - - if (ft_type & NGX_HTTP_LUA_SOCKET_FT_TIMEOUT) { -@@ -6101,27 +6083,6 @@ ngx_http_lua_coctx_cleanup(void *data) - } - - --#if (NGX_HTTP_SSL) -- --static int --ngx_http_lua_ssl_free_session(lua_State *L) --{ -- ngx_ssl_session_t **psession; -- -- psession = lua_touserdata(L, 1); -- if (psession && *psession != NULL) { -- ngx_log_debug1(NGX_LOG_DEBUG_HTTP, ngx_cycle->log, 0, -- "lua ssl free session: %p", *psession); -- -- ngx_ssl_free_session(*psession); -- } -- -- return 0; --} -- --#endif /* NGX_HTTP_SSL */ -- -- - void - ngx_http_lua_cleanup_conn_pools(lua_State *L) - { -diff --git a/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.h b/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.h -index a0a5a518..ee9411bc 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.h -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.h -@@ -120,6 +120,9 @@ struct ngx_http_lua_socket_tcp_upstream_s { - - #if (NGX_HTTP_SSL) - ngx_str_t ssl_name; -+ ngx_ssl_session_t *ssl_session_ret; -+ const char *error_ret; -+ int openssl_error_code_ret; - #endif - - unsigned ft_type:16; --- -2.32.0 (Apple Git-132) - - -From f5ba21d6f742e6b169d972a81b6124b27c076016 Mon Sep 17 00:00:00 2001 -From: Datong Sun -Date: Wed, 18 Sep 2019 16:54:32 -0700 -Subject: [PATCH 05/17] change: better error when request context couldn't be - found. - ---- - src/ngx_http_lua_socket_tcp.c | 8 +------- - 1 file changed, 1 insertion(+), 7 deletions(-) - -diff --git a/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c b/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -index 4ef22c11..abd487fa 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -@@ -1627,13 +1627,7 @@ ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - - ctx = ngx_http_get_module_ctx(r, ngx_http_lua_module); - if (ctx == NULL) { -- ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, -- "no ngx_lua ctx found while TLS handshaking"); -- -- ngx_http_lua_assert(NULL); -- -- *errmsg = "no ctx found"; -- return NGX_ERROR; -+ return NGX_HTTP_LUA_FFI_NO_REQ_CTX; - } - - coctx = ctx->cur_co_ctx; --- -2.32.0 (Apple Git-132) - - -From 78a450d571febf7ba918ecc13369144925d02bcb Mon Sep 17 00:00:00 2001 -From: Datong Sun -Date: Wed, 18 Sep 2019 17:24:07 -0700 -Subject: [PATCH 06/17] feature: TCP cosocket client certificate support. - closes #534 - ---- - src/ngx_http_lua_socket_tcp.c | 60 +++++++++++++++++++++++++++++++---- - 1 file changed, 54 insertions(+), 6 deletions(-) - -diff --git a/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c b/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -index abd487fa..61671b70 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -@@ -22,7 +22,6 @@ - static int ngx_http_lua_socket_tcp(lua_State *L); - static int ngx_http_lua_socket_tcp_connect(lua_State *L); - #if (NGX_HTTP_SSL) --static int ngx_http_lua_socket_tcp_sslhandshake(lua_State *L); - static void ngx_http_lua_tls_handshake_handler(ngx_connection_t *c); - static int ngx_http_lua_tls_handshake_retval_handler(ngx_http_request_t *r, - ngx_http_lua_socket_tcp_upstream_t *u, lua_State *L); -@@ -219,9 +218,6 @@ static char ngx_http_lua_upstream_udata_metatable_key; - static char ngx_http_lua_downstream_udata_metatable_key; - static char ngx_http_lua_pool_udata_metatable_key; - static char ngx_http_lua_pattern_udata_metatable_key; --#if (NGX_HTTP_SSL) --static char ngx_http_lua_ssl_session_metatable_key; --#endif - - - #define ngx_http_lua_tcp_socket_metatable_literal_key "__tcp_cosocket_mt" -@@ -1563,13 +1559,16 @@ int - ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - ngx_http_lua_socket_tcp_upstream_t *u, ngx_ssl_session_t *sess, - int enable_session_reuse, ngx_str_t *server_name, int verify, -- int ocsp_status_req, const char **errmsg) -+ int ocsp_status_req, STACK_OF(X509) *chain, EVP_PKEY *pkey, -+ const char **errmsg) - { -- ngx_int_t rc; -+ ngx_int_t rc, i; - ngx_connection_t *c; - ngx_http_lua_ctx_t *ctx; - ngx_http_lua_co_ctx_t *coctx; - const char *busy_rc; -+ ngx_ssl_conn_t *ssl_conn; -+ X509 *x509; - - ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, - "lua tcp socket tls handshake"); -@@ -1625,6 +1624,8 @@ ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - return NGX_ERROR; - } - -+ ssl_conn = c->ssl->connection; -+ - ctx = ngx_http_get_module_ctx(r, ngx_http_lua_module); - if (ctx == NULL) { - return NGX_HTTP_LUA_FFI_NO_REQ_CTX; -@@ -1647,6 +1648,53 @@ ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - u->ssl_session_reuse = enable_session_reuse; - } - -+ if (chain != NULL) { -+ ngx_http_lua_assert(pkey != NULL); /* ensured by resty.core */ -+ -+ if (sk_X509_num(chain) < 1) { -+ ERR_clear_error(); -+ *errmsg = "invalid client certificate chain"; -+ return NGX_ERROR; -+ } -+ -+ x509 = sk_X509_value(chain, 0); -+ if (x509 == NULL) { -+ ERR_clear_error(); -+ *errmsg = "lua tls fetch client certificate from chain failed"; -+ return NGX_ERROR; -+ } -+ -+ if (SSL_use_certificate(ssl_conn, x509) == 0) { -+ ERR_clear_error(); -+ *errmsg = "lua tls set client certificate failed"; -+ return NGX_ERROR; -+ } -+ -+ /* read rest of the chain */ -+ -+ for (i = 1; i < sk_X509_num(chain); i++) { -+ x509 = sk_X509_value(chain, i); -+ if (x509 == NULL) { -+ ERR_clear_error(); -+ *errmsg = "lua tls fetch client intermediate certificate " -+ "from chain failed"; -+ return NGX_ERROR; -+ } -+ -+ if (SSL_add1_chain_cert(ssl_conn, x509) == 0) { -+ ERR_clear_error(); -+ *errmsg = "lua tls set client intermediate certificate failed"; -+ return NGX_ERROR; -+ } -+ } -+ -+ if (SSL_use_PrivateKey(ssl_conn, pkey) == 0) { -+ ERR_clear_error(); -+ *errmsg = "lua ssl set client private key failed"; -+ return NGX_ERROR; -+ } -+ } -+ - if (server_name != NULL && server_name->data != NULL) { - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, - "lua tls server name: \"%V\"", server_name); --- -2.32.0 (Apple Git-132) - - -From 6cc0c89e946ef42adfbc55e8a461ccc2f367254a Mon Sep 17 00:00:00 2001 -From: Datong Sun -Date: Wed, 18 Sep 2019 17:25:20 -0700 -Subject: [PATCH 07/17] style: style fixes. - ---- - src/ngx_http_lua_socket_tcp.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c b/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -index 61671b70..a7d410c9 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -@@ -1736,7 +1736,8 @@ ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - - if (u->ssl_name.len >= server_name->len) { - /* reuse it */ -- ngx_memcpy(u->ssl_name.data, server_name->data, server_name->len); -+ ngx_memcpy(u->ssl_name.data, server_name->data, -+ server_name->len); - u->ssl_name.len = server_name->len; - - } else { --- -2.32.0 (Apple Git-132) - - -From 21cd7779252732a02fa0e596b66a1d4663d2fd64 Mon Sep 17 00:00:00 2001 -From: Thibault Charbonnier -Date: Mon, 6 Jan 2020 17:56:10 -0800 -Subject: [PATCH 08/17] cleanup - ---- - src/ngx_http_lua_socket_tcp.c | 24 +++++++++++------------- - 1 file changed, 11 insertions(+), 13 deletions(-) - -diff --git a/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c b/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -index a7d410c9..bd7cc7ca 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -@@ -1555,6 +1555,7 @@ ngx_http_lua_socket_tcp_check_busy(ngx_http_request_t *r, - return NULL; - } - -+ - int - ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - ngx_http_lua_socket_tcp_upstream_t *u, ngx_ssl_session_t *sess, -@@ -1596,7 +1597,7 @@ ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - } - - if (u->raw_downstream || u->body_downstream) { -- *errmsg = "not supported for downstream"; -+ *errmsg = "not supported for downstream sockets"; - return NGX_ERROR; - } - -@@ -1637,7 +1638,7 @@ ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - - if (sess != NULL) { - if (ngx_ssl_set_session(c, sess) != NGX_OK) { -- *errmsg = "lua tls set session failed"; -+ *errmsg = "tls set session failed"; - return NGX_ERROR; - } - -@@ -1660,13 +1661,13 @@ ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - x509 = sk_X509_value(chain, 0); - if (x509 == NULL) { - ERR_clear_error(); -- *errmsg = "lua tls fetch client certificate from chain failed"; -+ *errmsg = "tls fetch client certificate from chain failed"; - return NGX_ERROR; - } - - if (SSL_use_certificate(ssl_conn, x509) == 0) { - ERR_clear_error(); -- *errmsg = "lua tls set client certificate failed"; -+ *errmsg = "tls set client certificate failed"; - return NGX_ERROR; - } - -@@ -1676,21 +1677,21 @@ ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - x509 = sk_X509_value(chain, i); - if (x509 == NULL) { - ERR_clear_error(); -- *errmsg = "lua tls fetch client intermediate certificate " -- "from chain failed"; -+ *errmsg = "tls fetch client intermediate certificate from " -+ "chain failed"; - return NGX_ERROR; - } - - if (SSL_add1_chain_cert(ssl_conn, x509) == 0) { - ERR_clear_error(); -- *errmsg = "lua tls set client intermediate certificate failed"; -+ *errmsg = "tls set client intermediate certificate failed"; - return NGX_ERROR; - } - } - - if (SSL_use_PrivateKey(ssl_conn, pkey) == 0) { - ERR_clear_error(); -- *errmsg = "lua ssl set client private key failed"; -+ *errmsg = "tls set client private key failed"; - return NGX_ERROR; - } - } -@@ -1709,7 +1710,7 @@ ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - } - - #else -- *errmsg = "OpenSSL has no SNI support"; -+ *errmsg = "no TLS extension support"; - return NGX_ERROR; - #endif - } -@@ -1752,7 +1753,6 @@ new_ssl_name: - u->ssl_name.data = ngx_alloc(server_name->len, ngx_cycle->log); - if (u->ssl_name.data == NULL) { - u->ssl_name.len = 0; -- - *errmsg = "no memory"; - return NGX_ERROR; - } -@@ -1773,7 +1773,7 @@ new_ssl_name: - rc = ngx_ssl_handshake(c); - - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, -- "ngx_ssl_handshake returned %d", rc); -+ "ngx_ssl_handshake returned: %d", rc); - - if (rc == NGX_AGAIN) { - if (c->write->timer_set) { -@@ -1805,7 +1805,6 @@ new_ssl_name: - - if (rc == NGX_ERROR) { - *errmsg = u->error_ret; -- - return NGX_ERROR; - } - -@@ -1919,7 +1918,6 @@ failed: - } - - -- - int - ngx_http_lua_ffi_socket_tcp_get_tlshandshake_result(ngx_http_request_t *r, - ngx_http_lua_socket_tcp_upstream_t *u, ngx_ssl_session_t **sess, --- -2.32.0 (Apple Git-132) - - -From 0bcf4d1a955db9218e8b0e50685c1d0de8c90b9a Mon Sep 17 00:00:00 2001 -From: Datong Sun -Date: Tue, 24 Nov 2020 01:49:28 -0800 -Subject: [PATCH 09/17] fixed style according to @spacewander's review - ---- - src/ngx_http_lua_socket_tcp.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c b/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -index bd7cc7ca..1aa37627 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -@@ -1536,15 +1536,15 @@ static const char * - ngx_http_lua_socket_tcp_check_busy(ngx_http_request_t *r, - ngx_http_lua_socket_tcp_upstream_t *u, unsigned int ops) - { -- if (ops & SOCKET_OP_CONNECT && u->conn_waiting) { -+ if ((ops & SOCKET_OP_CONNECT) && u->conn_waiting) { - return "socket busy connecting"; - } - -- if (ops & SOCKET_OP_READ && u->read_waiting) { -+ if ((ops & SOCKET_OP_READ) && u->read_waiting) { - return "socket busy reading"; - } - -- if (ops & SOCKET_OP_WRITE -+ if ((ops & SOCKET_OP_WRITE) - && (u->write_waiting - || (u->raw_downstream - && (r->connection->buffered & NGX_HTTP_LOWLEVEL_BUFFERED)))) --- -2.32.0 (Apple Git-132) - - -From 9b010940f77bbd486c1192eed23af7c35baf4cdb Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Fri, 21 Jan 2022 13:42:06 +0800 -Subject: [PATCH 10/17] resize tcp_socket_metatable to 7 - ---- - src/ngx_http_lua_socket_tcp.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c b/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -index 1aa37627..7cdc45c4 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -@@ -160,6 +160,8 @@ enum { - SOCKET_CONNECT_TIMEOUT_INDEX = 2, - SOCKET_SEND_TIMEOUT_INDEX = 4, - SOCKET_READ_TIMEOUT_INDEX = 5, -+ SOCKET_CLIENT_CERT_INDEX = 6, -+ SOCKET_CLIENT_KEY_INDEX = 7, - }; - - -@@ -424,7 +426,7 @@ ngx_http_lua_socket_tcp(lua_State *L) - - ngx_http_lua_check_context(L, ctx, NGX_HTTP_LUA_CONTEXT_YIELDABLE); - -- lua_createtable(L, 5 /* narr */, 1 /* nrec */); -+ lua_createtable(L, 7 /* narr */, 1 /* nrec */); - lua_pushlightuserdata(L, ngx_http_lua_lightudata_mask( - tcp_socket_metatable_key)); - lua_rawget(L, LUA_REGISTRYINDEX); --- -2.32.0 (Apple Git-132) - - -From 36245613be1031b22b0e6b2eec398dac288fe9a5 Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Fri, 21 Jan 2022 14:12:13 +0800 -Subject: [PATCH 11/17] change errms tls to ssl - ---- - src/ngx_http_lua_socket_tcp.c | 24 ++++++++++++------------ - 1 file changed, 12 insertions(+), 12 deletions(-) - -diff --git a/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c b/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -index 7cdc45c4..af986364 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -@@ -1574,7 +1574,7 @@ ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - X509 *x509; - - ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, -- "lua tcp socket tls handshake"); -+ "lua tcp socket ssl handshake"); - - if (u == NULL - || u->peer.connection == NULL -@@ -1640,12 +1640,12 @@ ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - - if (sess != NULL) { - if (ngx_ssl_set_session(c, sess) != NGX_OK) { -- *errmsg = "tls set session failed"; -+ *errmsg = "ssl set session failed"; - return NGX_ERROR; - } - - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, -- "lua tls set session: %p", sess); -+ "lua ssl set session: %p", sess); - - } else { - u->ssl_session_reuse = enable_session_reuse; -@@ -1663,13 +1663,13 @@ ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - x509 = sk_X509_value(chain, 0); - if (x509 == NULL) { - ERR_clear_error(); -- *errmsg = "tls fetch client certificate from chain failed"; -+ *errmsg = "ssl fetch client certificate from chain failed"; - return NGX_ERROR; - } - - if (SSL_use_certificate(ssl_conn, x509) == 0) { - ERR_clear_error(); -- *errmsg = "tls set client certificate failed"; -+ *errmsg = "ssl set client certificate failed"; - return NGX_ERROR; - } - -@@ -1679,28 +1679,28 @@ ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - x509 = sk_X509_value(chain, i); - if (x509 == NULL) { - ERR_clear_error(); -- *errmsg = "tls fetch client intermediate certificate from " -+ *errmsg = "ssl fetch client intermediate certificate from " - "chain failed"; - return NGX_ERROR; - } - - if (SSL_add1_chain_cert(ssl_conn, x509) == 0) { - ERR_clear_error(); -- *errmsg = "tls set client intermediate certificate failed"; -+ *errmsg = "ssl set client intermediate certificate failed"; - return NGX_ERROR; - } - } - - if (SSL_use_PrivateKey(ssl_conn, pkey) == 0) { - ERR_clear_error(); -- *errmsg = "tls set client private key failed"; -+ *errmsg = "ssl set client private key failed"; - return NGX_ERROR; - } - } - - if (server_name != NULL && server_name->data != NULL) { - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, -- "lua tls server name: \"%V\"", server_name); -+ "lua ssl server name: \"%V\"", server_name); - - #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME - if (SSL_set_tlsext_host_name(c->ssl->connection, -@@ -1926,7 +1926,7 @@ ngx_http_lua_ffi_socket_tcp_get_tlshandshake_result(ngx_http_request_t *r, - const char **errmsg, int *openssl_error_code) - { - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, -- "lua cosocket get TLS handshake result for upstream: %p", u); -+ "lua cosocket get SSL handshake result for upstream: %p", u); - - if (u->error_ret != NULL) { - *errmsg = u->error_ret; -@@ -1962,7 +1962,7 @@ ngx_http_lua_tls_handshake_retval_handler(ngx_http_request_t *r, - u->ssl_session_ret = ssl_session; - - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, -- "lua tls save session: %p", ssl_session); -+ "lua ssl save session: %p", ssl_session); - } - - return 0; -@@ -1973,7 +1973,7 @@ void - ngx_http_lua_ffi_tls_free_session(ngx_ssl_session_t *sess) - { - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, ngx_cycle->log, 0, -- "lua tls free session: %p", sess); -+ "lua ssl free session: %p", sess); - - ngx_ssl_free_session(sess); - } --- -2.32.0 (Apple Git-132) - - -From 1f12b89485da6b7ac5dd23810bf094f214dc324e Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Fri, 21 Jan 2022 14:38:49 +0800 -Subject: [PATCH 12/17] rename function name from tls to ssl - ---- - src/ngx_http_lua_socket_tcp.c | 28 ++++++++++++++-------------- - 1 file changed, 14 insertions(+), 14 deletions(-) - -diff --git a/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c b/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -index af986364..76e98597 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -@@ -22,8 +22,8 @@ - static int ngx_http_lua_socket_tcp(lua_State *L); - static int ngx_http_lua_socket_tcp_connect(lua_State *L); - #if (NGX_HTTP_SSL) --static void ngx_http_lua_tls_handshake_handler(ngx_connection_t *c); --static int ngx_http_lua_tls_handshake_retval_handler(ngx_http_request_t *r, -+static void ngx_http_lua_ssl_handshake_handler(ngx_connection_t *c); -+static int ngx_http_lua_ssl_handshake_retval_handler(ngx_http_request_t *r, - ngx_http_lua_socket_tcp_upstream_t *u, lua_State *L); - #endif - static int ngx_http_lua_socket_tcp_receive(lua_State *L); -@@ -1559,7 +1559,7 @@ ngx_http_lua_socket_tcp_check_busy(ngx_http_request_t *r, - - - int --ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, -+ngx_http_lua_ffi_socket_tcp_sslhandshake(ngx_http_request_t *r, - ngx_http_lua_socket_tcp_upstream_t *u, ngx_ssl_session_t *sess, - int enable_session_reuse, ngx_str_t *server_name, int verify, - int ocsp_status_req, STACK_OF(X509) *chain, EVP_PKEY *pkey, -@@ -1614,7 +1614,7 @@ ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - - u->ssl_session_reuse = enable_session_reuse; - -- (void) ngx_http_lua_tls_handshake_retval_handler(r, u, NULL); -+ (void) ngx_http_lua_ssl_handshake_retval_handler(r, u, NULL); - - return NGX_OK; - } -@@ -1785,13 +1785,13 @@ new_ssl_name: - ngx_add_timer(c->read, u->connect_timeout); - - u->conn_waiting = 1; -- u->write_prepare_retvals = ngx_http_lua_tls_handshake_retval_handler; -+ u->write_prepare_retvals = ngx_http_lua_ssl_handshake_retval_handler; - - ngx_http_lua_cleanup_pending_operation(coctx); - coctx->cleanup = ngx_http_lua_coctx_cleanup; - coctx->data = u; - -- c->ssl->handler = ngx_http_lua_tls_handshake_handler; -+ c->ssl->handler = ngx_http_lua_ssl_handshake_handler; - - if (ctx->entered_content_phase) { - r->write_event_handler = ngx_http_lua_content_wev_handler; -@@ -1803,7 +1803,7 @@ new_ssl_name: - return NGX_AGAIN; - } - -- ngx_http_lua_tls_handshake_handler(c); -+ ngx_http_lua_ssl_handshake_handler(c); - - if (rc == NGX_ERROR) { - *errmsg = u->error_ret; -@@ -1815,7 +1815,7 @@ new_ssl_name: - - - static void --ngx_http_lua_tls_handshake_handler(ngx_connection_t *c) -+ngx_http_lua_ssl_handshake_handler(ngx_connection_t *c) - { - int waiting; - ngx_int_t rc; -@@ -1860,7 +1860,7 @@ ngx_http_lua_tls_handshake_handler(ngx_connection_t *c) - - llcf = ngx_http_get_module_loc_conf(r, ngx_http_lua_module); - if (llcf->log_socket_errors) { -- ngx_log_error(NGX_LOG_ERR, dc->log, 0, "lua tls " -+ ngx_log_error(NGX_LOG_ERR, dc->log, 0, "lua ssl " - "certificate verify error: (%d: %s)", - rc, u->error_ret); - } -@@ -1877,7 +1877,7 @@ ngx_http_lua_tls_handshake_handler(ngx_connection_t *c) - - llcf = ngx_http_get_module_loc_conf(r, ngx_http_lua_module); - if (llcf->log_socket_errors) { -- ngx_log_error(NGX_LOG_ERR, dc->log, 0, "lua tls " -+ ngx_log_error(NGX_LOG_ERR, dc->log, 0, "lua ssl " - "certificate does not match host \"%V\"", - &u->ssl_name); - } -@@ -1892,7 +1892,7 @@ ngx_http_lua_tls_handshake_handler(ngx_connection_t *c) - ngx_http_lua_socket_handle_conn_success(r, u); - - } else { -- (void) ngx_http_lua_tls_handshake_retval_handler(r, u, NULL); -+ (void) ngx_http_lua_ssl_handshake_retval_handler(r, u, NULL); - } - - if (waiting) { -@@ -1921,7 +1921,7 @@ failed: - - - int --ngx_http_lua_ffi_socket_tcp_get_tlshandshake_result(ngx_http_request_t *r, -+ngx_http_lua_ffi_socket_tcp_get_sslhandshake_result(ngx_http_request_t *r, - ngx_http_lua_socket_tcp_upstream_t *u, ngx_ssl_session_t **sess, - const char **errmsg, int *openssl_error_code) - { -@@ -1942,7 +1942,7 @@ ngx_http_lua_ffi_socket_tcp_get_tlshandshake_result(ngx_http_request_t *r, - - - static int --ngx_http_lua_tls_handshake_retval_handler(ngx_http_request_t *r, -+ngx_http_lua_ssl_handshake_retval_handler(ngx_http_request_t *r, - ngx_http_lua_socket_tcp_upstream_t *u, lua_State *L) - { - ngx_connection_t *c; -@@ -1970,7 +1970,7 @@ ngx_http_lua_tls_handshake_retval_handler(ngx_http_request_t *r, - - - void --ngx_http_lua_ffi_tls_free_session(ngx_ssl_session_t *sess) -+ngx_http_lua_ffi_ssl_free_session(ngx_ssl_session_t *sess) - { - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, ngx_cycle->log, 0, - "lua ssl free session: %p", sess); --- -2.32.0 (Apple Git-132) - - -From 84242561aa54ffed3bfab433cfef6f7797e01a47 Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Fri, 21 Jan 2022 14:46:38 +0800 -Subject: [PATCH 13/17] rename to SOCKET_CLIENT_PRIV_INDEX - ---- - src/ngx_http_lua_socket_tcp.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c b/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -index 76e98597..90da45fc 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -@@ -160,8 +160,8 @@ enum { - SOCKET_CONNECT_TIMEOUT_INDEX = 2, - SOCKET_SEND_TIMEOUT_INDEX = 4, - SOCKET_READ_TIMEOUT_INDEX = 5, -- SOCKET_CLIENT_CERT_INDEX = 6, -- SOCKET_CLIENT_KEY_INDEX = 7, -+ SOCKET_CLIENT_CERT_INDEX = 6, -+ SOCKET_CLIENT_PRIV_INDEX = 7, - }; - - --- -2.32.0 (Apple Git-132) - - -From 555166646c525167f9e1e5bb81b6cb100a4834f9 Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Fri, 21 Jan 2022 14:49:18 +0800 -Subject: [PATCH 14/17] rename to SOCKET_CLIENT_PKEY_INDEX - ---- - src/ngx_http_lua_socket_tcp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c b/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -index 90da45fc..494486de 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -@@ -161,7 +161,7 @@ enum { - SOCKET_SEND_TIMEOUT_INDEX = 4, - SOCKET_READ_TIMEOUT_INDEX = 5, - SOCKET_CLIENT_CERT_INDEX = 6, -- SOCKET_CLIENT_PRIV_INDEX = 7, -+ SOCKET_CLIENT_PKEY_INDEX = 7, - }; - - --- -2.32.0 (Apple Git-132) - - -From e9b54c43c05b064b831fe67d0e0aaff45b2ec505 Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Fri, 21 Jan 2022 17:17:09 +0800 -Subject: [PATCH 15/17] need not to change tcp_socket_metatable - ---- - src/ngx_http_lua_socket_tcp.c | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - -diff --git a/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c b/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -index 494486de..152d8cbd 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -@@ -160,8 +160,6 @@ enum { - SOCKET_CONNECT_TIMEOUT_INDEX = 2, - SOCKET_SEND_TIMEOUT_INDEX = 4, - SOCKET_READ_TIMEOUT_INDEX = 5, -- SOCKET_CLIENT_CERT_INDEX = 6, -- SOCKET_CLIENT_PKEY_INDEX = 7, - }; - - -@@ -426,7 +424,7 @@ ngx_http_lua_socket_tcp(lua_State *L) - - ngx_http_lua_check_context(L, ctx, NGX_HTTP_LUA_CONTEXT_YIELDABLE); - -- lua_createtable(L, 7 /* narr */, 1 /* nrec */); -+ lua_createtable(L, 5 /* narr */, 1 /* nrec */); - lua_pushlightuserdata(L, ngx_http_lua_lightudata_mask( - tcp_socket_metatable_key)); - lua_rawget(L, LUA_REGISTRYINDEX); --- -2.32.0 (Apple Git-132) - - -From 6c47356ddc327a8692260bd6f43ea67cf2787a73 Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Wed, 26 Jan 2022 19:55:29 +0800 -Subject: [PATCH 16/17] increase nrec to 3 in the socket object - ---- - src/ngx_http_lua_socket_tcp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c b/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -index 152d8cbd..8d71f8b4 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -@@ -424,7 +424,7 @@ ngx_http_lua_socket_tcp(lua_State *L) - - ngx_http_lua_check_context(L, ctx, NGX_HTTP_LUA_CONTEXT_YIELDABLE); - -- lua_createtable(L, 5 /* narr */, 1 /* nrec */); -+ lua_createtable(L, 5 /* narr */, 3 /* nrec */); - lua_pushlightuserdata(L, ngx_http_lua_lightudata_mask( - tcp_socket_metatable_key)); - lua_rawget(L, LUA_REGISTRYINDEX); --- -2.32.0 (Apple Git-132) - - -From 1d538552c7629310d850d4360408ddb555afcbcc Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Sat, 29 Jan 2022 09:18:52 +0800 -Subject: [PATCH 17/17] change tcp_socket_metatable nrec to 15 - ---- - src/ngx_http_lua_socket_tcp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c b/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -index 8d71f8b4..5dcdef0e 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_tcp.c -@@ -312,7 +312,7 @@ ngx_http_lua_inject_socket_tcp_api(ngx_log_t *log, lua_State *L) - /* {{{tcp object metatable */ - lua_pushlightuserdata(L, ngx_http_lua_lightudata_mask( - tcp_socket_metatable_key)); -- lua_createtable(L, 0 /* narr */, 14 /* nrec */); -+ lua_createtable(L, 0 /* narr */, 15 /* nrec */); - - lua_pushcfunction(L, ngx_http_lua_socket_tcp_connect); - lua_setfield(L, -2, "connect"); --- -2.32.0 (Apple Git-132) - diff --git a/build/openresty/patches/ngx_lua-0.10.20_02-dyn_upstream_keepalive.patch b/build/openresty/patches/ngx_lua-0.10.20_02-dyn_upstream_keepalive.patch deleted file mode 100644 index effdd5b517b5..000000000000 --- a/build/openresty/patches/ngx_lua-0.10.20_02-dyn_upstream_keepalive.patch +++ /dev/null @@ -1,1319 +0,0 @@ -From 2d12ac3e4045258b7a174b0505d92f63c26d82fc Mon Sep 17 00:00:00 2001 -From: Thibault Charbonnier -Date: Tue, 17 Sep 2019 11:43:44 -0700 -Subject: [PATCH 1/3] feature: implemented keepalive pooling in - 'balancer_by_lua*'. - ---- - src/ngx_http_lua_balancer.c | 738 ++++++++++++++++++++++++++++++------ - src/ngx_http_lua_common.h | 4 + - src/ngx_http_lua_module.c | 3 + - 3 files changed, 629 insertions(+), 116 deletions(-) - -diff --git a/ngx_lua-0.10.20/src/ngx_http_lua_balancer.c b/ngx_lua-0.10.20/src/ngx_http_lua_balancer.c -index f71a3e00..0d403716 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_balancer.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_balancer.c -@@ -16,46 +16,102 @@ - #include "ngx_http_lua_directive.h" - - -+typedef struct { -+ ngx_uint_t size; -+ ngx_uint_t connections; -+ -+ uint32_t crc32; -+ -+ lua_State *lua_vm; -+ -+ ngx_queue_t cache; -+ ngx_queue_t free; -+} ngx_http_lua_balancer_keepalive_pool_t; -+ -+ -+typedef struct { -+ ngx_queue_t queue; -+ ngx_connection_t *connection; -+ -+ ngx_http_lua_balancer_keepalive_pool_t *cpool; -+} ngx_http_lua_balancer_keepalive_item_t; -+ -+ - struct ngx_http_lua_balancer_peer_data_s { -- /* the round robin data must be first */ -- ngx_http_upstream_rr_peer_data_t rrp; -+ ngx_uint_t cpool_size; -+ ngx_uint_t keepalive_requests; -+ ngx_msec_t keepalive_timeout; -+ -+ ngx_uint_t more_tries; -+ ngx_uint_t total_tries; - -- ngx_http_lua_srv_conf_t *conf; -- ngx_http_request_t *request; -+ int last_peer_state; - -- ngx_uint_t more_tries; -- ngx_uint_t total_tries; -+ uint32_t cpool_crc32; - -- struct sockaddr *sockaddr; -- socklen_t socklen; -+ void *data; - -- ngx_str_t *host; -- in_port_t port; -+ ngx_event_get_peer_pt original_get_peer; -+ ngx_event_free_peer_pt original_free_peer; - -- int last_peer_state; -+#if (NGX_HTTP_SSL) -+ ngx_event_set_peer_session_pt original_set_session; -+ ngx_event_save_peer_session_pt original_save_session; -+#endif -+ -+ ngx_http_request_t *request; -+ ngx_http_lua_srv_conf_t *conf; -+ ngx_http_lua_balancer_keepalive_pool_t *cpool; -+ -+ ngx_str_t *host; -+ -+ struct sockaddr *sockaddr; -+ socklen_t socklen; -+ -+ unsigned keepalive:1; - - #if !(HAVE_NGX_UPSTREAM_TIMEOUT_FIELDS) -- unsigned cloned_upstream_conf; /* :1 */ -+ unsigned cloned_upstream_conf:1; - #endif - }; - - --#if (NGX_HTTP_SSL) --static ngx_int_t ngx_http_lua_balancer_set_session(ngx_peer_connection_t *pc, -- void *data); --static void ngx_http_lua_balancer_save_session(ngx_peer_connection_t *pc, -- void *data); --#endif -+static ngx_int_t ngx_http_lua_balancer_by_chunk(lua_State *L, -+ ngx_http_request_t *r); - static ngx_int_t ngx_http_lua_balancer_init(ngx_conf_t *cf, - ngx_http_upstream_srv_conf_t *us); - static ngx_int_t ngx_http_lua_balancer_init_peer(ngx_http_request_t *r, - ngx_http_upstream_srv_conf_t *us); - static ngx_int_t ngx_http_lua_balancer_get_peer(ngx_peer_connection_t *pc, - void *data); --static ngx_int_t ngx_http_lua_balancer_by_chunk(lua_State *L, -- ngx_http_request_t *r); - static void ngx_http_lua_balancer_free_peer(ngx_peer_connection_t *pc, - void *data, ngx_uint_t state); -+static ngx_int_t ngx_http_lua_balancer_create_keepalive_pool(lua_State *L, -+ ngx_log_t *log, uint32_t cpool_crc32, ngx_uint_t cpool_size, -+ ngx_http_lua_balancer_keepalive_pool_t **cpool); -+static void ngx_http_lua_balancer_get_keepalive_pool(lua_State *L, -+ uint32_t cpool_crc32, ngx_http_lua_balancer_keepalive_pool_t **cpool); -+static void ngx_http_lua_balancer_free_keepalive_pool(ngx_log_t *log, -+ ngx_http_lua_balancer_keepalive_pool_t *cpool); -+static void ngx_http_lua_balancer_close(ngx_connection_t *c); -+static void ngx_http_lua_balancer_dummy_handler(ngx_event_t *ev); -+static void ngx_http_lua_balancer_close_handler(ngx_event_t *ev); -+#if (NGX_HTTP_SSL) -+static ngx_int_t ngx_http_lua_balancer_set_session(ngx_peer_connection_t *pc, -+ void *data); -+static void ngx_http_lua_balancer_save_session(ngx_peer_connection_t *pc, -+ void *data); -+#endif -+ -+ -+#define ngx_http_lua_balancer_keepalive_is_enabled(bp) \ -+ (bp->keepalive) -+ -+#define ngx_http_lua_balancer_peer_set(bp) \ -+ (bp->sockaddr && bp->socklen) -+ -+ -+static char ngx_http_lua_balancer_keepalive_pools_table_key; - - - ngx_int_t -@@ -102,6 +158,61 @@ ngx_http_lua_balancer_handler_inline(ngx_http_request_t *r, - } - - -+static ngx_int_t -+ngx_http_lua_balancer_by_chunk(lua_State *L, ngx_http_request_t *r) -+{ -+ u_char *err_msg; -+ size_t len; -+ ngx_int_t rc; -+ -+ /* init nginx context in Lua VM */ -+ ngx_http_lua_set_req(L, r); -+ -+#ifndef OPENRESTY_LUAJIT -+ ngx_http_lua_create_new_globals_table(L, 0 /* narr */, 1 /* nrec */); -+ -+ /* {{{ make new env inheriting main thread's globals table */ -+ lua_createtable(L, 0, 1 /* nrec */); /* the metatable for the new env */ -+ ngx_http_lua_get_globals_table(L); -+ lua_setfield(L, -2, "__index"); -+ lua_setmetatable(L, -2); /* setmetatable({}, {__index = _G}) */ -+ /* }}} */ -+ -+ lua_setfenv(L, -2); /* set new running env for the code closure */ -+#endif /* OPENRESTY_LUAJIT */ -+ -+ lua_pushcfunction(L, ngx_http_lua_traceback); -+ lua_insert(L, 1); /* put it under chunk and args */ -+ -+ /* protected call user code */ -+ rc = lua_pcall(L, 0, 1, 1); -+ -+ lua_remove(L, 1); /* remove traceback function */ -+ -+ dd("rc == %d", (int) rc); -+ -+ if (rc != 0) { -+ /* error occurred when running loaded code */ -+ err_msg = (u_char *) lua_tolstring(L, -1, &len); -+ -+ if (err_msg == NULL) { -+ err_msg = (u_char *) "unknown reason"; -+ len = sizeof("unknown reason") - 1; -+ } -+ -+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, -+ "failed to run balancer_by_lua*: %*s", len, err_msg); -+ -+ lua_settop(L, 0); /* clear remaining elems on stack */ -+ -+ return NGX_ERROR; -+ } -+ -+ lua_settop(L, 0); /* clear remaining elems on stack */ -+ return rc; -+} -+ -+ - char * - ngx_http_lua_balancer_by_lua_block(ngx_conf_t *cf, ngx_command_t *cmd, - void *conf) -@@ -125,16 +236,16 @@ char * - ngx_http_lua_balancer_by_lua(ngx_conf_t *cf, ngx_command_t *cmd, - void *conf) - { -- u_char *cache_key = NULL; -- u_char *name; -- ngx_str_t *value; -- ngx_http_lua_srv_conf_t *lscf = conf; -- -+ u_char *cache_key = NULL; -+ u_char *name; -+ ngx_str_t *value; - ngx_http_upstream_srv_conf_t *uscf; -+ ngx_http_lua_srv_conf_t *lscf = conf; - - dd("enter"); - -- /* must specify a content handler */ -+ /* content handler setup */ -+ - if (cmd->post == NULL) { - return NGX_CONF_ERROR; - } -@@ -178,11 +289,19 @@ ngx_http_lua_balancer_by_lua(ngx_conf_t *cf, ngx_command_t *cmd, - - lscf->balancer.src_key = cache_key; - -+ /* balancer setup */ -+ - uscf = ngx_http_conf_get_module_srv_conf(cf, ngx_http_upstream_module); - - if (uscf->peer.init_upstream) { - ngx_conf_log_error(NGX_LOG_WARN, cf, 0, - "load balancing method redefined"); -+ -+ lscf->balancer.original_init_upstream = uscf->peer.init_upstream; -+ -+ } else { -+ lscf->balancer.original_init_upstream = -+ ngx_http_upstream_init_round_robin; - } - - uscf->peer.init_upstream = ngx_http_lua_balancer_init; -@@ -198,14 +317,18 @@ ngx_http_lua_balancer_by_lua(ngx_conf_t *cf, ngx_command_t *cmd, - - - static ngx_int_t --ngx_http_lua_balancer_init(ngx_conf_t *cf, -- ngx_http_upstream_srv_conf_t *us) -+ngx_http_lua_balancer_init(ngx_conf_t *cf, ngx_http_upstream_srv_conf_t *us) - { -- if (ngx_http_upstream_init_round_robin(cf, us) != NGX_OK) { -+ ngx_http_lua_srv_conf_t *lscf; -+ -+ lscf = ngx_http_conf_upstream_srv_conf(us, ngx_http_lua_module); -+ -+ if (lscf->balancer.original_init_upstream(cf, us) != NGX_OK) { - return NGX_ERROR; - } - -- /* this callback is called upon individual requests */ -+ lscf->balancer.original_init_peer = us->peer.init; -+ - us->peer.init = ngx_http_lua_balancer_init_peer; - - return NGX_OK; -@@ -216,33 +339,38 @@ static ngx_int_t - ngx_http_lua_balancer_init_peer(ngx_http_request_t *r, - ngx_http_upstream_srv_conf_t *us) - { -- ngx_http_lua_srv_conf_t *bcf; -+ ngx_http_lua_srv_conf_t *lscf; - ngx_http_lua_balancer_peer_data_t *bp; - -- bp = ngx_pcalloc(r->pool, sizeof(ngx_http_lua_balancer_peer_data_t)); -- if (bp == NULL) { -+ lscf = ngx_http_conf_upstream_srv_conf(us, ngx_http_lua_module); -+ -+ if (lscf->balancer.original_init_peer(r, us) != NGX_OK) { - return NGX_ERROR; - } - -- r->upstream->peer.data = &bp->rrp; -- -- if (ngx_http_upstream_init_round_robin_peer(r, us) != NGX_OK) { -+ bp = ngx_pcalloc(r->pool, sizeof(ngx_http_lua_balancer_peer_data_t)); -+ if (bp == NULL) { - return NGX_ERROR; - } - -+ bp->conf = lscf; -+ bp->request = r; -+ bp->data = r->upstream->peer.data; -+ bp->original_get_peer = r->upstream->peer.get; -+ bp->original_free_peer = r->upstream->peer.free; -+ -+ r->upstream->peer.data = bp; - r->upstream->peer.get = ngx_http_lua_balancer_get_peer; - r->upstream->peer.free = ngx_http_lua_balancer_free_peer; - - #if (NGX_HTTP_SSL) -+ bp->original_set_session = r->upstream->peer.set_session; -+ bp->original_save_session = r->upstream->peer.save_session; -+ - r->upstream->peer.set_session = ngx_http_lua_balancer_set_session; - r->upstream->peer.save_session = ngx_http_lua_balancer_save_session; - #endif - -- bcf = ngx_http_conf_upstream_srv_conf(us, ngx_http_lua_module); -- -- bp->conf = bcf; -- bp->request = r; -- - return NGX_OK; - } - -@@ -250,25 +378,26 @@ ngx_http_lua_balancer_init_peer(ngx_http_request_t *r, - static ngx_int_t - ngx_http_lua_balancer_get_peer(ngx_peer_connection_t *pc, void *data) - { -- lua_State *L; -- ngx_int_t rc; -- ngx_http_request_t *r; -- ngx_http_lua_ctx_t *ctx; -- ngx_http_lua_srv_conf_t *lscf; -- ngx_http_lua_main_conf_t *lmcf; -- ngx_http_lua_balancer_peer_data_t *bp = data; -+ lua_State *L; -+ ngx_int_t rc; -+ ngx_queue_t *q; -+ ngx_connection_t *c; -+ ngx_http_request_t *r; -+ ngx_http_lua_ctx_t *ctx; -+ ngx_http_lua_srv_conf_t *lscf; -+ ngx_http_lua_main_conf_t *lmcf; -+ ngx_http_lua_balancer_keepalive_item_t *item; -+ ngx_http_lua_balancer_peer_data_t *bp = data; - - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, -- "lua balancer peer, tries: %ui", pc->tries); -- -- lscf = bp->conf; -+ "lua balancer: get peer, tries: %ui", pc->tries); - - r = bp->request; -+ lscf = bp->conf; - - ngx_http_lua_assert(lscf->balancer.handler && r); - - ctx = ngx_http_get_module_ctx(r, ngx_http_lua_module); -- - if (ctx == NULL) { - ctx = ngx_http_lua_create_ctx(r); - if (ctx == NULL) { -@@ -286,9 +415,15 @@ ngx_http_lua_balancer_get_peer(ngx_peer_connection_t *pc, void *data) - - ctx->context = NGX_HTTP_LUA_CONTEXT_BALANCER; - -+ bp->cpool = NULL; - bp->sockaddr = NULL; - bp->socklen = 0; - bp->more_tries = 0; -+ bp->cpool_crc32 = 0; -+ bp->cpool_size = 0; -+ bp->keepalive_requests = 0; -+ bp->keepalive_timeout = 0; -+ bp->keepalive = 0; - bp->total_tries++; - - lmcf = ngx_http_get_module_main_conf(r, ngx_http_lua_module); -@@ -300,7 +435,6 @@ ngx_http_lua_balancer_get_peer(ngx_peer_connection_t *pc, void *data) - lmcf->balancer_peer_data = bp; - - rc = lscf->balancer.handler(r, lscf, L); -- - if (rc == NGX_ERROR) { - return NGX_ERROR; - } -@@ -322,105 +456,414 @@ ngx_http_lua_balancer_get_peer(ngx_peer_connection_t *pc, void *data) - } - } - -- if (bp->sockaddr && bp->socklen) { -+ if (ngx_http_lua_balancer_peer_set(bp)) { - pc->sockaddr = bp->sockaddr; - pc->socklen = bp->socklen; -+ pc->name = bp->host; - pc->cached = 0; - pc->connection = NULL; -- pc->name = bp->host; -- -- bp->rrp.peers->single = 0; - - if (bp->more_tries) { - r->upstream->peer.tries += bp->more_tries; - } - -- dd("tries: %d", (int) r->upstream->peer.tries); -+ if (ngx_http_lua_balancer_keepalive_is_enabled(bp)) { -+ ngx_http_lua_balancer_get_keepalive_pool(L, bp->cpool_crc32, -+ &bp->cpool); -+ -+ if (bp->cpool == NULL -+ && ngx_http_lua_balancer_create_keepalive_pool(L, pc->log, -+ bp->cpool_crc32, -+ bp->cpool_size, -+ &bp->cpool) -+ != NGX_OK) -+ { -+ return NGX_ERROR; -+ } -+ -+ ngx_http_lua_assert(bp->cpool); -+ -+ if (!ngx_queue_empty(&bp->cpool->cache)) { -+ q = ngx_queue_head(&bp->cpool->cache); -+ -+ item = ngx_queue_data(q, ngx_http_lua_balancer_keepalive_item_t, -+ queue); -+ c = item->connection; -+ -+ ngx_queue_remove(q); -+ ngx_queue_insert_head(&bp->cpool->free, q); -+ -+ c->idle = 0; -+ c->sent = 0; -+ c->log = pc->log; -+ c->read->log = pc->log; -+ c->write->log = pc->log; -+ c->pool->log = pc->log; -+ -+ if (c->read->timer_set) { -+ ngx_del_timer(c->read); -+ } -+ -+ pc->cached = 1; -+ pc->connection = c; -+ -+ ngx_log_debug3(NGX_LOG_DEBUG_HTTP, pc->log, 0, -+ "lua balancer: keepalive reusing connection %p, " -+ "requests: %ui, cpool: %p", -+ c, c->requests, bp->cpool); -+ -+ return NGX_DONE; -+ } -+ -+ bp->cpool->connections++; -+ -+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, -+ "lua balancer: keepalive no free connection, " -+ "cpool: %p", bp->cpool); -+ } - - return NGX_OK; - } - -- return ngx_http_upstream_get_round_robin_peer(pc, &bp->rrp); -+ return bp->original_get_peer(pc, bp->data); - } - - --static ngx_int_t --ngx_http_lua_balancer_by_chunk(lua_State *L, ngx_http_request_t *r) -+static void -+ngx_http_lua_balancer_free_peer(ngx_peer_connection_t *pc, void *data, -+ ngx_uint_t state) - { -- u_char *err_msg; -- size_t len; -- ngx_int_t rc; -+ ngx_queue_t *q; -+ ngx_connection_t *c; -+ ngx_http_upstream_t *u; -+ ngx_http_lua_balancer_keepalive_item_t *item; -+ ngx_http_lua_balancer_keepalive_pool_t *cpool; -+ ngx_http_lua_balancer_peer_data_t *bp = data; - -- /* init nginx context in Lua VM */ -- ngx_http_lua_set_req(L, r); -+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, -+ "lua balancer: free peer, tries: %ui", pc->tries); - --#ifndef OPENRESTY_LUAJIT -- ngx_http_lua_create_new_globals_table(L, 0 /* narr */, 1 /* nrec */); -+ u = bp->request->upstream; -+ c = pc->connection; - -- /* {{{ make new env inheriting main thread's globals table */ -- lua_createtable(L, 0, 1 /* nrec */); /* the metatable for the new env */ -- ngx_http_lua_get_globals_table(L); -- lua_setfield(L, -2, "__index"); -- lua_setmetatable(L, -2); /* setmetatable({}, {__index = _G}) */ -- /* }}} */ -+ if (ngx_http_lua_balancer_peer_set(bp)) { -+ bp->last_peer_state = (int) state; - -- lua_setfenv(L, -2); /* set new running env for the code closure */ --#endif /* OPENRESTY_LUAJIT */ -+ if (pc->tries) { -+ pc->tries--; -+ } - -- lua_pushcfunction(L, ngx_http_lua_traceback); -- lua_insert(L, 1); /* put it under chunk and args */ -+ if (ngx_http_lua_balancer_keepalive_is_enabled(bp)) { -+ cpool = bp->cpool; - -- /* protected call user code */ -- rc = lua_pcall(L, 0, 1, 1); -+ if (state & NGX_PEER_FAILED -+ || c == NULL -+ || c->read->eof -+ || c->read->error -+ || c->read->timedout -+ || c->write->error -+ || c->write->timedout) -+ { -+ goto invalid; -+ } - -- lua_remove(L, 1); /* remove traceback function */ -+ if (bp->keepalive_requests -+ && c->requests >= bp->keepalive_requests) -+ { -+ goto invalid; -+ } - -- dd("rc == %d", (int) rc); -+ if (!u->keepalive) { -+ goto invalid; -+ } - -- if (rc != 0) { -- /* error occurred when running loaded code */ -- err_msg = (u_char *) lua_tolstring(L, -1, &len); -+ if (!u->request_body_sent) { -+ goto invalid; -+ } - -- if (err_msg == NULL) { -- err_msg = (u_char *) "unknown reason"; -- len = sizeof("unknown reason") - 1; -+ if (ngx_terminate || ngx_exiting) { -+ goto invalid; -+ } -+ -+ if (ngx_handle_read_event(c->read, 0) != NGX_OK) { -+ goto invalid; -+ } -+ -+ if (ngx_queue_empty(&cpool->free)) { -+ q = ngx_queue_last(&cpool->cache); -+ ngx_queue_remove(q); -+ -+ item = ngx_queue_data(q, ngx_http_lua_balancer_keepalive_item_t, -+ queue); -+ -+ ngx_http_lua_balancer_close(item->connection); -+ -+ } else { -+ q = ngx_queue_head(&cpool->free); -+ ngx_queue_remove(q); -+ -+ item = ngx_queue_data(q, ngx_http_lua_balancer_keepalive_item_t, -+ queue); -+ } -+ -+ ngx_log_debug3(NGX_LOG_DEBUG_HTTP, pc->log, 0, -+ "lua balancer: keepalive saving connection %p, " -+ "cpool: %p, connections: %ui", -+ c, cpool, cpool->connections); -+ -+ ngx_queue_insert_head(&cpool->cache, q); -+ -+ item->connection = c; -+ -+ pc->connection = NULL; -+ -+ if (bp->keepalive_timeout) { -+ c->read->delayed = 0; -+ ngx_add_timer(c->read, bp->keepalive_timeout); -+ -+ } else if (c->read->timer_set) { -+ ngx_del_timer(c->read); -+ } -+ -+ if (c->write->timer_set) { -+ ngx_del_timer(c->write); -+ } -+ -+ c->write->handler = ngx_http_lua_balancer_dummy_handler; -+ c->read->handler = ngx_http_lua_balancer_close_handler; -+ -+ c->data = item; -+ c->idle = 1; -+ c->log = ngx_cycle->log; -+ c->read->log = ngx_cycle->log; -+ c->write->log = ngx_cycle->log; -+ c->pool->log = ngx_cycle->log; -+ -+ if (c->read->ready) { -+ ngx_http_lua_balancer_close_handler(c->read); -+ } -+ -+ return; -+ -+invalid: -+ -+ cpool->connections--; -+ -+ ngx_log_debug3(NGX_LOG_DEBUG_HTTP, pc->log, 0, -+ "lua balancer: keepalive not saving connection %p, " -+ "cpool: %p, connections: %ui", -+ c, cpool, cpool->connections); -+ -+ if (cpool->connections == 0) { -+ ngx_http_lua_balancer_free_keepalive_pool(pc->log, cpool); -+ } - } - -- ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, -- "failed to run balancer_by_lua*: %*s", len, err_msg); -+ return; -+ } - -- lua_settop(L, 0); /* clear remaining elems on stack */ -+ bp->original_free_peer(pc, bp->data, state); -+} -+ -+ -+static ngx_int_t -+ngx_http_lua_balancer_create_keepalive_pool(lua_State *L, ngx_log_t *log, -+ uint32_t cpool_crc32, ngx_uint_t cpool_size, -+ ngx_http_lua_balancer_keepalive_pool_t **cpool) -+{ -+ size_t size; -+ ngx_uint_t i; -+ ngx_http_lua_balancer_keepalive_pool_t *upool; -+ ngx_http_lua_balancer_keepalive_item_t *items; -+ -+ /* get upstream connection pools table */ -+ lua_pushlightuserdata(L, ngx_http_lua_lightudata_mask( -+ balancer_keepalive_pools_table_key)); -+ lua_rawget(L, LUA_REGISTRYINDEX); /* pools? */ -+ -+ ngx_http_lua_assert(lua_istable(L, -1)); -+ -+ size = sizeof(ngx_http_lua_balancer_keepalive_pool_t) -+ + sizeof(ngx_http_lua_balancer_keepalive_item_t) * cpool_size; - -+ upool = lua_newuserdata(L, size); /* pools upool */ -+ if (upool == NULL) { - return NGX_ERROR; - } - -- lua_settop(L, 0); /* clear remaining elems on stack */ -- return rc; -+ ngx_log_debug2(NGX_LOG_DEBUG_HTTP, log, 0, -+ "lua balancer: keepalive create pool, crc32: %ui, " -+ "size: %ui", cpool_crc32, cpool_size); -+ -+ upool->lua_vm = L; -+ upool->crc32 = cpool_crc32; -+ upool->size = cpool_size; -+ upool->connections = 0; -+ -+ ngx_queue_init(&upool->cache); -+ ngx_queue_init(&upool->free); -+ -+ lua_rawseti(L, -2, cpool_crc32); /* pools */ -+ lua_pop(L, 1); /* orig stack */ -+ -+ items = (ngx_http_lua_balancer_keepalive_item_t *) (&upool->free + 1); -+ -+ ngx_http_lua_assert((void *) items == ngx_align_ptr(items, NGX_ALIGNMENT)); -+ -+ for (i = 0; i < cpool_size; i++) { -+ ngx_queue_insert_head(&upool->free, &items[i].queue); -+ items[i].cpool = upool; -+ } -+ -+ *cpool = upool; -+ -+ return NGX_OK; - } - - - static void --ngx_http_lua_balancer_free_peer(ngx_peer_connection_t *pc, void *data, -- ngx_uint_t state) -+ngx_http_lua_balancer_get_keepalive_pool(lua_State *L, uint32_t cpool_crc32, -+ ngx_http_lua_balancer_keepalive_pool_t **cpool) - { -- ngx_http_lua_balancer_peer_data_t *bp = data; -+ ngx_http_lua_balancer_keepalive_pool_t *upool; -+ -+ /* get upstream connection pools table */ -+ lua_pushlightuserdata(L, ngx_http_lua_lightudata_mask( -+ balancer_keepalive_pools_table_key)); -+ lua_rawget(L, LUA_REGISTRYINDEX); /* pools? */ -+ -+ if (lua_isnil(L, -1)) { -+ lua_pop(L, 1); /* orig stack */ -+ -+ /* create upstream connection pools table */ -+ lua_createtable(L, 0, 0); /* pools */ -+ lua_pushlightuserdata(L, ngx_http_lua_lightudata_mask( -+ balancer_keepalive_pools_table_key)); -+ lua_pushvalue(L, -2); /* pools pools_table_key pools */ -+ lua_rawset(L, LUA_REGISTRYINDEX); /* pools */ -+ } - -- ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, -- "lua balancer free peer, tries: %ui", pc->tries); -+ ngx_http_lua_assert(lua_istable(L, -1)); - -- if (bp->sockaddr && bp->socklen) { -- bp->last_peer_state = (int) state; -+ lua_rawgeti(L, -1, cpool_crc32); /* pools upool? */ -+ upool = lua_touserdata(L, -1); -+ lua_pop(L, 2); /* orig stack */ - -- if (pc->tries) { -- pc->tries--; -+ *cpool = upool; -+} -+ -+ -+static void -+ngx_http_lua_balancer_free_keepalive_pool(ngx_log_t *log, -+ ngx_http_lua_balancer_keepalive_pool_t *cpool) -+{ -+ lua_State *L; -+ -+ ngx_log_debug2(NGX_LOG_DEBUG_HTTP, log, 0, -+ "lua balancer: keepalive free pool %p, crc32: %ui", -+ cpool, cpool->crc32); -+ -+ ngx_http_lua_assert(cpool->connections == 0); -+ -+ L = cpool->lua_vm; -+ -+ /* get upstream connection pools table */ -+ lua_pushlightuserdata(L, ngx_http_lua_lightudata_mask( -+ balancer_keepalive_pools_table_key)); -+ lua_rawget(L, LUA_REGISTRYINDEX); /* pools? */ -+ -+ if (lua_isnil(L, -1)) { -+ lua_pop(L, 1); /* orig stack */ -+ return; -+ } -+ -+ ngx_http_lua_assert(lua_istable(L, -1)); -+ -+ lua_pushnil(L); /* pools nil */ -+ lua_rawseti(L, -2, cpool->crc32); /* pools */ -+ lua_pop(L, 1); /* orig stack */ -+} -+ -+ -+static void -+ngx_http_lua_balancer_close(ngx_connection_t *c) -+{ -+ ngx_http_lua_balancer_keepalive_item_t *item; -+ -+ item = c->data; -+ -+#if (NGX_HTTP_SSL) -+ if (c->ssl) { -+ c->ssl->no_wait_shutdown = 1; -+ c->ssl->no_send_shutdown = 1; -+ -+ if (ngx_ssl_shutdown(c) == NGX_AGAIN) { -+ c->ssl->handler = ngx_http_lua_balancer_close; -+ return; -+ } -+ } -+#endif -+ -+ ngx_destroy_pool(c->pool); -+ ngx_close_connection(c); -+ -+ item->cpool->connections--; -+ -+ ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0, -+ "lua balancer: keepalive closing connection %p, cpool: %p, " -+ "connections: %ui", -+ c, item->cpool, item->cpool->connections); -+} -+ -+ -+static void -+ngx_http_lua_balancer_dummy_handler(ngx_event_t *ev) -+{ -+ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, ev->log, 0, -+ "lua balancer: dummy handler"); -+} -+ -+ -+static void -+ngx_http_lua_balancer_close_handler(ngx_event_t *ev) -+{ -+ ngx_http_lua_balancer_keepalive_item_t *item; -+ -+ int n; -+ char buf[1]; -+ ngx_connection_t *c; -+ -+ c = ev->data; -+ -+ if (c->close || c->read->timedout) { -+ goto close; -+ } -+ -+ n = recv(c->fd, buf, 1, MSG_PEEK); -+ -+ if (n == -1 && ngx_socket_errno == NGX_EAGAIN) { -+ ev->ready = 0; -+ -+ if (ngx_handle_read_event(c->read, 0) != NGX_OK) { -+ goto close; - } - - return; - } - -- /* fallback */ -+close: -+ -+ item = c->data; -+ c->log = ev->log; -+ -+ ngx_http_lua_balancer_close(c); - -- ngx_http_upstream_free_round_robin_peer(pc, data, state); -+ ngx_queue_remove(&item->queue); -+ ngx_queue_insert_head(&item->cpool->free, &item->queue); -+ -+ if (item->cpool->connections == 0) { -+ ngx_http_lua_balancer_free_keepalive_pool(ev->log, item->cpool); -+ } - } - - -@@ -431,12 +874,12 @@ ngx_http_lua_balancer_set_session(ngx_peer_connection_t *pc, void *data) - { - ngx_http_lua_balancer_peer_data_t *bp = data; - -- if (bp->sockaddr && bp->socklen) { -+ if (ngx_http_lua_balancer_peer_set(bp)) { - /* TODO */ - return NGX_OK; - } - -- return ngx_http_upstream_set_round_robin_peer_session(pc, &bp->rrp); -+ return bp->original_set_session(pc, bp->data); - } - - -@@ -445,13 +888,12 @@ ngx_http_lua_balancer_save_session(ngx_peer_connection_t *pc, void *data) - { - ngx_http_lua_balancer_peer_data_t *bp = data; - -- if (bp->sockaddr && bp->socklen) { -+ if (ngx_http_lua_balancer_peer_set(bp)) { - /* TODO */ - return; - } - -- ngx_http_upstream_save_round_robin_peer_session(pc, &bp->rrp); -- return; -+ bp->original_save_session(pc, bp->data); - } - - #endif -@@ -459,14 +901,14 @@ ngx_http_lua_balancer_save_session(ngx_peer_connection_t *pc, void *data) - - int - ngx_http_lua_ffi_balancer_set_current_peer(ngx_http_request_t *r, -- const u_char *addr, size_t addr_len, int port, char **err) -+ const u_char *addr, size_t addr_len, int port, unsigned int cpool_crc32, -+ unsigned int cpool_size, char **err) - { -- ngx_url_t url; -- ngx_http_lua_ctx_t *ctx; -- ngx_http_upstream_t *u; -- -- ngx_http_lua_main_conf_t *lmcf; -- ngx_http_lua_balancer_peer_data_t *bp; -+ ngx_url_t url; -+ ngx_http_upstream_t *u; -+ ngx_http_lua_ctx_t *ctx; -+ ngx_http_lua_main_conf_t *lmcf; -+ ngx_http_lua_balancer_peer_data_t *bp; - - if (r == NULL) { - *err = "no request found"; -@@ -536,6 +978,70 @@ ngx_http_lua_ffi_balancer_set_current_peer(ngx_http_request_t *r, - return NGX_ERROR; - } - -+ bp->cpool_crc32 = (uint32_t) cpool_crc32; -+ bp->cpool_size = (ngx_uint_t) cpool_size; -+ -+ return NGX_OK; -+} -+ -+ -+int -+ngx_http_lua_ffi_balancer_enable_keepalive(ngx_http_request_t *r, -+ unsigned long timeout, unsigned int max_requests, char **err) -+{ -+ ngx_http_upstream_t *u; -+ ngx_http_lua_ctx_t *ctx; -+ ngx_http_lua_main_conf_t *lmcf; -+ ngx_http_lua_balancer_peer_data_t *bp; -+ -+ if (r == NULL) { -+ *err = "no request found"; -+ return NGX_ERROR; -+ } -+ -+ u = r->upstream; -+ -+ if (u == NULL) { -+ *err = "no upstream found"; -+ return NGX_ERROR; -+ } -+ -+ ctx = ngx_http_get_module_ctx(r, ngx_http_lua_module); -+ if (ctx == NULL) { -+ *err = "no ctx found"; -+ return NGX_ERROR; -+ } -+ -+ if ((ctx->context & NGX_HTTP_LUA_CONTEXT_BALANCER) == 0) { -+ *err = "API disabled in the current context"; -+ return NGX_ERROR; -+ } -+ -+ lmcf = ngx_http_get_module_main_conf(r, ngx_http_lua_module); -+ -+ /* we cannot read r->upstream->peer.data here directly because -+ * it could be overridden by other modules like -+ * ngx_http_upstream_keepalive_module. -+ */ -+ bp = lmcf->balancer_peer_data; -+ if (bp == NULL) { -+ *err = "no upstream peer data found"; -+ return NGX_ERROR; -+ } -+ -+ if (!ngx_http_lua_balancer_peer_set(bp)) { -+ *err = "no current peer set"; -+ return NGX_ERROR; -+ } -+ -+ if (!bp->cpool_crc32) { -+ bp->cpool_crc32 = ngx_crc32_long(bp->host->data, bp->host->len); -+ } -+ -+ bp->keepalive_timeout = (ngx_msec_t) timeout; -+ bp->keepalive_requests = (ngx_uint_t) max_requests; -+ bp->keepalive = 1; -+ - return NGX_OK; - } - -diff --git a/ngx_lua-0.10.20/src/ngx_http_lua_common.h b/ngx_lua-0.10.20/src/ngx_http_lua_common.h -index 781a2454..9ce6836a 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_common.h -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_common.h -@@ -320,6 +320,10 @@ union ngx_http_lua_srv_conf_u { - #endif - - struct { -+ ngx_http_upstream_init_pt original_init_upstream; -+ ngx_http_upstream_init_peer_pt original_init_peer; -+ uintptr_t data; -+ - ngx_http_lua_srv_conf_handler_pt handler; - ngx_str_t src; - u_char *src_key; -diff --git a/ngx_lua-0.10.20/src/ngx_http_lua_module.c b/ngx_lua-0.10.20/src/ngx_http_lua_module.c -index 9816d864..5d7cedfd 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_module.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_module.c -@@ -1068,6 +1068,9 @@ ngx_http_lua_create_srv_conf(ngx_conf_t *cf) - * lscf->srv.ssl_session_fetch_src = { 0, NULL }; - * lscf->srv.ssl_session_fetch_src_key = NULL; - * -+ * lscf->balancer.original_init_upstream = NULL; -+ * lscf->balancer.original_init_peer = NULL; -+ * lscf->balancer.data = NULL; - * lscf->balancer.handler = NULL; - * lscf->balancer.src = { 0, NULL }; - * lscf->balancer.src_key = NULL; --- -2.26.2 - - -From 4c5cb29a265b2f9524434322adf15d07deec6c7f Mon Sep 17 00:00:00 2001 -From: Thibault Charbonnier -Date: Tue, 17 Sep 2019 11:43:54 -0700 -Subject: [PATCH 2/3] feature: we now avoid the need for 'upstream' blocks to - define a stub 'server' directive when using 'balancer_by_lua*'. - ---- - src/ngx_http_lua_balancer.c | 42 +++++++++++++++++++++++++++++++++++-- - 1 file changed, 40 insertions(+), 2 deletions(-) - -diff --git a/ngx_lua-0.10.20/src/ngx_http_lua_balancer.c b/ngx_lua-0.10.20/src/ngx_http_lua_balancer.c -index 0d403716..5c862d22 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_balancer.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_balancer.c -@@ -111,7 +111,8 @@ static void ngx_http_lua_balancer_save_session(ngx_peer_connection_t *pc, - (bp->sockaddr && bp->socklen) - - --static char ngx_http_lua_balancer_keepalive_pools_table_key; -+static char ngx_http_lua_balancer_keepalive_pools_table_key; -+static struct sockaddr *ngx_http_lua_balancer_default_server_sockaddr; - - - ngx_int_t -@@ -239,7 +240,9 @@ ngx_http_lua_balancer_by_lua(ngx_conf_t *cf, ngx_command_t *cmd, - u_char *cache_key = NULL; - u_char *name; - ngx_str_t *value; -+ ngx_url_t url; - ngx_http_upstream_srv_conf_t *uscf; -+ ngx_http_upstream_server_t *us; - ngx_http_lua_srv_conf_t *lscf = conf; - - dd("enter"); -@@ -293,6 +296,29 @@ ngx_http_lua_balancer_by_lua(ngx_conf_t *cf, ngx_command_t *cmd, - - uscf = ngx_http_conf_get_module_srv_conf(cf, ngx_http_upstream_module); - -+ if (uscf->servers->nelts == 0) { -+ us = ngx_array_push(uscf->servers); -+ if (us == NULL) { -+ return NGX_CONF_ERROR; -+ } -+ -+ ngx_memzero(us, sizeof(ngx_http_upstream_server_t)); -+ ngx_memzero(&url, sizeof(ngx_url_t)); -+ -+ ngx_str_set(&url.url, "0.0.0.1"); -+ url.default_port = 80; -+ -+ if (ngx_parse_url(cf->pool, &url) != NGX_OK) { -+ return NGX_CONF_ERROR; -+ } -+ -+ us->name = url.url; -+ us->addrs = url.addrs; -+ us->naddrs = url.naddrs; -+ -+ ngx_http_lua_balancer_default_server_sockaddr = us->addrs[0].sockaddr; -+ } -+ - if (uscf->peer.init_upstream) { - ngx_conf_log_error(NGX_LOG_WARN, cf, 0, - "load balancing method redefined"); -@@ -525,7 +551,19 @@ ngx_http_lua_balancer_get_peer(ngx_peer_connection_t *pc, void *data) - return NGX_OK; - } - -- return bp->original_get_peer(pc, bp->data); -+ rc = bp->original_get_peer(pc, bp->data); -+ if (rc == NGX_ERROR) { -+ return rc; -+ } -+ -+ if (pc->sockaddr == ngx_http_lua_balancer_default_server_sockaddr) { -+ ngx_log_error(NGX_LOG_ERR, pc->log, 0, -+ "lua balancer: no peer set"); -+ -+ return NGX_ERROR; -+ } -+ -+ return rc; - } - - --- -2.26.2 - - -From 941cd893573561574bc6a326d6306f1a30127293 Mon Sep 17 00:00:00 2001 -From: Thibault Charbonnier -Date: Tue, 17 Sep 2019 11:43:58 -0700 -Subject: [PATCH 3/3] refactor: used a simpler way to stash the balancer peer - data. - ---- - src/ngx_http_lua_balancer.c | 91 +++++++++---------------------------- - src/ngx_http_lua_common.h | 7 --- - 2 files changed, 22 insertions(+), 76 deletions(-) - -diff --git a/ngx_lua-0.10.20/src/ngx_http_lua_balancer.c b/ngx_lua-0.10.20/src/ngx_http_lua_balancer.c -index 5c862d22..3ea1f067 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_balancer.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_balancer.c -@@ -411,9 +411,9 @@ ngx_http_lua_balancer_get_peer(ngx_peer_connection_t *pc, void *data) - ngx_http_request_t *r; - ngx_http_lua_ctx_t *ctx; - ngx_http_lua_srv_conf_t *lscf; -- ngx_http_lua_main_conf_t *lmcf; - ngx_http_lua_balancer_keepalive_item_t *item; - ngx_http_lua_balancer_peer_data_t *bp = data; -+ void *pdata; - - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, - "lua balancer: get peer, tries: %ui", pc->tries); -@@ -452,15 +452,13 @@ ngx_http_lua_balancer_get_peer(ngx_peer_connection_t *pc, void *data) - bp->keepalive = 0; - bp->total_tries++; - -- lmcf = ngx_http_get_module_main_conf(r, ngx_http_lua_module); -- -- /* balancer_by_lua does not support yielding and -- * there cannot be any conflicts among concurrent requests, -- * thus it is safe to store the peer data in the main conf. -- */ -- lmcf->balancer_peer_data = bp; -+ pdata = r->upstream->peer.data; -+ r->upstream->peer.data = bp; - - rc = lscf->balancer.handler(r, lscf, L); -+ -+ r->upstream->peer.data = pdata; -+ - if (rc == NGX_ERROR) { - return NGX_ERROR; - } -@@ -945,7 +943,6 @@ ngx_http_lua_ffi_balancer_set_current_peer(ngx_http_request_t *r, - ngx_url_t url; - ngx_http_upstream_t *u; - ngx_http_lua_ctx_t *ctx; -- ngx_http_lua_main_conf_t *lmcf; - ngx_http_lua_balancer_peer_data_t *bp; - - if (r == NULL) { -@@ -971,18 +968,6 @@ ngx_http_lua_ffi_balancer_set_current_peer(ngx_http_request_t *r, - return NGX_ERROR; - } - -- lmcf = ngx_http_get_module_main_conf(r, ngx_http_lua_module); -- -- /* we cannot read r->upstream->peer.data here directly because -- * it could be overridden by other modules like -- * ngx_http_upstream_keepalive_module. -- */ -- bp = lmcf->balancer_peer_data; -- if (bp == NULL) { -- *err = "no upstream peer data found"; -- return NGX_ERROR; -- } -- - ngx_memzero(&url, sizeof(ngx_url_t)); - - url.url.data = ngx_palloc(r->pool, addr_len); -@@ -1006,6 +991,8 @@ ngx_http_lua_ffi_balancer_set_current_peer(ngx_http_request_t *r, - return NGX_ERROR; - } - -+ bp = (ngx_http_lua_balancer_peer_data_t *) u->peer.data; -+ - if (url.addrs && url.addrs[0].sockaddr) { - bp->sockaddr = url.addrs[0].sockaddr; - bp->socklen = url.addrs[0].socklen; -@@ -1029,7 +1016,6 @@ ngx_http_lua_ffi_balancer_enable_keepalive(ngx_http_request_t *r, - { - ngx_http_upstream_t *u; - ngx_http_lua_ctx_t *ctx; -- ngx_http_lua_main_conf_t *lmcf; - ngx_http_lua_balancer_peer_data_t *bp; - - if (r == NULL) { -@@ -1055,17 +1041,7 @@ ngx_http_lua_ffi_balancer_enable_keepalive(ngx_http_request_t *r, - return NGX_ERROR; - } - -- lmcf = ngx_http_get_module_main_conf(r, ngx_http_lua_module); -- -- /* we cannot read r->upstream->peer.data here directly because -- * it could be overridden by other modules like -- * ngx_http_upstream_keepalive_module. -- */ -- bp = lmcf->balancer_peer_data; -- if (bp == NULL) { -- *err = "no upstream peer data found"; -- return NGX_ERROR; -- } -+ bp = (ngx_http_lua_balancer_peer_data_t *) u->peer.data; - - if (!ngx_http_lua_balancer_peer_set(bp)) { - *err = "no current peer set"; -@@ -1089,14 +1065,13 @@ ngx_http_lua_ffi_balancer_set_timeouts(ngx_http_request_t *r, - long connect_timeout, long send_timeout, long read_timeout, - char **err) - { -- ngx_http_lua_ctx_t *ctx; -- ngx_http_upstream_t *u; -+ ngx_http_lua_ctx_t *ctx; -+ ngx_http_upstream_t *u; - - #if !(HAVE_NGX_UPSTREAM_TIMEOUT_FIELDS) - ngx_http_upstream_conf_t *ucf; --#endif -- ngx_http_lua_main_conf_t *lmcf; - ngx_http_lua_balancer_peer_data_t *bp; -+#endif - - if (r == NULL) { - *err = "no request found"; -@@ -1121,15 +1096,9 @@ ngx_http_lua_ffi_balancer_set_timeouts(ngx_http_request_t *r, - return NGX_ERROR; - } - -- lmcf = ngx_http_get_module_main_conf(r, ngx_http_lua_module); -- -- bp = lmcf->balancer_peer_data; -- if (bp == NULL) { -- *err = "no upstream peer data found"; -- return NGX_ERROR; -- } -- - #if !(HAVE_NGX_UPSTREAM_TIMEOUT_FIELDS) -+ bp = (ngx_http_lua_balancer_peer_data_t *) u->peer.data; -+ - if (!bp->cloned_upstream_conf) { - /* we clone the upstream conf for the current request so that - * we do not affect other requests at all. */ -@@ -1184,12 +1153,10 @@ ngx_http_lua_ffi_balancer_set_more_tries(ngx_http_request_t *r, - int count, char **err) - { - #if (nginx_version >= 1007005) -- ngx_uint_t max_tries, total; -+ ngx_uint_t max_tries, total; - #endif -- ngx_http_lua_ctx_t *ctx; -- ngx_http_upstream_t *u; -- -- ngx_http_lua_main_conf_t *lmcf; -+ ngx_http_lua_ctx_t *ctx; -+ ngx_http_upstream_t *u; - ngx_http_lua_balancer_peer_data_t *bp; - - if (r == NULL) { -@@ -1215,13 +1182,7 @@ ngx_http_lua_ffi_balancer_set_more_tries(ngx_http_request_t *r, - return NGX_ERROR; - } - -- lmcf = ngx_http_get_module_main_conf(r, ngx_http_lua_module); -- -- bp = lmcf->balancer_peer_data; -- if (bp == NULL) { -- *err = "no upstream peer data found"; -- return NGX_ERROR; -- } -+ bp = (ngx_http_lua_balancer_peer_data_t *) u->peer.data; - - #if (nginx_version >= 1007005) - max_tries = r->upstream->conf->next_upstream_tries; -@@ -1247,12 +1208,10 @@ int - ngx_http_lua_ffi_balancer_get_last_failure(ngx_http_request_t *r, - int *status, char **err) - { -- ngx_http_lua_ctx_t *ctx; -- ngx_http_upstream_t *u; -- ngx_http_upstream_state_t *state; -- -+ ngx_http_lua_ctx_t *ctx; -+ ngx_http_upstream_t *u; -+ ngx_http_upstream_state_t *state; - ngx_http_lua_balancer_peer_data_t *bp; -- ngx_http_lua_main_conf_t *lmcf; - - if (r == NULL) { - *err = "no request found"; -@@ -1277,13 +1236,7 @@ ngx_http_lua_ffi_balancer_get_last_failure(ngx_http_request_t *r, - return NGX_ERROR; - } - -- lmcf = ngx_http_get_module_main_conf(r, ngx_http_lua_module); -- -- bp = lmcf->balancer_peer_data; -- if (bp == NULL) { -- *err = "no upstream peer data found"; -- return NGX_ERROR; -- } -+ bp = (ngx_http_lua_balancer_peer_data_t *) u->peer.data; - - if (r->upstream_states && r->upstream_states->nelts > 1) { - state = r->upstream_states->elts; -diff --git a/ngx_lua-0.10.20/src/ngx_http_lua_common.h b/ngx_lua-0.10.20/src/ngx_http_lua_common.h -index 9ce6836a..9a4342df 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_common.h -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_common.h -@@ -239,13 +239,6 @@ struct ngx_http_lua_main_conf_s { - ngx_http_lua_main_conf_handler_pt exit_worker_handler; - ngx_str_t exit_worker_src; - -- ngx_http_lua_balancer_peer_data_t *balancer_peer_data; -- /* neither yielding nor recursion is possible in -- * balancer_by_lua*, so there cannot be any races among -- * concurrent requests and it is safe to store the peer -- * data pointer in the main conf. -- */ -- - ngx_chain_t *body_filter_chain; - /* neither yielding nor recursion is possible in - * body_filter_by_lua*, so there cannot be any races among --- -2.26.2 diff --git a/build/openresty/patches/ngx_lua-0.10.20_03-ngx-worker-pids.patch b/build/openresty/patches/ngx_lua-0.10.20_03-ngx-worker-pids.patch deleted file mode 100644 index 27b2f253123b..000000000000 --- a/build/openresty/patches/ngx_lua-0.10.20_03-ngx-worker-pids.patch +++ /dev/null @@ -1,57 +0,0 @@ -From edfa0f984ec60bd0658b80643c2fd253f3c5ad0b Mon Sep 17 00:00:00 2001 -From: attenuation -Date: Sun, 21 Aug 2022 21:59:28 +0800 -Subject: [PATCH] feat: add ngx_http_lua_ffi_worker_pids to get all workers pid - map - ---- - -diff --git a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_worker.c b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_worker.c -index 0ca2d414e3..52ec34a844 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_worker.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_worker.c -@@ -8,6 +8,7 @@ - #define DDEBUG 0 - #endif - #include "ddebug.h" -+#include - - - #define NGX_PROCESS_PRIVILEGED_AGENT 99 -@@ -20,6 +21,36 @@ ngx_http_lua_ffi_worker_pid(void) - } - - -+int -+ngx_http_lua_ffi_worker_pids(int *pids, size_t *pids_len) -+{ -+ ngx_int_t i, n; -+ -+ n = 0; -+ for (i = 0; i < NGX_MAX_PROCESSES; i++) { -+ if (i != ngx_process_slot && ngx_processes[i].pid == 0) { -+ break; -+ } -+ -+ if (i == ngx_process_slot && ngx_processes[i].pid == 0) { -+ pids[n++] = ngx_pid; -+ } -+ -+ if (ngx_processes[i].pid > 0) { -+ pids[n++] = ngx_processes[i].pid; -+ } -+ } -+ -+ if (n == 0) { -+ return NGX_ERROR; -+ } -+ -+ *pids_len = n; -+ -+ return NGX_OK; -+} -+ -+ - int - ngx_http_lua_ffi_worker_id(void) - { \ No newline at end of file diff --git a/build/openresty/patches/ngx_lua-0.10.20_04-crash-when-buffering-with-invalid-if-match-header.patch b/build/openresty/patches/ngx_lua-0.10.20_04-crash-when-buffering-with-invalid-if-match-header.patch deleted file mode 100644 index cf4d3ed17e9c..000000000000 --- a/build/openresty/patches/ngx_lua-0.10.20_04-crash-when-buffering-with-invalid-if-match-header.patch +++ /dev/null @@ -1,239 +0,0 @@ -diff --git a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_accessby.c b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_accessby.c -index 58c2514..d40eab1 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_accessby.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_accessby.c -@@ -240,7 +240,7 @@ ngx_http_lua_access_by_chunk(lua_State *L, ngx_http_request_t *r) - ngx_event_t *rev; - ngx_connection_t *c; - ngx_http_lua_ctx_t *ctx; -- ngx_http_cleanup_t *cln; -+ ngx_pool_cleanup_t *cln; - - ngx_http_lua_loc_conf_t *llcf; - -@@ -291,9 +291,9 @@ ngx_http_lua_access_by_chunk(lua_State *L, ngx_http_request_t *r) - - /* }}} */ - -- /* {{{ register request cleanup hooks */ -+ /* {{{ register nginx pool cleanup hooks */ - if (ctx->cleanup == NULL) { -- cln = ngx_http_cleanup_add(r, 0); -+ cln = ngx_pool_cleanup_add(r->pool, 0); - if (cln == NULL) { - return NGX_HTTP_INTERNAL_SERVER_ERROR; - } -diff --git a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_bodyfilterby.c b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_bodyfilterby.c -index 7560869..8e308ae 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_bodyfilterby.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_bodyfilterby.c -@@ -233,7 +233,7 @@ ngx_http_lua_body_filter(ngx_http_request_t *r, ngx_chain_t *in) - ngx_http_lua_ctx_t *ctx; - ngx_int_t rc; - uint16_t old_context; -- ngx_http_cleanup_t *cln; -+ ngx_pool_cleanup_t *cln; - ngx_chain_t *out; - ngx_http_lua_main_conf_t *lmcf; - -@@ -273,7 +273,7 @@ ngx_http_lua_body_filter(ngx_http_request_t *r, ngx_chain_t *in) - } - - if (ctx->cleanup == NULL) { -- cln = ngx_http_cleanup_add(r, 0); -+ cln = ngx_pool_cleanup_add(r->pool, 0); - if (cln == NULL) { - return NGX_ERROR; - } -diff --git a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_common.h b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_common.h -index 7a66cb1..0bfed59 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_common.h -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_common.h -@@ -540,7 +540,7 @@ typedef struct ngx_http_lua_ctx_s { - ngx_chain_t *busy_bufs; - ngx_chain_t *free_recv_bufs; - -- ngx_http_cleanup_pt *cleanup; -+ ngx_pool_cleanup_pt *cleanup; - - ngx_http_cleanup_t *free_cleanup; /* free list of cleanup records */ - -diff --git a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_contentby.c b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_contentby.c -index 76e6a07..5e2ae55 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_contentby.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_contentby.c -@@ -29,7 +29,7 @@ ngx_http_lua_content_by_chunk(lua_State *L, ngx_http_request_t *r) - lua_State *co; - ngx_event_t *rev; - ngx_http_lua_ctx_t *ctx; -- ngx_http_cleanup_t *cln; -+ ngx_pool_cleanup_t *cln; - - ngx_http_lua_loc_conf_t *llcf; - -@@ -83,7 +83,7 @@ ngx_http_lua_content_by_chunk(lua_State *L, ngx_http_request_t *r) - - /* {{{ register request cleanup hooks */ - if (ctx->cleanup == NULL) { -- cln = ngx_http_cleanup_add(r, 0); -+ cln = ngx_pool_cleanup_add(r->pool, 0); - if (cln == NULL) { - return NGX_HTTP_INTERNAL_SERVER_ERROR; - } -diff --git a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_directive.c b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_directive.c -index 1ec641e..e276663 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_directive.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_directive.c -@@ -1265,7 +1265,7 @@ ngx_http_lua_set_by_lua_init(ngx_http_request_t *r) - { - lua_State *L; - ngx_http_lua_ctx_t *ctx; -- ngx_http_cleanup_t *cln; -+ ngx_pool_cleanup_t *cln; - - ctx = ngx_http_get_module_ctx(r, ngx_http_lua_module); - if (ctx == NULL) { -@@ -1280,7 +1280,7 @@ ngx_http_lua_set_by_lua_init(ngx_http_request_t *r) - } - - if (ctx->cleanup == NULL) { -- cln = ngx_http_cleanup_add(r, 0); -+ cln = ngx_pool_cleanup_add(r->pool, 0); - if (cln == NULL) { - return NGX_ERROR; - } -diff --git a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_headerfilterby.c b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_headerfilterby.c -index 4741c72..9f49a8e 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_headerfilterby.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_headerfilterby.c -@@ -230,7 +230,7 @@ ngx_http_lua_header_filter(ngx_http_request_t *r) - ngx_http_lua_loc_conf_t *llcf; - ngx_http_lua_ctx_t *ctx; - ngx_int_t rc; -- ngx_http_cleanup_t *cln; -+ ngx_pool_cleanup_t *cln; - uint16_t old_context; - - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, -@@ -259,7 +259,7 @@ ngx_http_lua_header_filter(ngx_http_request_t *r) - } - - if (ctx->cleanup == NULL) { -- cln = ngx_http_cleanup_add(r, 0); -+ cln = ngx_pool_cleanup_add(r->pool, 0); - if (cln == NULL) { - return NGX_ERROR; - } -diff --git a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_rewriteby.c b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_rewriteby.c -index d1eabec..4109f28 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_rewriteby.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_rewriteby.c -@@ -241,7 +241,7 @@ ngx_http_lua_rewrite_by_chunk(lua_State *L, ngx_http_request_t *r) - ngx_event_t *rev; - ngx_connection_t *c; - ngx_http_lua_ctx_t *ctx; -- ngx_http_cleanup_t *cln; -+ ngx_pool_cleanup_t *cln; - - ngx_http_lua_loc_conf_t *llcf; - -@@ -291,9 +291,9 @@ ngx_http_lua_rewrite_by_chunk(lua_State *L, ngx_http_request_t *r) - - /* }}} */ - -- /* {{{ register request cleanup hooks */ -+ /* {{{ register nginx pool cleanup hooks */ - if (ctx->cleanup == NULL) { -- cln = ngx_http_cleanup_add(r, 0); -+ cln = ngx_pool_cleanup_add(r->pool, 0); - if (cln == NULL) { - return NGX_HTTP_INTERNAL_SERVER_ERROR; - } -diff --git a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_udp.c b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_udp.c -index fd3e074..74fcac1 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_udp.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_socket_udp.c -@@ -591,7 +591,7 @@ ngx_http_lua_socket_resolve_retval_handler(ngx_http_request_t *r, - ngx_http_lua_ctx_t *ctx; - ngx_http_lua_co_ctx_t *coctx; - ngx_connection_t *c; -- ngx_http_cleanup_t *cln; -+ ngx_pool_cleanup_t *cln; - ngx_http_upstream_resolved_t *ur; - ngx_int_t rc; - ngx_http_lua_udp_connection_t *uc; -@@ -625,7 +625,7 @@ ngx_http_lua_socket_resolve_retval_handler(ngx_http_request_t *r, - } - - if (u->cleanup == NULL) { -- cln = ngx_http_cleanup_add(r, 0); -+ cln = ngx_pool_cleanup_add(r->pool, 0); - if (cln == NULL) { - u->ft_type |= NGX_HTTP_LUA_SOCKET_FT_ERROR; - lua_pushnil(L); -diff --git a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_ssl_certby.c b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_ssl_certby.c -index 6ed2f3f..2ca8ac3 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_ssl_certby.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_ssl_certby.c -@@ -443,7 +443,7 @@ ngx_http_lua_ssl_cert_by_chunk(lua_State *L, ngx_http_request_t *r) - ngx_int_t rc; - lua_State *co; - ngx_http_lua_ctx_t *ctx; -- ngx_http_cleanup_t *cln; -+ ngx_pool_cleanup_t *cln; - - ctx = ngx_http_get_module_ctx(r, ngx_http_lua_module); - -@@ -497,7 +497,7 @@ ngx_http_lua_ssl_cert_by_chunk(lua_State *L, ngx_http_request_t *r) - - /* register request cleanup hooks */ - if (ctx->cleanup == NULL) { -- cln = ngx_http_cleanup_add(r, 0); -+ cln = ngx_pool_cleanup_add(r->pool, 0); - if (cln == NULL) { - rc = NGX_ERROR; - ngx_http_lua_finalize_request(r, rc); -diff --git a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_ssl_session_fetchby.c b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_ssl_session_fetchby.c -index 8d8c42b..86e6502 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_ssl_session_fetchby.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_ssl_session_fetchby.c -@@ -468,7 +468,7 @@ ngx_http_lua_ssl_sess_fetch_by_chunk(lua_State *L, ngx_http_request_t *r) - ngx_int_t rc; - lua_State *co; - ngx_http_lua_ctx_t *ctx; -- ngx_http_cleanup_t *cln; -+ ngx_pool_cleanup_t *cln; - - ctx = ngx_http_get_module_ctx(r, ngx_http_lua_module); - -@@ -522,7 +522,7 @@ ngx_http_lua_ssl_sess_fetch_by_chunk(lua_State *L, ngx_http_request_t *r) - - /* register request cleanup hooks */ - if (ctx->cleanup == NULL) { -- cln = ngx_http_cleanup_add(r, 0); -+ cln = ngx_pool_cleanup_add(r->pool, 0); - if (cln == NULL) { - rc = NGX_ERROR; - ngx_http_lua_finalize_request(r, rc); -diff --git a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_timer.c b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_timer.c -index 353007d..7d03db1 100644 ---- a/bundle/ngx_lua-0.10.20/src/ngx_http_lua_timer.c -+++ b/bundle/ngx_lua-0.10.20/src/ngx_http_lua_timer.c -@@ -509,7 +509,7 @@ ngx_http_lua_timer_handler(ngx_event_t *ev) - ngx_connection_t *c = NULL; - ngx_http_request_t *r = NULL; - ngx_http_lua_ctx_t *ctx; -- ngx_http_cleanup_t *cln; -+ ngx_pool_cleanup_t *cln; - ngx_pool_cleanup_t *pcln; - - ngx_http_lua_timer_ctx_t tctx; -@@ -608,7 +608,7 @@ ngx_http_lua_timer_handler(ngx_event_t *ev) - - L = ngx_http_lua_get_lua_vm(r, ctx); - -- cln = ngx_http_cleanup_add(r, 0); -+ cln = ngx_pool_cleanup_add(r->pool, 0); - if (cln == NULL) { - errmsg = "could not add request cleanup"; - goto failed; diff --git a/scripts/explain_manifest/suites.py b/scripts/explain_manifest/suites.py index 29fc4e7d1412..9e1d28e205de 100644 --- a/scripts/explain_manifest/suites.py +++ b/scripts/explain_manifest/suites.py @@ -36,7 +36,6 @@ def common_suites(expect, libxcrypt_no_obsolete_api: bool = False): expect("/usr/local/openresty/nginx/sbin/nginx", "nginx should include Kong's patches") \ .functions \ .contain("ngx_http_lua_kong_ffi_set_grpc_authority") \ - .contain("ngx_http_lua_ffi_balancer_enable_keepalive") \ .contain("ngx_http_lua_kong_ffi_get_full_client_certificate_chain") \ .contain("ngx_http_lua_kong_ffi_disable_session_reuse") \ .contain("ngx_http_lua_kong_ffi_set_upstream_client_cert_and_key") \