From 1ff2dea44d0281a16c7f6c911a1f7fa147ed5d60 Mon Sep 17 00:00:00 2001 From: splitice Date: Mon, 28 Dec 2015 22:51:10 +1100 Subject: [PATCH 01/10] shared dictionary incr method exptime added to FFI api --- lib/resty/core/shdict.lua | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/resty/core/shdict.lua b/lib/resty/core/shdict.lua index de811ae47..e7ab5cadd 100644 --- a/lib/resty/core/shdict.lua +++ b/lib/resty/core/shdict.lua @@ -26,7 +26,7 @@ ffi.cdef[[ int get_stale, int *is_stale); int ngx_http_lua_ffi_shdict_incr(void *zone, const unsigned char *key, - size_t key_len, double *value, char **err); + size_t key_len, double *value, int exptime, char **err); int ngx_http_lua_ffi_shdict_store(void *zone, int op, const unsigned char *key, size_t key_len, int value_type, @@ -311,7 +311,7 @@ local function shdict_get_stale(zone, key) end -local function shdict_incr(zone, key, value) +local function shdict_incr(zone, key, value, exptime) zone = check_zone(zone) if key == nil then @@ -334,9 +334,11 @@ local function shdict_incr(zone, key, value) value = tonumber(value) end num_value[0] = value + + exptime = exptime or -1 local rc = C.ngx_http_lua_ffi_shdict_incr(zone, key, key_len, num_value, - errmsg) + exptime, errmsg) if rc ~= 0 then -- ~= NGX_OK return nil, ffi_str(errmsg[0]) end From ff6287f9677126ba9b8dabf76804abccc3671a27 Mon Sep 17 00:00:00 2001 From: splitice Date: Mon, 28 Dec 2015 22:52:40 +1100 Subject: [PATCH 02/10] add simple shared dictionary test --- t/shdict.t | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/t/shdict.t b/t/shdict.t index c62e25eaf..3be23f687 100644 --- a/t/shdict.t +++ b/t/shdict.t @@ -915,3 +915,27 @@ qr/\[TRACE \d+ content_by_lua\(nginx\.conf:\d+\):7 loop\]/ -- NYI: stitch + + + +=== TEST 27: incr key expire +--- http_config eval: $::HttpConfig +--- config + location = /t { + content_by_lua ' + local val, flags + local dogs = ngx.shared.dogs + local value, err = dogs:incr(nil, 32, 10) + if not ok then + ngx.say("failed to incr: ", err) + end + '; + } +--- request +GET /t +--- response_body +failed to incr: nil key +--- no_error_log +[error] +[alert] +[crit] \ No newline at end of file From 2f235bff23fae4a8843a508ecaf3512864ea357c Mon Sep 17 00:00:00 2001 From: splitice Date: Sun, 5 Jun 2016 12:58:06 +1000 Subject: [PATCH 03/10] value should be 1 by default for compatibility --- lib/resty/core/shdict.lua | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/resty/core/shdict.lua b/lib/resty/core/shdict.lua index d6151c2ee..4bf6f4728 100644 --- a/lib/resty/core/shdict.lua +++ b/lib/resty/core/shdict.lua @@ -332,6 +332,7 @@ local function shdict_incr(zone, key, value, exptime) return nil, "key too long" end + value = value or 1 if type(value) ~= "number" then value = tonumber(value) end From 3fc7c3c2238a2db79086cdfe3eeba4d2aae6ad23 Mon Sep 17 00:00:00 2001 From: splitice Date: Tue, 31 Jan 2017 08:42:54 +1100 Subject: [PATCH 04/10] add raw client addr --- lib/ngx/ssl.lua | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/lib/ngx/ssl.lua b/lib/ngx/ssl.lua index 89d42a533..cd1f648fe 100644 --- a/lib/ngx/ssl.lua +++ b/lib/ngx/ssl.lua @@ -33,6 +33,9 @@ int ngx_http_lua_ffi_ssl_set_der_private_key(ngx_http_request_t *r, int ngx_http_lua_ffi_ssl_raw_server_addr(ngx_http_request_t *r, char **addr, size_t *addrlen, int *addrtype, char **err); + +int ngx_http_lua_ffi_ssl_raw_client_addr(ngx_http_request_t *r, char **addr, + size_t *addrlen, int *addrtype, char **err); int ngx_http_lua_ffi_ssl_server_name(ngx_http_request_t *r, char **name, size_t *namelen, char **err); @@ -143,6 +146,27 @@ function _M.raw_server_addr() return nil, nil, ffi_str(errmsg[0]) end +function _M.raw_client_addr() + local r = getfenv(0).__ngx_req + if not r then + return error("no request found") + end + + local sizep = get_size_ptr() + + local rc = C.ngx_http_lua_ffi_ssl_raw_client_addr(r, charpp, sizep, + intp, errmsg) + if rc == FFI_OK then + local typ = addr_types[intp[0]] + if not typ then + return nil, nil, "unknown address type: " .. intp[0] + end + return ffi_str(charpp[0], sizep[0]), typ + end + + return nil, nil, ffi_str(errmsg[0]) +end + function _M.server_name() local r = getfenv(0).__ngx_req From 5b28733aeac285b80496d3d69196f1e94979d6e7 Mon Sep 17 00:00:00 2001 From: Mathew Heard Date: Sun, 5 Apr 2020 17:06:41 +1000 Subject: [PATCH 05/10] add ssl hello support --- lib/ngx/ssl.lua | 89 ++++++++++++++++++++++++++++++++++++++++ lib/resty/core/phase.lua | 1 + 2 files changed, 90 insertions(+) diff --git a/lib/ngx/ssl.lua b/lib/ngx/ssl.lua index fb5b83280..f2e663ef1 100644 --- a/lib/ngx/ssl.lua +++ b/lib/ngx/ssl.lua @@ -6,9 +6,11 @@ base.allows_subsystem('http', 'stream') local ffi = require "ffi" +local bit = require "bit" local C = ffi.C local ffi_str = ffi.string local ffi_gc = ffi.gc +local bor = bit.bor local get_request = base.get_request local error = error local tonumber = tonumber @@ -39,6 +41,15 @@ local ngx_lua_ffi_free_priv_key if subsystem == 'http' then ffi.cdef[[ + int ngx_http_lua_ffi_ssl_client_server_name(ngx_http_request_t *r, + char **name, size_t *namelen, char **err); + + int ngx_http_lua_ffi_ssl_set_protocols(ngx_http_request_t *r, + int protocols, char **err); + + int ngx_http_lua_ffi_ssl_set_ciphers(void *r, + const unsigned char *cdata, char **err); + int ngx_http_lua_ffi_ssl_set_der_certificate(ngx_http_request_t *r, const char *data, size_t len, char **err); @@ -80,6 +91,10 @@ if subsystem == 'http' then void ngx_http_lua_ffi_free_priv_key(void *cdata); ]] + ngx_lua_ffi_ssl_client_server_name = + C.ngx_http_lua_ffi_ssl_client_server_name + ngx_lua_ffi_ssl_set_ciphers = C.ngx_http_lua_ffi_ssl_set_ciphers + ngx_lua_ffi_ssl_set_protocols = C.ngx_http_lua_ffi_ssl_set_protocols ngx_lua_ffi_ssl_set_der_certificate = C.ngx_http_lua_ffi_ssl_set_der_certificate ngx_lua_ffi_ssl_clear_certs = C.ngx_http_lua_ffi_ssl_clear_certs @@ -169,6 +184,80 @@ local charpp = ffi.new("char*[1]") local intp = ffi.new("int[1]") +function _M.client_server_name() + if subsystem ~= 'http' then + error("no support stream") + end + + local r = get_request() + if not r then + error("no request found") + end + + local sizep = get_size_ptr() + + local rc = ngx_lua_ffi_ssl_client_server_name(r, charpp, sizep, errmsg) + if rc == FFI_OK then + return ffi_str(charpp[0], sizep[0]) + end + + return nil, ffi_str(errmsg[0]) +end + +do + local protocal_flags = { + ["SSLv2"] = 0x0002, + ["SSLv3"] = 0x0004, + ["TLSv1"] = 0x0008, + ["TLSv1.1"] = 0x0010, + ["TLSv1.2"] = 0x0020, + ["TLSv1.3"] = 0x0040, + }; + + function _M.set_protocols(ops) + if subsystem ~= 'http' then + error("no support stream") + end + + local r = get_request() + if not r then + error("no request found") + end + + local protocols = 0 + for _, op in ipairs(ops) do + protocols = bor(protocols, protocal_flags[op]) + end + + local rc = ngx_lua_ffi_ssl_set_protocols(r, protocols, errmsg) + if rc == FFI_OK then + return true + end + + return nil, ffi_str(errmsg[0]) + end +end + + +function _M.set_ciphers(ciphers) + if subsystem ~= 'http' then + error("no support stream") + end + + local r = get_request() + if not r then + error("no request found") + end + + local rc = ngx_lua_ffi_ssl_set_ciphers(r, ciphers, errmsg) + if rc == FFI_OK then + return true + end + + return nil, ffi_str(errmsg[0]) +end + + function _M.clear_certs() local r = get_request() if not r then diff --git a/lib/resty/core/phase.lua b/lib/resty/core/phase.lua index d30a53491..0fb620145 100644 --- a/lib/resty/core/phase.lua +++ b/lib/resty/core/phase.lua @@ -28,6 +28,7 @@ local context_names = { [0x0400] = "ssl_cert", [0x0800] = "ssl_session_store", [0x1000] = "ssl_session_fetch", + [0x2000] = "ssl_client_hello", } From 083e2664ef51d8b89249824b4eb52edbe963315c Mon Sep 17 00:00:00 2001 From: Mathew Heard Date: Wed, 8 Apr 2020 09:30:13 +1000 Subject: [PATCH 06/10] make hello by lua methods local --- lib/ngx/ssl.lua | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/ngx/ssl.lua b/lib/ngx/ssl.lua index f2e663ef1..497c35e4e 100644 --- a/lib/ngx/ssl.lua +++ b/lib/ngx/ssl.lua @@ -22,6 +22,9 @@ local FFI_OK = base.FFI_OK local subsystem = ngx.config.subsystem +local ngx_http_lua_ffi_ssl_client_server_name +local ngx_http_lua_ffi_ssl_set_protocols +local ngx_http_lua_ffi_ssl_set_ciphers local ngx_lua_ffi_ssl_set_der_certificate local ngx_lua_ffi_ssl_clear_certs local ngx_lua_ffi_ssl_set_der_private_key From d0b4665c70184703e39155048c711bb3cf59453f Mon Sep 17 00:00:00 2001 From: Mathew Heard Date: Fri, 10 Apr 2020 22:11:23 +1000 Subject: [PATCH 07/10] add support for feature/slow-read --- lib/resty/core/response.lua | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/lib/resty/core/response.lua b/lib/resty/core/response.lua index 56bc18087..fcdc8f567 100644 --- a/lib/resty/core/response.lua +++ b/lib/resty/core/response.lua @@ -42,6 +42,12 @@ ffi.cdef[[ const unsigned char *key, size_t key_len, unsigned char *key_buf, ngx_http_lua_ffi_str_t *values, int max_nvalues, char **errmsg); + + unsigned int + ngx_http_lua_ffi_bytes_sent(ngx_http_request_t *r); + + unsigned int + ngx_http_lua_ffi_bytes_buffered(ngx_http_request_t *r); ]] @@ -119,6 +125,23 @@ end _M.set_resp_header = set_resp_header +function _M.bytes_sent() + local r = get_request() + if not r then + error("no request found") + end + + return C.ngx_http_lua_ffi_bytes_sent(r) +end + +function _M.bytes_buffered() + local r = get_request() + if not r then + error("no request found") + end + + return C.ngx_http_lua_ffi_bytes_buffered(r) +end local function get_resp_header(tb, key) local r = get_request() From d0a204fd49cee214f287e9cb76e9ccb6d559fe32 Mon Sep 17 00:00:00 2001 From: Mathew Heard Date: Sat, 11 Apr 2020 14:24:54 +1000 Subject: [PATCH 08/10] con busy / nbusy --- lib/resty/core/response.lua | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/lib/resty/core/response.lua b/lib/resty/core/response.lua index fcdc8f567..5f8230deb 100644 --- a/lib/resty/core/response.lua +++ b/lib/resty/core/response.lua @@ -48,6 +48,12 @@ ffi.cdef[[ unsigned int ngx_http_lua_ffi_bytes_buffered(ngx_http_request_t *r); + + unsigned int + ngx_http_lua_ffi_con_nbusy(ngx_http_request_t *r); + + unsigned int + ngx_http_lua_ffi_con_bytes_busy(ngx_http_request_t *r); ]] @@ -143,6 +149,24 @@ function _M.bytes_buffered() return C.ngx_http_lua_ffi_bytes_buffered(r) end +function _M.con_bytes_busy() + local r = get_request() + if not r then + error("no request found") + end + + return C.ngx_http_lua_ffi_con_bytes_busy(r) +end + +function _M.con_nbusy() + local r = get_request() + if not r then + error("no request found") + end + + return C.ngx_http_lua_ffi_con_nbusy(r) +end + local function get_resp_header(tb, key) local r = get_request() if not r then From c3a670cbed79245a80cd11c826d152d4edd88b5b Mon Sep 17 00:00:00 2001 From: Mathew Heard Date: Sun, 26 Apr 2020 07:21:44 +1000 Subject: [PATCH 09/10] handle nil cert / pk without fatal error --- lib/ngx/ssl.lua | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lib/ngx/ssl.lua b/lib/ngx/ssl.lua index 497c35e4e..634201be6 100644 --- a/lib/ngx/ssl.lua +++ b/lib/ngx/ssl.lua @@ -464,6 +464,10 @@ end function _M.set_cert(cert) + if cert == nil then + return nil, "certificate invalid" + end + local r = get_request() if not r then error("no request found") @@ -479,6 +483,10 @@ end function _M.set_priv_key(priv_key) + if priv_key == nil then + return nil, "private key invalid" + end + local r = get_request() if not r then error("no request found") From d435920a0671a512a34d059fe2cbef5d5fcaedaa Mon Sep 17 00:00:00 2001 From: Mathew Heard Date: Wed, 13 May 2020 12:29:46 +1000 Subject: [PATCH 10/10] add locals for ssl handshake ffi's --- lib/ngx/ssl.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/ngx/ssl.lua b/lib/ngx/ssl.lua index 634201be6..fc870208b 100644 --- a/lib/ngx/ssl.lua +++ b/lib/ngx/ssl.lua @@ -21,7 +21,9 @@ local FFI_DECLINED = base.FFI_DECLINED local FFI_OK = base.FFI_OK local subsystem = ngx.config.subsystem - +local ngx_lua_ffi_ssl_client_server_name +local ngx_lua_ffi_ssl_set_ciphers +local ngx_lua_ffi_ssl_set_protocols local ngx_http_lua_ffi_ssl_client_server_name local ngx_http_lua_ffi_ssl_set_protocols local ngx_http_lua_ffi_ssl_set_ciphers