From fef16cb88298ba07a9841a5a98e5afaa48bcb6d6 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 13 Apr 2024 10:53:16 +0200 Subject: Merging upstream version 1.61.0. Signed-off-by: Daniel Baumann --- doc/Makefile.am | 1 + doc/bash_completion/nghttpx | 2 +- doc/h2load.1 | 2 +- doc/nghttp.1 | 2 +- doc/nghttpd.1 | 2 +- doc/nghttpx.1 | 38 +++++++++++++++++++++++--------------- doc/nghttpx.1.rst | 34 +++++++++++++++++++++------------- doc/sources/nghttpx-howto.rst | 4 ++-- 8 files changed, 51 insertions(+), 34 deletions(-) (limited to 'doc') diff --git a/doc/Makefile.am b/doc/Makefile.am index 51945e4..50d57b2 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -77,6 +77,7 @@ APIDOCS= \ nghttp2_option_set_peer_max_concurrent_streams.rst \ nghttp2_option_set_server_fallback_rfc7540_priorities.rst \ nghttp2_option_set_user_recv_extension_type.rst \ + nghttp2_option_set_max_continuations.rst \ nghttp2_option_set_max_outbound_ack.rst \ nghttp2_option_set_max_settings.rst \ nghttp2_option_set_stream_reset_rate_limit.rst \ diff --git a/doc/bash_completion/nghttpx b/doc/bash_completion/nghttpx index a735cd2..782309c 100644 --- a/doc/bash_completion/nghttpx +++ b/doc/bash_completion/nghttpx @@ -8,7 +8,7 @@ _nghttpx() _get_comp_words_by_ref cur prev case $cur in -*) - COMPREPLY=( $( compgen -W '--backend --frontend --backlog --backend-address-family --backend-http-proxy-uri --workers --single-thread --read-rate --read-burst --write-rate --write-burst --worker-read-rate --worker-read-burst --worker-write-rate --worker-write-burst --worker-frontend-connections --backend-connections-per-host --backend-connections-per-frontend --rlimit-nofile --rlimit-memlock --backend-request-buffer --backend-response-buffer --fastopen --no-kqueue --frontend-http2-read-timeout --frontend-http3-read-timeout --frontend-read-timeout --frontend-write-timeout --frontend-keep-alive-timeout --stream-read-timeout --stream-write-timeout --backend-read-timeout --backend-write-timeout --backend-connect-timeout --backend-keep-alive-timeout --listener-disable-timeout --frontend-http2-setting-timeout --backend-http2-settings-timeout --backend-max-backoff --ciphers --tls13-ciphers --client-ciphers --tls13-client-ciphers --ecdh-curves --insecure --cacert --private-key-passwd-file --subcert --dh-param-file --alpn-list --verify-client --verify-client-cacert --verify-client-tolerate-expired --client-private-key-file --client-cert-file --tls-min-proto-version --tls-max-proto-version --tls-ticket-key-file --tls-ticket-key-memcached --tls-ticket-key-memcached-address-family --tls-ticket-key-memcached-interval --tls-ticket-key-memcached-max-retry --tls-ticket-key-memcached-max-fail --tls-ticket-key-cipher --tls-ticket-key-memcached-cert-file --tls-ticket-key-memcached-private-key-file --fetch-ocsp-response-file --ocsp-update-interval --ocsp-startup --no-verify-ocsp --no-ocsp --tls-session-cache-memcached --tls-session-cache-memcached-address-family --tls-session-cache-memcached-cert-file --tls-session-cache-memcached-private-key-file --tls-dyn-rec-warmup-threshold --tls-dyn-rec-idle-timeout --no-http2-cipher-block-list --client-no-http2-cipher-block-list --tls-sct-dir --psk-secrets --client-psk-secrets --tls-no-postpone-early-data --tls-max-early-data --tls-ktls --frontend-http2-max-concurrent-streams --backend-http2-max-concurrent-streams --frontend-http2-window-size --frontend-http2-connection-window-size --backend-http2-window-size --backend-http2-connection-window-size --http2-no-cookie-crumbling --padding --no-server-push --frontend-http2-optimize-write-buffer-size --frontend-http2-optimize-window-size --frontend-http2-encoder-dynamic-table-size --frontend-http2-decoder-dynamic-table-size --backend-http2-encoder-dynamic-table-size --backend-http2-decoder-dynamic-table-size --http2-proxy --log-level --accesslog-file --accesslog-syslog --accesslog-format --accesslog-write-early --errorlog-file --errorlog-syslog --syslog-facility --add-x-forwarded-for --strip-incoming-x-forwarded-for --no-add-x-forwarded-proto --no-strip-incoming-x-forwarded-proto --add-forwarded --strip-incoming-forwarded --forwarded-by --forwarded-for --no-via --no-strip-incoming-early-data --no-location-rewrite --host-rewrite --altsvc --http2-altsvc --add-request-header --add-response-header --request-header-field-buffer --max-request-header-fields --response-header-field-buffer --max-response-header-fields --error-page --server-name --no-server-rewrite --redirect-https-port --require-http-scheme --api-max-request-body --dns-cache-timeout --dns-lookup-timeout --dns-max-try --frontend-max-requests --frontend-http2-dump-request-header --frontend-http2-dump-response-header --frontend-frame-debug --daemon --pid-file --user --single-process --max-worker-processes --worker-process-grace-shutdown-period --mruby-file --ignore-per-pattern-mruby-error --frontend-quic-idle-timeout --frontend-quic-debug-log --quic-bpf-program-file --frontend-quic-early-data --frontend-quic-qlog-dir --frontend-quic-require-token --frontend-quic-congestion-controller --frontend-quic-secret-file --quic-server-id --frontend-quic-initial-rtt --no-quic-bpf --frontend-http3-window-size --frontend-http3-connection-window-size --frontend-http3-max-window-size --frontend-http3-max-connection-window-size --frontend-http3-max-concurrent-streams --conf --include --version --help ' -- "$cur" ) ) + COMPREPLY=( $( compgen -W '--backend --frontend --backlog --backend-address-family --backend-http-proxy-uri --workers --single-thread --read-rate --read-burst --write-rate --write-burst --worker-read-rate --worker-read-burst --worker-write-rate --worker-write-burst --worker-frontend-connections --backend-connections-per-host --backend-connections-per-frontend --rlimit-nofile --rlimit-memlock --backend-request-buffer --backend-response-buffer --fastopen --no-kqueue --frontend-http2-idle-timeout --frontend-http3-idle-timeout --frontend-write-timeout --frontend-keep-alive-timeout --frontend-header-timeout --stream-read-timeout --stream-write-timeout --backend-read-timeout --backend-write-timeout --backend-connect-timeout --backend-keep-alive-timeout --listener-disable-timeout --frontend-http2-setting-timeout --backend-http2-settings-timeout --backend-max-backoff --ciphers --tls13-ciphers --client-ciphers --tls13-client-ciphers --ecdh-curves --insecure --cacert --private-key-passwd-file --subcert --dh-param-file --alpn-list --verify-client --verify-client-cacert --verify-client-tolerate-expired --client-private-key-file --client-cert-file --tls-min-proto-version --tls-max-proto-version --tls-ticket-key-file --tls-ticket-key-memcached --tls-ticket-key-memcached-address-family --tls-ticket-key-memcached-interval --tls-ticket-key-memcached-max-retry --tls-ticket-key-memcached-max-fail --tls-ticket-key-cipher --tls-ticket-key-memcached-cert-file --tls-ticket-key-memcached-private-key-file --fetch-ocsp-response-file --ocsp-update-interval --ocsp-startup --no-verify-ocsp --no-ocsp --tls-session-cache-memcached --tls-session-cache-memcached-address-family --tls-session-cache-memcached-cert-file --tls-session-cache-memcached-private-key-file --tls-dyn-rec-warmup-threshold --tls-dyn-rec-idle-timeout --no-http2-cipher-block-list --client-no-http2-cipher-block-list --tls-sct-dir --psk-secrets --client-psk-secrets --tls-no-postpone-early-data --tls-max-early-data --tls-ktls --frontend-http2-max-concurrent-streams --backend-http2-max-concurrent-streams --frontend-http2-window-size --frontend-http2-connection-window-size --backend-http2-window-size --backend-http2-connection-window-size --http2-no-cookie-crumbling --padding --no-server-push --frontend-http2-optimize-write-buffer-size --frontend-http2-optimize-window-size --frontend-http2-encoder-dynamic-table-size --frontend-http2-decoder-dynamic-table-size --backend-http2-encoder-dynamic-table-size --backend-http2-decoder-dynamic-table-size --http2-proxy --log-level --accesslog-file --accesslog-syslog --accesslog-format --accesslog-write-early --errorlog-file --errorlog-syslog --syslog-facility --add-x-forwarded-for --strip-incoming-x-forwarded-for --no-add-x-forwarded-proto --no-strip-incoming-x-forwarded-proto --add-forwarded --strip-incoming-forwarded --forwarded-by --forwarded-for --no-via --no-strip-incoming-early-data --no-location-rewrite --host-rewrite --altsvc --http2-altsvc --add-request-header --add-response-header --request-header-field-buffer --max-request-header-fields --response-header-field-buffer --max-response-header-fields --error-page --server-name --no-server-rewrite --redirect-https-port --require-http-scheme --api-max-request-body --dns-cache-timeout --dns-lookup-timeout --dns-max-try --frontend-max-requests --frontend-http2-dump-request-header --frontend-http2-dump-response-header --frontend-frame-debug --daemon --pid-file --user --single-process --max-worker-processes --worker-process-grace-shutdown-period --mruby-file --ignore-per-pattern-mruby-error --frontend-quic-idle-timeout --frontend-quic-debug-log --quic-bpf-program-file --frontend-quic-early-data --frontend-quic-qlog-dir --frontend-quic-require-token --frontend-quic-congestion-controller --frontend-quic-secret-file --quic-server-id --frontend-quic-initial-rtt --no-quic-bpf --frontend-http3-window-size --frontend-http3-connection-window-size --frontend-http3-max-window-size --frontend-http3-max-connection-window-size --frontend-http3-max-concurrent-streams --conf --include --version --help ' -- "$cur" ) ) ;; *) _filedir diff --git a/doc/h2load.1 b/doc/h2load.1 index 09cdcf3..79f6e8a 100644 --- a/doc/h2load.1 +++ b/doc/h2load.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "H2LOAD" "1" "Mar 01, 2024" "1.60.0" "nghttp2" +.TH "H2LOAD" "1" "Apr 04, 2024" "1.61.0" "nghttp2" .SH NAME h2load \- HTTP/2 benchmarking tool .SH SYNOPSIS diff --git a/doc/nghttp.1 b/doc/nghttp.1 index 231e5a4..0709cc9 100644 --- a/doc/nghttp.1 +++ b/doc/nghttp.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "NGHTTP" "1" "Mar 01, 2024" "1.60.0" "nghttp2" +.TH "NGHTTP" "1" "Apr 04, 2024" "1.61.0" "nghttp2" .SH NAME nghttp \- HTTP/2 client .SH SYNOPSIS diff --git a/doc/nghttpd.1 b/doc/nghttpd.1 index 93a990d..57a46f2 100644 --- a/doc/nghttpd.1 +++ b/doc/nghttpd.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "NGHTTPD" "1" "Mar 01, 2024" "1.60.0" "nghttp2" +.TH "NGHTTPD" "1" "Apr 04, 2024" "1.61.0" "nghttp2" .SH NAME nghttpd \- HTTP/2 server .SH SYNOPSIS diff --git a/doc/nghttpx.1 b/doc/nghttpx.1 index ba40059..6b9f54b 100644 --- a/doc/nghttpx.1 +++ b/doc/nghttpx.1 @@ -27,7 +27,7 @@ level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. -.TH "NGHTTPX" "1" "Mar 01, 2024" "1.60.0" "nghttp2" +.TH "NGHTTPX" "1" "Apr 04, 2024" "1.61.0" "nghttp2" .SH NAME nghttpx \- HTTP/2 proxy .SH SYNOPSIS @@ -555,27 +555,24 @@ this option will be simply ignored. .SS Timeout .INDENT 0.0 .TP -.B \-\-frontend\-http2\-read\-timeout= -Specify read timeout for HTTP/2 frontend connection. +.B \-\-frontend\-http2\-idle\-timeout= +Specify idle timeout for HTTP/2 frontend connection. If +no active streams exist for this duration, connection is +closed. .sp Default: \fB3m\fP .UNINDENT .INDENT 0.0 .TP -.B \-\-frontend\-http3\-read\-timeout= -Specify read timeout for HTTP/3 frontend connection. +.B \-\-frontend\-http3\-idle\-timeout= +Specify idle timeout for HTTP/3 frontend connection. If +no active streams exist for this duration, connection is +closed. .sp Default: \fB3m\fP .UNINDENT .INDENT 0.0 .TP -.B \-\-frontend\-read\-timeout= -Specify read timeout for HTTP/1.1 frontend connection. -.sp -Default: \fB1m\fP -.UNINDENT -.INDENT 0.0 -.TP .B \-\-frontend\-write\-timeout= Specify write timeout for all frontend connections. .sp @@ -591,6 +588,17 @@ Default: \fB1m\fP .UNINDENT .INDENT 0.0 .TP +.B \-\-frontend\-header\-timeout= +Specify duration that the server waits for an HTTP +request header fields to be received completely. On +timeout, HTTP/1 and HTTP/2 connections are closed. For +HTTP/3, the stream is shutdown, and the connection +itself is left intact. +.sp +Default: \fB1m\fP +.UNINDENT +.INDENT 0.0 +.TP .B \-\-stream\-read\-timeout= Specify read timeout for HTTP/2 streams. 0 means no timeout. @@ -1846,12 +1854,12 @@ as QUIC keying materials. It is used to derive keys for encrypting tokens and Connection IDs. It is not used to encrypt QUIC packets. Each line of this file must contain exactly 136 bytes hex\-encoded string (when -decoded the byte string is 68 bytes long). The first 2 +decoded the byte string is 68 bytes long). The first 3 bits of decoded byte string are used to identify the keying material. An empty line or a line which starts \(aq#\(aq is ignored. The file can contain more than one -keying materials. Because the identifier is 2 bits, at -most 4 keying materials are read and the remaining data +keying materials. Because the identifier is 3 bits, at +most 8 keying materials are read and the remaining data is discarded. The first keying material in the file is primarily used for encryption and decryption for new connection. The other ones are used to decrypt data for diff --git a/doc/nghttpx.1.rst b/doc/nghttpx.1.rst index 03109e4..cee23f2 100644 --- a/doc/nghttpx.1.rst +++ b/doc/nghttpx.1.rst @@ -522,24 +522,22 @@ Performance Timeout ~~~~~~~ -.. option:: --frontend-http2-read-timeout= +.. option:: --frontend-http2-idle-timeout= - Specify read timeout for HTTP/2 frontend connection. + Specify idle timeout for HTTP/2 frontend connection. If + no active streams exist for this duration, connection is + closed. Default: ``3m`` -.. option:: --frontend-http3-read-timeout= +.. option:: --frontend-http3-idle-timeout= - Specify read timeout for HTTP/3 frontend connection. + Specify idle timeout for HTTP/3 frontend connection. If + no active streams exist for this duration, connection is + closed. Default: ``3m`` -.. option:: --frontend-read-timeout= - - Specify read timeout for HTTP/1.1 frontend connection. - - Default: ``1m`` - .. option:: --frontend-write-timeout= Specify write timeout for all frontend connections. @@ -553,6 +551,16 @@ Timeout Default: ``1m`` +.. option:: --frontend-header-timeout= + + Specify duration that the server waits for an HTTP + request header fields to be received completely. On + timeout, HTTP/1 and HTTP/2 connections are closed. For + HTTP/3, the stream is shutdown, and the connection + itself is left intact. + + Default: ``1m`` + .. option:: --stream-read-timeout= Specify read timeout for HTTP/2 streams. 0 means no @@ -1686,12 +1694,12 @@ HTTP/3 and QUIC encrypting tokens and Connection IDs. It is not used to encrypt QUIC packets. Each line of this file must contain exactly 136 bytes hex-encoded string (when - decoded the byte string is 68 bytes long). The first 2 + decoded the byte string is 68 bytes long). The first 3 bits of decoded byte string are used to identify the keying material. An empty line or a line which starts '#' is ignored. The file can contain more than one - keying materials. Because the identifier is 2 bits, at - most 4 keying materials are read and the remaining data + keying materials. Because the identifier is 3 bits, at + most 8 keying materials are read and the remaining data is discarded. The first keying material in the file is primarily used for encryption and decryption for new connection. The other ones are used to decrypt data for diff --git a/doc/sources/nghttpx-howto.rst b/doc/sources/nghttpx-howto.rst index 50412f7..6f8a71f 100644 --- a/doc/sources/nghttpx-howto.rst +++ b/doc/sources/nghttpx-howto.rst @@ -546,8 +546,8 @@ keys in order to keep the existing connections alive during reload. The construction of Connection ID closely follows Block Cipher CID Algorithm described in `QUIC-LB draft `_. -A Connection ID that nghttpx generates is always 20 bytes long. It -uses first 2 bits as a configuration ID. The remaining bits in the +A Connection ID that nghttpx generates is always 17 bytes long. It +uses first 3 bits as a configuration ID. The remaining bits in the first byte are reserved and random. The next 4 bytes are server ID. The next 4 bytes are used to route UDP datagram to a correct ``SO_REUSEPORT`` socket. The remaining bytes are randomly generated. -- cgit v1.2.3