Skip to content

feat: upgrade to openresty-1.25.3.1 #83

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 36 commits into from
Feb 21, 2024
Merged

feat: upgrade to openresty-1.25.3.1 #83

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
36 commits
Select commit Hold shift + click to select a range
bf92e02
chore: upgrade openresty-1.25.3.1
zll600 Jan 24, 2024
8b29e56
chore: update ngx_stream_lua-tlshandshake.patch
zll600 Jan 24, 2024
11f009a
chore: update ngx_stream_lua-shared_shdict.patch
zll600 Jan 24, 2024
541add3
chore: update ngx_lua-tlshandshake.patch
zll600 Jan 24, 2024
3cf94b1
chore: update ngx_lua-enable_keepalive.patch
zll600 Jan 24, 2024
98c195d
chore: update ngx_lua-bugfix-Applce-Silicon-FFI-ABI-limitation-workar…
zll600 Jan 24, 2024
30a8445
chore: update nginx-tcp_over_tls.patch
zll600 Jan 24, 2024
4c0a88c
chore: ci support openresty-1.25.3.1
zll600 Jan 25, 2024
735a642
chore: update ngx_lua-shared_shdict.patch
zll600 Jan 28, 2024
b6a540c
chore: update lua-resty-core-shared_shdict.patch
zll600 Jan 28, 2024
0e5a16c
chore: change ci use custom build-apisix-runtime script
zll600 Jan 28, 2024
4cc6508
fix: update nginx-gzip.patch
zll600 Jan 29, 2024
b6232bc
fix: update nginx-gzip.patch
zll600 Jan 29, 2024
761ecac
fix: remove lua-resty-core-bugix-Apple-Silicon-FFI-ABI-limitation-wor…
zll600 Jan 29, 2024
5586eaa
fix: remove ngx_lua-ngx-buf-double-free-bugfix.patch
zll600 Jan 29, 2024
bcfdf4e
fix: ci use build-apisix-base.sh
zll600 Jan 29, 2024
bf2125f
fix: remove openresty-1.21.4.* from ci
zll600 Jan 29, 2024
f90d93f
fix: ngx_lua-tlshandshake.patch
zll600 Jan 29, 2024
03036aa
fix: ngx_lua-tlshandshake.patch
zll600 Jan 29, 2024
2aad075
fix: ngx_lua-shared_shdict.patch
zll600 Jan 29, 2024
f64d691
fix: ngx_lua-shared_shdict.patch
zll600 Jan 29, 2024
7bb9451
chore: add ngx_lua-http-lua-api.patch
zll600 Jan 29, 2024
163df3f
chore: remove ngx_lua-http-lua-api.patch
zll600 Jan 29, 2024
248b71f
chore: update test files
zll600 Jan 30, 2024
a90adc7
chore: update ci
zll600 Jan 30, 2024
9a898d1
fix: update nginx-tcp_over_tls.patch
zll600 Feb 5, 2024
5d51a7f
fix: update nginx-tcp_over_tls.patch
zll600 Feb 5, 2024
b6eef1e
fix: update t/upstream.t
zll600 Feb 5, 2024
17526e8
chore: change ngx_lua-shared_shdict.patch
zll600 Feb 5, 2024
11d4790
chore: add lua-resty-core-pipe_runner.patch && ngx_lua_pipe-runner.patch
zll600 Feb 5, 2024
4bdb3c0
Revert "chore: add lua-resty-core-pipe_runner.patch && ngx_lua_pipe-r…
zll600 Feb 5, 2024
83388bc
chore: update ci
zll600 Feb 18, 2024
3a06826
chore: update ci
zll600 Feb 18, 2024
2fa6750
chore: remove old versions of openresty
zll600 Feb 18, 2024
6611d07
chore: cleanup code
zll600 Feb 18, 2024
0c1d2ab
chore: cleanup code
zll600 Feb 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 4 additions & 5 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,7 @@ jobs:
strategy:
matrix:
op_version:
- "1.21.4.1"
- "1.21.4.2"
- "1.25.3.1"

runs-on: "ubuntu-20.04"

Expand All @@ -29,17 +28,17 @@ jobs:

- name: Get dependencies
run: |
sudo apt install -y cpanminus build-essential libncurses5-dev libreadline-dev libssl-dev perl luarocks
sudo apt install -y cpanminus build-essential libncurses5-dev libreadline-dev libssl-dev perl luarocks libpcre3 libpcre3-dev zlib1g-dev
sudo luarocks install lua-resty-http > build.log 2>&1 || (cat build.log && exit 1)

- name: Before install
run: |
sudo cpanm --notest Test::Nginx > build.log 2>&1 || (cat build.log && exit 1)
git clone https://github.com/iresty/test-nginx.git test-nginx
git clone https://github.com/openresty/test-nginx.git test-nginx

- name: Install
run: |
wget https://raw.githubusercontent.com/api7/apisix-build-tools/master/build-apisix-base.sh
wget https://raw.githubusercontent.com/zll600/apisix-build-tools/upgrade_openresty-1.25.3.1/build-apisix-base.sh
Copy link
Contributor

@monkeyDluffy6017 monkeyDluffy6017 Feb 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remember to revert this change

Copy link

@membphis membphis Feb 21, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this project can not depend apisix-build-tools

apisix-build-tools base on apisix-nginx-module

chmod +x build-apisix-base.sh
OR_PREFIX=$OPENRESTY_PREFIX CC="clang -fsanitize=address -fcolor-diagnostics -Qunused-arguments" \
cc_opt="-Werror" ./build-apisix-base.sh latest
Expand Down
219 changes: 219 additions & 0 deletions patch/1.25.3.1/lua-resty-core-enable_keepalive.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,219 @@
diff --git lib/ngx/balancer.lua lib/ngx/balancer.lua
index 7d64d63..781cbd1 100644
--- lib/ngx/balancer.lua
+++ lib/ngx/balancer.lua
@@ -3,6 +3,7 @@

local base = require "resty.core.base"
base.allows_subsystem('http', 'stream')
+require "resty.core.hash"


local ffi = require "ffi"
@@ -17,8 +18,10 @@ local error = error
local type = type
local tonumber = tonumber
local max = math.max
+local ngx_crc32_long = ngx.crc32_long
local subsystem = ngx.config.subsystem
local ngx_lua_ffi_balancer_set_current_peer
+local ngx_lua_ffi_balancer_enable_keepalive
local ngx_lua_ffi_balancer_set_more_tries
local ngx_lua_ffi_balancer_get_last_failure
local ngx_lua_ffi_balancer_set_timeouts -- used by both stream and http
@@ -27,7 +30,11 @@ local ngx_lua_ffi_balancer_set_timeouts -- used by both stream and http
if subsystem == 'http' then
ffi.cdef[[
int ngx_http_lua_ffi_balancer_set_current_peer(ngx_http_request_t *r,
- const unsigned char *addr, size_t addr_len, int port, char **err);
+ const unsigned char *addr, size_t addr_len, int port,
+ unsigned int cpool_crc32, unsigned int cpool_size, char **err);
+
+ int ngx_http_lua_ffi_balancer_enable_keepalive(ngx_http_request_t *r,
+ unsigned long timeout, unsigned int max_requests, char **err);

int ngx_http_lua_ffi_balancer_set_more_tries(ngx_http_request_t *r,
int count, char **err);
@@ -46,6 +53,9 @@ if subsystem == 'http' then
ngx_lua_ffi_balancer_set_current_peer =
C.ngx_http_lua_ffi_balancer_set_current_peer

+ ngx_lua_ffi_balancer_enable_keepalive =
+ C.ngx_http_lua_ffi_balancer_enable_keepalive
+
ngx_lua_ffi_balancer_set_more_tries =
C.ngx_http_lua_ffi_balancer_set_more_tries

@@ -96,6 +106,11 @@ else
end


+local DEFAULT_KEEPALIVE_POOL_SIZE = 30
+local DEFAULT_KEEPALIVE_IDLE_TIMEOUT = 60000
+local DEFAULT_KEEPALIVE_MAX_REQUESTS = 100
+
+
local peer_state_names = {
[1] = "keepalive",
[2] = "next",
@@ -106,25 +121,147 @@ local peer_state_names = {
local _M = { version = base.version }


-function _M.set_current_peer(addr, port)
- local r = get_request()
- if not r then
- error("no request found")
+if subsystem == "http" then
+ function _M.set_current_peer(addr, port, opts)
+ local r = get_request()
+ if not r then
+ error("no request found")
+ end
+
+ local pool_crc32
+ local pool_size
+
+ if opts then
+ if type(opts) ~= "table" then
+ error("bad argument #3 to 'set_current_peer' " ..
+ "(table expected, got " .. type(opts) .. ")", 2)
+ end
+
+ local pool = opts.pool
+ pool_size = opts.pool_size
+
+ if pool then
+ if type(pool) ~= "string" then
+ error("bad option 'pool' to 'set_current_peer' " ..
+ "(string expected, got " .. type(pool) .. ")", 2)
+ end
+
+ pool_crc32 = ngx_crc32_long(pool)
+ end
+
+ if pool_size then
+ if type(pool_size) ~= "number" then
+ error("bad option 'pool_size' to 'set_current_peer' " ..
+ "(number expected, got " .. type(pool_size) .. ")", 2)
+
+ elseif pool_size < 1 then
+ error("bad option 'pool_size' to 'set_current_peer' " ..
+ "(expected > 0)", 2)
+ end
+ end
+ end
+
+ if not port then
+ port = 0
+
+ elseif type(port) ~= "number" then
+ port = tonumber(port)
+ end
+
+ if not pool_crc32 then
+ pool_crc32 = 0
+ end
+
+ if not pool_size then
+ pool_size = DEFAULT_KEEPALIVE_POOL_SIZE
+ end
+
+ local rc = ngx_lua_ffi_balancer_set_current_peer(r, addr, #addr, port,
+ pool_crc32, pool_size,
+ errmsg)
+ if rc == FFI_OK then
+ return true
+ end
+
+ return nil, ffi_str(errmsg[0])
end

- if not port then
- port = 0
- elseif type(port) ~= "number" then
- port = tonumber(port)
+else
+ function _M.set_current_peer(addr, port, opts)
+ local r = get_request()
+ if not r then
+ error("no request found")
+ end
+
+ if opts then
+ error("bad argument #3 to 'set_current_peer' ('opts' not yet " ..
+ "implemented in " .. subsystem .. " subsystem)", 2)
+ end
+
+ if not port then
+ port = 0
+
+ elseif type(port) ~= "number" then
+ port = tonumber(port)
+ end
+
+ local rc = ngx_lua_ffi_balancer_set_current_peer(r, addr, #addr,
+ port, errmsg)
+ if rc == FFI_OK then
+ return true
+ end
+
+ return nil, ffi_str(errmsg[0])
end
+end

- local rc = ngx_lua_ffi_balancer_set_current_peer(r, addr, #addr,
- port, errmsg)
- if rc == FFI_OK then
- return true
+
+if subsystem == "http" then
+ function _M.enable_keepalive(idle_timeout, max_requests)
+ local r = get_request()
+ if not r then
+ error("no request found")
+ end
+
+ if not idle_timeout then
+ idle_timeout = DEFAULT_KEEPALIVE_IDLE_TIMEOUT
+
+ elseif type(idle_timeout) ~= "number" then
+ error("bad argument #1 to 'enable_keepalive' " ..
+ "(number expected, got " .. type(idle_timeout) .. ")", 2)
+
+ elseif idle_timeout < 0 then
+ error("bad argument #1 to 'enable_keepalive' (expected >= 0)", 2)
+
+ else
+ idle_timeout = idle_timeout * 1000
+ end
+
+ if not max_requests then
+ max_requests = DEFAULT_KEEPALIVE_MAX_REQUESTS
+
+ elseif type(max_requests) ~= "number" then
+ error("bad argument #2 to 'enable_keepalive' " ..
+ "(number expected, got " .. type(max_requests) .. ")", 2)
+
+ elseif max_requests < 0 then
+ error("bad argument #2 to 'enable_keepalive' (expected >= 0)", 2)
+ end
+
+ local rc = ngx_lua_ffi_balancer_enable_keepalive(r, idle_timeout,
+ max_requests, errmsg)
+ if rc == FFI_OK then
+ return true
+ end
+
+ return nil, ffi_str(errmsg[0])
end

- return nil, ffi_str(errmsg[0])
+else
+ function _M.enable_keepalive()
+ error("'enable_keepalive' not yet implemented in " .. subsystem ..
+ " subsystem", 2)
+ end
end


48 changes: 48 additions & 0 deletions patch/1.25.3.1/lua-resty-core-reject-in-handshake.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
diff --git lib/ngx/ssl.lua lib/ngx/ssl.lua
index 8792be0..c4afc80 100644
--- lib/ngx/ssl.lua
+++ lib/ngx/ssl.lua
@@ -86,7 +86,7 @@ if subsystem == 'http' then
void ngx_http_lua_ffi_free_priv_key(void *cdata);

int ngx_http_lua_ffi_ssl_verify_client(void *r,
- void *cdata, int depth, char **err);
+ void *cdata, int depth, int reject_in_handshake, char **err);
]]

ngx_lua_ffi_ssl_set_der_certificate =
@@ -157,7 +157,7 @@ elseif subsystem == 'stream' then
void ngx_stream_lua_ffi_free_priv_key(void *cdata);

int ngx_stream_lua_ffi_ssl_verify_client(void *r,
- void *cdata, int depth, char **err);
+ void *cdata, int depth, int reject_in_handshake, char **err);
]]

ngx_lua_ffi_ssl_set_der_certificate =
@@ -417,7 +417,7 @@ function _M.set_priv_key(priv_key)
end


-function _M.verify_client(ca_certs, depth)
+function _M.verify_client(ca_certs, depth, reject_in_handshake)
local r = get_request()
if not r then
error("no request found")
@@ -427,7 +427,15 @@ function _M.verify_client(ca_certs, depth)
depth = -1
end

- local rc = ngx_lua_ffi_ssl_verify_client(r, ca_certs, depth, errmsg)
+ if reject_in_handshake == nil then
+ -- reject by default so we can migrate to the new behavior
+ -- without modifying Lua code
+ reject_in_handshake = true
+ end
+
+ local reject_in_handshake_int = reject_in_handshake and 1 or 0
+ local rc = ngx_lua_ffi_ssl_verify_client(r, ca_certs, depth,
+ reject_in_handshake_int, errmsg)
if rc == FFI_OK then
return true
end
Loading